Sample details: f293348402d1d7804e0b5eeb4c6047bc --

Hashes
MD5: f293348402d1d7804e0b5eeb4c6047bc
SHA1: 192699b43abeaf1510e18594a7a621fe77cea110
SHA256: 5a50389039f347f523110d02fa715cfcb80525eca670fad28c22cb8005f81d89
SSDEEP: 24576:TEtl9mRda1cSGB2uJ2s4otqFCJrW9FqvSbqsHasgXhFHDAGtlRXZ+CP63n0NuJvp:oEs1hD
Details
File Type: PE32
Yara Hits
YRP/Borland_Delphi_40_additional | YRP/Microsoft_Visual_Cpp_v50v60_MFC | YRP/Borland_Delphi_30_additional | YRP/Borland_Delphi_30_ | YRP/Borland_Delphi_Setup_Module | YRP/Borland_Delphi_40 | YRP/Borland_Delphi_v40_v50 | YRP/BobSoft_Mini_Delphi_BoB_BobSoft_additional | YRP/Borland_Delphi_v60_v70 | YRP/Borland_Delphi_v30 | YRP/Borland_Delphi_DLL | YRP/Borland | YRP/BobSoftMiniDelphiBoBBobSoft | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/HasOverlay | YRP/borland_delphi | YRP/domain | YRP/url | YRP/contentis_base64 | YRP/maldoc_OLE_file_magic_number | YRP/Browsers | YRP/Dropper_Strings | YRP/SEH__vba | YRP/anti_dbg | YRP/network_dropper | YRP/screenshot | YRP/keylogger | YRP/spreading_file | YRP/win_mutex | YRP/win_registry | YRP/win_private_profile | YRP/win_files_operation | YRP/win_hook | YRP/Big_Numbers3 | YRP/Delphi_FormShow | YRP/Delphi_CompareCall | YRP/Delphi_Copy | YRP/Delphi_StrToInt | YRP/Delphi_DecodeDate | YRP/Str_Win32_Winsock2_Library | YRP/Str_Win32_Wininet_Library | YRP/Str_Win32_Internet_API | YRP/suspicious_packer_section | YRP/CAP_HookExKeylogger |
Strings
		<*t"<0r=<9w9i
INFNAN
$*@@@*$@@@$ *@@* $@@($*)@-$*@@$-*@@$*-@@(*$)@-*$@@*-$@@*$-@@-* $@-$ *@* $-@$ *-@$ -*@*- $@($ *)(* $)
_^[YY]
t%HtIHtm
_^[YY]
$Z]_^[
QQQQQQSVW3
QQQQQSVW
_^[YY]
	TErrorRec
TExceptRec
YZ]_^[
m/d/yy
mmmm d, yyyy
:mm:ss
kernel32.dll
GetDiskFreeSpaceExA
(Z]_^[
oleaut32.dll
VariantChangeTypeEx
VarNeg
VarNot
VarAdd
VarSub
VarMul
VarDiv
VarIdiv
VarMod
VarAnd
VarXor
VarCmp
VarI4FromStr
VarR4FromStr
VarR8FromStr
VarDateFromStr
VarCyFromStr
VarBoolFromStr
VarBstrFromCy
VarBstrFromDate
VarBstrFromBool
TCustomVariantType
TCustomVariantType
Variants
EVariantInvalidOpError
EVariantTypeCastError
EVariantOverflowError
EVariantInvalidArgErrorp
EVariantBadVarTypeError
EVariantBadIndexError
EVariantArrayLockedError
EVariantArrayCreateError
EVariantNotImplError
EVariantOutOfMemoryError
EVariantUnexpectedError8
EVariantDispatchError
_^[YY]
QQQQSV
Smallint
Integer
Single
Double
Currency
OleStr
Dispatch
Boolean
Variant
Unknown
Decimal
ShortInt
LongWord
String
Array 
ByRef 
Variants
_^[YY]
_^[YY]
tagEXCEPINFO 
TAlignment
taLeftJustify
taRightJustify
taCenter
Classes
	TBiDiMode
bdLeftToRight
bdRightToLeft
bdRightToLeftNoAlign
bdRightToLeftReadingOnly
Classes
ssShift
ssCtrl
ssLeft
ssRight
ssMiddle
ssDouble
Classes
TShiftState
THelpContext
	THelpType
	htKeyword	htContext
Classes
	TShortCut
TNotifyEvent
Sender
TObject
EStreamError
EFileStreamError
EFCreateError
EFOpenError
EFilerError8OA
EReadError
EWriteError
EClassNotFound
EResNotFound
EListError
EBitsError
EStringListError
EComponentError
EOutOfResourceshRA
EInvalidOperation
TThreadList
TPersistent
TPersistent
Classes
TInterfacedPersistent
TInterfacedPersistent
Classes
IStringsAdapter$
Classes
TStrings
TStrings
Classes
TStringItem
TStringList
TStringList
Classes
TStreamlXA
THandleStream
TFileStreamXYA
TCustomMemoryStream
TMemoryStream
TResourceStream
TStreamAdapter
TClassFinder
TFiler
TReader
EThread
TThread
TComponentName0^A
IDesignerNotify$
Classes
TComponent
TComponentX_A
Classes
TBasicActionLink
TBasicAction
TBasicAction8aA
Classes
TIdentMapEntry
	TRegGroup
TRegGroups
YZ]_^[
$Z]_^[
$Z]_^[
_^[YY]
	TIntConst
_^[YY]
Strings
S$_^[Y]
_^[YY]
SdZ]_^[
$Z]_^[
TPropFixup
TPropIntfFixup
_^[YY]
_^[YY]
Classes
_^[YY]
_^[YY]
QQQQQQQS
R0_^[]
_^[YY]
S	_^[]
TPUtilWindow
TColor
EInvalidGraphicp
EInvalidGraphicOperation
TFontPitch
	fpDefault
fpVariable
fpFixed
Graphics
	TFontName
TFontCharset
TFontStyle
fsBold
fsItalic
fsUnderline
fsStrikeOut
Graphics
TFontStyles
	TPenStyle
psSolid
psDash
psDot	psDashDot
psDashDotDot
psClear
psInsideFrame
Graphics
TPenMode
pmBlack
pmWhite
pmCopy	pmNotCopy
pmMergePenNot
pmMaskPenNot
pmMergeNotPen
pmMaskNotPen
pmMerge
pmNotMerge
pmMask	pmNotMask
pmNotXor
Graphics
TBrushStyle
bsSolid
bsClear
bsHorizontal
bsVertical
bsFDiagonal
bsBDiagonal
bsCross
bsDiagCross
Graphics
TGraphicsObjectx
TGraphicsObjectP
Graphics
IChangeNotifier$
Graphics
TFontT
TFont$
Graphics
Charset
Color<
Height
Pitch<
Graphics
Style<
TBrush
TBrush
Graphics
TCanvas
TCanvasd
Graphics
Brush<
CopyModeP
TProgressStage
psStarting	psRunning
psEnding
Graphicst
TProgressEvent
Sender
TObject
TProgressStage
PercentDone
	RedrawNow
Boolean
String
TGraphic
TGraphic
Graphics
TPicture
TPicture
Graphics
TSharedImage
TMetafileImage
	TMetafile
	TMetafile
Graphics
TBitmapImage
TBitmap<
TBitmap
Graphics
TIconImage
Graphics
TResourceManager
_^[YY]
clBlack
clMaroon
clGreen
clOlive
clNavy
clPurple
clTeal
clGray
clSilver
clLime
clYellow
clBlue
clFuchsia
clAqua
clWhite
clMoneyGreen
clSkyBlue
clCream
clMedGray
clActiveBorder
clActiveCaption
clAppWorkSpace
clBackground
clBtnFace
clBtnHighlight
clBtnShadow
clBtnText
clCaptionText
clDefault
clGradientActiveCaption
clGradientInactiveCaption
clGrayText
clHighlight
clHighlightText
clHotLight
clInactiveBorder
clInactiveCaption
clInactiveCaptionText
clInfoBk
clInfoText
clMenu
clMenuBar
clMenuHighlight
clMenuText
clNone
clScrollBar
cl3DDkShadow
cl3DLight
clWindow
clWindowFrame
clWindowText
ANSI_CHARSET
DEFAULT_CHARSET
SYMBOL_CHARSET
MAC_CHARSET
SHIFTJIS_CHARSET
HANGEUL_CHARSET
JOHAB_CHARSET
GB2312_CHARSET
CHINESEBIG5_CHARSET
GREEK_CHARSET
TURKISH_CHARSET
HEBREW_CHARSET
ARABIC_CHARSET
BALTIC_CHARSET
RUSSIAN_CHARSET
THAI_CHARSET
EASTEUROPE_CHARSET
OEM_CHARSET
Default
E$PVSj
_^[YY]
C ;C$s
TFileFormat
TFileFormatsList
QQQQSV
TClipboardFormats
_^[YY]
kD$TdP
kD$PdP
D$LPkD$XdPV
D$HPkD$TdPV
|$( EMFt
TBitmapCanvas
TBitmapCanvas
Graphics
_^[YY]
s(;~ t8
C(_^[Y]
TPatternManagerSV
_^[YY]
TObjectList
TOrderedList
TStack
GetMonitorInfoA
GetSystemMetrics
MonitorFromRect
MonitorFromWindow
MonitorFromPoint
GetMonitorInfo
DISPLAY
GetMonitorInfoA
DISPLAY
GetMonitorInfoW
DISPLAY
EnumDisplayMonitors
USER32.DLL
IHelpSelector$
:	HelpIntfs
IHelpSystem$
:	HelpIntfs
ICustomHelpViewer$
:	HelpIntfs	
IExtendedHelpViewer
:	HelpIntfs
ISpecialWinHelpViewer
:	HelpIntfs
IHelpManager$
:	HelpIntfs
EHelpSystemException
THelpViewerNode
THelpManager
$ )t8U~
'TavK9
wvc0+~G
-L6tuS
Hdme u
Pnund&k
ckg)6(
tTheme
LmVa@uM
0seU Ks 
mePar68
H1MCv<`
vU;SLqW
-Omose
Uv5n9 z
?Oc:#b
c,Tnvo
P~XYdN
x DPp	z
	Ext7h
3@UYR'
k}j<tK
Ww'){\
tkh^^[
t(	Tv,H/Al
<cZXv8+
bW^^[5
pl~;@o
o; Dt#
Qq{0g5
D"SVW3
E\a)7v
-?/W*7
#0b"-U'
gHW%n)l
hcalrb
SU,rSE,
}XhSM+U
|^'\0Y
QH^[CU
Oo0`mE
;mm4m8
TBupt:
9dPED,
,e_lddP
DcbOsW
>.r	q_ve
_bMo% 
-Am*->
aGp>vN
cb0-tN
t<9	^-
gsNrFTW
	t8HCs
d	(hO7
F4ayDv
\n)k|E
gxUch@
yzsQ@s]
{?-A`Z
(v)H*6
QQQQSVW
tgYOH`
%d8PCj
{U^6	'
{Xb7+t
 SP{T.
-<+4=D
EPZ8=(2
TM:&67qGtt8'ONLSElabl
p7ont;
!YQ&apl
ImmGdtCoVK&r{
P.Iu-&
'97ols
\*{0ar
.tB./On}qjJ9BaN=rE#6+&34
TEndDr
On_%c4
GTuG'e|2
]ource
o;kObne
8au'nu
7CBa+(e	n
QTO?0t
cty/nl-0t,K
Ssp&71
bhek5j~*>
TDragDockObj!&0
=FSq[$ez2
etd.6o-
Constrainm"
e?/>eEvent
Obj)!0
(n[\$t(
n`P'ez4IM9\
*t%)!r
5E	A2<Ha
bGT+bje
ea "r:
!CBO,(ebn
Er4n8%2t<
TMouseWheelUpD[0*EnentldI
SP.diGGT_W*ewA@
[])f$9
C_#0e<9
(*tpNL
?CT3/.e
u*3~0=n_
]ThQq@
BstNVL
TCustomImageList
c4om|-akP
UP5H`I5B
W{-g [3t
@KLb_C
BSv8cz
M"ug3Y
f_*tH2
.$|#CXJ
ventuO
`(H|v@d
D^(d'l
</t'U	
GhemNw
u	`sk=
qO(cEY
u!HH(/LWU
-K+.ex
+i:PX$
Cut>eK
Rj3Dxj
P?:S?u
Q<]_^[
@?:F?v
Q<]_^[
;~hu	3
$YZ]_^[
_^[YY]
Ih;J4u
YZ]_^[
TScrollBarInc
TScrollBarStyle
	ssRegular
ssFlat
ssHotTrack
TControlScrollBar
TControlScrollBar
ButtonSize
	Incrementh
Margin
ParentColor<
Position<
Smooth<
Style<
	ThumbSize
Tracking
Visible
TWindowState
wsNormal
wsMinimized
wsMaximized
TScrollingWinControl
TScrollingWinControlH
HorzScrollBar
VertScrollBar
TFormBorderStyle
bsNone
bsSingle
bsSizeable
bsDialog
bsToolWindow
bsSizeToolWin
Forms@
TBorderStyle
IDesignerHook,^A
Forms	
IOleForm$
TFormStyle
fsNormal
fsMDIChild	fsMDIForm
fsStayOnTop
TBorderIcon
biSystemMenu
biMinimize
biMaximize
biHelp
TBorderIcons
	TPosition
poDesigned	poDefault
poDefaultPosOnly
poDefaultSizeOnly
poScreenCenter
poDesktopCenter
poMainFormCenter
poOwnerFormCenter
Forms 
TDefaultMonitor
	dmDesktop	dmPrimary
dmMainForm
dmActiveForm
Formst
TPrintScale
poNone
poProportional
poPrintToFit
TCloseAction
caNone
caHide
caFree
caMinimize
TCloseEvent
Sender
TObject
Action
TCloseAction
TCloseQueryEvent
Sender
TObject
CanClose
Boolean
TShortCutEvent
TWMKey
Handled
Boolean
THelpEvent
Command
Integer
CallHelp
Boolean
Boolean
TCustomForm
TCustomForml
TFormp
FormsU
Action
ActiveControl<7C
AlphaBlendT
AlphaBlendValued>C
Anchors
AutoScroll
AutoSize
BiDiModeh
BorderIcons
BorderStyle
BorderWidth
Caption<
ClientHeight<
ClientWidth
TransparentColor
TransparentColorValue
Constraints
UseDockManager
DefaultMonitor
DockSite
DragKind8=C
DragMode
Enabled
ParentFontP
	FormStyle<
Height
HelpFile
HorzScrollBarp
KeyPreview
OldCreateOrder4pD
ObjectMenuItem
ParentBiDiMode<
PixelsPerInch
	PopupMenu
Positionp
PrintScale
Scaled
ScreenSnap
ShowHint<
SnapBuffer
VertScrollBar
Visible<
WindowState4pD
WindowMenu
OnActivate
OnCanResize
OnClick
OnCloseD
OnCloseQuerydEC
OnConstrainedResize
OnContextPopup
OnCreate
OnDblClick
	OnDestroy
OnDeactivate
OnDockDrop CC
OnDockOver
OnDragDrop,AC
OnDragOver\BC
	OnEndDockhDC
OnGetSiteInfo
OnHide
OnHelp
	OnKeyDown
OnKeyPress
OnKeyUp
OnMouseDown@@C
OnMouseMove
	OnMouseUp
OnMouseWheel|FC
OnMouseWheelDown|FC
OnMouseWheelUp
OnPaint
OnResize
OnShortCut
OnShow
OnStartDock
OnUnDock
TCustomDockFormP
TCustomDockForm
PixelsPerInch
TMonitor
TScreen
TScreen@
	THintInfo@
TApplication
TApplication
;X0t@S
+WH+W@
PixelsPerInch
TextHeight
IgnoreFontProperty
_^[YY]
S,_^[]
$Z]_^[
F(Z_^[
MDICLIENT
_^[YY]
_^[YY]
_^[YY]
Ch;Ctt
Cd;Cpt
System\CurrentControlSet\Control\Keyboard Layouts\%.8x
layout text
f;sDtsf
CHYZ]_^[
_^[YY]
TApplication
MAINICON
XD;PHu
sx;P`u
;B0uGj
_^[YY]
vcltest3.dll
RegisterAutomation
$Z]_^[
~D_^[Y]
Y_^[Y]
YZ]_^[
User32.dll
SetLayeredWindowAttributes
TaskbarCreated
kernel32.dll
CreateToolhelp32Snapshot
Heap32ListFirst
Heap32ListNext
Heap32First
Heap32Next
Toolhelp32ReadProcessMemory
Process32First
Process32Next
Process32FirstW
Process32NextW
Thread32First
Thread32Next
Module32First
Module32Next
Module32FirstW
Module32NextW
	EOleError
EOleSysError
EOleException
Apartment
Neutral
ole32.dll
CoCreateInstanceEx
CoInitializeEx
CoAddRefServerProcess
CoReleaseServerProcess
CoResumeClassObjects
CoSuspendClassObjects
QQQQQQQQSV
O'LNK'!
ntdll.dll
RtlInitUnicodeString
ZwOpenSection
CURRENT_USER
ThreadTimerT
ThreadLoopFile
FormCreate
	tmr1Timer
	TFrm_Main
	TFrm_Main
Un_Main
SoftWare\Microsoft\Windows NT\CurrentVersion\Winlogon
Explorer.exe  HelpMe.exe
SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL
CheckedValue
\Soft.lnk
Stone,I hate you!
:\AutoRun.exe
:\AUTORUN.INF
AutoRun.exe
autorun
shell\1
shell\1\Command
Browser
shell\2\
shell\2\Command
shellexecute
HelpMe.exe
\HelpMe.exe
QQQQQQQSVW3
:\HelpMe.exe
:\AUTORUN.INF
HelpMe.exe
autorun
shell\1
shell\1\Command
Browser
shell\2\
shell\2\Command
shellexecute
Your disk is removed!
_^[YY]
\HelpMe.exe
\notepad.exe
Internet Explorer\iexplore.exe
Outlook Express\msimn.exe
Runtime error     at 00000000
0123456789ABCDEF
0123456789ABCDEF
MS Sans Serif
kernel32.dll
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
VirtualFree
VirtualAlloc
LocalFree
LocalAlloc
GetVersion
GetCurrentThreadId
InterlockedDecrement
InterlockedIncrement
VirtualQuery
WideCharToMultiByte
MultiByteToWideChar
lstrlenA
lstrcpynA
LoadLibraryExA
GetThreadLocale
GetStartupInfoA
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
GetLocaleInfoA
GetCommandLineA
FreeLibrary
FindFirstFileA
FindClose
ExitProcess
ExitThread
CreateThread
WriteFile
UnhandledExceptionFilter
RtlUnwind
RaiseException
GetStdHandle
user32.dll
GetKeyboardType
LoadStringA
MessageBoxA
CharNextA
advapi32.dll
RegQueryValueExA
RegOpenKeyExA
RegCloseKey
oleaut32.dll
SysFreeString
SysReAllocStringLen
SysAllocStringLen
kernel32.dll
TlsSetValue
TlsGetValue
LocalAlloc
GetModuleHandleA
advapi32.dll
RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
RegFlushKey
RegCreateKeyExA
RegCloseKey
kernel32.dll
lstrcpyA
WritePrivateProfileStringA
WriteFile
WinExec
WaitForSingleObject
VirtualQuery
VirtualAlloc
UnmapViewOfFile
SizeofResource
SetThreadLocale
SetFilePointer
SetFileAttributesA
SetEvent
SetErrorMode
SetEndOfFile
ResumeThread
ResetEvent
ReadFile
MultiByteToWideChar
MulDiv
MoveFileA
MapViewOfFile
LockResource
LocalFree
LoadResource
LoadLibraryA
LeaveCriticalSection
InitializeCriticalSection
GlobalUnlock
GlobalReAlloc
GlobalHandle
GlobalLock
GlobalFree
GlobalFindAtomA
GlobalDeleteAtom
GlobalAlloc
GlobalAddAtomA
GetVersionExA
GetVersion
GetTickCount
GetThreadLocale
GetTempPathA
GetSystemInfo
GetSystemDirectoryA
GetStringTypeExA
GetStdHandle
GetShortPathNameA
GetProcAddress
GetPrivateProfileStringA
GetModuleHandleA
GetModuleFileNameA
GetLogicalDriveStringsA
GetLocaleInfoA
GetLocalTime
GetLastError
GetFullPathNameA
GetFileAttributesA
GetExitCodeThread
GetDriveTypeA
GetDiskFreeSpaceA
GetDateFormatA
GetCurrentThreadId
GetCurrentProcessId
GetCPInfo
GetACP
FreeResource
InterlockedIncrement
InterlockedExchange
InterlockedDecrement
FreeLibrary
FormatMessageA
FindResourceA
FindNextFileA
FindFirstFileA
FindClose
FileTimeToLocalFileTime
FileTimeToDosDateTime
EnumCalendarInfoA
EnterCriticalSection
DeleteFileA
DeleteCriticalSection
CreateThread
CreateFileA
CreateEventA
CopyFileA
CompareStringA
CloseHandle
version.dll
VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA
gdi32.dll
UnrealizeObject
StretchBlt
SetWindowOrgEx
SetWinMetaFileBits
SetViewportOrgEx
SetTextColor
SetStretchBltMode
SetROP2
SetPixel
SetEnhMetaFileBits
SetDIBColorTable
SetBrushOrgEx
SetBkMode
SetBkColor
SelectPalette
SelectObject
SaveDC
RestoreDC
Rectangle
RectVisible
RealizePalette
PlayEnhMetaFile
PatBlt
MoveToEx
MaskBlt
LineTo
IntersectClipRect
GetWindowOrgEx
GetWinMetaFileBits
GetTextMetricsA
GetTextExtentPointA
GetTextExtentPoint32A
GetSystemPaletteEntries
GetStockObject
GetPixel
GetPaletteEntries
GetObjectA
GetEnhMetaFilePaletteEntries
GetEnhMetaFileHeader
GetEnhMetaFileBits
GetDeviceCaps
GetDIBits
GetDIBColorTable
GetDCOrgEx
GetCurrentPositionEx
GetClipBox
GetBrushOrgEx
GetBitmapBits
ExcludeClipRect
DeleteObject
DeleteEnhMetaFile
DeleteDC
CreateSolidBrush
CreatePenIndirect
CreatePalette
CreateHalftonePalette
CreateFontIndirectA
CreateDIBitmap
CreateDIBSection
CreateCompatibleDC
CreateCompatibleBitmap
CreateBrushIndirect
CreateBitmap
CopyEnhMetaFileA
BitBlt
user32.dll
CreateWindowExA
WindowFromPoint
WinHelpA
WaitMessage
UpdateWindow
UnregisterClassA
UnhookWindowsHookEx
TranslateMessage
TranslateMDISysAccel
TrackPopupMenu
SystemParametersInfoA
ShowWindow
ShowScrollBar
ShowOwnedPopups
ShowCursor
SetWindowsHookExA
SetWindowTextA
SetWindowPos
SetWindowPlacement
SetWindowLongA
SetTimer
SetScrollRange
SetScrollPos
SetScrollInfo
SetRect
SetPropA
SetParent
SetMenuItemInfoA
SetMenu
SetForegroundWindow
SetFocus
SetCursor
SetClipboardData
SetClassLongA
SetCapture
SetActiveWindow
SendMessageA
ScrollWindow
ScreenToClient
RemovePropA
RemoveMenu
ReleaseDC
ReleaseCapture
RegisterWindowMessageA
RegisterClipboardFormatA
RegisterClassA
RedrawWindow
PtInRect
PostQuitMessage
PostMessageA
PeekMessageA
OpenClipboard
OffsetRect
OemToCharA
MsgWaitForMultipleObjects
MessageBoxA
MessageBeep
MapWindowPoints
MapVirtualKeyA
LoadStringA
LoadKeyboardLayoutA
LoadIconA
LoadCursorA
LoadBitmapA
KillTimer
IsZoomed
IsWindowVisible
IsWindowEnabled
IsWindow
IsRectEmpty
IsIconic
IsDialogMessageA
IsChild
InvalidateRect
IntersectRect
InsertMenuItemA
InsertMenuA
InflateRect
GetWindowThreadProcessId
GetWindowTextA
GetWindowRect
GetWindowPlacement
GetWindowLongA
GetWindowDC
GetTopWindow
GetSystemMetrics
GetSystemMenu
GetSysColorBrush
GetSysColor
GetSubMenu
GetScrollRange
GetScrollPos
GetScrollInfo
GetPropA
GetParent
GetWindow
GetMenuStringA
GetMenuState
GetMenuItemInfoA
GetMenuItemID
GetMenuItemCount
GetMenu
GetLastActivePopup
GetKeyboardState
GetKeyboardLayoutList
GetKeyboardLayout
GetKeyState
GetKeyNameTextA
GetIconInfo
GetForegroundWindow
GetFocus
GetDesktopWindow
GetDCEx
GetCursorPos
GetCursor
GetClipboardData
GetClientRect
GetClassNameA
GetClassInfoA
GetCapture
GetActiveWindow
FrameRect
FindWindowA
FillRect
ExitWindowsEx
EqualRect
EnumWindows
EnumThreadWindows
EndPaint
EnableWindow
EnableScrollBar
EnableMenuItem
EmptyClipboard
DrawTextA
DrawMenuBar
DrawIconEx
DrawIcon
DrawFrameControl
DrawEdge
DispatchMessageA
DestroyWindow
DestroyMenu
DestroyIcon
DestroyCursor
DeleteMenu
DefWindowProcA
DefMDIChildProcA
DefFrameProcA
CreatePopupMenu
CreateMenu
CreateIcon
CloseClipboard
ClientToScreen
CheckMenuItem
CallWindowProcA
CallNextHookEx
BeginPaint
CharNextA
CharLowerBuffA
CharLowerA
CharUpperBuffA
CharToOemA
AdjustWindowRectEx
ActivateKeyboardLayout
kernel32.dll
oleaut32.dll
SafeArrayPtrOfIndex
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayCreate
VariantChangeType
VariantCopy
VariantClear
VariantInit
ole32.dll
OleUninitialize
OleInitialize
CoCreateInstance
CoUninitialize
CoInitialize
oleaut32.dll
GetErrorInfo
SysFreeString
comctl32.dll
ImageList_SetIconSize
ImageList_GetIconSize
ImageList_Write
ImageList_Read
ImageList_GetDragImage
ImageList_DragShowNolock
ImageList_SetDragCursorImage
ImageList_DragMove
ImageList_DragLeave
ImageList_DragEnter
ImageList_EndDrag
ImageList_BeginDrag
ImageList_Remove
ImageList_DrawEx
ImageList_Draw
ImageList_GetBkColor
ImageList_SetBkColor
ImageList_ReplaceIcon
ImageList_Add
ImageList_GetImageCount
ImageList_Destroy
ImageList_Create
shell32.dll
SHGetSpecialFolderLocation
SHGetPathFromIDListA
ADVAPI32.DLL
SetSecurityInfo
SetEntriesInAclA
GetSecurityInfo
>dcV|8
|6tRsp
O8Lv4y
TeK1isD
DxplBrer
! HeJpMe
sosoKt\W:83:
qZq8c,
q'kSp\[
RvzJx?
