Sample details: cc00cea626173effa08dd036153a51c4 --

Hashes
MD5: cc00cea626173effa08dd036153a51c4
SHA1: 56a9f77edb9143cb6585ed644bcedac96dce2199
SHA256: f5945603ba3b72f311063bce449dad768502fb31450ecb2642cff49123beb1b3
SSDEEP: 24576:KEtl9mRda1ISGB2uJ2s4otqFCJrW9FqvSbqsHasgXhFHDAGtlRXZ+CP63n0NuJvI:BEs1li
Details
File Type: PE32
Added: 2019-06-19 19:57:17
Yara Hits
YRP/Borland_Delphi_40_additional | YRP/Microsoft_Visual_Cpp_v50v60_MFC | YRP/Borland_Delphi_30_additional | YRP/Borland_Delphi_30_ | YRP/Borland_Delphi_Setup_Module | YRP/Borland_Delphi_40 | YRP/Borland_Delphi_v40_v50 | YRP/BobSoft_Mini_Delphi_BoB_BobSoft_additional | YRP/Borland_Delphi_v60_v70 | YRP/Borland_Delphi_v30 | YRP/Borland_Delphi_DLL | YRP/Borland | YRP/BobSoftMiniDelphiBoBBobSoft | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/HasOverlay | YRP/borland_delphi | YRP/domain | YRP/url | YRP/contentis_base64 | YRP/maldoc_OLE_file_magic_number | YRP/Browsers | YRP/Dropper_Strings | YRP/anti_dbg | YRP/network_dropper | YRP/screenshot | YRP/keylogger | YRP/spreading_file | YRP/win_mutex | YRP/win_registry | YRP/win_private_profile | YRP/win_files_operation | YRP/win_hook | YRP/Big_Numbers3 | YRP/Delphi_FormShow | YRP/Delphi_CompareCall | YRP/Delphi_Copy | YRP/Delphi_StrToInt | YRP/Delphi_DecodeDate | YRP/Str_Win32_Winsock2_Library | YRP/Str_Win32_Wininet_Library | YRP/Str_Win32_Internet_API | YRP/suspicious_packer_section | YRP/CAP_HookExKeylogger |
Strings
		This program must be run under Win32
.idata
.rdata
.reloc
.aspack
.adata
Boolean
Integer
Cardinal
String
WideString
TObject
TObject
System
IInterface
System
TInterfacedObject
YZ]_^[
YZ]_^[
_^[YY]
YZ]_^[
C<"u1S
Q<"u8S
~KxI[)
SOFTWARE\Borland\Delphi\RTL
FPUMaskValue
_^[YY]
YZXtm1
ZTUWVSPRTj
tVSVWU
kernel32.dll
GetLongPathNameA
Software\Borland\Locales
Software\Borland\Delphi\Locales
_^[YY]
odSelected
odGrayed
odDisabled	odChecked	odFocused	odDefault
odHotLight
odInactive	odNoAccel
odNoFocusRect
odReserved1
odReserved2
odComboBoxEdit
Windows
TOwnerDrawState
Magellan MSWHEEL
MouseZ
MSWHEEL_ROLLMSG
MSH_WHEELSUPPORT_MSG
MSH_SCROLL_LINES_MSG
	TFileName
TSearchRecX
	Exception
EHeapException
EOutOfMemory
EInOutError
	EExternal
EExternalException
	EIntError
EDivByZero
ERangeError
EIntOverflow
EMathError
EInvalidOp
EZeroDivide,x@
	EOverflow
EUnderflow
EInvalidPointer8y@
EInvalidCast
EConvertError
EAccessViolation
EPrivilege
EStackOverflow
	EControlC
EVariantError
EAssertionFailed
EAbstractError
EIntfCastError
EOSError
ESafecallException
SysUtils
SysUtils
TThreadLocalCounter
$TMultiReadExclusiveWriteSynchronizer
<*t"<0r=<9w9i
INFNAN
$*@@@*$@@@$ *@@* $@@($*)@-$*@@$-*@@$*-@@(*$)@-*$@@*-$@@*$-@@-* $@-$ *@* $-@$ *-@$ -*@*- $@($ *)(* $)
_^[YY]
t%HtIHtm
_^[YY]
$Z]_^[
QQQQQQSVW3
QQQQQSVW
_^[YY]
	TErrorRec
TExceptRec
YZ]_^[
m/d/yy
mmmm d, yyyy
:mm:ss
kernel32.dll
GetDiskFreeSpaceExA
(Z]_^[
oleaut32.dll
VariantChangeTypeEx
VarNeg
VarNot
VarAdd
VarSub
VarMul
VarDiv
VarIdiv
VarMod
VarAnd
VarXor
VarCmp
VarI4FromStr
VarR4FromStr
VarR8FromStr
VarDateFromStr
VarCyFromStr
VarBoolFromStr
VarBstrFromCy
VarBstrFromDate
VarBstrFromBool
TCustomVariantType
TCustomVariantType
Variants
EVariantInvalidOpError
EVariantTypeCastError
EVariantOverflowError
EVariantInvalidArgErrorp
EVariantBadVarTypeError
EVariantBadIndexError
EVariantArrayLockedError
EVariantArrayCreateError
EVariantNotImplError
EVariantOutOfMemoryError
EVariantUnexpectedError8
EVariantDispatchError
_^[YY]
QQQQSV
Smallint
Integer
Single
Double
Currency
OleStr
Dispatch
Boolean
Variant
Unknown
Decimal
ShortInt
LongWord
String
Array 
ByRef 
Variants
_^[YY]
_^[YY]
tagEXCEPINFO 
TAlignment
taLeftJustify
taRightJustify
taCenter
Classes
	TBiDiMode
bdLeftToRight
bdRightToLeft
bdRightToLeftNoAlign
bdRightToLeftReadingOnly
Classes
ssShift
ssCtrl
ssLeft
ssRight
ssMiddle
ssDouble
Classes
TShiftState
THelpContext
	THelpType
	htKeyword	htContext
Classes
	TShortCut
TNotifyEvent
Sender
TObject
EStreamError
EFileStreamError
EFCreateError
EFOpenError
EFilerError8OA
EReadError
EWriteError
EClassNotFound
EResNotFound
EListError
EBitsError
EStringListError
EComponentError
EOutOfResourceshRA
EInvalidOperation
TThreadList
TPersistent
TPersistent
Classes
TInterfacedPersistent
TInterfacedPersistent
Classes
IStringsAdapter$
Classes
TStrings
TStrings
Classes
TStringItem
TStringList
TStringList
Classes
TStreamlXA
THandleStream
TFileStreamXYA
TCustomMemoryStream
TMemoryStream
TResourceStream
TStreamAdapter
TClassFinder
TFiler
TReader
EThread
TThread
TComponentName0^A
IDesignerNotify$
Classes
TComponent
TComponentX_A
Classes
TBasicActionLink
TBasicAction
TBasicAction8aA
Classes
TIdentMapEntry
	TRegGroup
TRegGroups
YZ]_^[
$Z]_^[
$Z]_^[
_^[YY]
	TIntConst
_^[YY]
Strings
S$_^[Y]
_^[YY]
SdZ]_^[
$Z]_^[
TPropFixup
TPropIntfFixup
_^[YY]
_^[YY]
Classes
_^[YY]
_^[YY]
QQQQQQQS
R0_^[]
_^[YY]
S	_^[]
TPUtilWindow
TColor
EInvalidGraphicp
EInvalidGraphicOperation
TFontPitch
	fpDefault
fpVariable
fpFixed
Graphics
	TFontName
TFontCharset
TFontStyle
fsBold
fsItalic
fsUnderline
fsStrikeOut
Graphics
TFontStyles
	TPenStyle
psSolid
psDash
psDot	psDashDot
psDashDotDot
psClear
psInsideFrame
Graphics
TPenMode
pmBlack
pmWhite
pmCopy	pmNotCopy
pmMergePenNot
pmMaskPenNot
pmMergeNotPen
pmMaskNotPen
pmMerge
pmNotMerge
pmMask	pmNotMask
pmNotXor
Graphics
TBrushStyle
bsSolid
bsClear
bsHorizontal
bsVertical
bsFDiagonal
bsBDiagonal
bsCross
bsDiagCross
Graphics
TGraphicsObjectx
TGraphicsObjectP
Graphics
IChangeNotifier$
Graphics
TFontT
TFont$
Graphics
Charset
Color<
Height
Pitch<
Graphics
Style<
TBrush
TBrush
Graphics
TCanvas
TCanvasd
Graphics
Brush<
CopyModeP
TProgressStage
psStarting	psRunning
psEnding
Graphicst
TProgressEvent
Sender
TObject
TProgressStage
PercentDone
	RedrawNow
Boolean
String
TGraphic
TGraphic
Graphics
TPicture
TPicture
Graphics
TSharedImage
TMetafileImage
	TMetafile
	TMetafile
Graphics
TBitmapImage
TBitmap<
TBitmap
Graphics
TIconImage
Graphics
TResourceManager
_^[YY]
clBlack
clMaroon
clGreen
clOlive
clNavy
clPurple
clTeal
clGray
clSilver
clLime
clYellow
clBlue
clFuchsia
clAqua
clWhite
clMoneyGreen
clSkyBlue
clCream
clMedGray
clActiveBorder
clActiveCaption
clAppWorkSpace
clBackground
clBtnFace
clBtnHighlight
clBtnShadow
clBtnText
clCaptionText
clDefault
clGradientActiveCaption
clGradientInactiveCaption
clGrayText
clHighlight
clHighlightText
clHotLight
clInactiveBorder
clInactiveCaption
clInactiveCaptionText
clInfoBk
clInfoText
clMenu
clMenuBar
clMenuHighlight
clMenuText
clNone
clScrollBar
cl3DDkShadow
cl3DLight
clWindow
clWindowFrame
clWindowText
ANSI_CHARSET
DEFAULT_CHARSET
SYMBOL_CHARSET
MAC_CHARSET
SHIFTJIS_CHARSET
HANGEUL_CHARSET
JOHAB_CHARSET
GB2312_CHARSET
CHINESEBIG5_CHARSET
GREEK_CHARSET
TURKISH_CHARSET
HEBREW_CHARSET
ARABIC_CHARSET
BALTIC_CHARSET
RUSSIAN_CHARSET
THAI_CHARSET
EASTEUROPE_CHARSET
OEM_CHARSET
Default
E$PVSj
_^[YY]
C ;C$s
TFileFormat
TFileFormatsList
QQQQSV
TClipboardFormats
_^[YY]
kD$TdP
kD$PdP
D$LPkD$XdPV
D$HPkD$TdPV
|$( EMFt
TBitmapCanvas
TBitmapCanvas
Graphics
_^[YY]
s(;~ t8
C(_^[Y]
TPatternManagerSV
_^[YY]
TObjectList
TOrderedList
TStack
GetMonitorInfoA
GetSystemMetrics
MonitorFromRect
MonitorFromWindow
MonitorFromPoint
GetMonitorInfo
DISPLAY
GetMonitorInfoA
DISPLAY
GetMonitorInfoW
DISPLAY
EnumDisplayMonitors
USER32.DLL
IHelpSelector$
:	HelpIntfs
IHelpSystem$
:	HelpIntfs
ICustomHelpViewer$
:	HelpIntfs	
IExtendedHelpViewer
:	HelpIntfs
ISpecialWinHelpViewer
:	HelpIntfs
IHelpManager$
:	HelpIntfs
EHelpSystemException
THelpViewerNode
THelpManager
comctl32.dll
InitializeFlatSB
UninitializeFlatSB
FlatSB_GetScrollProp
FlatSB_SetScrollProp
FlatSB_EnableScrollBar
FlatSB_ShowScrollBar
FlatSB_GetScrollRange
FlatSB_GetScrollInfo
FlatSB_GetScrollPos
FlatSB_SetScrollPos
FlatSB_SetScrollInfo
FlatSB_SetScrollRange
TSynchroObject
TCriticalSection
uxtheme.dll
OpenThemeData
CloseThemeData
DrawThemeBackground
DrawThemeText
GetThemeBackgroundContentRect
GetThemePartSize
GetThemeTextExtent
GetThemeTextMetrics
GetThemeBackgroundRegion
HitTestThemeBackground
DrawThemeEdge
DrawThemeIcon
IsThemePartDefined
IsThemeBackgroundPartiallyTransparent
GetThemeColor
GetThemeMetric
GetThemeString
GetThemeBool
GetThemeInt
GetThemeEnumValue
GetThemePosition
GetThemeFont
GetThemeRect
GetThemeMargins
GetThemeIntList
GetThemePropertyOrigin
SetWindowTheme
GetThemeFilename
GetThemeSysColor
GetThemeSysColorBrush
GetThemeSysBool
GetThemeSysSize
GetThemeSysFont
GetThemeSysString
GetThemeSysInt
IsThemeActive
IsAppThemed
GetWindowTheme
EnableThemeDialogTexture
IsThemeDialogTextureEnabled
GetThemeAppProperties
SetThemeAppProperties
GetCurrentThemeName
GetThemeDocumentationProperty
DrawThemeParentBackground
EnableTheming
TCommonDialog
TCommonDialog
Dialogs
HelpContext
OnClose
OnShowSV
TMessageForm
TMessageForm
Dialogs
_^[YY]
%s%s%s%s%s%s%s%s%s%s
Cancel
Ignore
NoToAll
YesToAll
Message
commdlg_help
commdlg_FindReplace
WndProcPtr%.8X%.8X
TImage
TImagex
ExtCtrls
Alignd>C
Anchors
AutoSize
Center
Constraints$7C
DragCursor
DragKind8=C
DragMode
Enabled
IncrementalDisplay
ParentShowHintP
Picture
	PopupMenu
Proportional
ShowHint
Stretch
Transparent
Visible
OnClick
OnContextPopup
OnDblClick
OnDragDrop,AC
OnDragOver\BC
	OnEndDock\BC
	OnEndDrag
OnMouseDown@@C
OnMouseMove
	OnMouseUpp
OnProgress
OnStartDock
OnStartDrag
TTimer
TTimer
ExtCtrls
Enabled|
Interval
OnTimerU
Delphi Picture
Delphi Component
EIniFileException
TCustomIniFile
TIniFile
_^[YY]
ERegistryException
	TRegistryS
MAPI32.DLL
TConversion
TConversionFormat
comctl32.dll
TThemeServices
Theme manager 
 2001, 2002 Mike Lischke
 !"#$%
TTextLayout
tlCenter
tlBottom
StdCtrls
TCustomLabel
TCustomLabelx
StdCtrls
TLabel
TLabel
StdCtrls'
AligndKA
	Alignmentd>C
Anchors
AutoSize
BiDiMode
Caption
Constraints$7C
DragCursor
DragKind8=C
DragMode
Enabled
FocusControlP
ParentBiDiMode
ParentColor
ParentFont
ParentShowHint
	PopupMenu
ShowAccelChar
ShowHint
Transparent
Layout
Visible
WordWrap
OnClick
OnContextPopup
OnDblClick
OnDragDrop,AC
OnDragOver\BC
	OnEndDock\BC
	OnEndDrag
OnMouseDown@@C
OnMouseMove
	OnMouseUp
OnMouseEnter
OnMouseLeave
OnStartDock
OnStartDragP
TCustomEdit
TCustomEditP
StdCtrls
TabStop
TScrollStyle
ssNone
ssHorizontal
ssVertical
ssBoth
StdCtrls
TCustomMemo
TCustomMemo\
StdCtrls
StdCtrls8
AligndKA
	Alignmentd>C
Anchors
BevelEdges
BevelInner
	BevelKind
BevelOuter
BiDiMode<
BorderStyle
Constraints
Ctl3D$7C
DragCursor
DragKind8=C
DragMode
EnabledP
HideSelection<LC
ImeMode
ImeNamePVA
Lines<
	MaxLength
OEMConvert
ParentBiDiMode
ParentColor
ParentCtl3D
ParentFont
ParentShowHint
	PopupMenu
ReadOnly
ScrollBars
ShowHint
TabOrder
TabStop
Visible
WantReturns
WantTabs
WordWrap
OnChange
OnClick
OnContextPopup
OnDblClick
OnDragDrop,AC
OnDragOver\BC
	OnEndDock\BC
	OnEndDrag
OnEnter
OnExit
	OnKeyDown
OnKeyPress
OnKeyUp
OnMouseDown@@C
OnMouseMove
	OnMouseUp
OnStartDock
OnStartDrag
TButtonActionLink
TButtonControl
TButtonControl
StdCtrls
TButton
TButton|
StdCtrls&
Actiond>C
Anchors
BiDiMode
Cancel
Caption
Constraints
Default$7C
DragCursor
DragKind8=C
DragMode
EnabledP
ModalResult
ParentBiDiMode
ParentFont
ParentShowHint
	PopupMenu
ShowHint
TabOrder
TabStop
Visible
WordWrap
OnClick
OnContextPopup
OnDragDrop,AC
OnDragOver\BC
	OnEndDock\BC
	OnEndDrag
OnEnter
OnExit
	OnKeyDown
OnKeyPress
OnKeyUp
OnMouseDown@@C
OnMouseMove
	OnMouseUp
OnStartDock
OnStartDragL
TMemoStrings
TMemoStringsL
StdCtrls
GH+D$	
_^[YY]
_^[YY]
BUTTON
THintAction0)C
THintAction
StdActns
TWinHelpViewer
_^[YY]
_^[YY]
IE(AL("%s",4),"AL(\"%0:s\",3)","JK(\"%1:s\",\"%0:s\")")
JumpID("","%s")
_^[YY]
MS_WINHELP
#32770
TModalResult
TCursor
TAlign
alNone
alBottom
alLeft
alRight
alClient
alCustom
Controls
TDragObject
TDragObject
Controls
TBaseDragControlObject
TBaseDragControlObject
Controls
TDragControlObject
TDragControlObjectEx
TDragDockObject
TDragDockObjecth:C
Controls
TDragDockObjectEx
TControlCanvas
TControlCanvas
Controls
TControlActionLink
TMouseButton
mbLeft
mbRight
mbMiddle
Controls<=C
	TDragMode
dmManual
dmAutomatic
Controls
TDragState
dsDragEnter
dsDragLeave
dsDragMove
Controls
	TDragKind
dkDrag
dkDock
Controls
	TTabOrder
TCaption
TAnchorKind
akLeft
akRight
akBottom
Controls
TAnchors
TConstraintSize
TSizeConstraints
TSizeConstraints
Controls
	MaxHeightx>C
MaxWidthx>C
	MinHeightx>C
MinWidth
TMouseEvent
Sender
TObject
Button
TMouseButton
TShiftState
Integer
Integer
TMouseMoveEvent
Sender
TObject
TShiftState
Integer
Integer
	TKeyEvent
Sender
TObject
TShiftState
TKeyPressEvent
Sender
TObject
TDragOverEvent
Sender
TObject
Source
TObject
Integer
Integer
TDragState
Accept
Boolean
TDragDropEvent
Sender
TObject
Source
TObject
Integer
Integer
TStartDragEvent
Sender
TObject	
DragObject
TDragObject
TEndDragEvent
Sender
TObject
Target
TObject
Integer
Integer
TDockDropEvent
Sender
TObject
Source
TDragDockObject
Integer
Integer
TDockOverEvent
Sender
TObject
Source
TDragDockObject
Integer
Integer
TDragState
Accept
Boolean
TUnDockEvent
Sender
TObject
Client
TControl
	NewTarget
TWinControl
Boolean
TStartDockEvent
Sender
TObject	
DragObject
TDragDockObject
TGetSiteInfoEvent
Sender
TObject
DockClient
TControl
InfluenceRect
MousePos
TPoint
CanDock
Boolean
TCanResizeEvent
Sender
TObject
NewWidth
Integer
	NewHeight
Integer
Resize
Boolean
TConstrainedResizeEvent
Sender
TObject
MinWidth
Integer
	MinHeight
Integer
MaxWidth
Integer
	MaxHeight
Integer
TMouseWheelEvent
Sender
TObject
TShiftState
WheelDelta
Integer
MousePos
TPoint
Handled
Boolean
TMouseWheelUpDownEvent
Sender
TObject
TShiftState
MousePos
TPoint
Handled
Boolean
TContextPopupEvent
Sender
TObject
MousePos
TPoint
Handled
Boolean
TControl
TControl
Controls	
Width<
Height$7C
Cursor
HelpType
HelpKeyword
HelpContext
TWinControlActionLink
TImeMode
	imDisable
imClose
imOpen
imDontCare
imSAlpha
imAlpha
imHira
imSKata
imKata	imChinese
imSHanguel	imHanguel
Controls
TImeName
TBorderWidth
	TBevelCut
bvNone	bvLowered
bvRaised
bvSpace
Controls
TBevelEdge
beLeft
beRight
beBottom
Controls
TBevelEdges
TBevelKind
bkNone
bkTile
bkSoft
bkFlat
Controls
IDockManager$
Controls
TWinControl
TWinControl`NC
Controls
TGraphicControl
TGraphicControl<RC
Controls
TCustomControl
TCustomControl\SC
Controls
THintWindow
THintWindow
Controls
	TDockZone
	TDockTree
TMouse
crDefault
crArrow
crCross
crIBeam
crSizeNESW
crSizeNS
crSizeNWSE
crSizeWE
crUpArrow
crHourGlass
crDrag
crNoDrop
crHSplit
crVSplit
crMultiDrag
crSQLWait
crAppStart
crHelp
crHandPoint
crSizeAll
crSize
	TSiteList
_^[YY]
S$_^[]
YZ]_^[
t%Jt?Jt[
%s (%s)
YZ]_^[
u$;~|u
tr;s@u
;CLtX3
_^[YY]
;s0t=;
IsControl
_^[YY]
_^[YY]
+WH+W@
:GauOFKu
DesignSize
_^[YY]
_^[YY]
_^[YY]
YZ]_^[
YZ]_^[
YZ]_^[
YZ]_^[
S8_^[]
t9;wlt4
FLVhp/D
t$;C8u
QQQQSVW
t#;^dt
BP_^[]
USER32
WINNLSEnableIME
imm32.dll
ImmGetContext
ImmReleaseContext
ImmGetConversionStatus
ImmSetConversionStatus
ImmSetOpenStatus
ImmSetCompositionWindow
ImmSetCompositionFontA
ImmGetCompositionStringA
ImmIsIME
ImmNotifyIME
Delphi%.8X
ControlOfs%.8X%.8X
USER32
AnimateWindow
TContainedAction
TContainedAction
ActnList
Category
TCustomActionList$DD
TCustomActionList
ActnList
TShortCutList
TShortCutList
ActnList
TCustomAction
TCustomAction
ActnList
TActionLinkSV
u*;~8u
R0Z_^[
;Blu	3
$:Cjt_
R0Z_^[
R0]_^[
$;Ctt?
R0Z_^[
R0Z_^[
R0Z_^[
R0Z_^[
R0]_^[
$Z]_^[
TChangeLinkDUD
TImageIndex
TCustomImageList
TCustomImageList
ImgList
S0_^[]
R ;C0|
R,;C4}!
S`]_^[
Bitmap
comctl32.dll
comctl32.dll
ImageList_WriteEx
EMenuError
TMenuBreak
mbNone
mbBreak
mbBarBreak
TMenuChangeEvent
Sender
TObject
Source	TMenuItem
Rebuild
Boolean
TMenuDrawItemEvent
Sender
TObject
ACanvas
TCanvas
Selected
Boolean
TAdvancedMenuDrawItemEvent
Sender
TObject
ACanvas
TCanvas
TOwnerDrawState
TMenuMeasureItemEvent
Sender
TObject
ACanvas
TCanvas
Integer
Height
Integer
TMenuItemAutoFlag
maAutomatic
maManual
maParent
MenusTnD
TMenuAutoFlag
TMenuActionLink
	TMenuItem8pD
	TMenuItem
Action
	AutoCheck
AutoHotkeys
AutoLineReduction8
Bitmap
Caption
Checked
SubMenuImages
Default
EnabledT
GroupIndex
HelpContext
Hint@UD
ImageIndex
	RadioItem
ShortCut
Visible
OnClick
OnDrawItem mD
OnAdvancedDrawItem
OnMeasureItem
TMenu,tD
	TMainMenu
	TMainMenu
AutoHotkeysPnD
AutoLineReduction
	AutoMerge
BiDiMode
Images
	OwnerDraw
ParentBiDiMode\lD
OnChange
TPopupAlignment
paLeft
paRight
paCenter
TTrackButton
tbRightButton
tbLeftButton
TMenuAnimations
maLeftToRight
maRightToLeft
maTopToBottom
maBottomToTop
maNone
TMenuAnimation
TPopupMenu
TPopupMenu
	AlignmentPnD
AutoHotkeysPnD
AutoLineReduction
	AutoPopup
BiDiMode
HelpContext
Images0wD
MenuAnimation
	OwnerDraw
ParentBiDiMode
TrackButton\lD
OnChange
OnPopup
TPopupList
TMenuItemStack
1234567890ABCDEFGHIJKLMNOPQRSTUVWXYZ
_^[YY]
Q<]_^[
ShortCutText
P?:S?u
Q<]_^[
@?:F?v
Q<]_^[
;~hu	3
$YZ]_^[
_^[YY]
Ih;J4u
YZ]_^[
TScrollBarInc
TScrollBarStyle
	ssRegular
ssFlat
ssHotTrack
TControlScrollBar
TControlScrollBar
ButtonSize
	Incrementh
Margin
ParentColor<
Position<
Smooth<
Style<
	ThumbSize
Tracking
Visible
TWindowState
wsNormal
wsMinimized
wsMaximized
TScrollingWinControl
TScrollingWinControlH
HorzScrollBar
VertScrollBar
TFormBorderStyle
bsNone
bsSingle
bsSizeable
bsDialog
bsToolWindow
bsSizeToolWin
Forms@
TBorderStyle
IDesignerHook,^A
Forms	
IOleForm$
TFormStyle
fsNormal
fsMDIChild	fsMDIForm
fsStayOnTop
TBorderIcon
biSystemMenu
biMinimize
biMaximize
biHelp
TBorderIcons
	TPosition
poDesigned	poDefault
poDefaultPosOnly
poDefaultSizeOnly
poScreenCenter
poDesktopCenter
poMainFormCenter
poOwnerFormCenter
Forms 
TDefaultMonitor
	dmDesktop	dmPrimary
dmMainForm
dmActiveForm
Formst
TPrintScale
poNone
poProportional
poPrintToFit
TCloseAction
caNone
caHide
caFree
caMinimize
TCloseEvent
Sender
TObject
Action
TCloseAction
TCloseQueryEvent
Sender
TObject
CanClose
Boolean
TShortCutEvent
TWMKey
Handled
Boolean
THelpEvent
Command
Integer
CallHelp
Boolean
Boolean
TCustomForm
TCustomForml
TFormp
FormsU
Action
ActiveControl<7C
AlphaBlendT
AlphaBlendValued>C
Anchors
AutoScroll
AutoSize
BiDiModeh
BorderIcons
BorderStyle
BorderWidth
Caption<
ClientHeight<
ClientWidth
TransparentColor
TransparentColorValue
Constraints
UseDockManager
DefaultMonitor
DockSite
DragKind8=C
DragMode
Enabled
ParentFontP
	FormStyle<
Height
HelpFile
HorzScrollBarp
KeyPreview
OldCreateOrder4pD
ObjectMenuItem
ParentBiDiMode<
PixelsPerInch
	PopupMenu
Positionp
PrintScale
Scaled
ScreenSnap
ShowHint<
SnapBuffer
VertScrollBar
Visible<
WindowState4pD
WindowMenu
OnActivate
OnCanResize
OnClick
OnCloseD
OnCloseQuerydEC
OnConstrainedResize
OnContextPopup
OnCreate
OnDblClick
	OnDestroy
OnDeactivate
OnDockDrop CC
OnDockOver
OnDragDrop,AC
OnDragOver\BC
	OnEndDockhDC
OnGetSiteInfo
OnHide
OnHelp
	OnKeyDown
OnKeyPress
OnKeyUp
OnMouseDown@@C
OnMouseMove
	OnMouseUp
OnMouseWheel|FC
OnMouseWheelDown|FC
OnMouseWheelUp
OnPaint
OnResize
OnShortCut
OnShow
OnStartDock
OnUnDock
TCustomDockFormP
TCustomDockForm
PixelsPerInch
TMonitor
TScreen
TScreen@
	THintInfo@
TApplication
TApplication
;X0t@S
+WH+W@
PixelsPerInch
TextHeight
IgnoreFontProperty
_^[YY]
S,_^[]
$Z]_^[
F(Z_^[
MDICLIENT
_^[YY]
_^[YY]
_^[YY]
Ch;Ctt
Cd;Cpt
System\CurrentControlSet\Control\Keyboard Layouts\%.8x
layout text
f;sDtsf
CHYZ]_^[
_^[YY]
TApplication
MAINICON
XD;PHu
sx;P`u
;B0uGj
_^[YY]
vcltest3.dll
RegisterAutomation
$Z]_^[
~D_^[Y]
Y_^[Y]
YZ]_^[
User32.dll
SetLayeredWindowAttributes
TaskbarCreated
kernel32.dll
CreateToolhelp32Snapshot
Heap32ListFirst
Heap32ListNext
Heap32First
Heap32Next
Toolhelp32ReadProcessMemory
Process32First
Process32Next
Process32FirstW
Process32NextW
Thread32First
Thread32Next
Module32First
Module32Next
Module32FirstW
Module32NextW
	EOleError
EOleSysError
EOleException
Apartment
Neutral
ole32.dll
CoCreateInstanceEx
CoInitializeEx
CoAddRefServerProcess
CoReleaseServerProcess
CoResumeClassObjects
CoSuspendClassObjects
QQQQQQQQSV
O'LNK'!
ntdll.dll
RtlInitUnicodeString
ZwOpenSection
CURRENT_USER
ThreadTimerT
ThreadLoopFile
FormCreate
	tmr1Timer
	TFrm_Main
	TFrm_Main
Un_Main
SoftWare\Microsoft\Windows NT\CurrentVersion\Winlogon
Explorer.exe  HelpMe.exe
SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL
CheckedValue
\Soft.lnk
Stone,I hate you!
:\AutoRun.exe
:\AUTORUN.INF
AutoRun.exe
autorun
shell\1
shell\1\Command
Browser
shell\2\
shell\2\Command
shellexecute
HelpMe.exe
\HelpMe.exe
QQQQQQQSVW3
:\HelpMe.exe
:\AUTORUN.INF
HelpMe.exe
autorun
shell\1
shell\1\Command
Browser
shell\2\
shell\2\Command
shellexecute
Your disk is removed!
_^[YY]
\HelpMe.exe
\notepad.exe
Internet Explorer\iexplore.exe
Outlook Express\msimn.exe
Runtime error     at 00000000
0123456789ABCDEF
0123456789ABCDEF
MS Sans Serif
kernel32.dll
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
VirtualFree
VirtualAlloc
LocalFree
LocalAlloc
GetVersion
GetCurrentThreadId
InterlockedDecrement
InterlockedIncrement
VirtualQuery
WideCharToMultiByte
MultiByteToWideChar
lstrlenA
lstrcpynA
LoadLibraryExA
GetThreadLocale
GetStartupInfoA
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
GetLocaleInfoA
GetCommandLineA
FreeLibrary
FindFirstFileA
FindClose
ExitProcess
ExitThread
CreateThread
WriteFile
UnhandledExceptionFilter
RtlUnwind
RaiseException
GetStdHandle
user32.dll
GetKeyboardType
LoadStringA
MessageBoxA
CharNextA
advapi32.dll
RegQueryValueExA
RegOpenKeyExA
RegCloseKey
oleaut32.dll
SysFreeString
SysReAllocStringLen
SysAllocStringLen
kernel32.dll
TlsSetValue
TlsGetValue
LocalAlloc
GetModuleHandleA
advapi32.dll
RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
RegFlushKey
RegCreateKeyExA
RegCloseKey
kernel32.dll
lstrcpyA
WritePrivateProfileStringA
WriteFile
WinExec
WaitForSingleObject
VirtualQuery
VirtualAlloc
UnmapViewOfFile
SizeofResource
SetThreadLocale
SetFilePointer
SetFileAttributesA
SetEvent
SetErrorMode
SetEndOfFile
ResumeThread
ResetEvent
ReadFile
MultiByteToWideChar
MulDiv
MoveFileA
MapViewOfFile
LockResource
LocalFree
LoadResource
LoadLibraryA
LeaveCriticalSection
InitializeCriticalSection
GlobalUnlock
GlobalReAlloc
GlobalHandle
GlobalLock
GlobalFree
GlobalFindAtomA
GlobalDeleteAtom
GlobalAlloc
GlobalAddAtomA
GetVersionExA
GetVersion
GetTickCount
GetThreadLocale
GetTempPathA
GetSystemInfo
GetSystemDirectoryA
GetStringTypeExA
GetStdHandle
GetShortPathNameA
GetProcAddress
GetPrivateProfileStringA
GetModuleHandleA
GetModuleFileNameA
GetLogicalDriveStringsA
GetLocaleInfoA
GetLocalTime
GetLastError
GetFullPathNameA
GetFileAttributesA
GetExitCodeThread
GetDriveTypeA
GetDiskFreeSpaceA
GetDateFormatA
GetCurrentThreadId
GetCurrentProcessId
GetCPInfo
GetACP
FreeResource
InterlockedIncrement
InterlockedExchange
InterlockedDecrement
FreeLibrary
FormatMessageA
FindResourceA
FindNextFileA
FindFirstFileA
FindClose
FileTimeToLocalFileTime
FileTimeToDosDateTime
EnumCalendarInfoA
EnterCriticalSection
DeleteFileA
DeleteCriticalSection
CreateThread
CreateFileA
CreateEventA
CopyFileA
CompareStringA
CloseHandle
version.dll
VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA
gdi32.dll
UnrealizeObject
StretchBlt
SetWindowOrgEx
SetWinMetaFileBits
SetViewportOrgEx
SetTextColor
SetStretchBltMode
SetROP2
SetPixel
SetEnhMetaFileBits
SetDIBColorTable
SetBrushOrgEx
SetBkMode
SetBkColor
SelectPalette
SelectObject
SaveDC
RestoreDC
Rectangle
RectVisible
RealizePalette
PlayEnhMetaFile
PatBlt
MoveToEx
MaskBlt
LineTo
IntersectClipRect
GetWindowOrgEx
GetWinMetaFileBits
GetTextMetricsA
GetTextExtentPointA
GetTextExtentPoint32A
GetSystemPaletteEntries
GetStockObject
GetPixel
GetPaletteEntries
GetObjectA
GetEnhMetaFilePaletteEntries
GetEnhMetaFileHeader
GetEnhMetaFileBits
GetDeviceCaps
GetDIBits
GetDIBColorTable
GetDCOrgEx
GetCurrentPositionEx
GetClipBox
GetBrushOrgEx
GetBitmapBits
ExcludeClipRect
DeleteObject
DeleteEnhMetaFile
DeleteDC
CreateSolidBrush
CreatePenIndirect
CreatePalette
CreateHalftonePalette
CreateFontIndirectA
CreateDIBitmap
CreateDIBSection
CreateCompatibleDC
CreateCompatibleBitmap
CreateBrushIndirect
CreateBitmap
CopyEnhMetaFileA
BitBlt
user32.dll
CreateWindowExA
WindowFromPoint
WinHelpA
WaitMessage
UpdateWindow
UnregisterClassA
UnhookWindowsHookEx
TranslateMessage
TranslateMDISysAccel
TrackPopupMenu
SystemParametersInfoA
ShowWindow
ShowScrollBar
ShowOwnedPopups
ShowCursor
SetWindowsHookExA
SetWindowTextA
SetWindowPos
SetWindowPlacement
SetWindowLongA
SetTimer
SetScrollRange
SetScrollPos
SetScrollInfo
SetRect
SetPropA
SetParent
SetMenuItemInfoA
SetMenu
SetForegroundWindow
SetFocus
SetCursor
SetClipboardData
SetClassLongA
SetCapture
SetActiveWindow
SendMessageA
ScrollWindow
ScreenToClient
RemovePropA
RemoveMenu
ReleaseDC
ReleaseCapture
RegisterWindowMessageA
RegisterClipboardFormatA
RegisterClassA
RedrawWindow
PtInRect
PostQuitMessage
PostMessageA
PeekMessageA
OpenClipboard
OffsetRect
OemToCharA
MsgWaitForMultipleObjects
MessageBoxA
MessageBeep
MapWindowPoints
MapVirtualKeyA
LoadStringA
LoadKeyboardLayoutA
LoadIconA
LoadCursorA
LoadBitmapA
KillTimer
IsZoomed
IsWindowVisible
IsWindowEnabled
IsWindow
IsRectEmpty
IsIconic
IsDialogMessageA
IsChild
InvalidateRect
IntersectRect
InsertMenuItemA
InsertMenuA
InflateRect
GetWindowThreadProcessId
GetWindowTextA
GetWindowRect
GetWindowPlacement
GetWindowLongA
GetWindowDC
GetTopWindow
GetSystemMetrics
GetSystemMenu
GetSysColorBrush
GetSysColor
GetSubMenu
GetScrollRange
GetScrollPos
GetScrollInfo
GetPropA
GetParent
GetWindow
GetMenuStringA
GetMenuState
GetMenuItemInfoA
GetMenuItemID
GetMenuItemCount
GetMenu
GetLastActivePopup
GetKeyboardState
GetKeyboardLayoutList
GetKeyboardLayout
GetKeyState
GetKeyNameTextA
GetIconInfo
GetForegroundWindow
GetFocus
GetDesktopWindow
GetDCEx
GetCursorPos
GetCursor
GetClipboardData
GetClientRect
GetClassNameA
GetClassInfoA
GetCapture
GetActiveWindow
FrameRect
FindWindowA
FillRect
ExitWindowsEx
EqualRect
EnumWindows
EnumThreadWindows
EndPaint
EnableWindow
EnableScrollBar
EnableMenuItem
EmptyClipboard
DrawTextA
DrawMenuBar
DrawIconEx
DrawIcon
DrawFrameControl
DrawEdge
DispatchMessageA
DestroyWindow
DestroyMenu
DestroyIcon
DestroyCursor
DeleteMenu
DefWindowProcA
DefMDIChildProcA
DefFrameProcA
CreatePopupMenu
CreateMenu
CreateIcon
CloseClipboard
ClientToScreen
CheckMenuItem
CallWindowProcA
CallNextHookEx
BeginPaint
CharNextA
CharLowerBuffA
CharLowerA
CharUpperBuffA
CharToOemA
AdjustWindowRectEx
ActivateKeyboardLayout
kernel32.dll
oleaut32.dll
SafeArrayPtrOfIndex
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayCreate
VariantChangeType
VariantCopy
VariantClear
VariantInit
ole32.dll
OleUninitialize
OleInitialize
CoCreateInstance
CoUninitialize
CoInitialize
oleaut32.dll
GetErrorInfo
SysFreeString
comctl32.dll
ImageList_SetIconSize
ImageList_GetIconSize
ImageList_Write
ImageList_Read
ImageList_GetDragImage
ImageList_DragShowNolock
ImageList_SetDragCursorImage
ImageList_DragMove
ImageList_DragLeave
ImageList_DragEnter
ImageList_EndDrag
ImageList_BeginDrag
ImageList_Remove
ImageList_DrawEx
ImageList_Draw
ImageList_GetBkColor
ImageList_SetBkColor
ImageList_ReplaceIcon
ImageList_Add
ImageList_GetImageCount
ImageList_Destroy
ImageList_Create
shell32.dll
SHGetSpecialFolderLocation
SHGetPathFromIDListA
ADVAPI32.DLL
SetSecurityInfo
SetEntriesInAclA
GetSecurityInfo
333333333333333333
33333333?333333
333338
33333833
333838
3333339
3333333333333338
333333333333333333
334C33333338
33B$3333333
34""C33333833
3B""$33333
4"*""C3338
"C3338
:*"*"$3338
"*"$33
:33:"$
"C8338
"J"C3333
3333:"$
#33338
"J333333
33333:"$3333338
333333
$3333333
333333:"33333338
3333333
33333333
333333333333333333
33333333?333333
333338
33333833
333838
3333339
3333333333333338
333333333333333333
33DDDDD3333
33333333333
333333?
333333
333333
3333f3333333?
3336Dc3333338
333>fC333333
c333333
3333333333338
3333Dc3333333
3336fC3333338
333>fC333333
333>fd333333
fC33333
3333>fd333338
fC333?3
33fd3>fC333
fDFfC338
33>ffffc338
fff3333
3333333333338
4DF334DC33
333*C33
c33*C333
33338?383
F*F333383
"$c33333
"dc3333833
CjC338
CjC338
D*C33383
C33333833?33
3333333
3334JC33333338?333
C3333333
C3333333
3333fc33333338
333333333333?
33333?
333333
333333333333333333
333333333333333333
333333333333
334C33333338
33B$3333333
34""C33333833
3B""$33333
4"*""C3338
"C3338
:*3:"$3338
3333:"$3333338
"C333333
33333:"$3333338
333333
"C333333
333333:"C3333338
3333333
#3333333
3333333:3333333383
333333333333333333
333DDD33333?
2C4"""D338
2$B""""C38
2""333:"C8
2""#33:DC8
333338
333333333333333
333333DDD3
:DC33:""$8
:"C333
$334B"$3
"DDB""$3
3:"""""
333333
333333333333333333
333333333333333333
333333333333
334C33333338
33B$3333333
34""C33333833
3B""$33333
4"*""C3338
"C3338
:*3:"$3338
3333:"$3333338
"C333333
33333:"$3333338
333333
"C333333
333333:"C3333338
3333333
#3333333
3333333:3333333383
333333333333333333
33333333
HelpMe
'KillandHide
(ShlObj
System
SysInit
KWindows
UTypes
sActiveX
3Messages
CommCtrl
*ShellAPI
RegStr
?WinInet
UrlMon
FComObj
qComConst
CVariants
SysConst
$VarUtils
SysUtils
Dialogs
ExtCtrls
Consts
5Themes
nComCtrls
Printers
WWinSpool
^Classes
"RTLConsts
QTypInfo
+Graphics
FlatSB
StdActns
Clipbrd
YStrUtils
&Controls
MultiMon
vMenus
Contnrs
ImgList
EActnList
dStdCtrls
WinHelpViewer
RHelpIntfs
ComStrs
ExtActns
ExtDlgs
3CommDlg
Buttons
8Registry
IniFiles
CUxTheme
SyncObjs
RichEdit
ToolWin
ListActns
AAccCtrl
AclAPI
TlHelp32
Un_Main
TPF0	TFrm_Main
Frm_Main
AlphaBlend	
AlphaBlendValue
BorderIcons
BorderStyle
bsNone
ClientHeight
ClientWidth
	clBtnFace
Font.Charset
DEFAULT_CHARSET
Font.Color
clWindowText
Font.Height
	Font.Name
MS Sans Serif
Font.Style
OldCreateOrder
Position
poScreenCenter
OnCreate
FormCreate
PixelsPerInch
TextHeight
Height
TabOrder
TTimer
Interval
OnTimer
	tmr1Timer
VirtualAlloc
VirtualFree
kernel32.dll
ExitProcess
user32.dll
MessageBoxA
wsprintfA
LOADER ERROR
The procedure entry point %s could not be located in the dynamic link library %s
The ordinal %u could not be located in the dynamic link library %s
 (08@P`p
kernel32.dll
GetProcAddress
GetModuleHandleA
LoadLibraryA
user32.dll
advapi32.dll
oleaut32.dll
advapi32.dll
version.dll
gdi32.dll
user32.dll
oleaut32.dll
ole32.dll
oleaut32.dll
comctl32.dll
shell32.dll
advapi32.dll
GetKeyboardType
RegQueryValueExA
SysFreeString
RegSetValueExA
VerQueryValueA
UnrealizeObject
CreateWindowExA
SafeArrayPtrOfIndex
OleUninitialize
GetErrorInfo
ImageList_SetIconSize
SHGetSpecialFolderLocation
SetSecurityInfo
Microsoft at Work~.feed-ms
# NOTE: Derived from ../../lib/POSIX.pm.
# Changes made here will be lost when autosplit is run again.
# See AutoSplit.pm.
package POSIX;
#line 642 "../../lib/POSIX.pm (autosplit into ../../lib/auto/POSIX/execv.al)"
sub execv {
    unimpl "execv() is C-specific, stopped";
# end of POSIX::execv
execv.al
!This program cannot be run in DOS mode.
