Sample details: 207dced476f716cfe3426c21f77c4068 --

Hashes
MD5: 207dced476f716cfe3426c21f77c4068
SHA1: ba86ed992962a9d7acd1cf09fdd6f0ed9080d602
SHA256: 07c48bf78d49934c2f873bdfeae8bd49520c5070678ed5f53181679a8a21a1cd
SSDEEP: 12288:NU8665gHU866w0B2uJ2s4otqFCJrW9FqvSbqsHasgXhFHDAGtlRXZ+CP63n0NuJU:NSjSGB2uJ2s4otqFCJrW9FqvSbqsHasi
Details
File Type: Composite
Added: 2019-10-09 14:19:54
Yara Hits
CuckooSandbox/shellcode | CuckooSandbox/embedded_pe | CuckooSandbox/embedded_win_api | YRP/Borland | YRP/domain | YRP/url | YRP/contentis_base64 | YRP/maldoc_OLE_file_magic_number | YRP/Dropper_Strings | YRP/anti_dbg | YRP/network_dropper | YRP/spreading_file | YRP/win_mutex | YRP/win_registry | YRP/win_files_operation | YRP/win_hook | YRP/Big_Numbers3 | YRP/Str_Win32_Winsock2_Library | YRP/Str_Win32_Wininet_Library | YRP/Str_Win32_Internet_API | YRP/CAP_HookExKeylogger |
Strings
		Microsoft at Work~.feed-ms
# NOTE: Derived from ../../lib/POSIX.pm.
# Changes made here will be lost when autosplit is run again.
# See AutoSplit.pm.
package POSIX;
#line 642 "../../lib/POSIX.pm (autosplit into ../../lib/auto/POSIX/execv.al)"
sub execv {
    unimpl "execv() is C-specific, stopped";
# end of POSIX::execv
execv.al
!This program cannot be run in DOS mode.
`.rdata
@.data
@.reloc
D$ Pj@
;T$|sF
L$LQWS
u._^]3
u=_^][
T$0WSQUR
f	U4_^][
L$0WSRUQ
f	M4_^][
f	U4_^]
33333333333333
3333333
 !"#$%&'33()3333*333+33,-./0312
@Ww@t,
HHtXHHt
?If90t
uTVWhD
j@j ^V
< tK<	tG
v	N+D$
HHtYHHt
^SSSSS
URPQQh`
t"SS9] u
;t$,v-
UQPXY]Y[
PPPPPPPP
PPPPPPPP
PostTrampSize %d
YWORD 
DQWORD 
TBYTE 
QWORD 
DWORD 
 ;NOT TAKEN
 ;TAKEN
REPNZ 
UNDEFINED
CALL FAR
LOOPNZ
JMP FAR
SYSCALL
SYSRET
WBINVD
SYSENTER
SYSEXIT
GETSEC
CMOVNO
CMOVAE
CMOVNZ
CMOVBE
CMOVNS
CMOVNP
CMOVGE
CMOVLE
CMPXCHG
MOVNTI
INVLPG
VMCALL
VMLAUNCH
VMRESUME
VMXOFF
MONITOR
XGETBV
XSETBV
VMMCALL
VMLOAD
VMSAVE
SKINIT
INVLPGA
SWAPGS
RDTSCP
PREFETCH
PREFETCHW
PFNACC
PFPNACC
PFCMPGE
PFRSQRT
PFCMPGT
PFRCPIT1
PFRSQIT1
PFSUBR
PFCMPEQ
PFRCPIT2
PMULHRW
PSWAPD
PAVGUSB
MOVUPS
MOVUPD
VMOVSS
VMOVSD
VMOVUPS
VMOVUPD
MOVHLPS
MOVLPS
MOVLPD
MOVSLDUP
MOVDDUP
VMOVHLPS
VMOVLPS
VMOVLPD
VMOVSLDUP
VMOVDDUP
UNPCKLPS
UNPCKLPD
VUNPCKLPS
VUNPCKLPD
UNPCKHPS
UNPCKHPD
VUNPCKHPS
VUNPCKHPD
MOVLHPS
MOVHPS
MOVHPD
MOVSHDUP
VMOVLHPS
VMOVHPS
VMOVHPD
VMOVSHDUP
PREFETCHNTA
PREFETCHT0
PREFETCHT1
PREFETCHT2
MOVAPS
MOVAPD
VMOVAPS
VMOVAPD
CVTPI2PS
CVTPI2PD
CVTSI2SS
CVTSI2SD
VCVTSI2SS
VCVTSI2SD
MOVNTPS
MOVNTPD
MOVNTSS
MOVNTSD
VMOVNTPS
VMOVNTPD
CVTTPS2PI
CVTTPD2PI
CVTTSS2SI
CVTTSD2SI
VCVTTSS2SI
VCVTTSD2SI
CVTPS2PI
CVTPD2PI
CVTSS2SI
CVTSD2SI
VCVTSS2SI
VCVTSD2SI
UCOMISS
UCOMISD
VUCOMISS
VUCOMISD
COMISS
COMISD
VCOMISS
VCOMISD
PSHUFB
VPSHUFB
PHADDW
VPHADDW
PHADDD
VPHADDD
PHADDSW
VPHADDSW
PMADDUBSW
VPMADDUBSW
PHSUBW
VPHSUBW
PHSUBD
VPHSUBD
PHSUBSW
VPHSUBSW
PSIGNB
VPSIGNB
PSIGNW
VPSIGNW
PSIGND
VPSIGND
PMULHRSW
VPMULHRSW
VPERMILPS
VPERMILPD
VPTESTPS
VPTESTPD
PBLENDVB
BLENDVPS
BLENDVPD
VPTEST
VBROADITSF
/#IDXHDR
/#ITBITS
	/#STRINGS
/#SYSTEM
/#TOPICS
/#URLSTR
/#URLTBL
	/#WINDOWS
/$FIftiMain
	/$OBJINST
/$WWAssociativeLinks/
/$WWAssociativeLinks/Property
/$WWKeywordLinks/
/$WWKeywordLinks/Property
/html/
/html/bluedot.gif
/html/bluedrop.gif
/html/bluedrop_ZA79005001.gif
/html/blueup.gif
/html/blueup_ZA79005000.gif
/html/collapsetri.gif
tO /html/collapsetri_ZA79005002.gif
/html/expandtri.gif
/html/expandtri_ZA79005003.gif
/html/ExpCollapse.js
/html/home2.gif
/html/home2_ZA06048355.gif
/html/office10.css
-1/html/PSSXMicrosoftSupportServices_HP05221271.htm
/img/Blue_Bullet_ZA10079366.gif
/img/bluedot.gif
/img/bluedrop.gif
/img/bluedrop_ZA79005001.gif
/img/blueup.gif
/img/blueup_ZA79005000.gif
/img/callout1.gif
/img/callout1_ZA06047465.gif
/img/callout1y_ZA01093948.gif
/img/callout2.gif
/img/callout2_ZA06047466.gif
/img/callout2y_ZA01093949.gif
/img/callout3.gif
/img/callout3_ZA06047467.gif
/img/callout3y_ZA01093950.gif
/img/callout4.gif
/img/callout4_ZA06047468.gif
/img/callout4y_ZA01093951.gif
/img/callout5.gif
/img/callout5_ZA06047469.gif
/img/callout5y_ZA01093952.gif
/img/callout6.gif
/img/callout6_ZA06047470.gif
/img/callout6y_ZA01093953.gif
/img/callout7.gif
/img/callout7_ZA06048448.gif
/img/callout7y_ZA01093954.gif
/img/callout8.gif
/img/callout8_ZA06048449.gif
/img/callout8y_ZA01093955.gif
/img/callout9.gif
/img/callout9_ZA06049075.gif
/img/callout9y_ZA01094353.gif
/img/collapsetri.gif
/img/collapsetri_ZA79005002.gif
/img/comm_cd.jpg
/img/comm_cd_ZA01056884.jpg
/img/comm_faq.jpg
/img/comm_faq_ZA01056885.jpg
/img/comm_intro.jpg
/img/comm_intro_ZA01056886.jpg
/img/comm_website.jpg
2 /img/comm_website_ZA01056887.jpg
/img/expandtri.gif
/img/expandtri_ZA79005003.gif
/img/Grey_Bullet_ZA10097919.gif
/img/home2.gif
/img/home2_ZA06048355.gif
/img/hrefIcon_ZA10069439.gif
/img/nav_globe_ZA06053539.gif
/img/new_ZA10069440.gif
/img/TopOfPage_ZA01200376.gif
/img/TopPageIcon_ZA10077668.gif
::DataSpace/NameList
<(::DataSpace/Storage/MSCompressed/Content
^,::DataSpace/Storage/MSCompressed/ControlData
)::DataSpace/Storage/MSCompressed/SpanInfo
/::DataSpace/Storage/MSCompressed/Transform/List
<&_::DataSpace/Storage/MSCompressed/Transform/{7FC28940-9D31-11D0-9B27-00A0C91E9C7C}/InstanceData/
i::DataSpace/Storage/MSCompressed/Transform/{7FC28940-9D31-11D0-9B27-00A0C91E9C7C}/InstanceData/ResetTable
HHA Version 4.74.8702
html/PSSXMicrosoftSupportServices_HP05221271.htm
Product Support for the 2007 Microsoft Office System
pss10r
iCHE!$
l8}ltm]
b0"<I6
j-wWL2l*r
d2QVGx	W"
ke}ziz
@{S}>$
*jK|mXn
Mr}	$ 7t
vW4vm:
vsN2-	
hAjs{V
K]bg0,
a7ZhWj/
sj4A $
ctG3rc
{L/lW;
uA\"9Ea
m7lI*L
4C9*r{
@@@@{@V
 `        > @
Q zgQfo7
#)OY@ub
oRtvmtxw
a=un,l
0q,b3*
Pj+X(=
UdZDg"
"(=,[`
>Z:x>S
OCS)8h-?
}Czp(M
6?{DjFj
wcwT]5X
~<)O2M
+6:2$6
 LXRUU
pss10r.chm
!This program cannot be run in DOS mode.
`.rdata
@.data
@.reloc
D$ Pj@
;T$|sF
L$LQWS
u._^]3
u=_^][
T$0WSQUR
f	U4_^][
L$0WSRUQ
f	M4_^][
f	U4_^]
33333333333333
3333333
 !"#$%&'33()3333*333+33,-./0312
@Ww@t,
HHtXHHt
?If90t
uTVWhD
j@j ^V
< tK<	tG
v	N+D$
HHtYHHt
^SSSSS
URPQQh`
t"SS9] u
;t$,v-
UQPXY]Y[
PPPPPPPP
PPPPPPPP
PostTrampSize %d
YWORD 
DQWORD 
TBYTE 
QWORD 
DWORD 
 ;NOT TAKEN
 ;TAKEN
REPNZ 
UNDEFINED
CALL FAR
LOOPNZ
JMP FAR
SYSCALL
SYSRET
WBINVD
SYSENTER
SYSEXIT
GETSEC
CMOVNO
CMOVAE
CMOVNZ
CMOVBE
CMOVNS
CMOVNP
CMOVGE
CMOVLE
CMPXCHG
MOVNTI
INVLPG
VMCALL
VMLAUNCH
VMRESUME
VMXOFF
MONITOR
XGETBV
XSETBV
VMMCALL
VMLOAD
VMSAVE
SKINIT
INVLPGA
SWAPGS
RDTSCP
PREFETCH
PREFETCHW
PFNACC
PFPNACC
PFCMPGE
PFRSQRT
PFCMPGT
PFRCPIT1
PFRSQIT1
PFSUBR
PFCMPEQ
PFRCPIT2
PMULHRW
PSWAPD
PAVGUSB
MOVUPS
MOVUPD
VMOVSS
VMOVSD
VMOVUPS
VMOVUPD
MOVHLPS
MOVLPS
MOVLPD
MOVSLDUP
MOVDDUP
VMOVHLPS
VMOVLPS
VMOVLPD
VMOVSLDUP
VMOVDDUP
UNPCKLPS
UNPCKLPD
VUNPCKLPS
VUNPCKLPD
UNPCKHPS
UNPCKHPD
VUNPCKHPS
VUNPCKHPD
MOVLHPS
MOVHPS
MOVHPD
MOVSHDUP
VMOVLHPS
VMOVHPS
VMOVHPD
VMOVSHDUP
PREFETCHNTA
PREFETCHT0
PREFETCHT1
PREFETCHT2
MOVAPS
MOVAPD
VMOVAPS
VMOVAPD
CVTPI2PS
CVTPI2PD
CVTSI2SS
CVTSI2SD
VCVTSI2SS
VCVTSI2SD
MOVNTPS
MOVNTPD
MOVNTSS
MOVNTSD
VMOVNTPS
VMOVNTPD
CVTTPS2PI
CVTTPD2PI
CVTTSS2SI
CVTTSD2SI
VCVTTSS2SI
VCVTTSD2SI
CVTPS2PI
CVTPD2PI
CVTSS2SI
CVTSD2SI
VCVTSS2SI
VCVTSD2SI
UCOMISS
UCOMISD
VUCOMISS
VUCOMISD
COMISS
COMISD
VCOMISS
VCOMISD
PSHUFB
VPSHUFB
PHADDW
VPHADDW
PHADDD
VPHADDD
PHADDSW
VPHADDSW
PMADDUBSW
VPMADDUBSW
PHSUBW
VPHSUBW
PHSUBD
VPHSUBD
PHSUBSW
VPHSUBSW
PSIGNB
VPSIGNB
PSIGNW
VPSIGNW
PSIGND
VPSIGND
PMULHRSW
VPMULHRSW
VPERMILPS
VPERMILPD
VPTESTPS
VPTESTPD
PBLENDVB
BLENDVPS
BLENDVPD
VPTEST
VBROADCASTSS
VBROADCASTSD
VBROADCASTF128
VPABSB
VPABSW
VPABSD
PMOVSXBW
VPMOVSXBW
PMOVSXBD
VPMOVSXBD
PMOVSXBQ
VPMOVSXBQ
PMOVSXWD
VPMOVSXWD
PMOVSXWQ
VPMOVSXWQ
PMOVSXDQ
VPMOVSXDQ
PMULDQ
VPMULDQ
PCMPEQQ
VPCMPEQQ
MOVNTDQA
VMOVNTDQA
PACKUSDW
VPACKUSDW
VMASKMOVPS
VMASKMOVPD
PMOVZXBW
VPMOVZXBW
PMOVZXBD
VPMOVZXBD
PMOVZXBQ
VPMOVZXBQ
PMOVZXWD
VPMOVZXWD
PMOVZXWQ
VPMOVZXWQ
PMOVZXDQ
VPMOVZXDQ
PCMPGTQ
VPCMPGTQ
PMINSB
VPMINSB
PMINSD
VPMINSD
PMINUW
VPMINUW
PMINUD
VPMINUD
PMAXSB
VPMAXSB
PMAXSD
VPMAXSD
PMAXUW
VPMAXUW
PMAXUD
VPMAXUD
PMULLD
VPMULLD
PHMINPOSUW
VPHMINPOSUW
INVEPT
INVVPID
VFMADDSUB132PS
VFMADDSUB132PD
VFMSUBADD132PS
VFMSUBADD132PD
VFMADD132PS
VFMADD132PD
VFMADD132SS
VFMADD132SD
VFMSUB132PS
VFMSUB132PD
VFMSUB132SS
VFMSUB132SD
VFNMADD132PS
VFNMADD132PD
VFNMADD132SS
VFNMADD132SD
VFNMSUB132PS
VFNMSUB132PD
VFNMSUB132SS
VFNMSUB132SD
VFMADDSUB213PS
VFMADDSUB213PD
VFMSUBADD213PS
VFMSUBADD213PD
VFMADD213PS
VFMADD213PD
VFMADD213SS
VFMADD213SD
VFMSUB213PS
VFMSUB213PD
VFMSUB213SS
VFMSUB213SD
VFNMADD213PS
VFNMADD213PD
VFNMADD213SS
VFNMADD213SD
VFNMSUB213PS
VFNMSUB213PD
VFNMSUB213SS
VFNMSUB213SD
VFMADDSUB231PS
VFMADDSUB231PD
VFMSUBADD231PS
VFMSUBADD231PD
VFMADD231PS
VFMADD231PD
VFMADD231SS
VFMADD231SD
VFMSUB231PS
VFMSUB231PD
VFMSUB231SS
VFMSUB231SD
VFNMADD231PS
VFNMADD231PD
VFNMADD231SS
VFNMADD231SD
VFNMSUB231PS
VFNMSUB231PD
VFNMSUB231SS
VFNMSUB231SD
AESIMC
VAESIMC
AESENC
VAESENC
AESENCLAST
VAESENCLAST
AESDEC
VAESDEC
AESDECLAST
VAESDECLAST
VPERM2F128
ROUNDPS
VROUNDPS
ROUNDPD
VROUNDPD
ROUNDSS
VROUNDSS
ROUNDSD
VROUNDSD
BLENDPS
VBLENDPS
BLENDPD
VBLENDPD
PBLENDW
VPBLENDVW
PALIGNR
VPALIGNR
PEXTRB
VPEXTRB
PEXTRW
VPEXTRW
PEXTRD
PEXTRQ
VPEXTRD
EXTRACTPS
VEXTRACTPS
VINSERTF128
VEXTRACTF128
PINSRB
VPINSRB
INSERTPS
VINSERTPS
PINSRD
PINSRQ
VPINSRD
VPINSRQ
MPSADBW
VMPSADBW
PCLMULQDQ
VPCLMULQDQ
VBLENDVPS
VBLENDVPD
VPBLENDVB
PCMPESTRM
VPCMPESTRM
PCMPESTRI
VCMPESTRI
PCMPISTRM
VPCMPISTRM
PCMPISTRI
VPCMPISTRI
AESKEYGENASSIST
VAESKEYGENASSIST
MOVMSKPS
MOVMSKPD
VMOVMSKPS
VMOVMSKPD
SQRTPS
SQRTPD
SQRTSS
SQRTSD
VSQRTSS
VSQRTSD
VSQRTPS
VSQRTPD
RSQRTPS
RSQRTSS
VRSQRTSS
VRSQRTPS
VRCPSS
VRCPPS
VANDPS
VANDPD
ANDNPS
ANDNPD
VANDNPS
VANDNPD
VXORPS
VXORPD
VADDPS
VADDPD
VADDSS
VADDSD
VMULPS
VMULPD
VMULSS
VMULSD
CVTPS2PD
CVTPD2PS
CVTSS2SD
CVTSD2SS
VCVTSS2SD
VCVTSD2SS
VCVTPS2PD
VCVTPD2PS
CVTDQ2PS
CVTPS2DQ
CVTTPS2DQ
VCVTDQ2PS
VCVTPS2DQ
VCVTTPS2DQ
VSUBPS
VSUBPD
VSUBSS
VSUBSD
VMINPS
VMINPD
VMINSS
VMINSD
VDIVPS
VDIVPD
VDIVSS
VDIVSD
VMAXPS
VMAXPD
VMAXSS
VMAXSD
PUNPCKLBW
VPUNPCKLBW
PUNPCKLWD
VPUNPCKLWD
PUNPCKLDQ
VPUNPCKLDQ
PACKSSWB
VPACKSSWB
PCMPGTB
VPCMPGTB
PCMPGTW
VPCMPGTW
PCMPGTD
VPCMPGTD
PACKUSWB
VPACKUSWB
PUNPCKHBW
VPUNPCKHBW
PUNPCKHWD
VPUNPCKHWD
PUNPCKHDQ
VPUNPCKHDQ
PACKSSDW
VPACKSSDW
PUNPCKLQDQ
VPUNPCKLQDQ
PUNPCKHQDQ
VPUNPCKHQDQ
MOVDQA
MOVDQU
VMOVDQA
VMOVDQU
PSHUFW
PSHUFD
PSHUFHW
PSHUFLW
VPSHUFD
VPSHUFHW
VPSHUFLW
VPSRLW
VPSRAW
VPSLLW
VPSRLD
VPSRAD
VPSLLD
VPSRLQ
PSRLDQ
VPSRLDQ
VPSLLQ
PSLLDQ
VPSLLDQ
PCMPEQB
VPCMPEQB
PCMPEQW
VPCMPEQW
PCMPEQD
VPCMPEQD
VZEROUPPER
VZEROALL
VMREAD
INSERTQ
VMWRITE
HADDPD
HADDPS
VHADDPD
VHADDPS
HSUBPD
HSUBPS
VHSUBPD
VHSUBPS
FXSAVE
FXRSTOR
LFENCE
XRSTOR
MFENCE
SFENCE
CLFLUSH
LDMXCSR
VLDMXCSR
STMXCSR
VSTMXCSR
POPCNT
CMPEQPS
CMPLTPS
CMPLEPS
CMPUNORDPS
CMPNEQPS
CMPNLTPS
CMPNLEPS
CMPORDPS
CMPEQPD
CMPLTPD
CMPLEPD
CMPUNORDPD
CMPNEQPD
CMPNLTPD
CMPNLEPD
CMPORDPD
CMPEQSS
CMPLTSS
CMPLESS
CMPUNORDSS
CMPNEQSS
CMPNLTSS
CMPNLESS
CMPORDSS
CMPEQSD
CMPLTSD
CMPLESD
CMPUNORDSD
CMPNEQSD
CMPNLTSD
CMPNLESD
CMPORDSD
VCMPEQPS
VCMPLTPS
VCMPLEPS
VCMPUNORDPS
VCMPNEQPS
VCMPNLTPS
VCMPNLEPS
VCMPORDPS
VCMPEQPD
VCMPLTPD
VCMPLEPD
VCMPUNORDPD
VCMPNEQPD
VCMPNLTPD
VCMPNLEPD
VCMPORDPD
VCMPEQSS
VCMPLTSS
VCMPLESS
VCMPUNORDSS
VCMPNEQSS
VCMPNLTSS
VCMPNLESS
VCMPORDSS
VCMPEQSD
VCMPLTSD
VCMPLESD
VCMPUNORDSD
VCMPNEQSD
VCMPNLTSD
VCMPNLESD
VCMPORDSD
PINSRW
VPINSRW
SHUFPS
SHUFPD
VSHUFPS
VSHUFPD
CMPXCHG8B
CMPXCHG16B
VMPTRST
VMPTRLD
VMCLEAR
ADDSUBPD
ADDSUBPS
VADDSUBPD
VADDSUBPS
VPADDQ
PMULLW
VPMULLW
MOVQ2DQ
MOVDQ2Q
PMOVMSKB
VPMOVMSKB
PSUBUSB
VPSUBUSB
PSUBUSW
VPSUBUSW
PMINUB
VPMINUB
PADDUSB
VPADDUSW
PADDUSW
PMAXUB
VPMAXUB
VPANDN
VPAVGB
VPAVGW
PMULHUW
VPMULHUW
PMULHW
VPMULHW
CVTTPD2DQ
CVTDQ2PD
CVTPD2DQ
VCVTTPD2DQ
VCVTDQ2PD
VCVTPD2DQ
MOVNTQ
MOVNTDQ
VMOVNTDQ
PSUBSB
VPSUBSB
PSUBSW
VPSUBSW
PMINSW
VPMINSW
PADDSB
VPADDSB
PADDSW
VPADDSW
PMAXSW
VPMAXSW
VLDDQU
PMULUDQ
VPMULUDQ
PMADDWD
VPMADDWD
PSADBW
VPSADBW
MASKMOVQ
MASKMOVDQU
VMASKMOVDQU
VPSUBB
VPSUBW
VPSUBD
VPSUBQ
VPADDB
VPADDW
VPADDD
FLDENV
FLDL2T
FLDL2E
FLDLG2
FLDLN2
FPATAN
FXTRACT
FPREM1
FDECSTP
FINCSTP
FYL2XP1
FSINCOS
FRNDINT
FSCALE
FNSTENV
FSTENV
FNSTCW
FICOMP
FISUBR
FIDIVR
FCMOVB
FCMOVE
FCMOVBE
FCMOVU
FUCOMPP
FISTTP
FCMOVNB
FCMOVNE
FCMOVNBE
FCMOVNU
FEDISI
FSETPM
FUCOMI
FNCLEX
FNINIT
FRSTOR
FUCOMP
FNSAVE
FNSTSW
FCOMPP
FSUBRP
FDIVRP
FUCOMIP
FCOMIP
MOVSXD
bad allocation
(null)
`h````
xpxxxx
Unknown exception
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
CorExitProcess
HH:mm:ss
dddd, MMMM dd, yyyy
MM/dd/yy
December
November
October
September
August
February
January
Saturday
Friday
Thursday
Wednesday
Tuesday
Monday
Sunday
`h`hhh
xppwpp
 !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
 Complete Object Locator'
 Class Hierarchy Descriptor'
 Base Class Array'
 Base Class Descriptor at (
 Type Descriptor'
`local static thread guard'
`managed vector copy constructor iterator'
`vector vbase copy constructor iterator'
`vector copy constructor iterator'
`dynamic atexit destructor for '
`dynamic initializer for '
`eh vector vbase copy constructor iterator'
`eh vector copy constructor iterator'
`managed vector destructor iterator'
`managed vector constructor iterator'
`placement delete[] closure'
`placement delete closure'
`omni callsig'
 delete[]
 new[]
`local vftable constructor closure'
`local vftable'