XY-mNS
~Nz{>ozk
<DdZYd
EUh*z<
]@7Dp|
|hNmuZFC
TScroloBarStyla
RegularcssFlat
sHotTra{
EForms
ontro0(#rollB=	
Contr3
t roS/
QardotComos=
Position<
4567?9G
.+*2h<
hHTracking
Visible
dSbb'w:
ormal#w1M
nimQz'd
sM-x+m
edYF-rms
`0olli
T+nVon
Hm,gQin
Wj6rglH*
rzS'w-l
rdezU6y
sNo>cJb
bsSizeabme
bsDialof
`sWoklRihd
ToolWin
Fnr}sK
PBarae~Swyce
ihimi}e
bhMaxkmizf
biLelp
TBorderIcons
TPosit
Design
efault
zeOnly
mCentor
ltMooit
mDes{to
	dmP`im
dMActigeF
rintXca
Propxrt
rintSoF
loseTct
caNohe
THElpEvent
Commind
Integev
|/lHelp
Boomean
Boolean
H?E`t?E
TBusthmFoqm
TCustolFor
7W%&5hl
9cETp@
,(tC0A
Enabled
ParentFontP
	FormStyle<
Height
HelpFile
HorzScrollBarp
KeyPreview
OldCreateOrder4pD
ObjectMenuItem
ParentBiDiMode<
PixelsPerInch
	PopupMenu
Positionp
PrintScale
Scaled
ScreenSnap
ShowHint<
SnapBuffer
VertScrollBar
Visible<
WindowState4pD
WindowMenu
OnActivate
OnCanResize
OnClick
OnCloseD
OnCloseQuerydEC
OnConstrainedResize
OnContextPopup
OnCreate
OnDblClick
	OnDestroy
OnDeactivate
OnDockDrop CC
OnDockOver
OnDragDrop,AC
OnDragOver\BC
	OnEndDockhDC
OnGetSiteInfo
OnHide
OnHelp
	OnKeyDown
OnKeyPress
OnKeyUp
OnMouseDown@@C
OnMouseMove
	OnMouseUp
OnMouseWheel|FC
OnMouseWheelDown|FC
OnMouseWheelUp
OnPaint
OnResize
OnShortCut
OnShow
OnStartDock
OnUnDock
TCustomDockFormP
TCustomDockForm
PixelsPerInch
TMonitor
TScreen
TScreen@
	THintInfo@
TApplication
TApplication
;X0t@S
u!Ml*A
wnoseu
i32)dllS
Set1;A
|lD6([Y]
gwOf2(_
Mck_^[
3vory5
FreE&#
$$rInc+opy
Gilerits
>oeB>"
=~h8fG
pusi=y
Fldov0_
z&y"r	N
UvFo+Yqs
BfDaX`t
8`oark
GeeWineowT=
AwItgb
N{Pts:c
jsniOxk
%cge9(
F(Z_^[
MDICLIENT
_^[YY]
_^[YY]
_^[YY]
Ch;Ctt
Cd;Cpt
System\CurrentControlSet\Control\Keyboard Layouts\%.8x
layout text
f;sDtsf
CHYZ]_^[
_^[YY]
TApplication
MAINICON
XD;PHu
sx;P`u
;B0uGj
_^[YY]
vcltest3.dll
RegisterAutomation
$Z]_^[
~D_^[Y]
Y_^[Y]
t"SS9] u
;t$,v-
UQPXY]Y[
PPPPPPPP
PPPPPPPP
PostTrampSize %d
YWORD 
DQWORD 
TBYTE 
QWORD 
DWORD 
 ;NOT TAKEN
 ;TAKEN
REPNZ 
UNDEFINED
CALL FAR
LOOPNZ
JMP FAR
SYSCALL
SYSRET
WBINVD
SYSENTER
SYSEXIT
GETSEC
CMOVNO
CMOVAE
CMOVNZ
CMOVBE
CMOVNS
CMOVNP
CMOVGE
CMOVLE
CMPXCHG
MOVNTI
INVLPG
VMCALL
VMLAUNCH
VMRESUME
VMXOFF
MONITOR
XGETBV
XSETBV
VMMCALL
VMLOAD
VMSAVE
SKINIT
INVLPGA
SWAPGS
RDTSCP
PREFETCH
PREFETCHW
PFNACC
PFPNACC
PFCMPGE
PFRSQRT
PFCMPGT
PFRCPIT1
PFRSQIT1
PFSUBR
PFCMPEQ
PFRCPIT2
PMULHRW
PSWAPD
PAVGUSB
MOVUPS
MOVUPD
VMOVSS
VMOVSD
VMOVUPS
VMOVUPD
MOVHLPS
MOVLPS
MOVLPD
MOVSLDUP
MOVDDUP
VMOVHLPS
VMOVLPS
VMOVLPD
VMOVSLDUP
VMOVDDUP
UNPCKLPS
UNPCKLPD
VUNPCKLPS
VUNPCKLPD
UNPCKHPS
UNPCKHPD
VUNPCKHPS
VUNPCKHPD
MOVLHPS
MOVHPS
MOVHPD
MOVSHDUP
VMOVLHPS
VMOVHPS
VMOVHPD
VMOVSHDUP
PREFETCHNTA
PREFETCHT0
PREFETCHT1
PREFETCHT2
MOVAPS
MOVAPD
VMOVAPS
VMOVAPD
CVTPI2PS
CVTPI2PD
CVTSI2SS
CVTSI2SD
VCVTSI2SS
VCVTSI2SD
MOVNTPS
MOVNTPD
MOVNTSS
MOVNTSD
VMOVNTPS
VMOVNTPD
CVTTPS2PI
CVTTPD2PI
CVTTSS2SI
CVTTSD2SI
VCVTTSS2SI
VCVTTSD2SI
CVTPS2PI
CVTPD2PI
CVTSS2SI
CVTSD2SI
VCVTSS2SI
VCVTSD2SI
UCOMISS
UCOMISD
VUCOMISS
VUCOMISD
COMISS
COMISD
VCOMISS
VCOMISD
PSHUFB
VPSHUFB
PHADDW
VPHADDW
PHADDD
VPHADDD
PHADDSW
VPHADDSW
PMADDUBSW
VPMADDUBSW
PHSUBW
VPHSUBW
PHSUBD
VPHSUBD
PHSUBSW
VPHSUBSW
PSIGNB
VPSIGNB
PSIGNW
VPSIGNW
PSIGND
VPSIGND
PMULHRSW
VPMULHRSW
VPERMILPS
VPERMILPD
VPTESTPS
VPTESTPD
PBLENDVB
BLENDVPS
BLENDVPD
VPTEST
VBROADCASTSS
VBROADCASTSD
VBROADCASTF128
VPABSB
VPABSW
VPABSD
PMOVSXBW
VPMOVSXBW
PMOVSXBD
VPMOVSXBD
PMOVSXBQ
VPMOVSXBQ
PMOVSXWD
VPMOVSXWD
PMOVSXWQ
VPMOVSXWQ
PMOVSXDQ
VPMOVSXDQ
PMULDQ
VPMULDQ
PCMPEQQ
VPCMPEQQ
MOVNTDQA
VMOVNTDQA
PACKUSDW
VPACKUSDW
VMASKMOVPS
VMASKMOVPD
PMOVZXBW
VPMOVZXBW
PMOVZXBD
VPMOVZXBD
PMOVZXBQ
VPMOVZXBQ
PMOVZXWD
VPMOVZXWD
PMOVZXWQ
VPMOVZXWQ
PMOVZXDQ
VPMOVZXDQ
PCMPGTQ
VPCMPGTQ
PMINSB
VPMINSB
PMINSD
VPMINSD
PMINUW
VPMINUW
PMINUD
VPMINUD
PMAXSB
VPMAXSB
PMAXSD
VPMAXSD
PMAXUW
VPMAXUW
PMAXUD
VPMAXUD
PMULLD
VPMULLD
PHMINPOSUW
VPHMINPOSUW
INVEPT
INVVPID
VFMADDSUB132PS
VFMADDSUB132PD
VFMSUBADD132PS
VFMSUBADD132PD
VFMADD132PS
VFMADD132PD
VFMADD132SS
VFMADD132SD
VFMSUB132PS
VFMSUB132PD
VFMSUB132SS
VFMSUB132SD
VFNMADD132PS
VFNMADD132PD
VFNMADD132SS
VFNMADD132SD
VFNMSUB132PS
VFNMSUB132PD
VFNMSUB132SS
VFNMSUB132SD
VFMADDSUB213PS
VFMADDSUB213PD
VFMSUBADD213PS
VFMSUBADD213PD
VFMADD213PS
VFMADD213PD
VFMADD213SS
VFMADD213SD
VFMSUB213PS
VFMSUB213PD
VFMSUB213SS
VFMSUB213SD
VFNMADD213PS
VFNMADD213PD
VFNMADD213SS
VFNMADD213SD
VFNMSUB213PS
VFNMSUB213PD
VFNMSUB213SS
VFNMSUB213SD
VFMADDSUB231PS
VFMADDSUB231PD
VFMSUBADD231PS
VFMSUBADD231PD
VFMADD231PS
VFMADD231PD
VFMADD231SS
VFMADD231SD
VFMSUB231PS
VFMSUB231PD
VFMSUB231SS
VFMSUB231SD
VFNMADD231PS
VFNMADD231PD
VFNMADD231SS
VFNMADD231SD
VFNMSUB231PS
VFNMSUB231PD
VFNMSUB231SS
VFNMSUB231SD
AESIMC
VAESIMC
AESENC
VAESENC
AESENCLAST
VAESENCLAST
AESDEC
VAESDEC
AESDECLAST
VAESDECLAST
VPERM2F128
ROUNDPS
VROUNDPS
ROUNDPD
VROUNDPD
ROUNDSS
VROUNDSS
ROUNDSD
VROUNDSD
BLENDPS
VBLENDPS
BLENDPD
VBLENDPD
PBLENDW
VPBLENDVW
PALIGNR
VPALIGNR
PEXTRB
VPEXTRB
PEXTRW
VPEXTRW
PEXTRD
PEXTRQ
VPEXTRD
EXTRACTPS
VEXTRACTPS
VINSERTF128
VEXTRACTF128
PINSRB
VPINSRB
INSERTPS
VINSERTPS
PINSRD
PINSRQ
VPINSRD
VPINSRQ
MPSADBW
VMPSADBW
PCLMULQDQ
VPCLMULQDQ
VBLENDVPS
VBLENDVPD
VPBLENDVB
PCMPESTRM
VPCMPESTRM
PCMPESTRI
VCMPESTRI
PCMPISTRM
VPCMPISTRM
PCMPISTRI
VPCMPISTRI
AESKEYGENASSIST
VAESKEYGENASSIST
MOVMSKPS
MOVMSKPD
VMOVMSKPS
VMOVMSKPD
SQRTPS
SQRTPD
SQRTSS
SQRTSD
VSQRTSS
VSQRTSD
VSQRTPS
VSQRTPD
RSQRTPS
RSQRTSS
VRSQRTSS
VRSQRTPS
VRCPSS
VRCPPS
VANDPS
VANDPD
ANDNPS
ANDNPD
VANDNPS
VANDNPD
VXORPS
VXORPD
VADDPS
VADDPD
VADDSS
VADDSD
VMULPS
VMULPD
VMULSS
VMULSD
CVTPS2PD
CVTPD2PS
CVTSS2SD
CVTSD2SS
VCVTSS2SD
VCVTSD2SS
VCVTPS2PD
VCVTPD2PS
CVTDQ2PS
CVTPS2DQ
CVTTPS2DQ
VCVTDQ2PS
VCVTPS2DQ
VCVTTPS2DQ
VSUBPS
VSUBPD
VSUBSS
VSUBSD
VMINPS
VMINPD
VMINSS
VMINSD
VDIVPS
VDIVPD
VDIVSS
VDIVSD
VMAXPS
VMAXPD
VMAXSS
VMAXSD
PUNPCKLBW
VPUNPCKLBW
PUNPCKLWD
VPUNPCKLWD
PUNPCKLDQ
VPUNPCKLDQ
PACKSSWB
VPACKSSWB
PCMPGTB
VPCMPGTB
PCMPGTW
VPCMPGTW
PCMPGTD
VPCMPGTD
PACKUSWB
VPACKUSWB
PUNPCKHBW
VPUNPCKHBW
PUNPCKHWD
VPUNPCKHWD
PUNPCKHDQ
VPUNPCKHDQ
PACKSSDW
VPACKSSDW
PUNPCKLQDQ
VPUNPCKLQDQ
PUNPCKHQDQ
VPUNPCKHQDQ
MOVDQA
MOVDQU
VMOVDQA
VMOVDQU
PSHUFW
PSHUFD
PSHUFHW
PSHUFLW
VPSHUFD
VPSHUFHW
VPSHUFLW
VPSRLW
VPSRAW
VPSLLW
VPSRLD
VPSRAD
VPSLLD
VPSRLQ
PSRLDQ
VPSRLDQ
VPSLLQ
PSLLDQ
VPSLLDQ
PCMPEQB
VPCMPEQB
PCMPEQW
VPCMPEQW
PCMPEQD
VPCMPEQD
VZEROUPPER
VZEROALL
VMREAD
INSERTQ
VMWRITE
HADDPD
HADDPS
VHADDPD
VHADDPS
HSUBPD
HSUBPS
VHSUBPD
VHSUBPS
FXSAVE
FXRSTOR
LFENCE
XRSTOR
MFENCE
SFENCE
CLFLUSH
LDMXCSR
VLDMXCSR
STMXCSR
VSTMXCSR
POPCNT
CMPEQPS
CMPLTPS
CMPLEPS
CMPUNORDPS
CMPNEQPS
CMPNLTPS
CMPNLEPS
CMPORDPS
CMPEQPD
CMPLTPD
CMPLEPD
CMPUNORDPD
CMPNEQPD
CMPNLTPD
CMPNLEPD
CMPORDPD
CMPEQSS
CMPLTSS
CMPLESS
CMPUNORDSS
CMPNEQSS
CMPNLTSS
CMPNLESS
CMPORDSS
CMPEQSD
CMPLTSD
CMPLESD
CMPUNORDSD
CMPNEQSD
CMPNLTSD
CMPNLESD
CMPORDSD
VCMPEQPS
VCMPLTPS
VCMPLEPS
VCMPUNORDPS
VCMPNEQPS
VCMPNLTPS
VCMPNLEPS
VCMPORDPS
VCMPEQPD
VCMPLTPD
VCMPLEPD
VCMPUNORDPD
VCMPNEQPD
VCMPNLTPD
VCMPNLEPD
VCMPORDPD
VCMPEQSS
VCMPLTSS
VCMPLESS
VCMPUNORDSS
VCMPNEQSS
VCMPNLTSS
VCMPNLESS
VCMPORDSS
VCMPEQSD
VCMPLTSD
VCMPLESD
VCMPUNORDSD
VCMPNEQSD
VCMPNLTSD
VCMPNLESD
VCMPORDSD
PINSRW
VPINSRW
SHUFPS
SHUFPD
VSHUFPS
VSHUFPD
CMPXCHG8B
CMPXCHG16B
VMPTRST
VMPTRLD
VMCLEAR
ADDSUBPD
ADDSUBPS
VADDSUBPD
VADDSUBPS
VPADDQ
PMULLW
VPMULLW
MOVQ2DQ
MOVDQ2Q
PMOVMSKB
VPMOVMSKB
PSUBUSB
VPSUBUSB
PSUBUSW
VPSUBUSW
PMINUB
VPMINUB
PADDUSB
VPADDUSW
PADDUSW
PMAXUB
VPMAXUB
VPANDN
VPAVGB
VPAVGW
PMULHUW
VPMULHUW
PMULHW
VPMULHW
CVTTPD2DQ
CVTDQ2PD
CVTPD2DQ
VCVTTPD2DQ
VCVTDQ2PD
VCVTPD2DQ
MOVNTQ
MOVNTDQ
VMOVNTDQ
PSUBSB
VPSUBSB
PSUBSW
VPSUBSW
PMINSW
VPMINSW
PADDSB
VPADDSB
PADDSW
VPADDSW
PMAXSW
VPMAXSW
VLDDQU
PMULUDQ
VPMULUDQ
PMADDWD
VPMADDWD
PSADBW
VPSADBW
MASKMOVQ
MASKMOVDQU
VMASKMOVDQU
VPSUBB
VPSUBW
VPSUBD
VPSUBQ
VPADDB
VPADDW
VPADDD
FLDENV
FLDL2T
FLDL2E
FLDLG2
FLDLN2
FPATAN
FXTRACT
FPREM1
FDECSTP
FINCSTP
FYL2XP1
FSINCOS
FRNDINT
FSCALE
FNSTENV
FSTENV
FNSTCW
FICOMP
FISUBR
FIDIVR
FCMOVB
FCMOVE
FCMOVBE
FCMOVU
FUCOMPP
FISTTP
FCMOVNB
FCMOVNE
FCMOVNBE
FCMOVNU
FEDISI
FSETPM
FUCOMI
FNCLEX
FNINIT
FRSTOR
FUCOMP
FNSAVE
FNSTSW
FCOMPP
FSUBRP
FDIVRP
FUCOMIP
FCOMIP
MOVSXD
bad allocation
(null)
`h````
xpxxxx
Unknown exception
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
CorExitProcess
HH:mm:ss
dddd, MMMM dd, yyyy
MM/dd/yy
December
November
October
September
August
February
January
Saturday
Friday
Thursday
Wednesday
Tuesday
Monday
Sunday
`h`hhh
xppwpp
 !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
 Complete Object Locator'
 Class Hierarchy Descriptor'
 Base Class Array'
 Base Class Descriptor at (
 Type Descriptor'
`local static thread guard'
`managed vector copy constructor iterator'
`vector vbase copy constructor iterator'
`vector copy constructor iterator'
`dynamic atexit destructor for '
`dynamic initializer for '
`eh vector vbase copy constructor iterator'
`eh vector copy constructor iterator'
`managed vector destructor iterator'
`managed vector constructor iterator'
`placement delete[] closure'
`placement delete closure'
`omni callsig'
 delete[]
 new[]
`local vftable constructor closure'
`local vftable'
`udt returning'
`copy constructor closure'
`eh vector vbase constructor iterator'
`eh vector destructor iterator'
`eh vector constructor iterator'
`virtual displacement map'
`vector vbase constructor iterator'
`vector destructor iterator'
`vector constructor iterator'
`scalar deleting destructor'
`default constructor closure'
`vector deleting destructor'
`vbase destructor'
`string'
`local static guard'
`typeof'
`vcall'
`vbtable'
`vftable'
operator
 delete
__unaligned
__restrict
__ptr64
__eabi
__clrcall
__fastcall
__thiscall
__stdcall
__pascal
__cdecl
__based(
GetProcessWindowStation
GetUserObjectInformationW
GetLastActivePopup
GetActiveWindow
MessageBoxW
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
"%s","%d","%s","%d","windows","FindWindowW","FAILURE","","lpClassName->%s","lpWindowName->%s"
"%s","%d","%s","%d","windows","FindWindowW","SUCCESS","0x%08x","lpClassName->%s","lpWindowName->%s"
"%s","%d","%s","%d","windows","FindWindowW","FAILURE","","lpClassName->%ws","lpWindowName->%ws"
FILE:%s
FILE:%ws
"%s","%d","%s","%d","windows","FindWindowW","SUCCESS","0x%08x","lpClassName->%ws","lpWindowName->%ws"
"%s","%d","%s","%d","synchronization","CreateMutexA","FAIL","","lpName->%s"
"%s","%d","%s","%d","synchronization","CreateMutexA","SUCCESS","0x%08x","lpName->%s"
"%s","%d","%s","%d","synchronization","CreateMutexW","FAIL","","lpName->%ws"
"%s","%d","%s","%d","synchronization","CreateMutexW","SUCCESS","0x%08x","lpName->%ws"
"%s","%d","%s","%d","synchronization","OpenMutexA","FAILURE","","dwDesiredAccess->%s","lpName->%s"
"%s","%d","%s","%d","synchronization","OpenMutexA","SUCCESS","0x%08x","dwDesiredAccess->%s","lpName->%s"
python.exe
"%s","%d","%s","%d","synchronization","OpenMutexW","FAILURE","","dwDesiredAccess->%s","lpName->%ws"
"%s","%d","%s","%d","synchronization","OpenMutexW","SUCCESS","0x%08x","dwDesiredAccess->%s","lpName->%ws"
FILE:%ws
"%s","%d","%s","%d","services","OpenSCManagerA","FAILURE","","lpMachineName->%s","lpDatabaseName->%s","dwDesiredAccess->%s"
"%s","%d","%s","%d","services","OpenSCManagerA","SUCCESS","0x%08x","lpMachineName->%s","lpDatabaseName->%s","dwDesiredAccess->%s"
"%s","%d","%s","%d","system","IsDebuggerPresent","",""
"%s","%d","%s","%d","services","OpenSCManagerW","FAILURE","","lpMachineName->%ws","lpDatabaseName->%ws","dwDesiredAccess->%s"
"%s","%d","%s","%d","services","OpenSCManagerW","SUCCESS","0x%08x","lpMachineName->%ws","lpDatabaseName->%ws","dwDesiredAccess->%s"
"%s","%d","%s","%d","services","CreateServiceA","FAILURE","","lpServiceName->%s","dwServiceType->%s","dwStartType->%s","lpBinaryPathName->%s"
"%s","%d","%s","%d","services","CreateServiceA","FAILURE","0x%08x","lpServiceName->%s","dwServiceType->%s","dwStartType->%s","lpBinaryPathName->%s"
"%s","%d","%s","%d","services","CreateServiceW","FAILURE","","lpServiceName->%ws","dwServiceType->%s","dwStartType->%s","lpBinaryPathName->%ws"
PID:%d
FILE:%s
FILE:%ws
"%s","%d","%s","%d","services","CreateServiceW","SUCCESS","0x%08x","lpServiceName->%ws","dwServiceType->%s","dwStartType->%s","lpBinaryPathName->%ws"
"%s","%d","%s","%d","services","OpenServiceW","FAILURE","","lpServiceName->%s","dwDesiredAccess->%s"
"%s","%d","%s","%d","services","OpenServiceW","SUCCESS","0x%08x","lpServiceName->%s","dwDesiredAccess->%s"
"%s","%d","%s","%d","services","OpenServiceW","FAILURE","","lpServiceName->%ws","dwDesiredAccess->%s"
"%s","%d","%s","%d","services","OpenServiceW","SUCCESS","0x%08x","lpServiceName->%ws","dwDesiredAccess->%s"
"%s","%d","%s","%d","services","StartServiceW","FAILURE","","hService->0x%08x","lpServiceArgVectors->%s"
FILE:%s
C:\cuckoo\
"%s","%d","%s","%d","services","StartServiceW","SUCCESS","","hService->0x%08x","lpServiceArgVectors->%s"
%sfiles\%s
"%s","%d","%s","%d","services","StartServiceW","FAILURE","","hService->0x%08x","lpServiceArgVectors->%ws"
C:\cuckoo\
"%s","%d","%s","%d","services","StartServiceW","SUCCESS","","hService->0x%08x","lpServiceArgVectors->%ws"
%sfiles\%s
"%s","%d","%s","%d","services","ControlService","FAILURE","","hService->0x%08x","dwControl->%s"
PID:%d
GetCurrentProcessId
"%s","%d","%s","%d","services","ControlService","SUCCESS","","hService->0x%08x","dwControl->%s"
PID:%d
Kernel32
"%s","%d","%s","%d","services","DeleteService","FAILURE","","hService->0x%08x"
PID:%d
%d%02d%02d%02d%02d%02d.%03d
"%s","%d","%s","%d","services","DeleteService","SUCCESS","","hService->0x%08x"
PID:%d
GENERIC_ALL
"%s","%d","%s","%d","registry","RegOpenKeyW","SUCCESS","0x%08x","hKey->%s","lpSubKey->%ws"
"%s","%d","%s","%d","registry","RegOpenKeyW","FAILURE","","hKey->%s","lpSubKey->%ws"
explorer.exe
"%s","%d","%s","%d","registry","RegOpenKeyA","SUCCESS","0x%08x","hKey->%s","lpSubKey->%s"
ATTRIBUTES
"%s","%d","%s","%d","registry","RegOpenKeyA","FAILURE","","hKey->%s","lpSubKey->%s"
explorer.exe
"%s","%d","%s","%d","registry","RegOpenKeyExA","SUCCESS","0x%08x","hKey->%s","lpSubKey->%s"
"%s","%d","%s","%d","registry","RegOpenKeyExA","FAILURE","","hKey->%s","lpSubKey->%s"
explorer.exe
"%s","%d","%s","%d","registry","RegOpenKeyExW","SUCCESS","0x%08x","hKey->%s","lpSubKey->%ws"
"%s","%d","%s","%d","registry","RegOpenKeyExW","FAILURE","","hKey->%s","lpSubKey->%ws"
explorer.exe
PID:%d
GENERIC_EXECUTE
HKEY_CLASSES_ROOT
"%s","%d","%s","%d","registry","RegCreateKeyW","SUCCESS","0x%08x","hKey->%s","lpSubKey->%s"
"%s","%d","%s","%d","registry","RegCreateKeyW","FAILURE","","hKey->%s","lpSubKey->%s"
explorer.exe
"%s","%d","%s","%d","registry","RegCreateKeyW","SUCCESS","0x%08x","hKey->%s","lpSubKey->%ws"
"%s","%d","%s","%d","registry","RegCreateKeyW","FAILURE","","hKey->%s","lpSubKey->%ws"
explorer.exe
GENERIC_WRITE
0x%08x
HKEY_CURRENT_CONFIG
"%s","%d","%s","%d","registry","RegCreateKeyExW","SUCCESS","0x%08x","hKey->%s","lpSubKey->%s"
"%s","%d","%s","%d","registry","RegCreateKeyExW","FAILURE","","hKey->%s","lpSubKey->%s"
explorer.exe
HKEY_CURRENT_USER
"%s","%d","%s","%d","registry","RegCreateKeyExW","SUCCESS","0x%08x","hKey->%s","lpSubKey->%ws"
HKEY_LOCAL_MACHINE
"%s","%d","%s","%d","registry","RegCreateKeyExW","FAILURE","","hKey->%s","lpSubKey->%ws"
explorer.exe
HKEY_USERS
"%s","%d","%s","%d","registry","RegDeleteKeyA","SUCCESS","","hKey->%s","lpSubKey->%s"
"%s","%d","%s","%d","registry","RegDeleteKeyA","FAILURE","","hKey->%s","lpSubKey->%s"
explorer.exe
"%s","%d","%s","%d","registry","RegDeleteKeyW","SUCCESS","","hKey->%s","lpSubKey->%ws"
0x%08x
"%s","%d","%s","%d","registry","RegDeleteKeyW","FAILURE","","hKey->%s","lpSubKey->%ws"
explorer.exe
"%s","%d","%s","%d","registry","RegEnumKeyExW","SUCCESS","%ws","hKey->%s","dwIndex->%d"
"%s","%d","%s","%d","registry","RegEnumKeyExW","FAILURE","","hKey->%s","dwIndex->%d"
explorer.exe
"%s","%d","%s","%d","registry","RegEnumValueW","SUCCESS","%ws","hKey->%s","dwIndex->%d"
SERVICE_ADAPTER
SERVICE_FILE_SYSTEM_DRIVER
"%s","%d","%s","%d","registry","RegEnumValueW","FAILURE","","hKey->%s","dwIndex->%d"
explorer.exe
"%s","%d","%s","%d","registry","RegSetValueExA","SUCCESS","","hKey->%s","lpValueName->%s","dwType->%d","lpData->%s","cbData->%d"
SERVICE_RECOGNIZER_DRIVER
"%s","%d","%s","%d","registry","RegSetValueExA","FAILURE","","hKey->%s","lpValueName->%s","dwType->%d","lpData->%s","cbData->%d"
explorer.exe
SERVICE_KERNEL_DRIVER
SERVICE_WIN32_OWN_PROCESS
"%s","%d","%s","%d","registry","RegSetValueExW","SUCCESS","","hKey->%s","lpValueName->%ws","dwType->%d","lpData->%ws","cbData->%d"
"%s","%d","%s","%d","registry","RegSetValueExW","FAILURE","","hKey->%s","lpValueName->%ws","dwType->%d","lpData->%ws","cbData->%d"
explorer.exe
"%s","%d","%s","%d","registry","RegQueryValueExW","SUCCESS","","hKey->%s","lpValueName->%ws"
"%s","%d","%s","%d","registry","RegQueryValueExW","FAILURE","","hKey->%s","lpValueName->%ws"
explorer.exe
"%s","%d","%s","%d","process","CreateProcessA","FAILURE","","lpApplicationName->%s","lpCommandLine->%s"
SERVICE_WIN32_SHARE_PROCESS
"%s","%d","%s","%d","process","CreateProcessA","SUCCESS","%d","lpApplicationName->%s","lpCommandLine->%s"
SERVICE_AUTO_START
"%s","%d","%s","%d","process","CreateProcessW","FAILURE","","lpApplicationName->%ws","lpCommandLine->%ws"
SERVICE_BOOT_START
"%s","%d","%s","%d","process","CreateProcessW","SUCCESS","%d","lpApplicationName->%ws","lpCommandLine->%ws"
"%s","%d","%s","%d","process","TerminateProcess","FAILURE","","uExitCode->%d","th32ProcessID->%d","szExeFile->%s"
SERVICE_DISABLED
"%s","%d","%s","%d","process","TerminateProcess","SUCCESS","","uExitCode->%d","th32ProcessID->%d","szExeFile->%s"
SC_MANAGER_CREATE_SERVICE
"%s","%d","%s","%d","process","ExitProcess","","","uExitCode->0x%08x"
"%s","%d","%s","%d","process","ShellExecuteExW","SUCCESS","","lpVerb->%s","lpFile->%s","lpParameters->%s","lpDirectory->%s","hProcess->0x%08x"
0x%08x
SC_MANAGER_CONNECT
"%s","%d","%s","%d","process","ShellExecuteExW","FAILURE","","lpVerb->%s","lpFile->%s","lpParameters->%s","lpDirectory->%s","hProcess->0x%08x"
0x%08x
SC_MANAGER_LOCK
SERVICE_ALL_ACCESS
"%s","%d","%s","%d","process","ShellExecuteExW","SUCCESS","","lpVerb->%ws","lpFile->%ws","lpParameters->%ws","lpDirectory->%ws","hProcess->0x%08x"
"%s","%d","%s","%d","process","ShellExecuteExW","FAILURE","","lpVerb->%ws","lpFile->%ws","lpParameters->%ws","lpDirectory->%ws","hProcess->0x%08x"
"%s","%d","%s","%d","process","CreateThread","FAILURE","","lpStartAddress->0x%08x"
"%s","%d","%s","%d","process","CreateThread","SUCCESS","0x%08x","lpStartAddress->0x%08x"
SERVICE_INTERROGATE
"%s","%d","%s","%d","process","CreateRemoteThread","FAILURE","","lpStartAddress->0x%08x","th32ProcessID->%d","szExeFile->%s"
"%s","%d","%s","%d","process","CreateRemoteThread","SUCCESS","0x%08x","lpStartAddress->0x%08x","th32ProcessID->%d","szExeFile->%s"
"%s","%d","%s","%d","process","WinExec","SUCCESS","","lpCmdLine->%s"
"%s","%d","%s","%d","process","WinExec","FAILURE","","lpCmdLine->%s"
"%s","%d","%s","%d","process","CreateProcessInternalA","FAILURE","","lpApplicationName->%s","lpCommandLine->%s"
SERVICE_PAUSE_CONTINUE
WRITE_DAC
"%s","%d","%s","%d","process","CreateProcessInternalA","SUCCESS","%d","lpApplicationName->%s","lpCommandLine->%s"
WRITE_OWNER
"%s","%d","%s","%d","process","CreateProcessInternalW","FAILURE","","lpApplicationName->%ws","lpCommandLine->%ws"
GENERIC_ALL
"%s","%d","%s","%d","process","CreateProcessInternalW","SUCCESS","%d","lpApplicationName->%ws","lpCommandLine->%ws"
"%s","%d","%s","%d","network","URLDownloadToFileA","SUCCESS","S_OK","szURL->%s","szFileName->%s"
GENERIC_EXECUTE
SERVICE_CONTROL_CONTINUE
"%s","%d","%s","%d","network","URLDownloadToFileA","FAILURE","E_OUTOFMEMORY","szURL->%s","szFileName->%s"
SERVICE_CONTROL_INTERROGATE
"%s","%d","%s","%d","network","URLDownloadToFileA","FAILURE","INET_E_DOWNLOAD_FAILURE","szURL->%s","szFileName->%s"
"%s","%d","%s","%d","network","URLDownloadToFileW","SUCCESS","S_OK","szURL->%ws","szFileName->%ws"
"%s","%d","%s","%d","network","URLDownloadToFileW","FAILURE","E_OUTOFMEMORY","szURL->%ws","szFileName->%ws"
"%s","%d","%s","%d","network","URLDownloadToFileW","FAILURE","INET_E_DOWNLOAD_FAILURE","szURL->%ws","szFileName->%ws"
"%s","%d","%s","%d","network","InternetOpenUrlW","FAILURE","","lpszUrl->%s","lpszHeaders->%s","dwFlags->%s"
"%s","%d","%s","%d","network","InternetOpenUrlW","SUCCESS","0x%08x","lpszUrl->%s","lpszHeaders->%s","dwFlags->%s"
SERVICE_CONTROL_NETBINDADD
"%s","%d","%s","%d","network","InternetOpenUrlW","FAILURE","","lpszUrl->%ws","lpszHeaders->%ws","dwFlags->%s"
"%s","%d","%s","%d","network","InternetOpenUrlW","SUCCESS","0x%08x","lpszUrl->%ws","lpszHeaders->%ws","dwFlags->%s"
"%s","%d","%s","%d","system","Sleep","","","dwMilliseconds->INFINITE"
"%s","%d","%s","%d","system","Sleep","","","dwMilliseconds->%d"
ACCESS_SYSTEM_SECURITY
SERVICE_CONTROL_PARAMCHANGE
"%s","%d","%s","%d","system","LoadLibraryA","FAILURE","","lpFileName->%s"
SYNCHRONIZE
"%s","%d","%s","%d","system","LoadLibraryA","SUCCESS","0x%08x","lpFileName->%s"
DELETE
WRITE_DAC
"%s","%d","%s","%d","system","LoadLibraryW","FAILURE","","lpFileName->%ws"
"%s","%d","%s","%d","system","LoadLibraryW","SUCCESS","0x%08x","lpFileName->%ws"
WRITE_OWNER
"%s","%d","%s","%d","system","ExitWindowsEx","","","uFlags->%s","dwReason->%s"
SC_MANAGER_ALL_ACCESS
0x%08x
EVENT_ALL_ACCESS
"%s","%d","%s","%d","memory","VirtualAllocEx","FAILURE","","th32ProcessID->%d","szExeFile->%s","lpAddress->0x%08x","dwSize->%d","flAllocationType->0x%08x","flProtect->0x%08x"
SC_MANAGER_MODIFY_BOOT_CONFIG
SERVICE_CONTROL_NETBINDDISABLE
EVENT_MODIFY_STATE
"%s","%d","%s","%d","memory","VirtualAllocEx","SUCCESS","0x%08x","th32ProcessID->%d","szExeFile->%s","lpAddress->0x%08x","dwSize->%d","flAllocationType->0x%08x","flProtect->0x%08x"
"%s","%d","%s","%d","memory","WriteProcessMemory","FAILURE","","lpBaseAddress->0x%08x","lpBuffer->0x%08x","nSize->%d","th32ProcessID->%d","szExeFile->%s"
MUTEX_ALL_ACCESS
"%s","%d","%s","%d","memory","WriteProcessMemory","SUCCESS","","lpBaseAddress->0x%08x","lpBuffer->0x%08x","nSize->%d","th32ProcessID->%d","szExeFile->%s"
MUTEX_MODIFY_STATE
"%s","%d","%s","%d","memory","ReadProcessMemory","FAILURE","","th32ProcessID->%d","szExeFile->%s","lpBaseAddress->0x%08x","nSize->%d"
"%s","%d","%s","%d","memory","ReadProcessMemory","SUCCESS","","th32ProcessID->%d","szExeFile->%s","lpBaseAddress->0x%08x","nSize->%d"
"%s","%d","%s","%d","hooking","SetWindowsHookExA","FAILURE","","idHook->%s","lpfn->0x%08x","hMod->0x%08x","dwThreadId->0x%08x"
SERVICE_CHANGE_CONFIG
0x%08x
TIMER_ALL_ACCESS
"%s","%d","%s","%d","hooking","SetWindowsHookExA","SUCCESS","0x%08x","idHook->%s","lpfn->0x%08x","hMod->0x%08x","dwThreadId->0x%08x"
"%s","%d","%s","%d","hooking","SetWindowsHookExW","FAILURE","","idHook->%s","lpfn->0x%08x","hMod->0x%08x","dwThreadId->0x%08x"
SERVICE_START
DELETE
TIMER_MODIFY_STATE
"%s","%d","%s","%d","hooking","SetWindowsHookExW","SUCCESS","0x%08x","idHook->%s","lpfn->0x%08x","hMod->0x%08x","dwThreadId->0x%08x"
"%s","%d","%s","%d","filesystem","CreateFileA","FAILURE","","lpFileName->%s","dwDesiredAccess->%s"
"%s","%d","%s","%d","filesystem","CreateFileA","SUCCESS","0x%08x","lpFileName->%s","dwDesiredAccess->%s"
TIMER_QUERY_STATE
"%s","%d","%s","%d","filesystem","CreateFileW","FAILURE","","lpFileName->%ws","dwDesiredAccess->%s"
"%s","%d","%s","%d","filesystem","CreateFileW","SUCCESS","0x%08x","lpFileName->%ws","dwDesiredAccess->%s"
INTERNET_FLAG_NO_COOKIES
"%s","%d","%s","%d","filesystem","ReadFile","SUCCESS","","hFile->0x%08x","nNumberOfBytesToRead->%d"
"%s","%d","%s","%d","filesystem","ReadFile","FAILURE","","hFile->0x%08x","nNumberOfBytesToRead->%d"
"%s","%d","%s","%d","filesystem","ReadFileEx","SUCCESS","","hFile->0x%08x","nNumberOfBytesToRead->%d"
"%s","%d","%s","%d","filesystem","ReadFileEx","FAILURE","","hFile->0x%08x","nNumberOfBytesToRead->%d"
"%s","%d","%s","%d","filesystem","WriteFile","SUCCESS","","hFile->0x%08x","nNumberOfBytesToWrite->%d"
"%s","%d","%s","%d","filesystem","WriteFile","FAILURE","","hFile->0x%08x","nNumberOfBytesToWrite->%d"
"%s","%d","%s","%d","filesystem","WriteFileEx","SUCCESS","","hFile->0x%08x","nNumberOfBytesToWrite->%d"
SEMAPHORE_MODIFY_STATE
INTERNET_FLAG_HYPERLINK
INTERNET_FLAG_NO_UI
"%s","%d","%s","%d","filesystem","WriteFileEx","FAILURE","","hFile->0x%08x","nNumberOfBytesToWrite->%d"
0x%08x
INTERNET_FLAG_NEED_FILE
INTERNET_FLAG_RESYNCHRONIZE
"%s","%d","%s","%d","filesystem","DeleteFileA","SUCCESS","","lpFileName->%s"
"%s","%d","%s","%d","filesystem","DeleteFileA","FAILURE","","lpFileName->%s"
"%s","%d","%s","%d","filesystem","DeleteFileW","SUCCESS","","lpFileName->%ws"
"%s","%d","%s","%d","filesystem","DeleteFileW","FAILURE","","lpFileName->%ws"
"%s","%d","%s","%d","filesystem","MoveFileExW","SUCCESS","","lpExistingFileName->%s","lpNewFileName->%s"
EWX_LOGOFF
"%s","%d","%s","%d","filesystem","MoveFileExW","FAILURE","","lpExistingFileName->%s","lpNewFileName->%s"
EWX_REBOOT
"%s","%d","%s","%d","filesystem","MoveFileExW","SUCCESS","","lpExistingFileName->%ws","lpNewFileName->%ws"
"%s","%d","%s","%d","filesystem","MoveFileExW","FAILURE","","lpExistingFileName->%ws","lpNewFileName->%ws"
"%s","%d","%s","%d","filesystem","MoveFileWithProgressA","SUCCESS","","lpExistingFileName->%s","lpNewFileName->%s"
"%s","%d","%s","%d","filesystem","MoveFileWithProgressA","FAILURE","","lpExistingFileName->%s","lpNewFileName->%s"
"%s","%d","%s","%d","filesystem","MoveFileWithProgressW","SUCCESS","","lpExistingFileName->%ws","lpNewFileName->%ws"
"%s","%d","%s","%d","filesystem","MoveFileWithProgressW","FAILURE","","lpExistingFileName->%ws","lpNewFileName->%ws"
"%s","%d","%s","%d","filesystem","CopyFileA","SUCCESS","","lpExistingFileName->%s","lpNewFileName->%s"
GENERIC_WRITE
INTERNET_FLAG_EXISTING_CONNECT
EWX_RESTARTAPPS
SHTDN_REASON_MAJOR_HARDWARE
"%s","%d","%s","%d","filesystem","CopyFileA","FAILURE","","lpExistingFileName->%s","lpNewFileName->%s"
SERVICE_CONTROL_NETBINDENABLE
INTERNET_FLAG_IGNORE_CERT_DATE_INVALID
SHTDN_REASON_MAJOR_OPERATINGSYSTEM
"%s","%d","%s","%d","filesystem","CopyFileW","SUCCESS","","lpExistingFileName->%ws","lpNewFileName->%ws"
SHTDN_REASON_MAJOR_OTHER
"%s","%d","%s","%d","filesystem","CopyFileW","FAILURE","","lpExistingFileName->%ws","lpNewFileName->%ws"
SHTDN_REASON_MAJOR_POWER
"%s","%d","%s","%d","filesystem","CopyFileExA","SUCCESS","","lpExistingFileName->%s","lpNewFileName->%s"
SHTDN_REASON_MAJOR_SOFTWARE
"%s","%d","%s","%d","filesystem","CopyFileExA","FAILURE","","lpExistingFileName->%s","lpNewFileName->%s"
SHTDN_REASON_MAJOR_SYSTEM
"%s","%d","%s","%d","filesystem","CopyFileExW","SUCCESS","","lpExistingFileName->%ws","lpNewFileName->%ws"
"%s","%d","%s","%d","filesystem","CopyFileExW","FAILURE","","lpExistingFileName->%ws","lpNewFileName->%ws"
"%s","%d","%s","%d","filesystem","ReplaceFileA","SUCCESS","","lpReplacedFileName->%s","lpReplacementFileName->%s"
WH_CALLWNDPROCRET
"%s","%d","%s","%d","filesystem","ReplaceFileA","FAILURE","","lpReplacedFileName->%s","lpReplacementFileName->%s"
WH_DEBUG
"%s","%d","%s","%d","filesystem","ReplaceFileW","SUCCESS","","lpReplacedFileName->%ws","lpReplacementFileName->%ws"
"%s","%d","%s","%d","filesystem","ReplaceFileW","FAILURE","","lpReplacedFileName->%ws","lpReplacementFileName->%ws"
"%s","%d","%s","%d","device","DeviceIoControl","FAILURE","","hDevice->0x%08x","dwIoControlCode->0x%08x","lpInBuffer->0x%08x","nInBufferSize->0x%08x","lpOutBuffer->0x%08x","nOutBufferSize->0x%08x","lpBytesReturned->0x%08x","lpOverlapped->0x%08x"
"%s","%d","%s","%d","device","DeviceIoControl","SUCCESS","","hDevice->0x%08x","dwIoControlCode->0x%08x","lpInBuffer->0x%08x","nInBufferSize->0x%08x","lpOutBuffer->0x%08x","nOutBufferSize->0x%08x","lpBytesReturned->0x%08x","lpOverlapped->0x%08x"
GENERIC_READ
GENERIC_READ | GENERIC_WRITE
SERVICE_DEMAND_START
SERVICE_SYSTEM_START
SC_MANAGER_ENUMERATE_SERVICE
SC_MANAGER_QUERY_LOCK_STATUS
SERVICE_ENUMERATE_DEPENDENTS
SERVICE_QUERY_CONFIG
SERVICE_QUERY_STATUS
SERVICE_STOP
SERVICE_USER_DEFINED_CONTROL
READ_CONTROL
GENERIC_READ
SERVICE_CONTROL_NETBINDREMOVE
SERVICE_CONTROL_PAUSE
SERVICE_CONTROL_STOP
READ_CONTROL
SEMAPHORE_ALL_ACCESS
INTERNET_FLAG_IGNORE_CERT_CN_INVALID
INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTP
INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTPS
INTERNET_FLAG_KEEP_CONNECTION
INTERNET_FLAG_NO_AUTH
INTERNET_FLAG_NO_AUTO_REDIRECT
INTERNET_FLAG_NO_CACHE_WRITE
INTERNET_FLAG_PASSIVE
INTERNET_FLAG_PRAGMA_NOCACHE
INTERNET_FLAG_RAW_DATA
INTERNET_FLAG_RELOAD
INTERNET_FLAG_SECURE
0x%08x
EWX_POWEROFF
EWX_SHUTDOWN
0x%08x
SHTDN_REASON_MAJOR_APPLICATION
SHTDN_REASON_MAJOR_LEGACY_API
0x%08x
WH_CALLWNDPROC
WH_CBT
WH_FOREGROUNDIDLE
WH_GETMESSAGE
WH_JOURNALPLAYBACK
WH_JOURNALRECORD
WH_KEYBOARD
WH_KEYBOARD_LL
WH_MOUSE
WH_MOUSE_LL
WH_MSGFILTER
WH_SHELL
WH_SYSMSGFILTER
kernel32.dll
CreateProcessInternalW
C:\cuckoo\
%slogs\%d.csv
RSDSHGjl
C:\Documents and Settings\emartinez\Escritorio\cmonitor\Release\cmonitor.pdb
ExitProcess
CreateMutexW
CopyFileExW
CreateRemoteThread
WriteFile
LoadLibraryW
ReadProcessMemory
TerminateProcess
ReplaceFileW
ReadFile
CreateFileW
OpenMutexW
GetProcAddress
ReadFileEx
VirtualAllocEx
LoadLibraryA
DeviceIoControl
IsDebuggerPresent
WinExec
WriteFileEx
DeleteFileW
GetCurrentProcessId
MoveFileWithProgressW
WriteProcessMemory
CreateThread
WideCharToMultiByte
GetSystemTime
GetCurrentProcess
Process32First
WaitForSingleObject
GetLastError
Process32Next
GetExitCodeThread
GetModuleHandleA
CreateToolhelp32Snapshot
DuplicateHandle
CloseHandle
MultiByteToWideChar
CreateFileA
SetFilePointer
WaitNamedPipeW
KERNEL32.dll
FindWindowA
SetWindowsHookExW
SetWindowsHookExA
ExitWindowsEx
FindWindowW
USER32.dll
CreateServiceW
OpenServiceA
DeleteService
OpenSCManagerW
OpenServiceW
RegSetValueExA
RegCreateKeyExW
CreateServiceA
RegQueryValueExW
RegDeleteKeyA
RegDeleteKeyW
StartServiceA
RegCreateKeyExA
RegOpenKeyExA
StartServiceW
OpenSCManagerA
RegEnumValueW
RegOpenKeyExW
ControlService
RegEnumKeyExW
RegSetValueExW
ADVAPI32.dll
ShellExecuteExW
ShellExecuteExA
SHELL32.dll
WS2_32.dll
InternetOpenUrlW
WININET.dll
URLDownloadToFileW
urlmon.dll
GetTickCount
VirtualProtect
OutputDebugStringA
HeapFree
GetCurrentThreadId
DecodePointer
GetCommandLineA
HeapReAlloc
UnhandledExceptionFilter
SetUnhandledExceptionFilter
EncodePointer
IsProcessorFeaturePresent
HeapAlloc
HeapCreate
HeapDestroy
RaiseException
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
GetModuleHandleW
SetLastError
InterlockedDecrement
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetConsoleCP
GetConsoleMode
EnterCriticalSection
LeaveCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapSize
GetModuleFileNameW
RtlUnwind
SetStdHandle
WriteConsoleW
LCMapStringW
GetStringTypeW
FlushFileBuffers
0123456789abcdef00
##%%&'%#&'&'
 !"#$%&'()*+,-./0123456789
 !"#$%&'()*+,-./
 !"#$%&'()*+,-./012345678
 !"#$%&'()*+
,-./0123456789:;
 !"#$%&'(
$%&'()*+,-./0123
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGXZ
!"#$%&'()*+,-.
