Sample details: d2422f4bfc7032a305be26e5dcdd7415 --

Hashes
MD5: d2422f4bfc7032a305be26e5dcdd7415
SHA1: 2e0b15f2e8bf242084421a3e5df6a83cc9c5ecb0
SHA256: b5a698062e87e2e9d375634a251d358d83816d315278dc83cb7576220244db8f
SSDEEP: 24576:ZMMpXS0hN0V0HigSGB2uJ2s4otqFCJrW9FqvSbqsHasgXhFHDAGtlRXZ+CP63n04:Kwi0L0qo9
Details
File Type: PE32
Added: 2019-10-09 20:20:25
Yara Hits
YRP/ASPack_v212_additional | YRP/ASPack_v21_additional | YRP/ASProtect_V2X_DLL_Alexey_Solodovnikov | YRP/ASPack_v212 | YRP/yodas_Protector_v1033_dllocx_Ashkbiz_Danehkar_h | YRP/ASPack_v211d | YRP/ASProtect_V2X_DLL_Alexey_Solodovnikov_additional | YRP/ASPack_212withouth_Poly_Solodovnikov_Alexey | YRP/ASPack_v212_Alexey_Solodovnikov | YRP/Borland | YRP/ASPackv212AlexeySolodovnikov | YRP/ASProtectV2XDLLAlexeySolodovnikov | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/HasOverlay | YRP/domain | YRP/IP | YRP/contentis_base64 | YRP/maldoc_OLE_file_magic_number | YRP/Dropper_Strings | YRP/anti_dbg | YRP/network_dropper | YRP/network_tcp_socket | YRP/keylogger | YRP/spreading_file | YRP/win_mutex | YRP/win_registry | YRP/win_files_operation | YRP/win_hook | YRP/Big_Numbers3 | YRP/Str_Win32_Winsock2_Library | YRP/Str_Win32_Wininet_Library | YRP/Str_Win32_Internet_API | YRP/suspicious_packer_section | YRP/CAP_HookExKeylogger |
Strings
		This program must be run under Win32
.idata
.rdata
.reloc
.aspack
.adata
4O=?rNNN
dZO]ynT
;3=MKj4
1,ze9s
<eo1E*
.6>9bUA
bW3TV^
b)EVjT
y#>I~'
3Ts_#K_Qp
\&l;My$Y
dx%_g/5O
PIvE%d5Oa
3,H-T,
b|La#u
x`K7Krx
C{M5m(
M$L8fo
!gMEwn
bCW$y',
#e}"+e
8%A(	0&
qfZhZ:
=O rxKsE
MA&A(A*@
E-Z}@0
"LZY]\b
lU~<W\
%ZZ_b]\
uD\!Gy
KWs`VW
F	;*5iB
&NLk;(
^dRi!C$}?
=`A"}m
\+q2J5
""|;7H
b9c|[m\sG
=!{.|Fo7
	"=KxW
'U&B|~
KI^J`2K
nch;?"CF
Ys+4RC
g8cTST`
Pc3.Ln6'
ln'/+<
f$%$WR
fbIC.C-`
s=6xUP
s{"kt'
Es!W2O
yhN~/?
m;S)&C
5o`%gN
1Jl.ys
a 0y'N
AG# `<
F:,5tW
d3QZX-dF
zRXblY
6PD-<O
ywQ_;6
YI ~a^
smey:|
kELc%b
~-efhy
HGC;]l 
9w(>:l
Sk68R#
d="-8]
RP7%B5
_1mnP7
Rw/8pR<Q
xnLl }?
r4&gXAe#D
=!2d;)
pI$.>8n
1r{<<[
}yj#8z
M=B}@}
%y6D5T
c`;X=+
s[z;cb
OD5J})
bux/:>
93'hm@
{pVS<"Xia1
VBl=!Tr
U@`1z0
j`>$y%
PhrEGTb
Ow4}nR
';G]l+
Rv8SNEh
@O9;;HQk
kx+Tl(
%YTe(%
H-9jK+
6pM6._
RY,%?b
kG"C]m
BLMH^!q
4+1 .}
#Y#GV`
zbqC(;H}
.1QGkdj:
;c9@za
[@"zm(#)
D/>b]?
zv^983YcH7
M)ET]?
Qay2AY~
	q(vMLi
9Ygc3ihK
f7b[pP
xK~m|G
2%.X2&d
q9n:=leD
T'?"&IK
[#c+qk0
gNHvrX
X-V-W-X-Y-\-],
dq2h@Ws}Z
~xR@*8
vlZ}=6
<`c)={
U|:{,r:
3Sew$v
xo'VMTz<z
kflF]lU
 )MPSP
F54JN\
0Iv5'Z
}x3P/P
y!y)y1t
sL8Ay%
\+|aJ_j
O7jo7)
S%hw>f>
P*V*hT
1{vm@M
%7(N2x
\r!<LL
F$uH5E-
c`XoTy
H{&@}EM
4	*kf5
GU:.sz
z=AH8p>
g,j*,A
{"?gQ\
ao!Jk@
@(ZP+@
6 p+{d
P-yC%N
DLfb!>zn
54K	8)
\RFM)K$
,JI1sN
_e~g{%m0i
{/26#9
rA?ugix
yXsS@N]
qeO0#R
H6)FV zPw4
dxNlI+
PVgZ*8+u
A*X*e+*B/9
io~\'R
:15>1N
G1E%2Fj
fhe?NJ
yTPjeQ
S|+Q)R
8s86 cnB
h6DWDY3
/06lMSR7
ocCI\9
1G2 t?x
~)JE J
a&:R]Mq
73B}68
nb5.<6E
c/A+5y\8[B)
.89J+ITy
f/{6,;
FkmotG
)P(xR&
KFwc!/3
C4Mgjv
=19GQe
6yU#O#]_P
,-1[hN
-'Qt]Za
7t^3?9
\@OQ23
:la\63
xA}&	HG
K4%_bGf
mDF{ZI
HUet++
_w@Klx
Av}Yu:
VT}}2h*2L
" #+-R|
%a>Ou&
itO	n[3
}riO.H
ml=>*x
j=P+ubcJ
{oixJ]dA
B5^S3,
5}d8S_
#w0+($
>}q>1QZKcg=
389k.+`X
yV2ED4[
tGqALM
&F,u(A
!%RpQJP	
UcFV"1#
RT-T|}-v
%U"hsyA
6<l@CHg
 ^Z/mG
Y2/Zjz
^m\ vNdm
SmBPbn?
mGq#^FS
hn\d9n
".&6#H.
BSL3#H
y#F^t%}
EiI2=/
1fF@i\
,RoF~iC
R)=5#-
:.bISi
?w1@40
X#V;Q9k
6vvHqF
/czGZ=
.HQ	IU%
}sv^x^g
rFnHNo@
ME7'_	
d.Ir;@PNV
~\;JCtd
'RtlDw
E;7>lRN
QI=6j@
TSfi7v
ANG"l	
xhz"%qi
HeW.]s
	,GH9r
?}58bt]f
*^{sPr3
A	r12#
:b7O'>
!cSbk;
+/r`hA
[rV2.?7
SZXMW^
B)Y%Ud
6CTl:b
n&"#m}w
ttDf8U;5
?n!IjYq{
D}a2QE
gUU$N!
#4\KV]\F
n<?twAt
(|CP1*>)}
%S0F;v
xjT04n
_sPDsc:F
?/RZ;V
(%{h)[ 
v)_f:7hR
x#Dd H
?5$n`i
+Nc`wevh
D);?Df~
\)\)\)e
F~tI/<F
@5e	[DV
M5M5M5V<-Sg
AN4ax`
FoDi]	
8M;[	U
0i4zaR
7{"%6'
JiHQ)J"Q)J"Q
TRQ^:h|
Q$.;AB
tGOKQ*ef5
)PU4'g>
rm[Kz"U*
,-Kd|MQ
}z{&Zu /OP
yx`utx
 z{=3kfw
K6M1|z
6pMbf*
u`mFz"
n+bKw|"
x;$FQc[
qqd$@aE
Y2WmWv
VirtualAlloc
VirtualFree
kernel32.dll
ExitProcess
user32.dll
MessageBoxA
wsprintfA
LOADER ERROR
The procedure entry point %s could not be located in the dynamic link library %s
The ordinal %u could not be located in the dynamic link library %s
 (08@P`p
kernel32.dll
GetProcAddress
GetModuleHandleA
LoadLibraryA
user32.dll
advapi32.dll
oleaut32.dll
advapi32.dll
version.dll
gdi32.dll
user32.dll
oleaut32.dll
ole32.dll
oleaut32.dll
comctl32.dll
shell32.dll
advapi32.dll
GetKeyboardType
RegQueryValueExA
SysFreeString
RegSetValueExA
VerQueryValueA
UnrealizeObject
CreateWindowExA
SafeArrayPtrOfIndex
OleUninitialize
GetErrorInfo
ImageList_SetIconSize
SHGetSpecialFolderLocation
SetSecurityInfo
@H??wElDj;
@H??wElDj>
ERRORSUPPORTTEXT_RETAIL_DEFAULT_PERMISSION_POST.ERRORSUPPORTTEXT_RETAIL_DEFAULT_PERMISSION_PREVerify that you have sufficient permissions to access the registry or contact Microsoft Product Support Services (PSS) for assistance.  For information about how to contact PSS, seeERRORSUPPORTTEXT_RETAIL_DEFAULT_POSTERRORSUPPORTTEXT_RETAIL_DEFAULT_PREContact Microsoft Product Support Services (PSS) for assistance.  For information about how to contact PSS, seeERRORSUPPORTTEXT_RETAIL_DEFAULT_PROBLEM_POSTERRORSUPPORTTEXT_RETAIL_DEFAULT_PROBLEM_PREIf problem persists, contact Microsoft Product Support Services (PSS) for assistance.  For information about how to contact PSS, seeONPrinterNameSend To OneNote 2007ShellUILanguage1033InjectorServiceSaves installation files used for updates and repairs and is required for the downloading of Setup updates and Watson error reports.OfficeDiagnosticsServiceRun portions of Microsoft Office Diagnostics.{CC29EC69-7BC2-11D1-A921-00A0C91E2AA2}MEWord12WordMetroCnv_Converter12ProxyWord 2007 Macro-enabled Document\docmWord12Word 2007 Document\docxWord97Word 97-2003 Document\doc{EA7FE5B5-89ED-4872-B2B7-0DC103B2B320}eurotool.xlamExcelAddIn_EuroToolEuro Currency Tools\Conversion and formatting for the euro currencyhtml.xlamExcelAddIn_HTMLInternet Assistant VBA\Internet Assistant VBA{{Fatal error: }}Error [1].Message type:  [1], Argument:  [2]Error reading from file: [2].  {{ System error [3].}}  Verify that the file exists and that you can access it.=== Logging started: [Date]  [Time] ====== Logging stopped: [Date]  [Time] ===Cannot create the file '[3]'.  A directory with this name already exists.  Cancel the install and try installing to a different location.Please insert the disk: [2]Setup cannot access the folder [2].  Verify that the folder exists in your system and that you have sufficient permissions to update it.Error writing to file: [2].  Verify that you have access to that directory.Setup cannot read file [2].  Check your network connection or, if you are installing from CD-ROM, be sure that the [ProductNameQualified] CD-ROM is in the drive.  Click Retry to continue or Cancel to stop the installation.Another application has exclusive access to the file '[2]'.  Please shut down all other applications, then click 'Retry'.There is not enough disk space to install this file: [2].  Free some disk space and click 'Retry', or click 'Cancel' to exit.Setup cannot find the required file [2].  Check your connection to the network, or CD-ROM drive.    For other potential solutions to this problem, see [SETUPHELPFILEDIR].Error reading from file: [3].  {{ System error [2].}}  Verify that the file exists and that you can access it.Error writing to file: [3].  {{ System error [2].}}  Verify that you have access to that directory.Source file not found{{(cabinet)}}: [2].  Verify that the file exists and that you can access it.Cannot create the directory '[2]'.  A file with this name already exists.  Please rename or remove the file and click 'Retry', or click 'Cancel' to exit.The volume [2] is currently unavailable.  Please select another.The specified path '[2]' is unavailable.Setup cannot write to the folder [2].  Verify that the folder exists in your system and that you have sufficient permissions to update it.Setup cannot read from file [2].  Check your connection to the network, or CD-ROM drive.    For other potential solutions to this problem, see [SETUPHELPFILEDIR].Setup cannot create the folder [2].  Verify that the path exists in your system and that you have sufficient permissions to update it.Setup cannot open the source file cabinet [2].  Check your connection to the network, or CD-ROM drive.    For other potential solutions to this problem, see [SETUPHELPFILEDIR].The specified path is too long: [2]Setup cannot modify the file [2].  Verify that the file exists in your system and that you have sufficient permissions to update it.A portion of the folder path '[2]' exceeds the length allowed by the system.The folder path '[2]' contains words that are not valid in folder paths.'[2]' is not a valid short file name.Error getting file security: [3] GetLastError: [2]Invalid Drive: [2]Action start [Time]: [1].Setup cannot create the registry key [2].  [ERRORSUPPORTTEXT_PERMISSION]Setup cannot open the registry key [2].  [ERRORSUPPORTTEXT_PERMISSION]Setup cannot delete the value [2] from the registry key [3].  [ERRORSUPPORTTEXT_PERMISSION]Setup cannot delete the registry key [2].  [ERRORSUPPORTTEXT_PERMISSION]Setup cannot read the value [2] from the registry key [3].  [ERRORSUPPORTTEXT_PERMISSION]Setup cannot write the value [2] to the registry key [3].  [ERRORSUPPORTTEXT_PERMISSION]Setup cannot get the value names for the registry key [2].  [ERRORSUPPORTTEXT_PERMISSION]Setup cannot read the security information for the registry key [2].  [ERRORSUPPORTTEXT_PERMISSION]Could not increase the available registry space.  [2] KB of free registry space is required for the installation of this application.Action ended [Time]: [1]. Return value [2].Another installation is in progress.  You must complete that installation before continuing this one.Error accessing secured data.  Please make certain the Windows Installer is configured properly and try the install again.User '[2]' has previously initiated an install for product '[3]'.  That user will need to run that install again before they can use that product.  Your current install will now continue.User '[2]' has previously initiated an install for product '[3]'.  That user will need to run that install again before they can use that product.Out of disk space -- Volume: '[2]'; required space: [3] KB; available space: [4] KB.  Free some disk space and click 'Retry'.Are you certain you want to cancel?The file [2][3] is being held in use{ by the following process: Name: [4], Id: [5], Window Title: '[6]'}.  Close that application and click 'Retry'.The product '[2]' is already installed, preventing the installation of this product.  The two products are incompatible.Out of disk space -- Volume: '[2]'; required space: [3] KB; available space: [4] KB.  If rollback is disabled, enough space is available.  Click 'Abort' to quit, 'Retry' to check available disk space again, or 'Ignore' to continue without rollback.Could not access network location [2].The following applications should be closed before continuing the install:Setup could not locate a version of Microsoft Office 97, 2000 or XP on the selected drive. Click OK to stop the installation. If you have a version of Microsoft Office on CD-ROM, run Setup again.
For more information, see [SETUPHELPFILEDIR] under "Locating a Previous Version of Office".Out of memory.  Shut down other applications before retrying.The key [2] is not valid.  Verify that you entered the correct key and try again.You must restart your computer before configuration of [2] can continue.  Would you like to restart now?The configuration changes made to [2] will not take effect until your computer has been restarted.  Would you like to restart now?An installation for [2] is currently suspended.  You must undo the changes made by that installation to continue.  Do you want to undo those changes?A previous installation for this product is in progress.  You must undo the changes made by that installation to continue.  Do you want to undo those changes?Setup cannot find the required files.  Check your connection to the network, or CD-ROM drive.    For other potential solutions to this problem, see [SETUPHELPFILEDIR].Installation operation completed successfully.Installation operation failed.Product: [2] -- [3]You may either restore your computer to its previous state or continue the install later.  Would you like to restore?Setup cannot write information to your hard disk.  Check to make certain enough disk space is available, and check your connection to the network, or CD-ROM drive.    For other potential solutions to this problem, see [SETUPHELPFILEDIR].One or more of the files required to restore your computer to its previous state could not be found.  Restoration will not be possible.Setup cannot install one of the required products for [2].  [ERRORSUPPORTTEXT]Setup cannot remove the older version of [2].  [ERRORSUPPORTTEXT]Windows Installer is no longer responding.The path [2] is not valid.   Please specify a valid path.There is no disk in drive [2].  Please insert one and click 'Retry', or click 'Cancel' to go back to the previously selected volume.There is no disk in drive [2].  Please insert one and click 'Retry', or click 'Cancel' to return to the browse dialog and select a different volume.The folder [2] does not exist.  Please enter a path to an existing folder.A valid destination folder for the install could not be determined.Windows Installer terminated prematurely.Setup cannot read file [2].  Check your connection to the network, or CD-ROM drive.    For other potential solutions to this problem, see [SETUPHELPFILEDIR].Scheduling reboot operation: Renaming file [2] to [3].  Must reboot to complete operation.Scheduling reboot operation: Deleting file [2].  Must reboot to complete operation.Setup cannot register module [2].  If you click 'Cancel' or 'Ignore', run Setup again and reinstall or repair your [ProductNameBase] installation.  [ERRORSUPPORTTEXT_PROBLEM]Setup cannot unregister module [2].  [ERRORSUPPORTTEXT]Setup cannot cache package [2].  [ERRORSUPPORTTEXT]Could not register font [2].  Verify that you have sufficient permissions to install fonts, and that the system supports this font.Could not unregister font [2].  Verify that you that you have sufficient permissions to remove fonts.Could not create Shortcut [2].  Verify that the destination folder exists and that you can access it.Could not remove Shortcut [2].  Verify that the shortcut file exists and that you can access it.Setup cannot register type library for file [2].  [ERRORSUPPORTTEXT]Setup cannot unregister type library for file [2].  [ERRORSUPPORTTEXT]Setup cannot update file [2][3].  Verify that the file exists in your system and that you have sufficient permissions to update it.Could not schedule file [2] to replace file [3] on reboot.  Verify that you have write permissions to file [3].Setup cannot remove ODBC driver manager.  [ERRORSUPPORTTEXT]Setup cannot install ODBC driver manager.  [ERRORSUPPORTTEXT]Error removing ODBC driver: [4], ODBC error [2]: [3].  Verify that you have sufficient privileges to remove ODBC drivers.Error installing ODBC driver: [4], ODBC error [2]: [3].  Verify that the file [4] exists and that you can access it.Error configuring ODBC data source: [4], ODBC error [2]: [3].  Verify that the file [4] exists and that you can access it.Service '[2]' ([3]) failed to start.  Verify that you have sufficient privileges to start system services.Service '[2]' ([3]) could not be stopped.  Verify that you have sufficient privileges to stop system services.Service '[2]' ([3]) could not be deleted.  Verify that you have sufficient privileges to remove system services.Service '[2]' ([3]) could not be installed.  Verify that you have sufficient privileges to install system services.Could not update environment variable '[2]'.  Verify that you have sufficient privileges to modify environment variables.You do not have sufficient privileges to complete this installation for all users of the machine.  Log on as administrator and then retry this installation.Could not set file security for file '[3]'. Error: [2].  Verify that you have sufficient privileges to modify the security permissions for this file.Setup cannot update file [2] because it is protected by Windows.   You may need to update your operating system for this program to work correctly.  [ERRORSUPPORTTEXT] {{Package version: [3], OS Protected version: [4]}}Setup cannot update file [2] because it is protected by Windows.   You may need to update your operating system for this program to work correctly.  [ERRORSUPPORTTEXT] {{Package version: [3], OS Protected version: [4], SFP Error: [5]}}An error occurred during the installation of assembly component [2]. HRESULT: [3]. {{assembly interface: [4], function: [5], assembly name: [6]}}Warning [1].Please wait while Windows configures [ProductName]Gathering required information...An internal error has occurred.  ([2]   [3]   [4]   [5]   [6]   [7]   [8]) [ERRORSUPPORTTEXT]Removing older versions of this application...Preparing to remove older version of this application...Setup cannot get attributes for file [3].  Verify that the file exists in your system and that you have sufficient permissions to update it.Setup cannot create a temporary file in folder [3].  Verify that the folder exists in your system and that you have sufficient permissions to update it.Setup cannot find the required file IMAGEHLP.DLL in your system.  This file is needed to validate the file [2].  [ERRORSUPPORTTEXT]Setup cannot find the file key '[2]' in cabinet '[3]'.  Check your connection to the network, or CD-ROM drive.    For other potential solutions to this problem, see [SETUPHELPFILEDIR].Setup cannot access a file cabinet.  Check your connection to the network, or CD-ROM drive.    For other potential solutions to this problem, see [SETUPHELPFILEDIR].Office Setup encountered a problem with the Office Source Engine, system error: [2].  Please open [SETUPHELPFILEDIR] and look for "Office Source Engine" for information on how to resolve this problem.The control '[3]' on dialog '[2]' cannot accept values longer than [5] characters.  The value '[4]' exceeds this limit, and has been truncated.Setup cannot load RichEd20.dll.  [ERRORSUPPORTTEXT]{[ProductName] }Setup completed successfully.{[ProductName] }Setup failed.Info [1].An internal error has occurred: ([2]   [3]   [4]   [5]   [6]   [7]   [8]).  [ERRORSUPPORTTEXT]{{Disk full: }}Action [Time]: [1]. [2]Access.Application.12Microsoft Office Access 2007 DatabaseExcel.AddinMicrosoft Office Excel Add-InExcel.AddInMacroEnabledExcel.Application.12Microsoft Office Excel ApplicationExcel.BackupMicrosoft Office Excel Backup FileExcel.Chart.8Microsoft Office Excel ChartExcel.CSVMicrosoft Office Excel Comma Separated Values FileExcel.MacrosheetMicrosoft Office Excel 4.0 MacroExcel.Sheet.12Microsoft Office Excel WorksheetExcel.Sheet.8Microsoft Office Excel 97-2003 WorksheetExcel.SheetBinaryMacroEnabled.12Microsoft Office Excel Binary WorksheetExcel.SheetMacroEnabled.12Microsoft Office Excel Macro-Enabled WorksheetExcel.SLKMicrosoft Office Excel SLK Data Import FormatExcel.TemplateMicrosoft Office Excel TemplateExcel.Template.8Excel.TemplateMacroEnabledMicrosoft Office Excel Macro-Enabled TemplateExcel.WorkspaceMicrosoft Office Excel WorkspaceExcel.XLLMicrosoft Office Excel XLL Add-InExcelhtmlfileMicrosoft Office Excel HTML DocumentExcelhtmltemplateMicrosoft Office Excel HTML TemplateInfoPath.Solution.2Microsoft Office InfoPath Form TemplateInfoPath.SolutionManifest.2Microsoft Office InfoPath Form Definition FileMSGraph.Chart.8Microsoft Graph ChartMSProject.MPXMicrosoft Office Project Exchange File (MPX)MSProject.ProjectMicrosoft Office Project DocumentMSProject.Project.9MSProject.TemplateMicrosoft Office Project TemplateMSProject.WorkspaceMicrosoft Office Project WorkspaceOneNote.Section.1Microsoft Office OneNote SectionOutlook.File.msgOutlook ItemPowerPoint.Show.12Microsoft Office PowerPoint PresentationPowerPoint.Show.8Microsoft Office PowerPoint 97-2003 PresentationPowerPoint.ShowMacroEnabled.12Microsoft Office PowerPoint Macro-Enabled PresentationPowerPoint.Slide.12Microsoft Office PowerPoint SlidePowerPoint.Slide.8Microsoft Office PowerPoint 97-2003 SlidePowerPoint.SlideMacroEnabled.12Microsoft Office PowerPoint Macro-Enabled SlidePowerPoint.SlideShow.12Microsoft Office PowerPoint Slide ShowPowerPoint.Template.12Microsoft Office PowerPoint TemplatePowerPoint.Template.8Microsoft Office PowerPoint 97-2003 TemplatePowerPoint.TemplateMacroEnabled.12Microsoft Office PowerPoint Macro-Enabled Design TemplatePublisher.Document.12Microsoft Office Publisher DocumentVisio.Drawing.11Microsoft Office Visio DrawingVisio.Stencil.11Microsoft Office Visio StencilVisio.Template.11Microsoft Office Visio TemplateVisio.Workspace.11Microsoft Office Visio WorkspaceWord.Document.12Microsoft Office Word DocumentWord.Document.8Microsoft Office Word 97 - 2003 DocumentWord.DocumentMacroEnabled.12Microsoft Office Word Macro-Enabled DocumentWord.Template.12Microsoft Office Word TemplateWord.Template.8Microsoft Office Word 97 - 2003 TemplateWord.Wizard.8Microsoft Word WizardwordhtmlfileMicrosoft Word HTML DocumentwordhtmltemplateMicrosoft Word HTML TemplatewordxmlfileMicrosoft Word XML DocumentAccessShortCutCreate databases and programs to track and manage your information by using Microsoft Office Access.CAGShortCutClipArt|Microsoft Clip OrganizerImport and organize photos, clip art, sounds and motion files using Microsoft Clip Organizer.ExcelShortCutPerform calculations, analyze information, and visualize data in spreadsheets by using Microsoft Office Excel.GrooveShortCutCreate collaborative workspaces to share files and work on projects with your team members using Microsoft Office Groove.IgxAppShortCutIgxApp|Microsoft Office IGXAppIGX Test ApplicationIGX Test ApplicationLanguageShortCutLngSet12|Microsoft Office 2007 Language SettingsChange the language settings for Office applications.LimeShortCutLime|Microsoft Office LimeLime Test ApplicationMicrosoft_VisioCreate, edit and share diagrams by using Microsoft Office Visio.MSPaperScanExeDocScan|Microsoft Office Document ScanningScan multiple page documents and recognize text in image documents by using Microsoft Office Document Scanning.MSPaperViewExeImgView|Microsoft Office Document ImagingView, manage, read and recognize text in image documents and faxes by using Microsoft Office Document Imaging.ODShortCutOffDiag|Microsoft Office DiagnosticsMicrosoft Office Diagnostics identifies and corrects common causes of instability and poor performanceOISShortCutOIS|Microsoft Office Picture ManagerOrganize, edit, and share picture files by using Microsoft Office Picture Manager.OneNoteShortCutGather, organize, find, and share your notes and information using Microsoft Office OneNote.OsaNewOfficeShortcutNewDoc|New Microsoft Office DocumentCreate a new Microsoft Office document, worksheet, e-mail message, presentation, Web page, or database.OsaOpenOfficeShortcutOpenDoc|Open Microsoft Office DocumentFind and open any Microsoft Office document, worksheet, e-mail message, presentation, Web page, or database.OutlookShortCutSend and receive e-mail; manage your schedule, contacts, and tasks; and record your activities by using Microsoft Office Outlook.PPTShortCutCreate and edit presentations for slide shows, meetings, and Web pages by using Microsoft Office PowerPoint.ProjectProfilesShortCutPSrvAcct|Microsoft Office Project Server 2007 AccountsCreate and edit account profiles used by Microsoft Office Project when connecting to Microsoft Office Project Server.ProjectShortCutPlan, track, and manage your projects, and communicate with your team by using Microsoft Office Project.PubExeShortcutCreate and edit newsletters, brochures, flyers, and Web sites by using Microsoft Office Publisher.RMSShortCutIC12|Microsoft Office InterConnect 2007Create, manage, send, and receive bizcards and contact information by using Microsoft Office InterConnect.SelfcertShortcutSelfcert|Digital Certificate for VBA ProjectsThis program creates a self-signed digital certificate that can be used for personal macros on this machine only.VisSDKClbShortcutVSDKCode|Microsoft Office Visio Code Samples LibraryCode Samples Library with code snippets in various languagesVisSDKDocsShortcutVSDKDocs|Microsoft Office Visio SDK DocumentationSDK Documentation covering references and articlesVisSDKPublishShortcutVSDKPub|Microsoft Office Visio Solution Publishing ToolLaunch Visio Publish ComponentVisSDKSamplesShortcutVSDKSamp|Microsoft Office Visio SDK SamplesSDK Sample Applications supporting multiple languagesVisSDKToolsShortcutVSDKTool|Microsoft Office Visio SDK ToolsSDK Tools including ShapeStudio, wizards, tools and typelibrariesWAC_EWDShortCutDesign and manage high-quality, standards-based Web sites with Microsoft Expression Web.WAC_SPDShortCutCreate and customize Microsoft SharePoint Web sites and build workflow-enabled applications with Microsoft Office SharePoint Designer.WordShortCutCreate and edit professional-looking documents such as letters, papers, reports, and booklets by using Microsoft Office Word.XDocsShortCutDesign and fill out dynamic forms to gather and reuse information throughout the organization using Microsoft Office InfoPath.accdbNew&NewOpen&OpenOpenAsReadOnlyOpen as Read-OnlydocEdit&EditOnenotePrintto&PrintPrintdochtmldocmdocxdocxmldotdothtmldotmdotxicdicticxinfopathxmlmatDesign&DesignPreviewPre&viewmau&Browsemavmdbmdbhtmlmdimpdmpfmppmptmpwmpxoftolsoneonepkgonetoconetoc2potShowS&howpothtmlpotmpotxppappamppsppsmppsxpptppthtmlpptmpptxpptxmlpubpwzrtfthmxvdxPrintToPrint &TovsdvssvstvswvsxvtxwbkwizwizhtmlxlamxlmxlsxlsbxlshtmlxlsmxlsxxltxlthtmlxltmxltxxlwxsfxsnProgramMenuDevResourcesFolderMSDEVRES|2007 Microsoft Office System Developer Resources:MSDEVRESProgramMenuToolsFolderOFFTOOLS|Microsoft Office Tools:OFFTOOLSreg0005F9DFB11EE5635A031DA038FF9A9EProofreg005D9574E2D206D307893F81DC06F0E7XLSTARTreg007403245A6C2E1B47D99463BADEE414&Edit,0,2reg011805B5691E5D3A57178868B4475ADDreg03CD7777AA2DAED32797C8B568F9C1D8ODBC Databases ()reg03DBDA1638A26F85DE631FDFD910A3E2reg052959FD7BA37014ECB8CF441EEF4CEDreg053021A21AC3B51B76AE8DB4EEC85A10reg059EA896AF64E4B3C2BDEB978FEF45B2reg05C9ECA53A18DE59D4E90A206F1E8D63reg065FF1D29B341AE1C0BF30CC8CD1B659reg069934FBC337B13F2344D653E403B6C4reg074F12DDC24D6F5D82D9EF4ADF52164Areg0781CEDF1554451FAE08B0CED280FD9A&Open,0,2reg083407F478A29DA646EB5117D3A9E635&Edit,0,0reg08BEA2DCAE078C258741E0D7108BD07Creg092828397513E52292017A31A83641B0Microsoft Office Groove Tool Archivereg099E4C7BEC45A3E2CD2B60411969B808reg09F441C44F2F58849BB7167D2B60891Areg0AD85CE2F6DCD301614EFF655A29A5F1reg0BA730632E4155B0DA2C19FF22F8EF84reg0D1CB378DF8DDEBD9895CF074BB6DBA3reg0D432EA6E2D260FE3F7CE05C19DA7C3Creg0D4FF606B6C0E18C9927C7F58DAA9EA2reg0D50E43B439F38F7B6EC7B670E547363reg0E8181654F86BF43E0210A09B07166FCreg0F4108C4DF2AEB55CE34479C6EABCC72Exchange Unified Messaging support for voice-mail and fax integration.reg0FABA33AA368F6A79434E8295ADC3B94reg0FEF2F81B1EB050C47DF4685639C3C16reg11F6C813D8AD39AA636B556C26735889PERT Analysisreg1220626D7618A26DB7F1C9EAA21CA016reg12A7CEE4CD6BE6F2381D17357DDADE26HTML Documents (*.html;*.htm)reg1411C2D32DB44311EE597468B3CC9BFAreg14491C5CA73AD97D3AF85015763FE988Adds Send to OneNote and Notes about this Item buttons to the command barreg1497460DE8A54C48A970D2D5ADD74FA3reg1525240504C166D47CB0781930C854A9reg15BEA710FD8A9D51AA6E86128103A3E3reg15DA56F824CD70C86C574A63FD856E03reg168E77160EC30C1660E372B1462A4115reg16EB6FBEB4FED73DC18392B8F105E908reg171EC7CD6ADC2A055672DE0AC43A2899reg1770F2FFE4526FA0E43D6275ED9EE4A7&Save As...,0,2reg178474FDE68D0991784D00DD923B41EAreg18FD1ACF1B96F1D2A846CA4BA8D8CB44reg19B311FCB7F3AB5C6BB6DDCACC605410Word 2007 Macro-enabled Documentreg1A2A1A3AE3DB93E280CCAD552874DC31reg1B3C88E27294452C44403127B9D62AD8Excel Binary Workbook (*.xlsb)reg1B455DB5F69002EE80B8A8A99B24FF91reg1D17C7235462E360F6FA28EBDB8C4E7Freg1D9171B8712375DBE78F5B50F2997932reg1E4199476049D9525A24283F5299439Dreg1E82372B07C9A01A9111B50FE89C3FE9dBASE IV (*.dbf)reg1E9D39EB5F210ACB12559632C2E69CF2&Open in Microsoft Office Excelreg1EA99958A8AC0CC562386CDCC4725B56Exchange()reg1FBC13F269CE1ECDCB7506EDB8D328E5AddInsreg1FD567A744988A3442A6F6AA9E6A60F3reg21AE301008F9A0BA5403E2831BA46E70&Edit with Microsoft Expression Webreg21E41606A7192A7958C9845C7FA6BA82reg227AD8C87F11A8BB0D27F38D3921287Dreg2287B1A993A3863AC36CBE9014371B50reg24D1EC6BD2320EBDA2C41E9CB6DFE748reg25E4A23BD7B5145373EB6A58A01B336Dreg267BB383ED7581CEB396359EBA7C7050Microsoft &Access Data Pagereg2759B5FDC51A2730F82DFC6259E4EAD6Microsoft Office Visio Add-Onreg2762F2E6F78D87B79F49C654F090A41Areg27B840370F12B098BF71A062D809C627reg27E96DFC7E93DECD717DB4D1F7358633&Edit with Microsoft Office SharePoint Designerreg2809C64505F28DB09379F4D3E2605995reg28B0C76451F36B37BE0E6F61F6F33EA6Microsoft Office Groove Proxy for Outlook Add-inreg28B9C489B20D8668EDD41AE5DAD4205Ereg28C2BC4052B2BDB70109E369347CDC3Freg28EA185236D5950D5AC3F6EC2B11D56AMicrosoft Office Groove Space Archivereg294CC655E304CBA4996C0012176C40A4&Edit with Notepadreg29A81CA3A0B3CBFBB498CCA1DD60539Areg2A14692C0B1D2B72D9C372A2A4DE06C8Paradox 4 (*.db)reg2A88946DC951AC035EC98F0967AD065Areg2ADC0D99F3C11EB901212CA22B9369C7Microsoft Office PowerPoint previewerreg2B773B288DFE5F0DFF83894F6479EFA3reg2BC91F563F20C0181C7F7B102A6C669Areg2BF04053C402D67F12BFA1F4FFA8FB86reg2DC60DF677D0A211FE14C80A9D27DC4F&Open, 0, 2reg2DC7FF94DCA902A47DE7FCDA8B68B2FAreg2E94A9D08D524436EF3D59A425C01DEEreg2EBF0742222D9182D35E8C82CD4203F0reg304BA8C9C754F4A535D3B24F66FB8872reg304EC0DB0EBCF82E95A0476C4819E289Application Datareg30A6325726864B96D39C39F2C26F1421The Add-in allows Microsoft Access to integrate with and enable automated scenarios around Data Collection and Publishing around user created Access solutionsreg3107FFB925A9F4D4139028A2835E9BEDreg310CF7D3401BD33AE3C8B8C018C1FBC9reg3173645541362161D141D8BE752EB7F9reg3191C79205C9ED2BB7F7629257A00D05reg334AD94322A0D76EB40962AA3C74746FAdjusts project start dates and all constraints within a projectreg3393D922107AD4EB0A78F594C5C2D03Freg33A0949A0360B3B3B9B61977F0E6EA71reg33DD9261B98CF9670F86303C6DA747C7reg340CB4EF259171F5C656D4E14977A5BFreg3448208657DAC09AB3AE301C48303526reg34BD00F1A73302335A6B7BCAF40D9795&Open with Microsoft Office SharePoint Designerreg35314B2CE20A4A3A050E61DEE1223ADDreg35A4C07CDC82E830968204054457428Ereg35B2E4A5D715C2204D1DB7D281D59A8DMicrosoft Access Outlook Add-in for Data Collection and Publishingreg36052154150318D8ABD05CB84B5E38D4Microsoft Office Word previewerreg36C00FA4126418B44123B994C0554359reg3729B46C8DBEE209D53B1CC4A22EC32Areg379E2A47C1AA5DC01B982EE188A9C80A&Researchreg3823CF0FD84BF07134B214C922FE99E2reg3A0E418BDAA31FE015B9233CD04E6DA4Microsoft Office Groove Filereg3A3012489D1E7E69307667CFEA22C862reg3ADBDA109826C6868014E31F0781E925reg3B125046785390EFAD732C472328AAC3reg3B364E4B829A5BACDC414FC8A6021551Microsoft Office Groove Remote Filereg3BB3CA95607C1D8CA9523D466E6B013Freg3C5A7128277C316A50C7A72E0444E038reg3D0CF844BC6A7C3A771C45F47E86DF9Freg3D84238A977243F751F76B43B3FDD625S&how,0,2reg3D93AC9182D64E51AA9E877E3FF233DEAccess default location: Wizard Databasesreg3E0C50AFC2A6BFA79BC8789F5ADA3AB7reg3ECB58C4E4A9F1247C3D8245E63C0A99reg3EEC0F402B1ECE922F6773BBB15ED202Presentationreg3FFC766B9248A4CB1CC63D573F458977reg414F11BC67CD643236734DA034728180reg41F3A4F6DA5BAB49C6C2D7CBF8E0D8F0reg41FF364DB5E121334E5D73D150BCA91Creg4233D9578D83AA196740A80799FA2DD0reg43280322FF5C47AF2949CC3A025CBC9Freg43DFAF5B8CD9157E6F37F474D3EBFED8&Save Asreg442B5C8952B10996B6268E321EC8A792Microsoft Office Groove VCardreg44571913616D8CA2027CBF19EDE7E4E7reg451F21F211EBD9E00277BF27EEF2EEAB&Open in Excelreg456E37CAD9DC0CBFF333A379C17A430Creg4690371FF2B771F3F3FC75BED8B6915AMicrosoft &Excel Worksheetreg4741849934C79B9236B137551305284Breg47B58DC63A4F839F02702405C85E2BD3This wizard helps you to resolve replication conflicts in Access and SQL Server.reg4918390413F5EDF84F70EDAE5BAA8822reg498B8862E916C3CD4B9EB577F114A044reg4A9CAC887DD0369C475697A5D71AC1DDreg4B5FEDCB6E7D93C0E28AE0890B8901CFreg4C6AB154FC13A5A9BA7153C1909DE249reg4D992677B645D33E9E5358DDF3C58953reg4DB12F40BC5DDA8371AF9D3B2A6C3690reg4DCCE517D3AF59417F40BF6F889F4987Desktopreg4E2215E2C9B8B501F318C78D3BA2C715reg4E7CED7DAE0A20190D6756403558E732reg4F07B3B4D814A6F75C8A0EBEA3619FD3Visioreg4FA1496AD7D17777549A749E01CE35BBreg502AE1A142BE6373DC4DB8E493FBFF46dBASE III (*.dbf)reg513C4ED015E3B70DBE1A9E4D7BCAD2C4reg5161203B39E75ADF825E1012C86AA589Send to OneNotereg51763D059D0CE7E09739E09FE8072702reg518401DA3D281178D610BC636C709E2AWeb Sitesreg52F950B879162EA45930A8794E69E3C5reg536EC9546430FA166D2A825F5A93C372reg543DCB92FBF2E3C676CE027D9EE48162dBASE 5 (*.dbf)reg54851144F8B8731E45E868D86A6E9265Stationeryreg54BCA6E759EB27FDAA92C64FC0E680B5reg5508E4E14E6A8E47542531AF19AAE559reg5524404F5CB515FCF3C116C7E24E5285Projectreg552FB8256C57B318F4BADE5812182AF5Lotus 1-2-3/DOS (*.wj*)reg567A61CBCE74D1647F2FFCF3E796619BWord 2007 Documentreg5703174B35377F327156886CE6045231reg573C928E3B16576A6E3DB99B355B4D70reg580A163559ADCBA60CBD48A5599BAD17reg585BF595D285E94C30398B2BCE0DDB8EMicrosoft Office SmartArt Graphic Quick Stylereg595AEBA32EAD390A31DD390FB958AA3EProper&ties,0,2reg595DD725E40D8C7A84CC19E1BC5B13A0reg5A0C31065C13D4C5771483E50BB69DA9reg5AFBACDBD69FA93EEB6A5B28557D0A76reg5B0A8AA9246B7E5C201522EFB8E8A181reg5B2BD18AA1D9101F93FF3CFAB84342DEreg5CD83123E6E1DEA9929FE780CA550081reg5D42944EAF28610A9F1F6C7F929DBDC0reg5D62C71194A98136EFEBA1B7C534A199Actorsreg5D6AAD7EB0A74A8E7EFB43F91AAE52A1reg5D83B399C6C781AF8395318DDBDCBBD9Binary Worksheetreg5E2A87FC73910C083617CE7C45B34896reg5F5969C578DD24A842E59804A89CF82EMicrosoft Office 2007 Access Database Engine Conflict Resolverreg5FBAA34D9EEDE6D13A362C3533B1AD53reg5FE1F2B940208428D118C1D3D334AB47Microsoft Office Groove Shortcutreg602BC08B05714D86E7B0D448B0C7EC16Data&sheetreg603F61CA363265BF2032BFAD6854A89EMicrosoft VBA for Outlook Addinreg60E5A1A4F2098E9EFF30B94D3B36B101Displays a list of previously opened Web Sitesreg6115C381799FDF1CCEE47DAC1BF17941reg612B963A1484C1FB4575B4CB49EF3815reg6184A9EF838326A8311E6333FB978D2Ereg626F42EB84192BD5AA68F7600D58B753Paradox (*.db)reg629E630C0EFF799D016390D1FE113472Microsoft Exchange Unified Messagingreg63EACCAF48FB7E7C171DAE4D36A227C2Signaturesreg640625E60EDDAF55BE0DF27D97A0475CCOM Add-in for MS Project 12.0reg64DF5D4DD27F14D6AA4F1858C1568702reg653DCDCA1F6BDEBA52CAB4DDE4091D02reg655798FD7D6D6AB637D0DD23F0B48C16Recentreg656917FEC46918FE3924EA632EC4FC92Proper&tiesreg66A1AF4AB2E5582A9ECA978D981E59FEreg66EBEA49509268BD6687C6166FCB73AFreg6810CA9CDFF433F4C8A649D92659BD19reg68331D61055B67A32E337344F183D1C8reg68AA146A805D1CE8E8040C045A09ABF7reg68F3802B1ECD60F54D3C716D3CD4449Areg693619006DB87C6C42E33697ECA38305reg6970A35312F5FF35027E9C959FC1DBDEreg69955C1162551D3B31D8098D6579C501COM Add-in for MS Project that creates a Powerpoint, Word or Visio document and pastes an image created using Project's Copy Picture feature.reg69DE36482242FEE93A1E7B9F487C32BAreg6A45C34A1B79AE63F6EA85DA77AF2BB5reg6BE483281F3A00AD962D6ED3FDA98020reg6C2CDEB4C08FCB5BC7F11B0C25D99A82reg6D09897A00FBE01501E6C60C3326A7CEParadox 5 (*.db)reg6D6D35A00D4255D78FCBF3E4EC413F5AParadox 7-8 (*.db)reg6DB7B975EBF3A4D7DEA4B0EF07809FF2Microsoft Office Excel previewerreg6DDC289F1DDED7642B452D08E39BBC34OneNote Notes about Outlook Itemsreg6E171ED4E0162E049FD60B1FA58F4059reg6EA8C344E60F30ECC30EB20D6947027EExcel Macro-Enabled Workbook (*.xlsm)reg6EC820BED593D69BCC72C4E023DD05FDMicrosoft Office Groove Embedded Inkreg6F6E60EAB49B13366D13F34FA9935842reg6F70497D5F4BFC0831C17BF2777A5994reg6FC1652116E797D77475F8D1DBE0D8E9Enterprise Projectsreg6FE02CF42BF29F51CBA354C110D30E26reg6FE37B56458D2988893EE99E43DF8D34reg707FB25DE6E38F0E6C29C4E8F9EEB1F4reg70D2778E7BF614725A3216B47BE151EDreg717881879ED9E69D4DF65B78E0D461EAreg725BE8BC69D03720FA027A5A774C0F21My Picturesreg7263E88E1EB0CDD50299BA0F1C9A86D2reg727C7CBF0A67844EC67544692B6431E1reg728731A00D9E0D2C1B01EDCDB1BFB19Ereg7323378FABE94AB39C32577548BCDB04reg7349F983767B854103769013661DEE84reg74E9148142176A08E955CD1D84C35FB0reg74F880D8D36AC62B25E6B0FDBE2DE7F3reg757635380CA4A22EB8ABA2A16E2E1640Favoritesreg75A18038176BA014F06CEED86FD63348reg75C2A86C34498209EC42926D693AE679Microsoft Excel (*.xls)reg75F12763269DE02A9D009B4C03D105C3Slidereg75FCE207D6E611BEFD4D96C8BF82292Ereg760533319C433B8012E5D8AF969A4B3Dreg761152C4961368B4274164B7232DE33Breg76C5CB23920A6AA19255619ED7C70015reg76F4A62B50577EC0F0490B8BC64E892AText Files (*.txt;*.csv;*.tab;*.asc)reg770A45A89E322BAFED1C0A423E2A9480The Add-in allows Microsoft Office SharePoint Server to import colleague suggestions based on your Outlook contentreg786157DEC781C4B6E59ECC181534B810reg79D25BEC2AA8140967EEB9D2F1E5B656reg7A1E0E78DA5CB04E088302D049E6321Areg7A2DDB28F6F9CEA5821064178F63A964reg7AB3FA4DD7CCE40395FF66BBE08A0217reg7AD570CD0D6BF18B71F98385BA819216reg7B728DAFEDC8A25BFD6A782DEC241D86Microsoft Office Visio previewerreg7B8DB42F4A61458C2DE61D43C9EC6ED5reg7BF9F288E3B802195DF97A337E181C0ALotus 1-2-3 (*.wk*)reg7C1F1962C1D756AF3D8ABFE887262524reg7C6854EFC5FC4A9DB8FF776BA66B56B1reg7C6DBE6F482AFEB127D0DCBC94085F0EQueriesreg7DA6C8EB4427D53B6810509B21B91E5Ereg7DEA4D8453608E375EF141C4FDF3DF64reg7DEDA2F9B16E14781FEEBBC909C4BE02&Edit in Excelreg7E2FC544FA4E5E78484310604D1AF0FAreg7E810FFCFE41CAAFD39EC24E64581FF8reg7EB222AF11FE4871DE90E8CA45DDCAE9reg7F4CFEBBDFAC682B35959D241958C7C5STARTUPreg80A330A804DFC5064DA9A58E66F7343Ereg80D8A4EB2793D455DFC6339CA545A29F&Print,0,2reg814C580E3F4E87FC95385F398FDCB714reg82D547D50B4D23A3B1C9743121861103reg8341A17D069CF37C5C69C45C9D7B9E19reg83643C9F85C61AB88E3CEEC85B851ABEreg83CA367E1EF23BE69159075CF49C8BB8reg85C177B156DA18A9F6A1719A8B539791reg85EAE8F95E186E7EE6D329B22AE483D0reg86074B7CB780CB5C3298ADAD06CD781Breg868C40E3927565EB638E9A3671E67FB5Macro-Enabled Templatereg87645FE664760910DE5DB8862EF09136reg87F2A229B7911A27CD98E0D05692D91Areg8824C97C0D40603DC11266647CB00D3Dreg8860E9EE8B9CD155D60F3B70CF0C100Areg886DDBDC3D16F5BDCCD83D1EC8C080B9reg892825FCAB55CD15895873BAE6C0A65EOutlook()reg89DCDACD9B50D409D6A112BB307C0771reg8A43B8ABBB7DB4CBCDD83EEBDECD805Ereg8A75DCFD4D0860CDF692231B1478EFA3reg8B350529531F8328E374649ADFC3F76CWorksheetreg8B7AF1C190EEFF1FBDCBE16C6F93F74AOrganization Chart Add-in for Microsoft Office programsreg8C2C22682C0F1B9B3E83C163A9AAF940reg8E4A8A0D6314D23AB7AF8E1C59914CADreg8EAA433B59E18DDD193260D87B1C9073reg900F0EF0E3977E6E3CEA02E01876CB35reg90F7D4F88B41678B525CC66E1666C5BDreg91399C01F5D7F308ECB05EE4F2DAB87EAdjust Datesreg9229B31400F05F9609B0192E7D58A85Creg92593E4F36AA278CA1136F7820E04A23reg9306B184FDDDF6D7FB0EC06F16C2004Freg9345B41F2F82CBAF402656B8D76F30D9reg95213B50B2495AD6939F6FE521C4ABBDreg9580E3C5AAAB32649D4F3139C6B94635reg9623F079C65D19F92EAECD949E146A03reg96DF3F3E7E05B3298B0E25F003416364reg976C43D104DBCAEA4EE8C542A74DD397reg97E98567A386E0D62737D816157573BEExcel Workbook (*.xlsx)reg9818AE17FDF73299415F457DEDF255F1reg985516E106DF8A7858F08D30882ABCFCreg9887596D346279B2D899E52CA7C03012reg998D5BF7595701B838C12FDDB26CEB27Word 97-2003 Documentreg9A1042D65629EFEE279FABDC4073AA02reg9A2296428EEB1194663A41D1F5E23462&Runreg9A6DD09EE6EF5C9593A07D33148CAD91reg9A9B30987F193DFD5F114AED5A3BA9CFreg9AF959A573A1D4FC311980CD797B4762reg9B938CE605E09844ED9693CCC86F8830Office Outlook 2007 Calendarreg9BE6ADA3FE080A7661C5CB08750924DAreg9C366692633E06B66AF1824E33D675C9reg9C3A3CA4A065232B8BABB414A1B18706reg9C7847A2B2E6B805641D95F36A4E5771reg9C8088CB5A76B3F33E523429541728BAreg9C90CC0180C057300BF8E0D8D31A080Areg9D62D16A967C69FE99643F48F802CB94reg9DF1A496A8AC724AAE7A2B0595BC2A43reg9EE104968C5BA1AC3D2CD684C7B70E08reg9F1CB2F91D6A0E62FCE4660C0EA6B8BDExcel 97 - Excel 2003 Workbook (*.xls)regA06150F47D46A026D77DFC825A768805regA0C9A4A334C6BFB0A5FF1C03F959D205regA0EF30B286067623FA7C3AFE01471C25regA12A58C2122802E036FA030EFCD7701BS&end to OneNoteregA2277D3B71689F1D84611E954A3328BCSoftware\Microsoft\Office\12.0\User Settings\Excel_Core\Create\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft ExcelregA2AC5E86A90411541BC8C84F3D9ECE9BregA38AB9EA438A65C73FCA6EC46AF85D82Compare Project Versions UtilityregA39A1F7E141AB9F23B9D68EB347220F6My DocumentsregA3D42C77FBF31AE5DED8DAF327F6AF9CregA3EF3C3EA06EF992C2D34779DAC97CD0regA5C41EBFD2EE8635C342BE1D3AA44013Microsoft Office Chart TemplateregA640344B9ED9CB2E00F186A6C5F09165regA66DC32607CAFCD0D311A0850B10BF15regA8BC0B07641F7AD5BA0C60DB0A081E0AregA8D310938767C3B182C2F3BB9967BCD8regA950BACEE2CB672E68470C4571EEBAC2Paradox 3 (*.db)regA95E14CA0EA857616BEBB5D2E1C1BC1FregAB43C7B09900D498EB50AEC17C927EF5regAC1C953E30595CAC2EA5F496148800B9regACE45A7ED0D6215DD345681F042AB471regAD7242CF48E99C8EE5FFDA61AD3AFAC7Either there is no default mail client or the current mail client cannot fulfill the messaging request.  Please run Microsoft Office Outlook and set it as the default mail client.*Microsoft Office OutlookregAE74B2E5CF4A9C7AE6FC9398695CA33AregAEA600A07BA566300EA0D187816FF2D6regAF171B15D07644B9803E1B1CC9EE702DChartregAFC662E4C72A2A8FA1DB620AE82AA958regAFEE76B926DEF520F93662E6B0F860F4regB042476E2268905F21BD653B80D27D6AregB1E8E0263DEAB66090BEF98BAD6EEB18regB2809CAB8A425BC8DEC2AF5C03C82469regB2933E7F2DB28F772CF11EE78646950AregB2C478FA695A7D85AB412B0B0D228279regB2D6CCA5AFF17BAF57A65AA1DE1A59B0regB315D2D17D780341640A06FF0D44101BregB32E05495CD12BDC27055DFDC3A00D0DregB32E4F5E55E2815EFD91742B7A595B7FregB4EE942014A6C9461A8129D88D3F05CAMicrosoft Excel 5.0/95 Workbook (*.xls)regB4FFA49F81DF91944239D728AB52BF4DregB5DB0D7F5E4B85C7AE3B11252B03323DregB6196BE7385C884EBEB256A14DA0B235regB6731158842F116DD138BF2C5FF14151regB7CC61348BCB2F7E6602AE1134521FFCregB8A3131FF8E7B4D3717DC1FDCC0B6794Microsoft Office Outlook 2007 provides an integrated solution to help you better manage your time and information, connect across boundaries, and remain safer and in control. This comprehensive information and time manager helps you organize and instantly search for the information you need. With Office Outlook 2007, you can securely share information with coworkers, friends, and family, no matter where they are located. Office Outlook 2007 makes it easier for you to prioritize and control your time, so you can focus on the things that matter most.regB90084FE407D1976127BFD2DAAB9C270regB9197BFB6B100C1304AB74F7E52AC23AregB9C901A76EFF653028F7E2E3DD6DCD3E&Add to Personal Address Book...,0,2regBB33943316F2BD8172F47A9E066ACA79regBBA8BBA05C980220F140FCB4DE3412F1regBCF8A22165100C1A1D45C4E7D91A0530regBDD24C0F31FEC308DBBA46A321E67B14regBEBC7280C8609C712E3483A3C2780D59regBFAE5346497006EE6CFB2A948A578557regBFCEAB34C36D7A050ED5A6FA532D168EregC06A7F2C7A9381023B3D1A9C80F1977BregC1362E9ECE18C8A161AA63ADD9C82374regC14865B29A8E66DC11715FE5521BB65EregC1CE58101184C509E2A648805F2EE94FregC1DC41DA0BB66979772BAB6525835E80regC247538CED594DD3DB9460783AE80A84regC24ECBF16F810C92DE3F62384A131DA3regC264B82C23C56981C999D40967534CFBregC29E73EB03D67AE8A46EC7F401CDD15AregC2BFA1F47D356DD9398EE080D7D3ADFBLotus 1-2-3 WK3 (*.wk3)regC2E8189A429C85DF5604AEF889921BD6regC33A1F0510CA3FC5AA8941E9C1676F35regC347E982AEF55FFB535AC377C18E82B0regC375867872B3B941C63BCAF426D767D0regC39F8F57058AF738509F760E59520BC8Microsoft Office SharePoint Server Colleague Import Add-inregC3F401345854A345F7205236204DDB45regC40BAA3D2D6ACF305A8BA3AEB3ED811BregC5EE54BE8B04210EDA32AC8D358946A1Provides information through devices enabled with Windows SideShowregC65581351DC3AEAA663EC2097DF7E375regC70B7BA75E1A2359148204CA995B7FCBregC78B15F8A06AC713013B14123A6C121BregC7EAD86F7850570F688766C13A461499regC83BE323BBB4C7551111CC69B69D7EBC&DiscussregCAEDB6C5502FB301F27B2E2A3E60702FregCAF3EDC2283755ACAB5B0BF3FCCC58DBregCB33B8CB1F2711E13D90478D61797134regCB9C00D26900C165A141A9D445D55225regCCC38886963454CB79418871B24B4829regCD20CEAA38E6166AC3F2EF1CDCF06C6DregCDCA1486B09E853EA4BA96821F45397CregCE8ECB934856C740708355CFDF068BE6regCEF4F967EFBBDF39D79E5B6407FC4234regD068677AA9FC1FA2422F2EA1A473D708Windows SharePoint Services ()regD1CA03C02B52223E64F5228DA5235C0DregD1ED24BA6D841BD31971B9A770464B2EregD210C15B545EDA4B6A5EB3D54F097E39regD2E4E5D03B455CB12315AAAE94BFA0EBregD3C815102019A06336C4ABF2FE99B387regD3D4DECFAA48344C7C3EBB17DBCAFD68regD44131313C4D8AEFC0E6C925DF8A671FregD456BCC2DF1C8FA9CB4FB9B6F0835C7EregD50F9B5ED4611422AEC8A7EC3F861D8EMicrosoft Office Groove Embedded FileregD544BDB7ED1BCB84873422D3DE9D657EregD5A89C89B1E11C4D1FCAC439B8B055FBregD5B007FEA6B3CCDBF01974A86EDAD17AregD5D837497A6C7C7CED1FA701E8DA6E34regD6B9392D1D2F06EC97168A74D9EC191EregD6D640DE87DC375A83C29C88F814974AregD6FC568C621A7AEF24997DE825355C31regD7710EFCA85DCF7491F178B926E6B268regD7B3BCD3196ECCB494C521147AA000ABregD95B5C5BB17B95646B0B0FBD8B58BDBCThemesregDA877FAD358020A0C71DB386AC55506EregDB168F409547E93E2AE324069CE20EA2regDC37D24630AAC686C066A50852E44E93regDCB972E3FA1DA8A7006BFD8EADB64361regDCC45A20C92AB40CB22C7281EA0923F8regDCDA41E66B5CA3503C41F512680BE69AregDD01770281F953CFD7BC191ECA0A8EC5regDD10EED7CC53DC62AA7AD3256FE6F311regDDD62D74194B06933590D2D879DC8794regDF2B73ADC0AA3A3351C4AF92D876B8D8regDF92398A5E4C65784FD0553C30AC473EregE1A26961142A18F0623992D84123AFD0regE2B9AEB1B31BE8A1D4E68304B7493C37regE2C31DE2D77B66B8FBED58C1B208B21CregE397AA832BAE7A375D2738A19D504E10regE3F77889EFDDD93F2DB484896584E441regE43485B826127CE5BD8F1BE44722C562regE455CCA81AA57C8799F61B017F848CF3regE481697159E58924BD21DCCF9E112CA0regE4E2237082280178FE538B3985448CB0Open as Notebook in OneNoteregE4E6D7B9CC31027603A349866C1C53D4&Send Options...,0,2regE78D9B0AEE2E321289E5A6F0DDC9D924regE917E57D0891419719AC51E2801EF51BregE9E3B17824F4505F363F0D362329B9C1regEA202EFD5FD101C2B184EDDB57E55BEBregEB7203972630158AAE797F352E6DA127Lotus 1-2-3 WK1 (*.wk1)regEB98F7EDDCB3D37CA855CD49F8B31BCAregEC74DD1510114A32ABB22D6B217B3EE3regECC565D28E4E96B16C0B697C12E6B19AMicrosoft &Word DocumentregED84E5336FE8492ED6273CB7E3EB75EAregEDD11B71325AA9EC0DE58ED3AE96F87DregEE0BA374B05A0559695FD9D6E5A55BB2regEE1E2A84470328029A5EC48BC546EC4ECalendar Gadget for Windows SideShowregEE60633F011A36F7FA4BDCFEE3A490CDregEE9BDB70173098D6218403F03CE5B02AregEF4B108A2B9FD1738994EC7239D28380regEFF39F3E2B317B2D1DA0D62696F0A4FAregF094360D874E4492800D0ACFCC9407BCregF13487211B5A08E25768664AC300E08AMicrosoft Office SmartArt Graphic Color VariationregF22F752A874B164E6D6E92A4EC61C6BAregF3FF9A5103275DD978C2AD3A03EFC794regF5897D437ADC7ED9C0CEA03BDF2ED4EDregF604188FF1CD4919935412663729B551regF6339D87EE880EB383F96B1E13C93EC8DocumentregF63FB64D006514D02483C5CD54B4D4B8regF663B95F47A47C74281BFBA0E2FB61FB&Open with Microsoft Expression WebregF6E21A807BB1958A34B612944832851DMacro-Enabled WorksheetregF6F09C4D2A64A01254D07FD1B10106BATemplatesregF7656B9AFFC431F2324A2C4CF2009037regF7BC54C1CB3DA3C3B5ADDDD63D08B25AregF8D5B680BDD4E0F126820586D19718FCregF8F7EAA0654F712EB1D8CDFACD33B4ADregF99CF3C23286FA67A4B013A829D83644Microsoft Outlook Mobile ServiceregFA675AB5A1D668A6742159FA1326A62EMicrosoft Office SmartArt Graphic LayoutregFAB647A1F1E4D829747EC88643AD9EE7regFC18C14E7C6A319CDFE01E90CDA4147FregFC4F9CDCD16B45FCDE66E404485875DDregFCACB123CA8FF08926334B6981B173F0regFD5FF91D29F7BD094F539CCCDF858982regFD91F1A1A29B8C6F661453628D2A40B4Using Microsoft &Outlook...regFE6A4E0C86DA67FB0B5762A72C995239regFE8CDE0ADAD4B69A3F746FF24458FFEEregFE90DC5BA76CF7277965BCD020CEE266regFEEE347AC1FC34D072DC04F88EF8B147regFF9B7CDF553441E64D8D4F0C8C6247C7Copy Picture to Office{00020803-0000-0000-C000-000000000046}LocalServer32Global_Graph_Core{00020820-0000-0000-C000-000000000046}LocalServerGlobal_Excel_Core{00020821-0000-0000-C000-000000000046}{00020830-0000-0000-C000-000000000046}{00020832-0000-0000-C000-000000000046}{00020833-0000-0000-C000-000000000046}{00020906-0000-0000-C000-000000000046}Global_Word_Core{00021A14-0000-0000-C000-000000000046}Global_Visio_visioexe{048EB43E-2059-422F-95E0-557DA96038AF}Global_PowerPoint_Core{18A06B6B-2F3F-4E2B-A611-52BE631B2D22}{3C18EAE4-BC25-4134-B7DF-1ECA1337DDDC}{64818D10-4F9B-11CF-86EA-00AA00B929E8}{64818D11-4F9B-11CF-86EA-00AA00B929E8}{74B78F3A-C8C8-11D1-BE11-00C04FB6FAF1}Global_Project_ClientCore{75D01070-1234-44E9-82F6-DB5B39A47C13}{8A624388-AA27-43E0-89F8-2A12BFF7BCCD}Microsoft Office Word Macro-Enabled Template{912ABC52-36E2-4714-8E62-A8B73CA5E390}{AA14F9C9-62B5-4637-8AC4-8F25BF29D5A7}{CF4F55F4-8F87-4D47-80BB-5808164BB3F8}{DC020317-E6E2-4A62-B9FA-B3EFE16626F4}{F4754C9B-64F5-4B40-8AF4-679732AC0607}
Installation Transform
Localization Transform for Microsoft Office
Microsoft Corporation
Installer,MSI,Database,Release
This Installer database contains the logic and data required to install Microsoft Office.