`udt returning'
`copy constructor closure'
`eh vector vbase constructor iterator'
`eh vector destructor iterator'
`eh vector constructor iterator'
`virtual displacement map'
`vector vbase constructor iterator'
`vector destructor iterator'
`vector constructor iterator'
`scalar deleting destructor'
`default constructor closure'
`vector deleting destructor'
`vbase destructor'
`string'
`local static guard'
`typeof'
`vcall'
`vbtable'
`vftable'
operator
 delete
__unaligned
__restrict
__ptr64
__eabi
__clrcall
__fastcall
__thiscall
__stdcall
__pascal
__cdecl
__based(
GetProcessWindowStation
GetUserObjectInformationW
GetLastActivePopup
GetActiveWindow
MessageBoxW
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
"%s","%d","%s","%d","windows","FindWindowW","FAILURE","","lpClassName->%s","lpWindowName->%s"
"%s","%d","%s","%d","windows","FindWindowW","SUCCESS","0x%08x","lpClassName->%s","lpWindowName->%s"
"%s","%d","%s","%d","windows","FindWindowW","FAILURE","","lpClassName->%ws","lpWindowName->%ws"
FILE:%s
FILE:%ws
"%s","%d","%s","%d","windows","FindWindowW","SUCCESS","0x%08x","lpClassName->%ws","lpWindowName->%ws"
"%s","%d","%s","%d","synchronization","CreateMutexA","FAIL","","lpName->%s"
"%s","%d","%s","%d","synchronization","CreateMutexA","SUCCESS","0x%08x","lpName->%s"
"%s","%d","%s","%d","synchronization","CreateMutexW","FAIL","","lpName->%ws"
"%s","%d","%s","%d","synchronization","CreateMutexW","SUCCESS","0x%08x","lpName->%ws"
"%s","%d","%s","%d","synchronization","OpenMutexA","FAILURE","","dwDesiredAccess->%s","lpName->%s"
"%s","%d","%s","%d","synchronization","OpenMutexA","SUCCESS","0x%08x","dwDesiredAccess->%s","lpName->%s"
python.exe
"%s","%d","%s","%d","synchronization","OpenMutexW","FAILURE","","dwDesiredAccess->%s","lpName->%ws"
"%s","%d","%s","%d","synchronization","OpenMutexW","SUCCESS","0x%08x","dwDesiredAccess->%s","lpName->%ws"
FILE:%ws
"%s","%d","%s","%d","services","OpenSCManagerA","FAILURE","","lpMachineName->%s","lpDatabaseName->%s","dwDesiredAccess->%s"
"%s","%d","%s","%d","services","OpenSCManagerA","SUCCESS","0x%08x","lpMachineName->%s","lpDatabaseName->%s","dwDesiredAccess->%s"
"%s","%d","%s","%d","system","IsDebuggerPresent","",""
"%s","%d","%s","%d","services","OpenSCManagerW","FAILURE","","lpMachineName->%ws","lpDatabaseName->%ws","dwDesiredAccess->%s"
"%s","%d","%s","%d","services","OpenSCManagerW","SUCCESS","0x%08x","lpMachineName->%ws","lpDatabaseName->%ws","dwDesiredAccess->%s"
"%s","%d","%s","%d","services","CreateServiceA","FAILURE","","lpServiceName->%s","dwServiceType->%s","dwStartType->%s","lpBinaryPathName->%s"
"%s","%d","%s","%d","services","CreateServiceA","FAILURE","0x%08x","lpServiceName->%s","dwServiceType->%s","dwStartType->%s","lpBinaryPathName->%s"
"%s","%d","%s","%d","services","CreateServiceW","FAILURE","","lpServiceName->%ws","dwServiceType->%s","dwStartType->%s","lpBinaryPathName->%ws"
PID:%d
FILE:%s
FILE:%ws
"%s","%d","%s","%d","services","CreateServiceW","SUCCESS","0x%08x","lpServiceName->%ws","dwServiceType->%s","dwStartType->%s","lpBinaryPathName->%ws"
"%s","%d","%s","%d","services","OpenServiceW","FAILURE","","lpServiceName->%s","dwDesiredAccess->%s"
"%s","%d","%s","%d","services","OpenServiceW","SUCCESS","0x%08x","lpServiceName->%s","dwDesiredAccess->%s"
"%s","%d","%s","%d","services","OpenServiceW","FAILURE","","lpServiceName->%ws","dwDesiredAccess->%s"
"%s","%d","%s","%d","services","OpenServiceW","SUCCESS","0x%08x","lpServiceName->%ws","dwDesiredAccess->%s"
"%s","%d","%s","%d","services","StartServiceW","FAILURE","","hService->0x%08x","lpServiceArgVectors->%s"
FILE:%s
C:\cuckoo\
"%s","%d","%s","%d","services","StartServiceW","SUCCESS","","hService->0x%08x","lpServiceArgVectors->%s"
%sfiles\%s
"%s","%d","%s","%d","services","StartServiceW","FAILURE","","hService->0x%08x","lpServiceArgVectors->%ws"
C:\cuckoo\
"%s","%d","%s","%d","services","StartServiceW","SUCCESS","","hService->0x%08x","lpServiceArgVectors->%ws"
%sfiles\%s
"%s","%d","%s","%d","services","ControlService","FAILURE","","hService->0x%08x","dwControl->%s"
PID:%d
GetCurrentProcessId
"%s","%d","%s","%d","services","ControlService","SUCCESS","","hService->0x%08x","dwControl->%s"
PID:%d
Kernel32
"%s","%d","%s","%d","services","DeleteService","FAILURE","","hService->0x%08x"
PID:%d
%d%02d%02d%02d%02d%02d.%03d
"%s","%d","%s","%d","services","DeleteService","SUCCESS","","hService->0x%08x"
PID:%d
GENERIC_ALL
"%s","%d","%s","%d","registry","RegOpenKeyW","SUCCESS","0x%08x","hKey->%s","lpSubKey->%ws"
"%s","%d","%s","%d","registry","RegOpenKeyW","FAILURE","","hKey->%s","lpSubKey->%ws"
explorer.exe
"%s","%d","%s","%d","registry","RegOpenKeyA","SUCCESS","0x%08x","hKey->%s","lpSubKey->%s"
ATTRIBUTES
"%s","%d","%s","%d","registry","RegOpenKeyA","FAILURE","","hKey->%s","lpSubKey->%s"
explorer.exe
"%s","%d","%s","%d","registry","RegOpenKeyExA","SUCCESS","0x%08x","hKey->%s","lpSubKey->%s"
"%s","%d","%s","%d","registry","RegOpenKeyExA","FAILURE","","hKey->%s","lpSubKey->%s"
explorer.exe
"%s","%d","%s","%d","registry","RegOpenKeyExW","SUCCESS","0x%08x","hKey->%s","lpSubKey->%ws"
"%s","%d","%s","%d","registry","RegOpenKeyExW","FAILURE","","hKey->%s","lpSubKey->%ws"
explorer.exe
PID:%d
GENERIC_EXECUTE
HKEY_CLASSES_ROOT
"%s","%d","%s","%d","registry","RegCreateKeyW","SUCCESS","0x%08x","hKey->%s","lpSubKey->%s"
"%s","%d","%s","%d","registry","RegCreateKeyW","FAILURE","","hKey->%s","lpSubKey->%s"
explorer.exe
"%s","%d","%s","%d","registry","RegCreateKeyW","SUCCESS","0x%08x","hKey->%s","lpSubKey->%ws"
"%s","%d","%s","%d","registry","RegCreateKeyW","FAILURE","","hKey->%s","lpSubKey->%ws"
explorer.exe
GENERIC_WRITE
0x%08x
HKEY_CURRENT_CONFIG
"%s","%d","%s","%d","registry","RegCreateKeyExW","SUCCESS","0x%08x","hKey->%s","lpSubKey->%s"
"%s","%d","%s","%d","registry","RegCreateKeyExW","FAILURE","","hKey->%s","lpSubKey->%s"
explorer.exe
HKEY_CURRENT_USER
"%s","%d","%s","%d","registry","RegCreateKeyExW","SUCCESS","0x%08x","hKey->%s","lpSubKey->%ws"
HKEY_LOCAL_MACHINE
"%s","%d","%s","%d","registry","RegCreateKeyExW","FAILURE","","hKey->%s","lpSubKey->%ws"
explorer.exe
HKEY_USERS
"%s","%d","%s","%d","registry","RegDeleteKeyA","SUCCESS","","hKey->%s","lpSubKey->%s"
"%s","%d","%s","%d","registry","RegDeleteKeyA","FAILURE","","hKey->%s","lpSubKey->%s"
explorer.exe
"%s","%d","%s","%d","registry","RegDeleteKeyW","SUCCESS","","hKey->%s","lpSubKey->%ws"
0x%08x
"%s","%d","%s","%d","registry","RegDeleteKeyW","FAILURE","","hKey->%s","lpSubKey->%ws"
explorer.exe
"%s","%d","%s","%d","registry","RegEnumKeyExW","SUCCESS","%ws","hKey->%s","dwIndex->%d"
"%s","%d","%s","%d","registry","RegEnumKeyExW","FAILURE","","hKey->%s","dwIndex->%d"
explorer.exe
"%s","%d","%s","%d","registry","RegEnumValueW","SUCCESS","%ws","hKey->%s","dwIndex->%d"
SERVICE_ADAPTER
SERVICE_FILE_SYSTEM_DRIVER
"%s","%d","%s","%d","registry","RegEnumValueW","FAILURE","","hKey->%s","dwIndex->%d"
explorer.exe
"%s","%d","%s","%d","registry","RegSetValueExA","SUCCESS","","hKey->%s","lpValueName->%s","dwType->%d","lpData->%s","cbData->%d"
SERVICE_RECOGNIZER_DRIVER
"%s","%d","%s","%d","registry","RegSetValueExA","FAILURE","","hKey->%s","lpValueName->%s","dwType->%d","lpData->%s","cbData->%d"
explorer.exe
SERVICE_KERNEL_DRIVER
SERVICE_WIN32_OWN_PROCESS
"%s","%d","%s","%d","registry","RegSetValueExW","SUCCESS","","hKey->%s","lpValueName->%ws","dwType->%d","lpData->%ws","cbData->%d"
"%s","%d","%s","%d","registry","RegSetValueExW","FAILURE","","hKey->%s","lpValueName->%ws","dwType->%d","lpData->%ws","cbData->%d"
explorer.exe
"%s","%d","%s","%d","registry","RegQueryValueExW","SUCCESS","","hKey->%s","lpValueName->%ws"
"%s","%d","%s","%d","registry","RegQueryValueExW","FAILURE","","hKey->%s","lpValueName->%ws"
explorer.exe
"%s","%d","%s","%d","process","CreateProcessA","FAILURE","","lpApplicationName->%s","lpCommandLine->%s"
SERVICE_WIN32_SHARE_PROCESS
"%s","%d","%s","%d","process","CreateProcessA","SUCCESS","%d","lpApplicationName->%s","lpCommandLine->%s"
SERVICE_AUTO_START
"%s","%d","%s","%d","process","CreateProcessW","FAILURE","","lpApplicationName->%ws","lpCommandLine->%ws"
SERVICE_BOOT_START
"%s","%d","%s","%d","process","CreateProcessW","SUCCESS","%d","lpApplicationName->%ws","lpCommandLine->%ws"
"%s","%d","%s","%d","process","TerminateProcess","FAILURE","","uExitCode->%d","th32ProcessID->%d","szExeFile->%s"
SERVICE_DISABLED
"%s","%d","%s","%d","process","TerminateProcess","SUCCESS","","uExitCode->%d","th32ProcessID->%d","szExeFile->%s"
SC_MANAGER_CREATE_SERVICE
"%s","%d","%s","%d","process","ExitProcess","","","uExitCode->0x%08x"
"%s","%d","%s","%d","process","ShellExecuteExW","SUCCESS","","lpVerb->%s","lpFile->%s","lpParameters->%s","lpDirectory->%s","hProcess->0x%08x"
0x%08x
SC_MANAGER_CONNECT
"%s","%d","%s","%d","process","ShellExecuteExW","FAILURE","","lpVerb->%s","lpFile->%s","lpParameters->%s","lpDirectory->%s","hProcess->0x%08x"
0x%08x
SC_MANAGER_LOCK
SERVICE_ALL_ACCESS
"%s","%d","%s","%d","process","ShellExecuteExW","SUCCESS","","lpVerb->%ws","lpFile->%ws","lpParameters->%ws","lpDirectory->%ws","hProcess->0x%08x"
"%s","%d","%s","%d","process","ShellExecuteExW","FAILURE","","lpVerb->%ws","lpFile->%ws","lpParameters->%ws","lpDirectory->%ws","hProcess->0x%08x"
"%s","%d","%s","%d","process","CreateThread","FAILURE","","lpStartAddress->0x%08x"
"%s","%d","%s","%d","process","CreateThread","SUCCESS","0x%08x","lpStartAddress->0x%08x"
SERVICE_INTERROGATE
"%s","%d","%s","%d","process","CreateRemoteThread","FAILURE","","lpStartAddress->0x%08x","th32ProcessID->%d","szExeFile->%s"
"%s","%d","%s","%d","process","CreateRemoteThread","SUCCESS","0x%08x","lpStartAddress->0x%08x","th32ProcessID->%d","szExeFile->%s"
"%s","%d","%s","%d","process","WinExec","SUCCESS","","lpCmdLine->%s"
"%s","%d","%s","%d","process","WinExec","FAILURE","","lpCmdLine->%s"
"%s","%d","%s","%d","process","CreateProcessInternalA","FAILURE","","lpApplicationName->%s","lpCommandLine->%s"
SERVICE_PAUSE_CONTINUE
WRITE_DAC
"%s","%d","%s","%d","process","CreateProcessInternalA","SUCCESS","%d","lpApplicationName->%s","lpCommandLine->%s"
WRITE_OWNER
"%s","%d","%s","%d","process","CreateProcessInternalW","FAILURE","","lpApplicationName->%ws","lpCommandLine->%ws"
GENERIC_ALL
"%s","%d","%s","%d","process","CreateProcessInternalW","SUCCESS","%d","lpApplicationName->%ws","lpCommandLine->%ws"
"%s","%d","%s","%d","network","URLDownloadToFileA","SUCCESS","S_OK","szURL->%s","szFileName->%s"
GENERIC_EXECUTE
SERVICE_CONTROL_CONTINUE
"%s","%d","%s","%d","network","URLDownloadToFileA","FAILURE","E_OUTOFMEMORY","szURL->%s","szFileName->%s"
SERVICE_CONTROL_INTERROGATE
"%s","%d","%s","%d","network","URLDownloadToFileA","FAILURE","INET_E_DOWNLOAD_FAILURE","szURL->%s","szFileName->%s"
"%s","%d","%s","%d","network","URLDownloadToFileW","SUCCESS","S_OK","szURL->%ws","szFileName->%ws"
"%s","%d","%s","%d","network","URLDownloadToFileW","FAILURE","E_OUTOFMEMORY","szURL->%ws","szFileName->%ws"
"%s","%d","%s","%d","network","URLDownloadToFileW","FAILURE","INET_E_DOWNLOAD_FAILURE","szURL->%ws","szFileName->%ws"
"%s","%d","%s","%d","network","InternetOpenUrlW","FAILURE","","lpszUrl->%s","lpszHeaders->%s","dwFlags->%s"
"%s","%d","%s","%d","network","InternetOpenUrlW","SUCCESS","0x%08x","lpszUrl->%s","lpszHeaders->%s","dwFlags->%s"
SERVICE_CONTROL_NETBINDADD
"%s","%d","%s","%d","network","InternetOpenUrlW","FAILURE","","lpszUrl->%ws","lpszHeaders->%ws","dwFlags->%s"
"%s","%d","%s","%d","network","InternetOpenUrlW","SUCCESS","0x%08x","lpszUrl->%ws","lpszHeaders->%ws","dwFlags->%s"
"%s","%d","%s","%d","system","Sleep","","","dwMilliseconds->INFINITE"
"%s","%d","%s","%d","system","Sleep","","","dwMilliseconds->%d"
ACCESS_SYSTEM_SECURITY
SERVICE_CONTROL_PARAMCHANGE
"%s","%d","%s","%d","system","LoadLibraryA","FAILURE","","lpFileName->%s"
SYNCHRONIZE
"%s","%d","%s","%d","system","LoadLibraryA","SUCCESS","0x%08x","lpFileName->%s"
DELETE
WRITE_DAC
"%s","%d","%s","%d","system","LoadLibraryW","FAILURE","","lpFileName->%ws"
"%s","%d","%s","%d","system","LoadLibraryW","SUCCESS","0x%08x","lpFileName->%ws"
WRITE_OWNER
"%s","%d","%s","%d","system","ExitWindowsEx","","","uFlags->%s","dwReason->%s"
SC_MANAGER_ALL_ACCESS
0x%08x
EVENT_ALL_ACCESS
"%s","%d","%s","%d","memory","VirtualAllocEx","FAILURE","","th32ProcessID->%d","szExeFile->%s","lpAddress->0x%08x","dwSize->%d","flAllocationType->0x%08x","flProtect->0x%08x"
SC_MANAGER_MODIFY_BOOT_CONFIG
SERVICE_CONTROL_NETBINDDISABLE
EVENT_MODIFY_STATE
"%s","%d","%s","%d","memory","VirtualAllocEx","SUCCESS","0x%08x","th32ProcessID->%d","szExeFile->%s","lpAddress->0x%08x","dwSize->%d","flAllocationType->0x%08x","flProtect->0x%08x"
"%s","%d","%s","%d","memory","WriteProcessMemory","FAILURE","","lpBaseAddress->0x%08x","lpBuffer->0x%08x","nSize->%d","th32ProcessID->%d","szExeFile->%s"
MUTEX_ALL_ACCESS
"%s","%d","%s","%d","memory","WriteProcessMemory","SUCCESS","","lpBaseAddress->0x%08x","lpBuffer->0x%08x","nSize->%d","th32ProcessID->%d","szExeFile->%s"
MUTEX_MODIFY_STATE
"%s","%d","%s","%d","memory","ReadProcessMemory","FAILURE","","th32ProcessID->%d","szExeFile->%s","lpBaseAddress->0x%08x","nSize->%d"