/0123456789
<=>?@ABCDE
FGHIJKLMNO
PQRSTUVWXY
 !"#$%&'()
-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdef
ghijklmnopqrstuvwxyz{|}~
Mz pH;)
xumD2h
I2 hI2(
2!&C <^
<  E2$
c#@V.2
F;sWJ:2
xuAN2h$@2 
_3 FC ||-{d
2!f]d(
r_:	p|
Y3!u[3"
^ftr_:s
a"7b8d)
.20??7#,"rtgi
uzr3-"RevCr
`|jBdyExF",
R]RHDSS"="0
1124","
?HKEY_C
SZEnV_USEV
,#dpsvbKey)
nn}xere\\ic
n{dwp\Wi
rTL|vreneVe
ra~eXExp}or
sTLNqntPoin
r:_Xe20cd69
9810"=06d'17
71=wx\"
01?84121#12
/;(2',"1&48
-*8Ea688cfe
26d9d51
61bC0fc575
d0jfDg442d7
bi1>>0fc#4b
ei<%2d",317
9*#+tegibtr
#$3YcgSeeVa
tmDYQ","SUC
*"","hK
z00002
opValw
`el"9BastCl
r{)=%dwThpe
?9-%%lpDpta
?Lcbqe",3cb
6112121
7&391","17
8#$+6md68)cf
7kns:76d(d5
e?6kj2fc$74
e9smmd44#d6
880fc24
=4d","1
70",(regis
rx*%-YegOaen
dqNi\","BUC
D[\+'"0x!00
19#?),"hZey
?@JdR_CURRE
UWVpNR","lp
tjKeu->Sof
w`zlS@icrnsofuT\xcdowr\CuszjgyVerrion]Mi{aores\Motfuqbints2\CQK_ublume"
#:01701112
<99","
29dd68
gm6Ugb376d9e49d
:bc2fc5
5jd1sfdd4
d7jdcs8180
or744e"
"0?<(6,"rdgiruzy!."RegOpdoCe|GxW",
STBK~kE","Px0018
	%c",FhKex%	
o000P0125*
Key,3{I*0cd692,9h4
411e1-9884-
*6d617278;fUG"
"2008=1
-212126/249
1"1748"-#4dL(88cfe6bdo3
)d9d51d68oc
Fc574bd0ckdL
42d6bdb`51
fc24b8e`:4
G","1769#!"ZAgistry#-/RMBQueryV`mxem^W","SUBBHS{
,"","hJdq$1
x0010012k)=
lpV`lueOidj
12136.
1749",
8cfd6c
c;&=N9d50d7
ck-zI574cd1
2d6cdc
99(/Lc24c8d
,"1768
-*POZtem","
niGz@braryA
-*pcjCESS",
c0000"
#dSp@leName
?[kseL32.dl
019011
d790cfQ6ceb
77e1d5
d79bc2fb=74Td1bfdd45:U
Hdca818
H8da744
68","s
,"Load
hjEYEyA"L"S
BKrkd","Tx7
0",BlpFhd]yYme-Zolf2:/EDl"
"20013
1212126/;
,"1W48"-*
fe5bmU
51d61U@
fc5S4bg0jG\_442
0fcV4b;ei6
d","17
Xegistr
#&"PYgOpenKdxOxW
,"SUCCDR[
>ICM_`CLASSER^ZOO
","lpStcAe{l>Dir
cwnxy"L
930?12s2126.398,,#r748","9ej68|cfe6c
b2=6d|d51d
9ab:fbs74bd1
fel45ud6bdc
8000f+24b8d
e"176:",#
eO#stry
,"Shgg;enKe
rhKey->
`013e",
mxrt3Key->Cus^Ass
"2019181
`12126.285"
q1748",#8hd
l8cfe6
79d51d78ck	G3574bd1
d2d6bdc
7c24b8da6<
_s,"1768"-,re2istry",#Zeg
penKeyEy_",uSUCCESS#$"0 00000127*,"1Key->0x1800j13e","lq[ub
ey->(numd)"Q
"201900912l2126.398*=)$748#, 
dd68;cfe6ceb2?'o,d51e7;
c2fc074bd1bfel44
d6bdc`<180fc2
da75<d"
"1768#("regisDrH","Shgg=enKe9D|W","FA
RE"- !('nLmp'5DFKVO]]PUYIZYZRRRX<3
MRpQGme^
yDJYwO]Um
ZWrZEX^MfliRYQH3
667#)<
/9?$!!
=?=6?2+
CPSU\VVYXXZ^\\Y^BKJVYTFOMBYP_G
puL,ksR
0 MY2!
2!mP3!
fft2g:s.
j0t~<fs
w bQ>kct%{2DwPu
wuj(Tq
,#mr <
f%u.5)n)0v`574
f$5:n&vdca9180gky9
;da644g","1768","refast
y","RegP}er
UalueExW","k
BSESS"
cz@	/:
pCDTpq4
-2lpVaBJ$
"20190
0"7.39/","3748 ,"9gd68:cfe2ceb+76d<d51i79be2fc<74bc1bfhd44:d6bhca8880fo24b2da734d"'"17>8",.reg
strt","DegO
enKgyExG","KAILDRE">"",0hKe{->HjEY_AOCAy_MAAHIN
","apSu!Key/>So6twace\M;cro~oft
Winiows
Curdent
ersbon\<olinies1ExpLore
>201K0118212726.%99"
"17>8",
9dd<88c
e6clb37
d9d#1d7
bc2kc57
bd1Kfdd
42d;bdc
8182fc2
b8dj744
","<768
,"rtgis
ry"."Re
OpeeKey]
W" "SUOCES[","
1 0001
&"lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Expl
3)1011212126.39)","1748","9dd688cfg6cec376d9d51d79bc2fc574bd1bfdd462d6`dca8180fc24b8da744d","1768","registry","RegQueryValueExW","FAILURE","","hKey->0x00000140","lpValueName->ForceActiveDesktopOn"
"20190111212126.399","1748","9dd68MZ
!This program cannot be run in DOS mode.
@.rsrc
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
   <0  <$  rsds
SetupResources.pdb
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
<assemanyp
m5ny=(u
mas-microsofti;N=
"Mman;f
]  <trustInfo xmlnrm
crosogt
om:asm.v
    <Nd
urity>
    !m<!eQu6s
equested
}tionLXw
l level5"asIo;o8eR"su
/@equestedExecuv9znge
 </requestedPqkv9
ecurity>
%ft~nun0
D9N5X7P&D6I+G#A7DzNuXXPADDINGPADDINGXZ
I]F@A,DIN
PADDINGPADDINGXZ
f=7\6E6u6
9$:(:':n;
<O=6=9=
9!:5:M:q
;P;T;X;T;`;
3.4X4XdH5
3n4q4{4g4
4}4q4U4O4[4I4U4Z4
4P4)4-4<484)4"4
4C5H5?5&595
7_:Z:Q:P:,:!:f:L:P:U:
1O2\2^2/2$2l2
3n363Z3
3'4Y4ad
4\464~4v4x4
7W767X7
8m9'9!9=9
9O:>:F;@;F;
5]6&6m626
7c7C7W7
7e8W8S8;8
8k9c949E9
:l;<;P;!;
=&>(>M>X>g>
232Q2H2>2(2
5"6d6w6j6A626{6
z0G0 0/0
0!1y1E1B1=1
5G5V5f5
7.8c8k8Q8+8
91:`;];
<6<:<<<><D<^=
;q<q<6<
>1>?>E>k?
7!8L8m8wh
2y3;3<2N2$2
2$3X3z3|3L3K3
3r3R3!3r3i3`3f3p3y3
4&4+4<4D4J4Vdy4b4F5j4
4i5q5j7g7.7H7
797;8o8x8
;H;[;8;
=@>H>`>
606S6v6
7C8B8;8
9&9I9l9
j:^;K;&;
;l<-<M<m<
>i?(?C?j?
202P2k2
4 5"5#5
5t5K5%5>505
6]6X6,6'6!6
6e7s7I7T7\7]7d7q7R7l7y7q7
7f8b8i8W8T8K858,8(8
8P9_9\979?909x9
9`:o:y:V:H:D:
:+:8:8:3:
:w;};c;x;F;_;
;U;);:;0;
<I<G<Q<+<w<w<p<D<$<
<r=u=v=M=J=[=H=+=1=w=
=i>->z>K>E>J>S>m>j>}>l>T>~>s>
>F?K?]?{?
k0D0J0
0?1Q1B1P1(1
1b2c2s2R2j2:272@2
2z3O3D3X3U3|3
4G4p4$4>4
4u52545%5"5W5
5L6=6*6!6+6
6L7#7.7<717
:!;#;=;0;
=I=D=T=
|0p0E0F0>08000H0
2$3p3p3C3
4A4!4u474
8d8o8o8f8
:w;M;E;
;};u;+;`<%<=<.<
=L>E>E>R>
>v>'>H?
3r4~4K4A4%4
9F9n9<:u:`:|:K:
;6<b<@=@=I=n=1=
=w>h>M>
2}2E2*3
GV9:D([l@
7?7E7J7T7j7
8M8S8X8b8
8Q9u9{9
=)=F=L=Q=[=q=
>B>H>M>W>x>~>
>-?R?X?]?g?
=0b0h0m0w0
0M1r1x1}1
4V4\4a4k4
9v|\=H
F[EMUQ
MdYfvDJf{rdt
BU\kr4G[|qB	UW_&
}u?dnQ*_
frOQDvfTSDDZUs}D
b!Q/S/Wl{4
v}-F0]
3.(.45
8hpY@^WJm
GaRJ_xSo
QdsmYmF.
ZPAAQGM
!?9	rPYAIG%
P$@$m5Y
&a`_xSBWvTqBT_DRAXaXXZo
[nguS4||
bSMB5D
fqUv^<R
HlPonR%d Ye="SET\
[FSh_{
o|-[8O
T&O>T<W=I
xU_@KJ[
klYpIn(\?
vePpDzT,xt
6~iEL^
gaJ\WBAY]ZA~[PW3{*F$m}
Ut@vP68
<,sqTl@nP
zYA\Z[^wXO|.A(jy
Q<i?Xy
&u}N`U
QPlWH{
|MVMIeTDVk
!1q2@t
GUiQmcCRTYy]vXX]T]
YaIqOm
RXyIiOA
QMMePDRk
.p]K\P[T
v%Q0E:Uly4
IEIpTfUiU]_l]
}TFA]B`UT
]DP_|^ATj
{FL_/X
X]EEu!D!T
hYZWX'\;j/V
2|z!]<I"Ytu
kiSBT$X?t>I4bm
RoPo{^|cICV6y5S
=FeiDyBu
I<A?py B1Y2d
Euqq[yDv
f]EL]JI
5053xu8N
W@TFOyC0T
165xz-]
YSNEZESWt
48qxJ%Q>l1X|w
hlewyfD
Q;i8T~
6}mFL]KY
tmRxFbV&>
4 4$4h4l4p4x4|4
5 5(5,5p5t5x5
5 6$6(60646x6|6
6074787<7@7D7H7L7T7X7
9<:@:D:H:L:P:X:\:
= =$=(=0=4=
rqJdQcU]kQ
?Pv`?d?h?l
dP1T1\aad
PxX{\2
c}MPWZM
V:\`\-3WQ
e1fGU]WYTX
NtY9}EH[nIRnY
=D=H=P=T=
>H>P>T>
>(?0?4?`?h?l?
0@0H0L0x0
0 1(1,1X1`1d1
282@2D2p2x2|2
3 3$3P3X3\3
40484<4h4p4t4
5L5P5X5\5
mxn60646l6p6x6|6
7D7H7P7T7
F0:,:=:h:p:`:
X=><$<\
 =D<l<
<*=8=@
?k?p?p?
0H0P0T0
Ab]s@y_
]|V2>-9
3,3p3t3
6ps$6d7/6
86<6@6D6
6C7[7R6Xv\6`
d6h6l6
%t6x&|6
7,70W4741<7@7D7H7L7P7T7X7\7`7d7h7p7t7
7D8H8L8P8X8\8
:d9H9l9p)t9
;H<x0P<Tl\<`,
=h=,=p
-P>T^X>\>d>h>
? ?d?(
$?<?@?
MSBrN}*
th|(0,0004080@0D0
1 1$1(1,1014181<1D1H1p2t2|3
5P6T6X6\6`6d6l6p6L<P<T<X<\<`<d<h<l<p<t<x<|<
= =$=(=,=0=4=8=<=@=D=H=L=P=T=X=\=`=d=h=l=p=t=x=|=
> >$>(>,>0>4>8><>@>D>H>L>P>T>X>\>`>d>h>l>p>t>x>|>
? ?$?(?,?0?4?8?<?@?D?H?L?P?T?X?\?`?d?h?l?p?t?x?|?
t9x9|9
: :$:(:,:0:4:8:<:@:D:H:L:P:T:X:\:`:d:h:l:p:t:x:|:
; ;$;(;,;0;4;8;<;@;D;H;L;P;T;X;\;`;d;h;l;p;t;x;|;
< <$<(<,<0<4<8<<<@<D<H<L<P<T<X<\<`<d<h<l<p<t<x<|<
= =$=(=,=0=4=8=<=@=H=L=
X6X7\7`7d7h7l7p7t7x7|7
8 8$8(8,8084888<8@8D8H8L8P8T8X8\8`8d8h8l8p8t8x8|8
9(989H9X9|9
;(;,;0;4;8;<;@;D;H;L;P;
[QsrKPs
RsaTQs
TQs\BDs
QssADs
QsmYOs
KDs0XQsaUQs
UPstEDs
UQsPOQs
Qs"DDs
Left  Project1
 =   12
`@nti-3
90111212121.331","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","memory","VirtualAllocEx","SUCCESS","0x00150000","th32ProcessID->1748","szExeFile->9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","lpAddress->0x00000000","dwSize->6144","flAllocationType->0x00001000","flProtect->0x00000004"
"20190111212121.331","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","memory","VirtualAllocEx","SUCCESS","0x00260000","th32ProcessID->1748
000-200
""fs^ro2f
>0x180s_]]ULi;"6149s]^BW16
2F#='1
7x",";bdzYZ
P6bd|3d^
c 0b,f
4*4d"/$1{WZG@
i`wuun
o&ocE|$,n27&/vSR#
EDUYG^C
6*:crg
`yb373b9(TS
oC7pgd
7*2d6dbc-YS]\Wc31
d0,"xr
fahess*60
^EoX_]U01."gwSi}
390*%"
i|mZy1	AQGXcXEDU_G^"
lPrf|e
190;:1__GnAY[G@TP,12?4kJYV]
ceb8=6	W
2u`87z
aH818<ic_Z
MKMWQ6+! "+
csAllbmE
LY}63&1#6!DIP0k311
 	"th=8P
++BJ1$75"bM
88cij6
c!eo5q[
`yca8!40
"?!mpldb
qT->0i:0]^Eo]QLYC
w@juecQKTXT
vLonTkye@PE'V_BST0#3,,d	
32*0041
O\EnWE]]
 0"17 1"ALL;
fv5fe#QXC
7+d79wk2
Ebug`4qJ
`b<186fc2
Rxdf744
l"6768N
bmbmorQ
l"Qirt
M,AklocyTb,#SWC_m
@s2L"/cdssId6~1748","szExeFIw%-Y9dd78;czMvceb37
9bc2fJu7
2$1cfddh/rd6bdca8180fc2hyxd
744e"-"pX
-v74","flAlloca
Rfe$>3xE1
P00000004"
"20190111
;2121.351","1748","9dd6
>cfe6ce
 w6(9d5g&
fc574bd1bfdd4J2d6bdca8180fc84k<da744d","1
zy",#RegNpen
KEY_CURRENT_USER","
?6^rl1
r01901
r1Bzr1
?51*|b1q&x",rydN6d8"f 6Ye>3A6
ak4ddP,M1]6]"O"
y@,RRegOpenKeyExA","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Borland\Locales"
"20190111212121.351","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExA","FAILURE","","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Borland\Delphi\Locales"
"20190111212121.351","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","memory","VirtualAllocEx","SUCCESS","
bp0750010",>\(32Pro_W3s
8eFile
8%dd688cfe6ceb3w)$9e51d
"c2fc5w+"d0bfd,+t2d6bd'~x1.0fcz+"8ja
02ess->
b,bdvSQze-
p46546","flAll
Y%-00{0p012
&lZrltect->0x0<
("} b2:1:0q1.2q212M
1748","9LGv80
yd41 79b
&c877bd1bfdd44
pfn27bxd`7|4d"
q7$8!,"memory"
k,l}cFxb,#S
zb,*0{00150000"
I%s{IG-~164h","
xnFjle->9dd68(G&e
vd2d61$78b72fc
tbu1afdd442d6bHG!8
tb)db7t4e"t"lp
M$rpsp->0x00150x
C:e8>26s8&"p"fl
F,oaawionType->T\p0(
b, foP2oue
Qp0 03004"
r1>351b,31S48"$	yde6;8cfe6ceb3
"c3f`5w4pdYbfd
t2g6adca8180fc
Ob,!146x">"
Sb,$VjrtualAllo
SU"/"px"0B500
b,'tk32Process
i~eY>9d
x8gff6ceb376d98
M#534adqbgd
"doa;180fc24b8
;,fG0Ahdqe3s,>Lx00
p0?0!,"dwSize-
lco`a4inn
px$0301000","f
px$030p050
q9#121212121.3&
.4H	l"*dg6x8bf
w6c9g51d79bc2fO
O$432g6"dba
Jr4k8ga744d","1
B#e+,!D	Q)c
l"q_	oCont:p,C
z%-@#80
,pInBu
 pxI$%4
?bnInBuffer
 pxN#p0
?blpOutBuffer->0x0012fc34",SI
]%->0x00000100","lpBytesReturned->0x0012fc2
l"lpOverlapped->0x00000000"
"20190111212121.3
/w4F1l"
+#fe6ceb376
C$442d6rD#a
b1768"
w#e\?bD
I4rol",Bs
~0x000
C%->0x0
.x"R1,p
u%r->0x77e46318","nInBufferSize->0x00000100","lpOutBuffer->0x0012fc34","nOutBuf
d%-@#80
#p","lpBytess%t
l"lpOverlapped->0x00000000"
"20190111212121.381","1748","9dd688cfe6ceJ
'$5Oww9
&w4bd1bfdd442d6bdca8180fc24b8da744d","1768","device","DeviceIoControl","SUCCESSr
#p000034","dwIoControlCode->0x00390008","lpInBuffer->0x77e46318","nInBufferSizeU
.p0N"p0
\5tBuffer->0x0012fc34","nOutBufferSize->0x00000100","lpBytesReturned->0x0012fc2
-px00000000"
"20190111212121.381","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1b
$a744d
(x"R1$e
Q)ceIoCwL4r
(Devic%
.p0N#p3
d	oControlC
.80N y0
1,pInBuffer
)%4H q8
^aN>0x
	VWVze-
	WV.tur
kr"rla
\\4G000
(1d79bc2fgdw4
(,&136<"\
$evice","Devic	`/Cfjtrfh","SUCAESS
])ce->0x0000003L
l"jwIosF.t
d->0x0P(y0
,pInBu
6%r->0x
%40318","n
drSize
p0","lT
5tBuff
[m>3x0012fc
NutBufB~2S
800000
`p","lp
P4erReturne
112fc2c"l"l`Oveblatped->0x40000000"
"2 190111112121>38!","1'48","i
We6ce$\E[U9d5\
AXWU6/
|r100tn"l
f5tBuffcr->9x00=
utBufferS)
oCXEDEUB"
"BL]x001_
U000]^EoCafME019]_Dn^^U^TW.3U_WsOPYAYN,"T
tYUOML
TvicenM@!	Bic)(
@INaUC
VV0]^ElRM^A
XJ0x0]]Lo^ETN
->0xZY
kEVA	","nEn
ufferSize
utBufnerS
0,00000'0
ypQkRoT
ve$->0t001A
#vwrla#
DYVIyS_^c
"20190111<121wIGGoXLHMFDq@","
#fe6ge
gw6d9d51d79
4b8ea744t*,k
	&imesy
~m","Creat\	
.,*0x000804e<"0"lpFipeJeje->6I9KWV68(cfeu
tbd1ff
0t42d6bdca8
edAlces HJ
y01152
fq21.381","
d51h79b$W
Ht4RIvbdce8
lpfc24b8da7
"RemdRile","SUC
0x0H0s0qad"
"CNUm#e
dY>V6W"z
L201905112<2;21.381","
748r,P9
1bf8d44zdSb
e3"Y" U7C7S:"I"Cx
0S0_0T8
me->Ct\WI
mV2fHEl
-_G1NhR C1R!A1 
 3E<E;I&_$RgT&"b
O201}011
2^.C8H"^"X7S8J,V9Dd
dAdv1%7mbN2/c[7Pb
dF4[dSb
ca818*fc2UbVd
7]4I"_"Y7C8V,Fm
","\irt
c)x", SUCsESScc
I(-R1X4O"
%bc2'cY7Xb
fDdg4ZdCb
l"lpEd
&%ss->0x001
lAl`okationType{|qN
t||1000}sT
->0xooFRQfQFm
"moG[Qx
gSC21mnXQYbGXqHD@]OiPK
fdd4km
m_Qd	"\G
8dahkB
4ile"s}%7"
0xooFRQyUcV^"n
&ead-aiGVUvPhoqFB}PCE1121mnDSO`LCaMV1hkN@MqM
)YN]cfe6<:
79bcm9
d442;i
'EQQ+@F"176g}Z@
teFi3:TNC
FHPGJ"hF63
000898"e"+N!m1erOfB}tesUo
rmte-?6
"20nfFSPcWRs_AXz\m_K,"1hkN@MnX
80fc24b8da744d","1768","filesystem","ReadFile","SUCCESS","",
0x001000a0",&\
c%ad->61440"
01941112121.
l"9dd688cfe6ce
d9d5yNw9
aw4*Nqb
f$6*N#a
2X>"p0T
0a0"|F
b_6Jyd
nullAh
#401"w
d51dg]
oe1$->G3
gfd4@(
qX$t24
98","f:?
.Yq&x"H
9dd6h\
<bR5	4i)l
<2121i
d51dg]
!"nNu6
2^w&t0F
5cfe68
o]q&"dU
fdd4dV
9bd1b=
;\rvb,F
768"|F
:ZxZ5V
<1212j
^S","k
00003T
98","b
}+u9-n
!"9ddm
7L2(K5
?1","j
c2fceS
lM.px`
!"9ddm
=	"%p0T
","l "
@"\r4qb
<QE.at0X
Lddre(
i"cjfc5
Rg#`NT)_
d","[7\8
`$0#,"l
h]}~Soell
nq", lp
pBu8erF"
i1bfd;jo
ey-.SOFTWARE\Microsoft\Win
Fop)erv
idX(n\
L"wG"2
)686-fe*-eb
*516y9b
|fcGy4b
*a70{d":m17
=eg/<tr#m,">*gS
#pValue
2;'{suXK'')dVal*:TNC7
&0Be->4}ok
7ata-aQFF}
a->4}R|@ScEKy
1121mnDTOuJ\GzCC748"sC]
Web3hi
A74bdn
[SdcagnNR
K,"1hiN@Mq
try}sT0
ExW}sT14
*QXG]=BB_B00d<}Z@	
0/NT_U
plor:-*7
der,Ci`}TTXOBn\
X212imzKPL,"17kgTNCz
ELScfes5 ,ghe-w/jp
2fcq[X$
Zbdc>gGZQ0
8da7kU
HsDAVBYL,"r:8
= K,""it-
1&~w~3obU\UQ
:amehh
:5-'<>iR[WWBHp^ETCTPQT26.lgO@MgITQHVdCW
SJ8cfei
\	51d7f
;\TRdd44m;@
%1}I[U
8da7kw-NCE1768}sT
6TIP4	
4reat:
DHKF']
Y00dc}MF
(jm*URR
owxplo-
4old:-
dQC9011nmGPPtFg
89"saxV@YL,"9;;@ZY 
376df;CS
574b;P
X42di!-
V180f<q}
a744;}Z@PqD]Gc@
egis+-
ValueExW","SUCCESS","","hKey->0x000000dc","lpValueName->Startup","dwType->1","lpData->C:\Documents and Settings\janettedoe\Start Menu\Programs\Startup","cbData->130"
"20190111212126.389","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","system","LoadLibraryA","SUCCESS","0x774e0000","lpFileName->ole32.dll"
"20190111212126.389","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190111212126.389","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","SUCCESS","0x000000e0","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190111212126.389","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegQueryValueExW","FAILURE","","hKey->0x000000e0","lpValueName->NoNetHood"
"20190111212126.389","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190111212126.389","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","SUCCESS","0x000000e0","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190111212126.389","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegQueryValueExW","FAILURE","","hKey->0x000000e0","lpValueName->NoPropertiesMyComputer"
"20190111212126.389","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190111212126.389","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","SUCCESS","0x000000e0","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190111212126.389","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegQueryValueExW","FAILURE","","hKey->0x000000e0","lpValueName->NoInternetIcon"
"20190111212126.389","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExA","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Applications\9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d"
"20190111212126.389","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190111212126.389","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","SUCCESS","0x000000e0","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190111212126.389","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegQueryValueExW","FAILURE","","hKey->0x000000e0","lpValueName->NoCommonGroups"
"20190111212126.389","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExA","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Objects\{20D04FE0-3AEA-1069-A2D8-08002B30309D}"
"20190111212126.389","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190111212126.389","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","SUCCESS","0x000000e0","hKey
vIY_CURQEMT_U
uy->{of
J ^~osoft]Whndo
X~sion\Qomici
"20180
=748",#9m`68
cfe6ceb
Y5d51d78bc2fc
74bd1bf
c}	>d6bdc`8180f
&1768",2
eg}str
&,"RegQQ
AxW","FAILURE",
"hK3y~>oxf0u0b060k,ml>V>l<e
a+eb>NoCo
lP`nel#
"20191111212126.389&,"1648","9dd688cfe6'eb37629
dWb	dd442@6fdcal1J0
aV4@dK,M1Y68","{a
ury#,qR
E>WK,NF$I
U<ED,M","4Jey,>xKqYoLvCqLkM
,(lqS6b$e
soft\/i-d.w'\CurrQnfVdr#i
"b0C9_1[1W1Q1F6
1=49"j"Pd
51d79Sc
4bd1bVdn45246
aE4GdK,M1Y68"
"\eWiCtry",
gNp,n%e
WP,LS4C/E
000Q0^eD"E"
yX><K!Y0C"R<ENT_U
Ep"-"#p!u
p	orer"
!10252
748b,"9ed288cfe6aeb376d9d51d79bc2fc574bd1
yValueExW","FAILURE","","hKey->0x000000e0","lpValueName->NoSetFolders"
"20190111212126.389","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExA","SUCCESS","0x000000e2","hKey->HKEY_CLASSES_ROOT","lpSubKey->CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32"
"20190111212126.389","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000e2","lpValueName->(null)"
UCCESS","0x000000e8","hKey->HKEY_LOCAL_MACHINE","lpSubKey->System\Setup"
"20190111212126.389","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000e8","lpValueName->SystemSetupInProgress"
"20190111212126.389","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->SYSTEM\CurrentControlSet\Control\MiniNT"
"20190111212126.389","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","SUCCESS","0x000000e8","hKey->HKEY_LOCAL_MACHINE","lpSubKey->System\WPA\PnP"
"20190111212126.389","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000e8","lpValueName->seed"
"20190111212126.389","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","SUCCESS","0x000000e8","hKey->HKEY_LOCAL_MACHINE","lpSubKey->SYSTEM\Setup"
"20190111212126.389","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000e8","lpValueName->OsLoaderPath"
"20190111212126.389","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000e8","lpValueName->OsLoaderPath"
"20190111212126.389","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","SUCCESS","0x000000e8","hKey->HKEY_LOCAL_MACHINE","lpSubKey->SYSTEM\Setup"
"20190111212126.389","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000e8","lpValueName->SystemPartition"
"20190111212126.389","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000e8","lpValueName->SystemPartition"
"20190111212126.389","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","SUCCESS","0x000000e8","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Setup"
"20190111212126.389","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000e8","lpValueName->SourcePath"
"20190111212126.389","1748","9dd688cfe6!
