Sample details: 9110514af2a409bf477e0fcfd6088571 --

Hashes
MD5: 9110514af2a409bf477e0fcfd6088571
SHA1: 124bd7a10dad1f417935d4d564e8cac55c582e5e
SHA256: a1763a15d7c16828963b487f210274cfce47e5c38b78459f6305fb6060aeb009
SSDEEP: 12288:ZMMpXKb0hNGh1kG0HWnAuU866w0B2uJ2s4otqFCJrW9FqvSbqsHasgXhFHDAGtlU:ZMMpXS0hN0V0H6SGB2uJ2s4otqFCJrWV
Details
File Type: PE32
Yara Hits
YRP/ASPack_v212_additional | YRP/ASPack_v21_additional | YRP/ASProtect_V2X_DLL_Alexey_Solodovnikov | YRP/ASPack_v212 | YRP/yodas_Protector_v1033_dllocx_Ashkbiz_Danehkar_h | YRP/ASPack_v211d | YRP/ASProtect_V2X_DLL_Alexey_Solodovnikov_additional | YRP/ASPack_212withouth_Poly_Solodovnikov_Alexey | YRP/ASPack_v212_Alexey_Solodovnikov | YRP/Borland | YRP/ASPackv212AlexeySolodovnikov | YRP/ASProtectV2XDLLAlexeySolodovnikov | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/HasOverlay | YRP/domain | YRP/contentis_base64 | YRP/maldoc_OLE_file_magic_number | YRP/Dropper_Strings | YRP/anti_dbg | YRP/network_dropper | YRP/keylogger | YRP/spreading_file | YRP/win_mutex | YRP/win_registry | YRP/win_files_operation | YRP/win_hook | YRP/Big_Numbers3 | YRP/Str_Win32_Winsock2_Library | YRP/Str_Win32_Wininet_Library | YRP/Str_Win32_Internet_API | YRP/suspicious_packer_section | YRP/CAP_HookExKeylogger |
Strings
		This program must be run under Win32
.idata
.rdata
.reloc
.aspack
.adata
4O=?rNNN
dZO]ynT
;3=MKj4
1,ze9s
<eo1E*
.6>9bUA
bW3TV^
b)EVjT
y#>I~'
3Ts_#K_Qp
\&l;My$Y
dx%_g/5O
PIvE%d5Oa
3,H-T,
b|La#u
x`K7Krx
C{M5m(
M$L8fo
!gMEwn
bCW$y',
#e}"+e
8%A(	0&
qfZhZ:
=O rxKsE
MA&A(A*@
E-Z}@0
"LZY]\b
lU~<W\
%ZZ_b]\
uD\!Gy
KWs`VW
F	;*5iB
&NLk;(
^dRi!C$}?
=`A"}m
\+q2J5
""|;7H
b9c|[m\sG
=!{.|Fo7
	"=KxW
'U&B|~
KI^J`2K
nch;?"CF
Ys+4RC
g8cTST`
Pc3.Ln6'
ln'/+<
f$%$WR
fbIC.C-`
s=6xUP
s{"kt'
Es!W2O
yhN~/?
m;S)&C
5o`%gN
1Jl.ys
a 0y'N
AG# `<
F:,5tW
d3QZX-dF
zRXblY
6PD-<O
ywQ_;6
YI ~a^
smey:|
kELc%b
~-efhy
HGC;]l 
9w(>:l
Sk68R#
d="-8]
RP7%B5
_1mnP7
Rw/8pR<Q
xnLl }?
r4&gXAe#D
=!2d;)
pI$.>8n
1r{<<[
}yj#8z
M=B}@}
%y6D5T
c`;X=+
s[z;cb
OD5J})
bux/:>
93'hm@
{pVS<"Xia1
VBl=!Tr
U@`1z0
j`>$y%
PhrEGTb
Ow4}nR
';G]l+
Rv8SNEh
@O9;;HQk
kx+Tl(
%YTe(%
H-9jK+
6pM6._
RY,%?b
kG"C]m
BLMH^!q
4+1 .}
#Y#GV`
zbqC(;H}
.1QGkdj:
;c9@za
[@"zm(#)
D/>b]?
zv^983YcH7
M)ET]?
Qay2AY~
	q(vMLi
9Ygc3ihK
f7b[pP
xK~m|G
2%.X2&d
q9n:=leD
T'?"&IK
[#c+qk0
gNHvrX
X-V-W-X-Y-\-],
dq2h@Ws}Z
~xR@*8
vlZ}=6
<`c)={
U|:{,r:
3Sew$v
xo'VMTz<z
kflF]lU
 )MPSP
F54JN\
0Iv5'Z
}x3P/P
y!y)y1t
sL8Ay%
\+|aJ_j
O7jo7)
S%hw>f>
P*V*hT
1{vm@M
%7(N2x
\r!<LL
F$uH5E-
c`XoTy
H{&@}EM
4	*kf5
GU:.sz
z=AH8p>
g,j*,A
{"?gQ\
ao!Jk@
@(ZP+@
6 p+{d
P-yC%N
DLfb!>zn
54K	8)
\RFM)K$
,JI1sN
_e~g{%m0i
{/26#9
rA?ugix
yXsS@N]
qeO0#R
H6)FV zPw4
dxNlI+
PVgZ*8+u
A*X*e+*B/9
io~\'R
:15>1N
G1E%2Fj
fhe?NJ
yTPjeQ
S|+Q)R
8s86 cnB
h6DWDY3
/06lMSR7
ocCI\9
1G2 t?x
~)JE J
a&:R]Mq
73B}68
nb5.<6E
c/A+5y\8[B)
.89J+ITy
f/{6,;
FkmotG
)P(xR&
KFwc!/3
C4Mgjv
=19GQe
6yU#O#]_P
,-1[hN
-'Qt]Za
7t^3?9
\@OQ23
:la\63
xA}&	HG
K4%_bGf
mDF{ZI
HUet++
_w@Klx
Av}Yu:
VT}}2h*2L
" #+-R|
%a>Ou&
itO	n[3
}riO.H
ml=>*x
j=P+ubcJ
{oixJ]dA
B5^S3,
5}d8S_
#w0+($
>}q>1QZKcg=
389k.+`X
yV2ED4[
tGqALM
&F,u(A
!%RpQJP	
UcFV"1#
RT-T|}-v
%U"hsyA
6<l@CHg
 ^Z/mG
Y2/Zjz
^m\ vNdm
SmBPbn?
mGq#^FS
hn\d9n
".&6#H.
BSL3#H
y#F^t%}
EiI2=/
1fF@i\
,RoF~iC
R)=5#-
:.bISi
?w1@40
X#V;Q9k
6vvHqF
/czGZ=
.HQ	IU%
}sv^x^g
rFnHNo@
ME7'_	
d.Ir;@PNV
~\;JCtd
'RtlDw
E;7>lRN
QI=6j@
TSfi7v
ANG"l	
xhz"%qi
HeW.]s
	,GH9r
?}58bt]f
*^{sPr3
A	r12#
:b7O'>
!cSbk;
+/r`hA
[rV2.?7
SZXMW^
B)Y%Ud
6CTl:b
n&"#m}w
ttDf8U;5
?n!IjYq{
D}a2QE
gUU$N!
#4\KV]\F
n<?twAt
(|CP1*>)}
%S0F;v
xjT04n
_sPDsc:F
?/RZ;V
(%{h)[ 
v)_f:7hR
x#Dd H
?5$n`i
+Nc`wevh
D);?Df~
\)\)\)e
F~tI/<F
@5e	[DV
M5M5M5V<-Sg
AN4ax`
FoDi]	
8M;[	U
0i4zaR
7{"%6'
JiHQ)J"Q)J"Q
TRQ^:h|
Q$.;AB
tGOKQ*ef5
)PU4'g>
rm[Kz"U*
,-Kd|MQ
}z{&Zu /OP
yx`utx
 z{=3kfw
K6M1|z
6pMbf*
u`mFz"
n+bKw|"
x;$FQc[
qqd$@aE
Y2WmWv
VirtualAlloc
VirtualFree
kernel32.dll
ExitProcess
user32.dll
MessageBoxA
wsprintfA
LOADER ERROR
The procedure entry point %s could not be located in the dynamic link library %s
The ordinal %u could not be located in the dynamic link library %s
 (08@P`p
kernel32.dll
GetProcAddress
GetModuleHandleA
LoadLibraryA
user32.dll
advapi32.dll
oleaut32.dll
advapi32.dll
version.dll
gdi32.dll
user32.dll
oleaut32.dll
ole32.dll
oleaut32.dll
comctl32.dll
shell32.dll
advapi32.dll
GetKeyboardType
RegQueryValueExA
SysFreeString
RegSetValueExA
VerQueryValueA
UnrealizeObject
CreateWindowExA
SafeArrayPtrOfIndex
OleUninitialize
GetErrorInfo
ImageList_SetIconSize
SHGetSpecialFolderLocation
SetSecurityInfo
Click to edit Master title style
Click to edit Master text styles
Second level
Third level
Fourth level
Fifth level
Click to edit Master text styles
Second level
Third level
Fourth level
Fifth level
Times New Roman
"Arial
Apple LaserWriter II NTX
PSCRIPT
Apple LaserWriter II NTX
powerpnt.ppt
# NOTE: Derived from ../../lib/POSIX.pm.
# Changes made here will be lost when autosplit is run again.
# See AutoSplit.pm.
package POSIX;
#line 449 "../../lib/POSIX.pm (autosplit into ../../lib/auto/POSIX/ldiv.al)"
sub ldiv {
    unimpl "ldiv() is C-specific, use /, % and int instead";
# end of POSIX::ldiv
ldiv.al
"20181223105608.666","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","memory","VirtualAllocEx","SUCCESS","0x00150000","th32ProcessID->824","szExeFile->e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","lpAddress->0x00000000","dwSize->6144","flAllocationType->0x00001000","flProtect->0x00000004"
"20181223105608.666","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","memory","VirtualAllocEx","SUCCESS","0x00260000","th32ProcessID->824","szExeFile->e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","lpAddress->0x00000000","dwSize->377102","flAllocationType->0x00001000","flProtect->0x00000004"
"20181223105608.696","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","memory","VirtualAllocEx","SUCCESS","0x00160000","th32ProcessID->824","szExeFile->e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","lpAddress->0x00000000","dwSize->5390","flAllocationType->0x00001000","flProtect->0x00000004"
"20181223105608.706","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","memory","VirtualAllocEx","SUCCESS","0x00160000","th32ProcessID->824","szExeFile->e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","lpAddress->0x00000000","dwSize->9998","flAllocationType->0x00001000","flProtect->0x00000004"
"20181223105608.706","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","memory","VirtualAllocEx","SUCCESS","0x00160000","th32ProcessID->824","szExeFile->e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","lpAddress->0x00000000","dwSize->26674","flAllocationType->0x00001000","flProtect->0x00000004"
"20181223105608.736","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","registry","RegOpenKeyExA","FAILURE","","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Borland\Locales"
"20181223105608.736","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","registry","RegOpenKeyExA","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Borland\Locales"
"20181223105608.736","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","registry","RegOpenKeyExA","FAILURE","","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Borland\Delphi\Locales"
"20181223105608.736","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","memory","VirtualAllocEx","SUCCESS","0x00150000","th32ProcessID->824","szExeFile->e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","lpAddress->0x00000000","dwSize->1048576","flAllocationType->0x00002000","flProtect->0x00000001"
"20181223105608.736","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","memory","VirtualAllocEx","SUCCESS","0x00150000","th32ProcessID->824","szExeFile->e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","lpAddress->0x00150000","dwSize->16384","flAllocationType->0x00001000","flProtect->0x00000004"
"20181223105608.736","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","memory","VirtualAllocEx","SUCCESS","0x00250000","th32ProcessID->824","szExeFile->e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","lpAddress->0x00000000","dwSize->4096","flAllocationType->0x00001000","flProtect->0x00000040"
"20181223105608.746","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","device","DeviceIoControl","SUCCESS","","hDevice->0x00000034","dwIoControlCode->0x00390008","lpInBuffer->0x77e46318","nInBufferSize->0x00000100","lpOutBuffer->0x0012fc34","nOutBufferSize->0x00000100","lpBytesReturned->0x0012fc2c","lpOverlapped->0x00000000"
"20181223105608.746","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","device","DeviceIoControl","SUCCESS","","hDevice->0x00000034","dwIoControlCode->0x00390008","lpInBuffer->0x77e46318","nInBufferSize->0x00000100","lpOutBuffer->0x0012fc34","nOutBufferSize->0x00000100","lpBytesReturned->0x0012fc2c","lpOverlapped->0x00000000"
"20181223105608.746","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","device","DeviceIoControl","SUCCESS","","hDevice->0x00000034","dwIoControlCode->0x00390008","lpInBuffer->0x77e46318","nInBufferSize->0x00000100","lpOutBuffer->0x0012fc34","nOutBufferSize->0x00000100","lpBytesReturned->0x0012fc2c","lpOverlapped->0x00000000"
"20181223105608.746","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","device","DeviceIoControl","SUCCESS","","hDevice->0x00000034","dwIoControlCode->0x00390008","lpInBuffer->0x77e46318","nInBufferSize->0x00000100","lpOutBuffer->0x0012fc34","nOutBufferSize->0x00000100","lpBytesReturned->0x0012fc2c","lpOverlapped->0x00000000"
"20181223105608.746","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","device","DeviceIoControl","SUCCESS","","hDevice->0x00000034","dwIoControlCode->0x00390008","lpInBuffer->0x77e46318","nInBufferSize->0x00000100","lpOutBuffer->0x0012fc34","nOutBufferSize->0x00000100","lpBytesReturned->0x0012fc2c","lpOverlapped->0x00000000"
"20181223105608.746","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","device","DeviceIoControl","SUCCESS","","hDevice->0x00000034","dwIoControlCode->0x00390008","lpInBuffer->0x77e46318","nInBufferSize->0x00000100","lpOutBuffer->0x0012fc34","nOutBufferSize->0x00000100","lpBytesReturned->0x0012fc2c","lpOverlapped->0x00000000"
"20181223105608.746","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","device","DeviceIoControl","SUCCESS","","hDevice->0x00000034","dwIoControlCode->0x00390008","lpInBuffer->0x77e46318","nInBufferSize->0x00000100","lpOutBuffer->0x0012fc34","nOutBufferSize->0x00000100","lpBytesReturned->0x0012fc2c","lpOverlapped->0x00000000"
"20181223105608.776","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","filesystem","CreateFileW","SUCCESS","0x000000a0","lpFileName->C:\e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","dwDesiredAccess->GENERIC_READ"
"20181223105608.776","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","filesystem","ReadFile","SUCCESS","","hFile->0x000000a0","nNumberOfBytesToRead->268"
"20181223105608.776","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","filesystem","CreateFileW","SUCCESS","0x00000098","lpFileName->C:\WINDOWS\system32\HelpMe.exe","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20181223105608.776","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","memory","VirtualAllocEx","SUCCESS","0x00154000","th32ProcessID->824","szExeFile->e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","lpAddress->0x00154000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20181223105608.786","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","filesystem","ReadFile","SUCCESS","","hFile->0x000000a0","nNumberOfBytesToRead->61440"
"20181223105608.786","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","filesystem","WriteFile","SUCCESS","","hFile->0x00000098","nNumberOfBytesToWrite->61440"
"20181223105608.786","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","filesystem","ReadFile","SUCCESS","","hFile->0x000000a0","nNumberOfBytesToRead->61440"
"20181223105608.786","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","filesystem","WriteFile","SUCCESS","","hFile->0x00000098","nNumberOfBytesToWrite->61440"
"20181223105608.786","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","filesystem","ReadFile","SUCCESS","","hFile->0x000000a0","nNumberOfBytesToRead->61440"
"20181223105608.786","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","filesystem","WriteFile","SUCCESS","","hFile->0x00000098","nNumberOfBytesToWrite->61440"
"20181223105608.786","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","filesystem","ReadFile","SUCCESS","","hFile->0x000000a0","nNumberOfBytesToRead->14872"
"20181223105608.786","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","filesystem","WriteFile","SUCCESS","","hFile->0x00000098","nNumberOfBytesToWrite->14872"
"20181223105608.796","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","synchronization","OpenMutexW","SUCCESS","0x000000ac","dwDesiredAccess->0x00120001","lpName->ShimCacheMutex"
"20181223105608.796","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","registry","RegOpenKeyExW","SUCCESS","0x000000b8","hKey->0x000000bc","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders"
"20181223105608.796","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000b8","lpValueName->Cache"
"20181223105608.806","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","system","LoadLibraryA","SUCCESS","0x77dd0000","lpFileName->advapi32.dll"
"20181223105608.806","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","process","CreateProcessInternalW","SUCCESS","1884","lpApplicationName->(null)","lpCommandLine->C:\WINDOWS\system32\HelpMe.exe"
"20181223105608.806","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","process","WinExec","SUCCESS","","lpCmdLine->C:\WINDOWS\system32\HelpMe.exe"
"20181223105608.806","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","filesystem","ReadFile","SUCCESS","","hFile->0x000000a0","nNumberOfBytesToRead->268"
"20181223105608.806","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","memory","VirtualAllocEx","SUCCESS","0x00280000","th32ProcessID->1884","szExeFile->HelpMe.exe","lpAddress->0x00000000","dwSize->65536","flAllocationType->0x00002000","flProtect->0x00000004"
"20181223105608.806","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","memory","VirtualAllocEx","SUCCESS","0x00280000","th32ProcessID->824","szExeFile->e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","lpAddress->0x00280000","dwSize->257","flAllocationType->0x00001000","flProtect->0x00000004"
"20181223105608.806","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","registry","RegOpenKeyExW","SUCCESS","0x000000a4","hKey->0x000000c0","lpSubKey->Software\Microsoft\Windows\CurrentVersion\ThemeManager"
"20181223105608.806","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","registry","RegQueryValueExW","FAILURE","","hKey->0x000000a4","lpValueName->Compositing"
"20181223105608.816","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","registry","RegOpenKeyExW","SUCCESS","0x000000a4","hKey->0x000000c0","lpSubKey->Control Panel\Desktop"
"20181223105608.816","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","registry","RegQueryValueExW","FAILURE","","hKey->0x000000a4","lpValueName->LameButtonText"
"20181223105608.816","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","system","LoadLibraryA","SUCCESS","0x5ad70000","lpFileName->uxtheme.dll"
"20181223105613.783","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","process","CreateRemoteThread","SUCCESS","0x000000c0","lpStartAddress->0x00404008","th32ProcessID->1884","szExeFile->HelpMe.exe"
"20181223105613.783","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","process","CreateRemoteThread","SUCCESS","0x000000c4","lpStartAddress->0x00404008","th32ProcessID->1884","szExeFile->HelpMe.exe"
"20181223105613.783","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","registry","RegCreateKeyExW","SUCCESS","0x000000d0","hKey->HKEY_LOCAL_MACHINE","lpSubKey->SoftWare\Microsoft\Windows NT\CurrentVersion\Winlogon"
"20181223105613.783","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","registry","RegSetValueExA","SUCCESS","","hKey->0x000000d0","lpValueName->Shell","dwType->1","lpData->Explorer.exe  HelpMe.exe","cbData->25"
"20181223105613.783","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","registry","RegCreateKeyExW","SUCCESS","0x000000d4","hKey->HKEY_LOCAL_MACHINE","lpSubKey->SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL"
"20181223105613.783","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","registry","RegSetValueExA","SUCCESS","","hKey->0x000000d4","lpValueName->CheckedValue","dwType->4","lpData->0","cbData->4"
"20181223105613.783","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","registry","RegCreateKeyExW","SUCCESS","0x000000dc","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders"
"20181223105613.783","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000dc","lpValueName->Startup"
"20181223105613.783","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","registry","RegCreateKeyExW","SUCCESS","0x000000dc","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders"
"20181223105613.783","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","registry","RegSetValueExW","SUCCESS","","hKey->0x000000dc","lpValueName->Startup","dwType->1","lpData->C:\Documents and Settings\janettedoe\Start Menu\Programs\Startup","cbData->130"
"20181223105613.783","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","system","LoadLibraryA","SUCCESS","0x774e0000","lpFileName->ole32.dll"
"20181223105613.783","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20181223105613.783","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","registry","RegOpenKeyExW","SUCCESS","0x000000e0","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20181223105613.783","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","registry","RegQueryValueExW","FAILURE","","hKey->0x000000e0","lpValueName->NoNetHood"
"20181223105613.783","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20181223105613.783","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","registry","RegOpenKeyExW","SUCCESS","0x000000e0","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20181223105613.783","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","registry","RegQueryValueExW","FAILURE","","hKey->0x000000e0","lpValueName->NoPropertiesMyComputer"
"20181223105613.783","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20181223105613.783","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","registry","RegOpenKeyExW","SUCCESS","0x000000cc","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20181223105613.783","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","registry","RegQueryValueExW","FAILURE","","hKey->0x000000cc","lpValueName->NoInternetIcon"
"20181223105613.783","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","registry","RegOpenKeyExA","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Applications\e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f"
"20181223105613.783","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20181223105613.783","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","registry","RegOpenKeyExW","SUCCESS","0x000000cc","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20181223105613.783","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","registry","RegQueryValueExW","FAILURE","","hKey->0x000000cc","lpValueName->NoCommonGroups"
"20181223105613.783","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","registry","RegOpenKeyExA","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Objects\{20D04FE0-3AEA-1069-A2D8-08002B30309D}"
"20181223105613.783","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20181223105613.783","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","registry","RegOpenKeyExW","SUCCESS","0x000000cc","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20181223105613.783","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","registry","RegQueryValueExW","FAILURE","","hKey->0x000000cc","lpValueName->NoControlPanel"
"20181223105613.783","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20181223105613.783","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","registry","RegOpenKeyExW","SUCCESS","0x000000cc","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20181223105613.783","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","registry","RegQueryValueExW","FAILURE","","hKey->0x000000cc","lpValueName->NoSetFolders"
"20181223105613.783","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","registry","RegOpenKeyExA","SUCCESS","0x000000ce","hKey->HKEY_CLASSES_ROOT","lpSubKey->CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32"
"20181223105613.783","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000ce","lpValueName->(null)"
"20181223105613.783","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","registry","RegOpenKeyExW","SUCCESS","0x000000e4","hKey->HKEY_LOCAL_MACHINE","lpSubKey->System\Setup"
"20181223105613.783","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000e4","lpValueName->SystemSetupInProgress"
"20181223105613.783","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->SYSTEM\CurrentControlSet\Control\MiniNT"
"20181223105613.783","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","registry","RegOpenKeyExW","SUCCESS","0x000000e4","hKey->HKEY_LOCAL_MACHINE","lpSubKey->System\WPA\PnP"
"20181223105613.783","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000e4","lpValueName->seed"
"20181223105613.783","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","registry","RegOpenKeyExW","SUCCESS","0x000000e4","hKey->HKEY_LOCAL_MACHINE","lpSubKey->SYSTEM\Setup"
"20181223105613.783","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000e4","lpValueName->OsLoaderPath"
"20181223105613.783","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000e4","lpValueName->OsLoaderPath"
"20181223105613.783","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","registry","RegOpenKeyExW","SUCCESS","0x000000e4","hKey->HKEY_LOCAL_MACHINE","lpSubKey->SYSTEM\Setup"
"20181223105613.783","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000e4","lpValueName->SystemPartition"
"20181223105613.783","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000e4","lpValueName->SystemPartition"
"20181223105613.783","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","registry","RegOpenKeyExW","SUCCESS","0x000000e4","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Setup"
"20181223105613.783","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000e4","lpValueName->SourcePath"
"20181223105613.783","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000e4","lpValueName->SourcePath"
"20181223105613.783","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","registry","RegOpenKeyExW","SUCCESS","0x000000e4","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Setup"
"20181223105613.783","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000e4","lpValueName->ServicePackSourcePath"
"20181223105613.783","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000e4","lpValueName->ServicePackSourcePath"
"20181223105613.783","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","registry","RegOpenKeyExW","SUCCESS","0x000000e4","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Setup"
"20181223105613.783","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000e4","lpValueName->ServicePackCachePath"
"20181223105613.783","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000e4","lpValueName->ServicePackCachePath"
"20181223105613.783","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","registry","RegOpenKeyExW","SUCCESS","0x000000e4","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Setup"
"20181223105613.783","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000e4","lpValueName->DriverCachePath"
"20181223105613.783","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000e4","lpValueName->DriverCachePath"
"20181223105613.783","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","registry","RegOpenKeyExW","SUCCESS","0x000000e4","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion"
"20181223105613.783","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000e4","lpValueName->DevicePath"
"20181223105613.783","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","synchronization","CreateMutexW","SUCCESS","0x000000e0","lpName->(null)"
"20181223105613.783","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","synchronization","CreateMutexW","SUCCESS","0x000000ec","lpName->(null)"
"20181223105613.783","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","synchronization","CreateMutexW","SUCCESS","0x000000f4","lpName->(null)"
"20181223105613.783","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","registry","RegOpenKeyExW","SUCCESS","0x000000f8","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Setup"
"20181223105613.783","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000f8","lpValueName->LogLevel"
"20181223105613.783","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000f8","lpValueName->LogLevel"
"20181223105613.783","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","registry","RegQueryValueExW","FAILURE","","hKey->0x000000f8","lpValueName->LogPath"
"20181223105613.783","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","registry","RegOpenKeyExW","FAILURE","","hKey->0x000000f8","lpSubKey->AppLogLevels"
"20181223105613.783","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","system","LoadLibraryA","SUCCESS","0x77920000","lpFileName->SETUPAPI.dll"
"20181223105613.783","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Rpc\PagedBuffers"
"20181223105613.783","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","registry","RegOpenKeyExA","SUCCESS","0x000000f8","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Rpc"
"20181223105613.783","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f\RpcThreadPoolThrottle"
"20181223105613.783","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Policies\Microsoft\Windows NT\Rpc"
"20181223105613.783","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","system","LoadLibraryW","SUCCESS","0x77e70000","lpFileName->rpcrt4.dll"
"20181223105613.783","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","filesystem","CreateFileW","SUCCESS","0x0000011c","lpFileName->\\.\PIPE\lsarpc","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20181223105613.783","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","filesystem","CreateFileW","SUCCESS","0x00000124","lpFileName->C:\e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","dwDesiredAccess->GENERIC_READ"
"20181223105613.783","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","filesystem","WriteFile","SUCCESS","","hFile->0x00000128","nNumberOfBytesToWrite->65536"
"20181223105613.783","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","filesystem","WriteFile","SUCCESS","","hFile->0x00000128","nNumberOfBytesToWrite->65536"