{00000000-0000-0000-0000-000000000000}1.0.0.0;{00000000-0000-0000-0000-000000000000}1.0.0.0;{00000000-0000-0000-0000-000000000000}
Lumiere
ShellUI.MST
"20181027114553.422","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","memory","VirtualAllocEx","SUCCESS","0x00150000","th32ProcessID->1360","szExeFile->8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","lpAddress->0x00000000","dwSize->6144","flAllocationType->0x00001000","flProtect->0x00000004"
"20181027114553.422","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","memory","VirtualAllocEx","SUCCESS","0x00260000","th32ProcessID->1360","szExeFile->8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","lpAddress->0x00000000","dwSize->377102","flAllocationType->0x00001000","flProtect->0x00000004"
"20181027114553.432","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","memory","VirtualAllocEx","SUCCESS","0x00160000","th32ProcessID->1360","szExeFile->8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","lpAddress->0x00000000","dwSize->5390","flAllocationType->0x00001000","flProtect->0x00000004"
"20181027114553.432","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","memory","VirtualAllocEx","SUCCESS","0x00160000","th32ProcessID->1360","szExeFile->8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","lpAddress->0x00000000","dwSize->9998","flAllocationType->0x00001000","flProtect->0x00000004"
"20181027114553.442","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","memory","VirtualAllocEx","SUCCESS","0x00160000","th32ProcessID->1360","szExeFile->8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","lpAddress->0x00000000","dwSize->26674","flAllocationType->0x00001000","flProtect->0x00000004"
"20181027114553.442","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExA","FAILURE","","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Borland\Locales"
"20181027114553.442","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExA","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Borland\Locales"
"20181027114553.442","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExA","FAILURE","","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Borland\Delphi\Locales"
"20181027114553.442","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","memory","VirtualAllocEx","SUCCESS","0x01010000","th32ProcessID->1360","szExeFile->8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","lpAddress->0x00000000","dwSize->1048576","flAllocationType->0x00002000","flProtect->0x00000001"
"20181027114553.442","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","memory","VirtualAllocEx","SUCCESS","0x01010000","th32ProcessID->1360","szExeFile->8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","lpAddress->0x01010000","dwSize->16384","flAllocationType->0x00001000","flProtect->0x00000004"
"20181027114553.462","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","memory","VirtualAllocEx","SUCCESS","0x00150000","th32ProcessID->1360","szExeFile->8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","lpAddress->0x00000000","dwSize->4096","flAllocationType->0x00001000","flProtect->0x00000040"
"20181027114553.492","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","device","DeviceIoControl","SUCCESS","","hDevice->0x00000034","dwIoControlCode->0x00390008","lpInBuffer->0x77e46318","nInBufferSize->0x00000100","lpOutBuffer->0x0012fc34","nOutBufferSize->0x00000100","lpBytesReturned->0x0012fc2c","lpOverlapped->0x00000000"
"20181027114553.492","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","device","DeviceIoControl","SUCCESS","","hDevice->0x00000034","dwIoControlCode->0x00390008","lpInBuffer->0x77e46318","nInBufferSize->0x00000100","lpOutBuffer->0x0012fc34","nOutBufferSize->0x00000100","lpBytesReturned->0x0012fc2c","lpOverlapped->0x00000000"
"20181027114553.492","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","device","DeviceIoControl","SUCCESS","","hDevice->0x00000034","dwIoControlCode->0x00390008","lpInBuffer->0x77e46318","nInBufferSize->0x00000100","lpOutBuffer->0x0012fc34","nOutBufferSize->0x00000100","lpBytesReturned->0x0012fc2c","lpOverlapped->0x00000000"
"20181027114553.492","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","device","DeviceIoControl","SUCCESS","","hDevice->0x00000034","dwIoControlCode->0x00390008","lpInBuffer->0x77e46318","nInBufferSize->0x00000100","lpOutBuffer->0x0012fc34","nOutBufferSize->0x00000100","lpBytesReturned->0x0012fc2c","lpOverlapped->0x00000000"
"20181027114553.492","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","device","DeviceIoControl","SUCCESS","","hDevice->0x00000034","dwIoControlCode->0x00390008","lpInBuffer->0x77e46318","nInBufferSize->0x00000100","lpOutBuffer->0x0012fc34","nOutBufferSize->0x00000100","lpBytesReturned->0x0012fc2c","lpOverlapped->0x00000000"
"20181027114553.492","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","device","DeviceIoControl","SUCCESS","","hDevice->0x00000034","dwIoControlCode->0x00390008","lpInBuffer->0x77e46318","nInBufferSize->0x00000100","lpOutBuffer->0x0012fc34","nOutBufferSize->0x00000100","lpBytesReturned->0x0012fc2c","lpOverlapped->0x00000000"
"20181027114553.492","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","device","DeviceIoControl","SUCCESS","","hDevice->0x00000034","dwIoControlCode->0x00390008","lpInBuffer->0x77e46318","nInBufferSize->0x00000100","lpOutBuffer->0x0012fc34","nOutBufferSize->0x00000100","lpBytesReturned->0x0012fc2c","lpOverlapped->0x00000000"
"20181027114553.492","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","CreateFileW","SUCCESS","0x000000a0","lpFileName->C:\8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","dwDesiredAccess->GENERIC_READ"
"20181027114553.492","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x000000a0","nNumberOfBytesToRead->268"
"20181027114553.492","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","CreateFileW","SUCCESS","0x000000a4","lpFileName->C:\WINDOWS\system32\HelpMe.exe","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20181027114553.492","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","memory","VirtualAllocEx","SUCCESS","0x01014000","th32ProcessID->1360","szExeFile->8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","lpAddress->0x01014000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20181027114553.492","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x000000a0","nNumberOfBytesToRead->61440"
"20181027114553.492","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x000000a4","nNumberOfBytesToWrite->61440"
"20181027114553.492","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x000000a0","nNumberOfBytesToRead->61440"
"20181027114553.492","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x000000a4","nNumberOfBytesToWrite->61440"
"20181027114553.492","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x000000a0","nNumberOfBytesToRead->61440"
"20181027114553.492","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x000000a4","nNumberOfBytesToWrite->61440"
"20181027114553.492","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x000000a0","nNumberOfBytesToRead->2048"
"20181027114553.492","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x000000a4","nNumberOfBytesToWrite->2048"
"20181027114553.502","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","synchronization","OpenMutexW","SUCCESS","0x000000b0","dwDesiredAccess->0x00120001","lpName->ShimCacheMutex"
"20181027114553.512","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x000000bc","hKey->0x000000c0","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders"
"20181027114553.512","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000bc","lpValueName->Cache"
"20181027114553.522","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","system","LoadLibraryA","SUCCESS","0x77dd0000","lpFileName->advapi32.dll"
"20181027114553.522","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","process","CreateProcessInternalW","SUCCESS","1568","lpApplicationName->(null)","lpCommandLine->C:\WINDOWS\system32\HelpMe.exe"
"20181027114553.522","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","process","WinExec","SUCCESS","","lpCmdLine->C:\WINDOWS\system32\HelpMe.exe"
"20181027114553.522","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x000000a0","nNumberOfBytesToRead->268"
"20181027114553.522","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","CreateFileW","FAILURE","","lpFileName->C:\DOCUME~1\JANETT~1\LOCALS~1\Temp\\
","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20181027114553.542","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","memory","VirtualAllocEx","SUCCESS","0x00170000","th32ProcessID->1568","szExeFile->HelpMe.exe","lpAddress->0x00000000","dwSize->65536","flAllocationType->0x00002000","flProtect->0x00000004"
"20181027114553.542","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","memory","VirtualAllocEx","SUCCESS","0x00170000","th32ProcessID->1568","szExeFile->HelpMe.exe","lpAddress->0x00170000","dwSize->257","flAllocationType->0x00001000","flProtect->0x00000004"
"20181027114553.582","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x000000a8","hKey->0x000000c4","lpSubKey->Software\Microsoft\Windows\CurrentVersion\ThemeManager"
"20181027114553.582","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","FAILURE","","hKey->0x000000a8","lpValueName->Compositing"
"20181027114553.582","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x000000a8","hKey->0x000000c4","lpSubKey->Control Panel\Desktop"
"20181027114553.582","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","FAILURE","","hKey->0x000000a8","lpValueName->LameButtonText"
"20181027114553.582","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","system","LoadLibraryA","SUCCESS","0x5ad70000","lpFileName->uxtheme.dll"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","process","CreateRemoteThread","SUCCESS","0x000000c4","lpStartAddress->0x00404008","th32ProcessID->1568","szExeFile->HelpMe.exe"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","process","CreateRemoteThread","SUCCESS","0x000000c8","lpStartAddress->0x00404008","th32ProcessID->1568","szExeFile->HelpMe.exe"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegCreateKeyExW","SUCCESS","0x000000d4","hKey->HKEY_LOCAL_MACHINE","lpSubKey->SoftWare\Microsoft\Windows NT\CurrentVersion\Winlogon"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegSetValueExA","SUCCESS","","hKey->0x000000d4","lpValueName->Shell","dwType->1","lpData->Explorer.exe  HelpMe.exe","cbData->25"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegCreateKeyExW","SUCCESS","0x000000d8","hKey->HKEY_LOCAL_MACHINE","lpSubKey->SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegSetValueExA","SUCCESS","","hKey->0x000000d8","lpValueName->CheckedValue","dwType->4","lpData->0","cbData->4"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegCreateKeyExW","SUCCESS","0x000000e0","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000e0","lpValueName->Startup"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegCreateKeyExW","SUCCESS","0x000000e0","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegSetValueExW","SUCCESS","","hKey->0x000000e0","lpValueName->Startup","dwType->1","lpData->C:\Documents and Settings\janettedoe\Start Menu\Programs\Startup","cbData->130"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","system","LoadLibraryA","SUCCESS","0x774e0000","lpFileName->ole32.dll"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x000000e4","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","FAILURE","","hKey->0x000000e4","lpValueName->NoNetHood"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x000000e4","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","FAILURE","","hKey->0x000000e4","lpValueName->NoPropertiesMyComputer"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x000000d0","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","FAILURE","","hKey->0x000000d0","lpValueName->NoInternetIcon"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExA","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Applications\8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x000000d0","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","FAILURE","","hKey->0x000000d0","lpValueName->NoCommonGroups"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExA","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Objects\{20D04FE0-3AEA-1069-A2D8-08002B30309D}"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x000000d0","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","FAILURE","","hKey->0x000000d0","lpValueName->NoControlPanel"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x000000d0","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","FAILURE","","hKey->0x000000d0","lpValueName->NoSetFolders"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExA","SUCCESS","0x000000d2","hKey->HKEY_CLASSES_ROOT","lpSubKey->CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000d2","lpValueName->(null)"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x000000e8","hKey->HKEY_LOCAL_MACHINE","lpSubKey->System\Setup"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000e8","lpValueName->SystemSetupInProgress"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->SYSTEM\CurrentControlSet\Control\MiniNT"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x000000e8","hKey->HKEY_LOCAL_MACHINE","lpSubKey->System\WPA\PnP"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000e8","lpValueName->seed"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x000000e8","hKey->HKEY_LOCAL_MACHINE","lpSubKey->SYSTEM\Setup"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000e8","lpValueName->OsLoaderPath"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000e8","lpValueName->OsLoaderPath"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x000000e8","hKey->HKEY_LOCAL_MACHINE","lpSubKey->SYSTEM\Setup"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000e8","lpValueName->SystemPartition"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000e8","lpValueName->SystemPartition"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x000000e8","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Setup"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000e8","lpValueName->SourcePath"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000e8","lpValueName->SourcePath"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x000000e8","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Setup"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000e8","lpValueName->ServicePackSourcePath"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000e8","lpValueName->ServicePackSourcePath"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x000000e8","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Setup"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000e8","lpValueName->ServicePackCachePath"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000e8","lpValueName->ServicePackCachePath"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x000000e8","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Setup"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000e8","lpValueName->DriverCachePath"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000e8","lpValueName->DriverCachePath"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x000000e8","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000e8","lpValueName->DevicePath"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","synchronization","CreateMutexW","SUCCESS","0x000000e4","lpName->(null)"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","synchronization","CreateMutexW","SUCCESS","0x000000f0","lpName->(null)"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","synchronization","CreateMutexW","SUCCESS","0x000000f8","lpName->(null)"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","SUCCESS","0x000000fc","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Setup"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000fc","lpValueName->LogLevel"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000fc","lpValueName->LogLevel"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegQueryValueExW","FAILURE","","hKey->0x000000fc","lpValueName->LogPath"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","FAILURE","","hKey->0x000000fc","lpSubKey->AppLogLevels"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","system","LoadLibraryA","SUCCESS","0x77920000","lpFileName->SETUPAPI.dll"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Rpc\PagedBuffers"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExA","SUCCESS","0x000000fc","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Rpc"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da\RpcThreadPoolThrottle"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Policies\Microsoft\Windows NT\Rpc"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","system","LoadLibraryW","SUCCESS","0x77e70000","lpFileName->rpcrt4.dll"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","CreateFileW","SUCCESS","0x00000120","lpFileName->\\.\PIPE\lsarpc","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","CreateFileW","SUCCESS","0x00000128","lpFileName->C:\8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","dwDesiredAccess->GENERIC_READ"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x00000124","nNumberOfBytesToWrite->65536"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x00000124","nNumberOfBytesToWrite->65536"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x00000124","nNumberOfBytesToWrite->65536"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","WriteFile","SUCCESS","","hFile->0x00000124","nNumberOfBytesToWrite->52248"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","CopyFileExW","SUCCESS","","lpExistingFileName->C:\8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","lpNewFileName->C:\AutoRun.exe"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","CreateFileW","SUCCESS","0x00000128","lpFileName->C:\8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","dwDesiredAccess->GENERIC_READ"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d970b075473b7eac672eb75da","2020","filesystem","ReadFile","SUCCESS","","hFile->0x00000128","nNumberOfBytesToRead->268"
"20181027114558.499","1360","8b14510c9a29b06329c00a6c49ac11dfedcc943d97[autorun]
open=AutoRun.exe
shell\1=Open
shell\1\Command=AutoRun.exe
shell\2\=Browser
shell\2\Command=AutoRun.exe
shellexecute=AutoRun.exe
AUTORUN.INF
[autorun]
open=AutoRun.exe
shell\1=Open
shell\1\Command=AutoRun.exe
shell\2\=Browser
shell\2\Command=AutoRun.exe
shellexecute=AutoRun.exe
AUTORUN.INF
[autorun]
open=AutoRun.exe
shell\1=Open
shell\1\Command=AutoRun.exe
shell\2\=Browser
shell\2\Command=AutoRun.exe
shellexecute=AutoRun.exe
AUTORUN.INF
"20191004215739.280","612","HelpMe.exe","1236","registry","RegOpenKeyExA","FAILURE","","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Borland\Locales"
"20191004215739.280","612","HelpMe.exe","1236","registry","RegOpenKeyExA","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Borland\Locales"
"20191004215739.280","612","HelpMe.exe","1236","registry","RegOpenKeyExA","FAILURE","","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Borland\Delphi\Locales"
"20191004215739.280","612","HelpMe.exe","1236","memory","VirtualAllocEx","SUCCESS","0x01010000","th32ProcessID->612","szExeFile->HelpMe.exe","lpAddress->0x00000000","dwSize->1048576","flAllocationType->0x00002000","flProtect->0x00000001"
"20191004215739.280","612","HelpMe.exe","1236","memory","VirtualAllocEx","SUCCESS","0x01010000","th32ProcessID->612","szExeFile->HelpMe.exe","lpAddress->0x01010000","dwSize->16384","flAllocationType->0x00001000","flProtect->0x00000004"
"20191004215739.290","612","HelpMe.exe","1236","memory","VirtualAllocEx","SUCCESS","0x01310000","th32ProcessID->612","szExeFile->HelpMe.exe","lpAddress->0x00000000","dwSize->4096","flAllocationType->0x00001000","flProtect->0x00000040"
"20191004215739.290","612","HelpMe.exe","1236","device","DeviceIoControl","SUCCESS","","hDevice->0x00000034","dwIoControlCode->0x00390008","lpInBuffer->0x77e46318","nInBufferSize->0x00000100","lpOutBuffer->0x0012fc34","nOutBufferSize->0x00000100","lpBytesReturned->0x0012fc2c","lpOverlapped->0x00000000"
"20191004215739.290","612","HelpMe.exe","1236","device","DeviceIoControl","SUCCESS","","hDevice->0x00000034","dwIoControlCode->0x00390008","lpInBuffer->0x77e46318","nInBufferSize->0x00000100","lpOutBuffer->0x0012fc34","nOutBufferSize->0x00000100","lpBytesReturned->0x0012fc2c","lpOverlapped->0x00000000"
"20191004215739.290","612","HelpMe.exe","1236","device","DeviceIoControl","SUCCESS","","hDevice->0x00000034","dwIoControlCode->0x00390008","lpInBuffer->0x77e46318","nInBufferSize->0x00000100","lpOutBuffer->0x0012fc34","nOutBufferSize->0x00000100","lpBytesReturned->0x0012fc2c","lpOverlapped->0x00000000"
"20191004215739.290","612","HelpMe.exe","1236","device","DeviceIoControl","SUCCESS","","hDevice->0x00000034","dwIoControlCode->0x00390008","lpInBuffer->0x77e46318","nInBufferSize->0x00000100","lpOutBuffer->0x0012fc34","nOutBufferSize->0x00000100","lpBytesReturned->0x0012fc2c","lpOverlapped->0x00000000"
"20191004215739.290","612","HelpMe.exe","1236","device","DeviceIoControl","SUCCESS","","hDevice->0x00000034","dwIoControlCode->0x00390008","lpInBuffer->0x77e46318","nInBufferSize->0x00000100","lpOutBuffer->0x0012fc34","nOutBufferSize->0x00000100","lpBytesReturned->0x0012fc2c","lpOverlapped->0x00000000"
"20191004215739.290","612","HelpMe.exe","1236","device","DeviceIoControl","SUCCESS","","hDevice->0x00000034","dwIoControlCode->0x00390008","lpInBuffer->0x77e46318","nInBufferSize->0x00000100","lpOutBuffer->0x0012fc34","nOutBufferSize->0x00000100","lpBytesReturned->0x0012fc2c","lpOverlapped->0x00000000"
"20191004215739.290","612","HelpMe.exe","1236","device","DeviceIoControl","SUCCESS","","hDevice->0x00000034","dwIoControlCode->0x00390008","lpInBuffer->0x77e46318","nInBufferSize->0x00000100","lpOutBuffer->0x0012fc34","nOutBufferSize->0x00000100","lpBytesReturned->0x0012fc2c","lpOverlapped->0x00000000"
"20191004215739.300","612","HelpMe.exe","1236","filesystem","CreateFileW","SUCCESS","0x00000090","lpFileName->C:\WINDOWS\system32\HelpMe.exe","dwDesiredAccess->GENERIC_READ"
"20191004215739.300","612","HelpMe.exe","1236","filesystem","ReadFile","SUCCESS","","hFile->0x00000090","nNumberOfBytesToRead->268"
"20191004215739.300","612","HelpMe.exe","1236","filesystem","CreateFileW","FAILURE","","lpFileName->C:\WINDOWS\system32\HelpMe.exe","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20191004215739.300","612","HelpMe.exe","1236","memory","VirtualAllocEx","SUCCESS","0x00990000","th32ProcessID->612","szExeFile->HelpMe.exe","lpAddress->0x00000000","dwSize->65536","flAllocationType->0x00002000","flProtect->0x00000004"
"20191004215739.300","612","HelpMe.exe","1236","memory","VirtualAllocEx","SUCCESS","0x00990000","th32ProcessID->612","szExeFile->HelpMe.exe","lpAddress->0x00990000","dwSize->257","flAllocationType->0x00001000","flProtect->0x00000004"
"20191004215739.310","612","HelpMe.exe","1236","registry","RegOpenKeyExW","SUCCESS","0x00000088","hKey->0x0000009c","lpSubKey->Software\Microsoft\Windows\CurrentVersion\ThemeManager"
"20191004215739.310","612","HelpMe.exe","1236","registry","RegQueryValueExW","FAILURE","","hKey->0x00000088","lpValueName->Compositing"
"20191004215739.310","612","HelpMe.exe","1236","registry","RegOpenKeyExW","SUCCESS","0x00000088","hKey->0x0000009c","lpSubKey->Control Panel\Desktop"
"20191004215739.310","612","HelpMe.exe","1236","registry","RegQueryValueExW","FAILURE","","hKey->0x00000088","lpValueName->LameButtonText"
"20191004215739.310","612","HelpMe.exe","1236","system","LoadLibraryA","SUCCESS","0x5ad70000","lpFileName->uxtheme.dll"
612.csv
[autorun]
open=AutoRun.exe
shell\1=Open
shell\1\Command=AutoRun.exe
shell\2\=Browser
shell\2\Command=AutoRun.exe
shellexecute=AutoRun.exe
AUTORUN.INF
[autorun]
open=AutoRun.exe
shell\1=Open
shell\1\Command=AutoRun.exe
shell\2\=Browser
shell\2\Command=AutoRun.exe
shellexecute=AutoRun.exe
AUTORUN.INF
[autorun]
open=AutoRun.exe
shell\1=Open
shell\1\Command=AutoRun.exe
shell\2\=Browser
shell\2\Command=AutoRun.exe
shellexecute=AutoRun.exe
AUTORUN.INF
[autorun]
open=AutoRun.exe
shell\1=Open
shell\1\Command=AutoRun.exe
shell\2\=Browser
shell\2\Command=AutoRun.exe
shellexecute=AutoRun.exe
AUTORUN.INF
[autorun]
open=AutoRun.exe
shell\1=Open
shell\1\Command=AutoRun.exe
shell\2\=Browser
shell\2\Command=AutoRun.exe
shellexecute=AutoRun.exe
AUTORUN.INF
[autorun]
open=AutoRun.exe
shell\1=Open
shell\1\Command=AutoRun.exe
shell\2\=Browser
shell\2\Command=AutoRun.exe
shellexecute=AutoRun.exe
AUTORUN.INF
[autorun]
open=AutoRun.exe
shell\1=Open
shell\1\Command=AutoRun.exe
shell\2\=Browser
shell\2\Command=AutoRun.exe
shellexecute=AutoRun.exe
AUTORUN.INF
[autorun]
open=AutoRun.exe
shell\1=Open
shell\1\Command=AutoRun.exe
shell\2\=Browser
shell\2\Command=AutoRun.exe
shellexecute=AutoRun.exe
AUTORUN.INF
[autorun]
open=AutoRun.exe
shell\1=Open
shell\1\Command=AutoRun.exe
shell\2\=Browser
shell\2\Command=AutoRun.exe
shellexecute=AutoRun.exe
AUTORUN.INF
"20191006111445.052","1632","HelpMe.exe","1548","registry","RegOpenKeyExA","FAILURE","","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Borland\Locales"
"20191006111445.052","1632","HelpMe.exe","1548","registry","RegOpenKeyExA","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Borland\Locales"
"20191006111445.052","1632","HelpMe.exe","1548","registry","RegOpenKeyExA","FAILURE","","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Borland\Delphi\Locales"
"20191006111445.052","1632","HelpMe.exe","1548","memory","VirtualAllocEx","SUCCESS","0x01030000","th32ProcessID->1632","szExeFile->HelpMe.exe","lpAddress->0x00000000","dwSize->1048576","flAllocationType->0x00002000","flProtect->0x00000001"
"20191006111445.052","1632","HelpMe.exe","1548","memory","VirtualAllocEx","SUCCESS","0x01030000","th32ProcessID->1632","szExeFile->HelpMe.exe","lpAddress->0x01030000","dwSize->16384","flAllocationType->0x00001000","flProtect->0x00000004"
"20191006111445.062","1632","HelpMe.exe","1548","memory","VirtualAllocEx","SUCCESS","0x008f0000","th32ProcessID->1632","szExeFile->HelpMe.exe","lpAddress->0x00000000","dwSize->4096","flAllocationType->0x00001000","flProtect->0x00000040"
"20191006111445.062","1632","HelpMe.exe","1548","device","DeviceIoControl","SUCCESS","","hDevice->0x00000034","dwIoControlCode->0x00390008","lpInBuffer->0x77e46318","nInBufferSize->0x00000100","lpOutBuffer->0x0012fc34","nOutBufferSize->0x00000100","lpBytesReturned->0x0012fc2c","lpOverlapped->0x00000000"
"20191006111445.062","1632","HelpMe.exe","1548","device","DeviceIoControl","SUCCESS","","hDevice->0x00000034","dwIoControlCode->0x00390008","lpInBuffer->0x77e46318","nInBufferSize->0x00000100","lpOutBuffer->0x0012fc34","nOutBufferSize->0x00000100","lpBytesReturned->0x0012fc2c","lpOverlapped->0x00000000"
"20191006111445.062","1632","HelpMe.exe","1548","device","DeviceIoControl","SUCCESS","","hDevice->0x00000034","dwIoControlCode->0x00390008","lpInBuffer->0x77e46318","nInBufferSize->0x00000100","lpOutBuffer->0x0012fc34","nOutBufferSize->0x00000100","lpBytesReturned->0x0012fc2c","lpOverlapped->0x00000000"
"20191006111445.062","1632","HelpMe.exe","1548","device","DeviceIoControl","SUCCESS","","hDevice->0x00000034","dwIoControlCode->0x00390008","lpInBuffer->0x77e46318","nInBufferSize->0x00000100","lpOutBuffer->0x0012fc34","nOutBufferSize->0x00000100","lpBytesReturned->0x0012fc2c","lpOverlapped->0x00000000"
"20191006111445.062","1632","HelpMe.exe","1548","device","DeviceIoControl","SUCCESS","","hDevice->0x00000034","dwIoControlCode->0x00390008","lpInBuffer->0x77e46318","nInBufferSize->0x00000100","lpOutBuffer->0x0012fc34","nOutBufferSize->0x00000100","lpBytesReturned->0x0012fc2c","lpOverlapped->0x00000000"
"20191006111445.062","1632","HelpMe.exe","1548","device","DeviceIoControl","SUCCESS","","hDevice->0x00000034","dwIoControlCode->0x00390008","lpInBuffer->0x77e46318","nInBufferSize->0x00000100","lpOutBuffer->0x0012fc34","nOutBufferSize->0x00000100","lpBytesReturned->0x0012fc2c","lpOverlapped->0x00000000"
"20191006111445.062","1632","HelpMe.exe","1548","device","DeviceIoControl","SUCCESS","","hDevice->0x00000034","dwIoControlCode->0x00390008","lpInBuffer->0x77e46318","nInBufferSize->0x00000100","lpOutBuffer->0x0012fc34","nOutBufferSize->0x00000100","lpBytesReturned->0x0012fc2c","lpOverlapped->0x00000000"
"20191006111445.062","1632","HelpMe.exe","1548","filesystem","CreateFileW","SUCCESS","0x00000090","lpFileName->C:\WINDOWS\system32\HelpMe.exe","dwDesiredAccess->GENERIC_READ"
"20191006111445.072","1632","HelpMe.exe","1548","filesystem","ReadFile","SUCCESS","","hFile->0x00000090","nNumberOfBytesToRead->268"
"20191006111445.072","1632","HelpMe.exe","1548","filesystem","CreateFileW","FAILURE","","lpFileName->C:\WINDOWS\system32\HelpMe.exe","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20191006111445.072","1632","HelpMe.exe","1548","memory","VirtualAllocEx","SUCCESS","0x00910000","th32ProcessID->1632","szExeFile->HelpMe.exe","lpAddress->0x00000000","dwSize->65536","flAllocationType->0x00002000","flProtect->0x00000004"
"20191006111445.072","1632","HelpMe.exe","1548","memory","VirtualAllocEx","SUCCESS","0x00910000","th32ProcessID->1632","szExeFile->HelpMe.exe","lpAddress->0x00910000","dwSize->257","flAllocationType->0x00001000","flProtect->0x00000004"
"20191006111445.082","1632","HelpMe.exe","1548","registry","RegOpenKeyExW","SUCCESS","0x00000088","hKey->0x0000009c","lpSubKey->Software\Microsoft\Windows\CurrentVersion\ThemeManager"
"20191006111445.082","1632","HelpMe.exe","1548","registry","RegQueryValueExW","FAILURE","","hKey->0x00000088","lpValueName->Compositing"
"20191006111445.082","1632","HelpMe.exe","1548","registry","RegOpenKeyExW","SUCCESS","0x00000088","hKey->0x0000009c","lpSubKey->Control Panel\Desktop"
"20191006111445.082","1632","HelpMe.exe","1548","registry","RegQueryValueExW","FAILURE","","hKey->0x00000088","lpValueName->LameButtonText"
"20191006111445.082","1632","HelpMe.exe","1548","system","LoadLibraryA","SUCCESS","0x5ad70000","lpFileName->uxtheme.dll"
1632.csv
[autorun]
open=AutoRun.exe
shell\1=Open
shell\1\Command=AutoRun.exe
shell\2\=Browser
shell\2\Command=AutoRun.exe
shellexecute=AutoRun.exe
AUTORUN.INF
[.ShellClassInfo]
CLSID={645FF040-5081-101B-9F08-00AA002F954E}
LocalizedResourceName=@%SystemRoot%\system32\shell32.dll,-8964
desktop.ini
"20191007071925.203","1012","HelpMe.exe","1796","registry","RegOpenKeyExA","FAILURE","","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Borland\Locales"
"20191007071925.203","1012","HelpMe.exe","1796","registry","RegOpenKeyExA","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Borland\Locales"
"20191007071925.203","1012","HelpMe.exe","1796","registry","RegOpenKeyExA","FAILURE","","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Borland\Delphi\Locales"
"20191007071925.203","1012","HelpMe.exe","1796","memory","VirtualAllocEx","SUCCESS","0x01080000","th32ProcessID->1012","szExeFile->HelpMe.exe","lpAddress->0x00000000","dwSize->1048576","flAllocationType->0x00002000","flProtect->0x00000001"
"20191007071925.203","1012","HelpMe.exe","1796","memory","VirtualAllocEx","SUCCESS","0x01080000","th32ProcessID->1012","szExeFile->HelpMe.exe","lpAddress->0x01080000","dwSize->16384","flAllocationType->0x00001000","flProtect->0x00000004"
"20191007071925.203","1012","HelpMe.exe","1796","memory","VirtualAllocEx","SUCCESS","0x008f0000","th32ProcessID->1012","szExeFile->HelpMe.exe","lpAddress->0x00000000","dwSize->4096","flAllocationType->0x00001000","flProtect->0x00000040"
"20191007071925.213","1012","HelpMe.exe","1796","device","DeviceIoControl","SUCCESS","","hDevice->0x00000034","dwIoControlCode->0x00390008","lpInBuffer->0x77e46318","nInBufferSize->0x00000100","lpOutBuffer->0x0012fc34","nOutBufferSize->0x00000100","lpBytesReturned->0x0012fc2c","lpOverlapped->0x00000000"
"20191007071925.213","1012","HelpMe.exe","1796","device","DeviceIoControl","SUCCESS","","hDevice->0x00000034","dwIoControlCode->0x00390008","lpInBuffer->0x77e46318","nInBufferSize->0x00000100","lpOutBuffer->0x0012fc34","nOutBufferSize->0x00000100","lpBytesReturned->0x0012fc2c","lpOverlapped->0x00000000"
"20191007071925.213","1012","HelpMe.exe","1796","device","DeviceIoControl","SUCCESS","","hDevice->0x00000034","dwIoControlCode->0x00390008","lpInBuffer->0x77e46318","nInBufferSize->0x00000100","lpOutBuffer->0x0012fc34","nOutBufferSize->0x00000100","lpBytesReturned->0x0012fc2c","lpOverlapped->0x00000000"
"20191007071925.213","1012","HelpMe.exe","1796","device","DeviceIoControl","SUCCESS","","hDevice->0x00000034","dwIoControlCode->0x00390008","lpInBuffer->0x77e46318","nInBufferSize->0x00000100","lpOutBuffer->0x0012fc34","nOutBufferSize->0x00000100","lpBytesReturned->0x0012fc2c","lpOverlapped->0x00000000"
"20191007071925.213","1012","HelpMe.exe","1796","device","DeviceIoControl","SUCCESS","","hDevice->0x00000034","dwIoControlCode->0x00390008","lpInBuffer->0x77e46318","nInBufferSize->0x00000100","lpOutBuffer->0x0012fc34","nOutBufferSize->0x00000100","lpBytesReturned->0x0012fc2c","lpOverlapped->0x00000000"
"20191007071925.213","1012","HelpMe.exe","1796","device","DeviceIoControl","SUCCESS","","hDevice->0x00000034","dwIoControlCode->0x00390008","lpInBuffer->0x77e46318","nInBufferSize->0x00000100","lpOutBuffer->0x0012fc34","nOutBufferSize->0x00000100","lpBytesReturned->0x0012fc2c","lpOverlapped->0x00000000"
"20191007071925.213","1012","HelpMe.exe","1796","device","DeviceIoControl","SUCCESS","","hDevice->0x00000034","dwIoControlCode->0x00390008","lpInBuffer->0x77e46318","nInBufferSize->0x00000100","lpOutBuffer->0x0012fc34","nOutBufferSize->0x00000100","lpBytesReturned->0x0012fc2c","lpOverlapped->0x00000000"
"20191007071925.213","1012","HelpMe.exe","1796","filesystem","CreateFileW","SUCCESS","0x00000090","lpFileName->C:\WINDOWS\system32\HelpMe.exe","dwDesiredAccess->GENERIC_READ"
"20191007071925.213","1012","HelpMe.exe","1796","filesystem","ReadFile","SUCCESS","","hFile->0x00000090","nNumberOfBytesToRead->268"
"20191007071925.213","1012","HelpMe.exe","1796","filesystem","CreateFileW","FAILURE","","lpFileName->C:\WINDOWS\system32\HelpMe.exe","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20191007071925.213","1012","HelpMe.exe","1796","memory","VirtualAllocEx","SUCCESS","0x00910000","th32ProcessID->1012","szExeFile->HelpMe.exe","lpAddress->0x00000000","dwSize->65536","flAllocationType->0x00002000","flProtect->0x00000004"
"20191007071925.213","1012","HelpMe.exe","1796","memory","VirtualAllocEx","SUCCESS","0x00910000","th32ProcessID->1012","szExeFile->HelpMe.exe","lpAddress->0x00910000","dwSize->257","flAllocationType->0x00001000","flProtect->0x00000004"
"20191007071925.223","1012","HelpMe.exe","1796","registry","RegOpenKeyExW","SUCCESS","0x00000088","hKey->0x0000009c","lpSubKey->Software\Microsoft\Windows\CurrentVersion\ThemeManager"
"20191007071925.223","1012","HelpMe.exe","1796","registry","RegQueryValueExW","FAILURE","","hKey->0x00000088","lpValueName->Compositing"
"20191007071925.223","1012","HelpMe.exe","1796","registry","RegOpenKeyExW","SUCCESS","0x00000088","hKey->0x0000009c","lpSubKey->Control Panel\Desktop"
"20191007071925.223","1012","HelpMe.exe","1796","registry","RegQueryValueExW","FAILURE","","hKey->0x00000088","lpValueName->LameButtonText"
"20191007071925.223","1012","HelpMe.exe","1796","system","LoadLibraryA","SUCCESS","0x5ad70000","lpFileName->uxtheme.dll"
1012.csv
"20191007072254.161","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","memory","VirtualAllocEx","SUCCESS","0x00150000","th32ProcessID->1840","szExeFile->da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","lpAddress->0x00000000","dwSize->6144","flAllocationType->0x00001000","flProtect->0x00000004"
"20191007072254.172","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","memory","VirtualAllocEx","SUCCESS","0x00160000","th32ProcessID->1840","szExeFile->da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","lpAddress->0x00000000","dwSize->377102","flAllocationType->0x00001000","flProtect->0x00000004"
"20191007072254.205","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","memory","VirtualAllocEx","SUCCESS","0x00160000","th32ProcessID->1840","szExeFile->da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","lpAddress->0x00000000","dwSize->5390","flAllocationType->0x00001000","flProtect->0x00000004"
"20191007072254.205","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","memory","VirtualAllocEx","SUCCESS","0x00160000","th32ProcessID->1840","szExeFile->da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","lpAddress->0x00000000","dwSize->9998","flAllocationType->0x00001000","flProtect->0x00000004"
"20191007072254.205","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","memory","VirtualAllocEx","SUCCESS","0x00160000","th32ProcessID->1840","szExeFile->da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","lpAddress->0x00000000","dwSize->26674","flAllocationType->0x00001000","flProtect->0x00000004"
"20191007072254.216","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegOpenKeyExA","FAILURE","","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Borland\Locales"
"20191007072254.216","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegOpenKeyExA","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Borland\Locales"
"20191007072254.216","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegOpenKeyExA","FAILURE","","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Borland\Delphi\Locales"
"20191007072254.216","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","memory","VirtualAllocEx","SUCCESS","0x00150000","th32ProcessID->1840","szExeFile->da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","lpAddress->0x00000000","dwSize->1048576","flAllocationType->0x00002000","flProtect->0x00000001"
"20191007072254.216","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","memory","VirtualAllocEx","SUCCESS","0x00150000","th32ProcessID->1840","szExeFile->da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","lpAddress->0x00150000","dwSize->16384","flAllocationType->0x00001000","flProtect->0x00000004"
"20191007072254.227","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","memory","VirtualAllocEx","SUCCESS","0x00250000","th32ProcessID->1840","szExeFile->da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","lpAddress->0x00000000","dwSize->4096","flAllocationType->0x00001000","flProtect->0x00000040"
"20191007072254.227","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","device","DeviceIoControl","SUCCESS","","hDevice->0x00000034","dwIoControlCode->0x00390008","lpInBuffer->0x77e46318","nInBufferSize->0x00000100","lpOutBuffer->0x0012fc34","nOutBufferSize->0x00000100","lpBytesReturned->0x0012fc2c","lpOverlapped->0x00000000"
"20191007072254.227","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","device","DeviceIoControl","SUCCESS","","hDevice->0x00000034","dwIoControlCode->0x00390008","lpInBuffer->0x77e46318","nInBufferSize->0x00000100","lpOutBuffer->0x0012fc34","nOutBufferSize->0x00000100","lpBytesReturned->0x0012fc2c","lpOverlapped->0x00000000"
"20191007072254.227","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","device","DeviceIoControl","SUCCESS","","hDevice->0x00000034","dwIoControlCode->0x00390008","lpInBuffer->0x77e46318","nInBufferSize->0x00000100","lpOutBuffer->0x0012fc34","nOutBufferSize->0x00000100","lpBytesReturned->0x0012fc2c","lpOverlapped->0x00000000"
"20191007072254.227","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","device","DeviceIoControl","SUCCESS","","hDevice->0x00000034","dwIoControlCode->0x00390008","lpInBuffer->0x77e46318","nInBufferSize->0x00000100","lpOutBuffer->0x0012fc34","nOutBufferSize->0x00000100","lpBytesReturned->0x0012fc2c","lpOverlapped->0x00000000"
"20191007072254.227","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","device","DeviceIoControl","SUCCESS","","hDevice->0x00000034","dwIoControlCode->0x00390008","lpInBuffer->0x77e46318","nInBufferSize->0x00000100","lpOutBuffer->0x0012fc34","nOutBufferSize->0x00000100","lpBytesReturned->0x0012fc2c","lpOverlapped->0x00000000"
"20191007072254.227","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","device","DeviceIoControl","SUCCESS","","hDevice->0x00000034","dwIoControlCode->0x00390008","lpInBuffer->0x77e46318","nInBufferSize->0x00000100","lpOutBuffer->0x0012fc34","nOutBufferSize->0x00000100","lpBytesReturned->0x0012fc2c","lpOverlapped->0x00000000"
"20191007072254.227","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","device","DeviceIoControl","SUCCESS","","hDevice->0x00000034","dwIoControlCode->0x00390008","lpInBuffer->0x77e46318","nInBufferSize->0x00000100","lpOutBuffer->0x0012fc34","nOutBufferSize->0x00000100","lpBytesReturned->0x0012fc2c","lpOverlapped->0x00000000"
"20191007072254.238","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","CreateFileW","SUCCESS","0x000000a0","lpFileName->C:\da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","dwDesiredAccess->GENERIC_READ"
"20191007072254.238","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","ReadFile","SUCCESS","","hFile->0x000000a0","nNumberOfBytesToRead->268"
"20191007072254.249","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","CreateFileW","SUCCESS","0x000000a4","lpFileName->C:\WINDOWS\system32\HelpMe.exe","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20191007072254.249","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","memory","VirtualAllocEx","SUCCESS","0x00154000","th32ProcessID->1840","szExeFile->da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","lpAddress->0x00154000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20191007072254.249","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","ReadFile","SUCCESS","","hFile->0x000000a0","nNumberOfBytesToRead->61440"
"20191007072254.249","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","WriteFile","SUCCESS","","hFile->0x000000a4","nNumberOfBytesToWrite->61440"
"20191007072254.249","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","ReadFile","SUCCESS","","hFile->0x000000a0","nNumberOfBytesToRead->61440"
"20191007072254.249","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","WriteFile","SUCCESS","","hFile->0x000000a4","nNumberOfBytesToWrite->61440"
"20191007072254.249","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","ReadFile","SUCCESS","","hFile->0x000000a0","nNumberOfBytesToRead->61440"
"20191007072254.249","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","WriteFile","SUCCESS","","hFile->0x000000a4","nNumberOfBytesToWrite->61440"
"20191007072254.249","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","ReadFile","SUCCESS","","hFile->0x000000a0","nNumberOfBytesToRead->61440"
"20191007072254.249","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","WriteFile","SUCCESS","","hFile->0x000000a4","nNumberOfBytesToWrite->61440"
"20191007072254.249","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","ReadFile","SUCCESS","","hFile->0x000000a0","nNumberOfBytesToRead->53390"
"20191007072254.249","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","WriteFile","SUCCESS","","hFile->0x000000a4","nNumberOfBytesToWrite->53390"
"20191007072254.282","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","synchronization","OpenMutexW","SUCCESS","0x000000b0","dwDesiredAccess->0x00120001","lpName->ShimCacheMutex"
"20191007072254.293","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegOpenKeyExW","SUCCESS","0x000000bc","hKey->0x000000c0","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders"
"20191007072254.293","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000bc","lpValueName->Cache"
"20191007072254.315","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","system","LoadLibraryA","SUCCESS","0x77dd0000","lpFileName->advapi32.dll"
"20191007072254.315","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","process","CreateProcessInternalW","SUCCESS","520","lpApplicationName->(null)","lpCommandLine->C:\WINDOWS\system32\HelpMe.exe"
"20191007072254.315","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","process","WinExec","SUCCESS","","lpCmdLine->C:\WINDOWS\system32\HelpMe.exe"
"20191007072254.315","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","ReadFile","SUCCESS","","hFile->0x000000a0","nNumberOfBytesToRead->268"
"20191007072254.326","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","CreateFileW","FAILURE","","lpFileName->C:\DOCUME~1\JANETT~1\LOCALS~1\Temp\\Locales"
"20191007071925.203","1012","HelpMe.exe","1796","registry","RegOpenKeyExA","FAILURE","","hKey->HKEY_LOCAL_MAC","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20191007072254.326","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","memory","VirtualAllocEx","SUCCESS","0x00280000","th32ProcessID->520","szExeFile->HelpMe.exe","lpAddress->0x00000000","dwSize->65536","flAllocationType->0x00002000","flProtect->0x00000004"
"20191007072254.337","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","memory","VirtualAllocEx","SUCCESS","0x00280000","th32ProcessID->520","szExeFile->HelpMe.exe","lpAddress->0x00280000","dwSize->257","flAllocationType->0x00001000","flProtect->0x00000004"
"20191007072254.359","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegOpenKeyExW","SUCCESS","0x000000a8","hKey->0x000000c4","lpSubKey->Software\Microsoft\Windows\CurrentVersion\ThemeManager"
"20191007072254.359","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegQueryValueExW","FAILURE","","hKey->0x000000a8","lpValueName->Compositing"
"20191007072254.359","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegOpenKeyExW","SUCCESS","0x000000a8","hKey->0x000000c4","lpSubKey->Control Panel\Desktop"
"20191007072254.359","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegQueryValueExW","FAILURE","","hKey->0x000000a8","lpValueName->LameButtonText"
"20191007072254.359","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","system","LoadLibraryA","SUCCESS","0x5ad70000","lpFileName->uxtheme.dll"
"20191007072259.735","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","process","CreateRemoteThread","SUCCESS","0x000000c4","lpStartAddress->0x00404008","th32ProcessID->520","szExeFile->HelpMe.exe"
"20191007072259.735","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","process","CreateRemoteThread","SUCCESS","0x000000c8","lpStartAddress->0x00404008","th32ProcessID->520","szExeFile->HelpMe.exe"
"20191007072259.735","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegCreateKeyExW","SUCCESS","0x000000d4","hKey->HKEY_LOCAL_MACHINE","lpSubKey->SoftWare\Microsoft\Windows NT\CurrentVersion\Winlogon"
"20191007072259.735","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegSetValueExA","SUCCESS","","hKey->0x000000d4","lpValueName->Shell","dwType->1","lpData->Explorer.exe  HelpMe.exe","cbData->25"
"20191007072259.735","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegCreateKeyExW","SUCCESS","0x000000d8","hKey->HKEY_LOCAL_MACHINE","lpSubKey->SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL"
"20191007072259.735","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegSetValueExA","SUCCESS","","hKey->0x000000d8","lpValueName->CheckedValue","dwType->4","lpData->0","cbData->4"
"20191007072259.735","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegCreateKeyExW","SUCCESS","0x000000e0","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders"
"20191007072259.735","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000e0","lpValueName->Startup"
"20191007072259.735","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegCreateKeyExW","SUCCESS","0x000000e0","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders"
"20191007072259.735","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegSetValueExW","SUCCESS","","hKey->0x000000e0","lpValueName->Startup","dwType->1","lpData->C:\Documents and Settings\janettedoe\Start Menu\Programs\Startup","cbData->130"
"20191007072259.735","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","system","LoadLibraryA","SUCCESS","0x774e0000","lpFileName->ole32.dll"
"20191007072259.735","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20191007072259.735","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegOpenKeyExW","SUCCESS","0x000000e4","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20191007072259.735","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegQueryValueExW","FAILURE","","hKey->0x000000e4","lpValueName->NoNetHood"
"20191007072259.735","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20191007072259.735","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegOpenKeyExW","SUCCESS","0x000000e4","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20191007072259.735","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegQueryValueExW","FAILURE","","hKey->0x000000e4","lpValueName->NoPropertiesMyComputer"
"20191007072259.735","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20191007072259.735","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegOpenKeyExW","SUCCESS","0x000000d0","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20191007072259.735","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegQueryValueExW","FAILURE","","hKey->0x000000d0","lpValueName->NoInternetIcon"
"20191007072259.735","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegOpenKeyExA","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Applications\da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c"
"20191007072259.735","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20191007072259.735","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegOpenKeyExW","SUCCESS","0x000000d0","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20191007072259.735","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegQueryValueExW","FAILURE","","hKey->0x000000d0","lpValueName->NoCommonGroups"
"20191007072259.735","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegOpenKeyExA","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Objects\{20D04FE0-3AEA-1069-A2D8-08002B30309D}"
"20191007072259.735","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20191007072259.735","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegOpenKeyExW","SUCCESS","0x000000d0","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20191007072259.735","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegQueryValueExW","FAILURE","","hKey->0x000000d0","lpValueName->NoControlPanel"
"20191007072259.735","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20191007072259.735","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegOpenKeyExW","SUCCESS","0x000000d0","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20191007072259.735","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegQueryValueExW","FAILURE","","hKey->0x000000d0","lpValueName->NoSetFolders"
"20191007072259.735","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegOpenKeyExA","SUCCESS","0x000000d2","hKey->HKEY_CLASSES_ROOT","lpSubKey->CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32"
"20191007072259.735","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000d2","lpValueName->(null)"
"20191007072259.735","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegOpenKeyExW","SUCCESS","0x000000e8","hKey->HKEY_LOCAL_MACHINE","lpSubKey->System\Setup"
"20191007072259.735","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000e8","lpValueName->SystemSetupInProgress"
"20191007072259.735","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->SYSTEM\CurrentControlSet\Control\MiniNT"
"20191007072259.735","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegOpenKeyExW","SUCCESS","0x000000e8","hKey->HKEY_LOCAL_MACHINE","lpSubKey->System\WPA\PnP"
"20191007072259.735","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000e8","lpValueName->seed"