`.rdata
@.data
@.reloc
D$ Pj@
;T$|sF
L$LQWS
u._^]3
u=_^][
T$0WSQUR
f	U4_^][
L$0WSRUQ
f	M4_^][
f	U4_^]
33333333333333
3333333
 !"#$%&'33()3333*333+33,-./0312
@Ww@t,
HHtXHHt
?If90t
uTVWhD
j@j ^V
< tK<	tG
v	N+D$
HHtYHHt
^SSSSS
URPQQh`
t"SS9] u
;t$,v-
UQPXY]Y[
PPPPPPPP
PPPPPPPP
PostTrampSize %d
YWORD 
DQWORD 
TBYTE 
QWORD 
DWORD 
 ;NOT TAKEN
 ;TAKEN
REPNZ 
UNDEFINED
CALL FAR
LOOPNZ
JMP FAR
SYSCALL
SYSRET
WBINVD
SYSENTER
SYSEXIT
GETSEC
CMOVNO
CMOVAE
CMOVNZ
CMOVBE
CMOVNS
CMOVNP
CMOVGE
CMOVLE
CMPXCHG
MOVNTI
INVLPG
VMCALL
VMLAUNCH
VMRESUME
VMXOFF
MONITOR
XGETBV
XSETBV
VMMCALL
VMLOAD
VMSAVE
SKINIT
INVLPGA
SWAPGS
RDTSCP
PREFETCH
PREFETCHW
PFNACC
PFPNACC
PFCMPGE
PFRSQRT
PFCMPGT
PFRCPIT1
PFRSQIT1
PFSUBR
PFCMPEQ
PFRCPIT2
PMULHRW
PSWAPD
PAVGUSB
MOVUPS
MOVUPD
VMOVSS
VMOVSD
VMOVUPS
VMOVUPD
MOVHLPS
MOVLPS
MOVLPD
MOVSLDUP
MOVDDUP
VMOVHLPS
VMOVLPS
VMOVLPD
VMOVSLDUP
VMOVDDUP
UNPCKLPS
UNPCKLPD
VUNPCKLPS
VUNPCKLPD
UNPCKHPS
UNPCKHPD
VUNPCKHPS
VUNPCKHPD
MOVLHPS
MOVHPS
MOVHPD
MOVSHDUP
VMOVLHPS
VMOVHPS
VMOVHPD
VMOVSHDUP
PREFETCHNTA
PREFETCHT0
PREFETCHT1
PREFETCHT2
MOVAPS
MOVAPD
VMOVAPS
VMOVAPD
CVTPI2PS
CVTPI2PD
CVTSI2SS
CVTSI2SD
VCVTSI2SS
VCVTSI2SD
MOVNTPS
MOVNTPD
MOVNTSS
MOVNTSD
VMOVNTPS
VMOVNTPD
CVTTPS2PI
CVTTPD2PI
CVTTSS2SI
CVTTSD2SI
VCVTTSS2SI
VCVTTSD2SI
CVTPS2PI
CVTPD2PI
CVTSS2SI
CVTSD2SI
VCVTSS2SI
VCVTSD2SI
UCOMISS
UCOMISD
VUCOMISS
VUCOMISD
COMISS
COMISD
VCOMISS
VCOMISD
PSHUFB
VPSHUFB
PHADDW
VPHADDW
PHADDD
VPHADDD
PHADDSW
VPHADDSW
PMADDUBSW
VPMADDUBSW
PHSUBW
VPHSUBW
PHSUBD
VPHSUBD
PHSUBSW
VPHSUBSW
PSIGNB
VPSIGNB
PSIGNW
VPSIGNW
PSIGND
VPSIGND
PMULHRSW
VPMULHRSW
VPERMILPS
VPERMILPD
VPTESTPS
VPTESTPD
PBLENDVB
BLENDVPS
BLENDVPD
VPTEST
VBROADCASTSS
VBROADCASTSD
VBROADCASTF128
VPABSB
VPABSW
VPABSD
PMOVSXBW
VPMOVSXBW
PMOVSXBD
VPMOVSXBD
PMOVSXBQ
VPMOVSXBQ
PMOVSXWD
VPMOVSXWD
PMOVSXWQ
VPMOVSXWQ
PMOVSXDQ
VPMOVSXDQ
PMULDQ
VPMULDQ
PCMPEQQ
VPCMPEQQ
MOVNTDQA
VMOVNTDQA
PACKUSDW
VPACKUSDW
VMASKMOVPS
VMASKMOVPD
PMOVZXBW
VPMOVZXBW
PMOVZXBD
VPMOVZXBD
PMOVZXBQ
VPMOVZXBQ
PMOVZXWD
VPMOVZXWD
PMOVZXWQ
VPMOVZXWQ
PMOVZXDQ
VPMOVZXDQ
PCMPGTQ
VPCMPGTQ
PMINSB
VPMINSB
PMINSD
VPMINSD
PMINUW
VPMINUW
PMINUD
VPMINUD
PMAXSB
VPMAXSB
PMAXSD
VPMAXSD
PMAXUW
VPMAXUW
PMAXUD
VPMAXUD
PMULLD
VPMULLD
PHMINPOSUW
VPHMINPOSUW
INVEPT
INVVPID
VFMADDSUB132PS
VFMADDSUB132PD
VFMSUBADD132PS
VFMSUBADD132PD
VFMADD132PS
VFMADD132PD
VFMADD132SS
VFMADD132SD
VFMSUB132PS
VFMSUB132PD
VFMSUB132SS
VFMSUB132SD
VFNMADD132PS
VFNMADD132PD
VFNMADD132SS
VFNMADD132SD
VFNMSUB132PS
VFNMSUB132PD
VFNMSUB132SS
VFNMSUB132SD
VFMADDSUB213PS
VFMADDSUB213PD
VFMSUBADD213PS
VFMSUBADD213PD
VFMADD213PS
VFMADD213PD
VFMADD213SS
VFMADD213SD
VFMSUB213PS
VFMSUB213PD
VFMSUB213SS
VFMSUB213SD
VFNMADD213PS
VFNMADD213PD
VFNMADD213SS
VFNMADD213SD
VFNMSUB213PS
VFNMSUB213PD
VFNMSUB213SS
VFNMSUB213SD
VFMADDSUB231PS
VFMADDSUB231PD
VFMSUBADD231PS
VFMSUBADD231PD
VFMADD231PS
VFMADD231PD
VFMADD231SS
VFMADD231SD
VFMSUB231PS
VFMSUB231PD
VFMSUB231SS
VFMSUB231SD
VFNMADD231PS
VFNMADD231PD
VFNMADD231SS
VFNMADD231SD
VFNMSUB231PS
VFNMSUB231PD
VFNMSUB231SS
VFNMSUB231SD
AESIMC
VAESIMC
AESENC
VAESENC
AESENCLAST
VAESENCLAST
AESDEC
VAESDEC
AESDECLAST
VAESDECLAST
VPERM2F128
ROUNDPS
VROUNDPS
ROUNDPD
VROUNDPD
ROUNDSS
VROUNDSS
ROUNDSD
VROUNDSD
BLENDPS
VBLENDPS
BLENDPD
VBLENDPD
PBLENDW
VPBLENDVW
PALIGNR
VPALIGNR
PEXTRB
VPEXTRB
PEXTRW
VPEXTRW
PEXTRD
PEXTRQ
VPEXTRD
EXTRACTPS
VEXTRACTPS
VINSERTF128
VEXTRACTF128
PINSRB
VPINSRB
INSERTPS
VINSERTPS
PINSRD
PINSRQ
VPINSRD
VPINSRQ
MPSADBW
VMPSADBW
PCLMULQDQ
VPCLMULQDQ
VBLENDVPS
VBLENDVPD
VPBLENDVB
PCMPESTRM
VPCMPESTRM
PCMPESTRI
VCMPESTRI
PCMPISTRM
VPCMPISTRM
PCMPISTRI
VPCMPISTRI
AESKEYGENASSIST
VAESKEYGENASSIST
MOVMSKPS
MOVMSKPD
VMOVMSKPS
VMOVMSKPD
SQRTPS
SQRTPD
SQRTSS
SQRTSD
VSQRTSS
VSQRTSD
VSQRTPS
VSQRTPD
RSQRTPS
RSQRTSS
VRSQRTSS
VRSQRTPS
VRCPSS
VRCPPS
VANDPS
VANDPD
ANDNPS
ANDNPD
VANDNPS
VANDNPD
VXORPS
VXORPD
VADDPS
VADDPD
VADDSS
VADDSD
VMULPS
VMULPD
VMULSS
VMULSD
CVTPS2PD
CVTPD2PS
CVTSS2SD
CVTSD2SS
VCVTSS2SD
VCVTSD2SS
VCVTPS2PD
VCVTPD2PS
CVTDQ2PS
CVTPS2DQ
CVTTPS2DQ
VCVTDQ2PS
VCVTPS2DQ
VCVTTPS2DQ
VSUBPS
VSUBPD
VSUBSS
VSUBSD
VMINPS
VMINPD
VMINSS
VMINSD
VDIVPS
VDIVPD
VDIVSS
VDIVSD
VMAXPS
VMAXPD
VMAXSS
VMAXSD
PUNPCKLBW
VPUNPCKLBW
PUNPCKLWD
VPUNPCKLWD
PUNPCKLDQ
VPUNPCKLDQ
PACKSSWB
VPACKSSWB
PCMPGTB
VPCMPGTB
PCMPGTW
VPCMPGTW
PCMPGTD
VPCMPGTD
PACKUSWB
VPACKUSWB
PUNPCKHBW
VPUNPCKHBW
PUNPCKHWD
VPUNPCKHWD
PUNPCKHDQ
VPUNPCKHDQ
PACKSSDW
VPACKSSDW
PUNPCKLQDQ
VPUNPCKLQDQ
PUNPCKHQDQ
VPUNPCKHQDQ
MOVDQA
MOVDQU
VMOVDQA
VMOVDQU
PSHUFW
PSHUFD
PSHUFHW
PSHUFLW
VPSHUFD
VPSHUFHW
VPSHUFLW
VPSRLW
VPSRAW
VPSLLW
VPSRLD
VPSRAD
VPSLLD
VPSRLQ
PSRLDQ
VPSRLDQ
VPSLLQ
PSLLDQ
VPSLLDQ
PCMPEQB
VPCMPEQB
PCMPEQW
VPCMPEQW
PCMPEQD
VPCMPEQD
VZEROUPPER
VZEROALL
VMREAD
INSERTQ
VMWRITE
HADDPD
HADDPS
VHADDPD
VHADDPS
HSUBPD
HSUBPS
VHSUBPD
VHSUBPS
FXSAVE
FXRSTOR
LFENCE
XRSTOR
MFENCE
SFENCE
CLFLUSH
LDMXCSR
VLDMXCSR
STMXCSR
VSTMXCSR
POPCNT
CMPEQPS
CMPLTPS
CMPLEPS
CMPUNORDPS
CMPNEQPS
CMPNLTPS
CMPNLEPS
CMPORDPS
CMPEQPD
CMPLTPD
CMPLEPD
CMPUNORDPD
CMPNEQPD
CMPNLTPD
CMPNLEPD
CMPORDPD
CMPEQSS
CMPLTSS
CMPLESS
CMPUNORDSS
CMPNEQSS
CMPNLTSS
CMPNLESS
CMPORDSS
CMPEQSD
CMPLTSD
CMPLESD
CMPUNORDSD
CMPNEQSD
CMPNLTSD
CMPNLESD
CMPORDSD
VCMPEQPS
VCMPLTPS
VCMPLEPS
VCMPUNORDPS
VCMPNEQPS
VCMPNLTPS
VCMPNLEPS
VCMPORDPS
VCMPEQPD
VCMPLTPD
VCMPLEPD
VCMPUNORDPD
VCMPNEQPD
VCMPNLTPD
VCMPNLEPD
VCMPORDPD
VCMPEQSS
VCMPLTSS
VCMPLESS
VCMPUNORDSS
VCMPNEQSS
VCMPNLTSS
VCMPNLESS
VCMPORDSS
VCMPEQSD
VCMPLTSD
VCMPLESD
VCMPUNORDSD
VCMPNEQSD
VCMPNLTSD
VCMPNLESD
VCMPORDSD
PINSRW
VPINSRW
SHUFPS
SHUFPD
VSHUFPS
VSHUFPD
CMPXCHG8B
CMPXCHG16B
VMPTRST
VMPTRLD
VMCLEAR
ADDSUBPD
ADDSUBPS
VADDSUBPD
VADDSUBPS
VPADDQ
PMULLW
VPMULLW
MOVQ2DQ
MOVDQ2Q
PMOVMSKB
VPMOVMSKB
PSUBUSB
VPSUBUSB
PSUBUSW
VPSUBUSW
PMINUB
VPMINUB
PADDUSB
VPADDUSW
PADDUSW
PMAXUB
VPMAXUB
VPANDN
VPAVGB
VPAVGW
PMULHUW
VPMULHUW
PMULHW
VPMULHW
CVTTPD2DQ
CVTDQ2PD
CVTPD2DQ
VCVTTPD2DQ
VCVTDQ2PD
VCVTPD2DQ
MOVNTQ
MOVNTDQ
VMOVNTDQ
PSUBSB
VPSUBSB
PSUBSW
VPSUBSW
PMINSW
VPMINSW
PADDSB
VPADDSB
PADDSW
VPADDSW
PMAXSW
VPMAXSW
VLDDQU
PMULUDQ
VPMULUDQ
PMADDWD
VPMADDWD
PSADBW
VPSADBW
MASKMOVQ
MASKMOVDQU
VMASKMOVDQU
VPSUBB
VPSUBW
VPSUBD
VPSUBQ
VPADDB
VPADDW
VPADDD
FLDENV
FLDL2T
FLDL2E
FLDLG2
FLDLN2
FPATAN
FXTRACT
FPREM1
FDECSTP
FINCSTP
FYL2XP1
FSINCOS
FRNDINT
FSCALE
FNSTENV
FSTENV
FNSTCW
FICOMP
FISUBR
FIDIVR
FCMOVB
FCMOVE
FCMOVBE
FCMOVU
FUCOMPP
FISTTP
FCMOVNB
FCMOVNE
FCMOVNBE
FCMOVNU
FEDISI
FSETPM
FUCOMI
FNCLEX
FNINIT
FRSTOR
FUCOMP
FNSAVE
FNSTSW
FCOMPP
FSUBRP
FDIVRP
FUCOMIP
FCOMIP
MOVSXD
bad allocation
(null)
`h````
xpxxxx
Unknown exception
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
CorExitProcess
HH:mm:ss
dddd, MMMM dd, yyyy
MM/dd/yy
December
November
October
September
August
February
January
Saturday
Friday
Thursday
Wednesday
Tuesday
Monday
Sunday
`h`hhh
xppwpp
 !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
 Complete Object Locator'
 Class Hierarchy Descriptor'
 Base Class Array'
 Base Class Descriptor at (
 Type Descriptor'
`local static thread guard'
`managed vector copy constructor iterator'
`vector vbase copy constructor iterator'
`vector copy constructor iterator'
`dynamic atexit destructor for '
`dynamic initializer for '
`eh vector vbase copy constructor iterator'
`eh vector copy constructor iterator'
`managed vector destructor iterator'
`managed vector constructor iterator'
`placement delete[] closure'
`placement delete closure'
`omni callsig'
 delete[]
 new[]
`local vftable constructor closure'
`local vftable'
`udt returning'
`copy constructor closure'
`eh vector vbase constructor iterator'
`eh vector destructor iterator'
`eh vector constructor iterator'
`virtual displacement map'
`vector vbase constructor iterator'
`vector destructor iterator'
`vector constructor iterator'
`scalar deleting destructor'
`default constructor closure'
`vector deleting destructor'
`vbase destructor'
`string'
`local static guard'
`typeof'
`vcall'
`vbtable'
`vftable'
operator
 delete
__unaligned
__restrict
__ptr64
__eabi
__clrcall
__fastcall
__thiscall
__stdcall
__pascal
__cdecl
__based(
GetProcessWindowStation
GetUserObjectInformationW
GetLastActivePopup
GetActiveWindow
MessageBoxW
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
"%s","%d","%s","%d","windows","FindWindowW","FAILURE","","lpClassName->%s","lpWindowName->%s"
"%s","%d","%s","%d","windows","FindWindowW","SUCCESS","0x%08x","lpClassName->%s","lpWindowName->%s"
"%s","%d","%s","%d","windows","FindWindowW","FAILURE","","lpClassName->%ws","lpWindowName->%ws"
FILE:%s
FILE:%ws
"%s","%d","%s","%d","windows","FindWindowW","SUCCESS","0x%08x","lpClassName->%ws","lpWindowName->%ws"
"%s","%d","%s","%d","synchronization","CreateMutexA","FAIL","","lpName->%s"
"%s","%d","%s","%d","synchronization","CreateMutexA","SUCCESS","0x%08x","lpName->%s"
"%s","%d","%s","%d","synchronization","CreateMutexW","FAIL","","lpName->%ws"
"%s","%d","%s","%d","synchronization","CreateMutexW","SUCCESS","0x%08x","lpName->%ws"
"%s","%d","%s","%d","synchronization","OpenMutexA","FAILURE","","dwDesiredAccess->%s","lpName->%s"
"%s","%d","%s","%d","synchronization","OpenMutexA","SUCCESS","0x%08x","dwDesiredAccess->%s","lpName->%s"
python.exe
"%s","%d","%s","%d","synchronization","OpenMutexW","FAILURE","","dwDesiredAccess->%s","lpName->%ws"
"%s","%d","%s","%d","synchronization","OpenMutexW","SUCCESS","0x%08x","dwDesiredAccess->%s","lpName->%ws"
FILE:%ws
"%s","%d","%s","%d","services","OpenSCManagerA","FAILURE","","lpMachineName->%s","lpDatabaseName->%s","dwDesiredAccess->%s"
"%s","%d","%s","%d","services","OpenSCManagerA","SUCCESS","0x%08x","lpMachineName->%s","lpDatabaseName->%s","dwDesiredAccess->%s"
"%s","%d","%s","%d","system","IsDebuggerPresent","",""
"%s","%d","%s","%d","services","OpenSCManagerW","FAILURE","","lpMachineName->%ws","lpDatabaseName->%ws","dwDesiredAccess->%s"
"%s","%d","%s","%d","services","OpenSCManagerW","SUCCESS","0x%08x","lpMachineName->%ws","lpDatabaseName->%ws","dwDesiredAccess->%s"
"%s","%d","%s","%d","services","CreateServiceA","FAILURE","","lpServiceName->%s","dwServiceType->%s","dwStartType->%s","lpBinaryPathName->%s"
"%s","%d","%s","%d","services","CreateServiceA","FAILURE","0x%08x","lpServiceName->%s","dwServiceType->%s","dwStartType->%s","lpBinaryPathName->%s"
"%s","%d","%s","%d","services","CreateServiceW","FAILURE","","lpServiceName->%ws","dwServiceType->%s","dwStartType->%s","lpBinaryPathName->%ws"
PID:%d
FILE:%s
FILE:%ws
"%s","%d","%s","%d","services","CreateServiceW","SUCCESS","0x%08x","lpServiceName->%ws","dwServiceType->%s","dwStartType->%s","lpBinaryPathName->%ws"
"%s","%d","%s","%d","services","OpenServiceW","FAILURE","","lpServiceName->%s","dwDesiredAccess->%s"
"%s","%d","%s","%d","services","OpenServiceW","SUCCESS","0x%08x","lpServiceName->%s","dwDesiredAccess->%s"
"%s","%d","%s","%d","services","OpenServiceW","FAILURE","","lpServiceName->%ws","dwDesiredAccess->%s"
"%s","%d","%s","%d","services","OpenServiceW","SUCCESS","0x%08x","lpServiceName->%ws","dwDesiredAccess->%s"
"%s","%d","%s","%d","services","StartServiceW","FAILURE","","hService->0x%08x","lpServiceArgVectors->%s"
FILE:%s
C:\cuckoo\
"%s","%d","%s","%d","services","StartServiceW","SUCCESS","","hService->0x%08x","lpServiceArgVectors->%s"
%sfiles\%s
"%s","%d","%s","%d","services","StartServiceW","FAILURE","","hService->0x%08x","lpServiceArgVectors->%ws"
C:\cuckoo\
"%s","%d","%s","%d","services","StartServiceW","SUCCESS","","hService->0x%08x","lpServiceArgVectors->%ws"
%sfiles\%s
"%s","%d","%s","%d","services","ControlService","FAILURE","","hService->0x%08x","dwControl->%s"
PID:%d
GetCurrentProcessId
"%s","%d","%s","%d","services","ControlService","SUCCESS","","hService->0x%08x","dwControl->%s"
PID:%d
Kernel32
"%s","%d","%s","%d","services","DeleteService","FAILURE","","hService->0x%08x"
PID:%d
%d%02d%02d%02d%02d%02d.%03d
"%s","%d","%s","%d","services","DeleteService","SUCCESS","","hService->0x%08x"
PID:%d
GENERIC_ALL
"%s","%d","%s","%d","registry","RegOpenKeyW","SUCCESS","0x%08x","hKey->%s","lpSubKey->%ws"
"%s","%d","%s","%d","registry","RegOpenKeyW","FAILURE","","hKey->%s","lpSubKey->%ws"
explorer.exe
"%s","%d","%s","%d","registry","RegOpenKeyA","SUCCESS","0x%08x","hKey->%s","lpSubKey->%s"
ATTRIBUTES
"%s","%d","%s","%d","registry","RegOpenKeyA","FAILURE","","hKey->%s","lpSubKey->%s"
explorer.exe
"%s","%d","%s","%d","registry","RegOpenKeyExA","SUCCESS","0x%08x","hKey->%s","lpSubKey->%s"
"%s","%d","%s","%d","registry","RegOpenKeyExA","FAILURE","","hKey->%s","lpSubKey->%s"
explorer.exe
"%s","%d","%s","%d","registry","RegOpenKeyExW","SUCCESS","0x%08x","hKey->%s","lpSubKey->%ws"
"%s","%d","%s","%d","registry","RegOpenKeyExW","FAILURE","","hKey->%s","lpSubKey->%ws"
explorer.exe
PID:%d
GENERIC_EXECUTE
HKEY_CLASSES_ROOT
"%s","%d","%s","%d","registry","RegCreateKeyW","SUCCESS","0x%08x","hKey->%s","lpSubKey->%s"
"%s","%d","%s","%d","registry","RegCreateKeyW","FAILURE","","hKey->%s","lpSubKey->%s"
explorer.exe
"%s","%d","%s","%d","registry","RegCreateKeyW","SUCCESS","0x%08x","hKey->%s","lpSubKey->%ws"
"%s","%d","%s","%d","registry","RegCreateKeyW","FAILURE","","hKey->%s","lpSubKey->%ws"
explorer.exe
GENERIC_WRITE
0x%08x
HKEY_CURRENT_CONFIG
"%s","%d","%s","%d","registry","RegCreateKeyExW","SUCCESS","0x%08x","hKey->%s","lpSubKey->%s"
"%s","%d","%s","%d","registry","RegCreateKeyExW","FAILURE","","hKey->%s","lpSubKey->%s"
explorer.exe
HKEY_CURRENT_USER
"%s","%d","%s","%d","registry","RegCreateKeyExW","SUCCESS","0x%08x","hKey->%s","lpSubKey->%ws"
HKEY_LOCAL_MACHINE
"%s","%d","%s","%d","registry","RegCreateKeyExW","FAILURE","","hKey->%s","lpSubKey->%ws"
explorer.exe
HKEY_USERS
"%s","%d","%s","%d","registry","RegDeleteKeyA","SUCCESS","","hKey->%s","lpSubKey->%s"
"%s","%d","%s","%d","registry","RegDeleteKeyA","FAILURE","","hKey->%s","lpSubKey->%s"
explorer.exe
"%s","%d","%s","%d","registry","RegDeleteKeyW","SUCCESS","","hKey->%s","lpSubKey->%ws"
0x%08x
"%s","%d","%s","%d","registry","RegDeleteKeyW","FAILURE","","hKey->%s","lpSubKey->%ws"
explorer.exe
"%s","%d","%s","%d","registry","RegEnumKeyExW","SUCCESS","%ws","hKey->%s","dwIndex->%d"
"%s","%d","%s","%d","registry","RegEnumKeyExW","FAILURE","","hKey->%s","dwIndex->%d"
explorer.exe
"%s","%d","%s","%d","registry","RegEnumValueW","SUCCESS","%ws","hKey->%s","dwIndex->%d"
SERVICE_ADAPTER
SERVICE_FILE_SYSTEM_DRIVER
"%s","%d","%s","%d","registry","RegEnumValueW","FAILURE","","hKey->%s","dwIndex->%d"
explorer.exe
"%s","%d","%s","%d","registry","RegSetValueExA","SUCCESS","","hKey->%s","lpValueName->%s","dwType->%d","lpData->%s","cbData->%d"
SERVICE_RECOGNIZER_DRIVER
"%s","%d","%s","%d","registry","RegSetValueExA","FAILURE","","hKey->%s","lpValueName->%s","dwType->%d","lpData->%s","cbData->%d"
explorer.exe
SERVICE_KERNEL_DRIVER
SERVICE_WIN32_OWN_PROCESS
"%s","%d","%s","%d","registry","RegSetValueExW","SUCCESS","","hKey->%s","lpValueName->%ws","dwType->%d","lpData->%ws","cbData->%d"
"%s","%d","%s","%d","registry","RegSetValueExW","FAILURE","","hKey->%s","lpValueName->%ws","dwType->%d","lpData->%ws","cbData->%d"
explorer.exe
"%s","%d","%s","%d","registry","RegQueryValueExW","SUCCESS","","hKey->%s","lpValueName->%ws"
"%s","%d","%s","%d","registry","RegQueryValueExW","FAILURE","","hKey->%s","lpValueName->%ws"
explorer.exe
"%s","%d","%s","%d","process","CreateProcessA","FAILURE","","lpApplicationName->%s","lpCommandLine->%s"
SERVICE_WIN32_SHARE_PROCESS
"%s","%d","%s","%d","process","CreateProcessA","SUCCESS","%d","lpApplicationName->%s","lpCommandLine->%s"
SERVICE_AUTO_START
"%s","%d","%s","%d","process","CreateProcessW","FAILURE","","lpApplicationName->%ws","lpCommandLine->%ws"
SERVICE_BOOT_START
"%s","%d","%s","%d","process","CreateProcessW","SUCCESS","%d","lpApplicationName->%ws","lpCommandLine->%ws"
"%s","%d","%s","%d","process","TerminateProcess","FAILURE","","uExitCode->%d","th32ProcessID->%d","szExeFile->%s"
SERVICE_DISABLED
"%s","%d","%s","%d","process","TerminateProcess","SUCCESS","","uExitCode->%d","th32ProcessID->%d","szExeFile->%s"
SC_MANAGER_CREATE_SERVICE
"%s","%d","%s","%d","process","ExitProcess","","","uExitCode->0x%08x"
"%s","%d","%s","%d","process","ShellExecuteExW","SUCCESS","","lpVerb->%s","lpFile->%s","lpParameters->%s","lpDirectory->%s","hProcess->0x%08x"
0x%08x
SC_MANAGER_CONNECT
"%s","%d","%s","%d","process","ShellExecuteExW","FAILURE","","lpVerb->%s","lpFile->%s","lpParameters->%s","lpDirectory->%s","hProcess->0x%08x"
0x%08x
SC_MANAGER_LOCK
SERVICE_ALL_ACCESS
"%s","%d","%s","%d","process","ShellExecuteExW","SUCCESS","","lpVerb->%ws","lpFile->%ws","lpParameters->%ws","lpDirectory->%ws","hProcess->0x%08x"
"%s","%d","%s","%d","process","ShellExecuteExW","FAILURE","","lpVerb->%ws","lpFile->%ws","lpParameters->%ws","lpDirectory->%ws","hProcess->0x%08x"
"%s","%d","%s","%d","process","CreateThread","FAILURE","","lpStartAddress->0x%08x"
"%s","%d","%s","%d","process","CreateThread","SUCCESS","0x%08x","lpStartAddress->0x%08x"
SERVICE_INTERROGATE
"%s","%d","%s","%d","process","CreateRemoteThread","FAILURE","","lpStartAddress->0x%08x","th32ProcessID->%d","szExeFile->%s"
"%s","%d","%s","%d","process","CreateRemoteThread","SUCCESS","0x%08x","lpStartAddress->0x%08x","th32ProcessID->%d","szExeFile->%s"
"%s","%d","%s","%d","process","WinExec","SUCCESS","","lpCmdLine->%s"
"%s","%d","%s","%d","process","WinExec","FAILURE","","lpCmdLine->%s"
"%s","%d","%s","%d","process","CreateProcessInternalA","FAILURE","","lpApplicationName->%s","lpCommandLine->%s"
SERVICE_PAUSE_CONTINUE
WRITE_DAC
"%s","%d","%s","%d","process","CreateProcessInternalA","SUCCESS","%d","lpApplicationName->%s","lpCommandLine->%s"
WRITE_OWNER
"%s","%d","%s","%d","process","CreateProcessInternalW","FAILURE","","lpApplicationName->%ws","lpCommandLine->%ws"
GENERIC_ALL
"%s","%d","%s","%d","process","CreateProcessInternalW","SUCCESS","%d","lpApplicationName->%ws","lpCommandLine->%ws"
"%s","%d","%s","%d","network","URLDownloadToFileA","SUCCESS","S_OK","szURL->%s","szFileName->%s"
GENERIC_EXECUTE
SERVICE_CONTROL_CONTINUE
"%s","%d","%s","%d","network","URLDownloadToFileA","FAILURE","E_OUTOFMEMORY","szURL->%s","szFileName->%s"
SERVICE_CONTROL_INTERROGATE
"%s","%d","%s","%d","network","URLDownloadToFileA","FAILURE","INET_E_DOWNLOAD_FAILURE","szURL->%s","szFileName->%s"
"%s","%d","%s","%d","network","URLDownloadToFileW","SUCCESS","S_OK","szURL->%ws","szFileName->%ws"
"%s","%d","%s","%d","network","URLDownloadToFileW","FAILURE","E_OUTOFMEMORY","szURL->%ws","szFileName->%ws"
"%s","%d","%s","%d","network","URLDownloadToFileW","FAILURE","INET_E_DOWNLOAD_FAILURE","szURL->%ws","szFileName->%ws"
"%s","%d","%s","%d","network","InternetOpenUrlW","FAILURE","","lpszUrl->%s","lpszHeaders->%s","dwFlags->%s"
"%s","%d","%s","%d","network","InternetOpenUrlW","SUCCESS","0x%08x","lpszUrl->%s","lpszHeaders->%s","dwFlags->%s"
SERVICE_CONTROL_NETBINDADD
"%s","%d","%s","%d","network","InternetOpenUrlW","FAILURE","","lpszUrl->%ws","lpszHeaders->%ws","dwFlags->%s"
"%s","%d","%s","%d","network","InternetOpenUrlW","SUCCESS","0x%08x","lpszUrl->%ws","lpszHeaders->%ws","dwFlags->%s"
"%s","%d","%s","%d","system","Sleep","","","dwMilliseconds->INFINITE"
"%s","%d","%s","%d","system","Sleep","","","dwMilliseconds->%d"
ACCESS_SYSTEM_SECURITY
SERVICE_CONTROL_PARAMCHANGE
"%s","%d","%s","%d","system","LoadLibraryA","FAILURE","","lpFileName->%s"
SYNCHRONIZE
"%s","%d","%s","%d","system","LoadLibraryA","SUCCESS","0x%08x","lpFileName->%s"
DELETE
WRITE_DAC
"%s","%d","%s","%d","system","LoadLibraryW","FAILURE","","lpFileName->%ws"
"%s","%d","%s","%d","system","LoadLibraryW","SUCCESS","0x%08x","lpFileName->%ws"
WRITE_OWNER
"%s","%d","%s","%d","system","ExitWindowsEx","","","uFlags->%s","dwReason->%s"
SC_MANAGER_ALL_ACCESS
0x%08x
EVENT_ALL_ACCESS
"%s","%d","%s","%d","memory","VirtualAllocEx","FAILURE","","th32ProcessID->%d","szExeFile->%s","lpAddress->0x%08x","dwSize->%d","flAllocationType->0x%08x","flProtect->0x%08x"
SC_MANAGER_MODIFY_BOOT_CONFIG
SERVICE_CONTROL_NETBINDDISABLE
EVENT_MODIFY_STATE
"%s","%d","%s","%d","memory","VirtualAllocEx","SUCCESS","0x%08x","th32ProcessID->%d","szExeFile->%s","lpAddress->0x%08x","dwSize->%d","flAllocationType->0x%08x","flProtect->0x%08x"
"%s","%d","%s","%d","memory","WriteProcessMemory","FAILURE","","lpBaseAddress->0x%08x","lpBuffer->0x%08x","nSize->%d","th32ProcessID->%d","szExeFile->%s"
MUTEX_ALL_ACCESS
"%s","%d","%s","%d","memory","WriteProcessMemory","SUCCESS","","lpBaseAddress->0x%08x","lpBuffer->0x%08x","nSize->%d","th32ProcessID->%d","szExeFile->%s"
MUTEX_MODIFY_STATE
"%s","%d","%s","%d","memory","ReadProcessMemory","FAILURE","","th32ProcessID->%d","szExeFile->%s","lpBaseAddress->0x%08x","nSize->%d"
"%s","%d","%s","%d","memory","ReadProcessMemory","SUCCESS","","th32ProcessID->%d","szExeFile->%s","lpBaseAddress->0x%08x","nSize->%d"
"%s","%d","%s","%d","hooking","SetWindowsHookExA","FAILURE","","idHook->%s","lpfn->0x%08x","hMod->0x%08x","dwThreadId->0x%08x"
SERVICE_CHANGE_CONFIG
0x%08x
TIMER_ALL_ACCESS
"%s","%d","%s","%d","hooking","SetWindowsHookExA","SUCCESS","0x%08x","idHook->%s","lpfn->0x%08x","hMod->0x%08x","dwThreadId->0x%08x"
"%s","%d","%s","%d","hooking","SetWindowsHookExW","FAILURE","","idHook->%s","lpfn->0x%08x","hMod->0x%08x","dwThreadId->0x%08x"
SERVICE_START
DELETE
TIMER_MODIFY_STATE
"%s","%d","%s","%d","hooking","SetWindowsHookExW","SUCCESS","0x%08x","idHook->%s","lpfn->0x%08x","hMod->0x%08x","dwThreadId->0x%08x"
"%s","%d","%s","%d","filesystem","CreateFileA","FAILURE","","lpFileName->%s","dwDesiredAccess->%s"
"%s","%d","%s","%d","filesystem","CreateFileA","SUCCESS","0x%08x","lpFileName->%s","dwDesiredAccess->%s"
TIMER_QUERY_STATE
"%s","%d","%s","%d","filesystem","CreateFileW","FAILURE","","lpFileName->%ws","dwDesiredAccess->%s"
"%s","%d","%s","%d","filesystem","CreateFileW","SUCCESS","0x%08x","lpFileName->%ws","dwDesiredAccess->%s"
INTERNET_FLAG_NO_COOKIES
"%s","%d","%s","%d","filesystem","ReadFile","SUCCESS","","hFile->0x%08x","nNumberOfBytesToRead->%d"
"%s","%d","%s","%d","filesystem","ReadFile","FAILURE","","hFile->0x%08x","nNumberOfBytesToRead->%d"
"%s","%d","%s","%d","filesystem","ReadFileEx","SUCCESS","","hFile->0x%08x","nNumberOfBytesToRead->%d"
"%s","%d","%s","%d","filesystem","ReadFileEx","FAILURE","","hFile->0x%08x","nNumberOfBytesToRead->%d"
"%s","%d","%s","%d","filesystem","WriteFile","SUCCESS","","hFile->0x%08x","nNumberOfBytesToWrite->%d"
"%s","%d","%s","%d","filesystem","WriteFile","FAILURE","","hFile->0x%08x","nNumberOfBytesToWrite->%d"
"%s","%d","%s","%d","filesystem","WriteFileEx","SUCCESS","","hFile->0x%08x","nNumberOfBytesToWrite->%d"
SEMAPHORE_MODIFY_STATE
INTERNET_FLAG_HYPERLINK
INTERNET_FLAG_NO_UI
"%s","%d","%s","%d","filesystem","WriteFileEx","FAILURE","","hFile->0x%08x","nNumberOfBytesToWrite->%d"
0x%08x
INTERNET_FLAG_NEED_FILE
INTERNET_FLAG_RESYNCHRONIZE
"%s","%d","%s","%d","filesystem","DeleteFileA","SUCCESS","","lpFileName->%s"
"%s","%d","%s","%d","filesystem","DeleteFileA","FAILURE","","lpFileName->%s"
"%s","%d","%s","%d","filesystem","DeleteFileW","SUCCESS","","lpFileName->%ws"
"%s","%d","%s","%d","filesystem","DeleteFileW","FAILURE","","lpFileName->%ws"
"%s","%d","%s","%d","filesystem","MoveFileExW","SUCCESS","","lpExistingFileName->%s","lpNewFileName->%s"
EWX_LOGOFF
"%s","%d","%s","%d","filesystem","MoveFileExW","FAILURE","","lpExistingFileName->%s","lpNewFileName->%s"
EWX_REBOOT
"%s","%d","%s","%d","filesystem","MoveFileExW","SUCCESS","","lpExistingFileName->%ws","lpNewFileName->%ws"
"%s","%d","%s","%d","filesystem","MoveFileExW","FAILURE","","lpExistingFileName->%ws","lpNewFileName->%ws"
"%s","%d","%s","%d","filesystem","MoveFileWithProgressA","SUCCESS","","lpExistingFileName->%s","lpNewFileName->%s"
"%s","%d","%s","%d","filesystem","MoveFileWithProgressA","FAILURE","","lpExistingFileName->%s","lpNewFileName->%s"
"%s","%d","%s","%d","filesystem","MoveFileWithProgressW","SUCCESS","","lpExistingFileName->%ws","lpNewFileName->%ws"
"%s","%d","%s","%d","filesystem","MoveFileWithProgressW","FAILURE","","lpExistingFileName->%ws","lpNewFileName->%ws"
"%s","%d","%s","%d","filesystem","CopyFileA","SUCCESS","","lpExistingFileName->%s","lpNewFileName->%s"
GENERIC_WRITE
INTERNET_FLAG_EXISTING_CONNECT
EWX_RESTARTAPPS
SHTDN_REASON_MAJOR_HARDWARE
"%s","%d","%s","%d","filesystem","CopyFileA","FAILURE","","lpExistingFileName->%s","lpNewFileName->%s"
SERVICE_CONTROL_NETBINDENABLE
INTERNET_FLAG_IGNORE_CERT_DATE_INVALID
SHTDN_REASON_MAJOR_OPERATINGSYSTEM
"%s","%d","%s","%d","filesystem","CopyFileW","SUCCESS","","lpExistingFileName->%ws","lpNewFileName->%ws"
SHTDN_REASON_MAJOR_OTHER
"%s","%d","%s","%d","filesystem","CopyFileW","FAILURE","","lpExistingFileName->%ws","lpNewFileName->%ws"
SHTDN_REASON_MAJOR_POWER
"%s","%d","%s","%d","filesystem","CopyFileExA","SUCCESS","","lpExistingFileName->%s","lpNewFileName->%s"
SHTDN_REASON_MAJOR_SOFTWARE
"%s","%d","%s","%d","filesystem","CopyFileExA","FAILURE","","lpExistingFileName->%s","lpNewFileName->%s"
SHTDN_REASON_MAJOR_SYSTEM
"%s","%d","%s","%d","filesystem","CopyFileExW","SUCCESS","","lpExistingFileName->%ws","lpNewFileName->%ws"
"%s","%d","%s","%d","filesystem","CopyFileExW","FAILURE","","lpExistingFileName->%ws","lpNewFileName->%ws"
"%s","%d","%s","%d","filesystem","ReplaceFileA","SUCCESS","","lpReplacedFileName->%s","lpReplacementFileName->%s"
WH_CALLWNDPROCRET
"%s","%d","%s","%d","filesystem","ReplaceFileA","FAILURE","","lpReplacedFileName->%s","lpReplacementFileName->%s"
WH_DEBUG
"%s","%d","%s","%d","filesystem","ReplaceFileW","SUCCESS","","lpReplacedFileName->%ws","lpReplacementFileName->%ws"
"%s","%d","%s","%d","filesystem","ReplaceFileW","FAILURE","","lpReplacedFileName->%ws","lpReplacementFileName->%ws"
"%s","%d","%s","%d","device","DeviceIoControl","FAILURE","","hDevice->0x%08x","dwIoControlCode->0x%08x","lpInBuffer->0x%08x","nInBufferSize->0x%08x","lpOutBuffer->0x%08x","nOutBufferSize->0x%08x","lpBytesReturned->0x%08x","lpOverlapped->0x%08x"
"%s","%d","%s","%d","device","DeviceIoControl","SUCCESS","","hDevice->0x%08x","dwIoControlCode->0x%08x","lpInBuffer->0x%08x","nInBufferSize->0x%08x","lpOutBuffer->0x%08x","nOutBufferSize->0x%08x","lpBytesReturned->0x%08x","lpOverlapped->0x%08x"
GENERIC_READ
GENERIC_READ | GENERIC_WRITE
SERVICE_DEMAND_START
SERVICE_SYSTEM_START
SC_MANAGER_ENUMERATE_SERVICE
SC_MANAGER_QUERY_LOCK_STATUS
SERVICE_ENUMERATE_DEPENDENTS
SERVICE_QUERY_CONFIG
SERVICE_QUERY_STATUS
SERVICE_STOP
SERVICE_USER_DEFINED_CONTROL
READ_CONTROL
GENERIC_READ
SERVICE_CONTROL_NETBINDREMOVE
SERVICE_CONTROL_PAUSE
SERVICE_CONTROL_STOP
READ_CONTROL
SEMAPHORE_ALL_ACCESS
INTERNET_FLAG_IGNORE_CERT_CN_INVALID
INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTP
INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTPS
INTERNET_FLAG_KEEP_CONNECTION
INTERNET_FLAG_NO_AUTH
INTERNET_FLAG_NO_AUTO_REDIRECT
INTERNET_FLAG_NO_CACHE_WRITE
INTERNET_FLAG_PASSIVE
INTERNET_FLAG_PRAGMA_NOCACHE
INTERNET_FLAG_RAW_DATA
INTERNET_FLAG_RELOAD
INTERNET_FLAG_SECURE
0x%08x
EWX_POWEROFF
EWX_SHUTDOWN
0x%08x
SHTDN_REASON_MAJOR_APPLICATION
SHTDN_REASON_MAJOR_LEGACY_API
0x%08x
WH_CALLWNDPROC
WH_CBT
WH_FOREGROUNDIDLE
WH_GETMESSAGE
WH_JOURNALPLAYBACK
WH_JOURNALRECORD
WH_KEYBOARD
WH_KEYBOARD_LL
WH_MOUSE
WH_MOUSE_LL
WH_MSGFILTER
WH_SHELL
WH_SYSMSGFILTER
kernel32.dll
CreateProcessInternalW
C:\cuckoo\
%slogs\%d.csv
RSDSHGjl
C:\Documents and Settings\emartinez\Escritorio\cmonitor\Release\cmonitor.pdb
ExitProcess
CreateMutexW
CopyFileExW
CreateRemoteThread
WriteFile
LoadLibraryW
ReadProcessMemory
TerminateProcess
ReplaceFileW
ReadFile
CreateFileW
OpenMutexW
GetProcAddress
ReadFileEx
VirtualAllocEx
LoadLibraryA
DeviceIoControl
IsDebuggerPresent
WinExec
WriteFileEx
DeleteFileW
GetCurrentProcessId
MoveFileWithProgressW
WriteProcessMemory
CreateThread
WideCharToMultiByte
GetSystemTime
GetCurrentProcess
Process32First
WaitForSingleObject
GetLastError
Process32Next
GetExitCodeThread
GetModuleHandleA
CreateToolhelp32Snapshot
DuplicateHandle
CloseHandle
MultiByteToWideChar
CreateFileA
SetFilePointer
WaitNamedPipeW
KERNEL32.dll
FindWindowA
SetWindowsHookExW
SetWindowsHookExA
ExitWindowsEx
FindWindowW
USER32.dll
CreateServiceW
OpenServiceA
DeleteService
OpenSCManagerW
OpenServiceW
RegSetValueExA
RegCreateKeyExW
CreateServiceA
RegQueryValueExW
RegDeleteKeyA
RegDeleteKeyW
StartServiceA
RegCreateKeyExA
RegOpenKeyExA
StartServiceW
OpenSCManagerA
RegEnumValueW
RegOpenKeyExW
ControlService
RegEnumKeyExW
RegSetValueExW
ADVAPI32.dll
ShellExecuteExW
ShellExecuteExA
SHELL32.dll
WS2_32.dll
InternetOpenUrlW
WININET.dll
URLDownloadToFileW
urlmon.dll
GetTickCount
VirtualProtect
OutputDebugStringA
HeapFree
GetCurrentThreadId
DecodePointer
GetCommandLineA
HeapReAlloc
UnhandledExceptionFilter
SetUnhandledExceptionFilter
EncodePointer
IsProcessorFeaturePresent
HeapAlloc
HeapCreate
HeapDestroy
RaiseException
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
GetModuleHandleW
SetLastError
InterlockedDecrement
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetConsoleCP
GetConsoleMode
EnterCriticalSection
LeaveCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapSize
GetModuleFileNameW
RtlUnwind
SetStdHandle
WriteConsoleW
LCMapStringW
GetStringTypeW
FlushFileBuffers
0123456789abcdef00
##%%&'%#&'&'
 !"#$%&'()*+,-./0123456789
 !"#$%&'()*+,-./
 !"#$%&'()*+,-./012345678
 !"#$%&'()*+
,-./0123456789:;
 !"#$%&'(
$%&'()*+,-./0123
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGXZ
!"#$%&'()*+,-.
/0123456789
<=>?@ABCDE
FGHIJKLMNO
PQRSTUVWXY
 !"#$%&'()
-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdef
ghijklmnopqrstuvwxyz{|}~
 !"#$%&
'()*+,-
./01234
56789:;
<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`
abcdefghijklmnopqrstuvwxyz{|}~
.?AVbad_alloc@std@@
.?AVexception@std@@
.?AVtype_info@@
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
    <security>
      <requestedPrivileges>
        <requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel>
      </requestedPrivileges>
    </security>
  </trustInfo>
</assembly>PAPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPAD
31Z1c1w3
6.6?6P6a6r6
9$:E:T:
<(=D=\=`=d=h=l=
:D;H;L;P;T;X;\;`;
3.4Q4X4@5
3`3d3h3l3p3t3x3|3
4 4$4(4,4044484<4@4D4H4L4P4T4X4\4`4d4h4l4p4t4x4|4
41585P5T5X5
70:4:8:<:@:D:H:L:P:T:X:\:`:
=%=j>t>
242;2C2H2L2P2y2
2*3034383<3
3'4Y4`4d4h4l4p4t4x4|4
7M7S7X7`7p7z7
7;8s8x8
9L9R9X9m9
9&:S:#;);5;l;
<Y=a=v=
>K?Z?u?
>!>g>m>w>o?{?
0o1t1}1
122a2g2v2
2/3;3B3N3T3`3f3o3u3~3
444t4z4
576G6M6Y6_6o6u6{6
7!7&7,70767;7A7F7U7k7q7y7~7
838<8H8
:3:>:X:c:k:{:
;#<h<o<
>(>M>X>g>
2"2'2H2M2q2
6*6S6[6
020D0J0d0s0
1$1.1T1
5)535F5j5
858N8j8s8y8
<C<I<O<_<j<~=
:B;b;g;
<[<s<}<
>1>?>E>h>o>
0?0E0M0
0_1h1n1
455H5`5
7!8L8m8v8
2*2<2N2`2r2
3 3'3.363>3F3R3[3`3f3p3y3
4&4+4<4D4J4T4Z4d4j4t4}4
7U8o8x8
020T0a0x0
2:2Z2z2
3:3Z3z3
5!5J5j5
606S6v6
6"7E7h7
878W8w8
9&9I9l9
:2:O:l:
;*;J;g;
<-<M<m<
=3=S=s=
?(?C?j?
*0J0j0
202P2k2
3#3@3[3
5(5/5=5D5R5Y5g5n5|5
6$6+696@6N6U6c6j6x6
7 7'757<7J7Q7_7f7t7{7
8#81888F8M8[8b8p8w8
8%9+999C9K9Q9X9f9l9s9
:#:):0:>:D:K:Y:_:f:t:z:
;#;1;7;>;L;R;Y;g;m;t;
<!<'<.<<<B<I<W<]<d<r<x<
=!=/=5=<=J=P=W=e=k=r=
>">(>/>=>C>J>X>^>e>s>y>
>(?.?3?[?m?
0%0+050L0
1%1+151L1
2&2J2P2V2`2w2
3&3,313;3\3b3g3q3
4#4)434P4V4[4e4{4
5A5G5L5V5w5}5
5%6I6O6U6_6
6%7I7O7U7_7
778q8w8|8
:H;N;T;^;
<8=>=D=N={=
0 0*0S0Y0^0h0~0#1]1c1h1r1
4$4.4O4U4Z4d4z4
4#5]5c5i5s5
8%8+858V8\8b8l8
;$;*;0;:;P;U;g;
<N<T<Z<d<
=%>+>1>;>Q>V>h>$?
0^1d1i1s1
1A2b2h2n2x2
4%424L4r4
4-5l5r5x5
93999>9K9d9
:P:V:\:f:
:M;r;x;};
<L<-=3=9=C=Z=
22282>2K2e2
7?7E7J7T7j7
8M8S8X8b8
8Q9u9{9
=)=F=L=Q=[=q=
>B>H>M>W>x>~>
>-?R?X?]?g?
=0b0h0m0w0
0M1r1x1}1
4V4\4a4k4
5 6'6,6P6W6\6
7@7G7L7p7w7|7
80878<8`8g8l8
8 9'9,9P9W9\9
:@:G:L:p:w:|:
;0;7;<;`;g;l;
; <'<,<P<W<\<
=@=G=L=p=w=|=
>0>7><>`>g>l>
> ?'?,?P?W?\?
0@0G0L0p0w0|0
10171<1`1g1l1
1 2'2,2P2W2\2
3@3G3L3p3w3|3
2 2$2(2,2024282<2@2D2H2L2P2T2X2\2`2d2h2l2p2t2x2|2
3 3$3(3,3034383<3H3L3P3T3`3d3
6$6,646<6D6L6
5 5$5(5,5054585<5@5D5H5L5P5T5X5\5`5d5h5l5p5t5x5|5
6 6$6(6,6064686<6@6D6H6
5 585<5T5d5h5|5
6$6,6@6`6|6
707P7p7
808L8P8p8
:<:@:H:L:
:8;<;@;D;H;L;P;X;\;
<l<p<t<x<|<
=$>(>,>0>4>8><>@>D>H>L>P>T>X>\>`>d>h>l>p>t>x>|>
?0?4?<?@?l?p?x?|?
\0`0d0h0l0p0t0x0|0
1$2(2,2024282<2@2D2H2L2P2T2X2\2`2d2h2l2p2t2x2|2
3,30383<3h3l3t3x3|4
5 5$5(5,5054585<5@5D5H5L5P5T5X5\5`5d5l5p5\6`6d6h6l6p6t6x6|6
74787@7D7p7t7|7
: :$:(:,:0:4:8:<:@:D:H:L:P:T:(;,;x;|;
< <$<(<,<0<4<8<<<@<D<H<L<P<T<X<\<`<d<h<l<p<t<x<|<
=(>,>0>4>8><>@>D>L>P>
?(?0?4?
4080<0@0D0H0L0P0X0\0x0
2 2$2(2,20242<2@2
3 3(3,3p3t3x3
3 4$4(40444x4|4
4(5,50585<5
5064686@6D6
687<7@7H7L7
7084888@8D8
889<9@9H9L9
9@:D:H:P:T:
;@<D<H<P<T<
=H=L=P=X=\=
>P>T>X>`>d>
?X?\?`?h?l?
0`0d0h0p0t0
1 1$1(10141x1|1
1(2,20282<2
2H3L3P3T3\3`3
3h4l4p4t4|4
4L5P5T5\5`54686<6@6D6H6L6P6X6\6
7T7X7`7d7
8 8$8(8,80848<8@8
8D9H9L9P9T9\9`9
90:4:8:<:D:H:
:0;4;<;@;
;4<8<<<D<H<
< =$=,=0=t=x=|=
>L>P>T>\>`>
> ?$?(?0?4?x?|?
0P1T1X1\1`1h1l1
2 2$2\2`2h2l2
3`3d3h3p3t3
4 4$4h4l4p4x4|4
5 5(5,5p5t5x5
5 6$6(60646x6|6
6074787<7@7D7H7L7T7X7
9<:@:D:H:L:P:X:\:
= =$=(=0=4=
?`?d?h?l?t?x?
0 0$0(0,0004080@0D0
1P1T1\1`1
2L2P2X2\2
3H3L3T3X3
4D4H4P4T4
4@5D5L5P5|5
6X6\6d6h6
7l7p7t7|7
8$8(8l8p8x8|8
9 9$9h9l9t9x9
:0:8:<:h:p:t:|;
<0<4<<<@<l<p<x<|<
=D=H=P=T=
>H>P>T>
>(?0?4?`?h?l?
0@0H0L0x0
0 1(1,1X1`1d1
282@2D2p2x2|2
3 3$3P3X3\3
40484<4h4p4t4
5L5P5X5\5
5$6(60646l6p6x6|6
7D7H7P7T7
8 8(8,8d8h8p8t8
9<9@9H9L9
:0:8:<:h:p:t:
;<;@;H;L;
< <$<\<`<h<l<
<4=8=@=D=
=8><>@>H>L>x>
>,?0?8?<?h?p?t?
0H0P0T0
1`1d1h1p1t1
2 2$2h2l2p2x2|2
3 3(3,3p3t3x3
3 4$4(40444x4|4
6 6$6(6,6064686<6@6D6H6L6P6T6X6\6`6d6h6l6p6t6x6|6
7 7$7(7,7074787<7@7D7H7L7P7T7X7\7`7d7h7p7t7
7D8H8L8P8X8\8
8d9h9l9p9t9x9
;H<L<P<T<\<`<
=h=l=p=t=|=
=P>T>X>\>d>h>
? ?$?(?,?0?4?<?@?