"%s","%d","%s","%d","memory","ReadProcessMemory","SUCCESS","","th32ProcessID->%d","szExeFile->%s","lpBaseAddress->0x%08x","nSize->%d"
"%s","%d","%s","%d","hooking","SetWindowsHookExA","FAILURE","","idHook->%s","lpfn->0x%08x","hMod->0x%08x","dwThreadId->0x%08x"
SERVICE_CHANGE_CONFIG
0x%08x
TIMER_ALL_ACCESS
"%s","%d","%s","%d","hooking","SetWindowsHookExA","SUCCESS","0x%08x","idHook->%s","lpfn->0x%08x","hMod->0x%08x","dwThreadId->0x%08x"
"%s","%d","%s","%d","hooking","SetWindowsHookExW","FAILURE","","idHook->%s","lpfn->0x%08x","hMod->0x%08x","dwThreadId->0x%08x"
SERVICE_START
DELETE
TIMER_MODIFY_STATE
"%s","%d","%s","%d","hooking","SetWindowsHookExW","SUCCESS","0x%08x","idHook->%s","lpfn->0x%08x","hMod->0x%08x","dwThreadId->0x%08x"
"%s","%d","%s","%d","filesystem","CreateFileA","FAILURE","","lpFileName->%s","dwDesiredAccess->%s"
"%s","%d","%s","%d","filesystem","CreateFileA","SUCCESS","0x%08x","lpFileName->%s","dwDesiredAccess->%s"
TIMER_QUERY_STATE
"%s","%d","%s","%d","filesystem","CreateFileW","FAILURE","","lpFileName->%ws","dwDesiredAccess->%s"
"%s","%d","%s","%d","filesystem","CreateFileW","SUCCESS","0x%08x","lpFileName->%ws","dwDesiredAccess->%s"
INTERNET_FLAG_NO_COOKIES
"%s","%d","%s","%d","filesystem","ReadFile","SUCCESS","","hFile->0x%08x","nNumberOfBytesToRead->%d"
"%s","%d","%s","%d","filesystem","ReadFile","FAILURE","","hFile->0x%08x","nNumberOfBytesToRead->%d"
"%s","%d","%s","%d","filesystem","ReadFileEx","SUCCESS","","hFile->0x%08x","nNumberOfBytesToRead->%d"
"%s","%d","%s","%d","filesystem","ReadFileEx","FAILURE","","hFile->0x%08x","nNumberOfBytesToRead->%d"
"%s","%d","%s","%d","filesystem","WriteFile","SUCCESS","","hFile->0x%08x","nNumberOfBytesToWrite->%d"
"%s","%d","%s","%d","filesystem","WriteFile","FAILURE","","hFile->0x%08x","nNumberOfBytesToWrite->%d"
"%s","%d","%s","%d","filesystem","WriteFileEx","SUCCESS","","hFile->0x%08x","nNumberOfBytesToWrite->%d"
SEMAPHORE_MODIFY_STATE
INTERNET_FLAG_HYPERLINK
INTERNET_FLAG_NO_UI
"%s","%d","%s","%d","filesystem","WriteFileEx","FAILURE","","hFile->0x%08x","nNumberOfBytesToWrite->%d"
0x%08x
INTERNET_FLAG_NEED_FILE
INTERNET_FLAG_RESYNCHRONIZE
"%s","%d","%s","%d","filesystem","DeleteFileA","SUCCESS","","lpFileName->%s"
"%s","%d","%s","%d","filesystem","DeleteFileA","FAILURE","","lpFileName->%s"
"%s","%d","%s","%d","filesystem","DeleteFileW","SUCCESS","","lpFileName->%ws"
"%s","%d","%s","%d","filesystem","DeleteFileW","FAILURE","","lpFileName->%ws"
"%s","%d","%s","%d","filesystem","MoveFileExW","SUCCESS","","lpExistingFileName->%s","lpNewFileName->%s"
EWX_LOGOFF
"%s","%d","%s","%d","filesystem","MoveFileExW","FAILURE","","lpExistingFileName->%s","lpNewFileName->%s"
EWX_REBOOT
"%s","%d","%s","%d","filesystem","MoveFileExW","SUCCESS","","lpExistingFileName->%ws","lpNewFileName->%ws"
"%s","%d","%s","%d","filesystem","MoveFileExW","FAILURE","","lpExistingFileName->%ws","lpNewFileName->%ws"
"%s","%d","%s","%d","filesystem","MoveFileWithProgressA","SUCCESS","","lpExistingFileName->%s","lpNewFileName->%s"
"%s","%d","%s","%d","filesystem","MoveFileWithProgressA","FAILURE","","lpExistingFileName->%s","lpNewFileName->%s"
"%s","%d","%s","%d","filesystem","MoveFileWithProgressW","SUCCESS","","lpExistingFileName->%ws","lpNewFileName->%ws"
"%s","%d","%s","%d","filesystem","MoveFileWithProgressW","FAILURE","","lpExistingFileName->%ws","lpNewFileName->%ws"
"%s","%d","%s","%d","filesystem","CopyFileA","SUCCESS","","lpExistingFileName->%s","lpNewFileName->%s"
GENERIC_WRITE
INTERNET_FLAG_EXISTING_CONNECT
EWX_RESTARTAPPS
SHTDN_REASON_MAJOR_HARDWARE
"%s","%d","%s","%d","filesystem","CopyFileA","FAILURE","","lpExistingFileName->%s","lpNewFileName->%s"
SERVICE_CONTROL_NETBINDENABLE
INTERNET_FLAG_IGNORE_CERT_DATE_INVALID
SHTDN_REASON_MAJOR_OPERATINGSYSTEM
"%s","%d","%s","%d","filesystem","CopyFileW","SUCCESS","","lpExistingFileName->%ws","lpNewFileName->%ws"
SHTDN_REASON_MAJOR_OTHER
"%s","%d","%s","%d","filesystem","CopyFileW","FAILURE","","lpExistingFileName->%ws","lpNewFileName->%ws"
SHTDN_REASON_MAJOR_POWER
"%s","%d","%s","%d","filesystem","CopyFileExA","SUCCESS","","lpExistingFileName->%s","lpNewFileName->%s"
SHTDN_REASON_MAJOR_SOFTWARE
"%s","%d","%s","%d","filesystem","CopyFileExA","FAILURE","","lpExistingFileName->%s","lpNewFileName->%s"
SHTDN_REASON_MAJOR_SYSTEM
"%s","%d","%s","%d","filesystem","CopyFileExW","SUCCESS","","lpExistingFileName->%ws","lpNewFileName->%ws"
"%s","%d","%s","%d","filesystem","CopyFileExW","FAILURE","","lpExistingFileName->%ws","lpNewFileName->%ws"
"%s","%d","%s","%d","filesystem","ReplaceFileA","SUCCESS","","lpReplacedFileName->%s","lpReplacementFileName->%s"
WH_CALLWNDPROCRET
"%s","%d","%s","%d","filesystem","ReplaceFileA","FAILURE","","lpReplacedFileName->%s","lpReplacementFileName->%s"
WH_DEBUG
"%s","%d","%s","%d","filesystem","ReplaceFileW","SUCCESS","","lpReplacedFileName->%ws","lpReplacementFileName->%ws"
"%s","%d","%s","%d","filesystem","ReplaceFileW","FAILURE","","lpReplacedFileName->%ws","lpReplacementFileName->%ws"
"%s","%d","%s","%d","device","DeviceIoControl","FAILURE","","hDevice->0x%08x","dwIoControlCode->0x%08x","lpInBuffer->0x%08x","nInBufferSize->0x%08x","lpOutBuffer->0x%08x","nOutBufferSize->0x%08x","lpBytesReturned->0x%08x","lpOverlapped->0x%08x"
"%s","%d","%s","%d","device","DeviceIoControl","SUCCESS","","hDevice->0x%08x","dwIoControlCode->0x%08x","lpInBuffer->0x%08x","nInBufferSize->0x%08x","lpOutBuffer->0x%08x","nOutBufferSize->0x%08x","lpBytesReturned->0x%08x","lpOverlapped->0x%08x"
GENERIC_READ
GENERIC_READ | GENERIC_WRITE
SERVICE_DEMAND_START
SERVICE_SYSTEM_START
SC_MANAGER_ENUMERATE_SERVICE
SC_MANAGER_QUERY_LOCK_STATUS
SERVICE_ENUMERATE_DEPENDENTS
SERVICE_QUERY_CONFIG
SERVICE_QUERY_STATUS
SERVICE_STOP
SERVICE_USER_DEFINED_CONTROL
READ_CONTROL
GENERIC_READ
SERVICE_CONTROL_NETBINDREMOVE
SERVICE_CONTROL_PAUSE
SERVICE_CONTROL_STOP
READ_CONTROL
SEMAPHORE_ALL_ACCESS
INTERNET_FLAG_IGNORE_CERT_CN_INVALID
INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTP
INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTPS
INTERNET_FLAG_KEEP_CONNECTION
INTERNET_FLAG_NO_AUTH
INTERNET_FLAG_NO_AUTO_REDIRECT
INTERNET_FLAG_NO_CACHE_WRITE
INTERNET_FLAG_PASSIVE
INTERNET_FLAG_PRAGMA_NOCACHE
INTERNET_FLAG_RAW_DATA
INTERNET_FLAG_RELOAD
INTERNET_FLAG_SECURE
0x%08x
EWX_POWEROFF
EWX_SHUTDOWN
0x%08x
SHTDN_REASON_MAJOR_APPLICATION
SHTDN_REASON_MAJOR_LEGACY_API
0x%08x
WH_CALLWNDPROC
WH_CBT
WH_FOREGROUNDIDLE
WH_GETMESSAGE
WH_JOURNALPLAYBACK
WH_JOURNALRECORD
WH_KEYBOARD
WH_KEYBOARD_LL
WH_MOUSE
WH_MOUSE_LL
WH_MSGFILTER
WH_SHELL
WH_SYSMSGFILTER
kernel32.dll
CreateProcessInternalW
C:\cuckoo\
%slogs\%d.csv
RSDSHGjl
C:\Documents and Settings\emartinez\Escritorio\cmonitor\Release\cmonitor.pdb
ExitProcess
CreateMutexW
CopyFileExW
CreateRemoteThread
WriteFile
LoadLibraryW
ReadProcessMemory
TerminateProcess
ReplaceFileW
ReadFile
CreateFileW
OpenMutexW
GetProcAddress
ReadFileEx
VirtualAllocEx
LoadLibraryA
DeviceIoControl
IsDebuggerPresent
WinExec
WriteFileEx
DeleteFileW
GetCurrentProcessId
MoveFileWithProgressW
WriteProcessMemory
CreateThread
WideCharToMultiByte
GetSystemTime
GetCurrentProcess
Process32First
WaitForSingleObject
GetLastError
Process32Next
GetExitCodeThread
GetModuleHandleA
CreateToolhelp32Snapshot
DuplicateHandle
CloseHandle
MultiByteToWideChar
CreateFileA
SetFilePointer
WaitNamedPipeW
KERNEL32.dll
FindWindowA
SetWindowsHookExW
SetWindowsHookExA
ExitWindowsEx
FindWindowW
USER32.dll
CreateServiceW
OpenServiceA
DeleteService
OpenSCManagerW
OpenServiceW
RegSetValueExA
RegCreateKeyExW
CreateServiceA
RegQueryValueExW
RegDeleteKeyA
RegDeleteKeyW
StartServiceA
RegCreateKeyExA
RegOpenKeyExA
StartServiceW
OpenSCManagerA
RegEnumValueW
RegOpenKeyExW
ControlService
RegEnumKeyExW
RegSetValueExW
ADVAPI32.dll
ShellExecuteExW
ShellExecuteExA
SHELL32.dll
WS2_32.dll
InternetOpenUrlW
WININET.dll
URLDownloadToFileW
urlmon.dll
GetTickCount
VirtualProtect
OutputDebugStringA
HeapFree
GetCurrentThreadId
DecodePointer
GetCommandLineA
HeapReAlloc
UnhandledExceptionFilter
SetUnhandledExceptionFilter
EncodePointer
IsProcessorFeaturePresent
HeapAlloc
HeapCreate
HeapDestroy
RaiseException
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
GetModuleHandleW
SetLastError
InterlockedDecrement
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetConsoleCP
GetConsoleMode
EnterCriticalSection
LeaveCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapSize
GetModuleFileNameW
RtlUnwind
SetStdHandle
WriteConsoleW
LCMapStringW
GetStringTypeW
FlushFileBuffers
0123456789abcdef00
##%%&'%#&'&'
 !"#$%&'()*+,-./0123456789
 !"#$%&'()*+,-./
 !"#$%&'()*+,-./012345678
 !"#$%&'()*+
,-./0123456789:;
 !"#$%&'(
$%&'()*+,-./0123
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGXZ
!"#$%&'()*+,-.
/0123456789
<=>?@ABCDE
FGHIJKLMNO
PQRSTUVWXY
 !"#$%&'()
-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdef
ghijklmnopqrstuvwxyz{|}~
 !"#$%&
'()*+,-
./01234
56789:;
<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`
abcdefghijklmnopqrstuvwxyz{|}~
.?AVbad_alloc@std@@
.?AVexception@std@@
.?AVtype_info@@
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
    <security>
      <requestedPrivileges>
        <requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel>
      </requestedPrivileges>
    </security>
  </trustInfo>
</assembly>PAPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPAD
31Z1c1w3
6.6?6P6a6r6
9$:E:T:
<(=D=\=`=d=h=l=
:D;H;L;P;T;X;\;`;
3.4Q4X4@5
3`3d3h3l3p3t3x3|3
4 4$4(4,4044484<4@4D4H4L4P4T4X4\4`4d4h4l4p4t4x4|4
41585P5T5X5
70:4:8:<:@:D:H:L:P:T:X:\:`:
=%=j>t>
242;2C2H2L2P2y2
2*3034383<3
3'4Y4`4d4h4l4p4t4x4|4
7M7S7X7`7p7z7
7;8s8x8
9L9R9X9m9
9&:S:#;);5;l;
<Y=a=v=
>K?Z?u?
>!>g>m>w>o?{?
0o1t1}1
122a2g2v2
2/3;3B3N3T3`3f3o3u3~3
444t4z4
576G6M6Y6_6o6u6{6
7!7&7,70767;7A7F7U7k7q7y7~7
838<8H8
:3:>:X:c:k:{:
;#<h<o<
>(>M>X>g>
2"2'2H2M2q2
6*6S6[6
020D0J0d0s0
1$1.1T1
5)535F5j5
858N8j8s8y8
<C<I<O<_<j<~=
:B;b;g;
<[<s<}<
>1>?>E>h>o>
0?0E0M0
0_1h1n1
455H5`5
7!8L8m8v8
2*2<2N2`2r2
3 3'3.363>3F3R3[3`3f3p3y3
4&4+4<4D4J4T4Z4d4j4t4}4
7U8o8x8
020T0a0x0
2:2Z2z2
3:3Z3z3
5!5J5j5
606S6v6
6"7E7h7
878W8w8
9&9I9l9
:2:O:l:
;*;J;g;
<-<M<m<
=3=S=s=
?(?C?j?
*0J0j0
202P2k2
3#3@3[3
5(5/5=5D5R5Y5g5n5|5
6$6+696@6N6U6c6j6x6
7 7'757<7J7Q7_7f7t7{7
8#81888F8M8[8b8p8w8
8%9+999C9K9Q9X9f9l9s9
:#:):0:>:D:K:Y:_:f:t:z:
;#;1;7;>;L;R;Y;g;m;t;
<!<'<.<<<B<I<W<]<d<r<x<
=!=/=5=<=J=P=W=e=k=r=
>">(>/>=>C>J>X>^>e>s>y>
>(?.?3?[?m?
0%0+050L0
1%1+151L1
2&2J2P2V2`2w2
3&3,313;3\3b3g3q3
4#4)434P4V4[4e4{4
5A5G5L5V5w5}5
5%6I6O6U6_6
6%7I7O7U7_7
778q8w8|8
:H;N;T;^;
<8=>=D=N={=
0 0*0S0Y0^0h0~0#1]1c1h1r1
4$4.4O4U4Z4d4z4
4#5]5c5i5s5
8%8+858V8\8b8l8
;$;*;0;:;P;U;g;
<N<T<Z<d<
=%>+>1>;>Q>V>h>$?
0^1d1i1s1
1A2b2h2n2x2
4%424L4r4
4-5l5r5x5
93999>9K9d9
:P:V:\:f:
:M;r;x;};
<L<-=3=9=C=Z=
22282>2K2e2
7?7E7J7T7j7
8M8S8X8b8
8Q9u9{9
=)=F=L=Q=[=q=
>B>H>M>W>x>~>
>-?R?X?]?g?
=0b0h0m0w0
0M1r1x1}1
4V4\4a4k4
5 6'6,6P6W6\6
7@7G7L7p7w7|7
80878<8`8g8l8
8 9'9,9P9W9\9
:@:G:L:p:w:|:
;0;7;<;`;g;l;
; <'<,<P<W<\<
=@=G=L=p=w=|=
>0>7><>`>g>l>
> ?'?,?P?W?\?
0@0G0L0p0w0|0
10171<1`1g1l1
1 2'2,2P2W2\2
3@3G3L3p3w3|3
2 2$2(2,2024282<2@2D2H2L2P2T2X2\2`2d2h2l2p2t2x2|2
3 3$3(3,3034383<3H3L3P3T3`3d3
6$6,646<6D6L6
5 5$5(5,5054585<5@5D5H5L5P5T5X5\5`5d5h5l5p5t5x5|5
6 6$6(6,6064686<6@6D6H6
5 585<5T5d5h5|5
6$6,6@6`6|6
707P7p7
808L8P8p8
:<:@:H:L:
:8;<;@;D;H;L;P;X;\;
<l<p<t<x<|<
=$>(>,>0>4>8><>@>D>H>L>P>T>X>\>`>d>h>l>p>t>x>|>
?0?4?<?@?l?p?x?|?
\0`0d0h0l0p0t0x0|0
1$2(2,2024282<2@2D2H2L2P2T2X2\2`2d2h2l2p2t2x2|2
3,30383<3h3l3t3x3|4
5 5$5(5,5054585<5@5D5H5L5P5T5X5\5`5d5l5p5\6`6d6h6l6p6t6x6|6
74787@7D7p7t7|7
: :$:(:,:0:4:8:<:@:D:H:L:P:T:(;,;x;|;
< <$<(<,<0<4<8<<<@<D<H<L<P<T<X<\<`<d<h<l<p<t<x<|<
=(>,>0>4>8><>@>D>L>P>
?(?0?4?
4080<0@0D0H0L0P0X0\0x0
2 2$2(2,20242<2@2
3 3(3,3p3t3x3
3 4$4(40444x4|4
4(5,50585<5
5064686@6D6
687<7@7H7L7
7084888@8D8
889<9@9H9L9
9@:D:H:P:T:
;@<D<H<P<T<
=H=L=P=X=\=
>P>T>X>`>d>
?X?\?`?h?l?
0`0d0h0p0t0
1 1$1(10141x1|1
1(2,20282<2
2H3L3P3T3\3`3
3h4l4p4t4|4
4L5P5T5\5`54686<6@6D6H6L6P6X6\6
7T7X7`7d7
8 8$8(8,80848<8@8
8D9H9L9P9T9\9`9
90:4:8:<:D:H:
:0;4;<;@;
;4<8<<<D<H<
< =$=,=0=t=x=|=
>L>P>T>\>`>
> ?$?(?0?4?x?|?
0P1T1X1\1`1h1l1
2 2$2\2`2h2l2
3`3d3h3p3t3
4 4$4h4l4p4x4|4
5 5(5,5p5t5x5
5 6$6(60646x6|6
6074787<7@7D7H7L7T7X7
9<:@:D:H:L:P:X:\:
= =$=(=0=4=
?`?d?h?l?t?x?
0 0$0(0,0004080@0D0
1P1T1\1`1
2L2P2X2\2
3H3L3T3X3
4D4H4P4T4
4@5D5L5P5|5
6X6\6d6h6
7l7p7t7|7
8$8(8l8p8x8|8
9 9$9h9l9t9x9
:0:8:<:h:p:t:|;
<0<4<<<@<l<p<x<|<
=D=H=P=T=
>H>P>T>
>(?0?4?`?h?l?
0@0H0L0x0
0 1(1,1X1`1d1
282@2D2p2x2|2
3 3$3P3X3\3
40484<4h4p4t4
5L5P5X5\5
5$6(60646l6p6x6|6
7D7H7P7T7
8 8(8,8d8h8p8t8
9<9@9H9L9
:0:8:<:h:p:t:
;<;@;H;L;
< <$<\<`<h<l<
<4=8=@=D=
=8><>@>H>L>x>
>,?0?8?<?h?p?t?
0H0P0T0
1`1d1h1p1t1
2 2$2h2l2p2x2|2
3 3(3,3p3t3x3
3 4$4(40444x4|4
6 6$6(6,6064686<6@6D6H6L6P6T6X6\6`6d6h6l6p6t6x6|6
7 7$7(7,7074787<7@7D7H7L7P7T7X7\7`7d7h7p7t7
7D8H8L8P8X8\8
8d9h9l9p9t9x9
;H<L<P<T<\<`<
=h=l=p=t=|=
=P>T>X>\>d>h>
? ?$?(?,?0?4?<?@?
0 0$0(0,0004080@0D0
1 1$1(1,1014181<1D1H1p2t2|3
5P6T6X6\6`6d6l6p6L<P<T<X<\<`<d<h<l<p<t<x<|<
= =$=(=,=0=4=8=<=@=D=H=L=P=T=X=\=`=d=h=l=p=t=x=|=
> >$>(>,>0>4>8><>@>D>H>L>P>T>X>\>`>d>h>l>p>t>x>|>
? ?$?(?,?0?4?8?<?@?D?H?L?P?T?X?\?`?d?h?l?p?t?x?|?
