Sample details: d573a8140cf71d1327e5543c3afc4b60 --

Hashes
MD5: d573a8140cf71d1327e5543c3afc4b60
SHA1: 359a01b0536240f15282fbaf25071bada36f5fd0
SHA256: e7eff11148c9f8600304fdfb69e5fe079fb72c5935b5ebd591d3554ac415f678
SSDEEP: 12288:gU866w0B2uJ2s4otqFCJrW9FqvSbqsHasgXhFHDAGtlRXZ+CP63n0NuJvm0aL7+x:gSGB2uJ2s4otqFCJrW9FqvSbqsHasgXS
Details
File Type: Composite
Yara Hits
CuckooSandbox/shellcode | CuckooSandbox/embedded_pe | CuckooSandbox/embedded_win_api | YRP/Borland | YRP/domain | YRP/url | YRP/contentis_base64 | YRP/maldoc_OLE_file_magic_number | YRP/Browsers | YRP/Dropper_Strings | YRP/SEH__vba | YRP/anti_dbg | YRP/network_dropper | YRP/spreading_file | YRP/win_mutex | YRP/win_registry | YRP/win_files_operation | YRP/win_hook | YRP/Big_Numbers3 | YRP/Str_Win32_Winsock2_Library | YRP/Str_Win32_Wininet_Library | YRP/Str_Win32_Internet_API | YRP/CAP_HookExKeylogger |
Strings
		Click to edit Master title style
Click to edit Master text styles
Second level
Third level
Fourth level
Fifth level
Click to edit Master text styles
Second level
Third level
Fourth level
Fifth level
Times New Roman
"Arial
Apple LaserWriter II NTX
PSCRIPT
Apple LaserWriter II NTX
powerpnt.ppt
# NOTE: Derived from ../../lib/POSIX.pm.
# Changes made here will be lost when autosplit is run again.
# See AutoSplit.pm.
package POSIX;
#line 585 "../../lib/POSIX.pm (autosplit into ../../lib/auto/POSIX/umask.al)"
sub umask {
    usage "umask(mask)" if @_ != 1;
    CORE::umask($_[0]);
# end of POSIX::umask
umask.al
[autorun]
open=AutoRun.exe
shell\1=Open
shell\1\Command=AutoRun.exe
shell\2\=Browser
shell\2\Command=AutoRun.exe
shellexecute=AutoRun.exe
AUTORUN.INF
Sub main
Plus()
Minus()
End Sub
"20190105033510.596","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","registry","RegOpenKeyExA","FAILURE","","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Borland\Locales"
"20190105033510.596","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","registry","RegOpenKeyExA","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Borland\Locales"
"20190105033510.596","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","registry","RegOpenKeyExA","FAILURE","","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Borland\Delphi\Locales"
"20190105033510.596","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","memory","VirtualAllocEx","SUCCESS","0x00150000","th32ProcessID->1344","szExeFile->883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","lpAddress->0x00000000","dwSize->1048576","flAllocationType->0x00002000","flProtect->0x00000001"
"20190105033510.596","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","memory","VirtualAllocEx","SUCCESS","0x00150000","th32ProcessID->1344","szExeFile->883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","lpAddress->0x00150000","dwSize->16384","flAllocationType->0x00001000","flProtect->0x00000004"
"20190105033510.616","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","memory","VirtualAllocEx","SUCCESS","0x00250000","th32ProcessID->1344","szExeFile->883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","lpAddress->0x00000000","dwSize->4096","flAllocationType->0x00001000","flProtect->0x00000040"
"20190105033510.626","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","device","DeviceIoControl","SUCCESS","","hDevice->0x00000034","dwIoControlCode->0x00390008","lpInBuffer->0x77e46318","nInBufferSize->0x00000100","lpOutBuffer->0x0012fc34","nOutBufferSize->0x00000100","lpBytesReturned->0x0012fc2c","lpOverlapped->0x00000000"
"20190105033510.626","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","device","DeviceIoControl","SUCCESS","","hDevice->0x00000034","dwIoControlCode->0x00390008","lpInBuffer->0x77e46318","nInBufferSize->0x00000100","lpOutBuffer->0x0012fc34","nOutBufferSize->0x00000100","lpBytesReturned->0x0012fc2c","lpOverlapped->0x00000000"
"20190105033510.626","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","device","DeviceIoControl","SUCCESS","","hDevice->0x00000034","dwIoControlCode->0x00390008","lpInBuffer->0x77e46318","nInBufferSize->0x00000100","lpOutBuffer->0x0012fc34","nOutBufferSize->0x00000100","lpBytesReturned->0x0012fc2c","lpOverlapped->0x00000000"
"20190105033510.626","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","device","DeviceIoControl","SUCCESS","","hDevice->0x00000034","dwIoControlCode->0x00390008","lpInBuffer->0x77e46318","nInBufferSize->0x00000100","lpOutBuffer->0x0012fc34","nOutBufferSize->0x00000100","lpBytesReturned->0x0012fc2c","lpOverlapped->0x00000000"
"20190105033510.626","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","device","DeviceIoControl","SUCCESS","","hDevice->0x00000034","dwIoControlCode->0x00390008","lpInBuffer->0x77e46318","nInBufferSize->0x00000100","lpOutBuffer->0x0012fc34","nOutBufferSize->0x00000100","lpBytesReturned->0x0012fc2c","lpOverlapped->0x00000000"
"20190105033510.626","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","device","DeviceIoControl","SUCCESS","","hDevice->0x00000034","dwIoControlCode->0x00390008","lpInBuffer->0x77e46318","nInBufferSize->0x00000100","lpOutBuffer->0x0012fc34","nOutBufferSize->0x00000100","lpBytesReturned->0x0012fc2c","lpOverlapped->0x00000000"
"20190105033510.626","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","device","DeviceIoControl","SUCCESS","","hDevice->0x00000034","dwIoControlCode->0x00390008","lpInBuffer->0x77e46318","nInBufferSize->0x00000100","lpOutBuffer->0x0012fc34","nOutBufferSize->0x00000100","lpBytesReturned->0x0012fc2c","lpOverlapped->0x00000000"
"20190105033510.636","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","filesystem","CreateFileW","SUCCESS","0x0000008c","lpFileName->C:\883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","dwDesiredAccess->GENERIC_READ"
"20190105033510.636","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","filesystem","ReadFile","SUCCESS","","hFile->0x0000008c","nNumberOfBytesToRead->268"
"20190105033510.636","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","filesystem","CreateFileW","SUCCESS","0x00000084","lpFileName->C:\WINDOWS\system32\HelpMe.exe","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20190105033510.636","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","memory","VirtualAllocEx","SUCCESS","0x00154000","th32ProcessID->1344","szExeFile->883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","lpAddress->0x00154000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20190105033510.636","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","filesystem","ReadFile","SUCCESS","","hFile->0x0000008c","nNumberOfBytesToRead->61440"
"20190105033510.636","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","filesystem","WriteFile","SUCCESS","","hFile->0x00000084","nNumberOfBytesToWrite->61440"
"20190105033510.636","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","filesystem","ReadFile","SUCCESS","","hFile->0x0000008c","nNumberOfBytesToRead->61440"
"20190105033510.646","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","filesystem","WriteFile","SUCCESS","","hFile->0x00000084","nNumberOfBytesToWrite->61440"
"20190105033510.646","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","filesystem","ReadFile","SUCCESS","","hFile->0x0000008c","nNumberOfBytesToRead->61440"
"20190105033510.646","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","filesystem","WriteFile","SUCCESS","","hFile->0x00000084","nNumberOfBytesToWrite->61440"
"20190105033510.646","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","filesystem","ReadFile","SUCCESS","","hFile->0x0000008c","nNumberOfBytesToRead->61440"
"20190105033510.646","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","filesystem","WriteFile","SUCCESS","","hFile->0x00000084","nNumberOfBytesToWrite->61440"
"20190105033510.646","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","filesystem","ReadFile","SUCCESS","","hFile->0x0000008c","nNumberOfBytesToRead->61440"
"20190105033510.646","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","filesystem","WriteFile","SUCCESS","","hFile->0x00000084","nNumberOfBytesToWrite->61440"
"20190105033510.646","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","filesystem","ReadFile","SUCCESS","","hFile->0x0000008c","nNumberOfBytesToRead->61440"
"20190105033510.646","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","filesystem","WriteFile","SUCCESS","","hFile->0x00000084","nNumberOfBytesToWrite->61440"
"20190105033510.646","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","filesystem","ReadFile","SUCCESS","","hFile->0x0000008c","nNumberOfBytesToRead->61440"
"20190105033510.646","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","filesystem","WriteFile","SUCCESS","","hFile->0x00000084","nNumberOfBytesToWrite->61440"
"20190105033510.646","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","filesystem","ReadFile","SUCCESS","","hFile->0x0000008c","nNumberOfBytesToRead->27501"
"20190105033510.646","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","filesystem","WriteFile","SUCCESS","","hFile->0x00000084","nNumberOfBytesToWrite->27501"
"20190105033510.656","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","synchronization","OpenMutexW","SUCCESS","0x00000098","dwDesiredAccess->0x00120001","lpName->ShimCacheMutex"
"20190105033510.656","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","registry","RegOpenKeyExW","SUCCESS","0x000000a4","hKey->0x000000a8","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders"
"20190105033510.656","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000a4","lpValueName->Cache"
"20190105033510.656","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","system","LoadLibraryA","SUCCESS","0x77dd0000","lpFileName->advapi32.dll"
"20190105033510.666","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","process","CreateProcessInternalW","SUCCESS","1072","lpApplicationName->(null)","lpCommandLine->C:\WINDOWS\system32\HelpMe.exe"
"20190105033510.666","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","process","WinExec","SUCCESS","","lpCmdLine->C:\WINDOWS\system32\HelpMe.exe"
"20190105033510.666","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","filesystem","ReadFile","SUCCESS","","hFile->0x0000008c","nNumberOfBytesToRead->268"
"20190105033510.666","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","filesystem","CreateFileW","FAILURE","","lpFileName->C:\DOCUME~1\JANETT~1\LOCALS~1\Temp\\Command=AutoRun.exe
shellexecute=AutoRun.exe
Bind","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20190105033510.666","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","memory","VirtualAllocEx","SUCCESS","0x00280000","th32ProcessID->1072","szExeFile->HelpMe.exe","lpAddress->0x00000000","dwSize->65536","flAllocationType->0x00002000","flProtect->0x00000004"
"20190105033510.677","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","memory","VirtualAllocEx","SUCCESS","0x00280000","th32ProcessID->1072","szExeFile->HelpMe.exe","lpAddress->0x00280000","dwSize->257","flAllocationType->0x00001000","flProtect->0x00000004"
"20190105033510.697","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","registry","RegOpenKeyExW","SUCCESS","0x00000090","hKey->0x000000ac","lpSubKey->Software\Microsoft\Windows\CurrentVersion\ThemeManager"
"20190105033510.697","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","registry","RegQueryValueExW","FAILURE","","hKey->0x00000090","lpValueName->Compositing"
"20190105033510.697","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","registry","RegOpenKeyExW","SUCCESS","0x00000090","hKey->0x000000ac","lpSubKey->Control Panel\Desktop"
"20190105033510.697","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","registry","RegQueryValueExW","FAILURE","","hKey->0x00000090","lpValueName->LameButtonText"
"20190105033510.697","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","system","LoadLibraryA","SUCCESS","0x5ad70000","lpFileName->uxtheme.dll"
"20190105033515.634","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","process","CreateRemoteThread","SUCCESS","0x000000ac","lpStartAddress->0x00404008","th32ProcessID->1072","szExeFile->HelpMe.exe"
"20190105033515.634","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","process","CreateRemoteThread","SUCCESS","0x000000b0","lpStartAddress->0x00404008","th32ProcessID->1072","szExeFile->HelpMe.exe"
"20190105033515.634","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","registry","RegCreateKeyExW","SUCCESS","0x000000bc","hKey->HKEY_LOCAL_MACHINE","lpSubKey->SoftWare\Microsoft\Windows NT\CurrentVersion\Winlogon"
"20190105033515.634","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","registry","RegSetValueExA","SUCCESS","","hKey->0x000000bc","lpValueName->Shell","dwType->1","lpData->Explorer.exe  HelpMe.exe","cbData->25"
"20190105033515.634","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","registry","RegCreateKeyExW","SUCCESS","0x000000c0","hKey->HKEY_LOCAL_MACHINE","lpSubKey->SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL"
"20190105033515.634","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","registry","RegSetValueExA","SUCCESS","","hKey->0x000000c0","lpValueName->CheckedValue","dwType->4","lpData->0","cbData->4"
"20190105033515.634","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","registry","RegCreateKeyExW","SUCCESS","0x000000c8","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders"
"20190105033515.634","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000c8","lpValueName->Startup"
"20190105033515.634","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","registry","RegCreateKeyExW","SUCCESS","0x000000c8","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders"
"20190105033515.634","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","registry","RegSetValueExW","SUCCESS","","hKey->0x000000c8","lpValueName->Startup","dwType->1","lpData->C:\Documents and Settings\janettedoe\Start Menu\Programs\Startup","cbData->130"
"20190105033515.634","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","system","LoadLibraryA","SUCCESS","0x774e0000","lpFileName->ole32.dll"
"20190105033515.634","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190105033515.634","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","registry","RegOpenKeyExW","SUCCESS","0x000000cc","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190105033515.634","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","registry","RegQueryValueExW","FAILURE","","hKey->0x000000cc","lpValueName->NoNetHood"
"20190105033515.634","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190105033515.634","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","registry","RegOpenKeyExW","SUCCESS","0x000000cc","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190105033515.634","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","registry","RegQueryValueExW","FAILURE","","hKey->0x000000cc","lpValueName->NoPropertiesMyComputer"
"20190105033515.634","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190105033515.634","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","registry","RegOpenKeyExW","SUCCESS","0x000000b8","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190105033515.634","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","registry","RegQueryValueExW","FAILURE","","hKey->0x000000b8","lpValueName->NoInternetIcon"
"20190105033515.634","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","registry","RegOpenKeyExA","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Applications\883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1"
"20190105033515.634","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190105033515.634","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","registry","RegOpenKeyExW","SUCCESS","0x000000b8","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190105033515.634","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","registry","RegQueryValueExW","FAILURE","","hKey->0x000000b8","lpValueName->NoCommonGroups"
"20190105033515.634","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","registry","RegOpenKeyExA","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Objects\{20D04FE0-3AEA-1069-A2D8-08002B30309D}"
"20190105033515.634","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190105033515.634","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","registry","RegOpenKeyExW","SUCCESS","0x000000b8","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190105033515.634","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","registry","RegQueryValueExW","FAILURE","","hKey->0x000000b8","lpValueName->NoControlPanel"
"20190105033515.634","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190105033515.634","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","registry","RegOpenKeyExW","SUCCESS","0x000000b8","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190105033515.634","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","registry","RegQueryValueExW","FAILURE","","hKey->0x000000b8","lpValueName->NoSetFolders"
"20190105033515.634","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","registry","RegOpenKeyExA","SUCCESS","0x000000ba","hKey->HKEY_CLASSES_ROOT","lpSubKey->CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32"
"20190105033515.634","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000ba","lpValueName->(null)"
"20190105033515.634","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","registry","RegOpenKeyExW","SUCCESS","0x000000d0","hKey->HKEY_LOCAL_MACHINE","lpSubKey->System\Setup"
"20190105033515.634","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000d0","lpValueName->SystemSetupInProgress"
"20190105033515.634","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->SYSTEM\CurrentControlSet\Control\MiniNT"
"20190105033515.634","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","registry","RegOpenKeyExW","SUCCESS","0x000000d0","hKey->HKEY_LOCAL_MACHINE","lpSubKey->System\WPA\PnP"
"20190105033515.634","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000d0","lpValueName->seed"
"20190105033515.634","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","registry","RegOpenKeyExW","SUCCESS","0x000000d0","hKey->HKEY_LOCAL_MACHINE","lpSubKey->SYSTEM\Setup"
"20190105033515.634","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000d0","lpValueName->OsLoaderPath"
"20190105033515.634","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000d0","lpValueName->OsLoaderPath"
"20190105033515.634","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","registry","RegOpenKeyExW","SUCCESS","0x000000d0","hKey->HKEY_LOCAL_MACHINE","lpSubKey->SYSTEM\Setup"
"20190105033515.634","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000d0","lpValueName->SystemPartition"
"20190105033515.634","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000d0","lpValueName->SystemPartition"
"20190105033515.634","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","registry","RegOpenKeyExW","SUCCESS","0x000000d0","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Setup"
"20190105033515.634","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000d0","lpValueName->SourcePath"
"20190105033515.634","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000d0","lpValueName->SourcePath"
"20190105033515.634","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","registry","RegOpenKeyExW","SUCCESS","0x000000d0","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Setup"
"20190105033515.634","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000d0","lpValueName->ServicePackSourcePath"
"20190105033515.634","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000d0","lpValueName->ServicePackSourcePath"
"20190105033515.634","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","registry","RegOpenKeyExW","SUCCESS","0x000000d0","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Setup"
"20190105033515.634","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000d0","lpValueName->ServicePackCachePath"
"20190105033515.634","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000d0","lpValueName->ServicePackCachePath"
"20190105033515.634","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","registry","RegOpenKeyExW","SUCCESS","0x000000d0","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Setup"
"20190105033515.634","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000d0","lpValueName->DriverCachePath"
"20190105033515.634","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000d0","lpValueName->DriverCachePath"
"20190105033515.634","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","registry","RegOpenKeyExW","SUCCESS","0x000000d0","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion"
"20190105033515.634","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000d0","lpValueName->DevicePath"
"20190105033515.634","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","synchronization","CreateMutexW","SUCCESS","0x000000cc","lpName->(null)"
"20190105033515.634","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","synchronization","CreateMutexW","SUCCESS","0x000000d8","lpName->(null)"
"20190105033515.634","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","synchronization","CreateMutexW","SUCCESS","0x000000e0","lpName->(null)"
"20190105033515.634","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","registry","RegOpenKeyExW","SUCCESS","0x000000e4","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Setup"
"20190105033515.634","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000e4","lpValueName->LogLevel"
"20190105033515.634","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000e4","lpValueName->LogLevel"
"20190105033515.634","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","registry","RegQueryValueExW","FAILURE","","hKey->0x000000e4","lpValueName->LogPath"
"20190105033515.634","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","registry","RegOpenKeyExW","FAILURE","","hKey->0x000000e4","lpSubKey->AppLogLevels"
"20190105033515.634","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","system","LoadLibraryA","SUCCESS","0x77920000","lpFileName->SETUPAPI.dll"
"20190105033515.634","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Rpc\PagedBuffers"
"20190105033515.634","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","registry","RegOpenKeyExA","SUCCESS","0x000000e4","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Rpc"
"20190105033515.634","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1\RpcThreadPoolThrottle"
"20190105033515.634","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Policies\Microsoft\Windows NT\Rpc"
"20190105033515.634","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","system","LoadLibraryW","SUCCESS","0x77e70000","lpFileName->rpcrt4.dll"
"20190105033515.634","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","filesystem","CreateFileW","SUCCESS","0x00000108","lpFileName->\\.\PIPE\lsarpc","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20190105033515.634","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","filesystem","CreateFileW","SUCCESS","0x00000110","lpFileName->C:\883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","dwDesiredAccess->GENERIC_READ"
"20190105033515.634","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","filesystem","ReadFile","SUCCESS","","hFile->0x00000110","nNumberOfBytesToRead->65536"
"20190105033515.634","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","filesystem","WriteFile","SUCCESS","","hFile->0x00000114","nNumberOfBytesToWrite->65536"
"20190105033515.634","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","filesystem","ReadFile","SUCCESS","","hFile->0x00000110","nNumberOfBytesToRead->65536"
"20190105033515.634","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","filesystem","WriteFile","SUCCESS","","hFile->0x00000114","nNumberOfBytesToWrite->65536"
"20190105033515.634","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","filesystem","ReadFile","SUCCESS","","hFile->0x00000110","nNumberOfBytesToRead->65536"
"20190105033515.634","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","filesystem","WriteFile","SUCCESS","","hFile->0x00000114","nNumberOfBytesToWrite->65536"
"20190105033515.634","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","filesystem","ReadFile","SUCCESS","","hFile->0x00000110","nNumberOfBytesToRead->65536"
"20190105033515.634","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","filesystem","WriteFile","SUCCESS","","hFile->0x00000114","nNumberOfBytesToWrite->65536"
"20190105033515.634","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","filesystem","ReadFile","SUCCESS","","hFile->0x00000110","nNumberOfBytesToRead->65536"
"20190105033515.634","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","filesystem","WriteFile","SUCCESS","","hFile->0x00000114","nNumberOfBytesToWrite->65536"
"20190105033515.634","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","filesystem","ReadFile","SUCCESS","","hFile->0x00000110","nNumberOfBytesToRead->65536"
"20190105033515.634","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","filesystem","WriteFile","SUCCESS","","hFile->0x00000114","nNumberOfBytesToWrite->65536"
"20190105033515.634","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","filesystem","ReadFile","SUCCESS","","hFile->0x00000110","nNumberOfBytesToRead->65536"
"20190105033515.634","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","filesystem","WriteFile","SUCCESS","","hFile->0x00000114","nNumberOfBytesToWrite->65046"
"20190105033515.634","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","filesystem","ReadFile","SUCCESS","","hFile->0x00000110","nNumberOfBytesToRead->65536"
"20190105033515.634","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","filesystem","CopyFileExW","SUCCESS","","lpExistingFileName->C:\883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","lpNewFileName->C:\AutoRun.exe"
"20190105033515.634","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","filesystem","CreateFileW","SUCCESS","0x00000110","lpFileName->C:\883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","dwDesiredAccess->GENERIC_READ"
"20190105033515.634","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","filesystem","ReadFile","SUCCESS","","hFile->0x00000110","nNumberOfBytesToRead->268"
"20190105033515.634","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","filesystem","CreateFileW","SUCCESS","0x00000110","lpFileName->C:\AUTOEXEC.BAT","dwDesiredAccess->GENERIC_READ"
"20190105033515.634","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","filesystem","ReadFile","SUCCESS","","hFile->0x00000110","nNumberOfBytesToRead->268"
"20190105033515.634","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","filesystem","CreateFileW","SUCCESS","0x00000110","lpFileName->C:\883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","dwDesiredAccess->GENERIC_READ"
"20190105033515.634","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","filesystem","CreateFileW","SUCCESS","0x00000118","lpFileName->C:\AUTOEXEC.BAT","dwDesiredAccess->GENERIC_READ"
"20190105033515.644","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","filesystem","CreateFileW","SUCCESS","0x0000010c","lpFileName->C:\AUTOEXEC.BAT.exe","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20190105033515.644","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","memory","VirtualAllocEx","SUCCESS","0x00154000","th32ProcessID->1072","szExeFile->HelpMe.exe","lpAddress->0x00154000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20190105033515.644","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","filesystem","ReadFile","SUCCESS","","hFile->0x00000110","nNumberOfBytesToRead->61440"
"20190105033515.644","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","filesystem","WriteFile","SUCCESS","","hFile->0x0000010c","nNumberOfBytesToWrite->61440"
"20190105033515.644","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","filesystem","ReadFile","SUCCESS","","hFile->0x00000110","nNumberOfBytesToRead->61440"
"20190105033515.644","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","filesystem","WriteFile","SUCCESS","","hFile->0x0000010c","nNumberOfBytesToWrite->61440"
"20190105033515.644","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","filesystem","ReadFile","SUCCESS","","hFile->0x00000110","nNumberOfBytesToRead->61440"
"20190105033515.644","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","filesystem","WriteFile","SUCCESS","","hFile->0x0000010c","nNumberOfBytesToWrite->61440"
"20190105033515.644","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","filesystem","ReadFile","SUCCESS","","hFile->0x00000110","nNumberOfBytesToRead->61440"
"20190105033515.644","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","filesystem","WriteFile","SUCCESS","","hFile->0x0000010c","nNumberOfBytesToWrite->61440"
"20190105033515.644","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","filesystem","ReadFile","SUCCESS","","hFile->0x00000110","nNumberOfBytesToRead->61440"
"20190105033515.644","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","filesystem","WriteFile","SUCCESS","","hFile->0x0000010c","nNumberOfBytesToWrite->61440"
"20190105033515.644","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","filesystem","ReadFile","SUCCESS","","hFile->0x00000110","nNumberOfBytesToRead->61440"
"20190105033515.644","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","filesystem","WriteFile","SUCCESS","","hFile->0x0000010c","nNumberOfBytesToWrite->61440"