"20191007072259.735","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegOpenKeyExW","SUCCESS","0x000000e8","hKey->HKEY_LOCAL_MACHINE","lpSubKey->SYSTEM\Setup"
"20191007072259.735","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000e8","lpValueName->OsLoaderPath"
"20191007072259.735","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000e8","lpValueName->OsLoaderPath"
"20191007072259.735","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegOpenKeyExW","SUCCESS","0x000000e8","hKey->HKEY_LOCAL_MACHINE","lpSubKey->SYSTEM\Setup"
"20191007072259.735","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000e8","lpValueName->SystemPartition"
"20191007072259.735","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000e8","lpValueName->SystemPartition"
"20191007072259.735","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegOpenKeyExW","SUCCESS","0x000000e8","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Setup"
"20191007072259.735","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000e8","lpValueName->SourcePath"
"20191007072259.735","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000e8","lpValueName->SourcePath"
"20191007072259.735","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegOpenKeyExW","SUCCESS","0x000000e8","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Setup"
"20191007072259.735","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000e8","lpValueName->ServicePackSourcePath"
"20191007072259.735","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000e8","lpValueName->ServicePackSourcePath"
"20191007072259.735","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegOpenKeyExW","SUCCESS","0x000000e8","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Setup"
"20191007072259.735","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000e8","lpValueName->ServicePackCachePath"
"20191007072259.735","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000e8","lpValueName->ServicePackCachePath"
"20191007072259.735","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegOpenKeyExW","SUCCESS","0x000000e8","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Setup"
"20191007072259.735","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000e8","lpValueName->DriverCachePath"
"20191007072259.735","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000e8","lpValueName->DriverCachePath"
"20191007072259.735","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegOpenKeyExW","SUCCESS","0x000000e8","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion"
"20191007072259.735","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000e8","lpValueName->DevicePath"
"20191007072259.735","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","synchronization","CreateMutexW","SUCCESS","0x000000e4","lpName->(null)"
"20191007072259.735","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","synchronization","CreateMutexW","SUCCESS","0x000000f0","lpName->(null)"
"20191007072259.735","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","synchronization","CreateMutexW","SUCCESS","0x000000f8","lpName->(null)"
"20191007072259.735","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegOpenKeyExW","SUCCESS","0x000000fc","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Setup"
"20191007072259.735","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000fc","lpValueName->LogLevel"
"20191007072259.735","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000fc","lpValueName->LogLevel"
"20191007072259.735","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegQueryValueExW","FAILURE","","hKey->0x000000fc","lpValueName->LogPath"
"20191007072259.735","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegOpenKeyExW","FAILURE","","hKey->0x000000fc","lpSubKey->AppLogLevels"
"20191007072259.735","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","system","LoadLibraryA","SUCCESS","0x77920000","lpFileName->SETUPAPI.dll"
"20191007072259.735","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Rpc\PagedBuffers"
"20191007072259.735","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegOpenKeyExA","SUCCESS","0x000000fc","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Rpc"
"20191007072259.735","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c\RpcThreadPoolThrottle"
"20191007072259.735","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Policies\Microsoft\Windows NT\Rpc"
"20191007072259.735","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","system","LoadLibraryW","SUCCESS","0x77e70000","lpFileName->rpcrt4.dll"
"20191007072259.735","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","CreateFileW","SUCCESS","0x00000120","lpFileName->\\.\PIPE\lsarpc","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20191007072259.735","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","CreateFileW","SUCCESS","0x00000128","lpFileName->C:\da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","dwDesiredAccess->GENERIC_READ"
"20191007072259.735","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","ReadFile","SUCCESS","","hFile->0x00000128","nNumberOfBytesToRead->65536"
"20191007072259.735","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","WriteFile","SUCCESS","","hFile->0x0000012c","nNumberOfBytesToWrite->65536"
"20191007072259.735","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","ReadFile","SUCCESS","","hFile->0x00000128","nNumberOfBytesToRead->65536"
"20191007072259.735","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","WriteFile","SUCCESS","","hFile->0x0000012c","nNumberOfBytesToWrite->65536"
"20191007072259.735","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","ReadFile","SUCCESS","","hFile->0x00000128","nNumberOfBytesToRead->65536"
"20191007072259.735","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","WriteFile","SUCCESS","","hFile->0x0000012c","nNumberOfBytesToWrite->65536"
"20191007072259.735","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","ReadFile","SUCCESS","","hFile->0x00000128","nNumberOfBytesToRead->65536"
"20191007072259.735","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","WriteFile","SUCCESS","","hFile->0x0000012c","nNumberOfBytesToWrite->65536"
"20191007072259.735","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","ReadFile","SUCCESS","","hFile->0x00000128","nNumberOfBytesToRead->65536"
"20191007072259.735","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","WriteFile","SUCCESS","","hFile->0x0000012c","nNumberOfBytesToWrite->42572"
"20191007072259.735","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","ReadFile","SUCCESS","","hFile->0x00000128","nNumberOfBytesToRead->65536"
"20191007072259.735","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","CopyFileExW","SUCCESS","","lpExistingFileName->C:\da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","lpNewFileName->C:\AutoRun.exe"
"20191007072259.735","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","CreateFileW","SUCCESS","0x00000128","lpFileName->C:\AUTOEXEC.BAT","dwDesiredAccess->GENERIC_READ"
"20191007072259.735","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","ReadFile","SUCCESS","","hFile->0x00000128","nNumberOfBytesToRead->268"
"20191007072259.735","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","CreateFileW","SUCCESS","0x00000128","lpFileName->C:\da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","dwDesiredAccess->GENERIC_READ"
"20191007072259.735","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","CreateFileW","SUCCESS","0x00000130","lpFileName->C:\AUTOEXEC.BAT","dwDesiredAccess->GENERIC_READ"
"20191007072259.735","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","CreateFileW","SUCCESS","0x0000011c","lpFileName->\\.\PIPE\lsarpc","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20191007072259.746","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","CreateFileW","SUCCESS","0x00000134","lpFileName->C:\AUTOEXEC.BAT.exe","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20191007072259.746","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","device","DeviceIoControl","SUCCESS","","hDevice->0x00000124","dwIoControlCode->0x004d0008","lpInBuffer->0x00000000","nInBufferSize->0x00000000","lpOutBuffer->0x0120f37c","nOutBufferSize->0x00000208","lpBytesReturned->0x0120f374","lpOverlapped->0x00000000"
"20191007072259.746","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","CreateFileW","SUCCESS","0x00000124","lpFileName->\\.\MountPointManager","dwDesiredAccess->ATTRIBUTES"
"20191007072259.746","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","device","DeviceIoControl","FAILURE","","hDevice->0x00000124","dwIoControlCode->0x006d0008","lpInBuffer->0x0049acb0","nInBufferSize->0x00000046","lpOutBuffer->0x00498910","nOutBufferSize->0x00000020","lpBytesReturned->0x0120f374","lpOverlapped->0x00000000"
"20191007072259.746","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","memory","VirtualAllocEx","SUCCESS","0x00154000","th32ProcessID->520","szExeFile->HelpMe.exe","lpAddress->0x00154000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20191007072259.746","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","ReadFile","SUCCESS","","hFile->0x00000128","nNumberOfBytesToRead->61440"
"20191007072259.746","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","WriteFile","SUCCESS","","hFile->0x00000134","nNumberOfBytesToWrite->61440"
"20191007072259.746","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","ReadFile","SUCCESS","","hFile->0x00000128","nNumberOfBytesToRead->61440"
"20191007072259.746","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","WriteFile","SUCCESS","","hFile->0x00000134","nNumberOfBytesToWrite->61440"
"20191007072259.746","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","ReadFile","SUCCESS","","hFile->0x00000128","nNumberOfBytesToRead->61440"
"20191007072259.746","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","WriteFile","SUCCESS","","hFile->0x00000134","nNumberOfBytesToWrite->61440"
"20191007072259.746","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","ReadFile","SUCCESS","","hFile->0x00000128","nNumberOfBytesToRead->61440"
"20191007072259.746","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","WriteFile","SUCCESS","","hFile->0x00000134","nNumberOfBytesToWrite->61440"
"20191007072259.746","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","ReadFile","SUCCESS","","hFile->0x00000128","nNumberOfBytesToRead->58956"
"20191007072259.746","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","WriteFile","SUCCESS","","hFile->0x00000134","nNumberOfBytesToWrite->58956"
"20191007072259.768","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","device","DeviceIoControl","SUCCESS","","hDevice->0x00000124","dwIoControlCode->0x006d0008","lpInBuffer->0x0049acb0","nInBufferSize->0x00000046","lpOutBuffer->0x00486100","nOutBufferSize->0x000000ee","lpBytesReturned->0x0120f374","lpOverlapped->0x00000000"
"20191007072259.768","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegOpenKeyExW","SUCCESS","0x00000138","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume"
"20191007072259.768","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegOpenKeyExW","SUCCESS","0x00000140","hKey->0x00000138","lpSubKey->{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20191007072259.768","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000140","lpValueName->Data"
"20191007072259.768","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegOpenKeyExW","SUCCESS","0x00000140","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume"
"20191007072259.768","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegOpenKeyExW","SUCCESS","0x00000138","hKey->0x00000140","lpSubKey->{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20191007072259.768","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000138","lpValueName->Generation"
"20191007072259.768","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","CreateFileW","SUCCESS","0x00000138","lpFileName->\\.\MountPointManager","dwDesiredAccess->ATTRIBUTES"
"20191007072259.768","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","device","DeviceIoControl","FAILURE","","hDevice->0x00000138","dwIoControlCode->0x006d0034","lpInBuffer->0x0049bbe8","nInBufferSize->0x00000208","lpOutBuffer->0x00499fd0","nOutBufferSize->0x00000008","lpBytesReturned->0x0120f884","lpOverlapped->0x00000000"
"20191007072259.768","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","device","DeviceIoControl","SUCCESS","","hDevice->0x00000138","dwIoControlCode->0x006d0034","lpInBuffer->0x0049bbe8","nInBufferSize->0x00000208","lpOutBuffer->0x0049bdf8","nOutBufferSize->0x00000010","lpBytesReturned->0x0120f884","lpOverlapped->0x00000000"
"20191007072259.768","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","CreateFileW","SUCCESS","0x00000138","lpFileName->\\.\MountPointManager","dwDesiredAccess->ATTRIBUTES"
"20191007072259.768","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","WriteFile","SUCCESS","","hFile->0x00000134","nNumberOfBytesToWrite->268"
"20191007072259.768","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","WriteFile","SUCCESS","","hFile->0x00000134","nNumberOfBytesToWrite->268"
"20191007072259.768","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","DeleteFileW","SUCCESS","","lpFileName->C:\AUTOEXEC.BAT"
"20191007072259.768","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","device","DeviceIoControl","FAILURE","","hDevice->0x00000138","dwIoControlCode->0x006d0034","lpInBuffer->0x0049bbe8","nInBufferSize->0x00000208","lpOutBuffer->0x00499fd0","nOutBufferSize->0x00000008","lpBytesReturned->0x0120f884","lpOverlapped->0x00000000"
"20191007072259.768","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","device","DeviceIoControl","SUCCESS","","hDevice->0x00000138","dwIoControlCode->0x006d0034","lpInBuffer->0x0049bbe8","nInBufferSize->0x00000208","lpOutBuffer->0x0049be10","nOutBufferSize->0x00000010","lpBytesReturned->0x0120f884","lpOverlapped->0x00000000"
"20191007072259.768","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegCreateKeyExW","SUCCESS","0x00000138","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20191007072259.768","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegSetValueExW","SUCCESS","","hKey->0x00000138","lpValueName->BaseClass","dwType->1","lpData->Drive","cbData->12"
"20191007072259.768","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegOpenKeyExW","SUCCESS","0x00000138","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume"
"20191007072259.768","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegOpenKeyExW","SUCCESS","0x00000130","hKey->0x00000138","lpSubKey->{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20191007072259.768","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000130","lpValueName->Generation"
"20191007072259.779","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","MoveFileWithProgressW","SUCCESS","","lpExistingFileName->C:\AUTOEXEC.BAT.exe","lpNewFileName->C:\AUTOEXEC.BAT"
"20191007072259.779","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","CreateFileW","SUCCESS","0x00000134","lpFileName->C:\AutoRun.exe","dwDesiredAccess->GENERIC_READ"
"20191007072259.779","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","ReadFile","SUCCESS","","hFile->0x00000134","nNumberOfBytesToRead->268"
"20191007072259.779","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","CreateFileW","SUCCESS","0x00000134","lpFileName->C:\AUTORUN.INF","dwDesiredAccess->GENERIC_READ"
"20191007072259.779","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","ReadFile","SUCCESS","","hFile->0x00000134","nNumberOfBytesToRead->268"
"20191007072259.779","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","CreateFileW","SUCCESS","0x00000134","lpFileName->C:\da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","dwDesiredAccess->GENERIC_READ"
"20191007072259.779","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","CreateFileW","SUCCESS","0x00000138","lpFileName->C:\AUTORUN.INF","dwDesiredAccess->GENERIC_READ"
"20191007072259.779","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","CreateFileW","SUCCESS","0x00000128","lpFileName->C:\AUTORUN.INF.exe","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20191007072259.790","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","system","LoadLibraryA","SUCCESS","0x7c9c0000","lpFileName->SHELL32.dll"
"20191007072259.790","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","system","LoadLibraryA","SUCCESS","0x774e0000","lpFileName->ole32.dll"
"20191007072259.790","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegOpenKeyExW","SUCCESS","0x00000132","hKey->HKEY_CLASSES_ROOT","lpSubKey->Directory"
"20191007072259.790","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegOpenKeyExW","FAILURE","","hKey->0x00000132","lpSubKey->CurVer"
"20191007072259.790","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegOpenKeyExW","SUCCESS","0x00000142","hKey->0x00000132","lpSubKey->(null)"
"20191007072259.790","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20191007072259.790","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegOpenKeyExW","SUCCESS","0x00000130","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20191007072259.790","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegQueryValueExW","FAILURE","","hKey->0x00000130","lpValueName->DontShowSuperHidden"
"20191007072259.790","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegOpenKeyExW","SUCCESS","0x00000130","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer"
"20191007072259.790","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegOpenKeyExW","SUCCESS","0x00000148","hKey->0x00000130","lpSubKey->(null)"
"20191007072259.790","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000148","lpValueName->ShellState"
"20191007072259.790","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000148","lpValueName->ShellState"
"20191007072259.790","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20191007072259.790","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegOpenKeyExW","SUCCESS","0x00000148","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20191007072259.790","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegQueryValueExW","FAILURE","","hKey->0x00000148","lpValueName->ForceActiveDesktopOn"
"20191007072259.790","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20191007072259.790","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegOpenKeyExW","SUCCESS","0x00000148","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20191007072259.790","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegQueryValueExW","FAILURE","","hKey->0x00000148","lpValueName->NoActiveDesktop"
"20191007072259.790","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\System"
"20191007072259.790","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20191007072259.790","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegOpenKeyExW","SUCCESS","0x00000148","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20191007072259.790","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegQueryValueExW","FAILURE","","hKey->0x00000148","lpValueName->NoWebView"
"20191007072259.790","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20191007072259.790","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegOpenKeyExW","SUCCESS","0x00000148","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20191007072259.790","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegQueryValueExW","FAILURE","","hKey->0x00000148","lpValueName->ClassicShell"
"20191007072259.779","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","memory","VirtualAllocEx","SUCCESS","0x00154000","th32ProcessID->1840","szExeFile->da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","lpAddress->0x00154000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20191007072259.790","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","ReadFile","SUCCESS","","hFile->0x00000134","nNumberOfBytesToRead->61440"
"20191007072259.790","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","WriteFile","SUCCESS","","hFile->0x00000128","nNumberOfBytesToWrite->61440"
"20191007072259.790","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","ReadFile","SUCCESS","","hFile->0x00000134","nNumberOfBytesToRead->61440"
"20191007072259.790","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","WriteFile","SUCCESS","","hFile->0x00000128","nNumberOfBytesToWrite->61440"
"20191007072259.790","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","ReadFile","SUCCESS","","hFile->0x00000134","nNumberOfBytesToRead->61440"
"20191007072259.790","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","WriteFile","SUCCESS","","hFile->0x00000128","nNumberOfBytesToWrite->61440"
"20191007072259.790","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","ReadFile","SUCCESS","","hFile->0x00000134","nNumberOfBytesToRead->61440"
"20191007072259.790","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","WriteFile","SUCCESS","","hFile->0x00000128","nNumberOfBytesToWrite->61440"
"20191007072259.790","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","ReadFile","SUCCESS","","hFile->0x00000134","nNumberOfBytesToRead->58956"
"20191007072259.801","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","WriteFile","SUCCESS","","hFile->0x00000128","nNumberOfBytesToWrite->58956"
"20191007072259.801","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","ReadFile","SUCCESS","","hFile->0x00000138","nNumberOfBytesToRead->145"
"20191007072259.801","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","WriteFile","SUCCESS","","hFile->0x00000128","nNumberOfBytesToWrite->145"
"20191007072259.801","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","WriteFile","SUCCESS","","hFile->0x00000128","nNumberOfBytesToWrite->268"
"20191007072259.801","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","WriteFile","SUCCESS","","hFile->0x00000128","nNumberOfBytesToWrite->268"
"20191007072259.801","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","DeleteFileW","FAILURE","","lpFileName->C:\AUTORUN.INF"
"20191007072259.801","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","MoveFileWithProgressW","FAILURE","","lpExistingFileName->C:\AUTORUN.INF.exe","lpNewFileName->C:\AUTORUN.INF"
"20191007072259.801","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","CreateFileW","SUCCESS","0x00000128","lpFileName->C:\boot.ini","dwDesiredAccess->GENERIC_READ"
"20191007072259.801","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","ReadFile","SUCCESS","","hFile->0x00000128","nNumberOfBytesToRead->268"
"20191007072259.801","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","CreateFileW","SUCCESS","0x00000128","lpFileName->C:\da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","dwDesiredAccess->GENERIC_READ"
"20191007072259.801","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","CreateFileW","SUCCESS","0x00000138","lpFileName->C:\boot.ini","dwDesiredAccess->GENERIC_READ"
"20191007072259.801","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20191007072259.801","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegOpenKeyExW","SUCCESS","0x00000134","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20191007072259.801","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegQueryValueExW","FAILURE","","hKey->0x00000134","lpValueName->SeparateProcess"
"20191007072259.801","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20191007072259.801","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegOpenKeyExW","SUCCESS","0x00000134","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20191007072259.801","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegQueryValueExW","FAILURE","","hKey->0x00000134","lpValueName->NoNetCrawling"
"20191007072259.801","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20191007072259.801","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegOpenKeyExW","SUCCESS","0x00000134","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20191007072259.801","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegQueryValueExW","FAILURE","","hKey->0x00000134","lpValueName->NoSimpleStartMenu"
"20191007072259.801","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegOpenKeyExW","SUCCESS","0x00000134","hKey->0x00000130","lpSubKey->Advanced"
"20191007072259.801","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000134","lpValueName->Hidden"
"20191007072259.801","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000134","lpValueName->ShowCompColor"
"20191007072259.801","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000134","lpValueName->HideFileExt"
"20191007072259.801","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000134","lpValueName->DontPrettyPath"
"20191007072259.801","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000134","lpValueName->ShowInfoTip"
"20191007072259.801","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000134","lpValueName->HideIcons"
"20191007072259.801","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000134","lpValueName->MapNetDrvBtn"
"20191007072259.801","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000134","lpValueName->WebView"
"20191007072259.801","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000134","lpValueName->Filter"
"20191007072259.801","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000134","lpValueName->ShowSuperHidden"
"20191007072259.801","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000134","lpValueName->SeparateProcess"
"20191007072259.801","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000134","lpValueName->NoNetCrawling"
"20191007072259.801","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","CreateFileW","SUCCESS","0x00000148","lpFileName->C:\boot.ini.exe","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20191007072259.801","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","memory","VirtualAllocEx","SUCCESS","0x00154000","th32ProcessID->520","szExeFile->HelpMe.exe","lpAddress->0x00154000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20191007072259.801","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","ReadFile","SUCCESS","","hFile->0x00000128","nNumberOfBytesToRead->61440"
"20191007072259.812","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","WriteFile","SUCCESS","","hFile->0x00000148","nNumberOfBytesToWrite->61440"
"20191007072259.812","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","ReadFile","SUCCESS","","hFile->0x00000128","nNumberOfBytesToRead->61440"
"20191007072259.812","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","WriteFile","SUCCESS","","hFile->0x00000148","nNumberOfBytesToWrite->61440"
"20191007072259.812","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","ReadFile","SUCCESS","","hFile->0x00000128","nNumberOfBytesToRead->61440"
"20191007072259.812","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","WriteFile","SUCCESS","","hFile->0x00000148","nNumberOfBytesToWrite->61440"
"20191007072259.812","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","ReadFile","SUCCESS","","hFile->0x00000128","nNumberOfBytesToRead->61440"
"20191007072259.812","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","WriteFile","SUCCESS","","hFile->0x00000148","nNumberOfBytesToWrite->61440"
"20191007072259.812","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","ReadFile","SUCCESS","","hFile->0x00000128","nNumberOfBytesToRead->58956"
"20191007072259.812","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","WriteFile","SUCCESS","","hFile->0x00000148","nNumberOfBytesToWrite->58956"
"20191007072259.812","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","ReadFile","SUCCESS","","hFile->0x00000138","nNumberOfBytesToRead->211"
"20191007072259.812","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","WriteFile","SUCCESS","","hFile->0x00000148","nNumberOfBytesToWrite->211"
"20191007072259.812","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","WriteFile","SUCCESS","","hFile->0x00000148","nNumberOfBytesToWrite->268"
"20191007072259.812","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","WriteFile","SUCCESS","","hFile->0x00000148","nNumberOfBytesToWrite->268"
"20191007072259.812","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegOpenKeyExW","FAILURE","","hKey->0x00000142","lpSubKey->ShellEx\IconHandler"
"20191007072259.812","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegQueryValueExW","FAILURE","","hKey->0x00000142","lpValueName->DocObject"
"20191007072259.812","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegQueryValueExW","FAILURE","","hKey->0x00000142","lpValueName->BrowseInPlace"
"20191007072259.812","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegOpenKeyExW","FAILURE","","hKey->0x00000142","lpSubKey->Clsid"
"20191007072259.812","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegOpenKeyExW","SUCCESS","0x0000014a","hKey->HKEY_CLASSES_ROOT","lpSubKey->Folder"
"20191007072259.812","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegOpenKeyExW","FAILURE","","hKey->0x0000014a","lpSubKey->Clsid"
"20191007072259.812","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegQueryValueExW","FAILURE","","hKey->0x00000142","lpValueName->IsShortcut"
"20191007072259.812","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000142","lpValueName->AlwaysShowExt"
"20191007072259.812","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegQueryValueExW","FAILURE","","hKey->0x00000142","lpValueName->NeverShowExt"
"20191007072259.812","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20191007072259.812","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegOpenKeyExW","SUCCESS","0x00000148","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20191007072259.812","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegQueryValueExW","FAILURE","","hKey->0x00000148","lpValueName->UseDesktopIniCache"
"20191007072259.823","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","system","LoadLibraryA","SUCCESS","0x77120000","lpFileName->oleaut32.dll"
"20191007072259.823","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegOpenKeyExW","SUCCESS","0x00000148","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\COM3"
"20191007072259.823","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000148","lpValueName->Com+Enabled"
"20191007072259.823","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","DeleteFileW","SUCCESS","","lpFileName->C:\boot.ini"
"20191007072259.823","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","MoveFileWithProgressW","SUCCESS","","lpExistingFileName->C:\boot.ini.exe","lpNewFileName->C:\boot.ini"
"20191007072259.823","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","CreateFileW","SUCCESS","0x00000148","lpFileName->C:\CONFIG.SYS","dwDesiredAccess->GENERIC_READ"
"20191007072259.823","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","ReadFile","SUCCESS","","hFile->0x00000148","nNumberOfBytesToRead->268"
"20191007072259.823","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\COM3\Debug"
"20191007072259.823","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\COM3\Debug"
"20191007072259.823","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegOpenKeyExW","SUCCESS","0x00000148","hKey->HKEY_LOCAL_MACHINE","lpSubKey->SOFTWARE\Microsoft\OLE"
"20191007072259.823","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegQueryValueExW","FAILURE","","hKey->0x00000148","lpValueName->MinimumFreeMemPercentageToCreateProcess"
"20191007072259.823","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegQueryValueExW","FAILURE","","hKey->0x00000148","lpValueName->MinimumFreeMemPercentageToCreateObject"
"20191007072259.823","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","CreateFileW","SUCCESS","0x00000148","lpFileName->C:\da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","dwDesiredAccess->GENERIC_READ"
"20191007072259.823","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","CreateFileW","SUCCESS","0x00000140","lpFileName->C:\CONFIG.SYS","dwDesiredAccess->GENERIC_READ"
"20191007072259.823","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","CreateFileW","SUCCESS","0x00000138","lpFileName->C:\CONFIG.SYS.exe","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20191007072259.823","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","memory","VirtualAllocEx","SUCCESS","0x00154000","th32ProcessID->520","szExeFile->HelpMe.exe","lpAddress->0x00154000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20191007072259.823","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","ReadFile","SUCCESS","","hFile->0x00000148","nNumberOfBytesToRead->61440"
"20191007072259.823","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","WriteFile","SUCCESS","","hFile->0x00000138","nNumberOfBytesToWrite->61440"
"20191007072259.823","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","ReadFile","SUCCESS","","hFile->0x00000148","nNumberOfBytesToRead->61440"
"20191007072259.823","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","WriteFile","SUCCESS","","hFile->0x00000138","nNumberOfBytesToWrite->61440"
"20191007072259.823","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","ReadFile","SUCCESS","","hFile->0x00000148","nNumberOfBytesToRead->61440"
"20191007072259.823","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","WriteFile","SUCCESS","","hFile->0x00000138","nNumberOfBytesToWrite->61440"
"20191007072259.823","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","ReadFile","SUCCESS","","hFile->0x00000148","nNumberOfBytesToRead->61440"
"20191007072259.823","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","WriteFile","SUCCESS","","hFile->0x00000138","nNumberOfBytesToWrite->61440"
"20191007072259.823","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","ReadFile","SUCCESS","","hFile->0x00000148","nNumberOfBytesToRead->58956"
"20191007072259.823","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","WriteFile","SUCCESS","","hFile->0x00000138","nNumberOfBytesToWrite->58956"
"20191007072259.823","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","WriteFile","SUCCESS","","hFile->0x00000138","nNumberOfBytesToWrite->268"
"20191007072259.823","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","WriteFile","SUCCESS","","hFile->0x00000138","nNumberOfBytesToWrite->268"
"20191007072259.834","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","system","LoadLibraryA","SUCCESS","0x76fd0000","lpFileName->CLBCATQ.DLL"
"20191007072259.834","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegOpenKeyExW","SUCCESS","0x00000138","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\COM3"
"20191007072259.834","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000138","lpValueName->Com+Enabled"
"20191007072259.834","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","system","LoadLibraryA","SUCCESS","0x76fd0000","lpFileName->CLBCATQ.DLL"
"20191007072259.834","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegOpenKeyExW","SUCCESS","0x00000138","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Classes"
"20191007072259.834","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegOpenKeyExW","SUCCESS","0x00000128","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\COM3"
"20191007072259.834","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegOpenKeyExW","SUCCESS","0x00000160","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Classes"
"20191007072259.834","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegOpenKeyExW","SUCCESS","0x00000170","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\COM3"
"20191007072259.834","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegOpenKeyExW","SUCCESS","0x00000178","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\COM3"
"20191007072259.834","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegOpenKeyExW","SUCCESS","0x00000180","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Classes\CLSID"
"20191007072259.834","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegOpenKeyExW","SUCCESS","0x00000188","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Classes"
"20191007072259.834","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegOpenKeyExW","SUCCESS","0x00000190","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\COM3"
"20191007072259.834","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegOpenKeyExW","SUCCESS","0x000001a0","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\COM3"
"20191007072259.834","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegOpenKeyExW","SUCCESS","0x000001a8","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\COM3"
"20191007072259.834","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegOpenKeyExW","SUCCESS","0x000001b0","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Classes\CLSID"
"20191007072259.834","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegOpenKeyExW","SUCCESS","0x000001b8","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\COM3"
"20191007072259.834","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001b8","lpValueName->REGDBVersion"
"20191007072259.834","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","CreateFileW","SUCCESS","0x000001b8","lpFileName->C:\WINDOWS\Registration\R000000000007.clb","dwDesiredAccess->GENERIC_READ"
"20191007072259.834","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","ReadFile","SUCCESS","","hFile->0x000001b8","nNumberOfBytesToRead->22512"
"20191007072259.834","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegOpenKeyExW","SUCCESS","0x000001b8","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\COM3"
"20191007072259.834","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001b8","lpValueName->REGDBVersion"
"20191007072259.834","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","memory","VirtualAllocEx","SUCCESS","0x00300000","th32ProcessID->520","szExeFile->HelpMe.exe","lpAddress->0x00000000","dwSize->65536","flAllocationType->0x00002000","flProtect->0x00000001"
"20191007072259.834","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","memory","VirtualAllocEx","SUCCESS","0x00300000","th32ProcessID->520","szExeFile->HelpMe.exe","lpAddress->0x00300000","dwSize->4096","flAllocationType->0x00001000","flProtect->0x00000004"
"20191007072259.834","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegOpenKeyExW","SUCCESS","0x000001ba","hKey->0x00000142","lpSubKey->CLSID\{00021401-0000-0000-C000-000000000046}"
"20191007072259.834","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegOpenKeyExW","FAILURE","","hKey->0x000001ba","lpSubKey->TreatAs"
"20191007072259.834","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegOpenKeyExW","SUCCESS","0x000001c6","hKey->0x00000142","lpSubKey->(null)"
"20191007072259.834","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegOpenKeyExW","SUCCESS","0x000001ba","hKey->0x000001c6","lpSubKey->CLSID\{00021401-0000-0000-C000-000000000046}"
"20191007072259.834","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegOpenKeyExW","SUCCESS","0x000001ca","hKey->0x000001ba","lpSubKey->InprocServer32"
"20191007072259.834","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegQueryValueExW","FAILURE","","hKey->0x000001ca","lpValueName->InprocServer32"
"20191007072259.834","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegOpenKeyExW","FAILURE","","hKey->0x000001ba","lpSubKey->InprocServerX86"
"20191007072259.834","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegOpenKeyExW","FAILURE","","hKey->0x000001ba","lpSubKey->LocalServer32"
"20191007072259.834","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegOpenKeyExW","SUCCESS","0x000001ca","hKey->0x000001ba","lpSubKey->InprocServer32"
"20191007072259.834","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001ca","lpValueName->(null)"
"20191007072259.834","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegOpenKeyExW","FAILURE","","hKey->0x000001ba","lpSubKey->InprocHandler32"
"20191007072259.834","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegOpenKeyExW","FAILURE","","hKey->0x000001ba","lpSubKey->InprocHandlerX86"
"20191007072259.834","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegOpenKeyExW","FAILURE","","hKey->0x000001ba","lpSubKey->LocalServer32"
"20191007072259.834","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegOpenKeyExW","FAILURE","","hKey->0x000001ba","lpSubKey->LocalServer"
"20191007072259.834","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegOpenKeyExW","SUCCESS","0x000001ca","hKey->0x000001c6","lpSubKey->CLSID\{00021401-0000-0000-C000-000000000046}"
"20191007072259.834","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegQueryValueExW","FAILURE","","hKey->0x000001ca","lpValueName->AppID"
"20191007072259.834","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegOpenKeyExW","SUCCESS","0x000001ba","hKey->0x000001c6","lpSubKey->CLSID\{00021401-0000-0000-C000-000000000046}"
"20191007072259.834","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegOpenKeyExW","SUCCESS","0x000001ba","hKey->0x000001c6","lpSubKey->CLSID\{00021401-0000-0000-C000-000000000046}"
"20191007072259.834","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegOpenKeyExW","SUCCESS","0x000001ca","hKey->0x000001ba","lpSubKey->InprocServer32"
"20191007072259.834","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001ca","lpValueName->ThreadingModel"
"20191007072259.834","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegOpenKeyExW","SUCCESS","0x000001ba","hKey->HKEY_CLASSES_ROOT","lpSubKey->CLSID\{00021401-0000-0000-C000-000000000046}"
"20191007072259.834","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegOpenKeyExW","FAILURE","","hKey->0x000001ba","lpSubKey->TreatAs"
"20191007072259.834","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegOpenKeyExW","SUCCESS","0x000001c8","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume"
"20191007072259.834","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegOpenKeyExW","SUCCESS","0x000001cc","hKey->0x000001c8","lpSubKey->{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20191007072259.834","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001cc","lpValueName->Generation"
"20191007072259.834","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegOpenKeyExW","SUCCESS","0x000001ce","hKey->HKEY_CLASSES_ROOT","lpSubKey->Drive\shellex\FolderExtensions"
"20191007072259.834","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegOpenKeyExW","SUCCESS","0x000001ca","hKey->HKEY_CLASSES_ROOT","lpSubKey->Drive\shellex\FolderExtensions\{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"20191007072259.834","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001ca","lpValueName->DriveMask"
"20191007072259.834","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20191007072259.834","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegOpenKeyExW","SUCCESS","0x000001cc","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20191007072259.834","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegQueryValueExW","FAILURE","","hKey->0x000001cc","lpValueName->AllowFileCLSIDJunctions"
"20191007072259.834","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegCreateKeyExW","SUCCESS","0x000001cc","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders"
"20191007072259.834","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001cc","lpValueName->Personal"
"20191007072259.834","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegCreateKeyExW","SUCCESS","0x000001cc","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders"
"20191007072259.834","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegSetValueExW","SUCCESS","","hKey->0x000001cc","lpValueName->Personal","dwType->1","lpData->C:\Documents and Settings\janettedoe\My Documents","cbData->100"
"20191007072259.834","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegOpenKeyExW","SUCCESS","0x000001cc","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume"
"20191007072259.834","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegOpenKeyExW","SUCCESS","0x000001c8","hKey->0x000001cc","lpSubKey->{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20191007072259.834","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001c8","lpValueName->Generation"
"20191007072259.834","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","DeleteFileW","SUCCESS","","lpFileName->C:\CONFIG.SYS"
"20191007072259.834","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegCreateKeyExW","SUCCESS","0x000001cc","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders"
"20191007072259.834","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001cc","lpValueName->Common Documents"
"20191007072259.834","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegCreateKeyExW","SUCCESS","0x000001cc","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders"
"20191007072259.834","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegSetValueExW","SUCCESS","","hKey->0x000001cc","lpValueName->Common Documents","dwType->1","lpData->C:\Documents and Settings\All Users\Documents","cbData->92"
"20191007072259.834","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegOpenKeyExW","SUCCESS","0x000001cc","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume"
"20191007072259.834","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegOpenKeyExW","SUCCESS","0x000001d0","hKey->0x000001cc","lpSubKey->{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20191007072259.834","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001d0","lpValueName->Generation"
"20191007072259.834","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","MoveFileWithProgressW","SUCCESS","","lpExistingFileName->C:\CONFIG.SYS.exe","lpNewFileName->C:\CONFIG.SYS"
"20191007072259.834","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","CreateFileW","SUCCESS","0x000001cc","lpFileName->C:\cuckoo\additional\.gitignore","dwDesiredAccess->GENERIC_READ"
"20191007072259.834","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","ReadFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToRead->268"
"20191007072259.834","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","CreateFileW","SUCCESS","0x000001cc","lpFileName->C:\da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","dwDesiredAccess->GENERIC_READ"
"20191007072259.834","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","CreateFileW","SUCCESS","0x000001d4","lpFileName->C:\cuckoo\additional\.gitignore","dwDesiredAccess->GENERIC_READ"
"20191007072259.834","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","CreateFileW","SUCCESS","0x000001d8","lpFileName->C:\cuckoo\additional\.gitignore.exe","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20191007072259.834","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","memory","VirtualAllocEx","SUCCESS","0x00154000","th32ProcessID->520","szExeFile->HelpMe.exe","lpAddress->0x00154000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20191007072259.834","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","ReadFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToRead->61440"
"20191007072259.834","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","WriteFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToWrite->61440"
"20191007072259.834","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","ReadFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToRead->61440"
"20191007072259.834","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","WriteFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToWrite->61440"
"20191007072259.834","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","ReadFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToRead->61440"
"20191007072259.834","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","WriteFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToWrite->61440"
"20191007072259.834","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","ReadFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToRead->61440"
"20191007072259.834","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","WriteFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToWrite->61440"
"20191007072259.834","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","ReadFile","SUCCESS","","hFile->0x000001cc","nNumberOfBytesToRead->58956"
"20191007072259.834","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","WriteFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToWrite->58956"
"20191007072259.834","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","ReadFile","SUCCESS","","hFile->0x000001d4","nNumberOfBytesToRead->71"
"20191007072259.834","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","WriteFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToWrite->71"
"20191007072259.834","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","WriteFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToWrite->268"
"20191007072259.834","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","WriteFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToWrite->268"
"20191007072259.845","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegCreateKeyExW","SUCCESS","0x000001d8","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders"
"20191007072259.845","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001d8","lpValueName->Desktop"
"20191007072259.845","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegCreateKeyExW","SUCCESS","0x000001d8","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders"
"20191007072259.845","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegSetValueExW","SUCCESS","","hKey->0x000001d8","lpValueName->Desktop","dwType->1","lpData->C:\Documents and Settings\janettedoe\Desktop","cbData->90"
"20191007072259.845","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegOpenKeyExW","SUCCESS","0x000001d8","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume"
"20191007072259.845","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegOpenKeyExW","SUCCESS","0x000001d4","hKey->0x000001d8","lpSubKey->{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20191007072259.845","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001d4","lpValueName->Generation"
"20191007072259.845","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegCreateKeyExW","SUCCESS","0x000001d4","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders"
"20191007072259.845","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001d4","lpValueName->Common Desktop"
"20191007072259.845","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegCreateKeyExW","SUCCESS","0x000001d4","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders"
"20191007072259.845","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegSetValueExW","SUCCESS","","hKey->0x000001d4","lpValueName->Common Desktop","dwType->1","lpData->C:\Documents and Settings\All Users\Desktop","cbData->88"
"20191007072259.845","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegOpenKeyExW","SUCCESS","0x000001d4","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume"
"20191007072259.845","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegOpenKeyExW","SUCCESS","0x000001d8","hKey->0x000001d4","lpSubKey->{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20191007072259.845","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001d8","lpValueName->Generation"
"20191007072259.845","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegOpenKeyExW","SUCCESS","0x000001d8","hKey->0x00000130","lpSubKey->FileExts"
"20191007072259.845","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegOpenKeyExW","FAILURE","","hKey->0x000001d8","lpSubKey->."