"20181223105613.783","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","filesystem","WriteFile","SUCCESS","","hFile->0x00000128","nNumberOfBytesToWrite->65536"
"20181223105613.783","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","filesystem","WriteFile","SUCCESS","","hFile->0x00000128","nNumberOfBytesToWrite->3435"
"20181223105613.783","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","filesystem","CopyFileExW","SUCCESS","","lpExistingFileName->C:\e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","lpNewFileName->C:\AutoRun.exe"
"20181223105613.793","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","filesystem","CreateFileW","SUCCESS","0x00000128","lpFileName->C:\AUTOEXEC.BAT","dwDesiredAccess->GENERIC_READ"
"20181223105613.793","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","filesystem","ReadFile","SUCCESS","","hFile->0x00000128","nNumberOfBytesToRead->268"
"20181223105613.793","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","filesystem","CreateFileW","SUCCESS","0x00000128","lpFileName->C:\e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","dwDesiredAccess->GENERIC_READ"
"20181223105613.793","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","filesystem","CreateFileW","SUCCESS","0x00000124","lpFileName->C:\AUTOEXEC.BAT","dwDesiredAccess->GENERIC_READ"
"20181223105613.793","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","filesystem","CreateFileW","SUCCESS","0x0000012c","lpFileName->C:\AUTOEXEC.BAT.exe","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20181223105613.793","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","filesystem","CreateFileW","SUCCESS","0x00000118","lpFileName->\\.\PIPE\lsarpc","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20181223105613.793","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","memory","VirtualAllocEx","SUCCESS","0x00154000","th32ProcessID->1884","szExeFile->HelpMe.exe","lpAddress->0x00154000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20181223105613.793","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","filesystem","ReadFile","SUCCESS","","hFile->0x00000128","nNumberOfBytesToRead->61440"
"20181223105613.793","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","filesystem","WriteFile","SUCCESS","","hFile->0x0000012c","nNumberOfBytesToWrite->61440"
"20181223105613.793","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","filesystem","ReadFile","SUCCESS","","hFile->0x00000128","nNumberOfBytesToRead->61440"
"20181223105613.793","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","filesystem","WriteFile","SUCCESS","","hFile->0x0000012c","nNumberOfBytesToWrite->61440"
"20181223105613.793","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","filesystem","ReadFile","SUCCESS","","hFile->0x00000128","nNumberOfBytesToRead->61440"
"20181223105613.793","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","filesystem","WriteFile","SUCCESS","","hFile->0x0000012c","nNumberOfBytesToWrite->61440"
"20181223105613.793","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","filesystem","ReadFile","SUCCESS","","hFile->0x00000128","nNumberOfBytesToRead->15723"
"20181223105613.793","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","filesystem","WriteFile","SUCCESS","","hFile->0x0000012c","nNumberOfBytesToWrite->15723"
"20181223105613.793","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","filesystem","WriteFile","SUCCESS","","hFile->0x0000012c","nNumberOfBytesToWrite->268"
"20181223105613.793","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","filesystem","WriteFile","SUCCESS","","hFile->0x0000012c","nNumberOfBytesToWrite->268"
"20181223105613.803","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","filesystem","DeleteFileW","SUCCESS","","lpFileName->C:\AUTOEXEC.BAT"
"20181223105613.803","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","filesystem","MoveFileWithProgressW","SUCCESS","","lpExistingFileName->C:\AUTOEXEC.BAT.exe","lpNewFileName->C:\AUTOEXEC.BAT"
"20181223105613.803","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","filesystem","CreateFileW","SUCCESS","0x00000134","lpFileName->C:\AutoRun.exe","dwDesiredAccess->GENERIC_READ"
"20181223105613.803","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","filesystem","ReadFile","SUCCESS","","hFile->0x00000134","nNumberOfBytesToRead->268"
"20181223105613.803","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","filesystem","CreateFileW","SUCCESS","0x00000134","lpFileName->C:\AUTORUN.INF","dwDesiredAccess->GENERIC_READ"
"20181223105613.803","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","filesystem","ReadFile","SUCCESS","","hFile->0x00000134","nNumberOfBytesToRead->268"
"20181223105613.803","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","filesystem","CreateFileW","SUCCESS","0x00000134","lpFileName->C:\e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","dwDesiredAccess->GENERIC_READ"
"20181223105613.803","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","filesystem","CreateFileW","SUCCESS","0x0000012c","lpFileName->C:\AUTORUN.INF","dwDesiredAccess->GENERIC_READ"
"20181223105613.803","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","filesystem","CreateFileW","SUCCESS","0x00000124","lpFileName->C:\AUTORUN.INF.exe","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20181223105613.803","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","memory","VirtualAllocEx","SUCCESS","0x00154000","th32ProcessID->1884","szExeFile->HelpMe.exe","lpAddress->0x00154000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20181223105613.803","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","filesystem","ReadFile","SUCCESS","","hFile->0x00000134","nNumberOfBytesToRead->61440"
"20181223105613.803","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","filesystem","WriteFile","SUCCESS","","hFile->0x00000124","nNumberOfBytesToWrite->61440"
"20181223105613.803","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","filesystem","ReadFile","SUCCESS","","hFile->0x00000134","nNumberOfBytesToRead->61440"
"20181223105613.803","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","filesystem","WriteFile","SUCCESS","","hFile->0x00000124","nNumberOfBytesToWrite->61440"
"20181223105613.803","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","filesystem","ReadFile","SUCCESS","","hFile->0x00000134","nNumberOfBytesToRead->61440"
"20181223105613.803","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","filesystem","WriteFile","SUCCESS","","hFile->0x00000124","nNumberOfBytesToWrite->61440"
"20181223105613.803","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","filesystem","ReadFile","SUCCESS","","hFile->0x00000134","nNumberOfBytesToRead->15723"
"20181223105613.803","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","filesystem","WriteFile","SUCCESS","","hFile->0x00000124","nNumberOfBytesToWrite->15723"
"20181223105613.803","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","filesystem","ReadFile","SUCCESS","","hFile->0x0000012c","nNumberOfBytesToRead->145"
"20181223105613.803","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","filesystem","WriteFile","SUCCESS","","hFile->0x00000124","nNumberOfBytesToWrite->145"
"20181223105613.803","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","filesystem","WriteFile","SUCCESS","","hFile->0x00000124","nNumberOfBytesToWrite->268"
"20181223105613.803","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","filesystem","WriteFile","SUCCESS","","hFile->0x00000124","nNumberOfBytesToWrite->268"
"20181223105613.803","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","filesystem","DeleteFileW","FAILURE","","lpFileName->C:\AUTORUN.INF"
"20181223105613.803","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","filesystem","MoveFileWithProgressW","FAILURE","","lpExistingFileName->C:\AUTORUN.INF.exe","lpNewFileName->C:\AUTORUN.INF"
"20181223105613.803","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","device","DeviceIoControl","SUCCESS","","hDevice->0x00000124","dwIoControlCode->0x004d0008","lpInBuffer->0x00000000","nInBufferSize->0x00000000","lpOutBuffer->0x0120f37c","nOutBufferSize->0x00000208","lpBytesReturned->0x0120f374","lpOverlapped->0x00000000"
"20181223105613.803","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","filesystem","CreateFileW","SUCCESS","0x00000124","lpFileName->\\.\MountPointManager","dwDesiredAccess->ATTRIBUTES"
"20181223105613.803","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","device","DeviceIoControl","FAILURE","","hDevice->0x00000124","dwIoControlCode->0x006d0008","lpInBuffer->0x0049bca8","nInBufferSize->0x00000046","lpOutBuffer->0x0048d470","nOutBufferSize->0x00000020","lpBytesReturned->0x0120f374","lpOverlapped->0x00000000"
"20181223105613.803","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","device","DeviceIoControl","SUCCESS","","hDevice->0x00000124","dwIoControlCode->0x006d0008","lpInBuffer->0x0049bca8","nInBufferSize->0x00000046","lpOutBuffer->0x00486100","nOutBufferSize->0x000000ee","lpBytesReturned->0x0120f374","lpOverlapped->0x00000000"
"20181223105613.803","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","registry","RegOpenKeyExW","SUCCESS","0x00000124","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume"
"20181223105613.803","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","registry","RegOpenKeyExW","SUCCESS","0x0000012c","hKey->0x00000124","lpSubKey->{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20181223105613.803","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","registry","RegQueryValueExW","SUCCESS","","hKey->0x0000012c","lpValueName->Data"
"20181223105613.803","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","registry","RegOpenKeyExW","SUCCESS","0x0000012c","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume"
"20181223105613.803","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","registry","RegOpenKeyExW","SUCCESS","0x00000124","hKey->0x0000012c","lpSubKey->{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20181223105613.803","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000124","lpValueName->Generation"
"20181223105613.803","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","filesystem","CreateFileW","SUCCESS","0x00000124","lpFileName->\\.\MountPointManager","dwDesiredAccess->ATTRIBUTES"
"20181223105613.803","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","filesystem","CreateFileW","SUCCESS","0x0000012c","lpFileName->C:\boot.ini","dwDesiredAccess->GENERIC_READ"
"20181223105613.803","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","filesystem","ReadFile","SUCCESS","","hFile->0x0000012c","nNumberOfBytesToRead->268"
"20181223105613.803","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","filesystem","CreateFileW","SUCCESS","0x0000012c","lpFileName->C:\e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","dwDesiredAccess->GENERIC_READ"
"20181223105613.803","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","filesystem","CreateFileW","SUCCESS","0x00000134","lpFileName->C:\boot.ini","dwDesiredAccess->GENERIC_READ"
"20181223105613.803","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","device","DeviceIoControl","FAILURE","","hDevice->0x00000124","dwIoControlCode->0x006d0034","lpInBuffer->0x0049cbe0","nInBufferSize->0x00000208","lpOutBuffer->0x0049a5b8","nOutBufferSize->0x00000008","lpBytesReturned->0x0120f884","lpOverlapped->0x00000000"
"20181223105613.803","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","device","DeviceIoControl","SUCCESS","","hDevice->0x00000124","dwIoControlCode->0x006d0034","lpInBuffer->0x0049cbe0","nInBufferSize->0x00000208","lpOutBuffer->0x0049cdf0","nOutBufferSize->0x00000010","lpBytesReturned->0x0120f884","lpOverlapped->0x00000000"
"20181223105613.803","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","filesystem","CreateFileW","SUCCESS","0x00000124","lpFileName->\\.\MountPointManager","dwDesiredAccess->ATTRIBUTES"
"20181223105613.803","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","device","DeviceIoControl","FAILURE","","hDevice->0x00000124","dwIoControlCode->0x006d0034","lpInBuffer->0x0049cbe0","nInBufferSize->0x00000208","lpOutBuffer->0x0049a5b8","nOutBufferSize->0x00000008","lpBytesReturned->0x0120f884","lpOverlapped->0x00000000"
"20181223105613.803","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","filesystem","CreateFileW","SUCCESS","0x00000128","lpFileName->C:\boot.ini.exe","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20181223105613.803","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","device","DeviceIoControl","SUCCESS","","hDevice->0x00000124","dwIoControlCode->0x006d0034","lpInBuffer->0x0049cbe0","nInBufferSize->0x00000208","lpOutBuffer->0x0049ce08","nOutBufferSize->0x00000010","lpBytesReturned->0x0120f884","lpOverlapped->0x00000000"
"20181223105613.803","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","registry","RegCreateKeyExW","SUCCESS","0x00000124","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20181223105613.803","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","registry","RegSetValueExW","SUCCESS","","hKey->0x00000124","lpValueName->BaseClass","dwType->1","lpData->Drive","cbData->12"
"20181223105613.803","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","registry","RegOpenKeyExW","SUCCESS","0x00000124","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume"
"20181223105613.803","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","registry","RegOpenKeyExW","SUCCESS","0x00000140","hKey->0x00000124","lpSubKey->{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20181223105613.803","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000140","lpValueName->Generation"
"20181223105613.813","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","system","LoadLibraryA","SUCCESS","0x7c9c0000","lpFileName->SHELL32.dll"
"20181223105613.813","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","system","LoadLibraryA","SUCCESS","0x774e0000","lpFileName->ole32.dll"
"20181223105613.813","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","registry","RegOpenKeyExW","SUCCESS","0x00000142","hKey->HKEY_CLASSES_ROOT","lpSubKey->Directory"
"20181223105613.813","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","registry","RegOpenKeyExW","FAILURE","","hKey->0x00000142","lpSubKey->CurVer"
"20181223105613.813","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","registry","RegOpenKeyExW","SUCCESS","0x00000126","hKey->0x00000142","lpSubKey->(null)"
"20181223105613.813","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20181223105613.813","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","registry","RegOpenKeyExW","SUCCESS","0x00000140","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20181223105613.813","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","registry","RegQueryValueExW","FAILURE","","hKey->0x00000140","lpValueName->DontShowSuperHidden"
"20181223105613.813","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","registry","RegOpenKeyExW","SUCCESS","0x00000140","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer"
"20181223105613.813","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","registry","RegOpenKeyExW","SUCCESS","0x00000144","hKey->0x00000140","lpSubKey->(null)"
"20181223105613.813","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000144","lpValueName->ShellState"
"20181223105613.813","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000144","lpValueName->ShellState"
"20181223105613.813","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","memory","VirtualAllocEx","SUCCESS","0x00154000","th32ProcessID->1884","szExeFile->HelpMe.exe","lpAddress->0x00154000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20181223105613.813","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","filesystem","ReadFile","SUCCESS","","hFile->0x0000012c","nNumberOfBytesToRead->61440"
"20181223105613.813","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","filesystem","WriteFile","SUCCESS","","hFile->0x00000128","nNumberOfBytesToWrite->61440"
"20181223105613.813","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","filesystem","ReadFile","SUCCESS","","hFile->0x0000012c","nNumberOfBytesToRead->61440"
"20181223105613.813","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","filesystem","WriteFile","SUCCESS","","hFile->0x00000128","nNumberOfBytesToWrite->61440"
"20181223105613.813","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","filesystem","ReadFile","SUCCESS","","hFile->0x0000012c","nNumberOfBytesToRead->61440"
"20181223105613.813","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","filesystem","WriteFile","SUCCESS","","hFile->0x00000128","nNumberOfBytesToWrite->61440"
"20181223105613.813","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","filesystem","ReadFile","SUCCESS","","hFile->0x0000012c","nNumberOfBytesToRead->15723"
"20181223105613.813","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","filesystem","WriteFile","SUCCESS","","hFile->0x00000128","nNumberOfBytesToWrite->15723"
"20181223105613.813","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","filesystem","ReadFile","SUCCESS","","hFile->0x00000134","nNumberOfBytesToRead->211"
"20181223105613.813","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","filesystem","WriteFile","SUCCESS","","hFile->0x00000128","nNumberOfBytesToWrite->211"
"20181223105613.813","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","filesystem","WriteFile","SUCCESS","","hFile->0x00000128","nNumberOfBytesToWrite->268"
"20181223105613.813","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","filesystem","WriteFile","SUCCESS","","hFile->0x00000128","nNumberOfBytesToWrite->268"
"20181223105613.813","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20181223105613.813","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","registry","RegOpenKeyExW","SUCCESS","0x00000128","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20181223105613.813","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","registry","RegQueryValueExW","FAILURE","","hKey->0x00000128","lpValueName->ForceActiveDesktopOn"
"20181223105613.813","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20181223105613.813","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","registry","RegOpenKeyExW","SUCCESS","0x00000128","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20181223105613.813","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","registry","RegQueryValueExW","FAILURE","","hKey->0x00000128","lpValueName->NoActiveDesktop"
"20181223105613.813","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\System"
"20181223105613.813","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20181223105613.813","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","registry","RegOpenKeyExW","SUCCESS","0x00000128","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20181223105613.813","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","registry","RegQueryValueExW","FAILURE","","hKey->0x00000128","lpValueName->NoWebView"
"20181223105613.813","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20181223105613.813","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","registry","RegOpenKeyExW","SUCCESS","0x00000128","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20181223105613.813","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","registry","RegQueryValueExW","FAILURE","","hKey->0x00000128","lpValueName->ClassicShell"
"20181223105613.813","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20181223105613.813","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","registry","RegOpenKeyExW","SUCCESS","0x00000128","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20181223105613.813","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","registry","RegQueryValueExW","FAILURE","","hKey->0x00000128","lpValueName->SeparateProcess"
"20181223105613.813","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20181223105613.813","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","registry","RegOpenKeyExW","SUCCESS","0x00000128","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20181223105613.813","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","registry","RegQueryValueExW","FAILURE","","hKey->0x00000128","lpValueName->NoNetCrawling"
"20181223105613.813","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20181223105613.813","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","registry","RegOpenKeyExW","SUCCESS","0x00000128","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20181223105613.813","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","registry","RegQueryValueExW","FAILURE","","hKey->0x00000128","lpValueName->NoSimpleStartMenu"
"20181223105613.813","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","registry","RegOpenKeyExW","SUCCESS","0x00000128","hKey->0x00000140","lpSubKey->Advanced"
"20181223105613.813","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000128","lpValueName->Hidden"
"20181223105613.813","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000128","lpValueName->ShowCompColor"
"20181223105613.813","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000128","lpValueName->HideFileExt"
"20181223105613.813","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000128","lpValueName->DontPrettyPath"
"20181223105613.813","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000128","lpValueName->ShowInfoTip"
"20181223105613.813","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000128","lpValueName->HideIcons"
"20181223105613.813","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000128","lpValueName->MapNetDrvBtn"
"20181223105613.813","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000128","lpValueName->WebView"
"20181223105613.813","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000128","lpValueName->Filter"
"20181223105613.813","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000128","lpValueName->ShowSuperHidden"
"20181223105613.813","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000128","lpValueName->SeparateProcess"
"20181223105613.813","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000128","lpValueName->NoNetCrawling"
"20181223105613.813","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","registry","RegOpenKeyExW","FAILURE","","hKey->0x00000126","lpSubKey->ShellEx\IconHandler"
"20181223105613.813","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","registry","RegQueryValueExW","FAILURE","","hKey->0x00000126","lpValueName->DocObject"
"20181223105613.813","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","registry","RegQueryValueExW","FAILURE","","hKey->0x00000126","lpValueName->BrowseInPlace"
"20181223105613.813","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","registry","RegOpenKeyExW","FAILURE","","hKey->0x00000126","lpSubKey->Clsid"
"20181223105613.813","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","registry","RegOpenKeyExW","SUCCESS","0x00000136","hKey->HKEY_CLASSES_ROOT","lpSubKey->Folder"
"20181223105613.813","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","registry","RegOpenKeyExW","FAILURE","","hKey->0x00000136","lpSubKey->Clsid"
"20181223105613.813","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","registry","RegQueryValueExW","FAILURE","","hKey->0x00000126","lpValueName->IsShortcut"
"20181223105613.813","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000126","lpValueName->AlwaysShowExt"
"20181223105613.813","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","registry","RegQueryValueExW","FAILURE","","hKey->0x00000126","lpValueName->NeverShowExt"
"20181223105613.813","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20181223105613.813","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","registry","RegOpenKeyExW","SUCCESS","0x00000134","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20181223105613.813","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","registry","RegQueryValueExW","FAILURE","","hKey->0x00000134","lpValueName->UseDesktopIniCache"
"20181223105613.813","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","system","LoadLibraryA","SUCCESS","0x77120000","lpFileName->oleaut32.dll"
"20181223105613.813","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","registry","RegOpenKeyExW","SUCCESS","0x00000134","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\COM3"
"20181223105613.813","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000134","lpValueName->Com+Enabled"
"20181223105613.813","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\COM3\Debug"
"20181223105613.813","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\COM3\Debug"
"20181223105613.813","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","registry","RegOpenKeyExW","SUCCESS","0x00000134","hKey->HKEY_LOCAL_MACHINE","lpSubKey->SOFTWARE\Microsoft\OLE"
"20181223105613.813","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","registry","RegQueryValueExW","FAILURE","","hKey->0x00000134","lpValueName->MinimumFreeMemPercentageToCreateProcess"
"20181223105613.813","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","registry","RegQueryValueExW","FAILURE","","hKey->0x00000134","lpValueName->MinimumFreeMemPercentageToCreateObject"
"20181223105613.813","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","system","LoadLibraryA","SUCCESS","0x76fd0000","lpFileName->CLBCATQ.DLL"
"20181223105613.813","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","registry","RegOpenKeyExW","SUCCESS","0x00000134","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\COM3"
"20181223105613.813","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000134","lpValueName->Com+Enabled"
"20181223105613.813","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","system","LoadLibraryA","SUCCESS","0x76fd0000","lpFileName->CLBCATQ.DLL"
"20181223105613.813","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","registry","RegOpenKeyExW","SUCCESS","0x00000134","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Classes"
"20181223105613.813","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","registry","RegOpenKeyExW","SUCCESS","0x0000013c","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\COM3"
"20181223105613.813","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","registry","RegOpenKeyExW","SUCCESS","0x00000154","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Classes"
"20181223105613.813","824","e2844a865aee5c06b46d039fe80045a83c8705c9d9394aaaa7be91902ac9956f","1840","registry",[autorun]
open=AutoRun.exe
shell\1=Open
shell\1\Command=AutoRun.exe
shell\2\=Browser
shell\2\Command=AutoRun.exe
shellexecute=AutoRun.exe
AUTORUN.INF
!This program cannot be run in DOS mode.