"20190105033515.644","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","filesystem","ReadFile","SUCCESS","","hFile->0x00000110","nNumberOfBytesToRead->61440"
"20190105033515.644","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","filesystem","WriteFile","SUCCESS","","hFile->0x0000010c","nNumberOfBytesToWrite->61440"
"20190105033515.644","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","filesystem","ReadFile","SUCCESS","","hFile->0x00000110","nNumberOfBytesToRead->28182"
"20190105033515.644","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","filesystem","WriteFile","SUCCESS","","hFile->0x0000010c","nNumberOfBytesToWrite->28182"
"20190105033515.644","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","filesystem","WriteFile","SUCCESS","","hFile->0x0000010c","nNumberOfBytesToWrite->268"
"20190105033515.644","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","filesystem","WriteFile","SUCCESS","","hFile->0x0000010c","nNumberOfBytesToWrite->268"
"20190105033515.644","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","filesystem","CreateFileW","SUCCESS","0x00000104","lpFileName->\\.\PIPE\lsarpc","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20190105033515.644","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","filesystem","DeleteFileW","SUCCESS","","lpFileName->C:\AUTOEXEC.BAT"
"20190105033515.644","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","filesystem","MoveFileWithProgressW","SUCCESS","","lpExistingFileName->C:\AUTOEXEC.BAT.exe","lpNewFileName->C:\AUTOEXEC.BAT"
"20190105033515.644","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","filesystem","CreateFileW","SUCCESS","0x00000118","lpFileName->C:\AutoRun.exe","dwDesiredAccess->GENERIC_READ"
"20190105033515.644","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","filesystem","ReadFile","SUCCESS","","hFile->0x00000118","nNumberOfBytesToRead->268"
"20190105033515.644","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","filesystem","CreateFileW","SUCCESS","0x00000118","lpFileName->C:\AUTORUN.INF","dwDesiredAccess->GENERIC_READ"
"20190105033515.644","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","filesystem","ReadFile","SUCCESS","","hFile->0x00000118","nNumberOfBytesToRead->268"
"20190105033515.644","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","filesystem","CreateFileW","SUCCESS","0x00000118","lpFileName->C:\883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","dwDesiredAccess->GENERIC_READ"
"20190105033515.644","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","filesystem","CreateFileW","SUCCESS","0x00000110","lpFileName->C:\AUTORUN.INF","dwDesiredAccess->GENERIC_READ"
"20190105033515.664","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","filesystem","CreateFileW","SUCCESS","0x00000108","lpFileName->C:\AUTORUN.INF.exe","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20190105033515.664","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","device","DeviceIoControl","SUCCESS","","hDevice->0x00000124","dwIoControlCode->0x004d0008","lpInBuffer->0x00000000","nInBufferSize->0x00000000","lpOutBuffer->0x0120f37c","nOutBufferSize->0x00000208","lpBytesReturned->0x0120f374","lpOverlapped->0x00000000"
"20190105033515.664","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","filesystem","CreateFileW","SUCCESS","0x00000124","lpFileName->\\.\MountPointManager","dwDesiredAccess->ATTRIBUTES"
"20190105033515.664","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","device","DeviceIoControl","FAILURE","","hDevice->0x00000124","dwIoControlCode->0x006d0008","lpInBuffer->0x0049bbd8","nInBufferSize->0x00000046","lpOutBuffer->0x00498988","nOutBufferSize->0x00000020","lpBytesReturned->0x0120f374","lpOverlapped->0x00000000"
"20190105033515.664","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","device","DeviceIoControl","SUCCESS","","hDevice->0x00000124","dwIoControlCode->0x006d0008","lpInBuffer->0x0049bbd8","nInBufferSize->0x00000046","lpOutBuffer->0x00486100","nOutBufferSize->0x000000ee","lpBytesReturned->0x0120f374","lpOverlapped->0x00000000"
"20190105033515.664","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","registry","RegOpenKeyExW","SUCCESS","0x00000124","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume"
"20190105033515.664","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","registry","RegOpenKeyExW","SUCCESS","0x00000128","hKey->0x00000124","lpSubKey->{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20190105033515.664","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000128","lpValueName->Data"
"20190105033515.664","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","registry","RegOpenKeyExW","SUCCESS","0x00000128","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume"
"20190105033515.664","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","registry","RegOpenKeyExW","SUCCESS","0x00000124","hKey->0x00000128","lpSubKey->{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20190105033515.664","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000124","lpValueName->Generation"
"20190105033515.664","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","filesystem","CreateFileW","SUCCESS","0x00000124","lpFileName->\\.\MountPointManager","dwDesiredAccess->ATTRIBUTES"
"20190105033515.674","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","device","DeviceIoControl","FAILURE","","hDevice->0x00000124","dwIoControlCode->0x006d0034","lpInBuffer->0x0049cb28","nInBufferSize->0x00000208","lpOutBuffer->0x0049a048","nOutBufferSize->0x00000008","lpBytesReturned->0x0120f884","lpOverlapped->0x00000000"
"20190105033515.674","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","device","DeviceIoControl","SUCCESS","","hDevice->0x00000124","dwIoControlCode->0x006d0034","lpInBuffer->0x0049cb28","nInBufferSize->0x00000208","lpOutBuffer->0x0049cd38","nOutBufferSize->0x00000010","lpBytesReturned->0x0120f884","lpOverlapped->0x00000000"
"20190105033515.674","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","filesystem","CreateFileW","SUCCESS","0x00000124","lpFileName->\\.\MountPointManager","dwDesiredAccess->ATTRIBUTES"
"20190105033515.674","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","device","DeviceIoControl","FAILURE","","hDevice->0x00000124","dwIoControlCode->0x006d0034","lpInBuffer->0x0049cb28","nInBufferSize->0x00000208","lpOutBuffer->0x0049a048","nOutBufferSize->0x00000008","lpBytesReturned->0x0120f884","lpOverlapped->0x00000000"
"20190105033515.664","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","memory","VirtualAllocEx","SUCCESS","0x00154000","th32ProcessID->1072","szExeFile->HelpMe.exe","lpAddress->0x00154000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20190105033515.674","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","filesystem","ReadFile","SUCCESS","","hFile->0x00000118","nNumberOfBytesToRead->61440"
"20190105033515.674","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","filesystem","WriteFile","SUCCESS","","hFile->0x00000108","nNumberOfBytesToWrite->61440"
"20190105033515.674","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","filesystem","ReadFile","SUCCESS","","hFile->0x00000118","nNumberOfBytesToRead->61440"
"20190105033515.674","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","filesystem","WriteFile","SUCCESS","","hFile->0x00000108","nNumberOfBytesToWrite->61440"
"20190105033515.674","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","filesystem","ReadFile","SUCCESS","","hFile->0x00000118","nNumberOfBytesToRead->61440"
"20190105033515.674","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","filesystem","WriteFile","SUCCESS","","hFile->0x00000108","nNumberOfBytesToWrite->61440"
"20190105033515.674","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","filesystem","ReadFile","SUCCESS","","hFile->0x00000118","nNumberOfBytesToRead->61440"
"20190105033515.674","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","filesystem","WriteFile","SUCCESS","","hFile->0x00000108","nNumberOfBytesToWrite->61440"
"20190105033515.674","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","filesystem","ReadFile","SUCCESS","","hFile->0x00000118","nNumberOfBytesToRead->61440"
"20190105033515.674","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","filesystem","WriteFile","SUCCESS","","hFile->0x00000108","nNumberOfBytesToWrite->61440"
"20190105033515.674","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","filesystem","ReadFile","SUCCESS","","hFile->0x00000118","nNumberOfBytesToRead->61440"
"20190105033515.674","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","filesystem","WriteFile","SUCCESS","","hFile->0x00000108","nNumberOfBytesToWrite->61440"
"20190105033515.674","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","filesystem","ReadFile","SUCCESS","","hFile->0x00000118","nNumberOfBytesToRead->61440"
"20190105033515.674","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","filesystem","WriteFile","SUCCESS","","hFile->0x00000108","nNumberOfBytesToWrite->61440"
"20190105033515.674","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","filesystem","ReadFile","SUCCESS","","hFile->0x00000118","nNumberOfBytesToRead->28182"
"20190105033515.674","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","filesystem","WriteFile","SUCCESS","","hFile->0x00000108","nNumberOfBytesToWrite->28182"
"20190105033515.674","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","filesystem","ReadFile","SUCCESS","","hFile->0x00000110","nNumberOfBytesToRead->145"
"20190105033515.674","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","filesystem","WriteFile","SUCCESS","","hFile->0x00000108","nNumberOfBytesToWrite->145"
"20190105033515.674","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","filesystem","WriteFile","SUCCESS","","hFile->0x00000108","nNumberOfBytesToWrite->268"
"20190105033515.674","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","filesystem","WriteFile","SUCCESS","","hFile->0x00000108","nNumberOfBytesToWrite->268"
"20190105033515.674","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","filesystem","DeleteFileW","FAILURE","","lpFileName->C:\AUTORUN.INF"
"20190105033515.674","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","filesystem","MoveFileWithProgressW","FAILURE","","lpExistingFileName->C:\AUTORUN.INF.exe","lpNewFileName->C:\AUTORUN.INF"
"20190105033515.674","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","filesystem","CreateFileW","SUCCESS","0x00000108","lpFileName->C:\boot.ini","dwDesiredAccess->GENERIC_READ"
"20190105033515.674","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","filesystem","ReadFile","SUCCESS","","hFile->0x00000108","nNumberOfBytesToRead->268"
"20190105033515.674","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","filesystem","CreateFileW","SUCCESS","0x00000108","lpFileName->C:\883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","dwDesiredAccess->GENERIC_READ"
"20190105033515.674","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","filesystem","CreateFileW","SUCCESS","0x00000110","lpFileName->C:\boot.ini","dwDesiredAccess->GENERIC_READ"
"20190105033515.674","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","filesystem","CreateFileW","SUCCESS","0x00000118","lpFileName->C:\boot.ini.exe","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20190105033515.674","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","memory","VirtualAllocEx","SUCCESS","0x00154000","th32ProcessID->1072","szExeFile->HelpMe.exe","lpAddress->0x00154000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20190105033515.714","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","filesystem","ReadFile","SUCCESS","","hFile->0x00000108","nNumberOfBytesToRead->61440"
"20190105033515.714","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","filesystem","WriteFile","SUCCESS","","hFile->0x00000118","nNumberOfBytesToWrite->61440"
"20190105033515.714","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","filesystem","ReadFile","SUCCESS","","hFile->0x00000108","nNumberOfBytesToRead->61440"
"20190105033515.714","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","filesystem","WriteFile","SUCCESS","","hFile->0x00000118","nNumberOfBytesToWrite->61440"
"20190105033515.714","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","filesystem","ReadFile","SUCCESS","","hFile->0x00000108","nNumberOfBytesToRead->61440"
"20190105033515.714","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","filesystem","WriteFile","SUCCESS","","hFile->0x00000118","nNumberOfBytesToWrite->61440"
"20190105033515.714","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","filesystem","ReadFile","SUCCESS","","hFile->0x00000108","nNumberOfBytesToRead->61440"
"20190105033515.714","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","filesystem","WriteFile","SUCCESS","","hFile->0x00000118","nNumberOfBytesToWrite->61440"
"20190105033515.714","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","filesystem","ReadFile","SUCCESS","","hFile->0x00000108","nNumberOfBytesToRead->61440"
"20190105033515.714","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","filesystem","WriteFile","SUCCESS","","hFile->0x00000118","nNumberOfBytesToWrite->61440"
"20190105033515.714","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","filesystem","ReadFile","SUCCESS","","hFile->0x00000108","nNumberOfBytesToRead->61440"
"20190105033515.714","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","filesystem","WriteFile","SUCCESS","","hFile->0x00000118","nNumberOfBytesToWrite->61440"
"20190105033515.714","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","filesystem","ReadFile","SUCCESS","","hFile->0x00000108","nNumberOfBytesToRead->61440"
"20190105033515.714","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","filesystem","WriteFile","SUCCESS","","hFile->0x00000118","nNumberOfBytesToWrite->61440"
"20190105033515.714","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","filesystem","ReadFile","SUCCESS","","hFile->0x00000108","nNumberOfBytesToRead->28182"
"20190105033515.714","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","filesystem","WriteFile","SUCCESS","","hFile->0x00000118","nNumberOfBytesToWrite->28182"
"20190105033515.714","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","filesystem","ReadFile","SUCCESS","","hFile->0x00000110","nNumberOfBytesToRead->211"
"20190105033515.714","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","filesystem","WriteFile","SUCCESS","","hFile->0x00000118","nNumberOfBytesToWrite->211"
"20190105033515.714","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","filesystem","WriteFile","SUCCESS","","hFile->0x00000118","nNumberOfBytesToWrite->268"
"20190105033515.714","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","filesystem","WriteFile","SUCCESS","","hFile->0x00000118","nNumberOfBytesToWrite->268"
"20190105033515.714","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","device","DeviceIoControl","SUCCESS","","hDevice->0x00000124","dwIoControlCode->0x006d0034","lpInBuffer->0x0049cb28","nInBufferSize->0x00000208","lpOutBuffer->0x0049cd50","nOutBufferSize->0x00000010","lpBytesReturned->0x0120f884","lpOverlapped->0x00000000"
"20190105033515.714","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","registry","RegCreateKeyExW","SUCCESS","0x00000124","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20190105033515.714","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","registry","RegSetValueExW","SUCCESS","","hKey->0x00000124","lpValueName->BaseClass","dwType->1","lpData->Drive","cbData->12"
"20190105033515.714","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","registry","RegOpenKeyExW","SUCCESS","0x00000124","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume"
"20190105033515.714","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","registry","RegOpenKeyExW","SUCCESS","0x00000118","hKey->0x00000124","lpSubKey->{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20190105033515.714","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000118","lpValueName->Generation"
"20190105033515.724","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","system","LoadLibraryA","SUCCESS","0x7c9c0000","lpFileName->SHELL32.dll"
"20190105033515.724","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","system","LoadLibraryA","SUCCESS","0x774e0000","lpFileName->ole32.dll"
"20190105033515.724","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","registry","RegOpenKeyExW","SUCCESS","0x0000011a","hKey->HKEY_CLASSES_ROOT","lpSubKey->Directory"
"20190105033515.724","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","registry","RegOpenKeyExW","FAILURE","","hKey->0x0000011a","lpSubKey->CurVer"
"20190105033515.724","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","registry","RegOpenKeyExW","SUCCESS","0x00000126","hKey->0x0000011a","lpSubKey->(null)"
"20190105033515.724","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190105033515.724","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","registry","RegOpenKeyExW","SUCCESS","0x00000118","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190105033515.724","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","registry","RegQueryValueExW","FAILURE","","hKey->0x00000118","lpValueName->DontShowSuperHidden"
"20190105033515.724","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","registry","RegOpenKeyExW","SUCCESS","0x00000118","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer"
"20190105033515.724","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","registry","RegOpenKeyExW","SUCCESS","0x00000110","hKey->0x00000118","lpSubKey->(null)"
"20190105033515.724","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000110","lpValueName->ShellState"
"20190105033515.724","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000110","lpValueName->ShellState"
"20190105033515.724","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190105033515.724","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","registry","RegOpenKeyExW","SUCCESS","0x00000110","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190105033515.724","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","registry","RegQueryValueExW","FAILURE","","hKey->0x00000110","lpValueName->ForceActiveDesktopOn"
"20190105033515.724","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190105033515.724","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","registry","RegOpenKeyExW","SUCCESS","0x00000110","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190105033515.724","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","registry","RegQueryValueExW","FAILURE","","hKey->0x00000110","lpValueName->NoActiveDesktop"
"20190105033515.724","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\System"
"20190105033515.724","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190105033515.744","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","registry","RegOpenKeyExW","SUCCESS","0x00000110","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190105033515.744","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","registry","RegQueryValueExW","FAILURE","","hKey->0x00000110","lpValueName->NoWebView"
"20190105033515.744","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190105033515.744","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","registry","RegOpenKeyExW","SUCCESS","0x00000110","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190105033515.744","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","registry","RegQueryValueExW","FAILURE","","hKey->0x00000110","lpValueName->ClassicShell"
"20190105033515.744","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190105033515.744","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","registry","RegOpenKeyExW","SUCCESS","0x00000110","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190105033515.744","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","registry","RegQueryValueExW","FAILURE","","hKey->0x00000110","lpValueName->SeparateProcess"
"20190105033515.744","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190105033515.744","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","registry","RegOpenKeyExW","SUCCESS","0x00000110","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190105033515.744","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","registry","RegQueryValueExW","FAILURE","","hKey->0x00000110","lpValueName->NoNetCrawling"
"20190105033515.744","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190105033515.744","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","registry","RegOpenKeyExW","SUCCESS","0x00000110","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190105033515.744","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","registry","RegQueryValueExW","FAILURE","","hKey->0x00000110","lpValueName->NoSimpleStartMenu"
"20190105033515.744","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","registry","RegOpenKeyExW","SUCCESS","0x00000110","hKey->0x00000118","lpSubKey->Advanced"
"20190105033515.744","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000110","lpValueName->Hidden"
"20190105033515.744","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000110","lpValueName->ShowCompColor"
"20190105033515.744","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000110","lpValueName->HideFileExt"
"20190105033515.744","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000110","lpValueName->DontPrettyPath"
"20190105033515.744","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000110","lpValueName->ShowInfoTip"
"20190105033515.744","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000110","lpValueName->HideIcons"
"20190105033515.744","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000110","lpValueName->MapNetDrvBtn"
"20190105033515.744","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000110","lpValueName->WebView"
"20190105033515.744","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000110","lpValueName->Filter"
"20190105033515.744","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000110","lpValueName->ShowSuperHidden"
"20190105033515.744","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000110","lpValueName->SeparateProcess"
"20190105033515.744","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000110","lpValueName->NoNetCrawling"
"20190105033515.744","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","registry","RegOpenKeyExW","FAILURE","","hKey->0x00000126","lpSubKey->ShellEx\IconHandler"
"20190105033515.744","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","registry","RegQueryValueExW","FAILURE","","hKey->0x00000126","lpValueName->DocObject"
"20190105033515.744","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","registry","RegQueryValueExW","FAILURE","","hKey->0x00000126","lpValueName->BrowseInPlace"
"20190105033515.744","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","registry","RegOpenKeyExW","FAILURE","","hKey->0x00000126","lpSubKey->Clsid"
"20190105033515.744","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","registry","RegOpenKeyExW","SUCCESS","0x0000010a","hKey->HKEY_CLASSES_ROOT","lpSubKey->Folder"
"20190105033515.744","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","registry","RegOpenKeyExW","FAILURE","","hKey->0x0000010a","lpSubKey->Clsid"
"20190105033515.744","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","registry","RegQueryValueExW","FAILURE","","hKey->0x00000126","lpValueName->IsShortcut"
"20190105033515.744","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000126","lpValueName->AlwaysShowExt"
"20190105033515.744","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","registry","RegQueryValueExW","FAILURE","","hKey->0x00000126","lpValueName->NeverShowExt"
"20190105033515.804","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190105033515.804","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","registry","RegOpenKeyExW","SUCCESS","0x00000108","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190105033515.804","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","registry","RegQueryValueExW","FAILURE","","hKey->0x00000108","lpValueName->UseDesktopIniCache"
"20190105033515.814","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","filesystem","DeleteFileW","SUCCESS","","lpFileName->C:\boot.ini"
"20190105033515.814","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","filesystem","MoveFileWithProgressW","SUCCESS","","lpExistingFileName->C:\boot.ini.exe","lpNewFileName->C:\boot.ini"
"20190105033515.814","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","filesystem","CreateFileW","SUCCESS","0x00000108","lpFileName->C:\CONFIG.SYS","dwDesiredAccess->GENERIC_READ"
"20190105033515.814","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","filesystem","ReadFile","SUCCESS","","hFile->0x00000108","nNumberOfBytesToRead->268"
"20190105033515.814","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","filesystem","CreateFileW","SUCCESS","0x00000108","lpFileName->C:\883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","dwDesiredAccess->GENERIC_READ"
"20190105033515.814","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","filesystem","&\
G_K!0'
?u~ubyrmfgmfL
TDwPB\\\VuAOGB@
eil}jz n`$#&
WANAY]
VY\TCAQXG
kW09y~|k
07% TO
ZTGtUCXB
A[	$# 
|,;:u~k02fhyK@UUxSRUFC
rt{kk{w}~gpw
kgv}a*rm60+dp
PWVAMG
A@XX#Y\]
e6t{u7b
CICVIOVD
awoa6)
zU\@}G
dEN	> 	
TFjYKU
RNmN]\WUVEMVlJ
SSRWCh?
_rUL}M5
bgp't`2C
~(rao(~amnnxxujel#K@G
Gpo:61,6<5Vpama
\zWA@TA{R`UV]Kg
AO@RRQ
YEW#O2F
e6t{u7b
^iI[KW\
CICDU\
lMO6x}
*>xgBC@@G
V}AONGC|Rv[XGKl\4C[
AO@RRQ
G"yzz6e}
j-,5:?605)2oma
,/!dEN	R
MJVUMP
|UhfI@
)W`hG@
W{IEUFd\aPPQ
~RILzP@sZ{
JK*$:5&& O
?DR-ii{
omajel-dEN	]mE
y-q{sn!
dY]c`umtYRBZC\UAmzb|
fGPBGjK
EEQ'':aiq
GKsWIP
vqx)6pi
Cd_gBXGQ
]DbQNxolS]T
|Y[Y^FXwGK\
QO|GCPQZVME]l\ CW
WANAPV
a3t&!k`
FYdENT
1**2CH
xwxxabg/&
_DbC@W]vR
^\^DZ#
|\]e]G
APUV0^p
DEN]KJ
k`!t!fb
U]B+W`UVTFmYu^K
tdxVGQ]x\]_VuK
f{zqqq
YEtQLPHWD
gPRRdEN
NmN?: "1:<Lx[RI
VrIDUC`M_oCV
XNIQHFMSO
^6E]RUB~
bXtH@QCvb]P[DT
TQUQEPT
^6E]RUB~
*K|OEQGdM_oCV
XNIQHFMSO
^6E]RUB~
bXtH@QCvb]P[DT
TQUQEPT
^6E]RUB~
*K|OEQGdM_oCV
XNIQHFMSO
^6E]RUB~
bXtH@QCvb]P[DT
TQUQEPT
^6E]RUB~
*K|OEQGdM_oCV
XNIQHFMSO
^6E]RUB~
bXtH@QCvb]P[DT
TQUQEPT
^6E]RUB~
*K|OEQGdM_oCV
JK]PJOQXG
&TJSB`[gPd~G
DXY\E[_V
dEN2PEV6
^jYfF]DG 4
SPZG_[
qqyaaiq;dENG
@IP!(7
^jYfF]DG 4
SPZG_[
VId-		GXG
VIOoCT7#
J|P<21&6 
\@uHXCLKBE('
*K|:N9
8AQQBh
WKycE\_C\
YA{KOu]NIlP^Q
PVSVO\
flw!pcaD
^%^TUI
bawsg^Y
TCrK@G
>\ZTBkTV
N_"p{|f+vo`#v!F59
T]NIQH@@QO
bb&%}0b
@_"\]W
SSSSYG
/lK^UB@CEUX
gTTJ~ZXG
`awaiqk
DENT@MGVIO
G5m r|cf
_QOSSRSQT
C]C0^u^KEP
^[Nhy[ADTT
vBVRATsGTVc
wP\PvT
VZTAMGS\UQ
&0,!6FmAAIQ
kW+ c{b1sobuqu
UqLEP]m]cPEVT
VZTAMGS\UQ
VLU"XNIu
ewoa#:?G_[C
7'17d}md}cI(/8
V\\V@LBAKT
aMGVr]NIuQL[3C]
G5m r|cf
n%x+"qt
YIxG[d
A=-!Ma(
cdzstcf
F|VBKOG
F_kB`DS_SP
'"DJG!x}s=cb
^~EL`YD
lSEW[MC~
][#hpu*ysobuqt
]@~K@G /
e]VycLUCmSQ_UADVWZTi}LRFV
oT]Ahr^M_JR
BAFAk6	^
N_"p{|f+vo`#v!DD
q&y}b-r}{pxa|
TY]\CHCAU^
v\\S@GjK]Vc
qm{p&baCN@
"[k[[Q
qSSUCBN]eil)"
 )G 4a
lRLSZ_Zl_\RBi
]v|~pj|!h6ppv
t$/r1*!<67|a|
RK@GKA@
T_CN@sGVPC
f7t'pba
SSRRRQ
RICMmT]RKXK
.WEEV?
eu6ubxvkbuqf
aK_RUFCzw
QKvLQdEN]
p]TG]F
UZ"[T_
PVEM_a@FG
c-ssucc
_CsXYKwSYG
7daogbf
iI[+6"ONG!
<'6QxMb
|vpyqtswjelt
N\qMZx
RK_FWS
ZSSSTU
06! $6f
_G`PXAUgu]
blsrufc
4QYFTy
ZSSSTU
MCd6 !&26
OLWCMu
/Ywqstjc
]Cr]NIlYUVN
q- !qab
WANAPV
5b&'}`eA
$vCu!<7&hme
frwm}`mrrxkomapq}&
0^_DBYG
k'YPA@
QSSZQT
CN@V\_TD
`4"t&01AMG
\$\\WK	U
@TTG^m
pIC6HYyAQZ{GtOZe
cdsvu``
z*';oy|rv)9u"rqy{}
EbGQ/TJL_d
SXYKKJGVIO
cPEV]~Z
M@1evptd6D
BT^YBDGI
cPIvBQLgGHvLc
kmp ta2@N
zx!hl-.t"/=. &}|wq@
sVON	k_
EUMPTizZC_Q
Nhy[ADTT
gURWsXYK
qyarvgg
[,B	WT@|
PTT]GV^[
jev{p1dF
\}{w?h)+{rz<zys,xli
UFqY@-
DP@eX2
VSQPTT
VPCAJL@
5AMGf`zw'fc
di#03)<:28: coj
<DXUC^G4
UqLEP]l\fGMF
jcaog5:NIQI
`JKXG."	
c`}oma 
cER{UHN]qCD
^GV\JBPU
&GUg*2CHd:9&aiq
woau+c
x{uin),amn1
mYW@CQPhVa^QBJUB
VSVRPP
DENTF@EVIOPIE>
dEN7GKm#0-
_q.	<-:?
>69$nv
azqGRz\I
f_UGBPGKe
]A^MB\R@~omu
qyarpje
[iZ9lYO101
yruhoy
prynxozz}li
XDqY@s]JN
GTATk(
^J_SLi!x)
RSWSRV
B@CA]X@
OA16"&pfj
;[XG!1
.HGsIc
^_aqubj
di}al/~q .=}tpy~+#
U@fMW)R
FZ_@>v
DENT@MGVIO
63{ tjc
PhmKADC@
gUT|ET[e\KqZ{
gaaogkk
*|!ln~|'p
>,v ++-$G
UD1@Ry
NHZk\P
ma@CBF\E~on5 (G~sQFU\
gGYGVsXYK
qyarvgg
[,B	WT@|
^GVZG@PU
{PJtO2D
Ablsv}f1
QPUSANA	.PL
*~uk9{*'y
i.v{x-
YIeWNi
1$aco`wNIgac
cF[AIQKqwN
6TE}W	
cdvwucc
*uwtrgUBCKCLDaZP]DTZD
USTWYR
aCPXBGjK
;G_[ !&.g
qpICT>Y\U
1eaog?#dENGbC
gcm4UEEQ
4rIDUCd_bUQT
/nUvUBPBTTtSPVFB
~wzg~krlfqch
VZTAMGS\UQ
fluaiq5K@GQUQ
QDUvY]
6.'6!mJ`I
UCd_gC
X@~_NhDC_U
lVEPXZ^iO]V]VEM_RXh
BPBP\t
#t}$3~ <0& !
s'{u`/t:3jzb&
SXYKKLGVIO
cPEV]~Z
M@1evptd6D
TU\_GI
g\\MGUNmN]\WqZ
kf rw21@
(sN]SSVW
pHW ^	
cBYDGjK
qEX6x}upf`
^~D]RUPcD$
PU	TT_
QXG)G@G&
lRE[ICM2"
vbXGST
]G_[BA\[
vY\U~P
/e_`@G
azlWGwP\T~T]V
r[@WICMm_[SQp
Adms'tq
<pICTU
Y]U{Q^V
dVAAGM^oX[E_~	
T]qV[P
vw}!cz">e&"&Alo
E\v\TP@
Ffdqp!b`CM
\@IP~S{OVIQ2
bGlnd[\T
c`spvfb
~_rLLP
ni@QQT
`1rp$2dAO@AMG]sPX
F_lYOSPKyDn[
wFUCyod[\Tn
fepppbf
	&\d[	
BVIOF[f2
ko}pic,ddfG
W|AONGC|Rv[XGKl\4C[
AO@RRQ
G7mpu&dk
YBUTqRS]Q_
P	0#'7;
<5!QYepWQU
TQUQEPT
Zcessub6A
	+LSUU
>TA{Rl
ZzSB]FUFLiAWCB
vu{uazvngkyq
et}qfko}ojz7t
c1raiqb
bUW~@]LgG
:16 vCpU
!(JyUH
y{pilpypf}}fkpcme
N\qMZx
TAlsWY
DAnhASU
AfKYA]s
`1rp$2dAO@AMG]sPX
F_lYOSPKyDn[
lSV{DULFo[wHf
c`spvfb
_*)ullr{$5k&bfbzwa@
PHn X	
XMBQmN_TGN
]QP#DXU
0avrp6j_
_}AY@IPw^q
VMZVUG
Dd0'{ve0
VY\UAI
VION\t6
]zAONGJwU!HF
6_bAXC
VRWMYP
g7vsw5dGH
GjK?0n}
[zE]RG^m
yQdPTW
RXqNaeASDXV^eIEU
RN|PWLV
WW@OCT
UTTVYQTS
a3t&!k`
FYdENT
[zWA@TA{R`UV]Kg
AO@RRQ
5b&'}`eA
BUWYBDJ[
6,8pIC7x}q}bk
|ii{npafpillgf0t`CN@\E`DU.