"20191007072259.845","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegOpenKeyExW","FAILURE","","hKey->0x000001d8","lpSubKey->."
"20191007072259.845","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_CLASSES_ROOT","lpSubKey->."
"20191007072259.845","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_CLASSES_ROOT","lpSubKey->SystemFileAssociations\."
"20191007072259.845","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_CLASSES_ROOT","lpSubKey->."
"20191007072259.845","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegOpenKeyExW","SUCCESS","0x000001ce","hKey->0x00000062","lpSubKey->Network\SharingHandler"
"20191007072259.845","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001ce","lpValueName->(null)"
"20191007072259.845","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","DeleteFileW","SUCCESS","","lpFileName->C:\cuckoo\additional\.gitignore"
"20191007072259.845","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","MoveFileWithProgressW","SUCCESS","","lpExistingFileName->C:\cuckoo\additional\.gitignore.exe","lpNewFileName->C:\cuckoo\additional\.gitignore"
"20191007072259.845","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","CreateFileW","SUCCESS","0x000001d4","lpFileName->C:\cuckoo\dll\cmonitor.dll","dwDesiredAccess->GENERIC_READ"
"20191007072259.845","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","ReadFile","SUCCESS","","hFile->0x000001d4","nNumberOfBytesToRead->268"
"20191007072259.845","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegOpenKeyExW","SUCCESS","0x000001cc","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows NT\CurrentVersion\winlogon"
"20191007072259.845","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegQueryValueExW","FAILURE","","hKey->0x000001cc","lpValueName->UserEnvDebugLevel"
"20191007072259.845","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegOpenKeyExW","SUCCESS","0x000001cc","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows NT\CurrentVersion\winlogon"
"20191007072259.845","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegQueryValueExW","FAILURE","","hKey->0x000001cc","lpValueName->ChkAccDebugLevel"
"20191007072259.845","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegOpenKeyExW","SUCCESS","0x000001cc","hKey->HKEY_LOCAL_MACHINE","lpSubKey->System\CurrentControlSet\Control\ProductOptions"
"20191007072259.845","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001cc","lpValueName->ProductType"
"20191007072259.845","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegOpenKeyExW","SUCCESS","0x000001dc","hKey->0x000001d4","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders"
"20191007072259.845","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001dc","lpValueName->Personal"
"20191007072259.845","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001dc","lpValueName->Local Settings"
"20191007072259.845","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegOpenKeyExW","SUCCESS","0x000001d4","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows NT\CurrentVersion\winlogon"
"20191007072259.845","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegQueryValueExW","FAILURE","","hKey->0x000001d4","lpValueName->RsopDebugLevel"
"20191007072259.845","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegOpenKeyExW","SUCCESS","0x000001d4","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows NT\CurrentVersion\winlogon"
"20191007072259.845","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegQueryValueExW","FAILURE","","hKey->0x000001d4","lpValueName->UserEnvDebugLevel"
"20191007072259.845","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegQueryValueExW","FAILURE","","hKey->0x000001d4","lpValueName->RsopLogging"
"20191007072259.845","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Policies\Microsoft\Windows\System"
"20191007072259.845","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegOpenKeyExW","SUCCESS","0x000001d4","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows NT\CurrentVersion\winlogon"
"20191007072259.845","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegQueryValueExW","FAILURE","","hKey->0x000001d4","lpValueName->UserEnvDebugLevel"
"20191007072259.845","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Policies\Microsoft\Windows\System"
"20191007072259.845","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","system","LoadLibraryW","SUCCESS","0x773d0000","lpFileName->comctl32.dll"
"20191007072259.845","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","system","LoadLibraryW","SUCCESS","0x76990000","lpFileName->ntshrui.dll"
"20191007072259.856","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","CreateFileW","SUCCESS","0x000001d4","lpFileName->C:\da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","dwDesiredAccess->GENERIC_READ"
"20191007072259.856","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","CreateFileW","SUCCESS","0x000001e4","lpFileName->C:\cuckoo\dll\cmonitor.dll","dwDesiredAccess->GENERIC_READ"
"20191007072259.856","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","CreateFileW","SUCCESS","0x000001e8","lpFileName->C:\cuckoo\dll\cmonitor.dll.exe","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20191007072259.856","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","system","LoadLibraryA","SUCCESS","0x76980000","lpFileName->LINKINFO.dll"
"20191007072259.856","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","CreateFileW","SUCCESS","0x000001f4","lpFileName->\\.\PIPE\srvsvc","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20191007072259.856","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","memory","VirtualAllocEx","SUCCESS","0x00154000","th32ProcessID->520","szExeFile->HelpMe.exe","lpAddress->0x00154000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20191007072259.867","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","ReadFile","SUCCESS","","hFile->0x000001d4","nNumberOfBytesToRead->61440"
"20191007072259.867","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","WriteFile","SUCCESS","","hFile->0x000001e8","nNumberOfBytesToWrite->61440"
"20191007072259.867","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","ReadFile","SUCCESS","","hFile->0x000001d4","nNumberOfBytesToRead->61440"
"20191007072259.867","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","WriteFile","SUCCESS","","hFile->0x000001e8","nNumberOfBytesToWrite->61440"
"20191007072259.867","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","ReadFile","SUCCESS","","hFile->0x000001d4","nNumberOfBytesToRead->61440"
"20191007072259.867","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","WriteFile","SUCCESS","","hFile->0x000001e8","nNumberOfBytesToWrite->61440"
"20191007072259.867","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","ReadFile","SUCCESS","","hFile->0x000001d4","nNumberOfBytesToRead->61440"
"20191007072259.867","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","WriteFile","SUCCESS","","hFile->0x000001e8","nNumberOfBytesToWrite->61440"
"20191007072259.867","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","ReadFile","SUCCESS","","hFile->0x000001d4","nNumberOfBytesToRead->58956"
"20191007072259.867","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","WriteFile","SUCCESS","","hFile->0x000001e8","nNumberOfBytesToWrite->58956"
"20191007072259.867","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","memory","VirtualAllocEx","SUCCESS","0x00154000","th32ProcessID->520","szExeFile->HelpMe.exe","lpAddress->0x00154000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20191007072259.867","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","ReadFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToRead->61440"
"20191007072259.867","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","WriteFile","SUCCESS","","hFile->0x000001e8","nNumberOfBytesToWrite->61440"
"20191007072259.867","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","ReadFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToRead->61440"
"20191007072259.867","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","WriteFile","SUCCESS","","hFile->0x000001e8","nNumberOfBytesToWrite->61440"
"20191007072259.867","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","ReadFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToRead->61440"
"20191007072259.867","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","WriteFile","SUCCESS","","hFile->0x000001e8","nNumberOfBytesToWrite->61440"
"20191007072259.867","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","ReadFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToRead->12288"
"20191007072259.867","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","WriteFile","SUCCESS","","hFile->0x000001e8","nNumberOfBytesToWrite->12288"
"20191007072259.867","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","WriteFile","SUCCESS","","hFile->0x000001e8","nNumberOfBytesToWrite->268"
"20191007072259.867","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","WriteFile","SUCCESS","","hFile->0x000001e8","nNumberOfBytesToWrite->268"
"20191007072259.867","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","DeleteFileW","SUCCESS","","lpFileName->C:\cuckoo\dll\cmonitor.dll"
"20191007072259.878","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegOpenKeyExW","SUCCESS","0x000001f4","hKey->HKEY_LOCAL_MACHINE","lpSubKey->System\CurrentControlSet\Control\ProductOptions"
"20191007072259.878","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001f4","lpValueName->ProductType"
"20191007072259.878","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegOpenKeyExW","SUCCESS","0x000001f4","hKey->HKEY_LOCAL_MACHINE","lpSubKey->System\CurrentControlSet\Services\LanmanServer\DefaultSecurity"
"20191007072259.878","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegQueryValueExW","FAILURE","","hKey->0x000001f4","lpValueName->SrvsvcDefaultShareInfo"
"20191007072259.878","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","CreateFileW","SUCCESS","0x000001f0","lpFileName->\\.\PIPE\lsarpc","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20191007072259.878","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","MoveFileWithProgressW","SUCCESS","","lpExistingFileName->C:\cuckoo\dll\cmonitor.dll.exe","lpNewFileName->C:\cuckoo\dll\cmonitor.dll"
"20191007072259.878","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","CreateFileW","SUCCESS","0x000001e8","lpFileName->C:\cuckoo\dll\fajxeN.dll","dwDesiredAccess->GENERIC_READ"
"20191007072259.878","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","ReadFile","SUCCESS","","hFile->0x000001e8","nNumberOfBytesToRead->268"
"20191007072259.878","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","CreateFileW","SUCCESS","0x000001e8","lpFileName->C:\da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","dwDesiredAccess->GENERIC_READ"
"20191007072259.878","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","CreateFileW","SUCCESS","0x000001e4","lpFileName->C:\cuckoo\dll\fajxeN.dll","dwDesiredAccess->GENERIC_READ"
"20191007072259.878","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","CreateFileW","SUCCESS","0x000001d4","lpFileName->C:\cuckoo\dll\fajxeN.dll.exe","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20191007072259.878","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","CreateFileW","SUCCESS","0x000001f4","lpFileName->\\.\PIPE\srvsvc","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20191007072259.878","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","memory","VirtualAllocEx","SUCCESS","0x00154000","th32ProcessID->520","szExeFile->HelpMe.exe","lpAddress->0x00154000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20191007072259.878","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","ReadFile","SUCCESS","","hFile->0x000001e8","nNumberOfBytesToRead->61440"
"20191007072259.878","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","WriteFile","SUCCESS","","hFile->0x000001d4","nNumberOfBytesToWrite->61440"
"20191007072259.878","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","ReadFile","SUCCESS","","hFile->0x000001e8","nNumberOfBytesToRead->61440"
"20191007072259.878","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","WriteFile","SUCCESS","","hFile->0x000001d4","nNumberOfBytesToWrite->61440"
"20191007072259.878","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","ReadFile","SUCCESS","","hFile->0x000001e8","nNumberOfBytesToRead->61440"
"20191007072259.878","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","WriteFile","SUCCESS","","hFile->0x000001d4","nNumberOfBytesToWrite->61440"
"20191007072259.878","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","ReadFile","SUCCESS","","hFile->0x000001e8","nNumberOfBytesToRead->61440"
"20191007072259.878","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","WriteFile","SUCCESS","","hFile->0x000001d4","nNumberOfBytesToWrite->61440"
"20191007072259.878","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","ReadFile","SUCCESS","","hFile->0x000001e8","nNumberOfBytesToRead->58956"
"20191007072259.878","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","WriteFile","SUCCESS","","hFile->0x000001d4","nNumberOfBytesToWrite->58956"
"20191007072259.878","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","memory","VirtualAllocEx","SUCCESS","0x00154000","th32ProcessID->1840","szExeFile->da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","lpAddress->0x00154000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20191007072259.878","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","ReadFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToRead->61440"
"20191007072259.878","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","WriteFile","SUCCESS","","hFile->0x000001d4","nNumberOfBytesToWrite->61440"
"20191007072259.878","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","ReadFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToRead->61440"
"20191007072259.878","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","WriteFile","SUCCESS","","hFile->0x000001d4","nNumberOfBytesToWrite->61440"
"20191007072259.878","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","ReadFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToRead->61440"
"20191007072259.878","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","WriteFile","SUCCESS","","hFile->0x000001d4","nNumberOfBytesToWrite->61440"
"20191007072259.878","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","ReadFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToRead->12288"
"20191007072259.878","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","WriteFile","SUCCESS","","hFile->0x000001d4","nNumberOfBytesToWrite->12288"
"20191007072259.878","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","WriteFile","SUCCESS","","hFile->0x000001d4","nNumberOfBytesToWrite->268"
"20191007072259.878","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","WriteFile","SUCCESS","","hFile->0x000001d4","nNumberOfBytesToWrite->268"
"20191007072259.878","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","DeleteFileW","FAILURE","","lpFileName->C:\cuckoo\dll\fajxeN.dll"
"20191007072259.878","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","MoveFileWithProgressW","FAILURE","","lpExistingFileName->C:\cuckoo\dll\fajxeN.dll.exe","lpNewFileName->C:\cuckoo\dll\fajxeN.dll"
"20191007072259.878","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","CreateFileW","SUCCESS","0x000001d4","lpFileName->C:\cuckoo\dll\IGcyiN.dll","dwDesiredAccess->GENERIC_READ"
"20191007072259.878","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","ReadFile","SUCCESS","","hFile->0x000001d4","nNumberOfBytesToRead->268"
"20191007072259.878","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","CreateFileW","SUCCESS","0x000001d4","lpFileName->C:\da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","dwDesiredAccess->GENERIC_READ"
"20191007072259.878","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","CreateFileW","SUCCESS","0x000001e4","lpFileName->C:\cuckoo\dll\IGcyiN.dll","dwDesiredAccess->GENERIC_READ"
"20191007072259.878","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","CreateFileW","SUCCESS","0x000001e8","lpFileName->C:\cuckoo\dll\IGcyiN.dll.exe","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20191007072259.889","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","CreateFileW","SUCCESS","0x000001f4","lpFileName->C:\da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","dwDesiredAccess->0x00000080"
"20191007072259.889","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","device","DeviceIoControl","SUCCESS","","hDevice->0x000001f4","dwIoControlCode->0x000900c0","lpInBuffer->0x00000000","nInBufferSize->0x00000000","lpOutBuffer->0x0120ece4","nOutBufferSize->0x00000040","lpBytesReturned->0x0120ecdc","lpOverlapped->0x00000000"
"20191007072259.889","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","CreateFileW","SUCCESS","0x000001f4","lpFileName->C:\Documents and Settings\janettedoe\Start Menu\Programs\Startup\Soft.lnk","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20191007072259.889","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","memory","VirtualAllocEx","SUCCESS","0x00154000","th32ProcessID->520","szExeFile->HelpMe.exe","lpAddress->0x00154000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20191007072259.889","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","ReadFile","SUCCESS","","hFile->0x000001d4","nNumberOfBytesToRead->61440"
"20191007072259.889","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","WriteFile","SUCCESS","","hFile->0x000001e8","nNumberOfBytesToWrite->61440"
"20191007072259.889","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","ReadFile","SUCCESS","","hFile->0x000001d4","nNumberOfBytesToRead->61440"
"20191007072259.889","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","WriteFile","SUCCESS","","hFile->0x000001e8","nNumberOfBytesToWrite->61440"
"20191007072259.889","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","ReadFile","SUCCESS","","hFile->0x000001d4","nNumberOfBytesToRead->61440"
"20191007072259.889","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","WriteFile","SUCCESS","","hFile->0x000001e8","nNumberOfBytesToWrite->61440"
"20191007072259.889","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","ReadFile","SUCCESS","","hFile->0x000001d4","nNumberOfBytesToRead->61440"
"20191007072259.889","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","WriteFile","SUCCESS","","hFile->0x000001e8","nNumberOfBytesToWrite->61440"
"20191007072259.889","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","ReadFile","SUCCESS","","hFile->0x000001d4","nNumberOfBytesToRead->58956"
"20191007072259.889","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","WriteFile","SUCCESS","","hFile->0x000001e8","nNumberOfBytesToWrite->58956"
"20191007072259.889","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","memory","VirtualAllocEx","SUCCESS","0x00154000","th32ProcessID->520","szExeFile->HelpMe.exe","lpAddress->0x00154000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20191007072259.889","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","ReadFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToRead->61440"
"20191007072259.889","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","WriteFile","SUCCESS","","hFile->0x000001e8","nNumberOfBytesToWrite->61440"
"20191007072259.889","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","ReadFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToRead->61440"
"20191007072259.889","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","WriteFile","SUCCESS","","hFile->0x000001e8","nNumberOfBytesToWrite->61440"
"20191007072259.889","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","ReadFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToRead->61440"
"20191007072259.889","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","WriteFile","SUCCESS","","hFile->0x000001e8","nNumberOfBytesToWrite->61440"
"20191007072259.889","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","ReadFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToRead->12288"
"20191007072259.889","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","WriteFile","SUCCESS","","hFile->0x000001e8","nNumberOfBytesToWrite->12288"
"20191007072259.900","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegOpenKeyExW","SUCCESS","0x000001f2","hKey->HKEY_CLASSES_ROOT","lpSubKey->Drive\shellex\FolderExtensions"
"20191007072259.900","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegOpenKeyExW","SUCCESS","0x000001d6","hKey->HKEY_CLASSES_ROOT","lpSubKey->Drive\shellex\FolderExtensions\{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"20191007072259.900","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001d6","lpValueName->DriveMask"
"20191007072259.900","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","WriteFile","SUCCESS","","hFile->0x000001e8","nNumberOfBytesToWrite->268"
"20191007072259.900","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","WriteFile","SUCCESS","","hFile->0x000001e8","nNumberOfBytesToWrite->268"
"20191007072259.900","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","DeleteFileW","FAILURE","","lpFileName->C:\cuckoo\dll\IGcyiN.dll"
"20191007072259.900","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","MoveFileWithProgressW","FAILURE","","lpExistingFileName->C:\cuckoo\dll\IGcyiN.dll.exe","lpNewFileName->C:\cuckoo\dll\IGcyiN.dll"
"20191007072259.900","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","CreateFileW","SUCCESS","0x000001e8","lpFileName->C:\cuckoo\files\.gitignore","dwDesiredAccess->GENERIC_READ"
"20191007072259.900","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","ReadFile","SUCCESS","","hFile->0x000001e8","nNumberOfBytesToRead->268"
"20191007072259.900","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","CreateFileW","SUCCESS","0x000001e8","lpFileName->C:\da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","dwDesiredAccess->GENERIC_READ"
"20191007072259.900","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","CreateFileW","SUCCESS","0x000001e4","lpFileName->C:\cuckoo\files\.gitignore","dwDesiredAccess->GENERIC_READ"
"20191007072259.900","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","CreateFileW","SUCCESS","0x000001f0","lpFileName->C:\cuckoo\files\.gitignore.exe","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20191007072259.900","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegCreateKeyExW","SUCCESS","0x00000210","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders"
"20191007072259.900","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000210","lpValueName->Start Menu"
"20191007072259.900","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegCreateKeyExW","SUCCESS","0x00000210","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders"
"20191007072259.900","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegSetValueExW","SUCCESS","","hKey->0x00000210","lpValueName->Start Menu","dwType->1","lpData->C:\Documents and Settings\janettedoe\Start Menu","cbData->96"
"20191007072259.900","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegOpenKeyExW","SUCCESS","0x00000210","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume"
"20191007072259.900","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegOpenKeyExW","SUCCESS","0x0000020c","hKey->0x00000210","lpSubKey->{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20191007072259.900","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegQueryValueExW","SUCCESS","","hKey->0x0000020c","lpValueName->Generation"
"20191007072259.900","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegCreateKeyExW","SUCCESS","0x00000210","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders"
"20191007072259.900","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000210","lpValueName->Common Start Menu"
"20191007072259.900","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegCreateKeyExW","SUCCESS","0x00000210","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders"
"20191007072259.900","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegSetValueExW","SUCCESS","","hKey->0x00000210","lpValueName->Common Start Menu","dwType->1","lpData->C:\Documents and Settings\All Users\Start Menu","cbData->94"
"20191007072259.900","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegOpenKeyExW","SUCCESS","0x00000210","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume"
"20191007072259.900","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegOpenKeyExW","SUCCESS","0x00000214","hKey->0x00000210","lpSubKey->{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20191007072259.900","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000214","lpValueName->Generation"
"20191007072259.900","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","memory","VirtualAllocEx","SUCCESS","0x00154000","th32ProcessID->520","szExeFile->HelpMe.exe","lpAddress->0x00154000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20191007072259.900","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","ReadFile","SUCCESS","","hFile->0x000001e8","nNumberOfBytesToRead->61440"
"20191007072259.900","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","WriteFile","SUCCESS","","hFile->0x000001f0","nNumberOfBytesToWrite->61440"
"20191007072259.900","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","ReadFile","SUCCESS","","hFile->0x000001e8","nNumberOfBytesToRead->61440"
"20191007072259.900","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","WriteFile","SUCCESS","","hFile->0x000001f0","nNumberOfBytesToWrite->61440"
"20191007072259.900","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","ReadFile","SUCCESS","","hFile->0x000001e8","nNumberOfBytesToRead->61440"
"20191007072259.900","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","WriteFile","SUCCESS","","hFile->0x000001f0","nNumberOfBytesToWrite->61440"
"20191007072259.900","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","ReadFile","SUCCESS","","hFile->0x000001e8","nNumberOfBytesToRead->61440"
"20191007072259.900","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","WriteFile","SUCCESS","","hFile->0x000001f0","nNumberOfBytesToWrite->61440"
"20191007072259.900","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","ReadFile","SUCCESS","","hFile->0x000001e8","nNumberOfBytesToRead->58956"
"20191007072259.900","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","WriteFile","SUCCESS","","hFile->0x000001f0","nNumberOfBytesToWrite->58956"
"20191007072259.900","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","ReadFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToRead->71"
"20191007072259.900","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","WriteFile","SUCCESS","","hFile->0x000001f0","nNumberOfBytesToWrite->71"
"20191007072259.900","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","WriteFile","SUCCESS","","hFile->0x000001f0","nNumberOfBytesToWrite->268"
"20191007072259.900","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","WriteFile","SUCCESS","","hFile->0x000001f0","nNumberOfBytesToWrite->268"
"20191007072259.900","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","DeleteFileW","SUCCESS","","lpFileName->C:\cuckoo\files\.gitignore"
"20191007072259.900","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","MoveFileWithProgressW","SUCCESS","","lpExistingFileName->C:\cuckoo\files\.gitignore.exe","lpNewFileName->C:\cuckoo\files\.gitignore"
"20191007072259.900","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","CreateFileW","SUCCESS","0x000001f0","lpFileName->C:\cuckoo\logs\.gitignore","dwDesiredAccess->GENERIC_READ"
"20191007072259.900","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","ReadFile","SUCCESS","","hFile->0x000001f0","nNumberOfBytesToRead->268"
"20191007072259.900","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","CreateFileW","SUCCESS","0x000001f0","lpFileName->C:\da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","dwDesiredAccess->GENERIC_READ"
"20191007072259.900","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","CreateFileW","SUCCESS","0x000001e4","lpFileName->C:\cuckoo\logs\.gitignore","dwDesiredAccess->GENERIC_READ"
"20191007072259.900","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegCreateKeyExW","SUCCESS","0x000001e8","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders"
"20191007072259.900","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001e8","lpValueName->Common AppData"
"20191007072259.900","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegCreateKeyExW","SUCCESS","0x000001e8","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders"
"20191007072259.900","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegSetValueExW","SUCCESS","","hKey->0x000001e8","lpValueName->Common AppData","dwType->1","lpData->C:\Documents and Settings\All Users\Application Data","cbData->106"
"20191007072259.900","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegOpenKeyExW","SUCCESS","0x000001e8","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume"
"20191007072259.900","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegOpenKeyExW","SUCCESS","0x000001d4","hKey->0x000001e8","lpSubKey->{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20191007072259.900","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001d4","lpValueName->Generation"
"20191007072259.900","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","CreateFileW","SUCCESS","0x000001d4","lpFileName->C:\cuckoo\logs\.gitignore.exe","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20191007072259.900","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","memory","VirtualAllocEx","SUCCESS","0x00154000","th32ProcessID->520","szExeFile->HelpMe.exe","lpAddress->0x00154000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20191007072259.911","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","ReadFile","SUCCESS","","hFile->0x000001f0","nNumberOfBytesToRead->61440"
"20191007072259.911","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","WriteFile","SUCCESS","","hFile->0x000001d4","nNumberOfBytesToWrite->61440"
"20191007072259.911","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","ReadFile","SUCCESS","","hFile->0x000001f0","nNumberOfBytesToRead->61440"
"20191007072259.911","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","WriteFile","SUCCESS","","hFile->0x000001d4","nNumberOfBytesToWrite->61440"
"20191007072259.911","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","ReadFile","SUCCESS","","hFile->0x000001f0","nNumberOfBytesToRead->61440"
"20191007072259.911","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","WriteFile","SUCCESS","","hFile->0x000001d4","nNumberOfBytesToWrite->61440"
"20191007072259.911","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","ReadFile","SUCCESS","","hFile->0x000001f0","nNumberOfBytesToRead->61440"
"20191007072259.911","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","WriteFile","SUCCESS","","hFile->0x000001d4","nNumberOfBytesToWrite->61440"
"20191007072259.911","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","ReadFile","SUCCESS","","hFile->0x000001f0","nNumberOfBytesToRead->58956"
"20191007072259.911","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","WriteFile","SUCCESS","","hFile->0x000001d4","nNumberOfBytesToWrite->58956"
"20191007072259.911","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","ReadFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToRead->71"
"20191007072259.911","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","WriteFile","SUCCESS","","hFile->0x000001d4","nNumberOfBytesToWrite->71"
"20191007072259.911","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","WriteFile","SUCCESS","","hFile->0x000001d4","nNumberOfBytesToWrite->268"
"20191007072259.911","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","WriteFile","SUCCESS","","hFile->0x000001d4","nNumberOfBytesToWrite->268"
"20191007072259.911","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","DeleteFileW","SUCCESS","","lpFileName->C:\cuckoo\logs\.gitignore"
"20191007072259.911","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegCreateKeyExW","SUCCESS","0x000001e4","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders"
"20191007072259.911","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001e4","lpValueName->AppData"
"20191007072259.911","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegCreateKeyExW","SUCCESS","0x000001e4","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders"
"20191007072259.911","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegSetValueExW","SUCCESS","","hKey->0x000001e4","lpValueName->AppData","dwType->1","lpData->C:\Documents and Settings\janettedoe\Application Data","cbData->108"
"20191007072259.911","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegOpenKeyExW","SUCCESS","0x000001e4","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume"
"20191007072259.911","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegOpenKeyExW","SUCCESS","0x000001f0","hKey->0x000001e4","lpSubKey->{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20191007072259.911","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001f0","lpValueName->Generation"
"20191007072259.911","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","MoveFileWithProgressW","SUCCESS","","lpExistingFileName->C:\cuckoo\logs\.gitignore.exe","lpNewFileName->C:\cuckoo\logs\.gitignore"
"20191007072259.911","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","CreateFileW","SUCCESS","0x000001d4","lpFileName->C:\cuckoo\logs\1840.csv","dwDesiredAccess->GENERIC_READ"
"20191007072259.911","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","ReadFile","SUCCESS","","hFile->0x000001d4","nNumberOfBytesToRead->268"
"20191007072259.911","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","CreateFileW","SUCCESS","0x000001d4","lpFileName->C:\da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","dwDesiredAccess->GENERIC_READ"
"20191007072259.911","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","CreateFileW","SUCCESS","0x000001f0","lpFileName->C:\cuckoo\logs\1840.csv","dwDesiredAccess->GENERIC_READ"
"20191007072259.911","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","CreateFileW","SUCCESS","0x000001e4","lpFileName->C:\cuckoo\logs\1840.csv.exe","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20191007072259.911","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","memory","VirtualAllocEx","SUCCESS","0x00154000","th32ProcessID->520","szExeFile->HelpMe.exe","lpAddress->0x00154000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20191007072259.911","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","ReadFile","SUCCESS","","hFile->0x000001d4","nNumberOfBytesToRead->61440"