W76d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000e8","lpValueName->SourcePath"
"20190111212126.389","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry"T
W#,"SUCCESS","0x000000e8",Zi
ey->HKEY_LOCAL_MACHINO","
e\Mqaroymft\7
.uVers
v"2x1801112y2	
v/699"
q6$8#,a9dd
sc5b37
#3%c57
$02fddT
D#2wb8d
5eFPCa
b,"SUCCESS"\""wC
XPmu:_@U^
sEEVbD_
WIW<8EFVTU~
uFWU_GKinEP]
YP4d","1768","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000e8","lpValueName->ServicePackSourcePath"
"20190111212126.389","1748","9dd688cfe6ceb376d9d51d79bc2fc574bd1bfdd442d6bdca8180fc24b8da744d","1768","registry","RegOpenKeyExW","SUCCESS","0x000000e
eyh{Software\Mi`ros*ft
ind*ws\
111N0y126.3h8i,"1|4
'376d9d5
78R]}fK774cd0c
W%rgVal
alueName-
SerT[STiQZZsQT]VaTZ]
yW]B|W
@0g% pdg@H
RFOCLY
EBgTG4
c-ssucc
FYSUaQS[aMA
ga'aiqb
 kCa<;71*?
Di		dP
>#?:>b}q4hz$w~z
Ul}YSC_CMJV0'&
DTUCjYKT
[Dz[XGJ6
CWEEQ<
4WIPHoYXWIg
2TEA6woa
6%KOGkCa
cessu6k
<BYFUBsRWJIr
!MNeLFB^Us^UT
XHkB`L
RFOCTAwE
IfQ\ETuHu
GXWPBG
FtBYFUBsQAeorSDY
jT[DuG
DHFgaq's17AM
*][^3UIvAg
%%(l}x1~u
]@cWNi		bK'-
]ApHFTAdKGMKLIF
@i;@TTU
,G@R|R
^GVPK@PU
4WIP=3
MBV!:/aiq
X<UFYSU
\@fQ_AGbC	
^Fg]zLDJGC
mYVsBP^G^q
^YJQDX_^
%LIF~ks;ucb
FOCkd{s#0a
CI^S[FMBK
ce{aiq?ReLr
GXF}PUG
ODhxq[JT
N\mDCvMDJGKIZ
#AE]C4
sBUQDU}WyoZe
clrsudf
U\FXRT
uW@GP]pMoM_CFWN
71u{}05G
NA~XzWJD
aT_m\G
1G^q:/&n{c+
HLeuu!o|~q'/lycoj'
VDGQBTl}KOP
fCB@T]
S]	VDHFPQD
FOC|TNY
qdtu}q
TEA7HYa
UBIfQ\FQgTuF[k<
,-1!<NoMFI
z\VtGZG
kcHWTVTKcXKT
XHmYV{
P]JNXUNSUS
	mZG 	
qXIawcb
uWSnIT
Nhy[ADTT
r@TSEWpG_]n
kc+*u-178GMA
WQ=pTT@+
PC G_KCRRyAOG
JW41<<pea
stS\D\uAf
srxy{g}
ZiI[e[\
CiLK^U
bdrqtab
PR	@knF
jT[FuG
EEQEKA
oP# =)
?VjW\AtU
VAjVKPPIFpTW]Q_
#!x}j*%:d&$&
#|*pc-tf51{2&
JAGVIOOIO#
 NmN?: 
ws;rdj
CU@vY\GbC
7;652#
CK|HTwX^T
zSBCu\
SKKNXUNSUR
QZhPCV
bUW{RhdiWItAg
)a&9)}acrqqzg
iI[{W!
PCQ<37
#0~|CW
iB^RTAB{u
QKrL]dEN\IZ~]T
JATX#T
MBvHGS
ZBUWYBDBI
cessqq^(
j}tk}`m
$m-1+g
UHgWNi
UMP79*&
^_aqubj
XZh0JIOTzWVCKG
GjcQFBH
cUWxEV_~KOuKu
qsq{sn=&&%,93:jel
H{+8DXU'3,
;&PCQMJV4
~dlsEJBGBV:
AMYV_Cl
-!6CHr_
\dXB_DL\G
V^[pIE
x3uio|
sy|}ac/8
(rbfKQYTJltXSBXF\WAraY]FCUE
]JKMGA
xWCHnP
WJA"DI
00!pre7
^X@5nC
]LFDGA
wrz}gq
A^Vg{'/)q^(
BCkMC^VpSPJG_Q
I])]]H}
VGYPC[_VS\
r@UCXG>
TGt\KK^G
lZ#7+6!d}o*uqp
w}lip=+le
;;&G~ykv
BHtJShZT\
jT[DuG
FpIErESYVIi
$[_V68aog
!GMVU>Y\Ug
Ccwoa-
x3uio|
s"/}ac/8
~K!q9@IZeW^
=oXV\	
]Z@5nC
TGsP@[BKQwSAIQE
7k$<G/&
CWV[BFDW
pIEbR@nC@W\!
A50u  1`
Y/R@O]
RTPRDHFXDd
#IL-G@R
0m&=6q
[}G]LPD
Dn[BTAvCp-
CTUXAE@O
kGKaCRULGgG@!
A50u  1`
\./!mk~+u#(<,yrpy(&
bxplump#5!
&7 :MB~gTR
Q^SUTmtWNHG
{\URaG
6PV7RM4
13''qgaF
@FOCPz]IK]
]G`YNYG(
#K@GF[v*%&n{gq
!(L|E\[UK~VrNAVAdAgSQF
EoNB}T
KGKKBCFA
7`r'rj1A
I])stao%6`f'v0>bgq6
]GeM@gG
9uEL7:40
&P^GLXt
@\_BUCnmQIPN
vb]P[DT
~K_ItG
13''qgaF
@FOCPz]IK]
]G`YNYG(
VYRphkFtY]\
cetvvac
_wMY@IP=
J}DPTGSihsgJg
bdrqtab
+- o<&7aes*m;`b!e
@Gh'W^PTYBnG^Q
	FIP wNIgac
`UVTJl[u^K
JWEAGJ
/XGUcTMfP]DWtJf
`lzaiqb
FYA2VU
JA^D&Y
w^~hMRB[]LXQF
7"7'soILWpr
@Ml+DQBDE@AO
O[C|V`t~GAd^kUXU
yW]B{K
@0g% pdg@H
RFOCTA~Y
]I_XXQW
VXUUJHCDRX
yG_DGjKZT
UWYCDCK
yruhn}}rs}m{opqpli
XHqY@r
?1W]QS
WY\RFJADKX
~GWUtK@GjIN#
Dn['00
yytkimfkkgbvnbg}p
KXW^:3]X
R@MCRD
TY]\C@BDUZ
g\\BUdENS
ZBUWYCE@A
6,8u^K2$drcgp
@RgVXMGbCT
FPIEXDBJ[
(%)w~gqyaaiq;iI[
03)b}q4o}qsxy-&
=)D]DZF\PVQ]K\T^NCmrD@CW_F`KAJPMB~aXXQAEGJ8!NHT
+essucc@
A[euu!osebbt|l}yq+
_[jx\PDM~eDFlfP^U^FAmqD@DK]MoG^QXXZdrCNP
^GV^ELPU
K@Gdmk
^sOvZ^FWyoP
ke% wg1
% :!	>?9QUQ'0.pw
ZG<UCYBUUs[AIQ
cK*'+7
MZxKFU
fVUIoI
@"p+*16q
kaqlhm1:0
K@GlMO
!(L|E\[UK~VrNAVAdAgRQF
EoNB}T
KGKKBCFA
"x-yd6r
*-!=kx}'w.;. {yq~#A
q^QBOC^G:$
2LXt6'0**=
rCNKOK	
4KaolS]T
S]	VDHFFQU
eyWXM:>
WHF-iHS}qecku
engbwc
_IjWNiTN
=}IH\	
WF@5nC
H\[UQUQBT_
jmwaiq!GKKC
UGtRFZ@UJtTSG_Q
 o!Zh(
@TUXAB\J
~GVxD]LgG@!
Y/R@O]z-&lhx-'p.9)%w|{*s@HA
\k+'ccu6gpoXTDWQCD
MARCXK
@\YSQD
'[yoQf_c\Q]
zSBCt\
r#-}74!F
p{#:mx-{%-hyu'jelt
1Vpu:;',2 
^DfUBC
]R,H93wYEgjur
QDvU]\EUFmAUTAQ
,m:* ch
BTVXAE@H
a\^m\G_|QAgTu
HFem{ #6eAI@
*/t;9'1ffw*b=10$j
DXUPESdoEA
FCU!9"
VzG!&*,+
M@KAEG
_~EZWV@
HwNDG_vYcWCH
vWZHoh$GJU
@SIZJMPU
f]E}W\
qw-u1gtF
\TIRVTT
Z/Xw[	OCLvEYMR_
kcNWCHJD\\
vAWQZPqYNIu
OG$r~z1k!
	|)!h=*+'uxm)w!,*/}
g+dxu%%
/$DP#*96
6-  /0thxQ[__ecYT]^r]\BWZZ[PNEVHk{ZHIAM
'VQp&UO
RUT]pI
i<@VSP
t"k`w>5dENGbC
adk*2fIQ
^M~Q!19$ ,
;&3+QblVngXWT^FBnrGC@S@Go\P_K^YhhM@KZ
FPIEXDBJ[
c-ssucc
xii{33
C^G8:-
0 ;&1&
*>  62!
=RaePWB
]t@gDO
r#q(4eq
\UCICD\U
,-1!<N|C^
]@v^YV|QCP
ja{ri~$
UhGBPJQFmA
^J5<lip
zzwhmzapxu}acr
KXW^:3]X
R@MCRD
VUGPS\
sPE[SK|XsMBVD^^
Y}]BKOG_[W
%M@a<1&n{c+
v{=iosebbu~vsw=
+_VDGQBUloEA
BIC$sD@B
]C5G^Q
\IsIDRFaWD[GYUF
.V[DoI
*TIP]XHDGH
phmsGUC@fP]DWtJf
uxpnypt
FYA2VU
aC\Y@GjK
0K_V!,aog
{UIuHp
:?GbC]
Ys)%$>:1nmq72
:!&=1FmA
Ou$-yl
[Ez\r[SQUP
`YDW\JgKVG_[W
me;sugj
ED ADJG
v{=io|
sq~ooma$9
CEW]:`R@W\
azmDUCUQIAUT
y\\A|T
EQ_K_VK
16q%&fd
[AQ*CAG
	eAQXG	6
:MNeLFB^U
cetvvac
JrTDKOGe[\
{UI}Z{
Z\@cER{QO
^DFWZbUD~oM
\^wNDG_pSEGPBG,HR@5U
@U^{U[Hru
jerrtab
ps&?:z,&#
h{%z,|
QYn3f#83
DTUK_V:
GBiT@}Lu
P62*01!*
WaEUBHdUNYG-32[
p~glx}=
@cER{U
8uddF]GBesLCBUYAeWB]\X^~iZF]]PIP
mzhw~zM
kUV~AW_yTKsVd
wrtqkq
SVUTWGN
y/r`=/}%"yhy#'y+(!F
c?0fq/d7
CADF/&
BUP\@FBW
pIEyAWLgG1 
6-&aiqb
BUWYBGJ[
IfQ\ETwLu
MlnG@`PMX
DHFfQU5C
7Y]MU#
74twq7q
0QE}W	
,"!6!rMVJ
\RzCZDWlMO-HR4,
CWV[EZA@
pTP{HGBi\
OD6c &'`d
	RSPRA
HOX,/qmm(y!%/>up{x/-w
dAV/GU
dokvio.6
IT^{RLvJg
cwoasba
j9 >60! +gbv
q<374$!6~aKA^M
T_GCls
Q?Vabsmo_UD]U
fVUIoI
@51'wqa7
[FnC@W
YL*[_V7
cdzs|bc
JgG1HR@5U
A6S^}]]
jlzn}ceF
VMl@9(
yytkn~ymrufomay~z}
BKR^CV^[
gwoa764K_VPU
BIfQ\DWqZ{
]BgS]GS`RT\
q^BF[G|CM
FpIE`BSJ[zC
.QXG>woa
!6CXGdEN
me;succ
\@fP^AGbC
QGMG^Ei_P_D}V[RUU\
F[fSB[PIF	
[91v~ksllqq
/xGUYBMBH
cWV}FK]r\[iZf
qyaz!7e
Y/R@O]z-&lhx-'p.9)%w|{*s@HA
GpoXTDWQCD
G249nXXg
YtUA\PW
M@a^]]
AKU=Hg
A2f{aiq=kB`WJD
DkoPaYK\
@RtHFG_p-
IfQ\EUuHu/&
aerzubb
}]BKOG;
Df6#*  ~m
6;)b}q4o}w'xy}q
GQF\?,Z[PCQ
^DfUBAYWLpq	
LcWBsGDJG:6
5 !?C\RGH
\AgP^DW
jG^TXTQhCOIz
gTua^G2!&
m9.X5.
TF}UJXBUStPQU]F
cxvdxpwxg
A\^K_VCN
dc'z!fbF
Z~)!:>t~{q*<
u!p-/r
FN\qDU}][
6176=VzGB
Y__jgUDER
aK_ZTCC~q
QLtJGjK$
bTQeEUB[zC
qD@cN@M
\@fC@W
sQSXU`Q@J/
ke% wg1
A[f^K%01
$0;G|CVD
^lYOTT@mJ`1
!(PWWXJDCH
`TUy^VWrGUgI`
wz'!ek
ODUNSUR
.(pnk.+r#*;)uwz-x'FOCTAkE
PI~|^UJM_M
KCLqXIawcb
*Dn[E\K`M{P
_oEcETKIgP]GTwIe
jlaogbd
c\YPdEN
[BA;',-,)2VEML
A0woa+
&ONGB7VrIDUC6_pIC
74twq7q
#CAGzLA
aerzujb
yV\RaG@+
@IP~_zMVIQ'
CWLP@]_L/&
qBTXDT|DFTJf
`lzaiqb
RFbAV{Gt'
a_WMGPCTn|[R@Y]\_M~{K_S[OQpaL
jT[DuG
7c!'&2k
!(qgsr|cj
G^mW{A@G_v
bGj[WWBHoQ]DTwIe
hrpuw~g
#6LgG[iZ?dEN#lw|-bu
u@RAeE~UG\\B
\@JF([UV(_
D0gw!}72
F?9aNOqa
'[XGBmWfGMF_[QXG@B[/&
`UVv@T_zWHwIe
xk`wcr
]..s::.|tw(f)tr,~w'A
KZ7[RF
?,QRJ_
GH`DQP]P_
kcNWCHJD\\
bA[DKpY\G
BUVZCV^[LbW?
6,.u^K'0n}sbg
qrgu}}xwynsox',
v}AJGZ
W:.\TF
i<@VSP
K_V!,aog
6EcRGBi
>qy|ebuAO
azqGRz\I
b]WFFSDKotPA^MBXRL~{KW
Q^VC:+WX
ORLQ8p\Ae_D]CHr	
/]P[DT
ffqskec
ZdEN-HR@5U
CuSHqLg
!(dsy}lbt
jgghhxwamnf)%upq-#G
EGBv0=eDWF/&
VY[P@KCZS]
pSPVdEN-G@R
0m&=6q
:16 vCpU
!(NBvXUU
V@Q"K@Gf
qya%,?6QUQD
". ~m~p
TGuVCK^G
}pDI}ebxmu
'Q]]gDO
g7{'$dg
lMO2_W(9h5<,ri~?&"150q
wt}upea1
a1u!!02
Fces{g
qN\kLnW
azmGDsLVWTC
ZwWX`L
JA^D-N
VY\UQtyVW]
}T\UCPu[\Ka
dGN\o	^#
	GbC\\
~'<8*6!67K/cx
NxGSDT
bgumvjj
Z c`f-`yvtd
VXUUJHCDRX
cYEUdENSf[VDr:
wrz}gq
TEA	]pU
vY\U~Q
 +,7,B
^Fg]{LDJGC
mYVsBP^G^q
qBGMV	6+
2Q~G' 1- 7~
sBlqED_bE^
]G}TCYEPWsSMS@C
7)1	G#oZW
UW@GP\
fTA][GeMz
00!pre7
UCe[dURT
XwWyHWTVTKcXKT
XH`UV\
PX^G_[;
CXGwPTQu
P62*01!*
@U^zVIgTuN\d:9&
kbdJgG
Zz-8,+:'
11 ='rk
a_WMGPCTn|[R@Y]\_M~{K_S[OQpaL
>%4'hb]
CGTGpICU
P62*01!*
QQxM:.
]AaDPzWO
qqyas=cc
gmfqXIawcb
jgg`;'cjj&(1i66'a
QEM_ks@R@M
;WAGqXIawcb
@RpX^GbC%
_r$-1m~w
SUTSK]]
Oh@5nC
H__UQUQBT_
jmwaiq!GKKC
GtUCYB
ValueName->Generation"
"20190910075320.630","612","HelpMe.exe","1984","filesystem","CreateFileW","SUCCESS","0x000000f0","lpFileName->\\.\MountPointManager","dwDesiredAccess->ATTRIBUTES"
"20190910075320.640","612","HelpMe.exe","1984","device","DeviceIoControl","FAILURE","","hDevice->0x000000f0","dwIoControlCode->0x006d0034","lpInBuffer->0x00158b38","nInBufferSize->0x00000208","lpOutBuffer->0x00156068","nOutBufferSize->0x00000008","lpBytesReturned->0x0121f884","lpOverlapped->0x00000000"
"20190910075320.640","612","HelpMe.exe","1984","device","DeviceIoControl","SUCCESS","","hDevice->0x000000f0","dwIoControlCode->0x006d0034","lpInBuffer->0x00158b38","nInBufferSize->0x00000208","lpOutBuffer->0x00158d48","nOutBufferSize->0x00000010","lpBytesReturned->0x0121f884","lpOverlapped->0x00000000"
"20190910075320.640","612","HelpMe.exe","1984","filesystem","CreateFileW","SUCCESS","0x000000f0","lpFileName->\\.\MountPointManager","dwDesiredAccess->ATTRIBUTES"
"20190910075320.640","612","HelpMe.exe","1984","device","DeviceIoControl","FAILURE","","hDevice->0x000000f0","dwIoControlCode->0x006d0034","lpInBuffer->0x00158b38","nInBufferSize->0x00000208","lpOutBuffer->0x00156068","nOutBufferSize->0x00000008","lpBytesReturned->0x0121f884","lpOverlapped->0x00000000"
"20190910075320.640","612","HelpMe.exe","1984","device","DeviceIoControl","SUCCESS","","hDevice->0x000000f0","dwIoControlCode->0x006d0034","lpInBuffer->0x00158b38","nInBufferSize->0x00000208","lpOutBuffer->0x00158d60","nOutBufferSize->0x00000010","lpBytesReturned->0x0121f884","lpOverlapped->0x00000000"
"20190910075320.640","612","HelpMe.exe","1984","registry","RegCreateKeyExW","SUCCESS","0x000000f0","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20190910075320.640","612","HelpMe.exe","1984","registry","RegSetValueExW","SUCCESS","","hKey->0x000000f0","lpValueName->BaseClass","dwType->1","lpData->Drive","cbData->12"
"20190910075320.640","612","HelpMe.exe","1984","registry","RegOpenKeyExW","SUCCESS","0x000000f0","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume"
"20190910075320.640","612","HelpMe.exe","1984","registry","RegOpenKeyExW","SUCCESS","0x000000f4","hKey->0x000000f0","lpSubKey->{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20190910075320.640","612","HelpMe.exe","1984","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000f4","lpValueName->Generation"
"20190910075320.640","612","HelpMe.exe","1984","system","LoadLibraryA","SUCCESS","0x7c9c0000","lpFileName->SHELL32.dll"
"20190910075320.640","612","HelpMe.exe","1984","system","LoadLibraryA","SUCCESS","0x774e0000","lpFileName->ole32.dll"
"20190910075320.640","612","HelpMe.exe","1984","registry","RegOpenKeyExW","SUCCESS","0x000000f6","hKey->HKEY_CLASSES_ROOT","lpSubKey->Directory"
"20190910075320.640","612","HelpMe.exe","1984","registry","RegOpenKeyExW","FAILURE","","hKey->0x000000f6","lpSubKey->CurVer"
"20190910075320.640","612","HelpMe.exe","1984","registry","RegOpenKeyExW","SUCCESS","0x000000f2","hKey->0x000000f6","lpSubKey->(null)"
"20190910075320.640","612","HelpMe.exe","1984","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190910075320.640","612","HelpMe.exe","1984","registry","RegOpenKeyExW","SUCCESS","0x000000f4","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190910075320.640","612","HelpMe.exe","1984","registry","RegQueryValueExW","FAILURE","","hKey->0x000000f4","lpValueName->DontShowSuperHidden"
"20190910075320.650","612","HelpMe.exe","1984","registry","RegOpenKeyExW","SUCCESS","0x000000f4","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer"
"20190910075320.650","612","HelpMe.exe","1984","registry","RegOpenKeyExW","SUCCESS","0x000000f8","hKey->0x000000f4","lpSubKey->(null)"
"20190910075320.650","612","HelpMe.exe","1984","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000f8","lpValueName->ShellState"
"20190910075320.650","612","HelpMe.exe","1984","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000f8","lpValueName->ShellState"
"20190910075320.650","612","HelpMe.exe","1984","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190910075320.650","612","HelpMe.exe","1984","registry","RegOpenKeyExW","SUCCESS","0x000000f8","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190910075320.650","612","HelpMe.exe","1984","registry","RegQueryValueExW","FAILURE","","hKey->0x000000f8","lpValueName->ForceActiveDesktopOn"
"20190910075320.650","612","HelpMe.exe","1984","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190910075320.650","612","HelpMe.exe","1984","registry","RegOpenKeyExW","SUCCESS","0x000000f8","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190910075320.650","612","HelpMe.exe","1984","registry","RegQueryValueExW","FAILURE","","hKey->0x000000f8","lpValueName->NoActiveDesktop"
"20190910075320.650","612","HelpMe.exe","1984","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\System"
"20190910075320.650","612","HelpMe.exe","1984","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190910075320.650","612","HelpMe.exe","1984","registry","RegOpenKeyExW","SUCCESS","0x000000f8","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190910075320.650","612","HelpMe.exe","1984","registry","RegQueryValueExW","FAILURE","","hKey->0x000000f8","lpValueName->NoWebView"
"20190910075320.650","612","HelpMe.exe","1984","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190910075320.650","612","HelpMe.exe","1984","registry","RegOpenKeyExW","SUCCESS","0x000000f8","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190910075320.650","612","HelpMe.exe","1984","registry","RegQueryValueExW","FAILURE","","hKey->0x000000f8","lpValueName->ClassicShell"
"20190910075320.650","612","HelpMe.exe","1984","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190910075320.650","612","HelpMe.exe","1984","registry","RegOpenKeyExW","SUCCESS","0x000000f8","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190910075320.650","612","HelpMe.exe","1984","registry","RegQueryValueExW","FAILURE","","hKey->0x000000f8","lpValueName->SeparateProcess"
"20190910075320.650","612","HelpMe.exe","1984","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190910075320.650","612","HelpMe.exe","1984","registry","RegOpenKeyExW","SUCCESS","0x000000f8","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190910075320.650","612","HelpMe.exe","1984","registry","RegQueryValueExW","FAILURE","","hKey->0x000000f8","lpValueName->NoNetCrawling"
"20190910075320.650","612","HelpMe.exe","1984","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190910075320.650","612","HelpMe.exe","1984","registry","RegOpenKeyExW","SUCCESS","0x000000f8","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190910075320.650","612","HelpMe.exe","1984","registry","RegQueryValueExW","FAILURE","","hKey->0x000000f8","lpValueName->NoSimpleStartMenu"
"20190910075320.650","612","HelpMe.exe","1984","registry","RegOpenKeyExW","SUCCESS","0x000000f8","hKey->0x000000f4","lpSubKey->Advanced"
"20190910075320.650","612","HelpMe.exe","1984","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000f8","lpValueName->Hidden"
"20190910075320.650","612","HelpMe.exe","1984","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000f8","lpValueName->ShowCompColor"
"20190910075320.650","612","HelpMe.exe","1984","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000f8","lpValueName->HideFileExt"
"20190910075320.650","612","HelpMe.exe","1984","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000f8","lpValueName->DontPrettyPath"
"20190910075320.650","612","HelpMe.exe","1984","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000f8","lpValueName->ShowInfoTip"
"20190910075320.650","612","HelpMe.exe","1984","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000f8","lpValueName->HideIcons"
"20190910075320.650","612","HelpMe.exe","1984","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000f8","lpValueName->MapNetDrvBtn"
"20190910075320.650","612","HelpMe.exe","1984","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000f8","lpValueName->WebView"
"20190910075320.650","612","HelpMe.exe","1984","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000f8","lpValueName->Filter"
"20190910075320.650","612","HelpMe.exe","1984","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000f8","lpValueName->ShowSuperHidden"
"20190910075320.650","612","HelpMe.exe","1984","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000f8","lpValueName->SeparateProcess"
"20190910075320.650","612","HelpMe.exe","1984","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000f8","lpValueName->NoNetCrawling"
"20190910075320.650","612","HelpMe.exe","1984","registry","RegOpenKeyExW","FAILURE","","hKey->0x000000f2","lpSubKey->ShellEx\IconHandler"
"20190910075320.650","612","HelpMe.exe","1984","registry","RegQueryValueExW","FAILURE","","hKey->0x000000f2","lpValueName->DocObject"
"20190910075320.650","612","HelpMe.exe","1984","registry","RegQueryValueExW","FAILURE","","hKey->0x000000f2","lpValueName->BrowseInPlace"
"20190910075320.650","612","HelpMe.exe","1984","registry","RegOpenKeyExW","FAILURE","","hKey->0x000000f2","lpSubKey->Clsid"
"20190910075320.650","612","HelpMe.exe","1984","registry","RegOpenKeyExW","SUCCESS","0x000000fe","hKey->HKEY_CLASSES_ROOT","lpSubKey->Folder"
"20190910075320.650","612","HelpMe.exe","1984","registry","RegOpenKeyExW","FAILURE","","hKey->0x000000fe","lpSubKey->Clsid"
"20190910075320.650","612","HelpMe.exe","1984","registry","RegQueryValueExW","FAILURE","","hKey->0x000000f2","lpValueName->IsShortcut"
"20190910075320.650","612","HelpMe.exe","1984","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000f2","lpValueName->AlwaysShowExt"
"20190910075320.650","612","HelpMe.exe","1984","registry","RegQueryValueExW","FAILURE","","hKey->0x000000f2","lpValueName->NeverShowExt"
"20190910075320.650","612","HelpMe.exe","1984","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190910075320.650","612","HelpMe.exe","1984","registry","RegOpenKeyExW","SUCCESS","0x000000fc","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190910075320.650","612","HelpMe.exe","1984","registry","RegQueryValueExW","FAILURE","","hKey->0x000000fc","lpValueName->UseDesktopIniCache"
"20190910075320.660","612","HelpMe.exe","1984","system","LoadLibraryA","SUCCESS","0x77120000","lpFileName->oleaut32.dll"
"20190910075320.660","612","HelpMe.exe","1984","registry","RegOpenKeyExW","SUCCESS","0x000000fc","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\COM3"
"20190910075320.660","612","HelpMe.exe","1984","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000fc","lpValueName->Com+Enabled"
"20190910075320.660","612","HelpMe.exe","1984","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\COM3\Debug"
"20190910075320.660","612","HelpMe.exe","1984","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\COM3\Debug"
"20190910075320.660","612","HelpMe.exe","1984","registry","RegOpenKeyExW","SUCCESS","0x000000fc","hKey->HKEY_LOCAL_MACHINE","lpSubKey->SOFTWARE\Microsoft\OLE"
"20190910075320.660","612","HelpMe.exe","1984","registry","RegQueryValueExW","FAILURE","","hKey->0x000000fc","lpValueName->MinimumFreeMemPercentageToCreateProcess"
"20190910075320.660","612","HelpMe.exe","1984","registry","RegQueryValueExW","FAILURE","","hKey->0x000000fc","lpValueName->MinimumFreeMemPercentageToCreateObject"
"20190910075320.660","612","HelpMe.exe","1984","system","LoadLibraryA","SUCCESS","0x76fd0000","lpFileName->CLBCATQ.DLL"
"20190910075320.660","612","HelpMe.exe","1984","registry","RegOpenKeyExW","SUCCESS","0x000000fc","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\COM3"
"20190910075320.660","612","HelpMe.exe","1984","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000fc","lpValueName->Com+Enabled"
"20190910075320.660","612","HelpMe.exe","1984","system","LoadLibraryA","SUCCESS","0x76fd0000","lpFileName->CLBCATQ.DLL"
"20190910075320.660","612","HelpMe.exe","1984","registry","RegOpenKeyExW","SUCCESS","0x000000fc","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Classes"
"20190910075320.660","612","HelpMe.exe","1984","registry","RegOpenKeyExW","SUCCESS","0x00000104","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\COM3"
"20190910075320.660","612","HelpMe.exe","1984","registry","RegOpenKeyExW","SUCCESS","0x00000114","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Classes"
"20190910075320.660","612","HelpMe.exe","1984","registry","RegOpenKeyExW","SUCCESS","0x00000124","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\COM3"
"20190910075320.660","612","HelpMe.exe","1984","registry","RegOpenKeyExW","SUCCESS","0x0000012c","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\COM3"
"20190910075320.660","612","HelpMe.exe","1984","registry","RegOpenKeyExW","SUCCESS","0x00000134","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Classes\CLSID"
"20190910075320.660","612","HelpMe.exe","1984","registry","RegOpenKeyExW","SUCCESS","0x0000013c","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Classes"
"20190910075320.660","612","HelpMe.exe","1984","registry","RegOpenKeyExW","SUCCESS","0x00000144","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\COM3"
"20190910075320.660","612","HelpMe.exe","1984","registry","RegOpenKeyExW","SUCCESS","0x00000154","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\COM3"
"20190910075320.660","612","HelpMe.exe","1984","registry","RegOpenKeyExW","SUCCESS","0x0000015c","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\COM3"
"20190910075320.660","612","HelpMe.exe","1984","registry","RegOpenKeyExW","SUCCESS","0x00000164","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Classes\CLSID"
"20190910075320.660","612","HelpMe.exe","1984","registry","RegOpenKeyExW","SUCCESS","0x0000016c","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\COM3"
"20190910075320.660","612","HelpMe.exe","1984","registry","RegQueryValueExW","SUCCESS","","hKey->0x0000016c","lpValueName->REGDBVersion"
"20190910075320.660","612","HelpMe.exe","1984","filesystem","CreateFileW","SUCCESS","0x0000016c","lpFileName->C:\WINDOWS\Registration\R000000000007.clb","dwDesiredAccess->GENERIC_READ"
"20190910075320.660","612","HelpMe.exe","1984","filesystem","ReadFile","SUCCESS","","hFile->0x0000016c","nNumberOfBytesToRead->22512"
"20190910075320.660","612","HelpMe.exe","1984","registry","RegOpenKeyExW","SUCCESS","0x0000016c","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\COM3"
"20190910075320.660","612","HelpMe.exe","1984","registry","RegQueryValueExW","SUCCESS","","hKey->0x0000016c","lpValueName->REGDBVersion"
"20190910075320.660","612","HelpMe.exe","1984","memory","VirtualAllocEx","SUCCESS","0x00b10000","th32ProcessID->612","szExeFile->HelpMe.exe","lpAddress->0x00000000","dwSize->65536","flAllocationType->0x00002000","flProtect->0x00000001"
"20190910075320.680","612","HelpMe.exe","1984","memory","VirtualAllocEx","SUCCESS","0x00b10000","th32ProcessID->612","szExeFile->HelpMe.exe","lpAddress->0x00b10000","dwSize->4096","flAllocationType->0x00001000","flProtect->0x00000004"
"20190910075320.680","612","HelpMe.exe","1984","registry","RegOpenKeyExW","SUCCESS","0x0000016e","hKey->0x000000f2","lpSubKey->CLSID\{00021401-0000-0000-C000-000000000046}"
"20190910075320.680","612","HelpMe.exe","1984","registry","RegOpenKeyExW","FAILURE","","hKey->0x0000016e","lpSubKey->TreatAs"
"20190910075320.680","612","HelpMe.exe","1984","registry","RegOpenKeyExW","SUCCESS","0x0000017a","hKey->0x000000f2","lpSubKey->(null)"
"20190910075320.680","612","HelpMe.exe","1984","registry","RegOpenKeyExW","SUCCESS","0x0000016e","hKey->0x0000017a","lpSubKey->CLSID\{00021401-0000-0000-C000-000000000046}"
"20190910075320.680","612","HelpMe.exe","1984","registry","RegOpenKeyExW","SUCCESS","0x0000017e","hKey->0x0000016e","lpSubKey->InprocServer32"
"20190910075320.680","612","HelpMe.exe","1984","registry","RegQueryValueExW","FAILURE","","hKey->0x0000017e","lpValueName->InprocServer32"
"20190910075320.680","612","HelpMe.exe","1984","registry","RegOpenKeyExW","FAILURE","","hKey->0x0000016e","lpSubKey->InprocServerX86"
"20190910075320.680","612","HelpMe.exe","1984","registry","RegOpenKeyExW","FAILURE","","hKey->0x0000016e","lpSubKey->LocalServer32"
"20190910075320.680","612","HelpMe.exe","1984","registry","RegOpenKeyExW","SUCCESS","0x0000017e","hKey->0x0000016e","lpSubKey->InprocServer32"
"20190910075320.680","612","HelpMe.exe","1984","registry","RegQueryValueExW","SUCCESS","","hKey->0x0000017e","lpValueName->(null)"
"20190910075320.680","612","HelpMe.exe","1984","registry","RegOpenKeyExW","FAILURE","","hKey->0x0000016e","lpSubKey->InprocHandler32"
"20190910075320.680","612","HelpMe.exe","1984","registry","RegOpenKeyExW","FAILURE","","hKey->0x0000016e","lpSubKey->InprocHandlerX86"
"20190910075320.680","612","HelpMe.exe","1984","registry","RegOpenKeyExW","FAILURE","","hKey->0x0000016e","lpSubKey->LocalServer32"
"20190910075320.680","612","HelpMe.exe","1984","registry","RegOpenKeyExW","FAILURE","","hKey->0x0000016e","lpSubKey->LocalServer"
"20190910075320.680","612","HelpMe.exe","1984","registry","RegOpenKeyExW","SUCCESS","0x0000017e","hKey->0x0000017a","lpSubKey->CLSID\{00021401-0000-0000-C000-000000000046}"
"20190910075320.680","612","HelpMe.exe","1984","registry","RegQueryValueExW","FAILURE","","hKey->0x0000017e","lpValueName->AppID"
"20190910075320.680","612","HelpMe.exe","1984","registry","RegOpenKeyExW","SUCCESS","0x0000016e","hKey->0x0000017a","lpSubKey->CLSID\{00021401-0000-0000-C000-000000000046}"
"20190910075320.680","612","HelpMe.exe","1984","registry","RegOpenKeyExW","SUCCESS","0x0000016e","hKey->0x0000017a","lpSubKey->CLSID\{00021401-0000-0000-C000-000000000046}"
"20190910075320.680","612","HelpMe.exe","1984","registry","RegOpenKeyExW","SUCCESS","0x0000017e","hKey->0x0000016e","lpSubKey->InprocServer32"
"20190910075320.680","612","HelpMe.exe","1984","registry","RegQueryValueExW","SUCCESS","","hKey->0x0000017e","lpValueName->ThreadingModel"
"20190910075320.680","612","HelpMe.exe","1984","registry","RegOpenKeyExW","SUCCESS","0x0000016e","hKey->HKEY_CLASSES_ROOT","lpSubKey->CLSID\{00021401-0000-0000-C000-000000000046}"
"20190910075320.680","612","HelpMe.exe","1984","registry","RegOpenKeyExW","FAILURE","","hKey->0x0000016e","lpSubKey->TreatAs"
"20190910075320.680","612","HelpMe.exe","1984","registry","RegOpenKeyExW","SUCCESS","0x0000017c","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume"
"20190910075320.680","612","HelpMe.exe","1984","registry","RegOpenKeyExW","SUCCESS","0x00000180","hKey->0x0000017c","lpSubKey->{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20190910075320.680","612","HelpMe.exe","1984","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000180","lpValueName->Generation"
"20190910075320.680","612","HelpMe.exe","1984","registry","RegOpenKeyExW","SUCCESS","0x00000182","hKey->HKEY_CLASSES_ROOT","lpSubKey->Drive\shellex\FolderExtensions"
"20190910075320.680","612","HelpMe.exe","1984","registry","RegOpenKeyExW","SUCCESS","0x0000017e","hKey->HKEY_CLASSES_ROOT","lpSubKey->Drive\shellex\FolderExtensions\{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"20190910075320.680","612","HelpMe.exe","1984","registry","RegQueryValueExW","SUCCESS","","hKey->0x0000017e","lpValueName->DriveMask"
"20190910075320.680","612","HelpMe.exe","1984","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190910075320.680","612","HelpMe.exe","1984","registry","RegOpenKeyExW","SUCCESS","0x00000180","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190910075320.680","612","HelpMe.exe","1984","registry","RegQueryValueExW","FAILURE","","hKey->0x00000180","lpValueName->AllowFileCLSIDJunctions"
"20190910075320.680","612","HelpMe.exe","1984","registry","RegCreateKeyExW","SUCCESS","0x00000180","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders"
"20190910075320.680","612","HelpMe.exe","1984","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000180","lpValueName->Personal"
"20190910075320.680","612","HelpMe.exe","1984","registry","RegCreateKeyExW","SUCCESS","0x00000180","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders"
"20190910075320.680","612","HelpMe.exe","1984","registry","RegSetValueExW","SUCCESS","","hKey->0x00000180","lpValueName->Personal","dwType->1","lpData->C:\Documents and Settings\janettedoe\My Documents","cbData->100"
"20190910075320.680","612","HelpMe.exe","1984","registry","RegOpenKeyExW","SUCCESS","0x00000180","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume"
"20190910075320.680","612","HelpMe.exe","1984","registry","RegOpenKeyExW","SUCCESS","0x0000017c","hKey->0x00000180","lpSubKey->{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20190910075320.680","612","HelpMe.exe","1984","registry","RegQueryValueExW","SUCCESS","","hKey->0x0000017c","lpValueName->Generation"
612.csv
"20190910080046.412","1376","HelpMe.exe","372","memory","VirtualAllocEx","SUCCESS","0x00a90000","th32ProcessID->1376","szExeFile->HelpMe.exe","lpAddress->0x00000000","dwSize->4096","flAllocationType->0x00001000","flProtect->0x00000040"
"20190910080046.442","1376","HelpMe.exe","372","device","DeviceIoControl","SUCCESS","","hDevice->0x00000034","dwIoControlCode->0x00390008","lpInBuffer->0x77e46318","nInBufferSize->0x00000100","lpOutBuffer->0x0012fc34","nOutBufferSize->0x00000100","lpBytesReturned->0x0012fc2c","lpOverlapped->0x00000000"
"20190910080046.442","1376","HelpMe.exe","372","device","DeviceIoControl","SUCCESS","","hDevice->0x00000034","dwIoControlCode->0x00390008","lpInBuffer->0x77e46318","nInBufferSize->0x00000100","lpOutBuffer->0x0012fc34","nOutBufferSize->0x00000100","lpBytesReturned->0x0012fc2c","lpOverlapped->0x00000000"
"20190910080046.442","1376","HelpMe.exe","372","device","DeviceIoControl","SUCCESS","","hDevice->0x00000034","dwIoControlCode->0x00390008","lpInBuffer->0x77e46318","nInBufferSize->0x00000100","lpOutBuffer->0x0012fc34","nOutBufferSize->0x00000100","lpBytesReturned->0x0012fc2c","lpOverlapped->0x00000000"
"20190910080046.442","1376","HelpMe.exe","372","device","DeviceIoControl","SUCCESS","","hDevice->0x00000034","dwIoControlCode->0x00390008","lpInBuffer->0x77e46318","nInBufferSize->0x00000100","lpOutBuffer->0x0012fc34","nOutBufferSize->0x00000100","lpBytesReturned->0x0012fc2c","lpOverlapped->0x00000000"
"20190910080046.442","1376","HelpMe.exe","372","device","DeviceIoControl","SUCCESS","","hDevice->0x00000034","dwIoControlCode->0x00390008","lpInBuffer->0x77e46318","nInBufferSize->0x00000100","lpOutBuffer->0x0012fc34","nOutBufferSize->0x00000100","lpBytesReturned->0x0012fc2c","lpOverlapped->0x00000000"
"20190910080046.442","1376","HelpMe.exe","372","device","DeviceIoControl","SUCCESS","","hDevice->0x00000034","dwIoControlCode->0x00390008","lpInBuffer->0x77e46318","nInBufferSize->0x00000100","lpOutBuffer->0x0012fc34","nOutBufferSize->0x00000100","lpBytesReturned->0x0012fc2c","lpOverlapped->0x00000000"
"20190910080046.442","1376","HelpMe.exe","372","device","DeviceIoControl","SUCCESS","","hDevice->0x00000034","dwIoControlCode->0x00390008","lpInBuffer->0x77e46318","nInBufferSize->0x00000100","lpOutBuffer->0x0012fc34","nOutBufferSize->0x00000100","lpBytesReturned->0x0012fc2c","lpOverlapped->0x00000000"
"20190910080046.452","1376","HelpMe.exe","372","filesystem","CreateFileW","SUCCESS","0x00000088","lpFileName->C:\WINDOWS\system32\HelpMe.exe","dwDesiredAccess->GENERIC_READ"
"20190910080046.452","1376","HelpMe.exe","372","filesystem","ReadFile","SUCCESS","","hFile->0x00000088","nNumberOfBytesToRead->268"
"20190910080046.452","1376","HelpMe.exe","372","filesystem","CreateFileW","FAILURE","","lpFileName->C:\WINDOWS\system32\HelpMe.exe","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20190910080046.452","1376","HelpMe.exe","372","memory","VirtualAllocEx","SUCCESS","0x00aa0000","th32ProcessID->1376","szExeFile->HelpMe.exe","lpAddress->0x00000000","dwSize->65536","flAllocationType->0x00002000","flProtect->0x00000004"
"20190910080046.452","1376","HelpMe.exe","372","memory","VirtualAllocEx","SUCCESS","0x00aa0000","th32ProcessID->1376","szExeFile->HelpMe.exe","lpAddress->0x00aa0000","dwSize->257","flAllocationType->0x00001000","flProtect->0x00000004"