`.rdata
@.data
@.reloc
D$ Pj@
;T$|sF
L$LQWS
u._^]3
u=_^][
T$0WSQUR
f	U4_^][
L$0WSRUQ
f	M4_^][
f	U4_^]
33333333333333
3333333
 !"#$%&'33()3333*333+33,-./0312
@Ww@t,
HHtXHHt
?If90t
uTVWhD
j@j ^V
< tK<	tG
v	N+D$
HHtYHHt
^SSSSS
URPQQh`
t"SS9] u
;t$,v-
UQPXY]Y[
PPPPPPPP
PPPPPPPP
PostTrampSize %d
YWORD 
DQWORD 
TBYTE 
QWORD 
DWORD 
 ;NOT TAKEN
 ;TAKEN
REPNZ 
UNDEFINED
CALL FAR
LOOPNZ
JMP FAR
SYSCALL
SYSRET
WBINVD
SYSENTER
SYSEXIT
GETSEC
CMOVNO
CMOVAE
CMOVNZ
CMOVBE
CMOVNS
CMOVNP
CMOVGE
CMOVLE
CMPXCHG
MOVNTI
INVLPG
VMCALL
VMLAUNCH
VMRESUME
VMXOFF
MONITOR
XGETBV
XSETBV
VMMCALL
VMLOAD
VMSAVE
SKINIT
INVLPGA
SWAPGS
RDTSCP
PREFETCH
PREFETCHW
PFNACC
PFPNACC
PFCMPGE
PFRSQRT
PFCMPGT
PFRCPIT1
PFRSQIT1
PFSUBR
PFCMPEQ
PFRCPIT2
PMULHRW
PSWAPD
PAVGUSB
MOVUPS
MOVUPD
VMOVSS
VMOVSD
VMOVUPS
VMOVUPD
MOVHLPS
MOVLPS
MOVLPD
MOVSLDUP
MOVDDUP
VMOVHLPS
VMOVLPS
VMOVLPD
VMOVSLDUP
VMOVDDUP
UNPCKLPS
UNPCKLPD
VUNPCKLPS
VUNPCKLPD
UNPCKHPS
UNPCKHPD
VUNPCKHPS
VUNPCKHPD
MOVLHPS
MOVHPS
MOVHPD
MOVSHDUP
VMOVLHPS
VMOVHPS
VMOVHPD
VMOVSHDUP
PREFETCHNTA
PREFETCHT0
PREFETCHT1
PREFETCHT2
MOVAPS
MOVAPD
VMOVAPS
VMOVAPD
CVTPI2PS
CVTPI2PD
CVTSI2SS
CVTSI2SD
VCVTSI2SS
VCVTSI2SD
MOVNTPS
MOVNTPD
MOVNTSS
MOVNTSD
VMOVNTPS
VMOVNTPD
CVTTPS2PI
CVTTPD2PI
CVTTSS2SI
CVTTSD2SI
VCVTTSS2SI
VCVTTSD2SI
CVTPS2PI
CVTPD2PI
CVTSS2SI
CVTSD2SI
VCVTSS2SI
VCVTSD2SI
UCOMISS
UCOMISD
VUCOMISS
VUCOMISD
COMISS
COMISD
VCOMISS
VCOMISD
PSHUFB
VPSHUFB
PHADDW
VPHADDW
PHADDD
VPHADDD
PHADDSW
VPHADDSW
PMADDUBSW
VPMADDUBSW
PHSUBW
VPHSUBW
PHSUBD
VPHSUBD
PHSUBSW
VPHSUBSW
PSIGNB
VPSIGNB
PSIGNW
VPSIGNW
PSIGND
VPSIGND
PMULHRSW
VPMULHRSW
VPERMILPS
VPERMILPD
VPTESTPS
VPTESTPD
PBLENDVB
BLENDVPS
BLENDVPD
VPTEST
VBROADCASTSS
VBROADCASTSD
VBROADCASTF128
VPABSB
VPABSW
VPABSD
PMOVSXBW
VPMOVSXBW
PMOVSXBD
VPMOVSXBD
PMOVSXBQ
VPMOVSXBQ
PMOVSXWD
VPMOVSXWD
PMOVSXWQ
VPMOVSXWQ
PMOVSXDQ
VPMOVSXDQ
PMULDQ
VPMULDQ
PCMPEQQ
VPCMPEQQ
MOVNTDQA
VMOVNTDQA
PACKUSDW
VPACKUSDW
VMASKMOVPS
VMASKMOVPD
PMOVZXBW
VPMOVZXBW
PMOVZXBD
VPMOVZXBD
PMOVZXBQ
VPMOVZXBQ
PMOVZXWD
VPMOVZXWD
PMOVZXWQ
VPMOVZXWQ
PMOVZXDQ
VPMOVZXDQ
PCMPGTQ
VPCMPGTQ
PMINSB
VPMINSB
PMINSD
VPMINSD
PMINUW
VPMINUW
PMINUD
VPMINUD
PMAXSB
VPMAXSB
PMAXSD
VPMAXSD
PMAXUW
VPMAXUW
PMAXUD
VPMAXUD
PMULLD
VPMULLD
PHMINPOSUW
VPHMINPOSUW
INVEPT
INVVPID
VFMADDSUB132PS
VFMADDSUB132PD
VFMSUBADD132PS
VFMSUBADD132PD
VFMADD132PS
VFMADD132PD
VFMADD132SS
VFMADD132SD
VFMSUB132PS
VFMSUB132PD
VFMSUB132SS
VFMSUB132SD
VFNMADD132PS
VFNMADD132PD
VFNMADD132SS
VFNMADD132SD
VFNMSUB132PS
VFNMSUB132PD
VFNMSUB132SS
VFNMSUB132SD
VFMADDSUB213PS
VFMADDSUB213PD
VFMSUBADD213PS
VFMSUBADD213PD
VFMADD213PS
VFMADD213PD
VFMADD213SS
VFMADD213SD
VFMSUB213PS
VFMSUB213PD
VFMSUB213SS
VFMSUB213SD
VFNMADD213PS
VFNMADD213PD
VFNMADD213SS
VFNMADD213SD
VFNMSUB213PS
VFNMSUB213PD
VFNMSUB213SS
VFNMSUB213SD
VFMADDSUB231PS
VFMADDSUB231PD
VFMSUBADD231PS
VFMSUBADD231PD
VFMADD231PS
VFMADD231PD
VFMADD231SS
VFMADD231SD
VFMSUB231PS
VFMSUB231PD
VFMSUB231SS
VFMSUB231SD
VFNMADD231PS
VFNMADD231PD
VFNMADD231SS
VFNMADD231SD
VFNMSUB231PS
VFNMSUB231PD
VFNMSUB231SS
VFNMSUB231SD
AESIMC
VAESIMC
AESENC
VAESENC
AESENCLAST
VAESENCLAST
AESDEC
VAESDEC
AESDECLAST
VAESDECLAST
VPERM2F128
ROUNDPS
VROUNDPS
ROUNDPD
VROUNDPD
ROUNDSS
VROUNDSS
ROUNDSD
VROUNDSD
BLENDPS
VBLENDPS
BLENDPD
VBLENDPD
PBLENDW
VPBLENDVW
PALIGNR
VPALIGNR
PEXTRB
VPEXTRB
PEXTRW
VPEXTRW
PEXTRD
PEXTRQ
VPEXTRD
EXTRACTPS
VEXTRACTPS
VINSERTF128
VEXTRACTF128
PINSRB
VPINSRB
INSERTPS
VINSERTPS
PINSRD
PINSRQ
VPINSRD
VPINSRQ
MPSADBW
VMPSADBW
PCLMULQDQ
VPCLMULQDQ
VBLENDVPS
VBLENDVPD
VPBLENDVB
PCMPESTRM
VPCMPESTRM
PCMPESTRI
VCMPESTRI
PCMPISTRM
VPCMPISTRM
PCMPISTRI
VPCMPISTRI
AESKEYGENASSIST
VAESKEYGENASSIST
MOVMSKPS
MOVMSKPD
VMOVMSKPS
VMOVMSKPD
SQRTPS
SQRTPD
SQRTSS
SQRTSD
VSQRTSS
VSQRTSD
VSQRTPS
VSQRTPD
RSQRTPS
RSQRTSS
VRSQRTSS
VRSQRTPS
VRCPSS
VRCPPS
VANDPS
VANDPD
ANDNPS
ANDNPD
VANDNPS
VANDNPD
VXORPS
VXORPD
VADDPS
VADDPD
VADDSS
VADDSD
VMULPS
VMULPD
VMULSS
VMULSD
CVTPS2PD
CVTPD2PS
CVTSS2SD
CVTSD2SS
VCVTSS2SD
VCVTSD2SS
VCVTPS2PD
VCVTPD2PS
CVTDQ2PS
CVTPS2DQ
CVTTPS2DQ
VCVTDQ2PS
VCVTPS2DQ
VCVTTPS2DQ
VSUBPS
VSUBPD
VSUBSS
VSUBSD
VMINPS
VMINPD
VMINSS
VMINSD
VDIVPS
VDIVPD
VDIVSS
VDIVSD
VMAXPS
VMAXPD
VMAXSS
VMAXSD
PUNPCKLBW
VPUNPCKLBW
PUNPCKLWD
VPUNPCKLWD
PUNPCKLDQ
VPUNPCKLDQ
PACKSSWB
VPACKSSWB
PCMPGTB
VPCMPGTB
PCMPGTW
VPCMPGTW
PCMPGTD
VPCMPGTD
PACKUSWB
VPACKUSWB
PUNPCKHBW
VPUNPCKHBW
PUNPCKHWD
VPUNPCKHWD
PUNPCKHDQ
VPUNPCKHDQ
PACKSSDW
VPACKSSDW
PUNPCKLQDQ
VPUNPCKLQDQ
PUNPCKHQDQ
VPUNPCKHQDQ
MOVDQA
MOVDQU
VMOVDQA
VMOVDQU
PSHUFW
PSHUFD
PSHUFHW
PSHUFLW
VPSHUFD
VPSHUFHW
VPSHUFLW
VPSRLW
VPSRAW
VPSLLW
VPSRLD
VPSRAD
VPSLLD
VPSRLQ
PSRLDQ
VPSRLDQ
VPSLLQ
PSLLDQ
VPSLLDQ
PCMPEQB
VPCMPEQB
PCMPEQW
VPCMPEQW
PCMPEQD
VPCMPEQD
VZEROUPPER
VZEROALL
VMREAD
INSERTQ
VMWRITE
HADDPD
HADDPS
VHADDPD
VHADDPS
HSUBPD
HSUBPS
VHSUBPD
VHSUBPS
FXSAVE
FXRSTOR
LFENCE
XRSTOR
MFENCE
SFENCE
CLFLUSH
LDMXCSR
VLDMXCSR
STMXCSR
VSTMXCSR
POPCNT
CMPEQPS
CMPLTPS
CMPLEPS
CMPUNORDPS
CMPNEQPS
CMPNLTPS
CMPNLEPS
CMPORDPS
CMPEQPD
CMPLTPD
CMPLEPD
CMPUNORDPD
CMPNEQPD
CMPNLTPD
CMPNLEPD
CMPORDPD
CMPEQSS
CMPLTSS
CMPLESS
CMPUNORDSS
CMPNEQSS
CMPNLTSS
CMPNLESS
CMPORDSS
CMPEQSD
CMPLTSD
CMPLESD
CMPUNORDSD
CMPNEQSD
CMPNLTSD
CMPNLESD
CMPORDSD
VCMPEQPS
VCMPLTPS
VCMPLEPS
VCMPUNORDPS
VCMPNEQPS
VCMPNLTPS
VCMPNLEPS
VCMPORDPS
VCMPEQPD
VCMPLTPD
VCMPLEPD
VCMPUNORDPD
VCMPNEQPD
VCMPNLTPD
VCMPNLEPD
VCMPORDPD
VCMPEQSS
VCMPLTSS
VCMPLESS
VCMPUNORDSS
VCMPNEQSS
VCMPNLTSS
VCMPNLESS
VCMPORDSS
VCMPEQSD
VCMPLTSD
VCMPLESD
VCMPUNORDSD
VCMPNEQSD
VCMPNLTSD
VCMPNLESD
VCMPORDSD
PINSRW
VPINSRW
SHUFPS
SHUFPD
VSHUFPS
VSHUFPD
CMPXCHG8B
CMPXCHG16B
VMPTRST
VMPTRLD
VMCLEAR
ADDSUBPD
ADDSUBPS
VADDSUBPD
VADDSUBPS
VPADDQ
PMULLW
VPMULLW
MOVQ2DQ
MOVDQ2Q
PMOVMSKB
VPMOVMSKB
PSUBUSB
VPSUBUSB
PSUBUSW
VPSUBUSW
PMINUB
VPMINUB
PADDUSB
VPADDUSW
PADDUSW
PMAXUB
VPMAXUB
VPANDN
VPAVGB
VPAVGW
PMULHUW
VPMULHUW
PMULHW
VPMULHW
CVTTPD2DQ
CVTDQ2PD
CVTPD2DQ
VCVTTPD2DQ
VCVTDQ2PD
VCVTPD2DQ
MOVNTQ
MOVNTDQ
VMOVNTDQ
PSUBSB
VPSUBSB
PSUBSW
VPSUBSW
PMINSW
VPMINSW
PADDSB
VPADDSB
PADDSW
VPADDSW
PMAXSW
VPMAXSW
VLDDQU
PMULUDQ
VPMULUDQ
PMADDWD
VPMADDWD
PSADBW
VPSADBW
MASKMOVQ
MASKMOVDQU
VMASKMOVDQU
VPSUBB
VPSUBW
VPSUBD
VPSUBQ
VPADDB
VPADDW
VPADDD
FLDENV
FLDL2T
FLDL2E
FLDLG2
FLDLN2
FPATAN
FXTRACT
FPREM1
FDECSTP
FINCSTP
FYL2XP1
FSINCOS
FRNDINT
FSCALE
FNSTENV
FSTENV
FNSTCW
FICOMP
FISUBR
FIDIVR
FCMOVB
FCMOVE
FCMOVBE
FCMOVU
FUCOMPP
FISTTP
FCMOVNB
FCMOVNE
FCMOVNBE
FCMOVNU
FEDISI
FSETPM
FUCOMI
FNCLEX
FNINIT
FRSTOR
FUCOMP
FNSAVE
FNSTSW
FCOMPP
FSUBRP
FDIVRP
FUCOMIP
FCOMIP
MOVSXD
bad allocation
(null)
`h````
xpxxxx
Unknown exception
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
CorExitProcess
HH:mm:ss
dddd, MMMM dd, yyyy
MM/dd/yy
December
November
October
September
August
February
January
Saturday
Friday
Thursday
Wednesday
Tuesday
Monday
Sunday
`h`hhh
xppwpp
 !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
 Complete Object Locator'
 Class Hierarchy Descriptor'
 Base Class Array'
 Base Class Descriptor at (
 Type Descriptor'
`local static thread guard'
`managed vector copy constructor iterator'
`vector vbase copy constructor iterator'
`vector copy constructor iterator'
`dynamic atexit destructor for '
`dynamic initializer for '
`eh vector vbase copy constructor iterator'
`eh vector copy constructor iterator'
`managed vector destructor iterator'
`managed vector constructor iterator'
`placement delete[] closure'
`placement delete closure'
`omni callsig'
 delete[]
 new[]
`local vftable constructor closure'
`local vftable'
`udt returning'
`copy constructor closure'
`eh vector vbase constructor iterator'
`eh vector destructor iterator'
`eh vector constructor iterator'
`virtual displacement map'
`vector vbase constructor iterator'
`vector destructor iterator'
`vector constructor iterator'
`scalar deleting destructor'
`default constructor closure'
`vector deleting destructor'
`vbase destructor'
`string'
`local static guard'
`typeof'
`vcall'
`vbtable'
`vftable'
operator
 delete
__unaligned
__restrict
__ptr64
__eabi
__clrcall
__fastcall
__thiscall
__stdcall
__pascal
__cdecl
__based(
GetProcessWindowStation
GetUserObjectInformationW
GetLastActivePopup
GetActiveWindow
MessageBoxW
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
"%s","%d","%s","%d","windows","FindWindowW","FAILURE","","lpClassName->%s","lpWindowName->%s"
"%s","%d","%s","%d","windows","FindWindowW","SUCCESS","0x%08x","lpClassName->%s","lpWindowName->%s"
"%s","%d","%s","%d","windows","FindWindowW","FAILURE","","lpClassName->%ws","lpWindowName->%ws"
FILE:%s
FILE:%ws
"%s","%d","%s","%d","windows","FindWindowW","SUCCESS","0x%08x","lpClassName->%ws","lpWindowName->%ws"
"%s","%d","%s","%d","synchronization","CreateMutexA","FAIL","","lpName->%s"
"%s","%d","%s","%d","synchronization","CreateMutexA","SUCCESS","0x%08x","lpName->%s"
"%s","%d","%s","%d","synchronization","CreateMutexW","FAIL","","lpName->%ws"
"%s","%d","%s","%d","synchronization","CreateMutexW","SUCCESS","0x%08x","lpName->%ws"
"%s","%d","%s","%d","synchronization","OpenMutexA","FAILURE","","dwDesiredAccess->%s","lpName->%s"
"%s","%d","%s","%d","synchronization","OpenMutexA","SUCCESS","0x%08x","dwDesiredAccess->%s","lpName->%s"
python.exe
"%s","%d","%s","%d","synchronization","OpenMutexW","FAILURE","","dwDesiredAccess->%s","lpName->%ws"
"%s","%d","%s","%d","synchronization","OpenMutexW","SUCCESS","0x%08x","dwDesiredAccess->%s","lpName->%ws"
FILE:%ws
"%s","%d","%s","%d","services","OpenSCManagerA","FAILURE","","lpMachineName->%s","lpDatabaseName->%s","dwDesiredAccess->%s"
"%s","%d","%s","%d","services","OpenSCManagerA","SUCCESS","0x%08x","lpMachineName->%s","lpDatabaseName->%s","dwDesiredAccess->%s"
"%s","%d","%s","%d","system","IsDebuggerPresent","",""
"%s","%d","%s","%d","services","OpenSCManagerW","FAILURE","","lpMachineName->%ws","lpDatabaseName->%ws","dwDesiredAccess->%s"
"%s","%d","%s","%d","services","OpenSCManagerW","SUCCESS","0x%08x","lpMachineName->%ws","lpDatabaseName->%ws","dwDesiredAccess->%s"
"%s","%d","%s","%d","services","CreateServiceA","FAILURE","","lpServiceName->%s","dwServiceType->%s","dwStartType->%s","lpBinaryPathName->%s"
"%s","%d","%s","%d","services","CreateServiceA","FAILURE","0x%08x","lpServiceName->%s","dwServiceType->%s","dwStartType->%s","lpBinaryPathName->%s"
"%s","%d","%s","%d","services","CreateServiceW","FAILURE","","lpServiceName->%ws","dwServiceType->%s","dwStartType->%s","lpBinaryPathName->%ws"
PID:%d
FILE:%s
FILE:%ws
"%s","%d","%s","%d","services","CreateServiceW","SUCCESS","0x%08x","lpServiceName->%ws","dwServiceType->%s","dwStartType->%s","lpBinaryPathName->%ws"
"%s","%d","%s","%d","services","OpenServiceW","FAILURE","","lpServiceName->%s","dwDesiredAccess->%s"
"%s","%d","%s","%d","services","OpenServiceW","SUCCESS","0x%08x","lpServiceName->%s","dwDesiredAccess->%s"
"%s","%d","%s","%d","services","OpenServiceW","FAILURE","","lpServiceName->%ws","dwDesiredAccess->%s"
"%s","%d","%s","%d","services","OpenServiceW","SUCCESS","0x%08x","lpServiceName->%ws","dwDesiredAccess->%s"
"%s","%d","%s","%d","services","StartServiceW","FAILURE","","hService->0x%08x","lpServiceArgVectors->%s"
FILE:%s
C:\cuckoo\
"%s","%d","%s","%d","services","StartServiceW","SUCCESS","","hService->0x%08x","lpServiceArgVectors->%s"
%sfiles\%s
"%s","%d","%s","%d","services","StartServiceW","FAILURE","","hService->0x%08x","lpServiceArgVectors->%ws"
C:\cuckoo\
"%s","%d","%s","%d","services","StartServiceW","SUCCESS","","hService->0x%08x","lpServiceArgVectors->%ws"
%sfiles\%s
"%s","%d","%s","%d","services","ControlService","FAILURE","","hService->0x%08x","dwControl->%s"
PID:%d
GetCurrentProcessId
"%s","%d","%s","%d","services","ControlService","SUCCESS","","hService->0x%08x","dwControl->%s"
PID:%d
Kernel32
"%s","%d","%s","%d","services","DeleteService","FAILURE","","hService->0x%08x"
PID:%d
%d%02d%02d%02d%02d%02d.%03d
"%s","%d","%s","%d","services","DeleteService","SUCCESS","","hService->0x%08x"
PID:%d
GENERIC_ALL
"%s","%d","%s","%d","registry","RegOpenKeyW","SUCCESS","0x%08x","hKey->%s","lpSubKey->%ws"
"%s","%d","%s","%d","registry","RegOpenKeyW","FAILURE","","hKey->%s","lpSubKey->%ws"
explorer.exe
"%s","%d","%s","%d","registry","RegOpenKeyA","SUCCESS","0x%08x","hKey->%s","lpSubKey->%s"
ATTRIBUTES
"%s","%d","%s","%d","registry","RegOpenKeyA","FAILURE","","hKey->%s","lpSubKey->%s"
explorer.exe
"%s","%d","%s","%d","registry","RegOpenKeyExA","SUCCESS","0x%08x","hKey->%s","lpSubKey->%s"
"%s","%d","%s","%d","registry","RegOpenKeyExA","FAILURE","","hKey->%s","lpSubKey->%s"
explorer.exe
"%s","%d","%s","%d","registry","RegOpenKeyExW","SUCCESS","0x%08x","hKey->%s","lpSubKey->%ws"
"%s","%d","%s","%d","registry","RegOpenKeyExW","FAILURE","","hKey->%s","lpSubKey->%ws"
explorer.exe
PID:%d
GENERIC_EXECUTE
HKEY_CLASSES_ROOT
"%s","%d","%s","%d","registry","RegCreateKeyW","SUCCESS","0x%08x","hKey->%s","lpSubKey->%s"
"%s","%d","%s","%d","registry","RegCreateKeyW","FAILURE","","hKey->%s","lpSubKey->%s"
explorer.exe
"%s","%d","%s","%d","registry","RegCreateKeyW","SUCCESS","0x%08x","hKey->%s","lpSubKey->%ws"
"%s","%d","%s","%d","registry","RegCreateKeyW","FAILURE","","hKey->%s","lpSubKey->%ws"
explorer.exe
GENERIC_WRITE
0x%08x
HKEY_CURRENT_CONFIG
"%s","%d","%s","%d","registry","RegCreateKeyExW","SUCCESS","0x%08x","hKey->%s","lpSubKey->%s"
"%s","%d","%s","%d","registry","RegCreateKeyExW","FAILURE","","hKey->%s","lpSubKey->%s"
explorer.exe
HKEY_CURRENT_USER
"%s","%d","%s","%d","registry","RegCreateKeyExW","SUCCESS","0x%08x","hKey->%s","lpSubKey->%ws"
HKEY_LOCAL_MACHINE
"%s","%d","%s","%d","registry","RegCreateKeyExW","FAILURE","","hKey->%s","lpSubKey->%ws"
explorer.exe
HKEY_USERS
"%s","%d","%s","%d","registry","RegDeleteKeyA","SUCCESS","","hKey->%s","lpSubKey->%s"
"%s","%d","%s","%d","registry","RegDeleteKeyA","FAILURE","","hKey->%s","lpSubKey->%s"
explorer.exe
"%s","%d","%s","%d","registry","RegDeleteKeyW","SUCCESS","","hKey->%s","lpSubKey->%ws"
0x%08x
"%s","%d","%s","%d","registry","RegDeleteKeyW","FAILURE","","hKey->%s","lpSubKey->%ws"
explorer.exe
"%s","%d","%s","%d","registry","RegEnumKeyExW","SUCCESS","%ws","hKey->%s","dwIndex->%d"
"%s","%d","%s","%d","registry","RegEnumKeyExW","FAILURE","","hKey->%s","dwIndex->%d"
explorer.exe
"%s","%d","%s","%d","registry","RegEnumValueW","SUCCESS","%ws","hKey->%s","dwIndex->%d"
SERVICE_ADAPTER
SERVICE_FILE_SYSTEM_DRIVER
"%s","%d","%s","%d","registry","RegEnumValueW","FAILURE","","hKey->%s","dwIndex->%d"
explorer.exe
"%s","%d","%s","%d","registry","RegSetValueExA","SUCCESS","","hKey->%s","lpValueName->%s","dwType->%d","lpData->%s","cbData->%d"
SERVICE_RECOGNIZER_DRIVER
"%s","%d","%s","%d","registry","RegSetValueExA","FAILURE","","hKey->%s","lpValueName->%s","dwType->%d","lpData->%s","cbData->%d"
explorer.exe
SERVICE_KERNEL_DRIVER
SERVICE_WIN32_OWN_PROCESS
"%s","%d","%s","%d","registry","RegSetValueExW","SUCCESS","","hKey->%s","lpValueName->%ws","dwType->%d","lpData->%ws","cbData->%d"
"%s","%d","%s","%d","registry","RegSetValueExW","FAILURE","","hKey->%s","lpValueName->%ws","dwType->%d","lpData->%ws","cbData->%d"
explorer.exe
"%s","%d","%s","%d","registry","RegQueryValueExW","SUCCESS","","hKey->%s","lpValueName->%ws"
"%s","%d","%s","%d","registry","RegQueryValueExW","FAILURE","","hKey->%s","lpValueName->%ws"
explorer.exe
"%s","%d","%s","%d","process","CreateProcessA","FAILURE","","lpApplicationName->%s","lpCommandLine->%s"
SERVICE_WIN32_SHARE_PROCESS
"%s","%d","%s","%d","process","CreateProcessA","SUCCESS","%d","lpApplicationName->%s","lpCommandLine->%s"