"20191007072259.911","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","WriteFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToWrite->61440"
"20191007072259.911","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","ReadFile","SUCCESS","","hFile->0x000001d4","nNumberOfBytesToRead->61440"
"20191007072259.911","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","WriteFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToWrite->61440"
"20191007072259.911","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","ReadFile","SUCCESS","","hFile->0x000001d4","nNumberOfBytesToRead->61440"
"20191007072259.911","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","WriteFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToWrite->61440"
"20191007072259.911","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","ReadFile","SUCCESS","","hFile->0x000001d4","nNumberOfBytesToRead->61440"
"20191007072259.911","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","WriteFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToWrite->61440"
"20191007072259.911","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","ReadFile","SUCCESS","","hFile->0x000001d4","nNumberOfBytesToRead->58956"
"20191007072259.911","1840","da16cdd1d686ec00ea1309fd8d5a677c8bd20e0fe082e7453c9bcc517e10e21c","652","filesystem","WriteFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToWrite->58956"
1840.csv
[autorun]
open=AutoRun.exe
shell\1=Open
shell\1\Command=AutoRun.exe
shell\2\=Browser
shell\2\Command=AutoRun.exe
shellexecute=AutoRun.exe
AUTORUN.INF
!This program cannot be run in DOS mode.
`.rdata
@.data
@.reloc
D$ Pj@
;T$|sF
L$LQWS
u._^]3
u=_^][
T$0WSQUR
f	U4_^][
L$0WSRUQ
f	M4_^][
f	U4_^]
33333333333333
3333333
 !"#$%&'33()3333*333+33,-./0312
@Ww@t,
HHtXHHt
?If90t
uTVWhD
j@j ^V
< tK<	tG
v	N+D$
HHtYHHt
^SSSSS
URPQQh`
t"SS9] u
;t$,v-
UQPXY]Y[
PPPPPPPP
PPPPPPPP
PostTrampSize %d
YWORD 
DQWORD 
TBYTE 
QWORD 
DWORD 
 ;NOT TAKEN
 ;TAKEN
REPNZ 
UNDEFINED
CALL FAR
LOOPNZ
JMP FAR
SYSCALL
SYSRET
WBINVD
SYSENTER
SYSEXIT
GETSEC
CMOVNO
CMOVAE
CMOVNZ
CMOVBE
CMOVNS
CMOVNP
CMOVGE
CMOVLE
CMPXCHG
MOVNTI
INVLPG
VMCALL
VMLAUNCH
VMRESUME
VMXOFF
MONITOR
XGETBV
XSETBV
VMMCALL
VMLOAD
VMSAVE
SKINIT
INVLPGA
SWAPGS
RDTSCP
PREFETCH
PREFETCHW
PFNACC
PFPNACC
PFCMPGE
PFRSQRT
PFCMPGT
PFRCPIT1
PFRSQIT1
PFSUBR
PFCMPEQ
PFRCPIT2
PMULHRW
PSWAPD
PAVGUSB
MOVUPS
MOVUPD
VMOVSS
VMOVSD
VMOVUPS
VMOVUPD
MOVHLPS
MOVLPS
MOVLPD
MOVSLDUP
MOVDDUP
VMOVHLPS
VMOVLPS
VMOVLPD
VMOVSLDUP
VMOVDDUP
UNPCKLPS
UNPCKLPD
VUNPCKLPS
VUNPCKLPD
UNPCKHPS
UNPCKHPD
VUNPCKHPS
VUNPCKHPD
MOVLHPS
MOVHPS
MOVHPD
MOVSHDUP
VMOVLHPS
VMOVHPS
VMOVHPD
VMOVSHDUP
PREFETCHNTA
PREFETCHT0
PREFETCHT1
PREFETCHT2
MOVAPS
MOVAPD
VMOVAPS
VMOVAPD
CVTPI2PS
CVTPI2PD
CVTSI2SS
CVTSI2SD
VCVTSI2SS
VCVTSI2SD
MOVNTPS
MOVNTPD
MOVNTSS
MOVNTSD
VMOVNTPS
VMOVNTPD
CVTTPS2PI
CVTTPD2PI
CVTTSS2SI
CVTTSD2SI
VCVTTSS2SI
VCVTTSD2SI
CVTPS2PI
CVTPD2PI
CVTSS2SI
CVTSD2SI
VCVTSS2SI
VCVTSD2SI
UCOMISS
UCOMISD
VUCOMISS
VUCOMISD
COMISS
COMISD
VCOMISS
VCOMISD
PSHUFB
VPSHUFB
PHADDW
VPHADDW
PHADDD
VPHADDD
PHADDSW
VPHADDSW
PMADDUBSW
VPMADDUBSW
PHSUBW
VPHSUBW
PHSUBD
VPHSUBD
PHSUBSW
VPHSUBSW
PSIGNB
VPSIGNB
PSIGNW
VPSIGNW
PSIGND
VPSIGND
PMULHRSW
VPMULHRSW
VPERMILPS
VPERMILPD
VPTESTPS
VPTESTPD
PBLENDVB
BLENDVPS
BLENDVPD
VPTEST
VBROADCASTSS
VBROADCASTSD
VBROADCASTF128
VPABSB
VPABSW
VPABSD
PMOVSXBW
VPMOVSXBW
PMOVSXBD
VPMOVSXBD
PMOVSXBQ
VPMOVSXBQ
PMOVSXWD
VPMOVSXWD
PMOVSXWQ
VPMOVSXWQ
PMOVSXDQ
VPMOVSXDQ
PMULDQ
VPMULDQ
PCMPEQQ
VPCMPEQQ
MOVNTDQA
VMOVNTDQA
PACKUSDW
VPACKUSDW
VMASKMOVPS
VMASKMOVPD
PMOVZXBW
VPMOVZXBW
PMOVZXBD
VPMOVZXBD
PMOVZXBQ
VPMOVZXBQ
PMOVZXWD
VPMOVZXWD
PMOVZXWQ
VPMOVZXWQ
PMOVZXDQ
VPMOVZXDQ
PCMPGTQ
VPCMPGTQ
PMINSB
VPMINSB
PMINSD
VPMINSD
PMINUW
VPMINUW
PMINUD
VPMINUD
PMAXSB
VPMAXSB
PMAXSD
VPMAXSD
PMAXUW
VPMAXUW
PMAXUD
VPMAXUD
PMULLD
VPMULLD
PHMINPOSUW
VPHMINPOSUW
INVEPT
INVVPID
VFMADDSUB132PS
VFMADDSUB132PD
VFMSUBADD132PS
VFMSUBADD132PD
VFMADD132PS
VFMADD132PD
VFMADD132SS
VFMADD132SD
VFMSUB132PS
VFMSUB132PD
VFMSUB132SS
VFMSUB132SD
VFNMADD132PS
VFNMADD132PD
VFNMADD132SS
VFNMADD132SD
VFNMSUB132PS
VFNMSUB132PD
VFNMSUB132SS
VFNMSUB132SD
VFMADDSUB213PS
VFMADDSUB213PD
VFMSUBADD213PS
VFMSUBADD213PD
VFMADD213PS
VFMADD213PD
VFMADD213SS
VFMADD213SD
VFMSUB213PS
VFMSUB213PD
VFMSUB213SS
VFMSUB213SD
VFNMADD213PS
VFNMADD213PD
VFNMADD213SS
VFNMADD213SD
VFNMSUB213PS
VFNMSUB213PD
VFNMSUB213SS
VFNMSUB213SD
VFMADDSUB231PS
VFMADDSUB231PD
VFMSUBADD231PS
VFMSUBADD231PD
VFMADD231PS
VFMADD231PD
VFMADD231SS
VFMADD231SD
VFMSUB231PS
VFMSUB231PD
VFMSUB231SS
VFMSUB231SD
VFNMADD231PS
VFNMADD231PD
VFNMADD231SS
VFNMADD231SD
VFNMSUB231PS
VFNMSUB231PD
VFNMSUB231SS
VFNMSUB231SD
AESIMC
VAESIMC
AESENC
VAESENC
AESENCLAST
VAESENCLAST
AESDEC
VAESDEC
AESDECLAST
VAESDECLAST
VPERM2F128
ROUNDPS
VROUNDPS
ROUNDPD
VROUNDPD
ROUNDSS
VROUNDSS
ROUNDSD
VROUNDSD
BLENDPS
VBLENDPS
BLENDPD
VBLENDPD
PBLENDW
VPBLENDVW
PALIGNR
VPALIGNR
PEXTRB
VPEXTRB
PEXTRW
VPEXTRW
PEXTRD
PEXTRQ
VPEXTRD
EXTRACTPS
VEXTRACTPS
VINSERTF128
VEXTRACTF128
PINSRB
VPINSRB
INSERTPS
VINSERTPS
PINSRD
PINSRQ
VPINSRD
VPINSRQ
MPSADBW
VMPSADBW
PCLMULQDQ
VPCLMULQDQ
VBLENDVPS
VBLENDVPD
VPBLENDVB
PCMPESTRM
VPCMPESTRM
PCMPESTRI
VCMPESTRI
PCMPISTRM
VPCMPISTRM
PCMPISTRI
VPCMPISTRI
AESKEYGENASSIST
VAESKEYGENASSIST
MOVMSKPS
MOVMSKPD
VMOVMSKPS
VMOVMSKPD
SQRTPS
SQRTPD
SQRTSS
SQRTSD
VSQRTSS
VSQRTSD
VSQRTPS
VSQRTPD
RSQRTPS
RSQRTSS
VRSQRTSS
VRSQRTPS
VRCPSS
VRCPPS
VANDPS
VANDPD
ANDNPS
ANDNPD
VANDNPS
VANDNPD
VXORPS
VXORPD
VADDPS
VADDPD
VADDSS
VADDSD
VMULPS
VMULPD
VMULSS
VMULSD
CVTPS2PD
CVTPD2PS
CVTSS2SD
CVTSD2SS
VCVTSS2SD
VCVTSD2SS
VCVTPS2PD
VCVTPD2PS
CVTDQ2PS
CVTPS2DQ
CVTTPS2DQ
VCVTDQ2PS
VCVTPS2DQ
VCVTTPS2DQ
VSUBPS
VSUBPD
VSUBSS
VSUBSD
VMINPS
VMINPD
VMINSS
VMINSD
VDIVPS
VDIVPD
VDIVSS
VDIVSD
VMAXPS
VMAXPD
VMAXSS
VMAXSD
PUNPCKLBW
VPUNPCKLBW
PUNPCKLWD
VPUNPCKLWD
PUNPCKLDQ
VPUNPCKLDQ
PACKSSWB
VPACKSSWB
PCMPGTB
VPCMPGTB
PCMPGTW
VPCMPGTW
PCMPGTD
VPCMPGTD
PACKUSWB
VPACKUSWB
PUNPCKHBW
VPUNPCKHBW
PUNPCKHWD
VPUNPCKHWD
PUNPCKHDQ
VPUNPCKHDQ
PACKSSDW
VPACKSSDW
PUNPCKLQDQ
VPUNPCKLQDQ
PUNPCKHQDQ
VPUNPCKHQDQ
MOVDQA
MOVDQU
VMOVDQA
VMOVDQU
PSHUFW
PSHUFD
PSHUFHW
PSHUFLW
VPSHUFD
VPSHUFHW
VPSHUFLW
VPSRLW
VPSRAW
VPSLLW
VPSRLD
VPSRAD
VPSLLD
VPSRLQ
PSRLDQ
VPSRLDQ
VPSLLQ
PSLLDQ
VPSLLDQ
PCMPEQB
VPCMPEQB
PCMPEQW
VPCMPEQW
PCMPEQD
VPCMPEQD
VZEROUPPER
VZEROALL
VMREAD
INSERTQ
VMWRITE
HADDPD
HADDPS
VHADDPD
VHADDPS
HSUBPD
HSUBPS
VHSUBPD
VHSUBPS
FXSAVE
FXRSTOR
LFENCE
XRSTOR
MFENCE
SFENCE
CLFLUSH
LDMXCSR
VLDMXCSR
STMXCSR
VSTMXCSR
POPCNT
CMPEQPS
CMPLTPS
CMPLEPS
CMPUNORDPS
CMPNEQPS
CMPNLTPS
CMPNLEPS
CMPORDPS
CMPEQPD
CMPLTPD
CMPLEPD
CMPUNORDPD
CMPNEQPD
CMPNLTPD
CMPNLEPD
CMPORDPD
CMPEQSS
CMPLTSS
CMPLESS
CMPUNORDSS
CMPNEQSS
CMPNLTSS
CMPNLESS
CMPORDSS
CMPEQSD
CMPLTSD
CMPLESD
CMPUNORDSD
CMPNEQSD
CMPNLTSD
CMPNLESD
CMPORDSD
VCMPEQPS
VCMPLTPS
VCMPLEPS
VCMPUNORDPS
VCMPNEQPS
VCMPNLTPS
VCMPNLEPS
VCMPORDPS
VCMPEQPD
VCMPLTPD
VCMPLEPD
VCMPUNORDPD
VCMPNEQPD
VCMPNLTPD
VCMPNLEPD
VCMPORDPD
VCMPEQSS
VCMPLTSS
VCMPLESS
VCMPUNORDSS
VCMPNEQSS
VCMPNLTSS
VCMPNLESS
VCMPORDSS
VCMPEQSD
VCMPLTSD
VCMPLESD
VCMPUNORDSD
VCMPNEQSD
VCMPNLTSD
VCMPNLESD
VCMPORDSD
PINSRW
VPINSRW
SHUFPS
SHUFPD
VSHUFPS
VSHUFPD
CMPXCHG8B
CMPXCHG16B
VMPTRST
VMPTRLD
VMCLEAR
ADDSUBPD
ADDSUBPS
VADDSUBPD
VADDSUBPS
VPADDQ
PMULLW
VPMULLW
MOVQ2DQ
MOVDQ2Q
PMOVMSKB
VPMOVMSKB
PSUBUSB
VPSUBUSB
PSUBUSW
VPSUBUSW
PMINUB
VPMINUB
PADDUSB
VPADDUSW
PADDUSW
PMAXUB
VPMAXUB
VPANDN
VPAVGB
VPAVGW
PMULHUW
VPMULHUW
PMULHW
VPMULHW
CVTTPD2DQ
CVTDQ2PD
CVTPD2DQ
VCVTTPD2DQ
VCVTDQ2PD
VCVTPD2DQ
MOVNTQ
MOVNTDQ
VMOVNTDQ
PSUBSB
VPSUBSB
PSUBSW
VPSUBSW
PMINSW
VPMINSW
PADDSB
VPADDSB
PADDSW
VPADDSW
PMAXSW
VPMAXSW
VLDDQU
PMULUDQ
VPMULUDQ
PMADDWD
VPMADDWD
PSADBW
VPSADBW
MASKMOVQ
MASKMOVDQU
VMASKMOVDQU
VPSUBB
VPSUBW
VPSUBD
VPSUBQ
VPADDB
VPADDW
VPADDD
FLDENV
FLDL2T
FLDL2E
FLDLG2
FLDLN2
FPATAN
FXTRACT
FPREM1
FDECSTP
FINCSTP
FYL2XP1
FSINCOS
FRNDINT
FSCALE
FNSTENV
FSTENV
FNSTCW
FICOMP
FISUBR
FIDIVR
FCMOVB
FCMOVE
FCMOVBE
FCMOVU
FUCOMPP
FISTTP
FCMOVNB
FCMOVNE
FCMOVNBE
FCMOVNU
FEDISI
FSETPM
FUCOMI
FNCLEX
FNINIT
FRSTOR
FUCOMP
FNSAVE
FNSTSW
FCOMPP
FSUBRP
FDIVRP
FUCOMIP
FCOMIP
MOVSXD
bad allocation
(null)
`h````
xpxxxx
Unknown exception
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
CorExitProcess
HH:mm:ss
dddd, MMMM dd, yyyy
MM/dd/yy
December
November
October
September
August
February
January
Saturday
Friday
Thursday
Wednesday
Tuesday
Monday
Sunday
`h`hhh
xppwpp
 !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
 Complete Object Locator'
 Class Hierarchy Descriptor'
 Base Class Array'
 Base Class Descriptor at (
 Type Descriptor'
`local static thread guard'
`managed vector copy constructor iterator'
`vector vbase copy constructor iterator'
`vector copy constructor iterator'
`dynamic atexit destructor for '
`dynamic initializer for '
`eh vector vbase copy constructor iterator'
`eh vector copy constructor iterator'
`managed vector destructor iterator'
`managed vector constructor iterator'
`placement delete[] closure'
`placement delete closure'
`omni callsig'
 delete[]
 new[]
`local vftable constructor closure'
`local vftable'
`udt returning'
`copy constructor closure'
`eh vector vbase constructor iterator'
`eh vector destructor iterator'
`eh vector constructor iterator'
`virtual displacement map'
`vector vbase constructor iterator'
`vector destructor iterator'
`vector constructor iterator'
`scalar deleting destructor'
`default constructor closure'
`vector deleting destructor'
`vbase destructor'
`string'
`local static guard'
`typeof'
`vcall'
`vbtable'
`vftable'
operator
 delete
__unaligned
__restrict
__ptr64
__eabi
__clrcall
__fastcall
__thiscall
__stdcall
__pascal
__cdecl
__based(
GetProcessWindowStation
GetUserObjectInformationW
GetLastActivePopup
GetActiveWindow
MessageBoxW
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
"%s","%d","%s","%d","windows","FindWindowW","FAILURE","","lpClassName->%s","lpWindowName->%s"
"%s","%d","%s","%d","windows","FindWindowW","SUCCESS","0x%08x","lpClassName->%s","lpWindowName->%s"
"%s","%d","%s","%d","windows","FindWindowW","FAILURE","","lpClassName->%ws","lpWindowName->%ws"
FILE:%s
FILE:%ws
"%s","%d","%s","%d","windows","FindWindowW","SUCCESS","0x%08x","lpClassName->%ws","lpWindowName->%ws"
"%s","%d","%s","%d","synchronization","CreateMutexA","FAIL","","lpName->%s"
"%s","%d","%s","%d","synchronization","CreateMutexA","SUCCESS","0x%08x","lpName->%s"
"%s","%d","%s","%d","synchronization","CreateMutexW","FAIL","","lpName->%ws"
"%s","%d","%s","%d","synchronization","CreateMutexW","SUCCESS","0x%08x","lpName->%ws"
"%s","%d","%s","%d","synchronization","OpenMutexA","FAILURE","","dwDesiredAccess->%s","lpName->%s"
"%s","%d","%s","%d","synchronization","OpenMutexA","SUCCESS","0x%08x","dwDesiredAccess->%s","lpName->%s"
python.exe
"%s","%d","%s","%d","synchronization","OpenMutexW","FAILURE","","dwDesiredAccess->%s","lpName->%ws"
"%s","%d","%s","%d","synchronization","OpenMutexW","SUCCESS","0x%08x","dwDesiredAccess->%s","lpName->%ws"
FILE:%ws
"%s","%d","%s","%d","services","OpenSCManagerA","FAILURE","","lpMachineName->%s","lpDatabaseName->%s","dwDesiredAccess->%s"
"%s","%d","%s","%d","services","OpenSCManagerA","SUCCESS","0x%08x","lpMachineName->%s","lpDatabaseName->%s","dwDesiredAccess->%s"
"%s","%d","%s","%d","system","IsDebuggerPresent","",""
"%s","%d","%s","%d","services","OpenSCManagerW","FAILURE","","lpMachineName->%ws","lpDatabaseName->%ws","dwDesiredAccess->%s"
"%s","%d","%s","%d","services","OpenSCManagerW","SUCCESS","0x%08x","lpMachineName->%ws","lpDatabaseName->%ws","dwDesiredAccess->%s"
"%s","%d","%s","%d","services","CreateServiceA","FAILURE","","lpServiceName->%s","dwServiceType->%s","dwStartType->%s","lpBinaryPathName->%s"
"%s","%d","%s","%d","services","CreateServiceA","FAILURE","0x%08x","lpServiceName->%s","dwServiceType->%s","dwStartType->%s","lpBinaryPathName->%s"
"%s","%d","%s","%d","services","CreateServiceW","FAILURE","","lpServiceName->%ws","dwServiceType->%s","dwStartType->%s","lpBinaryPathName->%ws"
PID:%d
FILE:%s
FILE:%ws
"%s","%d","%s","%d","services","CreateServiceW","SUCCESS","0x%08x","lpServiceName->%ws","dwServiceType->%s","dwStartType->%s","lpBinaryPathName->%ws"
"%s","%d","%s","%d","services","OpenServiceW","FAILURE","","lpServiceName->%s","dwDesiredAccess->%s"
"%s","%d","%s","%d","services","OpenServiceW","SUCCESS","0x%08x","lpServiceName->%s","dwDesiredAccess->%s"
"%s","%d","%s","%d","services","OpenServiceW","FAILURE","","lpServiceName->%ws","dwDesiredAccess->%s"
"%s","%d","%s","%d","services","OpenServiceW","SUCCESS","0x%08x","lpServiceName->%ws","dwDesiredAccess->%s"
"%s","%d","%s","%d","services","StartServiceW","FAILURE","","hService->0x%08x","lpServiceArgVectors->%s"
FILE:%s
C:\cuckoo\
"%s","%d","%s","%d","services","StartServiceW","SUCCESS","","hService->0x%08x","lpServiceArgVectors->%s"
%sfiles\%s
"%s","%d","%s","%d","services","StartServiceW","FAILURE","","hService->0x%08x","lpServiceArgVectors->%ws"
C:\cuckoo\
"%s","%d","%s","%d","services","StartServiceW","SUCCESS","","hService->0x%08x","lpServiceArgVectors->%ws"
%sfiles\%s
"%s","%d","%s","%d","services","ControlService","FAILURE","","hService->0x%08x","dwControl->%s"
PID:%d
GetCurrentProcessId
"%s","%d","%s","%d","services","ControlService","SUCCESS","","hService->0x%08x","dwControl->%s"
PID:%d
Kernel32
"%s","%d","%s","%d","services","DeleteService","FAILURE","","hService->0x%08x"
PID:%d
%d%02d%02d%02d%02d%02d.%03d
"%s","%d","%s","%d","services","DeleteService","SUCCESS","","hService->0x%08x"
PID:%d
GENERIC_ALL
"%s","%d","%s","%d","registry","RegOpenKeyW","SUCCESS","0x%08x","hKey->%s","lpSubKey->%ws"
"%s","%d","%s","%d","registry","RegOpenKeyW","FAILURE","","hKey->%s","lpSubKey->%ws"
explorer.exe
"%s","%d","%s","%d","registry","RegOpenKeyA","SUCCESS","0x%08x","hKey->%s","lpSubKey->%s"
ATTRIBUTES
"%s","%d","%s","%d","registry","RegOpenKeyA","FAILURE","","hKey->%s","lpSubKey->%s"
explorer.exe
"%s","%d","%s","%d","registry","RegOpenKeyExA","SUCCESS","0x%08x","hKey->%s","lpSubKey->%s"
"%s","%d","%s","%d","registry","RegOpenKeyExA","FAILURE","","hKey->%s","lpSubKey->%s"
explorer.exe
"%s","%d","%s","%d","registry","RegOpenKeyExW","SUCCESS","0x%08x","hKey->%s","lpSubKey->%ws"
"%s","%d","%s","%d","registry","RegOpenKeyExW","FAILURE","","hKey->%s","lpSubKey->%ws"
explorer.exe
PID:%d
GENERIC_EXECUTE
HKEY_CLASSES_ROOT
"%s","%d","%s","%d","registry","RegCreateKeyW","SUCCESS","0x%08x","hKey->%s","lpSubKey->%s"
"%s","%d","%s","%d","registry","RegCreateKeyW","FAILURE","","hKey->%s","lpSubKey->%s"
explorer.exe
"%s","%d","%s","%d","registry","RegCreateKeyW","SUCCESS","0x%08x","hKey->%s","lpSubKey->%ws"
"%s","%d","%s","%d","registry","RegCreateKeyW","FAILURE","","hKey->%s","lpSubKey->%ws"
explorer.exe
GENERIC_WRITE
0x%08x
HKEY_CURRENT_CONFIG
"%s","%d","%s","%d","registry","RegCreateKeyExW","SUCCESS","0x%08x","hKey->%s","lpSubKey->%s"
"%s","%d","%s","%d","registry","RegCreateKeyExW","FAILURE","","hKey->%s","lpSubKey->%s"
explorer.exe
HKEY_CURRENT_USER
"%s","%d","%s","%d","registry","RegCreateKeyExW","SUCCESS","0x%08x","hKey->%s","lpSubKey->%ws"
HKEY_LOCAL_MACHINE
"%s","%d","%s","%d","registry","RegCreateKeyExW","FAILURE","","hKey->%s","lpSubKey->%ws"
explorer.exe
HKEY_USERS
"%s","%d","%s","%d","registry","RegDeleteKeyA","SUCCESS","","hKey->%s","lpSubKey->%s"
"%s","%d","%s","%d","registry","RegDeleteKeyA","FAILURE","","hKey->%s","lpSubKey->%s"
explorer.exe
"%s","%d","%s","%d","registry","RegDeleteKeyW","SUCCESS","","hKey->%s","lpSubKey->%ws"
0x%08x
"%s","%d","%s","%d","registry","RegDeleteKeyW","FAILURE","","hKey->%s","lpSubKey->%ws"
explorer.exe
"%s","%d","%s","%d","registry","RegEnumKeyExW","SUCCESS","%ws","hKey->%s","dwIndex->%d"
"%s","%d","%s","%d","registry","RegEnumKeyExW","FAILURE","","hKey->%s","dwIndex->%d"
explorer.exe
"%s","%d","%s","%d","registry","RegEnumValueW","SUCCESS","%ws","hKey->%s","dwIndex->%d"
SERVICE_ADAPTER
SERVICE_FILE_SYSTEM_DRIVER
"%s","%d","%s","%d","registry","RegEnumValueW","FAILURE","","hKey->%s","dwIndex->%d"
explorer.exe
"%s","%d","%s","%d","registry","RegSetValueExA","SUCCESS","","hKey->%s","lpValueName->%s","dwType->%d","lpData->%s","cbData->%d"
SERVICE_RECOGNIZER_DRIVER
"%s","%d","%s","%d","registry","RegSetValueExA","FAILURE","","hKey->%s","lpValueName->%s","dwType->%d","lpData->%s","cbData->%d"
explorer.exe
SERVICE_KERNEL_DRIVER
SERVICE_WIN32_OWN_PROCESS
"%s","%d","%s","%d","registry","RegSetValueExW","SUCCESS","","hKey->%s","lpValueName->%ws","dwType->%d","lpData->%ws","cbData->%d"
"%s","%d","%s","%d","registry","RegSetValueExW","FAILURE","","hKey->%s","lpValueName->%ws","dwType->%d","lpData->%ws","cbData->%d"
explorer.exe
"%s","%d","%s","%d","registry","RegQueryValueExW","SUCCESS","","hKey->%s","lpValueName->%ws"
"%s","%d","%s","%d","registry","RegQueryValueExW","FAILURE","","hKey->%s","lpValueName->%ws"
explorer.exe
"%s","%d","%s","%d","process","CreateProcessA","FAILURE","","lpApplicationName->%s","lpCommandLine->%s"
SERVICE_WIN32_SHARE_PROCESS
"%s","%d","%s","%d","process","CreateProcessA","SUCCESS","%d","lpApplicationName->%s","lpCommandLine->%s"
SERVICE_AUTO_START
"%s","%d","%s","%d","process","CreateProcessW","FAILURE","","lpApplicationName->%ws","lpCommandLine->%ws"
SERVICE_BOOT_START
"%s","%d","%s","%d","process","CreateProcessW","SUCCESS","%d","lpApplicationName->%ws","lpCommandLine->%ws"
"%s","%d","%s","%d","process","TerminateProcess","FAILURE","","uExitCode->%d","th32ProcessID->%d","szExeFile->%s"
SERVICE_DISABLED
"%s","%d","%s","%d","process","TerminateProcess","SUCCESS","","uExitCode->%d","th32ProcessID->%d","szExeFile->%s"
SC_MANAGER_CREATE_SERVICE
"%s","%d","%s","%d","process","ExitProcess","","","uExitCode->0x%08x"
"%s","%d","%s","%d","process","ShellExecuteExW","SUCCESS","","lpVerb->%s","lpFile->%s","lpParameters->%s","lpDirectory->%s","hProcess->0x%08x"
0x%08x
SC_MANAGER_CONNECT
"%s","%d","%s","%d","process","ShellExecuteExW","FAILURE","","lpVerb->%s","lpFile->%s","lpParameters->%s","lpDirectory->%s","hProcess->0x%08x"
0x%08x
SC_MANAGER_LOCK
SERVICE_ALL_ACCESS
"%s","%d","%s","%d","process","ShellExecuteExW","SUCCESS","","lpVerb->%ws","lpFile->%ws","lpParameters->%ws","lpDirectory->%ws","hProcess->0x%08x"
"%s","%d","%s","%d","process","ShellExecuteExW","FAILURE","","lpVerb->%ws","lpFile->%ws","lpParameters->%ws","lpDirectory->%ws","hProcess->0x%08x"
"%s","%d","%s","%d","process","CreateThread","FAILURE","","lpStartAddress->0x%08x"
"%s","%d","%s","%d","process","CreateThread","SUCCESS","0x%08x","lpStartAddress->0x%08x"
SERVICE_INTERROGATE
"%s","%d","%s","%d","process","CreateRemoteThread","FAILURE","","lpStartAddress->0x%08x","th32ProcessID->%d","szExeFile->%s"
"%s","%d","%s","%d","process","CreateRemoteThread","SUCCESS","0x%08x","lpStartAddress->0x%08x","th32ProcessID->%d","szExeFile->%s"
"%s","%d","%s","%d","process","WinExec","SUCCESS","","lpCmdLine->%s"
"%s","%d","%s","%d","process","WinExec","FAILURE","","lpCmdLine->%s"
"%s","%d","%s","%d","process","CreateProcessInternalA","FAILURE","","lpApplicationName->%s","lpCommandLine->%s"
SERVICE_PAUSE_CONTINUE
WRITE_DAC
"%s","%d","%s","%d","process","CreateProcessInternalA","SUCCESS","%d","lpApplicationName->%s","lpCommandLine->%s"
WRITE_OWNER
"%s","%d","%s","%d","process","CreateProcessInternalW","FAILURE","","lpApplicationName->%ws","lpCommandLine->%ws"
GENERIC_ALL
"%s","%d","%s","%d","process","CreateProcessInternalW","SUCCESS","%d","lpApplicationName->%ws","lpCommandLine->%ws"
"%s","%d","%s","%d","network","URLDownloadToFileA","SUCCESS","S_OK","szURL->%s","szFileName->%s"
GENERIC_EXECUTE
SERVICE_CONTROL_CONTINUE
"%s","%d","%s","%d","network","URLDownloadToFileA","FAILURE","E_OUTOFMEMORY","szURL->%s","szFileName->%s"
SERVICE_CONTROL_INTERROGATE
"%s","%d","%s","%d","network","URLDownloadToFileA","FAILURE","INET_E_DOWNLOAD_FAILURE","szURL->%s","szFileName->%s"
"%s","%d","%s","%d","network","URLDownloadToFileW","SUCCESS","S_OK","szURL->%ws","szFileName->%ws"
"%s","%d","%s","%d","network","URLDownloadToFileW","FAILURE","E_OUTOFMEMORY","szURL->%ws","szFileName->%ws"
"%s","%d","%s","%d","network","URLDownloadToFileW","FAILURE","INET_E_DOWNLOAD_FAILURE","szURL->%ws","szFileName->%ws"
"%s","%d","%s","%d","network","InternetOpenUrlW","FAILURE","","lpszUrl->%s","lpszHeaders->%s","dwFlags->%s"
"%s","%d","%s","%d","network","InternetOpenUrlW","SUCCESS","0x%08x","lpszUrl->%s","lpszHeaders->%s","dwFlags->%s"
SERVICE_CONTROL_NETBINDADD
"%s","%d","%s","%d","network","InternetOpenUrlW","FAILURE","","lpszUrl->%ws","lpszHeaders->%ws","dwFlags->%s"
"%s","%d","%s","%d","network","InternetOpenUrlW","SUCCESS","0x%08x","lpszUrl->%ws","lpszHeaders->%ws","dwFlags->%s"
"%s","%d","%s","%d","system","Sleep","","","dwMilliseconds->INFINITE"
"%s","%d","%s","%d","system","Sleep","","","dwMilliseconds->%d"
ACCESS_SYSTEM_SECURITY
SERVICE_CONTROL_PARAMCHANGE
"%s","%d","%s","%d","system","LoadLibraryA","FAILURE","","lpFileName->%s"
SYNCHRONIZE
"%s","%d","%s","%d","system","LoadLibraryA","SUCCESS","0x%08x","lpFileName->%s"
DELETE
WRITE_DAC
"%s","%d","%s","%d","system","LoadLibraryW","FAILURE","","lpFileName->%ws"
"%s","%d","%s","%d","system","LoadLibraryW","SUCCESS","0x%08x","lpFileName->%ws"
WRITE_OWNER
"%s","%d","%s","%d","system","ExitWindowsEx","","","uFlags->%s","dwReason->%s"
SC_MANAGER_ALL_ACCESS
0x%08x
EVENT_ALL_ACCESS
"%s","%d","%s","%d","memory","VirtualAllocEx","FAILURE","","th32ProcessID->%d","szExeFile->%s","lpAddress->0x%08x","dwSize->%d","flAllocationType->0x%08x","flProtect->0x%08x"
SC_MANAGER_MODIFY_BOOT_CONFIG
SERVICE_CONTROL_NETBINDDISABLE
EVENT_MODIFY_STATE
"%s","%d","%s","%d","memory","VirtualAllocEx","SUCCESS","0x%08x","th32ProcessID->%d","szExeFile->%s","lpAddress->0x%08x","dwSize->%d","flAllocationType->0x%08x","flProtect->0x%08x"
"%s","%d","%s","%d","memory","WriteProcessMemory","FAILURE","","lpBaseAddress->0x%08x","lpBuffer->0x%08x","nSize->%d","th32ProcessID->%d","szExeFile->%s"
MUTEX_ALL_ACCESS
"%s","%d","%s","%d","memory","WriteProcessMemory","SUCCESS","","lpBaseAddress->0x%08x","lpBuffer->0x%08x","nSize->%d","th32ProcessID->%d","szExeFile->%s"
MUTEX_MODIFY_STATE
"%s","%d","%s","%d","memory","ReadProcessMemory","FAILURE","","th32ProcessID->%d","szExeFile->%s","lpBaseAddress->0x%08x","nSize->%d"
"%s","%d","%s","%d","memory","ReadProcessMemory","SUCCESS","","th32ProcessID->%d","szExeFile->%s","lpBaseAddress->0x%08x","nSize->%d"
"%s","%d","%s","%d","hooking","SetWindowsHookExA","FAILURE","","idHook->%s","lpfn->0x%08x","hMod->0x%08x","dwThreadId->0x%08x"
SERVICE_CHANGE_CONFIG
0x%08x
TIMER_ALL_ACCESS
"%s","%d","%s","%d","hooking","SetWindowsHookExA","SUCCESS","0x%08x","idHook->%s","lpfn->0x%08x","hMod->0x%08x","dwThreadId->0x%08x"
"%s","%d","%s","%d","hooking","SetWindowsHookExW","FAILURE","","idHook->%s","lpfn->0x%08x","hMod->0x%08x","dwThreadId->0x%08x"
SERVICE_START
DELETE
TIMER_MODIFY_STATE
"%s","%d","%s","%d","hooking","SetWindowsHookExW","SUCCESS","0x%08x","idHook->%s","lpfn->0x%08x","hMod->0x%08x","dwThreadId->0x%08x"
"%s","%d","%s","%d","filesystem","CreateFileA","FAILURE","","lpFileName->%s","dwDesiredAccess->%s"
"%s","%d","%s","%d","filesystem","CreateFileA","SUCCESS","0x%08x","lpFileName->%s","dwDesiredAccess->%s"
TIMER_QUERY_STATE
"%s","%d","%s","%d","filesystem","CreateFileW","FAILURE","","lpFileName->%ws","dwDesiredAccess->%s"
"%s","%d","%s","%d","filesystem","CreateFileW","SUCCESS","0x%08x","lpFileName->%ws","dwDesiredAccess->%s"
INTERNET_FLAG_NO_COOKIES
"%s","%d","%s","%d","filesystem","ReadFile","SUCCESS","","hFile->0x%08x","nNumberOfBytesToRead->%d"
"%s","%d","%s","%d","filesystem","ReadFile","FAILURE","","hFile->0x%08x","nNumberOfBytesToRead->%d"
"%s","%d","%s","%d","filesystem","ReadFileEx","SUCCESS","","hFile->0x%08x","nNumberOfBytesToRead->%d"
"%s","%d","%s","%d","filesystem","ReadFileEx","FAILURE","","hFile->0x%08x","nNumberOfBytesToRead->%d"
"%s","%d","%s","%d","filesystem","WriteFile","SUCCESS","","hFile->0x%08x","nNumberOfBytesToWrite->%d"
"%s","%d","%s","%d","filesystem","WriteFile","FAILURE","","hFile->0x%08x","nNumberOfBytesToWrite->%d"
"%s","%d","%s","%d","filesystem","WriteFileEx","SUCCESS","","hFile->0x%08x","nNumberOfBytesToWrite->%d"
SEMAPHORE_MODIFY_STATE
INTERNET_FLAG_HYPERLINK
INTERNET_FLAG_NO_UI
"%s","%d","%s","%d","filesystem","WriteFileEx","FAILURE","","hFile->0x%08x","nNumberOfBytesToWrite->%d"
0x%08x
INTERNET_FLAG_NEED_FILE
INTERNET_FLAG_RESYNCHRONIZE
"%s","%d","%s","%d","filesystem","DeleteFileA","SUCCESS","","lpFileName->%s"
"%s","%d","%s","%d","filesystem","DeleteFileA","FAILURE","","lpFileName->%s"
"%s","%d","%s","%d","filesystem","DeleteFileW","SUCCESS","","lpFileName->%ws"
"%s","%d","%s","%d","filesystem","DeleteFileW","FAILURE","","lpFileName->%ws"
"%s","%d","%s","%d","filesystem","MoveFileExW","SUCCESS","","lpExistingFileName->%s","lpNewFileName->%s"
EWX_LOGOFF
"%s","%d","%s","%d","filesystem","MoveFileExW","FAILURE","","lpExistingFileName->%s","lpNewFileName->%s"
EWX_REBOOT
"%s","%d","%s","%d","filesystem","MoveFileExW","SUCCESS","","lpExistingFileName->%ws","lpNewFileName->%ws"
"%s","%d","%s","%d","filesystem","MoveFileExW","FAILURE","","lpExistingFileName->%ws","lpNewFileName->%ws"
"%s","%d","%s","%d","filesystem","MoveFileWithProgressA","SUCCESS","","lpExistingFileName->%s","lpNewFileName->%s"
"%s","%d","%s","%d","filesystem","MoveFileWithProgressA","FAILURE","","lpExistingFileName->%s","lpNewFileName->%s"
"%s","%d","%s","%d","filesystem","MoveFileWithProgressW","SUCCESS","","lpExistingFileName->%ws","lpNewFileName->%ws"
"%s","%d","%s","%d","filesystem","MoveFileWithProgressW","FAILURE","","lpExistingFileName->%ws","lpNewFileName->%ws"
"%s","%d","%s","%d","filesystem","CopyFileA","SUCCESS","","lpExistingFileName->%s","lpNewFileName->%s"
GENERIC_WRITE
INTERNET_FLAG_EXISTING_CONNECT
EWX_RESTARTAPPS
SHTDN_REASON_MAJOR_HARDWARE
"%s","%d","%s","%d","filesystem","CopyFileA","FAILURE","","lpExistingFileName->%s","lpNewFileName->%s"
SERVICE_CONTROL_NETBINDENABLE
INTERNET_FLAG_IGNORE_CERT_DATE_INVALID
SHTDN_REASON_MAJOR_OPERATINGSYSTEM
"%s","%d","%s","%d","filesystem","CopyFileW","SUCCESS","","lpExistingFileName->%ws","lpNewFileName->%ws"
SHTDN_REASON_MAJOR_OTHER
"%s","%d","%s","%d","filesystem","CopyFileW","FAILURE","","lpExistingFileName->%ws","lpNewFileName->%ws"
SHTDN_REASON_MAJOR_POWER
"%s","%d","%s","%d","filesystem","CopyFileExA","SUCCESS","","lpExistingFileName->%s","lpNewFileName->%s"
SHTDN_REASON_MAJOR_SOFTWARE
"%s","%d","%s","%d","filesystem","CopyFileExA","FAILURE","","lpExistingFileName->%s","lpNewFileName->%s"
SHTDN_REASON_MAJOR_SYSTEM
"%s","%d","%s","%d","filesystem","CopyFileExW","SUCCESS","","lpExistingFileName->%ws","lpNewFileName->%ws"
"%s","%d","%s","%d","filesystem","CopyFileExW","FAILURE","","lpExistingFileName->%ws","lpNewFileName->%ws"
"%s","%d","%s","%d","filesystem","ReplaceFileA","SUCCESS","","lpReplacedFileName->%s","lpReplacementFileName->%s"
WH_CALLWNDPROCRET
"%s","%d","%s","%d","filesystem","ReplaceFileA","FAILURE","","lpReplacedFileName->%s","lpReplacementFileName->%s"
WH_DEBUG
"%s","%d","%s","%d","filesystem","ReplaceFileW","SUCCESS","","lpReplacedFileName->%ws","lpReplacementFileName->%ws"
"%s","%d","%s","%d","filesystem","ReplaceFileW","FAILURE","","lpReplacedFileName->%ws","lpReplacementFileName->%ws"
"%s","%d","%s","%d","device","DeviceIoControl","FAILURE","","hDevice->0x%08x","dwIoControlCode->0x%08x","lpInBuffer->0x%08x","nInBufferSize->0x%08x","lpOutBuffer->0x%08x","nOutBufferSize->0x%08x","lpBytesReturned->0x%08x","lpOverlapped->0x%08x"
"%s","%d","%s","%d","device","DeviceIoControl","SUCCESS","","hDevice->0x%08x","dwIoControlCode->0x%08x","lpInBuffer->0x%08x","nInBufferSize->0x%08x","lpOutBuffer->0x%08x","nOutBufferSize->0x%08x","lpBytesReturned->0x%08x","lpOverlapped->0x%08x"
GENERIC_READ
GENERIC_READ | GENERIC_WRITE
SERVICE_DEMAND_START
SERVICE_SYSTEM_START
SC_MANAGER_ENUMERATE_SERVICE
SC_MANAGER_QUERY_LOCK_STATUS
SERVICE_ENUMERATE_DEPENDENTS
SERVICE_QUERY_CONFIG
SERVICE_QUERY_STATUS
SERVICE_STOP
SERVICE_USER_DEFINED_CONTROL
READ_CONTROL
GENERIC_READ
SERVICE_CONTROL_NETBINDREMOVE
SERVICE_CONTROL_PAUSE
SERVICE_CONTROL_STOP
READ_CONTROL
SEMAPHORE_ALL_ACCESS
INTERNET_FLAG_IGNORE_CERT_CN_INVALID
INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTP
INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTPS
INTERNET_FLAG_KEEP_CONNECTION
INTERNET_FLAG_NO_AUTH
INTERNET_FLAG_NO_AUTO_REDIRECT
INTERNET_FLAG_NO_CACHE_WRITE
INTERNET_FLAG_PASSIVE
INTERNET_FLAG_PRAGMA_NOCACHE
INTERNET_FLAG_RAW_DATA
INTERNET_FLAG_RELOAD
INTERNET_FLAG_SECURE
0x%08x
EWX_POWEROFF
EWX_SHUTDOWN
0x%08x
SHTDN_REASON_MAJOR_APPLICATION
SHTDN_REASON_MAJOR_LEGACY_API
0x%08x
WH_CALLWNDPROC
WH_CBT
WH_FOREGROUNDIDLE
WH_GETMESSAGE
WH_JOURNALPLAYBACK
WH_JOURNALRECORD
WH_KEYBOARD
WH_KEYBOARD_LL
WH_MOUSE
WH_MOUSE_LL
WH_MSGFILTER
WH_SHELL
WH_SYSMSGFILTER
kernel32.dll
CreateProcessInternalW
C:\cuckoo\
%slogs\%d.csv
RSDSHGjl
C:\Documents and Settings\emartinez\Escritorio\cmonitor\Release\cmonitor.pdb
ExitProcess
CreateMutexW
CopyFileExW
CreateRemoteThread
WriteFile
LoadLibraryW
ReadProcessMemory
TerminateProcess
ReplaceFileW
ReadFile
CreateFileW
OpenMutexW
GetProcAddress
ReadFileEx
VirtualAllocEx
LoadLibraryA
DeviceIoControl
IsDebuggerPresent
WinExec
WriteFileEx
DeleteFileW
GetCurrentProcessId
MoveFileWithProgressW
WriteProcessMemory
CreateThread
WideCharToMultiByte
GetSystemTime
GetCurrentProcess
Process32First
WaitForSingleObject
GetLastError
Process32Next
GetExitCodeThread
GetModuleHandleA
CreateToolhelp32Snapshot
DuplicateHandle
CloseHandle
MultiByteToWideChar
CreateFileA
SetFilePointer
WaitNamedPipeW
KERNEL32.dll
FindWindowA
SetWindowsHookExW
SetWindowsHookExA
ExitWindowsEx
FindWindowW
USER32.dll
CreateServiceW
OpenServiceA
DeleteService
OpenSCManagerW
OpenServiceW
RegSetValueExA
RegCreateKeyExW
CreateServiceA
RegQueryValueExW
RegDeleteKeyA
RegDeleteKeyW
StartServiceA
RegCreateKeyExA
RegOpenKeyExA
StartServiceW
OpenSCManagerA
RegEnumValueW
RegOpenKeyExW
ControlService
RegEnumKeyExW
RegSetValueExW
ADVAPI32.dll
ShellExecuteExW
ShellExecuteExA
SHELL32.dll
WS2_32.dll
InternetOpenUrlW
WININET.dll
URLDownloadToFileW
urlmon.dll
GetTickCount
VirtualProtect
OutputDebugStringA
HeapFree
GetCurrentThreadId
DecodePointer
GetCommandLineA
HeapReAlloc
UnhandledExceptionFilter
SetUnhandledExceptionFilter
EncodePointer
IsProcessorFeaturePresent
HeapAlloc
HeapCreate
HeapDestroy
RaiseException
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
GetModuleHandleW
SetLastError
InterlockedDecrement
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetConsoleCP
GetConsoleMode
EnterCriticalSection
LeaveCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapSize
GetModuleFileNameW
RtlUnwind
SetStdHandle
WriteConsoleW
LCMapStringW
GetStringTypeW
FlushFileBuffers
0123456789abcdef00
##%%&'%#&'&'
 !"#$%&'()*+,-./0123456789
 !"#$%&'()*+,-./
 !"#$%&'()*+,-./012345678
 !"#$%&'()*+
,-./0123456789:;
 !"#$%&'(
$%&'()*+,-./0123
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGXZ
!"#$%&'()*+,-.
/0123456789
<=>?@ABCDE
FGHIJKLMNO
PQRSTUVWXY
 !"#$%&'()
-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdef
ghijklmnopqrstuvwxyz{|}~
 !"#$%&
'()*+,-
./01234
56789:;
<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`
abcdefghijklmnopqrstuvwxyz{|}~
.?AVbad_alloc@std@@
.?AVexception@std@@
.?AVtype_info@@
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
    <security>
      <requestedPrivileges>
        <requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel>
      </requestedPrivileges>
    </security>
  </trustInfo>
</assembly>PAPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPAD
31Z1c1w3
6.6?6P6a6r6
9$:E:T:
<(=D=\=`=d=h=l=
:D;H;L;P;T;X;\;`;
3.4Q4X4@5
3`3d3h3l3p3t3x3|3
4 4$4(4,4044484<4@4D4H4L4P4T4X4\4`4d4h4l4p4t4x4|4
41585P5T5X5
70:4:8:<:@:D:H:L:P:T:X:\:`:
=%=j>t>
242;2C2H2L2P2y2
2*3034383<3
3'4Y4`4d4h4l4p4t4x4|4
7M7S7X7`7p7z7
7;8s8x8
9L9R9X9m9
9&:S:#;);5;l;
<Y=a=v=
>K?Z?u?
>!>g>m>w>o?{?
0o1t1}1
122a2g2v2
2/3;3B3N3T3`3f3o3u3~3
444t4z4
576G6M6Y6_6o6u6{6
7!7&7,70767;7A7F7U7k7q7y7~7
838<8H8
:3:>:X:c:k:{:
;#<h<o<
>(>M>X>g>
2"2'2H2M2q2
6*6S6[6
020D0J0d0s0
1$1.1T1
5)535F5j5
858N8j8s8y8
<C<I<O<_<j<~=
:B;b;g;
<[<s<}<
>1>?>E>h>o>
0?0E0M0
0_1h1n1
455H5`5
7!8L8m8v8
2*2<2N2`2r2
3 3'3.363>3F3R3[3`3f3p3y3
4&4+4<4D4J4T4Z4d4j4t4}4
7U8o8x8
020T0a0x0
2:2Z2z2
3:3Z3z3
5!5J5j5
606S6v6
6"7E7h7
878W8w8
9&9I9l9
:2:O:l:
;*;J;g;
<-<M<m<
=3=S=s=
?(?C?j?
*0J0j0
202P2k2
3#3@3[3
5(5/5=5D5R5Y5g5n5|5
6$6+696@6N6U6c6j6x6
7 7'757<7J7Q7_7f7t7{7
8#81888F8M8[8b8p8w8
8%9+999C9K9Q9X9f9l9s9
:#:):0:>:D:K:Y:_:f:t:z:
;#;1;7;>;L;R;Y;g;m;t;
<!<'<.<<<B<I<W<]<d<r<x<
=!=/=5=<=J=P=W=e=k=r=
>">(>/>=>C>J>X>^>e>s>y>
>(?.?3?[?m?
0%0+050L0
1%1+151L1
2&2J2P2V2`2w2
3&3,313;3\3b3g3q3
4#4)434P4V4[4e4{4
5A5G5L5V5w5}5
5%6I6O6U6_6
6%7I7O7U7_7
778q8w8|8
:H;N;T;^;
<8=>=D=N={=
0 0*0S0Y0^0h0~0#1]1c1h1r1
4$4.4O4U4Z4d4z4
4#5]5c5i5s5
8%8+858V8\8b8l8
;$;*;0;:;P;U;g;
<N<T<Z<d<
=%>+>1>;>Q>V>h>$?
0^1d1i1s1
1A2b2h2n2x2
4%424L4r4
4-5l5r5x5
93999>9K9d9
:P:V:\:f:
:M;r;x;};
<L<-=3=9=C=Z=
22282>2K2e2
7?7E7J7T7j7
8M8S8X8b8
8Q9u9{9
=)=F=L=Q=[=q=
>B>H>M>W>x>~>
>-?R?X?]?g?
=0b0h0m0w0
0M1r1x1}1
4V4\4a4k4
5 6'6,6P6W6\6
7@7G7L7p7w7|7
80878<8`8g8l8
8 9'9,9P9W9\9
:@:G:L:p:w:|:
;0;7;<;`;g;l;
; <'<,<P<W<\<
=@=G=L=p=w=|=
>0>7><>`>g>l>
> ?'?,?P?W?\?
0@0G0L0p0w0|0
10171<1`1g1l1
1 2'2,2P2W2\2
3@3G3L3p3w3|3
2 2$2(2,2024282<2@2D2H2L2P2T2X2\2`2d2h2l2p2t2x2|2
3 3$3(3,3034383<3H3L3P3T3`3d3
6$6,646<6D6L6
5 5$5(5,5054585<5@5D5H5L5P5T5X5\5`5d5h5l5p5t5x5|5
6 6$6(6,6064686<6@6D6H6
5 585<5T5d5h5|5
6$6,6@6`6|6
707P7p7
808L8P8p8
:<:@:H:L:
:8;<;@;D;H;L;P;X;\;
<l<p<t<x<|<
=$>(>,>0>4>8><>@>D>H>L>P>T>X>\>`>d>h>l>p>t>x>|>
?0?4?<?@?l?p?x?|?
\0`0d0h0l0p0t0x0|0
1$2(2,2024282<2@2D2H2L2P2T2X2\2`2d2h2l2p2t2x2|2
3,30383<3h3l3t3x3|4
5 5$5(5,5054585<5@5D5H5L5P5T5X5\5`5d5l5p5\6`6d6h6l6p6t6x6|6
74787@7D7p7t7|7
: :$:(:,:0:4:8:<:@:D:H:L:P:T:(;,;x;|;
< <$<(<,<0<4<8<<<@<D<H<L<P<T<X<\<`<d<h<l<p<t<x<|<
=(>,>0>4>8><>@>D>L>P>
?(?0?4?
4080<0@0D0H0L0P0X0\0x0
2 2$2(2,20242<2@2
3 3(3,3p3t3x3
3 4$4(40444x4|4
4(5,50585<5
5064686@6D6
687<7@7H7L7
7084888@8D8
889<9@9H9L9
9@:D:H:P:T:
;@<D<H<P<T<
=H=L=P=X=\=
>P>T>X>`>d>
?X?\?`?h?l?
0`0d0h0p0t0
1 1$1(10141x1|1
1(2,20282<2
2H3L3P3T3\3`3
3h4l4p4t4|4
4L5P5T5\5`54686<6@6D6H6L6P6X6\6
7T7X7`7d7
8 8$8(8,80848<8@8
8D9H9L9P9T9\9`9
90:4:8:<:D:H:
:0;4;<;@;
;4<8<<<D<H<
< =$=,=0=t=x=|=
>L>P>T>\>`>
> ?$?(?0?4?x?|?
0P1T1X1\1`1h1l1
2 2$2\2`2h2l2
3`3d3h3p3t3
4 4$4h4l4p4x4|4
5 5(5,5p5t5x5
5 6$6(60646x6|6
6074787<7@7D7H7L7T7X7
9<:@:D:H:L:P:X:\:
= =$=(=0=4=
?`?d?h?l?t?x?
0 0$0(0,0004080@0D0
1P1T1\1`1
2L2P2X2\2
3H3L3T3X3
4D4H4P4T4
4@5D5L5P5|5
6X6\6d6h6
7l7p7t7|7
8$8(8l8p8x8|8
9 9$9h9l9t9x9
:0:8:<:h:p:t:|;
<0<4<<<@<l<p<x<|<
=D=H=P=T=
>H>P>T>
>(?0?4?`?h?l?
0@0H0L0x0
0 1(1,1X1`1d1
282@2D2p2x2|2
3 3$3P3X3\3
40484<4h4p4t4
5L5P5X5\5
5$6(60646l6p6x6|6
7D7H7P7T7
8 8(8,8d8h8p8t8
9<9@9H9L9
:0:8:<:h:p:t:
;<;@;H;L;
< <$<\<`<h<l<
<4=8=@=D=
=8><>@>H>L>x>
>,?0?8?<?h?p?t?
0H0P0T0
1`1d1h1p1t1
2 2$2h2l2p2x2|2
3 3(3,3p3t3x3
3 4$4(40444x4|4
6 6$6(6,6064686<6@6D6H6L6P6T6X6\6`6d6h6l6p6t6x6|6
7 7$7(7,7074787<7@7D7H7L7P7T7X7\7`7d7h7p7t7
7D8H8L8P8X8\8
8d9h9l9p9t9x9
;H<L<P<T<\<`<
=h=l=p=t=|=
=P>T>X>\>d>h>
? ?$?(?,?0?4?<?@?
0 0$0(0,0004080@0D0
1 1$1(1,1014181<1D1H1p2t2|3
5P6T6X6\6`6d6l6p6L<P<T<X<\<`<d<h<l<p<t<x<|<
= =$=(=,=0=4=8=<=@=D=H=L=P=T=X=\=`=d=h=l=p=t=x=|=
> >$>(>,>0>4>8><>@>D>H>L>P>T>X>\>`>d>h>l>p>t>x>|>
? ?$?(?,?0?4?8?<?@?D?H?L?P?T?X?\?`?d?h?l?p?t?x?|?