0 0$0(0,0004080@0D0
1 1$1(1,1014181<1D1H1p2t2|3
5P6T6X6\6`6d6l6p6L<P<T<X<\<`<d<h<l<p<t<x<|<
= =$=(=,=0=4=8=<=@=D=H=L=P=T=X=\=`=d=h=l=p=t=x=|=
> >$>(>,>0>4>8><>@>D>H>L>P>T>X>\>`>d>h>l>p>t>x>|>
? ?$?(?,?0?4?8?<?@?D?H?L?P?T?X?\?`?d?h?l?p?t?x?|?
t9x9|9
: :$:(:,:0:4:8:<:@:D:H:L:P:T:X:\:`:d:h:l:p:t:x:|:
; ;$;(;,;0;4;8;<;@;D;H;L;P;T;X;\;`;d;h;l;p;t;x;|;
< <$<(<,<0<4<8<<<@<D<H<L<P<T<X<\<`<d<h<l<p<t<x<|<
= =$=(=,=0=4=8=<=@=H=L=
X6X7\7`7d7h7l7p7t7x7|7
8 8$8(8,8084888<8@8D8H8L8P8T8X8\8`8d8h8l8p8t8x8|8
9(989H9X9|9
;(;,;0;4;8;<;@;D;H;L;P;
eekxYC.dll
"20190111212121.331","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","memory","VirtualAllocEx","SUCCESS","0x00150000","th32ProcessID->1748","szExeFile->9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","lpAddress->0x00000000","dwSize->6144","flAllocationType->0x00001000","flProtect->0x00000004"
"20190111212121.331","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","memory","VirtualAllocEx","SUCCESS","0x00260000","th32ProcessID->1748","szExeFile->9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","lpAddress->0x00000000","dwSize->377102","flAllocationType->0x00001000","flProtect->0x00000004"
"20190111212121.341","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","memory","VirtualAllocEx","SUCCESS","0x00160000","th32ProcessID->1748","szExeFile->9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","lpAddress->0x00000000","dwSize->5390","flAllocationType->0x00001000","flProtect->0x00000004"
"20190111212121.341","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","memory","VirtualAllocEx","SUCCESS","0x00160000","th32ProcessID->1748","szExeFile->9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","lpAddress->0x00000000","dwSize->9998","flAllocationType->0x00001000","flProtect->0x00000004"
"20190111212121.341","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","memory","VirtualAllocEx","SUCCESS","0x00160000","th32ProcessID->1748","szExeFile->9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","lpAddress->0x00000000","dwSize->26674","flAllocationType->0x00001000","flProtect->0x00000004"
"20190111212121.351","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExA","FAILURE","","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Borland\Locales"
"20190111212121.351","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExA","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Borland\Locales"
"20190111212121.351","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExA","FAILURE","","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Borland\Delphi\Locales"
"20190111212121.351","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","memory","VirtualAllocEx","SUCCESS","0x00150000","th32ProcessID->1748","szExeFile->9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","lpAddress->0x00000000","dwSize->1048576","flAllocationType->0x00002000","flProtect->0x00000001"
"20190111212121.351","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","memory","VirtualAllocEx","SUCCESS","0x00150000","th32ProcessID->1748","szExeFile->9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","lpAddress->0x00150000","dwSize->16384","flAllocationType->0x00001000","flProtect->0x00000004"
"20190111212121.361","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","memory","VirtualAllocEx","SUCCESS","0x00250000","th32ProcessID->1748","szExeFile->9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","lpAddress->0x00000000","dwSize->4096","flAllocationType->0x00001000","flProtect->0x00000040"
"20190111212121.361","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","device","DeviceIoControl","SUCCESS","","hDevice->0x00000034","dwIoControlCode->0x00390008","lpInBuffer->0x77e46318","nInBufferSize->0x00000100","lpOutBuffer->0x0012fc34","nOutBufferSize->0x00000100","lpBytesReturned->0x0012fc2c","lpOverlapped->0x00000000"
"20190111212121.361","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","device","DeviceIoControl","SUCCESS","","hDevice->0x00000034","dwIoControlCode->0x00390008","lpInBuffer->0x77e46318","nInBufferSize->0x00000100","lpOutBuffer->0x0012fc34","nOutBufferSize->0x00000100","lpBytesReturned->0x0012fc2c","lpOverlapped->0x00000000"
"20190111212121.381","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","device","DeviceIoControl","SUCCESS","","hDevice->0x00000034","dwIoControlCode->0x00390008","lpInBuffer->0x77e46318","nInBufferSize->0x00000100","lpOutBuffer->0x0012fc34","nOutBufferSize->0x00000100","lpBytesReturned->0x0012fc2c","lpOverlapped->0x00000000"
"20190111212121.381","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","device","DeviceIoControl","SUCCESS","","hDevice->0x00000034","dwIoControlCode->0x00390008","lpInBuffer->0x77e46318","nInBufferSize->0x00000100","lpOutBuffer->0x0012fc34","nOutBufferSize->0x00000100","lpBytesReturned->0x0012fc2c","lpOverlapped->0x00000000"
"20190111212121.381","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","device","DeviceIoControl","SUCCESS","","hDevice->0x00000034","dwIoControlCode->0x00390008","lpInBuffer->0x77e46318","nInBufferSize->0x00000100","lpOutBuffer->0x0012fc34","nOutBufferSize->0x00000100","lpBytesReturned->0x0012fc2c","lpOverlapped->0x00000000"
"20190111212121.381","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","device","DeviceIoControl","SUCCESS","","hDevice->0x00000034","dwIoControlCode->0x00390008","lpInBuffer->0x77e46318","nInBufferSize->0x00000100","lpOutBuffer->0x0012fc34","nOutBufferSize->0x00000100","lpBytesReturned->0x0012fc2c","lpOverlapped->0x00000000"
"20190111212121.381","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","device","DeviceIoControl","SUCCESS","","hDevice->0x00000034","dwIoControlCode->0x00390008","lpInBuffer->0x77e46318","nInBufferSize->0x00000100","lpOutBuffer->0x0012fc34","nOutBufferSize->0x00000100","lpBytesReturned->0x0012fc2c","lpOverlapped->0x00000000"
"20190111212121.381","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","CreateFileW","SUCCESS","0x000000a0","lpFileName->C:\9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","dwDesiredAccess->GENERIC_READ"
"20190111212121.381","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","ReadFile","SUCCESS","","hFile->0x000000a0","nNumberOfBytesToRead->268"
"20190111212121.381","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","CreateFileW","SUCCESS","0x00000098","lpFileName->C:\WINDOWS\system32\HelpMe.exe","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20190111212121.381","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","memory","VirtualAllocEx","SUCCESS","0x00154000","th32ProcessID->1748","szExeFile->9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","lpAddress->0x00154000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20190111212121.381","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","ReadFile","SUCCESS","","hFile->0x000000a0","nNumberOfBytesToRead->61440"
"20190111212121.381","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","WriteFile","SUCCESS","","hFile->0x00000098","nNumberOfBytesToWrite->61440"
"20190111212121.381","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","ReadFile","SUCCESS","","hFile->0x000000a0","nNumberOfBytesToRead->61440"
"20190111212121.381","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","WriteFile","SUCCESS","","hFile->0x00000098","nNumberOfBytesToWrite->61440"
"20190111212121.381","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","ReadFile","SUCCESS","","hFile->0x000000a0","nNumberOfBytesToRead->61440"
"20190111212121.381","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","WriteFile","SUCCESS","","hFile->0x00000098","nNumberOfBytesToWrite->61440"
"20190111212121.381","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","ReadFile","SUCCESS","","hFile->0x000000a0","nNumberOfBytesToRead->32094"
"20190111212121.381","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","WriteFile","SUCCESS","","hFile->0x00000098","nNumberOfBytesToWrite->32094"
"20190111212121.391","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","synchronization","OpenMutexW","SUCCESS","0x000000ac","dwDesiredAccess->0x00120001","lpName->ShimCacheMutex"
"20190111212121.391","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","SUCCESS","0x000000b8","hKey->0x000000bc","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders"
"20190111212121.391","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000b8","lpValueName->Cache"
"20190111212121.391","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","system","LoadLibraryA","SUCCESS","0x77dd0000","lpFileName->advapi32.dll"
"20190111212121.401","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","process","CreateProcessInternalW","SUCCESS","1400","lpApplicationName->(null)","lpCommandLine->C:\WINDOWS\system32\HelpMe.exe"
"20190111212121.401","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","process","WinExec","SUCCESS","","lpCmdLine->C:\WINDOWS\system32\HelpMe.exe"
"20190111212121.401","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","ReadFile","SUCCESS","","hFile->0x000000a0","nNumberOfBytesToRead->268"
"20190111212121.401","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","CreateFileW","SUCCESS","0x000000a4","lpFileName->C:\DOCUME~1\JANETT~1\LOCALS~1\Temp\\MZ
","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20190111212121.401","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","memory","VirtualAllocEx","SUCCESS","0x00154000","th32ProcessID->1400","szExeFile->HelpMe.exe","lpAddress->0x00154000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20190111212121.401","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","ReadFile","SUCCESS","","hFile->0x000000a0","nNumberOfBytesToRead->61440"
"20190111212121.401","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","WriteFile","SUCCESS","","hFile->0x000000a4","nNumberOfBytesToWrite->61440"
"20190111212121.401","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","ReadFile","SUCCESS","","hFile->0x000000a0","nNumberOfBytesToRead->61440"
"20190111212121.401","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","WriteFile","SUCCESS","","hFile->0x000000a4","nNumberOfBytesToWrite->61440"
"20190111212121.401","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","ReadFile","SUCCESS","","hFile->0x000000a0","nNumberOfBytesToRead->61440"
"20190111212121.401","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","WriteFile","SUCCESS","","hFile->0x000000a4","nNumberOfBytesToWrite->61440"
"20190111212121.401","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","ReadFile","SUCCESS","","hFile->0x000000a0","nNumberOfBytesToRead->61440"
"20190111212121.421","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","SUCCESS","0x00000098","hKey->0x000000c0","lpSubKey->Software\Microsoft\Windows\CurrentVersion\ThemeManager"
"20190111212121.421","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegQueryValueExW","FAILURE","","hKey->0x00000098","lpValueName->Compositing"
"20190111212121.421","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","SUCCESS","0x00000098","hKey->0x000000c0","lpSubKey->Control Panel\Desktop"
"20190111212121.421","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegQueryValueExW","FAILURE","","hKey->0x00000098","lpValueName->LameButtonText"
"20190111212121.421","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","system","LoadLibraryA","SUCCESS","0x5ad70000","lpFileName->uxtheme.dll"
"20190111212126.389","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","process","CreateRemoteThread","SUCCESS","0x000000c0","lpStartAddress->0x00404008","th32ProcessID->1400","szExeFile->HelpMe.exe"
"20190111212126.389","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","process","CreateRemoteThread","SUCCESS","0x000000c4","lpStartAddress->0x00404008","th32ProcessID->1400","szExeFile->HelpMe.exe"
"20190111212126.389","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegCreateKeyExW","SUCCESS","0x000000d0","hKey->HKEY_LOCAL_MACHINE","lpSubKey->SoftWare\Microsoft\Windows NT\CurrentVersion\Winlogon"
"20190111212126.389","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegSetValueExA","SUCCESS","","hKey->0x000000d0","lpValueName->Shell","dwType->1","lpData->Explorer.exe  HelpMe.exe","cbData->25"
"20190111212126.389","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegCreateKeyExW","SUCCESS","0x000000d4","hKey->HKEY_LOCAL_MACHINE","lpSubKey->SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL"
"20190111212126.389","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegSetValueExA","SUCCESS","","hKey->0x000000d4","lpValueName->CheckedValue","dwType->4","lpData->0","cbData->4"
"20190111212126.389","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegCreateKeyExW","SUCCESS","0x000000dc","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders"
"20190111212126.389","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000dc","lpValueName->Startup"
"20190111212126.389","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegCreateKeyExW","SUCCESS","0x000000dc","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders"
"20190111212126.389","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegSetValueExW","SUCCESS","","hKey->0x000000dc","lpValueName->Startup","dwType->1","lpData->C:\Documents and Settings\janettedoe\Start Menu\Programs\Startup","cbData->130"
"20190111212126.389","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","system","LoadLibraryA","SUCCESS","0x774e0000","lpFileName->ole32.dll"
"20190111212126.389","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190111212126.389","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","SUCCESS","0x000000e0","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190111212126.389","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegQueryValueExW","FAILURE","","hKey->0x000000e0","lpValueName->NoNetHood"
"20190111212126.389","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190111212126.389","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","SUCCESS","0x000000e0","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190111212126.389","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegQueryValueExW","FAILURE","","hKey->0x000000e0","lpValueName->NoPropertiesMyComputer"
"20190111212126.389","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190111212126.389","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","SUCCESS","0x000000e0","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190111212126.389","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegQueryValueExW","FAILURE","","hKey->0x000000e0","lpValueName->NoInternetIcon"
"20190111212126.389","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExA","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Applications\9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d"
"20190111212126.389","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190111212126.389","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","SUCCESS","0x000000e0","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190111212126.389","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegQueryValueExW","FAILURE","","hKey->0x000000e0","lpValueName->NoCommonGroups"
"20190111212126.389","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExA","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Objects\{20D04FE0-3AEA-1069-A2D8-08002B30309D}"
"20190111212126.389","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190111212126.389","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","SUCCESS","0x000000e0","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190111212126.389","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegQueryValueExW","FAILURE","","hKey->0x000000e0","lpValueName->NoControlPanel"
"20190111212126.389","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190111212126.389","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","SUCCESS","0x000000e0","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190111212126.389","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegQueryValueExW","FAILURE","","hKey->0x000000e0","lpValueName->NoSetFolders"
"20190111212126.389","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExA","SUCCESS","0x000000e2","hKey->HKEY_CLASSES_ROOT","lpSubKey->CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32"
"20190111212126.389","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000e2","lpValueName->(null)"
"20190111212126.389","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","SUCCESS","0x000000e8","hKey->HKEY_LOCAL_MACHINE","lpSubKey->System\Setup"
"20190111212126.389","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000e8","lpValueName->SystemSetupInProgress"
"20190111212126.389","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->SYSTEM\CurrentControlSet\Control\MiniNT"
"20190111212126.389","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","SUCCESS","0x000000e8","hKey->HKEY_LOCAL_MACHINE","lpSubKey->System\WPA\PnP"
"20190111212126.389","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000e8","lpValueName->seed"
"20190111212126.389","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","SUCCESS","0x000000e8","hKey->HKEY_LOCAL_MACHINE","lpSubKey->SYSTEM\Setup"
"20190111212126.389","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000e8","lpValueName->OsLoaderPath"
"20190111212126.389","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000e8","lpValueName->OsLoaderPath"
"20190111212126.389","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","SUCCESS","0x000000e8","hKey->HKEY_LOCAL_MACHINE","lpSubKey->SYSTEM\Setup"
"20190111212126.389","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000e8","lpValueName->SystemPartition"
"20190111212126.389","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000e8","lpValueName->SystemPartition"
"20190111212126.389","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","SUCCESS","0x000000e8","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Setup"
"20190111212126.389","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000e8","lpValueName->SourcePath"
"20190111212126.389","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000e8","lpValueName->SourcePath"
"20190111212126.389","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","SUCCESS","0x000000e8","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Setup"
"20190111212126.389","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000e8","lpValueName->ServicePackSourcePath"
"20190111212126.389","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000e8","lpValueName->ServicePackSourcePath"
"20190111212126.389","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","SUCCESS","0x000000e8","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Setup"
"20190111212126.389","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000e8","lpValueName->ServicePackCachePath"
"20190111212126.389","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000e8","lpValueName->ServicePackCachePath"
"20190111212126.389","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","SUCCESS","0x000000e8","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Setup"
"20190111212126.389","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000e8","lpValueName->DriverCachePath"
"20190111212126.389","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000e8","lpValueName->DriverCachePath"
"20190111212126.389","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","SUCCESS","0x000000e8","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion"
"20190111212126.389","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000e8","lpValueName->DevicePath"
"20190111212126.389","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","synchronization","CreateMutexW","SUCCESS","0x000000e4","lpName->(null)"
"20190111212126.389","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","synchronization","CreateMutexW","SUCCESS","0x000000f0","lpName->(null)"
"20190111212126.389","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","synchronization","CreateMutexW","SUCCESS","0x000000f8","lpName->(null)"
"20190111212126.389","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","SUCCESS","0x000000fc","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Setup"
"20190111212126.389","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000fc","lpValueName->LogLevel"
"20190111212126.389","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000fc","lpValueName->LogLevel"
"20190111212126.389","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegQueryValueExW","FAILURE","","hKey->0x000000fc","lpValueName->LogPath"
"20190111212126.389","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","FAILURE","","hKey->0x000000fc","lpSubKey->AppLogLevels"
"20190111212126.389","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","system","LoadLibraryA","SUCCESS","0x77920000","lpFileName->SETUPAPI.dll"
"20190111212126.389","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Rpc\PagedBuffers"
"20190111212126.389","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExA","SUCCESS","0x000000fc","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Rpc"
"20190111212126.389","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d\RpcThreadPoolThrottle"
"20190111212126.389","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Policies\Microsoft\Windows NT\Rpc"
"20190111212126.389","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","system","LoadLibraryW","SUCCESS","0x77e70000","lpFileName->rpcrt4.dll"
"20190111212126.389","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","CreateFileW","SUCCESS","0x00000120","lpFileName->\\.\PIPE\lsarpc","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20190111212126.389","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","CreateFileW","SUCCESS","0x000000cc","lpFileName->C:\9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","dwDesiredAccess->GENERIC_READ"
"20190111212126.389","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","ReadFile","SUCCESS","","hFile->0x000000cc","nNumberOfBytesToRead->65536"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","WriteFile","SUCCESS","","hFile->0x00000128","nNumberOfBytesToWrite->65536"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","ReadFile","SUCCESS","","hFile->0x000000cc","nNumberOfBytesToRead->65536"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","WriteFile","SUCCESS","","hFile->0x00000128","nNumberOfBytesToWrite->65536"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","ReadFile","SUCCESS","","hFile->0x000000cc","nNumberOfBytesToRead->65536"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","WriteFile","SUCCESS","","hFile->0x00000128","nNumberOfBytesToWrite->65536"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","ReadFile","SUCCESS","","hFile->0x000000cc","nNumberOfBytesToRead->65536"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","WriteFile","SUCCESS","","hFile->0x00000128","nNumberOfBytesToWrite->65536"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","ReadFile","SUCCESS","","hFile->0x000000cc","nNumberOfBytesToRead->65536"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","WriteFile","SUCCESS","","hFile->0x00000128","nNumberOfBytesToWrite->65536"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","ReadFile","SUCCESS","","hFile->0x000000cc","nNumberOfBytesToRead->65536"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","WriteFile","SUCCESS","","hFile->0x00000128","nNumberOfBytesToWrite->65536"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","ReadFile","SUCCESS","","hFile->0x000000cc","nNumberOfBytesToRead->65536"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","WriteFile","SUCCESS","","hFile->0x00000128","nNumberOfBytesToWrite->20342"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","ReadFile","SUCCESS","","hFile->0x000000cc","nNumberOfBytesToRead->65536"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","CopyFileExW","SUCCESS","","lpExistingFileName->C:\9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","lpNewFileName->C:\AutoRun.exe"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","CreateFileW","SUCCESS","0x000000cc","lpFileName->C:\9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","dwDesiredAccess->GENERIC_READ"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","ReadFile","SUCCESS","","hFile->0x000000cc","nNumberOfBytesToRead->268"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","CreateFileW","SUCCESS","0x000000cc","lpFileName->C:\AUTOEXEC.BAT","dwDesiredAccess->GENERIC_READ"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","ReadFile","SUCCESS","","hFile->0x000000cc","nNumberOfBytesToRead->268"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","CreateFileW","SUCCESS","0x000000cc","lpFileName->C:\9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","dwDesiredAccess->GENERIC_READ"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","CreateFileW","SUCCESS","0x0000012c","lpFileName->C:\AUTOEXEC.BAT","dwDesiredAccess->GENERIC_READ"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","CreateFileW","SUCCESS","0x00000130","lpFileName->C:\AUTOEXEC.BAT.exe","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","CreateFileW","SUCCESS","0x0000011c","lpFileName->\\.\PIPE\lsarpc","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","device","DeviceIoControl","SUCCESS","","hDevice->0x00000124","dwIoControlCode->0x004d0008","lpInBuffer->0x00000000","nInBufferSize->0x00000000","lpOutBuffer->0x0120f37c","nOutBufferSize->0x00000208","lpBytesReturned->0x0120f374","lpOverlapped->0x00000000"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","CreateFileW","SUCCESS","0x00000124","lpFileName->\\.\MountPointManager","dwDesiredAccess->ATTRIBUTES"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","device","DeviceIoControl","FAILURE","","hDevice->0x00000124","dwIoControlCode->0x006d0008","lpInBuffer->0x0049bb00","nInBufferSize->0x00000046","lpOutBuffer->0x00498780","nOutBufferSize->0x00000020","lpBytesReturned->0x0120f374","lpOverlapped->0x00000000"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","device","DeviceIoControl","SUCCESS","","hDevice->0x00000124","dwIoControlCode->0x006d0008","lpInBuffer->0x0049bb00","nInBufferSize->0x00000046","lpOutBuffer->0x00486100","nOutBufferSize->0x000000ee","lpBytesReturned->0x0120f374","lpOverlapped->0x00000000"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","SUCCESS","0x00000124","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","SUCCESS","0x00000138","hKey->0x00000124","lpSubKey->{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000138","lpValueName->Data"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","SUCCESS","0x00000138","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","SUCCESS","0x00000124","hKey->0x00000138","lpSubKey->{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000124","lpValueName->Generation"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","CreateFileW","SUCCESS","0x00000124","lpFileName->\\.\MountPointManager","dwDesiredAccess->ATTRIBUTES"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","device","DeviceIoControl","FAILURE","","hDevice->0x00000124","dwIoControlCode->0x006d0034","lpInBuffer->0x0049ca38","nInBufferSize->0x00000208","lpOutBuffer->0x00499e40","nOutBufferSize->0x00000008","lpBytesReturned->0x0120f884","lpOverlapped->0x00000000"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","device","DeviceIoControl","SUCCESS","","hDevice->0x00000124","dwIoControlCode->0x006d0034","lpInBuffer->0x0049ca38","nInBufferSize->0x00000208","lpOutBuffer->0x0049cc48","nOutBufferSize->0x00000010","lpBytesReturned->0x0120f884","lpOverlapped->0x00000000"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","CreateFileW","SUCCESS","0x00000124","lpFileName->\\.\MountPointManager","dwDesiredAccess->ATTRIBUTES"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","memory","VirtualAllocEx","SUCCESS","0x00164000","th32ProcessID->1400","szExeFile->HelpMe.exe","lpAddress->0x00164000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","ReadFile","SUCCESS","","hFile->0x000000cc","nNumberOfBytesToRead->61440"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","WriteFile","SUCCESS","","hFile->0x00000130","nNumberOfBytesToWrite->61440"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","ReadFile","SUCCESS","","hFile->0x000000cc","nNumberOfBytesToRead->61440"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","WriteFile","SUCCESS","","hFile->0x00000130","nNumberOfBytesToWrite->61440"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","ReadFile","SUCCESS","","hFile->0x000000cc","nNumberOfBytesToRead->61440"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","WriteFile","SUCCESS","","hFile->0x00000130","nNumberOfBytesToWrite->61440"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","ReadFile","SUCCESS","","hFile->0x000000cc","nNumberOfBytesToRead->61440"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","WriteFile","SUCCESS","","hFile->0x00000130","nNumberOfBytesToWrite->61440"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","ReadFile","SUCCESS","","hFile->0x000000cc","nNumberOfBytesToRead->61440"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","WriteFile","SUCCESS","","hFile->0x00000130","nNumberOfBytesToWrite->61440"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","ReadFile","SUCCESS","","hFile->0x000000cc","nNumberOfBytesToRead->61440"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","WriteFile","SUCCESS","","hFile->0x00000130","nNumberOfBytesToWrite->61440"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","ReadFile","SUCCESS","","hFile->0x000000cc","nNumberOfBytesToRead->44918"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","WriteFile","SUCCESS","","hFile->0x00000130","nNumberOfBytesToWrite->44918"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","WriteFile","SUCCESS","","hFile->0x00000130","nNumberOfBytesToWrite->268"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","WriteFile","SUCCESS","","hFile->0x00000130","nNumberOfBytesToWrite->268"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","DeleteFileW","SUCCESS","","lpFileName->C:\AUTOEXEC.BAT"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","MoveFileWithProgressW","SUCCESS","","lpExistingFileName->C:\AUTOEXEC.BAT.exe","lpNewFileName->C:\AUTOEXEC.BAT"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","CreateFileW","SUCCESS","0x00000130","lpFileName->C:\AutoRun.exe","dwDesiredAccess->GENERIC_READ"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","ReadFile","SUCCESS","","hFile->0x00000130","nNumberOfBytesToRead->268"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","CreateFileW","SUCCESS","0x00000130","lpFileName->C:\AUTORUN.INF","dwDesiredAccess->GENERIC_READ"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","ReadFile","SUCCESS","","hFile->0x00000130","nNumberOfBytesToRead->268"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","CreateFileW","SUCCESS","0x00000130","lpFileName->C:\9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","dwDesiredAccess->GENERIC_READ"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","CreateFileW","SUCCESS","0x0000012c","lpFileName->C:\AUTORUN.INF","dwDesiredAccess->GENERIC_READ"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","CreateFileW","SUCCESS","0x000000cc","lpFileName->C:\AUTORUN.INF.exe","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","device","DeviceIoControl","FAILURE","","hDevice->0x00000124","dwIoControlCode->0x006d0034","lpInBuffer->0x0049ca38","nInBufferSize->0x00000208","lpOutBuffer->0x00499e40","nOutBufferSize->0x00000008","lpBytesReturned->0x0120f884","lpOverlapped->0x00000000"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","device","DeviceIoControl","SUCCESS","","hDevice->0x00000124","dwIoControlCode->0x006d0034","lpInBuffer->0x0049ca38","nInBufferSize->0x00000208","lpOutBuffer->0x0049cc88","nOutBufferSize->0x00000010","lpBytesReturned->0x0120f884","lpOverlapped->0x00000000"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegCreateKeyExW","SUCCESS","0x00000124","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegSetValueExW","SUCCESS","","hKey->0x00000124","lpValueName->BaseClass","dwType->1","lpData->Drive","cbData->12"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","SUCCESS","0x00000124","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","SUCCESS","0x0000013c","hKey->0x00000124","lpSubKey->{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegQueryValueExW","SUCCESS","","hKey->0x0000013c","lpValueName->Generation"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","system","LoadLibraryA","SUCCESS","0x7c9c0000","lpFileName->SHELL32.dll"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","system","LoadLibraryA","SUCCESS","0x774e0000","lpFileName->ole32.dll"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","SUCCESS","0x0000013e","hKey->HKEY_CLASSES_ROOT","lpSubKey->Directory"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","FAILURE","","hKey->0x0000013e","lpSubKey->CurVer"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","SUCCESS","0x00000126","hKey->0x0000013e","lpSubKey->(null)"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","SUCCESS","0x0000013c","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegQueryValueExW","FAILURE","","hKey->0x0000013c","lpValueName->DontShowSuperHidden"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","SUCCESS","0x0000013c","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","SUCCESS","0x00000140","hKey->0x0000013c","lpSubKey->(null)"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000140","lpValueName->ShellState"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000140","lpValueName->ShellState"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","SUCCESS","0x00000140","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegQueryValueExW","FAILURE","","hKey->0x00000140","lpValueName->ForceActiveDesktopOn"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","SUCCESS","0x00000140","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegQueryValueExW","FAILURE","","hKey->0x00000140","lpValueName->NoActiveDesktop"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\System"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","SUCCESS","0x00000140","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegQueryValueExW","FAILURE","","hKey->0x00000140","lpValueName->NoWebView"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","SUCCESS","0x00000140","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegQueryValueExW","FAILURE","","hKey->0x00000140","lpValueName->ClassicShell"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","SUCCESS","0x00000140","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegQueryValueExW","FAILURE","","hKey->0x00000140","lpValueName->SeparateProcess"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","SUCCESS","0x00000140","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegQueryValueExW","FAILURE","","hKey->0x00000140","lpValueName->NoNetCrawling"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","SUCCESS","0x00000140","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegQueryValueExW","FAILURE","","hKey->0x00000140","lpValueName->NoSimpleStartMenu"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","SUCCESS","0x00000140","hKey->0x0000013c","lpSubKey->Advanced"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000140","lpValueName->Hidden"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000140","lpValueName->ShowCompColor"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000140","lpValueName->HideFileExt"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000140","lpValueName->DontPrettyPath"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000140","lpValueName->ShowInfoTip"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000140","lpValueName->HideIcons"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000140","lpValueName->MapNetDrvBtn"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000140","lpValueName->WebView"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000140","lpValueName->Filter"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000140","lpValueName->ShowSuperHidden"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000140","lpValueName->SeparateProcess"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000140","lpValueName->NoNetCrawling"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","FAILURE","","hKey->0x00000126","lpSubKey->ShellEx\IconHandler"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegQueryValueExW","FAILURE","","hKey->0x00000126","lpValueName->DocObject"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegQueryValueExW","FAILURE","","hKey->0x00000126","lpValueName->BrowseInPlace"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","FAILURE","","hKey->0x00000126","lpSubKey->Clsid"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","SUCCESS","0x00000146","hKey->HKEY_CLASSES_ROOT","lpSubKey->Folder"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","FAILURE","","hKey->0x00000146","lpSubKey->Clsid"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegQueryValueExW","FAILURE","","hKey->0x00000126","lpValueName->IsShortcut"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000126","lpValueName->AlwaysShowExt"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegQueryValueExW","FAILURE","","hKey->0x00000126","lpValueName->NeverShowExt"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","SUCCESS","0x00000144","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegQueryValueExW","FAILURE","","hKey->0x00000144","lpValueName->UseDesktopIniCache"
"20190111212126.399","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","memory","VirtualAllocEx","SUCCESS","0x00164000","th32ProcessID->1400","szExeFile->HelpMe.exe","lpAddress->0x00164000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20190111212126.409","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","ReadFile","SUCCESS","","hFile->0x00000130","nNumberOfBytesToRead->61440"
"20190111212126.409","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","WriteFile","SUCCESS","","hFile->0x000000cc","nNumberOfBytesToWrite->61440"
"20190111212126.409","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","ReadFile","SUCCESS","","hFile->0x00000130","nNumberOfBytesToRead->61440"
"20190111212126.409","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","WriteFile","SUCCESS","","hFile->0x000000cc","nNumberOfBytesToWrite->61440"
"20190111212126.409","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","ReadFile","SUCCESS","","hFile->0x00000130","nNumberOfBytesToRead->61440"
"20190111212126.409","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","WriteFile","SUCCESS","","hFile->0x000000cc","nNumberOfBytesToWrite->61440"
"20190111212126.409","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","ReadFile","SUCCESS","","hFile->0x00000130","nNumberOfBytesToRead->61440"
"20190111212126.409","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","WriteFile","SUCCESS","","hFile->0x000000cc","nNumberOfBytesToWrite->61440"
"20190111212126.409","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","ReadFile","SUCCESS","","hFile->0x00000130","nNumberOfBytesToRead->61440"
"20190111212126.409","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","WriteFile","SUCCESS","","hFile->0x000000cc","nNumberOfBytesToWrite->61440"
"20190111212126.409","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","ReadFile","SUCCESS","","hFile->0x00000130","nNumberOfBytesToRead->61440"
"20190111212126.409","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","WriteFile","SUCCESS","","hFile->0x000000cc","nNumberOfBytesToWrite->61440"
"20190111212126.409","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","ReadFile","SUCCESS","","hFile->0x00000130","nNumberOfBytesToRead->44918"
"20190111212126.409","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","WriteFile","SUCCESS","","hFile->0x000000cc","nNumberOfBytesToWrite->44918"
"20190111212126.409","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","ReadFile","SUCCESS","","hFile->0x0000012c","nNumberOfBytesToRead->145"
"20190111212126.409","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","WriteFile","SUCCESS","","hFile->0x000000cc","nNumberOfBytesToWrite->145"
"20190111212126.409","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","WriteFile","SUCCESS","","hFile->0x000000cc","nNumberOfBytesToWrite->268"
"20190111212126.409","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","WriteFile","SUCCESS","","hFile->0x000000cc","nNumberOfBytesToWrite->268"
"20190111212126.409","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","system","LoadLibraryA","SUCCESS","0x77120000","lpFileName->oleaut32.dll"
"20190111212126.409","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","SUCCESS","0x000000cc","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\COM3"
"20190111212126.409","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000cc","lpValueName->Com+Enabled"
"20190111212126.409","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\COM3\Debug"
"20190111212126.409","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\COM3\Debug"
"20190111212126.409","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","SUCCESS","0x0000012c","hKey->HKEY_LOCAL_MACHINE","lpSubKey->SOFTWARE\Microsoft\OLE"
"20190111212126.409","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegQueryValueExW","FAILURE","","hKey->0x0000012c","lpValueName->MinimumFreeMemPercentageToCreateProcess"
"20190111212126.409","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegQueryValueExW","FAILURE","","hKey->0x0000012c","lpValueName->MinimumFreeMemPercentageToCreateObject"
"20190111212126.409","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","system","LoadLibraryA","SUCCESS","0x76fd0000","lpFileName->CLBCATQ.DLL"
"20190111212126.409","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","SUCCESS","0x0000012c","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\COM3"
"20190111212126.409","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegQueryValueExW","SUCCESS","","hKey->0x0000012c","lpValueName->Com+Enabled"
"20190111212126.409","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","system","LoadLibraryA","SUCCESS","0x76fd0000","lpFileName->CLBCATQ.DLL"
"20190111212126.409","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","SUCCESS","0x0000012c","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Classes"
"20190111212126.409","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","SUCCESS","0x00000124","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\COM3"
"20190111212126.409","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","SUCCESS","0x00000154","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Classes"
"20190111212126.409","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","SUCCESS","0x00000164","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\COM3"
"20190111212126.409","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","SUCCESS","0x0000016c","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\COM3"
"20190111212126.409","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","SUCCESS","0x00000174","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Classes\CLSID"
"20190111212126.409","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","SUCCESS","0x0000017c","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Classes"
"20190111212126.409","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","SUCCESS","0x00000184","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\COM3"
"20190111212126.409","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","SUCCESS","0x00000194","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\COM3"
"20190111212126.409","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","SUCCESS","0x0000019c","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\COM3"
"20190111212126.409","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","SUCCESS","0x000001a4","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Classes\CLSID"
"20190111212126.409","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","SUCCESS","0x000001ac","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\COM3"
"20190111212126.409","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001ac","lpValueName->REGDBVersion"
"20190111212126.409","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","CreateFileW","SUCCESS","0x000001ac","lpFileName->C:\WINDOWS\Registration\R000000000007.clb","dwDesiredAccess->GENERIC_READ"
"20190111212126.409","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","ReadFile","SUCCESS","","hFile->0x000001ac","nNumberOfBytesToRead->22512"
"20190111212126.409","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","SUCCESS","0x000001ac","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\COM3"
"20190111212126.409","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001ac","lpValueName->REGDBVersion"
"20190111212126.409","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","memory","VirtualAllocEx","SUCCESS","0x00300000","th32ProcessID->1400","szExeFile->HelpMe.exe","lpAddress->0x00000000","dwSize->65536","flAllocationType->0x00002000","flProtect->0x00000001"
"20190111212126.409","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","memory","VirtualAllocEx","SUCCESS","0x00300000","th32ProcessID->1400","szExeFile->HelpMe.exe","lpAddress->0x00300000","dwSize->4096","flAllocationType->0x00001000","flProtect->0x00000004"
"20190111212126.409","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","SUCCESS","0x000001ae","hKey->0x00000132","lpSubKey->CLSID\{00021401-0000-0000-C000-000000000046}"
"20190111212126.409","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","FAILURE","","hKey->0x000001ae","lpSubKey->TreatAs"
"20190111212126.409","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","SUCCESS","0x000001ba","hKey->0x00000132","lpSubKey->(null)"
"20190111212126.409","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","SUCCESS","0x000001ae","hKey->0x000001ba","lpSubKey->CLSID\{00021401-0000-0000-C000-000000000046}"
"20190111212126.409","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","SUCCESS","0x000001be","hKey->0x000001ae","lpSubKey->InprocServer32"
"20190111212126.409","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegQueryValueExW","FAILURE","","hKey->0x000001be","lpValueName->InprocServer32"
"20190111212126.409","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","FAILURE","","hKey->0x000001ae","lpSubKey->InprocServerX86"
"20190111212126.409","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","FAILURE","","hKey->0x000001ae","lpSubKey->LocalServer32"
"20190111212126.409","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","SUCCESS","0x000001be","hKey->0x000001ae","lpSubKey->InprocServer32"
"20190111212126.409","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001be","lpValueName->(null)"
"20190111212126.409","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","FAILURE","","hKey->0x000001ae","lpSubKey->InprocHandler32"
"20190111212126.409","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","FAILURE","","hKey->0x000001ae","lpSubKey->InprocHandlerX86"
"20190111212126.409","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","FAILURE","","hKey->0x000001ae","lpSubKey->LocalServer32"
"20190111212126.409","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","FAILURE","","hKey->0x000001ae","lpSubKey->LocalServer"
"20190111212126.409","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","SUCCESS","0x000001be","hKey->0x000001ba","lpSubKey->CLSID\{00021401-0000-0000-C000-000000000046}"
"20190111212126.409","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegQueryValueExW","FAILURE","","hKey->0x000001be","lpValueName->AppID"
"20190111212126.409","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","SUCCESS","0x000001ae","hKey->0x000001ba","lpSubKey->CLSID\{00021401-0000-0000-C000-000000000046}"
"20190111212126.409","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","SUCCESS","0x000001ae","hKey->0x000001ba","lpSubKey->CLSID\{00021401-0000-0000-C000-000000000046}"
"20190111212126.409","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","SUCCESS","0x000001be","hKey->0x000001ae","lpSubKey->InprocServer32"
"20190111212126.409","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001be","lpValueName->ThreadingModel"
"20190111212126.409","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","SUCCESS","0x000001ae","hKey->HKEY_CLASSES_ROOT","lpSubKey->CLSID\{00021401-0000-0000-C000-000000000046}"
"20190111212126.409","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","FAILURE","","hKey->0x000001ae","lpSubKey->TreatAs"
"20190111212126.409","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","SUCCESS","0x000001bc","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume"
"20190111212126.409","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","SUCCESS","0x000001c0","hKey->0x000001bc","lpSubKey->{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20190111212126.409","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001c0","lpValueName->Generation"
"20190111212126.409","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","SUCCESS","0x000001c2","hKey->HKEY_CLASSES_ROOT","lpSubKey->Drive\shellex\FolderExtensions"
"20190111212126.409","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","SUCCESS","0x000001be","hKey->HKEY_CLASSES_ROOT","lpSubKey->Drive\shellex\FolderExtensions\{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"20190111212126.409","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001be","lpValueName->DriveMask"
"20190111212126.409","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190111212126.409","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","SUCCESS","0x000001c0","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190111212126.409","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegQueryValueExW","FAILURE","","hKey->0x000001c0","lpValueName->AllowFileCLSIDJunctions"
"20190111212126.409","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegCreateKeyExW","SUCCESS","0x000001c0","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders"
"20190111212126.409","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001c0","lpValueName->Personal"
"20190111212126.409","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegCreateKeyExW","SUCCESS","0x000001c0","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders"
"20190111212126.409","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegSetValueExW","SUCCESS","","hKey->0x000001c0","lpValueName->Personal","dwType->1","lpData->C:\Documents and Settings\janettedoe\My Documents","cbData->100"
"20190111212126.409","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","SUCCESS","0x000001c0","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume"
"20190111212126.409","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","SUCCESS","0x000001bc","hKey->0x000001c0","lpSubKey->{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20190111212126.409","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001bc","lpValueName->Generation"
"20190111212126.409","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","DeleteFileW","FAILURE","","lpFileName->C:\AUTORUN.INF"
"20190111212126.409","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","MoveFileWithProgressW","FAILURE","","lpExistingFileName->C:\AUTORUN.INF.exe","lpNewFileName->C:\AUTORUN.INF"
"20190111212126.409","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","CreateFileW","SUCCESS","0x000001bc","lpFileName->C:\boot.ini","dwDesiredAccess->GENERIC_READ"
"20190111212126.409","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","ReadFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToRead->268"
"20190111212126.409","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","CreateFileW","SUCCESS","0x000001bc","lpFileName->C:\9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","dwDesiredAccess->GENERIC_READ"
"20190111212126.409","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","CreateFileW","SUCCESS","0x000001c0","lpFileName->C:\boot.ini","dwDesiredAccess->GENERIC_READ"
"20190111212126.409","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","CreateFileW","SUCCESS","0x000001c4","lpFileName->C:\boot.ini.exe","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20190111212126.409","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegCreateKeyExW","SUCCESS","0x000001cc","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders"
"20190111212126.409","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001cc","lpValueName->Common Documents"
"20190111212126.409","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegCreateKeyExW","SUCCESS","0x000001cc","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders"
"20190111212126.409","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegSetValueExW","SUCCESS","","hKey->0x000001cc","lpValueName->Common Documents","dwType->1","lpData->C:\Documents and Settings\All Users\Documents","cbData->92"
"20190111212126.409","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","SUCCESS","0x000001cc","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume"
"20190111212126.409","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","SUCCESS","0x000001d0","hKey->0x000001cc","lpSubKey->{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20190111212126.409","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001d0","lpValueName->Generation"
"20190111212126.409","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegCreateKeyExW","SUCCESS","0x000001d0","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders"
"20190111212126.409","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001d0","lpValueName->Desktop"
"20190111212126.409","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegCreateKeyExW","SUCCESS","0x000001d0","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders"
"20190111212126.409","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegSetValueExW","SUCCESS","","hKey->0x000001d0","lpValueName->Desktop","dwType->1","lpData->C:\Documents and Settings\janettedoe\Desktop","cbData->90"
"20190111212126.409","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","SUCCESS","0x000001d0","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume"
"20190111212126.409","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","SUCCESS","0x000001cc","hKey->0x000001d0","lpSubKey->{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20190111212126.409","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001cc","lpValueName->Generation"
"20190111212126.409","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegCreateKeyExW","SUCCESS","0x000001cc","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders"
"20190111212126.409","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001cc","lpValueName->Common Desktop"
"20190111212126.409","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegCreateKeyExW","SUCCESS","0x000001cc","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders"
"20190111212126.409","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegSetValueExW","SUCCESS","","hKey->0x000001cc","lpValueName->Common Desktop","dwType->1","lpData->C:\Documents and Settings\All Users\Desktop","cbData->88"
"20190111212126.409","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","SUCCESS","0x000001cc","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume"
"20190111212126.419","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","SUCCESS","0x000001d0","hKey->0x000001cc","lpSubKey->{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20190111212126.419","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001d0","lpValueName->Generation"
"20190111212126.419","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","SUCCESS","0x000001d0","hKey->0x0000013c","lpSubKey->FileExts"
"20190111212126.419","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","FAILURE","","hKey->0x000001d0","lpSubKey->."
"20190111212126.419","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","FAILURE","","hKey->0x000001d0","lpSubKey->."
"20190111212126.419","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_CLASSES_ROOT","lpSubKey->."
"20190111212126.419","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_CLASSES_ROOT","lpSubKey->SystemFileAssociations\."
"20190111212126.419","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_CLASSES_ROOT","lpSubKey->."