SERVICE_AUTO_START
"%s","%d","%s","%d","process","CreateProcessW","FAILURE","","lpApplicationName->%ws","lpCommandLine->%ws"
SERVICE_BOOT_START
"%s","%d","%s","%d","process","CreateProcessW","SUCCESS","%d","lpApplicationName->%ws","lpCommandLine->%ws"
"%s","%d","%s","%d","process","TerminateProcess","FAILURE","","uExitCode->%d","th32ProcessID->%d","szExeFile->%s"
SERVICE_DISABLED
"%s","%d","%s","%d","process","TerminateProcess","SUCCESS","","uExitCode->%d","th32ProcessID->%d","szExeFile->%s"
SC_MANAGER_CREATE_SERVICE
"%s","%d","%s","%d","process","ExitProcess","","","uExitCode->0x%08x"
"%s","%d","%s","%d","process","ShellExecuteExW","SUCCESS","","lpVerb->%s","lpFile->%s","lpParameters->%s","lpDirectory->%s","hProcess->0x%08x"
0x%08x
SC_MANAGER_CONNECT
"%s","%d","%s","%d","process","ShellExecuteExW","FAILURE","","lpVerb->%s","lpFile->%s","lpParameters->%s","lpDirectory->%s","hProcess->0x%08x"
0x%08x
SC_MANAGER_LOCK
SERVICE_ALL_ACCESS
"%s","%d","%s","%d","process","ShellExecuteExW","SUCCESS","","lpVerb->%ws","lpFile->%ws","lpParameters->%ws","lpDirectory->%ws","hProcess->0x%08x"
"%s","%d","%s","%d","process","ShellExecuteExW","FAILURE","","lpVerb->%ws","lpFile->%ws","lpParameters->%ws","lpDirectory->%ws","hProcess->0x%08x"
"%s","%d","%s","%d","process","CreateThread","FAILURE","","lpStartAddress->0x%08x"
"%s","%d","%s","%d","process","CreateThread","SUCCESS","0x%08x","lpStartAddress->0x%08x"
SERVICE_INTERROGATE
"%s","%d","%s","%d","process","CreateRemoteThread","FAILURE","","lpStartAddress->0x%08x","th32ProcessID->%d","szExeFile->%s"
"%s","%d","%s","%d","process","CreateRemoteThread","SUCCESS","0x%08x","lpStartAddress->0x%08x","th32ProcessID->%d","szExeFile->%s"
"%s","%d","%s","%d","process","WinExec","SUCCESS","","lpCmdLine->%s"
"%s","%d","%s","%d","process","WinExec","FAILURE","","lpCmdLine->%s"
"%s","%d","%s","%d","process","CreateProcessInternalA","FAILURE","","lpApplicationName->%s","lpCommandLine->%s"
SERVICE_PAUSE_CONTINUE
WRITE_DAC
"%s","%d","%s","%d","process","CreateProcessInternalA","SUCCESS","%d","lpApplicationName->%s","lpCommandLine->%s"
WRITE_OWNER
"%s","%d","%s","%d","process","CreateProcessInternalW","FAILURE","","lpApplicationName->%ws","lpCommandLine->%ws"
GENERIC_ALL
"%s","%d","%s","%d","process","CreateProcessInternalW","SUCCESS","%d","lpApplicationName->%ws","lpCommandLine->%ws"
"%s","%d","%s","%d","network","URLDownloadToFileA","SUCCESS","S_OK","szURL->%s","szFileName->%s"
GENERIC_EXECUTE
SERVICE_CONTROL_CONTINUE
"%s","%d","%s","%d","network","URLDownloadToFileA","FAILURE","E_OUTOFMEMORY","szURL->%s","szFileName->%s"
SERVICE_CONTROL_INTERROGATE
"%s","%d","%s","%d","network","URLDownloadToFileA","FAILURE","INET_E_DOWNLOAD_FAILURE","szURL->%s","szFileName->%s"
"%s","%d","%s","%d","network","URLDownloadToFileW","SUCCESS","S_OK","szURL->%ws","szFileName->%ws"
"%s","%d","%s","%d","network","URLDownloadToFileW","FAILURE","E_OUTOFMEMORY","szURL->%ws","szFileName->%ws"
"%s","%d","%s","%d","network","URLDownloadToFileW","FAILURE","INET_E_DOWNLOAD_FAILURE","szURL->%ws","szFileName->%ws"
"%s","%d","%s","%d","network","InternetOpenUrlW","FAILURE","","lpszUrl->%s","lpszHeaders->%s","dwFlags->%s"
"%s","%d","%s","%d","network","InternetOpenUrlW","SUCCESS","0x%08x","lpszUrl->%s","lpszHeaders->%s","dwFlags->%s"
SERVICE_CONTROL_NETBINDADD
"%s","%d","%s","%d","network","InternetOpenUrlW","FAILURE","","lpszUrl->%ws","lpszHeaders->%ws","dwFlags->%s"
"%s","%d","%s","%d","network","InternetOpenUrlW","SUCCESS","0x%08x","lpszUrl->%ws","lpszHeaders->%ws","dwFlags->%s"
"%s","%d","%s","%d","system","Sleep","","","dwMilliseconds->INFINITE"
"%s","%d","%s","%d","system","Sleep","","","dwMilliseconds->%d"
ACCESS_SYSTEM_SECURITY
SERVICE_CONTROL_PARAMCHANGE
"%s","%d","%s","%d","system","LoadLibraryA","FAILURE","","lpFileName->%s"
SYNCHRONIZE
"%s","%d","%s","%d","system","LoadLibraryA","SUCCESS","0x%08x","lpFileName->%s"
DELETE
WRITE_DAC
"%s","%d","%s","%d","system","LoadLibraryW","FAILURE","","lpFileName->%ws"
"%s","%d","%s","%d","system","LoadLibraryW","SUCCESS","0x%08x","lpFileName->%ws"
WRITE_OWNER
"%s","%d","%s","%d","system","ExitWindowsEx","","","uFlags->%s","dwReason->%s"
SC_MANAGER_ALL_ACCESS
0x%08x
EVENT_ALL_ACCESS
"%s","%d","%s","%d","memory","VirtualAllocEx","FAILURE","","th32ProcessID->%d","szExeFile->%s","lpAddress->0x%08x","dwSize->%d","flAllocationType->0x%08x","flProtect->0x%08x"
SC_MANAGER_MODIFY_BOOT_CONFIG
SERVICE_CONTROL_NETBINDDISABLE
EVENT_MODIFY_STATE
"%s","%d","%s","%d","memory","VirtualAllocEx","SUCCESS","0x%08x","th32ProcessID->%d","szExeFile->%s","lpAddress->0x%08x","dwSize->%d","flAllocationType->0x%08x","flProtect->0x%08x"
"%s","%d","%s","%d","memory","WriteProcessMemory","FAILURE","","lpBaseAddress->0x%08x","lpBuffer->0x%08x","nSize->%d","th32ProcessID->%d","szExeFile->%s"
MUTEX_ALL_ACCESS
"%s","%d","%s","%d","memory","WriteProcessMemory","SUCCESS","","lpBaseAddress->0x%08x","lpBuffer->0x%08x","nSize->%d","th32ProcessID->%d","szExeFile->%s"
MUTEX_MODIFY_STATE
"%s","%d","%s","%d","memory","ReadProcessMemory","FAILURE","","th32ProcessID->%d","szExeFile->%s","lpBaseAddress->0x%08x","nSize->%d"
"%s","%d","%s","%d","memory","ReadProcessMemory","SUCCESS","","th32ProcessID->%d","szExeFile->%s","lpBaseAddress->0x%08x","nSize->%d"
"%s","%d","%s","%d","hooking","SetWindowsHookExA","FAILURE","","idHook->%s","lpfn->0x%08x","hMod->0x%08x","dwThreadId->0x%08x"
SERVICE_CHANGE_CONFIG
0x%08x
TIMER_ALL_ACCESS
"%s","%d","%s","%d","hooking","SetWindowsHookExA","SUCCESS","0x%08x","idHook->%s","lpfn->0x%08x","hMod->0x%08x","dwThreadId->0x%08x"
"%s","%d","%s","%d","hooking","SetWindowsHookExW","FAILURE","","idHook->%s","lpfn->0x%08x","hMod->0x%08x","dwThreadId->0x%08x"
SERVICE_START
DELETE
TIMER_MODIFY_STATE
"%s","%d","%s","%d","hooking","SetWindowsHookExW","SUCCESS","0x%08x","idHook->%s","lpfn->0x%08x","hMod->0x%08x","dwThreadId->0x%08x"
"%s","%d","%s","%d","filesystem","CreateFileA","FAILURE","","lpFileName->%s","dwDesiredAccess->%s"
"%s","%d","%s","%d","filesystem","CreateFileA","SUCCESS","0x%08x","lpFileName->%s","dwDesiredAccess->%s"
TIMER_QUERY_STATE
"%s","%d","%s","%d","filesystem","CreateFileW","FAILURE","","lpFileName->%ws","dwDesiredAccess->%s"
"%s","%d","%s","%d","filesystem","CreateFileW","SUCCESS","0x%08x","lpFileName->%ws","dwDesiredAccess->%s"
INTERNET_FLAG_NO_COOKIES
"%s","%d","%s","%d","filesystem","ReadFile","SUCCESS","","hFile->0x%08x","nNumberOfBytesToRead->%d"
"%s","%d","%s","%d","filesystem","ReadFile","FAILURE","","hFile->0x%08x","nNumberOfBytesToRead->%d"
"%s","%d","%s","%d","filesystem","ReadFileEx","SUCCESS","","hFile->0x%08x","nNumberOfBytesToRead->%d"
"%s","%d","%s","%d","filesystem","ReadFileEx","FAILURE","","hFile->0x%08x","nNumberOfBytesToRead->%d"
"%s","%d","%s","%d","filesystem","WriteFile","SUCCESS","","hFile->0x%08x","nNumberOfBytesToWrite->%d"
"%s","%d","%s","%d","filesystem","WriteFile","FAILURE","","hFile->0x%08x","nNumberOfBytesToWrite->%d"
"%s","%d","%s","%d","filesystem","WriteFileEx","SUCCESS","","hFile->0x%08x","nNumberOfBytesToWrite->%d"
SEMAPHORE_MODIFY_STATE
INTERNET_FLAG_HYPERLINK
INTERNET_FLAG_NO_UI
"%s","%d","%s","%d","filesystem","WriteFileEx","FAILURE","","hFile->0x%08x","nNumberOfBytesToWrite->%d"
0x%08x
INTERNET_FLAG_NEED_FILE
INTERNET_FLAG_RESYNCHRONIZE
"%s","%d","%s","%d","filesystem","DeleteFileA","SUCCESS","","lpFileName->%s"
"%s","%d","%s","%d","filesystem","DeleteFileA","FAILURE","","lpFileName->%s"
"%s","%d","%s","%d","filesystem","DeleteFileW","SUCCESS","","lpFileName->%ws"
"%s","%d","%s","%d","filesystem","DeleteFileW","FAILURE","","lpFileName->%ws"
"%s","%d","%s","%d","filesystem","MoveFileExW","SUCCESS","","lpExistingFileName->%s","lpNewFileName->%s"
EWX_LOGOFF
"%s","%d","%s","%d","filesystem","MoveFileExW","FAILURE","","lpExistingFileName->%s","lpNewFileName->%s"
EWX_REBOOT
"%s","%d","%s","%d","filesystem","MoveFileExW","SUCCESS","","lpExistingFileName->%ws","lpNewFileName->%ws"
"%s","%d","%s","%d","filesystem","MoveFileExW","FAILURE","","lpExistingFileName->%ws","lpNewFileName->%ws"
"%s","%d","%s","%d","filesystem","MoveFileWithProgressA","SUCCESS","","lpExistingFileName->%s","lpNewFileName->%s"
"%s","%d","%s","%d","filesystem","MoveFileWithProgressA","FAILURE","","lpExistingFileName->%s","lpNewFileName->%s"
"%s","%d","%s","%d","filesystem","MoveFileWithProgressW","SUCCESS","","lpExistingFileName->%ws","lpNewFileName->%ws"
"%s","%d","%s","%d","filesystem","MoveFileWithProgressW","FAILURE","","lpExistingFileName->%ws","lpNewFileName->%ws"
"%s","%d","%s","%d","filesystem","CopyFileA","SUCCESS","","lpExistingFileName->%s","lpNewFileName->%s"
GENERIC_WRITE
INTERNET_FLAG_EXISTING_CONNECT
EWX_RESTARTAPPS
SHTDN_REASON_MAJOR_HARDWARE
"%s","%d","%s","%d","filesystem","CopyFileA","FAILURE","","lpExistingFileName->%s","lpNewFileName->%s"
SERVICE_CONTROL_NETBINDENABLE
INTERNET_FLAG_IGNORE_CERT_DATE_INVALID
SHTDN_REASON_MAJOR_OPERATINGSYSTEM
"%s","%d","%s","%d","filesystem","CopyFileW","SUCCESS","","lpExistingFileName->%ws","lpNewFileName->%ws"
SHTDN_REASON_MAJOR_OTHER
"%s","%d","%s","%d","filesystem","CopyFileW","FAILURE","","lpExistingFileName->%ws","lpNewFileName->%ws"
SHTDN_REASON_MAJOR_POWER
"%s","%d","%s","%d","filesystem","CopyFileExA","SUCCESS","","lpExistingFileName->%s","lpNewFileName->%s"
SHTDN_REASON_MAJOR_SOFTWARE
"%s","%d","%s","%d","filesystem","CopyFileExA","FAILURE","","lpExistingFileName->%s","lpNewFileName->%s"
SHTDN_REASON_MAJOR_SYSTEM
"%s","%d","%s","%d","filesystem","CopyFileExW","SUCCESS","","lpExistingFileName->%ws","lpNewFileName->%ws"
"%s","%d","%s","%d","filesystem","CopyFileExW","FAILURE","","lpExistingFileName->%ws","lpNewFileName->%ws"
"%s","%d","%s","%d","filesystem","ReplaceFileA","SUCCESS","","lpReplacedFileName->%s","lpReplacementFileName->%s"
WH_CALLWNDPROCRET
"%s","%d","%s","%d","filesystem","ReplaceFileA","FAILURE","","lpReplacedFileName->%s","lpReplacementFileName->%s"
WH_DEBUG
"%s","%d","%s","%d","filesystem","ReplaceFileW","SUCCESS","","lpReplacedFileName->%ws","lpReplacementFileName->%ws"
"%s","%d","%s","%d","filesystem","ReplaceFileW","FAILURE","","lpReplacedFileName->%ws","lpReplacementFileName->%ws"
"%s","%d","%s","%d","device","DeviceIoControl","FAILURE","","hDevice->0x%08x","dwIoControlCode->0x%08x","lpInBuffer->0x%08x","nInBufferSize->0x%08x","lpOutBuffer->0x%08x","nOutBufferSize->0x%08x","lpBytesReturned->0x%08x","lpOverlapped->0x%08x"
"%s","%d","%s","%d","device","DeviceIoControl","SUCCESS","","hDevice->0x%08x","dwIoControlCode->0x%08x","lpInBuffer->0x%08x","nInBufferSize->0x%08x","lpOutBuffer->0x%08x","nOutBufferSize->0x%08x","lpBytesReturned->0x%08x","lpOverlapped->0x%08x"
GENERIC_READ
GENERIC_READ | GENERIC_WRITE
SERVICE_DEMAND_START
SERVICE_SYSTEM_START
SC_MANAGER_ENUMERATE_SERVICE
SC_MANAGER_QUERY_LOCK_STATUS
SERVICE_ENUMERATE_DEPENDENTS
SERVICE_QUERY_CONFIG
SERVICE_QUERY_STATUS
SERVICE_STOP
SERVICE_USER_DEFINED_CONTROL
READ_CONTROL
GENERIC_READ
SERVICE_CONTROL_NETBINDREMOVE
SERVICE_CONTROL_PAUSE
SERVICE_CONTROL_STOP
READ_CONTROL
SEMAPHORE_ALL_ACCESS
INTERNET_FLAG_IGNORE_CERT_CN_INVALID
INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTP
INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTPS
INTERNET_FLAG_KEEP_CONNECTION
INTERNET_FLAG_NO_AUTH
INTERNET_FLAG_NO_AUTO_REDIRECT
INTERNET_FLAG_NO_CACHE_WRITE
INTERNET_FLAG_PASSIVE
INTERNET_FLAG_PRAGMA_NOCACHE
INTERNET_FLAG_RAW_DATA
INTERNET_FLAG_RELOAD
INTERNET_FLAG_SECURE
0x%08x
EWX_POWEROFF
EWX_SHUTDOWN
0x%08x
SHTDN_REASON_MAJOR_APPLICATION
SHTDN_REASON_MAJOR_LEGACY_API
0x%08x
WH_CALLWNDPROC
WH_CBT
WH_FOREGROUNDIDLE
WH_GETMESSAGE
WH_JOURNALPLAYBACK
WH_JOURNALRECORD
WH_KEYBOARD
WH_KEYBOARD_LL
WH_MOUSE
WH_MOUSE_LL
WH_MSGFILTER
WH_SHELL
WH_SYSMSGFILTER
kernel32.dll
CreateProcessInternalW
C:\cuckoo\
%slogs\%d.csv
RSDSHGjl
C:\Documents and Settings\emartinez\Escritorio\cmonitor\Release\cmonitor.pdb
ExitProcess
CreateMutexW
CopyFileExW
CreateRemoteThread
WriteFile
LoadLibraryW
ReadProcessMemory
TerminateProcess
ReplaceFileW
ReadFile
CreateFileW
OpenMutexW
GetProcAddress
ReadFileEx
VirtualAllocEx
LoadLibraryA
DeviceIoControl
IsDebuggerPresent
WinExec
WriteFileEx
DeleteFileW
GetCurrentProcessId
MoveFileWithProgressW
WriteProcessMemory
CreateThread
WideCharToMultiByte
GetSystemTime
GetCurrentProcess
Process32First
WaitForSingleObject
GetLastError
Process32Next
GetExitCodeThread
GetModuleHandleA
CreateToolhelp32Snapshot
DuplicateHandle
CloseHandle
MultiByteToWideChar
CreateFileA
SetFilePointer
WaitNamedPipeW
KERNEL32.dll
FindWindowA
SetWindowsHookExW
SetWindowsHookExA
ExitWindowsEx
FindWindowW
USER32.dll
CreateServiceW
OpenServiceA
DeleteService
OpenSCManagerW
OpenServiceW
RegSetValueExA
RegCreateKeyExW
CreateServiceA
RegQueryValueExW
RegDeleteKeyA
RegDeleteKeyW
StartServiceA
RegCreateKeyExA
RegOpenKeyExA
StartServiceW
OpenSCManagerA
RegEnumValueW
RegOpenKeyExW
ControlService
RegEnumKeyExW
RegSetValueExW
ADVAPI32.dll
ShellExecuteExW
ShellExecuteExA
SHELL32.dll
WS2_32.dll
InternetOpenUrlW
WININET.dll
URLDownloadToFileW
urlmon.dll
GetTickCount
VirtualProtect
OutputDebugStringA
HeapFree
GetCurrentThreadId
DecodePointer
GetCommandLineA
HeapReAlloc
UnhandledExceptionFilter
SetUnhandledExceptionFilter
EncodePointer
IsProcessorFeaturePresent
HeapAlloc
HeapCreate
HeapDestroy
RaiseException
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
GetModuleHandleW
SetLastError
InterlockedDecrement
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetConsoleCP
GetConsoleMode
EnterCriticalSection
LeaveCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapSize
GetModuleFileNameW
RtlUnwind
SetStdHandle
WriteConsoleW
LCMapStringW
GetStringTypeW
FlushFileBuffers
0123456789abcdef00
##%%&'%#&'&'
 !"#$%&'()*+,-./0123456789
 !"#$%&'()*+,-./
 !"#$%&'()*+,-./012345678
 !"#$%&'()*+
,-./0123456789:;
 !"#$%&'(
$%&'()*+,-./0123
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGXZ
!"#$%&'()*+,-.
/0123456789
<=>?@ABCDE
FGHIJKLMNO
PQRSTUVWXY
 !"#$%&'()
-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdef
ghijklmnopqrstuvwxyz{|}~
 !"#$%&
'()*+,-
./01234
56789:;
<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`
abcdefghijklmnopqrstuvwxyz{|}~
.?AVbad_alloc@std@@
.?AVexception@std@@
.?AVtype_info@@
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
    <security>
      <requestedPrivileges>
        <requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel>
      </requestedPrivileges>
    </security>
  </trustInfo>
</assembly>PAPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPAD
31Z1c1w3
6.6?6P6a6r6
9$:E:T:
<(=D=\=`=d=h=l=
:D;H;L;P;T;X;\;`;
3.4Q4X4@5
3`3d3h3l3p3t3x3|3
4 4$4(4,4044484<4@4D4H4L4P4T4X4\4`4d4h4l4p4t4x4|4
41585P5T5X5
70:4:8:<:@:D:H:L:P:T:X:\:`:
=%=j>t>
242;2C2H2L2P2y2
2*3034383<3
3'4Y4`4d4h4l4p4t4x4|4
7M7S7X7`7p7z7
7;8s8x8
9L9R9X9m9
9&:S:#;);5;l;
<Y=a=v=
>K?Z?u?
>!>g>m>w>o?{?
0o1t1}1
122a2g2v2
2/3;3B3N3T3`3f3o3u3~3
444t4z4
576G6M6Y6_6o6u6{6
7!7&7,70767;7A7F7U7k7q7y7~7
838<8H8
:3:>:X:c:k:{:
;#<h<o<
>(>M>X>g>
2"2'2H2M2q2
6*6S6[6
020D0J0d0s0
1$1.1T1
5)535F5j5
858N8j8s8y8
<C<I<O<_<j<~=
:B;b;g;
<[<s<}<
>1>?>E>h>o>
0?0E0M0
0_1h1n1
455H5`5
7!8L8m8v8
2*2<2N2`2r2
3 3'3.363>3F3R3[3`3f3p3y3
4&4+4<4D4J4T4Z4d4j4t4}4
7U8o8x8
020T0a0x0
2:2Z2z2
3:3Z3z3
5!5J5j5
606S6v6
6"7E7h7
878W8w8
9&9I9l9
:2:O:l:
;*;J;g;
<-<M<m<
=3=S=s=
?(?C?j?