t9x9|9
: :$:(:,:0:4:8:<:@:D:H:L:P:T:X:\:`:d:h:l:p:t:x:|:
; ;$;(;,;0;4;8;<;@;D;H;L;P;T;X;\;`;d;h;l;p;t;x;|;
< <$<(<,<0<4<8<<<@<D<H<L<P<T<X<\<`<d<h<l<p<t<x<|<
= =$=(=,=0=4=8=<=@=H=L=
X6X7\7`7d7h7l7p7t7x7|7
8 8$8(8,8084888<8@8D8H8L8P8T8X8\8`8d8h8l8p8t8x8|8
9(989H9X9|9
;(;,;0;4;8;<;@;D;H;L;P;
BAVzXQ.dll
"20191007164601.486","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","memory","VirtualAllocEx","SUCCESS","0x00150000","th32ProcessID->420","szExeFile->303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","lpAddress->0x00000000","dwSize->6144","flAllocationType->0x00001000","flProtect->0x00000004"
"20191007164601.486","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","memory","VirtualAllocEx","SUCCESS","0x00260000","th32ProcessID->420","szExeFile->303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","lpAddress->0x00000000","dwSize->377102","flAllocationType->0x00001000","flProtect->0x00000004"
"20191007164601.506","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","memory","VirtualAllocEx","SUCCESS","0x00160000","th32ProcessID->420","szExeFile->303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","lpAddress->0x00000000","dwSize->5390","flAllocationType->0x00001000","flProtect->0x00000004"
"20191007164601.506","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","memory","VirtualAllocEx","SUCCESS","0x00160000","th32ProcessID->420","szExeFile->303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","lpAddress->0x00000000","dwSize->9998","flAllocationType->0x00001000","flProtect->0x00000004"
"20191007164601.506","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","memory","VirtualAllocEx","SUCCESS","0x00160000","th32ProcessID->420","szExeFile->303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","lpAddress->0x00000000","dwSize->26674","flAllocationType->0x00001000","flProtect->0x00000004"
"20191007164601.516","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegOpenKeyExA","FAILURE","","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Borland\Locales"
"20191007164601.516","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegOpenKeyExA","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Borland\Locales"
"20191007164601.516","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegOpenKeyExA","FAILURE","","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Borland\Delphi\Locales"
"20191007164601.516","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","memory","VirtualAllocEx","SUCCESS","0x00150000","th32ProcessID->420","szExeFile->303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","lpAddress->0x00000000","dwSize->1048576","flAllocationType->0x00002000","flProtect->0x00000001"
"20191007164601.516","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","memory","VirtualAllocEx","SUCCESS","0x00150000","th32ProcessID->420","szExeFile->303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","lpAddress->0x00150000","dwSize->16384","flAllocationType->0x00001000","flProtect->0x00000004"
"20191007164601.526","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","memory","VirtualAllocEx","SUCCESS","0x00250000","th32ProcessID->420","szExeFile->303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","lpAddress->0x00000000","dwSize->4096","flAllocationType->0x00001000","flProtect->0x00000040"
"20191007164601.526","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","device","DeviceIoControl","SUCCESS","","hDevice->0x00000034","dwIoControlCode->0x00390008","lpInBuffer->0x77e46318","nInBufferSize->0x00000100","lpOutBuffer->0x0012fc34","nOutBufferSize->0x00000100","lpBytesReturned->0x0012fc2c","lpOverlapped->0x00000000"
"20191007164601.526","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","device","DeviceIoControl","SUCCESS","","hDevice->0x00000034","dwIoControlCode->0x00390008","lpInBuffer->0x77e46318","nInBufferSize->0x00000100","lpOutBuffer->0x0012fc34","nOutBufferSize->0x00000100","lpBytesReturned->0x0012fc2c","lpOverlapped->0x00000000"
"20191007164601.526","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","device","DeviceIoControl","SUCCESS","","hDevice->0x00000034","dwIoControlCode->0x00390008","lpInBuffer->0x77e46318","nInBufferSize->0x00000100","lpOutBuffer->0x0012fc34","nOutBufferSize->0x00000100","lpBytesReturned->0x0012fc2c","lpOverlapped->0x00000000"
"20191007164601.526","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","device","DeviceIoControl","SUCCESS","","hDevice->0x00000034","dwIoControlCode->0x00390008","lpInBuffer->0x77e46318","nInBufferSize->0x00000100","lpOutBuffer->0x0012fc34","nOutBufferSize->0x00000100","lpBytesReturned->0x0012fc2c","lpOverlapped->0x00000000"
"20191007164601.526","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","device","DeviceIoControl","SUCCESS","","hDevice->0x00000034","dwIoControlCode->0x00390008","lpInBuffer->0x77e46318","nInBufferSize->0x00000100","lpOutBuffer->0x0012fc34","nOutBufferSize->0x00000100","lpBytesReturned->0x0012fc2c","lpOverlapped->0x00000000"
"20191007164601.526","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","device","DeviceIoControl","SUCCESS","","hDevice->0x00000034","dwIoControlCode->0x00390008","lpInBuffer->0x77e46318","nInBufferSize->0x00000100","lpOutBuffer->0x0012fc34","nOutBufferSize->0x00000100","lpBytesReturned->0x0012fc2c","lpOverlapped->0x00000000"
"20191007164601.526","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","device","DeviceIoControl","SUCCESS","","hDevice->0x00000034","dwIoControlCode->0x00390008","lpInBuffer->0x77e46318","nInBufferSize->0x00000100","lpOutBuffer->0x0012fc34","nOutBufferSize->0x00000100","lpBytesReturned->0x0012fc2c","lpOverlapped->0x00000000"
"20191007164601.536","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","CreateFileW","SUCCESS","0x000000a0","lpFileName->C:\303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","dwDesiredAccess->GENERIC_READ"
"20191007164601.536","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","ReadFile","SUCCESS","","hFile->0x000000a0","nNumberOfBytesToRead->268"
"20191007164601.536","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","CreateFileW","SUCCESS","0x000000a4","lpFileName->C:\WINDOWS\system32\HelpMe.exe","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20191007164601.536","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","memory","VirtualAllocEx","SUCCESS","0x00154000","th32ProcessID->420","szExeFile->303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","lpAddress->0x00154000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20191007164601.536","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","ReadFile","SUCCESS","","hFile->0x000000a0","nNumberOfBytesToRead->61440"
"20191007164601.536","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","WriteFile","SUCCESS","","hFile->0x000000a4","nNumberOfBytesToWrite->61440"
"20191007164601.536","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","ReadFile","SUCCESS","","hFile->0x000000a0","nNumberOfBytesToRead->61440"
"20191007164601.536","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","WriteFile","SUCCESS","","hFile->0x000000a4","nNumberOfBytesToWrite->61440"
"20191007164601.536","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","ReadFile","SUCCESS","","hFile->0x000000a0","nNumberOfBytesToRead->61440"
"20191007164601.536","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","WriteFile","SUCCESS","","hFile->0x000000a4","nNumberOfBytesToWrite->61440"
"20191007164601.536","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","ReadFile","SUCCESS","","hFile->0x000000a0","nNumberOfBytesToRead->61440"
"20191007164601.536","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","WriteFile","SUCCESS","","hFile->0x000000a4","nNumberOfBytesToWrite->61440"
"20191007164601.536","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","ReadFile","SUCCESS","","hFile->0x000000a0","nNumberOfBytesToRead->61440"
"20191007164601.536","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","WriteFile","SUCCESS","","hFile->0x000000a4","nNumberOfBytesToWrite->61440"
"20191007164601.536","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","ReadFile","SUCCESS","","hFile->0x000000a0","nNumberOfBytesToRead->61440"
"20191007164601.536","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","WriteFile","SUCCESS","","hFile->0x000000a4","nNumberOfBytesToWrite->61440"
"20191007164601.536","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","ReadFile","SUCCESS","","hFile->0x000000a0","nNumberOfBytesToRead->61440"
"20191007164601.536","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","WriteFile","SUCCESS","","hFile->0x000000a4","nNumberOfBytesToWrite->61440"
"20191007164601.536","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","ReadFile","SUCCESS","","hFile->0x000000a0","nNumberOfBytesToRead->12728"
"20191007164601.536","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","WriteFile","SUCCESS","","hFile->0x000000a4","nNumberOfBytesToWrite->12728"
"20191007164601.536","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","synchronization","OpenMutexW","SUCCESS","0x000000b0","dwDesiredAccess->0x00120001","lpName->ShimCacheMutex"
"20191007164601.536","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegOpenKeyExW","SUCCESS","0x000000bc","hKey->0x000000c0","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders"
"20191007164601.536","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000bc","lpValueName->Cache"
"20191007164601.536","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","system","LoadLibraryA","SUCCESS","0x77dd0000","lpFileName->advapi32.dll"
"20191007164601.536","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","process","CreateProcessInternalW","SUCCESS","724","lpApplicationName->(null)","lpCommandLine->C:\WINDOWS\system32\HelpMe.exe"
"20191007164601.536","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","process","WinExec","SUCCESS","","lpCmdLine->C:\WINDOWS\system32\HelpMe.exe"
"20191007164601.536","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","ReadFile","SUCCESS","","hFile->0x000000a0","nNumberOfBytesToRead->268"
"20191007164601.546","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","CreateFileW","SUCCESS","0x000000a8","lpFileName->C:\DOCUME~1\JANETT~1\LOCALS~1\Temp\\MZ
","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20191007164601.546","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","memory","VirtualAllocEx","SUCCESS","0x00154000","th32ProcessID->724","szExeFile->HelpMe.exe","lpAddress->0x00154000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20191007164601.546","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","ReadFile","SUCCESS","","hFile->0x000000a0","nNumberOfBytesToRead->61440"
"20191007164601.546","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","WriteFile","SUCCESS","","hFile->0x000000a8","nNumberOfBytesToWrite->61440"
"20191007164601.546","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","ReadFile","SUCCESS","","hFile->0x000000a0","nNumberOfBytesToRead->61440"
"20191007164601.546","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","WriteFile","SUCCESS","","hFile->0x000000a8","nNumberOfBytesToWrite->61440"
"20191007164601.546","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","ReadFile","SUCCESS","","hFile->0x000000a0","nNumberOfBytesToRead->61440"
"20191007164601.546","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","WriteFile","SUCCESS","","hFile->0x000000a8","nNumberOfBytesToWrite->61440"
"20191007164601.546","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","ReadFile","SUCCESS","","hFile->0x000000a0","nNumberOfBytesToRead->61440"
"20191007164601.556","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegOpenKeyExW","SUCCESS","0x000000a4","hKey->0x000000c4","lpSubKey->Software\Microsoft\Windows\CurrentVersion\ThemeManager"
"20191007164601.556","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegQueryValueExW","FAILURE","","hKey->0x000000a4","lpValueName->Compositing"
"20191007164601.556","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegOpenKeyExW","SUCCESS","0x000000a4","hKey->0x000000c4","lpSubKey->Control Panel\Desktop"
"20191007164601.556","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegQueryValueExW","FAILURE","","hKey->0x000000a4","lpValueName->LameButtonText"
"20191007164601.556","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","system","LoadLibraryA","SUCCESS","0x5ad70000","lpFileName->uxtheme.dll"
"20191007164606.533","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","process","CreateRemoteThread","SUCCESS","0x000000c4","lpStartAddress->0x00404008","th32ProcessID->724","szExeFile->HelpMe.exe"
"20191007164606.533","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","process","CreateRemoteThread","SUCCESS","0x000000c8","lpStartAddress->0x00404008","th32ProcessID->724","szExeFile->HelpMe.exe"
"20191007164606.533","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegCreateKeyExW","SUCCESS","0x000000d4","hKey->HKEY_LOCAL_MACHINE","lpSubKey->SoftWare\Microsoft\Windows NT\CurrentVersion\Winlogon"
"20191007164606.533","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegSetValueExA","SUCCESS","","hKey->0x000000d4","lpValueName->Shell","dwType->1","lpData->Explorer.exe  HelpMe.exe","cbData->25"
"20191007164606.533","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegCreateKeyExW","SUCCESS","0x000000d8","hKey->HKEY_LOCAL_MACHINE","lpSubKey->SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL"
"20191007164606.533","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegSetValueExA","SUCCESS","","hKey->0x000000d8","lpValueName->CheckedValue","dwType->4","lpData->0","cbData->4"
"20191007164606.533","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegCreateKeyExW","SUCCESS","0x000000e0","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders"
"20191007164606.533","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000e0","lpValueName->Startup"
"20191007164606.533","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegCreateKeyExW","SUCCESS","0x000000e0","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders"
"20191007164606.533","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegSetValueExW","SUCCESS","","hKey->0x000000e0","lpValueName->Startup","dwType->1","lpData->C:\Documents and Settings\janettedoe\Start Menu\Programs\Startup","cbData->130"
"20191007164606.533","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","system","LoadLibraryA","SUCCESS","0x774e0000","lpFileName->ole32.dll"
"20191007164606.533","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20191007164606.533","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegOpenKeyExW","SUCCESS","0x000000e4","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20191007164606.533","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegQueryValueExW","FAILURE","","hKey->0x000000e4","lpValueName->NoNetHood"
"20191007164606.533","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20191007164606.533","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegOpenKeyExW","SUCCESS","0x000000e4","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20191007164606.533","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegQueryValueExW","FAILURE","","hKey->0x000000e4","lpValueName->NoPropertiesMyComputer"
"20191007164606.533","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20191007164606.533","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegOpenKeyExW","SUCCESS","0x000000d0","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20191007164606.533","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegQueryValueExW","FAILURE","","hKey->0x000000d0","lpValueName->NoInternetIcon"
"20191007164606.533","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegOpenKeyExA","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Applications\303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345"
"20191007164606.533","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20191007164606.533","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegOpenKeyExW","SUCCESS","0x000000d0","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20191007164606.533","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegQueryValueExW","FAILURE","","hKey->0x000000d0","lpValueName->NoCommonGroups"
"20191007164606.533","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegOpenKeyExA","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Objects\{20D04FE0-3AEA-1069-A2D8-08002B30309D}"
"20191007164606.533","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20191007164606.533","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegOpenKeyExW","SUCCESS","0x000000d0","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20191007164606.533","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegQueryValueExW","FAILURE","","hKey->0x000000d0","lpValueName->NoControlPanel"
"20191007164606.533","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20191007164606.533","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegOpenKeyExW","SUCCESS","0x000000d0","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20191007164606.533","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegQueryValueExW","FAILURE","","hKey->0x000000d0","lpValueName->NoSetFolders"
"20191007164606.533","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegOpenKeyExA","SUCCESS","0x000000d2","hKey->HKEY_CLASSES_ROOT","lpSubKey->CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32"
"20191007164606.533","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000d2","lpValueName->(null)"
"20191007164606.533","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegOpenKeyExW","SUCCESS","0x000000e8","hKey->HKEY_LOCAL_MACHINE","lpSubKey->System\Setup"
"20191007164606.533","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000e8","lpValueName->SystemSetupInProgress"
"20191007164606.533","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->SYSTEM\CurrentControlSet\Control\MiniNT"
"20191007164606.533","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegOpenKeyExW","SUCCESS","0x000000e8","hKey->HKEY_LOCAL_MACHINE","lpSubKey->System\WPA\PnP"
"20191007164606.533","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000e8","lpValueName->seed"
"20191007164606.533","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegOpenKeyExW","SUCCESS","0x000000e8","hKey->HKEY_LOCAL_MACHINE","lpSubKey->SYSTEM\Setup"
"20191007164606.533","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000e8","lpValueName->OsLoaderPath"
"20191007164606.533","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000e8","lpValueName->OsLoaderPath"
"20191007164606.533","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegOpenKeyExW","SUCCESS","0x000000e8","hKey->HKEY_LOCAL_MACHINE","lpSubKey->SYSTEM\Setup"
"20191007164606.533","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000e8","lpValueName->SystemPartition"
"20191007164606.533","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000e8","lpValueName->SystemPartition"
"20191007164606.533","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegOpenKeyExW","SUCCESS","0x000000e8","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Setup"
"20191007164606.533","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000e8","lpValueName->SourcePath"
"20191007164606.533","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000e8","lpValueName->SourcePath"
"20191007164606.533","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegOpenKeyExW","SUCCESS","0x000000e8","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Setup"
"20191007164606.533","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000e8","lpValueName->ServicePackSourcePath"
"20191007164606.533","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000e8","lpValueName->ServicePackSourcePath"
"20191007164606.533","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegOpenKeyExW","SUCCESS","0x000000e8","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Setup"
"20191007164606.533","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000e8","lpValueName->ServicePackCachePath"
"20191007164606.533","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000e8","lpValueName->ServicePackCachePath"
"20191007164606.533","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegOpenKeyExW","SUCCESS","0x000000e8","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Setup"
"20191007164606.533","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000e8","lpValueName->DriverCachePath"
"20191007164606.533","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000e8","lpValueName->DriverCachePath"
"20191007164606.533","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegOpenKeyExW","SUCCESS","0x000000e8","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion"
"20191007164606.533","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000e8","lpValueName->DevicePath"
"20191007164606.533","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","synchronization","CreateMutexW","SUCCESS","0x000000e4","lpName->(null)"
"20191007164606.533","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","synchronization","CreateMutexW","SUCCESS","0x000000f0","lpName->(null)"
"20191007164606.533","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","synchronization","CreateMutexW","SUCCESS","0x000000f8","lpName->(null)"
"20191007164606.533","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegOpenKeyExW","SUCCESS","0x000000fc","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Setup"
"20191007164606.533","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000fc","lpValueName->LogLevel"
"20191007164606.533","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000fc","lpValueName->LogLevel"
"20191007164606.533","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegQueryValueExW","FAILURE","","hKey->0x000000fc","lpValueName->LogPath"
"20191007164606.533","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegOpenKeyExW","FAILURE","","hKey->0x000000fc","lpSubKey->AppLogLevels"
"20191007164606.533","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","CreateFileW","SUCCESS","0x000000fc","lpFileName->C:\303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","dwDesiredAccess->GENERIC_READ"
"20191007164606.533","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","ReadFile","SUCCESS","","hFile->0x000000fc","nNumberOfBytesToRead->65536"
"20191007164606.533","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000100","nNumberOfBytesToWrite->65536"
"20191007164606.533","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","ReadFile","SUCCESS","","hFile->0x000000fc","nNumberOfBytesToRead->65536"
"20191007164606.533","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000100","nNumberOfBytesToWrite->65536"
"20191007164606.533","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","ReadFile","SUCCESS","","hFile->0x000000fc","nNumberOfBytesToRead->65536"
"20191007164606.533","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000100","nNumberOfBytesToWrite->65536"
"20191007164606.533","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","ReadFile","SUCCESS","","hFile->0x000000fc","nNumberOfBytesToRead->65536"
"20191007164606.533","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000100","nNumberOfBytesToWrite->65536"
"20191007164606.533","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","ReadFile","SUCCESS","","hFile->0x000000fc","nNumberOfBytesToRead->65536"
"20191007164606.533","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000100","nNumberOfBytesToWrite->65536"
"20191007164606.533","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","ReadFile","SUCCESS","","hFile->0x000000fc","nNumberOfBytesToRead->65536"
"20191007164606.533","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000100","nNumberOfBytesToWrite->65536"
"20191007164606.533","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","ReadFile","SUCCESS","","hFile->0x000000fc","nNumberOfBytesToRead->65536"
"20191007164606.533","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000100","nNumberOfBytesToWrite->65536"
"20191007164606.533","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","ReadFile","SUCCESS","","hFile->0x000000fc","nNumberOfBytesToRead->65536"
"20191007164606.533","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000100","nNumberOfBytesToWrite->65536"
"20191007164606.533","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","ReadFile","SUCCESS","","hFile->0x000000fc","nNumberOfBytesToRead->65536"
"20191007164606.533","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000100","nNumberOfBytesToWrite->65536"
"20191007164606.533","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","ReadFile","SUCCESS","","hFile->0x000000fc","nNumberOfBytesToRead->65536"
"20191007164606.533","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000100","nNumberOfBytesToWrite->50128"
"20191007164606.533","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","ReadFile","SUCCESS","","hFile->0x000000fc","nNumberOfBytesToRead->65536"
"20191007164606.533","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","CopyFileExW","SUCCESS","","lpExistingFileName->C:\303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","lpNewFileName->C:\AutoRun.exe"
"20191007164606.533","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","CreateFileW","SUCCESS","0x000000fc","lpFileName->C:\303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","dwDesiredAccess->GENERIC_READ"
"20191007164606.533","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","ReadFile","SUCCESS","","hFile->0x000000fc","nNumberOfBytesToRead->268"
"20191007164606.533","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","CreateFileW","SUCCESS","0x000000fc","lpFileName->C:\AUTOEXEC.BAT","dwDesiredAccess->GENERIC_READ"
"20191007164606.533","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","ReadFile","SUCCESS","","hFile->0x000000fc","nNumberOfBytesToRead->268"
"20191007164606.533","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","CreateFileW","SUCCESS","0x000000fc","lpFileName->C:\303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","dwDesiredAccess->GENERIC_READ"
"20191007164606.533","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","CreateFileW","SUCCESS","0x00000104","lpFileName->C:\AUTOEXEC.BAT","dwDesiredAccess->GENERIC_READ"
"20191007164606.543","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","system","LoadLibraryA","SUCCESS","0x77920000","lpFileName->SETUPAPI.dll"
"20191007164606.543","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Rpc\PagedBuffers"
"20191007164606.543","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegOpenKeyExA","SUCCESS","0x00000108","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Rpc"
"20191007164606.543","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345\RpcThreadPoolThrottle"
"20191007164606.543","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Policies\Microsoft\Windows NT\Rpc"
"20191007164606.543","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","system","LoadLibraryW","SUCCESS","0x77e70000","lpFileName->rpcrt4.dll"
"20191007164606.543","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","CreateFileW","SUCCESS","0x0000012c","lpFileName->\\.\PIPE\lsarpc","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20191007164606.543","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","CreateFileW","SUCCESS","0x00000128","lpFileName->\\.\PIPE\lsarpc","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20191007164606.543","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","CreateFileW","SUCCESS","0x00000130","lpFileName->C:\AUTOEXEC.BAT.exe","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20191007164606.543","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","device","DeviceIoControl","SUCCESS","","hDevice->0x00000134","dwIoControlCode->0x004d0008","lpInBuffer->0x00000000","nInBufferSize->0x00000000","lpOutBuffer->0x0120f37c","nOutBufferSize->0x00000208","lpBytesReturned->0x0120f374","lpOverlapped->0x00000000"
"20191007164606.543","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","CreateFileW","SUCCESS","0x00000134","lpFileName->\\.\MountPointManager","dwDesiredAccess->ATTRIBUTES"
"20191007164606.543","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","device","DeviceIoControl","FAILURE","","hDevice->0x00000134","dwIoControlCode->0x006d0008","lpInBuffer->0x0049b8c0","nInBufferSize->0x00000046","lpOutBuffer->0x0049b290","nOutBufferSize->0x00000020","lpBytesReturned->0x0120f374","lpOverlapped->0x00000000"
"20191007164606.543","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","device","DeviceIoControl","SUCCESS","","hDevice->0x00000134","dwIoControlCode->0x006d0008","lpInBuffer->0x0049b8c0","nInBufferSize->0x00000046","lpOutBuffer->0x00486100","nOutBufferSize->0x000000ee","lpBytesReturned->0x0120f374","lpOverlapped->0x00000000"
"20191007164606.543","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegOpenKeyExW","SUCCESS","0x00000134","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume"
"20191007164606.543","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegOpenKeyExW","SUCCESS","0x0000013c","hKey->0x00000134","lpSubKey->{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20191007164606.543","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x0000013c","lpValueName->Data"
"20191007164606.543","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegOpenKeyExW","SUCCESS","0x0000013c","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume"
"20191007164606.543","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegOpenKeyExW","SUCCESS","0x00000134","hKey->0x0000013c","lpSubKey->{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20191007164606.543","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000134","lpValueName->Generation"
"20191007164606.543","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","CreateFileW","SUCCESS","0x00000134","lpFileName->\\.\MountPointManager","dwDesiredAccess->ATTRIBUTES"
"20191007164606.543","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","memory","VirtualAllocEx","SUCCESS","0x00164000","th32ProcessID->420","szExeFile->303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","lpAddress->0x00164000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20191007164606.543","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","ReadFile","SUCCESS","","hFile->0x000000fc","nNumberOfBytesToRead->61440"
"20191007164606.543","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000130","nNumberOfBytesToWrite->61440"
"20191007164606.543","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","ReadFile","SUCCESS","","hFile->0x000000fc","nNumberOfBytesToRead->61440"
"20191007164606.543","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000130","nNumberOfBytesToWrite->61440"
"20191007164606.543","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","ReadFile","SUCCESS","","hFile->0x000000fc","nNumberOfBytesToRead->61440"
"20191007164606.543","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000130","nNumberOfBytesToWrite->61440"
"20191007164606.543","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","ReadFile","SUCCESS","","hFile->0x000000fc","nNumberOfBytesToRead->61440"
"20191007164606.543","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000130","nNumberOfBytesToWrite->61440"
"20191007164606.543","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","ReadFile","SUCCESS","","hFile->0x000000fc","nNumberOfBytesToRead->61440"
"20191007164606.543","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000130","nNumberOfBytesToWrite->61440"
"20191007164606.543","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","ReadFile","SUCCESS","","hFile->0x000000fc","nNumberOfBytesToRead->61440"
"20191007164606.543","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000130","nNumberOfBytesToWrite->61440"
"20191007164606.543","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","ReadFile","SUCCESS","","hFile->0x000000fc","nNumberOfBytesToRead->61440"
"20191007164606.543","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000130","nNumberOfBytesToWrite->61440"
"20191007164606.543","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","ReadFile","SUCCESS","","hFile->0x000000fc","nNumberOfBytesToRead->61440"
"20191007164606.543","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000130","nNumberOfBytesToWrite->61440"
"20191007164606.543","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","ReadFile","SUCCESS","","hFile->0x000000fc","nNumberOfBytesToRead->61440"
"20191007164606.543","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000130","nNumberOfBytesToWrite->61440"
"20191007164606.543","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","ReadFile","SUCCESS","","hFile->0x000000fc","nNumberOfBytesToRead->61440"
"20191007164606.543","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000130","nNumberOfBytesToWrite->61440"
"20191007164606.543","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","ReadFile","SUCCESS","","hFile->0x000000fc","nNumberOfBytesToRead->25552"
"20191007164606.543","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000130","nNumberOfBytesToWrite->25552"
"20191007164606.543","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000130","nNumberOfBytesToWrite->268"
"20191007164606.543","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000130","nNumberOfBytesToWrite->268"
"20191007164606.543","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","DeleteFileW","SUCCESS","","lpFileName->C:\AUTOEXEC.BAT"
"20191007164606.553","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","device","DeviceIoControl","FAILURE","","hDevice->0x00000134","dwIoControlCode->0x006d0034","lpInBuffer->0x0049c7f8","nInBufferSize->0x00000208","lpOutBuffer->0x0049ac38","nOutBufferSize->0x00000008","lpBytesReturned->0x0120f884","lpOverlapped->0x00000000"
"20191007164606.553","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","device","DeviceIoControl","SUCCESS","","hDevice->0x00000134","dwIoControlCode->0x006d0034","lpInBuffer->0x0049c7f8","nInBufferSize->0x00000208","lpOutBuffer->0x0049ca18","nOutBufferSize->0x00000010","lpBytesReturned->0x0120f884","lpOverlapped->0x00000000"
"20191007164606.553","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","CreateFileW","SUCCESS","0x00000134","lpFileName->\\.\MountPointManager","dwDesiredAccess->ATTRIBUTES"
"20191007164606.553","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","device","DeviceIoControl","FAILURE","","hDevice->0x00000134","dwIoControlCode->0x006d0034","lpInBuffer->0x0049c7f8","nInBufferSize->0x00000208","lpOutBuffer->0x0049ac38","nOutBufferSize->0x00000008","lpBytesReturned->0x0120f884","lpOverlapped->0x00000000"
"20191007164606.553","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","MoveFileWithProgressW","SUCCESS","","lpExistingFileName->C:\AUTOEXEC.BAT.exe","lpNewFileName->C:\AUTOEXEC.BAT"
"20191007164606.553","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","CreateFileW","SUCCESS","0x00000130","lpFileName->C:\AutoRun.exe","dwDesiredAccess->GENERIC_READ"
"20191007164606.553","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","ReadFile","SUCCESS","","hFile->0x00000130","nNumberOfBytesToRead->268"
"20191007164606.553","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","CreateFileW","SUCCESS","0x00000130","lpFileName->C:\AUTORUN.INF","dwDesiredAccess->GENERIC_READ"
"20191007164606.553","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","ReadFile","SUCCESS","","hFile->0x00000130","nNumberOfBytesToRead->268"
"20191007164606.553","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","CreateFileW","SUCCESS","0x00000130","lpFileName->C:\303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","dwDesiredAccess->GENERIC_READ"
"20191007164606.553","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","CreateFileW","SUCCESS","0x00000104","lpFileName->C:\AUTORUN.INF","dwDesiredAccess->GENERIC_READ"
"20191007164606.553","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","CreateFileW","SUCCESS","0x000000fc","lpFileName->C:\AUTORUN.INF.exe","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20191007164606.553","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","memory","VirtualAllocEx","SUCCESS","0x00164000","th32ProcessID->724","szExeFile->HelpMe.exe","lpAddress->0x00164000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20191007164606.553","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","ReadFile","SUCCESS","","hFile->0x00000130","nNumberOfBytesToRead->61440"
"20191007164606.553","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","WriteFile","SUCCESS","","hFile->0x000000fc","nNumberOfBytesToWrite->61440"
"20191007164606.553","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","ReadFile","SUCCESS","","hFile->0x00000130","nNumberOfBytesToRead->61440"
"20191007164606.553","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","WriteFile","SUCCESS","","hFile->0x000000fc","nNumberOfBytesToWrite->61440"
"20191007164606.553","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","ReadFile","SUCCESS","","hFile->0x00000130","nNumberOfBytesToRead->61440"
"20191007164606.553","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","WriteFile","SUCCESS","","hFile->0x000000fc","nNumberOfBytesToWrite->61440"
"20191007164606.553","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","ReadFile","SUCCESS","","hFile->0x00000130","nNumberOfBytesToRead->61440"
"20191007164606.553","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","WriteFile","SUCCESS","","hFile->0x000000fc","nNumberOfBytesToWrite->61440"
"20191007164606.553","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","ReadFile","SUCCESS","","hFile->0x00000130","nNumberOfBytesToRead->61440"
"20191007164606.553","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","WriteFile","SUCCESS","","hFile->0x000000fc","nNumberOfBytesToWrite->61440"
"20191007164606.553","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","ReadFile","SUCCESS","","hFile->0x00000130","nNumberOfBytesToRead->61440"
"20191007164606.553","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","WriteFile","SUCCESS","","hFile->0x000000fc","nNumberOfBytesToWrite->61440"
"20191007164606.553","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","ReadFile","SUCCESS","","hFile->0x00000130","nNumberOfBytesToRead->61440"
"20191007164606.553","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","WriteFile","SUCCESS","","hFile->0x000000fc","nNumberOfBytesToWrite->61440"
"20191007164606.553","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","ReadFile","SUCCESS","","hFile->0x00000130","nNumberOfBytesToRead->61440"
"20191007164606.553","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","WriteFile","SUCCESS","","hFile->0x000000fc","nNumberOfBytesToWrite->61440"
"20191007164606.553","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","ReadFile","SUCCESS","","hFile->0x00000130","nNumberOfBytesToRead->61440"
"20191007164606.553","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","WriteFile","SUCCESS","","hFile->0x000000fc","nNumberOfBytesToWrite->61440"
"20191007164606.553","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","ReadFile","SUCCESS","","hFile->0x00000130","nNumberOfBytesToRead->61440"
"20191007164606.553","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","WriteFile","SUCCESS","","hFile->0x000000fc","nNumberOfBytesToWrite->61440"
"20191007164606.553","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","ReadFile","SUCCESS","","hFile->0x00000130","nNumberOfBytesToRead->25552"
"20191007164606.553","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","WriteFile","SUCCESS","","hFile->0x000000fc","nNumberOfBytesToWrite->25552"
"20191007164606.553","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","ReadFile","SUCCESS","","hFile->0x00000104","nNumberOfBytesToRead->145"
"20191007164606.553","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","WriteFile","SUCCESS","","hFile->0x000000fc","nNumberOfBytesToWrite->145"
"20191007164606.553","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","WriteFile","SUCCESS","","hFile->0x000000fc","nNumberOfBytesToWrite->268"
"20191007164606.553","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","WriteFile","SUCCESS","","hFile->0x000000fc","nNumberOfBytesToWrite->268"
"20191007164606.553","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","device","DeviceIoControl","SUCCESS","","hDevice->0x00000134","dwIoControlCode->0x006d0034","lpInBuffer->0x0049c7f8","nInBufferSize->0x00000208","lpOutBuffer->0x0049ca30","nOutBufferSize->0x00000010","lpBytesReturned->0x0120f884","lpOverlapped->0x00000000"
"20191007164606.553","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegCreateKeyExW","SUCCESS","0x00000134","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20191007164606.553","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegSetValueExW","SUCCESS","","hKey->0x00000134","lpValueName->BaseClass","dwType->1","lpData->Drive","cbData->12"
"20191007164606.553","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegOpenKeyExW","SUCCESS","0x00000134","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume"
"20191007164606.553","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegOpenKeyExW","SUCCESS","0x000000fc","hKey->0x00000134","lpSubKey->{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20191007164606.553","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000fc","lpValueName->Generation"
"20191007164606.553","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","system","LoadLibraryA","SUCCESS","0x7c9c0000","lpFileName->SHELL32.dll"
"20191007164606.553","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","system","LoadLibraryA","SUCCESS","0x774e0000","lpFileName->ole32.dll"
"20191007164606.553","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegOpenKeyExW","SUCCESS","0x000000fe","hKey->HKEY_CLASSES_ROOT","lpSubKey->Directory"
"20191007164606.553","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegOpenKeyExW","FAILURE","","hKey->0x000000fe","lpSubKey->CurVer"
"20191007164606.553","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegOpenKeyExW","SUCCESS","0x00000136","hKey->0x000000fe","lpSubKey->(null)"
"20191007164606.553","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20191007164606.553","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegOpenKeyExW","SUCCESS","0x000000fc","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20191007164606.553","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegQueryValueExW","FAILURE","","hKey->0x000000fc","lpValueName->DontShowSuperHidden"
"20191007164606.553","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegOpenKeyExW","SUCCESS","0x000000fc","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer"
"20191007164606.553","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegOpenKeyExW","SUCCESS","0x00000104","hKey->0x000000fc","lpSubKey->(null)"
"20191007164606.553","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000104","lpValueName->ShellState"
"20191007164606.553","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000104","lpValueName->ShellState"
"20191007164606.553","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20191007164606.553","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegOpenKeyExW","SUCCESS","0x00000104","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20191007164606.553","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegQueryValueExW","FAILURE","","hKey->0x00000104","lpValueName->ForceActiveDesktopOn"
"20191007164606.553","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20191007164606.553","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegOpenKeyExW","SUCCESS","0x00000104","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20191007164606.553","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegQueryValueExW","FAILURE","","hKey->0x00000104","lpValueName->NoActiveDesktop"
"20191007164606.553","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\System"
"20191007164606.553","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20191007164606.553","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegOpenKeyExW","SUCCESS","0x00000104","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20191007164606.553","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegQueryValueExW","FAILURE","","hKey->0x00000104","lpValueName->NoWebView"
"20191007164606.553","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20191007164606.553","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegOpenKeyExW","SUCCESS","0x00000104","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20191007164606.553","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegQueryValueExW","FAILURE","","hKey->0x00000104","lpValueName->ClassicShell"
"20191007164606.553","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20191007164606.553","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegOpenKeyExW","SUCCESS","0x00000104","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20191007164606.553","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegQueryValueExW","FAILURE","","hKey->0x00000104","lpValueName->SeparateProcess"
"20191007164606.553","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20191007164606.553","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegOpenKeyExW","SUCCESS","0x00000104","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20191007164606.553","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegQueryValueExW","FAILURE","","hKey->0x00000104","lpValueName->NoNetCrawling"
"20191007164606.553","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20191007164606.553","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegOpenKeyExW","SUCCESS","0x00000104","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20191007164606.553","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegQueryValueExW","FAILURE","","hKey->0x00000104","lpValueName->NoSimpleStartMenu"
"20191007164606.563","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","DeleteFileW","FAILURE","","lpFileName->C:\AUTORUN.INF"
"20191007164606.563","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegOpenKeyExW","SUCCESS","0x00000130","hKey->0x000000fc","lpSubKey->Advanced"
"20191007164606.563","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000130","lpValueName->Hidden"
"20191007164606.563","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000130","lpValueName->ShowCompColor"
"20191007164606.563","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000130","lpValueName->HideFileExt"
"20191007164606.563","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000130","lpValueName->DontPrettyPath"
"20191007164606.563","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000130","lpValueName->ShowInfoTip"
"20191007164606.563","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000130","lpValueName->HideIcons"
"20191007164606.563","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000130","lpValueName->MapNetDrvBtn"
"20191007164606.563","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000130","lpValueName->WebView"
"20191007164606.563","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000130","lpValueName->Filter"
"20191007164606.563","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000130","lpValueName->ShowSuperHidden"
"20191007164606.563","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000130","lpValueName->SeparateProcess"
"20191007164606.563","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000130","lpValueName->NoNetCrawling"
"20191007164606.563","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegOpenKeyExW","FAILURE","","hKey->0x00000136","lpSubKey->ShellEx\IconHandler"
"20191007164606.563","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegQueryValueExW","FAILURE","","hKey->0x00000136","lpValueName->DocObject"
"20191007164606.563","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegQueryValueExW","FAILURE","","hKey->0x00000136","lpValueName->BrowseInPlace"
"20191007164606.563","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegOpenKeyExW","FAILURE","","hKey->0x00000136","lpSubKey->Clsid"
"20191007164606.563","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegOpenKeyExW","SUCCESS","0x0000013e","hKey->HKEY_CLASSES_ROOT","lpSubKey->Folder"
"20191007164606.563","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegOpenKeyExW","FAILURE","","hKey->0x0000013e","lpSubKey->Clsid"
"20191007164606.563","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegQueryValueExW","FAILURE","","hKey->0x00000136","lpValueName->IsShortcut"
"20191007164606.563","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000136","lpValueName->AlwaysShowExt"
"20191007164606.563","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegQueryValueExW","FAILURE","","hKey->0x00000136","lpValueName->NeverShowExt"
"20191007164606.563","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20191007164606.563","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegOpenKeyExW","SUCCESS","0x0000013c","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20191007164606.563","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegQueryValueExW","FAILURE","","hKey->0x0000013c","lpValueName->UseDesktopIniCache"
"20191007164606.563","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","MoveFileWithProgressW","FAILURE","","lpExistingFileName->C:\AUTORUN.INF.exe","lpNewFileName->C:\AUTORUN.INF"
"20191007164606.563","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","CreateFileW","SUCCESS","0x00000104","lpFileName->C:\boot.ini","dwDesiredAccess->GENERIC_READ"
"20191007164606.563","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","ReadFile","SUCCESS","","hFile->0x00000104","nNumberOfBytesToRead->268"
"20191007164606.563","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","CreateFileW","SUCCESS","0x00000104","lpFileName->C:\303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","dwDesiredAccess->GENERIC_READ"
"20191007164606.563","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","CreateFileW","SUCCESS","0x0000013c","lpFileName->C:\boot.ini","dwDesiredAccess->GENERIC_READ"
"20191007164606.563","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","CreateFileW","SUCCESS","0x00000134","lpFileName->C:\boot.ini.exe","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20191007164606.563","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","memory","VirtualAllocEx","SUCCESS","0x00164000","th32ProcessID->724","szExeFile->HelpMe.exe","lpAddress->0x00164000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20191007164606.563","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","ReadFile","SUCCESS","","hFile->0x00000104","nNumberOfBytesToRead->61440"
"20191007164606.563","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000134","nNumberOfBytesToWrite->61440"
"20191007164606.563","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","ReadFile","SUCCESS","","hFile->0x00000104","nNumberOfBytesToRead->61440"
"20191007164606.573","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000134","nNumberOfBytesToWrite->61440"
"20191007164606.573","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","ReadFile","SUCCESS","","hFile->0x00000104","nNumberOfBytesToRead->61440"
"20191007164606.573","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000134","nNumberOfBytesToWrite->61440"
"20191007164606.573","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","ReadFile","SUCCESS","","hFile->0x00000104","nNumberOfBytesToRead->61440"
"20191007164606.573","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000134","nNumberOfBytesToWrite->61440"
"20191007164606.573","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","ReadFile","SUCCESS","","hFile->0x00000104","nNumberOfBytesToRead->61440"
"20191007164606.573","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000134","nNumberOfBytesToWrite->61440"
"20191007164606.573","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","ReadFile","SUCCESS","","hFile->0x00000104","nNumberOfBytesToRead->61440"
"20191007164606.573","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000134","nNumberOfBytesToWrite->61440"
"20191007164606.573","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","ReadFile","SUCCESS","","hFile->0x00000104","nNumberOfBytesToRead->61440"
"20191007164606.573","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000134","nNumberOfBytesToWrite->61440"
"20191007164606.573","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","ReadFile","SUCCESS","","hFile->0x00000104","nNumberOfBytesToRead->61440"
"20191007164606.573","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000134","nNumberOfBytesToWrite->61440"
"20191007164606.573","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","ReadFile","SUCCESS","","hFile->0x00000104","nNumberOfBytesToRead->61440"
"20191007164606.573","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000134","nNumberOfBytesToWrite->61440"
"20191007164606.573","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","ReadFile","SUCCESS","","hFile->0x00000104","nNumberOfBytesToRead->61440"
"20191007164606.573","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000134","nNumberOfBytesToWrite->61440"
"20191007164606.573","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","ReadFile","SUCCESS","","hFile->0x00000104","nNumberOfBytesToRead->25552"
"20191007164606.573","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000134","nNumberOfBytesToWrite->25552"
"20191007164606.573","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","ReadFile","SUCCESS","","hFile->0x0000013c","nNumberOfBytesToRead->211"
"20191007164606.573","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000134","nNumberOfBytesToWrite->211"
"20191007164606.573","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000134","nNumberOfBytesToWrite->268"
"20191007164606.573","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000134","nNumberOfBytesToWrite->268"
"20191007164606.573","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","system","LoadLibraryA","SUCCESS","0x77120000","lpFileName->oleaut32.dll"
"20191007164606.573","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegOpenKeyExW","SUCCESS","0x00000134","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\COM3"
"20191007164606.573","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000134","lpValueName->Com+Enabled"
"20191007164606.573","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\COM3\Debug"
"20191007164606.573","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\COM3\Debug"
"20191007164606.573","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegOpenKeyExW","SUCCESS","0x00000134","hKey->HKEY_LOCAL_MACHINE","lpSubKey->SOFTWARE\Microsoft\OLE"
"20191007164606.573","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegQueryValueExW","FAILURE","","hKey->0x00000134","lpValueName->MinimumFreeMemPercentageToCreateProcess"
"20191007164606.573","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegQueryValueExW","FAILURE","","hKey->0x00000134","lpValueName->MinimumFreeMemPercentageToCreateObject"
"20191007164606.573","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","system","LoadLibraryA","SUCCESS","0x76fd0000","lpFileName->CLBCATQ.DLL"
"20191007164606.573","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegOpenKeyExW","SUCCESS","0x00000134","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\COM3"
"20191007164606.573","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000134","lpValueName->Com+Enabled"
"20191007164606.573","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","system","LoadLibraryA","SUCCESS","0x76fd0000","lpFileName->CLBCATQ.DLL"
"20191007164606.573","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegOpenKeyExW","SUCCESS","0x00000134","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Classes"
"20191007164606.573","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegOpenKeyExW","SUCCESS","0x00000144","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\COM3"
"20191007164606.573","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegOpenKeyExW","SUCCESS","0x00000158","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Classes"
"20191007164606.573","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegOpenKeyExW","SUCCESS","0x00000168","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\COM3"
"20191007164606.573","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegOpenKeyExW","SUCCESS","0x00000170","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\COM3"
"20191007164606.573","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegOpenKeyExW","SUCCESS","0x00000178","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Classes\CLSID"
"20191007164606.573","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegOpenKeyExW","SUCCESS","0x00000180","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Classes"
"20191007164606.573","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegOpenKeyExW","SUCCESS","0x00000188","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\COM3"
"20191007164606.573","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegOpenKeyExW","SUCCESS","0x00000198","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\COM3"
"20191007164606.573","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegOpenKeyExW","SUCCESS","0x000001a0","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\COM3"
"20191007164606.573","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegOpenKeyExW","SUCCESS","0x000001a8","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Classes\CLSID"
"20191007164606.573","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegOpenKeyExW","SUCCESS","0x000001b0","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\COM3"
"20191007164606.573","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001b0","lpValueName->REGDBVersion"
"20191007164606.573","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","CreateFileW","SUCCESS","0x000001b0","lpFileName->C:\WINDOWS\Registration\R000000000007.clb","dwDesiredAccess->GENERIC_READ"
"20191007164606.573","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001b0","nNumberOfBytesToRead->22512"
"20191007164606.573","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegOpenKeyExW","SUCCESS","0x000001b0","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\COM3"
"20191007164606.573","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001b0","lpValueName->REGDBVersion"
"20191007164606.573","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","memory","VirtualAllocEx","SUCCESS","0x00300000","th32ProcessID->724","szExeFile->HelpMe.exe","lpAddress->0x00000000","dwSize->65536","flAllocationType->0x00002000","flProtect->0x00000001"
"20191007164606.573","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","memory","VirtualAllocEx","SUCCESS","0x00300000","th32ProcessID->724","szExeFile->HelpMe.exe","lpAddress->0x00300000","dwSize->4096","flAllocationType->0x00001000","flProtect->0x00000004"
"20191007164606.573","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegOpenKeyExW","SUCCESS","0x000001b2","hKey->0x0000013e","lpSubKey->CLSID\{00021401-0000-0000-C000-000000000046}"
"20191007164606.573","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegOpenKeyExW","FAILURE","","hKey->0x000001b2","lpSubKey->TreatAs"
"20191007164606.573","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegOpenKeyExW","SUCCESS","0x000001be","hKey->0x0000013e","lpSubKey->(null)"
"20191007164606.573","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegOpenKeyExW","SUCCESS","0x000001b2","hKey->0x000001be","lpSubKey->CLSID\{00021401-0000-0000-C000-000000000046}"
"20191007164606.573","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegOpenKeyExW","SUCCESS","0x000001c2","hKey->0x000001b2","lpSubKey->InprocServer32"
"20191007164606.583","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegQueryValueExW","FAILURE","","hKey->0x000001c2","lpValueName->InprocServer32"
"20191007164606.583","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegOpenKeyExW","FAILURE","","hKey->0x000001b2","lpSubKey->InprocServerX86"
"20191007164606.583","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegOpenKeyExW","FAILURE","","hKey->0x000001b2","lpSubKey->LocalServer32"
"20191007164606.583","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegOpenKeyExW","SUCCESS","0x000001c2","hKey->0x000001b2","lpSubKey->InprocServer32"
"20191007164606.583","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001c2","lpValueName->(null)"
"20191007164606.583","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegOpenKeyExW","FAILURE","","hKey->0x000001b2","lpSubKey->InprocHandler32"
"20191007164606.583","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegOpenKeyExW","FAILURE","","hKey->0x000001b2","lpSubKey->InprocHandlerX86"
"20191007164606.583","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegOpenKeyExW","FAILURE","","hKey->0x000001b2","lpSubKey->LocalServer32"
"20191007164606.583","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegOpenKeyExW","FAILURE","","hKey->0x000001b2","lpSubKey->LocalServer"
"20191007164606.583","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegOpenKeyExW","SUCCESS","0x000001c2","hKey->0x000001be","lpSubKey->CLSID\{00021401-0000-0000-C000-000000000046}"
"20191007164606.583","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegQueryValueExW","FAILURE","","hKey->0x000001c2","lpValueName->AppID"
"20191007164606.583","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegOpenKeyExW","SUCCESS","0x000001b2","hKey->0x000001be","lpSubKey->CLSID\{00021401-0000-0000-C000-000000000046}"
"20191007164606.583","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegOpenKeyExW","SUCCESS","0x000001b2","hKey->0x000001be","lpSubKey->CLSID\{00021401-0000-0000-C000-000000000046}"
"20191007164606.583","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegOpenKeyExW","SUCCESS","0x000001c2","hKey->0x000001b2","lpSubKey->InprocServer32"
"20191007164606.583","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001c2","lpValueName->ThreadingModel"
"20191007164606.583","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegOpenKeyExW","SUCCESS","0x000001b2","hKey->HKEY_CLASSES_ROOT","lpSubKey->CLSID\{00021401-0000-0000-C000-000000000046}"
"20191007164606.583","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegOpenKeyExW","FAILURE","","hKey->0x000001b2","lpSubKey->TreatAs"
"20191007164606.583","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegOpenKeyExW","SUCCESS","0x000001c0","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume"
"20191007164606.583","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegOpenKeyExW","SUCCESS","0x000001c4","hKey->0x000001c0","lpSubKey->{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20191007164606.583","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001c4","lpValueName->Generation"
"20191007164606.583","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegOpenKeyExW","SUCCESS","0x000001c6","hKey->HKEY_CLASSES_ROOT","lpSubKey->Drive\shellex\FolderExtensions"
"20191007164606.583","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegOpenKeyExW","SUCCESS","0x000001c2","hKey->HKEY_CLASSES_ROOT","lpSubKey->Drive\shellex\FolderExtensions\{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"20191007164606.583","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001c2","lpValueName->DriveMask"
"20191007164606.583","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20191007164606.583","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegOpenKeyExW","SUCCESS","0x000001c4","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20191007164606.583","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegQueryValueExW","FAILURE","","hKey->0x000001c4","lpValueName->AllowFileCLSIDJunctions"
"20191007164606.583","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegCreateKeyExW","SUCCESS","0x000001c4","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders"
"20191007164606.583","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001c4","lpValueName->Personal"
"20191007164606.583","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegCreateKeyExW","SUCCESS","0x000001c4","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders"
"20191007164606.583","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegSetValueExW","SUCCESS","","hKey->0x000001c4","lpValueName->Personal","dwType->1","lpData->C:\Documents and Settings\janettedoe\My Documents","cbData->100"
"20191007164606.583","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegOpenKeyExW","SUCCESS","0x000001c4","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume"
"20191007164606.583","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegOpenKeyExW","SUCCESS","0x000001c0","hKey->0x000001c4","lpSubKey->{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20191007164606.583","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001c0","lpValueName->Generation"
"20191007164606.583","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegCreateKeyExW","SUCCESS","0x000001c0","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders"
"20191007164606.583","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001c0","lpValueName->Common Documents"
"20191007164606.583","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegCreateKeyExW","SUCCESS","0x000001c0","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders"
"20191007164606.583","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegSetValueExW","SUCCESS","","hKey->0x000001c0","lpValueName->Common Documents","dwType->1","lpData->C:\Documents and Settings\All Users\Documents","cbData->92"
"20191007164606.583","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegOpenKeyExW","SUCCESS","0x000001c0","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume"
"20191007164606.583","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegOpenKeyExW","SUCCESS","0x000001c4","hKey->0x000001c0","lpSubKey->{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20191007164606.583","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001c4","lpValueName->Generation"
"20191007164606.583","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegCreateKeyExW","SUCCESS","0x000001c4","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders"
"20191007164606.583","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001c4","lpValueName->Desktop"
"20191007164606.583","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegCreateKeyExW","SUCCESS","0x000001c4","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders"
"20191007164606.583","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegSetValueExW","SUCCESS","","hKey->0x000001c4","lpValueName->Desktop","dwType->1","lpData->C:\Documents and Settings\janettedoe\Desktop","cbData->90"
"20191007164606.583","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegOpenKeyExW","SUCCESS","0x000001c4","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume"
"20191007164606.583","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegOpenKeyExW","SUCCESS","0x000001c0","hKey->0x000001c4","lpSubKey->{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20191007164606.583","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001c0","lpValueName->Generation"
"20191007164606.583","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegCreateKeyExW","SUCCESS","0x000001c0","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders"
"20191007164606.583","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001c0","lpValueName->Common Desktop"
"20191007164606.583","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegCreateKeyExW","SUCCESS","0x000001c0","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders"
"20191007164606.583","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegSetValueExW","SUCCESS","","hKey->0x000001c0","lpValueName->Common Desktop","dwType->1","lpData->C:\Documents and Settings\All Users\Desktop","cbData->88"
"20191007164606.583","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegOpenKeyExW","SUCCESS","0x000001c0","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume"
"20191007164606.583","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegOpenKeyExW","SUCCESS","0x000001c4","hKey->0x000001c0","lpSubKey->{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20191007164606.583","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001c4","lpValueName->Generation"
"20191007164606.583","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegOpenKeyExW","SUCCESS","0x000001c4","hKey->0x000000fc","lpSubKey->FileExts"
"20191007164606.583","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegOpenKeyExW","FAILURE","","hKey->0x000001c4","lpSubKey->."
"20191007164606.583","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegOpenKeyExW","FAILURE","","hKey->0x000001c4","lpSubKey->."
"20191007164606.583","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_CLASSES_ROOT","lpSubKey->."
"20191007164606.593","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_CLASSES_ROOT","lpSubKey->SystemFileAssociations\."
"20191007164606.593","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_CLASSES_ROOT","lpSubKey->."