"20190111212126.419","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","SUCCESS","0x000001d6","hKey->0x00000062","lpSubKey->Network\SharingHandler"
"20190111212126.419","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001d6","lpValueName->(null)"
"20190111212126.419","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","SUCCESS","0x000001d4","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows NT\CurrentVersion\winlogon"
"20190111212126.419","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegQueryValueExW","FAILURE","","hKey->0x000001d4","lpValueName->UserEnvDebugLevel"
"20190111212126.419","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","SUCCESS","0x000001d4","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows NT\CurrentVersion\winlogon"
"20190111212126.419","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegQueryValueExW","FAILURE","","hKey->0x000001d4","lpValueName->ChkAccDebugLevel"
"20190111212126.419","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","SUCCESS","0x000001d4","hKey->HKEY_LOCAL_MACHINE","lpSubKey->System\CurrentControlSet\Control\ProductOptions"
"20190111212126.419","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001d4","lpValueName->ProductType"
"20190111212126.419","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","SUCCESS","0x000001d8","hKey->0x000001cc","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders"
"20190111212126.419","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001d8","lpValueName->Personal"
"20190111212126.419","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001d8","lpValueName->Local Settings"
"20190111212126.419","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","SUCCESS","0x000001cc","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows NT\CurrentVersion\winlogon"
"20190111212126.419","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegQueryValueExW","FAILURE","","hKey->0x000001cc","lpValueName->RsopDebugLevel"
"20190111212126.419","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","SUCCESS","0x000001cc","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows NT\CurrentVersion\winlogon"
"20190111212126.419","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegQueryValueExW","FAILURE","","hKey->0x000001cc","lpValueName->UserEnvDebugLevel"
"20190111212126.419","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegQueryValueExW","FAILURE","","hKey->0x000001cc","lpValueName->RsopLogging"
"20190111212126.419","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Policies\Microsoft\Windows\System"
"20190111212126.419","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","SUCCESS","0x000001cc","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows NT\CurrentVersion\winlogon"
"20190111212126.419","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegQueryValueExW","FAILURE","","hKey->0x000001cc","lpValueName->UserEnvDebugLevel"
"20190111212126.419","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Policies\Microsoft\Windows\System"
"20190111212126.429","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","system","LoadLibraryW","SUCCESS","0x773d0000","lpFileName->comctl32.dll"
"20190111212126.429","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","system","LoadLibraryW","SUCCESS","0x76990000","lpFileName->ntshrui.dll"
"20190111212126.429","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","memory","VirtualAllocEx","SUCCESS","0x00164000","th32ProcessID->1400","szExeFile->HelpMe.exe","lpAddress->0x00164000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20190111212126.429","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","ReadFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToRead->61440"
"20190111212126.429","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","WriteFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToWrite->61440"
"20190111212126.429","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","ReadFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToRead->61440"
"20190111212126.429","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","WriteFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToWrite->61440"
"20190111212126.429","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","ReadFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToRead->61440"
"20190111212126.429","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","WriteFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToWrite->61440"
"20190111212126.429","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","ReadFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToRead->61440"
"20190111212126.429","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","WriteFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToWrite->61440"
"20190111212126.429","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","ReadFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToRead->61440"
"20190111212126.429","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","WriteFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToWrite->61440"
"20190111212126.429","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","ReadFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToRead->61440"
"20190111212126.429","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","WriteFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToWrite->61440"
"20190111212126.429","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","ReadFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToRead->44918"
"20190111212126.429","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","WriteFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToWrite->44918"
"20190111212126.429","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","ReadFile","SUCCESS","","hFile->0x000001c0","nNumberOfBytesToRead->211"
"20190111212126.429","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","WriteFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToWrite->211"
"20190111212126.429","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","WriteFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToWrite->268"
"20190111212126.429","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","WriteFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToWrite->268"
"20190111212126.439","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","DeleteFileW","SUCCESS","","lpFileName->C:\boot.ini"
"20190111212126.439","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","MoveFileWithProgressW","SUCCESS","","lpExistingFileName->C:\boot.ini.exe","lpNewFileName->C:\boot.ini"
"20190111212126.439","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","CreateFileW","SUCCESS","0x000001c4","lpFileName->C:\CONFIG.SYS","dwDesiredAccess->GENERIC_READ"
"20190111212126.439","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","ReadFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToRead->268"
"20190111212126.439","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","CreateFileW","SUCCESS","0x000001c4","lpFileName->C:\9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","dwDesiredAccess->GENERIC_READ"
"20190111212126.439","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","CreateFileW","SUCCESS","0x000001c0","lpFileName->C:\CONFIG.SYS","dwDesiredAccess->GENERIC_READ"
"20190111212126.439","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","CreateFileW","SUCCESS","0x000001bc","lpFileName->C:\CONFIG.SYS.exe","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20190111212126.439","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","system","LoadLibraryA","SUCCESS","0x76980000","lpFileName->LINKINFO.dll"
"20190111212126.439","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","CreateFileW","SUCCESS","0x000001e0","lpFileName->\\.\PIPE\srvsvc","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20190111212126.439","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","memory","VirtualAllocEx","SUCCESS","0x00164000","th32ProcessID->1748","szExeFile->9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","lpAddress->0x00164000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20190111212126.439","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","ReadFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToRead->61440"
"20190111212126.439","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","WriteFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToWrite->61440"
"20190111212126.439","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","ReadFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToRead->61440"
"20190111212126.439","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","WriteFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToWrite->61440"
"20190111212126.439","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","ReadFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToRead->61440"
"20190111212126.439","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","WriteFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToWrite->61440"
"20190111212126.439","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","ReadFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToRead->61440"
"20190111212126.439","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","WriteFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToWrite->61440"
"20190111212126.439","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","ReadFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToRead->61440"
"20190111212126.439","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","WriteFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToWrite->61440"
"20190111212126.439","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","ReadFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToRead->61440"
"20190111212126.439","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","WriteFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToWrite->61440"
"20190111212126.439","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","ReadFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToRead->44918"
"20190111212126.439","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","WriteFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToWrite->44918"
"20190111212126.439","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","WriteFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToWrite->268"
"20190111212126.439","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","WriteFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToWrite->268"
"20190111212126.439","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","DeleteFileW","SUCCESS","","lpFileName->C:\CONFIG.SYS"
"20190111212126.439","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","MoveFileWithProgressW","SUCCESS","","lpExistingFileName->C:\CONFIG.SYS.exe","lpNewFileName->C:\CONFIG.SYS"
"20190111212126.439","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","CreateFileW","SUCCESS","0x000001c4","lpFileName->C:\cuckoo\additional\.gitignore","dwDesiredAccess->GENERIC_READ"
"20190111212126.439","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","ReadFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToRead->268"
"20190111212126.439","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","CreateFileW","SUCCESS","0x000001c4","lpFileName->C:\9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","dwDesiredAccess->GENERIC_READ"
"20190111212126.439","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","CreateFileW","SUCCESS","0x000001d8","lpFileName->C:\cuckoo\additional\.gitignore","dwDesiredAccess->GENERIC_READ"
"20190111212126.439","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","CreateFileW","SUCCESS","0x000001ec","lpFileName->C:\cuckoo\additional\.gitignore.exe","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20190111212126.439","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","SUCCESS","0x000001e0","hKey->HKEY_LOCAL_MACHINE","lpSubKey->System\CurrentControlSet\Control\ProductOptions"
"20190111212126.439","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001e0","lpValueName->ProductType"
"20190111212126.439","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","SUCCESS","0x000001e0","hKey->HKEY_LOCAL_MACHINE","lpSubKey->System\CurrentControlSet\Services\LanmanServer\DefaultSecurity"
"20190111212126.439","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegQueryValueExW","FAILURE","","hKey->0x000001e0","lpValueName->SrvsvcDefaultShareInfo"
"20190111212126.439","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","CreateFileW","SUCCESS","0x000001dc","lpFileName->\\.\PIPE\lsarpc","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20190111212126.449","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","memory","VirtualAllocEx","SUCCESS","0x00164000","th32ProcessID->1400","szExeFile->HelpMe.exe","lpAddress->0x00164000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20190111212126.449","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","ReadFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToRead->61440"
"20190111212126.449","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","WriteFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToWrite->61440"
"20190111212126.449","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","ReadFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToRead->61440"
"20190111212126.449","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","WriteFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToWrite->61440"
"20190111212126.449","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","ReadFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToRead->61440"
"20190111212126.449","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","WriteFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToWrite->61440"
"20190111212126.449","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","ReadFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToRead->61440"
"20190111212126.449","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","WriteFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToWrite->61440"
"20190111212126.449","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","ReadFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToRead->61440"
"20190111212126.449","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","WriteFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToWrite->61440"
"20190111212126.449","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","ReadFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToRead->61440"
"20190111212126.449","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","WriteFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToWrite->61440"
"20190111212126.449","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","ReadFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToRead->44918"
"20190111212126.449","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","WriteFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToWrite->44918"
"20190111212126.449","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","ReadFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToRead->71"
"20190111212126.449","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","WriteFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToWrite->71"
"20190111212126.449","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","WriteFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToWrite->268"
"20190111212126.449","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","WriteFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToWrite->268"
"20190111212126.449","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","DeleteFileW","SUCCESS","","lpFileName->C:\cuckoo\additional\.gitignore"
"20190111212126.449","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","MoveFileWithProgressW","SUCCESS","","lpExistingFileName->C:\cuckoo\additional\.gitignore.exe","lpNewFileName->C:\cuckoo\additional\.gitignore"
"20190111212126.449","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","CreateFileW","SUCCESS","0x000001ec","lpFileName->C:\cuckoo\dll\BWHtbd.dll","dwDesiredAccess->GENERIC_READ"
"20190111212126.449","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","ReadFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToRead->268"
"20190111212126.449","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","CreateFileW","SUCCESS","0x000001ec","lpFileName->C:\9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","dwDesiredAccess->GENERIC_READ"
"20190111212126.449","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","CreateFileW","SUCCESS","0x000001d8","lpFileName->C:\cuckoo\dll\BWHtbd.dll","dwDesiredAccess->GENERIC_READ"
"20190111212126.449","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","CreateFileW","SUCCESS","0x000001c4","lpFileName->C:\cuckoo\dll\BWHtbd.dll.exe","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20190111212126.459","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","CreateFileW","SUCCESS","0x000001e0","lpFileName->\\.\PIPE\srvsvc","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20190111212126.459","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","memory","VirtualAllocEx","SUCCESS","0x00164000","th32ProcessID->1400","szExeFile->HelpMe.exe","lpAddress->0x00164000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20190111212126.459","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","ReadFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToRead->61440"
"20190111212126.459","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","WriteFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToWrite->61440"
"20190111212126.459","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","ReadFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToRead->61440"
"20190111212126.459","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","WriteFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToWrite->61440"
"20190111212126.459","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","ReadFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToRead->61440"
"20190111212126.459","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","WriteFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToWrite->61440"
"20190111212126.459","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","ReadFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToRead->61440"
"20190111212126.459","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","WriteFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToWrite->61440"
"20190111212126.459","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","ReadFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToRead->61440"
"20190111212126.459","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","WriteFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToWrite->61440"
"20190111212126.459","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","ReadFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToRead->61440"
"20190111212126.459","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","WriteFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToWrite->61440"
"20190111212126.459","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","ReadFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToRead->44918"
"20190111212126.459","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","WriteFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToWrite->44918"
"20190111212126.459","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","memory","VirtualAllocEx","SUCCESS","0x00164000","th32ProcessID->1400","szExeFile->HelpMe.exe","lpAddress->0x00164000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20190111212126.459","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","ReadFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToRead->61440"
"20190111212126.459","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","WriteFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToWrite->61440"
"20190111212126.459","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","ReadFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToRead->61440"
"20190111212126.459","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","WriteFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToWrite->61440"
"20190111212126.459","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","ReadFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToRead->61440"
"20190111212126.459","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","WriteFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToWrite->61440"
"20190111212126.459","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","ReadFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToRead->12288"
"20190111212126.459","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","WriteFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToWrite->12288"
"20190111212126.459","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","WriteFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToWrite->268"
"20190111212126.459","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","filesystem","WriteFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToWrite->268"
"2019011121[autorun]
open=AutoRun.exe
shell\1=Open
shell\1\Command=AutoRun.exe
shell\2\=Browser
shell\2\Command=AutoRun.exe
shellexecute=AutoRun.exe
AUTORUN.INF
"20190529233122.683","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","memory","VirtualAllocEx","SUCCESS","0x00150000","th32ProcessID->1764","szExeFile->576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","lpAddress->0x00000000","dwSize->6144","flAllocationType->0x00001000","flProtect->0x00000004"
"20190529233122.683","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","memory","VirtualAllocEx","SUCCESS","0x00260000","th32ProcessID->1764","szExeFile->576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","lpAddress->0x00000000","dwSize->377102","flAllocationType->0x00001000","flProtect->0x00000004"
"20190529233122.703","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","memory","VirtualAllocEx","SUCCESS","0x00160000","th32ProcessID->1764","szExeFile->576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","lpAddress->0x00000000","dwSize->5390","flAllocationType->0x00001000","flProtect->0x00000004"
"20190529233122.713","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","memory","VirtualAllocEx","SUCCESS","0x00160000","th32ProcessID->1764","szExeFile->576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","lpAddress->0x00000000","dwSize->9998","flAllocationType->0x00001000","flProtect->0x00000004"
"20190529233122.713","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","memory","VirtualAllocEx","SUCCESS","0x00160000","th32ProcessID->1764","szExeFile->576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","lpAddress->0x00000000","dwSize->26674","flAllocationType->0x00001000","flProtect->0x00000004"
"20190529233122.713","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","registry","RegOpenKeyExA","FAILURE","","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Borland\Locales"
"20190529233122.713","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","registry","RegOpenKeyExA","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Borland\Locales"
"20190529233122.713","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","registry","RegOpenKeyExA","FAILURE","","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Borland\Delphi\Locales"
"20190529233122.713","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","memory","VirtualAllocEx","SUCCESS","0x01010000","th32ProcessID->1764","szExeFile->576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","lpAddress->0x00000000","dwSize->1048576","flAllocationType->0x00002000","flProtect->0x00000001"
"20190529233122.713","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","memory","VirtualAllocEx","SUCCESS","0x01010000","th32ProcessID->1764","szExeFile->576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","lpAddress->0x01010000","dwSize->16384","flAllocationType->0x00001000","flProtect->0x00000004"
"20190529233122.723","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","memory","VirtualAllocEx","SUCCESS","0x00150000","th32ProcessID->1764","szExeFile->576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","lpAddress->0x00000000","dwSize->4096","flAllocationType->0x00001000","flProtect->0x00000040"
"20190529233122.733","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","device","DeviceIoControl","SUCCESS","","hDevice->0x00000034","dwIoControlCode->0x00390008","lpInBuffer->0x77e46318","nInBufferSize->0x00000100","lpOutBuffer->0x0012fc34","nOutBufferSize->0x00000100","lpBytesReturned->0x0012fc2c","lpOverlapped->0x00000000"
"20190529233122.733","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","device","DeviceIoControl","SUCCESS","","hDevice->0x00000034","dwIoControlCode->0x00390008","lpInBuffer->0x77e46318","nInBufferSize->0x00000100","lpOutBuffer->0x0012fc34","nOutBufferSize->0x00000100","lpBytesReturned->0x0012fc2c","lpOverlapped->0x00000000"
"20190529233122.733","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","device","DeviceIoControl","SUCCESS","","hDevice->0x00000034","dwIoControlCode->0x00390008","lpInBuffer->0x77e46318","nInBufferSize->0x00000100","lpOutBuffer->0x0012fc34","nOutBufferSize->0x00000100","lpBytesReturned->0x0012fc2c","lpOverlapped->0x00000000"
"20190529233122.733","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","device","DeviceIoControl","SUCCESS","","hDevice->0x00000034","dwIoControlCode->0x00390008","lpInBuffer->0x77e46318","nInBufferSize->0x00000100","lpOutBuffer->0x0012fc34","nOutBufferSize->0x00000100","lpBytesReturned->0x0012fc2c","lpOverlapped->0x00000000"
"20190529233122.733","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","device","DeviceIoControl","SUCCESS","","hDevice->0x00000034","dwIoControlCode->0x00390008","lpInBuffer->0x77e46318","nInBufferSize->0x00000100","lpOutBuffer->0x0012fc34","nOutBufferSize->0x00000100","lpBytesReturned->0x0012fc2c","lpOverlapped->0x00000000"
"20190529233122.733","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","device","DeviceIoControl","SUCCESS","","hDevice->0x00000034","dwIoControlCode->0x00390008","lpInBuffer->0x77e46318","nInBufferSize->0x00000100","lpOutBuffer->0x0012fc34","nOutBufferSize->0x00000100","lpBytesReturned->0x0012fc2c","lpOverlapped->0x00000000"
"20190529233122.733","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","device","DeviceIoControl","SUCCESS","","hDevice->0x00000034","dwIoControlCode->0x00390008","lpInBuffer->0x77e46318","nInBufferSize->0x00000100","lpOutBuffer->0x0012fc34","nOutBufferSize->0x00000100","lpBytesReturned->0x0012fc2c","lpOverlapped->0x00000000"
"20190529233122.743","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","CreateFileW","SUCCESS","0x000000a0","lpFileName->C:\576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","dwDesiredAccess->GENERIC_READ"
"20190529233122.743","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","ReadFile","SUCCESS","","hFile->0x000000a0","nNumberOfBytesToRead->268"
"20190529233122.743","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","CreateFileW","SUCCESS","0x00000098","lpFileName->C:\WINDOWS\system32\HelpMe.exe","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20190529233122.743","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","memory","VirtualAllocEx","SUCCESS","0x01014000","th32ProcessID->1764","szExeFile->576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","lpAddress->0x01014000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20190529233122.743","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","ReadFile","SUCCESS","","hFile->0x000000a0","nNumberOfBytesToRead->61440"
"20190529233122.743","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","WriteFile","SUCCESS","","hFile->0x00000098","nNumberOfBytesToWrite->61440"
"20190529233122.743","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","ReadFile","SUCCESS","","hFile->0x000000a0","nNumberOfBytesToRead->61440"
"20190529233122.743","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","WriteFile","SUCCESS","","hFile->0x00000098","nNumberOfBytesToWrite->61440"
"20190529233122.743","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","ReadFile","SUCCESS","","hFile->0x000000a0","nNumberOfBytesToRead->61440"
"20190529233122.743","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","WriteFile","SUCCESS","","hFile->0x00000098","nNumberOfBytesToWrite->61440"
"20190529233122.743","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","ReadFile","SUCCESS","","hFile->0x000000a0","nNumberOfBytesToRead->61440"
"20190529233122.743","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","WriteFile","SUCCESS","","hFile->0x00000098","nNumberOfBytesToWrite->61440"
"20190529233122.743","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","ReadFile","SUCCESS","","hFile->0x000000a0","nNumberOfBytesToRead->61440"
"20190529233122.743","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","WriteFile","SUCCESS","","hFile->0x00000098","nNumberOfBytesToWrite->61440"
"20190529233122.743","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","ReadFile","SUCCESS","","hFile->0x000000a0","nNumberOfBytesToRead->61440"
"20190529233122.743","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","WriteFile","SUCCESS","","hFile->0x00000098","nNumberOfBytesToWrite->61440"
"20190529233122.743","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","ReadFile","SUCCESS","","hFile->0x000000a0","nNumberOfBytesToRead->61440"
"20190529233122.743","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","WriteFile","SUCCESS","","hFile->0x00000098","nNumberOfBytesToWrite->61440"
"20190529233122.743","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","ReadFile","SUCCESS","","hFile->0x000000a0","nNumberOfBytesToRead->61440"
"20190529233122.753","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","WriteFile","SUCCESS","","hFile->0x00000098","nNumberOfBytesToWrite->61440"
"20190529233122.753","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","ReadFile","SUCCESS","","hFile->0x000000a0","nNumberOfBytesToRead->32768"
"20190529233122.753","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","WriteFile","SUCCESS","","hFile->0x00000098","nNumberOfBytesToWrite->32768"
"20190529233122.763","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","synchronization","OpenMutexW","SUCCESS","0x000000ac","dwDesiredAccess->0x00120001","lpName->ShimCacheMutex"
"20190529233122.773","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","registry","RegOpenKeyExW","SUCCESS","0x000000b8","hKey->0x000000bc","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders"
"20190529233122.773","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000b8","lpValueName->Cache"
"20190529233122.773","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","system","LoadLibraryA","SUCCESS","0x77dd0000","lpFileName->advapi32.dll"
"20190529233122.773","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","process","CreateProcessInternalW","SUCCESS","200","lpApplicationName->(null)","lpCommandLine->C:\WINDOWS\system32\HelpMe.exe"
"20190529233122.773","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","process","WinExec","SUCCESS","","lpCmdLine->C:\WINDOWS\system32\HelpMe.exe"
"20190529233122.773","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","ReadFile","SUCCESS","","hFile->0x000000a0","nNumberOfBytesToRead->268"
"20190529233122.783","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","CreateFileW","FAILURE","","lpFileName->C:\DOCUME~1\JANETT~1\LOCALS~1\Temp\\Command=AutoRun.exe
shellexecute=AutoRun.exe
Bind","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20190529233122.783","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","memory","VirtualAllocEx","SUCCESS","0x00180000","th32ProcessID->200","szExeFile->HelpMe.exe","lpAddress->0x00000000","dwSize->65536","flAllocationType->0x00002000","flProtect->0x00000004"
"20190529233122.783","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","memory","VirtualAllocEx","SUCCESS","0x00180000","th32ProcessID->1764","szExeFile->576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","lpAddress->0x00180000","dwSize->257","flAllocationType->0x00001000","flProtect->0x00000004"
"20190529233122.793","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","registry","RegOpenKeyExW","SUCCESS","0x000000a4","hKey->0x000000c0","lpSubKey->Software\Microsoft\Windows\CurrentVersion\ThemeManager"
"20190529233122.793","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","registry","RegQueryValueExW","FAILURE","","hKey->0x000000a4","lpValueName->Compositing"
"20190529233122.793","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","registry","RegOpenKeyExW","SUCCESS","0x000000a4","hKey->0x000000c0","lpSubKey->Control Panel\Desktop"
"20190529233122.793","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","registry","RegQueryValueExW","FAILURE","","hKey->0x000000a4","lpValueName->LameButtonText"
"20190529233122.793","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","system","LoadLibraryA","SUCCESS","0x5ad70000","lpFileName->uxtheme.dll"
"20190529233127.741","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","process","CreateRemoteThread","SUCCESS","0x000000c0","lpStartAddress->0x00404008","th32ProcessID->200","szExeFile->HelpMe.exe"
"20190529233127.741","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","process","CreateRemoteThread","SUCCESS","0x000000c4","lpStartAddress->0x00404008","th32ProcessID->200","szExeFile->HelpMe.exe"
"20190529233127.741","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","registry","RegCreateKeyExW","SUCCESS","0x000000d0","hKey->HKEY_LOCAL_MACHINE","lpSubKey->SoftWare\Microsoft\Windows NT\CurrentVersion\Winlogon"
"20190529233127.741","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","CreateFileW","SUCCESS","0x000000cc","lpFileName->C:\576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","dwDesiredAccess->GENERIC_READ"
"20190529233127.741","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","ReadFile","SUCCESS","","hFile->0x000000cc","nNumberOfBytesToRead->65536"
"20190529233127.741","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","WriteFile","SUCCESS","","hFile->0x000000d4","nNumberOfBytesToWrite->65536"
"20190529233127.741","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","ReadFile","SUCCESS","","hFile->0x000000cc","nNumberOfBytesToRead->65536"
"20190529233127.741","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","WriteFile","SUCCESS","","hFile->0x000000d4","nNumberOfBytesToWrite->65536"
"20190529233127.741","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","ReadFile","SUCCESS","","hFile->0x000000cc","nNumberOfBytesToRead->65536"
"20190529233127.741","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","WriteFile","SUCCESS","","hFile->0x000000d4","nNumberOfBytesToWrite->65536"
"20190529233127.741","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","ReadFile","SUCCESS","","hFile->0x000000cc","nNumberOfBytesToRead->65536"
"20190529233127.741","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","WriteFile","SUCCESS","","hFile->0x000000d4","nNumberOfBytesToWrite->65536"
"20190529233127.741","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","ReadFile","SUCCESS","","hFile->0x000000cc","nNumberOfBytesToRead->65536"
"20190529233127.741","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","WriteFile","SUCCESS","","hFile->0x000000d4","nNumberOfBytesToWrite->65536"
"20190529233127.741","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","ReadFile","SUCCESS","","hFile->0x000000cc","nNumberOfBytesToRead->65536"
"20190529233127.741","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","WriteFile","SUCCESS","","hFile->0x000000d4","nNumberOfBytesToWrite->65536"
"20190529233127.741","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","ReadFile","SUCCESS","","hFile->0x000000cc","nNumberOfBytesToRead->65536"
"20190529233127.741","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","WriteFile","SUCCESS","","hFile->0x000000d4","nNumberOfBytesToWrite->65536"
"20190529233127.741","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","ReadFile","SUCCESS","","hFile->0x000000cc","nNumberOfBytesToRead->65536"
"20190529233127.741","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","WriteFile","SUCCESS","","hFile->0x000000d4","nNumberOfBytesToWrite->65536"
"20190529233127.741","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","ReadFile","SUCCESS","","hFile->0x000000cc","nNumberOfBytesToRead->65536"
"20190529233127.741","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","WriteFile","SUCCESS","","hFile->0x000000d4","nNumberOfBytesToWrite->681"
"20190529233127.741","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","ReadFile","SUCCESS","","hFile->0x000000cc","nNumberOfBytesToRead->65536"
"20190529233127.741","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","CopyFileExW","SUCCESS","","lpExistingFileName->C:\576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","lpNewFileName->C:\AutoRun.exe"
"20190529233127.751","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","CreateFileW","SUCCESS","0x000000cc","lpFileName->C:\576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","dwDesiredAccess->GENERIC_READ"
"20190529233127.751","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","ReadFile","SUCCESS","","hFile->0x000000cc","nNumberOfBytesToRead->268"
"20190529233127.751","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","CreateFileW","SUCCESS","0x000000cc","lpFileName->C:\AUTOEXEC.BAT","dwDesiredAccess->GENERIC_READ"
"20190529233127.751","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","ReadFile","SUCCESS","","hFile->0x000000cc","nNumberOfBytesToRead->268"
"20190529233127.751","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","CreateFileW","SUCCESS","0x000000cc","lpFileName->C:\576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","dwDesiredAccess->GENERIC_READ"
"20190529233127.751","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","CreateFileW","SUCCESS","0x000000d8","lpFileName->C:\AUTOEXEC.BAT","dwDesiredAccess->GENERIC_READ"
"20190529233127.751","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","CreateFileW","SUCCESS","0x000000dc","lpFileName->C:\AUTOEXEC.BAT.exe","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20190529233127.751","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","registry","RegSetValueExA","SUCCESS","","hKey->0x000000d0","lpValueName->Shell","dwType->1","lpData->Explorer.exe  HelpMe.exe","cbData->25"
"20190529233127.751","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","memory","VirtualAllocEx","SUCCESS","0x01014000","th32ProcessID->1764","szExeFile->576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","lpAddress->0x01014000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20190529233127.751","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","ReadFile","SUCCESS","","hFile->0x000000cc","nNumberOfBytesToRead->61440"
"20190529233127.751","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","WriteFile","SUCCESS","","hFile->0x000000dc","nNumberOfBytesToWrite->61440"
"20190529233127.751","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","ReadFile","SUCCESS","","hFile->0x000000cc","nNumberOfBytesToRead->61440"
"20190529233127.751","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","WriteFile","SUCCESS","","hFile->0x000000dc","nNumberOfBytesToWrite->61440"
"20190529233127.751","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","ReadFile","SUCCESS","","hFile->0x000000cc","nNumberOfBytesToRead->61440"
"20190529233127.751","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","WriteFile","SUCCESS","","hFile->0x000000dc","nNumberOfBytesToWrite->61440"
"20190529233127.751","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","ReadFile","SUCCESS","","hFile->0x000000cc","nNumberOfBytesToRead->61440"
"20190529233127.751","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","WriteFile","SUCCESS","","hFile->0x000000dc","nNumberOfBytesToWrite->61440"
"20190529233127.751","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","ReadFile","SUCCESS","","hFile->0x000000cc","nNumberOfBytesToRead->61440"
"20190529233127.751","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","WriteFile","SUCCESS","","hFile->0x000000dc","nNumberOfBytesToWrite->61440"
"20190529233127.751","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","ReadFile","SUCCESS","","hFile->0x000000cc","nNumberOfBytesToRead->61440"
"20190529233127.751","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","WriteFile","SUCCESS","","hFile->0x000000dc","nNumberOfBytesToWrite->61440"
"20190529233127.751","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","ReadFile","SUCCESS","","hFile->0x000000cc","nNumberOfBytesToRead->61440"
"20190529233127.751","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","WriteFile","SUCCESS","","hFile->0x000000dc","nNumberOfBytesToWrite->61440"
"20190529233127.751","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","ReadFile","SUCCESS","","hFile->0x000000cc","nNumberOfBytesToRead->61440"
"20190529233127.751","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","WriteFile","SUCCESS","","hFile->0x000000dc","nNumberOfBytesToWrite->61440"
"20190529233127.751","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","ReadFile","SUCCESS","","hFile->0x000000cc","nNumberOfBytesToRead->33449"
"20190529233127.751","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","WriteFile","SUCCESS","","hFile->0x000000dc","nNumberOfBytesToWrite->33449"
"20190529233127.751","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","WriteFile","SUCCESS","","hFile->0x000000dc","nNumberOfBytesToWrite->268"
"20190529233127.751","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","WriteFile","SUCCESS","","hFile->0x000000dc","nNumberOfBytesToWrite->268"
"20190529233127.751","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","DeleteFileW","SUCCESS","","lpFileName->C:\AUTOEXEC.BAT"
"20190529233127.751","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","registry","RegCreateKeyExW","SUCCESS","0x000000d8","hKey->HKEY_LOCAL_MACHINE","lpSubKey->SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL"
"20190529233127.761","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","MoveFileWithProgressW","SUCCESS","","lpExistingFileName->C:\AUTOEXEC.BAT.exe","lpNewFileName->C:\AUTOEXEC.BAT"
"20190529233127.761","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","CreateFileW","SUCCESS","0x000000dc","lpFileName->C:\AutoRun.exe","dwDesiredAccess->GENERIC_READ"
"20190529233127.761","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","ReadFile","SUCCESS","","hFile->0x000000dc","nNumberOfBytesToRead->268"
"20190529233127.761","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","CreateFileW","SUCCESS","0x000000dc","lpFileName->C:\AUTORUN.INF","dwDesiredAccess->GENERIC_READ"
"20190529233127.761","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","ReadFile","SUCCESS","","hFile->0x000000dc","nNumberOfBytesToRead->268"
"20190529233127.761","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","CreateFileW","SUCCESS","0x000000dc","lpFileName->C:\576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","dwDesiredAccess->GENERIC_READ"
"20190529233127.761","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","CreateFileW","SUCCESS","0x000000cc","lpFileName->C:\AUTORUN.INF","dwDesiredAccess->GENERIC_READ"
"20190529233127.761","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","CreateFileW","SUCCESS","0x000000e0","lpFileName->C:\AUTORUN.INF.exe","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20190529233127.761","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","memory","VirtualAllocEx","SUCCESS","0x01014000","th32ProcessID->1764","szExeFile->576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","lpAddress->0x01014000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20190529233127.761","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","ReadFile","SUCCESS","","hFile->0x000000dc","nNumberOfBytesToRead->61440"
"20190529233127.761","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","WriteFile","SUCCESS","","hFile->0x000000e0","nNumberOfBytesToWrite->61440"
"20190529233127.761","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","ReadFile","SUCCESS","","hFile->0x000000dc","nNumberOfBytesToRead->61440"
"20190529233127.761","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","WriteFile","SUCCESS","","hFile->0x000000e0","nNumberOfBytesToWrite->61440"
"20190529233127.761","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","ReadFile","SUCCESS","","hFile->0x000000dc","nNumberOfBytesToRead->61440"
"20190529233127.761","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","WriteFile","SUCCESS","","hFile->0x000000e0","nNumberOfBytesToWrite->61440"
"20190529233127.761","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","ReadFile","SUCCESS","","hFile->0x000000dc","nNumberOfBytesToRead->61440"
"20190529233127.761","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","WriteFile","SUCCESS","","hFile->0x000000e0","nNumberOfBytesToWrite->61440"
"20190529233127.761","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","ReadFile","SUCCESS","","hFile->0x000000dc","nNumberOfBytesToRead->61440"
"20190529233127.761","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","WriteFile","SUCCESS","","hFile->0x000000e0","nNumberOfBytesToWrite->61440"
"20190529233127.761","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","ReadFile","SUCCESS","","hFile->0x000000dc","nNumberOfBytesToRead->61440"
"20190529233127.761","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","WriteFile","SUCCESS","","hFile->0x000000e0","nNumberOfBytesToWrite->61440"
"20190529233127.761","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","ReadFile","SUCCESS","","hFile->0x000000dc","nNumberOfBytesToRead->61440"
"20190529233127.761","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","WriteFile","SUCCESS","","hFile->0x000000e0","nNumberOfBytesToWrite->61440"
"20190529233127.761","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","ReadFile","SUCCESS","","hFile->0x000000dc","nNumberOfBytesToRead->61440"
"20190529233127.761","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","WriteFile","SUCCESS","","hFile->0x000000e0","nNumberOfBytesToWrite->61440"
"20190529233127.761","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","ReadFile","SUCCESS","","hFile->0x000000dc","nNumberOfBytesToRead->33449"
"20190529233127.761","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","WriteFile","SUCCESS","","hFile->0x000000e0","nNumberOfBytesToWrite->33449"
"20190529233127.761","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","ReadFile","SUCCESS","","hFile->0x000000cc","nNumberOfBytesToRead->145"
"20190529233127.761","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","WriteFile","SUCCESS","","hFile->0x000000e0","nNumberOfBytesToWrite->145"
"20190529233127.761","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","WriteFile","SUCCESS","","hFile->0x000000e0","nNumberOfBytesToWrite->268"
"20190529233127.761","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","WriteFile","SUCCESS","","hFile->0x000000e0","nNumberOfBytesToWrite->268"
"20190529233127.761","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","DeleteFileW","FAILURE","","lpFileName->C:\AUTORUN.INF"
"20190529233127.761","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","MoveFileWithProgressW","FAILURE","","lpExistingFileName->C:\AUTORUN.INF.exe","lpNewFileName->C:\AUTORUN.INF"
"20190529233127.761","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","CreateFileW","SUCCESS","0x000000e0","lpFileName->C:\boot.ini","dwDesiredAccess->GENERIC_READ"
"20190529233127.761","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","ReadFile","SUCCESS","","hFile->0x000000e0","nNumberOfBytesToRead->268"
"20190529233127.761","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","CreateFileW","SUCCESS","0x000000e0","lpFileName->C:\576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","dwDesiredAccess->GENERIC_READ"
"20190529233127.761","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","CreateFileW","SUCCESS","0x000000cc","lpFileName->C:\boot.ini","dwDesiredAccess->GENERIC_READ"
"20190529233127.771","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","registry","RegSetValueExA","SUCCESS","","hKey->0x000000d8","lpValueName->CheckedValue","dwType->4","lpData->0","cbData->4"
"20190529233127.771","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","CreateFileW","SUCCESS","0x000000e8","lpFileName->C:\boot.ini.exe","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20190529233127.771","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","memory","VirtualAllocEx","SUCCESS","0x01014000","th32ProcessID->200","szExeFile->HelpMe.exe","lpAddress->0x01014000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20190529233127.771","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","ReadFile","SUCCESS","","hFile->0x000000e0","nNumberOfBytesToRead->61440"
"20190529233127.771","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","WriteFile","SUCCESS","","hFile->0x000000e8","nNumberOfBytesToWrite->61440"
"20190529233127.771","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","ReadFile","SUCCESS","","hFile->0x000000e0","nNumberOfBytesToRead->61440"
"20190529233127.771","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","WriteFile","SUCCESS","","hFile->0x000000e8","nNumberOfBytesToWrite->61440"
"20190529233127.771","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","ReadFile","SUCCESS","","hFile->0x000000e0","nNumberOfBytesToRead->61440"
"20190529233127.771","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","WriteFile","SUCCESS","","hFile->0x000000e8","nNumberOfBytesToWrite->61440"
"20190529233127.771","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","ReadFile","SUCCESS","","hFile->0x000000e0","nNumberOfBytesToRead->61440"
"20190529233127.771","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","WriteFile","SUCCESS","","hFile->0x000000e8","nNumberOfBytesToWrite->61440"
"20190529233127.771","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","ReadFile","SUCCESS","","hFile->0x000000e0","nNumberOfBytesToRead->61440"
"20190529233127.771","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","WriteFile","SUCCESS","","hFile->0x000000e8","nNumberOfBytesToWrite->61440"
"20190529233127.771","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","ReadFile","SUCCESS","","hFile->0x000000e0","nNumberOfBytesToRead->61440"
"20190529233127.781","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","registry","RegCreateKeyExW","SUCCESS","0x000000f0","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders"
"20190529233127.781","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000f0","lpValueName->Startup"
"20190529233127.781","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","registry","RegCreateKeyExW","SUCCESS","0x000000f0","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders"
"20190529233127.781","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","registry","RegSetValueExW","SUCCESS","","hKey->0x000000f0","lpValueName->Startup","dwType->1","lpData->C:\Documents and Settings\janettedoe\Start Menu\Programs\Startup","cbData->130"
"20190529233127.781","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","system","LoadLibraryA","SUCCESS","0x774e0000","lpFileName->ole32.dll"
"20190529233127.781","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190529233127.781","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","registry","RegOpenKeyExW","SUCCESS","0x000000f8","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190529233127.781","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","registry","RegQueryValueExW","FAILURE","","hKey->0x000000f8","lpValueName->NoNetHood"
"20190529233127.781","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190529233127.781","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","registry","RegOpenKeyExW","SUCCESS","0x000000f8","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190529233127.781","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","registry","RegQueryValueExW","FAILURE","","hKey->0x000000f8","lpValueName->NoPropertiesMyComputer"
"20190529233127.781","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190529233127.781","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","registry","RegOpenKeyExW","SUCCESS","0x000000f8","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190529233127.781","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","registry","RegQueryValueExW","FAILURE","","hKey->0x000000f8","lpValueName->NoInternetIcon"
"20190529233127.781","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","registry","RegOpenKeyExA","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Applications\576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846"
"20190529233127.781","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190529233127.781","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","registry","RegOpenKeyExW","SUCCESS","0x000000f8","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190529233127.781","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","registry","RegQueryValueExW","FAILURE","","hKey->0x000000f8","lpValueName->NoCommonGroups"
"20190529233127.781","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","registry","RegOpenKeyExA","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Objects\{20D04FE0-3AEA-1069-A2D8-08002B30309D}"
"20190529233127.771","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","WriteFile","SUCCESS","","hFile->0x000000e8","nNumberOfBytesToWrite->61440"
"20190529233127.801","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","ReadFile","SUCCESS","","hFile->0x000000e0","nNumberOfBytesToRead->61440"
"20190529233127.801","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","WriteFile","SUCCESS","","hFile->0x000000e8","nNumberOfBytesToWrite->61440"
"20190529233127.801","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","ReadFile","SUCCESS","","hFile->0x000000e0","nNumberOfBytesToRead->61440"
"20190529233127.801","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","WriteFile","SUCCESS","","hFile->0x000000e8","nNumberOfBytesToWrite->61440"
"20190529233127.801","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","ReadFile","SUCCESS","","hFile->0x000000e0","nNumberOfBytesToRead->33449"
"20190529233127.801","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","WriteFile","SUCCESS","","hFile->0x000000e8","nNumberOfBytesToWrite->33449"
"20190529233127.801","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","ReadFile","SUCCESS","","hFile->0x000000cc","nNumberOfBytesToRead->211"
"20190529233127.801","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","WriteFile","SUCCESS","","hFile->0x000000e8","nNumberOfBytesToWrite->211"
"20190529233127.801","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","WriteFile","SUCCESS","","hFile->0x000000e8","nNumberOfBytesToWrite->268"
"20190529233127.801","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","WriteFile","SUCCESS","","hFile->0x000000e8","nNumberOfBytesToWrite->268"
"20190529233127.801","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190529233127.801","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","registry","RegOpenKeyExW","SUCCESS","0x000000e8","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190529233127.801","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","registry","RegQueryValueExW","FAILURE","","hKey->0x000000e8","lpValueName->NoControlPanel"
"20190529233127.801","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190529233127.801","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","registry","RegOpenKeyExW","SUCCESS","0x000000e8","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190529233127.801","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","registry","RegQueryValueExW","FAILURE","","hKey->0x000000e8","lpValueName->NoSetFolders"
"20190529233127.801","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","registry","RegOpenKeyExA","SUCCESS","0x000000ea","hKey->HKEY_CLASSES_ROOT","lpSubKey->CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32"
"20190529233127.801","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000ea","lpValueName->(null)"
"20190529233127.801","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","registry","RegOpenKeyExW","SUCCESS","0x000000e0","hKey->HKEY_LOCAL_MACHINE","lpSubKey->System\Setup"
"20190529233127.801","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000e0","lpValueName->SystemSetupInProgress"
"20190529233127.801","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->SYSTEM\CurrentControlSet\Control\MiniNT"
"20190529233127.801","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","registry","RegOpenKeyExW","SUCCESS","0x000000e0","hKey->HKEY_LOCAL_MACHINE","lpSubKey->System\WPA\PnP"
"20190529233127.801","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000e0","lpValueName->seed"
"20190529233127.801","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","registry","RegOpenKeyExW","SUCCESS","0x000000e0","hKey->HKEY_LOCAL_MACHINE","lpSubKey->SYSTEM\Setup"
"20190529233127.801","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000e0","lpValueName->OsLoaderPath"
"20190529233127.801","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000e0","lpValueName->OsLoaderPath"
"20190529233127.801","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","registry","RegOpenKeyExW","SUCCESS","0x000000e0","hKey->HKEY_LOCAL_MACHINE","lpSubKey->SYSTEM\Setup"
"20190529233127.801","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000e0","lpValueName->SystemPartition"
"20190529233127.801","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000e0","lpValueName->SystemPartition"
"20190529233127.801","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","registry","RegOpenKeyExW","SUCCESS","0x000000e0","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Setup"
"20190529233127.801","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000e0","lpValueName->SourcePath"
"20190529233127.801","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000e0","lpValueName->SourcePath"
"20190529233127.801","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","registry","RegOpenKeyExW","SUCCESS","0x000000e0","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Setup"
"20190529233127.801","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000e0","lpValueName->ServicePackSourcePath"
"20190529233127.801","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000e0","lpValueName->ServicePackSourcePath"
"20190529233127.801","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","registry","RegOpenKeyExW","SUCCESS","0x000000e0","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Setup"
"20190529233127.801","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000e0","lpValueName->ServicePackCachePath"
"20190529233127.801","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000e0","lpValueName->ServicePackCachePath"
"20190529233127.801","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","registry","RegOpenKeyExW","SUCCESS","0x000000e0","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Setup"
"20190529233127.801","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000e0","lpValueName->DriverCachePath"
"20190529233127.801","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000e0","lpValueName->DriverCachePath"
"20190529233127.801","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","registry","RegOpenKeyExW","SUCCESS","0x000000e0","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion"
"20190529233127.801","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000e0","lpValueName->DevicePath"
"20190529233127.801","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","synchronization","CreateMutexW","SUCCESS","0x000000cc","lpName->(null)"
"20190529233127.801","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","synchronization","CreateMutexW","SUCCESS","0x000000fc","lpName->(null)"
"20190529233127.801","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","synchronization","CreateMutexW","SUCCESS","0x00000104","lpName->(null)"
"20190529233127.801","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","registry","RegOpenKeyExW","SUCCESS","0x00000108","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Setup"
"20190529233127.801","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000108","lpValueName->LogLevel"
"20190529233127.801","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000108","lpValueName->LogLevel"
"20190529233127.801","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","registry","RegQueryValueExW","FAILURE","","hKey->0x00000108","lpValueName->LogPath"
"20190529233127.801","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","registry","RegOpenKeyExW","FAILURE","","hKey->0x00000108","lpSubKey->AppLogLevels"
"20190529233127.801","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","system","LoadLibraryA","SUCCESS","0x77920000","lpFileName->SETUPAPI.dll"
"20190529233127.811","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Rpc\PagedBuffers"
"20190529233127.811","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","registry","RegOpenKeyExA","SUCCESS","0x00000108","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Rpc"
"20190529233127.811","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846\RpcThreadPoolThrottle"
"20190529233127.811","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Policies\Microsoft\Windows NT\Rpc"
"20190529233127.811","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","system","LoadLibraryW","SUCCESS","0x77e70000","lpFileName->rpcrt4.dll"
"20190529233127.811","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","CreateFileW","SUCCESS","0x0000012c","lpFileName->\\.\PIPE\lsarpc","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20190529233127.811","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","CreateFileW","SUCCESS","0x00000128","lpFileName->\\.\PIPE\lsarpc","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20190529233127.841","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","device","DeviceIoControl","SUCCESS","","hDevice->0x00000130","dwIoControlCode->0x004d0008","lpInBuffer->0x00000000","nInBufferSize->0x00000000","lpOutBuffer->0x0120f37c","nOutBufferSize->0x00000208","lpBytesReturned->0x0120f374","lpOverlapped->0x00000000"
"20190529233127.841","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","CreateFileW","SUCCESS","0x00000130","lpFileName->\\.\MountPointManager","dwDesiredAccess->ATTRIBUTES"
"20190529233127.841","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","device","DeviceIoControl","FAILURE","","hDevice->0x00000130","dwIoControlCode->0x006d0008","lpInBuffer->0x0049b988","nInBufferSize->0x00000046","lpOutBuffer->0x0049ae40","nOutBufferSize->0x00000020","lpBytesReturned->0x0120f374","lpOverlapped->0x00000000"
"20190529233127.841","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","device","DeviceIoControl","SUCCESS","","hDevice->0x00000130","dwIoControlCode->0x006d0008","lpInBuffer->0x0049b988","nInBufferSize->0x00000046","lpOutBuffer->0x00486100","nOutBufferSize->0x000000ee","lpBytesReturned->0x0120f374","lpOverlapped->0x00000000"
"20190529233127.841","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","registry","RegOpenKeyExW","SUCCESS","0x00000130","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume"
"20190529233127.841","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","registry","RegOpenKeyExW","SUCCESS","0x00000134","hKey->0x00000130","lpSubKey->{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20190529233127.841","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000134","lpValueName->Data"
"20190529233127.841","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","registry","RegOpenKeyExW","SUCCESS","0x00000134","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume"
"20190529233127.841","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","registry","RegOpenKeyExW","SUCCESS","0x00000130","hKey->0x00000134","lpSubKey->{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20190529233127.841","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000130","lpValueName->Generation"
"20190529233127.841","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","CreateFileW","SUCCESS","0x00000130","lpFileName->\\.\MountPointManager","dwDesiredAccess->ATTRIBUTES"
"20190529233127.841","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","DeleteFileW","SUCCESS","","lpFileName->C:\boot.ini"
"20190529233127.841","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","device","DeviceIoControl","FAILURE","","hDevice->0x00000130","dwIoControlCode->0x006d0034","lpInBuffer->0x0049c8d8","nInBufferSize->0x00000208","lpOutBuffer->0x0049a020","nOutBufferSize->0x00000008","lpBytesReturned->0x0120f884","lpOverlapped->0x00000000"
"20190529233127.841","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","device","DeviceIoControl","SUCCESS","","hDevice->0x00000130","dwIoControlCode->0x006d0034","lpInBuffer->0x0049c8d8","nInBufferSize->0x00000208","lpOutBuffer->0x0049cb10","nOutBufferSize->0x00000010","lpBytesReturned->0x0120f884","lpOverlapped->0x00000000"
"20190529233127.841","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","CreateFileW","SUCCESS","0x00000130","lpFileName->\\.\MountPointManager","dwDesiredAccess->ATTRIBUTES"
"20190529233127.841","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","device","DeviceIoControl","FAILURE","","hDevice->0x00000130","dwIoControlCode->0x006d0034","lpInBuffer->0x0049c8d8","nInBufferSize->0x00000208","lpOutBuffer->0x0049a020","nOutBufferSize->0x00000008","lpBytesReturned->0x0120f884","lpOverlapped->0x00000000"
"20190529233127.841","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","MoveFileWithProgressW","SUCCESS","","lpExistingFileName->C:\boot.ini.exe","lpNewFileName->C:\boot.ini"
"20190529233127.841","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","CreateFileW","SUCCESS","0x00000134","lpFileName->C:\CONFIG.SYS","dwDesiredAccess->GENERIC_READ"
"20190529233127.841","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","ReadFile","SUCCESS","","hFile->0x00000134","nNumberOfBytesToRead->268"
"20190529233127.841","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","CreateFileW","SUCCESS","0x00000134","lpFileName->C:\576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","dwDesiredAccess->GENERIC_READ"
"20190529233127.841","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","CreateFileW","SUCCESS","0x00000138","lpFileName->C:\CONFIG.SYS","dwDesiredAccess->GENERIC_READ"
"20190529233127.841","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","CreateFileW","SUCCESS","0x0000013c","lpFileName->C:\CONFIG.SYS.exe","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20190529233127.841","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","device","DeviceIoControl","SUCCESS","","hDevice->0x00000130","dwIoControlCode->0x006d0034","lpInBuffer->0x0049c8d8","nInBufferSize->0x00000208","lpOutBuffer->0x0049cb28","nOutBufferSize->0x00000010","lpBytesReturned->0x0120f884","lpOverlapped->0x00000000"
"20190529233127.841","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","registry","RegCreateKeyExW","SUCCESS","0x00000130","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20190529233127.841","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","registry","RegSetValueExW","SUCCESS","","hKey->0x00000130","lpValueName->BaseClass","dwType->1","lpData->Drive","cbData->12"
"20190529233127.841","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","registry","RegOpenKeyExW","SUCCESS","0x00000130","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume"
"20190529233127.841","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","registry","RegOpenKeyExW","SUCCESS","0x00000140","hKey->0x00000130","lpSubKey->{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20190529233127.841","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000140","lpValueName->Generation"
"20190529233127.841","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","system","LoadLibraryA","SUCCESS","0x7c9c0000","lpFileName->SHELL32.dll"
"20190529233127.841","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","system","LoadLibraryA","SUCCESS","0x774e0000","lpFileName->ole32.dll"
"20190529233127.841","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","registry","RegOpenKeyExW","SUCCESS","0x00000142","hKey->HKEY_CLASSES_ROOT","lpSubKey->Directory"
"20190529233127.841","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","registry","RegOpenKeyExW","FAILURE","","hKey->0x00000142","lpSubKey->CurVer"
"20190529233127.841","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","registry","RegOpenKeyExW","SUCCESS","0x00000132","hKey->0x00000142","lpSubKey->(null)"
"20190529233127.841","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190529233127.841","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","registry","RegOpenKeyExW","SUCCESS","0x00000140","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190529233127.841","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","registry","RegQueryValueExW","FAILURE","","hKey->0x00000140","lpValueName->DontShowSuperHidden"
"20190529233127.841","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","registry","RegOpenKeyExW","SUCCESS","0x00000140","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer"
"20190529233127.841","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","registry","RegOpenKeyExW","SUCCESS","0x00000148","hKey->0x00000140","lpSubKey->(null)"
"20190529233127.841","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000148","lpValueName->ShellState"
"20190529233127.841","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000148","lpValueName->ShellState"
"20190529233127.841","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190529233127.841","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","registry","RegOpenKeyExW","SUCCESS","0x00000148","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190529233127.841","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","registry","RegQueryValueExW","FAILURE","","hKey->0x00000148","lpValueName->ForceActiveDesktopOn"
"20190529233127.841","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190529233127.841","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","memory","VirtualAllocEx","SUCCESS","0x01014000","th32ProcessID->1764","szExeFile->576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","lpAddress->0x01014000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20190529233127.851","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","ReadFile","SUCCESS","","hFile->0x00000134","nNumberOfBytesToRead->61440"
"20190529233127.851","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","WriteFile","SUCCESS","","hFile->0x0000013c","nNumberOfBytesToWrite->61440"
"20190529233127.851","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","ReadFile","SUCCESS","","hFile->0x00000134","nNumberOfBytesToRead->61440"
"20190529233127.851","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","WriteFile","SUCCESS","","hFile->0x0000013c","nNumberOfBytesToWrite->61440"
"20190529233127.851","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","ReadFile","SUCCESS","","hFile->0x00000134","nNumberOfBytesToRead->61440"
"20190529233127.851","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","WriteFile","SUCCESS","","hFile->0x0000013c","nNumberOfBytesToWrite->61440"
"20190529233127.851","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","ReadFile","SUCCESS","","hFile->0x00000134","nNumberOfBytesToRead->61440"
"20190529233127.851","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","WriteFile","SUCCESS","","hFile->0x0000013c","nNumberOfBytesToWrite->61440"
"20190529233127.851","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","ReadFile","SUCCESS","","hFile->0x00000134","nNumberOfBytesToRead->61440"
"20190529233127.851","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","WriteFile","SUCCESS","","hFile->0x0000013c","nNumberOfBytesToWrite->61440"
"20190529233127.851","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","ReadFile","SUCCESS","","hFile->0x00000134","nNumberOfBytesToRead->61440"
"20190529233127.851","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","WriteFile","SUCCESS","","hFile->0x0000013c","nNumberOfBytesToWrite->61440"
"20190529233127.851","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","ReadFile","SUCCESS","","hFile->0x00000134","nNumberOfBytesToRead->61440"
"20190529233127.851","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","WriteFile","SUCCESS","","hFile->0x0000013c","nNumberOfBytesToWrite->61440"
"20190529233127.851","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","ReadFile","SUCCESS","","hFile->0x00000134","nNumberOfBytesToRead->61440"
"20190529233127.851","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","WriteFile","SUCCESS","","hFile->0x0000013c","nNumberOfBytesToWrite->61440"
"20190529233127.851","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","ReadFile","SUCCESS","","hFile->0x00000134","nNumberOfBytesToRead->33449"
"20190529233127.851","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","WriteFile","SUCCESS","","hFile->0x0000013c","nNumberOfBytesToWrite->33449"
"20190529233127.851","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","WriteFile","SUCCESS","","hFile->0x0000013c","nNumberOfBytesToWrite->268"
"20190529233127.851","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","WriteFile","SUCCESS","","hFile->0x0000013c","nNumberOfBytesToWrite->268"
"20190529233127.851","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","DeleteFileW","SUCCESS","","lpFileName->C:\CONFIG.SYS"
"20190529233127.851","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","registry","RegOpenKeyExW","SUCCESS","0x00000138","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190529233127.851","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","registry","RegQueryValueExW","FAILURE","","hKey->0x00000138","lpValueName->NoActiveDesktop"
"20190529233127.851","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\System"
"20190529233127.851","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190529233127.851","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","registry","RegOpenKeyExW","SUCCESS","0x00000138","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190529233127.851","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","registry","RegQueryValueExW","FAILURE","","hKey->0x00000138","lpValueName->NoWebView"
"20190529233127.851","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190529233127.851","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","registry","RegOpenKeyExW","SUCCESS","0x00000138","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190529233127.851","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","registry","RegQueryValueExW","FAILURE","","hKey->0x00000138","lpValueName->ClassicShell"
"20190529233127.851","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190529233127.851","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","registry","RegOpenKeyExW","SUCCESS","0x00000138","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190529233127.851","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","registry","RegQueryValueExW","FAILURE","","hKey->0x00000138","lpValueName->SeparateProcess"
"20190529233127.851","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190529233127.851","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","registry","RegOpenKeyExW","SUCCESS","0x00000138","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190529233127.851","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","registry","RegQueryValueExW","FAILURE","","hKey->0x00000138","lpValueName->NoNetCrawling"
"20190529233127.851","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","MoveFileWithProgressW","SUCCESS","","lpExistingFileName->C:\CONFIG.SYS.exe","lpNewFileName->C:\CONFIG.SYS"
"20190529233127.861","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","CreateFileW","SUCCESS","0x00000134","lpFileName->C:\cuckoo\additional\.gitignore","dwDesiredAccess->GENERIC_READ"
"20190529233127.861","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","ReadFile","SUCCESS","","hFile->0x00000134","nNumberOfBytesToRead->268"
"20190529233127.861","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","CreateFileW","SUCCESS","0x00000134","lpFileName->C:\576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","dwDesiredAccess->GENERIC_READ"
"20190529233127.861","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","CreateFileW","SUCCESS","0x00000148","lpFileName->C:\cuckoo\additional\.gitignore","dwDesiredAccess->GENERIC_READ"
"20190529233127.861","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190529233127.861","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","registry","RegOpenKeyExW","SUCCESS","0x0000014c","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190529233127.861","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","registry","RegQueryValueExW","FAILURE","","hKey->0x0000014c","lpValueName->NoSimpleStartMenu"
"20190529233127.861","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","registry","RegOpenKeyExW","SUCCESS","0x0000014c","hKey->0x00000140","lpSubKey->Advanced"
"20190529233127.861","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","registry","RegQueryValueExW","SUCCESS","","hKey->0x0000014c","lpValueName->Hidden"
"20190529233127.861","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","registry","RegQueryValueExW","SUCCESS","","hKey->0x0000014c","lpValueName->ShowCompColor"
"20190529233127.861","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","registry","RegQueryValueExW","SUCCESS","","hKey->0x0000014c","lpValueName->HideFileExt"
"20190529233127.861","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","registry","RegQueryValueExW","SUCCESS","","hKey->0x0000014c","lpValueName->DontPrettyPath"
"20190529233127.861","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","registry","RegQueryValueExW","SUCCESS","","hKey->0x0000014c","lpValueName->ShowInfoTip"
"20190529233127.861","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","registry","RegQueryValueExW","SUCCESS","","hKey->0x0000014c","lpValueName->HideIcons"
"20190529233127.861","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","registry","RegQueryValueExW","SUCCESS","","hKey->0x0000014c","lpValueName->MapNetDrvBtn"
"20190529233127.861","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","registry","RegQueryValueExW","SUCCESS","","hKey->0x0000014c","lpValueName->WebView"