*0J0j0
202P2k2
3#3@3[3
5(5/5=5D5R5Y5g5n5|5
6$6+696@6N6U6c6j6x6
7 7'757<7J7Q7_7f7t7{7
8#81888F8M8[8b8p8w8
8%9+999C9K9Q9X9f9l9s9
:#:):0:>:D:K:Y:_:f:t:z:
;#;1;7;>;L;R;Y;g;m;t;
<!<'<.<<<B<I<W<]<d<r<x<
=!=/=5=<=J=P=W=e=k=r=
>">(>/>=>C>J>X>^>e>s>y>
>(?.?3?[?m?
0%0+050L0
1%1+151L1
2&2J2P2V2`2w2
3&3,313;3\3b3g3q3
4#4)434P4V4[4e4{4
5A5G5L5V5w5}5
5%6I6O6U6_6
6%7I7O7U7_7
778q8w8|8
:H;N;T;^;
<8=>=D=N={=
0 0*0S0Y0^0h0~0#1]1c1h1r1
4$4.4O4U4Z4d4z4
4#5]5c5i5s5
8%8+858V8\8b8l8
;$;*;0;:;P;U;g;
<N<T<Z<d<
=%>+>1>;>Q>V>h>$?
0^1d1i1s1
1A2b2h2n2x2
4%424L4r4
4-5l5r5x5
93999>9K9d9
:P:V:\:f:
:M;r;x;};
<L<-=3=9=C=Z=
22282>2K2e2
7?7E7J7T7j7
8M8S8X8b8
8Q9u9{9
=)=F=L=Q=[=q=
>B>H>M>W>x>~>
>-?R?X?]?g?
=0b0h0m0w0
0M1r1x1}1
4V4\4a4k4
5 6'6,6P6W6\6
7@7G7L7p7w7|7
80878<8`8g8l8
8 9'9,9P9W9\9
:@:G:L:p:w:|:
;0;7;<;`;g;l;
; <'<,<P<W<\<
=@=G=L=p=w=|=
>0>7><>`>g>l>
> ?'?,?P?W?\?
0@0G0L0p0w0|0
10171<1`1g1l1
1 2'2,2P2W2\2
3@3G3L3p3w3|3
2 2$2(2,2024282<2@2D2H2L2P2T2X2\2`2d2h2l2p2t2x2|2
3 3$3(3,3034383<3H3L3P3T3`3d3
6$6,646<6D6L6
5 5$5(5,5054585<5@5D5H5L5P5T5X5\5`5d5h5l5p5t5x5|5
6 6$6(6,6064686<6@6D6H6
5 585<5T5d5h5|5
6$6,6@6`6|6
707P7p7
808L8P8p8
:<:@:H:L:
:8;<;@;D;H;L;P;X;\;
<l<p<t<x<|<
=$>(>,>0>4>8><>@>D>H>L>P>T>X>\>`>d>h>l>p>t>x>|>
?0?4?<?@?l?p?x?|?
\0`0d0h0l0p0t0x0|0
1$2(2,2024282<2@2D2H2L2P2T2X2\2`2d2h2l2p2t2x2|2
3,30383<3h3l3t3x3|4
5 5$5(5,5054585<5@5D5H5L5P5T5X5\5`5d5l5p5\6`6d6h6l6p6t6x6|6
74787@7D7p7t7|7
: :$:(:,:0:4:8:<:@:D:H:L:P:T:(;,;x;|;
< <$<(<,<0<4<8<<<@<D<H<L<P<T<X<\<`<d<h<l<p<t<x<|<
=(>,>0>4>8><>@>D>L>P>
?(?0?4?
4080<0@0D0H0L0P0X0\0x0
2 2$2(2,20242<2@2
3 3(3,3p3t3x3
3 4$4(40444x4|4
4(5,50585<5
5064686@6D6
687<7@7H7L7
7084888@8D8
889<9@9H9L9
9@:D:H:P:T:
;@<D<H<P<T<
=H=L=P=X=\=
>P>T>X>`>d>
?X?\?`?h?l?
0`0d0h0p0t0
1 1$1(10141x1|1
1(2,20282<2
2H3L3P3T3\3`3
3h4l4p4t4|4
4L5P5T5\5`54686<6@6D6H6L6P6X6\6
7T7X7`7d7
8 8$8(8,80848<8@8
8D9H9L9P9T9\9`9
90:4:8:<:D:H:
:0;4;<;@;
;4<8<<<D<H<
< =$=,=0=t=x=|=
>L>P>T>\>`>
> ?$?(?0?4?x?|?
0P1T1X1\1`1h1l1
2 2$2\2`2h2l2
3`3d3h3p3t3
4 4$4h4l4p4x4|4
5 5(5,5p5t5x5
5 6$6(60646x6|6
6074787<7@7D7H7L7T7X7
9<:@:D:H:L:P:X:\:
= =$=(=0=4=
?`?d?h?l?t?x?
0 0$0(0,0004080@0D0
1P1T1\1`1
2L2P2X2\2
3H3L3T3X3
4D4H4P4T4
4@5D5L5P5|5
6X6\6d6h6
7l7p7t7|7
8$8(8l8p8x8|8
9 9$9h9l9t9x9
:0:8:<:h:p:t:|;
<0<4<<<@<l<p<x<|<
=D=H=P=T=
>H>P>T>
>(?0?4?`?h?l?
0@0H0L0x0
0 1(1,1X1`1d1
282@2D2p2x2|2
3 3$3P3X3\3
40484<4h4p4t4
5L5P5X5\5
5$6(60646l6p6x6|6
7D7H7P7T7
8 8(8,8d8h8p8t8
9<9@9H9L9
:0:8:<:h:p:t:
;<;@;H;L;
< <$<\<`<h<l<
<4=8=@=D=
=8><>@>H>L>x>
>,?0?8?<?h?p?t?
0H0P0T0
1`1d1h1p1t1
2 2$2h2l2p2x2|2
3 3(3,3p3t3x3
3 4$4(40444x4|4
6 6$6(6,6064686<6@6D6H6L6P6T6X6\6`6d6h6l6p6t6x6|6
7 7$7(7,7074787<7@7D7H7L7P7T7X7\7`7d7h7p7t7
7D8H8L8P8X8\8
8d9h9l9p9t9x9
;H<L<P<T<\<`<
=h=l=p=t=|=
=P>T>X>\>d>h>
? ?$?(?,?0?4?<?@?
0 0$0(0,0004080@0D0
1 1$1(1,1014181<1D1H1p2t2|3
5P6T6X6\6`6d6l6p6L<P<T<X<\<`<d<h<l<p<t<x<|<
= =$=(=,=0=4=8=<=@=D=H=L=P=T=X=\=`=d=h=l=p=t=x=|=
> >$>(>,>0>4>8><>@>D>H>L>P>T>X>\>`>d>h>l>p>t>x>|>
? ?$?(?,?0?4?8?<?@?D?H?L?P?T?X?\?`?d?h?l?p?t?x?|?
t9x9|9
: :$:(:,:0:4:8:<:@:D:H:L:P:T:X:\:`:d:h:l:p:t:x:|:
; ;$;(;,;0;4;8;<;@;D;H;L;P;T;X;\;`;d;h;l;p;t;x;|;
< <$<(<,<0<4<8<<<@<D<H<L<P<T<X<\<`<d<h<l<p<t<x<|<
= =$=(=,=0=4=8=<=@=H=L=
X6X7\7`7d7h7l7p7t7x7|7
8 8$8(8,8084888<8@8D8H8L8P8T8X8\8`8d8h8l8p8t8x8|8
9(989H9X9|9
;(;,;0;4;8;<;@;D;H;L;P;
PkdsHq.dll
"20190813182912.582","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","memory","VirtualAllocEx","SUCCESS","0x00150000","th32ProcessID->1344","szExeFile->bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","lpAddress->0x00000000","dwSize->6144","flAllocationType->0x00001000","flProtect->0x00000004"
"20190813182912.582","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","memory","VirtualAllocEx","SUCCESS","0x00260000","th32ProcessID->1344","szExeFile->bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","lpAddress->0x00000000","dwSize->377102","flAllocationType->0x00001000","flProtect->0x00000004"
"20190813182912.602","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","memory","VirtualAllocEx","SUCCESS","0x00160000","th32ProcessID->1344","szExeFile->bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","lpAddress->0x00000000","dwSize->5390","flAllocationType->0x00001000","flProtect->0x00000004"
"20190813182912.602","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","memory","VirtualAllocEx","SUCCESS","0x00160000","th32ProcessID->1344","szExeFile->bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","lpAddress->0x00000000","dwSize->9998","flAllocationType->0x00001000","flProtect->0x00000004"
"20190813182912.602","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","memory","VirtualAllocEx","SUCCESS","0x00160000","th32ProcessID->1344","szExeFile->bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","lpAddress->0x00000000","dwSize->26674","flAllocationType->0x00001000","flProtect->0x00000004"
"20190813182912.612","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","registry","RegOpenKeyExA","FAILURE","","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Borland\Locales"
"20190813182912.612","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","registry","RegOpenKeyExA","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Borland\Locales"
"20190813182912.612","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","registry","RegOpenKeyExA","FAILURE","","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Borland\Delphi\Locales"
"20190813182912.612","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","memory","VirtualAllocEx","SUCCESS","0x00150000","th32ProcessID->1344","szExeFile->bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","lpAddress->0x00000000","dwSize->1048576","flAllocationType->0x00002000","flProtect->0x00000001"
"20190813182912.612","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","memory","VirtualAllocEx","SUCCESS","0x00150000","th32ProcessID->1344","szExeFile->bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","lpAddress->0x00150000","dwSize->16384","flAllocationType->0x00001000","flProtect->0x00000004"
"20190813182912.612","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","memory","VirtualAllocEx","SUCCESS","0x00250000","th32ProcessID->1344","szExeFile->bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","lpAddress->0x00000000","dwSize->4096","flAllocationType->0x00001000","flProtect->0x00000040"
"20190813182912.612","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","device","DeviceIoControl","SUCCESS","","hDevice->0x00000034","dwIoControlCode->0x00390008","lpInBuffer->0x77e46318","nInBufferSize->0x00000100","lpOutBuffer->0x0012fc34","nOutBufferSize->0x00000100","lpBytesReturned->0x0012fc2c","lpOverlapped->0x00000000"
"20190813182912.612","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","device","DeviceIoControl","SUCCESS","","hDevice->0x00000034","dwIoControlCode->0x00390008","lpInBuffer->0x77e46318","nInBufferSize->0x00000100","lpOutBuffer->0x0012fc34","nOutBufferSize->0x00000100","lpBytesReturned->0x0012fc2c","lpOverlapped->0x00000000"
"20190813182912.612","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","device","DeviceIoControl","SUCCESS","","hDevice->0x00000034","dwIoControlCode->0x00390008","lpInBuffer->0x77e46318","nInBufferSize->0x00000100","lpOutBuffer->0x0012fc34","nOutBufferSize->0x00000100","lpBytesReturned->0x0012fc2c","lpOverlapped->0x00000000"
"20190813182912.612","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","device","DeviceIoControl","SUCCESS","","hDevice->0x00000034","dwIoControlCode->0x00390008","lpInBuffer->0x77e46318","nInBufferSize->0x00000100","lpOutBuffer->0x0012fc34","nOutBufferSize->0x00000100","lpBytesReturned->0x0012fc2c","lpOverlapped->0x00000000"
"20190813182912.612","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","device","DeviceIoControl","SUCCESS","","hDevice->0x00000034","dwIoControlCode->0x00390008","lpInBuffer->0x77e46318","nInBufferSize->0x00000100","lpOutBuffer->0x0012fc34","nOutBufferSize->0x00000100","lpBytesReturned->0x0012fc2c","lpOverlapped->0x00000000"
"20190813182912.612","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","device","DeviceIoControl","SUCCESS","","hDevice->0x00000034","dwIoControlCode->0x00390008","lpInBuffer->0x77e46318","nInBufferSize->0x00000100","lpOutBuffer->0x0012fc34","nOutBufferSize->0x00000100","lpBytesReturned->0x0012fc2c","lpOverlapped->0x00000000"
"20190813182912.612","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","device","DeviceIoControl","SUCCESS","","hDevice->0x00000034","dwIoControlCode->0x00390008","lpInBuffer->0x77e46318","nInBufferSize->0x00000100","lpOutBuffer->0x0012fc34","nOutBufferSize->0x00000100","lpBytesReturned->0x0012fc2c","lpOverlapped->0x00000000"
"20190813182912.622","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","CreateFileW","SUCCESS","0x000000a0","lpFileName->C:\bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","dwDesiredAccess->GENERIC_READ"
"20190813182912.622","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","ReadFile","SUCCESS","","hFile->0x000000a0","nNumberOfBytesToRead->268"
"20190813182912.622","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","CreateFileW","SUCCESS","0x00000098","lpFileName->C:\WINDOWS\system32\HelpMe.exe","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20190813182912.622","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","memory","VirtualAllocEx","SUCCESS","0x00154000","th32ProcessID->1344","szExeFile->bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","lpAddress->0x00154000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20190813182912.622","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","ReadFile","SUCCESS","","hFile->0x000000a0","nNumberOfBytesToRead->61440"
"20190813182912.622","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","WriteFile","SUCCESS","","hFile->0x00000098","nNumberOfBytesToWrite->61440"
"20190813182912.622","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","ReadFile","SUCCESS","","hFile->0x000000a0","nNumberOfBytesToRead->61440"
"20190813182912.622","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","WriteFile","SUCCESS","","hFile->0x00000098","nNumberOfBytesToWrite->61440"
"20190813182912.622","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","ReadFile","SUCCESS","","hFile->0x000000a0","nNumberOfBytesToRead->61440"
"20190813182912.622","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","WriteFile","SUCCESS","","hFile->0x00000098","nNumberOfBytesToWrite->61440"
"20190813182912.622","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","ReadFile","SUCCESS","","hFile->0x000000a0","nNumberOfBytesToRead->61440"
"20190813182912.622","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","WriteFile","SUCCESS","","hFile->0x00000098","nNumberOfBytesToWrite->61440"
"20190813182912.622","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","ReadFile","SUCCESS","","hFile->0x000000a0","nNumberOfBytesToRead->17065"
"20190813182912.622","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","WriteFile","SUCCESS","","hFile->0x00000098","nNumberOfBytesToWrite->17065"
"20190813182912.622","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","synchronization","OpenMutexW","SUCCESS","0x000000ac","dwDesiredAccess->0x00120001","lpName->ShimCacheMutex"
"20190813182912.622","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","registry","RegOpenKeyExW","SUCCESS","0x000000b8","hKey->0x000000bc","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders"
"20190813182912.622","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000b8","lpValueName->Cache"
"20190813182912.622","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","system","LoadLibraryA","SUCCESS","0x77dd0000","lpFileName->advapi32.dll"
"20190813182912.632","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","process","CreateProcessInternalW","SUCCESS","200","lpApplicationName->(null)","lpCommandLine->C:\WINDOWS\system32\HelpMe.exe"
"20190813182912.632","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","process","WinExec","SUCCESS","","lpCmdLine->C:\WINDOWS\system32\HelpMe.exe"
"20190813182912.632","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","ReadFile","SUCCESS","","hFile->0x000000a0","nNumberOfBytesToRead->268"
"20190813182912.632","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","CreateFileW","SUCCESS","0x000000a4","lpFileName->C:\DOCUME~1\JANETT~1\LOCALS~1\Temp\\MZ
","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20190813182912.632","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","memory","VirtualAllocEx","SUCCESS","0x00154000","th32ProcessID->200","szExeFile->HelpMe.exe","lpAddress->0x00154000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20190813182912.632","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","ReadFile","SUCCESS","","hFile->0x000000a0","nNumberOfBytesToRead->61440"
"20190813182912.632","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","WriteFile","SUCCESS","","hFile->0x000000a4","nNumberOfBytesToWrite->61440"
"20190813182912.632","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","ReadFile","SUCCESS","","hFile->0x000000a0","nNumberOfBytesToRead->61440"
"20190813182912.632","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","WriteFile","SUCCESS","","hFile->0x000000a4","nNumberOfBytesToWrite->61440"
"20190813182912.632","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","ReadFile","SUCCESS","","hFile->0x000000a0","nNumberOfBytesToRead->61440"
"20190813182912.632","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","WriteFile","SUCCESS","","hFile->0x000000a4","nNumberOfBytesToWrite->61440"
"20190813182912.632","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","ReadFile","SUCCESS","","hFile->0x000000a0","nNumberOfBytesToRead->61440"
"20190813182912.642","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","registry","RegOpenKeyExW","SUCCESS","0x000000c0","hKey->0x000000c4","lpSubKey->Software\Microsoft\Windows\CurrentVersion\ThemeManager"
"20190813182912.642","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","registry","RegQueryValueExW","FAILURE","","hKey->0x000000c0","lpValueName->Compositing"
"20190813182912.642","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","registry","RegOpenKeyExW","SUCCESS","0x000000c0","hKey->0x000000c4","lpSubKey->Control Panel\Desktop"
"20190813182912.642","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","registry","RegQueryValueExW","FAILURE","","hKey->0x000000c0","lpValueName->LameButtonText"
"20190813182912.642","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","system","LoadLibraryA","SUCCESS","0x5ad70000","lpFileName->uxtheme.dll"
"20190813182917.619","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","process","CreateRemoteThread","SUCCESS","0x000000c4","lpStartAddress->0x00404008","th32ProcessID->200","szExeFile->HelpMe.exe"
"20190813182917.619","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","registry","RegCreateKeyExW","SUCCESS","0x000000d0","hKey->HKEY_LOCAL_MACHINE","lpSubKey->SoftWare\Microsoft\Windows NT\CurrentVersion\Winlogon"
"20190813182917.619","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","registry","RegSetValueExA","SUCCESS","","hKey->0x000000d0","lpValueName->Shell","dwType->1","lpData->Explorer.exe  HelpMe.exe","cbData->25"
"20190813182917.619","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","registry","RegCreateKeyExW","SUCCESS","0x000000d4","hKey->HKEY_LOCAL_MACHINE","lpSubKey->SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL"
"20190813182917.619","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","registry","RegSetValueExA","SUCCESS","","hKey->0x000000d4","lpValueName->CheckedValue","dwType->4","lpData->0","cbData->4"
"20190813182917.619","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","registry","RegCreateKeyExW","SUCCESS","0x000000dc","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders"
"20190813182917.619","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000dc","lpValueName->Startup"
"20190813182917.619","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","registry","RegCreateKeyExW","SUCCESS","0x000000dc","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders"
"20190813182917.619","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","registry","RegSetValueExW","SUCCESS","","hKey->0x000000dc","lpValueName->Startup","dwType->1","lpData->C:\Documents and Settings\janettedoe\Start Menu\Programs\Startup","cbData->130"
"20190813182917.619","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","process","CreateRemoteThread","SUCCESS","0x000000c8","lpStartAddress->0x00404008","th32ProcessID->200","szExeFile->HelpMe.exe"
"20190813182917.619","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","system","LoadLibraryA","SUCCESS","0x774e0000","lpFileName->ole32.dll"
"20190813182917.619","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190813182917.619","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","registry","RegOpenKeyExW","SUCCESS","0x000000dc","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190813182917.619","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","registry","RegQueryValueExW","FAILURE","","hKey->0x000000dc","lpValueName->NoNetHood"
"20190813182917.619","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190813182917.619","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","registry","RegOpenKeyExW","SUCCESS","0x000000dc","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190813182917.619","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","registry","RegQueryValueExW","FAILURE","","hKey->0x000000dc","lpValueName->NoPropertiesMyComputer"
"20190813182917.619","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190813182917.619","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","registry","RegOpenKeyExW","SUCCESS","0x000000dc","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190813182917.619","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","registry","RegQueryValueExW","FAILURE","","hKey->0x000000dc","lpValueName->NoInternetIcon"
"20190813182917.619","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","registry","RegOpenKeyExA","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Applications\bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47"
"20190813182917.619","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190813182917.619","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","registry","RegOpenKeyExW","SUCCESS","0x000000dc","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190813182917.619","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","registry","RegQueryValueExW","FAILURE","","hKey->0x000000dc","lpValueName->NoCommonGroups"
"20190813182917.619","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","registry","RegOpenKeyExA","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Objects\{20D04FE0-3AEA-1069-A2D8-08002B30309D}"
"20190813182917.619","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190813182917.619","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","registry","RegOpenKeyExW","SUCCESS","0x000000dc","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190813182917.619","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","registry","RegQueryValueExW","FAILURE","","hKey->0x000000dc","lpValueName->NoControlPanel"
"20190813182917.619","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190813182917.619","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","registry","RegOpenKeyExW","SUCCESS","0x000000dc","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190813182917.619","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","registry","RegQueryValueExW","FAILURE","","hKey->0x000000dc","lpValueName->NoSetFolders"
"20190813182917.619","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","registry","RegOpenKeyExA","SUCCESS","0x000000de","hKey->HKEY_CLASSES_ROOT","lpSubKey->CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32"
"20190813182917.619","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000de","lpValueName->(null)"
"20190813182917.629","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","registry","RegOpenKeyExW","SUCCESS","0x000000e8","hKey->HKEY_LOCAL_MACHINE","lpSubKey->System\Setup"
"20190813182917.629","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000e8","lpValueName->SystemSetupInProgress"
"20190813182917.629","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->SYSTEM\CurrentControlSet\Control\MiniNT"
"20190813182917.629","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","registry","RegOpenKeyExW","SUCCESS","0x000000e8","hKey->HKEY_LOCAL_MACHINE","lpSubKey->System\WPA\PnP"
"20190813182917.629","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000e8","lpValueName->seed"
"20190813182917.629","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","registry","RegOpenKeyExW","SUCCESS","0x000000e8","hKey->HKEY_LOCAL_MACHINE","lpSubKey->SYSTEM\Setup"
"20190813182917.629","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000e8","lpValueName->OsLoaderPath"
"20190813182917.629","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000e8","lpValueName->OsLoaderPath"
"20190813182917.629","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","registry","RegOpenKeyExW","SUCCESS","0x000000e8","hKey->HKEY_LOCAL_MACHINE","lpSubKey->SYSTEM\Setup"
"20190813182917.629","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000e8","lpValueName->SystemPartition"
"20190813182917.629","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000e8","lpValueName->SystemPartition"
"20190813182917.629","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","registry","RegOpenKeyExW","SUCCESS","0x000000e8","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Setup"
"20190813182917.629","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000e8","lpValueName->SourcePath"
"20190813182917.629","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000e8","lpValueName->SourcePath"
"20190813182917.629","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","registry","RegOpenKeyExW","SUCCESS","0x000000e8","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Setup"
"20190813182917.629","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000e8","lpValueName->ServicePackSourcePath"
"20190813182917.629","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000e8","lpValueName->ServicePackSourcePath"
"20190813182917.629","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","registry","RegOpenKeyExW","SUCCESS","0x000000e8","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Setup"
"20190813182917.629","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000e8","lpValueName->ServicePackCachePath"
"20190813182917.629","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000e8","lpValueName->ServicePackCachePath"
"20190813182917.629","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","registry","RegOpenKeyExW","SUCCESS","0x000000e8","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Setup"
"20190813182917.629","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000e8","lpValueName->DriverCachePath"
"20190813182917.629","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000e8","lpValueName->DriverCachePath"
"20190813182917.629","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","registry","RegOpenKeyExW","SUCCESS","0x000000e8","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion"
"20190813182917.629","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000e8","lpValueName->DevicePath"
"20190813182917.629","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","synchronization","CreateMutexW","SUCCESS","0x000000e4","lpName->(null)"
"20190813182917.629","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","synchronization","CreateMutexW","SUCCESS","0x000000f0","lpName->(null)"
"20190813182917.629","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","synchronization","CreateMutexW","SUCCESS","0x000000f8","lpName->(null)"
"20190813182917.629","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","registry","RegOpenKeyExW","SUCCESS","0x000000fc","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Setup"
"20190813182917.629","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000fc","lpValueName->LogLevel"
"20190813182917.629","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000fc","lpValueName->LogLevel"
"20190813182917.629","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","registry","RegQueryValueExW","FAILURE","","hKey->0x000000fc","lpValueName->LogPath"
"20190813182917.629","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","registry","RegOpenKeyExW","FAILURE","","hKey->0x000000fc","lpSubKey->AppLogLevels"
"20190813182917.629","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","system","LoadLibraryA","SUCCESS","0x77920000","lpFileName->SETUPAPI.dll"
"20190813182917.629","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","CreateFileW","SUCCESS","0x000000fc","lpFileName->C:\bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","dwDesiredAccess->GENERIC_READ"
"20190813182917.629","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","ReadFile","SUCCESS","","hFile->0x000000fc","nNumberOfBytesToRead->65536"
"20190813182917.629","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","WriteFile","SUCCESS","","hFile->0x00000100","nNumberOfBytesToWrite->65536"
"20190813182917.629","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","ReadFile","SUCCESS","","hFile->0x000000fc","nNumberOfBytesToRead->65536"
"20190813182917.629","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","WriteFile","SUCCESS","","hFile->0x00000100","nNumberOfBytesToWrite->65536"
"20190813182917.629","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","ReadFile","SUCCESS","","hFile->0x000000fc","nNumberOfBytesToRead->65536"
"20190813182917.629","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","WriteFile","SUCCESS","","hFile->0x00000100","nNumberOfBytesToWrite->65536"
"20190813182917.629","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","ReadFile","SUCCESS","","hFile->0x000000fc","nNumberOfBytesToRead->65536"
"20190813182917.629","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","WriteFile","SUCCESS","","hFile->0x00000100","nNumberOfBytesToWrite->65536"
"20190813182917.629","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","ReadFile","SUCCESS","","hFile->0x000000fc","nNumberOfBytesToRead->65536"
"20190813182917.629","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","WriteFile","SUCCESS","","hFile->0x00000100","nNumberOfBytesToWrite->65536"
"20190813182917.629","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","ReadFile","SUCCESS","","hFile->0x000000fc","nNumberOfBytesToRead->65536"
"20190813182917.629","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","WriteFile","SUCCESS","","hFile->0x00000100","nNumberOfBytesToWrite->65536"
"20190813182917.629","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","ReadFile","SUCCESS","","hFile->0x000000fc","nNumberOfBytesToRead->65536"
"20190813182917.629","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","WriteFile","SUCCESS","","hFile->0x00000100","nNumberOfBytesToWrite->65536"
"20190813182917.629","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","ReadFile","SUCCESS","","hFile->0x000000fc","nNumberOfBytesToRead->65536"
"20190813182917.629","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","WriteFile","SUCCESS","","hFile->0x00000100","nNumberOfBytesToWrite->1217"
"20190813182917.629","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","ReadFile","SUCCESS","","hFile->0x000000fc","nNumberOfBytesToRead->65536"
"20190813182917.629","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","CopyFileExW","SUCCESS","","lpExistingFileName->C:\bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","lpNewFileName->C:\AutoRun.exe"
"20190813182917.629","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Rpc\PagedBuffers"
"20190813182917.629","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","registry","RegOpenKeyExA","SUCCESS","0x00000100","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Rpc"
"20190813182917.629","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47\RpcThreadPoolThrottle"
"20190813182917.629","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Policies\Microsoft\Windows NT\Rpc"
"20190813182917.629","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","system","LoadLibraryW","SUCCESS","0x77e70000","lpFileName->rpcrt4.dll"
"20190813182917.629","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","CreateFileW","SUCCESS","0x00000120","lpFileName->\\.\PIPE\lsarpc","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20190813182917.629","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","CreateFileW","SUCCESS","0x0000011c","lpFileName->\\.\PIPE\lsarpc","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20190813182917.649","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","CreateFileW","SUCCESS","0x00000128","lpFileName->C:\AUTOEXEC.BAT","dwDesiredAccess->GENERIC_READ"
"20190813182917.649","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","ReadFile","SUCCESS","","hFile->0x00000128","nNumberOfBytesToRead->268"
"20190813182917.649","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","CreateFileW","SUCCESS","0x00000128","lpFileName->C:\bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","dwDesiredAccess->GENERIC_READ"
"20190813182917.649","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","CreateFileW","SUCCESS","0x0000012c","lpFileName->C:\AUTOEXEC.BAT","dwDesiredAccess->GENERIC_READ"
"20190813182917.649","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","CreateFileW","SUCCESS","0x00000130","lpFileName->C:\AUTOEXEC.BAT.exe","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20190813182917.649","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","device","DeviceIoControl","SUCCESS","","hDevice->0x00000138","dwIoControlCode->0x004d0008","lpInBuffer->0x00000000","nInBufferSize->0x00000000","lpOutBuffer->0x0120f37c","nOutBufferSize->0x00000208","lpBytesReturned->0x0120f374","lpOverlapped->0x00000000"
"20190813182917.649","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","CreateFileW","SUCCESS","0x00000138","lpFileName->\\.\MountPointManager","dwDesiredAccess->ATTRIBUTES"
"20190813182917.649","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","device","DeviceIoControl","FAILURE","","hDevice->0x00000138","dwIoControlCode->0x006d0008","lpInBuffer->0x0049a870","nInBufferSize->0x00000046","lpOutBuffer->0x0049a8c0","nOutBufferSize->0x00000020","lpBytesReturned->0x0120f374","lpOverlapped->0x00000000"
"20190813182917.649","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","device","DeviceIoControl","SUCCESS","","hDevice->0x00000138","dwIoControlCode->0x006d0008","lpInBuffer->0x0049a870","nInBufferSize->0x00000046","lpOutBuffer->0x00486100","nOutBufferSize->0x000000ee","lpBytesReturned->0x0120f374","lpOverlapped->0x00000000"
"20190813182917.649","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","registry","RegOpenKeyExW","SUCCESS","0x00000138","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume"