ANCPTGecQIPF:
FIP$Pd~GtY]\
fepppbf
CvVwAA
D0Zf@Z
R[PAlo
TKIcYY
Fbf""r00@OCG
N\tPYLSlMO
E GBWphkFtY]\
fepppbf
CvVwAA
D0ZcWR
ni@QQT
YFGCNGJ
1T^sG]T
R/PHwK3
C2b  '02G
jgghjzcp~g(=30 <!VION\q"
DXU2'&
:0PCQMJV4
BIC$sEBBU_
AZRCQ/
!(FEdHIU
YAqOLT
mw[WWAGVL@CP\
B1UAGXY
d	PWUALP
JK]VGMQXGU
IDk6rzufk
J|P!NLU
eM{PXA\
JGjcQFBH
bPW|CP_~KApLu
`awaiqk
})r=jrga6t}5>b0&0AMGYEjA
~UKK	6
E]l)XA^MBZ_B~{K
'NCP6'
*&=V|MKBV
QiWQ[^VlPTQYGZZ_TBe
SKXKV][FG
RV[UCI
IFjVQ,G]^/T[iZf
qya%,?6QUQD
}^EQdEN
WBUCCe
EM[C_#]]H
YmVVRPB
UYEPW__GU
YDlIUwZXQlMO]
XV^TTiLP
CVCl=AQRRXU
A07 " ff
Y[*GBG 
cdzstcf
TJdZjP
QSSZQT
CN@BPTXD
A07 " ff
y~|o}`m1$+6>511kbgpIE#
<UiqCD'""1 
_VDlgX
<-?&,/
51/';+7~yQ	
PhVo[SCVC^VAlp|x
g\QsYG
C@WGiZ?iI[~ks;ucc
Di		{_\
CKpHMfpfTKCX_[
TEEQEG@
c-ssucc
\xii{3<	*-)
7;06=+
Z}fM@UCecYUY\
uZ]QKJE
USTWYR
pTT]pK@GPIE:&71<q
cer!uq
Cd_bUPW
TR[kNGU
s\^X^[
DR\G[~~G_
sCUTDVu\]Py
qyarvgg
USVQRV
OASVXS
G_K!0'
?u~ubyrlfgmfJFo[
yruhoveaap
aqmeqp
_DgWNi]A
BVVAdb
ZFAo'DA
mviu~zM
QtyVW]
rBPQGVsXYKn
wrpqgq
]\~TUPO	'
UcOATFJ
kg< 5 0+ <ch
_oE}@TW{TIpHd
f{{uqq
5Nhy[ADTT
vBVRATsGUPc
wP\PvT
[	J]KSA
uG_KCP]wAOG
JW41<<pea
RVLZTQ
1`sq#d6F
`@KXG5
GjK?0n}
[zE]RG^m
yQaG\GS
WXu\NbiCFY^WdH@P
RXr^ML]P
WANAPV
a3t&!k`
FYdENT
ZlYOSVF{Dn[L]@7^`
WANAPV
5b&'}`eA
VIOLbW:
[zWA@TA{R`UV]Kg
WANAPV
a3t&!k`
FYdENT
ZlYOSVF{Dn[L]@7^`
WANAPV
5b&'}`eA
VIOLbW:
[zWA@TA{R`UV]Kg
WANAPV
a3t&!k`
FYdENT
ZlYOSVF{Dn[L]@7^`
WANAPV
5b&'}`eA
VIOLbW:
[zWA@TA{R`UV]Kg
WANAPV
a3t&!k`
FYdENT
ZlYOSVF{Dn[L]@7^`
WANAPV
5b&'}`eA
VIOLbW:
[zWA@TA{R`UV]Kg
WANAPV
a3t&!k`
FYdENT
ZlYOSVF{Dn[L]@7^`
WANAPV
5b&'}`eA
VIOLbW:
[zWA@TA{R`UV]Kg
WANAPV
a3t&!k`
FYdENT
ZlYOSVF{Dn[L]@7^`
WANAPV
5b&'}`eA
VIOLbW:
[zWA@TA{R`UV]Kg
WANAPV
a3t&!k`
FYdENT
ZlYOSVF{Dn[L]@7^`
WANAPV
5b&'}`eA
VIOLbW:
CZ0x00000108","nNumberOfBytesToWrite->61440"
"20190105033515.864","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","filesystem","ReadFile","SUCCESS","","hFile->0x000001b0","nNumberOfBytesToRead->28182"
"20190105033515.864","13444
05317ef8c190585b7d5123d13aa7S
cae5594b502f7ed836c78:d1"
em"4 WrcveF
l#","h
L01x8#,"nNu%bm
/Vbiuen>28
&9 190
"4Qs&7
%q","1596",CTgmLR0EBM$
'=*0e7:PIAD
VZ@]EBM
le->883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","lpAddress->0x00000000","dwSize->65536","flAllocationType->0x00002000","flProtect->0x00000001"
"20190105033515.864","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1"eu85
y","VirtualAllocEx","SUCCE+R
,"0x00300000","th32Preces
Fil}/>HonpM
%rs->0
i{e->40q6*
bgi@ll
!uyooT:pe-
u1`00"0
4,}0x0
p1`04"m(b2
u1v.86
r$13aa7ccbc&e55tn
532f7ad83
d1","15y6","registry","RegOpenKeyExW","SUCC
SPZ\MX
01-0000
cae5594b502f7ed8csc7t1a1
~596","re
iqUyx(,"fdgO
dnKeyE
","VAIL
SE","2,2hKe{->5x100001g2#,"lpSu
Hey)>T4^btBsb
""01)0105 33%15.8642,"1344","88/J32
bb05#27
g8c190585b7d5123d13aA4c
f49(b502f7ed836c780d1","1596","2Aei3try","RegOpe>JeuGxW","SUCCESS","0x000001ca"
K100 014
#,"hpSubKey->(null	"
@TPMQ10
335a4.8
0344","883c12a"b0u
585"5d5
23d/1aa7ccbcae5594"50
90d12/"1796"
 registry","Re'Op%@9
SUCcFSS
200001b2","hKe9->rx000001ca","lpSubKey->CLSID\{00021401-0000-0000-C000-000000000046}"
"20190105033515.874","1344","883c12abb05317ef8c190585b7d5123d13aa7ccbcae5594b502f7ed836c780d1","1596","registry","RegOpenKeyExW","SUCCESS","0x000001ce","hKey->0x000001b2","lpSubKey->InprocServer32"
"20190105033515.874","1344","883c12abb05317ef8c190585b7d5123d13aa7cc
EDteEx
@p01Z0g
?2a14g
A6Ver3
f)B#201
W07e]LG!D?:
A%K[^cc
rG/he3
F8:31`
t@9rFb
+"FAI8
'bcdD8g
+b*#3!
sf(_'9 x.5rir5!]%d!
ubsab22>3e215a0bc?41d0?7c6%.%62>1%+%ub`ntsu~%+%Ub`HwbiLb~B
T%+%TRDDBTT%+%7
477776db%+%oLb~*97
777776df%+%kwTreLb~*9DKTNC[|75756376*7777*7777*D777*777777777731z%
%576>7672744262)?03%+%6433%+%??4d65fee72460ba?d6>72?2e0c2654c64ff0ddedfb22>3e275a0bc?41d0>
ea7cc7
 00n=<
	5Zu6c 
7_=]fce%d
Ba1"4b
D}x#4J
jU7S#ni"X(VE
l00 Zrx
Mkry<[;
1;}"g0u
;ru6tsdr}&(&VacNtajOa}A|S&(&WQGAAWW&(&4|444445gg&(&lOa}):LOA][GV
N_E4_R2
8l`Thb[
tfd|}ru
irunwUfqpjlm_F{solqfq_NlvmwSljmwp1_@QA\Vo
17e9f>
&F$=G"
%?80d9-
_C\A'_
;_	_.o
%cf6[3n
>80020E:
4aveXs
k004E-@?j
v990q0A*
p=4b50
a&1s44
u4dq",
.;2Pso
,"{z1b
@W0'eQ
780`E:
(ws->2
*nTYpeY9
v8","F
t\$8E;
I.6"D9_
gbhxf!D%e
\*G&k|q
(AKyste
j,"8:GK
,"SU7R,
J.Gydy
7:0dE/
e&s#H0
5(,I7t
csKHau
v0b500
m("SUAgDQ
 @tn)&
8BileLElg
2file|
Reaf2oe(&
"Vead/
 &,"Cp
}40012
)Ec#es
u;fga4	7acb
#vyA16
`)fce]0135
$grosm
x7}lmj
1d$)wD"Peg
pyJSTCC
RUQz_E
W-.l@fd\NruXbisa@s
mD\Giofls
POywwfmvZi~
ecbP\c`eoei
PIt|`c~i~.
.><=5<=<965?962)?;1*$.9:88. .24?h:;
!aTW","I
#kwFin
m60192
x`5121
-gaE55
M ,"3.
&xe$6#u
'ydj.2^1fWnl<9
-Wdry"-W[
?gmC'%
knalWf
m60192
_:6<uq
~6aBb0
mvegiq
*}->HI
kE,J[S`
~6aBb0
~7aA7c
"1A29b500
(KpenI
UCCG'U+[&
|2c782
#qeExU
?Ralug
MICbRAADW?Tpx
ERI7yjRHTEV
7"0016
'72pro
lpMdZb
*&,"lr
8WiZe-
|ea5cc
p -agX021c
c&8x3c
c&","j
*wToWp
d510Gu
c&Reaf
-45s17
d1"-V 896".
m60q90
7d50F"i13ac
v41p50
q%deyP86",
n^s^bu
\WbW@e=>7378<.
.><=5<=<1<6?972/0:=( .=?88. .44?o=>mnn<9?=;ij4o=5<949n;h9=>?h=?j
~cJWcq
5)hV5 
,2V\lu
MsdRX"<
feqisi|~
`CSERQ!(--#-hCiic"1?w?????>?7-#-aAzbmj}@iMv{j|[`]jnk"119;;5%
-5046:;?:?<<>>:"56
evnT1)P
aqj[cr
4r^	2v
m> Dq0 
Xr_u|yd
t.(:v"<xs3$N`,2
arb17052ca0j;2<8
RR9lssqrq!
$.z-#,y/=
UAEV@J@^V^
aILJiY_T
ileZ!?
Gg2 1;2327213737,::6". 3166 , 992b03`cc14206dg:a3;27:7`5f7301f31cc7ccbacg77;6`720d5gf:14a5:2f3 . 37;4 . dkngq{qvgo . UpkvgDkng . QWAAGQQ .  . jDkng/<2z222223aa . nNwo`gpMd@{vgqVmUpkvg/<43662 
 023;2327211717.8
d->0L"
,b15gB1
j836a8
6D'5_#@
dOqiteI
v6!U|02rB""
f8(8k,2
z4$2d"(
{c!t)brf|3!7ij4o=5<449n;h9=0?h=?mm;`ofgea11=0f146b3a`4?:o;4<h=. .=95:. .jljb{u
xia. .^imhJe`i. ._YOOI__. .. .dJe`i!2<t<<<<<=?8. .bByani~CjNuxi
Xc^imh!2:=88<.
.><=5<=<9<??9=9"448. .=?88. .44?o=>mnn<9?=;ij4o=5<949n>h?:
nUGCE$|V
,"h2sQe,>0
>>14@=
YFIleVj
a559@f
1c1m?Q
|6xe}S
z&,"11
6809n|
 485?h:n
d83DR8
74",W,
g"<6b3$8q,2<k3s
lws\6Q
`c!65br
g5!={8(
aUe`bo
:6",VV
f559A^
YV9EA;
#FAI8M
s"83:h
4[^E5(
Num53!
->2anq
"1d^4q
A5f]e5
aBBbga
oYea-<
@sAc:8
qMr-2a
7?"dq$
d_]BCE
Sr=@/ ^Ys
cbc>>k
#!~1;%
%,"T"j
9HKy6P
UREr!P
rbKY!"
KHIN1C
Oqen?l
ri[s"B
3[,[>li
v*~1-ClV'F#
vRqX-J&
44",D7W5
8:",",8
gESS"J-OyV?Oq Wk
Dg4$IK1O9pV?Oq`P=]mB
7(0d["
t ,"hj
p82G2g
z701=:
D7Y|im
E*Y6."1_8
Q S1^Q
 <b US
D Y6."1_8
nEO@US';D2<{ 
acem|o81
G9[5D:S4
K853[?
P`b!Ap
vbx","8m
Q2F5A&]
fdvR#[
omQo|p0
2@n~De
?872,W=
=x1Z=#
Uo`jshes\~
~;43tD'
&59^&-"m
	J|#!ebb	
536c7ao;oy
l,5rD\
\fb0_3
_0M4	:@0
kYztFr=
:3Ek=x0
7(]b'd5
q*f'ed
t!4","
33$tF6o
=fvRga
4P34c7
*?oNu-Y
;,4.93
9XjA5u
f(26c7
kddFil
< y000
#SU+BDSS
503[405.
1q@","
0008_<
[4o2)0@*_
4?mb'bcbcR
<%80x0
S@20)g
%Nty{T
D"	+F&a
~9"B:c
8t Gy}0L
*evDpxx>
z00xxDHN
aX5233
893cE;
VBlK6i
@#",Hk
711f^!
1!X!333
3c1Zecb0
6mNu;5
rqkk`0
XyrA1t_
H&-Vk>
6o780W
s_0{)p
8DYxD"
;y00V	x)i
gd]Filu
<0503jjon
i5123=nm:
#V}{7(4sDB
%<56c7
cgnZ1b]6
R!24}ryl
g}#Y?y
d,W?q9
t"SS9] u
;t$,v-
UQPXY]Y[
PPPPPPPP
PPPPPPPP
PostTrampSize %d
YWORD 
DQWORD 
TBYTE 
QWORD 
DWORD 
 ;NOT TAKEN
 ;TAKEN
REPNZ 
UNDEFINED
CALL FAR
LOOPNZ
JMP FAR
SYSCALL
SYSRET
WBINVD
SYSENTER
SYSEXIT
GETSEC
CMOVNO
CMOVAE
CMOVNZ
CMOVBE
CMOVNS
CMOVNP
CMOVGE
CMOVLE
CMPXCHG
MOVNTI
INVLPG
VMCALL
VMLAUNCH
VMRESUME
VMXOFF
MONITOR
XGETBV
XSETBV
VMMCALL
VMLOAD
VMSAVE
SKINIT
INVLPGA
SWAPGS
RDTSCP
PREFETCH
PREFETCHW
PFNACC
PFPNACC
PFCMPGE
PFRSQRT
PFCMPGT
PFRCPIT1
PFRSQIT1
PFSUBR
PFCMPEQ
PFRCPIT2
PMULHRW
PSWAPD
PAVGUSB
MOVUPS
MOVUPD
VMOVSS
VMOVSD
VMOVUPS
VMOVUPD
MOVHLPS
MOVLPS
MOVLPD
MOVSLDUP
MOVDDUP
VMOVHLPS
VMOVLPS
VMOVLPD
VMOVSLDUP
VMOVDDUP
UNPCKLPS
UNPCKLPD
VUNPCKLPS
VUNPCKLPD
UNPCKHPS
UNPCKHPD
VUNPCKHPS
VUNPCKHPD
MOVLHPS
MOVHPS
MOVHPD
MOVSHDUP
VMOVLHPS
VMOVHPS
VMOVHPD
VMOVSHDUP
PREFETCHNTA
PREFETCHT0
PREFETCHT1
PREFETCHT2
MOVAPS
MOVAPD
VMOVAPS
VMOVAPD
CVTPI2PS
CVTPI2PD
CVTSI2SS
CVTSI2SD
VCVTSI2SS
VCVTSI2SD
MOVNTPS
MOVNTPD
MOVNTSS
MOVNTSD
VMOVNTPS
VMOVNTPD
CVTTPS2PI
CVTTPD2PI
CVTTSS2SI
CVTTSD2SI
VCVTTSS2SI
VCVTTSD2SI
CVTPS2PI
CVTPD2PI
CVTSS2SI
CVTSD2SI
VCVTSS2SI
VCVTSD2SI
UCOMISS
UCOMISD
VUCOMISS
VUCOMISD
COMISS
COMISD
VCOMISS
VCOMISD
PSHUFB
VPSHUFB
PHADDW
VPHADDW
PHADDD
VPHADDD
PHADDSW
VPHADDSW
PMADDUBSW
VPMADDUBSW
PHSUBW
VPHSUBW
PHSUBD
VPHSUBD
PHSUBSW
VPHSUBSW
PSIGNB
VPSIGNB
PSIGNW
VPSIGNW
PSIGND
VPSIGND
PMULHRSW
VPMULHRSW
VPERMILPS
VPERMILPD
VPTESTPS
VPTESTPD
PBLENDVB
BLENDVPS
BLENDVPD
VPTEST
VBROADCASTSS
VBROADCASTSD
VBROADCASTF128
VPABSB
VPABSW
VPABSD
PMOVSXBW
VPMOVSXBW
PMOVSXBD
VPMOVSXBD
PMOVSXBQ
VPMOVSXBQ
PMOVSXWD
VPMOVSXWD
PMOVSXWQ
VPMOVSXWQ
PMOVSXDQ
VPMOVSXDQ
PMULDQ
VPMULDQ
PCMPEQQ
VPCMPEQQ
MOVNTDQA
VMOVNTDQA
PACKUSDW
VPACKUSDW
VMASKMOVPS
VMASKMOVPD
PMOVZXBW
VPMOVZXBW
PMOVZXBD
VPMOVZXBD
PMOVZXBQ
VPMOVZXBQ
PMOVZXWD
VPMOVZXWD
PMOVZXWQ
VPMOVZXWQ
PMOVZXDQ
VPMOVZXDQ
PCMPGTQ
VPCMPGTQ
PMINSB
VPMINSB
PMINSD
VPMINSD
PMINUW
VPMINUW
PMINUD
VPMINUD
PMAXSB
VPMAXSB
PMAXSD
VPMAXSD
PMAXUW
VPMAXUW
PMAXUD
VPMAXUD
PMULLD
VPMULLD
PHMINPOSUW
VPHMINPOSUW
INVEPT
INVVPID
VFMADDSUB132PS
VFMADDSUB132PD
VFMSUBADD132PS
VFMSUBADD132PD
VFMADD132PS
VFMADD132PD
VFMADD132SS
VFMADD132SD
VFMSUB132PS
VFMSUB132PD
VFMSUB132SS
VFMSUB132SD
VFNMADD132PS
VFNMADD132PD
VFNMADD132SS
VFNMADD132SD
VFNMSUB132PS
VFNMSUB132PD
VFNMSUB132SS
VFNMSUB132SD
VFMADDSUB213PS
VFMADDSUB213PD
VFMSUBADD213PS
VFMSUBADD213PD
VFMADD213PS
VFMADD213PD
VFMADD213SS
VFMADD213SD
VFMSUB213PS
VFMSUB213PD
VFMSUB213SS
VFMSUB213SD
VFNMADD213PS
VFNMADD213PD
VFNMADD213SS
VFNMADD213SD
VFNMSUB213PS
VFNMSUB213PD
VFNMSUB213SS
VFNMSUB213SD
VFMADDSUB231PS
VFMADDSUB231PD
VFMSUBADD231PS
VFMSUBADD231PD
VFMADD231PS
VFMADD231PD
VFMADD231SS
VFMADD231SD
VFMSUB231PS
VFMSUB231PD
VFMSUB231SS
VFMSUB231SD
VFNMADD231PS
VFNMADD231PD
VFNMADD231SS
VFNMADD231SD
VFNMSUB231PS
VFNMSUB231PD
VFNMSUB231SS
VFNMSUB231SD
AESIMC
VAESIMC
AESENC
VAESENC
AESENCLAST
VAESENCLAST
AESDEC
VAESDEC
AESDECLAST
VAESDECLAST
VPERM2F128
ROUNDPS
VROUNDPS
ROUNDPD
VROUNDPD
ROUNDSS
VROUNDSS
ROUNDSD
VROUNDSD
BLENDPS
VBLENDPS
BLENDPD
VBLENDPD
PBLENDW
VPBLENDVW
PALIGNR
VPALIGNR
PEXTRB
VPEXTRB
PEXTRW
VPEXTRW
PEXTRD
PEXTRQ
VPEXTRD
EXTRACTPS
VEXTRACTPS
VINSERTF128
VEXTRACTF128
PINSRB
VPINSRB
INSERTPS
VINSERTPS
PINSRD
PINSRQ
VPINSRD
VPINSRQ
MPSADBW
VMPSADBW
PCLMULQDQ
VPCLMULQDQ
VBLENDVPS
VBLENDVPD
VPBLENDVB
PCMPESTRM
VPCMPESTRM
PCMPESTRI
VCMPESTRI
PCMPISTRM
VPCMPISTRM
PCMPISTRI
VPCMPISTRI
AESKEYGENASSIST
VAESKEYGENASSIST
MOVMSKPS
MOVMSKPD
VMOVMSKPS
VMOVMSKPD
SQRTPS
SQRTPD
SQRTSS
SQRTSD
VSQRTSS
VSQRTSD
VSQRTPS
VSQRTPD
RSQRTPS
RSQRTSS
VRSQRTSS
VRSQRTPS
VRCPSS
VRCPPS
VANDPS
VANDPD
ANDNPS
ANDNPD
VANDNPS
VANDNPD
VXORPS
VXORPD
VADDPS
VADDPD
VADDSS
VADDSD
VMULPS
VMULPD
VMULSS
VMULSD
CVTPS2PD
CVTPD2PS
CVTSS2SD
CVTSD2SS
VCVTSS2SD
VCVTSD2SS
VCVTPS2PD
VCVTPD2PS
CVTDQ2PS
CVTPS2DQ
CVTTPS2DQ
VCVTDQ2PS
VCVTPS2DQ
VCVTTPS2DQ
VSUBPS
VSUBPD
VSUBSS
VSUBSD
VMINPS
VMINPD
VMINSS
VMINSD
VDIVPS
VDIVPD
VDIVSS
VDIVSD
VMAXPS
VMAXPD
VMAXSS
VMAXSD
PUNPCKLBW
VPUNPCKLBW
PUNPCKLWD
VPUNPCKLWD
PUNPCKLDQ
VPUNPCKLDQ
PACKSSWB
VPACKSSWB
PCMPGTB
VPCMPGTB
PCMPGTW
VPCMPGTW
PCMPGTD
VPCMPGTD
PACKUSWB
VPACKUSWB
PUNPCKHBW
VPUNPCKHBW
PUNPCKHWD
VPUNPCKHWD
PUNPCKHDQ
VPUNPCKHDQ
PACKSSDW
VPACKSSDW
PUNPCKLQDQ
VPUNPCKLQDQ
PUNPCKHQDQ
VPUNPCKHQDQ
MOVDQA
MOVDQU
VMOVDQA
VMOVDQU
PSHUFW
PSHUFD
PSHUFHW
PSHUFLW
VPSHUFD
VPSHUFHW
VPSHUFLW
VPSRLW
VPSRAW
VPSLLW
VPSRLD
VPSRAD
VPSLLD
VPSRLQ
PSRLDQ
VPSRLDQ
VPSLLQ
PSLLDQ
VPSLLDQ
PCMPEQB
VPCMPEQB
PCMPEQW
VPCMPEQW
PCMPEQD
VPCMPEQD
VZEROUPPER
VZEROALL
VMREAD
INSERTQ
VMWRITE
HADDPD
HADDPS
VHADDPD
VHADDPS
HSUBPD
HSUBPS
VHSUBPD
VHSUBPS
FXSAVE
FXRSTOR
LFENCE
XRSTOR
MFENCE
SFENCE
CLFLUSH
LDMXCSR
VLDMXCSR
STMXCSR
VSTMXCSR
POPCNT
CMPEQPS
CMPLTPS
CMPLEPS
CMPUNORDPS
CMPNEQPS
CMPNLTPS
CMPNLEPS
CMPORDPS
CMPEQPD
CMPLTPD
CMPLEPD
CMPUNORDPD
CMPNEQPD
CMPNLTPD
CMPNLEPD
CMPORDPD
CMPEQSS
CMPLTSS
CMPLESS
CMPUNORDSS
CMPNEQSS
CMPNLTSS
CMPNLESS
CMPORDSS
CMPEQSD
CMPLTSD
CMPLESD
CMPUNORDSD
CMPNEQSD
CMPNLTSD
CMPNLESD
CMPORDSD
VCMPEQPS
VCMPLTPS
VCMPLEPS
VCMPUNORDPS
VCMPNEQPS
VCMPNLTPS
VCMPNLEPS
VCMPORDPS
VCMPEQPD
VCMPLTPD
VCMPLEPD
VCMPUNORDPD
VCMPNEQPD
VCMPNLTPD
VCMPNLEPD
VCMPORDPD
VCMPEQSS
VCMPLTSS
VCMPLESS
VCMPUNORDSS
VCMPNEQSS
VCMPNLTSS
VCMPNLESS
VCMPORDSS
VCMPEQSD
VCMPLTSD
VCMPLESD
VCMPUNORDSD
VCMPNEQSD
VCMPNLTSD
VCMPNLESD
VCMPORDSD
PINSRW
VPINSRW
SHUFPS
SHUFPD
VSHUFPS
VSHUFPD
CMPXCHG8B
CMPXCHG16B
VMPTRST
VMPTRLD
VMCLEAR
ADDSUBPD
ADDSUBPS
VADDSUBPD
VADDSUBPS
VPADDQ
PMULLW
VPMULLW
MOVQ2DQ
MOVDQ2Q
PMOVMSKB
VPMOVMSKB
PSUBUSB
VPSUBUSB
PSUBUSW
VPSUBUSW
PMINUB
VPMINUB
PADDUSB
VPADDUSW
PADDUSW
PMAXUB
VPMAXUB
VPANDN
VPAVGB
VPAVGW
PMULHUW
VPMULHUW
PMULHW
VPMULHW
CVTTPD2DQ
CVTDQ2PD
CVTPD2DQ
VCVTTPD2DQ
VCVTDQ2PD
VCVTPD2DQ
MOVNTQ
MOVNTDQ
VMOVNTDQ
PSUBSB
VPSUBSB
PSUBSW
VPSUBSW
PMINSW
VPMINSW
PADDSB
VPADDSB
PADDSW
VPADDSW
PMAXSW
VPMAXSW
VLDDQU
PMULUDQ
VPMULUDQ
PMADDWD
VPMADDWD
PSADBW
VPSADBW
MASKMOVQ
MASKMOVDQU
VMASKMOVDQU
VPSUBB
VPSUBW
VPSUBD
VPSUBQ
VPADDB
VPADDW
VPADDD
FLDENV
FLDL2T
FLDL2E
FLDLG2
FLDLN2
FPATAN
FXTRACT
FPREM1
FDECSTP
FINCSTP
FYL2XP1
FSINCOS
FRNDINT
FSCALE
FNSTENV
FSTENV
FNSTCW
FICOMP
FISUBR
FIDIVR
FCMOVB
FCMOVE
FCMOVBE
FCMOVU
FUCOMPP
FISTTP
FCMOVNB
FCMOVNE
FCMOVNBE
FCMOVNU
FEDISI
FSETPM
FUCOMI
FNCLEX
FNINIT
FRSTOR
FUCOMP
FNSAVE
FNSTSW
FCOMPP
FSUBRP
FDIVRP
FUCOMIP
FCOMIP
MOVSXD
bad allocation
(null)
`h````
xpxxxx
Unknown exception
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
CorExitProcess
HH:mm:ss
dddd, MMMM dd, yyyy
MM/dd/yy
December
November
October
September
August
February
January
Saturday
Friday
Thursday
Wednesday
Tuesday
Monday
Sunday
`h`hhh
xppwpp
 !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
 Complete Object Locator'
 Class Hierarchy Descriptor'
 Base Class Array'
 Base Class Descriptor at (
 Type Descriptor'
`local static thread guard'
`managed vector copy constructor iterator'
`vector vbase copy constructor iterator'
`vector copy constructor iterator'
`dynamic atexit destructor for '
`dynamic initializer for '
`eh vector vbase copy constructor iterator'
`eh vector copy constructor iterator'
`managed vector destructor iterator'
`managed vector constructor iterator'
`placement delete[] closure'
`placement delete closure'
`omni callsig'
 delete[]
 new[]
`local vftable constructor closure'
`local vftable'
`udt returning'
`copy constructor closure'
`eh vector vbase constructor iterator'
`eh vector destructor iterator'
`eh vector constructor iterator'
`virtual displacement map'
`vector vbase constructor iterator'
`vector destructor iterator'
`vector constructor iterator'
`scalar deleting destructor'
`default constructor closure'
`vector deleting destructor'
`vbase destructor'
`string'
`local static guard'
`typeof'
`vcall'
`vbtable'
`vftable'
operator
 delete
__unaligned
__restrict
__ptr64
__eabi
__clrcall
__fastcall
__thiscall
__stdcall
__pascal
__cdecl
__based(
GetProcessWindowStation
GetUserObjectInformationW
GetLastActivePopup
GetActiveWindow
MessageBoxW
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
"%s","%d","%s","%d","windows","FindWindowW","FAILURE","","lpClassName->%s","lpWindowName->%s"
"%s","%d","%s","%d","windows","FindWindowW","SUCCESS","0x%08x","lpClassName->%s","lpWindowName->%s"
"%s","%d","%s","%d","windows","FindWindowW","FAILURE","","lpClassName->%ws","lpWindowName->%ws"
FILE:%s
FILE:%ws
"%s","%d","%s","%d","windows","FindWindowW","SUCCESS","0x%08x","lpClassName->%ws","lpWindowName->%ws"
"%s","%d","%s","%d","synchronization","CreateMutexA","FAIL","","lpName->%s"
"%s","%d","%s","%d","synchronization","CreateMutexA","SUCCESS","0x%08x","lpName->%s"
"%s","%d","%s","%d","synchronization","CreateMutexW","FAIL","","lpName->%ws"
"%s","%d","%s","%d","synchronization","CreateMutexW","SUCCESS","0x%08x","lpName->%ws"
"%s","%d","%s","%d","synchronization","OpenMutexA","FAILURE","","dwDesiredAccess->%s","lpName->%s"
"%s","%d","%s","%d","synchronization","OpenMutexA","SUCCESS","0x%08x","dwDesiredAccess->%s","lpName->%s"
python.exe
"%s","%d","%s","%d","synchronization","OpenMutexW","FAILURE","","dwDesiredAccess->%s","lpName->%ws"
"%s","%d","%s","%d","synchronization","OpenMutexW","SUCCESS","0x%08x","dwDesiredAccess->%s","lpName->%ws"
FILE:%ws
"%s","%d","%s","%d","services","OpenSCManagerA","FAILURE","","lpMachineName->%s","lpDatabaseName->%s","dwDesiredAccess->%s"
"%s","%d","%s","%d","services","OpenSCManagerA","SUCCESS","0x%08x","lpMachineName->%s","lpDatabaseName->%s","dwDesiredAccess->%s"
"%s","%d","%s","%d","system","IsDebuggerPresent","",""
"%s","%d","%s","%d","services","OpenSCManagerW","FAILURE","","lpMachineName->%ws","lpDatabaseName->%ws","dwDesiredAccess->%s"
"%s","%d","%s","%d","services","OpenSCManagerW","SUCCESS","0x%08x","lpMachineName->%ws","lpDatabaseName->%ws","dwDesiredAccess->%s"
"%s","%d","%s","%d","services","CreateServiceA","FAILURE","","lpServiceName->%s","dwServiceType->%s","dwStartType->%s","lpBinaryPathName->%s"
"%s","%d","%s","%d","services","CreateServiceA","FAILURE","0x%08x","lpServiceName->%s","dwServiceType->%s","dwStartType->%s","lpBinaryPathName->%s"
"%s","%d","%s","%d","services","CreateServiceW","FAILURE","","lpServiceName->%ws","dwServiceType->%s","dwStartType->%s","lpBinaryPathName->%ws"
PID:%d
FILE:%s
FILE:%ws
"%s","%d","%s","%d","services","CreateServiceW","SUCCESS","0x%08x","lpServiceName->%ws","dwServiceType->%s","dwStartType->%s","lpBinaryPathName->%ws"
"%s","%d","%s","%d","services","OpenServiceW","FAILURE","","lpServiceName->%s","dwDesiredAccess->%s"
"%s","%d","%s","%d","services","OpenServiceW","SUCCESS","0x%08x","lpServiceName->%s","dwDesiredAccess->%s"
"%s","%d","%s","%d","services","OpenServiceW","FAILURE","","lpServiceName->%ws","dwDesiredAccess->%s"
"%s","%d","%s","%d","services","OpenServiceW","SUCCESS","0x%08x","lpServiceName->%ws","dwDesiredAccess->%s"
"%s","%d","%s","%d","services","StartServiceW","FAILURE","","hService->0x%08x","lpServiceArgVectors->%s"
FILE:%s
C:\cuckoo\
"%s","%d","%s","%d","services","StartServiceW","SUCCESS","","hService->0x%08x","lpServiceArgVectors->%s"
%sfiles\%s
"%s","%d","%s","%d","services","StartServiceW","FAILURE","","hService->0x%08x","lpServiceArgVectors->%ws"
C:\cuckoo\
"%s","%d","%s","%d","services","StartServiceW","SUCCESS","","hService->0x%08x","lpServiceArgVectors->%ws"
%sfiles\%s