"20190529233127.861","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","registry","RegQueryValueExW","SUCCESS","","hKey->0x0000014c","lpValueName->Filter"
"20190529233127.861","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","registry","RegQueryValueExW","SUCCESS","","hKey->0x0000014c","lpValueName->ShowSuperHidden"
"20190529233127.861","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","registry","RegQueryValueExW","SUCCESS","","hKey->0x0000014c","lpValueName->SeparateProcess"
"20190529233127.861","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","registry","RegQueryValueExW","SUCCESS","","hKey->0x0000014c","lpValueName->NoNetCrawling"
"20190529233127.861","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","registry","RegOpenKeyExW","FAILURE","","hKey->0x00000132","lpSubKey->ShellEx\IconHandler"
"20190529233127.861","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","registry","RegQueryValueExW","FAILURE","","hKey->0x00000132","lpValueName->DocObject"
"20190529233127.861","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","registry","RegQueryValueExW","FAILURE","","hKey->0x00000132","lpValueName->BrowseInPlace"
"20190529233127.861","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","registry","RegOpenKeyExW","FAILURE","","hKey->0x00000132","lpSubKey->Clsid"
"20190529233127.861","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","registry","RegOpenKeyExW","SUCCESS","0x00000152","hKey->HKEY_CLASSES_ROOT","lpSubKey->Folder"
"20190529233127.861","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","registry","RegOpenKeyExW","FAILURE","","hKey->0x00000152","lpSubKey->Clsid"
"20190529233127.861","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","registry","RegQueryValueExW","FAILURE","","hKey->0x00000132","lpValueName->IsShortcut"
"20190529233127.861","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000132","lpValueName->AlwaysShowExt"
"20190529233127.861","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","registry","RegQueryValueExW","FAILURE","","hKey->0x00000132","lpValueName->NeverShowExt"
"20190529233127.861","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190529233127.861","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","registry","RegOpenKeyExW","SUCCESS","0x00000150","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190529233127.861","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","registry","RegQueryValueExW","FAILURE","","hKey->0x00000150","lpValueName->UseDesktopIniCache"
"20190529233127.861","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","CreateFileW","SUCCESS","0x00000150","lpFileName->C:\cuckoo\additional\.gitignore.exe","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20190529233127.861","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","memory","VirtualAllocEx","SUCCESS","0x01014000","th32ProcessID->200","szExeFile->HelpMe.exe","lpAddress->0x01014000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20190529233127.861","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","ReadFile","SUCCESS","","hFile->0x00000134","nNumberOfBytesToRead->61440"
"20190529233127.871","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","WriteFile","SUCCESS","","hFile->0x00000150","nNumberOfBytesToWrite->61440"
"20190529233127.871","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","ReadFile","SUCCESS","","hFile->0x00000134","nNumberOfBytesToRead->61440"
"20190529233127.871","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","WriteFile","SUCCESS","","hFile->0x00000150","nNumberOfBytesToWrite->61440"
"20190529233127.871","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","ReadFile","SUCCESS","","hFile->0x00000134","nNumberOfBytesToRead->61440"
"20190529233127.871","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","WriteFile","SUCCESS","","hFile->0x00000150","nNumberOfBytesToWrite->61440"
"20190529233127.871","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","ReadFile","SUCCESS","","hFile->0x00000134","nNumberOfBytesToRead->61440"
"20190529233127.871","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","WriteFile","SUCCESS","","hFile->0x00000150","nNumberOfBytesToWrite->61440"
"20190529233127.871","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","ReadFile","SUCCESS","","hFile->0x00000134","nNumberOfBytesToRead->61440"
"20190529233127.871","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","WriteFile","SUCCESS","","hFile->0x00000150","nNumberOfBytesToWrite->61440"
"20190529233127.871","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","ReadFile","SUCCESS","","hFile->0x00000134","nNumberOfBytesToRead->61440"
"20190529233127.871","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","WriteFile","SUCCESS","","hFile->0x00000150","nNumberOfBytesToWrite->61440"
"20190529233127.871","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","ReadFile","SUCCESS","","hFile->0x00000134","nNumberOfBytesToRead->61440"
"20190529233127.871","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","WriteFile","SUCCESS","","hFile->0x00000150","nNumberOfBytesToWrite->61440"
"20190529233127.871","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","ReadFile","SUCCESS","","hFile->0x00000134","nNumberOfBytesToRead->61440"
"20190529233127.871","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","WriteFile","SUCCESS","","hFile->0x00000150","nNumberOfBytesToWrite->61440"
"20190529233127.871","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","ReadFile","SUCCESS","","hFile->0x00000134","nNumberOfBytesToRead->33449"
"20190529233127.871","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","WriteFile","SUCCESS","","hFile->0x00000150","nNumberOfBytesToWrite->33449"
"20190529233127.871","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","ReadFile","SUCCESS","","hFile->0x00000148","nNumberOfBytesToRead->71"
"20190529233127.871","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","WriteFile","SUCCESS","","hFile->0x00000150","nNumberOfBytesToWrite->71"
"20190529233127.871","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","WriteFile","SUCCESS","","hFile->0x00000150","nNumberOfBytesToWrite->268"
"20190529233127.871","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","WriteFile","SUCCESS","","hFile->0x00000150","nNumberOfBytesToWrite->268"
"20190529233127.881","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","DeleteFileW","SUCCESS","","lpFileName->C:\cuckoo\additional\.gitignore"
"20190529233127.881","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","MoveFileWithProgressW","SUCCESS","","lpExistingFileName->C:\cuckoo\additional\.gitignore.exe","lpNewFileName->C:\cuckoo\additional\.gitignore"
"20190529233127.881","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","CreateFileW","SUCCESS","0x00000150","lpFileName->C:\cuckoo\dll\cmonitor.dll","dwDesiredAccess->GENERIC_READ"
"20190529233127.881","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","ReadFile","SUCCESS","","hFile->0x00000150","nNumberOfBytesToRead->268"
"20190529233127.881","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","CreateFileW","SUCCESS","0x00000150","lpFileName->C:\576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","dwDesiredAccess->GENERIC_READ"
"20190529233127.881","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","CreateFileW","SUCCESS","0x00000148","lpFileName->C:\cuckoo\dll\cmonitor.dll","dwDesiredAccess->GENERIC_READ"
"20190529233127.881","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","CreateFileW","SUCCESS","0x00000134","lpFileName->C:\cuckoo\dll\cmonitor.dll.exe","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20190529233127.881","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","system","LoadLibraryA","SUCCESS","0x77120000","lpFileName->oleaut32.dll"
"20190529233127.881","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","memory","VirtualAllocEx","SUCCESS","0x01014000","th32ProcessID->200","szExeFile->HelpMe.exe","lpAddress->0x01014000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20190529233127.891","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","registry","RegOpenKeyExW","SUCCESS","0x00000130","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\COM3"
"20190529233127.891","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000130","lpValueName->Com+Enabled"
"20190529233127.891","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","ReadFile","SUCCESS","","hFile->0x00000150","nNumberOfBytesToRead->61440"
"20190529233127.891","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","WriteFile","SUCCESS","","hFile->0x00000134","nNumberOfBytesToWrite->61440"
"20190529233127.891","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","ReadFile","SUCCESS","","hFile->0x00000150","nNumberOfBytesToRead->61440"
"20190529233127.891","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","WriteFile","SUCCESS","","hFile->0x00000134","nNumberOfBytesToWrite->61440"
"20190529233127.891","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","ReadFile","SUCCESS","","hFile->0x00000150","nNumberOfBytesToRead->61440"
"20190529233127.891","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","WriteFile","SUCCESS","","hFile->0x00000134","nNumberOfBytesToWrite->61440"
"20190529233127.891","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","ReadFile","SUCCESS","","hFile->0x00000150","nNumberOfBytesToRead->61440"
"20190529233127.891","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","WriteFile","SUCCESS","","hFile->0x00000134","nNumberOfBytesToWrite->61440"
"20190529233127.891","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","ReadFile","SUCCESS","","hFile->0x00000150","nNumberOfBytesToRead->61440"
"20190529233127.891","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","WriteFile","SUCCESS","","hFile->0x00000134","nNumberOfBytesToWrite->61440"
"20190529233127.891","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","ReadFile","SUCCESS","","hFile->0x00000150","nNumberOfBytesToRead->61440"
"20190529233127.891","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","WriteFile","SUCCESS","","hFile->0x00000134","nNumberOfBytesToWrite->61440"
"20190529233127.891","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","ReadFile","SUCCESS","","hFile->0x00000150","nNumberOfBytesToRead->61440"
"20190529233127.891","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","WriteFile","SUCCESS","","hFile->0x00000134","nNumberOfBytesToWrite->61440"
"20190529233127.891","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","ReadFile","SUCCESS","","hFile->0x00000150","nNumberOfBytesToRead->61440"
"20190529233127.891","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","WriteFile","SUCCESS","","hFile->0x00000134","nNumberOfBytesToWrite->61440"
"20190529233127.891","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","ReadFile","SUCCESS","","hFile->0x00000150","nNumberOfBytesToRead->33449"
"20190529233127.891","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","WriteFile","SUCCESS","","hFile->0x00000134","nNumberOfBytesToWrite->33449"
"20190529233127.891","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\COM3\Debug"
"20190529233127.891","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\COM3\Debug"
"20190529233127.891","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","registry","RegOpenKeyExW","SUCCESS","0x00000130","hKey->HKEY_LOCAL_MACHINE","lpSubKey->SOFTWARE\Microsoft\OLE"
"20190529233127.891","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","registry","RegQueryValueExW","FAILURE","","hKey->0x00000130","lpValueName->MinimumFreeMemPercentageToCreateProcess"
"20190529233127.891","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","registry","RegQueryValueExW","FAILURE","","hKey->0x00000130","lpValueName->MinimumFreeMemPercentageToCreateObject"
"20190529233127.891","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","memory","VirtualAllocEx","SUCCESS","0x01024000","th32ProcessID->200","szExeFile->HelpMe.exe","lpAddress->0x01024000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20190529233127.891","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","ReadFile","SUCCESS","","hFile->0x00000148","nNumberOfBytesToRead->61440"
"20190529233127.891","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","WriteFile","SUCCESS","","hFile->0x00000134","nNumberOfBytesToWrite->61440"
"20190529233127.891","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","ReadFile","SUCCESS","","hFile->0x00000148","nNumberOfBytesToRead->61440"
"20190529233127.891","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","WriteFile","SUCCESS","","hFile->0x00000134","nNumberOfBytesToWrite->61440"
"20190529233127.891","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","ReadFile","SUCCESS","","hFile->0x00000148","nNumberOfBytesToRead->61440"
"20190529233127.891","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","WriteFile","SUCCESS","","hFile->0x00000134","nNumberOfBytesToWrite->61440"
"20190529233127.891","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","ReadFile","SUCCESS","","hFile->0x00000148","nNumberOfBytesToRead->12288"
"20190529233127.891","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","WriteFile","SUCCESS","","hFile->0x00000134","nNumberOfBytesToWrite->12288"
"20190529233127.891","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","WriteFile","SUCCESS","","hFile->0x00000134","nNumberOfBytesToWrite->268"
"20190529233127.891","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","WriteFile","SUCCESS","","hFile->0x00000134","nNumberOfBytesToWrite->268"
"20190529233127.891","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","system","LoadLibraryA","SUCCESS","0x76fd0000","lpFileName->CLBCATQ.DLL"
"20190529233127.891","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","registry","RegOpenKeyExW","SUCCESS","0x00000134","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\COM3"
"20190529233127.891","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000134","lpValueName->Com+Enabled"
"20190529233127.891","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","system","LoadLibraryA","SUCCESS","0x76fd0000","lpFileName->CLBCATQ.DLL"
"20190529233127.891","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","registry","RegOpenKeyExW","SUCCESS","0x00000134","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Classes"
"20190529233127.891","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","registry","RegOpenKeyExW","SUCCESS","0x00000164","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\COM3"
"20190529233127.891","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","registry","RegOpenKeyExW","SUCCESS","0x00000174","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Classes"
"20190529233127.891","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","registry","RegOpenKeyExW","SUCCESS","0x00000184","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\COM3"
"20190529233127.891","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","registry","RegOpenKeyExW","SUCCESS","0x0000018c","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\COM3"
"20190529233127.891","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","registry","RegOpenKeyExW","SUCCESS","0x00000194","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Classes\CLSID"
"20190529233127.891","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","registry","RegOpenKeyExW","SUCCESS","0x0000019c","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Classes"
"20190529233127.891","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","registry","RegOpenKeyExW","SUCCESS","0x000001a4","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\COM3"
"20190529233127.891","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","registry","RegOpenKeyExW","SUCCESS","0x000001b4","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\COM3"
"20190529233127.891","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","registry","RegOpenKeyExW","SUCCESS","0x000001bc","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\COM3"
"20190529233127.891","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","registry","RegOpenKeyExW","SUCCESS","0x000001c4","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Classes\CLSID"
"20190529233127.891","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","registry","RegOpenKeyExW","SUCCESS","0x000001cc","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\COM3"
"20190529233127.891","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001cc","lpValueName->REGDBVersion"
"20190529233127.891","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","CreateFileW","SUCCESS","0x000001cc","lpFileName->C:\WINDOWS\Registration\R000000000007.clb","dwDesiredAccess->GENERIC_READ"
"20190529233127.891","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","DeleteFileW","SUCCESS","","lpFileName->C:\cuckoo\dll\cmonitor.dll"
"20190529233127.891","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","ReadFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToRead->22512"
"20190529233127.901","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","registry","RegOpenKeyExW","SUCCESS","0x000001cc","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\COM3"
"20190529233127.901","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001cc","lpValueName->REGDBVersion"
"20190529233127.901","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","memory","VirtualAllocEx","SUCCESS","0x00200000","th32ProcessID->200","szExeFile->HelpMe.exe","lpAddress->0x00000000","dwSize->65536","flAllocationType->0x00002000","flProtect->0x00000001"
"20190529233127.901","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","memory","VirtualAllocEx","SUCCESS","0x00200000","th32ProcessID->200","szExeFile->HelpMe.exe","lpAddress->0x00200000","dwSize->4096","flAllocationType->0x00001000","flProtect->0x00000004"
"20190529233127.901","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","registry","RegOpenKeyExW","SUCCESS","0x000001ce","hKey->0x0000014a","lpSubKey->CLSID\{00021401-0000-0000-C000-000000000046}"
"20190529233127.901","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","registry","RegOpenKeyExW","FAILURE","","hKey->0x000001ce","lpSubKey->TreatAs"
"20190529233127.901","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","registry","RegOpenKeyExW","SUCCESS","0x000001de","hKey->0x0000014a","lpSubKey->(null)"
"20190529233127.901","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","registry","RegOpenKeyExW","SUCCESS","0x000001ce","hKey->0x000001de","lpSubKey->CLSID\{00021401-0000-0000-C000-000000000046}"
"20190529233127.901","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","registry","RegOpenKeyExW","SUCCESS","0x000001e2","hKey->0x000001ce","lpSubKey->InprocServer32"
"20190529233127.901","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","registry","RegQueryValueExW","FAILURE","","hKey->0x000001e2","lpValueName->InprocServer32"
"20190529233127.901","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","registry","RegOpenKeyExW","FAILURE","","hKey->0x000001ce","lpSubKey->InprocServerX86"
"20190529233127.901","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","registry","RegOpenKeyExW","FAILURE","","hKey->0x000001ce","lpSubKey->LocalServer32"
"20190529233127.901","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","registry","RegOpenKeyExW","SUCCESS","0x000001e2","hKey->0x000001ce","lpSubKey->InprocServer32"
"20190529233127.901","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001e2","lpValueName->(null)"
"20190529233127.901","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","registry","RegOpenKeyExW","FAILURE","","hKey->0x000001ce","lpSubKey->InprocHandler32"
"20190529233127.901","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","registry","RegOpenKeyExW","FAILURE","","hKey->0x000001ce","lpSubKey->InprocHandlerX86"
"20190529233127.901","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","registry","RegOpenKeyExW","FAILURE","","hKey->0x000001ce","lpSubKey->LocalServer32"
"20190529233127.901","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","registry","RegOpenKeyExW","FAILURE","","hKey->0x000001ce","lpSubKey->LocalServer"
"20190529233127.901","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","registry","RegOpenKeyExW","SUCCESS","0x000001e2","hKey->0x000001de","lpSubKey->CLSID\{00021401-0000-0000-C000-000000000046}"
"20190529233127.901","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","registry","RegQueryValueExW","FAILURE","","hKey->0x000001e2","lpValueName->AppID"
"20190529233127.901","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","registry","RegOpenKeyExW","SUCCESS","0x000001ce","hKey->0x000001de","lpSubKey->CLSID\{00021401-0000-0000-C000-000000000046}"
"20190529233127.901","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","registry","RegOpenKeyExW","SUCCESS","0x000001ce","hKey->0x000001de","lpSubKey->CLSID\{00021401-0000-0000-C000-000000000046}"
"20190529233127.901","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","registry","RegOpenKeyExW","SUCCESS","0x000001e2","hKey->0x000001ce","lpSubKey->InprocServer32"
"20190529233127.901","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001e2","lpValueName->ThreadingModel"
"20190529233127.901","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","registry","RegOpenKeyExW","SUCCESS","0x000001ce","hKey->HKEY_CLASSES_ROOT","lpSubKey->CLSID\{00021401-0000-0000-C000-000000000046}"
"20190529233127.901","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","registry","RegOpenKeyExW","FAILURE","","hKey->0x000001ce","lpSubKey->TreatAs"
"20190529233127.901","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","registry","RegOpenKeyExW","SUCCESS","0x000001e0","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume"
"20190529233127.901","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","registry","RegOpenKeyExW","SUCCESS","0x000001e4","hKey->0x000001e0","lpSubKey->{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20190529233127.901","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001e4","lpValueName->Generation"
"20190529233127.901","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","registry","RegOpenKeyExW","SUCCESS","0x000001e6","hKey->HKEY_CLASSES_ROOT","lpSubKey->Drive\shellex\FolderExtensions"
"20190529233127.901","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","MoveFileWithProgressW","SUCCESS","","lpExistingFileName->C:\cuckoo\dll\cmonitor.dll.exe","lpNewFileName->C:\cuckoo\dll\cmonitor.dll"
"20190529233127.901","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","CreateFileW","SUCCESS","0x000001d0","lpFileName->C:\cuckoo\dll\DuDjke.dll","dwDesiredAccess->GENERIC_READ"
"20190529233127.901","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","ReadFile","SUCCESS","","hFile->0x000001d0","nNumberOfBytesToRead->268"
"20190529233127.901","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","CreateFileW","SUCCESS","0x000001d0","lpFileName->C:\576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","dwDesiredAccess->GENERIC_READ"
"20190529233127.901","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","CreateFileW","SUCCESS","0x000001e0","lpFileName->C:\cuckoo\dll\DuDjke.dll","dwDesiredAccess->GENERIC_READ"
"20190529233127.901","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","CreateFileW","SUCCESS","0x000001e8","lpFileName->C:\cuckoo\dll\DuDjke.dll.exe","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20190529233127.901","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","memory","VirtualAllocEx","SUCCESS","0x01024000","th32ProcessID->200","szExeFile->HelpMe.exe","lpAddress->0x01024000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20190529233127.901","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","ReadFile","SUCCESS","","hFile->0x000001d0","nNumberOfBytesToRead->61440"
"20190529233127.901","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","WriteFile","SUCCESS","","hFile->0x000001e8","nNumberOfBytesToWrite->61440"
"20190529233127.901","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","ReadFile","SUCCESS","","hFile->0x000001d0","nNumberOfBytesToRead->61440"
"20190529233127.901","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","WriteFile","SUCCESS","","hFile->0x000001e8","nNumberOfBytesToWrite->61440"
"20190529233127.901","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","ReadFile","SUCCESS","","hFile->0x000001d0","nNumberOfBytesToRead->61440"
"20190529233127.901","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","WriteFile","SUCCESS","","hFile->0x000001e8","nNumberOfBytesToWrite->61440"
"20190529233127.901","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","ReadFile","SUCCESS","","hFile->0x000001d0","nNumberOfBytesToRead->61440"
"20190529233127.901","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","WriteFile","SUCCESS","","hFile->0x000001e8","nNumberOfBytesToWrite->61440"
"20190529233127.901","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","ReadFile","SUCCESS","","hFile->0x000001d0","nNumberOfBytesToRead->61440"
"20190529233127.901","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","WriteFile","SUCCESS","","hFile->0x000001e8","nNumberOfBytesToWrite->61440"
"20190529233127.901","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","ReadFile","SUCCESS","","hFile->0x000001d0","nNumberOfBytesToRead->61440"
"20190529233127.901","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","WriteFile","SUCCESS","","hFile->0x000001e8","nNumberOfBytesToWrite->61440"
"20190529233127.901","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","ReadFile","SUCCESS","","hFile->0x000001d0","nNumberOfBytesToRead->61440"
"20190529233127.901","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","WriteFile","SUCCESS","","hFile->0x000001e8","nNumberOfBytesToWrite->61440"
"20190529233127.901","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","ReadFile","SUCCESS","","hFile->0x000001d0","nNumberOfBytesToRead->61440"
"20190529233127.901","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","WriteFile","SUCCESS","","hFile->0x000001e8","nNumberOfBytesToWrite->61440"
"20190529233127.901","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","ReadFile","SUCCESS","","hFile->0x000001d0","nNumberOfBytesToRead->33449"
"20190529233127.901","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","WriteFile","SUCCESS","","hFile->0x000001e8","nNumberOfBytesToWrite->33449"
"20190529233127.901","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","memory","VirtualAllocEx","SUCCESS","0x01024000","th32ProcessID->200","szExeFile->HelpMe.exe","lpAddress->0x01024000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20190529233127.901","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","ReadFile","SUCCESS","","hFile->0x000001e0","nNumberOfBytesToRead->61440"
"20190529233127.901","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","WriteFile","SUCCESS","","hFile->0x000001e8","nNumberOfBytesToWrite->61440"
"20190529233127.901","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","ReadFile","SUCCESS","","hFile->0x000001e0","nNumberOfBytesToRead->61440"
"20190529233127.901","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","WriteFile","SUCCESS","","hFile->0x000001e8","nNumberOfBytesToWrite->61440"
"20190529233127.901","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","ReadFile","SUCCESS","","hFile->0x000001e0","nNumberOfBytesToRead->61440"
"20190529233127.901","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","WriteFile","SUCCESS","","hFile->0x000001e8","nNumberOfBytesToWrite->61440"
"20190529233127.901","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","ReadFile","SUCCESS","","hFile->0x000001e0","nNumberOfBytesToRead->12288"
"20190529233127.901","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","WriteFile","SUCCESS","","hFile->0x000001e8","nNumberOfBytesToWrite->12288"
"20190529233127.901","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","WriteFile","SUCCESS","","hFile->0x000001e8","nNumberOfBytesToWrite->268"
"20190529233127.901","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","WriteFile","SUCCESS","","hFile->0x000001e8","nNumberOfBytesToWrite->268"
"20190529233127.901","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","DeleteFileW","FAILURE","","lpFileName->C:\cuckoo\dll\DuDjke.dll"
"20190529233127.901","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","MoveFileWithProgressW","FAILURE","","lpExistingFileName->C:\cuckoo\dll\DuDjke.dll.exe","lpNewFileName->C:\cuckoo\dll\DuDjke.dll"
"20190529233127.901","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","CreateFileW","SUCCESS","0x000001e8","lpFileName->C:\cuckoo\dll\HppErf.dll","dwDesiredAccess->GENERIC_READ"
"20190529233127.911","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","ReadFile","SUCCESS","","hFile->0x000001e8","nNumberOfBytesToRead->268"
"20190529233127.911","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","CreateFileW","SUCCESS","0x000001e8","lpFileName->C:\576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","dwDesiredAccess->GENERIC_READ"
"20190529233127.911","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","CreateFileW","SUCCESS","0x000001d0","lpFileName->C:\cuckoo\dll\HppErf.dll","dwDesiredAccess->GENERIC_READ"
"20190529233127.911","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","registry","RegOpenKeyExW","SUCCESS","0x000001e2","hKey->HKEY_CLASSES_ROOT","lpSubKey->Drive\shellex\FolderExtensions\{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"20190529233127.911","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001e2","lpValueName->DriveMask"
"20190529233127.911","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190529233127.911","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","registry","RegOpenKeyExW","SUCCESS","0x000001e4","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190529233127.911","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","registry","RegQueryValueExW","FAILURE","","hKey->0x000001e4","lpValueName->AllowFileCLSIDJunctions"
"20190529233127.911","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","registry","RegCreateKeyExW","SUCCESS","0x000001e4","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders"
"20190529233127.911","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001e4","lpValueName->Personal"
"20190529233127.911","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","registry","RegCreateKeyExW","SUCCESS","0x000001e4","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders"
"20190529233127.911","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","registry","RegSetValueExW","SUCCESS","","hKey->0x000001e4","lpValueName->Personal","dwType->1","lpData->C:\Documents and Settings\janettedoe\My Documents","cbData->100"
"20190529233127.911","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","registry","RegOpenKeyExW","SUCCESS","0x000001e4","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume"
"20190529233127.911","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","registry","RegOpenKeyExW","SUCCESS","0x000001e0","hKey->0x000001e4","lpSubKey->{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20190529233127.911","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001e0","lpValueName->Generation"
"20190529233127.911","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","CreateFileW","SUCCESS","0x000001e0","lpFileName->C:\cuckoo\dll\HppErf.dll.exe","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20190529233127.911","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","memory","VirtualAllocEx","SUCCESS","0x01024000","th32ProcessID->200","szExeFile->HelpMe.exe","lpAddress->0x01024000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20190529233127.911","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","ReadFile","SUCCESS","","hFile->0x000001e8","nNumberOfBytesToRead->61440"
"20190529233127.911","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","WriteFile","SUCCESS","","hFile->0x000001e0","nNumberOfBytesToWrite->61440"
"20190529233127.911","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","ReadFile","SUCCESS","","hFile->0x000001e8","nNumberOfBytesToRead->61440"
"20190529233127.911","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","WriteFile","SUCCESS","","hFile->0x000001e0","nNumberOfBytesToWrite->61440"
"20190529233127.911","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","ReadFile","SUCCESS","","hFile->0x000001e8","nNumberOfBytesToRead->61440"
"20190529233127.911","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","WriteFile","SUCCESS","","hFile->0x000001e0","nNumberOfBytesToWrite->61440"
"20190529233127.911","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","ReadFile","SUCCESS","","hFile->0x000001e8","nNumberOfBytesToRead->61440"
"20190529233127.911","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","WriteFile","SUCCESS","","hFile->0x000001e0","nNumberOfBytesToWrite->61440"
"20190529233127.911","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","ReadFile","SUCCESS","","hFile->0x000001e8","nNumberOfBytesToRead->61440"
"20190529233127.911","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","WriteFile","SUCCESS","","hFile->0x000001e0","nNumberOfBytesToWrite->61440"
"20190529233127.911","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","ReadFile","SUCCESS","","hFile->0x000001e8","nNumberOfBytesToRead->61440"
"20190529233127.911","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","WriteFile","SUCCESS","","hFile->0x000001e0","nNumberOfBytesToWrite->61440"
"20190529233127.911","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","ReadFile","SUCCESS","","hFile->0x000001e8","nNumberOfBytesToRead->61440"
"20190529233127.911","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","WriteFile","SUCCESS","","hFile->0x000001e0","nNumberOfBytesToWrite->61440"
"20190529233127.911","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","ReadFile","SUCCESS","","hFile->0x000001e8","nNumberOfBytesToRead->61440"
"20190529233127.911","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","WriteFile","SUCCESS","","hFile->0x000001e0","nNumberOfBytesToWrite->61440"
"20190529233127.911","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","ReadFile","SUCCESS","","hFile->0x000001e8","nNumberOfBytesToRead->33449"
"20190529233127.911","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","WriteFile","SUCCESS","","hFile->0x000001e0","nNumberOfBytesToWrite->33449"
"20190529233127.911","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","registry","RegCreateKeyExW","SUCCESS","0x000001fc","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders"
"20190529233127.911","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001fc","lpValueName->Common Documents"
"20190529233127.911","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","registry","RegCreateKeyExW","SUCCESS","0x000001fc","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders"
"20190529233127.911","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","registry","RegSetValueExW","SUCCESS","","hKey->0x000001fc","lpValueName->Common Documents","dwType->1","lpData->C:\Documents and Settings\All Users\Documents","cbData->92"
"20190529233127.911","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","registry","RegOpenKeyExW","SUCCESS","0x000001fc","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume"
"20190529233127.911","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","registry","RegOpenKeyExW","SUCCESS","0x00000200","hKey->0x000001fc","lpSubKey->{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20190529233127.911","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000200","lpValueName->Generation"
"20190529233127.911","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","memory","VirtualAllocEx","SUCCESS","0x01024000","th32ProcessID->200","szExeFile->HelpMe.exe","lpAddress->0x01024000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20190529233127.911","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","ReadFile","SUCCESS","","hFile->0x000001d0","nNumberOfBytesToRead->61440"
"20190529233127.911","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","WriteFile","SUCCESS","","hFile->0x000001e0","nNumberOfBytesToWrite->61440"
"20190529233127.911","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","ReadFile","SUCCESS","","hFile->0x000001d0","nNumberOfBytesToRead->61440"
"20190529233127.911","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","WriteFile","SUCCESS","","hFile->0x000001e0","nNumberOfBytesToWrite->61440"
"20190529233127.911","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","ReadFile","SUCCESS","","hFile->0x000001d0","nNumberOfBytesToRead->61440"
"20190529233127.911","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","WriteFile","SUCCESS","","hFile->0x000001e0","nNumberOfBytesToWrite->61440"
"20190529233127.911","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","ReadFile","SUCCESS","","hFile->0x000001d0","nNumberOfBytesToRead->12288"
"20190529233127.911","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","WriteFile","SUCCESS","","hFile->0x000001e0","nNumberOfBytesToWrite->12288"
"20190529233127.911","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","WriteFile","SUCCESS","","hFile->0x000001e0","nNumberOfBytesToWrite->268"
"20190529233127.911","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","WriteFile","SUCCESS","","hFile->0x000001e0","nNumberOfBytesToWrite->268"
"20190529233127.911","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","DeleteFileW","FAILURE","","lpFileName->C:\cuckoo\dll\HppErf.dll"
"20190529233127.911","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","MoveFileWithProgressW","FAILURE","","lpExistingFileName->C:\cuckoo\dll\HppErf.dll.exe","lpNewFileName->C:\cuckoo\dll\HppErf.dll"
"20190529233127.911","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","CreateFileW","SUCCESS","0x000001e0","lpFileName->C:\cuckoo\files\.gitignore","dwDesiredAccess->GENERIC_READ"
"20190529233127.911","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","ReadFile","SUCCESS","","hFile->0x000001e0","nNumberOfBytesToRead->268"
"20190529233127.911","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","CreateFileW","SUCCESS","0x000001e0","lpFileName->C:\576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","dwDesiredAccess->GENERIC_READ"
"20190529233127.911","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","CreateFileW","SUCCESS","0x000001d0","lpFileName->C:\cuckoo\files\.gitignore","dwDesiredAccess->GENERIC_READ"
"20190529233127.911","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","CreateFileW","SUCCESS","0x000001e8","lpFileName->C:\cuckoo\files\.gitignore.exe","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20190529233127.911","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","memory","VirtualAllocEx","SUCCESS","0x01024000","th32ProcessID->200","szExeFile->HelpMe.exe","lpAddress->0x01024000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20190529233127.911","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","ReadFile","SUCCESS","","hFile->0x000001e0","nNumberOfBytesToRead->61440"
"20190529233127.911","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","WriteFile","SUCCESS","","hFile->0x000001e8","nNumberOfBytesToWrite->61440"
"20190529233127.911","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","ReadFile","SUCCESS","","hFile->0x000001e0","nNumberOfBytesToRead->61440"
"20190529233127.911","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","WriteFile","SUCCESS","","hFile->0x000001e8","nNumberOfBytesToWrite->61440"
"20190529233127.911","1764","576149827d45671054ebd668a563ac8c7086db0e796e859ff4ea753d00167846","1596","filesystem","ReadFile","SUCCESS","","hFile->0x000001e0","nNumberOfBytesToRead->61440"
"[autorun]
open=AutoRun.exe
shell\1=Open
shell\1\Command=AutoRun.exe
shell\2\=Browser
shell\2\Command=AutoRun.exe
shellexecute=AutoRun.exe
AUTORUN.INF
"20190614144302.856","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","registry","RegOpenKeyExA","FAILURE","","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Borland\Locales"
"20190614144302.856","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","registry","RegOpenKeyExA","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Borland\Locales"
"20190614144302.856","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","registry","RegOpenKeyExA","FAILURE","","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Borland\Delphi\Locales"
"20190614144302.856","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","memory","VirtualAllocEx","SUCCESS","0x00150000","th32ProcessID->1116","szExeFile->3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","lpAddress->0x00000000","dwSize->1048576","flAllocationType->0x00002000","flProtect->0x00000001"
"20190614144302.856","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","memory","VirtualAllocEx","SUCCESS","0x00150000","th32ProcessID->1116","szExeFile->3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","lpAddress->0x00150000","dwSize->16384","flAllocationType->0x00001000","flProtect->0x00000004"
"20190614144302.866","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","memory","VirtualAllocEx","SUCCESS","0x00250000","th32ProcessID->1116","szExeFile->3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","lpAddress->0x00000000","dwSize->4096","flAllocationType->0x00001000","flProtect->0x00000040"
"20190614144302.866","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","device","DeviceIoControl","SUCCESS","","hDevice->0x00000034","dwIoControlCode->0x00390008","lpInBuffer->0x77e46318","nInBufferSize->0x00000100","lpOutBuffer->0x0012fc34","nOutBufferSize->0x00000100","lpBytesReturned->0x0012fc2c","lpOverlapped->0x00000000"
"20190614144302.866","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","device","DeviceIoControl","SUCCESS","","hDevice->0x00000034","dwIoControlCode->0x00390008","lpInBuffer->0x77e46318","nInBufferSize->0x00000100","lpOutBuffer->0x0012fc34","nOutBufferSize->0x00000100","lpBytesReturned->0x0012fc2c","lpOverlapped->0x00000000"
"20190614144302.866","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","device","DeviceIoControl","SUCCESS","","hDevice->0x00000034","dwIoControlCode->0x00390008","lpInBuffer->0x77e46318","nInBufferSize->0x00000100","lpOutBuffer->0x0012fc34","nOutBufferSize->0x00000100","lpBytesReturned->0x0012fc2c","lpOverlapped->0x00000000"
"20190614144302.866","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","device","DeviceIoControl","SUCCESS","","hDevice->0x00000034","dwIoControlCode->0x00390008","lpInBuffer->0x77e46318","nInBufferSize->0x00000100","lpOutBuffer->0x0012fc34","nOutBufferSize->0x00000100","lpBytesReturned->0x0012fc2c","lpOverlapped->0x00000000"
"20190614144302.866","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","device","DeviceIoControl","SUCCESS","","hDevice->0x00000034","dwIoControlCode->0x00390008","lpInBuffer->0x77e46318","nInBufferSize->0x00000100","lpOutBuffer->0x0012fc34","nOutBufferSize->0x00000100","lpBytesReturned->0x0012fc2c","lpOverlapped->0x00000000"
"20190614144302.866","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","device","DeviceIoControl","SUCCESS","","hDevice->0x00000034","dwIoControlCode->0x00390008","lpInBuffer->0x77e46318","nInBufferSize->0x00000100","lpOutBuffer->0x0012fc34","nOutBufferSize->0x00000100","lpBytesReturned->0x0012fc2c","lpOverlapped->0x00000000"
"20190614144302.866","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","device","DeviceIoControl","SUCCESS","","hDevice->0x00000034","dwIoControlCode->0x00390008","lpInBuffer->0x77e46318","nInBufferSize->0x00000100","lpOutBuffer->0x0012fc34","nOutBufferSize->0x00000100","lpBytesReturned->0x0012fc2c","lpOverlapped->0x00000000"
"20190614144302.876","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","CreateFileW","SUCCESS","0x0000008c","lpFileName->C:\3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","dwDesiredAccess->GENERIC_READ"
"20190614144302.876","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","ReadFile","SUCCESS","","hFile->0x0000008c","nNumberOfBytesToRead->268"
"20190614144302.876","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","CreateFileW","SUCCESS","0x00000084","lpFileName->C:\WINDOWS\system32\HelpMe.exe","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20190614144302.876","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","memory","VirtualAllocEx","SUCCESS","0x00154000","th32ProcessID->1116","szExeFile->3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","lpAddress->0x00154000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20190614144302.876","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","ReadFile","SUCCESS","","hFile->0x0000008c","nNumberOfBytesToRead->61440"
"20190614144302.876","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","WriteFile","SUCCESS","","hFile->0x00000084","nNumberOfBytesToWrite->61440"
"20190614144302.876","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","ReadFile","SUCCESS","","hFile->0x0000008c","nNumberOfBytesToRead->61440"
"20190614144302.876","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","WriteFile","SUCCESS","","hFile->0x00000084","nNumberOfBytesToWrite->61440"
"20190614144302.876","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","ReadFile","SUCCESS","","hFile->0x0000008c","nNumberOfBytesToRead->61440"
"20190614144302.876","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","WriteFile","SUCCESS","","hFile->0x00000084","nNumberOfBytesToWrite->61440"
"20190614144302.876","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","ReadFile","SUCCESS","","hFile->0x0000008c","nNumberOfBytesToRead->61440"
"20190614144302.876","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","WriteFile","SUCCESS","","hFile->0x00000084","nNumberOfBytesToWrite->61440"
"20190614144302.876","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","ReadFile","SUCCESS","","hFile->0x0000008c","nNumberOfBytesToRead->61440"
"20190614144302.876","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","WriteFile","SUCCESS","","hFile->0x00000084","nNumberOfBytesToWrite->61440"
"20190614144302.876","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","ReadFile","SUCCESS","","hFile->0x0000008c","nNumberOfBytesToRead->61440"
"20190614144302.876","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","WriteFile","SUCCESS","","hFile->0x00000084","nNumberOfBytesToWrite->61440"
"20190614144302.876","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","ReadFile","SUCCESS","","hFile->0x0000008c","nNumberOfBytesToRead->61440"
"20190614144302.876","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","WriteFile","SUCCESS","","hFile->0x00000084","nNumberOfBytesToWrite->61440"
"20190614144302.876","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","ReadFile","SUCCESS","","hFile->0x0000008c","nNumberOfBytesToRead->61440"
"20190614144302.876","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","WriteFile","SUCCESS","","hFile->0x00000084","nNumberOfBytesToWrite->61440"
"20190614144302.876","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","ReadFile","SUCCESS","","hFile->0x0000008c","nNumberOfBytesToRead->61440"
"20190614144302.876","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","WriteFile","SUCCESS","","hFile->0x00000084","nNumberOfBytesToWrite->61440"
"20190614144302.876","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","ReadFile","SUCCESS","","hFile->0x0000008c","nNumberOfBytesToRead->61440"
"20190614144302.876","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","WriteFile","SUCCESS","","hFile->0x00000084","nNumberOfBytesToWrite->61440"
"20190614144302.876","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","ReadFile","SUCCESS","","hFile->0x0000008c","nNumberOfBytesToRead->61440"
"20190614144302.876","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","WriteFile","SUCCESS","","hFile->0x00000084","nNumberOfBytesToWrite->61440"
"20190614144302.876","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","ReadFile","SUCCESS","","hFile->0x0000008c","nNumberOfBytesToRead->61440"
"20190614144302.876","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","WriteFile","SUCCESS","","hFile->0x00000084","nNumberOfBytesToWrite->61440"
"20190614144302.876","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","ReadFile","SUCCESS","","hFile->0x0000008c","nNumberOfBytesToRead->61440"
"20190614144302.876","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","WriteFile","SUCCESS","","hFile->0x00000084","nNumberOfBytesToWrite->61440"
"20190614144302.876","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","ReadFile","SUCCESS","","hFile->0x0000008c","nNumberOfBytesToRead->61440"
"20190614144302.876","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","WriteFile","SUCCESS","","hFile->0x00000084","nNumberOfBytesToWrite->61440"
"20190614144302.876","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","ReadFile","SUCCESS","","hFile->0x0000008c","nNumberOfBytesToRead->37220"
"20190614144302.876","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","WriteFile","SUCCESS","","hFile->0x00000084","nNumberOfBytesToWrite->37220"
"20190614144302.896","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","synchronization","OpenMutexW","SUCCESS","0x00000098","dwDesiredAccess->0x00120001","lpName->ShimCacheMutex"
"20190614144302.906","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","registry","RegOpenKeyExW","SUCCESS","0x000000a4","hKey->0x000000a8","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders"
"20190614144302.906","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000a4","lpValueName->Cache"
"20190614144302.906","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","system","LoadLibraryA","SUCCESS","0x77dd0000","lpFileName->advapi32.dll"
"20190614144302.916","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","process","CreateProcessInternalW","SUCCESS","2020","lpApplicationName->(null)","lpCommandLine->C:\WINDOWS\system32\HelpMe.exe"
"20190614144302.916","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","process","WinExec","SUCCESS","","lpCmdLine->C:\WINDOWS\system32\HelpMe.exe"
"20190614144302.916","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","ReadFile","SUCCESS","","hFile->0x0000008c","nNumberOfBytesToRead->268"
"20190614144302.926","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","CreateFileW","FAILURE","","lpFileName->C:\DOCUME~1\JANETT~1\LOCALS~1\Temp\\Command=AutoRun.exe
shellexecute=AutoRun.exe
Bind","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20190614144302.926","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","memory","VirtualAllocEx","SUCCESS","0x00280000","th32ProcessID->2020","szExeFile->HelpMe.exe","lpAddress->0x00000000","dwSize->65536","flAllocationType->0x00002000","flProtect->0x00000004"
"20190614144302.936","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","memory","VirtualAllocEx","SUCCESS","0x00280000","th32ProcessID->2020","szExeFile->HelpMe.exe","lpAddress->0x00280000","dwSize->257","flAllocationType->0x00001000","flProtect->0x00000004"
"20190614144302.986","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","registry","RegOpenKeyExW","SUCCESS","0x00000090","hKey->0x000000ac","lpSubKey->Software\Microsoft\Windows\CurrentVersion\ThemeManager"
"20190614144302.986","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","registry","RegQueryValueExW","FAILURE","","hKey->0x00000090","lpValueName->Compositing"
"20190614144302.986","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","registry","RegOpenKeyExW","SUCCESS","0x00000090","hKey->0x000000ac","lpSubKey->Control Panel\Desktop"
"20190614144302.986","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","registry","RegQueryValueExW","FAILURE","","hKey->0x00000090","lpValueName->LameButtonText"
"20190614144302.986","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","system","LoadLibraryA","SUCCESS","0x5ad70000","lpFileName->uxtheme.dll"
"20190614144307.873","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","process","CreateRemoteThread","SUCCESS","0x000000ac","lpStartAddress->0x00404008","th32ProcessID->2020","szExeFile->HelpMe.exe"
"20190614144307.873","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","process","CreateRemoteThread","SUCCESS","0x000000b0","lpStartAddress->0x00404008","th32ProcessID->2020","szExeFile->HelpMe.exe"
"20190614144307.873","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","registry","RegCreateKeyExW","SUCCESS","0x000000bc","hKey->HKEY_LOCAL_MACHINE","lpSubKey->SoftWare\Microsoft\Windows NT\CurrentVersion\Winlogon"
"20190614144307.873","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","registry","RegSetValueExA","SUCCESS","","hKey->0x000000bc","lpValueName->Shell","dwType->1","lpData->Explorer.exe  HelpMe.exe","cbData->25"
"20190614144307.873","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","registry","RegCreateKeyExW","SUCCESS","0x000000c0","hKey->HKEY_LOCAL_MACHINE","lpSubKey->SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL"
"20190614144307.873","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","registry","RegSetValueExA","SUCCESS","","hKey->0x000000c0","lpValueName->CheckedValue","dwType->4","lpData->0","cbData->4"
"20190614144307.873","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","registry","RegCreateKeyExW","SUCCESS","0x000000c8","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders"
"20190614144307.873","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000c8","lpValueName->Startup"
"20190614144307.873","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","registry","RegCreateKeyExW","SUCCESS","0x000000c8","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders"
"20190614144307.873","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","registry","RegSetValueExW","SUCCESS","","hKey->0x000000c8","lpValueName->Startup","dwType->1","lpData->C:\Documents and Settings\janettedoe\Start Menu\Programs\Startup","cbData->130"
"20190614144307.873","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","system","LoadLibraryA","SUCCESS","0x774e0000","lpFileName->ole32.dll"
"20190614144307.873","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190614144307.873","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","registry","RegOpenKeyExW","SUCCESS","0x000000cc","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190614144307.873","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","registry","RegQueryValueExW","FAILURE","","hKey->0x000000cc","lpValueName->NoNetHood"
"20190614144307.873","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190614144307.873","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","registry","RegOpenKeyExW","SUCCESS","0x000000cc","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190614144307.873","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","registry","RegQueryValueExW","FAILURE","","hKey->0x000000cc","lpValueName->NoPropertiesMyComputer"
"20190614144307.873","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190614144307.873","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","registry","RegOpenKeyExW","SUCCESS","0x000000cc","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190614144307.873","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","registry","RegQueryValueExW","FAILURE","","hKey->0x000000cc","lpValueName->NoInternetIcon"
"20190614144307.873","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","registry","RegOpenKeyExA","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Applications\3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e"
"20190614144307.873","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190614144307.873","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","registry","RegOpenKeyExW","SUCCESS","0x000000cc","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190614144307.873","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","registry","RegQueryValueExW","FAILURE","","hKey->0x000000cc","lpValueName->NoCommonGroups"
"20190614144307.873","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","registry","RegOpenKeyExA","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Objects\{20D04FE0-3AEA-1069-A2D8-08002B30309D}"
"20190614144307.873","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190614144307.873","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","registry","RegOpenKeyExW","SUCCESS","0x000000cc","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190614144307.873","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","registry","RegQueryValueExW","FAILURE","","hKey->0x000000cc","lpValueName->NoControlPanel"
"20190614144307.873","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190614144307.873","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","registry","RegOpenKeyExW","SUCCESS","0x000000cc","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190614144307.873","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","registry","RegQueryValueExW","FAILURE","","hKey->0x000000cc","lpValueName->NoSetFolders"
"20190614144307.873","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","registry","RegOpenKeyExA","SUCCESS","0x000000ce","hKey->HKEY_CLASSES_ROOT","lpSubKey->CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32"
"20190614144307.873","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000ce","lpValueName->(null)"
"20190614144307.873","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","registry","RegOpenKeyExW","SUCCESS","0x000000d4","hKey->HKEY_LOCAL_MACHINE","lpSubKey->System\Setup"
"20190614144307.873","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000d4","lpValueName->SystemSetupInProgress"
"20190614144307.873","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->SYSTEM\CurrentControlSet\Control\MiniNT"
"20190614144307.873","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","registry","RegOpenKeyExW","SUCCESS","0x000000d4","hKey->HKEY_LOCAL_MACHINE","lpSubKey->System\WPA\PnP"
"20190614144307.873","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000d4","lpValueName->seed"
"20190614144307.873","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","registry","RegOpenKeyExW","SUCCESS","0x000000d4","hKey->HKEY_LOCAL_MACHINE","lpSubKey->SYSTEM\Setup"
"20190614144307.873","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000d4","lpValueName->OsLoaderPath"
"20190614144307.873","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000d4","lpValueName->OsLoaderPath"
"20190614144307.873","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","registry","RegOpenKeyExW","SUCCESS","0x000000d4","hKey->HKEY_LOCAL_MACHINE","lpSubKey->SYSTEM\Setup"
"20190614144307.873","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000d4","lpValueName->SystemPartition"
"20190614144307.873","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000d4","lpValueName->SystemPartition"
"20190614144307.873","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","registry","RegOpenKeyExW","SUCCESS","0x000000d4","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Setup"
"20190614144307.873","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000d4","lpValueName->SourcePath"
"20190614144307.873","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000d4","lpValueName->SourcePath"
"20190614144307.873","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","registry","RegOpenKeyExW","SUCCESS","0x000000d4","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Setup"
"20190614144307.873","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000d4","lpValueName->ServicePackSourcePath"
"20190614144307.873","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000d4","lpValueName->ServicePackSourcePath"
"20190614144307.873","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","registry","RegOpenKeyExW","SUCCESS","0x000000d4","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Setup"
"20190614144307.873","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000d4","lpValueName->ServicePackCachePath"
"20190614144307.873","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000d4","lpValueName->ServicePackCachePath"
"20190614144307.873","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","registry","RegOpenKeyExW","SUCCESS","0x000000d4","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Setup"
"20190614144307.873","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000d4","lpValueName->DriverCachePath"
"20190614144307.873","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000d4","lpValueName->DriverCachePath"
"20190614144307.873","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","registry","RegOpenKeyExW","SUCCESS","0x000000d4","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion"
"20190614144307.873","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000d4","lpValueName->DevicePath"
"20190614144307.873","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","synchronization","CreateMutexW","SUCCESS","0x000000d0","lpName->(null)"
"20190614144307.873","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","synchronization","CreateMutexW","SUCCESS","0x000000dc","lpName->(null)"
"20190614144307.873","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","synchronization","CreateMutexW","SUCCESS","0x000000e4","lpName->(null)"
"20190614144307.873","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","registry","RegOpenKeyExW","SUCCESS","0x000000e8","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Setup"
"20190614144307.873","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000e8","lpValueName->LogLevel"
"20190614144307.873","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000e8","lpValueName->LogLevel"
"20190614144307.873","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","registry","RegQueryValueExW","FAILURE","","hKey->0x000000e8","lpValueName->LogPath"
"20190614144307.873","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","registry","RegOpenKeyExW","FAILURE","","hKey->0x000000e8","lpSubKey->AppLogLevels"
"20190614144307.873","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","system","LoadLibraryA","SUCCESS","0x77920000","lpFileName->SETUPAPI.dll"
"20190614144307.873","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Rpc\PagedBuffers"
"20190614144307.873","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","registry","RegOpenKeyExA","SUCCESS","0x000000e8","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Rpc"
"20190614144307.873","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e\RpcThreadPoolThrottle"
"20190614144307.873","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Policies\Microsoft\Windows NT\Rpc"
"20190614144307.873","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","system","LoadLibraryW","SUCCESS","0x77e70000","lpFileName->rpcrt4.dll"
"20190614144307.873","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","CreateFileW","SUCCESS","0x0000010c","lpFileName->\\.\PIPE\lsarpc","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20190614144307.873","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","CreateFileW","SUCCESS","0x000000b8","lpFileName->C:\3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","dwDesiredAccess->GENERIC_READ"
"20190614144307.873","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","ReadFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToRead->65536"
"20190614144307.873","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","WriteFile","SUCCESS","","hFile->0x00000114","nNumberOfBytesToWrite->65536"
"20190614144307.873","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","ReadFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToRead->65536"
"20190614144307.873","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","WriteFile","SUCCESS","","hFile->0x00000114","nNumberOfBytesToWrite->65536"
"20190614144307.873","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","ReadFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToRead->65536"
"20190614144307.873","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","WriteFile","SUCCESS","","hFile->0x00000114","nNumberOfBytesToWrite->65536"
"20190614144307.873","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","ReadFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToRead->65536"
"20190614144307.873","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","WriteFile","SUCCESS","","hFile->0x00000114","nNumberOfBytesToWrite->65536"
"20190614144307.873","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","ReadFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToRead->65536"
"20190614144307.873","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","WriteFile","SUCCESS","","hFile->0x00000114","nNumberOfBytesToWrite->65536"
"20190614144307.873","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","ReadFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToRead->65536"
"20190614144307.873","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","WriteFile","SUCCESS","","hFile->0x00000114","nNumberOfBytesToWrite->65536"
"20190614144307.873","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","ReadFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToRead->65536"
"20190614144307.873","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","WriteFile","SUCCESS","","hFile->0x00000114","nNumberOfBytesToWrite->65536"
"20190614144307.873","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","ReadFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToRead->65536"
"20190614144307.873","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","WriteFile","SUCCESS","","hFile->0x00000114","nNumberOfBytesToWrite->65536"
"20190614144307.873","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","ReadFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToRead->65536"
"20190614144307.873","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","WriteFile","SUCCESS","","hFile->0x00000114","nNumberOfBytesToWrite->65536"
"20190614144307.873","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","ReadFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToRead->65536"
"20190614144307.873","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","WriteFile","SUCCESS","","hFile->0x00000114","nNumberOfBytesToWrite->65536"
"20190614144307.873","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","ReadFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToRead->65536"
"20190614144307.873","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","WriteFile","SUCCESS","","hFile->0x00000114","nNumberOfBytesToWrite->65536"
"20190614144307.873","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","ReadFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToRead->65536"
"20190614144307.873","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","WriteFile","SUCCESS","","hFile->0x00000114","nNumberOfBytesToWrite->65536"
"20190614144307.873","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","ReadFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToRead->65536"
"20190614144307.873","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","WriteFile","SUCCESS","","hFile->0x00000114","nNumberOfBytesToWrite->65536"
"20190614144307.873","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","ReadFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToRead->65536"
"20190614144307.873","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","WriteFile","SUCCESS","","hFile->0x00000114","nNumberOfBytesToWrite->46093"
"20190614144307.873","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","ReadFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToRead->65536"
"20190614144307.873","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","CopyFileExW","SUCCESS","","lpExistingFileName->C:\3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","lpNewFileName->C:\AutoRun.exe"
"20190614144307.884","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","CreateFileW","SUCCESS","0x000000b8","lpFileName->C:\3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","dwDesiredAccess->GENERIC_READ"
"20190614144307.884","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","ReadFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToRead->268"
"20190614144307.884","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","CreateFileW","SUCCESS","0x000000b8","lpFileName->C:\AUTOEXEC.BAT","dwDesiredAccess->GENERIC_READ"
"20190614144307.884","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","ReadFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToRead->268"
"20190614144307.884","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","CreateFileW","SUCCESS","0x000000b8","lpFileName->C:\3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","dwDesiredAccess->GENERIC_READ"
"20190614144307.884","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","CreateFileW","SUCCESS","0x00000118","lpFileName->C:\AUTOEXEC.BAT","dwDesiredAccess->GENERIC_READ"
"20190614144307.884","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","CreateFileW","SUCCESS","0x0000011c","lpFileName->C:\AUTOEXEC.BAT.exe","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20190614144307.884","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","CreateFileW","SUCCESS","0x00000108","lpFileName->\\.\PIPE\lsarpc","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20190614144307.884","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","memory","VirtualAllocEx","SUCCESS","0x00154000","th32ProcessID->2020","szExeFile->HelpMe.exe","lpAddress->0x00154000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20190614144307.884","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","ReadFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToRead->61440"
"20190614144307.884","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","WriteFile","SUCCESS","","hFile->0x0000011c","nNumberOfBytesToWrite->61440"
"20190614144307.884","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","ReadFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToRead->61440"
"20190614144307.884","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","WriteFile","SUCCESS","","hFile->0x0000011c","nNumberOfBytesToWrite->61440"
"20190614144307.884","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","ReadFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToRead->61440"
"20190614144307.884","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","WriteFile","SUCCESS","","hFile->0x0000011c","nNumberOfBytesToWrite->61440"
"20190614144307.884","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","ReadFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToRead->61440"
"20190614144307.884","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","WriteFile","SUCCESS","","hFile->0x0000011c","nNumberOfBytesToWrite->61440"
"20190614144307.884","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","ReadFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToRead->61440"
"20190614144307.884","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","WriteFile","SUCCESS","","hFile->0x0000011c","nNumberOfBytesToWrite->61440"
"20190614144307.884","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","ReadFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToRead->61440"
"20190614144307.884","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","WriteFile","SUCCESS","","hFile->0x0000011c","nNumberOfBytesToWrite->61440"
"20190614144307.884","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","ReadFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToRead->61440"
"20190614144307.884","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","WriteFile","SUCCESS","","hFile->0x0000011c","nNumberOfBytesToWrite->61440"
"20190614144307.884","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","ReadFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToRead->61440"
"20190614144307.884","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","WriteFile","SUCCESS","","hFile->0x0000011c","nNumberOfBytesToWrite->61440"
"20190614144307.884","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","ReadFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToRead->61440"
"20190614144307.884","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","WriteFile","SUCCESS","","hFile->0x0000011c","nNumberOfBytesToWrite->61440"
"20190614144307.884","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","ReadFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToRead->61440"
"20190614144307.884","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","WriteFile","SUCCESS","","hFile->0x0000011c","nNumberOfBytesToWrite->61440"
"20190614144307.884","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","ReadFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToRead->61440"
"20190614144307.884","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","WriteFile","SUCCESS","","hFile->0x0000011c","nNumberOfBytesToWrite->61440"
"20190614144307.884","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","ReadFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToRead->61440"
"20190614144307.884","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","WriteFile","SUCCESS","","hFile->0x0000011c","nNumberOfBytesToWrite->61440"
"20190614144307.884","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","ReadFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToRead->61440"
"20190614144307.884","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","WriteFile","SUCCESS","","hFile->0x0000011c","nNumberOfBytesToWrite->61440"
"20190614144307.884","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","ReadFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToRead->61440"
"20190614144307.884","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","WriteFile","SUCCESS","","hFile->0x0000011c","nNumberOfBytesToWrite->61440"
"20190614144307.884","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","ReadFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToRead->37901"
"20190614144307.884","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","WriteFile","SUCCESS","","hFile->0x0000011c","nNumberOfBytesToWrite->37901"
"20190614144307.884","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","WriteFile","SUCCESS","","hFile->0x0000011c","nNumberOfBytesToWrite->268"
"20190614144307.884","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","WriteFile","SUCCESS","","hFile->0x0000011c","nNumberOfBytesToWrite->268"
"20190614144307.894","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","DeleteFileW","SUCCESS","","lpFileName->C:\AUTOEXEC.BAT"
"20190614144307.894","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","MoveFileWithProgressW","SUCCESS","","lpExistingFileName->C:\AUTOEXEC.BAT.exe","lpNewFileName->C:\AUTOEXEC.BAT"
"20190614144307.894","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","CreateFileW","SUCCESS","0x00000124","lpFileName->C:\AutoRun.exe","dwDesiredAccess->GENERIC_READ"
"20190614144307.894","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","ReadFile","SUCCESS","","hFile->0x00000124","nNumberOfBytesToRead->268"
"20190614144307.894","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","CreateFileW","SUCCESS","0x00000124","lpFileName->C:\AUTORUN.INF","dwDesiredAccess->GENERIC_READ"
"20190614144307.894","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","ReadFile","SUCCESS","","hFile->0x00000124","nNumberOfBytesToRead->268"
"20190614144307.894","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","CreateFileW","SUCCESS","0x00000124","lpFileName->C:\3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","dwDesiredAccess->GENERIC_READ"
"20190614144307.894","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","CreateFileW","SUCCESS","0x0000011c","lpFileName->C:\AUTORUN.INF","dwDesiredAccess->GENERIC_READ"
"20190614144307.894","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","device","DeviceIoControl","SUCCESS","","hDevice->0x00000118","dwIoControlCode->0x004d0008","lpInBuffer->0x00000000","nInBufferSize->0x00000000","lpOutBuffer->0x0120f37c","nOutBufferSize->0x00000208","lpBytesReturned->0x0120f374","lpOverlapped->0x00000000"
"20190614144307.894","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","CreateFileW","SUCCESS","0x00000118","lpFileName->\\.\MountPointManager","dwDesiredAccess->ATTRIBUTES"
"20190614144307.894","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","device","DeviceIoControl","FAILURE","","hDevice->0x00000118","dwIoControlCode->0x006d0008","lpInBuffer->0x0049bc00","nInBufferSize->0x00000046","lpOutBuffer->0x004989b0","nOutBufferSize->0x00000020","lpBytesReturned->0x0120f374","lpOverlapped->0x00000000"
"20190614144307.894","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","CreateFileW","SUCCESS","0x000000b8","lpFileName->C:\AUTORUN.INF.exe","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20190614144307.894","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","memory","VirtualAllocEx","SUCCESS","0x00154000","th32ProcessID->2020","szExeFile->HelpMe.exe","lpAddress->0x00154000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20190614144307.894","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","ReadFile","SUCCESS","","hFile->0x00000124","nNumberOfBytesToRead->61440"
"20190614144307.904","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","device","DeviceIoControl","SUCCESS","","hDevice->0x00000118","dwIoControlCode->0x006d0008","lpInBuffer->0x0049bc00","nInBufferSize->0x00000046","lpOutBuffer->0x00486100","nOutBufferSize->0x000000ee","lpBytesReturned->0x0120f374","lpOverlapped->0x00000000"
"20190614144307.904","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","registry","RegOpenKeyExW","SUCCESS","0x00000118","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume"
"20190614144307.904","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","registry","RegOpenKeyExW","SUCCESS","0x00000120","hKey->0x00000118","lpSubKey->{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20190614144307.904","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000120","lpValueName->Data"
"20190614144307.904","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","registry","RegOpenKeyExW","SUCCESS","0x00000120","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume"
"20190614144307.904","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","registry","RegOpenKeyExW","SUCCESS","0x00000118","hKey->0x00000120","lpSubKey->{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20190614144307.904","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000118","lpValueName->Generation"
"20190614144307.904","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","CreateFileW","SUCCESS","0x00000118","lpFileName->\\.\MountPointManager","dwDesiredAccess->ATTRIBUTES"
"20190614144307.904","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","device","DeviceIoControl","FAILURE","","hDevice->0x00000118","dwIoControlCode->0x006d0034","lpInBuffer->0x0049cb38","nInBufferSize->0x00000208","lpOutBuffer->0x0049a668","nOutBufferSize->0x00000008","lpBytesReturned->0x0120f884","lpOverlapped->0x00000000"