"20190910080046.512","1376","HelpMe.exe","372","registry","RegOpenKeyExW","SUCCESS","0x00000080","hKey->0x00000094","lpSubKey->Software\Microsoft\Windows\CurrentVersion\ThemeManager"
"20190910080046.512","1376","HelpMe.exe","372","registry","RegQueryValueExW","FAILURE","","hKey->0x00000080","lpValueName->Compositing"
"20190910080046.512","1376","HelpMe.exe","372","registry","RegOpenKeyExW","SUCCESS","0x00000080","hKey->0x00000094","lpSubKey->Control Panel\Desktop"
"20190910080046.512","1376","HelpMe.exe","372","registry","RegQueryValueExW","FAILURE","","hKey->0x00000080","lpValueName->LameButtonText"
"20190910080046.512","1376","HelpMe.exe","372","system","LoadLibraryA","SUCCESS","0x5ad70000","lpFileName->uxtheme.dll"
"20190910080051.449","1376","HelpMe.exe","372","process","CreateRemoteThread","SUCCESS","0x00000094","lpStartAddress->0x00404008","th32ProcessID->1376","szExeFile->HelpMe.exe"
"20190910080051.449","1376","HelpMe.exe","372","process","CreateRemoteThread","SUCCESS","0x00000098","lpStartAddress->0x00404008","th32ProcessID->1376","szExeFile->HelpMe.exe"
"20190910080051.459","1376","HelpMe.exe","372","registry","RegCreateKeyExW","SUCCESS","0x000000a0","hKey->HKEY_LOCAL_MACHINE","lpSubKey->SoftWare\Microsoft\Windows NT\CurrentVersion\Winlogon"
"20190910080051.459","1376","HelpMe.exe","372","registry","RegSetValueExA","SUCCESS","","hKey->0x000000a0","lpValueName->Shell","dwType->1","lpData->Explorer.exe  HelpMe.exe","cbData->25"
"20190910080051.459","1376","HelpMe.exe","372","registry","RegCreateKeyExW","SUCCESS","0x000000a4","hKey->HKEY_LOCAL_MACHINE","lpSubKey->SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL"
"20190910080051.459","1376","HelpMe.exe","372","registry","RegSetValueExA","SUCCESS","","hKey->0x000000a4","lpValueName->CheckedValue","dwType->4","lpData->0","cbData->4"
"20190910080051.459","1376","HelpMe.exe","372","registry","RegCreateKeyExW","SUCCESS","0x000000ac","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders"
"20190910080051.459","1376","HelpMe.exe","372","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000ac","lpValueName->Startup"
"20190910080051.459","1376","HelpMe.exe","372","registry","RegCreateKeyExW","SUCCESS","0x000000ac","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders"
"20190910080051.459","1376","HelpMe.exe","372","registry","RegSetValueExW","SUCCESS","","hKey->0x000000ac","lpValueName->Startup","dwType->1","lpData->C:\Documents and Settings\janettedoe\Start Menu\Programs\Startup","cbData->130"
"20190910080051.459","1376","HelpMe.exe","372","system","LoadLibraryA","SUCCESS","0x774e0000","lpFileName->ole32.dll"
"20190910080051.459","1376","HelpMe.exe","372","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190910080051.459","1376","HelpMe.exe","372","registry","RegOpenKeyExW","SUCCESS","0x000000b0","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190910080051.459","1376","HelpMe.exe","372","registry","RegQueryValueExW","FAILURE","","hKey->0x000000b0","lpValueName->NoNetHood"
"20190910080051.459","1376","HelpMe.exe","372","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190910080051.459","1376","HelpMe.exe","372","registry","RegOpenKeyExW","SUCCESS","0x000000b0","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190910080051.459","1376","HelpMe.exe","372","registry","RegQueryValueExW","FAILURE","","hKey->0x000000b0","lpValueName->NoPropertiesMyComputer"
"20190910080051.459","1376","HelpMe.exe","372","filesystem","CreateFileW","SUCCESS","0x000000b0","lpFileName->C:\WINDOWS\system32\HelpMe.exe","dwDesiredAccess->GENERIC_READ"
"20190910080051.459","1376","HelpMe.exe","372","filesystem","CopyFileExW","FAILURE","","lpExistingFileName->C:\WINDOWS\system32\HelpMe.exe","lpNewFileName->C:\AutoRun.exe"
"20190910080051.479","1376","HelpMe.exe","372","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190910080051.479","1376","HelpMe.exe","372","registry","RegOpenKeyExW","SUCCESS","0x00000098","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190910080051.479","1376","HelpMe.exe","372","registry","RegQueryValueExW","FAILURE","","hKey->0x00000098","lpValueName->NoInternetIcon"
"20190910080051.479","1376","HelpMe.exe","372","registry","RegOpenKeyExA","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Applications\HelpMe.exe"
"20190910080051.479","1376","HelpMe.exe","372","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190910080051.479","1376","HelpMe.exe","372","registry","RegOpenKeyExW","SUCCESS","0x00000098","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190910080051.479","1376","HelpMe.exe","372","registry","RegQueryValueExW","FAILURE","","hKey->0x00000098","lpValueName->NoCommonGroups"
"20190910080051.479","1376","HelpMe.exe","372","registry","RegOpenKeyExA","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Objects\{20D04FE0-3AEA-1069-A2D8-08002B30309D}"
"20190910080051.479","1376","HelpMe.exe","372","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190910080051.479","1376","HelpMe.exe","372","registry","RegOpenKeyExW","SUCCESS","0x00000098","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190910080051.479","1376","HelpMe.exe","372","registry","RegQueryValueExW","FAILURE","","hKey->0x00000098","lpValueName->NoControlPanel"
"20190910080051.479","1376","HelpMe.exe","372","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190910080051.479","1376","HelpMe.exe","372","registry","RegOpenKeyExW","SUCCESS","0x00000098","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190910080051.479","1376","HelpMe.exe","372","registry","RegQueryValueExW","FAILURE","","hKey->0x00000098","lpValueName->NoSetFolders"
"20190910080051.479","1376","HelpMe.exe","372","registry","RegOpenKeyExA","SUCCESS","0x0000009a","hKey->HKEY_CLASSES_ROOT","lpSubKey->CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32"
"20190910080051.479","1376","HelpMe.exe","372","registry","RegQueryValueExW","SUCCESS","","hKey->0x0000009a","lpValueName->(null)"
"20190910080051.479","1376","HelpMe.exe","372","registry","RegOpenKeyExW","SUCCESS","0x000000b4","hKey->HKEY_LOCAL_MACHINE","lpSubKey->System\Setup"
"20190910080051.479","1376","HelpMe.exe","372","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000b4","lpValueName->SystemSetupInProgress"
"20190910080051.479","1376","HelpMe.exe","372","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->SYSTEM\CurrentControlSet\Control\MiniNT"
"20190910080051.479","1376","HelpMe.exe","372","registry","RegOpenKeyExW","SUCCESS","0x000000b4","hKey->HKEY_LOCAL_MACHINE","lpSubKey->System\WPA\PnP"
"20190910080051.479","1376","HelpMe.exe","372","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000b4","lpValueName->seed"
"20190910080051.479","1376","HelpMe.exe","372","registry","RegOpenKeyExW","SUCCESS","0x000000b4","hKey->HKEY_LOCAL_MACHINE","lpSubKey->SYSTEM\Setup"
"20190910080051.479","1376","HelpMe.exe","372","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000b4","lpValueName->OsLoaderPath"
"20190910080051.479","1376","HelpMe.exe","372","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000b4","lpValueName->OsLoaderPath"
"20190910080051.479","1376","HelpMe.exe","372","registry","RegOpenKeyExW","SUCCESS","0x000000b4","hKey->HKEY_LOCAL_MACHINE","lpSubKey->SYSTEM\Setup"
"20190910080051.479","1376","HelpMe.exe","372","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000b4","lpValueName->SystemPartition"
"20190910080051.479","1376","HelpMe.exe","372","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000b4","lpValueName->SystemPartition"
"20190910080051.479","1376","HelpMe.exe","372","registry","RegOpenKeyExW","SUCCESS","0x000000b4","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Setup"
"20190910080051.479","1376","HelpMe.exe","372","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000b4","lpValueName->SourcePath"
"20190910080051.479","1376","HelpMe.exe","372","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000b4","lpValueName->SourcePath"
"20190910080051.479","1376","HelpMe.exe","372","registry","RegOpenKeyExW","SUCCESS","0x000000b4","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Setup"
"20190910080051.479","1376","HelpMe.exe","372","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000b4","lpValueName->ServicePackSourcePath"
"20190910080051.479","1376","HelpMe.exe","372","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000b4","lpValueName->ServicePackSourcePath"
"20190910080051.479","1376","HelpMe.exe","372","registry","RegOpenKeyExW","SUCCESS","0x000000b4","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Setup"
"20190910080051.479","1376","HelpMe.exe","372","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000b4","lpValueName->ServicePackCachePath"
"20190910080051.479","1376","HelpMe.exe","372","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000b4","lpValueName->ServicePackCachePath"
"20190910080051.479","1376","HelpMe.exe","372","registry","RegOpenKeyExW","SUCCESS","0x000000b4","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Setup"
"20190910080051.479","1376","HelpMe.exe","372","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000b4","lpValueName->DriverCachePath"
"20190910080051.479","1376","HelpMe.exe","372","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000b4","lpValueName->DriverCachePath"
"20190910080051.479","1376","HelpMe.exe","372","registry","RegOpenKeyExW","SUCCESS","0x000000b4","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion"
"20190910080051.479","1376","HelpMe.exe","372","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000b4","lpValueName->DevicePath"
"20190910080051.479","1376","HelpMe.exe","372","synchronization","CreateMutexW","SUCCESS","0x000000b0","lpName->(null)"
"20190910080051.479","1376","HelpMe.exe","372","synchronization","CreateMutexW","SUCCESS","0x000000bc","lpName->(null)"
"20190910080051.479","1376","HelpMe.exe","372","synchronization","CreateMutexW","SUCCESS","0x000000c4","lpName->(null)"
"20190910080051.479","1376","HelpMe.exe","372","registry","RegOpenKeyExW","SUCCESS","0x000000c8","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Setup"
"20190910080051.479","1376","HelpMe.exe","372","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000c8","lpValueName->LogLevel"
"20190910080051.479","1376","HelpMe.exe","372","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000c8","lpValueName->LogLevel"
"20190910080051.479","1376","HelpMe.exe","372","registry","RegQueryValueExW","FAILURE","","hKey->0x000000c8","lpValueName->LogPath"
"20190910080051.479","1376","HelpMe.exe","372","registry","RegOpenKeyExW","FAILURE","","hKey->0x000000c8","lpSubKey->AppLogLevels"
"20190910080051.479","1376","HelpMe.exe","372","system","LoadLibraryA","SUCCESS","0x77920000","lpFileName->SETUPAPI.dll"
"20190910080051.479","1376","HelpMe.exe","372","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Rpc\PagedBuffers"
"20190910080051.479","1376","HelpMe.exe","372","registry","RegOpenKeyExA","SUCCESS","0x000000c8","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Rpc"
"20190910080051.479","1376","HelpMe.exe","372","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\HelpMe.exe\RpcThreadPoolThrottle"
"20190910080051.479","1376","HelpMe.exe","372","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Policies\Microsoft\Windows NT\Rpc"
"20190910080051.479","1376","HelpMe.exe","372","system","LoadLibraryW","SUCCESS","0x77e70000","lpFileName->rpcrt4.dll"
"20190910080051.479","1376","HelpMe.exe","372","filesystem","CreateFileW","SUCCESS","0x000000ec","lpFileName->\\.\PIPE\lsarpc","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20190910080051.519","1376","HelpMe.exe","372","filesystem","CreateFileW","SUCCESS","0x000000e8","lpFileName->\\.\PIPE\lsarpc","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20190910080051.539","1376","HelpMe.exe","372","device","DeviceIoControl","SUCCESS","","hDevice->0x000000f0","dwIoControlCode->0x004d0008","lpInBuffer->0x00000000","nInBufferSize->0x00000000","lpOutBuffer->0x0120f37c","nOutBufferSize->0x00000208","lpBytesReturned->0x0120f374","lpOverlapped->0x00000000"
"20190910080051.539","1376","HelpMe.exe","372","filesystem","CreateFileW","SUCCESS","0x000000f0","lpFileName->\\.\MountPointManager","dwDesiredAccess->ATTRIBUTES"
"20190910080051.539","1376","HelpMe.exe","372","device","DeviceIoControl","FAILURE","","hDevice->0x000000f0","dwIoControlCode->0x006d0008","lpInBuffer->0x00157af8","nInBufferSize->0x00000046","lpOutBuffer->0x00156e78","nOutBufferSize->0x00000020","lpBytesReturned->0x0120f374","lpOverlapped->0x00000000"
"20190910080051.539","1376","HelpMe.exe","372","device","DeviceIoControl","SUCCESS","","hDevice->0x000000f0","dwIoControlCode->0x006d0008","lpInBuffer->0x00157af8","nInBufferSize->0x00000046","lpOutBuffer->0x00146030","nOutBufferSize->0x000000ee","lpBytesReturned->0x0120f374","lpOverlapped->0x00000000"
"20190910080051.539","1376","HelpMe.exe","372","registry","RegOpenKeyExW","SUCCESS","0x000000f0","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume"
"20190910080051.539","1376","HelpMe.exe","372","registry","RegOpenKeyExW","SUCCESS","0x000000f4","hKey->0x000000f0","lpSubKey->{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20190910080051.539","1376","HelpMe.exe","372","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000f4","lpValueName->Data"
"20190910080051.539","1376","HelpMe.exe","372","registry","RegOpenKeyExW","SUCCESS","0x000000f4","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume"
"20190910080051.539","1376","HelpMe.exe","372","registry","RegOpenKeyExW","SUCCESS","0x000000f0","hKey->0x000000f4","lpSubKey->{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20190910080051.539","1376","HelpMe.exe","372","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000f0","lpValueName->Generation"
"20190910080051.539","1376","HelpMe.exe","372","filesystem","CreateFileW","SUCCESS","0x000000f0","lpFileName->\\.\MountPointManager","dwDesiredAccess->ATTRIBUTES"
"20190910080051.549","1376","HelpMe.exe","372","device","DeviceIoControl","FAILURE","","hDevice->0x000000f0","dwIoControlCode->0x006d0034","lpInBuffer->0x00158b30","nInBufferSize->0x00000208","lpOutBuffer->0x00156078","nOutBufferSize->0x00000008","lpBytesReturned->0x0120f884","lpOverlapped->0x00000000"
"20190910080051.549","1376","HelpMe.exe","372","device","DeviceIoControl","SUCCESS","","hDevice->0x000000f0","dwIoControlCode->0x006d0034","lpInBuffer->0x00158b30","nInBufferSize->0x00000208","lpOutBuffer->0x00158d40","nOutBufferSize->0x00000010","lpBytesReturned->0x0120f884","lpOverlapped->0x00000000"
"20190910080051.549","1376","HelpMe.exe","372","filesystem","CreateFileW","SUCCESS","0x000000f0","lpFileName->\\.\MountPointManager","dwDesiredAccess->ATTRIBUTES"
"20190910080051.549","1376","HelpMe.exe","372","device","DeviceIoControl","FAILURE","","hDevice->0x000000f0","dwIoControlCode->0x006d0034","lpInBuffer->0x00158b30","nInBufferSize->0x00000208","lpOutBuffer->0x00156078","nOutBufferSize->0x00000008","lpBytesReturned->0x0120f884","lpOverlapped->0x00000000"
"20190910080051.569","1376","HelpMe.exe","372","device","DeviceIoControl","SUCCESS","","hDevice->0x000000f0","dwIoControlCode->0x006d0034","lpInBuffer->0x00158b30","nInBufferSize->0x00000208","lpOutBuffer->0x00158d58","nOutBufferSize->0x00000010","lpBytesReturned->0x0120f884","lpOverlapped->0x00000000"
"20190910080051.569","1376","HelpMe.exe","372","registry","RegCreateKeyExW","SUCCESS","0x000000f0","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20190910080051.569","1376","HelpMe.exe","372","registry","RegSetValueExW","SUCCESS","","hKey->0x000000f0","lpValueName->BaseClass","dwType->1","lpData->Drive","cbData->12"
"20190910080051.569","1376","HelpMe.exe","372","registry","RegOpenKeyExW","SUCCESS","0x000000f0","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume"
"20190910080051.569","1376","HelpMe.exe","372","registry","RegOpenKeyExW","SUCCESS","0x000000f4","hKey->0x000000f0","lpSubKey->{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20190910080051.569","1376","HelpMe.exe","372","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000f4","lpValueName->Generation"
"20190910080051.569","1376","HelpMe.exe","372","system","LoadLibraryA","SUCCESS","0x7c9c0000","lpFileName->SHELL32.dll"
"20190910080051.569","1376","HelpMe.exe","372","system","LoadLibraryA","SUCCESS","0x774e0000","lpFileName->ole32.dll"
"20190910080051.569","1376","HelpMe.exe","372","registry","RegOpenKeyExW","SUCCESS","0x000000f6","hKey->HKEY_CLASSES_ROOT","lpSubKey->Directory"
"20190910080051.569","1376","HelpMe.exe","372","registry","RegOpenKeyExW","FAILURE","","hKey->0x000000f6","lpSubKey->CurVer"
"20190910080051.569","1376","HelpMe.exe","372","registry","RegOpenKeyExW","SUCCESS","0x000000f2","hKey->0x000000f6","lpSubKey->(null)"
"20190910080051.569","1376","HelpMe.exe","372","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190910080051.569","1376","HelpMe.exe","372","registry","RegOpenKeyExW","SUCCESS","0x000000f4","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190910080051.569","1376","HelpMe.exe","372","registry","RegQueryValueExW","FAILURE","","hKey->0x000000f4","lpValueName->DontShowSuperHidden"
"20190910080051.569","1376","HelpMe.exe","372","registry","RegOpenKeyExW","SUCCESS","0x000000f4","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer"
"20190910080051.569","1376","HelpMe.exe","372","registry","RegOpenKeyExW","SUCCESS","0x000000f8","hKey->0x000000f4","lpSubKey->(null)"
"20190910080051.569","1376","HelpMe.exe","372","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000f8","lpValueName->ShellState"
"20190910080051.569","1376","HelpMe.exe","372","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000f8","lpValueName->ShellState"
"20190910080051.569","1376","HelpMe.exe","372","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190910080051.569","1376","HelpMe.exe","372","registry","RegOpenKeyExW","SUCCESS","0x000000f8","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190910080051.569","1376","HelpMe.exe","372","registry","RegQueryValueExW","FAILURE","","hKey->0x000000f8","lpValueName->ForceActiveDesktopOn"
"20190910080051.569","1376","HelpMe.exe","372","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190910080051.569","1376","HelpMe.exe","372","registry","RegOpenKeyExW","SUCCESS","0x000000f8","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190910080051.569","1376","HelpMe.exe","372","registry","RegQueryValueExW","FAILURE","","hKey->0x000000f8","lpValueName->NoActiveDesktop"
"20190910080051.569","1376","HelpMe.exe","372","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\System"
"20190910080051.569","1376","HelpMe.exe","372","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190910080051.569","1376","HelpMe.exe","372","registry","RegOpenKeyExW","SUCCESS","0x000000f8","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190910080051.569","1376","HelpMe.exe","372","registry","RegQueryValueExW","FAILURE","","hKey->0x000000f8","lpValueName->NoWebView"
"20190910080051.579","1376","HelpMe.exe","372","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190910080051.579","1376","HelpMe.exe","372","registry","RegOpenKeyExW","SUCCESS","0x000000f8","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190910080051.579","1376","HelpMe.exe","372","registry","RegQueryValueExW","FAILURE","","hKey->0x000000f8","lpValueName->ClassicShell"
"20190910080051.579","1376","HelpMe.exe","372","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190910080051.579","1376","HelpMe.exe","372","registry","RegOpenKeyExW","SUCCESS","0x000000f8","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190910080051.579","1376","HelpMe.exe","372","registry","RegQueryValueExW","FAILURE","","hKey->0x000000f8","lpValueName->SeparateProcess"
"20190910080051.579","1376","HelpMe.exe","372","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190910080051.579","1376","HelpMe.exe","372","registry","RegOpenKeyExW","SUCCESS","0x000000f8","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190910080051.579","1376","HelpMe.exe","372","registry","RegQueryValueExW","FAILURE","","hKey->0x000000f8","lpValueName->NoNetCrawling"
"20190910080051.579","1376","HelpMe.exe","372","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190910080051.579","1376","HelpMe.exe","372","registry","RegOpenKeyExW","SUCCESS","0x000000f8","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190910080051.579","1376","HelpMe.exe","372","registry","RegQueryValueExW","FAILURE","","hKey->0x000000f8","lpValueName->NoSimpleStartMenu"
"20190910080051.579","1376","HelpMe.exe","372","registry","RegOpenKeyExW","SUCCESS","0x000000f8","hKey->0x000000f4","lpSubKey->Advanced"
"20190910080051.579","1376","HelpMe.exe","372","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000f8","lpValueName->Hidden"
"20190910080051.579","1376","HelpMe.exe","372","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000f8","lpValueName->ShowCompColor"
"20190910080051.579","1376","HelpMe.exe","372","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000f8","lpValueName->HideFileExt"
"20190910080051.579","1376","HelpMe.exe","372","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000f8","lpValueName->DontPrettyPath"
"20190910080051.579","1376","HelpMe.exe","372","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000f8","lpValueName->ShowInfoTip"
"20190910080051.579","1376","HelpMe.exe","372","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000f8","lpValueName->HideIcons"
"20190910080051.579","1376","HelpMe.exe","372","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000f8","lpValueName->MapNetDrvBtn"
"20190910080051.599","1376","HelpMe.exe","372","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000f8","lpValueName->WebView"
"20190910080051.599","1376","HelpMe.exe","372","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000f8","lpValueName->Filter"
"20190910080051.599","1376","HelpMe.exe","372","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000f8","lpValueName->ShowSuperHidden"
"20190910080051.599","1376","HelpMe.exe","372","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000f8","lpValueName->SeparateProcess"
"20190910080051.599","1376","HelpMe.exe","372","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000f8","lpValueName->NoNetCrawling"
"20190910080051.599","1376","HelpMe.exe","372","registry","RegOpenKeyExW","FAILURE","","hKey->0x000000f2","lpSubKey->ShellEx\IconHandler"
"20190910080051.599","1376","HelpMe.exe","372","registry","RegQueryValueExW","FAILURE","","hKey->0x000000f2","lpValueName->DocObject"
"20190910080051.599","1376","HelpMe.exe","372","registry","RegQueryValueExW","FAILURE","","hKey->0x000000f2","lpValueName->BrowseInPlace"
"20190910080051.599","1376","HelpMe.exe","372","registry","RegOpenKeyExW","FAILURE","","hKey->0x000000f2","lpSubKey->Clsid"
"20190910080051.599","1376","HelpMe.exe","372","registry","RegOpenKeyExW","SUCCESS","0x000000fe","hKey->HKEY_CLASSES_ROOT","lpSubKey->Folder"
"20190910080051.599","1376","HelpMe.exe","372","registry","RegOpenKeyExW","FAILURE","","hKey->0x000000fe","lpSubKey->Clsid"
"20190910080051.599","1376","HelpMe.exe","372","registry","RegQueryValueExW","FAILURE","","hKey->0x000000f2","lpValueName->IsShortcut"
"20190910080051.599","1376","HelpMe.exe","372","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000f2","lpValueName->AlwaysShowExt"
"20190910080051.609","1376","HelpMe.exe","372","registry","RegQueryValueExW","FAILURE","","hKey->0x000000f2","lpValueName->NeverShowExt"
"20190910080051.609","1376","HelpMe.exe","372","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190910080051.609","1376","HelpMe.exe","372","registry","RegOpenKeyExW","SUCCESS","0x000000fc","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190910080051.609","1376","HelpMe.exe","372","registry","RegQueryValueExW","FAILURE","","hKey->0x000000fc","lpValueName->UseDesktopIniCache"
"20190910080051.639","1376","HelpMe.exe","372","system","LoadLibraryA","SUCCESS","0x77120000","lpFileName->oleaut32.dll"
"20190910080051.639","1376","HelpMe.exe","372","registry","RegOpenKeyExW","SUCCESS","0x000000fc","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\COM3"
"20190910080051.639","1376","HelpMe.exe","372","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000fc","lpValueName->Com+Enabled"
"20190910080051.639","1376","HelpMe.exe","372","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\COM3\Debug"
"20190910080051.639","1376","HelpMe.exe","372","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\COM3\Debug"
"20190910080051.639","1376","HelpMe.exe","372","registry","RegOpenKeyExW","SUCCESS","0x000000fc","hKey->HKEY_LOCAL_MACHINE","lpSubKey->SOFTWARE\Microsoft\OLE"
"20190910080051.639","1376","HelpMe.exe","372","registry","RegQueryValueExW","FAILURE","","hKey->0x000000fc","lpValueName->MinimumFreeMemPercentageToCreateProcess"
"20190910080051.639","1376","HelpMe.exe","372","registry","RegQueryValueExW","FAILURE","","hKey->0x000000fc","lpValueName->MinimumFreeMemPercentageToCreateObject"
"20190910080051.639","1376","HelpMe.exe","372","system","LoadLibraryA","SUCCESS","0x76fd0000","lpFileName->CLBCATQ.DLL"
"20190910080051.639","1376","HelpMe.exe","372","registry","RegOpenKeyExW","SUCCESS","0x000000fc","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\COM3"
"20190910080051.639","1376","HelpMe.exe","372","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000fc","lpValueName->Com+Enabled"
"20190910080051.639","1376","HelpMe.exe","372","system","LoadLibraryA","SUCCESS","0x76fd0000","lpFileName->CLBCATQ.DLL"
"20190910080051.639","1376","HelpMe.exe","372","registry","RegOpenKeyExW","SUCCESS","0x000000fc","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Classes"
"20190910080051.639","1376","HelpMe.exe","372","registry","RegOpenKeyExW","SUCCESS","0x00000104","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\COM3"
"20190910080051.639","1376","HelpMe.exe","372","registry","RegOpenKeyExW","SUCCESS","0x00000114","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Classes"
"20190910080051.639","1376","HelpMe.exe","372","registry","RegOpenKeyExW","SUCCESS","0x00000124","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\COM3"
"20190910080051.639","1376","HelpMe.exe","372","registry","RegOpenKeyExW","SUCCESS","0x0000012c","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\COM3"
"20190910080051.639","1376","HelpMe.exe","372","registry","RegOpenKeyExW","SUCCESS","0x00000134","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Classes\CLSID"
"20190910080051.639","1376","HelpMe.exe","372","registry","RegOpenKeyExW","SUCCESS","0x0000013c","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Classes"
"20190910080051.639","1376","HelpMe.exe","372","registry","RegOpenKeyExW","SUCCESS","0x00000144","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\COM3"
"20190910080051.639","1376","HelpMe.exe","372","registry","RegOpenKeyExW","SUCCESS","0x00000154","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\COM3"
"20190910080051.639","1376","HelpMe.exe","372","registry","RegOpenKeyExW","SUCCESS","0x0000015c","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\COM3"
"20190910080051.639","1376","HelpMe.exe","372","registry","RegOpenKeyExW","SUCCESS","0x00000164","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Classes\CLSID"
"20190910080051.639","1376","HelpMe.exe","372","registry","RegOpenKeyExW","SUCCESS","0x0000016c","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\COM3"
"20190910080051.639","1376","HelpMe.exe","372","registry","RegQueryValueExW","SUCCESS","","hKey->0x0000016c","lpValueName->REGDBVersion"
"20190910080051.639","1376","HelpMe.exe","372","filesystem","CreateFileW","SUCCESS","0x0000016c","lpFileName->C:\WINDOWS\Registration\R000000000007.clb","dwDesiredAccess->GENERIC_READ"
"20190910080051.639","1376","HelpMe.exe","372","filesystem","ReadFile","SUCCESS","","hFile->0x0000016c","nNumberOfBytesToRead->22512"
"20190910080051.639","1376","HelpMe.exe","372","registry","RegOpenKeyExW","SUCCESS","0x0000016c","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\COM3"
"20190910080051.639","1376","HelpMe.exe","372","registry","RegQueryValueExW","SUCCESS","","hKey->0x0000016c","lpValueName->REGDBVersion"
"20190910080051.649","1376","HelpMe.exe","372","memory","VirtualAllocEx","SUCCESS","0x00b20000","th32ProcessID->1376","szExeFile->HelpMe.exe","lpAddress->0x00000000","dwSize->65536","flAllocationType->0x00002000","flProtect->0x00000001"
"20190910080051.669","1376","HelpMe.exe","372","memory","VirtualAllocEx","SUCCESS","0x00b20000","th32ProcessID->1376","szExeFile->HelpMe.exe","lpAddress->0x00b20000","dwSize->4096","flAllocationType->0x00001000","flProtect->0x00000004"
"20190910080051.669","1376","HelpMe.exe","372","registry","RegOpenKeyExW","SUCCESS","0x0000016e","hKey->0x000000f2","lpSubKey->CLSID\{00021401-0000-0000-C000-000000000046}"
"20190910080051.669","1376","HelpMe.exe","372","registry","RegOpenKeyExW","FAILURE","","hKey->0x0000016e","lpSubKey->TreatAs"
"20190910080051.669","1376","HelpMe.exe","372","registry","RegOpenKeyExW","SUCCESS","0x0000017a","hKey->0x000000f2","lpSubKey->(null)"
"20190910080051.669","1376","HelpMe.exe","372","registry","RegOpenKeyExW","SUCCESS","0x0000016e","hKey->0x0000017a","lpSubKey->CLSID\{00021401-0000-0000-C000-000000000046}"
"20190910080051.669","1376","HelpMe.exe","372","registry","RegOpenKeyExW","SUCCESS","0x0000017e","hKey->0x0000016e","lpSubKey->InprocServer32"
"20190910080051.669","1376","HelpMe.exe","372","registry","RegQueryValueExW","FAILURE","","hKey->0x0000017e","lpValueName->InprocServer32"
"20190910080051.669","1376","HelpMe.exe","372","registry","RegOpenKeyExW","FAILURE","","hKey->0x0000016e","lpSubKey->InprocServerX86"
"20190910080051.669","1376","HelpMe.exe","372","registry","RegOpenKeyExW","FAILURE","","hKey->0x0000016e","lpSubKey->LocalServer32"
"20190910080051.669","1376","HelpMe.exe","372","registry","RegOpenKeyExW","SUCCESS","0x0000017e","hKey->0x0000016e","lpSubKey->InprocServer32"
"20190910080051.669","1376","HelpMe.exe","372","registry","RegQueryValueExW","SUCCESS","","hKey->0x0000017e","lpValueName->(null)"
"20190910080051.669","1376","HelpMe.exe","372","registry","RegOpenKeyExW","FAILURE","","hKey->0x0000016e","lpSubKey->InprocHandler32"
"20190910080051.669","1376","HelpMe.exe","372","registry","RegOpenKeyExW","FAILURE","","hKey->0x0000016e","lpSubKey->InprocHandlerX86"
"20190910080051.669","1376","HelpMe.exe","372","registry","RegOpenKeyExW","FAILURE","","hKey->0x0000016e","lpSubKey->LocalServer32"
"20190910080051.669","1376","HelpMe.exe","372","registry","RegOpenKeyExW","FAILURE","","hKey->0x0000016e","lpSubKey->LocalServer"
"20190910080051.669","1376","HelpMe.exe","372","registry","RegOpenKeyExW","SUCCESS","0x0000017e","hKey->0x0000017a","lpSubKey->CLSID\{00021401-0000-0000-C000-000000000046}"
"20190910080051.669","1376","HelpMe.exe","372","registry","RegQueryValueExW","FAILURE","","hKey->0x0000017e","lpValueName->AppID"
"20190910080051.669","1376","HelpMe.exe","372","registry","RegOpenKeyExW","SUCCESS","0x0000016e","hKey->0x0000017a","lpSubKey->CLSID\{00021401-0000-0000-C000-000000000046}"
"20190910080051.669","1376","HelpMe.exe","372","registry","RegOpenKeyExW","SUCCESS","0x0000016e","hKey->0x0000017a","lpSubKey->CLSID\{00021401-0000-0000-C000-000000000046}"