t9x9|9
: :$:(:,:0:4:8:<:@:D:H:L:P:T:X:\:`:d:h:l:p:t:x:|:
; ;$;(;,;0;4;8;<;@;D;H;L;P;T;X;\;`;d;h;l;p;t;x;|;
< <$<(<,<0<4<8<<<@<D<H<L<P<T<X<\<`<d<h<l<p<t<x<|<
= =$=(=,=0=4=8=<=@=H=L=
X6X7\7`7d7h7l7p7t7x7|7
8 8$8(8,8084888<8@8D8H8L8P8T8X8\8`8d8h8l8p8t8x8|8
9(989H9X9|9
;(;,;0;4;8;<;@;D;H;L;P;
boEcqS.dll
[autorun]
open=AutoRun.exe
shell\1=Open
shell\1\Command=AutoRun.exe
shell\2\=Browser
shell\2\Command=AutoRun.exe
shellexecute=AutoRun.exe
AUTORUN.INF
"20190818030716.368","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegOpenKeyExA","FAILURE","","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Borland\Locales"
"20190818030716.368","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegOpenKeyExA","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Borland\Locales"
"20190818030716.368","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegOpenKeyExA","FAILURE","","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Borland\Delphi\Locales"
"20190818030716.368","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","memory","VirtualAllocEx","SUCCESS","0x00150000","th32ProcessID->420","szExeFile->9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","lpAddress->0x00000000","dwSize->1048576","flAllocationType->0x00002000","flProtect->0x00000001"
"20190818030716.378","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","memory","VirtualAllocEx","SUCCESS","0x00150000","th32ProcessID->420","szExeFile->9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","lpAddress->0x00150000","dwSize->16384","flAllocationType->0x00001000","flProtect->0x00000004"
"20190818030716.398","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","memory","VirtualAllocEx","SUCCESS","0x00250000","th32ProcessID->420","szExeFile->9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","lpAddress->0x00000000","dwSize->4096","flAllocationType->0x00001000","flProtect->0x00000040"
"20190818030716.408","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","device","DeviceIoControl","SUCCESS","","hDevice->0x00000034","dwIoControlCode->0x00390008","lpInBuffer->0x77e46318","nInBufferSize->0x00000100","lpOutBuffer->0x0012fc34","nOutBufferSize->0x00000100","lpBytesReturned->0x0012fc2c","lpOverlapped->0x00000000"
"20190818030716.408","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","device","DeviceIoControl","SUCCESS","","hDevice->0x00000034","dwIoControlCode->0x00390008","lpInBuffer->0x77e46318","nInBufferSize->0x00000100","lpOutBuffer->0x0012fc34","nOutBufferSize->0x00000100","lpBytesReturned->0x0012fc2c","lpOverlapped->0x00000000"
"20190818030716.408","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","device","DeviceIoControl","SUCCESS","","hDevice->0x00000034","dwIoControlCode->0x00390008","lpInBuffer->0x77e46318","nInBufferSize->0x00000100","lpOutBuffer->0x0012fc34","nOutBufferSize->0x00000100","lpBytesReturned->0x0012fc2c","lpOverlapped->0x00000000"
"20190818030716.408","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","device","DeviceIoControl","SUCCESS","","hDevice->0x00000034","dwIoControlCode->0x00390008","lpInBuffer->0x77e46318","nInBufferSize->0x00000100","lpOutBuffer->0x0012fc34","nOutBufferSize->0x00000100","lpBytesReturned->0x0012fc2c","lpOverlapped->0x00000000"
"20190818030716.408","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","device","DeviceIoControl","SUCCESS","","hDevice->0x00000034","dwIoControlCode->0x00390008","lpInBuffer->0x77e46318","nInBufferSize->0x00000100","lpOutBuffer->0x0012fc34","nOutBufferSize->0x00000100","lpBytesReturned->0x0012fc2c","lpOverlapped->0x00000000"
"20190818030716.408","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","device","DeviceIoControl","SUCCESS","","hDevice->0x00000034","dwIoControlCode->0x00390008","lpInBuffer->0x77e46318","nInBufferSize->0x00000100","lpOutBuffer->0x0012fc34","nOutBufferSize->0x00000100","lpBytesReturned->0x0012fc2c","lpOverlapped->0x00000000"
"20190818030716.408","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","device","DeviceIoControl","SUCCESS","","hDevice->0x00000034","dwIoControlCode->0x00390008","lpInBuffer->0x77e46318","nInBufferSize->0x00000100","lpOutBuffer->0x0012fc34","nOutBufferSize->0x00000100","lpBytesReturned->0x0012fc2c","lpOverlapped->0x00000000"
"20190818030716.408","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","CreateFileW","SUCCESS","0x0000008c","lpFileName->C:\9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","dwDesiredAccess->GENERIC_READ"
"20190818030716.408","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","ReadFile","SUCCESS","","hFile->0x0000008c","nNumberOfBytesToRead->268"
"20190818030716.408","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","CreateFileW","SUCCESS","0x00000084","lpFileName->C:\WINDOWS\system32\HelpMe.exe","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20190818030716.408","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","memory","VirtualAllocEx","SUCCESS","0x00154000","th32ProcessID->420","szExeFile->9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","lpAddress->0x00154000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20190818030716.408","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","ReadFile","SUCCESS","","hFile->0x0000008c","nNumberOfBytesToRead->61440"
"20190818030716.418","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000084","nNumberOfBytesToWrite->61440"
"20190818030716.418","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","ReadFile","SUCCESS","","hFile->0x0000008c","nNumberOfBytesToRead->61440"
"20190818030716.418","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000084","nNumberOfBytesToWrite->61440"
"20190818030716.418","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","ReadFile","SUCCESS","","hFile->0x0000008c","nNumberOfBytesToRead->61440"
"20190818030716.418","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000084","nNumberOfBytesToWrite->61440"
"20190818030716.418","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","ReadFile","SUCCESS","","hFile->0x0000008c","nNumberOfBytesToRead->61440"
"20190818030716.418","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000084","nNumberOfBytesToWrite->61440"
"20190818030716.418","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","ReadFile","SUCCESS","","hFile->0x0000008c","nNumberOfBytesToRead->61440"
"20190818030716.418","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000084","nNumberOfBytesToWrite->61440"
"20190818030716.418","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","ReadFile","SUCCESS","","hFile->0x0000008c","nNumberOfBytesToRead->61440"
"20190818030716.418","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000084","nNumberOfBytesToWrite->61440"
"20190818030716.418","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","ReadFile","SUCCESS","","hFile->0x0000008c","nNumberOfBytesToRead->61440"
"20190818030716.418","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000084","nNumberOfBytesToWrite->61440"
"20190818030716.418","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","ReadFile","SUCCESS","","hFile->0x0000008c","nNumberOfBytesToRead->61440"
"20190818030716.418","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000084","nNumberOfBytesToWrite->61440"
"20190818030716.418","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","ReadFile","SUCCESS","","hFile->0x0000008c","nNumberOfBytesToRead->61440"
"20190818030716.418","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000084","nNumberOfBytesToWrite->61440"
"20190818030716.418","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","ReadFile","SUCCESS","","hFile->0x0000008c","nNumberOfBytesToRead->61440"
"20190818030716.418","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000084","nNumberOfBytesToWrite->61440"
"20190818030716.418","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","ReadFile","SUCCESS","","hFile->0x0000008c","nNumberOfBytesToRead->61440"
"20190818030716.418","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000084","nNumberOfBytesToWrite->61440"
"20190818030716.418","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","ReadFile","SUCCESS","","hFile->0x0000008c","nNumberOfBytesToRead->61440"
"20190818030716.418","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000084","nNumberOfBytesToWrite->61440"
"20190818030716.418","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","ReadFile","SUCCESS","","hFile->0x0000008c","nNumberOfBytesToRead->61440"
"20190818030716.418","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000084","nNumberOfBytesToWrite->61440"
"20190818030716.418","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","ReadFile","SUCCESS","","hFile->0x0000008c","nNumberOfBytesToRead->32252"
"20190818030716.418","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000084","nNumberOfBytesToWrite->32252"
"20190818030716.428","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","synchronization","OpenMutexW","SUCCESS","0x00000098","dwDesiredAccess->0x00120001","lpName->ShimCacheMutex"
"20190818030716.438","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegOpenKeyExW","SUCCESS","0x000000a4","hKey->0x000000a8","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders"
"20190818030716.438","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000a4","lpValueName->Cache"
"20190818030716.438","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","system","LoadLibraryA","SUCCESS","0x77dd0000","lpFileName->advapi32.dll"
"20190818030716.438","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","process","CreateProcessInternalW","SUCCESS","2008","lpApplicationName->(null)","lpCommandLine->C:\WINDOWS\system32\HelpMe.exe"
"20190818030716.438","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","process","WinExec","SUCCESS","","lpCmdLine->C:\WINDOWS\system32\HelpMe.exe"
"20190818030716.438","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","ReadFile","SUCCESS","","hFile->0x0000008c","nNumberOfBytesToRead->268"
"20190818030716.438","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","CreateFileW","FAILURE","","lpFileName->C:\DOCUME~1\JANETT~1\LOCALS~1\Temp\\Command=AutoRun.exe
shellexecute=AutoRun.exe
Bind","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20190818030716.438","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","memory","VirtualAllocEx","SUCCESS","0x00280000","th32ProcessID->2008","szExeFile->HelpMe.exe","lpAddress->0x00000000","dwSize->65536","flAllocationType->0x00002000","flProtect->0x00000004"
"20190818030716.438","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","memory","VirtualAllocEx","SUCCESS","0x00280000","th32ProcessID->420","szExeFile->9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","lpAddress->0x00280000","dwSize->257","flAllocationType->0x00001000","flProtect->0x00000004"
"20190818030716.458","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegOpenKeyExW","SUCCESS","0x00000090","hKey->0x000000ac","lpSubKey->Software\Microsoft\Windows\CurrentVersion\ThemeManager"
"20190818030716.458","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegQueryValueExW","FAILURE","","hKey->0x00000090","lpValueName->Compositing"
"20190818030716.458","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegOpenKeyExW","SUCCESS","0x00000090","hKey->0x000000ac","lpSubKey->Control Panel\Desktop"
"20190818030716.458","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegQueryValueExW","FAILURE","","hKey->0x00000090","lpValueName->LameButtonText"
"20190818030716.458","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","system","LoadLibraryA","SUCCESS","0x5ad70000","lpFileName->uxtheme.dll"
"20190818030721.415","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","process","CreateRemoteThread","SUCCESS","0x000000ac","lpStartAddress->0x00404008","th32ProcessID->2008","szExeFile->HelpMe.exe"
"20190818030721.415","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","process","CreateRemoteThread","SUCCESS","0x000000b0","lpStartAddress->0x00404008","th32ProcessID->2008","szExeFile->HelpMe.exe"
"20190818030721.415","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegCreateKeyExW","SUCCESS","0x000000bc","hKey->HKEY_LOCAL_MACHINE","lpSubKey->SoftWare\Microsoft\Windows NT\CurrentVersion\Winlogon"
"20190818030721.415","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegSetValueExA","SUCCESS","","hKey->0x000000bc","lpValueName->Shell","dwType->1","lpData->Explorer.exe  HelpMe.exe","cbData->25"
"20190818030721.415","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegCreateKeyExW","SUCCESS","0x000000c0","hKey->HKEY_LOCAL_MACHINE","lpSubKey->SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL"
"20190818030721.415","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegSetValueExA","SUCCESS","","hKey->0x000000c0","lpValueName->CheckedValue","dwType->4","lpData->0","cbData->4"
"20190818030721.415","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegCreateKeyExW","SUCCESS","0x000000c8","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders"
"20190818030721.415","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000c8","lpValueName->Startup"
"20190818030721.415","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegCreateKeyExW","SUCCESS","0x000000c8","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders"
"20190818030721.415","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegSetValueExW","SUCCESS","","hKey->0x000000c8","lpValueName->Startup","dwType->1","lpData->C:\Documents and Settings\janettedoe\Start Menu\Programs\Startup","cbData->130"
"20190818030721.415","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","system","LoadLibraryA","SUCCESS","0x774e0000","lpFileName->ole32.dll"
"20190818030721.415","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190818030721.415","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegOpenKeyExW","SUCCESS","0x000000cc","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190818030721.415","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegQueryValueExW","FAILURE","","hKey->0x000000cc","lpValueName->NoNetHood"
"20190818030721.415","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190818030721.415","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegOpenKeyExW","SUCCESS","0x000000cc","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190818030721.415","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegQueryValueExW","FAILURE","","hKey->0x000000cc","lpValueName->NoPropertiesMyComputer"
"20190818030721.415","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190818030721.415","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegOpenKeyExW","SUCCESS","0x000000cc","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190818030721.415","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegQueryValueExW","FAILURE","","hKey->0x000000cc","lpValueName->NoInternetIcon"
"20190818030721.415","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegOpenKeyExA","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Applications\9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0"
"20190818030721.415","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190818030721.415","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegOpenKeyExW","SUCCESS","0x000000cc","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190818030721.415","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegQueryValueExW","FAILURE","","hKey->0x000000cc","lpValueName->NoCommonGroups"
"20190818030721.415","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegOpenKeyExA","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Objects\{20D04FE0-3AEA-1069-A2D8-08002B30309D}"
"20190818030721.415","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190818030721.415","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegOpenKeyExW","SUCCESS","0x000000cc","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190818030721.415","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegQueryValueExW","FAILURE","","hKey->0x000000cc","lpValueName->NoControlPanel"
"20190818030721.415","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190818030721.415","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegOpenKeyExW","SUCCESS","0x000000cc","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190818030721.415","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegQueryValueExW","FAILURE","","hKey->0x000000cc","lpValueName->NoSetFolders"
"20190818030721.415","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegOpenKeyExA","SUCCESS","0x000000ce","hKey->HKEY_CLASSES_ROOT","lpSubKey->CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32"
"20190818030721.415","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000ce","lpValueName->(null)"
"20190818030721.415","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegOpenKeyExW","SUCCESS","0x000000d4","hKey->HKEY_LOCAL_MACHINE","lpSubKey->System\Setup"
"20190818030721.415","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000d4","lpValueName->SystemSetupInProgress"
"20190818030721.415","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->SYSTEM\CurrentControlSet\Control\MiniNT"
"20190818030721.415","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegOpenKeyExW","SUCCESS","0x000000d4","hKey->HKEY_LOCAL_MACHINE","lpSubKey->System\WPA\PnP"
"20190818030721.415","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000d4","lpValueName->seed"
"20190818030721.415","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegOpenKeyExW","SUCCESS","0x000000d4","hKey->HKEY_LOCAL_MACHINE","lpSubKey->SYSTEM\Setup"
"20190818030721.415","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000d4","lpValueName->OsLoaderPath"
"20190818030721.415","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000d4","lpValueName->OsLoaderPath"
"20190818030721.415","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegOpenKeyExW","SUCCESS","0x000000d4","hKey->HKEY_LOCAL_MACHINE","lpSubKey->SYSTEM\Setup"
"20190818030721.415","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000d4","lpValueName->SystemPartition"
"20190818030721.415","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000d4","lpValueName->SystemPartition"
"20190818030721.415","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegOpenKeyExW","SUCCESS","0x000000d4","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Setup"
"20190818030721.415","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000d4","lpValueName->SourcePath"
"20190818030721.415","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000d4","lpValueName->SourcePath"
"20190818030721.415","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegOpenKeyExW","SUCCESS","0x000000d4","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Setup"
"20190818030721.415","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000d4","lpValueName->ServicePackSourcePath"
"20190818030721.415","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000d4","lpValueName->ServicePackSourcePath"
"20190818030721.415","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegOpenKeyExW","SUCCESS","0x000000d4","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Setup"
"20190818030721.415","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000d4","lpValueName->ServicePackCachePath"
"20190818030721.415","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000d4","lpValueName->ServicePackCachePath"
"20190818030721.415","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegOpenKeyExW","SUCCESS","0x000000d4","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Setup"
"20190818030721.415","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000d4","lpValueName->DriverCachePath"
"20190818030721.415","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000d4","lpValueName->DriverCachePath"
"20190818030721.415","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegOpenKeyExW","SUCCESS","0x000000d4","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion"
"20190818030721.415","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000d4","lpValueName->DevicePath"
"20190818030721.415","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","synchronization","CreateMutexW","SUCCESS","0x000000d8","lpName->(null)"
"20190818030721.415","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","synchronization","CreateMutexW","SUCCESS","0x000000e0","lpName->(null)"
"20190818030721.415","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","synchronization","CreateMutexW","SUCCESS","0x000000e8","lpName->(null)"
"20190818030721.415","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegOpenKeyExW","SUCCESS","0x000000ec","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Setup"
"20190818030721.415","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000ec","lpValueName->LogLevel"
"20190818030721.415","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000ec","lpValueName->LogLevel"
"20190818030721.415","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegQueryValueExW","FAILURE","","hKey->0x000000ec","lpValueName->LogPath"
"20190818030721.415","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegOpenKeyExW","FAILURE","","hKey->0x000000ec","lpSubKey->AppLogLevels"
"20190818030721.415","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","CreateFileW","SUCCESS","0x000000b8","lpFileName->C:\9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","dwDesiredAccess->GENERIC_READ"
"20190818030721.415","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","ReadFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToRead->65536"
"20190818030721.415","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","WriteFile","SUCCESS","","hFile->0x000000ec","nNumberOfBytesToWrite->65536"
"20190818030721.415","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","ReadFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToRead->65536"
"20190818030721.415","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","WriteFile","SUCCESS","","hFile->0x000000ec","nNumberOfBytesToWrite->65536"
"20190818030721.415","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","ReadFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToRead->65536"
"20190818030721.415","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","WriteFile","SUCCESS","","hFile->0x000000ec","nNumberOfBytesToWrite->65536"
"20190818030721.415","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","ReadFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToRead->65536"
"20190818030721.415","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","WriteFile","SUCCESS","","hFile->0x000000ec","nNumberOfBytesToWrite->65536"
"20190818030721.415","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","ReadFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToRead->65536"
"20190818030721.415","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","WriteFile","SUCCESS","","hFile->0x000000ec","nNumberOfBytesToWrite->65536"
"20190818030721.415","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","ReadFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToRead->65536"
"20190818030721.415","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","WriteFile","SUCCESS","","hFile->0x000000ec","nNumberOfBytesToWrite->65536"
"20190818030721.415","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","ReadFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToRead->65536"
"20190818030721.415","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","WriteFile","SUCCESS","","hFile->0x000000ec","nNumberOfBytesToWrite->65536"
"20190818030721.415","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","ReadFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToRead->65536"
"20190818030721.415","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","WriteFile","SUCCESS","","hFile->0x000000ec","nNumberOfBytesToWrite->65536"
"20190818030721.415","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","ReadFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToRead->65536"
"20190818030721.415","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","WriteFile","SUCCESS","","hFile->0x000000ec","nNumberOfBytesToWrite->65536"
"20190818030721.415","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","ReadFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToRead->65536"
"20190818030721.415","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","WriteFile","SUCCESS","","hFile->0x000000ec","nNumberOfBytesToWrite->65536"
"20190818030721.415","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","ReadFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToRead->65536"
"20190818030721.415","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","WriteFile","SUCCESS","","hFile->0x000000ec","nNumberOfBytesToWrite->65536"
"20190818030721.415","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","ReadFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToRead->65536"
"20190818030721.425","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","WriteFile","SUCCESS","","hFile->0x000000ec","nNumberOfBytesToWrite->65536"
"20190818030721.425","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","ReadFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToRead->65536"
"20190818030721.425","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","WriteFile","SUCCESS","","hFile->0x000000ec","nNumberOfBytesToWrite->45221"
"20190818030721.425","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","ReadFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToRead->65536"
"20190818030721.425","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","CopyFileExW","SUCCESS","","lpExistingFileName->C:\9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","lpNewFileName->C:\AutoRun.exe"
"20190818030721.425","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","CreateFileW","SUCCESS","0x000000b8","lpFileName->C:\9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","dwDesiredAccess->GENERIC_READ"
"20190818030721.425","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","ReadFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToRead->268"
"20190818030721.425","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","CreateFileW","SUCCESS","0x000000b8","lpFileName->C:\AUTOEXEC.BAT","dwDesiredAccess->GENERIC_READ"
"20190818030721.425","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","ReadFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToRead->268"
"20190818030721.425","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","CreateFileW","SUCCESS","0x000000b8","lpFileName->C:\9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","dwDesiredAccess->GENERIC_READ"
"20190818030721.425","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","CreateFileW","SUCCESS","0x000000f0","lpFileName->C:\AUTOEXEC.BAT","dwDesiredAccess->GENERIC_READ"
"20190818030721.425","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","CreateFileW","SUCCESS","0x000000f4","lpFileName->C:\AUTOEXEC.BAT.exe","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20190818030721.425","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","system","LoadLibraryA","SUCCESS","0x77920000","lpFileName->SETUPAPI.dll"
"20190818030721.425","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Rpc\PagedBuffers"
"20190818030721.425","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegOpenKeyExA","SUCCESS","0x000000fc","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Rpc"
"20190818030721.425","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0\RpcThreadPoolThrottle"
"20190818030721.425","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Policies\Microsoft\Windows NT\Rpc"
"20190818030721.425","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","system","LoadLibraryW","SUCCESS","0x77e70000","lpFileName->rpcrt4.dll"
"20190818030721.425","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","CreateFileW","SUCCESS","0x00000120","lpFileName->\\.\PIPE\lsarpc","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20190818030721.435","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","CreateFileW","SUCCESS","0x0000011c","lpFileName->\\.\PIPE\lsarpc","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20190818030721.435","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","device","DeviceIoControl","SUCCESS","","hDevice->0x00000124","dwIoControlCode->0x004d0008","lpInBuffer->0x00000000","nInBufferSize->0x00000000","lpOutBuffer->0x0120f37c","nOutBufferSize->0x00000208","lpBytesReturned->0x0120f374","lpOverlapped->0x00000000"
"20190818030721.435","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","CreateFileW","SUCCESS","0x00000124","lpFileName->\\.\MountPointManager","dwDesiredAccess->ATTRIBUTES"
"20190818030721.435","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","device","DeviceIoControl","FAILURE","","hDevice->0x00000124","dwIoControlCode->0x006d0008","lpInBuffer->0x0049b9c0","nInBufferSize->0x00000046","lpOutBuffer->0x0049acf8","nOutBufferSize->0x00000020","lpBytesReturned->0x0120f374","lpOverlapped->0x00000000"
"20190818030721.435","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","device","DeviceIoControl","SUCCESS","","hDevice->0x00000124","dwIoControlCode->0x006d0008","lpInBuffer->0x0049b9c0","nInBufferSize->0x00000046","lpOutBuffer->0x00486100","nOutBufferSize->0x000000ee","lpBytesReturned->0x0120f374","lpOverlapped->0x00000000"
"20190818030721.435","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegOpenKeyExW","SUCCESS","0x00000124","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume"
"20190818030721.435","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegOpenKeyExW","SUCCESS","0x00000128","hKey->0x00000124","lpSubKey->{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20190818030721.435","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000128","lpValueName->Data"
"20190818030721.435","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegOpenKeyExW","SUCCESS","0x00000128","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume"
"20190818030721.435","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegOpenKeyExW","SUCCESS","0x00000124","hKey->0x00000128","lpSubKey->{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20190818030721.435","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000124","lpValueName->Generation"
"20190818030721.435","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","CreateFileW","SUCCESS","0x00000124","lpFileName->\\.\MountPointManager","dwDesiredAccess->ATTRIBUTES"
"20190818030721.435","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","device","DeviceIoControl","FAILURE","","hDevice->0x00000124","dwIoControlCode->0x006d0034","lpInBuffer->0x0049c8f8","nInBufferSize->0x00000208","lpOutBuffer->0x0049ae98","nOutBufferSize->0x00000008","lpBytesReturned->0x0120f884","lpOverlapped->0x00000000"
"20190818030721.435","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","device","DeviceIoControl","SUCCESS","","hDevice->0x00000124","dwIoControlCode->0x006d0034","lpInBuffer->0x0049c8f8","nInBufferSize->0x00000208","lpOutBuffer->0x0049cb08","nOutBufferSize->0x00000010","lpBytesReturned->0x0120f884","lpOverlapped->0x00000000"
"20190818030721.435","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","CreateFileW","SUCCESS","0x00000124","lpFileName->\\.\MountPointManager","dwDesiredAccess->ATTRIBUTES"
"20190818030721.435","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","device","DeviceIoControl","FAILURE","","hDevice->0x00000124","dwIoControlCode->0x006d0034","lpInBuffer->0x0049c8f8","nInBufferSize->0x00000208","lpOutBuffer->0x0049ae98","nOutBufferSize->0x00000008","lpBytesReturned->0x0120f884","lpOverlapped->0x00000000"
"20190818030721.435","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","device","DeviceIoControl","SUCCESS","","hDevice->0x00000124","dwIoControlCode->0x006d0034","lpInBuffer->0x0049c8f8","nInBufferSize->0x00000208","lpOutBuffer->0x0049cb20","nOutBufferSize->0x00000010","lpBytesReturned->0x0120f884","lpOverlapped->0x00000000"
"20190818030721.435","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegCreateKeyExW","SUCCESS","0x00000124","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20190818030721.435","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegSetValueExW","SUCCESS","","hKey->0x00000124","lpValueName->BaseClass","dwType->1","lpData->Drive","cbData->12"
"20190818030721.435","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegOpenKeyExW","SUCCESS","0x00000124","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume"
"20190818030721.435","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegOpenKeyExW","SUCCESS","0x000000f8","hKey->0x00000124","lpSubKey->{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20190818030721.435","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000f8","lpValueName->Generation"
"20190818030721.435","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","system","LoadLibraryA","SUCCESS","0x7c9c0000","lpFileName->SHELL32.dll"
"20190818030721.435","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","system","LoadLibraryA","SUCCESS","0x774e0000","lpFileName->ole32.dll"
"20190818030721.435","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegOpenKeyExW","SUCCESS","0x000000fa","hKey->HKEY_CLASSES_ROOT","lpSubKey->Directory"
"20190818030721.435","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegOpenKeyExW","FAILURE","","hKey->0x000000fa","lpSubKey->CurVer"
"20190818030721.435","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegOpenKeyExW","SUCCESS","0x00000126","hKey->0x000000fa","lpSubKey->(null)"