"20190614144307.904","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","device","DeviceIoControl","SUCCESS","","hDevice->0x00000118","dwIoControlCode->0x006d0034","lpInBuffer->0x0049cb38","nInBufferSize->0x00000208","lpOutBuffer->0x00498b88","nOutBufferSize->0x00000010","lpBytesReturned->0x0120f884","lpOverlapped->0x00000000"
"20190614144307.904","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","CreateFileW","SUCCESS","0x00000118","lpFileName->\\.\MountPointManager","dwDesiredAccess->ATTRIBUTES"
"20190614144307.904","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","WriteFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToWrite->61440"
"20190614144307.904","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","ReadFile","SUCCESS","","hFile->0x00000124","nNumberOfBytesToRead->61440"
"20190614144307.904","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","WriteFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToWrite->61440"
"20190614144307.904","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","ReadFile","SUCCESS","","hFile->0x00000124","nNumberOfBytesToRead->61440"
"20190614144307.904","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","WriteFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToWrite->61440"
"20190614144307.904","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","ReadFile","SUCCESS","","hFile->0x00000124","nNumberOfBytesToRead->61440"
"20190614144307.904","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","WriteFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToWrite->61440"
"20190614144307.904","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","ReadFile","SUCCESS","","hFile->0x00000124","nNumberOfBytesToRead->61440"
"20190614144307.904","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","WriteFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToWrite->61440"
"20190614144307.904","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","ReadFile","SUCCESS","","hFile->0x00000124","nNumberOfBytesToRead->61440"
"20190614144307.904","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","WriteFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToWrite->61440"
"20190614144307.904","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","ReadFile","SUCCESS","","hFile->0x00000124","nNumberOfBytesToRead->61440"
"20190614144307.904","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","WriteFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToWrite->61440"
"20190614144307.904","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","ReadFile","SUCCESS","","hFile->0x00000124","nNumberOfBytesToRead->61440"
"20190614144307.904","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","WriteFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToWrite->61440"
"20190614144307.904","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","ReadFile","SUCCESS","","hFile->0x00000124","nNumberOfBytesToRead->61440"
"20190614144307.904","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","WriteFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToWrite->61440"
"20190614144307.904","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","ReadFile","SUCCESS","","hFile->0x00000124","nNumberOfBytesToRead->61440"
"20190614144307.904","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","WriteFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToWrite->61440"
"20190614144307.904","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","ReadFile","SUCCESS","","hFile->0x00000124","nNumberOfBytesToRead->61440"
"20190614144307.904","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","WriteFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToWrite->61440"
"20190614144307.904","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","ReadFile","SUCCESS","","hFile->0x00000124","nNumberOfBytesToRead->61440"
"20190614144307.904","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","WriteFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToWrite->61440"
"20190614144307.904","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","ReadFile","SUCCESS","","hFile->0x00000124","nNumberOfBytesToRead->61440"
"20190614144307.904","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","WriteFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToWrite->61440"
"20190614144307.904","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","ReadFile","SUCCESS","","hFile->0x00000124","nNumberOfBytesToRead->61440"
"20190614144307.904","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","WriteFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToWrite->61440"
"20190614144307.904","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","ReadFile","SUCCESS","","hFile->0x00000124","nNumberOfBytesToRead->37901"
"20190614144307.904","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","WriteFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToWrite->37901"
"20190614144307.904","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","ReadFile","SUCCESS","","hFile->0x0000011c","nNumberOfBytesToRead->145"
"20190614144307.904","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","WriteFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToWrite->145"
"20190614144307.904","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","WriteFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToWrite->268"
"20190614144307.904","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","WriteFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToWrite->268"
"20190614144307.904","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","DeleteFileW","FAILURE","","lpFileName->C:\AUTORUN.INF"
"20190614144307.904","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","MoveFileWithProgressW","FAILURE","","lpExistingFileName->C:\AUTORUN.INF.exe","lpNewFileName->C:\AUTORUN.INF"
"20190614144307.904","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","CreateFileW","SUCCESS","0x000000b8","lpFileName->C:\boot.ini","dwDesiredAccess->GENERIC_READ"
"20190614144307.904","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","ReadFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToRead->268"
"20190614144307.904","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","CreateFileW","SUCCESS","0x000000b8","lpFileName->C:\3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","dwDesiredAccess->GENERIC_READ"
"20190614144307.904","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","CreateFileW","SUCCESS","0x0000011c","lpFileName->C:\boot.ini","dwDesiredAccess->GENERIC_READ"
"20190614144307.904","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","CreateFileW","SUCCESS","0x00000124","lpFileName->C:\boot.ini.exe","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20190614144307.904","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","device","DeviceIoControl","FAILURE","","hDevice->0x00000118","dwIoControlCode->0x006d0034","lpInBuffer->0x0049cb38","nInBufferSize->0x00000208","lpOutBuffer->0x0049a668","nOutBufferSize->0x00000008","lpBytesReturned->0x0120f884","lpOverlapped->0x00000000"
"20190614144307.904","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","device","DeviceIoControl","SUCCESS","","hDevice->0x00000118","dwIoControlCode->0x006d0034","lpInBuffer->0x0049cb38","nInBufferSize->0x00000208","lpOutBuffer->0x0049cd48","nOutBufferSize->0x00000010","lpBytesReturned->0x0120f884","lpOverlapped->0x00000000"
"20190614144307.904","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","registry","RegCreateKeyExW","SUCCESS","0x00000118","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20190614144307.904","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","registry","RegSetValueExW","SUCCESS","","hKey->0x00000118","lpValueName->BaseClass","dwType->1","lpData->Drive","cbData->12"
"20190614144307.904","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","registry","RegOpenKeyExW","SUCCESS","0x00000118","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume"
"20190614144307.904","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","registry","RegOpenKeyExW","SUCCESS","0x00000130","hKey->0x00000118","lpSubKey->{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20190614144307.904","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000130","lpValueName->Generation"
"20190614144307.904","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","system","LoadLibraryA","SUCCESS","0x7c9c0000","lpFileName->SHELL32.dll"
"20190614144307.904","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","system","LoadLibraryA","SUCCESS","0x774e0000","lpFileName->ole32.dll"
"20190614144307.904","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","registry","RegOpenKeyExW","SUCCESS","0x00000132","hKey->HKEY_CLASSES_ROOT","lpSubKey->Directory"
"20190614144307.904","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","registry","RegOpenKeyExW","FAILURE","","hKey->0x00000132","lpSubKey->CurVer"
"20190614144307.904","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","registry","RegOpenKeyExW","SUCCESS","0x0000011a","hKey->0x00000132","lpSubKey->(null)"
"20190614144307.904","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190614144307.904","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","registry","RegOpenKeyExW","SUCCESS","0x00000130","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190614144307.904","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","registry","RegQueryValueExW","FAILURE","","hKey->0x00000130","lpValueName->DontShowSuperHidden"
"20190614144307.904","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","registry","RegOpenKeyExW","SUCCESS","0x00000130","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer"
"20190614144307.904","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","registry","RegOpenKeyExW","SUCCESS","0x00000134","hKey->0x00000130","lpSubKey->(null)"
"20190614144307.904","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000134","lpValueName->ShellState"
"20190614144307.904","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000134","lpValueName->ShellState"
"20190614144307.904","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190614144307.904","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","registry","RegOpenKeyExW","SUCCESS","0x00000134","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190614144307.904","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","registry","RegQueryValueExW","FAILURE","","hKey->0x00000134","lpValueName->ForceActiveDesktopOn"
"20190614144307.904","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190614144307.904","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","registry","RegOpenKeyExW","SUCCESS","0x00000134","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190614144307.904","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","registry","RegQueryValueExW","FAILURE","","hKey->0x00000134","lpValueName->NoActiveDesktop"
"20190614144307.904","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\System"
"20190614144307.904","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","memory","VirtualAllocEx","SUCCESS","0x00154000","th32ProcessID->2020","szExeFile->HelpMe.exe","lpAddress->0x00154000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20190614144307.904","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","ReadFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToRead->61440"
"20190614144307.904","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","WriteFile","SUCCESS","","hFile->0x00000124","nNumberOfBytesToWrite->61440"
"20190614144307.904","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","ReadFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToRead->61440"
"20190614144307.904","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","WriteFile","SUCCESS","","hFile->0x00000124","nNumberOfBytesToWrite->61440"
"20190614144307.904","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","ReadFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToRead->61440"
"20190614144307.904","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","WriteFile","SUCCESS","","hFile->0x00000124","nNumberOfBytesToWrite->61440"
"20190614144307.904","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","ReadFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToRead->61440"
"20190614144307.904","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","WriteFile","SUCCESS","","hFile->0x00000124","nNumberOfBytesToWrite->61440"
"20190614144307.914","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","ReadFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToRead->61440"
"20190614144307.914","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","WriteFile","SUCCESS","","hFile->0x00000124","nNumberOfBytesToWrite->61440"
"20190614144307.914","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","ReadFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToRead->61440"
"20190614144307.914","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","WriteFile","SUCCESS","","hFile->0x00000124","nNumberOfBytesToWrite->61440"
"20190614144307.914","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","ReadFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToRead->61440"
"20190614144307.914","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","WriteFile","SUCCESS","","hFile->0x00000124","nNumberOfBytesToWrite->61440"
"20190614144307.914","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","ReadFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToRead->61440"
"20190614144307.914","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","WriteFile","SUCCESS","","hFile->0x00000124","nNumberOfBytesToWrite->61440"
"20190614144307.914","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","ReadFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToRead->61440"
"20190614144307.914","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","WriteFile","SUCCESS","","hFile->0x00000124","nNumberOfBytesToWrite->61440"
"20190614144307.914","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","ReadFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToRead->61440"
"20190614144307.914","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","WriteFile","SUCCESS","","hFile->0x00000124","nNumberOfBytesToWrite->61440"
"20190614144307.914","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","ReadFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToRead->61440"
"20190614144307.914","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","WriteFile","SUCCESS","","hFile->0x00000124","nNumberOfBytesToWrite->61440"
"20190614144307.914","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","ReadFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToRead->61440"
"20190614144307.914","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","WriteFile","SUCCESS","","hFile->0x00000124","nNumberOfBytesToWrite->61440"
"20190614144307.914","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","ReadFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToRead->61440"
"20190614144307.914","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","WriteFile","SUCCESS","","hFile->0x00000124","nNumberOfBytesToWrite->61440"
"20190614144307.914","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","ReadFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToRead->61440"
"20190614144307.914","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","WriteFile","SUCCESS","","hFile->0x00000124","nNumberOfBytesToWrite->61440"
"20190614144307.914","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","ReadFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToRead->37901"
"20190614144307.914","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","WriteFile","SUCCESS","","hFile->0x00000124","nNumberOfBytesToWrite->37901"
"20190614144307.914","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","ReadFile","SUCCESS","","hFile->0x0000011c","nNumberOfBytesToRead->211"
"20190614144307.914","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","WriteFile","SUCCESS","","hFile->0x00000124","nNumberOfBytesToWrite->211"
"20190614144307.914","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","WriteFile","SUCCESS","","hFile->0x00000124","nNumberOfBytesToWrite->268"
"20190614144307.914","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","WriteFile","SUCCESS","","hFile->0x00000124","nNumberOfBytesToWrite->268"
"20190614144307.914","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190614144307.914","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","registry","RegOpenKeyExW","SUCCESS","0x00000124","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190614144307.914","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","registry","RegQueryValueExW","FAILURE","","hKey->0x00000124","lpValueName->NoWebView"
"20190614144307.914","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190614144307.914","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","registry","RegOpenKeyExW","SUCCESS","0x00000124","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190614144307.914","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","registry","RegQueryValueExW","FAILURE","","hKey->0x00000124","lpValueName->ClassicShell"
"20190614144307.914","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190614144307.914","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","registry","RegOpenKeyExW","SUCCESS","0x00000124","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190614144307.914","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","registry","RegQueryValueExW","FAILURE","","hKey->0x00000124","lpValueName->SeparateProcess"
"20190614144307.914","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190614144307.914","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","registry","RegOpenKeyExW","SUCCESS","0x00000124","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190614144307.914","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","registry","RegQueryValueExW","FAILURE","","hKey->0x00000124","lpValueName->NoNetCrawling"
"20190614144307.914","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190614144307.914","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","registry","RegOpenKeyExW","SUCCESS","0x00000124","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190614144307.914","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","registry","RegQueryValueExW","FAILURE","","hKey->0x00000124","lpValueName->NoSimpleStartMenu"
"20190614144307.914","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","registry","RegOpenKeyExW","SUCCESS","0x00000124","hKey->0x00000130","lpSubKey->Advanced"
"20190614144307.914","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000124","lpValueName->Hidden"
"20190614144307.914","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000124","lpValueName->ShowCompColor"
"20190614144307.914","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000124","lpValueName->HideFileExt"
"20190614144307.914","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000124","lpValueName->DontPrettyPath"
"20190614144307.914","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000124","lpValueName->ShowInfoTip"
"20190614144307.914","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000124","lpValueName->HideIcons"
"20190614144307.914","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000124","lpValueName->MapNetDrvBtn"
"20190614144307.914","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000124","lpValueName->WebView"
"20190614144307.914","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000124","lpValueName->Filter"
"20190614144307.914","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000124","lpValueName->ShowSuperHidden"
"20190614144307.914","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000124","lpValueName->SeparateProcess"
"20190614144307.914","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000124","lpValueName->NoNetCrawling"
"20190614144307.914","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","registry","RegOpenKeyExW","FAILURE","","hKey->0x0000011a","lpSubKey->ShellEx\IconHandler"
"20190614144307.914","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","registry","RegQueryValueExW","FAILURE","","hKey->0x0000011a","lpValueName->DocObject"
"20190614144307.914","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","registry","RegQueryValueExW","FAILURE","","hKey->0x0000011a","lpValueName->BrowseInPlace"
"20190614144307.914","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","registry","RegOpenKeyExW","FAILURE","","hKey->0x0000011a","lpSubKey->Clsid"
"20190614144307.914","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","registry","RegOpenKeyExW","SUCCESS","0x0000011e","hKey->HKEY_CLASSES_ROOT","lpSubKey->Folder"
"20190614144307.914","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","registry","RegOpenKeyExW","FAILURE","","hKey->0x0000011e","lpSubKey->Clsid"
"20190614144307.914","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","registry","RegQueryValueExW","FAILURE","","hKey->0x0000011a","lpValueName->IsShortcut"
"20190614144307.914","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","registry","RegQueryValueExW","SUCCESS","","hKey->0x0000011a","lpValueName->AlwaysShowExt"
"20190614144307.914","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","registry","RegQueryValueExW","FAILURE","","hKey->0x0000011a","lpValueName->NeverShowExt"
"20190614144307.924","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","DeleteFileW","SUCCESS","","lpFileName->C:\boot.ini"
"20190614144307.924","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","MoveFileWithProgressW","SUCCESS","","lpExistingFileName->C:\boot.ini.exe","lpNewFileName->C:\boot.ini"
"20190614144307.924","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","CreateFileW","SUCCESS","0x0000011c","lpFileName->C:\CONFIG.SYS","dwDesiredAccess->GENERIC_READ"
"20190614144307.924","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","ReadFile","SUCCESS","","hFile->0x0000011c","nNumberOfBytesToRead->268"
"20190614144307.924","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","CreateFileW","SUCCESS","0x0000011c","lpFileName->C:\3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","dwDesiredAccess->GENERIC_READ"
"20190614144307.924","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","CreateFileW","SUCCESS","0x00000118","lpFileName->C:\CONFIG.SYS","dwDesiredAccess->GENERIC_READ"
"20190614144307.924","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","CreateFileW","SUCCESS","0x000000b8","lpFileName->C:\CONFIG.SYS.exe","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20190614144307.924","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","memory","VirtualAllocEx","SUCCESS","0x00154000","th32ProcessID->1116","szExeFile->3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","lpAddress->0x00154000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20190614144307.934","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","ReadFile","SUCCESS","","hFile->0x0000011c","nNumberOfBytesToRead->61440"
"20190614144307.934","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","WriteFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToWrite->61440"
"20190614144307.934","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","ReadFile","SUCCESS","","hFile->0x0000011c","nNumberOfBytesToRead->61440"
"20190614144307.934","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","WriteFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToWrite->61440"
"20190614144307.934","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","ReadFile","SUCCESS","","hFile->0x0000011c","nNumberOfBytesToRead->61440"
"20190614144307.934","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","WriteFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToWrite->61440"
"20190614144307.934","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","ReadFile","SUCCESS","","hFile->0x0000011c","nNumberOfBytesToRead->61440"
"20190614144307.934","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","WriteFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToWrite->61440"
"20190614144307.934","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","ReadFile","SUCCESS","","hFile->0x0000011c","nNumberOfBytesToRead->61440"
"20190614144307.934","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","WriteFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToWrite->61440"
"20190614144307.934","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","ReadFile","SUCCESS","","hFile->0x0000011c","nNumberOfBytesToRead->61440"
"20190614144307.934","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","WriteFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToWrite->61440"
"20190614144307.934","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","ReadFile","SUCCESS","","hFile->0x0000011c","nNumberOfBytesToRead->61440"
"20190614144307.934","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","WriteFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToWrite->61440"
"20190614144307.934","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","ReadFile","SUCCESS","","hFile->0x0000011c","nNumberOfBytesToRead->61440"
"20190614144307.934","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","WriteFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToWrite->61440"
"20190614144307.934","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","ReadFile","SUCCESS","","hFile->0x0000011c","nNumberOfBytesToRead->61440"
"20190614144307.934","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","WriteFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToWrite->61440"
"20190614144307.934","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","ReadFile","SUCCESS","","hFile->0x0000011c","nNumberOfBytesToRead->61440"
"20190614144307.934","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","WriteFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToWrite->61440"
"20190614144307.934","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","ReadFile","SUCCESS","","hFile->0x0000011c","nNumberOfBytesToRead->61440"
"20190614144307.934","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","WriteFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToWrite->61440"
"20190614144307.934","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","ReadFile","SUCCESS","","hFile->0x0000011c","nNumberOfBytesToRead->61440"
"20190614144307.934","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","WriteFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToWrite->61440"
"20190614144307.934","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","ReadFile","SUCCESS","","hFile->0x0000011c","nNumberOfBytesToRead->61440"
"20190614144307.934","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","WriteFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToWrite->61440"
"20190614144307.934","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","ReadFile","SUCCESS","","hFile->0x0000011c","nNumberOfBytesToRead->61440"
"20190614144307.934","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","WriteFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToWrite->61440"
"20190614144307.934","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","ReadFile","SUCCESS","","hFile->0x0000011c","nNumberOfBytesToRead->37901"
"20190614144307.934","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","WriteFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToWrite->37901"
"20190614144307.934","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","WriteFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToWrite->268"
"20190614144307.934","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","WriteFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToWrite->268"
"20190614144307.934","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","DeleteFileW","SUCCESS","","lpFileName->C:\CONFIG.SYS"
"20190614144307.934","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190614144307.934","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","registry","RegOpenKeyExW","SUCCESS","0x00000118","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190614144307.934","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","registry","RegQueryValueExW","FAILURE","","hKey->0x00000118","lpValueName->UseDesktopIniCache"
"20190614144307.934","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","MoveFileWithProgressW","SUCCESS","","lpExistingFileName->C:\CONFIG.SYS.exe","lpNewFileName->C:\CONFIG.SYS"
"20190614144307.934","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","CreateFileW","SUCCESS","0x0000011c","lpFileName->C:\cuckoo\additional\.gitignore","dwDesiredAccess->GENERIC_READ"
"20190614144307.934","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","ReadFile","SUCCESS","","hFile->0x0000011c","nNumberOfBytesToRead->268"
"20190614144307.934","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","CreateFileW","SUCCESS","0x0000011c","lpFileName->C:\3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","dwDesiredAccess->GENERIC_READ"
"20190614144307.934","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","CreateFileW","SUCCESS","0x00000120","lpFileName->C:\cuckoo\additional\.gitignore","dwDesiredAccess->GENERIC_READ"
"20190614144307.934","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","CreateFileW","SUCCESS","0x0000013c","lpFileName->C:\cuckoo\additional\.gitignore.exe","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20190614144307.934","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","memory","VirtualAllocEx","SUCCESS","0x00154000","th32ProcessID->1116","szExeFile->3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","lpAddress->0x00154000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20190614144307.934","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","ReadFile","SUCCESS","","hFile->0x0000011c","nNumberOfBytesToRead->61440"
"20190614144307.944","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","WriteFile","SUCCESS","","hFile->0x0000013c","nNumberOfBytesToWrite->61440"
"20190614144307.944","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","ReadFile","SUCCESS","","hFile->0x0000011c","nNumberOfBytesToRead->61440"
"20190614144307.944","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","WriteFile","SUCCESS","","hFile->0x0000013c","nNumberOfBytesToWrite->61440"
"20190614144307.944","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","ReadFile","SUCCESS","","hFile->0x0000011c","nNumberOfBytesToRead->61440"
"20190614144307.944","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","WriteFile","SUCCESS","","hFile->0x0000013c","nNumberOfBytesToWrite->61440"
"20190614144307.944","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","ReadFile","SUCCESS","","hFile->0x0000011c","nNumberOfBytesToRead->61440"
"20190614144307.944","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","WriteFile","SUCCESS","","hFile->0x0000013c","nNumberOfBytesToWrite->61440"
"20190614144307.944","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","ReadFile","SUCCESS","","hFile->0x0000011c","nNumberOfBytesToRead->61440"
"20190614144307.944","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","WriteFile","SUCCESS","","hFile->0x0000013c","nNumberOfBytesToWrite->61440"
"20190614144307.944","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","ReadFile","SUCCESS","","hFile->0x0000011c","nNumberOfBytesToRead->61440"
"20190614144307.944","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","WriteFile","SUCCESS","","hFile->0x0000013c","nNumberOfBytesToWrite->61440"
"20190614144307.944","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","ReadFile","SUCCESS","","hFile->0x0000011c","nNumberOfBytesToRead->61440"
"20190614144307.944","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","WriteFile","SUCCESS","","hFile->0x0000013c","nNumberOfBytesToWrite->61440"
"20190614144307.944","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","ReadFile","SUCCESS","","hFile->0x0000011c","nNumberOfBytesToRead->61440"
"20190614144307.944","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","WriteFile","SUCCESS","","hFile->0x0000013c","nNumberOfBytesToWrite->61440"
"20190614144307.944","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","ReadFile","SUCCESS","","hFile->0x0000011c","nNumberOfBytesToRead->61440"
"20190614144307.944","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","WriteFile","SUCCESS","","hFile->0x0000013c","nNumberOfBytesToWrite->61440"
"20190614144307.944","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","ReadFile","SUCCESS","","hFile->0x0000011c","nNumberOfBytesToRead->61440"
"20190614144307.944","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","WriteFile","SUCCESS","","hFile->0x0000013c","nNumberOfBytesToWrite->61440"
"20190614144307.944","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","ReadFile","SUCCESS","","hFile->0x0000011c","nNumberOfBytesToRead->61440"
"20190614144307.944","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","WriteFile","SUCCESS","","hFile->0x0000013c","nNumberOfBytesToWrite->61440"
"20190614144307.944","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","ReadFile","SUCCESS","","hFile->0x0000011c","nNumberOfBytesToRead->61440"
"20190614144307.944","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","WriteFile","SUCCESS","","hFile->0x0000013c","nNumberOfBytesToWrite->61440"
"20190614144307.944","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","ReadFile","SUCCESS","","hFile->0x0000011c","nNumberOfBytesToRead->61440"
"20190614144307.944","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","WriteFile","SUCCESS","","hFile->0x0000013c","nNumberOfBytesToWrite->61440"
"20190614144307.944","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","ReadFile","SUCCESS","","hFile->0x0000011c","nNumberOfBytesToRead->61440"
"20190614144307.944","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","WriteFile","SUCCESS","","hFile->0x0000013c","nNumberOfBytesToWrite->61440"
"20190614144307.944","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","ReadFile","SUCCESS","","hFile->0x0000011c","nNumberOfBytesToRead->37901"
"20190614144307.944","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","WriteFile","SUCCESS","","hFile->0x0000013c","nNumberOfBytesToWrite->37901"
"20190614144307.944","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","ReadFile","SUCCESS","","hFile->0x00000120","nNumberOfBytesToRead->71"
"20190614144307.944","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","WriteFile","SUCCESS","","hFile->0x0000013c","nNumberOfBytesToWrite->71"
"20190614144307.944","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","WriteFile","SUCCESS","","hFile->0x0000013c","nNumberOfBytesToWrite->268"
"20190614144307.944","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","WriteFile","SUCCESS","","hFile->0x0000013c","nNumberOfBytesToWrite->268"
"20190614144307.944","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","DeleteFileW","SUCCESS","","lpFileName->C:\cuckoo\additional\.gitignore"
"20190614144307.944","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","MoveFileWithProgressW","SUCCESS","","lpExistingFileName->C:\cuckoo\additional\.gitignore.exe","lpNewFileName->C:\cuckoo\additional\.gitignore"
"20190614144307.944","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","CreateFileW","SUCCESS","0x0000013c","lpFileName->C:\cuckoo\dll\cmonitor.dll","dwDesiredAccess->GENERIC_READ"
"20190614144307.944","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","ReadFile","SUCCESS","","hFile->0x0000013c","nNumberOfBytesToRead->268"
"20190614144307.944","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","CreateFileW","SUCCESS","0x0000013c","lpFileName->C:\3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","dwDesiredAccess->GENERIC_READ"
"20190614144307.944","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","CreateFileW","SUCCESS","0x00000120","lpFileName->C:\cuckoo\dll\cmonitor.dll","dwDesiredAccess->GENERIC_READ"
"20190614144307.944","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","CreateFileW","SUCCESS","0x0000011c","lpFileName->C:\cuckoo\dll\cmonitor.dll.exe","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20190614144307.944","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","memory","VirtualAllocEx","SUCCESS","0x00154000","th32ProcessID->1116","szExeFile->3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","lpAddress->0x00154000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20190614144307.954","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","system","LoadLibraryA","SUCCESS","0x77120000","lpFileName->oleaut32.dll"
"20190614144307.954","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","registry","RegOpenKeyExW","SUCCESS","0x0000014c","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\COM3"
"20190614144307.954","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","registry","RegQueryValueExW","SUCCESS","","hKey->0x0000014c","lpValueName->Com+Enabled"
"20190614144307.954","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","ReadFile","SUCCESS","","hFile->0x0000013c","nNumberOfBytesToRead->61440"
"20190614144307.954","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","WriteFile","SUCCESS","","hFile->0x0000011c","nNumberOfBytesToWrite->61440"
"20190614144307.954","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","ReadFile","SUCCESS","","hFile->0x0000013c","nNumberOfBytesToRead->61440"
"20190614144307.954","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","WriteFile","SUCCESS","","hFile->0x0000011c","nNumberOfBytesToWrite->61440"
"20190614144307.954","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","ReadFile","SUCCESS","","hFile->0x0000013c","nNumberOfBytesToRead->61440"
"20190614144307.954","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","WriteFile","SUCCESS","","hFile->0x0000011c","nNumberOfBytesToWrite->61440"
"20190614144307.954","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","ReadFile","SUCCESS","","hFile->0x0000013c","nNumberOfBytesToRead->61440"
"20190614144307.954","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","WriteFile","SUCCESS","","hFile->0x0000011c","nNumberOfBytesToWrite->61440"
"20190614144307.954","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","ReadFile","SUCCESS","","hFile->0x0000013c","nNumberOfBytesToRead->61440"
"20190614144307.954","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","WriteFile","SUCCESS","","hFile->0x0000011c","nNumberOfBytesToWrite->61440"
"20190614144307.954","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","ReadFile","SUCCESS","","hFile->0x0000013c","nNumberOfBytesToRead->61440"
"20190614144307.954","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","WriteFile","SUCCESS","","hFile->0x0000011c","nNumberOfBytesToWrite->61440"
"20190614144307.954","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","ReadFile","SUCCESS","","hFile->0x0000013c","nNumberOfBytesToRead->61440"
"20190614144307.954","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","WriteFile","SUCCESS","","hFile->0x0000011c","nNumberOfBytesToWrite->61440"
"20190614144307.954","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","ReadFile","SUCCESS","","hFile->0x0000013c","nNumberOfBytesToRead->61440"
"20190614144307.954","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","WriteFile","SUCCESS","","hFile->0x0000011c","nNumberOfBytesToWrite->61440"
"20190614144307.954","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","ReadFile","SUCCESS","","hFile->0x0000013c","nNumberOfBytesToRead->61440"
"20190614144307.954","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","WriteFile","SUCCESS","","hFile->0x0000011c","nNumberOfBytesToWrite->61440"
"20190614144307.954","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","ReadFile","SUCCESS","","hFile->0x0000013c","nNumberOfBytesToRead->61440"
"20190614144307.954","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","WriteFile","SUCCESS","","hFile->0x0000011c","nNumberOfBytesToWrite->61440"
"20190614144307.954","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","ReadFile","SUCCESS","","hFile->0x0000013c","nNumberOfBytesToRead->61440"
"20190614144307.954","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","WriteFile","SUCCESS","","hFile->0x0000011c","nNumberOfBytesToWrite->61440"
"20190614144307.954","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","ReadFile","SUCCESS","","hFile->0x0000013c","nNumberOfBytesToRead->61440"
"20190614144307.954","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","WriteFile","SUCCESS","","hFile->0x0000011c","nNumberOfBytesToWrite->61440"
"20190614144307.954","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","ReadFile","SUCCESS","","hFile->0x0000013c","nNumberOfBytesToRead->61440"
"20190614144307.954","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","WriteFile","SUCCESS","","hFile->0x0000011c","nNumberOfBytesToWrite->61440"
"20190614144307.954","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","ReadFile","SUCCESS","","hFile->0x0000013c","nNumberOfBytesToRead->61440"
"20190614144307.954","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","WriteFile","SUCCESS","","hFile->0x0000011c","nNumberOfBytesToWrite->61440"
"20190614144307.954","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","ReadFile","SUCCESS","","hFile->0x0000013c","nNumberOfBytesToRead->37901"
"20190614144307.954","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","WriteFile","SUCCESS","","hFile->0x0000011c","nNumberOfBytesToWrite->37901"
"20190614144307.954","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\COM3\Debug"
"20190614144307.954","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\COM3\Debug"
"20190614144307.954","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","registry","RegOpenKeyExW","SUCCESS","0x0000014c","hKey->HKEY_LOCAL_MACHINE","lpSubKey->SOFTWARE\Microsoft\OLE"
"20190614144307.954","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","registry","RegQueryValueExW","FAILURE","","hKey->0x0000014c","lpValueName->MinimumFreeMemPercentageToCreateProcess"
"20190614144307.954","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","registry","RegQueryValueExW","FAILURE","","hKey->0x0000014c","lpValueName->MinimumFreeMemPercentageToCreateObject"
"20190614144307.954","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","memory","VirtualAllocEx","SUCCESS","0x00164000","th32ProcessID->2020","szExeFile->HelpMe.exe","lpAddress->0x00164000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20190614144307.964","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","system","LoadLibraryA","SUCCESS","0x76fd0000","lpFileName->CLBCATQ.DLL"
"20190614144307.964","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","registry","RegOpenKeyExW","SUCCESS","0x0000014c","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\COM3"
"20190614144307.964","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","registry","RegQueryValueExW","SUCCESS","","hKey->0x0000014c","lpValueName->Com+Enabled"
"20190614144307.964","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","system","LoadLibraryA","SUCCESS","0x76fd0000","lpFileName->CLBCATQ.DLL"
"20190614144307.964","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","registry","RegOpenKeyExW","SUCCESS","0x0000014c","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Classes"
"20190614144307.964","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","registry","RegOpenKeyExW","SUCCESS","0x0000015c","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\COM3"
"20190614144307.964","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","registry","RegOpenKeyExW","SUCCESS","0x0000016c","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Classes"
"20190614144307.964","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","registry","RegOpenKeyExW","SUCCESS","0x0000017c","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\COM3"
"20190614144307.964","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","registry","RegOpenKeyExW","SUCCESS","0x00000184","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\COM3"
"20190614144307.964","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","registry","RegOpenKeyExW","SUCCESS","0x0000018c","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Classes\CLSID"
"20190614144307.964","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","registry","RegOpenKeyExW","SUCCESS","0x00000194","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Classes"
"20190614144307.964","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","registry","RegOpenKeyExW","SUCCESS","0x0000019c","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\COM3"
"20190614144307.964","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","registry","RegOpenKeyExW","SUCCESS","0x000001ac","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\COM3"
"20190614144307.964","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","registry","RegOpenKeyExW","SUCCESS","0x000001b4","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\COM3"
"20190614144307.964","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","registry","RegOpenKeyExW","SUCCESS","0x000001bc","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Classes\CLSID"
"20190614144307.964","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","registry","RegOpenKeyExW","SUCCESS","0x000001c4","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\COM3"
"20190614144307.964","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001c4","lpValueName->REGDBVersion"
"20190614144307.964","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","CreateFileW","SUCCESS","0x000001c4","lpFileName->C:\WINDOWS\Registration\R000000000007.clb","dwDesiredAccess->GENERIC_READ"
"20190614144307.974","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","ReadFile","SUCCESS","","hFile->0x00000120","nNumberOfBytesToRead->61440"
"20190614144307.974","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","WriteFile","SUCCESS","","hFile->0x0000011c","nNumberOfBytesToWrite->61440"
"20190614144307.974","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","ReadFile","SUCCESS","","hFile->0x00000120","nNumberOfBytesToRead->61440"
"20190614144307.974","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","WriteFile","SUCCESS","","hFile->0x0000011c","nNumberOfBytesToWrite->61440"
"20190614144307.974","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","ReadFile","SUCCESS","","hFile->0x00000120","nNumberOfBytesToRead->61440"
"20190614144307.974","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","WriteFile","SUCCESS","","hFile->0x0000011c","nNumberOfBytesToWrite->61440"
"20190614144307.974","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","ReadFile","SUCCESS","","hFile->0x00000120","nNumberOfBytesToRead->12288"
"20190614144307.974","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","WriteFile","SUCCESS","","hFile->0x0000011c","nNumberOfBytesToWrite->12288"
"20190614144307.974","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","WriteFile","SUCCESS","","hFile->0x0000011c","nNumberOfBytesToWrite->268"
"20190614144307.974","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","WriteFile","SUCCESS","","hFile->0x0000011c","nNumberOfBytesToWrite->268"
"20190614144307.974","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","ReadFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToRead->22512"
"20190614144307.974","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","registry","RegOpenKeyExW","SUCCESS","0x000001c4","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\COM3"
"20190614144307.974","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001c4","lpValueName->REGDBVersion"
"20190614144307.974","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","memory","VirtualAllocEx","SUCCESS","0x00300000","th32ProcessID->2020","szExeFile->HelpMe.exe","lpAddress->0x00000000","dwSize->65536","flAllocationType->0x00002000","flProtect->0x00000001"
"20190614144307.974","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","memory","VirtualAllocEx","SUCCESS","0x00300000","th32ProcessID->2020","szExeFile->HelpMe.exe","lpAddress->0x00300000","dwSize->4096","flAllocationType->0x00001000","flProtect->0x00000004"
"20190614144307.974","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","DeleteFileW","SUCCESS","","lpFileName->C:\cuckoo\dll\cmonitor.dll"
"20190614144307.974","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","registry","RegOpenKeyExW","SUCCESS","0x000001ca","hKey->0x00000156","lpSubKey->CLSID\{00021401-0000-0000-C000-000000000046}"
"20190614144307.974","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","registry","RegOpenKeyExW","FAILURE","","hKey->0x000001ca","lpSubKey->TreatAs"
"20190614144307.974","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","registry","RegOpenKeyExW","SUCCESS","0x000001ce","hKey->0x00000156","lpSubKey->(null)"
"20190614144307.974","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","registry","RegOpenKeyExW","SUCCESS","0x000001ca","hKey->0x000001ce","lpSubKey->CLSID\{00021401-0000-0000-C000-000000000046}"
"20190614144307.974","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","registry","RegOpenKeyExW","SUCCESS","0x000001d2","hKey->0x000001ca","lpSubKey->InprocServer32"
"20190614144307.974","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","registry","RegQueryValueExW","FAILURE","","hKey->0x000001d2","lpValueName->InprocServer32"
"20190614144307.974","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","registry","RegOpenKeyExW","FAILURE","","hKey->0x000001ca","lpSubKey->InprocServerX86"
"20190614144307.974","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","registry","RegOpenKeyExW","FAILURE","","hKey->0x000001ca","lpSubKey->LocalServer32"
"20190614144307.974","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","registry","RegOpenKeyExW","SUCCESS","0x000001d2","hKey->0x000001ca","lpSubKey->InprocServer32"
"20190614144307.974","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001d2","lpValueName->(null)"
"20190614144307.974","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","registry","RegOpenKeyExW","FAILURE","","hKey->0x000001ca","lpSubKey->InprocHandler32"
"20190614144307.974","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","registry","RegOpenKeyExW","FAILURE","","hKey->0x000001ca","lpSubKey->InprocHandlerX86"
"20190614144307.974","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","registry","RegOpenKeyExW","FAILURE","","hKey->0x000001ca","lpSubKey->LocalServer32"
"20190614144307.974","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","registry","RegOpenKeyExW","FAILURE","","hKey->0x000001ca","lpSubKey->LocalServer"
"20190614144307.974","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","registry","RegOpenKeyExW","SUCCESS","0x000001d2","hKey->0x000001ce","lpSubKey->CLSID\{00021401-0000-0000-C000-000000000046}"
"20190614144307.974","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","registry","RegQueryValueExW","FAILURE","","hKey->0x000001d2","lpValueName->AppID"
"20190614144307.974","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","registry","RegOpenKeyExW","SUCCESS","0x000001ca","hKey->0x000001ce","lpSubKey->CLSID\{00021401-0000-0000-C000-000000000046}"
"20190614144307.974","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","registry","RegOpenKeyExW","SUCCESS","0x000001ca","hKey->0x000001ce","lpSubKey->CLSID\{00021401-0000-0000-C000-000000000046}"
"20190614144307.974","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","registry","RegOpenKeyExW","SUCCESS","0x000001d2","hKey->0x000001ca","lpSubKey->InprocServer32"
"20190614144307.974","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001d2","lpValueName->ThreadingModel"
"20190614144307.974","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","registry","RegOpenKeyExW","SUCCESS","0x000001ca","hKey->HKEY_CLASSES_ROOT","lpSubKey->CLSID\{00021401-0000-0000-C000-000000000046}"
"20190614144307.974","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","registry","RegOpenKeyExW","FAILURE","","hKey->0x000001ca","lpSubKey->TreatAs"
"20190614144307.974","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","registry","RegOpenKeyExW","SUCCESS","0x000001d0","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume"
"20190614144307.974","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","registry","RegOpenKeyExW","SUCCESS","0x000001d4","hKey->0x000001d0","lpSubKey->{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20190614144307.974","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001d4","lpValueName->Generation"
"20190614144307.974","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","registry","RegOpenKeyExW","SUCCESS","0x000001d6","hKey->HKEY_CLASSES_ROOT","lpSubKey->Drive\shellex\FolderExtensions"
"20190614144307.974","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","registry","RegOpenKeyExW","SUCCESS","0x000001d2","hKey->HKEY_CLASSES_ROOT","lpSubKey->Drive\shellex\FolderExtensions\{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"20190614144307.974","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001d2","lpValueName->DriveMask"
"20190614144307.974","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190614144307.974","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","registry","RegOpenKeyExW","SUCCESS","0x000001d4","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190614144307.974","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","registry","RegQueryValueExW","FAILURE","","hKey->0x000001d4","lpValueName->AllowFileCLSIDJunctions"
"20190614144307.974","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","registry","RegCreateKeyExW","SUCCESS","0x000001d4","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders"
"20190614144307.974","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001d4","lpValueName->Personal"
"20190614144307.974","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","registry","RegCreateKeyExW","SUCCESS","0x000001d4","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders"
"20190614144307.974","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","registry","RegSetValueExW","SUCCESS","","hKey->0x000001d4","lpValueName->Personal","dwType->1","lpData->C:\Documents and Settings\janettedoe\My Documents","cbData->100"
"20190614144307.974","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","registry","RegOpenKeyExW","SUCCESS","0x000001d4","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume"
"20190614144307.974","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","registry","RegOpenKeyExW","SUCCESS","0x000001d0","hKey->0x000001d4","lpSubKey->{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20190614144307.974","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001d0","lpValueName->Generation"
"20190614144307.984","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","MoveFileWithProgressW","SUCCESS","","lpExistingFileName->C:\cuckoo\dll\cmonitor.dll.exe","lpNewFileName->C:\cuckoo\dll\cmonitor.dll"
"20190614144307.984","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","CreateFileW","SUCCESS","0x000001c4","lpFileName->C:\cuckoo\dll\qhFJRm.dll","dwDesiredAccess->GENERIC_READ"
"20190614144307.984","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","ReadFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToRead->268"
"20190614144307.984","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","CreateFileW","SUCCESS","0x000001c4","lpFileName->C:\3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","dwDesiredAccess->GENERIC_READ"
"20190614144307.984","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","CreateFileW","SUCCESS","0x000001d4","lpFileName->C:\cuckoo\dll\qhFJRm.dll","dwDesiredAccess->GENERIC_READ"
"20190614144307.984","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","CreateFileW","SUCCESS","0x000001d8","lpFileName->C:\cuckoo\dll\qhFJRm.dll.exe","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20190614144307.984","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","memory","VirtualAllocEx","SUCCESS","0x00164000","th32ProcessID->2020","szExeFile->HelpMe.exe","lpAddress->0x00164000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20190614144307.984","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","ReadFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToRead->61440"
"20190614144307.984","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","WriteFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToWrite->61440"
"20190614144307.984","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","ReadFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToRead->61440"
"20190614144307.984","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","WriteFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToWrite->61440"
"20190614144307.984","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","ReadFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToRead->61440"
"20190614144307.984","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","WriteFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToWrite->61440"
"20190614144307.984","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","ReadFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToRead->61440"
"20190614144307.984","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","WriteFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToWrite->61440"
"20190614144307.984","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","ReadFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToRead->61440"
"20190614144307.984","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","WriteFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToWrite->61440"
"20190614144307.984","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","ReadFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToRead->61440"
"20190614144307.984","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","WriteFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToWrite->61440"
"20190614144307.984","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","ReadFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToRead->61440"
"20190614144307.984","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","WriteFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToWrite->61440"
"20190614144307.984","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","ReadFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToRead->61440"
"20190614144307.984","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","WriteFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToWrite->61440"
"20190614144307.984","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","ReadFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToRead->61440"
"20190614144307.984","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","WriteFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToWrite->61440"
"20190614144307.984","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","ReadFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToRead->61440"
"20190614144307.984","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","WriteFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToWrite->61440"
"20190614144307.984","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","ReadFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToRead->61440"
"20190614144307.984","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","WriteFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToWrite->61440"
"20190614144307.984","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","ReadFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToRead->61440"
"20190614144307.984","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","WriteFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToWrite->61440"
"20190614144307.984","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","ReadFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToRead->61440"
"20190614144307.984","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","WriteFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToWrite->61440"
"20190614144307.984","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","ReadFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToRead->61440"
"20190614144307.984","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","WriteFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToWrite->61440"
"20190614144307.984","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","ReadFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToRead->37901"
"20190614144307.984","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","WriteFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToWrite->37901"
"20190614144307.984","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","memory","VirtualAllocEx","SUCCESS","0x00164000","th32ProcessID->1116","szExeFile->3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","lpAddress->0x00164000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20190614144307.984","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","registry","RegCreateKeyExW","SUCCESS","0x000001d0","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders"
"20190614144307.984","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001d0","lpValueName->Common Documents"
"20190614144307.984","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","registry","RegCreateKeyExW","SUCCESS","0x000001d0","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders"
"20190614144307.984","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","registry","RegSetValueExW","SUCCESS","","hKey->0x000001d0","lpValueName->Common Documents","dwType->1","lpData->C:\Documents and Settings\All Users\Documents","cbData->92"
"20190614144307.984","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","registry","RegOpenKeyExW","SUCCESS","0x000001d0","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume"
"20190614144307.984","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","registry","RegOpenKeyExW","SUCCESS","0x000001c4","hKey->0x000001d0","lpSubKey->{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20190614144307.984","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001c4","lpValueName->Generation"
"20190614144307.984","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","ReadFile","SUCCESS","","hFile->0x000001d4","nNumberOfBytesToRead->61440"
"20190614144307.984","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","WriteFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToWrite->61440"
"20190614144307.984","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","ReadFile","SUCCESS","","hFile->0x000001d4","nNumberOfBytesToRead->61440"
"20190614144307.984","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","WriteFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToWrite->61440"
"20190614144307.984","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","ReadFile","SUCCESS","","hFile->0x000001d4","nNumberOfBytesToRead->61440"
"20190614144307.984","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","WriteFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToWrite->61440"
"20190614144307.984","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","ReadFile","SUCCESS","","hFile->0x000001d4","nNumberOfBytesToRead->12288"
"20190614144307.984","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","WriteFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToWrite->12288"
"20190614144307.984","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","WriteFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToWrite->268"
"20190614144307.984","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","WriteFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToWrite->268"
"20190614144307.984","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","DeleteFileW","FAILURE","","lpFileName->C:\cuckoo\dll\qhFJRm.dll"
"20190614144307.984","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","MoveFileWithProgressW","FAILURE","","lpExistingFileName->C:\cuckoo\dll\qhFJRm.dll.exe","lpNewFileName->C:\cuckoo\dll\qhFJRm.dll"
"20190614144307.984","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","CreateFileW","SUCCESS","0x000001d8","lpFileName->C:\cuckoo\dll\QoqHOx.dll","dwDesiredAccess->GENERIC_READ"
"20190614144307.994","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","registry","RegCreateKeyExW","SUCCESS","0x000001d4","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders"
"20190614144307.994","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001d4","lpValueName->Desktop"
"20190614144307.994","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","registry","RegCreateKeyExW","SUCCESS","0x000001d4","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders"
"20190614144307.994","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","registry","RegSetValueExW","SUCCESS","","hKey->0x000001d4","lpValueName->Desktop","dwType->1","lpData->C:\Documents and Settings\janettedoe\Desktop","cbData->90"
"20190614144307.994","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","registry","RegOpenKeyExW","SUCCESS","0x000001d4","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume"
"20190614144307.994","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","registry","RegOpenKeyExW","SUCCESS","0x000001c4","hKey->0x000001d4","lpSubKey->{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20190614144307.994","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001c4","lpValueName->Generation"
"20190614144307.994","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","registry","RegCreateKeyExW","SUCCESS","0x000001c4","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders"
"20190614144307.994","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001c4","lpValueName->Common Desktop"
"20190614144307.994","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","registry","RegCreateKeyExW","SUCCESS","0x000001c4","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders"
"20190614144307.994","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","registry","RegSetValueExW","SUCCESS","","hKey->0x000001c4","lpValueName->Common Desktop","dwType->1","lpData->C:\Documents and Settings\All Users\Desktop","cbData->88"
"20190614144307.994","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","registry","RegOpenKeyExW","SUCCESS","0x000001c4","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume"
"20190614144307.994","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","registry","RegOpenKeyExW","SUCCESS","0x000001d4","hKey->0x000001c4","lpSubKey->{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20190614144307.994","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001d4","lpValueName->Generation"
"20190614144307.994","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","registry","RegOpenKeyExW","SUCCESS","0x000001d4","hKey->0x00000130","lpSubKey->FileExts"
"20190614144307.994","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","registry","RegOpenKeyExW","FAILURE","","hKey->0x000001d4","lpSubKey->."
"20190614144307.994","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","registry","RegOpenKeyExW","FAILURE","","hKey->0x000001d4","lpSubKey->."
"20190614144307.994","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","ReadFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToRead->268"
"20190614144307.994","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","CreateFileW","SUCCESS","0x000001d8","lpFileName->C:\3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","dwDesiredAccess->GENERIC_READ"
"20190614144307.994","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","CreateFileW","SUCCESS","0x000001c4","lpFileName->C:\cuckoo\dll\QoqHOx.dll","dwDesiredAccess->GENERIC_READ"
"20190614144307.994","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","CreateFileW","SUCCESS","0x000001d0","lpFileName->C:\cuckoo\dll\QoqHOx.dll.exe","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20190614144308.004","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","memory","VirtualAllocEx","SUCCESS","0x00164000","th32ProcessID->2020","szExeFile->HelpMe.exe","lpAddress->0x00164000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20190614144308.004","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","ReadFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToRead->61440"
"20190614144308.004","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","WriteFile","SUCCESS","","hFile->0x000001d0","nNumberOfBytesToWrite->61440"
"20190614144308.004","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","ReadFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToRead->61440"
"20190614144308.004","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","WriteFile","SUCCESS","","hFile->0x000001d0","nNumberOfBytesToWrite->61440"
"20190614144308.004","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","ReadFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToRead->61440"
"20190614144308.004","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","WriteFile","SUCCESS","","hFile->0x000001d0","nNumberOfBytesToWrite->61440"
"20190614144308.004","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","ReadFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToRead->61440"
"20190614144308.004","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","WriteFile","SUCCESS","","hFile->0x000001d0","nNumberOfBytesToWrite->61440"
"20190614144308.004","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","ReadFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToRead->61440"
"20190614144308.004","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","WriteFile","SUCCESS","","hFile->0x000001d0","nNumberOfBytesToWrite->61440"
"20190614144308.004","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","ReadFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToRead->61440"
"20190614144308.004","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","WriteFile","SUCCESS","","hFile->0x000001d0","nNumberOfBytesToWrite->61440"
"20190614144308.004","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","ReadFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToRead->61440"
"20190614144308.004","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","WriteFile","SUCCESS","","hFile->0x000001d0","nNumberOfBytesToWrite->61440"
"20190614144308.004","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","ReadFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToRead->61440"
"20190614144308.004","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","WriteFile","SUCCESS","","hFile->0x000001d0","nNumberOfBytesToWrite->61440"
"20190614144308.004","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","ReadFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToRead->61440"
"20190614144308.004","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","WriteFile","SUCCESS","","hFile->0x000001d0","nNumberOfBytesToWrite->61440"
"20190614144308.004","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","ReadFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToRead->61440"
"20190614144308.004","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","WriteFile","SUCCESS","","hFile->0x000001d0","nNumberOfBytesToWrite->61440"
"20190614144308.004","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","ReadFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToRead->61440"
"20190614144308.004","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","WriteFile","SUCCESS","","hFile->0x000001d0","nNumberOfBytesToWrite->61440"
"20190614144308.004","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","ReadFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToRead->61440"
"20190614144308.004","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","WriteFile","SUCCESS","","hFile->0x000001d0","nNumberOfBytesToWrite->61440"
"20190614144308.004","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","ReadFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToRead->61440"
"20190614144308.004","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","WriteFile","SUCCESS","","hFile->0x000001d0","nNumberOfBytesToWrite->61440"
"20190614144308.004","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","ReadFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToRead->61440"
"20190614144308.014","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","WriteFile","SUCCESS","","hFile->0x000001d0","nNumberOfBytesToWrite->61440"
"20190614144308.014","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","ReadFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToRead->37901"
"20190614144308.014","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","WriteFile","SUCCESS","","hFile->0x000001d0","nNumberOfBytesToWrite->37901"
"20190614144308.014","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","memory","VirtualAllocEx","SUCCESS","0x00164000","th32ProcessID->1116","szExeFile->3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","lpAddress->0x00164000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20190614144308.024","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","ReadFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToRead->61440"
"20190614144308.024","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","WriteFile","SUCCESS","","hFile->0x000001d0","nNumberOfBytesToWrite->61440"
"20190614144308.024","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","ReadFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToRead->61440"
"20190614144308.024","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","WriteFile","SUCCESS","","hFile->0x000001d0","nNumberOfBytesToWrite->61440"
"20190614144308.034","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","ReadFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToRead->61440"
"20190614144308.034","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","WriteFile","SUCCESS","","hFile->0x000001d0","nNumberOfBytesToWrite->61440"
"20190614144308.034","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","ReadFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToRead->12288"
"20190614144308.034","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","WriteFile","SUCCESS","","hFile->0x000001d0","nNumberOfBytesToWrite->12288"
"20190614144308.034","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","WriteFile","SUCCESS","","hFile->0x000001d0","nNumberOfBytesToWrite->268"
"20190614144308.034","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","WriteFile","SUCCESS","","hFile->0x000001d0","nNumberOfBytesToWrite->268"
"20190614144308.034","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","DeleteFileW","FAILURE","","lpFileName->C:\cuckoo\dll\QoqHOx.dll"
"20190614144308.034","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","MoveFileWithProgressW","FAILURE","","lpExistingFileName->C:\cuckoo\dll\QoqHOx.dll.exe","lpNewFileName->C:\cuckoo\dll\QoqHOx.dll"
"20190614144308.054","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","CreateFileW","SUCCESS","0x000001d0","lpFileName->C:\cuckoo\files\.gitignore","dwDesiredAccess->GENERIC_READ"
"20190614144308.054","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","ReadFile","SUCCESS","","hFile->0x000001d0","nNumberOfBytesToRead->268"
"20190614144308.054","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","CreateFileW","SUCCESS","0x000001d0","lpFileName->C:\3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","dwDesiredAccess->GENERIC_READ"
"20190614144308.054","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","CreateFileW","SUCCESS","0x000001c4","lpFileName->C:\cuckoo\files\.gitignore","dwDesiredAccess->GENERIC_READ"
"20190614144308.074","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","CreateFileW","SUCCESS","0x000001d8","lpFileName->C:\cuckoo\files\.gitignore.exe","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20190614144308.074","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","memory","VirtualAllocEx","SUCCESS","0x00164000","th32ProcessID->2020","szExeFile->HelpMe.exe","lpAddress->0x00164000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20190614144308.074","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","ReadFile","SUCCESS","","hFile->0x000001d0","nNumberOfBytesToRead->61440"
"20190614144308.074","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","WriteFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToWrite->61440"
"20190614144308.074","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","ReadFile","SUCCESS","","hFile->0x000001d0","nNumberOfBytesToRead->61440"
"20190614144308.074","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","WriteFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToWrite->61440"
"20190614144308.074","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","ReadFile","SUCCESS","","hFile->0x000001d0","nNumberOfBytesToRead->61440"
"20190614144308.074","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","WriteFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToWrite->61440"
"20190614144308.074","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","ReadFile","SUCCESS","","hFile->0x000001d0","nNumberOfBytesToRead->61440"
"20190614144308.074","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","WriteFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToWrite->61440"
"20190614144308.074","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","ReadFile","SUCCESS","","hFile->0x000001d0","nNumberOfBytesToRead->61440"
"20190614144308.074","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","WriteFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToWrite->61440"
"20190614144308.074","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","ReadFile","SUCCESS","","hFile->0x000001d0","nNumberOfBytesToRead->61440"
"20190614144308.074","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","WriteFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToWrite->61440"
"20190614144308.074","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","ReadFile","SUCCESS","","hFile->0x000001d0","nNumberOfBytesToRead->61440"
"20190614144308.074","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","WriteFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToWrite->61440"
"20190614144308.074","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","ReadFile","SUCCESS","","hFile->0x000001d0","nNumberOfBytesToRead->61440"
"20190614144308.074","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","WriteFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToWrite->61440"
"20190614144308.074","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","ReadFile","SUCCESS","","hFile->0x000001d0","nNumberOfBytesToRead->61440"
"20190614144308.074","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","WriteFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToWrite->61440"
"20190614144308.074","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","ReadFile","SUCCESS","","hFile->0x000001d0","nNumberOfBytesToRead->61440"
"20190614144308.084","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_CLASSES_ROOT","lpSubKey->."