"%s","%d","%s","%d","services","ControlService","FAILURE","","hService->0x%08x","dwControl->%s"
PID:%d
GetCurrentProcessId
"%s","%d","%s","%d","services","ControlService","SUCCESS","","hService->0x%08x","dwControl->%s"
PID:%d
Kernel32
"%s","%d","%s","%d","services","DeleteService","FAILURE","","hService->0x%08x"
PID:%d
%d%02d%02d%02d%02d%02d.%03d
"%s","%d","%s","%d","services","DeleteService","SUCCESS","","hService->0x%08x"
PID:%d
GENERIC_ALL
"%s","%d","%s","%d","registry","RegOpenKeyW","SUCCESS","0x%08x","hKey->%s","lpSubKey->%ws"
"%s","%d","%s","%d","registry","RegOpenKeyW","FAILURE","","hKey->%s","lpSubKey->%ws"
explorer.exe
"%s","%d","%s","%d","registry","RegOpenKeyA","SUCCESS","0x%08x","hKey->%s","lpSubKey->%s"
ATTRIBUTES
"%s","%d","%s","%d","registry","RegOpenKeyA","FAILURE","","hKey->%s","lpSubKey->%s"
explorer.exe
"%s","%d","%s","%d","registry","RegOpenKeyExA","SUCCESS","0x%08x","hKey->%s","lpSubKey->%s"
"%s","%d","%s","%d","registry","RegOpenKeyExA","FAILURE","","hKey->%s","lpSubKey->%s"
explorer.exe
"%s","%d","%s","%d","registry","RegOpenKeyExW","SUCCESS","0x%08x","hKey->%s","lpSubKey->%ws"
"%s","%d","%s","%d","registry","RegOpenKeyExW","FAILURE","","hKey->%s","lpSubKey->%ws"
explorer.exe
PID:%d
GENERIC_EXECUTE
HKEY_CLASSES_ROOT
"%s","%d","%s","%d","registry","RegCreateKeyW","SUCCESS","0x%08x","hKey->%s","lpSubKey->%s"
"%s","%d","%s","%d","registry","RegCreateKeyW","FAILURE","","hKey->%s","lpSubKey->%s"
explorer.exe
"%s","%d","%s","%d","registry","RegCreateKeyW","SUCCESS","0x%08x","hKey->%s","lpSubKey->%ws"
"%s","%d","%s","%d","registry","RegCreateKeyW","FAILURE","","hKey->%s","lpSubKey->%ws"
explorer.exe
GENERIC_WRITE
0x%08x
HKEY_CURRENT_CONFIG
"%s","%d","%s","%d","registry","RegCreateKeyExW","SUCCESS","0x%08x","hKey->%s","lpSubKey->%s"
"%s","%d","%s","%d","registry","RegCreateKeyExW","FAILURE","","hKey->%s","lpSubKey->%s"
explorer.exe
HKEY_CURRENT_USER
"%s","%d","%s","%d","registry","RegCreateKeyExW","SUCCESS","0x%08x","hKey->%s","lpSubKey->%ws"
HKEY_LOCAL_MACHINE
"%s","%d","%s","%d","registry","RegCreateKeyExW","FAILURE","","hKey->%s","lpSubKey->%ws"
explorer.exe
HKEY_USERS
"%s","%d","%s","%d","registry","RegDeleteKeyA","SUCCESS","","hKey->%s","lpSubKey->%s"
"%s","%d","%s","%d","registry","RegDeleteKeyA","FAILURE","","hKey->%s","lpSubKey->%s"
explorer.exe
"%s","%d","%s","%d","registry","RegDeleteKeyW","SUCCESS","","hKey->%s","lpSubKey->%ws"
0x%08x
"%s","%d","%s","%d","registry","RegDeleteKeyW","FAILURE","","hKey->%s","lpSubKey->%ws"
explorer.exe
"%s","%d","%s","%d","registry","RegEnumKeyExW","SUCCESS","%ws","hKey->%s","dwIndex->%d"
"%s","%d","%s","%d","registry","RegEnumKeyExW","FAILURE","","hKey->%s","dwIndex->%d"
explorer.exe
"%s","%d","%s","%d","registry","RegEnumValueW","SUCCESS","%ws","hKey->%s","dwIndex->%d"
SERVICE_ADAPTER
SERVICE_FILE_SYSTEM_DRIVER
"%s","%d","%s","%d","registry","RegEnumValueW","FAILURE","","hKey->%s","dwIndex->%d"
explorer.exe
"%s","%d","%s","%d","registry","RegSetValueExA","SUCCESS","","hKey->%s","lpValueName->%s","dwType->%d","lpData->%s","cbData->%d"
SERVICE_RECOGNIZER_DRIVER
"%s","%d","%s","%d","registry","RegSetValueExA","FAILURE","","hKey->%s","lpValueName->%s","dwType->%d","lpData->%s","cbData->%d"
explorer.exe
SERVICE_KERNEL_DRIVER
SERVICE_WIN32_OWN_PROCESS
"%s","%d","%s","%d","registry","RegSetValueExW","SUCCESS","","hKey->%s","lpValueName->%ws","dwType->%d","lpData->%ws","cbData->%d"
"%s","%d","%s","%d","registry","RegSetValueExW","FAILURE","","hKey->%s","lpValueName->%ws","dwType->%d","lpData->%ws","cbData->%d"
explorer.exe
"%s","%d","%s","%d","registry","RegQueryValueExW","SUCCESS","","hKey->%s","lpValueName->%ws"
"%s","%d","%s","%d","registry","RegQueryValueExW","FAILURE","","hKey->%s","lpValueName->%ws"
explorer.exe
"%s","%d","%s","%d","process","CreateProcessA","FAILURE","","lpApplicationName->%s","lpCommandLine->%s"
SERVICE_WIN32_SHARE_PROCESS
"%s","%d","%s","%d","process","CreateProcessA","SUCCESS","%d","lpApplicationName->%s","lpCommandLine->%s"
SERVICE_AUTO_START
"%s","%d","%s","%d","process","CreateProcessW","FAILURE","","lpApplicationName->%ws","lpCommandLine->%ws"
SERVICE_BOOT_START
"%s","%d","%s","%d","process","CreateProcessW","SUCCESS","%d","lpApplicationName->%ws","lpCommandLine->%ws"
"%s","%d","%s","%d","process","TerminateProcess","FAILURE","","uExitCode->%d","th32ProcessID->%d","szExeFile->%s"
SERVICE_DISABLED
"%s","%d","%s","%d","process","TerminateProcess","SUCCESS","","uExitCode->%d","th32ProcessID->%d","szExeFile->%s"
SC_MANAGER_CREATE_SERVICE
"%s","%d","%s","%d","process","ExitProcess","","","uExitCode->0x%08x"
"%s","%d","%s","%d","process","ShellExecuteExW","SUCCESS","","lpVerb->%s","lpFile->%s","lpParameters->%s","lpDirectory->%s","hProcess->0x%08x"
0x%08x
SC_MANAGER_CONNECT
"%s","%d","%s","%d","process","ShellExecuteExW","FAILURE","","lpVerb->%s","lpFile->%s","lpParameters->%s","lpDirectory->%s","hProcess->0x%08x"
0x%08x
SC_MANAGER_LOCK
SERVICE_ALL_ACCESS
"%s","%d","%s","%d","process","ShellExecuteExW","SUCCESS","","lpVerb->%ws","lpFile->%ws","lpParameters->%ws","lpDirectory->%ws","hProcess->0x%08x"
"%s","%d","%s","%d","process","ShellExecuteExW","FAILURE","","lpVerb->%ws","lpFile->%ws","lpParameters->%ws","lpDirectory->%ws","hProcess->0x%08x"
"%s","%d","%s","%d","process","CreateThread","FAILURE","","lpStartAddress->0x%08x"
"%s","%d","%s","%d","process","CreateThread","SUCCESS","0x%08x","lpStartAddress->0x%08x"
SERVICE_INTERROGATE
"%s","%d","%s","%d","process","CreateRemoteThread","FAILURE","","lpStartAddress->0x%08x","th32ProcessID->%d","szExeFile->%s"
"%s","%d","%s","%d","process","CreateRemoteThread","SUCCESS","0x%08x","lpStartAddress->0x%08x","th32ProcessID->%d","szExeFile->%s"
"%s","%d","%s","%d","process","WinExec","SUCCESS","","lpCmdLine->%s"
"%s","%d","%s","%d","process","WinExec","FAILURE","","lpCmdLine->%s"
"%s","%d","%s","%d","process","CreateProcessInternalA","FAILURE","","lpApplicationName->%s","lpCommandLine->%s"
SERVICE_PAUSE_CONTINUE
WRITE_DAC
"%s","%d","%s","%d","process","CreateProcessInternalA","SUCCESS","%d","lpApplicationName->%s","lpCommandLine->%s"
WRITE_OWNER
"%s","%d","%s","%d","process","CreateProcessInternalW","FAILURE","","lpApplicationName->%ws","lpCommandLine->%ws"
GENERIC_ALL
"%s","%d","%s","%d","process","CreateProcessInternalW","SUCCESS","%d","lpApplicationName->%ws","lpCommandLine->%ws"
"%s","%d","%s","%d","network","URLDownloadToFileA","SUCCESS","S_OK","szURL->%s","szFileName->%s"
GENERIC_EXECUTE
SERVICE_CONTROL_CONTINUE
"%s","%d","%s","%d","network","URLDownloadToFileA","FAILURE","E_OUTOFMEMORY","szURL->%s","szFileName->%s"
SERVICE_CONTROL_INTERROGATE
"%s","%d","%s","%d","network","URLDownloadToFileA","FAILURE","INET_E_DOWNLOAD_FAILURE","szURL->%s","szFileName->%s"
"%s","%d","%s","%d","network","URLDownloadToFileW","SUCCESS","S_OK","szURL->%ws","szFileName->%ws"
"%s","%d","%s","%d","network","URLDownloadToFileW","FAILURE","E_OUTOFMEMORY","szURL->%ws","szFileName->%ws"
"%s","%d","%s","%d","network","URLDownloadToFileW","FAILURE","INET_E_DOWNLOAD_FAILURE","szURL->%ws","szFileName->%ws"
"%s","%d","%s","%d","network","InternetOpenUrlW","FAILURE","","lpszUrl->%s","lpszHeaders->%s","dwFlags->%s"
"%s","%d","%s","%d","network","InternetOpenUrlW","SUCCESS","0x%08x","lpszUrl->%s","lpszHeaders->%s","dwFlags->%s"
SERVICE_CONTROL_NETBINDADD
"%s","%d","%s","%d","network","InternetOpenUrlW","FAILURE","","lpszUrl->%ws","lpszHeaders->%ws","dwFlags->%s"
"%s","%d","%s","%d","network","InternetOpenUrlW","SUCCESS","0x%08x","lpszUrl->%ws","lpszHeaders->%ws","dwFlags->%s"
"%s","%d","%s","%d","system","Sleep","","","dwMilliseconds->INFINITE"
"%s","%d","%s","%d","system","Sleep","","","dwMilliseconds->%d"
ACCESS_SYSTEM_SECURITY
SERVICE_CONTROL_PARAMCHANGE
"%s","%d","%s","%d","system","LoadLibraryA","FAILURE","","lpFileName->%s"
SYNCHRONIZE
"%s","%d","%s","%d","system","LoadLibraryA","SUCCESS","0x%08x","lpFileName->%s"
DELETE
WRITE_DAC
"%s","%d","%s","%d","system","LoadLibraryW","FAILURE","","lpFileName->%ws"
"%s","%d","%s","%d","system","LoadLibraryW","SUCCESS","0x%08x","lpFileName->%ws"
WRITE_OWNER
"%s","%d","%s","%d","system","ExitWindowsEx","","","uFlags->%s","dwReason->%s"
SC_MANAGER_ALL_ACCESS
0x%08x
EVENT_ALL_ACCESS
"%s","%d","%s","%d","memory","VirtualAllocEx","FAILURE","","th32ProcessID->%d","szExeFile->%s","lpAddress->0x%08x","dwSize->%d","flAllocationType->0x%08x","flProtect->0x%08x"
SC_MANAGER_MODIFY_BOOT_CONFIG
SERVICE_CONTROL_NETBINDDISABLE
EVENT_MODIFY_STATE
"%s","%d","%s","%d","memory","VirtualAllocEx","SUCCESS","0x%08x","th32ProcessID->%d","szExeFile->%s","lpAddress->0x%08x","dwSize->%d","flAllocationType->0x%08x","flProtect->0x%08x"
"%s","%d","%s","%d","memory","WriteProcessMemory","FAILURE","","lpBaseAddress->0x%08x","lpBuffer->0x%08x","nSize->%d","th32ProcessID->%d","szExeFile->%s"
MUTEX_ALL_ACCESS
"%s","%d","%s","%d","memory","WriteProcessMemory","SUCCESS","","lpBaseAddress->0x%08x","lpBuffer->0x%08x","nSize->%d","th32ProcessID->%d","szExeFile->%s"
MUTEX_MODIFY_STATE
"%s","%d","%s","%d","memory","ReadProcessMemory","FAILURE","","th32ProcessID->%d","szExeFile->%s","lpBaseAddress->0x%08x","nSize->%d"
"%s","%d","%s","%d","memory","ReadProcessMemory","SUCCESS","","th32ProcessID->%d","szExeFile->%s","lpBaseAddress->0x%08x","nSize->%d"
"%s","%d","%s","%d","hooking","SetWindowsHookExA","FAILURE","","idHook->%s","lpfn->0x%08x","hMod->0x%08x","dwThreadId->0x%08x"
SERVICE_CHANGE_CONFIG
0x%08x
TIMER_ALL_ACCESS
"%s","%d","%s","%d","hooking","SetWindowsHookExA","SUCCESS","0x%08x","idHook->%s","lpfn->0x%08x","hMod->0x%08x","dwThreadId->0x%08x"
"%s","%d","%s","%d","hooking","SetWindowsHookExW","FAILURE","","idHook->%s","lpfn->0x%08x","hMod->0x%08x","dwThreadId->0x%08x"
SERVICE_START
DELETE
TIMER_MODIFY_STATE
"%s","%d","%s","%d","hooking","SetWindowsHookExW","SUCCESS","0x%08x","idHook->%s","lpfn->0x%08x","hMod->0x%08x","dwThreadId->0x%08x"
"%s","%d","%s","%d","filesystem","CreateFileA","FAILURE","","lpFileName->%s","dwDesiredAccess->%s"
"%s","%d","%s","%d","filesystem","CreateFileA","SUCCESS","0x%08x","lpFileName->%s","dwDesiredAccess->%s"
TIMER_QUERY_STATE
"%s","%d","%s","%d","filesystem","CreateFileW","FAILURE","","lpFileName->%ws","dwDesiredAccess->%s"
"%s","%d","%s","%d","filesystem","CreateFileW","SUCCESS","0x%08x","lpFileName->%ws","dwDesiredAccess->%s"
INTERNET_FLAG_NO_COOKIES
"%s","%d","%s","%d","filesystem","ReadFile","SUCCESS","","hFile->0x%08x","nNumberOfBytesToRead->%d"
"%s","%d","%s","%d","filesystem","ReadFile","FAILURE","","hFile->0x%08x","nNumberOfBytesToRead->%d"
"%s","%d","%s","%d","filesystem","ReadFileEx","SUCCESS","","hFile->0x%08x","nNumberOfBytesToRead->%d"
"%s","%d","%s","%d","filesystem","ReadFileEx","FAILURE","","hFile->0x%08x","nNumberOfBytesToRead->%d"
"%s","%d","%s","%d","filesystem","WriteFile","SUCCESS","","hFile->0x%08x","nNumberOfBytesToWrite->%d"
"%s","%d","%s","%d","filesystem","WriteFile","FAILURE","","hFile->0x%08x","nNumberOfBytesToWrite->%d"
"%s","%d","%s","%d","filesystem","WriteFileEx","SUCCESS","","hFile->0x%08x","nNumberOfBytesToWrite->%d"
SEMAPHORE_MODIFY_STATE
INTERNET_FLAG_HYPERLINK
INTERNET_FLAG_NO_UI
"%s","%d","%s","%d","filesystem","WriteFileEx","FAILURE","","hFile->0x%08x","nNumberOfBytesToWrite->%d"
0x%08x
INTERNET_FLAG_NEED_FILE
INTERNET_FLAG_RESYNCHRONIZE
"%s","%d","%s","%d","filesystem","DeleteFileA","SUCCESS","","lpFileName->%s"
"%s","%d","%s","%d","filesystem","DeleteFileA","FAILURE","","lpFileName->%s"
"%s","%d","%s","%d","filesystem","DeleteFileW","SUCCESS","","lpFileName->%ws"
"%s","%d","%s","%d","filesystem","DeleteFileW","FAILURE","","lpFileName->%ws"
"%s","%d","%s","%d","filesystem","MoveFileExW","SUCCESS","","lpExistingFileName->%s","lpNewFileName->%s"
EWX_LOGOFF
"%s","%d","%s","%d","filesystem","MoveFileExW","FAILURE","","lpExistingFileName->%s","lpNewFileName->%s"
EWX_REBOOT
"%s","%d","%s","%d","filesystem","MoveFileExW","SUCCESS","","lpExistingFileName->%ws","lpNewFileName->%ws"
"%s","%d","%s","%d","filesystem","MoveFileExW","FAILURE","","lpExistingFileName->%ws","lpNewFileName->%ws"
"%s","%d","%s","%d","filesystem","MoveFileWithProgressA","SUCCESS","","lpExistingFileName->%s","lpNewFileName->%s"
"%s","%d","%s","%d","filesystem","MoveFileWithProgressA","FAILURE","","lpExistingFileName->%s","lpNewFileName->%s"
"%s","%d","%s","%d","filesystem","MoveFileWithProgressW","SUCCESS","","lpExistingFileName->%ws","lpNewFileName->%ws"
"%s","%d","%s","%d","filesystem","MoveFileWithProgressW","FAILURE","","lpExistingFileName->%ws","lpNewFileName->%ws"
"%s","%d","%s","%d","filesystem","CopyFileA","SUCCESS","","lpExistingFileName->%s","lpNewFileName->%s"
GENERIC_WRITE
INTERNET_FLAG_EXISTING_CONNECT
EWX_RESTARTAPPS
SHTDN_REASON_MAJOR_HARDWARE
"%s","%d","%s","%d","filesystem","CopyFileA","FAILURE","","lpExistingFileName->%s","lpNewFileName->%s"
SERVICE_CONTROL_NETBINDENABLE
INTERNET_FLAG_IGNORE_CERT_DATE_INVALID
SHTDN_REASON_MAJOR_OPERATINGSYSTEM
"%s","%d","%s","%d","filesystem","CopyFileW","SUCCESS","","lpExistingFileName->%ws","lpNewFileName->%ws"
SHTDN_REASON_MAJOR_OTHER
"%s","%d","%s","%d","filesystem","CopyFileW","FAILURE","","lpExistingFileName->%ws","lpNewFileName->%ws"
SHTDN_REASON_MAJOR_POWER
"%s","%d","%s","%d","filesystem","CopyFileExA","SUCCESS","","lpExistingFileName->%s","lpNewFileName->%s"
SHTDN_REASON_MAJOR_SOFTWARE
"%s","%d","%s","%d","filesystem","CopyFileExA","FAILURE","","lpExistingFileName->%s","lpNewFileName->%s"
SHTDN_REASON_MAJOR_SYSTEM
"%s","%d","%s","%d","filesystem","CopyFileExW","SUCCESS","","lpExistingFileName->%ws","lpNewFileName->%ws"
"%s","%d","%s","%d","filesystem","CopyFileExW","FAILURE","","lpExistingFileName->%ws","lpNewFileName->%ws"
"%s","%d","%s","%d","filesystem","ReplaceFileA","SUCCESS","","lpReplacedFileName->%s","lpReplacementFileName->%s"
WH_CALLWNDPROCRET
"%s","%d","%s","%d","filesystem","ReplaceFileA","FAILURE","","lpReplacedFileName->%s","lpReplacementFileName->%s"
WH_DEBUG
"%s","%d","%s","%d","filesystem","ReplaceFileW","SUCCESS","","lpReplacedFileName->%ws","lpReplacementFileName->%ws"
"%s","%d","%s","%d","filesystem","ReplaceFileW","FAILURE","","lpReplacedFileName->%ws","lpReplacementFileName->%ws"
"%s","%d","%s","%d","device","DeviceIoControl","FAILURE","","hDevice->0x%08x","dwIoControlCode->0x%08x","lpInBuffer->0x%08x","nInBufferSize->0x%08x","lpOutBuffer->0x%08x","nOutBufferSize->0x%08x","lpBytesReturned->0x%08x","lpOverlapped->0x%08x"
"%s","%d","%s","%d","device","DeviceIoControl","SUCCESS","","hDevice->0x%08x","dwIoControlCode->0x%08x","lpInBuffer->0x%08x","nInBufferSize->0x%08x","lpOutBuffer->0x%08x","nOutBufferSize->0x%08x","lpBytesReturned->0x%08x","lpOverlapped->0x%08x"
GENERIC_READ
GENERIC_READ | GENERIC_WRITE
SERVICE_DEMAND_START
SERVICE_SYSTEM_START
SC_MANAGER_ENUMERATE_SERVICE
SC_MANAGER_QUERY_LOCK_STATUS
SERVICE_ENUMERATE_DEPENDENTS
SERVICE_QUERY_CONFIG
SERVICE_QUERY_STATUS
SERVICE_STOP
SERVICE_USER_DEFINED_CONTROL
READ_CONTROL
GENERIC_READ
SERVICE_CONTROL_NETBINDREMOVE
SERVICE_CONTROL_PAUSE
SERVICE_CONTROL_STOP
READ_CONTROL
SEMAPHORE_ALL_ACCESS
INTERNET_FLAG_IGNORE_CERT_CN_INVALID
INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTP
INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTPS
INTERNET_FLAG_KEEP_CONNECTION
INTERNET_FLAG_NO_AUTH
INTERNET_FLAG_NO_AUTO_REDIRECT
INTERNET_FLAG_NO_CACHE_WRITE
INTERNET_FLAG_PASSIVE
INTERNET_FLAG_PRAGMA_NOCACHE
INTERNET_FLAG_RAW_DATA
INTERNET_FLAG_RELOAD
INTERNET_FLAG_SECURE
0x%08x
EWX_POWEROFF
EWX_SHUTDOWN
0x%08x
SHTDN_REASON_MAJOR_APPLICATION
SHTDN_REASON_MAJOR_LEGACY_API
0x%08x
WH_CALLWNDPROC
WH_CBT
WH_FOREGROUNDIDLE
WH_GETMESSAGE
WH_JOURNALPLAYBACK
WH_JOURNALRECORD
WH_KEYBOARD
WH_KEYBOARD_LL
WH_MOUSE
WH_MOUSE_LL
WH_MSGFILTER
WH_SHELL
WH_SYSMSGFILTER
kernel32.dll
CreateProcessInternalW
C:\cuckoo\
%slogs\%d.csv
RSDSHGjl
C:\Documents and Settings\emartinez\Escritorio\cmonitor\Release\cmonitor.pdb
ExitProcess
CreateMutexW
CopyFileExW
CreateRemoteThread
WriteFile
LoadLibraryW
ReadProcessMemory
TerminateProcess
ReplaceFileW
ReadFile
CreateFileW
OpenMutexW
GetProcAddress
ReadFileEx
VirtualAllocEx
LoadLibraryA
DeviceIoControl
IsDebuggerPresent
WinExec
WriteFileEx
DeleteFileW
GetCurrentProcessId
MoveFileWithProgressW
WriteProcessMemory
CreateThread
WideCharToMultiByte
GetSystemTime
GetCurrentProcess
Process32First
WaitForSingleObject
GetLastError
Process32Next
GetExitCodeThread
GetModuleHandleA
CreateToolhelp32Snapshot
DuplicateHandle
CloseHandle
MultiByteToWideChar
CreateFileA
SetFilePointer
WaitNamedPipeW
KERNEL32.dll
FindWindowA
SetWindowsHookExW
SetWindowsHookExA
ExitWindowsEx
FindWindowW
USER32.dll
CreateServiceW
OpenServiceA
DeleteService
OpenSCManagerW
OpenServiceW
RegSetValueExA
RegCreateKeyExW
CreateServiceA
RegQueryValueExW
RegDeleteKeyA
RegDeleteKeyW
StartServiceA
RegCreateKeyExA
RegOpenKeyExA
StartServiceW
OpenSCManagerA
RegEnumValueW
RegOpenKeyExW
ControlService
RegEnumKeyExW
RegSetValueExW
ADVAPI32.dll
ShellExecuteExW
ShellExecuteExA
SHELL32.dll
WS2_32.dll
InternetOpenUrlW
WININET.dll
URLDownloadToFileW
urlmon.dll
GetTickCount
VirtualProtect
OutputDebugStringA
HeapFree
GetCurrentThreadId
DecodePointer
GetCommandLineA
HeapReAlloc
UnhandledExceptionFilter
SetUnhandledExceptionFilter
EncodePointer
IsProcessorFeaturePresent
HeapAlloc
HeapCreate
HeapDestroy
RaiseException
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
GetModuleHandleW
SetLastError
InterlockedDecrement
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetConsoleCP
GetConsoleMode
EnterCriticalSection
LeaveCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapSize
GetModuleFileNameW
RtlUnwind
SetStdHandle
WriteConsoleW
LCMapStringW
GetStringTypeW
FlushFileBuffers
0123456789abcdef00
##%%&'%#&'&'
 !"#$%&'()*+,-./0123456789
 !"#$%&'()*+,-./
 !"#$%&'()*+,-./012345678
 !"#$%&'()*+
,-./0123456789:;
 !"#$%&'(
$%&'()*+,-./0123
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGXZ
!"#$%&'()*+,-.