"20190818030721.435","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190818030721.435","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegOpenKeyExW","SUCCESS","0x000000f8","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190818030721.435","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegQueryValueExW","FAILURE","","hKey->0x000000f8","lpValueName->DontShowSuperHidden"
"20190818030721.435","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegOpenKeyExW","SUCCESS","0x000000f8","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer"
"20190818030721.435","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegOpenKeyExW","SUCCESS","0x0000012c","hKey->0x000000f8","lpSubKey->(null)"
"20190818030721.435","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x0000012c","lpValueName->ShellState"
"20190818030721.435","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x0000012c","lpValueName->ShellState"
"20190818030721.435","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","memory","VirtualAllocEx","SUCCESS","0x00154000","th32ProcessID->420","szExeFile->9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","lpAddress->0x00154000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20190818030721.435","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","ReadFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToRead->61440"
"20190818030721.435","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","WriteFile","SUCCESS","","hFile->0x000000f4","nNumberOfBytesToWrite->61440"
"20190818030721.435","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","ReadFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToRead->61440"
"20190818030721.435","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","WriteFile","SUCCESS","","hFile->0x000000f4","nNumberOfBytesToWrite->61440"
"20190818030721.435","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","ReadFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToRead->61440"
"20190818030721.435","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","WriteFile","SUCCESS","","hFile->0x000000f4","nNumberOfBytesToWrite->61440"
"20190818030721.435","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","ReadFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToRead->61440"
"20190818030721.435","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","WriteFile","SUCCESS","","hFile->0x000000f4","nNumberOfBytesToWrite->61440"
"20190818030721.435","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","ReadFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToRead->61440"
"20190818030721.435","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","WriteFile","SUCCESS","","hFile->0x000000f4","nNumberOfBytesToWrite->61440"
"20190818030721.435","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","ReadFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToRead->61440"
"20190818030721.435","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","WriteFile","SUCCESS","","hFile->0x000000f4","nNumberOfBytesToWrite->61440"
"20190818030721.435","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","ReadFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToRead->61440"
"20190818030721.435","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","WriteFile","SUCCESS","","hFile->0x000000f4","nNumberOfBytesToWrite->61440"
"20190818030721.435","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","ReadFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToRead->61440"
"20190818030721.435","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","WriteFile","SUCCESS","","hFile->0x000000f4","nNumberOfBytesToWrite->61440"
"20190818030721.435","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","ReadFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToRead->61440"
"20190818030721.435","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","WriteFile","SUCCESS","","hFile->0x000000f4","nNumberOfBytesToWrite->61440"
"20190818030721.435","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","ReadFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToRead->61440"
"20190818030721.435","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","WriteFile","SUCCESS","","hFile->0x000000f4","nNumberOfBytesToWrite->61440"
"20190818030721.435","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","ReadFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToRead->61440"
"20190818030721.435","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","WriteFile","SUCCESS","","hFile->0x000000f4","nNumberOfBytesToWrite->61440"
"20190818030721.435","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","ReadFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToRead->61440"
"20190818030721.435","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","WriteFile","SUCCESS","","hFile->0x000000f4","nNumberOfBytesToWrite->61440"
"20190818030721.435","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","ReadFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToRead->61440"
"20190818030721.435","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","WriteFile","SUCCESS","","hFile->0x000000f4","nNumberOfBytesToWrite->61440"
"20190818030721.435","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","ReadFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToRead->32933"
"20190818030721.435","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","WriteFile","SUCCESS","","hFile->0x000000f4","nNumberOfBytesToWrite->32933"
"20190818030721.435","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","WriteFile","SUCCESS","","hFile->0x000000f4","nNumberOfBytesToWrite->268"
"20190818030721.435","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","WriteFile","SUCCESS","","hFile->0x000000f4","nNumberOfBytesToWrite->268"
"20190818030721.435","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","DeleteFileW","SUCCESS","","lpFileName->C:\AUTOEXEC.BAT"
"20190818030721.435","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","MoveFileWithProgressW","SUCCESS","","lpExistingFileName->C:\AUTOEXEC.BAT.exe","lpNewFileName->C:\AUTOEXEC.BAT"
"20190818030721.435","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","CreateFileW","SUCCESS","0x000000f4","lpFileName->C:\AutoRun.exe","dwDesiredAccess->GENERIC_READ"
"20190818030721.435","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","ReadFile","SUCCESS","","hFile->0x000000f4","nNumberOfBytesToRead->268"
"20190818030721.435","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","CreateFileW","SUCCESS","0x000000f4","lpFileName->C:\AUTORUN.INF","dwDesiredAccess->GENERIC_READ"
"20190818030721.435","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","ReadFile","SUCCESS","","hFile->0x000000f4","nNumberOfBytesToRead->268"
"20190818030721.435","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","CreateFileW","SUCCESS","0x000000f4","lpFileName->C:\9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","dwDesiredAccess->GENERIC_READ"
"20190818030721.435","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","CreateFileW","SUCCESS","0x000000f0","lpFileName->C:\AUTORUN.INF","dwDesiredAccess->GENERIC_READ"
"20190818030721.435","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","CreateFileW","SUCCESS","0x000000b8","lpFileName->C:\AUTORUN.INF.exe","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20190818030721.445","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190818030721.445","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegOpenKeyExW","SUCCESS","0x00000130","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190818030721.445","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegQueryValueExW","FAILURE","","hKey->0x00000130","lpValueName->ForceActiveDesktopOn"
"20190818030721.445","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190818030721.445","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegOpenKeyExW","SUCCESS","0x00000130","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190818030721.445","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegQueryValueExW","FAILURE","","hKey->0x00000130","lpValueName->NoActiveDesktop"
"20190818030721.445","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\System"
"20190818030721.445","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190818030721.445","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegOpenKeyExW","SUCCESS","0x00000130","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190818030721.445","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegQueryValueExW","FAILURE","","hKey->0x00000130","lpValueName->NoWebView"
"20190818030721.445","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190818030721.445","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegOpenKeyExW","SUCCESS","0x00000130","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190818030721.445","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegQueryValueExW","FAILURE","","hKey->0x00000130","lpValueName->ClassicShell"
"20190818030721.445","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190818030721.445","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegOpenKeyExW","SUCCESS","0x00000130","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190818030721.445","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegQueryValueExW","FAILURE","","hKey->0x00000130","lpValueName->SeparateProcess"
"20190818030721.445","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190818030721.445","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegOpenKeyExW","SUCCESS","0x00000130","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190818030721.445","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegQueryValueExW","FAILURE","","hKey->0x00000130","lpValueName->NoNetCrawling"
"20190818030721.445","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190818030721.445","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegOpenKeyExW","SUCCESS","0x00000130","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190818030721.445","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegQueryValueExW","FAILURE","","hKey->0x00000130","lpValueName->NoSimpleStartMenu"
"20190818030721.445","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegOpenKeyExW","SUCCESS","0x00000130","hKey->0x000000f8","lpSubKey->Advanced"
"20190818030721.445","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000130","lpValueName->Hidden"
"20190818030721.445","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000130","lpValueName->ShowCompColor"
"20190818030721.445","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000130","lpValueName->HideFileExt"
"20190818030721.445","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000130","lpValueName->DontPrettyPath"
"20190818030721.445","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000130","lpValueName->ShowInfoTip"
"20190818030721.445","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000130","lpValueName->HideIcons"
"20190818030721.445","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000130","lpValueName->MapNetDrvBtn"
"20190818030721.445","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000130","lpValueName->WebView"
"20190818030721.445","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000130","lpValueName->Filter"
"20190818030721.445","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000130","lpValueName->ShowSuperHidden"
"20190818030721.445","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000130","lpValueName->SeparateProcess"
"20190818030721.445","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000130","lpValueName->NoNetCrawling"
"20190818030721.445","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegOpenKeyExW","FAILURE","","hKey->0x00000126","lpSubKey->ShellEx\IconHandler"
"20190818030721.445","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegQueryValueExW","FAILURE","","hKey->0x00000126","lpValueName->DocObject"
"20190818030721.445","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegQueryValueExW","FAILURE","","hKey->0x00000126","lpValueName->BrowseInPlace"
"20190818030721.445","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegOpenKeyExW","FAILURE","","hKey->0x00000126","lpSubKey->Clsid"
"20190818030721.445","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegOpenKeyExW","SUCCESS","0x00000136","hKey->HKEY_CLASSES_ROOT","lpSubKey->Folder"
"20190818030721.445","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegOpenKeyExW","FAILURE","","hKey->0x00000136","lpSubKey->Clsid"
"20190818030721.445","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegQueryValueExW","FAILURE","","hKey->0x00000126","lpValueName->IsShortcut"
"20190818030721.445","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000126","lpValueName->AlwaysShowExt"
"20190818030721.445","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegQueryValueExW","FAILURE","","hKey->0x00000126","lpValueName->NeverShowExt"
"20190818030721.445","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190818030721.445","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegOpenKeyExW","SUCCESS","0x00000134","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190818030721.445","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegQueryValueExW","FAILURE","","hKey->0x00000134","lpValueName->UseDesktopIniCache"
"20190818030721.445","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","memory","VirtualAllocEx","SUCCESS","0x00154000","th32ProcessID->2008","szExeFile->HelpMe.exe","lpAddress->0x00154000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20190818030721.445","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","ReadFile","SUCCESS","","hFile->0x000000f4","nNumberOfBytesToRead->61440"
"20190818030721.445","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","WriteFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToWrite->61440"
"20190818030721.445","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","ReadFile","SUCCESS","","hFile->0x000000f4","nNumberOfBytesToRead->61440"
"20190818030721.445","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","WriteFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToWrite->61440"
"20190818030721.445","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","ReadFile","SUCCESS","","hFile->0x000000f4","nNumberOfBytesToRead->61440"
"20190818030721.445","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","WriteFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToWrite->61440"
"20190818030721.445","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","ReadFile","SUCCESS","","hFile->0x000000f4","nNumberOfBytesToRead->61440"
"20190818030721.445","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","WriteFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToWrite->61440"
"20190818030721.445","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","ReadFile","SUCCESS","","hFile->0x000000f4","nNumberOfBytesToRead->61440"
"20190818030721.445","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","WriteFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToWrite->61440"
"20190818030721.445","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","ReadFile","SUCCESS","","hFile->0x000000f4","nNumberOfBytesToRead->61440"
"20190818030721.445","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","WriteFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToWrite->61440"
"20190818030721.445","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","ReadFile","SUCCESS","","hFile->0x000000f4","nNumberOfBytesToRead->61440"
"20190818030721.445","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","WriteFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToWrite->61440"
"20190818030721.445","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","ReadFile","SUCCESS","","hFile->0x000000f4","nNumberOfBytesToRead->61440"
"20190818030721.445","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","WriteFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToWrite->61440"
"20190818030721.445","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","ReadFile","SUCCESS","","hFile->0x000000f4","nNumberOfBytesToRead->61440"
"20190818030721.445","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","WriteFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToWrite->61440"
"20190818030721.445","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","ReadFile","SUCCESS","","hFile->0x000000f4","nNumberOfBytesToRead->61440"
"20190818030721.445","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","WriteFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToWrite->61440"
"20190818030721.445","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","ReadFile","SUCCESS","","hFile->0x000000f4","nNumberOfBytesToRead->61440"
"20190818030721.445","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","WriteFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToWrite->61440"
"20190818030721.445","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","ReadFile","SUCCESS","","hFile->0x000000f4","nNumberOfBytesToRead->61440"
"20190818030721.445","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","WriteFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToWrite->61440"
"20190818030721.445","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","ReadFile","SUCCESS","","hFile->0x000000f4","nNumberOfBytesToRead->61440"
"20190818030721.445","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","WriteFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToWrite->61440"
"20190818030721.445","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","ReadFile","SUCCESS","","hFile->0x000000f4","nNumberOfBytesToRead->32933"
"20190818030721.445","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","WriteFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToWrite->32933"
"20190818030721.445","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","ReadFile","SUCCESS","","hFile->0x000000f0","nNumberOfBytesToRead->145"
"20190818030721.445","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","WriteFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToWrite->145"
"20190818030721.445","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","WriteFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToWrite->268"
"20190818030721.445","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","WriteFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToWrite->268"
"20190818030721.455","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","system","LoadLibraryA","SUCCESS","0x77120000","lpFileName->oleaut32.dll"
"20190818030721.455","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegOpenKeyExW","SUCCESS","0x000000f0","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\COM3"
"20190818030721.455","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000f0","lpValueName->Com+Enabled"
"20190818030721.455","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\COM3\Debug"
"20190818030721.455","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\COM3\Debug"
"20190818030721.455","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegOpenKeyExW","SUCCESS","0x000000f0","hKey->HKEY_LOCAL_MACHINE","lpSubKey->SOFTWARE\Microsoft\OLE"
"20190818030721.455","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegQueryValueExW","FAILURE","","hKey->0x000000f0","lpValueName->MinimumFreeMemPercentageToCreateProcess"
"20190818030721.455","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegQueryValueExW","FAILURE","","hKey->0x000000f0","lpValueName->MinimumFreeMemPercentageToCreateObject"
"20190818030721.455","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","system","LoadLibraryA","SUCCESS","0x76fd0000","lpFileName->CLBCATQ.DLL"
"20190818030721.455","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegOpenKeyExW","SUCCESS","0x000000f0","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\COM3"
"20190818030721.455","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000f0","lpValueName->Com+Enabled"
"20190818030721.455","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","system","LoadLibraryA","SUCCESS","0x76fd0000","lpFileName->CLBCATQ.DLL"
"20190818030721.455","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegOpenKeyExW","SUCCESS","0x000000f0","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Classes"
"20190818030721.455","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegOpenKeyExW","SUCCESS","0x00000124","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\COM3"
"20190818030721.455","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegOpenKeyExW","SUCCESS","0x00000144","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Classes"
"20190818030721.455","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegOpenKeyExW","SUCCESS","0x00000154","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\COM3"
"20190818030721.455","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegOpenKeyExW","SUCCESS","0x0000015c","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\COM3"
"20190818030721.455","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegOpenKeyExW","SUCCESS","0x00000164","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Classes\CLSID"
"20190818030721.455","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegOpenKeyExW","SUCCESS","0x0000016c","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Classes"
"20190818030721.455","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegOpenKeyExW","SUCCESS","0x00000174","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\COM3"
"20190818030721.455","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegOpenKeyExW","SUCCESS","0x00000184","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\COM3"
"20190818030721.455","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegOpenKeyExW","SUCCESS","0x0000018c","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\COM3"
"20190818030721.455","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegOpenKeyExW","SUCCESS","0x00000194","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Classes\CLSID"
"20190818030721.455","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegOpenKeyExW","SUCCESS","0x0000019c","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\COM3"
"20190818030721.455","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x0000019c","lpValueName->REGDBVersion"
"20190818030721.455","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","CreateFileW","SUCCESS","0x0000019c","lpFileName->C:\WINDOWS\Registration\R000000000007.clb","dwDesiredAccess->GENERIC_READ"
"20190818030721.455","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","ReadFile","SUCCESS","","hFile->0x0000019c","nNumberOfBytesToRead->22512"
"20190818030721.455","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegOpenKeyExW","SUCCESS","0x0000019c","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\COM3"
"20190818030721.455","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x0000019c","lpValueName->REGDBVersion"
"20190818030721.455","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","memory","VirtualAllocEx","SUCCESS","0x00300000","th32ProcessID->2008","szExeFile->HelpMe.exe","lpAddress->0x00000000","dwSize->65536","flAllocationType->0x00002000","flProtect->0x00000001"
"20190818030721.455","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","memory","VirtualAllocEx","SUCCESS","0x00300000","th32ProcessID->2008","szExeFile->HelpMe.exe","lpAddress->0x00300000","dwSize->4096","flAllocationType->0x00001000","flProtect->0x00000004"
"20190818030721.455","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegOpenKeyExW","SUCCESS","0x0000019e","hKey->0x000000f6","lpSubKey->CLSID\{00021401-0000-0000-C000-000000000046}"
"20190818030721.455","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegOpenKeyExW","FAILURE","","hKey->0x0000019e","lpSubKey->TreatAs"
"20190818030721.455","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegOpenKeyExW","SUCCESS","0x000001aa","hKey->0x000000f6","lpSubKey->(null)"
"20190818030721.455","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegOpenKeyExW","SUCCESS","0x0000019e","hKey->0x000001aa","lpSubKey->CLSID\{00021401-0000-0000-C000-000000000046}"
"20190818030721.455","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegOpenKeyExW","SUCCESS","0x000001ae","hKey->0x0000019e","lpSubKey->InprocServer32"
"20190818030721.455","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegQueryValueExW","FAILURE","","hKey->0x000001ae","lpValueName->InprocServer32"
"20190818030721.455","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegOpenKeyExW","FAILURE","","hKey->0x0000019e","lpSubKey->InprocServerX86"
"20190818030721.455","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegOpenKeyExW","FAILURE","","hKey->0x0000019e","lpSubKey->LocalServer32"
"20190818030721.455","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegOpenKeyExW","SUCCESS","0x000001ae","hKey->0x0000019e","lpSubKey->InprocServer32"
"20190818030721.455","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001ae","lpValueName->(null)"
"20190818030721.455","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegOpenKeyExW","FAILURE","","hKey->0x0000019e","lpSubKey->InprocHandler32"
"20190818030721.455","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegOpenKeyExW","FAILURE","","hKey->0x0000019e","lpSubKey->InprocHandlerX86"
"20190818030721.455","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegOpenKeyExW","FAILURE","","hKey->0x0000019e","lpSubKey->LocalServer32"
"20190818030721.455","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegOpenKeyExW","FAILURE","","hKey->0x0000019e","lpSubKey->LocalServer"
"20190818030721.455","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegOpenKeyExW","SUCCESS","0x000001ae","hKey->0x000001aa","lpSubKey->CLSID\{00021401-0000-0000-C000-000000000046}"
"20190818030721.455","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegQueryValueExW","FAILURE","","hKey->0x000001ae","lpValueName->AppID"
"20190818030721.455","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegOpenKeyExW","SUCCESS","0x0000019e","hKey->0x000001aa","lpSubKey->CLSID\{00021401-0000-0000-C000-000000000046}"
"20190818030721.455","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegOpenKeyExW","SUCCESS","0x0000019e","hKey->0x000001aa","lpSubKey->CLSID\{00021401-0000-0000-C000-000000000046}"
"20190818030721.455","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegOpenKeyExW","SUCCESS","0x000001ae","hKey->0x0000019e","lpSubKey->InprocServer32"
"20190818030721.455","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001ae","lpValueName->ThreadingModel"
"20190818030721.455","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegOpenKeyExW","SUCCESS","0x0000019e","hKey->HKEY_CLASSES_ROOT","lpSubKey->CLSID\{00021401-0000-0000-C000-000000000046}"
"20190818030721.455","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegOpenKeyExW","FAILURE","","hKey->0x0000019e","lpSubKey->TreatAs"
"20190818030721.455","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegOpenKeyExW","SUCCESS","0x000001ac","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume"
"20190818030721.455","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegOpenKeyExW","SUCCESS","0x000001b0","hKey->0x000001ac","lpSubKey->{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20190818030721.455","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001b0","lpValueName->Generation"
"20190818030721.455","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegOpenKeyExW","SUCCESS","0x000001b2","hKey->HKEY_CLASSES_ROOT","lpSubKey->Drive\shellex\FolderExtensions"
"20190818030721.455","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegOpenKeyExW","SUCCESS","0x000001ae","hKey->HKEY_CLASSES_ROOT","lpSubKey->Drive\shellex\FolderExtensions\{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"20190818030721.455","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001ae","lpValueName->DriveMask"
"20190818030721.455","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190818030721.455","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegOpenKeyExW","SUCCESS","0x000001b0","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190818030721.455","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegQueryValueExW","FAILURE","","hKey->0x000001b0","lpValueName->AllowFileCLSIDJunctions"
"20190818030721.455","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegCreateKeyExW","SUCCESS","0x000001b0","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders"
"20190818030721.455","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001b0","lpValueName->Personal"
"20190818030721.455","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegCreateKeyExW","SUCCESS","0x000001b0","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders"
"20190818030721.455","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegSetValueExW","SUCCESS","","hKey->0x000001b0","lpValueName->Personal","dwType->1","lpData->C:\Documents and Settings\janettedoe\My Documents","cbData->100"
"20190818030721.455","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegOpenKeyExW","SUCCESS","0x000001b0","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume"
"20190818030721.455","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegOpenKeyExW","SUCCESS","0x000001ac","hKey->0x000001b0","lpSubKey->{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20190818030721.455","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001ac","lpValueName->Generation"
"20190818030721.455","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegCreateKeyExW","SUCCESS","0x000001ac","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders"
"20190818030721.455","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001ac","lpValueName->Common Documents"
"20190818030721.455","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegCreateKeyExW","SUCCESS","0x000001ac","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders"
"20190818030721.455","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegSetValueExW","SUCCESS","","hKey->0x000001ac","lpValueName->Common Documents","dwType->1","lpData->C:\Documents and Settings\All Users\Documents","cbData->92"
"20190818030721.455","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegOpenKeyExW","SUCCESS","0x000001ac","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume"
"20190818030721.455","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegOpenKeyExW","SUCCESS","0x000001b0","hKey->0x000001ac","lpSubKey->{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20190818030721.455","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001b0","lpValueName->Generation"
"20190818030721.455","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegCreateKeyExW","SUCCESS","0x000001b0","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders"
"20190818030721.455","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001b0","lpValueName->Desktop"
"20190818030721.455","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegCreateKeyExW","SUCCESS","0x000001b0","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders"
"20190818030721.455","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegSetValueExW","SUCCESS","","hKey->0x000001b0","lpValueName->Desktop","dwType->1","lpData->C:\Documents and Settings\janettedoe\Desktop","cbData->90"
"20190818030721.455","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegOpenKeyExW","SUCCESS","0x000001b0","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume"
"20190818030721.455","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegOpenKeyExW","SUCCESS","0x000001ac","hKey->0x000001b0","lpSubKey->{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20190818030721.455","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001ac","lpValueName->Generation"
"20190818030721.455","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegCreateKeyExW","SUCCESS","0x000001ac","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders"
"20190818030721.455","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001ac","lpValueName->Common Desktop"
"20190818030721.455","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegCreateKeyExW","SUCCESS","0x000001ac","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders"
"20190818030721.455","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegSetValueExW","SUCCESS","","hKey->0x000001ac","lpValueName->Common Desktop","dwType->1","lpData->C:\Documents and Settings\All Users\Desktop","cbData->88"
"20190818030721.455","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegOpenKeyExW","SUCCESS","0x000001ac","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume"
"20190818030721.455","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegOpenKeyExW","SUCCESS","0x000001b0","hKey->0x000001ac","lpSubKey->{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20190818030721.455","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001b0","lpValueName->Generation"
"20190818030721.455","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegOpenKeyExW","SUCCESS","0x000001b0","hKey->0x000000f8","lpSubKey->FileExts"
"20190818030721.455","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegOpenKeyExW","FAILURE","","hKey->0x000001b0","lpSubKey->."
"20190818030721.455","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegOpenKeyExW","FAILURE","","hKey->0x000001b0","lpSubKey->."
"20190818030721.455","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_CLASSES_ROOT","lpSubKey->."
"20190818030721.455","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_CLASSES_ROOT","lpSubKey->SystemFileAssociations\."
"20190818030721.455","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_CLASSES_ROOT","lpSubKey->."