"20190614144308.084","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","WriteFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToWrite->61440"
"20190614144308.084","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","ReadFile","SUCCESS","","hFile->0x000001d0","nNumberOfBytesToRead->61440"
"20190614144308.084","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","WriteFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToWrite->61440"
"20190614144308.084","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","ReadFile","SUCCESS","","hFile->0x000001d0","nNumberOfBytesToRead->61440"
"20190614144308.084","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","WriteFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToWrite->61440"
"20190614144308.084","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","ReadFile","SUCCESS","","hFile->0x000001d0","nNumberOfBytesToRead->61440"
"20190614144308.084","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","WriteFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToWrite->61440"
"20190614144308.084","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","ReadFile","SUCCESS","","hFile->0x000001d0","nNumberOfBytesToRead->61440"
"20190614144308.084","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","WriteFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToWrite->61440"
"20190614144308.084","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","ReadFile","SUCCESS","","hFile->0x000001d0","nNumberOfBytesToRead->37901"
"20190614144308.084","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","WriteFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToWrite->37901"
"20190614144308.084","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","ReadFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToRead->71"
"20190614144308.084","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","WriteFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToWrite->71"
"20190614144308.084","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","WriteFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToWrite->268"
"20190614144308.084","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","WriteFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToWrite->268"
"20190614144308.084","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","DeleteFileW","SUCCESS","","lpFileName->C:\cuckoo\files\.gitignore"
"20190614144308.084","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","MoveFileWithProgressW","SUCCESS","","lpExistingFileName->C:\cuckoo\files\.gitignore.exe","lpNewFileName->C:\cuckoo\files\.gitignore"
"20190614144308.084","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","CreateFileW","SUCCESS","0x000001d8","lpFileName->C:\cuckoo\logs\.gitignore","dwDesiredAccess->GENERIC_READ"
"20190614144308.084","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","ReadFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToRead->268"
"20190614144308.084","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","CreateFileW","SUCCESS","0x000001d8","lpFileName->C:\3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","dwDesiredAccess->GENERIC_READ"
"20190614144308.084","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","CreateFileW","SUCCESS","0x000001c4","lpFileName->C:\cuckoo\logs\.gitignore","dwDesiredAccess->GENERIC_READ"
"20190614144308.084","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","CreateFileW","SUCCESS","0x000001d0","lpFileName->C:\cuckoo\logs\.gitignore.exe","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20190614144308.084","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","memory","VirtualAllocEx","SUCCESS","0x00164000","th32ProcessID->2020","szExeFile->HelpMe.exe","lpAddress->0x00164000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20190614144308.084","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","ReadFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToRead->61440"
"20190614144308.084","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","WriteFile","SUCCESS","","hFile->0x000001d0","nNumberOfBytesToWrite->61440"
"20190614144308.084","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","ReadFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToRead->61440"
"20190614144308.084","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","WriteFile","SUCCESS","","hFile->0x000001d0","nNumberOfBytesToWrite->61440"
"20190614144308.084","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","ReadFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToRead->61440"
"20190614144308.084","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","WriteFile","SUCCESS","","hFile->0x000001d0","nNumberOfBytesToWrite->61440"
"20190614144308.084","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","ReadFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToRead->61440"
"20190614144308.084","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","WriteFile","SUCCESS","","hFile->0x000001d0","nNumberOfBytesToWrite->61440"
"20190614144308.084","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","ReadFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToRead->61440"
"20190614144308.084","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","WriteFile","SUCCESS","","hFile->0x000001d0","nNumberOfBytesToWrite->61440"
"20190614144308.084","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","ReadFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToRead->61440"
"20190614144308.084","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","WriteFile","SUCCESS","","hFile->0x000001d0","nNumberOfBytesToWrite->61440"
"20190614144308.084","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","ReadFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToRead->61440"
"20190614144308.084","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","WriteFile","SUCCESS","","hFile->0x000001d0","nNumberOfBytesToWrite->61440"
"20190614144308.084","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","ReadFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToRead->61440"
"20190614144308.084","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","WriteFile","SUCCESS","","hFile->0x000001d0","nNumberOfBytesToWrite->61440"
"20190614144308.084","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","ReadFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToRead->61440"
"20190614144308.084","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","WriteFile","SUCCESS","","hFile->0x000001d0","nNumberOfBytesToWrite->61440"
"20190614144308.084","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","ReadFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToRead->61440"
"20190614144308.084","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","WriteFile","SUCCESS","","hFile->0x000001d0","nNumberOfBytesToWrite->61440"
"20190614144308.084","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","ReadFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToRead->61440"
"20190614144308.084","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","WriteFile","SUCCESS","","hFile->0x000001d0","nNumberOfBytesToWrite->61440"
"20190614144308.084","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","ReadFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToRead->61440"
"20190614144308.084","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","WriteFile","SUCCESS","","hFile->0x000001d0","nNumberOfBytesToWrite->61440"
"20190614144308.084","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","ReadFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToRead->61440"
"20190614144308.084","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","WriteFile","SUCCESS","","hFile->0x000001d0","nNumberOfBytesToWrite->61440"
"20190614144308.084","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","ReadFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToRead->61440"
"20190614144308.084","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","WriteFile","SUCCESS","","hFile->0x000001d0","nNumberOfBytesToWrite->61440"
"20190614144308.084","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","ReadFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToRead->37901"
"20190614144308.084","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","WriteFile","SUCCESS","","hFile->0x000001d0","nNumberOfBytesToWrite->37901"
"20190614144308.084","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","ReadFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToRead->71"
"20190614144308.084","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","WriteFile","SUCCESS","","hFile->0x000001d0","nNumberOfBytesToWrite->71"
"20190614144308.084","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","WriteFile","SUCCESS","","hFile->0x000001d0","nNumberOfBytesToWrite->268"
"20190614144308.084","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","WriteFile","SUCCESS","","hFile->0x000001d0","nNumberOfBytesToWrite->268"
"20190614144308.084","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","DeleteFileW","SUCCESS","","lpFileName->C:\cuckoo\logs\.gitignore"
"20190614144308.084","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","MoveFileWithProgressW","SUCCESS","","lpExistingFileName->C:\cuckoo\logs\.gitignore.exe","lpNewFileName->C:\cuckoo\logs\.gitignore"
"20190614144308.084","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","CreateFileW","SUCCESS","0x000001d0","lpFileName->C:\cuckoo\logs\1116.csv","dwDesiredAccess->GENERIC_READ"
"20190614144308.084","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","ReadFile","SUCCESS","","hFile->0x000001d0","nNumberOfBytesToRead->268"
"20190614144308.084","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","CreateFileW","SUCCESS","0x000001d0","lpFileName->C:\3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","dwDesiredAccess->GENERIC_READ"
"20190614144308.084","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","CreateFileW","SUCCESS","0x000001c4","lpFileName->C:\cuckoo\logs\1116.csv","dwDesiredAccess->GENERIC_READ"
"20190614144308.084","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_CLASSES_ROOT","lpSubKey->SystemFileAssociations\."
"20190614144308.084","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_CLASSES_ROOT","lpSubKey->."
"20190614144308.084","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","CreateFileW","SUCCESS","0x000001ec","lpFileName->C:\cuckoo\logs\1116.csv.exe","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20190614144308.084","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","registry","RegOpenKeyExW","SUCCESS","0x000001da","hKey->0x00000062","lpSubKey->Network\SharingHandler"
"20190614144308.094","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001da","lpValueName->(null)"
"20190614144308.094","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","registry","RegOpenKeyExW","SUCCESS","0x000001d8","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows NT\CurrentVersion\winlogon"
"20190614144308.094","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","registry","RegQueryValueExW","FAILURE","","hKey->0x000001d8","lpValueName->UserEnvDebugLevel"
"20190614144308.094","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","registry","RegOpenKeyExW","SUCCESS","0x000001d8","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows NT\CurrentVersion\winlogon"
"20190614144308.094","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","registry","RegQueryValueExW","FAILURE","","hKey->0x000001d8","lpValueName->ChkAccDebugLevel"
"20190614144308.094","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","registry","RegOpenKeyExW","SUCCESS","0x000001d8","hKey->HKEY_LOCAL_MACHINE","lpSubKey->System\CurrentControlSet\Control\ProductOptions"
"20190614144308.094","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001d8","lpValueName->ProductType"
"20190614144308.094","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","registry","RegOpenKeyExW","SUCCESS","0x000001fc","hKey->0x000001f8","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders"
"20190614144308.094","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001fc","lpValueName->Personal"
"20190614144308.094","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001fc","lpValueName->Local Settings"
"20190614144308.094","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","registry","RegOpenKeyExW","SUCCESS","0x000001f8","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows NT\CurrentVersion\winlogon"
"20190614144308.094","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","registry","RegQueryValueExW","FAILURE","","hKey->0x000001f8","lpValueName->RsopDebugLevel"
"20190614144308.094","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","registry","RegOpenKeyExW","SUCCESS","0x000001f8","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows NT\CurrentVersion\winlogon"
"20190614144308.094","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","registry","RegQueryValueExW","FAILURE","","hKey->0x000001f8","lpValueName->UserEnvDebugLevel"
"20190614144308.094","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","registry","RegQueryValueExW","FAILURE","","hKey->0x000001f8","lpValueName->RsopLogging"
"20190614144308.094","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Policies\Microsoft\Windows\System"
"20190614144308.094","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","registry","RegOpenKeyExW","SUCCESS","0x000001f8","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows NT\CurrentVersion\winlogon"
"20190614144308.094","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","registry","RegQueryValueExW","FAILURE","","hKey->0x000001f8","lpValueName->UserEnvDebugLevel"
"20190614144308.094","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Policies\Microsoft\Windows\System"
"20190614144308.104","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","system","LoadLibraryW","SUCCESS","0x773d0000","lpFileName->comctl32.dll"
"20190614144308.104","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","system","LoadLibraryW","SUCCESS","0x76990000","lpFileName->ntshrui.dll"
"20190614144308.084","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","memory","VirtualAllocEx","SUCCESS","0x00164000","th32ProcessID->2020","szExeFile->HelpMe.exe","lpAddress->0x00164000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20190614144308.104","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","ReadFile","SUCCESS","","hFile->0x000001d0","nNumberOfBytesToRead->61440"
"20190614144308.104","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","WriteFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToWrite->61440"
"20190614144308.104","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","ReadFile","SUCCESS","","hFile->0x000001d0","nNumberOfBytesToRead->61440"
"20190614144308.104","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","WriteFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToWrite->61440"
"20190614144308.104","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","ReadFile","SUCCESS","","hFile->0x000001d0","nNumberOfBytesToRead->61440"
"20190614144308.104","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","WriteFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToWrite->61440"
"20190614144308.104","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","ReadFile","SUCCESS","","hFile->0x000001d0","nNumberOfBytesToRead->61440"
"20190614144308.104","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","WriteFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToWrite->61440"
"20190614144308.104","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","ReadFile","SUCCESS","","hFile->0x000001d0","nNumberOfBytesToRead->61440"
"20190614144308.104","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","WriteFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToWrite->61440"
"20190614144308.104","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","ReadFile","SUCCESS","","hFile->0x000001d0","nNumberOfBytesToRead->61440"
"20190614144308.104","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","WriteFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToWrite->61440"
"20190614144308.104","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","ReadFile","SUCCESS","","hFile->0x000001d0","nNumberOfBytesToRead->61440"
"20190614144308.104","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","WriteFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToWrite->61440"
"20190614144308.104","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","ReadFile","SUCCESS","","hFile->0x000001d0","nNumberOfBytesToRead->61440"
"20190614144308.104","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","WriteFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToWrite->61440"
"20190614144308.104","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","ReadFile","SUCCESS","","hFile->0x000001d0","nNumberOfBytesToRead->61440"
"20190614144308.104","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","WriteFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToWrite->61440"
"20190614144308.104","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","ReadFile","SUCCESS","","hFile->0x000001d0","nNumberOfBytesToRead->61440"
"20190614144308.104","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","WriteFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToWrite->61440"
"20190614144308.104","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","ReadFile","SUCCESS","","hFile->0x000001d0","nNumberOfBytesToRead->61440"
"20190614144308.104","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","WriteFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToWrite->61440"
"20190614144308.104","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","ReadFile","SUCCESS","","hFile->0x000001d0","nNumberOfBytesToRead->61440"
"20190614144308.104","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","WriteFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToWrite->61440"
"20190614144308.104","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","ReadFile","SUCCESS","","hFile->0x000001d0","nNumberOfBytesToRead->61440"
"20190614144308.104","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","WriteFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToWrite->61440"
"20190614144308.104","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","ReadFile","SUCCESS","","hFile->0x000001d0","nNumberOfBytesToRead->61440"
"20190614144308.104","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","WriteFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToWrite->61440"
"20190614144308.104","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","ReadFile","SUCCESS","","hFile->0x000001d0","nNumberOfBytesToRead->37901"
"20190614144308.104","1116","3af0ce13fcadc3db25f739e09fa1035475fbf425fbc98e5336d1822cdd3fcf2e","584","filesystem","WriteFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToWrite->37901"
1116.csv
"20190615131449.994","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegOpenKeyExA","FAILURE","","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Borland\Locales"
"20190615131449.994","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegOpenKeyExA","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Borland\Locales"
"20190615131449.994","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegOpenKeyExA","FAILURE","","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Borland\Delphi\Locales"
"20190615131450.004","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","memory","VirtualAllocEx","SUCCESS","0x00150000","th32ProcessID->1252","szExeFile->44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","lpAddress->0x00000000","dwSize->1048576","flAllocationType->0x00002000","flProtect->0x00000001"
"20190615131450.004","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","memory","VirtualAllocEx","SUCCESS","0x00150000","th32ProcessID->1252","szExeFile->44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","lpAddress->0x00150000","dwSize->16384","flAllocationType->0x00001000","flProtect->0x00000004"
"20190615131450.024","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","memory","VirtualAllocEx","SUCCESS","0x00250000","th32ProcessID->1252","szExeFile->44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","lpAddress->0x00000000","dwSize->4096","flAllocationType->0x00001000","flProtect->0x00000040"
"20190615131450.034","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","device","DeviceIoControl","SUCCESS","","hDevice->0x00000034","dwIoControlCode->0x00390008","lpInBuffer->0x77e46318","nInBufferSize->0x00000100","lpOutBuffer->0x0012fc34","nOutBufferSize->0x00000100","lpBytesReturned->0x0012fc2c","lpOverlapped->0x00000000"
"20190615131450.034","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","device","DeviceIoControl","SUCCESS","","hDevice->0x00000034","dwIoControlCode->0x00390008","lpInBuffer->0x77e46318","nInBufferSize->0x00000100","lpOutBuffer->0x0012fc34","nOutBufferSize->0x00000100","lpBytesReturned->0x0012fc2c","lpOverlapped->0x00000000"
"20190615131450.034","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","device","DeviceIoControl","SUCCESS","","hDevice->0x00000034","dwIoControlCode->0x00390008","lpInBuffer->0x77e46318","nInBufferSize->0x00000100","lpOutBuffer->0x0012fc34","nOutBufferSize->0x00000100","lpBytesReturned->0x0012fc2c","lpOverlapped->0x00000000"
"20190615131450.034","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","device","DeviceIoControl","SUCCESS","","hDevice->0x00000034","dwIoControlCode->0x00390008","lpInBuffer->0x77e46318","nInBufferSize->0x00000100","lpOutBuffer->0x0012fc34","nOutBufferSize->0x00000100","lpBytesReturned->0x0012fc2c","lpOverlapped->0x00000000"
"20190615131450.034","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","device","DeviceIoControl","SUCCESS","","hDevice->0x00000034","dwIoControlCode->0x00390008","lpInBuffer->0x77e46318","nInBufferSize->0x00000100","lpOutBuffer->0x0012fc34","nOutBufferSize->0x00000100","lpBytesReturned->0x0012fc2c","lpOverlapped->0x00000000"
"20190615131450.034","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","device","DeviceIoControl","SUCCESS","","hDevice->0x00000034","dwIoControlCode->0x00390008","lpInBuffer->0x77e46318","nInBufferSize->0x00000100","lpOutBuffer->0x0012fc34","nOutBufferSize->0x00000100","lpBytesReturned->0x0012fc2c","lpOverlapped->0x00000000"
"20190615131450.034","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","device","DeviceIoControl","SUCCESS","","hDevice->0x00000034","dwIoControlCode->0x00390008","lpInBuffer->0x77e46318","nInBufferSize->0x00000100","lpOutBuffer->0x0012fc34","nOutBufferSize->0x00000100","lpBytesReturned->0x0012fc2c","lpOverlapped->0x00000000"
"20190615131450.034","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","CreateFileW","SUCCESS","0x0000008c","lpFileName->C:\44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","dwDesiredAccess->GENERIC_READ"
"20190615131450.034","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x0000008c","nNumberOfBytesToRead->268"
"20190615131450.034","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","CreateFileW","SUCCESS","0x00000084","lpFileName->C:\WINDOWS\system32\HelpMe.exe","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20190615131450.034","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","memory","VirtualAllocEx","SUCCESS","0x00154000","th32ProcessID->1252","szExeFile->44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","lpAddress->0x00154000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20190615131450.044","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x0000008c","nNumberOfBytesToRead->61440"
"20190615131450.044","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x00000084","nNumberOfBytesToWrite->61440"
"20190615131450.044","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x0000008c","nNumberOfBytesToRead->61440"
"20190615131450.044","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x00000084","nNumberOfBytesToWrite->61440"
"20190615131450.044","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x0000008c","nNumberOfBytesToRead->61440"
"20190615131450.044","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x00000084","nNumberOfBytesToWrite->61440"
"20190615131450.044","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x0000008c","nNumberOfBytesToRead->61440"
"20190615131450.044","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x00000084","nNumberOfBytesToWrite->61440"
"20190615131450.044","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x0000008c","nNumberOfBytesToRead->61440"
"20190615131450.044","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x00000084","nNumberOfBytesToWrite->61440"
"20190615131450.044","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x0000008c","nNumberOfBytesToRead->61440"
"20190615131450.044","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x00000084","nNumberOfBytesToWrite->61440"
"20190615131450.044","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x0000008c","nNumberOfBytesToRead->61440"
"20190615131450.044","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x00000084","nNumberOfBytesToWrite->61440"
"20190615131450.044","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x0000008c","nNumberOfBytesToRead->61440"
"20190615131450.044","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x00000084","nNumberOfBytesToWrite->61440"
"20190615131450.044","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x0000008c","nNumberOfBytesToRead->61440"
"20190615131450.044","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x00000084","nNumberOfBytesToWrite->61440"
"20190615131450.044","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x0000008c","nNumberOfBytesToRead->61440"
"20190615131450.044","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x00000084","nNumberOfBytesToWrite->61440"
"20190615131450.044","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x0000008c","nNumberOfBytesToRead->61440"
"20190615131450.044","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x00000084","nNumberOfBytesToWrite->61440"
"20190615131450.044","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x0000008c","nNumberOfBytesToRead->61440"
"20190615131450.044","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x00000084","nNumberOfBytesToWrite->61440"
"20190615131450.044","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x0000008c","nNumberOfBytesToRead->61440"
"20190615131450.044","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x00000084","nNumberOfBytesToWrite->61440"
"20190615131450.044","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x0000008c","nNumberOfBytesToRead->61440"
"20190615131450.044","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x00000084","nNumberOfBytesToWrite->61440"
"20190615131450.044","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x0000008c","nNumberOfBytesToRead->37901"
"20190615131450.044","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x00000084","nNumberOfBytesToWrite->37901"
"20190615131450.064","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","synchronization","OpenMutexW","SUCCESS","0x00000098","dwDesiredAccess->0x00120001","lpName->ShimCacheMutex"
"20190615131450.064","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegOpenKeyExW","SUCCESS","0x000000a4","hKey->0x000000a8","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders"
"20190615131450.064","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000a4","lpValueName->Cache"
"20190615131450.064","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","system","LoadLibraryA","SUCCESS","0x77dd0000","lpFileName->advapi32.dll"
"20190615131450.064","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","process","CreateProcessInternalW","SUCCESS","304","lpApplicationName->(null)","lpCommandLine->C:\WINDOWS\system32\HelpMe.exe"
"20190615131450.064","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","process","WinExec","SUCCESS","","lpCmdLine->C:\WINDOWS\system32\HelpMe.exe"
"20190615131450.064","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x0000008c","nNumberOfBytesToRead->268"
"20190615131450.075","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","CreateFileW","FAILURE","","lpFileName->C:\DOCUME~1\JANETT~1\LOCALS~1\Temp\\Locales"
"20190614144302.856","1116","3af0ce13fcadc3db25f739e09fa","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20190615131450.075","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","memory","VirtualAllocEx","SUCCESS","0x00280000","th32ProcessID->304","szExeFile->HelpMe.exe","lpAddress->0x00000000","dwSize->65536","flAllocationType->0x00002000","flProtect->0x00000004"
"20190615131450.075","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","memory","VirtualAllocEx","SUCCESS","0x00280000","th32ProcessID->304","szExeFile->HelpMe.exe","lpAddress->0x00280000","dwSize->257","flAllocationType->0x00001000","flProtect->0x00000004"
"20190615131450.085","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegOpenKeyExW","SUCCESS","0x00000090","hKey->0x000000ac","lpSubKey->Software\Microsoft\Windows\CurrentVersion\ThemeManager"
"20190615131450.085","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegQueryValueExW","FAILURE","","hKey->0x00000090","lpValueName->Compositing"
"20190615131450.085","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegOpenKeyExW","SUCCESS","0x00000090","hKey->0x000000ac","lpSubKey->Control Panel\Desktop"
"20190615131450.085","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegQueryValueExW","FAILURE","","hKey->0x00000090","lpValueName->LameButtonText"
"20190615131450.085","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","system","LoadLibraryA","SUCCESS","0x5ad70000","lpFileName->uxtheme.dll"
"20190615131455.042","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","process","CreateRemoteThread","SUCCESS","0x000000ac","lpStartAddress->0x00404008","th32ProcessID->304","szExeFile->HelpMe.exe"
"20190615131455.042","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","process","CreateRemoteThread","SUCCESS","0x000000b0","lpStartAddress->0x00404008","th32ProcessID->304","szExeFile->HelpMe.exe"
"20190615131455.042","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegCreateKeyExW","SUCCESS","0x000000bc","hKey->HKEY_LOCAL_MACHINE","lpSubKey->SoftWare\Microsoft\Windows NT\CurrentVersion\Winlogon"
"20190615131455.042","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegSetValueExA","SUCCESS","","hKey->0x000000bc","lpValueName->Shell","dwType->1","lpData->Explorer.exe  HelpMe.exe","cbData->25"
"20190615131455.042","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegCreateKeyExW","SUCCESS","0x000000c0","hKey->HKEY_LOCAL_MACHINE","lpSubKey->SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL"
"20190615131455.042","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegSetValueExA","SUCCESS","","hKey->0x000000c0","lpValueName->CheckedValue","dwType->4","lpData->0","cbData->4"
"20190615131455.042","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegCreateKeyExW","SUCCESS","0x000000c8","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders"
"20190615131455.042","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000c8","lpValueName->Startup"
"20190615131455.042","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegCreateKeyExW","SUCCESS","0x000000c8","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders"
"20190615131455.042","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegSetValueExW","SUCCESS","","hKey->0x000000c8","lpValueName->Startup","dwType->1","lpData->C:\Documents and Settings\janettedoe\Start Menu\Programs\Startup","cbData->130"
"20190615131455.042","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","system","LoadLibraryA","SUCCESS","0x774e0000","lpFileName->ole32.dll"
"20190615131455.042","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190615131455.042","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegOpenKeyExW","SUCCESS","0x000000cc","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190615131455.042","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegQueryValueExW","FAILURE","","hKey->0x000000cc","lpValueName->NoNetHood"
"20190615131455.042","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190615131455.042","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegOpenKeyExW","SUCCESS","0x000000cc","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190615131455.042","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegQueryValueExW","FAILURE","","hKey->0x000000cc","lpValueName->NoPropertiesMyComputer"
"20190615131455.042","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190615131455.042","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegOpenKeyExW","SUCCESS","0x000000cc","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190615131455.042","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegQueryValueExW","FAILURE","","hKey->0x000000cc","lpValueName->NoInternetIcon"
"20190615131455.042","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegOpenKeyExA","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Applications\44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d"
"20190615131455.042","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190615131455.042","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegOpenKeyExW","SUCCESS","0x000000cc","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190615131455.042","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegQueryValueExW","FAILURE","","hKey->0x000000cc","lpValueName->NoCommonGroups"
"20190615131455.042","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegOpenKeyExA","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Objects\{20D04FE0-3AEA-1069-A2D8-08002B30309D}"
"20190615131455.042","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190615131455.042","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegOpenKeyExW","SUCCESS","0x000000cc","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190615131455.042","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegQueryValueExW","FAILURE","","hKey->0x000000cc","lpValueName->NoControlPanel"
"20190615131455.042","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190615131455.042","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegOpenKeyExW","SUCCESS","0x000000cc","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190615131455.042","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegQueryValueExW","FAILURE","","hKey->0x000000cc","lpValueName->NoSetFolders"
"20190615131455.042","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegOpenKeyExA","SUCCESS","0x000000ce","hKey->HKEY_CLASSES_ROOT","lpSubKey->CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32"
"20190615131455.042","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000ce","lpValueName->(null)"
"20190615131455.042","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegOpenKeyExW","SUCCESS","0x000000d4","hKey->HKEY_LOCAL_MACHINE","lpSubKey->System\Setup"
"20190615131455.042","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000d4","lpValueName->SystemSetupInProgress"
"20190615131455.042","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->SYSTEM\CurrentControlSet\Control\MiniNT"
"20190615131455.042","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegOpenKeyExW","SUCCESS","0x000000d4","hKey->HKEY_LOCAL_MACHINE","lpSubKey->System\WPA\PnP"
"20190615131455.042","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000d4","lpValueName->seed"
"20190615131455.042","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegOpenKeyExW","SUCCESS","0x000000d4","hKey->HKEY_LOCAL_MACHINE","lpSubKey->SYSTEM\Setup"
"20190615131455.042","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000d4","lpValueName->OsLoaderPath"
"20190615131455.042","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000d4","lpValueName->OsLoaderPath"
"20190615131455.042","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegOpenKeyExW","SUCCESS","0x000000d4","hKey->HKEY_LOCAL_MACHINE","lpSubKey->SYSTEM\Setup"
"20190615131455.042","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000d4","lpValueName->SystemPartition"
"20190615131455.042","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000d4","lpValueName->SystemPartition"
"20190615131455.042","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegOpenKeyExW","SUCCESS","0x000000d4","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Setup"
"20190615131455.042","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000d4","lpValueName->SourcePath"
"20190615131455.042","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000d4","lpValueName->SourcePath"
"20190615131455.042","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegOpenKeyExW","SUCCESS","0x000000d4","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Setup"
"20190615131455.042","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000d4","lpValueName->ServicePackSourcePath"
"20190615131455.042","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000d4","lpValueName->ServicePackSourcePath"
"20190615131455.042","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegOpenKeyExW","SUCCESS","0x000000d4","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Setup"
"20190615131455.042","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000d4","lpValueName->ServicePackCachePath"
"20190615131455.042","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000d4","lpValueName->ServicePackCachePath"
"20190615131455.042","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegOpenKeyExW","SUCCESS","0x000000d4","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Setup"
"20190615131455.042","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000d4","lpValueName->DriverCachePath"
"20190615131455.042","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000d4","lpValueName->DriverCachePath"
"20190615131455.042","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegOpenKeyExW","SUCCESS","0x000000d4","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion"
"20190615131455.042","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000d4","lpValueName->DevicePath"
"20190615131455.042","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","synchronization","CreateMutexW","SUCCESS","0x000000b8","lpName->(null)"
"20190615131455.042","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","synchronization","CreateMutexW","SUCCESS","0x000000d8","lpName->(null)"
"20190615131455.042","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","synchronization","CreateMutexW","SUCCESS","0x000000e0","lpName->(null)"
"20190615131455.042","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegOpenKeyExW","SUCCESS","0x000000e4","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Setup"
"20190615131455.042","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000e4","lpValueName->LogLevel"
"20190615131455.042","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000e4","lpValueName->LogLevel"
"20190615131455.042","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegQueryValueExW","FAILURE","","hKey->0x000000e4","lpValueName->LogPath"
"20190615131455.042","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegOpenKeyExW","FAILURE","","hKey->0x000000e4","lpSubKey->AppLogLevels"
"20190615131455.042","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","system","LoadLibraryA","SUCCESS","0x77920000","lpFileName->SETUPAPI.dll"
"20190615131455.042","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Rpc\PagedBuffers"
"20190615131455.042","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegOpenKeyExA","SUCCESS","0x000000e4","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Rpc"
"20190615131455.042","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d\RpcThreadPoolThrottle"
"20190615131455.042","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Policies\Microsoft\Windows NT\Rpc"
"20190615131455.042","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","system","LoadLibraryW","SUCCESS","0x77e70000","lpFileName->rpcrt4.dll"
"20190615131455.042","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","CreateFileW","SUCCESS","0x00000108","lpFileName->\\.\PIPE\lsarpc","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20190615131455.042","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","CreateFileW","SUCCESS","0x00000110","lpFileName->C:\44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","dwDesiredAccess->GENERIC_READ"
"20190615131455.042","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x00000110","nNumberOfBytesToRead->65536"
"20190615131455.042","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x00000114","nNumberOfBytesToWrite->65536"
"20190615131455.042","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x00000110","nNumberOfBytesToRead->65536"
"20190615131455.052","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","CreateFileW","SUCCESS","0x00000104","lpFileName->\\.\PIPE\lsarpc","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20190615131455.052","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x00000114","nNumberOfBytesToWrite->65536"
"20190615131455.052","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x00000110","nNumberOfBytesToRead->65536"
"20190615131455.052","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x00000114","nNumberOfBytesToWrite->65536"
"20190615131455.052","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x00000110","nNumberOfBytesToRead->65536"
"20190615131455.052","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x00000114","nNumberOfBytesToWrite->65536"
"20190615131455.052","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x00000110","nNumberOfBytesToRead->65536"
"20190615131455.052","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x00000114","nNumberOfBytesToWrite->65536"
"20190615131455.052","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x00000110","nNumberOfBytesToRead->65536"
"20190615131455.052","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x00000114","nNumberOfBytesToWrite->65536"
"20190615131455.052","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x00000110","nNumberOfBytesToRead->65536"
"20190615131455.052","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x00000114","nNumberOfBytesToWrite->65536"
"20190615131455.052","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x00000110","nNumberOfBytesToRead->65536"
"20190615131455.052","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x00000114","nNumberOfBytesToWrite->65536"
"20190615131455.052","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x00000110","nNumberOfBytesToRead->65536"
"20190615131455.052","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x00000114","nNumberOfBytesToWrite->65536"
"20190615131455.052","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x00000110","nNumberOfBytesToRead->65536"
"20190615131455.052","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x00000114","nNumberOfBytesToWrite->65536"
"20190615131455.052","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x00000110","nNumberOfBytesToRead->65536"
"20190615131455.052","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x00000114","nNumberOfBytesToWrite->65536"
"20190615131455.052","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x00000110","nNumberOfBytesToRead->65536"
"20190615131455.052","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x00000114","nNumberOfBytesToWrite->65536"
"20190615131455.052","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x00000110","nNumberOfBytesToRead->65536"
"20190615131455.052","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x00000114","nNumberOfBytesToWrite->65536"
"20190615131455.052","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x00000110","nNumberOfBytesToRead->65536"
"20190615131455.052","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x00000114","nNumberOfBytesToWrite->65536"
"20190615131455.052","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x00000110","nNumberOfBytesToRead->65536"
"20190615131455.052","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x00000114","nNumberOfBytesToWrite->65536"
"20190615131455.052","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x00000110","nNumberOfBytesToRead->65536"
"20190615131455.052","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x00000114","nNumberOfBytesToWrite->65536"
"20190615131455.052","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x00000110","nNumberOfBytesToRead->65536"
"20190615131455.052","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x00000114","nNumberOfBytesToWrite->24757"
"20190615131455.052","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x00000110","nNumberOfBytesToRead->65536"
"20190615131455.052","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","CopyFileExW","SUCCESS","","lpExistingFileName->C:\44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","lpNewFileName->C:\AutoRun.exe"
"20190615131455.052","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","CreateFileW","SUCCESS","0x00000110","lpFileName->C:\44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","dwDesiredAccess->GENERIC_READ"
"20190615131455.052","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x00000110","nNumberOfBytesToRead->268"
"20190615131455.052","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","CreateFileW","SUCCESS","0x00000110","lpFileName->C:\AUTOEXEC.BAT","dwDesiredAccess->GENERIC_READ"
"20190615131455.052","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x00000110","nNumberOfBytesToRead->268"
"20190615131455.052","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","CreateFileW","SUCCESS","0x00000110","lpFileName->C:\44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","dwDesiredAccess->GENERIC_READ"
"20190615131455.052","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","CreateFileW","SUCCESS","0x00000118","lpFileName->C:\AUTOEXEC.BAT","dwDesiredAccess->GENERIC_READ"
"20190615131455.052","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","CreateFileW","SUCCESS","0x0000010c","lpFileName->C:\AUTOEXEC.BAT.exe","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20190615131455.052","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","device","DeviceIoControl","SUCCESS","","hDevice->0x00000120","dwIoControlCode->0x004d0008","lpInBuffer->0x00000000","nInBufferSize->0x00000000","lpOutBuffer->0x0120f37c","nOutBufferSize->0x00000208","lpBytesReturned->0x0120f374","lpOverlapped->0x00000000"
"20190615131455.052","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","CreateFileW","SUCCESS","0x00000120","lpFileName->\\.\MountPointManager","dwDesiredAccess->ATTRIBUTES"
"20190615131455.052","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","device","DeviceIoControl","FAILURE","","hDevice->0x00000120","dwIoControlCode->0x006d0008","lpInBuffer->0x004aac90","nInBufferSize->0x00000046","lpOutBuffer->0x004988e0","nOutBufferSize->0x00000020","lpBytesReturned->0x0120f374","lpOverlapped->0x00000000"
"20190615131455.052","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","memory","VirtualAllocEx","SUCCESS","0x00154000","th32ProcessID->304","szExeFile->HelpMe.exe","lpAddress->0x00154000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20190615131455.052","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x00000110","nNumberOfBytesToRead->61440"
"20190615131455.052","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x0000010c","nNumberOfBytesToWrite->61440"
"20190615131455.052","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x00000110","nNumberOfBytesToRead->61440"
"20190615131455.052","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x0000010c","nNumberOfBytesToWrite->61440"
"20190615131455.052","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x00000110","nNumberOfBytesToRead->61440"
"20190615131455.052","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x0000010c","nNumberOfBytesToWrite->61440"
"20190615131455.052","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x00000110","nNumberOfBytesToRead->61440"
"20190615131455.052","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x0000010c","nNumberOfBytesToWrite->61440"
"20190615131455.052","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x00000110","nNumberOfBytesToRead->61440"
"20190615131455.052","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x0000010c","nNumberOfBytesToWrite->61440"
"20190615131455.052","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x00000110","nNumberOfBytesToRead->61440"
"20190615131455.052","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x0000010c","nNumberOfBytesToWrite->61440"
"20190615131455.052","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x00000110","nNumberOfBytesToRead->61440"
"20190615131455.052","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x0000010c","nNumberOfBytesToWrite->61440"
"20190615131455.052","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x00000110","nNumberOfBytesToRead->61440"
"20190615131455.052","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x0000010c","nNumberOfBytesToWrite->61440"
"20190615131455.052","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x00000110","nNumberOfBytesToRead->61440"
"20190615131455.052","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x0000010c","nNumberOfBytesToWrite->61440"
"20190615131455.052","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x00000110","nNumberOfBytesToRead->61440"
"20190615131455.052","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x0000010c","nNumberOfBytesToWrite->61440"
"20190615131455.052","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x00000110","nNumberOfBytesToRead->61440"
"20190615131455.052","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x0000010c","nNumberOfBytesToWrite->61440"
"20190615131455.052","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x00000110","nNumberOfBytesToRead->61440"
"20190615131455.062","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","device","DeviceIoControl","SUCCESS","","hDevice->0x00000120","dwIoControlCode->0x006d0008","lpInBuffer->0x004aac90","nInBufferSize->0x00000046","lpOutBuffer->0x00486100","nOutBufferSize->0x000000ee","lpBytesReturned->0x0120f374","lpOverlapped->0x00000000"
"20190615131455.062","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegOpenKeyExW","SUCCESS","0x00000120","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume"
"20190615131455.062","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegOpenKeyExW","SUCCESS","0x0000011c","hKey->0x00000120","lpSubKey->{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20190615131455.062","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegQueryValueExW","SUCCESS","","hKey->0x0000011c","lpValueName->Data"
"20190615131455.062","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegOpenKeyExW","SUCCESS","0x0000011c","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume"
"20190615131455.062","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegOpenKeyExW","SUCCESS","0x00000120","hKey->0x0000011c","lpSubKey->{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20190615131455.062","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000120","lpValueName->Generation"
"20190615131455.062","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","CreateFileW","SUCCESS","0x00000120","lpFileName->\\.\MountPointManager","dwDesiredAccess->ATTRIBUTES"
"20190615131455.062","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","device","DeviceIoControl","FAILURE","","hDevice->0x00000120","dwIoControlCode->0x006d0034","lpInBuffer->0x004aace0","nInBufferSize->0x00000208","lpOutBuffer->0x004aa020","nOutBufferSize->0x00000008","lpBytesReturned->0x0120f884","lpOverlapped->0x00000000"
"20190615131455.062","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","device","DeviceIoControl","SUCCESS","","hDevice->0x00000120","dwIoControlCode->0x006d0034","lpInBuffer->0x004aace0","nInBufferSize->0x00000208","lpOutBuffer->0x004aaef0","nOutBufferSize->0x00000010","lpBytesReturned->0x0120f884","lpOverlapped->0x00000000"
"20190615131455.062","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","CreateFileW","SUCCESS","0x00000120","lpFileName->\\.\MountPointManager","dwDesiredAccess->ATTRIBUTES"
"20190615131455.062","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x0000010c","nNumberOfBytesToWrite->61440"
"20190615131455.062","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x00000110","nNumberOfBytesToRead->61440"
"20190615131455.062","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x0000010c","nNumberOfBytesToWrite->61440"
"20190615131455.062","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x00000110","nNumberOfBytesToRead->61440"
"20190615131455.062","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x0000010c","nNumberOfBytesToWrite->61440"
"20190615131455.062","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x00000110","nNumberOfBytesToRead->61440"
"20190615131455.062","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x0000010c","nNumberOfBytesToWrite->61440"
"20190615131455.062","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x00000110","nNumberOfBytesToRead->61440"
"20190615131455.062","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x0000010c","nNumberOfBytesToWrite->61440"
"20190615131455.062","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x00000110","nNumberOfBytesToRead->61440"
"20190615131455.062","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x0000010c","nNumberOfBytesToWrite->61440"
"20190615131455.062","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x00000110","nNumberOfBytesToRead->28853"
"20190615131455.062","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x0000010c","nNumberOfBytesToWrite->28853"
"20190615131455.062","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x0000010c","nNumberOfBytesToWrite->268"
"20190615131455.062","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x0000010c","nNumberOfBytesToWrite->268"
"20190615131455.062","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","DeleteFileW","SUCCESS","","lpFileName->C:\AUTOEXEC.BAT"
"20190615131455.062","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","device","DeviceIoControl","FAILURE","","hDevice->0x00000120","dwIoControlCode->0x006d0034","lpInBuffer->0x004aace0","nInBufferSize->0x00000208","lpOutBuffer->0x004aa020","nOutBufferSize->0x00000008","lpBytesReturned->0x0120f884","lpOverlapped->0x00000000"
"20190615131455.062","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","device","DeviceIoControl","SUCCESS","","hDevice->0x00000120","dwIoControlCode->0x006d0034","lpInBuffer->0x004aace0","nInBufferSize->0x00000208","lpOutBuffer->0x004aaf08","nOutBufferSize->0x00000010","lpBytesReturned->0x0120f884","lpOverlapped->0x00000000"
"20190615131455.062","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegCreateKeyExW","SUCCESS","0x00000120","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20190615131455.062","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegSetValueExW","SUCCESS","","hKey->0x00000120","lpValueName->BaseClass","dwType->1","lpData->Drive","cbData->12"
"20190615131455.062","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegOpenKeyExW","SUCCESS","0x00000120","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume"
"20190615131455.062","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegOpenKeyExW","SUCCESS","0x00000118","hKey->0x00000120","lpSubKey->{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20190615131455.062","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000118","lpValueName->Generation"
"20190615131455.062","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","system","LoadLibraryA","SUCCESS","0x7c9c0000","lpFileName->SHELL32.dll"
"20190615131455.062","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","system","LoadLibraryA","SUCCESS","0x774e0000","lpFileName->ole32.dll"
"20190615131455.062","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegOpenKeyExW","SUCCESS","0x0000011a","hKey->HKEY_CLASSES_ROOT","lpSubKey->Directory"
"20190615131455.062","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegOpenKeyExW","FAILURE","","hKey->0x0000011a","lpSubKey->CurVer"
"20190615131455.062","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegOpenKeyExW","SUCCESS","0x00000122","hKey->0x0000011a","lpSubKey->(null)"
"20190615131455.062","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190615131455.062","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegOpenKeyExW","SUCCESS","0x00000118","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190615131455.062","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegQueryValueExW","FAILURE","","hKey->0x00000118","lpValueName->DontShowSuperHidden"
"20190615131455.062","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegOpenKeyExW","SUCCESS","0x00000118","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer"
"20190615131455.062","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegOpenKeyExW","SUCCESS","0x00000110","hKey->0x00000118","lpSubKey->(null)"
"20190615131455.062","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000110","lpValueName->ShellState"
"20190615131455.062","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000110","lpValueName->ShellState"
"20190615131455.062","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190615131455.062","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegOpenKeyExW","SUCCESS","0x00000110","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190615131455.062","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegQueryValueExW","FAILURE","","hKey->0x00000110","lpValueName->ForceActiveDesktopOn"
"20190615131455.062","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190615131455.062","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegOpenKeyExW","SUCCESS","0x00000110","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190615131455.062","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegQueryValueExW","FAILURE","","hKey->0x00000110","lpValueName->NoActiveDesktop"
"20190615131455.062","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\System"
"20190615131455.062","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","MoveFileWithProgressW","SUCCESS","","lpExistingFileName->C:\AUTOEXEC.BAT.exe","lpNewFileName->C:\AUTOEXEC.BAT"
"20190615131455.062","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","CreateFileW","SUCCESS","0x0000010c","lpFileName->C:\AutoRun.exe","dwDesiredAccess->GENERIC_READ"
"20190615131455.062","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x0000010c","nNumberOfBytesToRead->268"
"20190615131455.062","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","CreateFileW","SUCCESS","0x0000010c","lpFileName->C:\AUTORUN.INF","dwDesiredAccess->GENERIC_READ"
"20190615131455.062","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x0000010c","nNumberOfBytesToRead->268"
"20190615131455.062","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","CreateFileW","SUCCESS","0x0000010c","lpFileName->C:\44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","dwDesiredAccess->GENERIC_READ"
"20190615131455.062","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","CreateFileW","SUCCESS","0x00000110","lpFileName->C:\AUTORUN.INF","dwDesiredAccess->GENERIC_READ"
"20190615131455.062","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","CreateFileW","SUCCESS","0x0000011c","lpFileName->C:\AUTORUN.INF.exe","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20190615131455.062","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","memory","VirtualAllocEx","SUCCESS","0x00154000","th32ProcessID->304","szExeFile->HelpMe.exe","lpAddress->0x00154000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20190615131455.062","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x0000010c","nNumberOfBytesToRead->61440"
"20190615131455.062","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x0000011c","nNumberOfBytesToWrite->61440"
"20190615131455.062","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x0000010c","nNumberOfBytesToRead->61440"
"20190615131455.062","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x0000011c","nNumberOfBytesToWrite->61440"
"20190615131455.062","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x0000010c","nNumberOfBytesToRead->61440"
"20190615131455.062","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x0000011c","nNumberOfBytesToWrite->61440"
"20190615131455.062","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x0000010c","nNumberOfBytesToRead->61440"
"20190615131455.062","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x0000011c","nNumberOfBytesToWrite->61440"
"20190615131455.062","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x0000010c","nNumberOfBytesToRead->61440"
"20190615131455.062","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x0000011c","nNumberOfBytesToWrite->61440"
"20190615131455.062","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x0000010c","nNumberOfBytesToRead->61440"
"20190615131455.062","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x0000011c","nNumberOfBytesToWrite->61440"
"20190615131455.062","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x0000010c","nNumberOfBytesToRead->61440"
"20190615131455.062","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x0000011c","nNumberOfBytesToWrite->61440"
"20190615131455.062","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x0000010c","nNumberOfBytesToRead->61440"
"20190615131455.062","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x0000011c","nNumberOfBytesToWrite->61440"
"20190615131455.062","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x0000010c","nNumberOfBytesToRead->61440"
"20190615131455.062","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x0000011c","nNumberOfBytesToWrite->61440"
"20190615131455.062","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x0000010c","nNumberOfBytesToRead->61440"
"20190615131455.062","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x0000011c","nNumberOfBytesToWrite->61440"
"20190615131455.062","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x0000010c","nNumberOfBytesToRead->61440"
"20190615131455.062","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x0000011c","nNumberOfBytesToWrite->61440"
"20190615131455.062","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x0000010c","nNumberOfBytesToRead->61440"
"20190615131455.062","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x0000011c","nNumberOfBytesToWrite->61440"
"20190615131455.062","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x0000010c","nNumberOfBytesToRead->61440"
"20190615131455.062","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x0000011c","nNumberOfBytesToWrite->61440"
"20190615131455.062","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x0000010c","nNumberOfBytesToRead->61440"
"20190615131455.062","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x0000011c","nNumberOfBytesToWrite->61440"
"20190615131455.062","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x0000010c","nNumberOfBytesToRead->61440"
"20190615131455.062","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x0000011c","nNumberOfBytesToWrite->61440"
"20190615131455.062","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x0000010c","nNumberOfBytesToRead->61440"
"20190615131455.062","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x0000011c","nNumberOfBytesToWrite->61440"
"20190615131455.062","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x0000010c","nNumberOfBytesToRead->61440"
"20190615131455.062","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x0000011c","nNumberOfBytesToWrite->61440"
"20190615131455.062","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x0000010c","nNumberOfBytesToRead->28853"
"20190615131455.062","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x0000011c","nNumberOfBytesToWrite->28853"
"20190615131455.062","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x00000110","nNumberOfBytesToRead->145"
"20190615131455.062","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x0000011c","nNumberOfBytesToWrite->145"
"20190615131455.062","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x0000011c","nNumberOfBytesToWrite->268"
"20190615131455.062","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x0000011c","nNumberOfBytesToWrite->268"
"20190615131455.062","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190615131455.062","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegOpenKeyExW","SUCCESS","0x0000011c","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190615131455.062","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegQueryValueExW","FAILURE","","hKey->0x0000011c","lpValueName->NoWebView"
"20190615131455.062","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190615131455.062","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegOpenKeyExW","SUCCESS","0x0000011c","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190615131455.062","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegQueryValueExW","FAILURE","","hKey->0x0000011c","lpValueName->ClassicShell"
"20190615131455.062","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190615131455.062","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegOpenKeyExW","SUCCESS","0x0000011c","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190615131455.062","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegQueryValueExW","FAILURE","","hKey->0x0000011c","lpValueName->SeparateProcess"
"20190615131455.062","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190615131455.062","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegOpenKeyExW","SUCCESS","0x0000011c","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190615131455.062","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegQueryValueExW","FAILURE","","hKey->0x0000011c","lpValueName->NoNetCrawling"
"20190615131455.062","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190615131455.062","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegOpenKeyExW","SUCCESS","0x0000011c","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190615131455.062","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegQueryValueExW","FAILURE","","hKey->0x0000011c","lpValueName->NoSimpleStartMenu"
"20190615131455.072","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","DeleteFileW","FAILURE","","lpFileName->C:\AUTORUN.INF"
"20190615131455.072","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegOpenKeyExW","SUCCESS","0x00000110","hKey->0x00000118","lpSubKey->Advanced"
"20190615131455.072","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000110","lpValueName->Hidden"
"20190615131455.072","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000110","lpValueName->ShowCompColor"
"20190615131455.072","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000110","lpValueName->HideFileExt"
"20190615131455.072","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000110","lpValueName->DontPrettyPath"
"20190615131455.072","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000110","lpValueName->ShowInfoTip"
"20190615131455.072","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000110","lpValueName->HideIcons"
"20190615131455.072","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000110","lpValueName->MapNetDrvBtn"
"20190615131455.072","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000110","lpValueName->WebView"
"20190615131455.072","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000110","lpValueName->Filter"
"20190615131455.072","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000110","lpValueName->ShowSuperHidden"
"20190615131455.072","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000110","lpValueName->SeparateProcess"
"20190615131455.072","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000110","lpValueName->NoNetCrawling"
"20190615131455.072","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegOpenKeyExW","FAILURE","","hKey->0x00000122","lpSubKey->ShellEx\IconHandler"
"20190615131455.072","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegQueryValueExW","FAILURE","","hKey->0x00000122","lpValueName->DocObject"
"20190615131455.072","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegQueryValueExW","FAILURE","","hKey->0x00000122","lpValueName->BrowseInPlace"
"20190615131455.072","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegOpenKeyExW","FAILURE","","hKey->0x00000122","lpSubKey->Clsid"
"20190615131455.072","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegOpenKeyExW","SUCCESS","0x0000010e","hKey->HKEY_CLASSES_ROOT","lpSubKey->Folder"
"20190615131455.072","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegOpenKeyExW","FAILURE","","hKey->0x0000010e","lpSubKey->Clsid"
"20190615131455.072","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegQueryValueExW","FAILURE","","hKey->0x00000122","lpValueName->IsShortcut"
"20190615131455.072","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000122","lpValueName->AlwaysShowExt"
"20190615131455.072","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegQueryValueExW","FAILURE","","hKey->0x00000122","lpValueName->NeverShowExt"
"20190615131455.072","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190615131455.072","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegOpenKeyExW","SUCCESS","0x0000010c","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190615131455.072","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegQueryValueExW","FAILURE","","hKey->0x0000010c","lpValueName->UseDesktopIniCache"
"20190615131455.072","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","MoveFileWithProgressW","FAILURE","","lpExistingFileName->C:\AUTORUN.INF.exe","lpNewFileName->C:\AUTORUN.INF"
"20190615131455.072","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","CreateFileW","SUCCESS","0x0000011c","lpFileName->C:\boot.ini","dwDesiredAccess->GENERIC_READ"
"20190615131455.072","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x0000011c","nNumberOfBytesToRead->268"
"20190615131455.072","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","CreateFileW","SUCCESS","0x0000011c","lpFileName->C:\44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","dwDesiredAccess->GENERIC_READ"
"20190615131455.072","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","CreateFileW","SUCCESS","0x0000010c","lpFileName->C:\boot.ini","dwDesiredAccess->GENERIC_READ"
"20190615131455.072","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","CreateFileW","SUCCESS","0x00000120","lpFileName->C:\boot.ini.exe","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20190615131455.072","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","memory","VirtualAllocEx","SUCCESS","0x00154000","th32ProcessID->304","szExeFile->HelpMe.exe","lpAddress->0x00154000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20190615131455.072","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x0000011c","nNumberOfBytesToRead->61440"
"20190615131455.072","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x00000120","nNumberOfBytesToWrite->61440"
"20190615131455.072","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x0000011c","nNumberOfBytesToRead->61440"
"20190615131455.072","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x00000120","nNumberOfBytesToWrite->61440"
"20190615131455.072","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x0000011c","nNumberOfBytesToRead->61440"
"20190615131455.072","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x00000120","nNumberOfBytesToWrite->61440"
"20190615131455.072","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x0000011c","nNumberOfBytesToRead->61440"
"20190615131455.072","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x00000120","nNumberOfBytesToWrite->61440"
"20190615131455.072","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x0000011c","nNumberOfBytesToRead->61440"
"20190615131455.072","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x00000120","nNumberOfBytesToWrite->61440"