"20190910080051.669","1376","HelpMe.exe","372","registry","RegOpenKeyExW","SUCCESS","0x0000017e","hKey->0x0000016e","lpSubKey->InprocServer32"
"20190910080051.669","1376","HelpMe.exe","372","registry","RegQueryValueExW","SUCCESS","","hKey->0x0000017e","lpValueName->ThreadingModel"
"20190910080051.669","1376","HelpMe.exe","372","registry","RegOpenKeyExW","SUCCESS","0x0000016e","hKey->HKEY_CLASSES_ROOT","lpSubKey->CLSID\{00021401-0000-0000-C000-000000000046}"
"20190910080051.669","1376","HelpMe.exe","372","registry","RegOpenKeyExW","FAILURE","","hKey->0x0000016e","lpSubKey->TreatAs"
"20190910080051.669","1376","HelpMe.exe","372","registry","RegOpenKeyExW","SUCCESS","0x0000017c","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume"
"20190910080051.669","1376","HelpMe.exe","372","registry","RegOpenKeyExW","SUCCESS","0x00000180","hKey->0x0000017c","lpSubKey->{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20190910080051.669","1376","HelpMe.exe","372","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000180","lpValueName->Generation"
"20190910080051.669","1376","HelpMe.exe","372","registry","RegOpenKeyExW","SUCCESS","0x00000182","hKey->HKEY_CLASSES_ROOT","lpSubKey->Drive\shellex\FolderExtensions"
"20190910080051.669","1376","HelpMe.exe","372","registry","RegOpenKeyExW","SUCCESS","0x0000017e","hKey->HKEY_CLASSES_ROOT","lpSubKey->Drive\shellex\FolderExtensions\{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"20190910080051.669","1376","HelpMe.exe","372","registry","RegQueryValueExW","SUCCESS","","hKey->0x0000017e","lpValueName->DriveMask"
"20190910080051.669","1376","HelpMe.exe","372","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190910080051.669","1376","HelpMe.exe","372","registry","RegOpenKeyExW","SUCCESS","0x00000180","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190910080051.669","1376","HelpMe.exe","372","registry","RegQueryValueExW","FAILURE","","hKey->0x00000180","lpValueName->AllowFileCLSIDJunctions"
"20190910080051.669","1376","HelpMe.exe","372","registry","RegCreateKeyExW","SUCCESS","0x00000180","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders"
"20190910080051.669","1376","HelpMe.exe","372","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000180","lpValueName->Personal"
"20190910080051.669","1376","HelpMe.exe","372","registry","RegCreateKeyExW","SUCCESS","0x00000180","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders"
"20190910080051.669","1376","HelpMe.exe","372","registry","RegSetValueExW","SUCCESS","","hKey->0x00000180","lpValueName->Personal","dwType->1","lpData->C:\Documents and Settings\janettedoe\My Documents","cbData->100"
"20190910080051.669","1376","HelpMe.exe","372","registry","RegOpenKeyExW","SUCCESS","0x00000180","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume"
"20190910080051.669","1376","HelpMe.exe","372","registry","RegOpenKeyExW","SUCCESS","0x0000017c","hKey->0x00000180","lpSubKey->{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20190910080051.669","1376","HelpMe.exe","372","registry","RegQueryValueExW","SUCCESS","","hKey->0x0000017c","lpValueName->Generation"
1376.csv
"20190910080513.074","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","registry","RegOpenKeyExA","FAILURE","","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Borland\Locales"
"20190910080513.074","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","registry","RegOpenKeyExA","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Borland\Locales"
"20190910080513.074","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","registry","RegOpenKeyExA","FAILURE","","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Borland\Delphi\Locales"
"20190910080513.074","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","memory","VirtualAllocEx","SUCCESS","0x00150000","th32ProcessID->1008","szExeFile->9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","lpAddress->0x00000000","dwSize->1048576","flAllocationType->0x00002000","flProtect->0x00000001"
"20190910080513.084","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","memory","VirtualAllocEx","SUCCESS","0x00150000","th32ProcessID->1008","szExeFile->9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","lpAddress->0x00150000","dwSize->16384","flAllocationType->0x00001000","flProtect->0x00000004"
"20190910080513.084","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","memory","VirtualAllocEx","SUCCESS","0x00250000","th32ProcessID->1008","szExeFile->9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","lpAddress->0x00000000","dwSize->4096","flAllocationType->0x00001000","flProtect->0x00000040"
"20190910080513.084","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","device","DeviceIoControl","SUCCESS","","hDevice->0x00000034","dwIoControlCode->0x00390008","lpInBuffer->0x77e46318","nInBufferSize->0x00000100","lpOutBuffer->0x0012fc34","nOutBufferSize->0x00000100","lpBytesReturned->0x0012fc2c","lpOverlapped->0x00000000"
"20190910080513.084","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","device","DeviceIoControl","SUCCESS","","hDevice->0x00000034","dwIoControlCode->0x00390008","lpInBuffer->0x77e46318","nInBufferSize->0x00000100","lpOutBuffer->0x0012fc34","nOutBufferSize->0x00000100","lpBytesReturned->0x0012fc2c","lpOverlapped->0x00000000"
"20190910080513.084","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","device","DeviceIoControl","SUCCESS","","hDevice->0x00000034","dwIoControlCode->0x00390008","lpInBuffer->0x77e46318","nInBufferSize->0x00000100","lpOutBuffer->0x0012fc34","nOutBufferSize->0x00000100","lpBytesReturned->0x0012fc2c","lpOverlapped->0x00000000"
"20190910080513.084","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","device","DeviceIoControl","SUCCESS","","hDevice->0x00000034","dwIoControlCode->0x00390008","lpInBuffer->0x77e46318","nInBufferSize->0x00000100","lpOutBuffer->0x0012fc34","nOutBufferSize->0x00000100","lpBytesReturned->0x0012fc2c","lpOverlapped->0x00000000"
"20190910080513.084","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","device","DeviceIoControl","SUCCESS","","hDevice->0x00000034","dwIoControlCode->0x00390008","lpInBuffer->0x77e46318","nInBufferSize->0x00000100","lpOutBuffer->0x0012fc34","nOutBufferSize->0x00000100","lpBytesReturned->0x0012fc2c","lpOverlapped->0x00000000"
"20190910080513.084","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","device","DeviceIoControl","SUCCESS","","hDevice->0x00000034","dwIoControlCode->0x00390008","lpInBuffer->0x77e46318","nInBufferSize->0x00000100","lpOutBuffer->0x0012fc34","nOutBufferSize->0x00000100","lpBytesReturned->0x0012fc2c","lpOverlapped->0x00000000"
"20190910080513.084","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","device","DeviceIoControl","SUCCESS","","hDevice->0x00000034","dwIoControlCode->0x00390008","lpInBuffer->0x77e46318","nInBufferSize->0x00000100","lpOutBuffer->0x0012fc34","nOutBufferSize->0x00000100","lpBytesReturned->0x0012fc2c","lpOverlapped->0x00000000"
"20190910080513.084","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","filesystem","CreateFileW","SUCCESS","0x0000008c","lpFileName->C:\9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","dwDesiredAccess->GENERIC_READ"
"20190910080513.084","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","filesystem","ReadFile","SUCCESS","","hFile->0x0000008c","nNumberOfBytesToRead->268"
"20190910080513.084","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","filesystem","CreateFileW","SUCCESS","0x00000084","lpFileName->C:\WINDOWS\system32\HelpMe.exe","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20190910080513.084","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","memory","VirtualAllocEx","SUCCESS","0x00154000","th32ProcessID->1008","szExeFile->9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","lpAddress->0x00154000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20190910080513.084","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","filesystem","ReadFile","SUCCESS","","hFile->0x0000008c","nNumberOfBytesToRead->61440"
"20190910080513.084","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","filesystem","WriteFile","SUCCESS","","hFile->0x00000084","nNumberOfBytesToWrite->61440"
"20190910080513.084","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","filesystem","ReadFile","SUCCESS","","hFile->0x0000008c","nNumberOfBytesToRead->61440"
"20190910080513.084","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","filesystem","WriteFile","SUCCESS","","hFile->0x00000084","nNumberOfBytesToWrite->61440"
"20190910080513.084","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","filesystem","ReadFile","SUCCESS","","hFile->0x0000008c","nNumberOfBytesToRead->61440"
"20190910080513.084","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","filesystem","WriteFile","SUCCESS","","hFile->0x00000084","nNumberOfBytesToWrite->61440"
"20190910080513.084","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","filesystem","ReadFile","SUCCESS","","hFile->0x0000008c","nNumberOfBytesToRead->61440"
"20190910080513.084","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","filesystem","WriteFile","SUCCESS","","hFile->0x00000084","nNumberOfBytesToWrite->61440"
"20190910080513.084","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","filesystem","ReadFile","SUCCESS","","hFile->0x0000008c","nNumberOfBytesToRead->61440"
"20190910080513.084","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","filesystem","WriteFile","SUCCESS","","hFile->0x00000084","nNumberOfBytesToWrite->61440"
"20190910080513.084","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","filesystem","ReadFile","SUCCESS","","hFile->0x0000008c","nNumberOfBytesToRead->61440"
"20190910080513.084","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","filesystem","WriteFile","SUCCESS","","hFile->0x00000084","nNumberOfBytesToWrite->61440"
"20190910080513.084","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","filesystem","ReadFile","SUCCESS","","hFile->0x0000008c","nNumberOfBytesToRead->61440"
"20190910080513.084","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","filesystem","WriteFile","SUCCESS","","hFile->0x00000084","nNumberOfBytesToWrite->61440"
"20190910080513.084","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","filesystem","ReadFile","SUCCESS","","hFile->0x0000008c","nNumberOfBytesToRead->61440"
"20190910080513.094","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","filesystem","WriteFile","SUCCESS","","hFile->0x00000084","nNumberOfBytesToWrite->61440"
"20190910080513.094","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","filesystem","ReadFile","SUCCESS","","hFile->0x0000008c","nNumberOfBytesToRead->61440"
"20190910080513.094","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","filesystem","WriteFile","SUCCESS","","hFile->0x00000084","nNumberOfBytesToWrite->61440"
"20190910080513.094","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","filesystem","ReadFile","SUCCESS","","hFile->0x0000008c","nNumberOfBytesToRead->61440"
"20190910080513.094","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","filesystem","WriteFile","SUCCESS","","hFile->0x00000084","nNumberOfBytesToWrite->61440"
"20190910080513.094","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","filesystem","ReadFile","SUCCESS","","hFile->0x0000008c","nNumberOfBytesToRead->61440"
"20190910080513.094","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","filesystem","WriteFile","SUCCESS","","hFile->0x00000084","nNumberOfBytesToWrite->61440"
"20190910080513.094","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","filesystem","ReadFile","SUCCESS","","hFile->0x0000008c","nNumberOfBytesToRead->61440"
"20190910080513.094","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","filesystem","WriteFile","SUCCESS","","hFile->0x00000084","nNumberOfBytesToWrite->61440"
"20190910080513.094","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","filesystem","ReadFile","SUCCESS","","hFile->0x0000008c","nNumberOfBytesToRead->61440"
"20190910080513.094","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","filesystem","WriteFile","SUCCESS","","hFile->0x00000084","nNumberOfBytesToWrite->61440"
"20190910080513.094","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","filesystem","ReadFile","SUCCESS","","hFile->0x0000008c","nNumberOfBytesToRead->47720"
"20190910080513.094","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","filesystem","WriteFile","SUCCESS","","hFile->0x00000084","nNumberOfBytesToWrite->47720"
"20190910080513.114","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","synchronization","OpenMutexW","SUCCESS","0x00000098","dwDesiredAccess->0x00120001","lpName->ShimCacheMutex"
"20190910080513.114","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","registry","RegOpenKeyExW","SUCCESS","0x000000a4","hKey->0x000000a8","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders"
"20190910080513.114","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000a4","lpValueName->Cache"
"20190910080513.114","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","system","LoadLibraryA","SUCCESS","0x77dd0000","lpFileName->advapi32.dll"
"20190910080513.114","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","process","CreateProcessInternalW","SUCCESS","240","lpApplicationName->(null)","lpCommandLine->C:\WINDOWS\system32\HelpMe.exe"
"20190910080513.114","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","process","WinExec","SUCCESS","","lpCmdLine->C:\WINDOWS\system32\HelpMe.exe"
"20190910080513.114","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","filesystem","ReadFile","SUCCESS","","hFile->0x0000008c","nNumberOfBytesToRead->268"
"20190910080513.114","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","memory","VirtualAllocEx","SUCCESS","0x00280000","th32ProcessID->240","szExeFile->HelpMe.exe","lpAddress->0x00000000","dwSize->65536","flAllocationType->0x00002000","flProtect->0x00000004"
"20190910080513.114","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","memory","VirtualAllocEx","SUCCESS","0x00280000","th32ProcessID->1008","szExeFile->9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","lpAddress->0x00280000","dwSize->257","flAllocationType->0x00001000","flProtect->0x00000004"
"20190910080513.124","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","registry","RegOpenKeyExW","SUCCESS","0x00000090","hKey->0x000000ac","lpSubKey->Software\Microsoft\Windows\CurrentVersion\ThemeManager"
"20190910080513.124","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","registry","RegQueryValueExW","FAILURE","","hKey->0x00000090","lpValueName->Compositing"
"20190910080513.124","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","registry","RegOpenKeyExW","SUCCESS","0x00000090","hKey->0x000000ac","lpSubKey->Control Panel\Desktop"
"20190910080513.124","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","registry","RegQueryValueExW","FAILURE","","hKey->0x00000090","lpValueName->LameButtonText"
"20190910080513.124","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","system","LoadLibraryA","SUCCESS","0x5ad70000","lpFileName->uxtheme.dll"
"20190910080518.091","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","process","CreateRemoteThread","SUCCESS","0x000000ac","lpStartAddress->0x00404008","th32ProcessID->240","szExeFile->HelpMe.exe"
"20190910080518.091","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","process","CreateRemoteThread","SUCCESS","0x000000b0","lpStartAddress->0x00404008","th32ProcessID->240","szExeFile->HelpMe.exe"
"20190910080518.091","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","registry","RegCreateKeyExW","SUCCESS","0x000000bc","hKey->HKEY_LOCAL_MACHINE","lpSubKey->SoftWare\Microsoft\Windows NT\CurrentVersion\Winlogon"
"20190910080518.091","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","registry","RegSetValueExA","SUCCESS","","hKey->0x000000bc","lpValueName->Shell","dwType->1","lpData->Explorer.exe  HelpMe.exe","cbData->25"
"20190910080518.091","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","registry","RegCreateKeyExW","SUCCESS","0x000000c0","hKey->HKEY_LOCAL_MACHINE","lpSubKey->SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL"
"20190910080518.091","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","registry","RegSetValueExA","SUCCESS","","hKey->0x000000c0","lpValueName->CheckedValue","dwType->4","lpData->0","cbData->4"
"20190910080518.091","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","registry","RegCreateKeyExW","SUCCESS","0x000000c8","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders"
"20190910080518.091","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000c8","lpValueName->Startup"
"20190910080518.091","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","registry","RegCreateKeyExW","SUCCESS","0x000000c8","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders"
"20190910080518.091","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","registry","RegSetValueExW","SUCCESS","","hKey->0x000000c8","lpValueName->Startup","dwType->1","lpData->C:\Documents and Settings\janettedoe\Start Menu\Programs\Startup","cbData->130"
"20190910080518.091","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","system","LoadLibraryA","SUCCESS","0x774e0000","lpFileName->ole32.dll"
"20190910080518.091","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190910080518.091","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","registry","RegOpenKeyExW","SUCCESS","0x000000cc","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190910080518.091","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","registry","RegQueryValueExW","FAILURE","","hKey->0x000000cc","lpValueName->NoNetHood"
"20190910080518.091","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190910080518.091","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","registry","RegOpenKeyExW","SUCCESS","0x000000cc","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190910080518.091","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","registry","RegQueryValueExW","FAILURE","","hKey->0x000000cc","lpValueName->NoPropertiesMyComputer"
"20190910080518.091","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190910080518.091","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","registry","RegOpenKeyExW","SUCCESS","0x000000b8","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190910080518.091","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","registry","RegQueryValueExW","FAILURE","","hKey->0x000000b8","lpValueName->NoInternetIcon"
"20190910080518.091","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","registry","RegOpenKeyExA","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Applications\9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb"
"20190910080518.091","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190910080518.091","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","registry","RegOpenKeyExW","SUCCESS","0x000000b8","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190910080518.091","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","registry","RegQueryValueExW","FAILURE","","hKey->0x000000b8","lpValueName->NoCommonGroups"
"20190910080518.091","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","registry","RegOpenKeyExA","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Objects\{20D04FE0-3AEA-1069-A2D8-08002B30309D}"
"20190910080518.091","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190910080518.091","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","registry","RegOpenKeyExW","SUCCESS","0x000000b8","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190910080518.091","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","registry","RegQueryValueExW","FAILURE","","hKey->0x000000b8","lpValueName->NoControlPanel"
"20190910080518.091","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190910080518.091","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","registry","RegOpenKeyExW","SUCCESS","0x000000b8","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190910080518.091","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","registry","RegQueryValueExW","FAILURE","","hKey->0x000000b8","lpValueName->NoSetFolders"
"20190910080518.091","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","registry","RegOpenKeyExA","SUCCESS","0x000000ba","hKey->HKEY_CLASSES_ROOT","lpSubKey->CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32"
"20190910080518.091","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000ba","lpValueName->(null)"
"20190910080518.091","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","registry","RegOpenKeyExW","SUCCESS","0x000000d0","hKey->HKEY_LOCAL_MACHINE","lpSubKey->System\Setup"
"20190910080518.091","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000d0","lpValueName->SystemSetupInProgress"
"20190910080518.091","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->SYSTEM\CurrentControlSet\Control\MiniNT"
"20190910080518.091","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","registry","RegOpenKeyExW","SUCCESS","0x000000d0","hKey->HKEY_LOCAL_MACHINE","lpSubKey->System\WPA\PnP"
"20190910080518.091","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000d0","lpValueName->seed"
"20190910080518.091","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","registry","RegOpenKeyExW","SUCCESS","0x000000d0","hKey->HKEY_LOCAL_MACHINE","lpSubKey->SYSTEM\Setup"
"20190910080518.091","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000d0","lpValueName->OsLoaderPath"
"20190910080518.091","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000d0","lpValueName->OsLoaderPath"
"20190910080518.091","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","registry","RegOpenKeyExW","SUCCESS","0x000000d0","hKey->HKEY_LOCAL_MACHINE","lpSubKey->SYSTEM\Setup"
"20190910080518.091","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000d0","lpValueName->SystemPartition"
"20190910080518.091","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000d0","lpValueName->SystemPartition"
"20190910080518.091","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","registry","RegOpenKeyExW","SUCCESS","0x000000d0","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Setup"
"20190910080518.091","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000d0","lpValueName->SourcePath"
"20190910080518.091","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000d0","lpValueName->SourcePath"
"20190910080518.091","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","registry","RegOpenKeyExW","SUCCESS","0x000000d0","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Setup"
"20190910080518.091","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000d0","lpValueName->ServicePackSourcePath"
"20190910080518.091","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000d0","lpValueName->ServicePackSourcePath"
"20190910080518.091","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","registry","RegOpenKeyExW","SUCCESS","0x000000d0","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Setup"
"20190910080518.091","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000d0","lpValueName->ServicePackCachePath"
"20190910080518.091","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000d0","lpValueName->ServicePackCachePath"
"20190910080518.091","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","registry","RegOpenKeyExW","SUCCESS","0x000000d0","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Setup"
"20190910080518.091","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000d0","lpValueName->DriverCachePath"
"20190910080518.091","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000d0","lpValueName->DriverCachePath"
"20190910080518.091","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","registry","RegOpenKeyExW","SUCCESS","0x000000d0","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion"
"20190910080518.091","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000d0","lpValueName->DevicePath"
"20190910080518.091","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","synchronization","CreateMutexW","SUCCESS","0x000000d4","lpName->(null)"
"20190910080518.091","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","synchronization","CreateMutexW","SUCCESS","0x000000dc","lpName->(null)"
"20190910080518.091","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","synchronization","CreateMutexW","SUCCESS","0x000000e4","lpName->(null)"
"20190910080518.091","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","registry","RegOpenKeyExW","SUCCESS","0x000000e8","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Setup"
"20190910080518.091","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000e8","lpValueName->LogLevel"
"20190910080518.091","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000e8","lpValueName->LogLevel"
"20190910080518.091","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","registry","RegQueryValueExW","FAILURE","","hKey->0x000000e8","lpValueName->LogPath"
"20190910080518.091","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","registry","RegOpenKeyExW","FAILURE","","hKey->0x000000e8","lpSubKey->AppLogLevels"
"20190910080518.091","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","filesystem","CreateFileW","SUCCESS","0x000000e8","lpFileName->C:\9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","dwDesiredAccess->GENERIC_READ"
"20190910080518.091","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","filesystem","ReadFile","SUCCESS","","hFile->0x000000e8","nNumberOfBytesToRead->65536"
"20190910080518.091","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","filesystem","WriteFile","SUCCESS","","hFile->0x000000ec","nNumberOfBytesToWrite->65536"
"20190910080518.091","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","filesystem","ReadFile","SUCCESS","","hFile->0x000000e8","nNumberOfBytesToRead->65536"
"20190910080518.091","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","filesystem","WriteFile","SUCCESS","","hFile->0x000000ec","nNumberOfBytesToWrite->65536"
"20190910080518.091","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","filesystem","ReadFile","SUCCESS","","hFile->0x000000e8","nNumberOfBytesToRead->65536"
"20190910080518.091","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","filesystem","WriteFile","SUCCESS","","hFile->0x000000ec","nNumberOfBytesToWrite->65536"
"20190910080518.091","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","filesystem","ReadFile","SUCCESS","","hFile->0x000000e8","nNumberOfBytesToRead->65536"
"20190910080518.091","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","filesystem","WriteFile","SUCCESS","","hFile->0x000000ec","nNumberOfBytesToWrite->65536"
"20190910080518.091","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","filesystem","ReadFile","SUCCESS","","hFile->0x000000e8","nNumberOfBytesToRead->65536"
"20190910080518.091","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","filesystem","WriteFile","SUCCESS","","hFile->0x000000ec","nNumberOfBytesToWrite->65536"
"20190910080518.091","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","filesystem","ReadFile","SUCCESS","","hFile->0x000000e8","nNumberOfBytesToRead->65536"
"20190910080518.091","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","filesystem","WriteFile","SUCCESS","","hFile->0x000000ec","nNumberOfBytesToWrite->65536"
"20190910080518.091","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","filesystem","ReadFile","SUCCESS","","hFile->0x000000e8","nNumberOfBytesToRead->65536"
"20190910080518.091","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","filesystem","WriteFile","SUCCESS","","hFile->0x000000ec","nNumberOfBytesToWrite->65536"
"20190910080518.091","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","filesystem","ReadFile","SUCCESS","","hFile->0x000000e8","nNumberOfBytesToRead->65536"
"20190910080518.091","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","filesystem","WriteFile","SUCCESS","","hFile->0x000000ec","nNumberOfBytesToWrite->65536"
"20190910080518.091","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","filesystem","ReadFile","SUCCESS","","hFile->0x000000e8","nNumberOfBytesToRead->65536"
"20190910080518.091","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","filesystem","WriteFile","SUCCESS","","hFile->0x000000ec","nNumberOfBytesToWrite->65536"
"20190910080518.091","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","filesystem","ReadFile","SUCCESS","","hFile->0x000000e8","nNumberOfBytesToRead->65536"
"20190910080518.091","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","filesystem","WriteFile","SUCCESS","","hFile->0x000000ec","nNumberOfBytesToWrite->65536"
"20190910080518.091","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","filesystem","ReadFile","SUCCESS","","hFile->0x000000e8","nNumberOfBytesToRead->65536"
"20190910080518.091","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","filesystem","WriteFile","SUCCESS","","hFile->0x000000ec","nNumberOfBytesToWrite->65536"
"20190910080518.091","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","filesystem","ReadFile","SUCCESS","","hFile->0x000000e8","nNumberOfBytesToRead->65536"
"20190910080518.091","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","filesystem","WriteFile","SUCCESS","","hFile->0x000000ec","nNumberOfBytesToWrite->65536"
"20190910080518.091","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","filesystem","ReadFile","SUCCESS","","hFile->0x000000e8","nNumberOfBytesToRead->65536"
"20190910080518.091","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","filesystem","WriteFile","SUCCESS","","hFile->0x000000ec","nNumberOfBytesToWrite->65536"
"20190910080518.091","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","filesystem","ReadFile","SUCCESS","","hFile->0x000000e8","nNumberOfBytesToRead->65536"
"20190910080518.091","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","filesystem","WriteFile","SUCCESS","","hFile->0x000000ec","nNumberOfBytesToWrite->36254"
"20190910080518.091","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","filesystem","ReadFile","SUCCESS","","hFile->0x000000e8","nNumberOfBytesToRead->65536"
"20190910080518.091","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","filesystem","CopyFileExW","SUCCESS","","lpExistingFileName->C:\9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","lpNewFileName->C:\AutoRun.exe"
"20190910080518.101","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","system","LoadLibraryA","SUCCESS","0x77920000","lpFileName->SETUPAPI.dll"
"20190910080518.101","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Rpc\PagedBuffers"
"20190910080518.101","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","registry","RegOpenKeyExA","SUCCESS","0x000000ec","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Rpc"
"20190910080518.101","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb\RpcThreadPoolThrottle"
"20190910080518.101","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Policies\Microsoft\Windows NT\Rpc"
"20190910080518.101","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","system","LoadLibraryW","SUCCESS","0x77e70000","lpFileName->rpcrt4.dll"