"20190818030721.455","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","DeleteFileW","FAILURE","","lpFileName->C:\AUTORUN.INF"
"20190818030721.455","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","MoveFileWithProgressW","FAILURE","","lpExistingFileName->C:\AUTORUN.INF.exe","lpNewFileName->C:\AUTORUN.INF"
"20190818030721.455","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","CreateFileW","SUCCESS","0x000001b4","lpFileName->C:\boot.ini","dwDesiredAccess->GENERIC_READ"
"20190818030721.455","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001b4","nNumberOfBytesToRead->268"
"20190818030721.455","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegOpenKeyExW","SUCCESS","0x000001b6","hKey->0x00000062","lpSubKey->Network\SharingHandler"
"20190818030721.455","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001b6","lpValueName->(null)"
"20190818030721.465","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegOpenKeyExW","SUCCESS","0x000001b4","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows NT\CurrentVersion\winlogon"
"20190818030721.465","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegQueryValueExW","FAILURE","","hKey->0x000001b4","lpValueName->UserEnvDebugLevel"
"20190818030721.465","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegOpenKeyExW","SUCCESS","0x000001b4","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows NT\CurrentVersion\winlogon"
"20190818030721.465","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegQueryValueExW","FAILURE","","hKey->0x000001b4","lpValueName->ChkAccDebugLevel"
"20190818030721.465","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegOpenKeyExW","SUCCESS","0x000001b4","hKey->HKEY_LOCAL_MACHINE","lpSubKey->System\CurrentControlSet\Control\ProductOptions"
"20190818030721.465","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001b4","lpValueName->ProductType"
"20190818030721.465","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegOpenKeyExW","SUCCESS","0x000001ac","hKey->0x000000b8","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders"
"20190818030721.465","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001ac","lpValueName->Personal"
"20190818030721.465","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001ac","lpValueName->Local Settings"
"20190818030721.465","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegOpenKeyExW","SUCCESS","0x000000b8","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows NT\CurrentVersion\winlogon"
"20190818030721.465","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegQueryValueExW","FAILURE","","hKey->0x000000b8","lpValueName->RsopDebugLevel"
"20190818030721.465","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegOpenKeyExW","SUCCESS","0x000000b8","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows NT\CurrentVersion\winlogon"
"20190818030721.465","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegQueryValueExW","FAILURE","","hKey->0x000000b8","lpValueName->UserEnvDebugLevel"
"20190818030721.465","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegQueryValueExW","FAILURE","","hKey->0x000000b8","lpValueName->RsopLogging"
"20190818030721.465","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Policies\Microsoft\Windows\System"
"20190818030721.465","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegOpenKeyExW","SUCCESS","0x000000b8","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows NT\CurrentVersion\winlogon"
"20190818030721.465","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegQueryValueExW","FAILURE","","hKey->0x000000b8","lpValueName->UserEnvDebugLevel"
"20190818030721.465","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Policies\Microsoft\Windows\System"
"20190818030721.465","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","system","LoadLibraryW","SUCCESS","0x773d0000","lpFileName->comctl32.dll"
"20190818030721.465","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","system","LoadLibraryW","SUCCESS","0x76990000","lpFileName->ntshrui.dll"
"20190818030721.465","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","CreateFileW","SUCCESS","0x000000b8","lpFileName->C:\9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","dwDesiredAccess->GENERIC_READ"
"20190818030721.465","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","CreateFileW","SUCCESS","0x000001b8","lpFileName->C:\boot.ini","dwDesiredAccess->GENERIC_READ"
"20190818030721.465","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","system","LoadLibraryA","SUCCESS","0x76980000","lpFileName->LINKINFO.dll"
"20190818030721.465","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","CreateFileW","SUCCESS","0x000001bc","lpFileName->C:\boot.ini.exe","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20190818030721.465","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","memory","VirtualAllocEx","SUCCESS","0x00154000","th32ProcessID->2008","szExeFile->HelpMe.exe","lpAddress->0x00154000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20190818030721.465","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","ReadFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToRead->61440"
"20190818030721.465","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToWrite->61440"
"20190818030721.465","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","ReadFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToRead->61440"
"20190818030721.465","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToWrite->61440"
"20190818030721.465","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","ReadFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToRead->61440"
"20190818030721.465","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToWrite->61440"
"20190818030721.465","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","ReadFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToRead->61440"
"20190818030721.465","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToWrite->61440"
"20190818030721.465","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","ReadFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToRead->61440"
"20190818030721.465","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToWrite->61440"
"20190818030721.465","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","ReadFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToRead->61440"
"20190818030721.465","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToWrite->61440"
"20190818030721.465","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","ReadFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToRead->61440"
"20190818030721.465","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToWrite->61440"
"20190818030721.465","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","ReadFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToRead->61440"
"20190818030721.465","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToWrite->61440"
"20190818030721.465","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","ReadFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToRead->61440"
"20190818030721.465","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToWrite->61440"
"20190818030721.465","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","ReadFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToRead->61440"
"20190818030721.465","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToWrite->61440"
"20190818030721.465","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","ReadFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToRead->61440"
"20190818030721.465","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToWrite->61440"
"20190818030721.465","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","ReadFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToRead->61440"
"20190818030721.465","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToWrite->61440"
"20190818030721.465","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","ReadFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToRead->61440"
"20190818030721.465","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToWrite->61440"
"20190818030721.465","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","ReadFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToRead->32933"
"20190818030721.465","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToWrite->32933"
"20190818030721.465","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001b8","nNumberOfBytesToRead->211"
"20190818030721.465","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToWrite->211"
"20190818030721.465","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToWrite->268"
"20190818030721.465","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToWrite->268"
"20190818030721.475","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","CreateFileW","SUCCESS","0x000001b8","lpFileName->\\.\PIPE\srvsvc","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20190818030721.475","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegOpenKeyExW","SUCCESS","0x000001b8","hKey->HKEY_LOCAL_MACHINE","lpSubKey->System\CurrentControlSet\Control\ProductOptions"
"20190818030721.475","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001b8","lpValueName->ProductType"
"20190818030721.475","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegOpenKeyExW","SUCCESS","0x000001b8","hKey->HKEY_LOCAL_MACHINE","lpSubKey->System\CurrentControlSet\Services\LanmanServer\DefaultSecurity"
"20190818030721.475","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegQueryValueExW","FAILURE","","hKey->0x000001b8","lpValueName->SrvsvcDefaultShareInfo"
"20190818030721.475","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","CreateFileW","SUCCESS","0x000001bc","lpFileName->\\.\PIPE\lsarpc","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20190818030721.475","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","CreateFileW","SUCCESS","0x000001b8","lpFileName->\\.\PIPE\srvsvc","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20190818030721.505","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","CreateFileW","SUCCESS","0x000001b8","lpFileName->C:\9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","dwDesiredAccess->0x00000080"
"20190818030721.505","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","device","DeviceIoControl","SUCCESS","","hDevice->0x000001b8","dwIoControlCode->0x000900c0","lpInBuffer->0x00000000","nInBufferSize->0x00000000","lpOutBuffer->0x0120ece4","nOutBufferSize->0x00000040","lpBytesReturned->0x0120ecdc","lpOverlapped->0x00000000"
"20190818030721.505","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","CreateFileW","SUCCESS","0x000001b8","lpFileName->C:\Documents and Settings\janettedoe\Start Menu\Programs\Startup\Soft.lnk","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20190818030721.505","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegOpenKeyExW","SUCCESS","0x000001be","hKey->HKEY_CLASSES_ROOT","lpSubKey->Drive\shellex\FolderExtensions"
"20190818030721.505","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegOpenKeyExW","SUCCESS","0x000000ba","hKey->HKEY_CLASSES_ROOT","lpSubKey->Drive\shellex\FolderExtensions\{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"20190818030721.505","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000ba","lpValueName->DriveMask"
"20190818030721.505","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegCreateKeyExW","SUCCESS","0x000000b8","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders"
"20190818030721.505","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000b8","lpValueName->Start Menu"
"20190818030721.505","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegCreateKeyExW","SUCCESS","0x000000b8","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders"
"20190818030721.516","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","DeleteFileW","SUCCESS","","lpFileName->C:\boot.ini"
"20190818030721.516","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","MoveFileWithProgressW","SUCCESS","","lpExistingFileName->C:\boot.ini.exe","lpNewFileName->C:\boot.ini"
"20190818030721.516","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","CreateFileW","SUCCESS","0x000001bc","lpFileName->C:\CONFIG.SYS","dwDesiredAccess->GENERIC_READ"
"20190818030721.516","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToRead->268"
"20190818030721.516","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","CreateFileW","SUCCESS","0x000001bc","lpFileName->C:\9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","dwDesiredAccess->GENERIC_READ"
"20190818030721.516","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","CreateFileW","SUCCESS","0x000001c0","lpFileName->C:\CONFIG.SYS","dwDesiredAccess->GENERIC_READ"
"20190818030721.516","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","CreateFileW","SUCCESS","0x000001c8","lpFileName->C:\CONFIG.SYS.exe","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20190818030721.505","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegSetValueExW","SUCCESS","","hKey->0x000000b8","lpValueName->Start Menu","dwType->1","lpData->C:\Documents and Settings\janettedoe\Start Menu","cbData->96"
"20190818030721.516","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegOpenKeyExW","SUCCESS","0x000000b8","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume"
"20190818030721.516","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegOpenKeyExW","SUCCESS","0x000001d0","hKey->0x000000b8","lpSubKey->{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20190818030721.516","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001d0","lpValueName->Generation"
"20190818030721.516","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegCreateKeyExW","SUCCESS","0x000001d0","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders"
"20190818030721.516","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001d0","lpValueName->Common Start Menu"
"20190818030721.516","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegCreateKeyExW","SUCCESS","0x000001d0","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders"
"20190818030721.516","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegSetValueExW","SUCCESS","","hKey->0x000001d0","lpValueName->Common Start Menu","dwType->1","lpData->C:\Documents and Settings\All Users\Start Menu","cbData->94"
"20190818030721.516","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegOpenKeyExW","SUCCESS","0x000001d0","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume"
"20190818030721.516","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegOpenKeyExW","SUCCESS","0x000000b8","hKey->0x000001d0","lpSubKey->{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20190818030721.516","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000b8","lpValueName->Generation"
"20190818030721.516","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegCreateKeyExW","SUCCESS","0x000000b8","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders"
"20190818030721.516","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000b8","lpValueName->Common AppData"
"20190818030721.516","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegCreateKeyExW","SUCCESS","0x000000b8","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders"
"20190818030721.516","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegSetValueExW","SUCCESS","","hKey->0x000000b8","lpValueName->Common AppData","dwType->1","lpData->C:\Documents and Settings\All Users\Application Data","cbData->106"
"20190818030721.516","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegOpenKeyExW","SUCCESS","0x000000b8","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume"
"20190818030721.516","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegOpenKeyExW","SUCCESS","0x000001d0","hKey->0x000000b8","lpSubKey->{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20190818030721.516","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001d0","lpValueName->Generation"
"20190818030721.516","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","memory","VirtualAllocEx","SUCCESS","0x00154000","th32ProcessID->2008","szExeFile->HelpMe.exe","lpAddress->0x00154000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20190818030721.516","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToRead->61440"
"20190818030721.516","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001c8","nNumberOfBytesToWrite->61440"
"20190818030721.516","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToRead->61440"
"20190818030721.516","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001c8","nNumberOfBytesToWrite->61440"
"20190818030721.516","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToRead->61440"
"20190818030721.516","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001c8","nNumberOfBytesToWrite->61440"
"20190818030721.516","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToRead->61440"
"20190818030721.516","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001c8","nNumberOfBytesToWrite->61440"
"20190818030721.516","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToRead->61440"
"20190818030721.526","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001c8","nNumberOfBytesToWrite->61440"
"20190818030721.526","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToRead->61440"
"20190818030721.526","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001c8","nNumberOfBytesToWrite->61440"
"20190818030721.526","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToRead->61440"
"20190818030721.526","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001c8","nNumberOfBytesToWrite->61440"
"20190818030721.526","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToRead->61440"
"20190818030721.526","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001c8","nNumberOfBytesToWrite->61440"
"20190818030721.526","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToRead->61440"
"20190818030721.526","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001c8","nNumberOfBytesToWrite->61440"
"20190818030721.526","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToRead->61440"
"20190818030721.526","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001c8","nNumberOfBytesToWrite->61440"
"20190818030721.526","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToRead->61440"
"20190818030721.526","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001c8","nNumberOfBytesToWrite->61440"
"20190818030721.526","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToRead->61440"
"20190818030721.526","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001c8","nNumberOfBytesToWrite->61440"
"20190818030721.526","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToRead->61440"
"20190818030721.526","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001c8","nNumberOfBytesToWrite->61440"
"20190818030721.526","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToRead->32933"
"20190818030721.526","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001c8","nNumberOfBytesToWrite->32933"
"20190818030721.526","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001c8","nNumberOfBytesToWrite->268"
"20190818030721.526","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001c8","nNumberOfBytesToWrite->268"
"20190818030721.526","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegCreateKeyExW","SUCCESS","0x000001c8","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders"
"20190818030721.526","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001c8","lpValueName->AppData"
"20190818030721.526","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegCreateKeyExW","SUCCESS","0x000001c8","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders"
"20190818030721.526","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegSetValueExW","SUCCESS","","hKey->0x000001c8","lpValueName->AppData","dwType->1","lpData->C:\Documents and Settings\janettedoe\Application Data","cbData->108"
"20190818030721.526","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegOpenKeyExW","SUCCESS","0x000001c8","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume"
"20190818030721.526","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegOpenKeyExW","SUCCESS","0x000001c0","hKey->0x000001c8","lpSubKey->{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20190818030721.526","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001c0","lpValueName->Generation"
"20190818030721.536","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","DeleteFileW","SUCCESS","","lpFileName->C:\CONFIG.SYS"
"20190818030721.536","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","MoveFileWithProgressW","SUCCESS","","lpExistingFileName->C:\CONFIG.SYS.exe","lpNewFileName->C:\CONFIG.SYS"
"20190818030721.536","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","CreateFileW","SUCCESS","0x000001bc","lpFileName->C:\cuckoo\additional\.gitignore","dwDesiredAccess->GENERIC_READ"
"20190818030721.536","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToRead->268"
"20190818030721.536","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","CreateFileW","SUCCESS","0x000001bc","lpFileName->C:\9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","dwDesiredAccess->GENERIC_READ"
"20190818030721.536","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","CreateFileW","SUCCESS","0x000001cc","lpFileName->C:\cuckoo\additional\.gitignore","dwDesiredAccess->GENERIC_READ"
"20190818030721.536","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","CreateFileW","SUCCESS","0x000000b8","lpFileName->C:\cuckoo\additional\.gitignore.exe","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20190818030721.536","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","memory","VirtualAllocEx","SUCCESS","0x00154000","th32ProcessID->2008","szExeFile->HelpMe.exe","lpAddress->0x00154000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20190818030721.536","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToRead->61440"
"20190818030721.536","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","WriteFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToWrite->61440"
"20190818030721.536","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToRead->61440"
"20190818030721.536","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","WriteFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToWrite->61440"
"20190818030721.536","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToRead->61440"
"20190818030721.536","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","WriteFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToWrite->61440"
"20190818030721.536","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToRead->61440"
"20190818030721.536","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","WriteFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToWrite->61440"
"20190818030721.536","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToRead->61440"
"20190818030721.536","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","WriteFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToWrite->61440"
"20190818030721.536","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToRead->61440"
"20190818030721.536","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","WriteFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToWrite->61440"
"20190818030721.536","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToRead->61440"
"20190818030721.536","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","WriteFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToWrite->61440"
"20190818030721.536","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToRead->61440"
"20190818030721.536","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","WriteFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToWrite->61440"
"20190818030721.536","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToRead->61440"
"20190818030721.536","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","WriteFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToWrite->61440"
"20190818030721.536","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToRead->61440"
"20190818030721.536","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","WriteFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToWrite->61440"
"20190818030721.536","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToRead->61440"
"20190818030721.536","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","WriteFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToWrite->61440"
"20190818030721.536","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToRead->61440"
"20190818030721.536","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","WriteFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToWrite->61440"
"20190818030721.536","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToRead->61440"
"20190818030721.536","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","WriteFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToWrite->61440"
"20190818030721.536","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToRead->32933"
"20190818030721.536","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","WriteFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToWrite->32933"
"20190818030721.536","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToRead->71"
"20190818030721.536","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","WriteFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToWrite->71"
"20190818030721.536","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","WriteFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToWrite->268"
"20190818030721.536","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","WriteFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToWrite->268"
"20190818030721.536","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","DeleteFileW","SUCCESS","","lpFileName->C:\cuckoo\additional\.gitignore"
"20190818030721.546","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegOpenKeyExW","SUCCESS","0x000001cc","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume"
"20190818030721.546","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegOpenKeyExW","SUCCESS","0x000001bc","hKey->0x000001cc","lpSubKey->{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20190818030721.546","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001bc","lpValueName->Generation"
"20190818030721.546","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegOpenKeyExW","SUCCESS","0x000001bc","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume"
"20190818030721.546","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegOpenKeyExW","SUCCESS","0x000001cc","hKey->0x000001bc","lpSubKey->{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20190818030721.546","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001cc","lpValueName->Generation"
"20190818030721.546","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegOpenKeyExW","SUCCESS","0x000001cc","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume"
"20190818030721.546","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegOpenKeyExW","SUCCESS","0x000001bc","hKey->0x000001cc","lpSubKey->{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20190818030721.546","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001bc","lpValueName->Generation"
"20190818030721.546","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegCreateKeyExW","SUCCESS","0x000001bc","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders"
"20190818030721.546","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001bc","lpValueName->My Pictures"
"20190818030721.546","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegCreateKeyExW","SUCCESS","0x000001bc","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders"
"20190818030721.546","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegSetValueExW","SUCCESS","","hKey->0x000001bc","lpValueName->My Pictures","dwType->1","lpData->C:\Documents and Settings\janettedoe\My Documents\My Pictures","cbData->124"
"20190818030721.546","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegOpenKeyExW","SUCCESS","0x000001bc","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume"
"20190818030721.546","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegOpenKeyExW","SUCCESS","0x000001cc","hKey->0x000001bc","lpSubKey->{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20190818030721.546","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001cc","lpValueName->Generation"
"20190818030721.546","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","MoveFileWithProgressW","SUCCESS","","lpExistingFileName->C:\cuckoo\additional\.gitignore.exe","lpNewFileName->C:\cuckoo\additional\.gitignore"
"20190818030721.546","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","CreateFileW","SUCCESS","0x000000b8","lpFileName->C:\cuckoo\dll\cmonitor.dll","dwDesiredAccess->GENERIC_READ"
"20190818030721.546","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","ReadFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToRead->268"
"20190818030721.546","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","CreateFileW","SUCCESS","0x000000b8","lpFileName->C:\9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","dwDesiredAccess->GENERIC_READ"
"20190818030721.546","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","CreateFileW","SUCCESS","0x000001cc","lpFileName->C:\cuckoo\dll\cmonitor.dll","dwDesiredAccess->GENERIC_READ"
"20190818030721.546","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","CreateFileW","SUCCESS","0x000001bc","lpFileName->C:\cuckoo\dll\cmonitor.dll.exe","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20190818030721.546","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","memory","VirtualAllocEx","SUCCESS","0x00154000","th32ProcessID->2008","szExeFile->HelpMe.exe","lpAddress->0x00154000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20190818030721.546","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","ReadFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToRead->61440"