"20190813182917.649","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","registry","RegOpenKeyExW","SUCCESS","0x0000013c","hKey->0x00000138","lpSubKey->{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20190813182917.649","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","registry","RegQueryValueExW","SUCCESS","","hKey->0x0000013c","lpValueName->Data"
"20190813182917.649","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","registry","RegOpenKeyExW","SUCCESS","0x0000013c","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume"
"20190813182917.649","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","registry","RegOpenKeyExW","SUCCESS","0x00000138","hKey->0x0000013c","lpSubKey->{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20190813182917.649","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000138","lpValueName->Generation"
"20190813182917.649","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","CreateFileW","SUCCESS","0x00000138","lpFileName->\\.\MountPointManager","dwDesiredAccess->ATTRIBUTES"
"20190813182917.649","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","device","DeviceIoControl","FAILURE","","hDevice->0x00000138","dwIoControlCode->0x006d0034","lpInBuffer->0x0049ba10","nInBufferSize->0x00000208","lpOutBuffer->0x00498440","nOutBufferSize->0x00000008","lpBytesReturned->0x0120f884","lpOverlapped->0x00000000"
"20190813182917.649","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","memory","VirtualAllocEx","SUCCESS","0x00164000","th32ProcessID->200","szExeFile->HelpMe.exe","lpAddress->0x00164000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20190813182917.649","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","ReadFile","SUCCESS","","hFile->0x00000128","nNumberOfBytesToRead->61440"
"20190813182917.649","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","WriteFile","SUCCESS","","hFile->0x00000130","nNumberOfBytesToWrite->61440"
"20190813182917.649","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","ReadFile","SUCCESS","","hFile->0x00000128","nNumberOfBytesToRead->61440"
"20190813182917.649","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","WriteFile","SUCCESS","","hFile->0x00000130","nNumberOfBytesToWrite->61440"
"20190813182917.649","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","ReadFile","SUCCESS","","hFile->0x00000128","nNumberOfBytesToRead->61440"
"20190813182917.649","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","WriteFile","SUCCESS","","hFile->0x00000130","nNumberOfBytesToWrite->61440"
"20190813182917.649","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","ReadFile","SUCCESS","","hFile->0x00000128","nNumberOfBytesToRead->61440"
"20190813182917.649","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","WriteFile","SUCCESS","","hFile->0x00000130","nNumberOfBytesToWrite->61440"
"20190813182917.649","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","ReadFile","SUCCESS","","hFile->0x00000128","nNumberOfBytesToRead->61440"
"20190813182917.649","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","WriteFile","SUCCESS","","hFile->0x00000130","nNumberOfBytesToWrite->61440"
"20190813182917.649","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","ReadFile","SUCCESS","","hFile->0x00000128","nNumberOfBytesToRead->61440"
"20190813182917.649","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","WriteFile","SUCCESS","","hFile->0x00000130","nNumberOfBytesToWrite->61440"
"20190813182917.649","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","ReadFile","SUCCESS","","hFile->0x00000128","nNumberOfBytesToRead->61440"
"20190813182917.649","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","WriteFile","SUCCESS","","hFile->0x00000130","nNumberOfBytesToWrite->61440"
"20190813182917.649","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","ReadFile","SUCCESS","","hFile->0x00000128","nNumberOfBytesToRead->29889"
"20190813182917.649","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","WriteFile","SUCCESS","","hFile->0x00000130","nNumberOfBytesToWrite->29889"
"20190813182917.649","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","WriteFile","SUCCESS","","hFile->0x00000130","nNumberOfBytesToWrite->268"
"20190813182917.649","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","WriteFile","SUCCESS","","hFile->0x00000130","nNumberOfBytesToWrite->268"
"20190813182917.659","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","device","DeviceIoControl","SUCCESS","","hDevice->0x00000138","dwIoControlCode->0x006d0034","lpInBuffer->0x0049ba10","nInBufferSize->0x00000208","lpOutBuffer->0x0049bc20","nOutBufferSize->0x00000010","lpBytesReturned->0x0120f884","lpOverlapped->0x00000000"
"20190813182917.659","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","CreateFileW","SUCCESS","0x00000138","lpFileName->\\.\MountPointManager","dwDesiredAccess->ATTRIBUTES"
"20190813182917.659","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","device","DeviceIoControl","FAILURE","","hDevice->0x00000138","dwIoControlCode->0x006d0034","lpInBuffer->0x0049ba10","nInBufferSize->0x00000208","lpOutBuffer->0x00498440","nOutBufferSize->0x00000008","lpBytesReturned->0x0120f884","lpOverlapped->0x00000000"
"20190813182917.659","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","device","DeviceIoControl","SUCCESS","","hDevice->0x00000138","dwIoControlCode->0x006d0034","lpInBuffer->0x0049ba10","nInBufferSize->0x00000208","lpOutBuffer->0x0049bc38","nOutBufferSize->0x00000010","lpBytesReturned->0x0120f884","lpOverlapped->0x00000000"
"20190813182917.659","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","registry","RegCreateKeyExW","SUCCESS","0x00000138","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20190813182917.659","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","registry","RegSetValueExW","SUCCESS","","hKey->0x00000138","lpValueName->BaseClass","dwType->1","lpData->Drive","cbData->12"
"20190813182917.659","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","registry","RegOpenKeyExW","SUCCESS","0x00000138","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume"
"20190813182917.659","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","registry","RegOpenKeyExW","SUCCESS","0x00000130","hKey->0x00000138","lpSubKey->{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20190813182917.659","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000130","lpValueName->Generation"
"20190813182917.659","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","system","LoadLibraryA","SUCCESS","0x7c9c0000","lpFileName->SHELL32.dll"
"20190813182917.659","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","system","LoadLibraryA","SUCCESS","0x774e0000","lpFileName->ole32.dll"
"20190813182917.659","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","registry","RegOpenKeyExW","SUCCESS","0x00000132","hKey->HKEY_CLASSES_ROOT","lpSubKey->Directory"
"20190813182917.659","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","registry","RegOpenKeyExW","FAILURE","","hKey->0x00000132","lpSubKey->CurVer"
"20190813182917.659","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","registry","RegOpenKeyExW","SUCCESS","0x0000013a","hKey->0x00000132","lpSubKey->(null)"
"20190813182917.659","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","DeleteFileW","SUCCESS","","lpFileName->C:\AUTOEXEC.BAT"
"20190813182917.659","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","MoveFileWithProgressW","SUCCESS","","lpExistingFileName->C:\AUTOEXEC.BAT.exe","lpNewFileName->C:\AUTOEXEC.BAT"
"20190813182917.659","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","CreateFileW","SUCCESS","0x00000130","lpFileName->C:\AutoRun.exe","dwDesiredAccess->GENERIC_READ"
"20190813182917.659","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","ReadFile","SUCCESS","","hFile->0x00000130","nNumberOfBytesToRead->268"
"20190813182917.659","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","CreateFileW","SUCCESS","0x00000130","lpFileName->C:\AUTORUN.INF","dwDesiredAccess->GENERIC_READ"
"20190813182917.659","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","ReadFile","SUCCESS","","hFile->0x00000130","nNumberOfBytesToRead->268"
"20190813182917.659","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","CreateFileW","SUCCESS","0x00000130","lpFileName->C:\bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","dwDesiredAccess->GENERIC_READ"
"20190813182917.659","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","CreateFileW","SUCCESS","0x0000012c","lpFileName->C:\AUTORUN.INF","dwDesiredAccess->GENERIC_READ"
"20190813182917.659","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","CreateFileW","SUCCESS","0x00000128","lpFileName->C:\AUTORUN.INF.exe","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20190813182917.659","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","memory","VirtualAllocEx","SUCCESS","0x00164000","th32ProcessID->200","szExeFile->HelpMe.exe","lpAddress->0x00164000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20190813182917.659","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","ReadFile","SUCCESS","","hFile->0x00000130","nNumberOfBytesToRead->61440"
"20190813182917.659","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","WriteFile","SUCCESS","","hFile->0x00000128","nNumberOfBytesToWrite->61440"
"20190813182917.659","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","ReadFile","SUCCESS","","hFile->0x00000130","nNumberOfBytesToRead->61440"
"20190813182917.659","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","WriteFile","SUCCESS","","hFile->0x00000128","nNumberOfBytesToWrite->61440"
"20190813182917.659","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","ReadFile","SUCCESS","","hFile->0x00000130","nNumberOfBytesToRead->61440"
"20190813182917.659","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","WriteFile","SUCCESS","","hFile->0x00000128","nNumberOfBytesToWrite->61440"
"20190813182917.659","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","ReadFile","SUCCESS","","hFile->0x00000130","nNumberOfBytesToRead->61440"
"20190813182917.659","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","WriteFile","SUCCESS","","hFile->0x00000128","nNumberOfBytesToWrite->61440"
"20190813182917.659","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","ReadFile","SUCCESS","","hFile->0x00000130","nNumberOfBytesToRead->61440"
"20190813182917.659","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","WriteFile","SUCCESS","","hFile->0x00000128","nNumberOfBytesToWrite->61440"
"20190813182917.659","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","ReadFile","SUCCESS","","hFile->0x00000130","nNumberOfBytesToRead->61440"
"20190813182917.659","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","WriteFile","SUCCESS","","hFile->0x00000128","nNumberOfBytesToWrite->61440"
"20190813182917.659","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","ReadFile","SUCCESS","","hFile->0x00000130","nNumberOfBytesToRead->61440"
"20190813182917.659","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","WriteFile","SUCCESS","","hFile->0x00000128","nNumberOfBytesToWrite->61440"
"20190813182917.659","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","ReadFile","SUCCESS","","hFile->0x00000130","nNumberOfBytesToRead->29889"
"20190813182917.659","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","WriteFile","SUCCESS","","hFile->0x00000128","nNumberOfBytesToWrite->29889"
"20190813182917.659","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","ReadFile","SUCCESS","","hFile->0x0000012c","nNumberOfBytesToRead->145"
"20190813182917.659","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","WriteFile","SUCCESS","","hFile->0x00000128","nNumberOfBytesToWrite->145"
"20190813182917.659","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","WriteFile","SUCCESS","","hFile->0x00000128","nNumberOfBytesToWrite->268"
"20190813182917.659","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","WriteFile","SUCCESS","","hFile->0x00000128","nNumberOfBytesToWrite->268"
"20190813182917.659","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190813182917.659","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","registry","RegOpenKeyExW","SUCCESS","0x0000012c","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190813182917.659","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","registry","RegQueryValueExW","FAILURE","","hKey->0x0000012c","lpValueName->DontShowSuperHidden"
"20190813182917.659","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","registry","RegOpenKeyExW","SUCCESS","0x0000012c","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer"
"20190813182917.659","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","registry","RegOpenKeyExW","SUCCESS","0x00000130","hKey->0x0000012c","lpSubKey->(null)"
"20190813182917.659","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000130","lpValueName->ShellState"
"20190813182917.659","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000130","lpValueName->ShellState"
"20190813182917.659","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190813182917.659","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","registry","RegOpenKeyExW","SUCCESS","0x00000130","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190813182917.659","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","registry","RegQueryValueExW","FAILURE","","hKey->0x00000130","lpValueName->ForceActiveDesktopOn"
"20190813182917.659","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190813182917.659","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","registry","RegOpenKeyExW","SUCCESS","0x00000130","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190813182917.659","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","registry","RegQueryValueExW","FAILURE","","hKey->0x00000130","lpValueName->NoActiveDesktop"
"20190813182917.659","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\System"
"20190813182917.659","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190813182917.659","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","registry","RegOpenKeyExW","SUCCESS","0x00000130","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190813182917.659","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","registry","RegQueryValueExW","FAILURE","","hKey->0x00000130","lpValueName->NoWebView"
"20190813182917.659","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190813182917.659","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","registry","RegOpenKeyExW","SUCCESS","0x00000130","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190813182917.659","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","registry","RegQueryValueExW","FAILURE","","hKey->0x00000130","lpValueName->ClassicShell"
"20190813182917.659","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","DeleteFileW","FAILURE","","lpFileName->C:\AUTORUN.INF"
"20190813182917.659","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","MoveFileWithProgressW","FAILURE","","lpExistingFileName->C:\AUTORUN.INF.exe","lpNewFileName->C:\AUTORUN.INF"
"20190813182917.659","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","CreateFileW","SUCCESS","0x00000128","lpFileName->C:\bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","dwDesiredAccess->GENERIC_READ"
"20190813182917.659","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","ReadFile","SUCCESS","","hFile->0x00000128","nNumberOfBytesToRead->268"
"20190813182917.659","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","CreateFileW","SUCCESS","0x00000128","lpFileName->C:\boot.ini","dwDesiredAccess->GENERIC_READ"
"20190813182917.659","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","ReadFile","SUCCESS","","hFile->0x00000128","nNumberOfBytesToRead->268"
"20190813182917.659","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","CreateFileW","SUCCESS","0x00000128","lpFileName->C:\bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","dwDesiredAccess->GENERIC_READ"
"20190813182917.659","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","CreateFileW","SUCCESS","0x00000130","lpFileName->C:\boot.ini","dwDesiredAccess->GENERIC_READ"
"20190813182917.659","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","CreateFileW","SUCCESS","0x00000134","lpFileName->C:\boot.ini.exe","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20190813182917.669","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190813182917.669","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","registry","RegOpenKeyExW","SUCCESS","0x0000014c","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190813182917.669","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","registry","RegQueryValueExW","FAILURE","","hKey->0x0000014c","lpValueName->SeparateProcess"
"20190813182917.669","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190813182917.669","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","registry","RegOpenKeyExW","SUCCESS","0x0000014c","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190813182917.669","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","registry","RegQueryValueExW","FAILURE","","hKey->0x0000014c","lpValueName->NoNetCrawling"
"20190813182917.669","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190813182917.669","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","registry","RegOpenKeyExW","SUCCESS","0x0000014c","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190813182917.669","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","registry","RegQueryValueExW","FAILURE","","hKey->0x0000014c","lpValueName->NoSimpleStartMenu"
"20190813182917.669","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","registry","RegOpenKeyExW","SUCCESS","0x0000014c","hKey->0x0000012c","lpSubKey->Advanced"
"20190813182917.669","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","registry","RegQueryValueExW","SUCCESS","","hKey->0x0000014c","lpValueName->Hidden"
"20190813182917.669","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","registry","RegQueryValueExW","SUCCESS","","hKey->0x0000014c","lpValueName->ShowCompColor"
"20190813182917.669","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","registry","RegQueryValueExW","SUCCESS","","hKey->0x0000014c","lpValueName->HideFileExt"
"20190813182917.669","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","registry","RegQueryValueExW","SUCCESS","","hKey->0x0000014c","lpValueName->DontPrettyPath"
"20190813182917.669","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","registry","RegQueryValueExW","SUCCESS","","hKey->0x0000014c","lpValueName->ShowInfoTip"
"20190813182917.669","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","registry","RegQueryValueExW","SUCCESS","","hKey->0x0000014c","lpValueName->HideIcons"
"20190813182917.669","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","registry","RegQueryValueExW","SUCCESS","","hKey->0x0000014c","lpValueName->MapNetDrvBtn"
"20190813182917.669","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","registry","RegQueryValueExW","SUCCESS","","hKey->0x0000014c","lpValueName->WebView"
"20190813182917.669","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","registry","RegQueryValueExW","SUCCESS","","hKey->0x0000014c","lpValueName->Filter"
"20190813182917.669","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","registry","RegQueryValueExW","SUCCESS","","hKey->0x0000014c","lpValueName->ShowSuperHidden"
"20190813182917.669","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","registry","RegQueryValueExW","SUCCESS","","hKey->0x0000014c","lpValueName->SeparateProcess"
"20190813182917.669","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","registry","RegQueryValueExW","SUCCESS","","hKey->0x0000014c","lpValueName->NoNetCrawling"
"20190813182917.669","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","registry","RegOpenKeyExW","FAILURE","","hKey->0x0000013a","lpSubKey->ShellEx\IconHandler"
"20190813182917.669","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","registry","RegQueryValueExW","FAILURE","","hKey->0x0000013a","lpValueName->DocObject"
"20190813182917.669","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","registry","RegQueryValueExW","FAILURE","","hKey->0x0000013a","lpValueName->BrowseInPlace"
"20190813182917.669","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","registry","RegOpenKeyExW","FAILURE","","hKey->0x0000013a","lpSubKey->Clsid"
"20190813182917.669","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","registry","RegOpenKeyExW","SUCCESS","0x00000152","hKey->HKEY_CLASSES_ROOT","lpSubKey->Folder"
"20190813182917.669","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","registry","RegOpenKeyExW","FAILURE","","hKey->0x00000152","lpSubKey->Clsid"
"20190813182917.669","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","registry","RegQueryValueExW","FAILURE","","hKey->0x0000013a","lpValueName->IsShortcut"
"20190813182917.669","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","registry","RegQueryValueExW","SUCCESS","","hKey->0x0000013a","lpValueName->AlwaysShowExt"
"20190813182917.669","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","registry","RegQueryValueExW","FAILURE","","hKey->0x0000013a","lpValueName->NeverShowExt"
"20190813182917.659","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","memory","VirtualAllocEx","SUCCESS","0x00164000","th32ProcessID->200","szExeFile->HelpMe.exe","lpAddress->0x00164000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20190813182917.669","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","ReadFile","SUCCESS","","hFile->0x00000128","nNumberOfBytesToRead->61440"
"20190813182917.669","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","WriteFile","SUCCESS","","hFile->0x00000134","nNumberOfBytesToWrite->61440"
"20190813182917.669","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","ReadFile","SUCCESS","","hFile->0x00000128","nNumberOfBytesToRead->61440"
"20190813182917.669","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","WriteFile","SUCCESS","","hFile->0x00000134","nNumberOfBytesToWrite->61440"
"20190813182917.669","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","ReadFile","SUCCESS","","hFile->0x00000128","nNumberOfBytesToRead->61440"
"20190813182917.669","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","WriteFile","SUCCESS","","hFile->0x00000134","nNumberOfBytesToWrite->61440"
"20190813182917.669","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","ReadFile","SUCCESS","","hFile->0x00000128","nNumberOfBytesToRead->61440"
"20190813182917.669","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","WriteFile","SUCCESS","","hFile->0x00000134","nNumberOfBytesToWrite->61440"
"20190813182917.669","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","ReadFile","SUCCESS","","hFile->0x00000128","nNumberOfBytesToRead->61440"
"20190813182917.669","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","WriteFile","SUCCESS","","hFile->0x00000134","nNumberOfBytesToWrite->61440"
"20190813182917.669","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","ReadFile","SUCCESS","","hFile->0x00000128","nNumberOfBytesToRead->61440"
"20190813182917.669","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","WriteFile","SUCCESS","","hFile->0x00000134","nNumberOfBytesToWrite->61440"
"20190813182917.669","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","ReadFile","SUCCESS","","hFile->0x00000128","nNumberOfBytesToRead->61440"
"20190813182917.669","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","WriteFile","SUCCESS","","hFile->0x00000134","nNumberOfBytesToWrite->61440"
"20190813182917.669","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","ReadFile","SUCCESS","","hFile->0x00000128","nNumberOfBytesToRead->29889"
"20190813182917.669","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","WriteFile","SUCCESS","","hFile->0x00000134","nNumberOfBytesToWrite->29889"
"20190813182917.669","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","ReadFile","SUCCESS","","hFile->0x00000130","nNumberOfBytesToRead->211"
"20190813182917.669","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","WriteFile","SUCCESS","","hFile->0x00000134","nNumberOfBytesToWrite->211"
"20190813182917.669","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","WriteFile","SUCCESS","","hFile->0x00000134","nNumberOfBytesToWrite->268"
"20190813182917.669","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","WriteFile","SUCCESS","","hFile->0x00000134","nNumberOfBytesToWrite->268"
"20190813182917.669","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190813182917.669","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","registry","RegOpenKeyExW","SUCCESS","0x00000134","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190813182917.669","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","registry","RegQueryValueExW","FAILURE","","hKey->0x00000134","lpValueName->UseDesktopIniCache"
"20190813182917.679","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","system","LoadLibraryA","SUCCESS","0x77120000","lpFileName->oleaut32.dll"
"20190813182917.679","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","registry","RegOpenKeyExW","SUCCESS","0x00000134","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\COM3"
"20190813182917.679","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000134","lpValueName->Com+Enabled"
"20190813182917.679","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","DeleteFileW","SUCCESS","","lpFileName->C:\boot.ini"
"20190813182917.679","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","MoveFileWithProgressW","SUCCESS","","lpExistingFileName->C:\boot.ini.exe","lpNewFileName->C:\boot.ini"
"20190813182917.679","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","CreateFileW","SUCCESS","0x00000134","lpFileName->C:\CONFIG.SYS","dwDesiredAccess->GENERIC_READ"
"20190813182917.679","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","ReadFile","SUCCESS","","hFile->0x00000134","nNumberOfBytesToRead->268"
"20190813182917.679","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\COM3\Debug"
"20190813182917.679","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\COM3\Debug"
"20190813182917.679","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","registry","RegOpenKeyExW","SUCCESS","0x00000134","hKey->HKEY_LOCAL_MACHINE","lpSubKey->SOFTWARE\Microsoft\OLE"
"20190813182917.679","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","registry","RegQueryValueExW","FAILURE","","hKey->0x00000134","lpValueName->MinimumFreeMemPercentageToCreateProcess"
"20190813182917.679","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","registry","RegQueryValueExW","FAILURE","","hKey->0x00000134","lpValueName->MinimumFreeMemPercentageToCreateObject"
"20190813182917.679","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","CreateFileW","SUCCESS","0x00000134","lpFileName->C:\bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","dwDesiredAccess->GENERIC_READ"
"20190813182917.679","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","CreateFileW","SUCCESS","0x00000130","lpFileName->C:\CONFIG.SYS","dwDesiredAccess->GENERIC_READ"
"20190813182917.679","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","CreateFileW","SUCCESS","0x00000128","lpFileName->C:\CONFIG.SYS.exe","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20190813182917.679","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","system","LoadLibraryA","SUCCESS","0x76fd0000","lpFileName->CLBCATQ.DLL"
"20190813182917.679","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","registry","RegOpenKeyExW","SUCCESS","0x00000144","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\COM3"
"20190813182917.679","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000144","lpValueName->Com+Enabled"
"20190813182917.679","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","system","LoadLibraryA","SUCCESS","0x76fd0000","lpFileName->CLBCATQ.DLL"
"20190813182917.679","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","registry","RegOpenKeyExW","SUCCESS","0x00000144","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Classes"
"20190813182917.679","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","registry","RegOpenKeyExW","SUCCESS","0x00000158","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\COM3"
"20190813182917.679","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","registry","RegOpenKeyExW","SUCCESS","0x00000168","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Classes"
"20190813182917.679","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","registry","RegOpenKeyExW","SUCCESS","0x00000178","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\COM3"
"20190813182917.679","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","registry","RegOpenKeyExW","SUCCESS","0x00000180","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\COM3"
"20190813182917.679","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","registry","RegOpenKeyExW","SUCCESS","0x00000188","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Classes\CLSID"
"20190813182917.679","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","registry","RegOpenKeyExW","SUCCESS","0x00000190","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Classes"
"20190813182917.679","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","registry","RegOpenKeyExW","SUCCESS","0x00000198","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\COM3"
"20190813182917.679","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","registry","RegOpenKeyExW","SUCCESS","0x000001a8","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\COM3"
"20190813182917.679","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","registry","RegOpenKeyExW","SUCCESS","0x000001b0","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\COM3"
"20190813182917.679","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","registry","RegOpenKeyExW","SUCCESS","0x000001b8","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Classes\CLSID"
"20190813182917.679","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","registry","RegOpenKeyExW","SUCCESS","0x000001c0","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\COM3"
"20190813182917.679","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001c0","lpValueName->REGDBVersion"
"20190813182917.679","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","CreateFileW","SUCCESS","0x000001c0","lpFileName->C:\WINDOWS\Registration\R000000000007.clb","dwDesiredAccess->GENERIC_READ"
"20190813182917.679","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","memory","VirtualAllocEx","SUCCESS","0x00164000","th32ProcessID->1344","szExeFile->bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","lpAddress->0x00164000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20190813182917.679","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","ReadFile","SUCCESS","","hFile->0x00000134","nNumberOfBytesToRead->61440"
"20190813182917.679","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","WriteFile","SUCCESS","","hFile->0x00000128","nNumberOfBytesToWrite->61440"