/0123456789
<=>?@ABCDE
FGHIJKLMNO
PQRSTUVWXY
!This program cannot be run in DOS mode.
`.data
MSVBVM60.DLL
eExW","FAILURE","","hKey->0x0000017e","lpValueName->AppID"
"20190815165633.207","432","HelpMe.exe","148","registry","RegOpenKeyExW","SUCCESS","0x0000016e","hKey->0x0000017a","lpSubKey->CLSID\{00021401-0000-0000-C000-000000000046}"
"20190815165633.207","432","HelpMe.exe","148","registry","RegOpenKeyExW","SUCCESS","0x0000016e","hKey->0x0000017a","lpSubKey->CLSID\{00021401-0000-0000-C000-000000000046}"
"20190815165633.207","432","HelpMe.exe","148","registry","RegOpenKeyExW","SUCCESS","0x0000017e","hKey->0x0000016e","lpSubKey->InprocServer32"
"20190815165633.207","432","HelpMe.exe","148","registry","RegQueryValueExW","SUCCESS","","hKey->0x0000017e","lpValueName->ThreadingModel"
"20190815165633.207","432","HelpMe.exe","148","registry","RegOpenKeyExW","SUCCESS","0x0000016e","hKey->HKEY_CLASSES_ROOT","lpSubKey->CLSID\{00021401-0000-0000-C000-000000000046}"
"20190815165633.207","432","HelpMe.exe","148","registry","RegOpenKeyExW","FAILURE","","hKey->0x0000016e","lpSubKey->TreatAs"
"20190815165633.207","432","HelpMe.exe","148","registry","RegOpenKeyExW","SUCCESS","0x0000017c","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume"
"20190815165633.207","432","HelpMe.exe","148","registry","RegOpenKeyExW","SUCCESS","0x00000180","hKey->0x0000017c","lpSubKey->{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20190815165633.207","432","HelpMe.exe","148","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000180","lpValueName->Generation"
"20190815165633.207","432","HelpMe.exe","148","registry","RegOpenKeyExW","SUCCESS","0x00000182","hKey->HKEY_CLASSES_ROOT","lpSubKey->Drive\shellex\FolderExtensions"
"20190815165633.207","432","HelpMe.exe","148","registry","RegOpenKeyExW","SUCCESS","0x0000017e","hKey->HKEY_CLASSES_ROOT","lpSubKey->Drive\shellex\FolderExtensions\{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"20190815165633.207","432","HelpMe.exe","148","registry","RegQueryValueExW","SUCCESS","","hKey->0x0000017e","lpValueName->DriveMask"
"20190815165633.207","432","HelpMe.exe","148","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190815165633.207","432","HelpMe.exe","148","registry","RegOpenKeyExW","SUCCESS","0x00000180","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190815165633.207","432","HelpMe.exe","148","registry","RegQueryValueExW","FAILURE","","hKey->0x00000180","lpValueName->AllowFileCLSIDJunctions"
"20190815165633.207`grG1
"cGYv}Q
daClruK
 6SF=4
tsQ*1e@
!f_"148',*r
T)stry"
ebQ}ehC
alueEYmb,
(Key->
ip0:001
emO/n3Qb
q65633/287k
b462*,#
%lpMe.m8%"-"94
bl"weoi
52y","R
r`a|e8'9ExW",X
CBE[S,ob0y080
sq81"$"f
%y*>@K
UTEZ"Vg,p
<m>Tont0'2e
)c<)3obtXWindows\C
:2eJtBersion\Ex
&/rer\Shw,l+Fol
EJ"6yq9%qq5^
zn2U}b,T~s2
d%xe","148","regist
oints2lCPC
Volume"
3.207"-"43~GJVhE<
0x00000180","lpSubKey->{a20cd692-8e4D+11:2-99<9kWB[U6<6(6Au')|
jXMEQ^A[
7;-"v3
ze","049"
befiwt
{",4RegyuerYVal5eExV"("SUCCEQS","","hKey->0x0000017c"
elpMe.exe","148","registry","RegCreateKeyExW","SUCCESS","0x0000017c","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders"
"20190815165633.207","432","HelpMe.exe","148","registry","RegQueryValueExW","SUCCESS","","hKey->0x0000017c","lpValueName->Common Documents"
"20190815165633.207","432","HelpMe.exe","148","registry","RegCreateKeyExW","SUCCESS","0x0000017c","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\Shell 
_ boDuX
nts>."dYZypz#>1d/
mWDat`%>
\ejuv "
j^kTZ6m}%U
f2s\Dmeu!
,#b|D2
YZVEL~*QF_AIU\
@V]AYXL,'L3R+
e~tMq,
{{","228nM@
g]sezI
xW"($S
"! ?`"-#
xcXEDT^@
	HZh)<y'
=ug3eq*
ffuafg
Nucrovif8=5
Vovv$C
r]hIrDdr
jqn\E~vl#
2NCPW^
miome"
"_^DfXW\P1%7603.27
432*%"%
e1/,1uTNCUR6
P|gOplfK
SF@BE~S$
2[000:;1U^WsQ
HL0k380cXDC
`ney-5qa_^
;ZVUB^
4".<1+^_TXU
96fqS"`dWmV^KS]]ZVYSP3 ->0qM^AQ
Oz.exh,,O_AgGJG
y1/#RHgW
p\Val{oE
9WsP67,,1S@!!"lCP
80"#-l
eabxi)
`USV_L1
3+563#"2\YWsLA_^XVX2e
1483&"
C@"AfhC<
#FCU=U
A`SS">+0
^EoV_C[U"?!fK#
1*71=%+N
\WIER"?+l
S|euwLrc
ros{ot19
(Cfqwe/
mt\Exedo
 @kal)X/
	p86516
s3)217N
b442",
e%lwMe.
T%"+"14
l"seeio\2y","R
UBCESs9l"","hKey->0x0
+p0V80"-"opJI,ueNam
ip80516i-s3.217","432",~S%l
Me.dxd"0
q48","
14eHeyE
Lb,"SUCCESS","0
'89"/"
,"lpSubKey->Software
Gicrosoft\Windows\Curre
rVersio
x<lor30ir
zFl Folders"
"L0190815165633$283","432","H
948"-"refist
5e=xW"
","","hKey->0x00000PVDK_J
H]0Tsk$
b,"lpD
z\hccue5.t52!ndp
e^t5n&s
b7a(a^>Q0W
~"V0^9G8_5B6A6\3^2m7r,P4\2H,GH
"N"A48","registry","RegOpenKeyExW","SUCCESS","0x00000180","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume"
"20190815165633.217","432","HelpMe.exe","148","registry","RegOpenKeyExW","SUCCESS","0x0000017c","hKey->0x00000180","lpSubKey->{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20190815165633.217","432","HelpMe.exe","148","registry","RegQueryValueExW","SUCCESS","","hKey->0x0000017c","
ajueN`me-"o%neratU]."
u1>ev33.21
$0"432","HelpMenz8e#,"1
b,"reg)l4rx","
z'Creat!T%ySxW"d=
dp17c",
OBAt_MA
a	NK"/"lpSubKey
Mgcqo3ogt`Win
F7sVCvrrentVerseL.\
X%rVUpe2 Lh%ll :E,d
"20190
t33"h"He
e#e{e","148",
l"_edQ5esy
l8W0,!SUCCESS",
px"030p16cn,"l
!l}eMame->Comm
"10q918a516
s3%227","432",2l%l
R%"'"24x"-"&egi
]2y3,!RegCreategA9E
CREPSb,#0 000
q7v"/"hKey->HK
C]IMEb,0l,Sub
O9-<Slftware\Mi
C.dmwp\
n_Explorer\
b2!1]081=
v5730.217","43
upUNneye!,b1&8J,"r
M)swrz","RegSetjD,u}
bSVC@E
S0,N","
a%y+>3x0000017c
Y+tjp!,"dwType-
iDU_!-;C9\
!n` Pettings\A0J`Uk
ks`o%sotlpb,#c
"2019081
w" "73r"-"4elp
Lnewe!,"148","r
ehOse.Kdy
UWCFSS","0x00
_FSFR","lpSub[B9-
\!rv\Ni#rns
@.dhwp\CurrentVIU3i
[,oueq\
]32UCSC\Volume"E-b2
u1?553_	r1N
B'OxM.KpQ
bhKey-N/80
.p0O$#"
f"Key->{a20
3xeJ"m1
*y9-806d6172696f}\"
"20190I
u16563
l"432","HelpMe.exe","148","registry","RegQ
B2yValueExW","SUCCESS","","hKey->0x00000180","l
r4ion"
+q6K%s3
b,"Hel`m%.
f%"R1q4
S2y","R]G
tb,"0x0P
&p"R1(K
p0f4",
-b20190
+v3M=r1
 r","HelpMe.exe","148","registry","RegOpenKeyExW","FAILURE","","hKey->0x0000018
"2019081
(s3P!q7
!b,Fo%lpMe.exe","148","registry","RegOpenKeyExW","FAILURE","","hKey->0x0000
"20190815165633.217","432","HelpMe.exe","148","registry","RegOpenKeyExW"|
#p17e","hKey->HKEY_CLASSES_ROOT","lpSubKey->.exe"
"20190815165633.217","432","0D,p
?bregistry","RegQueryValueExW","SUCCESS","","hKey->0x0000017e","lpValueName->(n
J"L#q9
%u633.217","432","HelpMe.exe","148","registry","RegOpenKeyExW","SUCCESS","0x000
<,p-f"K
/u1H&v3
r","He,R
{8e\?b1
a%gistry",":G'O
R	LURE","",
1l"lpSu
'A}N>Cu
oa2ExW
\\4G000
xlpMe.exe&}b1H
KLAMLQRA"\
b,"hKey->0x000\
q8h&,"etSubKey/>Sh
andler"
x1;165
532","(~,p
Hb,"148
|bregis
[9"*"RegOpe
V","FA
bhKey-
EP_ROOT",
Jey->S]h4e
aq3socia
9/ns\.e
"201908
23.217",b43"","XeltMe.exe"("148","r
misdry","RfgOpen[eyUxW",2FAILU
7MFGAX
hKeykQ:&tY_C!%?
': FCU
7MKPCA
SB_C_WLAtEQ
9{|}W?
 \K,8`
q5165653.287",.
80Me.exe","qZ!"AL
M^OFAIL8<0}IDG^D
^EoV_C[
WRgC\EPU08\[DiPNZG.217
14ULY}
&!83+F
"","$*
0x|QRU\
8anM@	
WRlM@STU__^SW6XXFlH]CTG^GV\]V,O&
xe"ALDkVW@NCegi
&JCO7egOp
f","SYC
ESS","0x0
kMSta>
`%y->*"
"2H1z0y1a16563%.
17"-"l36
Uenexe.,"1GPG@NAWI
AILURE","",,hKe<UWD/Y^T_GB}N","
ung%y->Gl
"20190
e",#148"<*r,G s
	l"SegQ
iyValueExW
dKmy->0x8044<1$a","llVehreNa
HLzASh
Na]K\T^N`J^Vp6
q7",&4
fb,"HelpMe.
gQujryV2	
3M[n)/.
bhKe}-
d80000018a"
"uUEtUKBTVSt6
b,"472
xbHelpMe.ex
ueruVulueExW","
0s0q0e8A"
"201=08181<5633.217"
"43b"^"'e
eO,G1F8
Ope2Key
x2"@"#U'C S "G"
0X0D1LaR,
hdeV-I0
0H7Q"M"
l"]0C9E8\51656}3.2f7G,@4@2K,VH
e!x""_"'U1C,S6"_"
->0<000
0r8H"C"
-J(Nu^l
1M1u5w3g.
1~"B"P3G"_"<e
e","1.8",Cr
rT"_":e
y2x9","YUCC1S<"X"Qx\0002188
yZ>so5t
hVer2i
oGo="e
W2D1]0W1B1X5633.
t32"("
1,pMe.exe",
yVa`umExW","FAI
hnn,"hK:&[\Q>BUUfQC88",}3
6eb*8:
6	V^sQFU\|BJ^G1ij@QRk@CXPcTQATNCUHe3/;
aCRH48",}-
,LEv=$	<
enK:&3
6d\kgUCC
vpxooFRQ~V}P^M
/#indo(,V,5
}mFSXcLCx^@P633.mnA@MdFVWqXPHelp
&C_V~VR","r:8
/xW",}
  QYNVoJ
6OT0x00ooFSYw@Fq	
(amera5
vebuoLev,lg
^"a01908551646{3*217#,
412","Hel/
AmLB]lMyL
ExW}sT14
_LOCAL_MACHINE","lpSubKey->System\CurrentControlSet\Control\
ptioos"
p81516
b432","HelpMe.
xe"("148","nM'i
ueryValueExW"
~PzD$u
xe",rU
/,"43i
.Dd#t8F
9#eWm>
bws\S"
-^u!n2U
","4cV
dq90M-]
0`p",Wi
/regi,*)
E","rH
lteFi7
<Xv#x4F
(q5a^e
=18c"w
PY{]0e
$]_0e>
yoRunu
BindPd
?","H>
IC3!l=s"
e_1Hi[
u9-n;+64w
N2]J"2E-Q hq6Z
DB1x0X
zExe,i
6,Amloc
npx7000
il"/teat-
%X%s.b[2
=","t7mi
 p9iZ2
vEd)o1
#tecd->0x00000004"
"201908
`"1;y4"0omeG"ry
a"V;?tu
~2P|!ceo=ID
p10	|",p=zE
+wSQ5e-x{09lm,"
t|x53.2jmTNCbDE{
,"He33
xe",}PW^kD\V
vice}sT&
,}oCon+-
"7SS",}CHH7"
0x0ooFRQuFGIm
ntro3"
390ooN@Mp	
D>0xhh
VW`EJaMVnIn
B000onFRC
_>0xooGP
+AQQYN
rSiz:LZZ'VTYFo\
","3/4
rne;rHR
@c","3
W0x00ooFRQ
@gYGFqU]B]W620oUQYqTQ[T^}\
.exe}sTSRw\I_V
evi&3gbv
rolf@N
 - 1:<LoCN@"hD:)
{_B7B0000oRPHsD
-ont-0
sQ_U|T08"s}
^7e4setvvsq'
ze->o;yCABD100gzg"$
V4",}19
A[Bx000oQUZoD\P	
Byte,3
012f<m
@Md<57
ed->o;y\_W0000}R|@SuCK_J~@WBVXZD.252}sTSQyWU
]4",";
?V^a<%:CESS}sT@Mk\
ice-ao
RQvBUU`@P`K
0390oQ\HsD
?10uff:-[\Q1
F6318}sT
((2<Rfer
Y_^x00ooFSQsC_V#
%utBu99
}_GWfc34}MN
Buf9&;'
e->0'syUH@100"s}
urne;rHR
@c","lpOverlapped->0x00000000"
"20190816200453.252","1072","HelpMe.exe","1344","device","DeviceIoControl","SUCCESS","","hDevice->0x00000034","dwIoControlCode->0x00390008","lpInBuffer->0x77e46318","nInBufferSize->0x00000100","lpOutBuffer->0x0012fc34","nOutBufferSize->0x00000100","lpBytesReturned->0x0012fc2c","lpOverlapped->0x00000000"
"20190816200453.252","1072","HelpMe.exe","1344","device","DeviceIoControl","SUCCESS","","hDevice->0x00000034","dwIoControlCode->0x00390008","lpInBuffer->0x77e46318","nInBufferSize->0x00000100","lpOutBuffer->0x0012fc34","nOutBufferSize->0x00000100","lpBytesReturned->0x0012fc2c","lpOverlapped->0x00000000"
"20190816200453.252","1072","HelpMe.exe","1344","device","DeviceIoControl","SUCCESS","","hDevice->0x00000034","dwIoControlCode->0x00390008","lpInBuffer->0x77e46318","nInBufferSize->0x00000100","lpOutBuffer->0x0012fc34","nOutBufferSize->0x00000100","lpBytesReturned->0x0012fc2c","lpOverlapped->0x00000000"
"20190816200453.252","1072","HelpMe.exe","1344","device","DeviceIoControl","SUCCESS","","hDevice->0x00000034","dwIoControlCode->0x00390008","lpInBuffer->0x77e46318","nInBufferSize->0x00000100","lpOutBuffer->0x0012fc34","nOutBufferSize->0x00000100","lpBytesReturned->0x0012fc2c","lpOverlapped->0x00000000"
"20190816200453.252","1072","HelpMe.exe","1344","filesystem","CreateFileW","SUCCESS","0x00000090","lpFileName->C:\WINDOWS\system32\HelpMe.exe","dwDesiredAccess->GENERIC_READ"
"20190816200453.252","1072","HelpMe.exe","1344","filesystem","ReadFile","SUCCESS","","hFile->0x00000090","nNumberOfBytesToRead->268"
"20190816200453.252","1072","HelpMe.exe","1344","filesystem","CreateFileW","FAILURE","","lpFileName->C:\WINDOWS\system32\HelpMe.exe","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20190816200453.252","1072","HelpMe.exe","1344","memory","VirtualAllocEx","SUCCESS","0x00aa0000","th32ProcessID->1072","szExeFile->HelpMe.exe","lpAddress->0x00000000","dwSize->65536","flAllocationType->0x00002000","flProtect->0x00000004"
"20190816200453.272","1072","HelpMe.exe","1344","memory","VirtualAllocEx","SUCCESS","0x00aa0000","th32ProcessID->1072","szExeFile->HelpMe.exe","lpAddress->0x00aa0000","dwSize->257","flAllocationType->0x00001000","flProtect->0x00000004"
"20190816200453.302","1072","HelpMe.exe","1344","registry","RegOpenKeyExW","SUCCESS","0x00000088","hKey->0x0000009c","lpSubKey->Software\Microsoft\Windows\CurrentVersion\ThemeManager"
"20190816200453.302","1072","HelpMe.exe","1344","registry","RegQueryValueExW","FAILURE","","hKey->0x00000088","lpValueName->Compositing"
"20190816200453.302","1072","HelpMe.exe","1344","registry","RegOpenKeyExW","SUCCESS","0x00000088","hKey->0x0000009c","lpSubKey->Control Panel\Desktop"
"20190816200453.302","1072","HelpMe.exe","1344","registry","RegQueryValueExW","FAILURE","","hKey->0x00000088","lpValueName->LameButtonText"
"20190816200453.302","1072","HelpMe.exe","1344","system","LoadLibraryA","SUCCESS","0x5ad70000","lpFileName->uxtheme.dll"
1072.csv
"20190816200958.250","1196","HelpMe.exe","1184","memory","VirtualAllocEx","SUCCESS","0x00990000","th32ProcessID->1196","szExeFile->HelpMe.exe","lpAddress->0x00000000","dwSize->4096","flAllocationType->0x00001000","flProtect->0x00000040"
"20190816200958.260","1196","HelpMe.exe","1184","device","DeviceIoControl","SUCCESS","","hDevice->0x00000034","dwIoControlCode->0x00390008","lpInBuffer->0x77e46318","nInBufferSize->0x00000100","lpOutBuffer->0x0012fc34","nOutBufferSize->0x00000100","lpBytesReturned->0x0012fc2c","lpOverlapped->0x00000000"
"20190816200958.260","1196","HelpMe.exe","1184","device","DeviceI
D&Sxrol",!SVCCE
,","(De
 "dwIoBootro
50008"-"mpIn
i46318#,
<x00001194",
lpOutBu
a,O!>0x0002fc34
,"nOutB
a/X~Size-?0x000
B,"LrBy
asRetur~
d-*0x0
52fc2c"
epped->0x000000
"d0b9o8g6w0b9f8g2y0l,}1x9x"j"
",#1185","devibe","DeviceIoCkntrnl","SUCCESS",""h"hDev?c
-L0>0Y0\0U3}"B"
w&oContVohCod1-L0
0^3J0\0Y"X"
p&n,uffer$:
6e473b8V,Pn n,u
eH>yx^0V0_100~-"lqOEtvuVf\r
0]0U0100"T"/p
y esRetAr|ee-n0
"X""p.v
r	apped}>Bx_0Z0U0S0V
;"2019
8;630v9\8B2S0t,G1C9E"E"'e
pMe.eIe
84","Te|iber,PD
lP,QS<C,E=S",
"XDUvice-
0b010y0^3@"I"
0^3M0Y0K"D"
p=n&u	f
rC>0x77)4
308m,Pn n%u
ek>Yx\0U0^1Q0O,GlpO
r^>XxE0E2
c\4U,Lnau
erSize-?0y0
 0004"
\esREtur.ed-?0|0012fc0c","lpOverlapped->0x0000
evice","DeviceIoControl","SUCCESS","","hDevice->0x00000034","dwIoControlCode->0x00390008","lpInBuffer->0x77e46318","nInBufferSize->0x00000100","lpOutBuffer->0x0012fc34","nOutBufferSize->0x00000100","lpBytesReturned->0x0012fc2c","lpOverlapped->0x00000000"
"20190816200958.260","1196","HelpMe.exe","1184","device","DeviceIoControl","SUCCESS","","hDevice->0x00000034","dwIoControlCode->0x00390008","lpInBuffer->0x77e46318","nInBufferSize->0x00000100","lpOutBuffer->0x0012fc34","nOutBufferSize->0x00000100","lpBytesR
CESS","","hDevice->0x00000034","dwIoControlCode->0x00390008","lpInBuffer->0x77e46318","nInBufferSize->0x00000100","lpOutBuffer->0x0012fc34","nOutBufferSize->0x00000100","lpBytesReturned->0x0012fc2c","lpOverlapped->0x00000000"
"20190816200958.270","1196","HelpMe.exe","1184","filesystem","CreateFileW","SUCCESS","0x00000088","lpFileName->C:\WINDOWS\system32\HelpMe.exe","dwDesiredAccess->GENERIC_READ"
"20190816200958.270","1196","HelpMe.exe","1184","filesystem","ReadFile","SUCCESS","","hFile->0x00000088","nNumberOfBytesToRead->268"
"20190816200958.270","1196","HelpMe.exe","1184","filesystem","CreateFileW","FAILURE","","lpFileName->C:\WINDOWS\system32\HelpMe.exe","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20190816200958.270","1196","HelpMe.exe","1184","memory","VirtualAllocEx","SUCCESS","0x009a0000","th32ProcessID->1196","szExeFile->HelpMe.exe","lpAddress->0x00000000","dwSize->65536","flAllocationType->0x00002000","flProtect->0x00000004"
"20190816200958.270","1196","HelpMe.exe","1184","memory","VirtualAllocEx","SUCCESS","0x009a0000","th32ProcessID->1196","szExeFile->HelpMe.exe","lpAddress->0x009a0000","dwSize->257","flAllocationType->0x00001000","flProtect->0x00000004"
"20190816200958.290","1196","HelpMe.exe","1184","registry","RegOpenKeyExW","SUCCESS","0x00000080","hKey->0x00000094","lpSubKey->Software\Microsoft\Windows\CurrentVersion\ThemeManager"
"20190816200958.290","1196","HelpMe.exe","1184","registry","RegQueryValueExW","FAILURE","","hKey->0x00000080","lpValueName->Compositing"
"20190816200958.290","1196","HelpMe.exe","1184","registry","RegOpenKeyExW","SUCCESS","0x00000080","hKey->0x00000094","lpSubKey->Control Panel\Desktop"
"20190816200958.290","1196","HelpMe.exe","1184","registry","RegQueryValueExW","FAILURE","","hKey->0x00000080","lpValueName->LameButtonText"
"20190816200958.290","1196","HelpMe.exe","1184","system","LoadLibraryA","SUCCESS","0x5ad70000","lpFileName->uxtheme.dll"
1196.csv
Dprogram cannot be run in DOS mode.