"20190818030721.576","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190818030721.576","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegOpenKeyExW","SUCCESS","0x000001d4","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190818030721.576","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegQueryValueExW","FAILURE","","hKey->0x000001d4","lpValueName->CompareJunctionness"
"20190818030721.576","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToWrite->61440"
"20190818030721.576","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","ReadFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToRead->61440"
"20190818030721.576","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToWrite->61440"
"20190818030721.576","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","ReadFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToRead->61440"
"20190818030721.576","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToWrite->61440"
"20190818030721.576","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","ReadFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToRead->61440"
"20190818030721.576","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToWrite->61440"
"20190818030721.576","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","ReadFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToRead->61440"
"20190818030721.576","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToWrite->61440"
"20190818030721.576","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","ReadFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToRead->61440"
"20190818030721.576","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToWrite->61440"
"20190818030721.576","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","ReadFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToRead->61440"
"20190818030721.576","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToWrite->61440"
"20190818030721.576","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","ReadFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToRead->61440"
"20190818030721.576","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToWrite->61440"
"20190818030721.576","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","ReadFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToRead->61440"
"20190818030721.576","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToWrite->61440"
"20190818030721.576","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","ReadFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToRead->61440"
"20190818030721.576","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToWrite->61440"
"20190818030721.576","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","ReadFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToRead->61440"
"20190818030721.576","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToWrite->61440"
"20190818030721.576","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","ReadFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToRead->61440"
"20190818030721.576","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToWrite->61440"
"20190818030721.576","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","ReadFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToRead->61440"
"20190818030721.576","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToWrite->61440"
"20190818030721.576","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","ReadFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToRead->32933"
"20190818030721.576","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToWrite->32933"
"20190818030721.576","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","memory","VirtualAllocEx","SUCCESS","0x00154000","th32ProcessID->2008","szExeFile->HelpMe.exe","lpAddress->0x00154000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20190818030721.576","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToRead->61440"
"20190818030721.576","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToWrite->61440"
"20190818030721.576","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToRead->61440"
"20190818030721.576","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToWrite->61440"
"20190818030721.576","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToRead->61440"
"20190818030721.576","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToWrite->61440"
"20190818030721.576","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToRead->12288"
"20190818030721.576","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToWrite->12288"
"20190818030721.576","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToWrite->268"
"20190818030721.576","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToWrite->268"
"20190818030721.576","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","DeleteFileW","SUCCESS","","lpFileName->C:\cuckoo\dll\cmonitor.dll"
"20190818030721.576","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegOpenKeyExW","SUCCESS","0x000001cc","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion"
"20190818030721.576","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegQueryValueExW","FAILURE","","hKey->0x000001cc","lpValueName->ProgramFilesDir (x86)"
"20190818030721.576","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegOpenKeyExW","SUCCESS","0x000001cc","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion"
"20190818030721.576","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001cc","lpValueName->ProgramFilesDir"
"20190818030721.576","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegOpenKeyExW","SUCCESS","0x000001cc","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume"
"20190818030721.576","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegOpenKeyExW","SUCCESS","0x000000b8","hKey->0x000001cc","lpSubKey->{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20190818030721.576","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000b8","lpValueName->Generation"
"20190818030721.586","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","MoveFileWithProgressW","SUCCESS","","lpExistingFileName->C:\cuckoo\dll\cmonitor.dll.exe","lpNewFileName->C:\cuckoo\dll\cmonitor.dll"
"20190818030721.586","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","CreateFileW","SUCCESS","0x000001bc","lpFileName->C:\cuckoo\dll\EyCRlo.dll","dwDesiredAccess->GENERIC_READ"
"20190818030721.586","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToRead->268"
"20190818030721.596","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","CreateFileW","SUCCESS","0x000001bc","lpFileName->C:\9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","dwDesiredAccess->GENERIC_READ"
"20190818030721.596","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","CreateFileW","SUCCESS","0x000000b8","lpFileName->C:\cuckoo\dll\EyCRlo.dll","dwDesiredAccess->GENERIC_READ"
"20190818030721.596","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","CreateFileW","SUCCESS","0x000001cc","lpFileName->C:\cuckoo\dll\EyCRlo.dll.exe","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20190818030721.596","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegCreateKeyExW","SUCCESS","0x000001e4","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders"
"20190818030721.596","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegQueryValueExW","FAILURE","","hKey->0x000001e4","lpValueName->CommonPictures"
"20190818030721.596","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","system","LoadLibraryA","SUCCESS","0x769c0000","lpFileName->USERENV.dll"
"20190818030721.596","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegOpenKeyExW","SUCCESS","0x000001e4","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows NT\CurrentVersion\ProfileList"
"20190818030721.596","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001e4","lpValueName->ProfilesDirectory"
"20190818030721.596","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegOpenKeyExW","SUCCESS","0x000001e4","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows NT\CurrentVersion\ProfileList"
"20190818030721.596","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001e4","lpValueName->AllUsersProfile"
"20190818030721.596","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegCreateKeyExW","SUCCESS","0x000001e4","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders"
"20190818030721.596","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegSetValueExW","SUCCESS","","hKey->0x000001e4","lpValueName->CommonPictures","dwType->1","lpData->C:\Documents and Settings\All Users\Documents\My Pictures","cbData->116"
"20190818030721.596","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegOpenKeyExW","SUCCESS","0x000001e4","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume"
"20190818030721.596","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegOpenKeyExW","SUCCESS","0x000001e8","hKey->0x000001e4","lpSubKey->{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20190818030721.596","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001e8","lpValueName->Generation"
"20190818030721.616","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegOpenKeyExA","SUCCESS","0x000001ea","hKey->HKEY_CLASSES_ROOT","lpSubKey->CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\InProcServer32"
"20190818030721.616","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001ea","lpValueName->(null)"
"20190818030721.616","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190818030721.616","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegOpenKeyExW","SUCCESS","0x000001e8","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190818030721.616","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegQueryValueExW","FAILURE","","hKey->0x000001e8","lpValueName->NoSharedDocuments"
"20190818030721.616","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","system","LoadLibraryA","SUCCESS","0x5b860000","lpFileName->netapi32"
"20190818030721.616","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","CreateFileW","SUCCESS","0x000001e4","lpFileName->\\.\PIPE\wkssvc","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20190818030721.616","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegCreateKeyExW","SUCCESS","0x000001e4","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders"
"20190818030721.616","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegQueryValueExW","FAILURE","","hKey->0x000001e4","lpValueName->CommonMusic"
"20190818030721.616","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegOpenKeyExW","SUCCESS","0x000001e4","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows NT\CurrentVersion\ProfileList"
"20190818030721.616","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001e4","lpValueName->ProfilesDirectory"
"20190818030721.616","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegOpenKeyExW","SUCCESS","0x000001e4","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows NT\CurrentVersion\ProfileList"
"20190818030721.616","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001e4","lpValueName->AllUsersProfile"
"20190818030721.616","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegCreateKeyExW","SUCCESS","0x000001e4","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders"
"20190818030721.616","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegSetValueExW","SUCCESS","","hKey->0x000001e4","lpValueName->CommonMusic","dwType->1","lpData->C:\Documents and Settings\All Users\Documents\My Music","cbData->110"
"20190818030721.616","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegOpenKeyExW","SUCCESS","0x000001e4","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume"
"20190818030721.616","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegOpenKeyExW","SUCCESS","0x000001e8","hKey->0x000001e4","lpSubKey->{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20190818030721.616","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001e8","lpValueName->Generation"
"20190818030721.616","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","memory","VirtualAllocEx","SUCCESS","0x00154000","th32ProcessID->2008","szExeFile->HelpMe.exe","lpAddress->0x00154000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20190818030721.616","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToRead->61440"
"20190818030721.616","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToWrite->61440"
"20190818030721.616","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToRead->61440"
"20190818030721.616","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToWrite->61440"
"20190818030721.616","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToRead->61440"
"20190818030721.616","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToWrite->61440"
"20190818030721.616","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToRead->61440"
"20190818030721.616","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToWrite->61440"
"20190818030721.616","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToRead->61440"
"20190818030721.616","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToWrite->61440"
"20190818030721.616","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToRead->61440"
"20190818030721.616","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToWrite->61440"
"20190818030721.616","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToRead->61440"
"20190818030721.616","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToWrite->61440"
"20190818030721.616","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToRead->61440"
"20190818030721.616","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToWrite->61440"
"20190818030721.616","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToRead->61440"
"20190818030721.616","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToWrite->61440"
"20190818030721.616","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToRead->61440"
"20190818030721.616","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToWrite->61440"
"20190818030721.616","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToRead->61440"
"20190818030721.616","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToWrite->61440"
"20190818030721.616","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToRead->61440"
"20190818030721.616","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToWrite->61440"
"20190818030721.616","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToRead->61440"
"20190818030721.616","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToWrite->61440"
"20190818030721.616","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToRead->32933"
"20190818030721.616","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToWrite->32933"
"20190818030721.616","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","memory","VirtualAllocEx","SUCCESS","0x00154000","th32ProcessID->2008","szExeFile->HelpMe.exe","lpAddress->0x00154000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20190818030721.616","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","ReadFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToRead->61440"
"20190818030721.616","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToWrite->61440"
"20190818030721.616","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","ReadFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToRead->61440"
"20190818030721.616","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToWrite->61440"
"20190818030721.616","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","ReadFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToRead->61440"
"20190818030721.616","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToWrite->61440"
"20190818030721.616","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","ReadFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToRead->12288"
"20190818030721.616","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToWrite->12288"
"20190818030721.616","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToWrite->268"
"20190818030721.616","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToWrite->268"
"20190818030721.616","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","DeleteFileW","FAILURE","","lpFileName->C:\cuckoo\dll\EyCRlo.dll"
"20190818030721.616","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","MoveFileWithProgressW","FAILURE","","lpExistingFileName->C:\cuckoo\dll\EyCRlo.dll.exe","lpNewFileName->C:\cuckoo\dll\EyCRlo.dll"
"20190818030721.616","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","CreateFileW","SUCCESS","0x000001cc","lpFileName->C:\cuckoo\dll\ZasFSt.dll","dwDesiredAccess->GENERIC_READ"
"20190818030721.616","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToRead->268"
"20190818030721.616","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","CreateFileW","SUCCESS","0x000001cc","lpFileName->C:\9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","dwDesiredAccess->GENERIC_READ"
"20190818030721.616","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","CreateFileW","SUCCESS","0x000000b8","lpFileName->C:\cuckoo\dll\ZasFSt.dll","dwDesiredAccess->GENERIC_READ"
"20190818030721.616","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","CreateFileW","SUCCESS","0x000001bc","lpFileName->C:\cuckoo\dll\ZasFSt.dll.exe","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20190818030721.626","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegCreateKeyExW","SUCCESS","0x000001e4","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders"
"20190818030721.626","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegQueryValueExW","FAILURE","","hKey->0x000001e4","lpValueName->CommonVideo"
"20190818030721.626","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegOpenKeyExW","SUCCESS","0x000001e4","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows NT\CurrentVersion\ProfileList"
"20190818030721.626","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001e4","lpValueName->ProfilesDirectory"
"20190818030721.626","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegOpenKeyExW","SUCCESS","0x000001e4","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows NT\CurrentVersion\ProfileList"
"20190818030721.626","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001e4","lpValueName->AllUsersProfile"
"20190818030721.626","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegCreateKeyExW","SUCCESS","0x000001e4","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders"
"20190818030721.626","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegSetValueExW","SUCCESS","","hKey->0x000001e4","lpValueName->CommonVideo","dwType->1","lpData->C:\Documents and Settings\All Users\Documents\My Videos","cbData->112"
"20190818030721.626","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegOpenKeyExW","SUCCESS","0x000001e4","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume"
"20190818030721.626","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegOpenKeyExW","SUCCESS","0x000001f0","hKey->0x000001e4","lpSubKey->{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20190818030721.626","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001f0","lpValueName->Generation"
"20190818030721.626","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","memory","VirtualAllocEx","SUCCESS","0x00154000","th32ProcessID->420","szExeFile->9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","lpAddress->0x00154000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20190818030721.626","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToRead->61440"
"20190818030721.626","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToWrite->61440"
"20190818030721.626","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToRead->61440"
"20190818030721.626","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToWrite->61440"
"20190818030721.626","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToRead->61440"
"20190818030721.626","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToWrite->61440"
"20190818030721.626","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToRead->61440"
"20190818030721.626","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToWrite->61440"
"20190818030721.626","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToRead->61440"
"20190818030721.626","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToWrite->61440"
"20190818030721.626","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToRead->61440"
"20190818030721.626","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToWrite->61440"
"20190818030721.626","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToRead->61440"
"20190818030721.626","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToWrite->61440"
"20190818030721.626","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToRead->61440"
"20190818030721.626","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToWrite->61440"
"20190818030721.626","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToRead->61440"
"20190818030721.626","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToWrite->61440"
"20190818030721.626","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToRead->61440"
"20190818030721.626","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToWrite->61440"
"20190818030721.626","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToRead->61440"
"20190818030721.626","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToWrite->61440"
"20190818030721.626","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToRead->61440"
"20190818030721.626","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToWrite->61440"
"20190818030721.626","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToRead->61440"
"20190818030721.626","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToWrite->61440"
"20190818030721.626","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToRead->32933"
"20190818030721.626","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToWrite->32933"
"20190818030721.626","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","memory","VirtualAllocEx","SUCCESS","0x00154000","th32ProcessID->2008","szExeFile->HelpMe.exe","lpAddress->0x00154000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20190818030721.626","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","ReadFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToRead->61440"
"20190818030721.626","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToWrite->61440"
"20190818030721.626","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","ReadFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToRead->61440"
"20190818030721.626","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToWrite->61440"
"20190818030721.626","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","ReadFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToRead->61440"
"20190818030721.626","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToWrite->61440"
"20190818030721.626","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","ReadFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToRead->12288"
"20190818030721.626","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToWrite->12288"
"20190818030721.626","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToWrite->268"
"20190818030721.626","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToWrite->268"
"20190818030721.626","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","DeleteFileW","FAILURE","","lpFileName->C:\cuckoo\dll\ZasFSt.dll"
"20190818030721.626","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","MoveFileWithProgressW","FAILURE","","lpExistingFileName->C:\cuckoo\dll\ZasFSt.dll.exe","lpNewFileName->C:\cuckoo\dll\ZasFSt.dll"
"20190818030721.626","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","CreateFileW","SUCCESS","0x000001bc","lpFileName->C:\cuckoo\files\.gitignore","dwDesiredAccess->GENERIC_READ"
"20190818030721.626","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToRead->268"
"20190818030721.626","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","CreateFileW","SUCCESS","0x000001bc","lpFileName->C:\9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","dwDesiredAccess->GENERIC_READ"
"20190818030721.626","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","CreateFileW","SUCCESS","0x000000b8","lpFileName->C:\cuckoo\files\.gitignore","dwDesiredAccess->GENERIC_READ"
"20190818030721.636","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","CreateFileW","SUCCESS","0x000001cc","lpFileName->C:\cuckoo\files\.gitignore.exe","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20190818030721.636","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","memory","VirtualAllocEx","SUCCESS","0x00154000","th32ProcessID->2008","szExeFile->HelpMe.exe","lpAddress->0x00154000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20190818030721.636","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToRead->61440"
"20190818030721.636","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToWrite->61440"
"20190818030721.636","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToRead->61440"
"20190818030721.636","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToWrite->61440"
"20190818030721.636","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToRead->61440"
"20190818030721.636","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToWrite->61440"
"20190818030721.636","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToRead->61440"
"20190818030721.636","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToWrite->61440"
"20190818030721.636","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToRead->61440"
"20190818030721.636","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToWrite->61440"
"20190818030721.636","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToRead->61440"
"20190818030721.636","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToWrite->61440"
"20190818030721.636","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToRead->61440"
"20190818030721.636","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToWrite->61440"
"20190818030721.636","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToRead->61440"
"20190818030721.636","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToWrite->61440"
"20190818030721.636","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToRead->61440"
"20190818030721.636","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToWrite->61440"
"20190818030721.636","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToRead->61440"
"20190818030721.636","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToWrite->61440"
"20190818030721.636","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToRead->61440"
"20190818030721.636","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToWrite->61440"
"20190818030721.636","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToRead->61440"
"20190818030721.636","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToWrite->61440"
"20190818030721.636","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToRead->61440"
"20190818030721.636","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToWrite->61440"
"20190818030721.636","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001bc","nNumberOfBytesToRead->32933"
"20190818030721.636","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToWrite->32933"
"20190818030721.636","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","ReadFile","SUCCESS","","hFile->0x000000b8","nNumberOfBytesToRead->71"
"20190818030721.636","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToWrite->71"
"20190818030721.636","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToWrite->268"
"20190818030721.636","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToWrite->268"
"20190818030721.636","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","DeleteFileW","SUCCESS","","lpFileName->C:\cuckoo\files\.gitignore"
"20190818030721.636","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001b8","nNumberOfBytesToWrite->719"
"20190818030721.636","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegOpenKeyExW","SUCCESS","0x000000ba","hKey->HKEY_CLASSES_ROOT","lpSubKey->Drive\shellex\FolderExtensions"
"20190818030721.636","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegOpenKeyExW","SUCCESS","0x000001be","hKey->HKEY_CLASSES_ROOT","lpSubKey->Drive\shellex\FolderExtensions\{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"20190818030721.636","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001be","lpValueName->DriveMask"
"20190818030721.636","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegOpenKeyExW","SUCCESS","0x000001ba","hKey->HKEY_CLASSES_ROOT","lpSubKey->Drive\shellex\FolderExtensions"
"20190818030721.636","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegOpenKeyExW","SUCCESS","0x000001be","hKey->HKEY_CLASSES_ROOT","lpSubKey->Drive\shellex\FolderExtensions\{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"20190818030721.636","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001be","lpValueName->DriveMask"
"20190818030721.676","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","MoveFileWithProgressW","SUCCESS","","lpExistingFileName->C:\cuckoo\files\.gitignore.exe","lpNewFileName->C:\cuckoo\files\.gitignore"
"20190818030721.676","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","CreateFileW","SUCCESS","0x000001cc","lpFileName->C:\cuckoo\logs\.gitignore","dwDesiredAccess->GENERIC_READ"
"20190818030721.676","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToRead->268"
"20190818030721.676","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","CreateFileW","SUCCESS","0x000001cc","lpFileName->C:\9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","dwDesiredAccess->GENERIC_READ"
"20190818030721.676","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","CreateFileW","SUCCESS","0x000000cc","lpFileName->C:\cuckoo\logs\.gitignore","dwDesiredAccess->GENERIC_READ"