"20190813182917.679","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","ReadFile","SUCCESS","","hFile->0x00000134","nNumberOfBytesToRead->61440"
"20190813182917.679","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","WriteFile","SUCCESS","","hFile->0x00000128","nNumberOfBytesToWrite->61440"
"20190813182917.679","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","ReadFile","SUCCESS","","hFile->0x00000134","nNumberOfBytesToRead->61440"
"20190813182917.679","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","WriteFile","SUCCESS","","hFile->0x00000128","nNumberOfBytesToWrite->61440"
"20190813182917.679","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","ReadFile","SUCCESS","","hFile->0x00000134","nNumberOfBytesToRead->61440"
"20190813182917.679","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","WriteFile","SUCCESS","","hFile->0x00000128","nNumberOfBytesToWrite->61440"
"20190813182917.679","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","ReadFile","SUCCESS","","hFile->0x00000134","nNumberOfBytesToRead->61440"
"20190813182917.679","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","WriteFile","SUCCESS","","hFile->0x00000128","nNumberOfBytesToWrite->61440"
"20190813182917.679","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","ReadFile","SUCCESS","","hFile->0x00000134","nNumberOfBytesToRead->61440"
"20190813182917.679","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","WriteFile","SUCCESS","","hFile->0x00000128","nNumberOfBytesToWrite->61440"
"20190813182917.679","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","ReadFile","SUCCESS","","hFile->0x00000134","nNumberOfBytesToRead->61440"
"20190813182917.679","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","WriteFile","SUCCESS","","hFile->0x00000128","nNumberOfBytesToWrite->61440"
"20190813182917.679","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","ReadFile","SUCCESS","","hFile->0x00000134","nNumberOfBytesToRead->29889"
"20190813182917.679","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","WriteFile","SUCCESS","","hFile->0x00000128","nNumberOfBytesToWrite->29889"
"20190813182917.679","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","WriteFile","SUCCESS","","hFile->0x00000128","nNumberOfBytesToWrite->268"
"20190813182917.679","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","WriteFile","SUCCESS","","hFile->0x00000128","nNumberOfBytesToWrite->268"
"20190813182917.679","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","DeleteFileW","SUCCESS","","lpFileName->C:\CONFIG.SYS"
"20190813182917.679","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","MoveFileWithProgressW","SUCCESS","","lpExistingFileName->C:\CONFIG.SYS.exe","lpNewFileName->C:\CONFIG.SYS"
"20190813182917.679","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","CreateFileW","SUCCESS","0x00000134","lpFileName->C:\cuckoo\additional\.gitignore","dwDesiredAccess->GENERIC_READ"
"20190813182917.679","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","ReadFile","SUCCESS","","hFile->0x00000134","nNumberOfBytesToRead->268"
"20190813182917.679","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","CreateFileW","SUCCESS","0x00000134","lpFileName->C:\bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","dwDesiredAccess->GENERIC_READ"
"20190813182917.679","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","CreateFileW","SUCCESS","0x000001c4","lpFileName->C:\cuckoo\additional\.gitignore","dwDesiredAccess->GENERIC_READ"
"20190813182917.679","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","CreateFileW","SUCCESS","0x000001c8","lpFileName->C:\cuckoo\additional\.gitignore.exe","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20190813182917.679","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","memory","VirtualAllocEx","SUCCESS","0x00164000","th32ProcessID->200","szExeFile->HelpMe.exe","lpAddress->0x00164000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20190813182917.679","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","ReadFile","SUCCESS","","hFile->0x00000134","nNumberOfBytesToRead->61440"
"20190813182917.679","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","WriteFile","SUCCESS","","hFile->0x000001c8","nNumberOfBytesToWrite->61440"
"20190813182917.679","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","ReadFile","SUCCESS","","hFile->0x00000134","nNumberOfBytesToRead->61440"
"20190813182917.689","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","ReadFile","SUCCESS","","hFile->0x000001c0","nNumberOfBytesToRead->22512"
"20190813182917.689","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","WriteFile","SUCCESS","","hFile->0x000001c8","nNumberOfBytesToWrite->61440"
"20190813182917.689","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","ReadFile","SUCCESS","","hFile->0x00000134","nNumberOfBytesToRead->61440"
"20190813182917.689","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","WriteFile","SUCCESS","","hFile->0x000001c8","nNumberOfBytesToWrite->61440"
"20190813182917.689","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","ReadFile","SUCCESS","","hFile->0x00000134","nNumberOfBytesToRead->61440"
"20190813182917.689","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","WriteFile","SUCCESS","","hFile->0x000001c8","nNumberOfBytesToWrite->61440"
"20190813182917.689","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","ReadFile","SUCCESS","","hFile->0x00000134","nNumberOfBytesToRead->61440"
"20190813182917.689","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","WriteFile","SUCCESS","","hFile->0x000001c8","nNumberOfBytesToWrite->61440"
"20190813182917.689","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","ReadFile","SUCCESS","","hFile->0x00000134","nNumberOfBytesToRead->61440"
"20190813182917.689","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","WriteFile","SUCCESS","","hFile->0x000001c8","nNumberOfBytesToWrite->61440"
"20190813182917.689","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","ReadFile","SUCCESS","","hFile->0x00000134","nNumberOfBytesToRead->61440"
"20190813182917.689","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","WriteFile","SUCCESS","","hFile->0x000001c8","nNumberOfBytesToWrite->61440"
"20190813182917.689","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","ReadFile","SUCCESS","","hFile->0x00000134","nNumberOfBytesToRead->29889"
"20190813182917.689","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","WriteFile","SUCCESS","","hFile->0x000001c8","nNumberOfBytesToWrite->29889"
"20190813182917.689","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","ReadFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToRead->71"
"20190813182917.689","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","WriteFile","SUCCESS","","hFile->0x000001c8","nNumberOfBytesToWrite->71"
"20190813182917.689","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","WriteFile","SUCCESS","","hFile->0x000001c8","nNumberOfBytesToWrite->268"
"20190813182917.689","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","WriteFile","SUCCESS","","hFile->0x000001c8","nNumberOfBytesToWrite->268"
"20190813182917.689","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","DeleteFileW","SUCCESS","","lpFileName->C:\cuckoo\additional\.gitignore"
"20190813182917.689","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","MoveFileWithProgressW","SUCCESS","","lpExistingFileName->C:\cuckoo\additional\.gitignore.exe","lpNewFileName->C:\cuckoo\additional\.gitignore"
"20190813182917.689","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","CreateFileW","SUCCESS","0x000001c8","lpFileName->C:\cuckoo\dll\cmonitor.dll","dwDesiredAccess->GENERIC_READ"
"20190813182917.689","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","ReadFile","SUCCESS","","hFile->0x000001c8","nNumberOfBytesToRead->268"
"20190813182917.689","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","CreateFileW","SUCCESS","0x000001c8","lpFileName->C:\bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","dwDesiredAccess->GENERIC_READ"
"20190813182917.689","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","CreateFileW","SUCCESS","0x000001c4","lpFileName->C:\cuckoo\dll\cmonitor.dll","dwDesiredAccess->GENERIC_READ"
"20190813182917.689","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","CreateFileW","SUCCESS","0x00000134","lpFileName->C:\cuckoo\dll\cmonitor.dll.exe","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20190813182917.689","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","registry","RegOpenKeyExW","SUCCESS","0x000001d4","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\COM3"
"20190813182917.689","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001d4","lpValueName->REGDBVersion"
"20190813182917.689","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","memory","VirtualAllocEx","SUCCESS","0x00300000","th32ProcessID->200","szExeFile->HelpMe.exe","lpAddress->0x00000000","dwSize->65536","flAllocationType->0x00002000","flProtect->0x00000001"
"20190813182917.689","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","memory","VirtualAllocEx","SUCCESS","0x00164000","th32ProcessID->200","szExeFile->HelpMe.exe","lpAddress->0x00164000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20190813182917.699","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","ReadFile","SUCCESS","","hFile->0x000001c8","nNumberOfBytesToRead->61440"
"20190813182917.699","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","WriteFile","SUCCESS","","hFile->0x00000134","nNumberOfBytesToWrite->61440"
"20190813182917.699","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","ReadFile","SUCCESS","","hFile->0x000001c8","nNumberOfBytesToRead->61440"
"20190813182917.699","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","WriteFile","SUCCESS","","hFile->0x00000134","nNumberOfBytesToWrite->61440"
"20190813182917.699","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","ReadFile","SUCCESS","","hFile->0x000001c8","nNumberOfBytesToRead->61440"
"20190813182917.699","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","WriteFile","SUCCESS","","hFile->0x00000134","nNumberOfBytesToWrite->61440"
"20190813182917.699","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","ReadFile","SUCCESS","","hFile->0x000001c8","nNumberOfBytesToRead->61440"
"20190813182917.699","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","WriteFile","SUCCESS","","hFile->0x00000134","nNumberOfBytesToWrite->61440"
"20190813182917.699","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","ReadFile","SUCCESS","","hFile->0x000001c8","nNumberOfBytesToRead->61440"
"20190813182917.699","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","WriteFile","SUCCESS","","hFile->0x00000134","nNumberOfBytesToWrite->61440"
"20190813182917.699","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","ReadFile","SUCCESS","","hFile->0x000001c8","nNumberOfBytesToRead->61440"
"20190813182917.699","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","WriteFile","SUCCESS","","hFile->0x00000134","nNumberOfBytesToWrite->61440"
"20190813182917.699","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","ReadFile","SUCCESS","","hFile->0x000001c8","nNumberOfBytesToRead->61440"
"20190813182917.699","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","WriteFile","SUCCESS","","hFile->0x00000134","nNumberOfBytesToWrite->61440"
"20190813182917.699","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","ReadFile","SUCCESS","","hFile->0x000001c8","nNumberOfBytesToRead->29889"
"20190813182917.699","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","WriteFile","SUCCESS","","hFile->0x00000134","nNumberOfBytesToWrite->29889"
"20190813182917.689","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","memory","VirtualAllocEx","SUCCESS","0x00300000","th32ProcessID->1344","szExeFile->bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","lpAddress->0x00300000","dwSize->4096","flAllocationType->0x00001000","flProtect->0x00000004"
"20190813182917.699","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","registry","RegOpenKeyExW","SUCCESS","0x000001ca","hKey->0x0000013a","lpSubKey->CLSID\{00021401-0000-0000-C000-000000000046}"
"20190813182917.699","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","registry","RegOpenKeyExW","FAILURE","","hKey->0x000001ca","lpSubKey->TreatAs"
"20190813182917.699","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","registry","RegOpenKeyExW","SUCCESS","0x000001d6","hKey->0x0000013a","lpSubKey->(null)"
"20190813182917.699","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","registry","RegOpenKeyExW","SUCCESS","0x000001ca","hKey->0x000001d6","lpSubKey->CLSID\{00021401-0000-0000-C000-000000000046}"
"20190813182917.699","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","registry","RegOpenKeyExW","SUCCESS","0x000001e2","hKey->0x000001ca","lpSubKey->InprocServer32"
"20190813182917.699","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","registry","RegQueryValueExW","FAILURE","","hKey->0x000001e2","lpValueName->InprocServer32"
"20190813182917.699","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","registry","RegOpenKeyExW","FAILURE","","hKey->0x000001ca","lpSubKey->InprocServerX86"
"20190813182917.699","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","registry","RegOpenKeyExW","FAILURE","","hKey->0x000001ca","lpSubKey->LocalServer32"
"20190813182917.699","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","registry","RegOpenKeyExW","SUCCESS","0x000001e2","hKey->0x000001ca","lpSubKey->InprocServer32"
"20190813182917.699","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001e2","lpValueName->(null)"
"20190813182917.699","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","registry","RegOpenKeyExW","FAILURE","","hKey->0x000001ca","lpSubKey->InprocHandler32"
"20190813182917.699","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","registry","RegOpenKeyExW","FAILURE","","hKey->0x000001ca","lpSubKey->InprocHandlerX86"
"20190813182917.699","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","registry","RegOpenKeyExW","FAILURE","","hKey->0x000001ca","lpSubKey->LocalServer32"
"20190813182917.699","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","registry","RegOpenKeyExW","FAILURE","","hKey->0x000001ca","lpSubKey->LocalServer"
"20190813182917.699","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","registry","RegOpenKeyExW","SUCCESS","0x000001e2","hKey->0x000001d6","lpSubKey->CLSID\{00021401-0000-0000-C000-000000000046}"
"20190813182917.699","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","registry","RegQueryValueExW","FAILURE","","hKey->0x000001e2","lpValueName->AppID"
"20190813182917.699","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","registry","RegOpenKeyExW","SUCCESS","0x000001ca","hKey->0x000001d6","lpSubKey->CLSID\{00021401-0000-0000-C000-000000000046}"
"20190813182917.699","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","registry","RegOpenKeyExW","SUCCESS","0x000001ca","hKey->0x000001d6","lpSubKey->CLSID\{00021401-0000-0000-C000-000000000046}"
"20190813182917.699","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","registry","RegOpenKeyExW","SUCCESS","0x000001e2","hKey->0x000001ca","lpSubKey->InprocServer32"
"20190813182917.699","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001e2","lpValueName->ThreadingModel"
"20190813182917.699","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","registry","RegOpenKeyExW","SUCCESS","0x000001ca","hKey->HKEY_CLASSES_ROOT","lpSubKey->CLSID\{00021401-0000-0000-C000-000000000046}"
"20190813182917.699","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","registry","RegOpenKeyExW","FAILURE","","hKey->0x000001ca","lpSubKey->TreatAs"
"20190813182917.699","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","registry","RegOpenKeyExW","SUCCESS","0x000001e0","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume"
"20190813182917.699","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","registry","RegOpenKeyExW","SUCCESS","0x000001e4","hKey->0x000001e0","lpSubKey->{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20190813182917.699","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001e4","lpValueName->Generation"
"20190813182917.699","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","registry","RegOpenKeyExW","SUCCESS","0x000001e6","hKey->HKEY_CLASSES_ROOT","lpSubKey->Drive\shellex\FolderExtensions"
"20190813182917.699","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","registry","RegOpenKeyExW","SUCCESS","0x000001e2","hKey->HKEY_CLASSES_ROOT","lpSubKey->Drive\shellex\FolderExtensions\{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"20190813182917.699","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001e2","lpValueName->DriveMask"
"20190813182917.699","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190813182917.699","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","registry","RegOpenKeyExW","SUCCESS","0x000001e4","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20190813182917.699","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","registry","RegQueryValueExW","FAILURE","","hKey->0x000001e4","lpValueName->AllowFileCLSIDJunctions"
"20190813182917.699","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","registry","RegCreateKeyExW","SUCCESS","0x000001e4","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders"
"20190813182917.699","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001e4","lpValueName->Personal"
"20190813182917.699","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","registry","RegCreateKeyExW","SUCCESS","0x000001e4","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders"
"20190813182917.699","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","registry","RegSetValueExW","SUCCESS","","hKey->0x000001e4","lpValueName->Personal","dwType->1","lpData->C:\Documents and Settings\janettedoe\My Documents","cbData->100"
"20190813182917.699","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","registry","RegOpenKeyExW","SUCCESS","0x000001e4","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume"
"20190813182917.699","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","registry","RegOpenKeyExW","SUCCESS","0x000001e0","hKey->0x000001e4","lpSubKey->{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20190813182917.699","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001e0","lpValueName->Generation"
"20190813182917.699","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","memory","VirtualAllocEx","SUCCESS","0x00164000","th32ProcessID->1344","szExeFile->bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","lpAddress->0x00164000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20190813182917.699","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","ReadFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToRead->61440"
"20190813182917.699","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","WriteFile","SUCCESS","","hFile->0x00000134","nNumberOfBytesToWrite->61440"
"20190813182917.699","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","ReadFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToRead->61440"
"20190813182917.699","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","WriteFile","SUCCESS","","hFile->0x00000134","nNumberOfBytesToWrite->61440"
"20190813182917.699","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","ReadFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToRead->61440"
"20190813182917.699","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","WriteFile","SUCCESS","","hFile->0x00000134","nNumberOfBytesToWrite->61440"
"20190813182917.699","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","ReadFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToRead->12288"
"20190813182917.699","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","WriteFile","SUCCESS","","hFile->0x00000134","nNumberOfBytesToWrite->12288"
"20190813182917.709","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","WriteFile","SUCCESS","","hFile->0x00000134","nNumberOfBytesToWrite->268"
"20190813182917.709","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","WriteFile","SUCCESS","","hFile->0x00000134","nNumberOfBytesToWrite->268"
"20190813182917.709","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","DeleteFileW","SUCCESS","","lpFileName->C:\cuckoo\dll\cmonitor.dll"
"20190813182917.719","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","registry","RegCreateKeyExW","SUCCESS","0x000001c4","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders"
"20190813182917.719","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001c4","lpValueName->Common Documents"
"20190813182917.719","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","registry","RegCreateKeyExW","SUCCESS","0x000001c4","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders"
"20190813182917.719","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","registry","RegSetValueExW","SUCCESS","","hKey->0x000001c4","lpValueName->Common Documents","dwType->1","lpData->C:\Documents and Settings\All Users\Documents","cbData->92"
"20190813182917.719","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","registry","RegOpenKeyExW","SUCCESS","0x000001c4","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume"
"20190813182917.719","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","registry","RegOpenKeyExW","SUCCESS","0x000001e0","hKey->0x000001c4","lpSubKey->{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20190813182917.719","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001e0","lpValueName->Generation"
"20190813182917.719","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","MoveFileWithProgressW","SUCCESS","","lpExistingFileName->C:\cuckoo\dll\cmonitor.dll.exe","lpNewFileName->C:\cuckoo\dll\cmonitor.dll"
"20190813182917.719","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","CreateFileW","SUCCESS","0x00000134","lpFileName->C:\cuckoo\dll\iidxQa.dll","dwDesiredAccess->GENERIC_READ"
"20190813182917.719","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","ReadFile","SUCCESS","","hFile->0x00000134","nNumberOfBytesToRead->268"
"20190813182917.719","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","CreateFileW","SUCCESS","0x00000134","lpFileName->C:\bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","dwDesiredAccess->GENERIC_READ"
"20190813182917.719","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","CreateFileW","SUCCESS","0x000001e0","lpFileName->C:\cuckoo\dll\iidxQa.dll","dwDesiredAccess->GENERIC_READ"
"20190813182917.719","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","CreateFileW","SUCCESS","0x000001c4","lpFileName->C:\cuckoo\dll\iidxQa.dll.exe","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20190813182917.719","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","memory","VirtualAllocEx","SUCCESS","0x00164000","th32ProcessID->200","szExeFile->HelpMe.exe","lpAddress->0x00164000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20190813182917.719","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","ReadFile","SUCCESS","","hFile->0x00000134","nNumberOfBytesToRead->61440"
"20190813182917.719","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","WriteFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToWrite->61440"
"20190813182917.719","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","ReadFile","SUCCESS","","hFile->0x00000134","nNumberOfBytesToRead->61440"
"20190813182917.719","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","WriteFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToWrite->61440"
"20190813182917.719","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","ReadFile","SUCCESS","","hFile->0x00000134","nNumberOfBytesToRead->61440"
"20190813182917.719","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","WriteFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToWrite->61440"
"20190813182917.719","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","ReadFile","SUCCESS","","hFile->0x00000134","nNumberOfBytesToRead->61440"
"20190813182917.719","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","WriteFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToWrite->61440"
"20190813182917.719","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","ReadFile","SUCCESS","","hFile->0x00000134","nNumberOfBytesToRead->61440"
"20190813182917.719","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","WriteFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToWrite->61440"
"20190813182917.719","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","ReadFile","SUCCESS","","hFile->0x00000134","nNumberOfBytesToRead->61440"
"20190813182917.719","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","WriteFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToWrite->61440"
"20190813182917.719","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","ReadFile","SUCCESS","","hFile->0x00000134","nNumberOfBytesToRead->61440"
"20190813182917.719","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","WriteFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToWrite->61440"
"20190813182917.719","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","ReadFile","SUCCESS","","hFile->0x00000134","nNumberOfBytesToRead->29889"
"20190813182917.719","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","WriteFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToWrite->29889"
"20190813182917.719","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","registry","RegCreateKeyExW","SUCCESS","0x00000134","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders"
"20190813182917.719","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000134","lpValueName->Desktop"
"20190813182917.719","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","registry","RegCreateKeyExW","SUCCESS","0x00000134","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders"
"20190813182917.719","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","registry","RegSetValueExW","SUCCESS","","hKey->0x00000134","lpValueName->Desktop","dwType->1","lpData->C:\Documents and Settings\janettedoe\Desktop","cbData->90"
"20190813182917.719","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","registry","RegOpenKeyExW","SUCCESS","0x00000134","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume"
"20190813182917.719","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","registry","RegOpenKeyExW","SUCCESS","0x000001ec","hKey->0x00000134","lpSubKey->{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20190813182917.719","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001ec","lpValueName->Generation"
"20190813182917.719","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","memory","VirtualAllocEx","SUCCESS","0x00164000","th32ProcessID->1344","szExeFile->bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","lpAddress->0x00164000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20190813182917.729","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","ReadFile","SUCCESS","","hFile->0x000001e0","nNumberOfBytesToRead->61440"
"20190813182917.729","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","WriteFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToWrite->61440"
"20190813182917.729","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","ReadFile","SUCCESS","","hFile->0x000001e0","nNumberOfBytesToRead->61440"
"20190813182917.729","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","WriteFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToWrite->61440"
"20190813182917.729","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","ReadFile","SUCCESS","","hFile->0x000001e0","nNumberOfBytesToRead->61440"
"20190813182917.729","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","WriteFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToWrite->61440"
"20190813182917.729","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","ReadFile","SUCCESS","","hFile->0x000001e0","nNumberOfBytesToRead->12288"
"20190813182917.729","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","WriteFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToWrite->12288"
"20190813182917.729","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","WriteFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToWrite->268"
"20190813182917.729","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","WriteFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToWrite->268"
"20190813182917.729","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","DeleteFileW","FAILURE","","lpFileName->C:\cuckoo\dll\iidxQa.dll"
"20190813182917.729","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","MoveFileWithProgressW","FAILURE","","lpExistingFileName->C:\cuckoo\dll\iidxQa.dll.exe","lpNewFileName->C:\cuckoo\dll\iidxQa.dll"
"20190813182917.729","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","CreateFileW","SUCCESS","0x000001c4","lpFileName->C:\cuckoo\dll\VTsamp.dll","dwDesiredAccess->GENERIC_READ"
"20190813182917.729","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","ReadFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToRead->268"
"20190813182917.729","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","CreateFileW","SUCCESS","0x000001c4","lpFileName->C:\bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","dwDesiredAccess->GENERIC_READ"
"20190813182917.729","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","CreateFileW","SUCCESS","0x000001e0","lpFileName->C:\cuckoo\dll\VTsamp.dll","dwDesiredAccess->GENERIC_READ"
"20190813182917.729","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","registry","RegCreateKeyExW","SUCCESS","0x000001ec","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders"
"20190813182917.729","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001ec","lpValueName->Common Desktop"
"20190813182917.729","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","registry","RegCreateKeyExW","SUCCESS","0x000001ec","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders"
"20190813182917.729","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","registry","RegSetValueExW","SUCCESS","","hKey->0x000001ec","lpValueName->Common Desktop","dwType->1","lpData->C:\Documents and Settings\All Users\Desktop","cbData->88"
"20190813182917.729","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","registry","RegOpenKeyExW","SUCCESS","0x000001ec","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume"
"20190813182917.729","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","registry","RegOpenKeyExW","SUCCESS","0x00000134","hKey->0x000001ec","lpSubKey->{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20190813182917.729","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000134","lpValueName->Generation"
"20190813182917.729","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","registry","RegOpenKeyExW","SUCCESS","0x00000134","hKey->0x0000012c","lpSubKey->FileExts"
"20190813182917.729","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","registry","RegOpenKeyExW","FAILURE","","hKey->0x00000134","lpSubKey->."