chrome.exe
[autorun]
open=AutoRun.exe
shell\1=Open
shell\1\Command=AutoRun.exe
shell\2\=Browser
shell\2\Command=AutoRun.exe
shellexecute=AutoRun.exe
AUTORUN.INF
"20190815165628.149","432","HelpMe.exe","148","memory","VirtualAllocEx","SUCCESS","0x00990000","th32ProcessID->432","szExeFile->HelpMe.exe","lpAddress->0x00000000","dwSize->4096","flAllocationType->0x00001000","flProtect->0x00000040"
"20190815165628.169","432","HelpMe.exe","148","device","DeviceIoControl","SUCCESS","","hDevice->0x00000034","dwIoControlCode->0x00390008","lpInBuffer->0x77e46318","nInBufferSize->0x00000100","lpOutBuffer->0x0012fc34","nOutBufferSize->0x00000100","lpBytesReturned->0x0012fc2c","lpOverlapped->0x00000000"
"20190815165628.169","432","HelpMe.exe","148","device","DeviceIoControl","SUCCESS","","hDevice->0x00000034","dwIoControlCode->0x00390008","lpInBuffer->0x77e46318","nInBufferSize->0x00000100","lpOutBuffer->0x0012fc34","nOutBufferSize->0x00000100","lpBytesReturned->0x0012fc2c","lpOverlapped->0x00000000"
"20190815165628.169","432","HelpMe.exe","148","device","DeviceIoControl","SUCCESS","","hDevice->0x00000034","dwIoControlCode->0x00390008","lpInBuffer->0x77e46318","nInBufferSize->0x00000100","lpOutBuffer->0x0012fc34","nOutBufferSize->0x00000100","lpBytesReturned->0x0012fc2c","lpOverlapped->0x00000000"
"20190815165628.169","432","HelpMe.exe","148","device","DeviceIoControl","SUCCESS","","hDevice->0x00000034","dwIoControlCode->0x00390008","lpInBuffer->0x77e46318","nInBufferSize->0x00000100","lpOutBuffer->0x0012fc34","nOutBufferSize->0x00000100","lpBytesReturned->0x0012fc2c","lpOverlapped->0x00000000"
"20190815165628.169","432","HelpMe.exe","148","device","DeviceIoControl","SUCCESS","","hDevice->0x00000034","dwIoControlCode->0x00390008","lpInBuffer->0x77e46318","nInBufferSize->0x00000100","lpOutBuffer->0x0012fc34","nOutBufferSize->0x00000100","lpBytesReturned->0x0012fc2c","lpOverlapped->0x00000000"
"20190815165628.169","432","HelpMe.exe","148","device","DeviceIoControl","SUCCESS","","hDevice->0x00000034","dwIoControlCode->0x00390008","lpInBuffer->0x77e46318","nInBufferSize->0x00000100","lpOutBuffer->0x0012fc34","nOutBufferSize->0x00000100","lpBytesReturned->0x0012fc2c","lpOverlapped->0x00000000"
"20190815165628.169","432","HelpMe.exe","148","device","DeviceIoControl","SUCCESS","","hDevice->0x00000034","dwIoControlCode->0x00390008","lpInBuffer->0x77e46318","nInBufferSize->0x00000100","lpOutBuffer->0x0012fc34","nOutBufferSize->0x00000100","lpBytesReturned->0x0012fc2c","lpOverlapped->0x00000000"
"20190815165628.179","432","HelpMe.exe","148","filesystem","CreateFileW","SUCCESS","0x00000088","lpFileName->C:\WINDOWS\system32\HelpMe.exe","dwDesiredAccess->GENERIC_READ"
"20190815165628.179","432","HelpMe.exe","148","filesystem","ReadFile","SUCCESS","","hFile->0x00000088","nNumberOfBytesToRead->268"
"20190815165628.179","432","HelpMe.exe","148","filesystem","CreateFileW","FAILURE","","lpFileName->C:\WINDOWS\system32\HelpMe.exe",`/'7g
qtK$a`E
xsGopf_
 cz}QQ-aCF
w#	1=!5|94^n
ttC6#aQ
wrQ,"flDldo
R4ionTy
Vm>5x80*
r000",
\,PWo`e
Jm>0x00
*3r0;908
b,=t%l"p%.2E%"
l"memosy*,ki)rquil@,,ocEx"$b
bl"5x80
 p000",
5(37Pzo
'3sID->Nqr"-"{zK;%Fhlm-
%lqMm.k<%"+"dp
t8079i0Jup"
,:e*>:5pdl">*
l")#apiknType->0xHxp0
0$0","flPro
/#t->0x0"p0;004
xq94qq5$
u6]qn1
pb,G~s2TfbH
hl"148","registry",
80","h{ey-~0x00000
Controm Pa"
yValueExW","FAILURE","","hKey->0x000E608o!,"luV'
a`d7>4",1bXT5
WynME^
1/46p8
?!,"XG2"
 HelpLe/eXE2,#108
."sosteE","load
ibr`r}A","SUACESS","0x5ad70000","lpFi
exe","148","process","CreateRemoteThread","SUCCESS","0x00000094","lpStartAddress->0x00404008","th32ProcessID->432","szExeFile->HelpMe.exe"
"20190815165633.177","432","HelpMe.exe","148","process","CreateRemoteThread","SUCCESS","0x00000098","lpStartAddress->0x00404008","th32ProcessID->432","szExeFile->HelpMe.exe"
"20190815165633.177","432","HelpMe.exe","148","registry","RegCreateKeyExW","SUCCESS","0x000000a0","hKey->HKEY_LOCAL_MACHINE","lpSubKey->SoftWare\Microsoft\Windows NT\CurrentVersion\Winlogon"
"20190
	;1dCP
ADGtF-
xplsper
kxe?.He*s
d	exe#$" 
a^_B\0<
0D2?47
!l"430$,n)
xe/dfeqDWEPWUBQR
%e|=x7+
UQGEGQ
/<0x0360|Q
YMOOWC
ACHMHEnM@	
`ucJMy~V&;"; /!e/9
|/*/0BW227
rwp\Uf
brcedY@o 
n$SgBpG^M"
	<201?68}TSSY
3 ",6J
nuWe.e
m"ALDkPMAGrveiptry%
P@gSe|_a
-NCUSF@ME
2)0009i4OBW3
]uvM`mH-8
g@ked\jl
--7*,q
k-SZWRfMU_W_0+281xZD^RB
{XEcDR3
M^ATXWECD
IzyExZ,,O= 
&#6!DIPV
B0#310Lc$
jney-0BK(7*
'70*! _FPHRlCP
d]warjSM
sO@yr4
rqorebPU
908 ?1[[Cl^O_BVN,17<2lCP%
","`lg
M^A7etR{e4
#FCU=U
@GIS",1+,O
XR\I0#310
 ppVax|e#
rgvu"LhMGD1
2"151#=6^][nROKX"'06"iZ!
Nf*exc","
x"+"re
F3tuy",N
%gDrea\H
bSRCCEo
b,#0z0,
p00ac"
T^USEr9l"lpSubKey->SoFo7a
e\MhcqooG&t\Win
rentVL2s
?.\Dxpl3i%r\Shell Folde.hb
m"200918-
q65633
%.fxe"
9q48","registry
LEe}Vbl
My->0x000000ac","lpVa
eName->Startup","dwTyp
+>1","l
W!t-->Cl
jGents and Sett
ngs\janettedoo\Zpart Menu\P
|up"-"cbEata
#x1M165
"432","HelpMe.exe",C_@QQDW
BCEO{b,"0x7
%0@{p"
.lpN9,e
s-e-n/lO3n.%l)"7
~2F1[0H1G1Y5\3V.R7C"_"h3A"D"=e
eL,Q1@8M,Rr9g9s
e_KKy3x5"\"FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190815165633.177","432","HelpMe.exe","148","registry","RegOpenKeyExW","SUCCESS","0x000000b0","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190815165633.177","432","HelpMe.exe","148","registry","RegQueryValueExW","FAILURE","","hKey->0x000000b0","lpValueName->NoNetHood"
#p8751646332
w7","4
P%"$rq48","
opesystem","Cre!k%FhleW
bSUCCE
Lb,#0x0x/p00b0"h=,pPile
'9stem3
L8eb,#dODes
[%dOc`ess->GENE
$J"<029p805
n1=7!,"432","HiO0M
l";4;"l"yi,esy
opyFileEPtb,*
@.gKioeName->C:
Y9syen3r\Ie$pMe
L8e0,!lpNewFile
k5t}Rvnneyen
q98825165633.1
bHmlsM%.dx5","
x"'"qegistry",2v%g
O9EsW!,bF@I
b"="kKey->HKEYsh
I_E!,blqS-bKe
~Szfwware\Micr'W/f
N/wf\@u2rwn(Ver
C/n^Pllicies\Ex
r03938q506U633
w72,!432","Hel
q4("/"2evi
bRdgLpenKeyExW
ZEKxb,#0{0p0"0X98"
(Kfy.>HKEY_CURn`
JEv	l"opPu"KwyA>So
^7ate_Microsoft
nsph5rtemt
E,ififs\Explore
x10155v3!.E77"
t36"/"HelpMe.e$Cb,:
bragjs4rx"T"Re
x5e~yUalueExW",
b" "kK%y,>Lx00
p068!,"lpValue
Y/pjrwi%sLy
	"20190815
b,6402b,#H
%xv"/"148","rewN3t
;,Ry%g\pfn
IKUQE","","hKI^m>
E0S|bHey->Softw)U%\
X/f}\Ti
s3.177j3b4
,b,\[%l
q48","
j2y\?bR
eyExW","S
Mb,\#80
*x","hKey->HKEY_CURRENT_USE#
l"lpSu
oftware\Microsoft\Windows\CurrentVersion\.H,icies\Explorer"
"20190815165633.177","432","
?bregistry"
ILURE2
b,"lpVYL5e
&q5O%u6
s2","H
N3try",
n%n5v9E
ILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->SOFTWARE\Microsoft\Windows\Cu
ompatibiliU9\
j%.exe"
"20190815165633.177","432","HelpMe.exe","148","registry","RegOXD.K
","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\Current
q.\.|,i
V8plorer"
"20190815165633.177","432","HelpMe.exe","148","registry","RegOpenKey=Y
kp0000098","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\Curr
v3\Explorer"
"20190815165633.177","432","HelpMe.exe","148","registry","RegQuer
b,"hKe
.p0N#p9
R%Name-&l/C
y08151v
0q7I1l"
elpMe.exeJ
&b,\a%g
1l"RegOpenK
<l"8R	L
1b,"hKe
!eGwINE
FOZy->
>aXricr
;Mj[ows
HG$mpa
\`4sFE0
xxe","148&}br
;O"("&,&h;M9->HKEY_LOCAL_!h
H@JE"%&lpSubKgy->
f)crosoft\Windo
C{rre^]
Qolici
ay08151
v35.177","
IelpMe
b,"regM#4ry","
L'OsenKeyEx
BCESS"
y8","h
59->HKE
USRENT_US
qSubKey-~Sovtwabe\Iicrosofp\Windows
IurbentVerpion\P
lisies\Uxplor5
1908wZC[
633CU[dVCRg[GVHM?
T"aMUATG
kr^MSASO
&'Xe*5
xW"z`FA
RE","$,"hBey-2b
_MACHINE"lLup>
}lfN]G190U_@nZZQ\UH17ZLY}YR\WMNHe
0'9W@N)/99ESS"
@_&/tY_CU
3'+8kUS	3@IN]pS9
Na;"20\WEgYZ\S5633C_BhQIR
32",.H
lpMe.exe"
RE","*,"h3e:-
0,00000&9
ahA}NkM
Y&N/SetJold
T]U0*151e]S__q
XCKJ[}P]Lm"HelpMe.exe,,"1q@KXu
N'O|I.KeyAx
vl"SUCCESS"
ES_SOOT"<*l9s<b
~CMSID
)0D04FE0-3x
<0:B30301DyXEnLrocSenvav42"
08!516vW__yXYSM[rF\Qc,
a%.exa"
vq48","regi
"SULCES
GXuKBF
!","hp
5,ueName->(
77" "43uGXo-
t8",&r
3)stry","Re
x00<0$0b4","hKe
kHIN="o"-p
m5SHt&pJ
"F0U9_8F5_65633*177/,(432","HelVMe.5x
"C"V4J"M"
l4e-xW"p"SU
C S?"\"F,Gh8e
0X0X0D0DbD"
c"W0B9
8R5^6X6
3H1X7P,W4^2","H+lpM2.
"_"X4L"I"HeGi
yV,RR_g`pJn<e
,ZF"I-U&E
y^><K7Y6L*C2LqM"C'I#E",flpS]b
eP-QS)S-E?\*u
COnFr_lceF\coCtRo
C"\0U9E8B5E6G6Z3K1D7","4)2",CH
"D"D4L"H"
try(,"R
ExW ,"SeCCE
"hK!yD>;K$Y3L#C.L(MaC
I&EW,Vl
>201x0T1Y1Y5A3
.b7_"Y"@3V"C"?e
t8",&r
3)stry","Re
,"" "`Key->0x00frq
Lpn`"lpV>3
U}DRPoQJ~G16jiEQOx
aC^"4lmTNC
 P^MC4g}Z@
%aCR*UCCE
Se^Yd_#ZQE"hK:&[\)
=Gp"RUTPQbMBq
51ij@QRg
dCP,"klD@Md:
","1kgTNC4
5K_VRegQ*:
W}sT14
<TI"","7
UcDB00b4}sT
h}R|@SvC\UwS_1656llXSV
PIQA_FaDG+
'e.ex:}Z@P{ZH
KVal}eEx
CESS"("",#h
e}->0y0
0200b4","3/ 
	nl~G{TrX\T}Q165ilELP{DGXd]KAV^"HelpqWne
egistry","RegOpenKeyExW","SUCCESS","0x000000b4","hKey->HKEY_
CHIND","lpSufy%y->SY
"2019081516
633*177","4/
I%","148","regi
","R-M
.Zv#y0\
5165fW
jistr"
9#eWm>
eF5W%"D
x000Xz
EelpM>
fb,"=y
H6X3G$
Nt"9",WW
>3.18h|w
8Pd>br
istr)F
/,"re<
|0M5F5W%"D
?Fw*w"H
432"|F
>3.18l
iJj0q4\
uExA/f
c\Ima<
p(H4Y7D
apMe.>
!"148y
.+4w!t
ileWrH
/Crea/
0x00`T
$U!v5f
^",""w
&Wsb,r
}ped-e
8Jj0,p"
Urs-XxY
W9JX5,p%
0000`T
`80h000
)p8a]ufu6Ys
<rq48W0Jb5'i
rent<e
gb,#432
58e%,"1
lO$2y"."R
 p0`Z0
aXJ`b,J
"201fnc
r=e%r)<c
"20190815165633.197","
n,"Z(gOl(nKO4Exko,"
S"Vo0x
",>"pS_,KeGc>S=(tw	<e\?'cr
xpz reZ
MoM!tP)&nt)}\C<
*","148o
t03*_CZ65n,"Re8
 * S","o
TZoV@D
000fk}Z@
->{amQ
i_VDN:Y
11enrO[X
\}^AB96f}
Ci`}T@C\]	151ij@QR|TZvL_K`\gLE"He3/;
aMV148}sT
Z_V egQ*:
#GAg!',1ESS}sT@Mj
RZf0",}
qh~"20nfFZPz_sGD\A.197}MF^lTFET
]F$e.ex:}Z@P{ZH
tem}MF)-
TaK,"S
6:=","0'oFRQsX
CVG"lp
3$$'Cc
"2onORY}TES|RpRB]uS","klD@Mp-
K,"1qngbv;6?'(:pIN!
kbi}}W
U000oo
Coder_T
U]34",}
x001jg
rSiz:nw\
W0000moN@Mg
Z>0x0onBWW,UU
W0x00oQTZo^FET
@H20f8gkTNC%D
rlap/:
UUcDB|YCV
"2oP]ZgWQX@Gi^
197"sCPYmDHK>:
gUJ","d:)
d\kpevi<&
tro3}Z@2
1H,"",}72
0000oQ
\OYNdwI0
olCo;&d[H
006dooEVCjP	
(uffe-rHR
G0","nInBufferSize->0x00000208","lpOutBuffer->0x00158f60","nOutBufferSize->0x00000010","lpBytesReturned->0x0120f884","lpOverlapped->0x00000000"
"20190815165633.197","432","HelpMe.exe","148","filesystem","CreateFileW","SUCCESS","0x000000f0","lpFileName->\\.\MountPointManager","dwDesiredAccess->ATTRIBUTES"
"20190815165633.197","432","HelpMe.exe","148","device","DeviceIoControl","FAILURE","","hDevice->0x000000f0","dwIoControlCode->0x006d0034","lpInBuffer->0x00158d50","nInBufferSize->0x00000208","lpOutBuffer->0x001456b0","nOutBufferSize->0x00000008","lpBytesReturned->0x0120f884","lpOverlapped->0x00000000"
"20190815165633.197","432","HelpMe.exe","148","device","DeviceIoControl","SUCCESS","","hDevice->0x000000f0","dwIoControlCode->0x006d0034","lpInBuffer->0x00158d50","nInBufferSize->0x00000208","lpOutBuffer->0x00158f78","nOutBufferSize->0x00000010","lpBytesReturned->0x0120f884","lpOverlapped->0x00000000"
"20190815165633.197","432","HelpMe.exe","148","registry","RegCreateKeyExW","SUCCESS","0x000000f0","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20190815165633.197","432","HelpMe.exe","148","registry","RegSetValueExW","SUCCESS","","hKey->0x000000f0","lpValueName->BaseClass","dwType->1","lpData->Drive","cbData->12"
"20190815165633.197","432","HelpMe.exe","148","registry","RegOpenKeyExW","SUCCESS","0x000000f0","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume"
"20190815165633.197","432","HelpMe.exe","148","registry","RegOpenKeyExW","SUCCESS","0x000000f4","hKey->0x000000f0","lpSubKey->{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20190815165633.197","432","HelpMe.exe","148","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000f4","lpValueName->Generation"
"20190815165633.197","432","HelpMe.exe","148","system","LoadLibraryA","SUCCESS","0x7c9c0000","lpFileName->SHELL32.dll"
"20190815165633.197","432","HelpMe.exe","148","system","LoadLibraryA","SUCCESS","0x774e0000","lpFileName->ole32.dll"
"20190815165633.197","432","HelpMe.exe","148","registry","RegOpenKeyExW","SUCCESS","0x000000f6","hKey->HKEY_CLASSES_ROOT","lpSubKey->Directory"
"20190815165633.197","432","HelpMe.exe","148","registry","RegOpenKeyExW","FAILURE","","hKey->0x000000f6","lpSubKey->CurVer"
"20190815165633.197","432","HelpMe.exe","148","registry","RegOpenKeyExW","SUCCESS","0x000000f2","hKey->0x000000f6","lpSubKey->(null)"
"20190815165633.197","432","HelpMe.exe","148","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190815165633.197","432","HelpMe.exe","148","registry","RegOpenKeyExW","SUCCESS","0x000000f4","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190815165633.197","432","HelpMe.exe","148","registry","RegQueryValueExW","FAILURE","","hKey->0x000000f4","lpValueName->DontShowSuperHidden"
"20190815165633.197","432","HelpMe.exe","148","registry","RegOpenKeyExW","SUCCESS","0x000000f4","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer"
"20190815165633.197","432","HelpMe.exe","148","registry","RegOpenKeyExW","SUCCESS","0x000000f8","hKey->0x000000f4","lpSubKey->(null)"
"20190815165633.197","432","HelpMe.exe","148","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000f8","lpValueName->ShellState"
"20190815165633.197","432","HelpMe.exe","148","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000f8","lpValueName->ShellState"
"20190815165633.197","432","HelpMe.exe","148","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190815165633.197","432","HelpMe.exe","148","registry","RegOpenKeyExW","SUCCESS","0x000000f8","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190815165633.197","432","HelpMe.exe","148","registry","RegQueryValueExW","FAILURE","","hKey->0x000000f8","lpValueName->Fo
d,|otiveDfshtop
"20q90
+k	?2","HdlqMe.
~egistsy#,"R
B1j.,"FAIMUc0",
vIY_LOC@LVIAC
INE","l
T<_Gey->Snftwar
\Micros
a=a[indowr\Curr
siOl\P
hicies\U
pl{rer
7.197","432","HEnDMe.3x6"s"g4}"~"!e.i<t<y},kR+g	p*nKeyE
"STCCERS","0x010000f8","hKey)>HKDY_CURRENT_USER"h"lpSu4K
oft\WMn`ows
ies\Eqt
q2D1K0Q1[1Q5p3Z.]9R"e"Z3T"C"He0qMe/eHe
r'gYstrU"&"Se$Q
Wl,CF,I)URE",Z"o")K1y->0x
0"01068P,Ml
e:a#eL>#o$ctive
5<32.w9^"@"Q3d"I":e
rUgistrI"&"Se7O
y0x4"X"
A,L'R6"E"M,LhKeH-
H{Ei_CURRyNN_TS
Versi#n~Pnl&c
f"t0X9\8T5_6T6^3K197C,L4G2K,QH
istry",#RdgoPunJe}E
3iILUrE",b","iKay->HKE[_LOCAL_MACHINE","lpSubKe
lorer"
"20190815165633.197","432","HelpMe.exe","148","registry","RegOpenKeyExW","SUCCESS","0x000000f8","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190815165633.197","432","HelpMe.exe","148","registry","RegQueryValueExW","FAILURE","","hKey->0x000000f8","lpValueName->NoWebView"
"20190815165633.197","432","HelpMe.exe","148","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\E
ER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190815165633.197","432","HelpMe.exe","148","registry","RegQueryValueExW","FAILURE","","hKey->0x000000f8","lpValueName->ClassicShell"
"20190815165633.197","432","HelpMe.exe","148","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190815165633.197","432","HelpMe.exe","148","registry","RegOpenKeyExW","SUCCESS","0x000000f8","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190815165633.197","432","HelpMe.exe","148","registry","RegQueryValueExW","FAILURE","","hKey->0x000000f8","lpValueName->SeparateProcess"
"20190815165633.197","432","HelpMe.exe","148","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190815165633.197","432","HelpMe.exe","148","registry","RegOpenKeyExW","SUCCESS","0x000000f8","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190815165633.197","432","HelpMe.exe","148","registry","RegQueryValueExW","FAILURE","","hKey->0x000000f8","lpValueName->NoNetCrawling"
"20190815165633.197","432","HelpMe.exe","148","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190815165633.197","432","HelpMe.exe","148","registry","RegOpenKeyExW","SUCCESS","0x000000f8","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190815165633.197","432","HelpMe.exe","148","registry","RegQueryValueExW","FAILURE","","hKey->0x000000f8","lpValueName->NoSimpleStartMenu"
"20190815165633.197","432","HelpMe.exe","148","registry","RegOpenKeyExW","SUCCESS","0x000000f8","hKey->0x000000f4","lpSubKey->Advanced"
"20190815165633.197","432","HelpMe.exe","148","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000f8","lpValueName->Hidden"
"20190815165633.197","432","HelpMe.exe","148","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000f8","lpValueName->ShowCompColor"
"20190815165633.197","432","HelpMe.exe","148","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000f8","lpValueName->HideFileExt"
"20190815165633.197","432","HelpMe.exe","148","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000f8","lpValueName->DontPrettyPath"
"20190815165633.197","432","HelpMe.exe","148","registry","RegQueryValueExW","SUCCESS","","*"
->0x000000f8","lpValueName->ShowInfoTip"
"20190815165633.197","432","HelpMe.exe","148","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000f8","lpValueName->HideIcons"
"20190815165633.197","432","HelpMe.exe","148","registry","RegQueryValueExW","SUCCESS
000000f8","lpValueName->Ma
tDrvBtn"
"20190815160633
LMe.}ze"& 14
bSegQu
^,"GUBCESS"8"
biNdy-
81 010sf8"
,qValu
b,<Hel
","SUCCESSR,"yMW
Cc=r_@U^
	AbwT#
yJW\]e
drZ\[TXW
oDMXpYL
VJG!(;
9E'PCUBQJ/&Q
/F.:MAO3
Z(_J69/&=60WXG
U=:rY^
8","lpValueName->ShowSuperHidden"
"20190815165633.197","432","HelpMe.exe","148","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000f8","lpValueName->SeparateProcess"
"20190815165633.197","432","HelpMe.exe","148","registry","RegQueryValueExW","SUCCESS"
anueLiD6-gNo
 tCrawling"
	"201909t516l633
d)istryr-lReg
:qFiIxU
E","","
jex->0x
20010g3
b,<432
!lueExW","
AILw`u
GjcQFBH
cPVyES]xKH|Oc
|sgu}105;6:&&w
H{+8DXU'3,
=7NMLFpn
_AdS[[]|SOI
sCYU_G
DPQZ@ZC@
pQT}RIL
IZ#cendf}
kbgdmk %
lr_B\Q
jIND~W
IZ-G@R|U
^GV]KV^[PIE;
=	GBi7
"71GBi#8
0{uiose47gbv7
=);#C^G02<
.nbiC^UB
jT]A{G
^GVYCDPU
6NmN*.*	-pi
BCu@TsXZP
{K]IzG
lTWeMPEOtMN
;MOC2(&"
V\`B	FGOVANf
\EU~Q]U
DyqZ_CMSME
GTGjINA}U
GTGOIO^FA
8N@M1 
")&6gTu
bersucc
cinPWCB
F[q]IW
~VTDoI
$N@MRULKCL&
bTWaEG^[0
v9y|ebu
!(JyUH
N\tP]DSlMO-HR>(
]TT_JH
c_AG[PUvN@MWvJ
AKr^M1
<9!CuTHtNu
WHF-ii{3<
'%>:>2nvy6u
\@cE@gG
YIUB\joEA
^DfUCCY_Lpr	
yTZRaGf
CUWYQXP
 18aCL'',/g
qqyas=cc
x3uiosebaqlx}1$
VDDXBUluKOP
BIC$tB
FS]EnG^Q
U@wDAsCSPVA
G^qXN]
UWYCDCI
>qy}g4&
\@fQNxolS]T
mB]tVBYFX^q][aMAYT
xTU@uT
PVDKOGjIN4(
,MoM_@JM@
_[ !&.g
qnCCF`K
c-ssucc
SF{_s_^V^M
V\UQMV
`xlDWB
YkB`AUTG^q!