"20190818030721.676","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","CreateFileW","SUCCESS","0x00000108","lpFileName->C:\cuckoo\logs\.gitignore.exe","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20190818030721.676","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","memory","VirtualAllocEx","SUCCESS","0x00154000","th32ProcessID->2008","szExeFile->HelpMe.exe","lpAddress->0x00154000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20190818030721.676","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToRead->61440"
"20190818030721.676","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000108","nNumberOfBytesToWrite->61440"
"20190818030721.676","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToRead->61440"
"20190818030721.676","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000108","nNumberOfBytesToWrite->61440"
"20190818030721.676","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToRead->61440"
"20190818030721.676","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000108","nNumberOfBytesToWrite->61440"
"20190818030721.676","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToRead->61440"
"20190818030721.676","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000108","nNumberOfBytesToWrite->61440"
"20190818030721.676","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToRead->61440"
"20190818030721.676","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000108","nNumberOfBytesToWrite->61440"
"20190818030721.676","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToRead->61440"
"20190818030721.676","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000108","nNumberOfBytesToWrite->61440"
"20190818030721.676","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToRead->61440"
"20190818030721.676","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000108","nNumberOfBytesToWrite->61440"
"20190818030721.676","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToRead->61440"
"20190818030721.676","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000108","nNumberOfBytesToWrite->61440"
"20190818030721.676","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToRead->61440"
"20190818030721.676","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000108","nNumberOfBytesToWrite->61440"
"20190818030721.676","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToRead->61440"
"20190818030721.676","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000108","nNumberOfBytesToWrite->61440"
"20190818030721.676","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToRead->61440"
"20190818030721.676","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000108","nNumberOfBytesToWrite->61440"
"20190818030721.676","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToRead->61440"
"20190818030721.676","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000108","nNumberOfBytesToWrite->61440"
"20190818030721.676","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToRead->61440"
"20190818030721.676","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000108","nNumberOfBytesToWrite->61440"
"20190818030721.676","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToRead->32933"
"20190818030721.676","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000108","nNumberOfBytesToWrite->32933"
"20190818030721.676","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","ReadFile","SUCCESS","","hFile->0x000000cc","nNumberOfBytesToRead->71"
"20190818030721.676","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000108","nNumberOfBytesToWrite->71"
"20190818030721.686","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000108","nNumberOfBytesToWrite->268"
"20190818030721.686","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000108","nNumberOfBytesToWrite->268"
"20190818030721.706","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","DeleteFileW","SUCCESS","","lpFileName->C:\cuckoo\logs\.gitignore"
"20190818030721.706","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","MoveFileWithProgressW","SUCCESS","","lpExistingFileName->C:\cuckoo\logs\.gitignore.exe","lpNewFileName->C:\cuckoo\logs\.gitignore"
"20190818030721.706","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","CreateFileW","SUCCESS","0x00000108","lpFileName->C:\cuckoo\logs\2008.csv","dwDesiredAccess->GENERIC_READ"
"20190818030721.706","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","ReadFile","SUCCESS","","hFile->0x00000108","nNumberOfBytesToRead->268"
"20190818030721.706","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","CreateFileW","SUCCESS","0x00000108","lpFileName->C:\9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","dwDesiredAccess->GENERIC_READ"
"20190818030721.706","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","CreateFileW","SUCCESS","0x000000cc","lpFileName->C:\cuckoo\logs\2008.csv","dwDesiredAccess->GENERIC_READ"
"20190818030721.706","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","CreateFileW","SUCCESS","0x000001cc","lpFileName->C:\cuckoo\logs\2008.csv.exe","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20190818030721.706","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","memory","VirtualAllocEx","SUCCESS","0x00154000","th32ProcessID->420","szExeFile->9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","lpAddress->0x00154000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20190818030721.716","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","ReadFile","SUCCESS","","hFile->0x00000108","nNumberOfBytesToRead->61440"
"20190818030721.716","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToWrite->61440"
"20190818030721.716","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","ReadFile","SUCCESS","","hFile->0x00000108","nNumberOfBytesToRead->61440"
"20190818030721.716","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToWrite->61440"
"20190818030721.716","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","ReadFile","SUCCESS","","hFile->0x00000108","nNumberOfBytesToRead->61440"
"20190818030721.716","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToWrite->61440"
"20190818030721.716","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","ReadFile","SUCCESS","","hFile->0x00000108","nNumberOfBytesToRead->61440"
"20190818030721.716","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToWrite->61440"
"20190818030721.716","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","ReadFile","SUCCESS","","hFile->0x00000108","nNumberOfBytesToRead->61440"
"20190818030721.716","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToWrite->61440"
"20190818030721.716","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","ReadFile","SUCCESS","","hFile->0x00000108","nNumberOfBytesToRead->61440"
"20190818030721.716","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToWrite->61440"
"20190818030721.716","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","ReadFile","SUCCESS","","hFile->0x00000108","nNumberOfBytesToRead->61440"
"20190818030721.716","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToWrite->61440"
"20190818030721.716","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","ReadFile","SUCCESS","","hFile->0x00000108","nNumberOfBytesToRead->61440"
"20190818030721.716","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToWrite->61440"
"20190818030721.716","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","ReadFile","SUCCESS","","hFile->0x00000108","nNumberOfBytesToRead->61440"
"20190818030721.716","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToWrite->61440"
"20190818030721.716","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","ReadFile","SUCCESS","","hFile->0x00000108","nNumberOfBytesToRead->61440"
"20190818030721.716","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToWrite->61440"
"20190818030721.716","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","ReadFile","SUCCESS","","hFile->0x00000108","nNumberOfBytesToRead->61440"
"20190818030721.716","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToWrite->61440"
"20190818030721.716","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","ReadFile","SUCCESS","","hFile->0x00000108","nNumberOfBytesToRead->61440"
"20190818030721.716","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToWrite->61440"
"20190818030721.716","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","ReadFile","SUCCESS","","hFile->0x00000108","nNumberOfBytesToRead->61440"
"20190818030721.716","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToWrite->61440"
"20190818030721.716","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","ReadFile","SUCCESS","","hFile->0x00000108","nNumberOfBytesToRead->32933"
"20190818030721.716","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToWrite->32933"
"20190818030721.716","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","memory","VirtualAllocEx","SUCCESS","0x00154000","th32ProcessID->2008","szExeFile->HelpMe.exe","lpAddress->0x00154000","dwSize->49152","flAllocationType->0x00001000","flProtect->0x00000004"
"20190818030721.716","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","ReadFile","SUCCESS","","hFile->0x000000cc","nNumberOfBytesToRead->44232"
"20190818030721.716","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToWrite->44232"
"20190818030721.716","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToWrite->268"
"20190818030721.716","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToWrite->268"
"20190818030721.716","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","DeleteFileW","FAILURE","","lpFileName->C:\cuckoo\logs\2008.csv"
"20190818030721.716","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","MoveFileWithProgressW","FAILURE","","lpExistingFileName->C:\cuckoo\logs\2008.csv.exe","lpNewFileName->C:\cuckoo\logs\2008.csv"
"20190818030721.716","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","CreateFileW","SUCCESS","0x000001cc","lpFileName->C:\cuckoo\logs\420.csv","dwDesiredAccess->GENERIC_READ"
"20190818030721.716","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToRead->268"
"20190818030721.716","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","CreateFileW","SUCCESS","0x000001cc","lpFileName->C:\9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","dwDesiredAccess->GENERIC_READ"
"20190818030721.716","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","CreateFileW","SUCCESS","0x000000cc","lpFileName->C:\cuckoo\logs\420.csv","dwDesiredAccess->GENERIC_READ"
"20190818030721.726","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","CreateFileW","SUCCESS","0x00000108","lpFileName->C:\cuckoo\logs\420.csv.exe","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20190818030721.726","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","memory","VirtualAllocEx","SUCCESS","0x00154000","th32ProcessID->2008","szExeFile->HelpMe.exe","lpAddress->0x00154000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20190818030721.726","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToRead->61440"
"20190818030721.726","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000108","nNumberOfBytesToWrite->61440"
"20190818030721.726","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToRead->61440"
"20190818030721.726","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000108","nNumberOfBytesToWrite->61440"
"20190818030721.726","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToRead->61440"
"20190818030721.726","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000108","nNumberOfBytesToWrite->61440"
"20190818030721.726","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToRead->61440"
"20190818030721.726","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000108","nNumberOfBytesToWrite->61440"
"20190818030721.726","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToRead->61440"
"20190818030721.726","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000108","nNumberOfBytesToWrite->61440"
"20190818030721.726","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToRead->61440"
"20190818030721.726","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000108","nNumberOfBytesToWrite->61440"
"20190818030721.726","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToRead->61440"
"20190818030721.726","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000108","nNumberOfBytesToWrite->61440"
"20190818030721.726","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToRead->61440"
"20190818030721.726","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000108","nNumberOfBytesToWrite->61440"
"20190818030721.726","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToRead->61440"
"20190818030721.726","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000108","nNumberOfBytesToWrite->61440"
"20190818030721.726","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToRead->61440"
"20190818030721.726","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000108","nNumberOfBytesToWrite->61440"
"20190818030721.726","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToRead->61440"
"20190818030721.726","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000108","nNumberOfBytesToWrite->61440"
"20190818030721.726","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToRead->61440"
"20190818030721.726","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000108","nNumberOfBytesToWrite->61440"
"20190818030721.726","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToRead->61440"
"20190818030721.726","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000108","nNumberOfBytesToWrite->61440"
"20190818030721.726","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToRead->32933"
"20190818030721.726","420","9904f3585fd6fd81d2421fb5ed3624cf03724f53cb14564ceb939b5fa05364b0","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000108","nNumberOfBytesToWrite->32933"
420.csv
[.ShellClassInfo]
CLSID={645FF040-5081-101B-9F08-00AA002F954E}
LocalizedResourceName=@%SystemRoot%\system32\shell32.dll,-8964
desktop.ini
<?xml version="1.0" encoding="utf-8"?>
<!--_SIG=eECz5pstceq8EnZX3AlEdAXu+009A1sWggCId1EW7z1NpxEopmeAq9UDm96ATVWU5uQ/QDdagpqLsZMUqjAqpFlrNWz3j3i0dJ/B4hAtPnz1z5t887zdZ+vhvITSyw05xs7Zu5mZIKPOXse3VJQdP2MyJ9OwVHn1w+xva/sSwiA=-->
<Package Id="EnterpriseWW" Type="MSI" Path="EnterpriseWW.MSI" Version="1.0" ProductCode="{90120000-0030-0000-0000-0000000FF1CE}" MSIVersion="12.0.4518.1014" Platform="x86" LocalizationTransform="ShellUI">
	<Feature Id="PPTPresentationTemplates" Cost="2061188">
		<OptionRef Id="PPTPresentationTemplates"/>
	</Feature>
	<Feature Id="OfficeOLESupport" Cost="0">
		<OptionRef Id="AlwaysInstalled"/>
	</Feature>
	<Feature Id="VisioPreviewerFiles" Cost="5607856">
		<OptionRef Id="VisioPreviewerFiles"/>
	</Feature>
	<Feature Id="ThemesAdditionalFiles" Cost="1337222">
		<OptionRef Id="ThemesAdditionalFiles"/>
	</Feature>
	<Feature Id="OneNoteToIEAddin" Cost="604000">
		<OptionRef Id="OneNoteToIEAddin"/>
	</Feature>
	<Feature Id="OutlookAuxDsp" Cost="78712">
		<OptionRef Id="OutlookAuxDsp"/>
	</Feature>
	<Feature Id="DocumentImagingUtils" Cost="7540180">
		<OptionRef Id="DocumentImagingUtils"/>
	</Feature>
	<Feature Id="WORDBibliographyFiles" Cost="3087993">
		<OptionRef Id="WordBibliographyFiles"/>
	</Feature>
	<Feature Id="PPTFiles" Cost="9503722">
		<OptionRef Id="PPTFiles"/>
	</Feature>
	<Feature Id="OfficeAppSupport" Cost="0">
		<OptionRef Id="AlwaysInstalled"/>
	</Feature>
	<Feature Id="ACCESSNonBootMiscFullFiles" Cost="4877688">
		<OptionRef Id="ACCESSFiles"/>
	</Feature>
	<Feature Id="DeveloperWizards" Cost="20574208">
		<OptionRef Id="DeveloperWizards"/>
	</Feature>
	<Feature Id="MsoInstalledPackagesScoped" Cost="0">
		<OptionRef Id="AlwaysInstalled"/>
	</Feature>
	<Feature Id="ProductFiles_B2TR" Cost="6761390">
		<OptionRef Id="ProductFiles"/>
	</Feature>
	<Feature Id="XDOCSEditorFiles" Cost="5872012">
		<OptionRef Id="XDOCSEditorFiles"/>
	</Feature>
	<Feature Id="OutlookDVOrg97Files" Cost="42816">
		<OptionRef Id="OutlookDVOrg97Files"/>
	</Feature>
	<Feature Id="WordConverter12Files" Cost="13216152">
		<OptionRef Id="WordConverter12Files"/>
	</Feature>
	<Feature Id="OfficeMSProof6" Cost="2240144">
		<OptionRef Id="ProductFiles"/>
	</Feature>
	<Feature Id="Access_PIA" Cost="18510662">
		<OptionRef Id="Access_PIA"/>
	</Feature>
	<Feature Id="MSTagPluginNamesFiles" Cost="222832">
		<OptionRef Id="MSTagPluginNamesFiles"/>
	</Feature>
	<Feature Id="AceRepl" Cost="877112">
		<OptionRef Id="AceRepl"/>
	</Feature>
	<Feature Id="CalendarControl" Cost="0">
		<OptionRef Id="CalendarControl"/>
	</Feature>
	<Feature Id="OutlookMAPIPST2" Cost="1484936">
		<OptionRef Id="OutlookMAPIPST2"/>
	</Feature>
	<Feature Id="HTMLSourceEditing" Cost="9426644">
		<OptionRef Id="HTMLSourceEditing"/>
	</Feature>
	<Feature Id="SmartTag_PIA" Cost="16337416">
		<OptionRef Id="SmartTag_PIA"/>
	</Feature>
	<Feature Id="TCDRegistration" Cost="0">
		<OptionRef Id="TCDRegistration"/>
	</Feature>
	<Feature Id="OutlookOms" Cost="853640">
		<OptionRef Id="OutlookOms"/>
	</Feature>
	<Feature Id="CAGCat10Clips" Cost="1813386">
		<OptionRef Id="CAGCat10Clips"/>
	</Feature>
	<Feature Id="OfficeIntlRDC" Cost="0">
		<OptionRef Id="AlwaysInstalled"/>
	</Feature>
	<Feature Id="PPTSoundFiles" Cost="407780">
		<OptionRef Id="PPTSoundFiles"/>
	</Feature>
	<Feature Id="WebDriveFiles" Cost="43894">
		<OptionRef Id="WebDriveFiles"/>
	</Feature>
	<Feature Id="Word_PIA" Cost="17613626">
		<OptionRef Id="Word_PIA"/>
	</Feature>
	<Feature Id="GrooveFiles" Cost="78608199">
		<OptionRef Id="GrooveFiles"/>
	</Feature>
	<Feature Id="dummy_MSCOMCTL_PIA" Cost="16533504">
		<OptionRef Id="dummy_MSCOMCTL_PIA"/>
	</Feature>
	<Feature Id="Excel_PIA" Cost="18109244">
		<OptionRef Id="Excel_PIA"/>
	</Feature>
	<Feature Id="DCubeHidden" Cost="1540368">
		<OptionRef Id="DCubeHidden"/>
	</Feature>
	<Feature Id="OISFiles" Cost="2157156">
		<OptionRef Id="OISFiles"/>
	</Feature>
	<Feature Id="OutlookDVAct3Files" Cost="66352">
		<OptionRef Id="OutlookDVAct3Files"/>
	</Feature>
	<Feature Id="OneNoteToOLAddin" Cost="687432">
		<OptionRef Id="OneNoteToOLAddin"/>
	</Feature>
	<Feature Id="ProofingParent" Cost="576320">
		<OptionRef Id="ProofingTools"/>
	</Feature>
	<Feature Id="SetupExeArpEntry" Cost="0">
		<OptionRef Id="AlwaysInstalled"/>
	</Feature>
	<Feature Id="OUTLOOKFiles" Cost="16511872">
		<OptionRef Id="OUTLOOKFiles"/>
	</Feature>
	<Feature Id="Gimme_OnDemandData" Cost="0">
		<OptionRef Id="Gimme_OnDemandData"/>
	</Feature>
	<Feature Id="LISTFiles" Cost="3753056">
		<OptionRef Id="LISTFiles"/>
	</Feature>
	<Feature Id="WORDSharedFiles" Cost="27660244">
		<OptionRef Id="WORDSharedFiles"/>
	</Feature>
	<Feature Id="CAGFiles" Cost="2449304">
		<OptionRef Id="CAGFiles"/>
	</Feature>
	<Feature Id="TextConverters" Cost="117552">
		<OptionRef Id="TextConverters"/>
	</Feature>
	<Feature Id="PubFontsBalanceSys" Cost="5361996">
		<OptionRef Id="PubFontsBalanceSys"/>
	</Feature>
	<Feature Id="PPTNonBootFiles" Cost="3290022">
		<OptionRef Id="PPTFiles"/>
	</Feature>
	<Feature Id="AccessWizards" Cost="18819689">
		<OptionRef Id="AccessWizards"/>
	</Feature>
	<Feature Id="OneNotePIA" Cost="16759490">
		<OptionRef Id="OneNotePIA"/>
	</Feature>
	<Feature Id="MSSOAP3" Cost="628856">
		<OptionRef Id="AlwaysInstalled"/>
	</Feature>
	<Feature Id="OneNoteHandwritingFonts" Cost="932804">
		<OptionRef Id="OneNoteHandwritingFonts"/>
	</Feature>
	<Feature Id="AceFiles" Cost="7388096">
		<OptionRef Id="AlwaysInstalled"/>
	</Feature>
	<Feature Id="SetupExeAddRegistry" Cost="0">
		<OptionRef Id="AlwaysInstalled"/>
	</Feature>
	<Feature Id="OutlookDVExtensionsFiles" Cost="429368">
		<OptionRef Id="OutlookDVExtensionsFiles"/>
	</Feature>
	<Feature Id="ACCESSNonBootFiles" Cost="9731283">
		<OptionRef Id="ACCESSFiles"/>
	</Feature>
	<Feature Id="SetupXmlFiles" Cost="44253">
		<OptionRef Id="AlwaysInstalled"/>
	</Feature>
	<Feature Id="GraphicsFiltersFile" Cost="0">
		<OptionRef Id="GraphicsFiltersFile"/>
	</Feature>
	<Feature Id="MSPPRTDRIVER" Cost="919744">
		<OptionRef Id="MSPPRTDRIVER"/>
	</Feature>
	<Feature Id="SetLanguageFiles" Cost="34104">
		<OptionRef Id="SetLanguageFiles"/>
	</Feature>
	<Feature Id="OutlookDefaults" Cost="0">
		<OptionRef Id="OUTLOOKFiles"/>
	</Feature>
	<Feature Id="GRAPHFiles" Cost="2527304">
		<OptionRef Id="GRAPHFiles"/>
	</Feature>
	<Feature Id="Ace_PIA" Cost="80696">
		<OptionRef Id="AlwaysInstalled"/>
	</Feature>
	<Feature Id="OneNoteMobileSyncDesktop" Cost="782720">
		<OptionRef Id="OneNoteMobileSyncDesktop"/>
	</Feature>
	<Feature Id="CAGCategoryFiles" Cost="0">
		<OptionRef Id="CAGCategoryFiles"/>
	</Feature>
	<Feature Id="OutlookDVCsvDosFiles" Cost="45192">
		<OptionRef Id="OutlookDVCsvDosFiles"/>
	</Feature>
	<Feature Id="CAGCat10" Cost="394200">
		<OptionRef Id="CAGCat10"/>
	</Feature>
	<Feature Id="ExcelAddinHTMLFiles" Cost="29011">
		<OptionRef Id="ExcelAddinHTMLFiles"/>
	</Feature>
	<Feature Id="OutlookDVPabFiles" Cost="46896">
		<OptionRef Id="OutlookDVPabFiles"/>
	</Feature>
	<Feature Id="CAGOffice10" Cost="492624">
		<OptionRef Id="CAGOffice10"/>
	</Feature>
	<Feature Id="OutlookMAPIEMS2" Cost="1524432">
		<OptionRef Id="OutlookMAPIEMS2"/>
	</Feature>
	<Feature Id="WORDDocumentTemplates" Cost="1936788">
		<OptionRef Id="WORDDocumentTemplates"/>
	</Feature>
	<Feature Id="QueryFiles" Cost="672024">
		<OptionRef Id="QueryFiles"/>
	</Feature>
	<Feature Id="MsoCommonShellHandler" Cost="932688">
		<OptionRef Id="ProductFiles"/>
	</Feature>
	<Feature Id="OfficePostBoot" Cost="0">
		<OptionRef Id="AlwaysInstalled"/>
	</Feature>
	<Feature Id="WebDebugging" Cost="1896448">
		<OptionRef Id="WebDebugging"/>
	</Feature>
	<Feature Id="InternationalSupportFiles_ArialUni" Cost="23275812">
		<OptionRef Id="InternationalSupportFiles_ArialUni"/>
	</Feature>
	<Feature Id="OUTLOOKNonBootFiles" Cost="1959061">
		<OptionRef Id="OUTLOOKFiles"/>
	</Feature>
	<Feature Id="WhiteRabbitHidden" Cost="433331">
		<OptionRef Id="WhiteRabbitHidden"/>
	</Feature>
	<Feature Id="AlwaysInstalled" Cost="959548">
		<OptionRef Id="AlwaysInstalled"/>
	</Feature>
	<Feature Id="TCWorks7Files" Cost="4672872">
		<OptionRef Id="TCWorks7Files"/>
	</Feature>
	<Feature Id="PowerPoint_PIA" Cost="17081182">
		<OptionRef Id="PowerPoint_PIA"/>
	</Feature>
	<Feature Id="dummy_Office_PIA" Cost="16810314">
		<OptionRef Id="dummy_Office_PIA"/>
	</Feature>
	<Feature Id="MSOfficeDocumentImaging" Cost="1959072">
		<OptionRef Id="MSOfficeDocumentImaging"/>
	</Feature>
	<Feature Id="OutlookMessaging" Cost="629552">
		<OptionRef Id="OutlookMessaging"/>
	</Feature>
	<Feature Id="PubWizards" Cost="38300504">
		<OptionRef Id="PubWizards"/>
	</Feature>
	<Feature Id="THEMESFiles" Cost="1168160">
		<OptionRef Id="THEMESFiles"/>
	</Feature>
	<Feature Id="MSTagPluginsFiles" Cost="256312">
		<OptionRef Id="MSTagPluginsFiles"/>
	</Feature>
	<Feature Id="OutlookMAPI2" Cost="3163528">
		<OptionRef Id="OutlookMAPI2"/>
	</Feature>
	<Feature Id="OutlookMAPICONTAB2" Cost="133936">
		<OptionRef Id="OutlookMAPICONTAB2"/>
	</Feature>
	<Feature Id="MetricConverter" Cost="1272798">
		<OptionRef Id="MetricConverter"/>
	</Feature>
	<Feature Id="RhdInspector" Cost="54680">
		<OptionRef Id="ProductFiles"/>
	</Feature>
	<Feature Id="PubComPrinting" Cost="16893">
		<OptionRef Id="PubComPrinting"/>
	</Feature>
	<Feature Id="XDOCSNonBootFiles" Cost="2324224">
		<OptionRef Id="XDOCSFiles"/>
	</Feature>
	<Feature Id="PubCoreClipArtFiles" Cost="27315644">
		<OptionRef Id="PubWizards"/>
	</Feature>
	<Feature Id="WORDNonBootFiles" Cost="8896225">
		<OptionRef Id="WORDFiles"/>
	</Feature>
	<Feature Id="OneNoteQuickNote" Cost="98632">
		<OptionRef Id="OneNoteFiles"/>
	</Feature>
	<Feature Id="PPTViewerFiles" Cost="2013284">
		<OptionRef Id="PPTViewerFiles"/>
	</Feature>
	<Feature Id="OneNoteNonBootFiles" Cost="4222624">
		<OptionRef Id="OneNoteFiles"/>
	</Feature>
	<Feature Id="Excel_WISPFiles" Cost="2165248">
		<OptionRef Id="EXCELFiles"/>
	</Feature>
	<Feature Id="OutlookAddIn_SPS" Cost="65312">
		<OptionRef Id="OutlookAddIn_SPS"/>
	</Feature>
	<Feature Id="EXCELNonBootFiles" Cost="36268134">
		<OptionRef Id="EXCELFiles"/>
	</Feature>
	<Feature Id="Publisher_PIA" Cost="17064788">
		<OptionRef Id="Publisher_PIA"/>
	</Feature>
	<Feature Id="Office10Fix1" Cost="0">
		<OptionRef Id="AlwaysInstalled"/>
	</Feature>
	<Feature Id="SetupControllerFiles" Cost="7300597">
		<OptionRef Id="AlwaysInstalled"/>
	</Feature>
	<Feature Id="ExcelConverter12Files" Cost="23249660">
		<OptionRef Id="AlwaysInstalled"/>
	</Feature>
	<Feature Id="Mso_Hlp95enDll" Cost="15680">
		<OptionRef Id="AlwaysInstalled"/>
	</Feature>
	<Feature Id="PubCoreFontFilesSys" Cost="10397348">
		<OptionRef Id="PubPrimary"/>
	</Feature>
	<Feature Id="ExcelAddInEuroToolFiles" Cost="328074">
		<OptionRef Id="ExcelAddInEuroToolFiles"/>
	</Feature>
	<Feature Id="PubWizardsTier2" Cost="17199474">
		<OptionRef Id="PubWizardsTier2"/>
	</Feature>
	<Feature Id="MSTagPluginBiblioDataFiles" Cost="227311">
		<OptionRef Id="MSTagPluginBiblioFiles"/>
	</Feature>
	<Feature Id="OneNoteFiles" Cost="20161138">
		<OptionRef Id="OneNoteFiles"/>
	</Feature>
	<Feature Id="CARegistryFeature" Cost="0">
		<OptionRef Id="ProductFiles"/>
	</Feature>
	<Feature Id="MsInfoFiles" Cost="180728">
		<OptionRef Id="MsInfoFiles"/>
	</Feature>
	<Feature Id="OfficeCoreRDC" Cost="0">
		<OptionRef Id="AlwaysInstalled"/>
	</Feature>
	<Feature Id="XDocs_PIA" Cost="18897627">
		<OptionRef Id="XDocs_PIA"/>
	</Feature>
	<Feature Id="EXCELFiles" Cost="18959983">
		<OptionRef Id="EXCELFiles"/>
	</Feature>
	<Feature Id="VSTAIDEFiles" Cost="71743040">
		<OptionRef Id="VSTAIDEFiles"/>
	</Feature>
	<Feature Id="PubPaperDirect" Cost="0">
		<OptionRef Id="PubPaperDirect"/>
	</Feature>
	<Feature Id="OutlookVBScript" Cost="58160">
		<OptionRef Id="OutlookVBScript"/>
	</Feature>
	<Feature Id="RefIEBarFiles" Cost="52372">
		<OptionRef Id="RefIEBarFiles"/>
	</Feature>
	<Feature Id="ACCESSFiles" Cost="15427422">
		<OptionRef Id="ACCESSFiles"/>
	</Feature>
	<Feature Id="IMNFiles" Cost="65824">
		<OptionRef Id="SHAREDFiles"/>
	</Feature>
	<Feature Id="WebDiscussFiles" Cost="1166875">
		<OptionRef Id="WebDiscussFiles"/>
	</Feature>
	<Feature Id="AceOdbc" Cost="0">
		<OptionRef Id="AlwaysInstalled"/>
	</Feature>
	<Feature Id="WebScripting" Cost="14904">
		<OptionRef Id="WebScripting"/>
	</Feature>
	<Feature Id="PubPrimary" Cost="11726955">
		<OptionRef Id="PubPrimary"/>
	</Feature>
	<Feature Id="ProductFiles" Cost="55521674">
		<OptionRef Id="ProductFiles"/>
	</Feature>
	<Feature Id="XDocsRegFormFiles" Cost="744808">
		<OptionRef Id="XDocsRegFormFiles"/>
	</Feature>
	<Feature Id="Word_WISPFiles" Cost="2165248">
		<OptionRef Id="WORDSharedFiles"/>
	</Feature>
	<Feature Id="DocServicesFiles" Cost="125600">
		<OptionRef Id="DocServicesFiles"/>
	</Feature>
	<Feature Id="ClviewFiles" Cost="381360">
		<OptionRef Id="AlwaysInstalled"/>
	</Feature>
	<Feature Id="OutlookMAPILDAP2" Cost="131712">
		<OptionRef Id="OutlookMAPILDAP2"/>
	</Feature>
	<Feature Id="VBAFiles" Cost="2796736">
		<OptionRef Id="VBAFiles"/>
	</Feature>
	<Feature Id="Outlook_PIA" Cost="17802108">
		<OptionRef Id="Outlook_PIA"/>
	</Feature>
	<Feature Id="ExcelAddinFiles" Cost="0">
		<OptionRef Id="ExcelAddinFiles"/>
	</Feature>
	<Feature Id="TranslationCore" Cost="211616">
		<OptionRef Id="TranslationCore"/>
	</Feature>
	<Feature Id="OSetupController" Cost="7256344">
		<OptionRef Id="AlwaysInstalled"/>
	</Feature>
	<Feature Id="Graph_PIA" Cost="592252">
		<OptionRef Id="Graph_PIA"/>
	</Feature>
	<Feature Id="ThemesTypicalFiles" Cost="3144439">
		<OptionRef Id="ThemesTypicalFiles"/>
	</Feature>
	<Feature Id="PubCoreWizardFiles" Cost="1768">
		<OptionRef Id="PubPrimary"/>
	</Feature>
	<Feature Id="PubWizardsTier3" Cost="1531636">
		<OptionRef Id="PubWizardsTier3"/>
	</Feature>
	<Feature Id="OArt_DocTheme" Cost="3107541">
		<OptionRef Id="OArt_DocTheme"/>
	</Feature>
	<Feature Id="Forms_PIA" Cost="371496">
		<OptionRef Id="Forms_PIA"/>
	</Feature>
	<Feature Id="OutlookDVDbaseFiles" Cost="48440">
		<OptionRef Id="OutlookDVDbaseFiles"/>
	</Feature>
	<Feature Id="OutlookDVCsvWinFiles" Cost="45200">
		<OptionRef Id="OutlookDVCsvWinFiles"/>
	</Feature>
	<Feature Id="OutlookImportExportFiles" Cost="181336">
		<OptionRef Id="OutlookImportExportFiles"/>
	</Feature>
	<Feature Id="XDocsProgrammabilityFiles" Cost="3801192">
		<OptionRef Id="XDocsProgrammabilityFiles"/>
	</Feature>
	<Feature Id="VSCommonPIAHidden" Cost="16381376">
		<OptionRef Id="VSCommonPIAHidden"/>
	</Feature>
	<Feature Id="WORDFiles" Cost="1402784">
		<OptionRef Id="WORDFiles"/>
	</Feature>
	<Feature Id="OfficeDigitalSFiles" Cost="503624">
		<OptionRef Id="OfficeDigitalSFiles"/>
	</Feature>
	<Feature Id="VisioPreviewerFileAssocFiles" Cost="0">
		<OptionRef Id="VisioPreviewerFiles"/>
	</Feature>
	<Feature Id="PubNonBootFiles" Cost="8888357">
		<OptionRef Id="PubPrimary"/>
	</Feature>
	<Feature Id="ProductNonBootFiles" Cost="33354252">
		<OptionRef Id="ProductFiles"/>
	</Feature>
	<Feature Id="WORDBordersFiles" Cost="532632">
		<OptionRef Id="WORDBordersFiles"/>
	</Feature>
	<Feature Id="WISPFiles" Cost="2165248">
		<OptionRef Id="WISPFiles"/>
	</Feature>
	<Feature Id="ACCESSSharepointISAM" Cost="208760">
		<OptionRef Id="ACCESSFiles"/>
	</Feature>
	<Feature Id="ACCESSMiscFullFiles" Cost="94016">
		<OptionRef Id="ACCESSFiles"/>
	</Feature>
	<Feature Id="WISPHidden" Cost="2165248">
		<OptionRef Id="WISPHidden"/>
	</Feature>
	<Feature Id="InternationalSupportFiles_JPN" Cost="165248">
		<OptionRef Id="InternationalSupportFiles_JPN"/>
	</Feature>
	<Feature Id="MSTagPluginBiblioFiles" Cost="82232">
		<OptionRef Id="MSTagPluginBiblioFiles"/>
	</Feature>
	<Feature Id="OsaNonBoot" Cost="102200">
		<OptionRef Id="OsaNonBoot"/>
	</Feature>
	<Feature Id="MSTagPluginDateFiles" Cost="72504">
		<OptionRef Id="MSTagPluginDateFiles"/>
	</Feature>
	<Feature Id="XDOCSFiles" Cost="13187600">
		<OptionRef Id="XDOCSFiles"/>
	</Feature>
	<Feature Id="CAGOffice10Clips" Cost="452220">
		<OptionRef Id="CAGOffice10Clips"/>
	</Feature>
	<Feature Id="PubComPrintingEnRGBCMYK" Cost="218103">
		<OptionRef Id="PubComPrintingEnRGBCMYK"/>
	</Feature>
	<Feature Id="OrgChartFiles" Cost="540008">
		<OptionRef Id="OrgChartFiles"/>
	</Feature>
</Package>
EnterpriseWW.xml