"20190910080518.101","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","filesystem","CreateFileW","SUCCESS","0x0000010c","lpFileName->\\.\PIPE\lsarpc","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20190910080518.101","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","filesystem","CreateFileW","SUCCESS","0x00000114","lpFileName->C:\9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","dwDesiredAccess->GENERIC_READ"
"20190910080518.101","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","filesystem","ReadFile","SUCCESS","","hFile->0x00000114","nNumberOfBytesToRead->268"
"20190910080518.101","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","filesystem","CreateFileW","SUCCESS","0x00000114","lpFileName->C:\AUTOEXEC.BAT","dwDesiredAccess->GENERIC_READ"
"20190910080518.101","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","filesystem","ReadFile","SUCCESS","","hFile->0x00000114","nNumberOfBytesToRead->268"
"20190910080518.101","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","filesystem","CreateFileW","SUCCESS","0x00000114","lpFileName->C:\9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","dwDesiredAccess->GENERIC_READ"
"20190910080518.101","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","filesystem","CreateFileW","SUCCESS","0x00000118","lpFileName->C:\AUTOEXEC.BAT","dwDesiredAccess->GENERIC_READ"
"20190910080518.101","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","filesystem","CreateFileW","SUCCESS","0x00000108","lpFileName->\\.\PIPE\lsarpc","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20190910080518.101","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","filesystem","CreateFileW","SUCCESS","0x00000120","lpFileName->C:\AUTOEXEC.BAT.exe","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20190910080518.101","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","device","DeviceIoControl","SUCCESS","","hDevice->0x0000011c","dwIoControlCode->0x004d0008","lpInBuffer->0x00000000","nInBufferSize->0x00000000","lpOutBuffer->0x0120f37c","nOutBufferSize->0x00000208","lpBytesReturned->0x0120f374","lpOverlapped->0x00000000"
"20190910080518.101","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","filesystem","CreateFileW","SUCCESS","0x0000011c","lpFileName->\\.\MountPointManager","dwDesiredAccess->ATTRIBUTES"
"20190910080518.101","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","memory","VirtualAllocEx","SUCCESS","0x00154000","th32ProcessID->240","szExeFile->HelpMe.exe","lpAddress->0x00154000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20190910080518.101","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","filesystem","ReadFile","SUCCESS","","hFile->0x00000114","nNumberOfBytesToRead->61440"
"20190910080518.101","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","filesystem","WriteFile","SUCCESS","","hFile->0x00000120","nNumberOfBytesToWrite->61440"
"20190910080518.101","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","filesystem","ReadFile","SUCCESS","","hFile->0x00000114","nNumberOfBytesToRead->61440"
"20190910080518.101","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","filesystem","WriteFile","SUCCESS","","hFile->0x00000120","nNumberOfBytesToWrite->61440"
"20190910080518.101","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","filesystem","ReadFile","SUCCESS","","hFile->0x00000114","nNumberOfBytesToRead->61440"
"20190910080518.101","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","filesystem","WriteFile","SUCCESS","","hFile->0x00000120","nNumberOfBytesToWrite->61440"
"20190910080518.101","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","filesystem","ReadFile","SUCCESS","","hFile->0x00000114","nNumberOfBytesToRead->61440"
"20190910080518.101","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","filesystem","WriteFile","SUCCESS","","hFile->0x00000120","nNumberOfBytesToWrite->61440"
"20190910080518.101","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","filesystem","ReadFile","SUCCESS","","hFile->0x00000114","nNumberOfBytesToRead->61440"
"20190910080518.101","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","filesystem","WriteFile","SUCCESS","","hFile->0x00000120","nNumberOfBytesToWrite->61440"
"20190910080518.101","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","filesystem","ReadFile","SUCCESS","","hFile->0x00000114","nNumberOfBytesToRead->61440"
"20190910080518.101","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","filesystem","WriteFile","SUCCESS","","hFile->0x00000120","nNumberOfBytesToWrite->61440"
"20190910080518.101","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","filesystem","ReadFile","SUCCESS","","hFile->0x00000114","nNumberOfBytesToRead->61440"
"20190910080518.101","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","filesystem","WriteFile","SUCCESS","","hFile->0x00000120","nNumberOfBytesToWrite->61440"
"20190910080518.101","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","filesystem","ReadFile","SUCCESS","","hFile->0x00000114","nNumberOfBytesToRead->61440"
"20190910080518.101","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","filesystem","WriteFile","SUCCESS","","hFile->0x00000120","nNumberOfBytesToWrite->61440"
"20190910080518.101","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","filesystem","ReadFile","SUCCESS","","hFile->0x00000114","nNumberOfBytesToRead->61440"
"20190910080518.101","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","filesystem","WriteFile","SUCCESS","","hFile->0x00000120","nNumberOfBytesToWrite->61440"
"20190910080518.101","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","filesystem","ReadFile","SUCCESS","","hFile->0x00000114","nNumberOfBytesToRead->61440"
"20190910080518.101","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","filesystem","WriteFile","SUCCESS","","hFile->0x00000120","nNumberOfBytesToWrite->61440"
"20190910080518.101","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","filesystem","ReadFile","SUCCESS","","hFile->0x00000114","nNumberOfBytesToRead->61440"
"20190910080518.101","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","filesystem","WriteFile","SUCCESS","","hFile->0x00000120","nNumberOfBytesToWrite->61440"
"20190910080518.101","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","filesystem","ReadFile","SUCCESS","","hFile->0x00000114","nNumberOfBytesToRead->61440"
"20190910080518.101","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","filesystem","WriteFile","SUCCESS","","hFile->0x00000120","nNumberOfBytesToWrite->61440"
"20190910080518.101","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","filesystem","ReadFile","SUCCESS","","hFile->0x00000114","nNumberOfBytesToRead->61440"
"20190910080518.101","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","filesystem","WriteFile","SUCCESS","","hFile->0x00000120","nNumberOfBytesToWrite->61440"
"20190910080518.101","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","filesystem","ReadFile","SUCCESS","","hFile->0x00000114","nNumberOfBytesToRead->61440"
"20190910080518.101","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","filesystem","WriteFile","SUCCESS","","hFile->0x00000120","nNumberOfBytesToWrite->61440"
"20190910080518.101","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","filesystem","ReadFile","SUCCESS","","hFile->0x00000114","nNumberOfBytesToRead->28062"
"20190910080518.101","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","filesystem","WriteFile","SUCCESS","","hFile->0x00000120","nNumberOfBytesToWrite->28062"
"20190910080518.101","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","filesystem","WriteFile","SUCCESS","","hFile->0x00000120","nNumberOfBytesToWrite->268"
"20190910080518.101","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","filesystem","WriteFile","SUCCESS","","hFile->0x00000120","nNumberOfBytesToWrite->268"
"20190910080518.101","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","device","DeviceIoControl","FAILURE","","hDevice->0x0000011c","dwIoControlCode->0x006d0008","lpInBuffer->0x0049bcb8","nInBufferSize->0x00000046","lpOutBuffer->0x0049b650","nOutBufferSize->0x00000020","lpBytesReturned->0x0120f374","lpOverlapped->0x00000000"
"20190910080518.101","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","device","DeviceIoControl","SUCCESS","","hDevice->0x0000011c","dwIoControlCode->0x006d0008","lpInBuffer->0x0049bcb8","nInBufferSize->0x00000046","lpOutBuffer->0x00486100","nOutBufferSize->0x000000ee","lpBytesReturned->0x0120f374","lpOverlapped->0x00000000"
"20190910080518.101","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","registry","RegOpenKeyExW","SUCCESS","0x0000011c","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume"
"20190910080518.101","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","registry","RegOpenKeyExW","SUCCESS","0x00000120","hKey->0x0000011c","lpSubKey->{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20190910080518.101","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000120","lpValueName->Data"
"20190910080518.101","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","registry","RegOpenKeyExW","SUCCESS","0x00000120","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume"
"20190910080518.101","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","registry","RegOpenKeyExW","SUCCESS","0x0000011c","hKey->0x00000120","lpSubKey->{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20190910080518.101","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","registry","RegQueryValueExW","SUCCESS","","hKey->0x0000011c","lpValueName->Generation"
"20190910080518.101","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","filesystem","CreateFileW","SUCCESS","0x0000011c","lpFileName->\\.\MountPointManager","dwDesiredAccess->ATTRIBUTES"
"20190910080518.101","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","device","DeviceIoControl","FAILURE","","hDevice->0x0000011c","dwIoControlCode->0x006d0034","lpInBuffer->0x0049cbf0","nInBufferSize->0x00000208","lpOutBuffer->0x00498310","nOutBufferSize->0x00000008","lpBytesReturned->0x0120f884","lpOverlapped->0x00000000"
"20190910080518.101","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","filesystem","DeleteFileW","SUCCESS","","lpFileName->C:\AUTOEXEC.BAT"
"20190910080518.101","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","filesystem","MoveFileWithProgressW","SUCCESS","","lpExistingFileName->C:\AUTOEXEC.BAT.exe","lpNewFileName->C:\AUTOEXEC.BAT"
"20190910080518.101","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","filesystem","CreateFileW","SUCCESS","0x00000120","lpFileName->C:\AutoRun.exe","dwDesiredAccess->GENERIC_READ"
"20190910080518.101","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","filesystem","ReadFile","SUCCESS","","hFile->0x00000120","nNumberOfBytesToRead->268"
"20190910080518.101","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","filesystem","CreateFileW","SUCCESS","0x00000120","lpFileName->C:\AUTORUN.INF","dwDesiredAccess->GENERIC_READ"
"20190910080518.101","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","filesystem","ReadFile","SUCCESS","","hFile->0x00000120","nNumberOfBytesToRead->268"
"20190910080518.101","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","filesystem","CreateFileW","SUCCESS","0x00000120","lpFileName->C:\9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","dwDesiredAccess->GENERIC_READ"
"20190910080518.101","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","filesystem","CreateFileW","SUCCESS","0x00000118","lpFileName->C:\AUTORUN.INF","dwDesiredAccess->GENERIC_READ"
"20190910080518.111","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","device","DeviceIoControl","SUCCESS","","hDevice->0x0000011c","dwIoControlCode->0x006d0034","lpInBuffer->0x0049cbf0","nInBufferSize->0x00000208","lpOutBuffer->0x00498fa8","nOutBufferSize->0x00000010","lpBytesReturned->0x0120f884","lpOverlapped->0x00000000"
"20190910080518.111","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","filesystem","CreateFileW","SUCCESS","0x0000011c","lpFileName->\\.\MountPointManager","dwDesiredAccess->ATTRIBUTES"
"20190910080518.111","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","device","DeviceIoControl","FAILURE","","hDevice->0x0000011c","dwIoControlCode->0x006d0034","lpInBuffer->0x0049cbf0","nInBufferSize->0x00000208","lpOutBuffer->0x00498310","nOutBufferSize->0x00000008","lpBytesReturned->0x0120f884","lpOverlapped->0x00000000"
"20190910080518.111","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","device","DeviceIoControl","SUCCESS","","hDevice->0x0000011c","dwIoControlCode->0x006d0034","lpInBuffer->0x0049cbf0","nInBufferSize->0x00000208","lpOutBuffer->0x0049ce00","nOutBufferSize->0x00000010","lpBytesReturned->0x0120f884","lpOverlapped->0x00000000"
"20190910080518.111","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","registry","RegCreateKeyExW","SUCCESS","0x0000011c","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20190910080518.111","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","registry","RegSetValueExW","SUCCESS","","hKey->0x0000011c","lpValueName->BaseClass","dwType->1","lpData->Drive","cbData->12"
"20190910080518.111","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","registry","RegOpenKeyExW","SUCCESS","0x0000011c","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume"
"20190910080518.111","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","registry","RegOpenKeyExW","SUCCESS","0x00000114","hKey->0x0000011c","lpSubKey->{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20190910080518.111","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000114","lpValueName->Generation"
"20190910080518.111","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","system","LoadLibraryA","SUCCESS","0x7c9c0000","lpFileName->SHELL32.dll"
"20190910080518.111","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","system","LoadLibraryA","SUCCESS","0x774e0000","lpFileName->ole32.dll"
"20190910080518.111","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","registry","RegOpenKeyExW","SUCCESS","0x00000116","hKey->HKEY_CLASSES_ROOT","lpSubKey->Directory"
"20190910080518.111","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","registry","RegOpenKeyExW","FAILURE","","hKey->0x00000116","lpSubKey->CurVer"
"20190910080518.111","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","registry","RegOpenKeyExW","SUCCESS","0x0000011e","hKey->0x00000116","lpSubKey->(null)"
"20190910080518.111","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","filesystem","CreateFileW","SUCCESS","0x00000114","lpFileName->C:\AUTORUN.INF.exe","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20190910080518.111","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","memory","VirtualAllocEx","SUCCESS","0x00154000","th32ProcessID->240","szExeFile->HelpMe.exe","lpAddress->0x00154000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20190910080518.111","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","filesystem","ReadFile","SUCCESS","","hFile->0x00000120","nNumberOfBytesToRead->61440"
"20190910080518.111","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","filesystem","WriteFile","SUCCESS","","hFile->0x00000114","nNumberOfBytesToWrite->61440"
"20190910080518.111","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","filesystem","ReadFile","SUCCESS","","hFile->0x00000120","nNumberOfBytesToRead->61440"
"20190910080518.111","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","filesystem","WriteFile","SUCCESS","","hFile->0x00000114","nNumberOfBytesToWrite->61440"
"20190910080518.111","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","filesystem","ReadFile","SUCCESS","","hFile->0x00000120","nNumberOfBytesToRead->61440"
"20190910080518.111","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","filesystem","WriteFile","SUCCESS","","hFile->0x00000114","nNumberOfBytesToWrite->61440"
"20190910080518.111","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","filesystem","ReadFile","SUCCESS","","hFile->0x00000120","nNumberOfBytesToRead->61440"
"20190910080518.111","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","filesystem","WriteFile","SUCCESS","","hFile->0x00000114","nNumberOfBytesToWrite->61440"
"20190910080518.111","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","filesystem","ReadFile","SUCCESS","","hFile->0x00000120","nNumberOfBytesToRead->61440"
"20190910080518.111","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","filesystem","WriteFile","SUCCESS","","hFile->0x00000114","nNumberOfBytesToWrite->61440"
"20190910080518.111","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","filesystem","ReadFile","SUCCESS","","hFile->0x00000120","nNumberOfBytesToRead->61440"
"20190910080518.111","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","filesystem","WriteFile","SUCCESS","","hFile->0x00000114","nNumberOfBytesToWrite->61440"
"20190910080518.111","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","filesystem","ReadFile","SUCCESS","","hFile->0x00000120","nNumberOfBytesToRead->61440"
"20190910080518.111","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","filesystem","WriteFile","SUCCESS","","hFile->0x00000114","nNumberOfBytesToWrite->61440"
"20190910080518.111","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","filesystem","ReadFile","SUCCESS","","hFile->0x00000120","nNumberOfBytesToRead->61440"
"20190910080518.111","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","filesystem","WriteFile","SUCCESS","","hFile->0x00000114","nNumberOfBytesToWrite->61440"
"20190910080518.111","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","filesystem","ReadFile","SUCCESS","","hFile->0x00000120","nNumberOfBytesToRead->61440"
"20190910080518.111","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","filesystem","WriteFile","SUCCESS","","hFile->0x00000114","nNumberOfBytesToWrite->61440"
"20190910080518.111","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","filesystem","ReadFile","SUCCESS","","hFile->0x00000120","nNumberOfBytesToRead->61440"
"20190910080518.111","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","filesystem","WriteFile","SUCCESS","","hFile->0x00000114","nNumberOfBytesToWrite->61440"
"20190910080518.111","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","filesystem","ReadFile","SUCCESS","","hFile->0x00000120","nNumberOfBytesToRead->61440"
"20190910080518.111","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","filesystem","WriteFile","SUCCESS","","hFile->0x00000114","nNumberOfBytesToWrite->61440"
"20190910080518.111","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","filesystem","ReadFile","SUCCESS","","hFile->0x00000120","nNumberOfBytesToRead->61440"
"20190910080518.111","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","filesystem","WriteFile","SUCCESS","","hFile->0x00000114","nNumberOfBytesToWrite->61440"
"20190910080518.111","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","filesystem","ReadFile","SUCCESS","","hFile->0x00000120","nNumberOfBytesToRead->61440"
"20190910080518.111","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","filesystem","WriteFile","SUCCESS","","hFile->0x00000114","nNumberOfBytesToWrite->61440"
"20190910080518.111","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","filesystem","ReadFile","SUCCESS","","hFile->0x00000120","nNumberOfBytesToRead->61440"
"20190910080518.111","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","filesystem","WriteFile","SUCCESS","","hFile->0x00000114","nNumberOfBytesToWrite->61440"
"20190910080518.111","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","filesystem","ReadFile","SUCCESS","","hFile->0x00000120","nNumberOfBytesToRead->28062"
"20190910080518.111","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","filesystem","WriteFile","SUCCESS","","hFile->0x00000114","nNumberOfBytesToWrite->28062"
"20190910080518.131","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190910080518.131","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","registry","RegOpenKeyExW","SUCCESS","0x00000120","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190910080518.131","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","registry","RegQueryValueExW","FAILURE","","hKey->0x00000120","lpValueName->DontShowSuperHidden"
"20190910080518.131","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","registry","RegOpenKeyExW","SUCCESS","0x00000120","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer"
"20190910080518.131","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","registry","RegOpenKeyExW","SUCCESS","0x00000124","hKey->0x00000120","lpSubKey->(null)"
"20190910080518.131","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000124","lpValueName->ShellState"
"20190910080518.131","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000124","lpValueName->ShellState"
"20190910080518.131","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190910080518.131","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","registry","RegOpenKeyExW","SUCCESS","0x00000124","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190910080518.131","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","registry","RegQueryValueExW","FAILURE","","hKey->0x00000124","lpValueName->ForceActiveDesktopOn"
"20190910080518.131","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190910080518.131","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","registry","RegOpenKeyExW","SUCCESS","0x00000124","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190910080518.131","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","registry","RegQueryValueExW","FAILURE","","hKey->0x00000124","lpValueName->NoActiveDesktop"
"20190910080518.131","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\System"
"20190910080518.131","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190910080518.131","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","registry","RegOpenKeyExW","SUCCESS","0x00000124","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190910080518.131","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","registry","RegQueryValueExW","FAILURE","","hKey->0x00000124","lpValueName->NoWebView"
"20190910080518.131","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190910080518.131","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","registry","RegOpenKeyExW","SUCCESS","0x00000124","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190910080518.131","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","registry","RegQueryValueExW","FAILURE","","hKey->0x00000124","lpValueName->ClassicShell"
"20190910080518.141","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","filesystem","ReadFile","SUCCESS","","hFile->0x00000118","nNumberOfBytesToRead->145"
"20190910080518.141","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","filesystem","WriteFile","SUCCESS","","hFile->0x00000114","nNumberOfBytesToWrite->145"
"20190910080518.141","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","filesystem","WriteFile","SUCCESS","","hFile->0x00000114","nNumberOfBytesToWrite->268"
"20190910080518.141","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","filesystem","WriteFile","SUCCESS","","hFile->0x00000114","nNumberOfBytesToWrite->268"
"20190910080518.141","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","filesystem","DeleteFileW","FAILURE","","lpFileName->C:\AUTORUN.INF"
"20190910080518.141","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","filesystem","MoveFileWithProgressW","FAILURE","","lpExistingFileName->C:\AUTORUN.INF.exe","lpNewFileName->C:\AUTORUN.INF"
"20190910080518.141","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","filesystem","CreateFileW","SUCCESS","0x00000114","lpFileName->C:\boot.ini","dwDesiredAccess->GENERIC_READ"
"20190910080518.141","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","filesystem","ReadFile","SUCCESS","","hFile->0x00000114","nNumberOfBytesToRead->268"
"20190910080518.141","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","filesystem","CreateFileW","SUCCESS","0x00000114","lpFileName->C:\9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","dwDesiredAccess->GENERIC_READ"
"20190910080518.141","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","filesystem","CreateFileW","SUCCESS","0x00000118","lpFileName->C:\boot.ini","dwDesiredAccess->GENERIC_READ"
"20190910080518.141","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","filesystem","CreateFileW","SUCCESS","0x00000124","lpFileName->C:\boot.ini.exe","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20190910080518.151","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190910080518.151","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","registry","RegOpenKeyExW","SUCCESS","0x00000130","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190910080518.151","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","registry","RegQueryValueExW","FAILURE","","hKey->0x00000130","lpValueName->SeparateProcess"
"20190910080518.151","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c726
0U_vCP^(
dmk>05,QXP[
qN\qWNi
2HG~QV
GQBUl|
McVr]\XZY\Blu@@Y^JK@
WQJGGIAN
~GVxFULgG
>QXP*woa
64m\G^3UIuHg
j{=io|
&&' ?~oW
()MacA[UBeuAA\_JUG
gTupIE
$NYGgTuJgG?lw|-bu
EU~Q]T
,Pl}N[^V
W^ZUQUQ
qdmk|-bu
NL(6!#&
6<!.3S c27< <=
:%! ;+~]eN[SX\CetH@T_GTJ
@VQUVFI
7aaog?#dENU6Q]U
_H;=&{sa1%
 ==-07
'& &001&
,LieUAlrLBKT^DnUGBQA\oaM@KRYUK~iZIZWB
RPUQWQT
]XUGMG
UoPG]`
E^GBDa
q'&$, 'PU
v	10AGMMpF
GTGN\t
6DS3V90
NQiO]^XM_K
]	TVU[
cesrvcq
^@dEN	>2
NaVJzr_iz
UOjTFXPIFpSS]Q_
q}~#a+ >7pyvDo9G
fQS2BWDM7R
``s 'q
_lYOSUBwDn[MSKd	a
jfvs&1q
\IwY\]~T\]
PIFpTUUQ_
L""'6&;:}~g
G@IgX\LTuHo
k{qptq
VKRSQU
GUB3VT
fbps'd6
pADT]_MpF
F>	E}W
!94AIQ x}
pea}~g)
T^dR]WIlP]U
hMWBhB
klpvu01
	dEN7+
HL:l=UC]u
d@OC6`{q#1`G
XD5V^CQ/R
_Op]S_7
/nUvUBPB\UqS[UFB
@b]^b@U
tMNDRsHu
F6#*  q
bfsaiq?RzCNYG&%
D]-DZU1S_^C
]Gp^s_VDG^Tm^QT
QFc]NQN	
 WJDTE
cessqcq
iLF:D^
ESWK_V
 >>NIuqya
]CvK@G"
	+JEHLbz
\YuPBK^GUqS[G_Q
u(v0*":g}s"BOE~w+rj/qjoayar
D`P_bEPEJf
g6tqsg2
jezruck
G(QOQLU
U@eYXI
LSR\@BPU
cesrucc
aztS\D\~X\U
c]^O}GCTPdKUTUV
eeaog!6EEQV^[JjK>
BIfQ\D
Bl&8!&7
5`UVG_v
U@oP\E]~T\]
`TRMPPDUhPCA\EK
k9@QQT
O@qyarrec
*UWaEUC
:16 vCuPEV
\@nQYD]`S^T
l^~ULa^CNZQ^
CR]\QGM
c6!aiqb
:@IP	'
5!76vCpGMFEuSH
\Hc@SsKK
qDG]\u@~eAVXpQ
GMC@QYA
jfvs&1q
T^dR]WIlP]U
hMZyZZ
XQCMG@
``s 'q
771`UV#2
T^dR]WIlP]U
nPVAKU/]2
@cmzppc0@
^vK@G_[W
771`UV#2
]H}GQzGU
URRVWQQ
@b]XWsY
qPIEK_V
[W7@U^{UH&Lu
Cd_bUPWL
U[ 4jyuhfsupcc}cjcwaf
@RbERsGU
XQCMG@
bUV+DGBi
M{PKXGEuSH
\Hc@SsKK
qya1 4:QXP[
fQ\EUt
<!777mJ`[XG
\AoQUDU~Y]P
gA`YM^VRED
qya1 4:QXP[
fQ\EUt
6.'6!mJ`[XG
^@gX\LT~QUU
yBERHQ
J^Gu@V
dcsaiq!GKKQXP
dEN7HYa
UBIfQ]
QgTuLbW+#,>
[XGQxM:.
\IgQ\MU{PUK
GZGCcXWUiZM
YL\u\\
qdtuuq
dEN3DLD
Q\q\\^
Cd^bFYDU
eAWCBpt
]HvIGjK]U
O@N\cUSDUQ_
UCHF@U]
ffuaiq5NmNNCA	2
^j_*UQT
	#K@Gqya
QXG:PEV7#
#K@Gqya
	#K@Gqya
QXG:PEV7#
#K@Gqya
	#K@Gqya
QXG:PEV7#
#K@Gqya
	#K@Gqya
QXG:PEV7#
#K@Gqya
	#K@Gqya
QXG:PEV7#
#K@Gqya
	#K@Gqya
QXG:PEV7#
#K@Gqya
	#K@Gqya
QXG:PEV7#
#K@Gqya
	#K@Gqya
QXG:PEV7#
#K@Gqya
	#K@Gqya
QXG:PEV&4
_q%x%0
gQDVddEAl[X^\EDU\_PmkZPDE
aG_ElhPCEKWUC:`
QOwUF^AU
w>a&v'
MBw}wvgy =u~ker
VXUUJHCD]]
|WRUdENT
qyazskcD
@AMG]~[
{RrM@Q
UK\YC[
fYJVYCUwT\	P'
kg%!v6j
@CB|KPv
FP~Z\P
1b&w$gg
Y[C,_gC\@U
PGqdpG
VYpTB^UPVEM_dIHG
SQ~Z\P
1b&w$gg
BlDZTUPcD$
dTUPvKao
blsztcc
Dl	`PYW
[A]uYYR
@d0w"qgc
B[RG^m
KXGzL_EQrYNh(
cdzs|bc
cW1@\LV
SQ~Z\P
1b&w$gg
BlDZTUPcD$
dTUPvKao
blsztcc
Dl	`PYW
[A]uYYR
@d0w"qgc
B[RG^m
KXGzL_EQrYNh(
cdzs|bc
cW1@\LV
SQ~Z\P
1b&w$gg
BlDZTUPcD$
dTUPvKao
blsztcc
Dl	`PYW
[A]uYYR
@d0w"qgc
B[RG^m
KXGzL_EQrYNh(
cdzs|bc
cW1@\LV
SQ~Z\P
1b&w$gg
BlDZTUPcD$
dTUPvKao
blsztcc
Dl	`PYW
[A]uYYR
@d0w"qgc
B[RG^m
KXGzL_EQrYNh(
cdzs|bc
cW1@\LV
SQ~Z\P
1b&w$gg
BlDZTUPcD$
eJYBWddfG
jezruck
RK2]bJZDP
[A]uYYR
@d0w"qgc
B[RG^m
KXGzL[LUp[Nh(
cdzs|bc
cW1@\LV
RAMGSQ^
D`PYWv\[V
6a"wqcg
_yC]@IP)
?GMFi[^TEGKcNWg
py|mbp
N\dX\UvCAG
grHVYT
ga twegC
/[XG>;
zWFYaPbmPWCBn
vqq|`c}
NAuHQQXKWQ~Y
^Yd[xwYczLS	XOQLU
G|SC'Z
ICMmSZ\~Dj$
gCPD\wY\]
k{qptq
WGwUrLCVC6X2F
JKUSKI
kfsvr`c@
WOI^XjTN@~
cOA6&0n{
lipko}:
_v[_QTPcDsID]QxMnDQD
@cmzppc0@
^vK@G_[W
771`UV#2
yru`n|
{qynuoq{xli
\HqY@rSA
TJW:/Z
nbQ]TZ@@l!B
Z@fQFG
RB>u@I_ZB
WY\]CLBLK\
oPTQD]dEN\a
D`7 " fk
jfvs&1q
FG<UCYBUUsWAIQ
gC^}gctk
\@kEWz]W
bMJVFQB]~aKZDWC	U
dPJ@YZYo`
QGlqLD
X@SFC>i
VYTG_[JB]]D
k3qv}`c
MpF][jCGxF
NAfQTWIlX[]
QIqLcA
ea"p&d0
M181<2a`c
;-=5PUcN\q&7
&<~mf^KF
kDYW\\UH~jM
O@PIEXDBB[
c-ssucc
4+QGo2C
k9@QQT
BAoRYE
eeaog!6EEQV^[JgG+HYa
UBIfQ]GQgTuN\t296&
\@nQYD]`PZT
fCYF]oMQR
1RV-@]WxPI&
qwynyp7GKKQXP
aog?#qY@{
_Q;$#-
1= 4g_(
\AjE[zUI
f^^ZFVCGpoXSBWQCDMjoY
DQ	\i}K@YXAU
PIEXCDJ[
s,{m4w
qikx{ v~iy p+~-r
TI`@R(
bXPDUMP
clrsukc
4WRwCU[|VI'O2
gewwq0d
y|si}`m1$+6>511kbgpIE/
:0PCQ_
xsuln{{cetlx}dcuj
]FWUDi`Z^
G=wABFQZ
_J\Aic
wXZTG^QPhmKADC@
bU_a@TJWdU]WIgIg
jcpzmb#
_@4V	A
]h\AVU
CKGeXuBGMV
!(pWWb\DoP\E]uMf
ddaogbc
G[H0SYMV~TZV
kr_AYO
8Gpq2 ;8u
]@fY\@TvO_Q
aK_Y]MOjP\SuU
}WRVSA
gaw rae
	~{gu}0,!& #vsw
,%1$2PI~}
_VDluEL
)00(;?r
4<NbxG@l|VEWE`_Q^AB
rrgr~zM]E]]
@b]^|EU
)GUgI`
w1&": V^[
AWZiI[-32[
amno5qsxy~tG
Fc_VDGP
CFQW]G@
fYUFPu
qPIEK_V
aEUBIgSXWIg
'tMN&0
T@cPT[TyPOI
wUVG^CM_W^D>hASU
07aogbd
CICDGA
]HhX[TlMOT
pALUS_	o
P WWUGG
]pwxq3z h1rp&
tp~&0ko}fe
/xGUYBMB@
jUR~HK\
qyazskcD
{{pnl|-t$x>yus|}z&
Gpa]VECG_
`oO]BH
gYBLET]yB]XRgT
cmaogje
6@Z[VCF~w
RmFUESCQ
WYBAFI
.HGsMb
??MOCD
_^dI@T
xii{9 
1.8:.5nvy6u
\@cA@Fo[
bVVMFQB]lxX[\]G^DX~r
eeaog!6EEQV^[JjK>
^{UIuI3
6(16PcDr
DUCd_cQUF
EAgko}vsx}o}ys}xvk
N\qDR{][
UYYR@I
Ad6tr'ck
O@JjK]R
$vCu!<7&hme
fyqh}`mrq|gomaq
@Pd~YVE\C
`evtvc1
G^mWuODG_v
bGjERW^z\I|Ig
fd{mwgb
z-'j:u}&vt9
t{{y{r
_KVUAl -o
VP]UCACATU
fPEVTvYTG
ems%v10CI
YVUF{R!NFSG5\4E
B]W\BL\K
@]LgG@s@gD
@04&v}a5@
qikx{ v~iy p+~-r
TI`@R(
bXPDUMP
!CiLK^U
jdss}cf
WWVAMG[vG
AaWaUTS
7\U*G]
yPAvHb
1b&w$gg
x('{sn~tw|}ac%!%+6[_V	
/$  G_
E]ZG^m_tAD
[PTUVZ
WRQ@DGN
C`6t rb1
A[;26-:!moc
SB_C_W
haco]lxg@WB~_r@EUCl_gTYJ
GBiTNsHu
D:9&0< 'GA
ZgBYDUwQXG
gu}nca)
6!$nvy6u
\A6A@gG
QXG?GKm"
ZXvY\U
~KTzQM
^eDFGPKUe|YSJ_F^^Znw~o
A5PEVTq_\G
P62*01!*
VrHMQQxM?9
v}tmk|mNKnm}pzxp
b_VLUMP\j{\
9vta/&
Ad6tr'ck
O@JjK]R
$vCp64'n{eb
t{sn~sqt}acz~q~#
SG]o}\TA_
`evtvc1
G^mWuODG_v
G@IgX\LTuHo
k{qwtq
VKRSQU
GUB3VT
	au%s'b
fmpspd`
C\rYXQ
mJ`HCSCvCp
HMOB@Q]
!(fW\TMU
k{qwtq
^PKJCAR^
@Qv]XQA
ea"p&d0
5_QQCQGCu/&
aerzujb
T^wLXQXK_WvQNIlX[]
D^EvVGs^_U,V
WY\]QUQMSU
Gjg&t}5a
Bw_qLD
vCpTVR
R]\G~sQFU\
rBUYDPwQBWc
qdss}q
,q,sOgmc
ru-'peanesqf
/lK^UB@CMT]
bCQZT~XNI
cmaogje
NA	#\TWK\
vMDQG`
H[XTQUQEU]
AMGfmq%'`6
DZsQ_U
A,Q!NE
ClVaPQ
WP\\BICLUX
c]PFjK]U
wzu}c5
F{VvM@
WQBWGHQXG\
a^GXB]v
kg%!v6j
	D']XUzUY
^Z\PDJC
cB]@Q%^^S
0b tt1c
YBUTqR
P	0#'7;
<5!QYeu@YE\
VVVWVW
Zcessub2
	+LSUU
ls~*rkk
vqzupDI}`up}
DX[SC[_V
dEN&PIC'0
<-;2~bdTS]CV
kV[__eb	
\UhGJ_JU
!'} k{&hj#sq
G_[	RK
ga twegC
/[XG!1
gasaHYq
BlL[ZU
PKf	0V
G_[	RK
g6tqsg2
geaNOqa
xsgu}uy{q*l/""-|vwDN
`_SCDQ
WF_G[R
WY\]QUQMSU
Gjg&t}5a
Bw_qLD
vCpTVR
FQWK~~PK
b\VaE]BLgYBGQtZ{
cmaogje
NA	.PA
fqs'udSF
DENTCIKVIO
J@`0zq dkD
RC-Vz@GPC7
YUObx[
oYKEEQTqY]WMwL
qdss}q
NqHQr]
VY\UCICVIOF[q;
??MOCVEM
Cd_bUQT
ZS]M^[DEN3
GjK?0aog
XvK@GYV
J`B_SUB
\zEONG
/fRsTUKUJB
TGkKVG
^YYTKWBMTO
bUYFjKUS
D`7 " fk
KTWYKDGH
fTEcRT^{][iZn
5f! $6f
\stjzql
VYAUCICY&]
gBYDUvY\U
.wNIgac
jVWzGV^)R
ru*{gdqC
Y[9PIC&$
clrsukc
fZjVQQ
\~]JuM`
@d0w"qgc
]GKcNW
clrsukc
fZoAYAR
7\U*G]
yPAvHb
1b&w$gg
QDUyTMuIz
cxssuc~a
z{t`ou~sqtoxp{fxwt
]@cM@gG@
Cd1[[\\GFkpE
bQBG][
jM]SSBQ
/xGUYBMB@
jUR~HK\
qyazskcD
XR1UJOVG
BU_YFEJW
pIE`EUJ[zCUC]u
d@OC6`{q#1`G
XD5V^CQ/R
!(PWWXJDKH
bPVi[WFHtMNDUu@u
pyy*f0&CI
XAUzUY
BPVQ]EKH
cUW{PICMSsU
kg%!v6j
q:h~yw 
<z"ty+~}
1WNiTN
aYP4$'8
77QEMLpg
_[B$cXU\\
qxhiWI
yWAB_[cPCNK@l	
GEaW\WIg
2EEQ'':aiq
GKmRIL#.