"20191007164606.593","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","DeleteFileW","SUCCESS","","lpFileName->C:\boot.ini"
"20191007164606.593","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","MoveFileWithProgressW","SUCCESS","","lpExistingFileName->C:\boot.ini.exe","lpNewFileName->C:\boot.ini"
"20191007164606.593","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","CreateFileW","SUCCESS","0x000001c8","lpFileName->C:\CONFIG.SYS","dwDesiredAccess->GENERIC_READ"
"20191007164606.593","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001c8","nNumberOfBytesToRead->268"
"20191007164606.593","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegOpenKeyExW","SUCCESS","0x000001ca","hKey->0x00000062","lpSubKey->Network\SharingHandler"
"20191007164606.593","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001ca","lpValueName->(null)"
"20191007164606.593","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegOpenKeyExW","SUCCESS","0x000001c8","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows NT\CurrentVersion\winlogon"
"20191007164606.593","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegQueryValueExW","FAILURE","","hKey->0x000001c8","lpValueName->UserEnvDebugLevel"
"20191007164606.593","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegOpenKeyExW","SUCCESS","0x000001c8","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows NT\CurrentVersion\winlogon"
"20191007164606.593","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegQueryValueExW","FAILURE","","hKey->0x000001c8","lpValueName->ChkAccDebugLevel"
"20191007164606.593","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegOpenKeyExW","SUCCESS","0x000001c8","hKey->HKEY_LOCAL_MACHINE","lpSubKey->System\CurrentControlSet\Control\ProductOptions"
"20191007164606.593","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001c8","lpValueName->ProductType"
"20191007164606.593","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegOpenKeyExW","SUCCESS","0x000001cc","hKey->0x000001c0","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders"
"20191007164606.593","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001cc","lpValueName->Personal"
"20191007164606.593","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001cc","lpValueName->Local Settings"
"20191007164606.593","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegOpenKeyExW","SUCCESS","0x000001c0","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows NT\CurrentVersion\winlogon"
"20191007164606.593","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegQueryValueExW","FAILURE","","hKey->0x000001c0","lpValueName->RsopDebugLevel"
"20191007164606.593","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegOpenKeyExW","SUCCESS","0x000001c0","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows NT\CurrentVersion\winlogon"
"20191007164606.593","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegQueryValueExW","FAILURE","","hKey->0x000001c0","lpValueName->UserEnvDebugLevel"
"20191007164606.593","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegQueryValueExW","FAILURE","","hKey->0x000001c0","lpValueName->RsopLogging"
"20191007164606.593","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Policies\Microsoft\Windows\System"
"20191007164606.593","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegOpenKeyExW","SUCCESS","0x000001c0","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows NT\CurrentVersion\winlogon"
"20191007164606.593","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegQueryValueExW","FAILURE","","hKey->0x000001c0","lpValueName->UserEnvDebugLevel"
"20191007164606.593","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Policies\Microsoft\Windows\System"
"20191007164606.593","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","system","LoadLibraryW","SUCCESS","0x773d0000","lpFileName->comctl32.dll"
"20191007164606.593","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","system","LoadLibraryW","SUCCESS","0x76990000","lpFileName->ntshrui.dll"
"20191007164606.593","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","CreateFileW","SUCCESS","0x000001c0","lpFileName->C:\303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","dwDesiredAccess->GENERIC_READ"
"20191007164606.593","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","CreateFileW","SUCCESS","0x000001d0","lpFileName->C:\CONFIG.SYS","dwDesiredAccess->GENERIC_READ"
"20191007164606.593","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","CreateFileW","SUCCESS","0x000001d4","lpFileName->C:\CONFIG.SYS.exe","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20191007164606.593","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","system","LoadLibraryA","SUCCESS","0x76980000","lpFileName->LINKINFO.dll"
"20191007164606.593","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","CreateFileW","SUCCESS","0x000001e4","lpFileName->\\.\PIPE\srvsvc","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20191007164606.593","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","memory","VirtualAllocEx","SUCCESS","0x00164000","th32ProcessID->724","szExeFile->HelpMe.exe","lpAddress->0x00164000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20191007164606.603","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001c0","nNumberOfBytesToRead->61440"
"20191007164606.603","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001d4","nNumberOfBytesToWrite->61440"
"20191007164606.603","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001c0","nNumberOfBytesToRead->61440"
"20191007164606.603","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001d4","nNumberOfBytesToWrite->61440"
"20191007164606.603","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001c0","nNumberOfBytesToRead->61440"
"20191007164606.603","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001d4","nNumberOfBytesToWrite->61440"
"20191007164606.603","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001c0","nNumberOfBytesToRead->61440"
"20191007164606.603","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001d4","nNumberOfBytesToWrite->61440"
"20191007164606.603","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001c0","nNumberOfBytesToRead->61440"
"20191007164606.603","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001d4","nNumberOfBytesToWrite->61440"
"20191007164606.603","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001c0","nNumberOfBytesToRead->61440"
"20191007164606.603","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001d4","nNumberOfBytesToWrite->61440"
"20191007164606.603","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001c0","nNumberOfBytesToRead->61440"
"20191007164606.603","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001d4","nNumberOfBytesToWrite->61440"
"20191007164606.603","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001c0","nNumberOfBytesToRead->61440"
"20191007164606.603","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001d4","nNumberOfBytesToWrite->61440"
"20191007164606.603","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001c0","nNumberOfBytesToRead->61440"
"20191007164606.603","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001d4","nNumberOfBytesToWrite->61440"
"20191007164606.603","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001c0","nNumberOfBytesToRead->61440"
"20191007164606.603","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001d4","nNumberOfBytesToWrite->61440"
"20191007164606.603","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001c0","nNumberOfBytesToRead->25552"
"20191007164606.603","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001d4","nNumberOfBytesToWrite->25552"
"20191007164606.603","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001d4","nNumberOfBytesToWrite->268"
"20191007164606.603","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001d4","nNumberOfBytesToWrite->268"
"20191007164606.603","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","DeleteFileW","SUCCESS","","lpFileName->C:\CONFIG.SYS"
"20191007164606.603","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","MoveFileWithProgressW","SUCCESS","","lpExistingFileName->C:\CONFIG.SYS.exe","lpNewFileName->C:\CONFIG.SYS"
"20191007164606.603","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","CreateFileW","SUCCESS","0x000001c0","lpFileName->C:\cuckoo\additional\.gitignore","dwDesiredAccess->GENERIC_READ"
"20191007164606.603","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001c0","nNumberOfBytesToRead->268"
"20191007164606.603","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","CreateFileW","SUCCESS","0x000001c0","lpFileName->C:\303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","dwDesiredAccess->GENERIC_READ"
"20191007164606.603","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","CreateFileW","SUCCESS","0x000001d8","lpFileName->C:\cuckoo\additional\.gitignore","dwDesiredAccess->GENERIC_READ"
"20191007164606.603","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","CreateFileW","SUCCESS","0x000001e8","lpFileName->C:\cuckoo\additional\.gitignore.exe","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20191007164606.613","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","memory","VirtualAllocEx","SUCCESS","0x00164000","th32ProcessID->724","szExeFile->HelpMe.exe","lpAddress->0x00164000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20191007164606.613","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001c0","nNumberOfBytesToRead->61440"
"20191007164606.613","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001e8","nNumberOfBytesToWrite->61440"
"20191007164606.613","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001c0","nNumberOfBytesToRead->61440"
"20191007164606.613","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001e8","nNumberOfBytesToWrite->61440"
"20191007164606.613","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001c0","nNumberOfBytesToRead->61440"
"20191007164606.613","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001e8","nNumberOfBytesToWrite->61440"
"20191007164606.613","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001c0","nNumberOfBytesToRead->61440"
"20191007164606.613","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001e8","nNumberOfBytesToWrite->61440"
"20191007164606.613","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001c0","nNumberOfBytesToRead->61440"
"20191007164606.613","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001e8","nNumberOfBytesToWrite->61440"
"20191007164606.613","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001c0","nNumberOfBytesToRead->61440"
"20191007164606.613","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001e8","nNumberOfBytesToWrite->61440"
"20191007164606.613","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001c0","nNumberOfBytesToRead->61440"
"20191007164606.613","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001e8","nNumberOfBytesToWrite->61440"
"20191007164606.613","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001c0","nNumberOfBytesToRead->61440"
"20191007164606.613","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001e8","nNumberOfBytesToWrite->61440"
"20191007164606.613","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001c0","nNumberOfBytesToRead->61440"
"20191007164606.613","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001e8","nNumberOfBytesToWrite->61440"
"20191007164606.613","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001c0","nNumberOfBytesToRead->61440"
"20191007164606.613","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001e8","nNumberOfBytesToWrite->61440"
"20191007164606.613","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001c0","nNumberOfBytesToRead->25552"
"20191007164606.613","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001e8","nNumberOfBytesToWrite->25552"
"20191007164606.613","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToRead->71"
"20191007164606.613","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001e8","nNumberOfBytesToWrite->71"
"20191007164606.613","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001e8","nNumberOfBytesToWrite->268"
"20191007164606.613","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001e8","nNumberOfBytesToWrite->268"
"20191007164606.613","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","DeleteFileW","SUCCESS","","lpFileName->C:\cuckoo\additional\.gitignore"
"20191007164606.613","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","MoveFileWithProgressW","SUCCESS","","lpExistingFileName->C:\cuckoo\additional\.gitignore.exe","lpNewFileName->C:\cuckoo\additional\.gitignore"
"20191007164606.613","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","CreateFileW","SUCCESS","0x000001e8","lpFileName->C:\cuckoo\dll\cmonitor.dll","dwDesiredAccess->GENERIC_READ"
"20191007164606.613","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001e8","nNumberOfBytesToRead->268"
"20191007164606.613","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","CreateFileW","SUCCESS","0x000001e8","lpFileName->C:\303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","dwDesiredAccess->GENERIC_READ"
"20191007164606.613","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","CreateFileW","SUCCESS","0x000001d8","lpFileName->C:\cuckoo\dll\cmonitor.dll","dwDesiredAccess->GENERIC_READ"
"20191007164606.613","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","CreateFileW","SUCCESS","0x000001c0","lpFileName->C:\cuckoo\dll\cmonitor.dll.exe","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20191007164606.613","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegOpenKeyExW","SUCCESS","0x000001e4","hKey->HKEY_LOCAL_MACHINE","lpSubKey->System\CurrentControlSet\Control\ProductOptions"
"20191007164606.613","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001e4","lpValueName->ProductType"
"20191007164606.613","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegOpenKeyExW","SUCCESS","0x000001e4","hKey->HKEY_LOCAL_MACHINE","lpSubKey->System\CurrentControlSet\Services\LanmanServer\DefaultSecurity"
"20191007164606.613","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegQueryValueExW","FAILURE","","hKey->0x000001e4","lpValueName->SrvsvcDefaultShareInfo"
"20191007164606.613","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","CreateFileW","SUCCESS","0x000001e0","lpFileName->\\.\PIPE\lsarpc","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20191007164606.613","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","memory","VirtualAllocEx","SUCCESS","0x00164000","th32ProcessID->724","szExeFile->HelpMe.exe","lpAddress->0x00164000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20191007164606.613","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001e8","nNumberOfBytesToRead->61440"
"20191007164606.613","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001c0","nNumberOfBytesToWrite->61440"
"20191007164606.613","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001e8","nNumberOfBytesToRead->61440"
"20191007164606.613","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001c0","nNumberOfBytesToWrite->61440"
"20191007164606.613","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001e8","nNumberOfBytesToRead->61440"
"20191007164606.613","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001c0","nNumberOfBytesToWrite->61440"
"20191007164606.613","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001e8","nNumberOfBytesToRead->61440"
"20191007164606.613","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001c0","nNumberOfBytesToWrite->61440"
"20191007164606.613","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001e8","nNumberOfBytesToRead->61440"
"20191007164606.613","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001c0","nNumberOfBytesToWrite->61440"
"20191007164606.613","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001e8","nNumberOfBytesToRead->61440"
"20191007164606.613","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001c0","nNumberOfBytesToWrite->61440"
"20191007164606.613","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001e8","nNumberOfBytesToRead->61440"
"20191007164606.613","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001c0","nNumberOfBytesToWrite->61440"
"20191007164606.623","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001e8","nNumberOfBytesToRead->61440"
"20191007164606.623","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001c0","nNumberOfBytesToWrite->61440"
"20191007164606.623","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001e8","nNumberOfBytesToRead->61440"
"20191007164606.623","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001c0","nNumberOfBytesToWrite->61440"
"20191007164606.623","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001e8","nNumberOfBytesToRead->61440"
"20191007164606.623","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001c0","nNumberOfBytesToWrite->61440"
"20191007164606.623","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001e8","nNumberOfBytesToRead->25552"
"20191007164606.623","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001c0","nNumberOfBytesToWrite->25552"
"20191007164606.623","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","memory","VirtualAllocEx","SUCCESS","0x00164000","th32ProcessID->420","szExeFile->303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","lpAddress->0x00164000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20191007164606.623","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToRead->61440"
"20191007164606.623","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001c0","nNumberOfBytesToWrite->61440"
"20191007164606.623","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToRead->61440"
"20191007164606.623","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001c0","nNumberOfBytesToWrite->61440"
"20191007164606.623","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToRead->61440"
"20191007164606.623","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001c0","nNumberOfBytesToWrite->61440"
"20191007164606.623","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001d8","nNumberOfBytesToRead->12288"
"20191007164606.623","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001c0","nNumberOfBytesToWrite->12288"
"20191007164606.623","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001c0","nNumberOfBytesToWrite->268"
"20191007164606.623","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001c0","nNumberOfBytesToWrite->268"
"20191007164606.623","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","DeleteFileW","SUCCESS","","lpFileName->C:\cuckoo\dll\cmonitor.dll"
"20191007164606.653","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","CreateFileW","SUCCESS","0x000001e4","lpFileName->\\.\PIPE\srvsvc","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20191007164606.653","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","CreateFileW","SUCCESS","0x000001e4","lpFileName->C:\303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","dwDesiredAccess->0x00000080"
"20191007164606.653","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","device","DeviceIoControl","SUCCESS","","hDevice->0x000001e4","dwIoControlCode->0x000900c0","lpInBuffer->0x00000000","nInBufferSize->0x00000000","lpOutBuffer->0x0120ece4","nOutBufferSize->0x00000040","lpBytesReturned->0x0120ecdc","lpOverlapped->0x00000000"
"20191007164606.653","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","MoveFileWithProgressW","SUCCESS","","lpExistingFileName->C:\cuckoo\dll\cmonitor.dll.exe","lpNewFileName->C:\cuckoo\dll\cmonitor.dll"
"20191007164606.653","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","CreateFileW","SUCCESS","0x000001c0","lpFileName->C:\cuckoo\dll\IEiqFR.dll","dwDesiredAccess->GENERIC_READ"
"20191007164606.653","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001c0","nNumberOfBytesToRead->268"
"20191007164606.653","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","CreateFileW","SUCCESS","0x000001c0","lpFileName->C:\303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","dwDesiredAccess->GENERIC_READ"
"20191007164606.653","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","CreateFileW","SUCCESS","0x000001e4","lpFileName->C:\cuckoo\dll\IEiqFR.dll","dwDesiredAccess->GENERIC_READ"
"20191007164606.653","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","CreateFileW","SUCCESS","0x000001e0","lpFileName->C:\cuckoo\dll\IEiqFR.dll.exe","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20191007164606.653","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","memory","VirtualAllocEx","SUCCESS","0x00164000","th32ProcessID->724","szExeFile->HelpMe.exe","lpAddress->0x00164000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20191007164606.653","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001c0","nNumberOfBytesToRead->61440"
"20191007164606.653","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001e0","nNumberOfBytesToWrite->61440"
"20191007164606.653","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001c0","nNumberOfBytesToRead->61440"
"20191007164606.653","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001e0","nNumberOfBytesToWrite->61440"
"20191007164606.653","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001c0","nNumberOfBytesToRead->61440"
"20191007164606.653","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001e0","nNumberOfBytesToWrite->61440"
"20191007164606.653","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001c0","nNumberOfBytesToRead->61440"
"20191007164606.653","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001e0","nNumberOfBytesToWrite->61440"
"20191007164606.653","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001c0","nNumberOfBytesToRead->61440"
"20191007164606.653","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001e0","nNumberOfBytesToWrite->61440"
"20191007164606.653","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001c0","nNumberOfBytesToRead->61440"
"20191007164606.653","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001e0","nNumberOfBytesToWrite->61440"
"20191007164606.653","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001c0","nNumberOfBytesToRead->61440"
"20191007164606.653","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001e0","nNumberOfBytesToWrite->61440"
"20191007164606.653","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001c0","nNumberOfBytesToRead->61440"
"20191007164606.653","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001e0","nNumberOfBytesToWrite->61440"
"20191007164606.653","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001c0","nNumberOfBytesToRead->61440"
"20191007164606.653","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001e0","nNumberOfBytesToWrite->61440"
"20191007164606.653","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001c0","nNumberOfBytesToRead->61440"
"20191007164606.653","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001e0","nNumberOfBytesToWrite->61440"
"20191007164606.653","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001c0","nNumberOfBytesToRead->25552"
"20191007164606.653","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001e0","nNumberOfBytesToWrite->25552"
"20191007164606.653","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","CreateFileW","SUCCESS","0x000001e8","lpFileName->C:\Documents and Settings\janettedoe\Start Menu\Programs\Startup\Soft.lnk","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20191007164606.653","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","memory","VirtualAllocEx","SUCCESS","0x00164000","th32ProcessID->724","szExeFile->HelpMe.exe","lpAddress->0x00164000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20191007164606.653","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToRead->61440"
"20191007164606.653","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001e0","nNumberOfBytesToWrite->61440"
"20191007164606.653","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToRead->61440"
"20191007164606.653","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001e0","nNumberOfBytesToWrite->61440"
"20191007164606.653","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToRead->61440"
"20191007164606.653","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001e0","nNumberOfBytesToWrite->61440"
"20191007164606.653","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToRead->12288"
"20191007164606.653","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001e0","nNumberOfBytesToWrite->12288"
"20191007164606.653","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001e0","nNumberOfBytesToWrite->268"
"20191007164606.653","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001e0","nNumberOfBytesToWrite->268"
"20191007164606.663","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","DeleteFileW","FAILURE","","lpFileName->C:\cuckoo\dll\IEiqFR.dll"
"20191007164606.663","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","MoveFileWithProgressW","FAILURE","","lpExistingFileName->C:\cuckoo\dll\IEiqFR.dll.exe","lpNewFileName->C:\cuckoo\dll\IEiqFR.dll"
"20191007164606.663","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","CreateFileW","SUCCESS","0x000001e0","lpFileName->C:\cuckoo\dll\jheKuc.dll","dwDesiredAccess->GENERIC_READ"
"20191007164606.663","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001e0","nNumberOfBytesToRead->268"
"20191007164606.663","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","CreateFileW","SUCCESS","0x000001e0","lpFileName->C:\303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","dwDesiredAccess->GENERIC_READ"
"20191007164606.663","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","CreateFileW","SUCCESS","0x000001e4","lpFileName->C:\cuckoo\dll\jheKuc.dll","dwDesiredAccess->GENERIC_READ"
"20191007164606.673","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegOpenKeyExW","SUCCESS","0x000001fe","hKey->HKEY_CLASSES_ROOT","lpSubKey->Drive\shellex\FolderExtensions"
"20191007164606.673","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegOpenKeyExW","SUCCESS","0x000001c2","hKey->HKEY_CLASSES_ROOT","lpSubKey->Drive\shellex\FolderExtensions\{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"20191007164606.673","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001c2","lpValueName->DriveMask"
"20191007164606.673","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","CreateFileW","SUCCESS","0x000001fc","lpFileName->C:\cuckoo\dll\jheKuc.dll.exe","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20191007164606.673","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegCreateKeyExW","SUCCESS","0x00000204","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders"
"20191007164606.673","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000204","lpValueName->Start Menu"
"20191007164606.673","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegCreateKeyExW","SUCCESS","0x00000204","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders"
"20191007164606.673","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegSetValueExW","SUCCESS","","hKey->0x00000204","lpValueName->Start Menu","dwType->1","lpData->C:\Documents and Settings\janettedoe\Start Menu","cbData->96"
"20191007164606.673","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegOpenKeyExW","SUCCESS","0x00000204","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume"
"20191007164606.673","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegOpenKeyExW","SUCCESS","0x00000200","hKey->0x00000204","lpSubKey->{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20191007164606.673","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000200","lpValueName->Generation"
"20191007164606.683","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegCreateKeyExW","SUCCESS","0x000001c0","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders"
"20191007164606.683","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001c0","lpValueName->Common Start Menu"
"20191007164606.683","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegCreateKeyExW","SUCCESS","0x000001c0","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders"
"20191007164606.683","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegSetValueExW","SUCCESS","","hKey->0x000001c0","lpValueName->Common Start Menu","dwType->1","lpData->C:\Documents and Settings\All Users\Start Menu","cbData->94"
"20191007164606.683","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegOpenKeyExW","SUCCESS","0x000001c0","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume"
"20191007164606.683","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegOpenKeyExW","SUCCESS","0x00000204","hKey->0x000001c0","lpSubKey->{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20191007164606.683","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000204","lpValueName->Generation"
"20191007164606.673","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","memory","VirtualAllocEx","SUCCESS","0x00164000","th32ProcessID->724","szExeFile->HelpMe.exe","lpAddress->0x00164000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20191007164606.683","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001e0","nNumberOfBytesToRead->61440"
"20191007164606.683","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001fc","nNumberOfBytesToWrite->61440"
"20191007164606.683","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001e0","nNumberOfBytesToRead->61440"
"20191007164606.683","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001fc","nNumberOfBytesToWrite->61440"
"20191007164606.683","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001e0","nNumberOfBytesToRead->61440"
"20191007164606.683","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001fc","nNumberOfBytesToWrite->61440"
"20191007164606.683","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001e0","nNumberOfBytesToRead->61440"
"20191007164606.683","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001fc","nNumberOfBytesToWrite->61440"
"20191007164606.683","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001e0","nNumberOfBytesToRead->61440"
"20191007164606.683","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001fc","nNumberOfBytesToWrite->61440"
"20191007164606.683","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001e0","nNumberOfBytesToRead->61440"
"20191007164606.683","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001fc","nNumberOfBytesToWrite->61440"
"20191007164606.683","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001e0","nNumberOfBytesToRead->61440"
"20191007164606.683","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001fc","nNumberOfBytesToWrite->61440"
"20191007164606.683","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001e0","nNumberOfBytesToRead->61440"
"20191007164606.683","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001fc","nNumberOfBytesToWrite->61440"
"20191007164606.683","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001e0","nNumberOfBytesToRead->61440"
"20191007164606.683","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001fc","nNumberOfBytesToWrite->61440"
"20191007164606.683","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001e0","nNumberOfBytesToRead->61440"
"20191007164606.683","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001fc","nNumberOfBytesToWrite->61440"
"20191007164606.683","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001e0","nNumberOfBytesToRead->25552"
"20191007164606.683","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001fc","nNumberOfBytesToWrite->25552"
"20191007164606.683","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","memory","VirtualAllocEx","SUCCESS","0x00164000","th32ProcessID->724","szExeFile->HelpMe.exe","lpAddress->0x00164000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20191007164606.683","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToRead->61440"
"20191007164606.683","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001fc","nNumberOfBytesToWrite->61440"
"20191007164606.683","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToRead->61440"
"20191007164606.683","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001fc","nNumberOfBytesToWrite->61440"
"20191007164606.683","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToRead->61440"
"20191007164606.683","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001fc","nNumberOfBytesToWrite->61440"
"20191007164606.683","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToRead->12288"
"20191007164606.683","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001fc","nNumberOfBytesToWrite->12288"
"20191007164606.683","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001fc","nNumberOfBytesToWrite->268"
"20191007164606.683","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001fc","nNumberOfBytesToWrite->268"
"20191007164606.683","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","DeleteFileW","FAILURE","","lpFileName->C:\cuckoo\dll\jheKuc.dll"
"20191007164606.683","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","MoveFileWithProgressW","FAILURE","","lpExistingFileName->C:\cuckoo\dll\jheKuc.dll.exe","lpNewFileName->C:\cuckoo\dll\jheKuc.dll"
"20191007164606.683","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","CreateFileW","SUCCESS","0x000001fc","lpFileName->C:\cuckoo\files\.gitignore","dwDesiredAccess->GENERIC_READ"
"20191007164606.683","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001fc","nNumberOfBytesToRead->268"
"20191007164606.683","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","CreateFileW","SUCCESS","0x000001fc","lpFileName->C:\303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","dwDesiredAccess->GENERIC_READ"
"20191007164606.683","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","CreateFileW","SUCCESS","0x000001e4","lpFileName->C:\cuckoo\files\.gitignore","dwDesiredAccess->GENERIC_READ"
"20191007164606.693","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegCreateKeyExW","SUCCESS","0x000001e0","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders"
"20191007164606.693","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001e0","lpValueName->Common AppData"
"20191007164606.693","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegCreateKeyExW","SUCCESS","0x000001e0","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders"
"20191007164606.693","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegSetValueExW","SUCCESS","","hKey->0x000001e0","lpValueName->Common AppData","dwType->1","lpData->C:\Documents and Settings\All Users\Application Data","cbData->106"
"20191007164606.693","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegOpenKeyExW","SUCCESS","0x000001e0","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume"
"20191007164606.693","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegOpenKeyExW","SUCCESS","0x000001c0","hKey->0x000001e0","lpSubKey->{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20191007164606.693","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001c0","lpValueName->Generation"
"20191007164606.693","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","CreateFileW","SUCCESS","0x000001e0","lpFileName->C:\cuckoo\files\.gitignore.exe","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20191007164606.693","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","memory","VirtualAllocEx","SUCCESS","0x00164000","th32ProcessID->724","szExeFile->HelpMe.exe","lpAddress->0x00164000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20191007164606.703","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001fc","nNumberOfBytesToRead->61440"
"20191007164606.703","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001e0","nNumberOfBytesToWrite->61440"
"20191007164606.703","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001fc","nNumberOfBytesToRead->61440"
"20191007164606.703","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001e0","nNumberOfBytesToWrite->61440"
"20191007164606.703","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001fc","nNumberOfBytesToRead->61440"
"20191007164606.703","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001e0","nNumberOfBytesToWrite->61440"
"20191007164606.703","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001fc","nNumberOfBytesToRead->61440"
"20191007164606.703","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001e0","nNumberOfBytesToWrite->61440"
"20191007164606.703","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001fc","nNumberOfBytesToRead->61440"
"20191007164606.703","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001e0","nNumberOfBytesToWrite->61440"
"20191007164606.703","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001fc","nNumberOfBytesToRead->61440"
"20191007164606.703","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001e0","nNumberOfBytesToWrite->61440"
"20191007164606.703","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001fc","nNumberOfBytesToRead->61440"
"20191007164606.703","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001e0","nNumberOfBytesToWrite->61440"
"20191007164606.703","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001fc","nNumberOfBytesToRead->61440"
"20191007164606.703","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001e0","nNumberOfBytesToWrite->61440"
"20191007164606.703","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001fc","nNumberOfBytesToRead->61440"
"20191007164606.703","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001e0","nNumberOfBytesToWrite->61440"
"20191007164606.703","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001fc","nNumberOfBytesToRead->61440"
"20191007164606.703","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001e0","nNumberOfBytesToWrite->61440"
"20191007164606.703","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001fc","nNumberOfBytesToRead->25552"
"20191007164606.703","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001e0","nNumberOfBytesToWrite->25552"
"20191007164606.703","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToRead->71"
"20191007164606.703","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001e0","nNumberOfBytesToWrite->71"
"20191007164606.703","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001e0","nNumberOfBytesToWrite->268"
"20191007164606.703","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001e0","nNumberOfBytesToWrite->268"
"20191007164606.703","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","DeleteFileW","SUCCESS","","lpFileName->C:\cuckoo\files\.gitignore"
"20191007164606.713","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegCreateKeyExW","SUCCESS","0x000001c0","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders"
"20191007164606.713","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001c0","lpValueName->AppData"
"20191007164606.713","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegCreateKeyExW","SUCCESS","0x000001c0","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders"
"20191007164606.713","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegSetValueExW","SUCCESS","","hKey->0x000001c0","lpValueName->AppData","dwType->1","lpData->C:\Documents and Settings\janettedoe\Application Data","cbData->108"
"20191007164606.713","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegOpenKeyExW","SUCCESS","0x000001c0","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume"
"20191007164606.713","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegOpenKeyExW","SUCCESS","0x000001e4","hKey->0x000001c0","lpSubKey->{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20191007164606.713","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001e4","lpValueName->Generation"
"20191007164606.713","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","MoveFileWithProgressW","SUCCESS","","lpExistingFileName->C:\cuckoo\files\.gitignore.exe","lpNewFileName->C:\cuckoo\files\.gitignore"
"20191007164606.713","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","CreateFileW","SUCCESS","0x000001e0","lpFileName->C:\cuckoo\logs\.gitignore","dwDesiredAccess->GENERIC_READ"
"20191007164606.713","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001e0","nNumberOfBytesToRead->268"
"20191007164606.713","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","CreateFileW","SUCCESS","0x000001e0","lpFileName->C:\303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","dwDesiredAccess->GENERIC_READ"
"20191007164606.713","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","CreateFileW","SUCCESS","0x000001c0","lpFileName->C:\cuckoo\logs\.gitignore","dwDesiredAccess->GENERIC_READ"
"20191007164606.713","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","CreateFileW","SUCCESS","0x000001fc","lpFileName->C:\cuckoo\logs\.gitignore.exe","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20191007164606.713","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegOpenKeyExW","SUCCESS","0x000001e4","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume"
"20191007164606.713","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegOpenKeyExW","SUCCESS","0x00000210","hKey->0x000001e4","lpSubKey->{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20191007164606.713","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000210","lpValueName->Generation"
"20191007164606.723","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","memory","VirtualAllocEx","SUCCESS","0x00164000","th32ProcessID->724","szExeFile->HelpMe.exe","lpAddress->0x00164000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20191007164606.723","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001e0","nNumberOfBytesToRead->61440"
"20191007164606.723","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001fc","nNumberOfBytesToWrite->61440"
"20191007164606.723","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001e0","nNumberOfBytesToRead->61440"
"20191007164606.723","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001fc","nNumberOfBytesToWrite->61440"
"20191007164606.723","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001e0","nNumberOfBytesToRead->61440"
"20191007164606.723","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001fc","nNumberOfBytesToWrite->61440"
"20191007164606.723","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001e0","nNumberOfBytesToRead->61440"
"20191007164606.723","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001fc","nNumberOfBytesToWrite->61440"
"20191007164606.723","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001e0","nNumberOfBytesToRead->61440"
"20191007164606.723","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001fc","nNumberOfBytesToWrite->61440"
"20191007164606.723","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001e0","nNumberOfBytesToRead->61440"
"20191007164606.723","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001fc","nNumberOfBytesToWrite->61440"
"20191007164606.723","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001e0","nNumberOfBytesToRead->61440"
"20191007164606.723","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001fc","nNumberOfBytesToWrite->61440"
"20191007164606.723","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001e0","nNumberOfBytesToRead->61440"
"20191007164606.723","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001fc","nNumberOfBytesToWrite->61440"
"20191007164606.723","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001e0","nNumberOfBytesToRead->61440"
"20191007164606.723","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001fc","nNumberOfBytesToWrite->61440"
"20191007164606.723","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001e0","nNumberOfBytesToRead->61440"
"20191007164606.723","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001fc","nNumberOfBytesToWrite->61440"
"20191007164606.723","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001e0","nNumberOfBytesToRead->25552"
"20191007164606.723","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001fc","nNumberOfBytesToWrite->25552"
"20191007164606.723","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001c0","nNumberOfBytesToRead->71"
"20191007164606.723","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001fc","nNumberOfBytesToWrite->71"
"20191007164606.723","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001fc","nNumberOfBytesToWrite->268"
"20191007164606.723","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001fc","nNumberOfBytesToWrite->268"
"20191007164606.723","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegOpenKeyExW","SUCCESS","0x000001fc","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume"
"20191007164606.723","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegOpenKeyExW","SUCCESS","0x000001c0","hKey->0x000001fc","lpSubKey->{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20191007164606.723","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001c0","lpValueName->Generation"
"20191007164606.723","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegOpenKeyExW","SUCCESS","0x000001c0","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume"
"20191007164606.723","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegOpenKeyExW","SUCCESS","0x000001fc","hKey->0x000001c0","lpSubKey->{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20191007164606.723","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001fc","lpValueName->Generation"
"20191007164606.723","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegCreateKeyExW","SUCCESS","0x000001fc","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders"
"20191007164606.723","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001fc","lpValueName->My Pictures"
"20191007164606.723","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegCreateKeyExW","SUCCESS","0x000001fc","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders"
"20191007164606.723","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegSetValueExW","SUCCESS","","hKey->0x000001fc","lpValueName->My Pictures","dwType->1","lpData->C:\Documents and Settings\janettedoe\My Documents\My Pictures","cbData->124"
"20191007164606.723","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegOpenKeyExW","SUCCESS","0x000001fc","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume"
"20191007164606.723","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegOpenKeyExW","SUCCESS","0x000001c0","hKey->0x000001fc","lpSubKey->{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20191007164606.723","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001c0","lpValueName->Generation"
"20191007164606.733","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","DeleteFileW","SUCCESS","","lpFileName->C:\cuckoo\logs\.gitignore"
"20191007164606.733","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","MoveFileWithProgressW","SUCCESS","","lpExistingFileName->C:\cuckoo\logs\.gitignore.exe","lpNewFileName->C:\cuckoo\logs\.gitignore"
"20191007164606.733","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","CreateFileW","SUCCESS","0x000001c0","lpFileName->C:\cuckoo\logs\420.csv","dwDesiredAccess->GENERIC_READ"
"20191007164606.733","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001c0","nNumberOfBytesToRead->268"
"20191007164606.733","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","CreateFileW","SUCCESS","0x000001c0","lpFileName->C:\303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","dwDesiredAccess->GENERIC_READ"
"20191007164606.733","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","CreateFileW","SUCCESS","0x000001fc","lpFileName->C:\cuckoo\logs\420.csv","dwDesiredAccess->GENERIC_READ"
"20191007164606.733","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","CreateFileW","SUCCESS","0x000001e0","lpFileName->C:\cuckoo\logs\420.csv.exe","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20191007164606.753","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","memory","VirtualAllocEx","SUCCESS","0x00164000","th32ProcessID->724","szExeFile->HelpMe.exe","lpAddress->0x00164000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20191007164606.753","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001c0","nNumberOfBytesToRead->61440"
"20191007164606.753","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001e0","nNumberOfBytesToWrite->61440"
"20191007164606.753","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001c0","nNumberOfBytesToRead->61440"
"20191007164606.753","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001e0","nNumberOfBytesToWrite->61440"
"20191007164606.753","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001c0","nNumberOfBytesToRead->61440"
"20191007164606.753","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001e0","nNumberOfBytesToWrite->61440"
"20191007164606.753","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001c0","nNumberOfBytesToRead->61440"
"20191007164606.763","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001e0","nNumberOfBytesToWrite->61440"
"20191007164606.763","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001c0","nNumberOfBytesToRead->61440"
"20191007164606.763","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001e0","nNumberOfBytesToWrite->61440"
"20191007164606.763","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001c0","nNumberOfBytesToRead->61440"
"20191007164606.763","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001e0","nNumberOfBytesToWrite->61440"
"20191007164606.763","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001c0","nNumberOfBytesToRead->61440"
"20191007164606.763","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001e0","nNumberOfBytesToWrite->61440"
"20191007164606.763","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001c0","nNumberOfBytesToRead->61440"
"20191007164606.763","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001e0","nNumberOfBytesToWrite->61440"
"20191007164606.763","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001c0","nNumberOfBytesToRead->61440"
"20191007164606.763","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001e0","nNumberOfBytesToWrite->61440"
"20191007164606.763","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001c0","nNumberOfBytesToRead->61440"
"20191007164606.763","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001e0","nNumberOfBytesToWrite->61440"
"20191007164606.763","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001c0","nNumberOfBytesToRead->25552"
"20191007164606.763","420","303e22590694bac780eab3172814fd983d49af0b791d62c7f2e2c7a43332b345","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001e0","nNumberOfBytesToWrite->25552"
420.csv
[autorun]
open=AutoRun.exe
shell\1=Open
shell\1\Command=AutoRun.exe
shell\2\=Browser
shell\2\Command=AutoRun.exe
shellexecute=AutoRun.exe
AUTORUN.INF
"20191009201056.765","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","memory","VirtualAllocEx","SUCCESS","0x00150000","th32ProcessID->420","szExeFile->fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","lpAddress->0x00000000","dwSize->6144","flAllocationType->0x00001000","flProtect->0x00000004"
"20191009201056.765","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","memory","VirtualAllocEx","SUCCESS","0x00260000","th32ProcessID->420","szExeFile->fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","lpAddress->0x00000000","dwSize->377102","flAllocationType->0x00001000","flProtect->0x00000004"
"20191009201056.785","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","memory","VirtualAllocEx","SUCCESS","0x00160000","th32ProcessID->420","szExeFile->fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","lpAddress->0x00000000","dwSize->5390","flAllocationType->0x00001000","flProtect->0x00000004"
"20191009201056.785","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","memory","VirtualAllocEx","SUCCESS","0x00160000","th32ProcessID->420","szExeFile->fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","lpAddress->0x00000000","dwSize->9998","flAllocationType->0x00001000","flProtect->0x00000004"
"20191009201056.795","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","memory","VirtualAllocEx","SUCCESS","0x00160000","th32ProcessID->420","szExeFile->fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","lpAddress->0x00000000","dwSize->26674","flAllocationType->0x00001000","flProtect->0x00000004"
"20191009201056.795","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","registry","RegOpenKeyExA","FAILURE","","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Borland\Locales"
"20191009201056.795","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","registry","RegOpenKeyExA","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Borland\Locales"
"20191009201056.795","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","registry","RegOpenKeyExA","FAILURE","","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Borland\Delphi\Locales"
"20191009201056.795","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","memory","VirtualAllocEx","SUCCESS","0x01010000","th32ProcessID->420","szExeFile->fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","lpAddress->0x00000000","dwSize->1048576","flAllocationType->0x00002000","flProtect->0x00000001"
"20191009201056.795","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","memory","VirtualAllocEx","SUCCESS","0x01010000","th32ProcessID->420","szExeFile->fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","lpAddress->0x01010000","dwSize->16384","flAllocationType->0x00001000","flProtect->0x00000004"
"20191009201056.795","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","memory","VirtualAllocEx","SUCCESS","0x00150000","th32ProcessID->420","szExeFile->fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","lpAddress->0x00000000","dwSize->4096","flAllocationType->0x00001000","flProtect->0x00000040"
"20191009201056.805","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","device","DeviceIoControl","SUCCESS","","hDevice->0x00000034","dwIoControlCode->0x00390008","lpInBuffer->0x77e46318","nInBufferSize->0x00000100","lpOutBuffer->0x0012fc34","nOutBufferSize->0x00000100","lpBytesReturned->0x0012fc2c","lpOverlapped->0x00000000"
"20191009201056.805","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","device","DeviceIoControl","SUCCESS","","hDevice->0x00000034","dwIoControlCode->0x00390008","lpInBuffer->0x77e46318","nInBufferSize->0x00000100","lpOutBuffer->0x0012fc34","nOutBufferSize->0x00000100","lpBytesReturned->0x0012fc2c","lpOverlapped->0x00000000"
"20191009201056.805","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","device","DeviceIoControl","SUCCESS","","hDevice->0x00000034","dwIoControlCode->0x00390008","lpInBuffer->0x77e46318","nInBufferSize->0x00000100","lpOutBuffer->0x0012fc34","nOutBufferSize->0x00000100","lpBytesReturned->0x0012fc2c","lpOverlapped->0x00000000"
"20191009201056.805","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","device","DeviceIoControl","SUCCESS","","hDevice->0x00000034","dwIoControlCode->0x00390008","lpInBuffer->0x77e46318","nInBufferSize->0x00000100","lpOutBuffer->0x0012fc34","nOutBufferSize->0x00000100","lpBytesReturned->0x0012fc2c","lpOverlapped->0x00000000"
"20191009201056.805","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","device","DeviceIoControl","SUCCESS","","hDevice->0x00000034","dwIoControlCode->0x00390008","lpInBuffer->0x77e46318","nInBufferSize->0x00000100","lpOutBuffer->0x0012fc34","nOutBufferSize->0x00000100","lpBytesReturned->0x0012fc2c","lpOverlapped->0x00000000"
"20191009201056.805","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","device","DeviceIoControl","SUCCESS","","hDevice->0x00000034","dwIoControlCode->0x00390008","lpInBuffer->0x77e46318","nInBufferSize->0x00000100","lpOutBuffer->0x0012fc34","nOutBufferSize->0x00000100","lpBytesReturned->0x0012fc2c","lpOverlapped->0x00000000"
"20191009201056.805","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","device","DeviceIoControl","SUCCESS","","hDevice->0x00000034","dwIoControlCode->0x00390008","lpInBuffer->0x77e46318","nInBufferSize->0x00000100","lpOutBuffer->0x0012fc34","nOutBufferSize->0x00000100","lpBytesReturned->0x0012fc2c","lpOverlapped->0x00000000"
"20191009201056.805","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","CreateFileW","SUCCESS","0x000000a0","lpFileName->C:\fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","dwDesiredAccess->GENERIC_READ"
"20191009201056.805","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","ReadFile","SUCCESS","","hFile->0x000000a0","nNumberOfBytesToRead->268"
"20191009201056.815","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","CreateFileW","SUCCESS","0x000000a4","lpFileName->C:\WINDOWS\system32\HelpMe.exe","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20191009201056.815","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","memory","VirtualAllocEx","SUCCESS","0x01014000","th32ProcessID->420","szExeFile->fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","lpAddress->0x01014000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20191009201056.815","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","ReadFile","SUCCESS","","hFile->0x000000a0","nNumberOfBytesToRead->61440"
"20191009201056.815","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","WriteFile","SUCCESS","","hFile->0x000000a4","nNumberOfBytesToWrite->61440"
"20191009201056.815","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","ReadFile","SUCCESS","","hFile->0x000000a0","nNumberOfBytesToRead->61440"
"20191009201056.815","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","WriteFile","SUCCESS","","hFile->0x000000a4","nNumberOfBytesToWrite->61440"
"20191009201056.815","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","ReadFile","SUCCESS","","hFile->0x000000a0","nNumberOfBytesToRead->61440"
"20191009201056.815","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","WriteFile","SUCCESS","","hFile->0x000000a4","nNumberOfBytesToWrite->61440"
"20191009201056.815","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","ReadFile","SUCCESS","","hFile->0x000000a0","nNumberOfBytesToRead->61440"
"20191009201056.815","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","WriteFile","SUCCESS","","hFile->0x000000a4","nNumberOfBytesToWrite->61440"
"20191009201056.815","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","ReadFile","SUCCESS","","hFile->0x000000a0","nNumberOfBytesToRead->61440"
"20191009201056.815","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","WriteFile","SUCCESS","","hFile->0x000000a4","nNumberOfBytesToWrite->61440"
"20191009201056.815","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","ReadFile","SUCCESS","","hFile->0x000000a0","nNumberOfBytesToRead->61440"
"20191009201056.815","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","WriteFile","SUCCESS","","hFile->0x000000a4","nNumberOfBytesToWrite->61440"
"20191009201056.815","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","ReadFile","SUCCESS","","hFile->0x000000a0","nNumberOfBytesToRead->61440"
"20191009201056.815","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","WriteFile","SUCCESS","","hFile->0x000000a4","nNumberOfBytesToWrite->61440"
"20191009201056.815","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","ReadFile","SUCCESS","","hFile->0x000000a0","nNumberOfBytesToRead->61440"
"20191009201056.815","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","WriteFile","SUCCESS","","hFile->0x000000a4","nNumberOfBytesToWrite->61440"
"20191009201056.815","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","ReadFile","SUCCESS","","hFile->0x000000a0","nNumberOfBytesToRead->61440"
"20191009201056.815","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","WriteFile","SUCCESS","","hFile->0x000000a4","nNumberOfBytesToWrite->61440"
"20191009201056.815","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","ReadFile","SUCCESS","","hFile->0x000000a0","nNumberOfBytesToRead->61440"
"20191009201056.815","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","WriteFile","SUCCESS","","hFile->0x000000a4","nNumberOfBytesToWrite->61440"
"20191009201056.815","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","ReadFile","SUCCESS","","hFile->0x000000a0","nNumberOfBytesToRead->61440"
"20191009201056.815","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","WriteFile","SUCCESS","","hFile->0x000000a4","nNumberOfBytesToWrite->61440"
"20191009201056.815","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","ReadFile","SUCCESS","","hFile->0x000000a0","nNumberOfBytesToRead->61440"
"20191009201056.815","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","WriteFile","SUCCESS","","hFile->0x000000a4","nNumberOfBytesToWrite->61440"
"20191009201056.815","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","ReadFile","SUCCESS","","hFile->0x000000a0","nNumberOfBytesToRead->61440"
"20191009201056.815","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","WriteFile","SUCCESS","","hFile->0x000000a4","nNumberOfBytesToWrite->61440"
"20191009201056.815","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","ReadFile","SUCCESS","","hFile->0x000000a0","nNumberOfBytesToRead->11044"
"20191009201056.815","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","WriteFile","SUCCESS","","hFile->0x000000a4","nNumberOfBytesToWrite->11044"
"20191009201056.825","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","synchronization","OpenMutexW","SUCCESS","0x000000b0","dwDesiredAccess->0x00120001","lpName->ShimCacheMutex"
"20191009201056.835","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","registry","RegOpenKeyExW","SUCCESS","0x000000bc","hKey->0x000000c0","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders"
"20191009201056.835","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000bc","lpValueName->Cache"
"20191009201056.835","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","system","LoadLibraryA","SUCCESS","0x77dd0000","lpFileName->advapi32.dll"
"20191009201056.835","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","process","CreateProcessInternalW","SUCCESS","724","lpApplicationName->(null)","lpCommandLine->C:\WINDOWS\system32\HelpMe.exe"
"20191009201056.835","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","process","WinExec","SUCCESS","","lpCmdLine->C:\WINDOWS\system32\HelpMe.exe"
"20191009201056.835","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","ReadFile","SUCCESS","","hFile->0x000000a0","nNumberOfBytesToRead->268"
"20191009201056.835","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","CreateFileW","FAILURE","","lpFileName->C:\DOCUME~1\JANETT~1\LOCALS~1\Temp\\Command=AutoRun.exe
shellexecute=AutoRun.exe
Bind","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20191009201056.835","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","memory","VirtualAllocEx","SUCCESS","0x00180000","th32ProcessID->724","szExeFile->HelpMe.exe","lpAddress->0x00000000","dwSize->65536","flAllocationType->0x00002000","flProtect->0x00000004"
"20191009201056.845","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","memory","VirtualAllocEx","SUCCESS","0x00180000","th32ProcessID->420","szExeFile->fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","lpAddress->0x00180000","dwSize->257","flAllocationType->0x00001000","flProtect->0x00000004"
"20191009201056.855","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","registry","RegOpenKeyExW","SUCCESS","0x000000a8","hKey->0x000000c4","lpSubKey->Software\Microsoft\Windows\CurrentVersion\ThemeManager"
"20191009201056.855","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","registry","RegQueryValueExW","FAILURE","","hKey->0x000000a8","lpValueName->Compositing"
"20191009201056.855","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","registry","RegOpenKeyExW","SUCCESS","0x000000a8","hKey->0x000000c4","lpSubKey->Control Panel\Desktop"
"20191009201056.855","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","registry","RegQueryValueExW","FAILURE","","hKey->0x000000a8","lpValueName->LameButtonText"
"20191009201056.855","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","system","LoadLibraryA","SUCCESS","0x5ad70000","lpFileName->uxtheme.dll"
"20191009201101.813","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","process","CreateRemoteThread","SUCCESS","0x000000c4","lpStartAddress->0x00404008","th32ProcessID->724","szExeFile->HelpMe.exe"
"20191009201101.813","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","process","CreateRemoteThread","SUCCESS","0x000000c8","lpStartAddress->0x00404008","th32ProcessID->724","szExeFile->HelpMe.exe"
"20191009201101.813","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","registry","RegCreateKeyExW","SUCCESS","0x000000d4","hKey->HKEY_LOCAL_MACHINE","lpSubKey->SoftWare\Microsoft\Windows NT\CurrentVersion\Winlogon"
"20191009201101.813","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","registry","RegSetValueExA","SUCCESS","","hKey->0x000000d4","lpValueName->Shell","dwType->1","lpData->Explorer.exe  HelpMe.exe","cbData->25"
"20191009201101.813","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","registry","RegCreateKeyExW","SUCCESS","0x000000d8","hKey->HKEY_LOCAL_MACHINE","lpSubKey->SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL"
"20191009201101.813","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","registry","RegSetValueExA","SUCCESS","","hKey->0x000000d8","lpValueName->CheckedValue","dwType->4","lpData->0","cbData->4"
"20191009201101.813","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","registry","RegCreateKeyExW","SUCCESS","0x000000e0","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders"
"20191009201101.813","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000e0","lpValueName->Startup"
"20191009201101.813","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","registry","RegCreateKeyExW","SUCCESS","0x000000e0","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders"
"20191009201101.813","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","registry","RegSetValueExW","SUCCESS","","hKey->0x000000e0","lpValueName->Startup","dwType->1","lpData->C:\Documents and Settings\janettedoe\Start Menu\Programs\Startup","cbData->130"
"20191009201101.813","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","system","LoadLibraryA","SUCCESS","0x774e0000","lpFileName->ole32.dll"
"20191009201101.813","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20191009201101.813","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","registry","RegOpenKeyExW","SUCCESS","0x000000e4","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20191009201101.813","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","registry","RegQueryValueExW","FAILURE","","hKey->0x000000e4","lpValueName->NoNetHood"
"20191009201101.813","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20191009201101.813","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","registry","RegOpenKeyExW","SUCCESS","0x000000e4","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20191009201101.813","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","registry","RegQueryValueExW","FAILURE","","hKey->0x000000e4","lpValueName->NoPropertiesMyComputer"
"20191009201101.813","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20191009201101.813","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","registry","RegOpenKeyExW","SUCCESS","0x000000e4","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20191009201101.813","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","registry","RegQueryValueExW","FAILURE","","hKey->0x000000e4","lpValueName->NoInternetIcon"
"20191009201101.813","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","registry","RegOpenKeyExA","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Applications\fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c"
"20191009201101.813","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20191009201101.813","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","registry","RegOpenKeyExW","SUCCESS","0x000000e4","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20191009201101.813","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","registry","RegQueryValueExW","FAILURE","","hKey->0x000000e4","lpValueName->NoCommonGroups"
"20191009201101.813","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","registry","RegOpenKeyExA","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Objects\{20D04FE0-3AEA-1069-A2D8-08002B30309D}"
"20191009201101.813","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20191009201101.813","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","registry","RegOpenKeyExW","SUCCESS","0x000000e4","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20191009201101.813","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","registry","RegQueryValueExW","FAILURE","","hKey->0x000000e4","lpValueName->NoControlPanel"
"20191009201101.813","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20191009201101.813","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","registry","RegOpenKeyExW","SUCCESS","0x000000e4","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20191009201101.813","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","registry","RegQueryValueExW","FAILURE","","hKey->0x000000e4","lpValueName->NoSetFolders"
"20191009201101.813","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","registry","RegOpenKeyExA","SUCCESS","0x000000e6","hKey->HKEY_CLASSES_ROOT","lpSubKey->CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32"
"20191009201101.813","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000e6","lpValueName->(null)"
"20191009201101.813","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","registry","RegOpenKeyExW","SUCCESS","0x000000ec","hKey->HKEY_LOCAL_MACHINE","lpSubKey->System\Setup"
"20191009201101.813","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000ec","lpValueName->SystemSetupInProgress"
"20191009201101.813","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->SYSTEM\CurrentControlSet\Control\MiniNT"
"20191009201101.813","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","registry","RegOpenKeyExW","SUCCESS","0x000000ec","hKey->HKEY_LOCAL_MACHINE","lpSubKey->System\WPA\PnP"
"20191009201101.813","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000ec","lpValueName->seed"
"20191009201101.813","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","registry","RegOpenKeyExW","SUCCESS","0x000000ec","hKey->HKEY_LOCAL_MACHINE","lpSubKey->SYSTEM\Setup"
"20191009201101.813","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000ec","lpValueName->OsLoaderPath"
"20191009201101.813","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000ec","lpValueName->OsLoaderPath"
"20191009201101.813","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","registry","RegOpenKeyExW","SUCCESS","0x000000ec","hKey->HKEY_LOCAL_MACHINE","lpSubKey->SYSTEM\Setup"
"20191009201101.813","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000ec","lpValueName->SystemPartition"
"20191009201101.813","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000ec","lpValueName->SystemPartition"
"20191009201101.813","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","registry","RegOpenKeyExW","SUCCESS","0x000000ec","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Setup"
"20191009201101.813","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000ec","lpValueName->SourcePath"
"20191009201101.813","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000ec","lpValueName->SourcePath"
"20191009201101.813","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","registry","RegOpenKeyExW","SUCCESS","0x000000ec","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Setup"
"20191009201101.813","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000ec","lpValueName->ServicePackSourcePath"