"20190615131455.072","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x0000011c","nNumberOfBytesToRead->61440"
"20190615131455.072","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x00000120","nNumberOfBytesToWrite->61440"
"20190615131455.072","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x0000011c","nNumberOfBytesToRead->61440"
"20190615131455.072","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x00000120","nNumberOfBytesToWrite->61440"
"20190615131455.072","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x0000011c","nNumberOfBytesToRead->61440"
"20190615131455.072","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x00000120","nNumberOfBytesToWrite->61440"
"20190615131455.072","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x0000011c","nNumberOfBytesToRead->61440"
"20190615131455.072","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x00000120","nNumberOfBytesToWrite->61440"
"20190615131455.072","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x0000011c","nNumberOfBytesToRead->61440"
"20190615131455.072","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x00000120","nNumberOfBytesToWrite->61440"
"20190615131455.072","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x0000011c","nNumberOfBytesToRead->61440"
"20190615131455.072","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x00000120","nNumberOfBytesToWrite->61440"
"20190615131455.072","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x0000011c","nNumberOfBytesToRead->61440"
"20190615131455.072","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x00000120","nNumberOfBytesToWrite->61440"
"20190615131455.072","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x0000011c","nNumberOfBytesToRead->61440"
"20190615131455.072","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x00000120","nNumberOfBytesToWrite->61440"
"20190615131455.072","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x0000011c","nNumberOfBytesToRead->61440"
"20190615131455.072","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x00000120","nNumberOfBytesToWrite->61440"
"20190615131455.072","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x0000011c","nNumberOfBytesToRead->61440"
"20190615131455.072","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x00000120","nNumberOfBytesToWrite->61440"
"20190615131455.072","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x0000011c","nNumberOfBytesToRead->61440"
"20190615131455.072","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x00000120","nNumberOfBytesToWrite->61440"
"20190615131455.072","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x0000011c","nNumberOfBytesToRead->61440"
"20190615131455.072","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x00000120","nNumberOfBytesToWrite->61440"
"20190615131455.072","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x0000011c","nNumberOfBytesToRead->28853"
"20190615131455.072","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x00000120","nNumberOfBytesToWrite->28853"
"20190615131455.072","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x0000010c","nNumberOfBytesToRead->211"
"20190615131455.072","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x00000120","nNumberOfBytesToWrite->211"
"20190615131455.072","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x00000120","nNumberOfBytesToWrite->268"
"20190615131455.072","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x00000120","nNumberOfBytesToWrite->268"
"20190615131455.072","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","system","LoadLibraryA","SUCCESS","0x77120000","lpFileName->oleaut32.dll"
"20190615131455.072","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegOpenKeyExW","SUCCESS","0x00000120","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\COM3"
"20190615131455.072","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000120","lpValueName->Com+Enabled"
"20190615131455.072","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","DeleteFileW","SUCCESS","","lpFileName->C:\boot.ini"
"20190615131455.072","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","MoveFileWithProgressW","SUCCESS","","lpExistingFileName->C:\boot.ini.exe","lpNewFileName->C:\boot.ini"
"20190615131455.072","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","CreateFileW","SUCCESS","0x0000010c","lpFileName->C:\CONFIG.SYS","dwDesiredAccess->GENERIC_READ"
"20190615131455.072","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x0000010c","nNumberOfBytesToRead->268"
"20190615131455.082","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\COM3\Debug"
"20190615131455.082","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\COM3\Debug"
"20190615131455.082","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegOpenKeyExW","SUCCESS","0x0000011c","hKey->HKEY_LOCAL_MACHINE","lpSubKey->SOFTWARE\Microsoft\OLE"
"20190615131455.082","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegQueryValueExW","FAILURE","","hKey->0x0000011c","lpValueName->MinimumFreeMemPercentageToCreateProcess"
"20190615131455.082","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegQueryValueExW","FAILURE","","hKey->0x0000011c","lpValueName->MinimumFreeMemPercentageToCreateObject"
"20190615131455.082","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","CreateFileW","SUCCESS","0x0000011c","lpFileName->C:\44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","dwDesiredAccess->GENERIC_READ"
"20190615131455.082","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","CreateFileW","SUCCESS","0x0000010c","lpFileName->C:\CONFIG.SYS","dwDesiredAccess->GENERIC_READ"
"20190615131455.082","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","CreateFileW","SUCCESS","0x00000128","lpFileName->C:\CONFIG.SYS.exe","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20190615131455.082","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","memory","VirtualAllocEx","SUCCESS","0x00154000","th32ProcessID->304","szExeFile->HelpMe.exe","lpAddress->0x00154000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20190615131455.082","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x0000011c","nNumberOfBytesToRead->61440"
"20190615131455.082","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x00000128","nNumberOfBytesToWrite->61440"
"20190615131455.082","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x0000011c","nNumberOfBytesToRead->61440"
"20190615131455.082","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x00000128","nNumberOfBytesToWrite->61440"
"20190615131455.082","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x0000011c","nNumberOfBytesToRead->61440"
"20190615131455.082","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x00000128","nNumberOfBytesToWrite->61440"
"20190615131455.082","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x0000011c","nNumberOfBytesToRead->61440"
"20190615131455.082","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x00000128","nNumberOfBytesToWrite->61440"
"20190615131455.082","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x0000011c","nNumberOfBytesToRead->61440"
"20190615131455.082","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x00000128","nNumberOfBytesToWrite->61440"
"20190615131455.082","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x0000011c","nNumberOfBytesToRead->61440"
"20190615131455.082","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x00000128","nNumberOfBytesToWrite->61440"
"20190615131455.082","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x0000011c","nNumberOfBytesToRead->61440"
"20190615131455.082","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x00000128","nNumberOfBytesToWrite->61440"
"20190615131455.082","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x0000011c","nNumberOfBytesToRead->61440"
"20190615131455.082","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x00000128","nNumberOfBytesToWrite->61440"
"20190615131455.082","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x0000011c","nNumberOfBytesToRead->61440"
"20190615131455.082","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x00000128","nNumberOfBytesToWrite->61440"
"20190615131455.082","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x0000011c","nNumberOfBytesToRead->61440"
"20190615131455.082","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x00000128","nNumberOfBytesToWrite->61440"
"20190615131455.082","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x0000011c","nNumberOfBytesToRead->61440"
"20190615131455.082","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x00000128","nNumberOfBytesToWrite->61440"
"20190615131455.082","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x0000011c","nNumberOfBytesToRead->61440"
"20190615131455.082","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x00000128","nNumberOfBytesToWrite->61440"
"20190615131455.082","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x0000011c","nNumberOfBytesToRead->61440"
"20190615131455.082","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x00000128","nNumberOfBytesToWrite->61440"
"20190615131455.082","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x0000011c","nNumberOfBytesToRead->61440"
"20190615131455.082","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x00000128","nNumberOfBytesToWrite->61440"
"20190615131455.082","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x0000011c","nNumberOfBytesToRead->61440"
"20190615131455.082","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x00000128","nNumberOfBytesToWrite->61440"
"20190615131455.082","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x0000011c","nNumberOfBytesToRead->61440"
"20190615131455.082","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x00000128","nNumberOfBytesToWrite->61440"
"20190615131455.082","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x0000011c","nNumberOfBytesToRead->61440"
"20190615131455.082","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x00000128","nNumberOfBytesToWrite->61440"
"20190615131455.082","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x0000011c","nNumberOfBytesToRead->28853"
"20190615131455.082","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x00000128","nNumberOfBytesToWrite->28853"
"20190615131455.082","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x00000128","nNumberOfBytesToWrite->268"
"20190615131455.082","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x00000128","nNumberOfBytesToWrite->268"
"20190615131455.082","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","system","LoadLibraryA","SUCCESS","0x76fd0000","lpFileName->CLBCATQ.DLL"
"20190615131455.082","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegOpenKeyExW","SUCCESS","0x00000128","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\COM3"
"20190615131455.082","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000128","lpValueName->Com+Enabled"
"20190615131455.082","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","system","LoadLibraryA","SUCCESS","0x76fd0000","lpFileName->CLBCATQ.DLL"
"20190615131455.082","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegOpenKeyExW","SUCCESS","0x00000128","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Classes"
"20190615131455.082","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegOpenKeyExW","SUCCESS","0x00000134","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\COM3"
"20190615131455.082","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegOpenKeyExW","SUCCESS","0x00000148","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Classes"
"20190615131455.082","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegOpenKeyExW","SUCCESS","0x00000158","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\COM3"
"20190615131455.082","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegOpenKeyExW","SUCCESS","0x00000160","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\COM3"
"20190615131455.082","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegOpenKeyExW","SUCCESS","0x00000168","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Classes\CLSID"
"20190615131455.082","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegOpenKeyExW","SUCCESS","0x00000170","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Classes"
"20190615131455.082","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegOpenKeyExW","SUCCESS","0x00000178","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\COM3"
"20190615131455.082","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegOpenKeyExW","SUCCESS","0x00000188","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\COM3"
"20190615131455.082","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegOpenKeyExW","SUCCESS","0x00000190","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\COM3"
"20190615131455.082","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegOpenKeyExW","SUCCESS","0x00000198","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Classes\CLSID"
"20190615131455.082","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegOpenKeyExW","SUCCESS","0x000001a0","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\COM3"
"20190615131455.082","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001a0","lpValueName->REGDBVersion"
"20190615131455.082","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","CreateFileW","SUCCESS","0x000001a0","lpFileName->C:\WINDOWS\Registration\R000000000007.clb","dwDesiredAccess->GENERIC_READ"
"20190615131455.082","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","DeleteFileW","SUCCESS","","lpFileName->C:\CONFIG.SYS"
"20190615131455.082","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x000001a0","nNumberOfBytesToRead->22512"
"20190615131455.082","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegOpenKeyExW","SUCCESS","0x000001a0","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\COM3"
"20190615131455.082","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001a0","lpValueName->REGDBVersion"
"20190615131455.082","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","MoveFileWithProgressW","SUCCESS","","lpExistingFileName->C:\CONFIG.SYS.exe","lpNewFileName->C:\CONFIG.SYS"
"20190615131455.082","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","CreateFileW","SUCCESS","0x000001ac","lpFileName->C:\cuckoo\additional\.gitignore","dwDesiredAccess->GENERIC_READ"
"20190615131455.082","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x000001ac","nNumberOfBytesToRead->268"
"20190615131455.082","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","CreateFileW","SUCCESS","0x000001ac","lpFileName->C:\44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","dwDesiredAccess->GENERIC_READ"
"20190615131455.082","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","CreateFileW","SUCCESS","0x000001b0","lpFileName->C:\cuckoo\additional\.gitignore","dwDesiredAccess->GENERIC_READ"
"20190615131455.082","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","CreateFileW","SUCCESS","0x000001b4","lpFileName->C:\cuckoo\additional\.gitignore.exe","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20190615131455.082","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","memory","VirtualAllocEx","SUCCESS","0x00154000","th32ProcessID->304","szExeFile->HelpMe.exe","lpAddress->0x00154000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20190615131455.082","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x000001ac","nNumberOfBytesToRead->61440"
"20190615131455.082","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x000001b4","nNumberOfBytesToWrite->61440"
"20190615131455.082","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x000001ac","nNumberOfBytesToRead->61440"
"20190615131455.082","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x000001b4","nNumberOfBytesToWrite->61440"
"20190615131455.082","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x000001ac","nNumberOfBytesToRead->61440"
"20190615131455.082","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x000001b4","nNumberOfBytesToWrite->61440"
"20190615131455.082","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x000001ac","nNumberOfBytesToRead->61440"
"20190615131455.082","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x000001b4","nNumberOfBytesToWrite->61440"
"20190615131455.082","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x000001ac","nNumberOfBytesToRead->61440"
"20190615131455.082","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x000001b4","nNumberOfBytesToWrite->61440"
"20190615131455.082","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x000001ac","nNumberOfBytesToRead->61440"
"20190615131455.082","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x000001b4","nNumberOfBytesToWrite->61440"
"20190615131455.082","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x000001ac","nNumberOfBytesToRead->61440"
"20190615131455.082","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x000001b4","nNumberOfBytesToWrite->61440"
"20190615131455.082","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x000001ac","nNumberOfBytesToRead->61440"
"20190615131455.082","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x000001b4","nNumberOfBytesToWrite->61440"
"20190615131455.082","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x000001ac","nNumberOfBytesToRead->61440"
"20190615131455.082","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x000001b4","nNumberOfBytesToWrite->61440"
"20190615131455.082","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x000001ac","nNumberOfBytesToRead->61440"
"20190615131455.082","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x000001b4","nNumberOfBytesToWrite->61440"
"20190615131455.082","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x000001ac","nNumberOfBytesToRead->61440"
"20190615131455.082","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x000001b4","nNumberOfBytesToWrite->61440"
"20190615131455.082","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x000001ac","nNumberOfBytesToRead->61440"
"20190615131455.082","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x000001b4","nNumberOfBytesToWrite->61440"
"20190615131455.082","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x000001ac","nNumberOfBytesToRead->61440"
"20190615131455.082","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x000001b4","nNumberOfBytesToWrite->61440"
"20190615131455.082","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x000001ac","nNumberOfBytesToRead->61440"
"20190615131455.082","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x000001b4","nNumberOfBytesToWrite->61440"
"20190615131455.082","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x000001ac","nNumberOfBytesToRead->61440"
"20190615131455.082","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x000001b4","nNumberOfBytesToWrite->61440"
"20190615131455.082","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x000001ac","nNumberOfBytesToRead->61440"
"20190615131455.082","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x000001b4","nNumberOfBytesToWrite->61440"
"20190615131455.082","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x000001ac","nNumberOfBytesToRead->61440"
"20190615131455.082","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x000001b4","nNumberOfBytesToWrite->61440"
"20190615131455.082","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x000001ac","nNumberOfBytesToRead->28853"
"20190615131455.082","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x000001b4","nNumberOfBytesToWrite->28853"
"20190615131455.082","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x000001b0","nNumberOfBytesToRead->71"
"20190615131455.082","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x000001b4","nNumberOfBytesToWrite->71"
"20190615131455.082","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x000001b4","nNumberOfBytesToWrite->268"
"20190615131455.082","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x000001b4","nNumberOfBytesToWrite->268"
"20190615131455.082","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","DeleteFileW","SUCCESS","","lpFileName->C:\cuckoo\additional\.gitignore"
"20190615131455.082","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","memory","VirtualAllocEx","SUCCESS","0x00300000","th32ProcessID->1252","szExeFile->44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","lpAddress->0x00000000","dwSize->65536","flAllocationType->0x00002000","flProtect->0x00000001"
"20190615131455.082","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","memory","VirtualAllocEx","SUCCESS","0x00300000","th32ProcessID->304","szExeFile->HelpMe.exe","lpAddress->0x00300000","dwSize->4096","flAllocationType->0x00001000","flProtect->0x00000004"
"20190615131455.082","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegOpenKeyExW","SUCCESS","0x000001b2","hKey->0x0000010e","lpSubKey->CLSID\{00021401-0000-0000-C000-000000000046}"
"20190615131455.082","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegOpenKeyExW","FAILURE","","hKey->0x000001b2","lpSubKey->TreatAs"
"20190615131455.082","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegOpenKeyExW","SUCCESS","0x000001ba","hKey->0x0000010e","lpSubKey->(null)"
"20190615131455.082","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegOpenKeyExW","SUCCESS","0x000001b2","hKey->0x000001ba","lpSubKey->CLSID\{00021401-0000-0000-C000-000000000046}"
"20190615131455.082","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegOpenKeyExW","SUCCESS","0x000001c2","hKey->0x000001b2","lpSubKey->InprocServer32"
"20190615131455.082","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegQueryValueExW","FAILURE","","hKey->0x000001c2","lpValueName->InprocServer32"
"20190615131455.082","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegOpenKeyExW","FAILURE","","hKey->0x000001b2","lpSubKey->InprocServerX86"
"20190615131455.082","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegOpenKeyExW","FAILURE","","hKey->0x000001b2","lpSubKey->LocalServer32"
"20190615131455.082","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegOpenKeyExW","SUCCESS","0x000001c2","hKey->0x000001b2","lpSubKey->InprocServer32"
"20190615131455.082","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001c2","lpValueName->(null)"
"20190615131455.082","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegOpenKeyExW","FAILURE","","hKey->0x000001b2","lpSubKey->InprocHandler32"
"20190615131455.082","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegOpenKeyExW","FAILURE","","hKey->0x000001b2","lpSubKey->InprocHandlerX86"
"20190615131455.082","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegOpenKeyExW","FAILURE","","hKey->0x000001b2","lpSubKey->LocalServer32"
"20190615131455.082","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegOpenKeyExW","FAILURE","","hKey->0x000001b2","lpSubKey->LocalServer"
"20190615131455.082","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegOpenKeyExW","SUCCESS","0x000001c2","hKey->0x000001ba","lpSubKey->CLSID\{00021401-0000-0000-C000-000000000046}"
"20190615131455.082","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegQueryValueExW","FAILURE","","hKey->0x000001c2","lpValueName->AppID"
"20190615131455.082","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegOpenKeyExW","SUCCESS","0x000001b2","hKey->0x000001ba","lpSubKey->CLSID\{00021401-0000-0000-C000-000000000046}"
"20190615131455.082","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegOpenKeyExW","SUCCESS","0x000001b2","hKey->0x000001ba","lpSubKey->CLSID\{00021401-0000-0000-C000-000000000046}"
"20190615131455.082","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegOpenKeyExW","SUCCESS","0x000001c2","hKey->0x000001b2","lpSubKey->InprocServer32"
"20190615131455.082","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001c2","lpValueName->ThreadingModel"
"20190615131455.082","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegOpenKeyExW","SUCCESS","0x000001b2","hKey->HKEY_CLASSES_ROOT","lpSubKey->CLSID\{00021401-0000-0000-C000-000000000046}"
"20190615131455.082","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegOpenKeyExW","FAILURE","","hKey->0x000001b2","lpSubKey->TreatAs"
"20190615131455.082","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegOpenKeyExW","SUCCESS","0x000001c0","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume"
"20190615131455.082","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegOpenKeyExW","SUCCESS","0x000001c4","hKey->0x000001c0","lpSubKey->{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20190615131455.082","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001c4","lpValueName->Generation"
"20190615131455.082","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegOpenKeyExW","SUCCESS","0x000001c6","hKey->HKEY_CLASSES_ROOT","lpSubKey->Drive\shellex\FolderExtensions"
"20190615131455.082","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegOpenKeyExW","SUCCESS","0x000001c2","hKey->HKEY_CLASSES_ROOT","lpSubKey->Drive\shellex\FolderExtensions\{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"20190615131455.082","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001c2","lpValueName->DriveMask"
"20190615131455.082","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190615131455.082","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegOpenKeyExW","SUCCESS","0x000001c4","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190615131455.082","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegQueryValueExW","FAILURE","","hKey->0x000001c4","lpValueName->AllowFileCLSIDJunctions"
"20190615131455.082","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegCreateKeyExW","SUCCESS","0x000001c4","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders"
"20190615131455.082","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001c4","lpValueName->Personal"
"20190615131455.082","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegCreateKeyExW","SUCCESS","0x000001c4","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders"
"20190615131455.082","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegSetValueExW","SUCCESS","","hKey->0x000001c4","lpValueName->Personal","dwType->1","lpData->C:\Documents and Settings\janettedoe\My Documents","cbData->100"
"20190615131455.082","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegOpenKeyExW","SUCCESS","0x000001c4","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume"
"20190615131455.082","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegOpenKeyExW","SUCCESS","0x000001c0","hKey->0x000001c4","lpSubKey->{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20190615131455.082","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001c0","lpValueName->Generation"
"20190615131455.092","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","MoveFileWithProgressW","SUCCESS","","lpExistingFileName->C:\cuckoo\additional\.gitignore.exe","lpNewFileName->C:\cuckoo\additional\.gitignore"
"20190615131455.092","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","CreateFileW","SUCCESS","0x000001b4","lpFileName->C:\cuckoo\dll\cmonitor.dll","dwDesiredAccess->GENERIC_READ"
"20190615131455.092","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x000001b4","nNumberOfBytesToRead->268"
"20190615131455.092","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","CreateFileW","SUCCESS","0x000001b4","lpFileName->C:\44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","dwDesiredAccess->GENERIC_READ"
"20190615131455.092","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","CreateFileW","SUCCESS","0x000001c0","lpFileName->C:\cuckoo\dll\cmonitor.dll","dwDesiredAccess->GENERIC_READ"
"20190615131455.092","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","CreateFileW","SUCCESS","0x000001c4","lpFileName->C:\cuckoo\dll\cmonitor.dll.exe","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20190615131455.092","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","memory","VirtualAllocEx","SUCCESS","0x00154000","th32ProcessID->304","szExeFile->HelpMe.exe","lpAddress->0x00154000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20190615131455.092","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x000001b4","nNumberOfBytesToRead->61440"
"20190615131455.092","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToWrite->61440"
"20190615131455.092","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x000001b4","nNumberOfBytesToRead->61440"
"20190615131455.092","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToWrite->61440"
"20190615131455.092","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x000001b4","nNumberOfBytesToRead->61440"
"20190615131455.092","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToWrite->61440"
"20190615131455.092","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x000001b4","nNumberOfBytesToRead->61440"
"20190615131455.092","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToWrite->61440"
"20190615131455.092","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x000001b4","nNumberOfBytesToRead->61440"
"20190615131455.092","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToWrite->61440"
"20190615131455.092","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x000001b4","nNumberOfBytesToRead->61440"
"20190615131455.092","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToWrite->61440"
"20190615131455.092","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x000001b4","nNumberOfBytesToRead->61440"
"20190615131455.092","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToWrite->61440"
"20190615131455.092","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x000001b4","nNumberOfBytesToRead->61440"
"20190615131455.092","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToWrite->61440"
"20190615131455.092","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x000001b4","nNumberOfBytesToRead->61440"
"20190615131455.092","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToWrite->61440"
"20190615131455.092","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x000001b4","nNumberOfBytesToRead->61440"
"20190615131455.092","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToWrite->61440"
"20190615131455.092","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x000001b4","nNumberOfBytesToRead->61440"
"20190615131455.092","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToWrite->61440"
"20190615131455.092","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x000001b4","nNumberOfBytesToRead->61440"
"20190615131455.092","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToWrite->61440"
"20190615131455.092","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x000001b4","nNumberOfBytesToRead->61440"
"20190615131455.092","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToWrite->61440"
"20190615131455.092","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x000001b4","nNumberOfBytesToRead->61440"
"20190615131455.092","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToWrite->61440"
"20190615131455.092","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x000001b4","nNumberOfBytesToRead->61440"
"20190615131455.092","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToWrite->61440"
"20190615131455.092","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x000001b4","nNumberOfBytesToRead->61440"
"20190615131455.092","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToWrite->61440"
"20190615131455.092","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x000001b4","nNumberOfBytesToRead->61440"
"20190615131455.092","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToWrite->61440"
"20190615131455.092","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x000001b4","nNumberOfBytesToRead->28853"
"20190615131455.092","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToWrite->28853"
"20190615131455.092","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","memory","VirtualAllocEx","SUCCESS","0x00154000","th32ProcessID->304","szExeFile->HelpMe.exe","lpAddress->0x00154000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20190615131455.092","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x000001c0","nNumberOfBytesToRead->61440"
"20190615131455.092","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToWrite->61440"
"20190615131455.092","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x000001c0","nNumberOfBytesToRead->61440"
"20190615131455.092","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToWrite->61440"
"20190615131455.092","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x000001c0","nNumberOfBytesToRead->61440"
"20190615131455.092","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToWrite->61440"
"20190615131455.092","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x000001c0","nNumberOfBytesToRead->12288"
"20190615131455.092","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToWrite->12288"
"20190615131455.092","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToWrite->268"
"20190615131455.092","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToWrite->268"
"20190615131455.092","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegCreateKeyExW","SUCCESS","0x000001c4","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders"
"20190615131455.092","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001c4","lpValueName->Common Documents"
"20190615131455.092","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegCreateKeyExW","SUCCESS","0x000001c4","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders"
"20190615131455.092","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegSetValueExW","SUCCESS","","hKey->0x000001c4","lpValueName->Common Documents","dwType->1","lpData->C:\Documents and Settings\All Users\Documents","cbData->92"
"20190615131455.092","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegOpenKeyExW","SUCCESS","0x000001c4","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume"
"20190615131455.092","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegOpenKeyExW","SUCCESS","0x000001c0","hKey->0x000001c4","lpSubKey->{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20190615131455.092","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001c0","lpValueName->Generation"
"20190615131455.092","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","DeleteFileW","SUCCESS","","lpFileName->C:\cuckoo\dll\cmonitor.dll"
"20190615131455.092","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegCreateKeyExW","SUCCESS","0x000001c4","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders"
"20190615131455.092","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001c4","lpValueName->Desktop"
"20190615131455.092","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegCreateKeyExW","SUCCESS","0x000001c4","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders"
"20190615131455.092","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegSetValueExW","SUCCESS","","hKey->0x000001c4","lpValueName->Desktop","dwType->1","lpData->C:\Documents and Settings\janettedoe\Desktop","cbData->90"
"20190615131455.092","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegOpenKeyExW","SUCCESS","0x000001c4","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume"
"20190615131455.092","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegOpenKeyExW","SUCCESS","0x000001b4","hKey->0x000001c4","lpSubKey->{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20190615131455.092","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001b4","lpValueName->Generation"
"20190615131455.102","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegCreateKeyExW","SUCCESS","0x000001b4","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders"
"20190615131455.102","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001b4","lpValueName->Common Desktop"
"20190615131455.102","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegCreateKeyExW","SUCCESS","0x000001b4","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders"
"20190615131455.102","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegSetValueExW","SUCCESS","","hKey->0x000001b4","lpValueName->Common Desktop","dwType->1","lpData->C:\Documents and Settings\All Users\Desktop","cbData->88"
"20190615131455.102","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegOpenKeyExW","SUCCESS","0x000001b4","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume"
"20190615131455.102","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegOpenKeyExW","SUCCESS","0x000001c4","hKey->0x000001b4","lpSubKey->{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20190615131455.102","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001c4","lpValueName->Generation"
"20190615131455.102","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegOpenKeyExW","SUCCESS","0x000001c4","hKey->0x00000118","lpSubKey->FileExts"
"20190615131455.102","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegOpenKeyExW","FAILURE","","hKey->0x000001c4","lpSubKey->."
"20190615131455.102","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegOpenKeyExW","FAILURE","","hKey->0x000001c4","lpSubKey->."
"20190615131455.102","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_CLASSES_ROOT","lpSubKey->."
"20190615131455.102","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_CLASSES_ROOT","lpSubKey->SystemFileAssociations\."
"20190615131455.102","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_CLASSES_ROOT","lpSubKey->."
"20190615131455.102","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegOpenKeyExW","SUCCESS","0x000001d2","hKey->0x00000062","lpSubKey->Network\SharingHandler"
"20190615131455.102","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001d2","lpValueName->(null)"
"20190615131455.102","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","MoveFileWithProgressW","SUCCESS","","lpExistingFileName->C:\cuckoo\dll\cmonitor.dll.exe","lpNewFileName->C:\cuckoo\dll\cmonitor.dll"
"20190615131455.102","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","CreateFileW","SUCCESS","0x000001c0","lpFileName->C:\cuckoo\dll\Dqzyid.dll","dwDesiredAccess->GENERIC_READ"
"20190615131455.102","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x000001c0","nNumberOfBytesToRead->268"
"20190615131455.102","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegOpenKeyExW","SUCCESS","0x000001c0","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows NT\CurrentVersion\winlogon"
"20190615131455.102","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegQueryValueExW","FAILURE","","hKey->0x000001c0","lpValueName->UserEnvDebugLevel"
"20190615131455.102","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegOpenKeyExW","SUCCESS","0x000001c0","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows NT\CurrentVersion\winlogon"
"20190615131455.102","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegQueryValueExW","FAILURE","","hKey->0x000001c0","lpValueName->ChkAccDebugLevel"
"20190615131455.102","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegOpenKeyExW","SUCCESS","0x000001c0","hKey->HKEY_LOCAL_MACHINE","lpSubKey->System\CurrentControlSet\Control\ProductOptions"
"20190615131455.102","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001c0","lpValueName->ProductType"
"20190615131455.102","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegOpenKeyExW","SUCCESS","0x000001b4","hKey->0x000001d0","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders"
"20190615131455.102","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001b4","lpValueName->Personal"
"20190615131455.102","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001b4","lpValueName->Local Settings"
"20190615131455.102","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegOpenKeyExW","SUCCESS","0x000001d0","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows NT\CurrentVersion\winlogon"
"20190615131455.102","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegQueryValueExW","FAILURE","","hKey->0x000001d0","lpValueName->RsopDebugLevel"
"20190615131455.102","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegOpenKeyExW","SUCCESS","0x000001d0","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows NT\CurrentVersion\winlogon"
"20190615131455.102","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegQueryValueExW","FAILURE","","hKey->0x000001d0","lpValueName->UserEnvDebugLevel"
"20190615131455.102","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegQueryValueExW","FAILURE","","hKey->0x000001d0","lpValueName->RsopLogging"
"20190615131455.102","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Policies\Microsoft\Windows\System"
"20190615131455.102","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegOpenKeyExW","SUCCESS","0x000001d0","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows NT\CurrentVersion\winlogon"
"20190615131455.102","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegQueryValueExW","FAILURE","","hKey->0x000001d0","lpValueName->UserEnvDebugLevel"
"20190615131455.102","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Policies\Microsoft\Windows\System"
"20190615131455.112","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","system","LoadLibraryW","SUCCESS","0x773d0000","lpFileName->comctl32.dll"
"20190615131455.112","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","system","LoadLibraryW","SUCCESS","0x76990000","lpFileName->ntshrui.dll"
"20190615131455.112","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","CreateFileW","SUCCESS","0x000001d0","lpFileName->C:\44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","dwDesiredAccess->GENERIC_READ"
"20190615131455.112","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","CreateFileW","SUCCESS","0x000001d4","lpFileName->C:\cuckoo\dll\Dqzyid.dll","dwDesiredAccess->GENERIC_READ"
"20190615131455.112","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","CreateFileW","SUCCESS","0x000001d8","lpFileName->C:\cuckoo\dll\Dqzyid.dll.exe","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20190615131455.112","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","memory","VirtualAllocEx","SUCCESS","0x00154000","th32ProcessID->304","szExeFile->HelpMe.exe","lpAddress->0x00154000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20190615131455.112","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x000001d0","nNumberOfBytesToRead->61440"
"20190615131455.112","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToWrite->61440"
"20190615131455.112","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x000001d0","nNumberOfBytesToRead->61440"
"20190615131455.112","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToWrite->61440"
"20190615131455.112","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x000001d0","nNumberOfBytesToRead->61440"
"20190615131455.112","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToWrite->61440"
"20190615131455.112","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x000001d0","nNumberOfBytesToRead->61440"
"20190615131455.112","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToWrite->61440"
"20190615131455.112","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x000001d0","nNumberOfBytesToRead->61440"
"20190615131455.112","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToWrite->61440"
"20190615131455.112","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x000001d0","nNumberOfBytesToRead->61440"
"20190615131455.112","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToWrite->61440"
"20190615131455.112","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x000001d0","nNumberOfBytesToRead->61440"
"20190615131455.112","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToWrite->61440"
"20190615131455.112","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x000001d0","nNumberOfBytesToRead->61440"
"20190615131455.112","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToWrite->61440"
"20190615131455.112","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x000001d0","nNumberOfBytesToRead->61440"
"20190615131455.112","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToWrite->61440"
"20190615131455.112","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x000001d0","nNumberOfBytesToRead->61440"
"20190615131455.112","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToWrite->61440"
"20190615131455.112","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x000001d0","nNumberOfBytesToRead->61440"
"20190615131455.112","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToWrite->61440"
"20190615131455.112","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x000001d0","nNumberOfBytesToRead->61440"
"20190615131455.112","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToWrite->61440"
"20190615131455.112","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x000001d0","nNumberOfBytesToRead->61440"
"20190615131455.112","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToWrite->61440"
"20190615131455.112","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x000001d0","nNumberOfBytesToRead->61440"
"20190615131455.112","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToWrite->61440"
"20190615131455.112","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x000001d0","nNumberOfBytesToRead->61440"
"20190615131455.112","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToWrite->61440"
"20190615131455.112","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x000001d0","nNumberOfBytesToRead->61440"
"20190615131455.112","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToWrite->61440"
"20190615131455.112","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x000001d0","nNumberOfBytesToRead->61440"
"20190615131455.112","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToWrite->61440"
"20190615131455.112","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x000001d0","nNumberOfBytesToRead->28853"
"20190615131455.112","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToWrite->28853"
"20190615131455.112","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","system","LoadLibraryA","SUCCESS","0x76980000","lpFileName->LINKINFO.dll"
"20190615131455.112","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","CreateFileW","SUCCESS","0x000001e8","lpFileName->\\.\PIPE\srvsvc","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20190615131455.112","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","memory","VirtualAllocEx","SUCCESS","0x00154000","th32ProcessID->304","szExeFile->HelpMe.exe","lpAddress->0x00154000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20190615131455.112","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x000001d4","nNumberOfBytesToRead->61440"
"20190615131455.112","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToWrite->61440"
"20190615131455.112","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x000001d4","nNumberOfBytesToRead->61440"
"20190615131455.112","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToWrite->61440"
"20190615131455.112","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x000001d4","nNumberOfBytesToRead->61440"
"20190615131455.112","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToWrite->61440"
"20190615131455.112","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x000001d4","nNumberOfBytesToRead->12288"
"20190615131455.112","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToWrite->12288"
"20190615131455.112","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToWrite->268"
"20190615131455.112","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToWrite->268"
"20190615131455.112","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","DeleteFileW","FAILURE","","lpFileName->C:\cuckoo\dll\Dqzyid.dll"
"20190615131455.112","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","MoveFileWithProgressW","FAILURE","","lpExistingFileName->C:\cuckoo\dll\Dqzyid.dll.exe","lpNewFileName->C:\cuckoo\dll\Dqzyid.dll"
"20190615131455.112","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","CreateFileW","SUCCESS","0x000001d8","lpFileName->C:\cuckoo\dll\eoYkAP.dll","dwDesiredAccess->GENERIC_READ"
"20190615131455.112","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToRead->268"
"20190615131455.112","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","CreateFileW","SUCCESS","0x000001d8","lpFileName->C:\44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","dwDesiredAccess->GENERIC_READ"
"20190615131455.112","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","CreateFileW","SUCCESS","0x000001d4","lpFileName->C:\cuckoo\dll\eoYkAP.dll","dwDesiredAccess->GENERIC_READ"
"20190615131455.112","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","CreateFileW","SUCCESS","0x000001ec","lpFileName->C:\cuckoo\dll\eoYkAP.dll.exe","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20190615131455.112","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","memory","VirtualAllocEx","SUCCESS","0x00154000","th32ProcessID->304","szExeFile->HelpMe.exe","lpAddress->0x00154000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20190615131455.112","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToRead->61440"
"20190615131455.112","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToWrite->61440"
"20190615131455.112","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToRead->61440"
"20190615131455.112","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToWrite->61440"
"20190615131455.112","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToRead->61440"
"20190615131455.112","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToWrite->61440"
"20190615131455.112","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToRead->61440"
"20190615131455.112","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToWrite->61440"
"20190615131455.112","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToRead->61440"
"20190615131455.112","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToWrite->61440"
"20190615131455.112","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToRead->61440"
"20190615131455.112","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToWrite->61440"
"20190615131455.112","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToRead->61440"
"20190615131455.112","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToWrite->61440"
"20190615131455.112","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToRead->61440"
"20190615131455.112","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToWrite->61440"
"20190615131455.112","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToRead->61440"
"20190615131455.112","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToWrite->61440"
"20190615131455.112","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToRead->61440"
"20190615131455.112","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToWrite->61440"
"20190615131455.112","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToRead->61440"
"20190615131455.112","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToWrite->61440"
"20190615131455.112","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToRead->61440"
"20190615131455.112","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToWrite->61440"
"20190615131455.112","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToRead->61440"
"20190615131455.112","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToWrite->61440"
"20190615131455.112","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToRead->61440"
"20190615131455.112","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToWrite->61440"
"20190615131455.112","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToRead->61440"
"20190615131455.112","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToWrite->61440"
"20190615131455.112","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToRead->61440"
"20190615131455.112","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToWrite->61440"
"20190615131455.112","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToRead->61440"
"20190615131455.112","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToWrite->61440"
"20190615131455.112","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToRead->28853"
"20190615131455.112","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToWrite->28853"
"20190615131455.112","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","memory","VirtualAllocEx","SUCCESS","0x00154000","th32ProcessID->304","szExeFile->HelpMe.exe","lpAddress->0x00154000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20190615131455.122","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x000001d4","nNumberOfBytesToRead->61440"
"20190615131455.122","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToWrite->61440"
"20190615131455.122","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x000001d4","nNumberOfBytesToRead->61440"
"20190615131455.122","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToWrite->61440"
"20190615131455.122","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x000001d4","nNumberOfBytesToRead->61440"
"20190615131455.122","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToWrite->61440"
"20190615131455.122","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x000001d4","nNumberOfBytesToRead->12288"
"20190615131455.122","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToWrite->12288"
"20190615131455.122","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToWrite->268"
"20190615131455.122","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToWrite->268"
"20190615131455.122","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","DeleteFileW","FAILURE","","lpFileName->C:\cuckoo\dll\eoYkAP.dll"
"20190615131455.122","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","MoveFileWithProgressW","FAILURE","","lpExistingFileName->C:\cuckoo\dll\eoYkAP.dll.exe","lpNewFileName->C:\cuckoo\dll\eoYkAP.dll"
"20190615131455.122","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","CreateFileW","SUCCESS","0x000001ec","lpFileName->C:\cuckoo\files\.gitignore","dwDesiredAccess->GENERIC_READ"
"20190615131455.122","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToRead->268"
"20190615131455.122","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","CreateFileW","SUCCESS","0x000001ec","lpFileName->C:\44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","dwDesiredAccess->GENERIC_READ"
"20190615131455.122","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","CreateFileW","SUCCESS","0x000001d4","lpFileName->C:\cuckoo\files\.gitignore","dwDesiredAccess->GENERIC_READ"
"20190615131455.132","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegOpenKeyExW","SUCCESS","0x000001e8","hKey->HKEY_LOCAL_MACHINE","lpSubKey->System\CurrentControlSet\Control\ProductOptions"
"20190615131455.132","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001e8","lpValueName->ProductType"
"20190615131455.132","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegOpenKeyExW","SUCCESS","0x000001e8","hKey->HKEY_LOCAL_MACHINE","lpSubKey->System\CurrentControlSet\Services\LanmanServer\DefaultSecurity"
"20190615131455.132","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegQueryValueExW","FAILURE","","hKey->0x000001e8","lpValueName->SrvsvcDefaultShareInfo"
"20190615131455.132","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","CreateFileW","SUCCESS","0x000001e4","lpFileName->\\.\PIPE\lsarpc","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20190615131455.132","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","CreateFileW","SUCCESS","0x000001d8","lpFileName->C:\cuckoo\files\.gitignore.exe","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20190615131455.142","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","CreateFileW","SUCCESS","0x000001e8","lpFileName->\\.\PIPE\srvsvc","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20190615131455.152","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","memory","VirtualAllocEx","SUCCESS","0x00154000","th32ProcessID->304","szExeFile->HelpMe.exe","lpAddress->0x00154000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20190615131455.152","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToRead->61440"
"20190615131455.152","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToWrite->61440"
"20190615131455.162","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToRead->61440"
"20190615131455.162","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToWrite->61440"
"20190615131455.162","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToRead->61440"
"20190615131455.162","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToWrite->61440"
"20190615131455.162","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToRead->61440"
"20190615131455.162","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToWrite->61440"
"20190615131455.162","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToRead->61440"
"20190615131455.162","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToWrite->61440"
"20190615131455.162","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToRead->61440"
"20190615131455.162","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToWrite->61440"
"20190615131455.162","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToRead->61440"
"20190615131455.162","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToWrite->61440"
"20190615131455.162","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToRead->61440"
"20190615131455.162","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToWrite->61440"
"20190615131455.162","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToRead->61440"
"20190615131455.162","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToWrite->61440"
"20190615131455.162","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToRead->61440"
"20190615131455.162","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToWrite->61440"
"20190615131455.162","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToRead->61440"
"20190615131455.162","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToWrite->61440"
"20190615131455.162","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToRead->61440"
"20190615131455.162","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToWrite->61440"
"20190615131455.162","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToRead->61440"
"20190615131455.162","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToWrite->61440"
"20190615131455.162","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToRead->61440"
"20190615131455.162","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToWrite->61440"
"20190615131455.162","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToRead->61440"
"20190615131455.162","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToWrite->61440"
"20190615131455.162","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToRead->61440"
"20190615131455.162","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToWrite->61440"
"20190615131455.162","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToRead->61440"
"20190615131455.162","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToWrite->61440"
"20190615131455.162","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToRead->28853"
"20190615131455.162","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToWrite->28853"
"20190615131455.162","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x000001d4","nNumberOfBytesToRead->71"
"20190615131455.162","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToWrite->71"
"20190615131455.162","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToWrite->268"
"20190615131455.162","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToWrite->268"
"20190615131455.162","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","DeleteFileW","SUCCESS","","lpFileName->C:\cuckoo\files\.gitignore"
"20190615131455.162","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","MoveFileWithProgressW","SUCCESS","","lpExistingFileName->C:\cuckoo\files\.gitignore.exe","lpNewFileName->C:\cuckoo\files\.gitignore"
"20190615131455.162","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","CreateFileW","SUCCESS","0x000001d8","lpFileName->C:\cuckoo\logs\.gitignore","dwDesiredAccess->GENERIC_READ"
"20190615131455.162","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToRead->268"
"20190615131455.162","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","CreateFileW","SUCCESS","0x000001d8","lpFileName->C:\44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","dwDesiredAccess->GENERIC_READ"
"20190615131455.162","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","CreateFileW","SUCCESS","0x000001d4","lpFileName->C:\cuckoo\logs\.gitignore","dwDesiredAccess->GENERIC_READ"
"20190615131455.162","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","CreateFileW","SUCCESS","0x000001ec","lpFileName->C:\cuckoo\logs\.gitignore.exe","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20190615131455.162","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","CreateFileW","SUCCESS","0x000001e8","lpFileName->C:\44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","dwDesiredAccess->0x00000080"
"20190615131455.172","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","device","DeviceIoControl","SUCCESS","","hDevice->0x000001e8","dwIoControlCode->0x000900c0","lpInBuffer->0x00000000","nInBufferSize->0x00000000","lpOutBuffer->0x0120ece4","nOutBufferSize->0x00000040","lpBytesReturned->0x0120ecdc","lpOverlapped->0x00000000"
"20190615131455.172","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","CreateFileW","SUCCESS","0x000001e8","lpFileName->C:\Documents and Settings\janettedoe\Start Menu\Programs\Startup\Soft.lnk","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20190615131455.172","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","memory","VirtualAllocEx","SUCCESS","0x00154000","th32ProcessID->304","szExeFile->HelpMe.exe","lpAddress->0x00154000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20190615131455.172","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToRead->61440"
"20190615131455.172","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToWrite->61440"
"20190615131455.172","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToRead->61440"
"20190615131455.172","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToWrite->61440"
"20190615131455.172","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToRead->61440"
"20190615131455.172","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToWrite->61440"
"20190615131455.172","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToRead->61440"
"20190615131455.172","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToWrite->61440"
"20190615131455.172","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToRead->61440"
"20190615131455.172","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToWrite->61440"
"20190615131455.172","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToRead->61440"
"20190615131455.172","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToWrite->61440"
"20190615131455.172","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToRead->61440"
"20190615131455.172","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToWrite->61440"
"20190615131455.172","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToRead->61440"
"20190615131455.172","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToWrite->61440"
"20190615131455.172","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToRead->61440"
"20190615131455.172","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToWrite->61440"
"20190615131455.172","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToRead->61440"
"20190615131455.172","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToWrite->61440"
"20190615131455.172","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToRead->61440"
"20190615131455.172","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToWrite->61440"
"20190615131455.172","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToRead->61440"
"20190615131455.172","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToWrite->61440"
"20190615131455.172","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToRead->61440"
"20190615131455.172","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToWrite->61440"
"20190615131455.172","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToRead->61440"
"20190615131455.172","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToWrite->61440"
"20190615131455.172","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToRead->61440"
"20190615131455.172","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToWrite->61440"
"20190615131455.172","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToRead->61440"
"20190615131455.182","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToWrite->61440"
"20190615131455.182","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToRead->61440"
"20190615131455.182","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToWrite->61440"
"20190615131455.182","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToRead->28853"
"20190615131455.182","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToWrite->28853"
"20190615131455.182","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x000001d4","nNumberOfBytesToRead->71"
"20190615131455.182","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToWrite->71"
"20190615131455.182","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToWrite->268"
"20190615131455.182","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToWrite->268"
"20190615131455.182","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","DeleteFileW","SUCCESS","","lpFileName->C:\cuckoo\logs\.gitignore"
"20190615131455.182","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","MoveFileWithProgressW","SUCCESS","","lpExistingFileName->C:\cuckoo\logs\.gitignore.exe","lpNewFileName->C:\cuckoo\logs\.gitignore"
"20190615131455.182","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","CreateFileW","SUCCESS","0x000001ec","lpFileName->C:\cuckoo\logs\1252.csv","dwDesiredAccess->GENERIC_READ"
"20190615131455.182","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToRead->268"
"20190615131455.182","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","CreateFileW","SUCCESS","0x000001ec","lpFileName->C:\44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","dwDesiredAccess->GENERIC_READ"
"20190615131455.182","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","CreateFileW","SUCCESS","0x000001d4","lpFileName->C:\cuckoo\logs\1252.csv","dwDesiredAccess->GENERIC_READ"
"20190615131455.182","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","CreateFileW","SUCCESS","0x000001d8","lpFileName->C:\cuckoo\logs\1252.csv.exe","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20190615131455.182","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegOpenKeyExW","SUCCESS","0x000001e6","hKey->HKEY_CLASSES_ROOT","lpSubKey->Drive\shellex\FolderExtensions"
"20190615131455.182","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegOpenKeyExW","SUCCESS","0x00000202","hKey->HKEY_CLASSES_ROOT","lpSubKey->Drive\shellex\FolderExtensions\{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"20190615131455.182","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000202","lpValueName->DriveMask"
"20190615131455.192","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegCreateKeyExW","SUCCESS","0x00000200","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders"
"20190615131455.192","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000200","lpValueName->Start Menu"
"20190615131455.192","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegCreateKeyExW","SUCCESS","0x00000200","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders"
"20190615131455.192","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegSetValueExW","SUCCESS","","hKey->0x00000200","lpValueName->Start Menu","dwType->1","lpData->C:\Documents and Settings\janettedoe\Start Menu","cbData->96"
"20190615131455.192","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegOpenKeyExW","SUCCESS","0x00000200","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume"
"20190615131455.192","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegOpenKeyExW","SUCCESS","0x000001e4","hKey->0x00000200","lpSubKey->{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20190615131455.192","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001e4","lpValueName->Generation"
"20190615131455.192","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","memory","VirtualAllocEx","SUCCESS","0x00154000","th32ProcessID->304","szExeFile->HelpMe.exe","lpAddress->0x00154000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20190615131455.192","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToRead->61440"
"20190615131455.192","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToWrite->61440"
"20190615131455.192","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToRead->61440"
"20190615131455.192","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToWrite->61440"
"20190615131455.192","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToRead->61440"
"20190615131455.192","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToWrite->61440"
"20190615131455.192","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToRead->61440"
"20190615131455.192","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToWrite->61440"
"20190615131455.192","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToRead->61440"
"20190615131455.192","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToWrite->61440"
"20190615131455.192","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToRead->61440"
"20190615131455.192","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToWrite->61440"
"20190615131455.192","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToRead->61440"
"20190615131455.192","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToWrite->61440"
"20190615131455.192","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToRead->61440"
"20190615131455.192","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToWrite->61440"
"20190615131455.192","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToRead->61440"
"20190615131455.192","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToWrite->61440"
"20190615131455.192","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToRead->61440"
"20190615131455.192","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToWrite->61440"
"20190615131455.192","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToRead->61440"
"20190615131455.192","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToWrite->61440"
"20190615131455.192","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToRead->61440"
"20190615131455.192","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToWrite->61440"
"20190615131455.192","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToRead->61440"
"20190615131455.192","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToWrite->61440"
"20190615131455.192","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToRead->61440"
"20190615131455.192","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToWrite->61440"
"20190615131455.192","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToRead->61440"
"20190615131455.192","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToWrite->61440"
"20190615131455.192","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToRead->61440"
"20190615131455.192","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToWrite->61440"
"20190615131455.192","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToRead->61440"
"20190615131455.192","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToWrite->61440"
"20190615131455.192","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","ReadFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToRead->28853"
"20190615131455.192","1252","44e4fb67f45de96c4b872f82065de608155c73123035ecc48ab855c3859c368d","1204","filesystem","WriteFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToWrite->28853"
1252.csv
Client UrlCache MMF Ver 5.2
index.dat