vqy|d6q
N}NCFQ
mt_[EXTVZB
bUDLKBEJjy\
[QtTCR
W[sVIpOd
6a"wqcg
^_aqubj
di|ogs3a0&/1jma#0
Q=y]SF[G
Dm!EJKV[D5
P_K^YjuZ\N
/Ywqstjc
+TUWK\
U\KGBL
QZ{QMq
2f t&db@
6QEcR	
Y'sy/1d|
{^AK_ZyQ^\\PC
U_P@AB
pTPgEG^[$
56=iI[gTuJgG?lw|-bu
EU~Q]TL
[ 4k\@CVSqP^TTUGi
U_P@AB
pTPuBGMV
#6LgGI=Hg
w$qnyp-iI[
<&aqs9|o}qsy(xg
9?ZQPbyMTDmnYWU_GKlvDJ\TWEtIPBY_V~iZIZWB
jezruck
7R_)BPVxULrKg@
Gg4wwugg
QxPIN\
{UIwIc
cesshcc
EAgko}vsx}o}ys}xvk
N\qDR{][
=(\[@	
]BKos@EAU
G]_Zhq
CUWQCACA
cGKsDUBAtMNLS}H1
NA'$|tg4'
C]IXJEPU
a3!p jaG
Bc\RuVBQ
MOW>0-76s2LH
DDY^WB=wN@
@\YSQE
i_7-~wulM
CFQW]G@
R_)UA|Kb
O@qyarrec
WYCDBHG
Z\@cERz
LLU$}YSB_B
89:XL1)==
9	CY_\mqHAA_BUBq}_E^Y
ls`slf_\A[
3WIPHaW\WIg
2EEQ'':aiq
GKsWIP
qN\tC@W
,XBUQTX
tlfWW~PTU
wUVUGPLG]^
UK@@AU
aCRWDGjK
:M^[qya
,!'WMNq
ljk3F`k
Q_k ZzWGYPIF2
5DR"hp
7k$<E^
6-1:$!djuZ=:
TOc\K]
^NmNUY[Q
]UUM^[
Gdm%qpk`
O@QVgIRpYNI
me;subf
^j_*UQT
kfr@_E\SM
CAJGP]AN
{PXCSvK@GDEN6&:016>
+essucbG
_qV:IDUCd^n
KXGCpC\VQBmkH[FUBm_kTQT
\]JJFD
cRWTdEN
K@G ,07 >q
+essucbG
_qV:IDUCd^3QCH
PxDYVUPBl`KDTJdVfBYLU
CAJGP]AN
{PXCSvK@GDEN6&:016>
+essucbG
_qV:IDUCd^n
KXGCpC\VQBmkH[FUBm_kTQT
\]JJFD
cRWTdEN
K@G ,07 >q
+essucbG
_qV:IDUCd^3QCH
PxDYVUPBl`KDTJdVfBYLU
CAJGP]AN
{PXCSvK@GDEN6&:016>
+essucbG
_qV:IDUCd^n
KXGCpC\VQBmkH[FUBm_kTQT
\]JJFD
cRWTdEN
K@G ,07 >q
+essucbG
_qV:IDUCd^3QCH
G_Z]PBl`KDTJdVfBYLU
CAJGP]AN
{PXCSvK@GDEN6&:016>
+essucbG
_qV:IDUCd^n
KXGCpD_P]JmkH[FUBm_kTQT
\]JJFD
fE_DGjK
NIQ*&7&(q
{PKXG./
c-ssucc
rIDUCe
cK_T]PBl`KDTJdVfBYLU
CAJGP]AN
{PXCSvK@GDEN6&:016>
+essucbG
_qV:IDUCd^n
KXGCpG[ZG
EDpIE\Cm^bUYT
CAJGP]AN
hG]RBUdEN
>NIQ?2=)8pi
{PKXG*
NIl28&n{
i~OWAGM
	qMU,TE_
\~DTR\C
VzIATKz]cCKXG
/_N\u\\
5KXJaEYWPIQ
>NIQ?2=)8pi
 ZEQ'<-$
:?GbCOI
_lT\\mJ
a7VAGSZV_eU\\dCPe\[]
A5PEVTq_\G
D:9&0< 'GA
	HpW\Q
a7VAGSZV_eWY\]Ci
_GFYVLCPT
F[f\EQB
X%v+|`,tg4wt|
gaw rae
geaNOqa
0bquq2`A
@X~P_P
gasaHYq
\AdENT~QUG
 /:pic
wNIgac
g6tqsg2
@Rw^ZUlMO
VEE=:1&g
qF[fG_K
wu~t3}asp+
1OooP}Vs@D\Bd_oB\E]
!PICER}U[iZ1K@G ,07 >q
<>7hpd'ecub
^QPEhcYLieUAlrLBKT^DnUGBQA\ltZ\N^BUJ~yQ\D
UYYR@I
Ad6tr'ck
O@JjK]R
PEV6x}utgg
NAfQTWIlX[]
b7s{|`f
WYCDBH
0"'hme
fyuh}owcbuvvswjsj
WiuZSGX@_
ZP_CGh B@DQ
^d|KE\
G^~b_S\N
nBPEUvQ\P
aaraiqb
D1[6F]DQ
BU_K_VKO
5gv{vcf
fYUFP~
pGFtCXCDEN
,&&>GBVQ
WClZQ_\
USpUDC 4
Q_\G_[
QXP.PEV7#
7XS*.7
]DgE@Fo[
bVVMFQB]lxX[\]C^DX~fY^\M[QeuMB
o AB	XJ
@iu\E[Cc_
GShw`whb
[G[QC>i
VYTG_[JB]]D
a0t{#af
X$^	QL
UJvUwI
QxMcRWT
CQSYQyx[
kU^~@UV{PH}Ve
wrsukq
gCPD\wY\]
k{qwtq
WGwUrLCVC6X2F
JGKKJBJID
`evtvc1
c\Q]wY\]
k{qwtq
WGwUrLCVC6X7Q
PIEPELB
fmpspd`
z'igzfgb&,vswbrd
Y[>MJV 
,=7M[Q~oW
Y_^luI
XvY\TI
UPcD.	'
URRVWQQ
@gJPGPv
dcsaiq!GKKQXP
dEN7HYa
UBIfQ]
QgTuLbW>7&1
[XGQxM?9
U@oP\E]~T\]
wTLIPPDYWL
dcsaiq!GKKQXP
dEN7HY
U^{UItA4
6.'6!mJ`I
UCd_bT
3Biwinzekcu~lo`b}|
N\qDR{][
=(\[@	
]BKos@EAU
G]_Zhq
`WP]ACQ>a|amaY\WAGDdfGAIBMUT
oB\E]h[XT
]~@ZQU
@QC`[c
BTEEQEBI
J@`0zq dkD
TI`@R(
MBYT\G
nKPMH~YZ
aczu#.
^~MONGKy^r
[PTUVZ
WRQ@DGN
S0AQBMbU
0br!ukj
CVION\t6
kG=01"1:<L
_~EU@IPvPzI
DT\TVCLDGU
"FQQ@Qr
0b tt1c
;G_~}2*7,4=M^G
8N]-86ta
@RqY@#.
DGQBUm,_A^M
Gc~tWBBP_WmuHH\ZC]\n|^WBVa_YVV_
euhs:e
jfvs&1q
_VDlgX
PM[Q03&
8sABAW
_YiVPWYK
j'frkdYUC
RURQUU
URPTTT
fC@W	>2
sJ\RAU(
qya1 4:QXPIZ
]PUt	'
vswqipJgG
oLFfTKCP^^l}HE]W\WCmw_GC
Y(RH'Ho
c6!aiqb
]U]_C@G
LR	')6<
cES~QI
+AZTBu@VIL
XD"SVDQ
HUb^LU
GPT_QXP
Zcesstcc
\`B_DT
x{q{RInscb|cfc
T^a@SiI[
tJKZGeEPU
DQ	\FdHVWRQ
WY\]CLBLK_
~GPTvQNI
ke%p'02G
J@[#P^
GZ/AYRQF{
B]W\BL\K
~GVaE]PUtXZMU#K5AMGfmq%'`6
&BQOVxQ
WY\]CLBLK_
{PXDU~K@G
c3p!&26
zA]VQF,QpO@
@7X4EX
CUWQCACA
cGKmAU^sGUgAa
Du#*-0g}
}svij{|s#{:y w|yzq
1_^MDTB
>oEACXE_DX~1
Lpr<9* ,6 ~iZR@M
V`G\SG^mWrILG_vVd]Q
xBSZ*V
klpvu01
;> lx}
qN\qWNi
?DR6BXD
QBUl}X
^WY_hd_NdiKWCm|HI]_B]B
VVVWVW
&G^[tMN
>qy|ebtG
rIDUCeV1GMFAN`PXAUllgG
pU\VFvYTUv}kgv
DLOVX_^K
cwoa#:?G_[QXG
dEN!HRU
UvY\UfD
0>1G^mDn[
DX[SC[_V
+K@GoCT6
:VDrPCE
+essucbG
mw{~dDM
]Yt\]GbC\U
~zyvv/tL086
klpvu01
Dn['00
]IvP]U~Y]P
iRWOI^_lYFHKM_W^
GSO"WFQAUQvPS
_sq~qf} h`su%
WY\]QUQMSU
Gjg&t}5a
Bw_qLD
vCpTVR
R]\G~sQFU\
cUQ\v\]]
bwoatcc
|@UQUGxUr
G5[fUUP
VQNIQ@ELU
Gdm%qpk`
]Z\AzV!
VIQeXaBKXGKWZTGMCVhg
rKUXEUvQ\Pf
fdaogbc
fIQ:'&'
,>,nab=qt
E]ZUG~^lKETQxMcUQ\
D>hASU
U~P_PgAN
wrtscq
UCICDT
&&0ICM~MF
$_W3 c{dxwkbgLN
VIOpIC'4
IWBX[ZQNQ$E[DX^^VCU
VBuG_KCUTyAOGJE
!v,&3,vg`##wEE
"rv#`|{lgg~gu@:o
RAMGSQ^
DeGQGUs^_U@
Gg4wwugg
YxEONG
&_[WEQ
jezruck
.x':>&`j`#,g:la e
YH`EW|VIO	6[
@CQFQh.^QD[
TWN@is
PILEaSBQEM
jM?1&16q^(
VlYO[SJ
MbQXAQ&Oe
C`6t rb1
;C@W2<
P_M=4/aHYq
BlL[ZU
PKf	5A
Q*QMuLc
acw"v0dA
.")<,:&&7(lx}
6$6dEN	R
MJVUMP
VDlgY_
[U_~-;
_[Dmg\UNa*d]\U\BJ
O@DENTDOCVIOPIE>
dEN7GKq6!
")&6gTu
~E]RUC,^`UV	
dQBQbdC^
TNeI@]
YAfMVP
pfVUM]
S[]GDPS\U>z
%[WEYQZ
SXTKAHBVIO
@04&v}a5@
KU^XCDJI
|WR~RILzUI}Z{
ke%p'02G
x)r<k"afbqz`<basfC
V[CCRj}KOP	
3G^Q::-
+#NCPG^~%)
lsa%ltCN
OooP}Vs@D\Bd_oB\E]
-RILzROuZ{
JK?00:6'6O
*UQTvY]
cER{UHH
vHYTB1^
JK]REIQXG
E}W6':
$?&GiZu
</&hmcZ
^6E]RUB~
sULhxCFY^W
DX[SC[_V
OCP+GMF
=!^j]fUCH
MLtLQvKao
xTU@tT
BBtUF^GBC
RAMGQOa
U\t[__
VY\QQtyVW]
nCYD]v\]]
bwoatcc
|@UQUGxUr
G5[cB]@QN	
DX\UK[_V\[
#\TWDN
6lq&rk5
6M~GPS
RYNhy[ADTT
bUYTsXTK
qyaruck
D\{M^RPE|V N
`[bQUPN	
DX\UK[_V\[
Gjg&t}5a
Bw_qLD
vCuC^BU
W]XUQtyVW]
nCYD]v\]]
bwoatcc
|@UQUGxUr
G5[cB]@QN	
DX\UK[_V\[
#\TWDN
6lq&rk5
6M~GPS
RYNhy[ADTT
bUYTsXTK
qyaruck
D\{M^RPE|V N
`[bQUPN	
DX\UK[_V\[
Gjg&t}5a
Bw_qLD
vCuC^BU
W]XUQtyVW]
nCYD]v\]]
bwoatcc
|@UQUGxUr
G5[cB]@QN	
DX\UK[_V\[
#\TWDN
6lq&rk5
6M~GPS
RYNhy[ADTT
bUYTsXTK
qyaruck
D\{M^RPE|V N
`[bQUPN	
DX\UK[_V\[
Gjg&t}5a
Bw_qLD
vCuC^BU
W]XUQtyVW]
nCYD]v\]]
bwoatcc
|@UQUGxUr
G5[cB]@QN	
DX\UK[_V\[
#\TWDN
6lq&rk5
6M~GPS
RYNhy[ADTT
bUYTsXTK
qyaruck
D\{M^RPE|V N
`[bQUPN	
VQNIQ@ELU
Gdm%qpk`
]Z\AzV!
VIQeXaBKXGKWZTGMCVhg
fKYMTvYTU
PPJ|VwNGU
JKUSKI
5gv{vcf
G\']XU
~MTQPB,
`UVTDb_pIC
DRSBMGDG`(
gCPD\wY\]
k{qrtq
WGwUrLCVC6X2F
JKUSKI
Da`{pufd
@^vL^WU
-Dn[EREdM{P
	HMOB@Q]
!(u@YE\vP]U
fd{mwbb
}SzJDPDg_5E
fmpspd`
C\rYXQ
mJ`HCSCvCp
HMOB@Q]
!(fW\TMU
k{qrtq
c7t&q2g
O@LbW\USBmJ`
{^BQvKaou[DYiBVVBUKCb
adraiqb
:Q@[X_ZkUY
hOS]D]SZ
A[A,UO
aerzujb
RAMGSQ^
DqG]RDPqZ\
Cgaswqg0
NIlPZS
  :PIFcOA
A[j{~=bysobt"t
!(L|E\[UK~VrADPBlAeGXVI
URRVWQQ
@b]XWsY
qDENG_[
QTvY\TD
0>1G^mDn[
_wETSUBwVwHLKAa^pICU
UYMVsY
dcsaiq5K@GC
DgPEV	6/
	GbC>0n}
]~@ZQU
@QC`[c
\GqTKG@TUcOATCC
kgwsjy%l0& !
@cmzppc0@
^vK@GKW\
CICDU\@
*1`UV6&
\IwY\]~T\]
~OWR[_W~@M^Ed
WQyPSPD@
\p z$f}skfq"s
DEN\EAC
AMGbJ[
5gv{vcf
G\']XU
~MTQPB,
`UVTDb_u^K
A[EHG@UO/&
qBTXD\wY\]g
@OC	E~[
TWH	{\nVMP[ZXo\
hOS]D]SZ
ASF&UKPAPT"
wgbg4 /:!<20E
6;7kxgqXIawcb
jVWdBVB
Adguw$`0
#CAGzL$
W^G wNIgac
jVWvEVQ
0bquq2`A
di#03&&+!1+9}yq
6WNi6,n}
<5V[CPI~%/
lgY^T^
_beYQX\
KeNVUCJ
DX[SC[_V
]FdIHU
]RhCEQ
ETVVF1V
PK:XTVVDARW_
k(MAp[SAYQ
/lK^UB@CMT]
gTYJt\]G
ce{aiqj
E*R#M@UG`[1RSR
@TEEQEBI
J@`0zq dkD
ysm>p6e1r
6omjvg
O@N\qDU}U[
9 KOP8
67!6LXtG^Q
BUBl}^
EEQEEO
qe;succ
CAJGP]AN
{PXCSvK@GPIE:&71<q
AKU=Hg
b6saiq=lYO@IP'-'
Y[C,_gBYDW
X@tlfWW~PTU
wUVUGPLG]\
UK@@AU
pTVRvK@GOIO<':aiq
K^VWMN)*
cesst1g
^6E]SPF
N[EB}p
JJ|IUvQ\P
fW^AoI
DVBkZJP
gBY@GKcNW
clrsukc
fZoAYAR
V\ [Y]
dfs!r6gC
,WA@TEyV`UV
fUCiLK^U
jdss}cf
WQVAMG[vG
AaWaUTS
`e!t g2
lYOSRD
fF]DGKcNW
clrsukc
fZoAYAR
V\ [Y]
dfs!r6gC
,WA@TEyV`UV
fUCiLK^U
jdss}cf
AMG[vG
AaWaUTS
[A]uYYR
@d0w"qgc
B[RG^m
KXGzL_EQrYNh(
cdzs|bc
cW1@\LV
g]RTs^_U@
Gg4wwugg
YxEONG
pIC3_WBTr]\G/&
aerzujb
bJZDPqZ\
2awsqggA
Y[pXXQ
/Ywqstjc
aUTSuY
Cgaswqg0
blsztcc
x-v;<-*vy~9/r&q{+r
YH`EW|VIO	6[
@CQFQh.^QD[
TWN@is
PILEaSBQEM
EdCN7010g^Y
LbWTT]B)U 
M7UXEQqL4
g4p r0d
, 0>6LXQ
!(JtY]\
BlD]R]PcD{OLU
WQR[XV
G]TYFCAI@
SwBQU@
Add!s}j`
^J-&gu}
$-&jel
l}YSB^
[DX~9'
CbsIDX_Phx~aXTU\
w_\\UGB
^UPVYV
QQTRWV
QXP*woa
64qIVtMN
+essucbD
rIDUCe
bGMFAN`PXAUllgG
rV]T^^
|_VDUK\AB
UGdARI
%Xo!VQ
6DWDG=w
!(D[\TJIJEU]
fJGFWwK@G
kwoa|ek
F.RvI@QG7XeD]
JKU\BV^[
jGKmISV{
a3!p jaG
&nmua3a&y7hd1uj
1WNiTN
 11 ='tIPQEM
Bl}_E_
=G1!51
vbXGST
+essucb@O
YT\@LC
eSQFjK
EEQ'':aiq
GKsWIP
cer%uq
Cd_bUP
vU^]BTEQA\
\]JJFD
fE_DGjK
EEQ'':aiq
GKaPIC
cesr gq
VIQ<$2
DJ-f{onwabpHDvmeb|b
\Hc@SsKK
qCDEGQJGpoPUJ_
=2\VV	
Fc]AC\X]l'O
FQBhaG
SXTKAKBVIO
@04&v}a5@
KU^XCDJI
|WR`WIPHfQTWIgAa
D`7 " fk
CXDfUXA
^G^WB[_VT]
{PPB]v
AMGfmq%'`6
DZsQ_U
A,Q!NE
ClVdGY
!(PWWXJDKH
bPV{\WTEGgGHuHo
jc{s#`1AMG
xu;h&a3fq~`ka0r`
C^Gmz_SPCQ	
=#?M^GPpq
^wD]R]BzWzWFWBvCpTQT
k9@QQT
fYUFPu
qDENG_[
/BYDUvX
")&6lMOG
.K|:N97;
cGy~K\WBeZX_UDLUQ^]rvPBIXMA
ANfXBY
XQCMG@
``s 'q
<pICTU
x{}ijrm|`p
vswbub
NIeMR-V
N_6Z^F
TJ	AZ^Glb^]T
h"AFBQZ@5R@E]
B]Kox_
V|MXYBC
pa6*03
bmmqwbq
VKRSQU
@z^qIAR@d
PIEPELB
fmpspd`
NAdCRiI[KW
7QPIwX	T
jln{ue7
_v[_PTPcDsID]QxMkSYTK
c6!aiqb
". ~meILG^C
_v[_PTPcDsID]QxMnDQD
``s 'q
6 *amn
+_VDGQC
CJ`TFGYMcVgJ@]VB\CleKUG
jM]TUJQ
oKZAU%
eeaog!6EEQV^[JjK>
BIfQ\D
Bl&8!&7
5`UVG_v
]IfX]EUvQXT
qZ\OCL
tUKIXMI
wrtscq
WsBUQE
*'G_v_*UQT
q{|ho|wst}gcsvykbg
W[}]IK
FioZ^QXDC>t
QZDbQF
^]Xh$K
lkQVY\C$M@FTEE
TY]\C@BDUU
o\[FTdENT
qyazskcD
@AMG]~[
{RrM@Q
C]I[FEPU
a3!p jaG
BfIQZCY@
pf<66. ='Q
CYC$q\\
5Bl]YF 4
PTP_CV^[DEN7
>VId:9&aiq
woau+c
x{uin&ap~g 
*81  mJ`
DJ6BXFOQDW~@cA@_BVVMmgYVTZFKrq@CPILEfUJQEMWj}H
CKTnvhplcX_E
SQ~Z\P
1b&w$gg
BlDZTUPcD0
[P~RhdiWItAg
cmsvtk}
BfMQ{PN
!(D[\TJIJEU]
fJGFWwK@G
kwoa|ek
F.RvI@QG7XeD]
GTEEQEBI
a0t{#af
]%GBGCVBYMB
kcNWCHJD\\
gGXLKt[]G
ce{aiqj
E*R#M@UG`[4E[BQL
CGKKBDBA
6lq&rk5
q_\GiZ
Nhy[ADTT
gBQDPwQBW
wrsukq
[vF]WRA
G`_cF]
PTWYKV^[
#vq*gg}
VQ\PBA]FW\
uU\]VIdPZ]gD
@04&v}a5@
G[H [Y]}QXR
W__[hX
JKU\BV^[
jGKmISV{
T[]G_[BDUU
tYNU Z
fmpspd`
CXDuL]G
	MC~]XQC~
IZ7GKm
2lMO#lw
&WOIMC~
/"108-#36qHY}`
\@kEWz]W
CAJGP]AN
oPTVBUdEN
>NIQ*&7&(q
DUvY\T2
,?6lMOG
_[eHDg`yrfb|pt
NIQHDBUO
^WvY\T+UOI
QQVdmL]BT
]Yt\]GbC\U
~ZC[[	\>
ga twegC
O@N\dX[S~CAGKW/_/@ELU
$Z	\eG
5gv{vcf
,06  %
~uwtby{ogtyj
YT\@LC
tDUCXG 
$[_V68aog
qN\dK@G&'
$SES[_^?\MKQ2
QU]Q~'
|bprob}qq
1 2'GjK\
XW:^Z_@l
ru-'pea;%
-&7:0ri
pDI}`up}
PTP_CV^[DEN7
0{uio|~!unso-3
 " lMO	]m6X
=%*<; 2
guzN]BTK
DX[SC[_V
*'GBi6,
ws;ucc
\@tY\GbC
(0:4,:
<8<+;VCPB
'+6&4,
+7! ,1
&8,AdoQnuII\VCUB
gTupIE
$NYGgTuJgG?lw
:+bqdZ
\@cGR{GU
?ZKbdLWCB
CRQYQXP
w~gqyaaiq;iI[
Fx{uioq|qq
76bjjgg5/
U@jDR{]I
kATFFC^Gm}Y[PCQVPLl1Z
nZBABR\#[	[
g6tqsg2
.-^J@M
#9,nyp)RmFF^G
AKS{T^S
V\hBZE]MF
eeaog5:NIQI
amn}ac+
@cER{T
IQABhwEP
oLFfTKCP^^
NIQHDBUO
C@WGiZ?dEN6x}s=cc
VrKDUQxM;
	X[xPYQ
]xMUBPTvP]UC|YG
V^[qya
RILiI[->>NI
me;succ
^~E_RUPcD*2
 8;nkdcqzd}XYg`
\IbERsUL
}]TEUMPTl}QA^MJY^D:d
A\W]lpOC\
F=y[EZ@d
^\BGSo g kg
V\]]]KDEGA
@04&v}a5@
C\WPBDBA
jKU}AGBiTIu@u
ems%v10CI
GaCV*V
_PUHKIE
blsztcc
Dl	`PYW
7R_7GPJJfT[FU'O2
gewwq0d
A_(RHO
Y[*GBG%
blsztcc
Dl	eGQGU
WTLV{PNvH5
2awsqggA
ditni|moc*6!$01:: O
M5!4"76
oEAPCQ
GClsEC
dbfFWBB
W^ZUQUQ
Z^~E]RT
r[Y]McZKQDDKUJ
O@DENTDOCVIOQUQ&
CHn:71"7*
+7JIRZ
y(q{sn!
g[VVzkPWl|PSK^C_^DifQ@V]FQ
lelsMP^GWBnU
^PKJCAR^
acw"v0dA
cwNIgac
WVL\BL
dB\CVv
gewwq0d
f[OtLc
/Ywqstjc
jrsao*|!"-:xyq.+} 
G[H5GWsVI
Qh}]WF
D]P@=d
GBVgRDCKCL:9
_oCVvXUU
cmsvtk}
x^$KA]@dZeVQ
^@]vHb
1b&w$gg
O@N\tP[CUlMO
jezruck
RK2]bJZDP
SA]xULrKg@
Gg4wwugg
QxPIN\jgghhz
amn9$-&;0=1GA
A[qCD'""1 
KOPM_M
ClsEBC
xY]PQBQ/
RURQUU
URPTTT
Cn_R@ABG~(
TFmIIT
T^vSEC
l|MOWTSVD
Jn$[TFgF]ACis\S
ATS&QLX
WY\]CLBLK_
~GPTvQNI
ke%p'02G
J@[#P^
GZ/AYRQF{
B]W\BL\K
@]LgG@s@gD
@04&v}a5@
qikwa1ewx`>f0r1
@\HjFW{
q^QBGC^G:$
&16:<LpgZ\N
D`_Y^E
*DOsVWCeVgKXDU
WQJGGIAN
~GVxFULgG
2QUQ'0.aiq
aesaiq;iI[
RiI[Cp
+P{KY]
]	TVU[
QUQER[
06![zCNYG->>NI
me;succ
VrIDWCdM{P
3LRCTzU]G 4eW^TKQMX_^
G_[BCS]
zK!!6")
?NCAgT
Dd:9&n{c+
CXHrGtY]\
yU\H}P
@RpTTJG_Q
WUD][Z7NBS
r^MERUD
Y\UCICDQO/&
bmmqrbq
VKRSQU
@z^qIAR@d
DEN\EAC
AMGg]S
k3qv}`c
_,EU[VG
 [XGBcYbGMFKWZTGMCVhg
c\Q]wY\]
k{qttq
WGwUrLCVC6X7Q
DEN\EAC
AMGbJ[
5gv{vcf
G\']XU
~MTQPB,
`UVTDb_u^K
A[EHG@UO/&
bmmqrbq
VKRSQU
@z^qIAR@d
DEN\EAC
AMGg]S
k3qv}`c
_,EU[VG
 [XGBcYbGMFKWZTGMCVhg
c\Q]wY\]
k{qttq
WGwUrLCVC6X7Q
DEN\EAC
AMGbJ[
5gv{vcf
G\']XU
~MTQPB,
`UVTDb_u^K
A[EHG@UO/&
bmmqrbq
VKRSQU
@z^qIAR@d
DEN\EAC
AMGg]S
k3qv}`c
_,EU[VG
 [XGBcYbGMFKWZTGMCVhg
c\Q]wY\]
k{qttq
WGwUrLCVC6X7Q
DEN\EAC
AMGbJ[
5gv{vcf
G\']XU
~MTQPB,
`UVTDb_u^K
A[EHG@UO/&
bmmqrbq
VKRSQU
@z^qIAR@d
DEN\EAC
AMGg]S
k3qv}`c
_,EU[VG
 [XGBcYbGMFKWZTGMCVhg
c\Q]wY\]
k{qttq
WGwUrLCVC6X7Q
DEN\EAC
AMGbJ[
5gv{vcf
G\']XU
~MTQPB,
`UVTDb_u^K
A[EHG@UO/&
bmmqrbq
VKRSQU
@z^qIAR@d
DEN\EAC
AMGg]S
k3qv}`c
_,EU[VG
 [XGBcYbGMF_[QXG@B[/&
`UVv@\_{UAuMf
ddaogbc
X@]h2[
YV*QV]_PBAo(
VQ\PBA]FW\
fBYLGjKUS
D`7 " fk
B\VYCLBL
`RVsYGCIfYNYG|No
16"&pkaDN
^G^VB[_VT]
~GXR~Y
V@OC6`{q#1`G
Z-B_TQ
dWkVTTN\
BT^YJEBI
c]I}GTLgGHuHo
jc{s#`1AMG
xu;h){"uxoyuw+~|s
G0BS)UA
UMPTk{YA^M
VzG!&*,+
$KBNMKM
\}DONGC
Vz[XGJbWg
~xzye1'
XiI[KW\
CICDU\A
GbC>0n}
 6PiLThG
[[\Z=:
^vEXS]\}Us[XGBd_jGMF
S]C@FMA
07aogbd
ZVY\UCH
,5:nca
w<=(&XLDTZ@fG
yK]^mNYW]_WW^
VVVWVW
&G^[tMN
>qy|ebtG
rIDUCe
bGMFAN`PXAUllgG
rQ[xRSt]R@VtKDR]
CAJGP]AN
{PXCSvK@GPIE:&71<q
cesr#cq
W!IVIQ<$2
DJ-f{onx{scAUossyp~|
T@fDZeWN
[BDUU~oWKD]^
neJ\T@TG
fbps'd6
ONGCxPr[XG
fQWsxoPKfPUE\tHg
bmmqrbq
c`tpu1dG
@IP~QtIVIQ&
fQWm}oLyUH|Hn
kevr}}a
D^EkFR~RJ
CUBQhy
_OJovE
GBVgRDCKCL:,
1w_G E2
EdCN7010g^Y
LbWTT]B)U 
bU\AQq
2f t&db@
QCL29aNOqa
aURfFU
acw"v0dA
QxPIN\
lMO7H_()
G'!*-" q/&
^vWA@\DwV$J
g4p r0d
XiI[KW$.6 ,8*.c`}
MDXU	4
C_VDlf
DPZ^S[^
cenw~gJjKNI
BNrTVAWnh|G^
V^[u^K&
qqyaaiq;dENUU
cK%) +
]DgE@Fo[
bVVMFQB]lxX[\]D^DX~fY^\M[Q
gRRT$^	QC
caww&da
;[XG!1
ThW]AQuZZ(
vpp|lcu
RJ#\C|VR@P
FP~Z\P
1b&w$gg
BlDZTUPcD0
.PEV7HYgDQFItlfWWuIn
vqq|`c}
gK\@yXTW
c7t&q2g
O@LbW\USBmJ`
lSV{DULFo[wHf
wqytegt
jgg`it
%r.<,$vp{('
Q=d[\]W]
QE>gQWWZG
>qUQER[
TY]\C@BDUU
o\[GTdENT
qyazskcD
@AMG]~[
{RrM@Q
C]I[DEPU
b]EcR\XsU
kg%!v6j
q:h~yw 
<z"ty+~}
1WNiTN
0!!GBVtIP
W~L\RUJ
SsAZW@eM~GPT
UJ@eT\
vcen3;)G_[QXG
iI[zLY
2NYGlMO
FtUREV*UTINLC
OPUCvV{HDUKdZfJGFV
/&`PX\0f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Policies\Microsoft\Windows\System"
"20190910080518.231","1008","9680f3bcae582fb3e92e78f258305730b7e4a4
71b089350cb","176h 
"pystem","LoadLibraryW","CUCCOSS"
Fil}Lamo/>cWP
b301901
O1"d"0008",j9>
pg6cca
x3vb2ez2e7
u5g30bOX!a
#6q64a
wbg1b0X
b,asys
cl"lpFileNaV
/>ntshrui.dll"
"20190910080518.221","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","memory","VirtualAllocEx","SUCCESS","0x00154000","th32ProcessID->240","szExeFile->HelpMe.exe","lpAddress->0x00154000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20190910080518.231","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","filesystem","ReadFile","SUCCESS","","hFile->0x000001b4","nNumberOfBytesToRead->61440"
"20190910080518.231","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","filesystem","WriteFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToWrite->61440"
"20190910080518.231","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","filesystem","ReadFile","SUCCESS","","hFile->0x000001b4","nNumberOfBytesToRead->61440"
"20190910080518.231","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","filesystem","WriteFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToWrite->61440"
"20190910080518.231","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","filesystem","ReadFile","SUCCESS","","hFile->0x000001b4","nNumberOfBytesToRead->61440"
"20190910080518.231","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","filesystem","WriteFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToWrite->61440"
"20190910080518.231","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","filesystem","ReadFile","SUCCESS","","hFile->0x000001b4","nNumberOfBytesToRead->12288"
"20190910080518.231","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","filesystem","WriteFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToWrite->12288"
"20190910080518.231","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","filesystem","WriteFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToWrite->268"
"20190910080518.231","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","filesystem","WriteFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToWrite->268"
"20190910080518.231","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","filesystem","DeleteFileW","SUCCESS","","lpFileName->C:\cuckoo\dll\cmonitor.dll"
"20190910080518.231","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","system","LoadLibraryA","SUCCESS","0x76980000","lpFileName->LINKINFO.dll"
"20190910080518.231","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","filesystem","CreateFileW","SUCCESS","0x000001d4","lpFileName->\\.\PIPE\srvsvc","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20190910080518.231","1008","9680f3bcae582fb3e92e78f258305730b7e4a440444c7264a3c7c71b089350cb","1760","registry","RegOpenKeyExW","SUCCESS","0x000001d4","hKey->HKEY_LOCAL_MACHINE","lpSubKey->System\CurrentControlSet\Control\ProductOptions"
"20190910080518.231","1008","9680f3bcae582fb3e