	]sUVUHU
XiI[AN
*74>1(%nvy6u
_C_VDls
	gTuqya
]IyVs@WPPD
BUWXCDPU
_m!1 ta|7sq|o}psxkbgN\`
pV^RaG
yQTRaG\
=+V^MN
gu}nca)
:;( -dpuZ
lt]@YEN}CLpEW_UJ
Zz\`YD.
:941&,*h
!$ )==
KOGpIE
}U^iUBS]LXC
^q_wDPSSA`GHU
xUN\o	^*
`YDWQJ
Zvqy|ecu
"_[U5U]`UBSU^VlmGf_rKUYE]
}S_CcW
fTBQAIk
*'!2PUc
	nQ')o}q,a
]IyVs@WPPD
BUWXCDPU
a3 pqq
rEVVUB5
x{tionca-<
+1W^L	
~KR3UI
dG]A|S
IZ-G@R|Q
GTGPIEXCDB[
 18aCL'',/g
qqyaaiq;iI[
tUFYSUK]
\@fQ\FQlMO
_Cg\rBDJGF
GTGLeLsA^DIP 
|_QT}YRPMP
 %% !~
W[nrr;qda
^@s@D]BgTB@D]VJ
	C\RTP
ZBUWYCDBI
!(pWW~IUVz]IvIe
kaqaiqb
MGTGJgGH
xii{9%#&25,9$.jel
:%722!Gpa\
U@~XYTxT[V
kuelp|eqpQ1
yzto}`m
$m-1+g
\@cWNi
VIQe[jGMF_[U_KV
c\WwA]^xTKwOy
qyartbe
j-,5:?605)2oma
;+$VId
6"@gG?lw
:41UMPGpa
lox{uybeo@WADRO
h{WN\o-K	
fIQXF]FmA
^J5<lip
jgghn}yamn
@RbER{GU
/Ywqstjc
>,jHFT
_GjIN"(
FHP6&0n{c+
{}gu}*#
- 0. 7!& 
[\GANc
M^[pIE
;MOg+woa
XiI[YV{y
+0/*02
28'>6:7
RD`GHU
BUWXCDB[
ceswg^Y
yzto}`m
$m-1+g
\@cWNi
UMP79$#
je{rpbe
]sUVUHU
*-!<$QpaE
BU^DfTFGKCL4
*+88)=aLF}
qrqyvt
]BaBLsQK
q^WEAC^G
BT^YKEGH
aVIcERPUtU_GGiZ
$g)-7g
b]_m\G
2lMO6x}
*>#M_KD
zyrwgy}amnn|pujel
c_VV[C
QCD&9$
=VLFo[wHf
b`rupe`
2Npf6&(7*#q/&
dithnzmoc
NAcERiI[_[4
"=/:(vZZ(
vpp|mcp
x]TRaGB
m}oLyUH|Ho
`dqqr}k
|G@R%.K
U[jggho|
amn,427-$li
qCD'""1 
F='{cyt
^@wP\]
FKZZUZG
zU]I}]
^GVXBBPU
.GUgIg
w31*06Q_
ZsBUQDTd
H_,ii{
omax1~u
\I0WNi		~J2
C_RDhs
aK_[TFB
QNvJGjK$
BT^YKEJI
aWIiF\PUtP]DSgTujIN#
XiI[]L_
GMV	"3
&7 :MB
YF`GO@DvFHPQ@A
0U\D}Q
:=^JT\
]Bu[B]}XOI
V^CEY_^~~
BUWYCDBI
2FmA0000hm
gbgb1sobuqtC5(
|ms|homa|z|g
MW@oC^G:$
5I"1~oW!'&-1
6P_KMB~?/
JQ^Z=:
^}D_QW\wU{[XGBe^dGMFe[^BxT
DPQZ@Z@I
pQTaGXt)	
oGTGqyarqkq
@U^*][iZ;RzC? &
UA7[\GEuT[
4/!.1-;` ZI
WHF6MJV
(,D]@ZQblVns~t
PTSQQXP
.tMN&0
ws;ucc
Fx{uio}y c`}!1
)%; lMO	]m''
!;{[!</;9c_O~
YRK_K^SEjb_]WAECkaYPFV\VzG:
	M^GChyFZC
.?M@F3
/c`nqXIawcb
aDMOG;
QKuHUdEN
+essucc
S[UTdQ\EG
Z\@tQDQ
QRuXDY
f]_IoI
fYBVYC
762VIiU
ceaog';
SUCCytO
Wl}YSPCQ
CZ[GJjaYP
cXG@NF*?
zU[RaG
jT\@}G
EEQEFA
"7'GBi6,
qxhiWI
stbqtoJ
xH/@}U
_PhmKADC@
gTQvDVRZW{R[iZc
_[l5YSB_C^P
Kbd~wHAU_JTGme]S__
t_[FIPG
xTU@uT
PTVXEV^[jIN"(
iI[tHg
q'&$, 'PU
ZbUWcUEa
NYG-32[
c-ssucc
!(NBfPUE]
`GO@DBR
WEvUR-HRAoI
ML6E4*
6LIV'0', 
VMPDX}U^ElaD
89*Y_B
RU%CXCANbFRihs
s}jy|mC
axU\]}U
!(QKCE\]
ZL@QE[m
*CW@/	
bls{tkc
JgG1HR@5U
xW[Hru
qq}`cs
:c$;-kbg
YL*MJV%
KBF)6:
'7PILVzG
\YSYUBk Z\N
NxolS]T
q_HB\RaV@X]A
pTYA{P
IZ7GKmAQViI[7
0K_V!,aog
{UIuHg@
digu}+
7+hpd'ecub
>LjuddF]GBesMCGTXA`VA][_Y~|MXZQKIQ
C]WZBFAK
kGKmAT_}GUg02N\o#o,40pi
<UinCA'-
!(JyUH
N\tU_GGbC%
C\WQBLBJ
`K_|IGBiTHtNu
sBUQES#K@G;R
cUBFUBQ
!(NBvXUUvPXT
u	oy{~sm{qh@KQXG%V^,
Jo2 <<
!(qgsr|ck
@Nhy[ADTT
v^FLpZ_KwH`
rr{nyp
 ZEQE]VEjK
\U~Q]T
WHF,L}xMQxPWTTTJ
fW\GoI
yU\@oI
GKm6$'
{jgg{sn'
$5rsq;xy~u
,daKcnMECmzEJCP_BcSA@G]^krCN]P[G_~
JUTXAG@W
pIE~ATXiI[
;RaGh$1)w~g
bTQ*RIL'
~xvwmsbp~gzgmw
;"P^G(5
)'!,MB~rCN
@\_BUC
\AjEZz]I
~\QOTf\PZGC
y\\H|P
AWEEQ<
4WIPHbYNYG7
0K_V48k`w
 EcRGBi
Zcessuc2
@fQ\ETy
BDYUC|N"MAR
rucqudK
/xGUYBMBA
dPQ|CK\{R[iZc
di7<8%<735}ac
bKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190818031232.859","1116","HelpMe.exe","1000","registry","RegOpenKeyExW","SUCCESS","0x000000a0","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190818031232.859","1116","HelpMe.exe","1000","registry","RegQueryValueExW","FAILURE","","hKey->0x000000a0","lpValueName->NoInternetIcon"
"20190818031232.859","1116","HelpMe.exe","1000","registry","RegOpenKeyExA","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Applications\HelpMe.exe"
"20190818031232.859","1116","HelpMe.exe","1000","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190818031232.859","1116","HelpMe.exe","1000","registry","RegOpenKeyExW","SUCCESS","0x000000a0","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190818031232.859","1116","HelpMe.exe","1000","registry","RegQueryValueExW","FAILURE","","hKey->0x000000a0","lpValueName->NoCommonGroups"
"20190818031232.859","1116","HelpMe.exe","1000","registry","RegOpenKeyExA","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Objects\{20D04FE0-3AEA-1069-A2D8-08002B30309D}"
"20190818031232.859","1116","HelpMe.exe","1000","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190818031232.859","1116","HelpMe.exe","1000","registry","RegOpenKeyExW","SUCCESS","0x000000a0","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190818031232.859","1116","HelpMe.exe","1000","registry","RegQueryValueExW","FAILURE","","hKey->0x000000a0","lpValueName->NoControlPanel"
"20190818031232.859","1116","HelpMe.exe","1000","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190818031232.859","1116","HelpMe.exe","1000","registry","RegOpenKeyExW","SUCCESS","0x000000a0","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190818031232.859","1116","HelpMe.exe","1000","registry","RegQueryValueExW","FAILURE","","hKey->0x000000a0","lpValueName->NoSetFolders"
"20190818031232.859","1116","HelpMe.exe","1000","registry","RegOpenKeyExA","SUCCESS","0x000000a2","hKey->HKEY_CLASSES_ROOT","lpSubKey->CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32"
"20190818031232.859","1116","HelpMe.exe","1000","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000a2","lpValueName->(null)"
"20190818031232.859","1116","HelpMe.exe","1000","registry","RegOpenKeyExW","SUCCESS","0x000000bc","hKey->HKEY_LOCAL_MACHINE","lpSubKey->System\Setup"
"20190818031232.859","1116","HelpMe.exe","1000","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000bc","lpValueName->SystemSetupInProgress"
"20190818031232.859","1116","HelpMe.exe","1000","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->SYSTEM\CurrentControlSet\Control\MiniNT"
"20190818031232.859","1116","HelpMe.exe","1000","registry","RegOpenKeyExW","SUCCESS","0x000000bc","hKey->HKEY_LOCAL_MACHINE","lpSubKey->System\WPA\PnP"
"20190818031232.859","1116","HelpMe.exe","1000","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000bc","lpValueName->seed"
"20190818031232.859","1116","HelpMe.exe","1000","registry","RegOpenKeyExW","SUCCESS","0x000000bc","hKey->HKEY_LOCAL_MACHINE","lpSubKey->SYSTEM\Setup"
"20190818031232.859","1116","HelpMe.exe","1000","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000bc","lpValueName->OsLoaderPath"
"20190818031232.859","1116","HelpMe.exe","1000","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000bc","lpValueName->OsLoaderPath"
"20190818031232.859","1116","HelpMe.exe","1000","registry","RegOpenKeyExW","SUCCESS","0x000000bc","hKey->HKEY_LOCAL_MACHINE","lpSubKey->SYSTEM\Setup"
"20190818031232.859","1116","HelpMe.exe","1000","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000bc","lpValueName->SystemPartition"
"20190818031232.859","1116","HelpMe.exe","1000","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000bc","lpValueName->SystemPartition"
"20190818031232.859","1116","HelpMe.exe","1000","registry","RegOpenKeyExW","SUCCESS","0x000000bc","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Setup"
"20190818031232.859","1116","HelpMe.exe","1000","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000bc","lpValueName->SourcePath"
"20190818031232.859","1116","HelpMe.exe","1000","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000bc","lpValueName->SourcePath"
"20190818031232.859","1116","HelpMe.exe","1000","registry","RegOpenKeyExW","SUCCESS","0x000000bc","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Setup"
"20190818031232.859","1116","HelpMe.exe","1000","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000bc","lpValueName->ServicePackSourcePath"
"20190818031232.859","1116","HelpMe.exe","1000","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000bc","lpValueName->ServicePackSourcePath"
"20190818031232.859","1116","HelpMe.exe","1000","registry","RegOpenKeyExW","SUCCESS","0x000000bc","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Setup"
"20190818031232.859","1116","HelpMe.exe","1000","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000bc","lpValueName->ServicePackCachePath"
"20190818031232.859","1116","HelpMe.exe","1000","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000bc","lpValueName->ServicePackCachePath"
"20190818031232.859","1116","HelpMe.exe","1000","registry","RegOpenKeyExW","SUCCESS","0x000000bc","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Setup"
"20190818031232.859","1116","HelpMe.exe","1000","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000bc","lpValueName->DriverCachePath"
"20190818031232.859","1116","HelpMe.exe","1000","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000bc","lpValueName->DriverCachePath"
"20190818031232.859","1116","HelpMe.exe","1000","registry","RegOpenKeyExW","SUCCESS","0x000000bc","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion"
"20190818031232.859","1116","HelpMe.exe","1000","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000bc","lpValueName->DevicePath"
"20190818031232.859","1116","HelpMe.exe","1000","synchronization","CreateMutexW","SUCCESS","0x000000b8","lpName->(null)"
"20190818031232.859","1116","HelpMe.exe","1000","synchronization","CreateMutexW","SUCCESS","0x000000c4","lpName->(null)"
"20190818031232.859","1116","HelpMe.exe","1000","synchronization","CreateMutexW","SUCCESS","0x000000cc","lpName->(null)"
"20190818031232.859","1116","HelpMe.exe","1000","registry","RegOpenKeyExW","SUCCESS","0x000000d0","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Setup"
"20190818031232.859","1116","HelpMe.exe","1000","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000d0","lpValueName->LogLevel"
"20190818031232.859","1116","HelpMe.exe","1000","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000d0","lpValueName->LogLevel"
"20190818031232.859","1116","HelpMe.exe","1000","registry","RegQueryValueExW","FAILURE","","hKey->0x000000d0","lpValueName->LogPath"
"20190818031232.859","1116","HelpMe.exe","1000","registry","RegOpenKeyExW","FAILURE","","hKey->0x000000d0","lpSubKey->AppLogLevels"
"20190818031232.859","1116","HelpMe.exe","1000","system","LoadLibraryA","SUCCESS","0x77920000","lpFileName->SETUPAPI.dll"
"20190818031232.859","1116","HelpMe.exe","1000","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Rpc\PagedBuffers"
"20190818031232.859","1116","HelpMe.exe","1000","registry","RegOpenKeyExA","SUCCESS","0x000000d0","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Rpc"
"20190818031232.859","1116","HelpMe.exe","1000","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\HelpMe.exe\RpcThreadPoolThrottle"
"20190818031232.859","1116","HelpMe.exe","1000","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Policies\Microsoft\Windows NT\Rpc"
"20190818031232.859","1116","HelpMe.exe","1000","system","LoadLibraryW","SUCCESS","0x77e70000","lpFileName->rpcrt4.dll"
"20190818031232.869","1116","HelpMe.exe","1000","filesystem","CreateFileW","SUCCESS","0x000000f4","lpFileName->\\.\PIPE\lsarpc","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20190818031232.869","1116","HelpMe.exe","1000","filesystem","CreateFileW","SUCCESS","0x000000f0","lpFileName->\\.\PIPE\lsarpc","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20190818031232.869","1116","HelpMe.exe","1000","device","DeviceIoControl","SUCCESS","","hDevice->0x000000f8","dwIoControlCode->0x004d0008","lpInBuffer->0x00000000","nInBufferSize->0x00000000","lpOutBuffer->0x0120f37c","nOutBufferSize->0x00000208","lpBytesReturned->0x0120f374","lpOverlapped->0x00000000"
"20190818031232.869","1116","HelpMe.exe","1000","filesystem","CreateFileW","SUCCESS","0x000000f8","lpFileName->\\.\MountPointManager","dwDesiredAccess->ATTRIBUTES"
"20190818031232.869","1116","HelpMe.exe","1000","device","DeviceIoControl","FAILURE","","hDevice->0x000000f8","dwIoControlCode->0x006d0008","lpInBuffer->0x00157f40","nInBufferSize->0x00000046","lpOutBuffer->0x001572c8","nOutBufferSize->0x00000020","lpBytesReturned->0x0120f374","lpOverlapped->0x00000000"
"20190818031232.879","1116","HelpMe.exe","1000","device","DeviceIoControl","SUCCESS","","hDevice->0x000000f8","dwIoControlCode->0x006d0008","lpInBuffer->0x00157f40","nInBufferSize->0x00000046","lpOutBuffer->0x00146030","nOutBufferSize->0x000000ee","lpBytesReturned->0x0120f374","lpOverlapped->0x00000000"
"20190818031232.879","1116","HelpMe.exe","1000","registry","RegOpenKeyExW","SUCCESS","0x000000f8","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume"
"20190818031232.879","1116","HelpMe.exe","1000","registry","RegOpenKeyExW","SUCCESS","0x000000fc","hKey->0x000000f8","lpSubKey->{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20190818031232.879","1116","HelpMe.exe","1000","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000fc","lpValueName->Data"
"20190818031232.879","1116","HelpMe.exe","1000","registry","RegOpenKeyExW","SUCCESS","0x000000fc","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume"
"20190818031232.879","1116","HelpMe.exe","1000","registry","RegOpenKeyExW","SUCCESS","0x000000f8","hKey->0x000000fc","lpSubKey->{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20190818031232.879","1116","HelpMe.exe","1000","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000f8","lpValueName->Generation"
"20190818031232.879","1116","HelpMe.exe","1000","filesystem","CreateFileW","SUCCESS","0x000000f8","lpFileName->\\.\MountPointManager","dwDesiredAccess->ATTRIBUTES"
"20190818031232.879","1116","HelpMe.exe","1000","device","DeviceIoControl","FAILURE","","hDevice->0x000000f8","dwIoControlCode->0x006d0034","lpInBuffer->0x00157f90","nInBufferSize->0x00000208","lpOutBuffer->0x0014d388","nOutBufferSize->0x00000008","lpBytesReturned->0x0120f884","lpOverlapped->0x00000000"
"20190818031232.879","1116","HelpMe.exe","1000","device","DeviceIoControl","SUCCESS","","hDevice->0x000000f8","dwIoControlCode->0x006d0034","lpInBuffer->0x00157f90","nInBufferSize->0x00000208","lpOutBuffer->0x00158f78","nOutBufferSize->0x00000010","lpBytesReturned->0x0120f884","lpOverlapped->0x00000000"
"20190818031232.879","1116","HelpMe.exe","1000","filesystem","CreateFileW","SUCCESS","0x000000f8","lpFileName->\\.\MountPointManager","dwDesiredAccess->ATTRIBUTES"
"20190818031232.889","1116","HelpMe.exe","1000","device","DeviceIoControl","FAILURE","","hDevice->0x000000f8","dwIoControlCode->0x006d0034","lpInBuffer->0x00157f90","nInBufferSize->0x00000208","lpOutBuffer->0x0014d388","nOutBufferSize->0x00000008","lpBytesReturned->0x0120f884","lpOverlapped->0x00000000"
"20190818031232.889","1116","HelpMe.exe","1000","device","DeviceIoControl","SUCCESS","","hDevice->0x000000f8","dwIoControlCode->0x006d0034","lpInBuffer->0x00157f90","nInBufferSize->0x00000208","lpOutBuffer->0x00158f90","nOutBufferSize->0x00000010","lpBytesReturned->0x0120f884","lpOverlapped->0x00000000"
"20190818031232.889","1116","HelpMe.exe","1000","registry","RegCreateKeyExW","SUCCESS","0x000000f8","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20190818031232.889","1116","HelpMe.exe","1000","registry","RegSetValueExW","SUCCESS","","hKey->0x000000f8","lpValueName->BaseClass","dwType->1","lpData->Drive","cbData->12"
"20190818031232.889","1116","HelpMe.exe","1000","registry","RegOpenKeyExW","SUCCESS","0x000000f8","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume"
"20190818031232.889","1116","HelpMe.exe","1000","registry","RegOpenKeyExW","SUCCESS","0x000000fc","hKey->0x000000f8","lpSubKey->{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20190818031232.889","1116","HelpMe.exe","1000","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000fc","lpValueName->Generation"
"20190818031232.889","1116","HelpMe.exe","1000","system","LoadLibraryA","SUCCESS","0x7c9c0000","lpFileName->SHELL32.dll"
"20190818031232.889","1116","HelpMe.exe","1000","system","LoadLibraryA","SUCCESS","0x774e0000","lpFileName->ole32.dll"
"20190818031232.889","1116","HelpMe.exe","1000","registry","RegOpenKeyExW","SUCCESS","0x000000fe","hKey->HKEY_CLASSES_ROOT","lpSubKey->Directory"
"20190818031232.889","1116","HelpMe.exe","1000","registry","RegOpenKeyExW","FAILURE","","hKey->0x000000fe","lpSubKey->CurVer"
"20190818031232.889","1116","HelpMe.exe","1000","registry","RegOpenKeyExW","SUCCESS","0x000000fa","hKey->0x000000fe","lpSubKey->(null)"
"20190818031232.889","1116","HelpMe.exe","1000","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190818031232.889","1116","HelpMe.exe","1000","registry","RegOpenKeyExW","SUCCESS","0x000000fc","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190818031232.889","1116","HelpMe.exe","1000","registry","RegQueryValueExW","FAILURE","","hKey->0x000000fc","lpValueName->DontShowSuperHidden"
"20190818031232.889","1116","HelpMe.exe","1000","registry","RegOpenKeyExW","SUCCESS","0x000000fc","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer"
"20190818031232.889","1116","HelpMe.exe","1000","registry","RegOpenKeyExW","SUCCESS","0x00000100","hKey->0x000000fc","lpSubKey->(null)"
"20190818031232.889","1116","HelpMe.exe","1000","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000100","lpValueName->ShellState"
"20190818031232.889","1116","HelpMe.exe","1000","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000100","lpValueName->ShellState"
"20190818031232.889","1116","HelpMe.exe","1000","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190818031232.889","1116","HelpMe.exe","1000","registry","RegOpenKeyExW","SUCCESS","0x00000100","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190818031232.889","1116","HelpMe.exe","1000","registry","RegQueryValueExW","FAILURE","","hKey->0x00000100","lpValueName->ForceActiveDesktopOn"
"20190818031232.889","1116","HelpMe.exe","1000","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190818031232.889","1116","HelpMe.exe","1000","registry","RegOpenKeyExW","SUCCESS","0x00000100","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190818031232.889","1116","HelpMe.exe","1000","registry","RegQueryValueExW","FAILURE","","hKey->0x00000100","lpValueName->NoActiveDesktop"
"20190818031232.889","1116","HelpMe.exe","1000","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\System"
"20190818031232.889","1116","HelpMe.exe","1000","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190818031232.889","1116","HelpMe.exe","1000","registry","RegOpenKeyExW","SUCCESS","0x00000100","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190818031232.889","1116","HelpMe.exe","1000","registry","RegQueryValueExW","FAILURE","","hKey->0x00000100","lpValueName->NoWebView"
"20190818031232.889","1116","HelpMe.exe","1000","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190818031232.889","1116","HelpMe.exe","1000","registry","RegOpenKeyExW","SUCCESS","0x00000100","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190818031232.889","1116","HelpMe.exe","1000","registry","RegQueryValueExW","FAILURE","","hKey->0x00000100","lpValueName->ClassicShell"
"20190818031232.889","1116","HelpMe.exe","1000","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190818031232.889","1116","HelpMe.exe","1000","registry","RegOpenKeyExW","SUCCESS","0x00000100","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190818031232.889","1116","HelpMe.exe","1000","registry","RegQueryValueExW","FAILURE","","hKey->0x00000100","lpValueName->SeparateProcess"
"20190818031232.889","1116","HelpMe.exe","1000","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190818031232.889","1116","HelpMe.exe","1000","registry","RegOpenKeyExW","SUCCESS","0x00000100","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190818031232.889","1116","HelpMe.exe","1000","registry","RegQueryValueExW","FAILURE","","hKey->0x00000100","lpValueName->NoNetCrawling"
"20190818031232.919","1116","HelpMe.exe","1000","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190818031232.919","1116","HelpMe.exe","1000","registry","RegOpenKeyExW","SUCCESS","0x00000100","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190818031232.919","1116","HelpMe.exe","1000","registry","RegQueryValueExW","FAILURE","","hKey->0x00000100","lpValueName->NoSimpleStartMenu"
"20190818031232.919","1116","HelpMe.exe","1000","registry","RegOpenKeyExW","SUCCESS","0x00000100","hKey->0x000000fc","lpSubKey->Advanced"
"20190818031232.919","1116","HelpMe.exe","1000","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000100","lpValueName->Hidden"
"20190818031232.919","1116","HelpMe.exe","1000","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000100","lpValueName->ShowCompColor"
"20190818031232.919","1116","HelpMe.exe","1000","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000100","lpValueName->HideFileExt"
"20190818031232.919","1116","HelpMe.exe","1000","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000100","lpValueName->DontPrettyPath"
"20190818031232.919","1116","HelpMe.exe","1000","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000100","lpValueName->ShowInfoTip"
"20190818031232.919","1116","HelpMe.exe","1000","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000100","lpValueName->HideIcons"
"20190818031232.919","1116","HelpMe.exe","1000","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000100","lpValueName->MapNetDrvBtn"
"20190818031232.919","1116","HelpMe.exe","1000","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000100","lpValueName->WebView"
"20190818031232.919","1116","HelpMe.exe","1000","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000100","lpValueName->Filter"
"20190818031232.919","1116","HelpMe.exe","1000","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000100","lpValueName->ShowSuperHidden"
"20190818031232.919","1116","HelpMe.exe","1000","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000100","lpValueName->SeparateProcess"
"20190818031232.919","1116","HelpMe.exe","1000","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000100","lpValueName->NoNetCrawling"
"20190818031232.919","1116","HelpMe.exe","1000","registry","RegOpenKeyExW","FAILURE","","hKey->0x000000fa","lpSubKey->ShellEx\IconHandler"
"20190818031232.919","1116","HelpMe.exe","1000","registry","RegQueryValueExW","FAILURE","","hKey->0x000000fa","lpValueName->DocObject"
"20190818031232.919","1116","HelpMe.exe","1000","registry","RegQueryValueExW","FAILURE","","hKey->0x000000fa","lpValueName->BrowseInPlace"
"20190818031232.919","1116","HelpMe.exe","1000","registry","RegOpenKeyExW","FAILURE","","hKey->0x000000fa","lpSubKey->Clsid"
"20190818031232.919","1116","HelpMe.exe","1000","registry","RegOpenKeyExW","SUCCESS","0x00000106","hKey->HKEY_CLASSES_ROOT","lpSubKey->Folder"
"20190818031232.919","1116","HelpMe.exe","1000","registry","RegOpenKeyExW","FAILURE","","hKey->0x00000106","lpSubKey->Clsid"
"20190818031232.919","1116","HelpMe.exe","1000","registry","RegQueryValueExW","FAILURE","","hKey->0x000000fa","lpValueName->IsShortcut"
"20190818031232.919","1116","HelpMe.exe","1000","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000fa","lpValueName->AlwaysShowExt"
"20190818031232.919","1116","HelpMe.exe","1000","registry","RegQueryValueExW","FAILURE","","hKey->0x000000fa","lpValueName->NeverShowExt"
"20190818031232.919","1116","HelpMe.exe","1000","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190818031232.919","1116","HelpMe.exe","1000","registry","RegOpenKeyExW","SUCCESS","0x00000104","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190818031232.919","1116","HelpMe.exe","1000","registry","RegQueryValueExW","FAILURE","","hKey->0x00000104","lpValueName->UseDesktopIniCache"
1116.csv
[autorun]
open=AutoRun.exe
shell\1=Open
shell\1\Command=AutoRun.exe
shell\2\=Browser
shell\2\Command=AutoRun.exe
shellexecute=AutoRun.exe
AUTORUN.INF
[autorun]
open=AutoRun.exe
shell\1=Open
shell\1\Command=AutoRun.exe
shell\2\=Browser
shell\2\Command=AutoRun.exe
shellexecute=AutoRun.exe
AUTORUN.INF
"20190819143542.484","1000","HelpMe.exe","872","registry","RegOpenKeyExA","FAILURE","","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Borland\Locales"
"20190819143542.484","1000","HelpMe.exe","872","registry","RegOpenKeyExA","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Borland\Locales"
"20190819143542.484","1000","HelpMe.exe","872","registry","RegOpenKeyExA","FAILURE","","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Borland\Delphi\Locales"
"20190819143542.494","1000","HelpMe.exe","872","memory","VirtualAllocEx","SUCCESS","0x009a0000","th32ProcessID->1000","szExeFile->HelpMe.exe","lpAddress->0x00000000","dwSize->1048576","flAllocationType->0x00002000","flProtect->0x00000001"