"20190813182917.729","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","registry","RegOpenKeyExW","FAILURE","","hKey->0x00000134","lpSubKey->."
"20190813182917.729","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_CLASSES_ROOT","lpSubKey->."
"20190813182917.729","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_CLASSES_ROOT","lpSubKey->SystemFileAssociations\."
"20190813182917.729","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_CLASSES_ROOT","lpSubKey->."
"20190813182917.729","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","registry","RegOpenKeyExW","SUCCESS","0x000001f2","hKey->0x00000062","lpSubKey->Network\SharingHandler"
"20190813182917.729","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001f2","lpValueName->(null)"
"20190813182917.729","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","CreateFileW","SUCCESS","0x000001f0","lpFileName->C:\cuckoo\dll\VTsamp.dll.exe","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20190813182917.740","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","registry","RegOpenKeyExW","SUCCESS","0x000001ec","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows NT\CurrentVersion\winlogon"
"20190813182917.740","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","registry","RegQueryValueExW","FAILURE","","hKey->0x000001ec","lpValueName->UserEnvDebugLevel"
"20190813182917.740","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","registry","RegOpenKeyExW","SUCCESS","0x000001ec","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows NT\CurrentVersion\winlogon"
"20190813182917.740","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","registry","RegQueryValueExW","FAILURE","","hKey->0x000001ec","lpValueName->ChkAccDebugLevel"
"20190813182917.740","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","registry","RegOpenKeyExW","SUCCESS","0x000001ec","hKey->HKEY_LOCAL_MACHINE","lpSubKey->System\CurrentControlSet\Control\ProductOptions"
"20190813182917.740","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001ec","lpValueName->ProductType"
"20190813182917.740","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","registry","RegOpenKeyExW","SUCCESS","0x000001f8","hKey->0x000001f4","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders"
"20190813182917.740","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001f8","lpValueName->Personal"
"20190813182917.740","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001f8","lpValueName->Local Settings"
"20190813182917.740","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","registry","RegOpenKeyExW","SUCCESS","0x000001f4","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows NT\CurrentVersion\winlogon"
"20190813182917.740","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","registry","RegQueryValueExW","FAILURE","","hKey->0x000001f4","lpValueName->RsopDebugLevel"
"20190813182917.740","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","registry","RegOpenKeyExW","SUCCESS","0x000001f4","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows NT\CurrentVersion\winlogon"
"20190813182917.740","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","registry","RegQueryValueExW","FAILURE","","hKey->0x000001f4","lpValueName->UserEnvDebugLevel"
"20190813182917.740","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","registry","RegQueryValueExW","FAILURE","","hKey->0x000001f4","lpValueName->RsopLogging"
"20190813182917.740","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Policies\Microsoft\Windows\System"
"20190813182917.740","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","registry","RegOpenKeyExW","SUCCESS","0x000001f4","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows NT\CurrentVersion\winlogon"
"20190813182917.740","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","registry","RegQueryValueExW","FAILURE","","hKey->0x000001f4","lpValueName->UserEnvDebugLevel"
"20190813182917.740","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Policies\Microsoft\Windows\System"
"20190813182917.740","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","system","LoadLibraryW","SUCCESS","0x773d0000","lpFileName->comctl32.dll"
"20190813182917.740","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","system","LoadLibraryW","SUCCESS","0x76990000","lpFileName->ntshrui.dll"
"20190813182917.729","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","memory","VirtualAllocEx","SUCCESS","0x00164000","th32ProcessID->200","szExeFile->HelpMe.exe","lpAddress->0x00164000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20190813182917.740","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","ReadFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToRead->61440"
"20190813182917.740","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","WriteFile","SUCCESS","","hFile->0x000001f0","nNumberOfBytesToWrite->61440"
"20190813182917.740","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","ReadFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToRead->61440"
"20190813182917.740","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","WriteFile","SUCCESS","","hFile->0x000001f0","nNumberOfBytesToWrite->61440"
"20190813182917.740","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","ReadFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToRead->61440"
"20190813182917.740","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","WriteFile","SUCCESS","","hFile->0x000001f0","nNumberOfBytesToWrite->61440"
"20190813182917.740","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","ReadFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToRead->61440"
"20190813182917.740","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","WriteFile","SUCCESS","","hFile->0x000001f0","nNumberOfBytesToWrite->61440"
"20190813182917.740","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","ReadFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToRead->61440"
"20190813182917.740","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","WriteFile","SUCCESS","","hFile->0x000001f0","nNumberOfBytesToWrite->61440"
"20190813182917.740","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","ReadFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToRead->61440"
"20190813182917.740","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","WriteFile","SUCCESS","","hFile->0x000001f0","nNumberOfBytesToWrite->61440"
"20190813182917.740","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","ReadFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToRead->61440"
"20190813182917.740","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","WriteFile","SUCCESS","","hFile->0x000001f0","nNumberOfBytesToWrite->61440"
"20190813182917.740","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","ReadFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToRead->29889"
"20190813182917.740","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","WriteFile","SUCCESS","","hFile->0x000001f0","nNumberOfBytesToWrite->29889"
"20190813182917.740","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","memory","VirtualAllocEx","SUCCESS","0x00164000","th32ProcessID->200","szExeFile->HelpMe.exe","lpAddress->0x00164000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20190813182917.740","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","ReadFile","SUCCESS","","hFile->0x000001e0","nNumberOfBytesToRead->61440"
"20190813182917.740","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","WriteFile","SUCCESS","","hFile->0x000001f0","nNumberOfBytesToWrite->61440"
"20190813182917.740","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","ReadFile","SUCCESS","","hFile->0x000001e0","nNumberOfBytesToRead->61440"
"20190813182917.740","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","WriteFile","SUCCESS","","hFile->0x000001f0","nNumberOfBytesToWrite->61440"
"20190813182917.740","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","ReadFile","SUCCESS","","hFile->0x000001e0","nNumberOfBytesToRead->61440"
"20190813182917.740","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","WriteFile","SUCCESS","","hFile->0x000001f0","nNumberOfBytesToWrite->61440"
"20190813182917.740","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","ReadFile","SUCCESS","","hFile->0x000001e0","nNumberOfBytesToRead->12288"
"20190813182917.740","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","WriteFile","SUCCESS","","hFile->0x000001f0","nNumberOfBytesToWrite->12288"
"20190813182917.740","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","WriteFile","SUCCESS","","hFile->0x000001f0","nNumberOfBytesToWrite->268"
"20190813182917.740","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","WriteFile","SUCCESS","","hFile->0x000001f0","nNumberOfBytesToWrite->268"
"20190813182917.740","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","DeleteFileW","FAILURE","","lpFileName->C:\cuckoo\dll\VTsamp.dll"
"20190813182917.740","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","MoveFileWithProgressW","FAILURE","","lpExistingFileName->C:\cuckoo\dll\VTsamp.dll.exe","lpNewFileName->C:\cuckoo\dll\VTsamp.dll"
"20190813182917.740","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","CreateFileW","SUCCESS","0x000001f0","lpFileName->C:\cuckoo\files\.gitignore","dwDesiredAccess->GENERIC_READ"
"20190813182917.740","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","ReadFile","SUCCESS","","hFile->0x000001f0","nNumberOfBytesToRead->268"
"20190813182917.740","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","CreateFileW","SUCCESS","0x000001f0","lpFileName->C:\bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","dwDesiredAccess->GENERIC_READ"
"20190813182917.740","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","CreateFileW","SUCCESS","0x000001e0","lpFileName->C:\cuckoo\files\.gitignore","dwDesiredAccess->GENERIC_READ"
"20190813182917.740","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","CreateFileW","SUCCESS","0x000001c4","lpFileName->C:\cuckoo\files\.gitignore.exe","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20190813182917.750","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","system","LoadLibraryA","SUCCESS","0x76980000","lpFileName->LINKINFO.dll"
"20190813182917.750","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","CreateFileW","SUCCESS","0x00000208","lpFileName->\\.\PIPE\srvsvc","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20190813182917.750","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","memory","VirtualAllocEx","SUCCESS","0x00164000","th32ProcessID->1344","szExeFile->bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","lpAddress->0x00164000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20190813182917.750","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","ReadFile","SUCCESS","","hFile->0x000001f0","nNumberOfBytesToRead->61440"
"20190813182917.750","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","WriteFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToWrite->61440"
"20190813182917.750","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","ReadFile","SUCCESS","","hFile->0x000001f0","nNumberOfBytesToRead->61440"
"20190813182917.750","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","WriteFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToWrite->61440"
"20190813182917.750","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","ReadFile","SUCCESS","","hFile->0x000001f0","nNumberOfBytesToRead->61440"
"20190813182917.750","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","WriteFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToWrite->61440"
"20190813182917.750","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","ReadFile","SUCCESS","","hFile->0x000001f0","nNumberOfBytesToRead->61440"
"20190813182917.750","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","WriteFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToWrite->61440"
"20190813182917.750","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","ReadFile","SUCCESS","","hFile->0x000001f0","nNumberOfBytesToRead->61440"
"20190813182917.750","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","WriteFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToWrite->61440"
"20190813182917.750","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","ReadFile","SUCCESS","","hFile->0x000001f0","nNumberOfBytesToRead->61440"
"20190813182917.750","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","WriteFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToWrite->61440"
"20190813182917.750","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","ReadFile","SUCCESS","","hFile->0x000001f0","nNumberOfBytesToRead->61440"
"20190813182917.750","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","WriteFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToWrite->61440"
"20190813182917.750","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","ReadFile","SUCCESS","","hFile->0x000001f0","nNumberOfBytesToRead->29889"
"20190813182917.750","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","WriteFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToWrite->29889"
"20190813182917.750","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","ReadFile","SUCCESS","","hFile->0x000001e0","nNumberOfBytesToRead->71"
"20190813182917.750","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","WriteFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToWrite->71"
"20190813182917.750","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","WriteFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToWrite->268"
"20190813182917.750","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","WriteFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToWrite->268"
"20190813182917.750","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","DeleteFileW","SUCCESS","","lpFileName->C:\cuckoo\files\.gitignore"
"20190813182917.750","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","MoveFileWithProgressW","SUCCESS","","lpExistingFileName->C:\cuckoo\files\.gitignore.exe","lpNewFileName->C:\cuckoo\files\.gitignore"
"20190813182917.750","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","CreateFileW","SUCCESS","0x000001c4","lpFileName->C:\cuckoo\logs\.gitignore","dwDesiredAccess->GENERIC_READ"
"20190813182917.750","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","ReadFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToRead->268"
"20190813182917.750","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","CreateFileW","SUCCESS","0x000001c4","lpFileName->C:\bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","dwDesiredAccess->GENERIC_READ"
"20190813182917.750","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","CreateFileW","SUCCESS","0x000001e0","lpFileName->C:\cuckoo\logs\.gitignore","dwDesiredAccess->GENERIC_READ"
"20190813182917.750","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","CreateFileW","SUCCESS","0x000001f0","lpFileName->C:\cuckoo\logs\.gitignore.exe","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20190813182917.750","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","memory","VirtualAllocEx","SUCCESS","0x00164000","th32ProcessID->200","szExeFile->HelpMe.exe","lpAddress->0x00164000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20190813182917.760","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","ReadFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToRead->61440"
"20190813182917.760","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","WriteFile","SUCCESS","","hFile->0x000001f0","nNumberOfBytesToWrite->61440"
"20190813182917.760","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","ReadFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToRead->61440"
"20190813182917.760","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","WriteFile","SUCCESS","","hFile->0x000001f0","nNumberOfBytesToWrite->61440"
"20190813182917.760","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","ReadFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToRead->61440"
"20190813182917.760","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","WriteFile","SUCCESS","","hFile->0x000001f0","nNumberOfBytesToWrite->61440"
"20190813182917.760","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","ReadFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToRead->61440"
"20190813182917.760","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","WriteFile","SUCCESS","","hFile->0x000001f0","nNumberOfBytesToWrite->61440"
"20190813182917.760","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","ReadFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToRead->61440"
"20190813182917.760","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","WriteFile","SUCCESS","","hFile->0x000001f0","nNumberOfBytesToWrite->61440"
"20190813182917.760","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","ReadFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToRead->61440"
"20190813182917.760","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","WriteFile","SUCCESS","","hFile->0x000001f0","nNumberOfBytesToWrite->61440"
"20190813182917.760","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","ReadFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToRead->61440"
"20190813182917.760","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","WriteFile","SUCCESS","","hFile->0x000001f0","nNumberOfBytesToWrite->61440"
"20190813182917.760","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","ReadFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToRead->29889"
"20190813182917.760","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","WriteFile","SUCCESS","","hFile->0x000001f0","nNumberOfBytesToWrite->29889"
"20190813182917.760","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","ReadFile","SUCCESS","","hFile->0x000001e0","nNumberOfBytesToRead->71"
"20190813182917.760","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","WriteFile","SUCCESS","","hFile->0x000001f0","nNumberOfBytesToWrite->71"
"20190813182917.760","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","WriteFile","SUCCESS","","hFile->0x000001f0","nNumberOfBytesToWrite->268"
"20190813182917.760","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","WriteFile","SUCCESS","","hFile->0x000001f0","nNumberOfBytesToWrite->268"
"20190813182917.760","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","DeleteFileW","SUCCESS","","lpFileName->C:\cuckoo\logs\.gitignore"
"20190813182917.760","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","registry","RegOpenKeyExW","SUCCESS","0x00000208","hKey->HKEY_LOCAL_MACHINE","lpSubKey->System\CurrentControlSet\Control\ProductOptions"
"20190813182917.760","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000208","lpValueName->ProductType"
"20190813182917.760","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","registry","RegOpenKeyExW","SUCCESS","0x00000208","hKey->HKEY_LOCAL_MACHINE","lpSubKey->System\CurrentControlSet\Services\LanmanServer\DefaultSecurity"
"20190813182917.760","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","registry","RegQueryValueExW","FAILURE","","hKey->0x00000208","lpValueName->SrvsvcDefaultShareInfo"
"20190813182917.760","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","CreateFileW","SUCCESS","0x00000200","lpFileName->\\.\PIPE\lsarpc","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20190813182917.760","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","MoveFileWithProgressW","SUCCESS","","lpExistingFileName->C:\cuckoo\logs\.gitignore.exe","lpNewFileName->C:\cuckoo\logs\.gitignore"
"20190813182917.760","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","CreateFileW","SUCCESS","0x000001f0","lpFileName->C:\cuckoo\logs\1344.csv","dwDesiredAccess->GENERIC_READ"
"20190813182917.760","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","ReadFile","SUCCESS","","hFile->0x000001f0","nNumberOfBytesToRead->268"
"20190813182917.760","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","CreateFileW","SUCCESS","0x000001f0","lpFileName->C:\bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","dwDesiredAccess->GENERIC_READ"
"20190813182917.760","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","CreateFileW","SUCCESS","0x000001e0","lpFileName->C:\cuckoo\logs\1344.csv","dwDesiredAccess->GENERIC_READ"
"20190813182917.760","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","CreateFileW","SUCCESS","0x000001c4","lpFileName->C:\cuckoo\logs\1344.csv.exe","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20190813182917.770","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","CreateFileW","SUCCESS","0x00000208","lpFileName->\\.\PIPE\srvsvc","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20190813182917.770","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","CreateFileW","SUCCESS","0x00000208","lpFileName->C:\bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","dwDesiredAccess->0x00000080"
"20190813182917.770","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","device","DeviceIoControl","SUCCESS","","hDevice->0x00000208","dwIoControlCode->0x000900c0","lpInBuffer->0x00000000","nInBufferSize->0x00000000","lpOutBuffer->0x0120ece4","nOutBufferSize->0x00000040","lpBytesReturned->0x0120ecdc","lpOverlapped->0x00000000"
"20190813182917.770","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","memory","VirtualAllocEx","SUCCESS","0x00164000","th32ProcessID->200","szExeFile->HelpMe.exe","lpAddress->0x00164000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20190813182917.770","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","ReadFile","SUCCESS","","hFile->0x000001f0","nNumberOfBytesToRead->61440"
"20190813182917.770","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","WriteFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToWrite->61440"
"20190813182917.770","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","ReadFile","SUCCESS","","hFile->0x000001f0","nNumberOfBytesToRead->61440"
"20190813182917.770","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","WriteFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToWrite->61440"
"20190813182917.770","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","ReadFile","SUCCESS","","hFile->0x000001f0","nNumberOfBytesToRead->61440"
"20190813182917.770","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","WriteFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToWrite->61440"
"20190813182917.770","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","ReadFile","SUCCESS","","hFile->0x000001f0","nNumberOfBytesToRead->61440"
"20190813182917.770","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","WriteFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToWrite->61440"
"20190813182917.770","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","ReadFile","SUCCESS","","hFile->0x000001f0","nNumberOfBytesToRead->61440"
"20190813182917.770","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","WriteFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToWrite->61440"
"20190813182917.770","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","ReadFile","SUCCESS","","hFile->0x000001f0","nNumberOfBytesToRead->61440"
"20190813182917.770","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","WriteFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToWrite->61440"
"20190813182917.770","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","ReadFile","SUCCESS","","hFile->0x000001f0","nNumberOfBytesToRead->61440"
"20190813182917.770","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","WriteFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToWrite->61440"
"20190813182917.770","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","ReadFile","SUCCESS","","hFile->0x000001f0","nNumberOfBytesToRead->29889"
"20190813182917.770","1344","bcd67664cf8f828a25d8c62b3c62d6bc096f3ad1670884876482ae9ca6da5c47","1596","filesystem","WriteFile","SUCCESS","","hFile->0x000001c4","nNumberOfBytesToWrite->29889"
1344.csv
[autorun]
open=AutoRun.exe
shell\1=Open
shell\1\Command=AutoRun.exe
shell\2\=Browser
shell\2\Command=AutoRun.exe
shellexecute=AutoRun.exe
AUTORUN.INF