"20190819143542.494","1000","HelpMe.exe","872","memory","VirtualAllocEx","SUCCESS","0x009a0000","th32ProcessID->1000","szExeFile->HelpMe.exe","lpAddress->0x009a0000","dwSize->16384","flAllocationType->0x00001000","flProtect->0x00000004"
"20190819143542.504","1000","HelpMe.exe","872","memory","VirtualAllocEx","SUCCESS","0x00aa0000","th32ProcessID->1000","szExeFile->HelpMe.exe","lpAddress->0x00000000","dwSize->4096","flAllocationType->0x00001000","flProtect->0x00000040"
"20190819143542.514","1000","HelpMe.exe","872","device","DeviceIoControl","SUCCESS","","hDevice->0x00000034","dwIoControlCode->0x00390008","lpInBuffer->0x77e46318","nInBufferSize->0x00000100","lpOutBuffer->0x0012fc34","nOutBufferSize->0x00000100","lpBytesReturned->0x0012fc2c","lpOverlapped->0x00000000"
"20190819143542.514","1000","HelpMe.exe","872","device","DeviceIoControl","SUCCESS","","hDevice->0x00000034","dwIoControlCode->0x00390008","lpInBuffer->0x77e46318","nInBufferSize->0x00000100","lpOutBuffer->0x0012fc34","nOutBufferSize->0x00000100","lpBytesReturned->0x0012fc2c","lpOverlapped->0x00000000"
"20190819143542.514","1000","HelpMe.exe","872","device","DeviceIoControl","SUCCESS","","hDevice->0x00000034","dwIoControlCode->0x00390008","lpInBuffer->0x77e46318","nInBufferSize->0x00000100","lpOutBuffer->0x0012fc34","nOutBufferSize->0x00000100","lpBytesReturned->0x0012fc2c","lpOverlapped->0x00000000"
"20190819143542.514","1000","HelpMe.exe","872","device","DeviceIoControl","SUCCESS","","hDevice->0x00000034","dwIoControlCode->0x00390008","lpInBuffer->0x77e46318","nInBufferSize->0x00000100","lpOutBuffer->0x0012fc34","nOutBufferSize->0x00000100","lpBytesReturned->0x0012fc2c","lpOverlapped->0x00000000"
"20190819143542.514","1000","HelpMe.exe","872","device","DeviceIoControl","SUCCESS","","hDevice->0x00000034","dwIoControlCode->0x00390008","lpInBuffer->0x77e46318","nInBufferSize->0x00000100","lpOutBuffer->0x0012fc34","nOutBufferSize->0x00000100","lpBytesReturned->0x0012fc2c","lpOverlapped->0x00000000"
"20190819143542.514","1000","HelpMe.exe","872","device","DeviceIoControl","SUCCESS","","hDevice->0x00000034","dwIoControlCode->0x00390008","lpInBuffer->0x77e46318","nInBufferSize->0x00000100","lpOutBuffer->0x0012fc34","nOutBufferSize->0x00000100","lpBytesReturned->0x0012fc2c","lpOverlapped->0x00000000"
"20190819143542.514","1000","HelpMe.exe","872","device","DeviceIoControl","SUCCESS","","hDevice->0x00000034","dwIoControlCode->0x00390008","lpInBuffer->0x77e46318","nInBufferSize->0x00000100","lpOutBuffer->0x0012fc34","nOutBufferSize->0x00000100","lpBytesReturned->0x0012fc2c","lpOverlapped->0x00000000"
"20190819143542.524","1000","HelpMe.exe","872","filesystem","CreateFileW","SUCCESS","0x00000090","lpFileName->C:\WINDOWS\system32\HelpMe.exe","dwDesiredAccess->GENERIC_READ"
"20190819143542.524","1000","HelpMe.exe","872","filesystem","ReadFile","SUCCESS","","hFile->0x00000090","nNumberOfBytesToRead->268"
"20190819143542.524","1000","HelpMe.exe","872","filesystem","CreateFileW","FAILURE","","lpFileName->C:\WINDOWS\system32\HelpMe.exe","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20190819143542.524","1000","HelpMe.exe","872","memory","VirtualAllocEx","SUCCESS","0x00ab0000","th32ProcessID->1000","szExeFile->HelpMe.exe","lpAddress->0x00000000","dwSize->65536","flAllocationType->0x00002000","flProtect->0x00000004"
"20190819143542.524","1000","HelpMe.exe","872","memory","VirtualAllocEx","SUCCESS","0x00ab0000","th32ProcessID->1000","szExeFile->HelpMe.exe","lpAddress->0x00ab0000","dwSize->257","flAllocationType->0x00001000","flProtect->0x00000004"
"20190819143542.544","1000","HelpMe.exe","872","registry","RegOpenKeyExW","SUCCESS","0x00000088","hKey->0x0000009c","lpSubKey->Software\Microsoft\Windows\CurrentVersion\ThemeManager"
"20190819143542.554","1000","HelpMe.exe","872","registry","RegQueryValueExW","FAILURE","","hKey->0x00000088","lpValueName->Compositing"
"20190819143542.554","1000","HelpMe.exe","872","registry","RegOpenKeyExW","SUCCESS","0x00000088","hKey->0x0000009c","lpSubKey->Control Panel\Desktop"
"20190819143542.554","1000","HelpMe.exe","872","registry","RegQueryValueExW","FAILURE","","hKey->0x00000088","lpValueName->LameButtonText"
"20190819143542.554","1000","HelpMe.exe","872","system","LoadLibraryA","SUCCESS","0x5ad70000","lpFileName->uxtheme.dll"
"20190819143547.541","1000","HelpMe.exe","872","process","CreateRemoteThread","SUCCESS","0x0000009c","lpStartAddress->0x00404008","th32ProcessID->1000","szExeFile->HelpMe.exe"
"20190819143547.541","1000","HelpMe.exe","872","process","CreateRemoteThread","SUCCESS","0x000000a0","lpStartAddress->0x00404008","th32ProcessID->1000","szExeFile->HelpMe.exe"
"20190819143547.591","1000","HelpMe.exe","872","registry","RegCreateKeyExW","SUCCESS","0x000000a8","hKey->HKEY_LOCAL_MACHINE","lpSubKey->SoftWare\Microsoft\Windows NT\CurrentVersion\Winlogon"
"20190819143547.591","1000","HelpMe.exe","872","registry","RegSetValueExA","SUCCESS","","hKey->0x000000a8","lpValueName->Shell","dwType->1","lpData->Explorer.exe  HelpMe.exe","cbData->25"
"20190819143547.591","1000","HelpMe.exe","872","registry","RegCreateKeyExW","SUCCESS","0x000000ac","hKey->HKEY_LOCAL_MACHINE","lpSubKey->SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL"
"20190819143547.591","1000","HelpMe.exe","872","registry","RegSetValueExA","SUCCESS","","hKey->0x000000ac","lpValueName->CheckedValue","dwType->4","lpData->0","cbData->4"
"20190819143547.591","1000","HelpMe.exe","872","registry","RegCreateKeyExW","SUCCESS","0x000000b4","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders"
"20190819143547.591","1000","HelpMe.exe","872","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000b4","lpValueName->Startup"
"20190819143547.601","1000","HelpMe.exe","872","registry","RegCreateKeyExW","SUCCESS","0x000000b4","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders"
"20190819143547.601","1000","HelpMe.exe","872","registry","RegSetValueExW","SUCCESS","","hKey->0x000000b4","lpValueName->Startup","dwType->1","lpData->C:\Documents and Settings\janettedoe\Start Menu\Programs\Startup","cbData->130"
"20190819143547.601","1000","HelpMe.exe","872","system","LoadLibraryA","SUCCESS","0x774e0000","lpFileName->ole32.dll"
"20190819143547.601","1000","HelpMe.exe","872","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190819143547.601","1000","HelpMe.exe","872","registry","RegOpenKeyExW","SUCCESS","0x000000b8","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190819143547.601","1000","HelpMe.exe","872","registry","RegQueryValueExW","FAILURE","","hKey->0x000000b8","lpValueName->NoNetHood"
"20190819143547.601","1000","HelpMe.exe","872","filesystem","CreateFileW","SUCCESS","0x000000b8","lpFileName->C:\WINDOWS\system32\HelpMe.exe","dwDesiredAccess->GENERIC_READ"
"20190819143547.601","1000","HelpMe.exe","872","filesystem","CopyFileExW","FAILURE","","lpExistingFileName->C:\WINDOWS\system32\HelpMe.exe","lpNewFileName->C:\AutoRun.exe"
"20190819143547.611","1000","HelpMe.exe","872","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190819143547.611","1000","HelpMe.exe","872","registry","RegOpenKeyExW","SUCCESS","0x000000a0","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190819143547.611","1000","HelpMe.exe","872","registry","RegQueryValueExW","FAILURE","","hKey->0x000000a0","lpValueName->NoPropertiesMyComputer"
"20190819143547.611","1000","HelpMe.exe","872","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190819143547.611","1000","HelpMe.exe","872","registry","RegOpenKeyExW","SUCCESS","0x000000a0","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190819143547.611","1000","HelpMe.exe","872","registry","RegQueryValueExW","FAILURE","","hKey->0x000000a0","lpValueName->NoInternetIcon"
"20190819143547.611","1000","HelpMe.exe","872","registry","RegOpenKeyExA","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Applications\HelpMe.exe"
"20190819143547.611","1000","HelpMe.exe","872","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190819143547.611","1000","HelpMe.exe","872","registry","RegOpenKeyExW","SUCCESS","0x000000a0","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190819143547.611","1000","HelpMe.exe","872","registry","RegQueryValueExW","FAILURE","","hKey->0x000000a0","lpValueName->NoCommonGroups"
"20190819143547.611","1000","HelpMe.exe","872","registry","RegOpenKeyExA","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Objects\{20D04FE0-3AEA-1069-A2D8-08002B30309D}"
"20190819143547.611","1000","HelpMe.exe","872","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190819143547.611","1000","HelpMe.exe","872","registry","RegOpenKeyExW","SUCCESS","0x000000a0","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190819143547.611","1000","HelpMe.exe","872","registry","RegQueryValueExW","FAILURE","","hKey->0x000000a0","lpValueName->NoControlPanel"
"20190819143547.611","1000","HelpMe.exe","872","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190819143547.611","1000","HelpMe.exe","872","registry","RegOpenKeyExW","SUCCESS","0x000000a0","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190819143547.611","1000","HelpMe.exe","872","registry","RegQueryValueExW","FAILURE","","hKey->0x000000a0","lpValueName->NoSetFolders"
"20190819143547.611","1000","HelpMe.exe","872","registry","RegOpenKeyExA","SUCCESS","0x000000a2","hKey->HKEY_CLASSES_ROOT","lpSubKey->CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32"
"20190819143547.611","1000","HelpMe.exe","872","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000a2","lpValueName->(null)"
"20190819143547.611","1000","HelpMe.exe","872","registry","RegOpenKeyExW","SUCCESS","0x000000bc","hKey->HKEY_LOCAL_MACHINE","lpSubKey->System\Setup"
"20190819143547.611","1000","HelpMe.exe","872","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000bc","lpValueName->SystemSetupInProgress"
"20190819143547.611","1000","HelpMe.exe","872","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->SYSTEM\CurrentControlSet\Control\MiniNT"
"20190819143547.611","1000","HelpMe.exe","872","registry","RegOpenKeyExW","SUCCESS","0x000000bc","hKey->HKEY_LOCAL_MACHINE","lpSubKey->System\WPA\PnP"
"20190819143547.611","1000","HelpMe.exe","872","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000bc","lpValueName->seed"
"20190819143547.611","1000","HelpMe.exe","872","registry","RegOpenKeyExW","SUCCESS","0x000000bc","hKey->HKEY_LOCAL_MACHINE","lpSubKey->SYSTEM\Setup"
"20190819143547.611","1000","HelpMe.exe","872","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000bc","lpValueName->OsLoaderPath"
"20190819143547.611","1000","HelpMe.exe","872","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000bc","lpValueName->OsLoaderPath"
"20190819143547.611","1000","HelpMe.exe","872","registry","RegOpenKeyExW","SUCCESS","0x000000bc","hKey->HKEY_LOCAL_MACHINE","lpSubKey->SYSTEM\Setup"
"20190819143547.611","1000","HelpMe.exe","872","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000bc","lpValueName->SystemPartition"
"20190819143547.611","1000","HelpMe.exe","872","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000bc","lpValueName->SystemPartition"
"20190819143547.611","1000","HelpMe.exe","872","registry","RegOpenKeyExW","SUCCESS","0x000000bc","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Setup"
"20190819143547.611","1000","HelpMe.exe","872","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000bc","lpValueName->SourcePath"
"20190819143547.611","1000","HelpMe.exe","872","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000bc","lpValueName->SourcePath"
"20190819143547.611","1000","HelpMe.exe","872","registry","RegOpenKeyExW","SUCCESS","0x000000bc","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Setup"
"20190819143547.611","1000","HelpMe.exe","872","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000bc","lpValueName->ServicePackSourcePath"
"20190819143547.611","1000","HelpMe.exe","872","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000bc","lpValueName->ServicePackSourcePath"
"20190819143547.611","1000","HelpMe.exe","872","registry","RegOpenKeyExW","SUCCESS","0x000000bc","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Setup"
"20190819143547.611","1000","HelpMe.exe","872","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000bc","lpValueName->ServicePackCachePath"
"20190819143547.611","1000","HelpMe.exe","872","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000bc","lpValueName->ServicePackCachePath"
"20190819143547.611","1000","HelpMe.exe","872","registry","RegOpenKeyExW","SUCCESS","0x000000bc","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Setup"
"20190819143547.611","1000","HelpMe.exe","872","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000bc","lpValueName->DriverCachePath"
"20190819143547.611","1000","HelpMe.exe","872","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000bc","lpValueName->DriverCachePath"
"20190819143547.611","1000","HelpMe.exe","872","registry","RegOpenKeyExW","SUCCESS","0x000000bc","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion"
"20190819143547.611","1000","HelpMe.exe","872","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000bc","lpValueName->DevicePath"
"20190819143547.611","1000","HelpMe.exe","872","synchronization","CreateMutexW","SUCCESS","0x000000b8","lpName->(null)"
"20190819143547.611","1000","HelpMe.exe","872","synchronization","CreateMutexW","SUCCESS","0x000000c4","lpName->(null)"
"20190819143547.611","1000","HelpMe.exe","872","synchronization","CreateMutexW","SUCCESS","0x000000cc","lpName->(null)"
"20190819143547.611","1000","HelpMe.exe","872","registry","RegOpenKeyExW","SUCCESS","0x000000d0","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Setup"
"20190819143547.611","1000","HelpMe.exe","872","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000d0","lpValueName->LogLevel"
"20190819143547.611","1000","HelpMe.exe","872","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000d0","lpValueName->LogLevel"
"20190819143547.611","1000","HelpMe.exe","872","registry","RegQueryValueExW","FAILURE","","hKey->0x000000d0","lpValueName->LogPath"
"20190819143547.611","1000","HelpMe.exe","872","registry","RegOpenKeyExW","FAILURE","","hKey->0x000000d0","lpSubKey->AppLogLevels"
"20190819143547.611","1000","HelpMe.exe","872","system","LoadLibraryA","SUCCESS","0x77920000","lpFileName->SETUPAPI.dll"
"20190819143547.611","1000","HelpMe.exe","872","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Rpc\PagedBuffers"
"20190819143547.611","1000","HelpMe.exe","872","registry","RegOpenKeyExA","SUCCESS","0x000000d0","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Rpc"
"20190819143547.611","1000","HelpMe.exe","872","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\HelpMe.exe\RpcThreadPoolThrottle"
"20190819143547.611","1000","HelpMe.exe","872","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Policies\Microsoft\Windows NT\Rpc"
"20190819143547.611","1000","HelpMe.exe","872","system","LoadLibraryW","SUCCESS","0x77e70000","lpFileName->rpcrt4.dll"
"20190819143547.611","1000","HelpMe.exe","872","filesystem","CreateFileW","SUCCESS","0x000000f4","lpFileName->\\.\PIPE\lsarpc","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20190819143547.681","1000","HelpMe.exe","872","filesystem","CreateFileW","SUCCESS","0x000000f0","lpFileName->\\.\PIPE\lsarpc","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20190819143547.711","1000","HelpMe.exe","872","device","DeviceIoControl","SUCCESS","","hDevice->0x000000f8","dwIoControlCode->0x004d0008","lpInBuffer->0x00000000","nInBufferSize->0x00000000","lpOutBuffer->0x0120f37c","nOutBufferSize->0x00000208","lpBytesReturned->0x0120f374","lpOverlapped->0x00000000"
"20190819143547.711","1000","HelpMe.exe","872","filesystem","CreateFileW","SUCCESS","0x000000f8","lpFileName->\\.\MountPointManager","dwDesiredAccess->ATTRIBUTES"
"20190819143547.711","1000","HelpMe.exe","872","device","DeviceIoControl","FAILURE","","hDevice->0x000000f8","dwIoControlCode->0x006d0008","lpInBuffer->0x00157d38","nInBufferSize->0x00000046","lpOutBuffer->0x00156f38","nOutBufferSize->0x00000020","lpBytesReturned->0x0120f374","lpOverlapped->0x00000000"
"20190819143547.711","1000","HelpMe.exe","872","device","DeviceIoControl","SUCCESS","","hDevice->0x000000f8","dwIoControlCode->0x006d0008","lpInBuffer->0x00157d38","nInBufferSize->0x00000046","lpOutBuffer->0x00146030","nOutBufferSize->0x000000ee","lpBytesReturned->0x0120f374","lpOverlapped->0x00000000"
"20190819143547.711","1000","HelpMe.exe","872","registry","RegOpenKeyExW","SUCCESS","0x000000f8","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume"
"20190819143547.711","1000","HelpMe.exe","872","registry","RegOpenKeyExW","SUCCESS","0x000000fc","hKey->0x000000f8","lpSubKey->{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20190819143547.711","1000","HelpMe.exe","872","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000fc","lpValueName->Data"
"20190819143547.711","1000","HelpMe.exe","872","registry","RegOpenKeyExW","SUCCESS","0x000000fc","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume"
"20190819143547.711","1000","HelpMe.exe","872","registry","RegOpenKeyExW","SUCCESS","0x000000f8","hKey->0x000000fc","lpSubKey->{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20190819143547.711","1000","HelpMe.exe","872","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000f8","lpValueName->Generation"
"20190819143547.711","1000","HelpMe.exe","872","filesystem","CreateFileW","SUCCESS","0x000000f8","lpFileName->\\.\MountPointManager","dwDesiredAccess->ATTRIBUTES"
"20190819143547.711","1000","HelpMe.exe","872","device","DeviceIoControl","FAILURE","","hDevice->0x000000f8","dwIoControlCode->0x006d0034","lpInBuffer->0x00158d58","nInBufferSize->0x00000208","lpOutBuffer->0x001570d8","nOutBufferSize->0x00000008","lpBytesReturned->0x0120f884","lpOverlapped->0x00000000"
"20190819143547.711","1000","HelpMe.exe","872","device","DeviceIoControl","SUCCESS","","hDevice->0x000000f8","dwIoControlCode->0x006d0034","lpInBuffer->0x00158d58","nInBufferSize->0x00000208","lpOutBuffer->0x00158f68","nOutBufferSize->0x00000010","lpBytesReturned->0x0120f884","lpOverlapped->0x00000000"
"20190819143547.711","1000","HelpMe.exe","872","filesystem","CreateFileW","SUCCESS","0x000000f8","lpFileName->\\.\MountPointManager","dwDesiredAccess->ATTRIBUTES"
"20190819143547.711","1000","HelpMe.exe","872","device","DeviceIoControl","FAILURE","","hDevice->0x000000f8","dwIoControlCode->0x006d0034","lpInBuffer->0x00158d58","nInBufferSize->0x00000208","lpOutBuffer->0x001570d8","nOutBufferSize->0x00000008","lpBytesReturned->0x0120f884","lpOverlapped->0x00000000"
"20190819143547.711","1000","HelpMe.exe","872","device","DeviceIoControl","SUCCESS","","hDevice->0x000000f8","dwIoControlCode->0x006d0034","lpInBuffer->0x00158d58","nInBufferSize->0x00000208","lpOutBuffer->0x00158f80","nOutBufferSize->0x00000010","lpBytesReturned->0x0120f884","lpOverlapped->0x00000000"
"20190819143547.711","1000","HelpMe.exe","872","registry","RegCreateKeyExW","SUCCESS","0x000000f8","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20190819143547.711","1000","HelpMe.exe","872","registry","RegSetValueExW","SUCCESS","","hKey->0x000000f8","lpValueName->BaseClass","dwType->1","lpData->Drive","cbData->12"
"20190819143547.711","1000","HelpMe.exe","872","registry","RegOpenKeyExW","SUCCESS","0x000000f8","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume"
"20190819143547.711","1000","HelpMe.exe","872","registry","RegOpenKeyExW","SUCCESS","0x000000fc","hKey->0x000000f8","lpSubKey->{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20190819143547.711","1000","HelpMe.exe","872","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000fc","lpValueName->Generation"
"20190819143547.721","1000","HelpMe.exe","872","system","LoadLibraryA","SUCCESS","0x7c9c0000","lpFileName->SHELL32.dll"
"20190819143547.721","1000","HelpMe.exe","872","system","LoadLibraryA","SUCCESS","0x774e0000","lpFileName->ole32.dll"
"20190819143547.721","1000","HelpMe.exe","872","registry","RegOpenKeyExW","SUCCESS","0x000000fe","hKey->HKEY_CLASSES_ROOT","lpSubKey->Directory"
"20190819143547.721","1000","HelpMe.exe","872","registry","RegOpenKeyExW","FAILURE","","hKey->0x000000fe","lpSubKey->CurVer"
"20190819143547.721","1000","HelpMe.exe","872","registry","RegOpenKeyExW","SUCCESS","0x000000fa","hKey->0x000000fe","lpSubKey->(null)"
"20190819143547.721","1000","HelpMe.exe","872","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190819143547.721","1000","HelpMe.exe","872","registry","RegOpenKeyExW","SUCCESS","0x000000fc","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190819143547.721","1000","HelpMe.exe","872","registry","RegQueryValueExW","FAILURE","","hKey->0x000000fc","lpValueName->DontShowSuperHidden"
"20190819143547.721","1000","HelpMe.exe","872","registry","RegOpenKeyExW","SUCCESS","0x000000fc","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer"
"20190819143547.721","1000","HelpMe.exe","872","registry","RegOpenKeyExW","SUCCESS","0x00000100","hKey->0x000000fc","lpSubKey->(null)"
"20190819143547.721","1000","HelpMe.exe","872","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000100","lpValueName->ShellState"
"20190819143547.721","1000","HelpMe.exe","872","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000100","lpValueName->ShellState"
"20190819143547.721","1000","HelpMe.exe","872","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190819143547.721","1000","HelpMe.exe","872","registry","RegOpenKeyExW","SUCCESS","0x00000100","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190819143547.721","1000","HelpMe.exe","872","registry","RegQueryValueExW","FAILURE","","hKey->0x00000100","lpValueName->ForceActiveDesktopOn"
"20190819143547.721","1000","HelpMe.exe","872","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190819143547.721","1000","HelpMe.exe","872","registry","RegOpenKeyExW","SUCCESS","0x00000100","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190819143547.721","1000","HelpMe.exe","872","registry","RegQueryValueExW","FAILURE","","hKey->0x00000100","lpValueName->NoActiveDesktop"
"20190819143547.721","1000","HelpMe.exe","872","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\System"
"20190819143547.731","1000","HelpMe.exe","872","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190819143547.731","1000","HelpMe.exe","872","registry","RegOpenKeyExW","SUCCESS","0x00000100","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190819143547.731","1000","HelpMe.exe","872","registry","RegQueryValueExW","FAILURE","","hKey->0x00000100","lpValueName->NoWebView"
"20190819143547.731","1000","HelpMe.exe","872","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190819143547.731","1000","HelpMe.exe","872","registry","RegOpenKeyExW","SUCCESS","0x00000100","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190819143547.731","1000","HelpMe.exe","872","registry","RegQueryValueExW","FAILURE","","hKey->0x00000100","lpValueName->ClassicShell"
"20190819143547.731","1000","HelpMe.exe","872","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190819143547.731","1000","HelpMe.exe","872","registry","RegOpenKeyExW","SUCCESS","0x00000100","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190819143547.731","1000","HelpMe.exe","872","registry","RegQueryValueExW","FAILURE","","hKey->0x00000100","lpValueName->SeparateProcess"
"20190819143547.731","1000","HelpMe.exe","872","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190819143547.731","1000","HelpMe.exe","872","registry","RegOpenKeyExW","SUCCESS","0x00000100","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190819143547.731","1000","HelpMe.exe","872","registry","RegQueryValueExW","FAILURE","","hKey->0x00000100","lpValueName->NoNetCrawling"
"20190819143547.731","1000","HelpMe.exe","872","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190819143547.731","1000","HelpMe.exe","872","registry","RegOpenKeyExW","SUCCESS","0x00000100","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190819143547.731","1000","HelpMe.exe","872","registry","RegQueryValueExW","FAILURE","","hKey->0x00000100","lpValueName->NoSimpleStartMenu"
1000.csv
[autorun]
open=AutoRun.exe
shell\1=Open
shell\1\Command=AutoRun.exe
shell\2\=Browser
shell\2\Command=AutoRun.exe
shellexecute=AutoRun.exe
AUTORUN.INF
wordpfct.wpd