"20191009201101.813","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000ec","lpValueName->ServicePackSourcePath"
"20191009201101.813","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","registry","RegOpenKeyExW","SUCCESS","0x000000ec","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Setup"
"20191009201101.813","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000ec","lpValueName->ServicePackCachePath"
"20191009201101.813","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000ec","lpValueName->ServicePackCachePath"
"20191009201101.813","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","registry","RegOpenKeyExW","SUCCESS","0x000000ec","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Setup"
"20191009201101.813","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000ec","lpValueName->DriverCachePath"
"20191009201101.813","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000ec","lpValueName->DriverCachePath"
"20191009201101.813","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","registry","RegOpenKeyExW","SUCCESS","0x000000ec","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion"
"20191009201101.813","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000000ec","lpValueName->DevicePath"
"20191009201101.813","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","synchronization","CreateMutexW","SUCCESS","0x000000e8","lpName->(null)"
"20191009201101.813","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","synchronization","CreateMutexW","SUCCESS","0x000000f4","lpName->(null)"
"20191009201101.813","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","synchronization","CreateMutexW","SUCCESS","0x000000fc","lpName->(null)"
"20191009201101.813","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","registry","RegOpenKeyExW","SUCCESS","0x00000100","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Setup"
"20191009201101.813","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000100","lpValueName->LogLevel"
"20191009201101.813","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000100","lpValueName->LogLevel"
"20191009201101.813","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","registry","RegQueryValueExW","FAILURE","","hKey->0x00000100","lpValueName->LogPath"
"20191009201101.813","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","registry","RegOpenKeyExW","FAILURE","","hKey->0x00000100","lpSubKey->AppLogLevels"
"20191009201101.813","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","system","LoadLibraryA","SUCCESS","0x77920000","lpFileName->SETUPAPI.dll"
"20191009201101.813","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Rpc\PagedBuffers"
"20191009201101.813","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","registry","RegOpenKeyExA","SUCCESS","0x00000100","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Rpc"
"20191009201101.813","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c\RpcThreadPoolThrottle"
"20191009201101.813","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Policies\Microsoft\Windows NT\Rpc"
"20191009201101.813","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","system","LoadLibraryW","SUCCESS","0x77e70000","lpFileName->rpcrt4.dll"
"20191009201101.813","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","CreateFileW","SUCCESS","0x00000124","lpFileName->\\.\PIPE\lsarpc","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20191009201101.813","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","CreateFileW","SUCCESS","0x000000d0","lpFileName->C:\fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","dwDesiredAccess->GENERIC_READ"
"20191009201101.813","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","ReadFile","SUCCESS","","hFile->0x000000d0","nNumberOfBytesToRead->65536"
"20191009201101.813","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","WriteFile","SUCCESS","","hFile->0x0000012c","nNumberOfBytesToWrite->65536"
"20191009201101.813","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","ReadFile","SUCCESS","","hFile->0x000000d0","nNumberOfBytesToRead->65536"
"20191009201101.813","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","WriteFile","SUCCESS","","hFile->0x0000012c","nNumberOfBytesToWrite->65536"
"20191009201101.813","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","ReadFile","SUCCESS","","hFile->0x000000d0","nNumberOfBytesToRead->65536"
"20191009201101.813","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","WriteFile","SUCCESS","","hFile->0x0000012c","nNumberOfBytesToWrite->65536"
"20191009201101.813","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","ReadFile","SUCCESS","","hFile->0x000000d0","nNumberOfBytesToRead->65536"
"20191009201101.813","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","WriteFile","SUCCESS","","hFile->0x0000012c","nNumberOfBytesToWrite->65536"
"20191009201101.813","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","ReadFile","SUCCESS","","hFile->0x000000d0","nNumberOfBytesToRead->65536"
"20191009201101.813","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","WriteFile","SUCCESS","","hFile->0x0000012c","nNumberOfBytesToWrite->65536"
"20191009201101.813","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","ReadFile","SUCCESS","","hFile->0x000000d0","nNumberOfBytesToRead->65536"
"20191009201101.813","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","WriteFile","SUCCESS","","hFile->0x0000012c","nNumberOfBytesToWrite->65536"
"20191009201101.813","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","ReadFile","SUCCESS","","hFile->0x000000d0","nNumberOfBytesToRead->65536"
"20191009201101.813","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","WriteFile","SUCCESS","","hFile->0x0000012c","nNumberOfBytesToWrite->65536"
"20191009201101.813","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","ReadFile","SUCCESS","","hFile->0x000000d0","nNumberOfBytesToRead->65536"
"20191009201101.813","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","WriteFile","SUCCESS","","hFile->0x0000012c","nNumberOfBytesToWrite->65536"
"20191009201101.813","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","ReadFile","SUCCESS","","hFile->0x000000d0","nNumberOfBytesToRead->65536"
"20191009201101.813","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","WriteFile","SUCCESS","","hFile->0x0000012c","nNumberOfBytesToWrite->65536"
"20191009201101.813","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","ReadFile","SUCCESS","","hFile->0x000000d0","nNumberOfBytesToRead->65536"
"20191009201101.813","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","WriteFile","SUCCESS","","hFile->0x0000012c","nNumberOfBytesToWrite->65536"
"20191009201101.813","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","ReadFile","SUCCESS","","hFile->0x000000d0","nNumberOfBytesToRead->65536"
"20191009201101.813","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","WriteFile","SUCCESS","","hFile->0x0000012c","nNumberOfBytesToWrite->65536"
"20191009201101.813","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","ReadFile","SUCCESS","","hFile->0x000000d0","nNumberOfBytesToRead->65536"
"20191009201101.813","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","WriteFile","SUCCESS","","hFile->0x0000012c","nNumberOfBytesToWrite->65536"
"20191009201101.813","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","ReadFile","SUCCESS","","hFile->0x000000d0","nNumberOfBytesToRead->65536"
"20191009201101.813","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","WriteFile","SUCCESS","","hFile->0x0000012c","nNumberOfBytesToWrite->24013"
"20191009201101.813","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","ReadFile","SUCCESS","","hFile->0x000000d0","nNumberOfBytesToRead->65536"
"20191009201101.813","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","CopyFileExW","SUCCESS","","lpExistingFileName->C:\fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","lpNewFileName->C:\AutoRun.exe"
"20191009201101.823","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","CreateFileW","SUCCESS","0x000000d0","lpFileName->C:\AUTOEXEC.BAT","dwDesiredAccess->GENERIC_READ"
"20191009201101.823","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","ReadFile","SUCCESS","","hFile->0x000000d0","nNumberOfBytesToRead->268"
"20191009201101.823","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","CreateFileW","SUCCESS","0x000000d0","lpFileName->C:\fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","dwDesiredAccess->GENERIC_READ"
"20191009201101.823","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","CreateFileW","SUCCESS","0x00000130","lpFileName->C:\AUTOEXEC.BAT","dwDesiredAccess->GENERIC_READ"
"20191009201101.823","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","CreateFileW","SUCCESS","0x00000134","lpFileName->C:\AUTOEXEC.BAT.exe","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20191009201101.823","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","CreateFileW","SUCCESS","0x00000120","lpFileName->\\.\PIPE\lsarpc","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20191009201101.823","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","memory","VirtualAllocEx","SUCCESS","0x01014000","th32ProcessID->724","szExeFile->HelpMe.exe","lpAddress->0x01014000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20191009201101.823","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","ReadFile","SUCCESS","","hFile->0x000000d0","nNumberOfBytesToRead->61440"
"20191009201101.823","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000134","nNumberOfBytesToWrite->61440"
"20191009201101.823","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","ReadFile","SUCCESS","","hFile->0x000000d0","nNumberOfBytesToRead->61440"
"20191009201101.823","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000134","nNumberOfBytesToWrite->61440"
"20191009201101.823","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","ReadFile","SUCCESS","","hFile->0x000000d0","nNumberOfBytesToRead->61440"
"20191009201101.823","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000134","nNumberOfBytesToWrite->61440"
"20191009201101.823","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","ReadFile","SUCCESS","","hFile->0x000000d0","nNumberOfBytesToRead->61440"
"20191009201101.823","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000134","nNumberOfBytesToWrite->61440"
"20191009201101.823","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","ReadFile","SUCCESS","","hFile->0x000000d0","nNumberOfBytesToRead->61440"
"20191009201101.823","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000134","nNumberOfBytesToWrite->61440"
"20191009201101.823","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","ReadFile","SUCCESS","","hFile->0x000000d0","nNumberOfBytesToRead->61440"
"20191009201101.823","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000134","nNumberOfBytesToWrite->61440"
"20191009201101.823","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","ReadFile","SUCCESS","","hFile->0x000000d0","nNumberOfBytesToRead->61440"
"20191009201101.823","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000134","nNumberOfBytesToWrite->61440"
"20191009201101.823","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","ReadFile","SUCCESS","","hFile->0x000000d0","nNumberOfBytesToRead->61440"
"20191009201101.823","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000134","nNumberOfBytesToWrite->61440"
"20191009201101.823","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","ReadFile","SUCCESS","","hFile->0x000000d0","nNumberOfBytesToRead->61440"
"20191009201101.823","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000134","nNumberOfBytesToWrite->61440"
"20191009201101.823","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","ReadFile","SUCCESS","","hFile->0x000000d0","nNumberOfBytesToRead->61440"
"20191009201101.823","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000134","nNumberOfBytesToWrite->61440"
"20191009201101.823","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","ReadFile","SUCCESS","","hFile->0x000000d0","nNumberOfBytesToRead->61440"
"20191009201101.823","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000134","nNumberOfBytesToWrite->61440"
"20191009201101.823","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","ReadFile","SUCCESS","","hFile->0x000000d0","nNumberOfBytesToRead->61440"
"20191009201101.823","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000134","nNumberOfBytesToWrite->61440"
"20191009201101.823","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","ReadFile","SUCCESS","","hFile->0x000000d0","nNumberOfBytesToRead->61440"
"20191009201101.823","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000134","nNumberOfBytesToWrite->61440"
"20191009201101.823","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","ReadFile","SUCCESS","","hFile->0x000000d0","nNumberOfBytesToRead->11725"
"20191009201101.823","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000134","nNumberOfBytesToWrite->11725"
"20191009201101.823","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000134","nNumberOfBytesToWrite->268"
"20191009201101.823","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000134","nNumberOfBytesToWrite->268"
"20191009201101.823","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","DeleteFileW","SUCCESS","","lpFileName->C:\AUTOEXEC.BAT"
"20191009201101.823","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","MoveFileWithProgressW","SUCCESS","","lpExistingFileName->C:\AUTOEXEC.BAT.exe","lpNewFileName->C:\AUTOEXEC.BAT"
"20191009201101.823","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","CreateFileW","SUCCESS","0x00000134","lpFileName->C:\AutoRun.exe","dwDesiredAccess->GENERIC_READ"
"20191009201101.823","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","ReadFile","SUCCESS","","hFile->0x00000134","nNumberOfBytesToRead->268"
"20191009201101.823","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","CreateFileW","SUCCESS","0x00000134","lpFileName->C:\AUTORUN.INF","dwDesiredAccess->GENERIC_READ"
"20191009201101.823","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","ReadFile","SUCCESS","","hFile->0x00000134","nNumberOfBytesToRead->268"
"20191009201101.823","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","CreateFileW","SUCCESS","0x00000134","lpFileName->C:\fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","dwDesiredAccess->GENERIC_READ"
"20191009201101.823","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","CreateFileW","SUCCESS","0x00000130","lpFileName->C:\AUTORUN.INF","dwDesiredAccess->GENERIC_READ"
"20191009201101.823","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","CreateFileW","SUCCESS","0x000000d0","lpFileName->C:\AUTORUN.INF.exe","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20191009201101.823","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","device","DeviceIoControl","SUCCESS","","hDevice->0x00000128","dwIoControlCode->0x004d0008","lpInBuffer->0x00000000","nInBufferSize->0x00000000","lpOutBuffer->0x0120f37c","nOutBufferSize->0x00000208","lpBytesReturned->0x0120f374","lpOverlapped->0x00000000"
"20191009201101.823","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","CreateFileW","SUCCESS","0x00000128","lpFileName->\\.\MountPointManager","dwDesiredAccess->ATTRIBUTES"
"20191009201101.823","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","device","DeviceIoControl","FAILURE","","hDevice->0x00000128","dwIoControlCode->0x006d0008","lpInBuffer->0x0049bbf8","nInBufferSize->0x00000046","lpOutBuffer->0x004989c0","nOutBufferSize->0x00000020","lpBytesReturned->0x0120f374","lpOverlapped->0x00000000"
"20191009201101.823","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","device","DeviceIoControl","SUCCESS","","hDevice->0x00000128","dwIoControlCode->0x006d0008","lpInBuffer->0x0049bbf8","nInBufferSize->0x00000046","lpOutBuffer->0x00486100","nOutBufferSize->0x000000ee","lpBytesReturned->0x0120f374","lpOverlapped->0x00000000"
"20191009201101.823","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","registry","RegOpenKeyExW","SUCCESS","0x00000128","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume"
"20191009201101.823","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","registry","RegOpenKeyExW","SUCCESS","0x00000140","hKey->0x00000128","lpSubKey->{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20191009201101.823","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000140","lpValueName->Data"
"20191009201101.823","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","registry","RegOpenKeyExW","SUCCESS","0x00000140","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume"
"20191009201101.823","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","registry","RegOpenKeyExW","SUCCESS","0x00000128","hKey->0x00000140","lpSubKey->{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20191009201101.823","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000128","lpValueName->Generation"
"20191009201101.823","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","CreateFileW","SUCCESS","0x00000128","lpFileName->\\.\MountPointManager","dwDesiredAccess->ATTRIBUTES"
"20191009201101.823","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","device","DeviceIoControl","FAILURE","","hDevice->0x00000128","dwIoControlCode->0x006d0034","lpInBuffer->0x0049cb30","nInBufferSize->0x00000208","lpOutBuffer->0x0049a068","nOutBufferSize->0x00000008","lpBytesReturned->0x0120f884","lpOverlapped->0x00000000"
"20191009201101.823","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","device","DeviceIoControl","SUCCESS","","hDevice->0x00000128","dwIoControlCode->0x006d0034","lpInBuffer->0x0049cb30","nInBufferSize->0x00000208","lpOutBuffer->0x0049cd40","nOutBufferSize->0x00000010","lpBytesReturned->0x0120f884","lpOverlapped->0x00000000"
"20191009201101.823","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","CreateFileW","SUCCESS","0x00000128","lpFileName->\\.\MountPointManager","dwDesiredAccess->ATTRIBUTES"
"20191009201101.823","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","device","DeviceIoControl","FAILURE","","hDevice->0x00000128","dwIoControlCode->0x006d0034","lpInBuffer->0x0049cb30","nInBufferSize->0x00000208","lpOutBuffer->0x0049a068","nOutBufferSize->0x00000008","lpBytesReturned->0x0120f884","lpOverlapped->0x00000000"
"20191009201101.823","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","memory","VirtualAllocEx","SUCCESS","0x01014000","th32ProcessID->724","szExeFile->HelpMe.exe","lpAddress->0x01014000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20191009201101.833","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","ReadFile","SUCCESS","","hFile->0x00000134","nNumberOfBytesToRead->61440"
"20191009201101.833","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","WriteFile","SUCCESS","","hFile->0x000000d0","nNumberOfBytesToWrite->61440"
"20191009201101.833","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","ReadFile","SUCCESS","","hFile->0x00000134","nNumberOfBytesToRead->61440"
"20191009201101.833","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","WriteFile","SUCCESS","","hFile->0x000000d0","nNumberOfBytesToWrite->61440"
"20191009201101.833","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","ReadFile","SUCCESS","","hFile->0x00000134","nNumberOfBytesToRead->61440"
"20191009201101.833","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","WriteFile","SUCCESS","","hFile->0x000000d0","nNumberOfBytesToWrite->61440"
"20191009201101.833","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","ReadFile","SUCCESS","","hFile->0x00000134","nNumberOfBytesToRead->61440"
"20191009201101.833","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","WriteFile","SUCCESS","","hFile->0x000000d0","nNumberOfBytesToWrite->61440"
"20191009201101.833","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","ReadFile","SUCCESS","","hFile->0x00000134","nNumberOfBytesToRead->61440"
"20191009201101.833","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","WriteFile","SUCCESS","","hFile->0x000000d0","nNumberOfBytesToWrite->61440"
"20191009201101.833","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","ReadFile","SUCCESS","","hFile->0x00000134","nNumberOfBytesToRead->61440"
"20191009201101.833","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","WriteFile","SUCCESS","","hFile->0x000000d0","nNumberOfBytesToWrite->61440"
"20191009201101.833","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","ReadFile","SUCCESS","","hFile->0x00000134","nNumberOfBytesToRead->61440"
"20191009201101.833","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","WriteFile","SUCCESS","","hFile->0x000000d0","nNumberOfBytesToWrite->61440"
"20191009201101.833","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","ReadFile","SUCCESS","","hFile->0x00000134","nNumberOfBytesToRead->61440"
"20191009201101.833","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","WriteFile","SUCCESS","","hFile->0x000000d0","nNumberOfBytesToWrite->61440"
"20191009201101.833","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","ReadFile","SUCCESS","","hFile->0x00000134","nNumberOfBytesToRead->61440"
"20191009201101.833","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","WriteFile","SUCCESS","","hFile->0x000000d0","nNumberOfBytesToWrite->61440"
"20191009201101.833","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","ReadFile","SUCCESS","","hFile->0x00000134","nNumberOfBytesToRead->61440"
"20191009201101.833","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","WriteFile","SUCCESS","","hFile->0x000000d0","nNumberOfBytesToWrite->61440"
"20191009201101.833","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","ReadFile","SUCCESS","","hFile->0x00000134","nNumberOfBytesToRead->61440"
"20191009201101.833","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","WriteFile","SUCCESS","","hFile->0x000000d0","nNumberOfBytesToWrite->61440"
"20191009201101.833","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","ReadFile","SUCCESS","","hFile->0x00000134","nNumberOfBytesToRead->61440"
"20191009201101.833","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","WriteFile","SUCCESS","","hFile->0x000000d0","nNumberOfBytesToWrite->61440"
"20191009201101.833","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","ReadFile","SUCCESS","","hFile->0x00000134","nNumberOfBytesToRead->61440"
"20191009201101.833","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","WriteFile","SUCCESS","","hFile->0x000000d0","nNumberOfBytesToWrite->61440"
"20191009201101.833","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","ReadFile","SUCCESS","","hFile->0x00000134","nNumberOfBytesToRead->11725"
"20191009201101.833","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","WriteFile","SUCCESS","","hFile->0x000000d0","nNumberOfBytesToWrite->11725"
"20191009201101.833","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","ReadFile","SUCCESS","","hFile->0x00000130","nNumberOfBytesToRead->145"
"20191009201101.833","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","WriteFile","SUCCESS","","hFile->0x000000d0","nNumberOfBytesToWrite->145"
"20191009201101.833","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","WriteFile","SUCCESS","","hFile->0x000000d0","nNumberOfBytesToWrite->268"
"20191009201101.833","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","WriteFile","SUCCESS","","hFile->0x000000d0","nNumberOfBytesToWrite->268"
"20191009201101.833","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","DeleteFileW","FAILURE","","lpFileName->C:\AUTORUN.INF"
"20191009201101.833","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","MoveFileWithProgressW","FAILURE","","lpExistingFileName->C:\AUTORUN.INF.exe","lpNewFileName->C:\AUTORUN.INF"
"20191009201101.833","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","CreateFileW","SUCCESS","0x000000d0","lpFileName->C:\boot.ini","dwDesiredAccess->GENERIC_READ"
"20191009201101.833","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","ReadFile","SUCCESS","","hFile->0x000000d0","nNumberOfBytesToRead->268"
"20191009201101.833","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","CreateFileW","SUCCESS","0x000000d0","lpFileName->C:\fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","dwDesiredAccess->GENERIC_READ"
"20191009201101.833","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","CreateFileW","SUCCESS","0x00000130","lpFileName->C:\boot.ini","dwDesiredAccess->GENERIC_READ"
"20191009201101.833","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","device","DeviceIoControl","SUCCESS","","hDevice->0x00000128","dwIoControlCode->0x006d0034","lpInBuffer->0x0049cb30","nInBufferSize->0x00000208","lpOutBuffer->0x0049cd58","nOutBufferSize->0x00000010","lpBytesReturned->0x0120f884","lpOverlapped->0x00000000"
"20191009201101.833","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","registry","RegCreateKeyExW","SUCCESS","0x00000128","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20191009201101.833","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","registry","RegSetValueExW","SUCCESS","","hKey->0x00000128","lpValueName->BaseClass","dwType->1","lpData->Drive","cbData->12"
"20191009201101.833","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","registry","RegOpenKeyExW","SUCCESS","0x00000128","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume"
"20191009201101.833","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","registry","RegOpenKeyExW","SUCCESS","0x00000134","hKey->0x00000128","lpSubKey->{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20191009201101.833","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000134","lpValueName->Generation"
"20191009201101.833","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","system","LoadLibraryA","SUCCESS","0x7c9c0000","lpFileName->SHELL32.dll"
"20191009201101.833","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","system","LoadLibraryA","SUCCESS","0x774e0000","lpFileName->ole32.dll"
"20191009201101.833","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","registry","RegOpenKeyExW","SUCCESS","0x00000136","hKey->HKEY_CLASSES_ROOT","lpSubKey->Directory"
"20191009201101.833","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","registry","RegOpenKeyExW","FAILURE","","hKey->0x00000136","lpSubKey->CurVer"
"20191009201101.833","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","registry","RegOpenKeyExW","SUCCESS","0x0000012a","hKey->0x00000136","lpSubKey->(null)"
"20191009201101.833","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20191009201101.833","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","registry","RegOpenKeyExW","SUCCESS","0x00000134","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20191009201101.833","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","registry","RegQueryValueExW","FAILURE","","hKey->0x00000134","lpValueName->DontShowSuperHidden"
"20191009201101.833","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","registry","RegOpenKeyExW","SUCCESS","0x00000134","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer"
"20191009201101.833","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","registry","RegOpenKeyExW","SUCCESS","0x00000138","hKey->0x00000134","lpSubKey->(null)"
"20191009201101.833","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000138","lpValueName->ShellState"
"20191009201101.833","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000138","lpValueName->ShellState"
"20191009201101.833","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20191009201101.833","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","registry","RegOpenKeyExW","SUCCESS","0x00000138","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20191009201101.833","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","registry","RegQueryValueExW","FAILURE","","hKey->0x00000138","lpValueName->ForceActiveDesktopOn"
"20191009201101.833","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20191009201101.833","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","registry","RegOpenKeyExW","SUCCESS","0x00000138","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20191009201101.833","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","registry","RegQueryValueExW","FAILURE","","hKey->0x00000138","lpValueName->NoActiveDesktop"
"20191009201101.833","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\System"
"20191009201101.833","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20191009201101.833","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","registry","RegOpenKeyExW","SUCCESS","0x00000138","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20191009201101.833","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","registry","RegQueryValueExW","FAILURE","","hKey->0x00000138","lpValueName->NoWebView"
"20191009201101.833","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20191009201101.833","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","registry","RegOpenKeyExW","SUCCESS","0x00000138","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20191009201101.833","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","registry","RegQueryValueExW","FAILURE","","hKey->0x00000138","lpValueName->ClassicShell"
"20191009201101.833","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","CreateFileW","SUCCESS","0x00000138","lpFileName->C:\boot.ini.exe","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20191009201101.833","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20191009201101.833","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","registry","RegOpenKeyExW","SUCCESS","0x00000148","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20191009201101.833","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","registry","RegQueryValueExW","FAILURE","","hKey->0x00000148","lpValueName->SeparateProcess"
"20191009201101.833","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20191009201101.833","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","registry","RegOpenKeyExW","SUCCESS","0x00000148","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20191009201101.833","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","registry","RegQueryValueExW","FAILURE","","hKey->0x00000148","lpValueName->NoNetCrawling"
"20191009201101.833","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20191009201101.833","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","registry","RegOpenKeyExW","SUCCESS","0x00000148","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20191009201101.833","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","registry","RegQueryValueExW","FAILURE","","hKey->0x00000148","lpValueName->NoSimpleStartMenu"
"20191009201101.833","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","registry","RegOpenKeyExW","SUCCESS","0x00000148","hKey->0x00000134","lpSubKey->Advanced"
"20191009201101.833","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000148","lpValueName->Hidden"
"20191009201101.833","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000148","lpValueName->ShowCompColor"
"20191009201101.833","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000148","lpValueName->HideFileExt"
"20191009201101.833","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000148","lpValueName->DontPrettyPath"
"20191009201101.833","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000148","lpValueName->ShowInfoTip"
"20191009201101.833","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000148","lpValueName->HideIcons"
"20191009201101.833","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000148","lpValueName->MapNetDrvBtn"
"20191009201101.833","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000148","lpValueName->WebView"
"20191009201101.833","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000148","lpValueName->Filter"
"20191009201101.833","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000148","lpValueName->ShowSuperHidden"
"20191009201101.833","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000148","lpValueName->SeparateProcess"
"20191009201101.833","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000148","lpValueName->NoNetCrawling"
"20191009201101.833","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","registry","RegOpenKeyExW","FAILURE","","hKey->0x0000012a","lpSubKey->ShellEx\IconHandler"
"20191009201101.833","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","registry","RegQueryValueExW","FAILURE","","hKey->0x0000012a","lpValueName->DocObject"
"20191009201101.833","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","registry","RegQueryValueExW","FAILURE","","hKey->0x0000012a","lpValueName->BrowseInPlace"
"20191009201101.833","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","registry","RegOpenKeyExW","FAILURE","","hKey->0x0000012a","lpSubKey->Clsid"
"20191009201101.833","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","registry","RegOpenKeyExW","SUCCESS","0x0000014e","hKey->HKEY_CLASSES_ROOT","lpSubKey->Folder"
"20191009201101.833","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","registry","RegOpenKeyExW","FAILURE","","hKey->0x0000014e","lpSubKey->Clsid"
"20191009201101.833","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","registry","RegQueryValueExW","FAILURE","","hKey->0x0000012a","lpValueName->IsShortcut"
"20191009201101.833","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x0000012a","lpValueName->AlwaysShowExt"
"20191009201101.833","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","registry","RegQueryValueExW","FAILURE","","hKey->0x0000012a","lpValueName->NeverShowExt"
"20191009201101.833","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20191009201101.833","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","registry","RegOpenKeyExW","SUCCESS","0x0000014c","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20191009201101.833","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","registry","RegQueryValueExW","FAILURE","","hKey->0x0000014c","lpValueName->UseDesktopIniCache"
"20191009201101.833","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","memory","VirtualAllocEx","SUCCESS","0x01014000","th32ProcessID->724","szExeFile->HelpMe.exe","lpAddress->0x01014000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20191009201101.833","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","ReadFile","SUCCESS","","hFile->0x000000d0","nNumberOfBytesToRead->61440"
"20191009201101.833","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000138","nNumberOfBytesToWrite->61440"
"20191009201101.833","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","ReadFile","SUCCESS","","hFile->0x000000d0","nNumberOfBytesToRead->61440"
"20191009201101.833","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000138","nNumberOfBytesToWrite->61440"
"20191009201101.833","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","ReadFile","SUCCESS","","hFile->0x000000d0","nNumberOfBytesToRead->61440"
"20191009201101.833","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000138","nNumberOfBytesToWrite->61440"
"20191009201101.833","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","ReadFile","SUCCESS","","hFile->0x000000d0","nNumberOfBytesToRead->61440"
"20191009201101.833","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000138","nNumberOfBytesToWrite->61440"
"20191009201101.833","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","ReadFile","SUCCESS","","hFile->0x000000d0","nNumberOfBytesToRead->61440"
"20191009201101.833","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000138","nNumberOfBytesToWrite->61440"
"20191009201101.833","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","ReadFile","SUCCESS","","hFile->0x000000d0","nNumberOfBytesToRead->61440"
"20191009201101.833","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000138","nNumberOfBytesToWrite->61440"
"20191009201101.833","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","ReadFile","SUCCESS","","hFile->0x000000d0","nNumberOfBytesToRead->61440"
"20191009201101.833","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000138","nNumberOfBytesToWrite->61440"
"20191009201101.833","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","ReadFile","SUCCESS","","hFile->0x000000d0","nNumberOfBytesToRead->61440"
"20191009201101.833","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000138","nNumberOfBytesToWrite->61440"
"20191009201101.833","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","ReadFile","SUCCESS","","hFile->0x000000d0","nNumberOfBytesToRead->61440"
"20191009201101.833","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000138","nNumberOfBytesToWrite->61440"
"20191009201101.833","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","ReadFile","SUCCESS","","hFile->0x000000d0","nNumberOfBytesToRead->61440"
"20191009201101.833","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000138","nNumberOfBytesToWrite->61440"
"20191009201101.833","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","ReadFile","SUCCESS","","hFile->0x000000d0","nNumberOfBytesToRead->61440"
"20191009201101.833","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000138","nNumberOfBytesToWrite->61440"
"20191009201101.833","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","ReadFile","SUCCESS","","hFile->0x000000d0","nNumberOfBytesToRead->61440"
"20191009201101.833","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000138","nNumberOfBytesToWrite->61440"
"20191009201101.833","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","ReadFile","SUCCESS","","hFile->0x000000d0","nNumberOfBytesToRead->61440"
"20191009201101.833","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000138","nNumberOfBytesToWrite->61440"
"20191009201101.833","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","ReadFile","SUCCESS","","hFile->0x000000d0","nNumberOfBytesToRead->11725"
"20191009201101.833","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000138","nNumberOfBytesToWrite->11725"
"20191009201101.833","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","ReadFile","SUCCESS","","hFile->0x00000130","nNumberOfBytesToRead->211"
"20191009201101.833","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000138","nNumberOfBytesToWrite->211"
"20191009201101.833","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000138","nNumberOfBytesToWrite->268"
"20191009201101.833","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","WriteFile","SUCCESS","","hFile->0x00000138","nNumberOfBytesToWrite->268"
"20191009201101.843","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","system","LoadLibraryA","SUCCESS","0x77120000","lpFileName->oleaut32.dll"
"20191009201101.843","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","registry","RegOpenKeyExW","SUCCESS","0x00000138","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\COM3"
"20191009201101.843","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000138","lpValueName->Com+Enabled"
"20191009201101.843","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\COM3\Debug"
"20191009201101.843","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\COM3\Debug"
"20191009201101.843","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","registry","RegOpenKeyExW","SUCCESS","0x00000138","hKey->HKEY_LOCAL_MACHINE","lpSubKey->SOFTWARE\Microsoft\OLE"
"20191009201101.843","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","registry","RegQueryValueExW","FAILURE","","hKey->0x00000138","lpValueName->MinimumFreeMemPercentageToCreateProcess"
"20191009201101.843","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","registry","RegQueryValueExW","FAILURE","","hKey->0x00000138","lpValueName->MinimumFreeMemPercentageToCreateObject"
"20191009201101.843","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","system","LoadLibraryA","SUCCESS","0x76fd0000","lpFileName->CLBCATQ.DLL"
"20191009201101.843","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","registry","RegOpenKeyExW","SUCCESS","0x00000138","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\COM3"
"20191009201101.843","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x00000138","lpValueName->Com+Enabled"
"20191009201101.843","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","system","LoadLibraryA","SUCCESS","0x76fd0000","lpFileName->CLBCATQ.DLL"
"20191009201101.843","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","registry","RegOpenKeyExW","SUCCESS","0x00000138","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Classes"
"20191009201101.843","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","registry","RegOpenKeyExW","SUCCESS","0x00000144","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\COM3"
"20191009201101.843","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","registry","RegOpenKeyExW","SUCCESS","0x00000158","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Classes"
"20191009201101.843","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","registry","RegOpenKeyExW","SUCCESS","0x00000168","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\COM3"
"20191009201101.843","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","registry","RegOpenKeyExW","SUCCESS","0x00000170","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\COM3"
"20191009201101.843","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","registry","RegOpenKeyExW","SUCCESS","0x00000178","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Classes\CLSID"
"20191009201101.843","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","registry","RegOpenKeyExW","SUCCESS","0x00000180","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Classes"
"20191009201101.843","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","registry","RegOpenKeyExW","SUCCESS","0x00000188","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\COM3"
"20191009201101.843","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","registry","RegOpenKeyExW","SUCCESS","0x00000198","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\COM3"
"20191009201101.843","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","registry","RegOpenKeyExW","SUCCESS","0x000001a0","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\COM3"
"20191009201101.843","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","registry","RegOpenKeyExW","SUCCESS","0x000001a8","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Classes\CLSID"
"20191009201101.843","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","registry","RegOpenKeyExW","SUCCESS","0x000001b0","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\COM3"
"20191009201101.843","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001b0","lpValueName->REGDBVersion"
"20191009201101.843","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","CreateFileW","SUCCESS","0x000001b0","lpFileName->C:\WINDOWS\Registration\R000000000007.clb","dwDesiredAccess->GENERIC_READ"
"20191009201101.843","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001b0","nNumberOfBytesToRead->22512"
"20191009201101.843","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","registry","RegOpenKeyExW","SUCCESS","0x000001b0","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\COM3"
"20191009201101.843","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001b0","lpValueName->REGDBVersion"
"20191009201101.843","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","memory","VirtualAllocEx","SUCCESS","0x00200000","th32ProcessID->724","szExeFile->HelpMe.exe","lpAddress->0x00000000","dwSize->65536","flAllocationType->0x00002000","flProtect->0x00000001"
"20191009201101.843","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","memory","VirtualAllocEx","SUCCESS","0x00200000","th32ProcessID->724","szExeFile->HelpMe.exe","lpAddress->0x00200000","dwSize->4096","flAllocationType->0x00001000","flProtect->0x00000004"
"20191009201101.843","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","registry","RegOpenKeyExW","SUCCESS","0x000001b2","hKey->0x00000132","lpSubKey->CLSID\{00021401-0000-0000-C000-000000000046}"
"20191009201101.843","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","registry","RegOpenKeyExW","FAILURE","","hKey->0x000001b2","lpSubKey->TreatAs"
"20191009201101.843","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","registry","RegOpenKeyExW","SUCCESS","0x000001be","hKey->0x00000132","lpSubKey->(null)"
"20191009201101.843","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","registry","RegOpenKeyExW","SUCCESS","0x000001b2","hKey->0x000001be","lpSubKey->CLSID\{00021401-0000-0000-C000-000000000046}"
"20191009201101.843","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","registry","RegOpenKeyExW","SUCCESS","0x000001c2","hKey->0x000001b2","lpSubKey->InprocServer32"
"20191009201101.843","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","registry","RegQueryValueExW","FAILURE","","hKey->0x000001c2","lpValueName->InprocServer32"
"20191009201101.843","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","registry","RegOpenKeyExW","FAILURE","","hKey->0x000001b2","lpSubKey->InprocServerX86"
"20191009201101.843","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","registry","RegOpenKeyExW","FAILURE","","hKey->0x000001b2","lpSubKey->LocalServer32"
"20191009201101.843","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","registry","RegOpenKeyExW","SUCCESS","0x000001c2","hKey->0x000001b2","lpSubKey->InprocServer32"
"20191009201101.843","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001c2","lpValueName->(null)"
"20191009201101.843","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","registry","RegOpenKeyExW","FAILURE","","hKey->0x000001b2","lpSubKey->InprocHandler32"
"20191009201101.843","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","registry","RegOpenKeyExW","FAILURE","","hKey->0x000001b2","lpSubKey->InprocHandlerX86"
"20191009201101.843","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","registry","RegOpenKeyExW","FAILURE","","hKey->0x000001b2","lpSubKey->LocalServer32"
"20191009201101.843","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","registry","RegOpenKeyExW","FAILURE","","hKey->0x000001b2","lpSubKey->LocalServer"
"20191009201101.843","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","registry","RegOpenKeyExW","SUCCESS","0x000001c2","hKey->0x000001be","lpSubKey->CLSID\{00021401-0000-0000-C000-000000000046}"
"20191009201101.843","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","registry","RegQueryValueExW","FAILURE","","hKey->0x000001c2","lpValueName->AppID"
"20191009201101.843","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","registry","RegOpenKeyExW","SUCCESS","0x000001b2","hKey->0x000001be","lpSubKey->CLSID\{00021401-0000-0000-C000-000000000046}"
"20191009201101.843","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","registry","RegOpenKeyExW","SUCCESS","0x000001b2","hKey->0x000001be","lpSubKey->CLSID\{00021401-0000-0000-C000-000000000046}"
"20191009201101.843","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","registry","RegOpenKeyExW","SUCCESS","0x000001c2","hKey->0x000001b2","lpSubKey->InprocServer32"
"20191009201101.843","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001c2","lpValueName->ThreadingModel"
"20191009201101.843","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","registry","RegOpenKeyExW","SUCCESS","0x000001b2","hKey->HKEY_CLASSES_ROOT","lpSubKey->CLSID\{00021401-0000-0000-C000-000000000046}"
"20191009201101.843","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","registry","RegOpenKeyExW","FAILURE","","hKey->0x000001b2","lpSubKey->TreatAs"
"20191009201101.843","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","registry","RegOpenKeyExW","SUCCESS","0x000001c0","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume"
"20191009201101.843","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","registry","RegOpenKeyExW","SUCCESS","0x000001c4","hKey->0x000001c0","lpSubKey->{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20191009201101.843","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001c4","lpValueName->Generation"
"20191009201101.843","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","registry","RegOpenKeyExW","SUCCESS","0x000001c6","hKey->HKEY_CLASSES_ROOT","lpSubKey->Drive\shellex\FolderExtensions"
"20191009201101.843","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","registry","RegOpenKeyExW","SUCCESS","0x000001c2","hKey->HKEY_CLASSES_ROOT","lpSubKey->Drive\shellex\FolderExtensions\{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"20191009201101.843","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001c2","lpValueName->DriveMask"
"20191009201101.843","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20191009201101.843","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","registry","RegOpenKeyExW","SUCCESS","0x000001c4","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
"20191009201101.843","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","registry","RegQueryValueExW","FAILURE","","hKey->0x000001c4","lpValueName->AllowFileCLSIDJunctions"
"20191009201101.843","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","registry","RegCreateKeyExW","SUCCESS","0x000001c4","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders"
"20191009201101.843","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001c4","lpValueName->Personal"
"20191009201101.843","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","registry","RegCreateKeyExW","SUCCESS","0x000001c4","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders"
"20191009201101.843","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","registry","RegSetValueExW","SUCCESS","","hKey->0x000001c4","lpValueName->Personal","dwType->1","lpData->C:\Documents and Settings\janettedoe\My Documents","cbData->100"
"20191009201101.843","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","registry","RegOpenKeyExW","SUCCESS","0x000001c4","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume"
"20191009201101.843","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","registry","RegOpenKeyExW","SUCCESS","0x000001c0","hKey->0x000001c4","lpSubKey->{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20191009201101.843","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001c0","lpValueName->Generation"
"20191009201101.843","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","registry","RegCreateKeyExW","SUCCESS","0x000001c0","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders"
"20191009201101.843","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001c0","lpValueName->Common Documents"
"20191009201101.843","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","registry","RegCreateKeyExW","SUCCESS","0x000001c0","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders"
"20191009201101.843","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","registry","RegSetValueExW","SUCCESS","","hKey->0x000001c0","lpValueName->Common Documents","dwType->1","lpData->C:\Documents and Settings\All Users\Documents","cbData->92"
"20191009201101.843","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","registry","RegOpenKeyExW","SUCCESS","0x000001c0","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume"
"20191009201101.843","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","registry","RegOpenKeyExW","SUCCESS","0x000001c4","hKey->0x000001c0","lpSubKey->{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20191009201101.843","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001c4","lpValueName->Generation"
"20191009201101.843","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","registry","RegCreateKeyExW","SUCCESS","0x000001c4","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders"
"20191009201101.843","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001c4","lpValueName->Desktop"
"20191009201101.843","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","registry","RegCreateKeyExW","SUCCESS","0x000001c4","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders"
"20191009201101.843","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","registry","RegSetValueExW","SUCCESS","","hKey->0x000001c4","lpValueName->Desktop","dwType->1","lpData->C:\Documents and Settings\janettedoe\Desktop","cbData->90"
"20191009201101.843","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","registry","RegOpenKeyExW","SUCCESS","0x000001c4","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume"
"20191009201101.843","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","registry","RegOpenKeyExW","SUCCESS","0x000001c0","hKey->0x000001c4","lpSubKey->{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20191009201101.843","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001c0","lpValueName->Generation"
"20191009201101.843","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","registry","RegCreateKeyExW","SUCCESS","0x000001c0","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders"
"20191009201101.843","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001c0","lpValueName->Common Desktop"
"20191009201101.843","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","registry","RegCreateKeyExW","SUCCESS","0x000001c0","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders"
"20191009201101.843","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","registry","RegSetValueExW","SUCCESS","","hKey->0x000001c0","lpValueName->Common Desktop","dwType->1","lpData->C:\Documents and Settings\All Users\Desktop","cbData->88"
"20191009201101.843","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","registry","RegOpenKeyExW","SUCCESS","0x000001c0","hKey->HKEY_CURRENT_USER","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume"
"20191009201101.843","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","registry","RegOpenKeyExW","SUCCESS","0x000001c4","hKey->0x000001c0","lpSubKey->{a20cd692-8e41-11e1-9999-806d6172696f}\"
"20191009201101.843","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001c4","lpValueName->Generation"
"20191009201101.843","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","registry","RegOpenKeyExW","SUCCESS","0x000001c4","hKey->0x00000134","lpSubKey->FileExts"
"20191009201101.843","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","registry","RegOpenKeyExW","FAILURE","","hKey->0x000001c4","lpSubKey->."
"20191009201101.843","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","registry","RegOpenKeyExW","FAILURE","","hKey->0x000001c4","lpSubKey->."
"20191009201101.843","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_CLASSES_ROOT","lpSubKey->."
"20191009201101.843","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_CLASSES_ROOT","lpSubKey->SystemFileAssociations\."
"20191009201101.843","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_CLASSES_ROOT","lpSubKey->."
"20191009201101.843","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","DeleteFileW","SUCCESS","","lpFileName->C:\boot.ini"
"20191009201101.843","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","MoveFileWithProgressW","SUCCESS","","lpExistingFileName->C:\boot.ini.exe","lpNewFileName->C:\boot.ini"
"20191009201101.843","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","CreateFileW","SUCCESS","0x000001c8","lpFileName->C:\CONFIG.SYS","dwDesiredAccess->GENERIC_READ"
"20191009201101.843","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001c8","nNumberOfBytesToRead->268"
"20191009201101.843","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","registry","RegOpenKeyExW","SUCCESS","0x000001ca","hKey->0x00000062","lpSubKey->Network\SharingHandler"
"20191009201101.843","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001ca","lpValueName->(null)"
"20191009201101.843","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","registry","RegOpenKeyExW","SUCCESS","0x000001c8","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows NT\CurrentVersion\winlogon"
"20191009201101.843","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","registry","RegQueryValueExW","FAILURE","","hKey->0x000001c8","lpValueName->UserEnvDebugLevel"
"20191009201101.843","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","registry","RegOpenKeyExW","SUCCESS","0x000001c8","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows NT\CurrentVersion\winlogon"
"20191009201101.843","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","registry","RegQueryValueExW","FAILURE","","hKey->0x000001c8","lpValueName->ChkAccDebugLevel"
"20191009201101.843","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","registry","RegOpenKeyExW","SUCCESS","0x000001c8","hKey->HKEY_LOCAL_MACHINE","lpSubKey->System\CurrentControlSet\Control\ProductOptions"
"20191009201101.843","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001c8","lpValueName->ProductType"
"20191009201101.843","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","registry","RegOpenKeyExW","SUCCESS","0x000001cc","hKey->0x000001c0","lpSubKey->Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders"
"20191009201101.843","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001cc","lpValueName->Personal"
"20191009201101.843","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","registry","RegQueryValueExW","SUCCESS","","hKey->0x000001cc","lpValueName->Local Settings"
"20191009201101.843","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","registry","RegOpenKeyExW","SUCCESS","0x000001c0","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows NT\CurrentVersion\winlogon"
"20191009201101.843","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","registry","RegQueryValueExW","FAILURE","","hKey->0x000001c0","lpValueName->RsopDebugLevel"
"20191009201101.843","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","registry","RegOpenKeyExW","SUCCESS","0x000001c0","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows NT\CurrentVersion\winlogon"
"20191009201101.843","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","registry","RegQueryValueExW","FAILURE","","hKey->0x000001c0","lpValueName->UserEnvDebugLevel"
"20191009201101.853","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","registry","RegQueryValueExW","FAILURE","","hKey->0x000001c0","lpValueName->RsopLogging"
"20191009201101.853","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Policies\Microsoft\Windows\System"
"20191009201101.853","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","registry","RegOpenKeyExW","SUCCESS","0x000001c0","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Microsoft\Windows NT\CurrentVersion\winlogon"
"20191009201101.853","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","registry","RegQueryValueExW","FAILURE","","hKey->0x000001c0","lpValueName->UserEnvDebugLevel"
"20191009201101.853","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","registry","RegOpenKeyExW","FAILURE","","hKey->HKEY_LOCAL_MACHINE","lpSubKey->Software\Policies\Microsoft\Windows\System"
"20191009201101.853","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","system","LoadLibraryW","SUCCESS","0x773d0000","lpFileName->comctl32.dll"
"20191009201101.853","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","system","LoadLibraryW","SUCCESS","0x76990000","lpFileName->ntshrui.dll"
"20191009201101.853","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","CreateFileW","SUCCESS","0x000001c0","lpFileName->C:\fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","dwDesiredAccess->GENERIC_READ"
"20191009201101.853","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","CreateFileW","SUCCESS","0x000001d0","lpFileName->C:\CONFIG.SYS","dwDesiredAccess->GENERIC_READ"
"20191009201101.853","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","CreateFileW","SUCCESS","0x000001d4","lpFileName->C:\CONFIG.SYS.exe","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20191009201101.853","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","memory","VirtualAllocEx","SUCCESS","0x01014000","th32ProcessID->724","szExeFile->HelpMe.exe","lpAddress->0x01014000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20191009201101.853","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001c0","nNumberOfBytesToRead->61440"
"20191009201101.853","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001d4","nNumberOfBytesToWrite->61440"
"20191009201101.853","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001c0","nNumberOfBytesToRead->61440"
"20191009201101.853","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001d4","nNumberOfBytesToWrite->61440"
"20191009201101.853","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001c0","nNumberOfBytesToRead->61440"
"20191009201101.853","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001d4","nNumberOfBytesToWrite->61440"
"20191009201101.853","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001c0","nNumberOfBytesToRead->61440"
"20191009201101.853","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001d4","nNumberOfBytesToWrite->61440"
"20191009201101.853","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001c0","nNumberOfBytesToRead->61440"
"20191009201101.853","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001d4","nNumberOfBytesToWrite->61440"
"20191009201101.853","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001c0","nNumberOfBytesToRead->61440"
"20191009201101.853","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001d4","nNumberOfBytesToWrite->61440"
"20191009201101.853","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001c0","nNumberOfBytesToRead->61440"
"20191009201101.853","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001d4","nNumberOfBytesToWrite->61440"
"20191009201101.853","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001c0","nNumberOfBytesToRead->61440"
"20191009201101.853","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001d4","nNumberOfBytesToWrite->61440"
"20191009201101.853","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001c0","nNumberOfBytesToRead->61440"
"20191009201101.853","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001d4","nNumberOfBytesToWrite->61440"
"20191009201101.853","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001c0","nNumberOfBytesToRead->61440"
"20191009201101.853","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001d4","nNumberOfBytesToWrite->61440"
"20191009201101.853","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001c0","nNumberOfBytesToRead->61440"
"20191009201101.853","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001d4","nNumberOfBytesToWrite->61440"
"20191009201101.853","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001c0","nNumberOfBytesToRead->61440"
"20191009201101.853","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001d4","nNumberOfBytesToWrite->61440"
"20191009201101.853","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001c0","nNumberOfBytesToRead->61440"
"20191009201101.853","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001d4","nNumberOfBytesToWrite->61440"
"20191009201101.853","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001c0","nNumberOfBytesToRead->11725"
"20191009201101.853","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001d4","nNumberOfBytesToWrite->11725"
"20191009201101.853","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001d4","nNumberOfBytesToWrite->268"
"20191009201101.853","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001d4","nNumberOfBytesToWrite->268"
"20191009201101.853","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","system","LoadLibraryA","SUCCESS","0x76980000","lpFileName->LINKINFO.dll"
"20191009201101.853","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","CreateFileW","SUCCESS","0x000001d0","lpFileName->\\.\PIPE\srvsvc","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20191009201101.853","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","DeleteFileW","SUCCESS","","lpFileName->C:\CONFIG.SYS"
"20191009201101.853","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","MoveFileWithProgressW","SUCCESS","","lpExistingFileName->C:\CONFIG.SYS.exe","lpNewFileName->C:\CONFIG.SYS"
"20191009201101.853","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","CreateFileW","SUCCESS","0x000001e4","lpFileName->C:\cuckoo\additional\.gitignore","dwDesiredAccess->GENERIC_READ"
"20191009201101.853","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToRead->268"
"20191009201101.853","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","CreateFileW","SUCCESS","0x000001e4","lpFileName->C:\fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","dwDesiredAccess->GENERIC_READ"
"20191009201101.853","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","CreateFileW","SUCCESS","0x000001e8","lpFileName->C:\cuckoo\additional\.gitignore","dwDesiredAccess->GENERIC_READ"
"20191009201101.853","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","CreateFileW","SUCCESS","0x000001ec","lpFileName->C:\cuckoo\additional\.gitignore.exe","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20191009201101.853","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","memory","VirtualAllocEx","SUCCESS","0x01014000","th32ProcessID->724","szExeFile->HelpMe.exe","lpAddress->0x01014000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20191009201101.853","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToRead->61440"
"20191009201101.853","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToWrite->61440"
"20191009201101.853","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToRead->61440"
"20191009201101.853","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToWrite->61440"
"20191009201101.853","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToRead->61440"
"20191009201101.853","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToWrite->61440"
"20191009201101.853","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToRead->61440"
"20191009201101.853","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToWrite->61440"
"20191009201101.853","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToRead->61440"
"20191009201101.853","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToWrite->61440"
"20191009201101.853","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToRead->61440"
"20191009201101.853","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToWrite->61440"
"20191009201101.853","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToRead->61440"
"20191009201101.853","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToWrite->61440"
"20191009201101.853","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToRead->61440"
"20191009201101.853","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToWrite->61440"
"20191009201101.853","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToRead->61440"
"20191009201101.853","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToWrite->61440"
"20191009201101.853","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToRead->61440"
"20191009201101.853","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToWrite->61440"
"20191009201101.853","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToRead->61440"
"20191009201101.853","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToWrite->61440"
"20191009201101.853","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToRead->61440"
"20191009201101.853","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToWrite->61440"
"20191009201101.853","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToRead->61440"
"20191009201101.853","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToWrite->61440"
"20191009201101.853","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToRead->11725"
"20191009201101.853","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToWrite->11725"
"20191009201101.853","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001e8","nNumberOfBytesToRead->71"
"20191009201101.853","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToWrite->71"
"20191009201101.853","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToWrite->268"
"20191009201101.853","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToWrite->268"
"20191009201101.853","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","DeleteFileW","SUCCESS","","lpFileName->C:\cuckoo\additional\.gitignore"
"20191009201101.853","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","MoveFileWithProgressW","SUCCESS","","lpExistingFileName->C:\cuckoo\additional\.gitignore.exe","lpNewFileName->C:\cuckoo\additional\.gitignore"
"20191009201101.853","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","CreateFileW","SUCCESS","0x000001ec","lpFileName->C:\cuckoo\dll\cmonitor.dll","dwDesiredAccess->GENERIC_READ"
"20191009201101.853","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToRead->268"
"20191009201101.853","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","CreateFileW","SUCCESS","0x000001ec","lpFileName->C:\fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","dwDesiredAccess->GENERIC_READ"
"20191009201101.853","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","CreateFileW","SUCCESS","0x000001e8","lpFileName->C:\cuckoo\dll\cmonitor.dll","dwDesiredAccess->GENERIC_READ"
"20191009201101.853","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","CreateFileW","SUCCESS","0x000001e4","lpFileName->C:\cuckoo\dll\cmonitor.dll.exe","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20191009201101.863","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","memory","VirtualAllocEx","SUCCESS","0x01014000","th32ProcessID->420","szExeFile->fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","lpAddress->0x01014000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20191009201101.863","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToRead->61440"
"20191009201101.863","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToWrite->61440"
"20191009201101.863","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToRead->61440"
"20191009201101.863","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToWrite->61440"
"20191009201101.863","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToRead->61440"
"20191009201101.863","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToWrite->61440"
"20191009201101.863","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToRead->61440"
"20191009201101.863","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToWrite->61440"
"20191009201101.863","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToRead->61440"
"20191009201101.863","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToWrite->61440"
"20191009201101.863","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToRead->61440"
"20191009201101.863","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToWrite->61440"
"20191009201101.863","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToRead->61440"
"20191009201101.863","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToWrite->61440"
"20191009201101.863","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToRead->61440"
"20191009201101.863","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToWrite->61440"
"20191009201101.863","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToRead->61440"
"20191009201101.863","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToWrite->61440"
"20191009201101.863","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToRead->61440"
"20191009201101.863","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToWrite->61440"
"20191009201101.863","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToRead->61440"
"20191009201101.863","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToWrite->61440"
"20191009201101.863","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToRead->61440"
"20191009201101.863","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToWrite->61440"
"20191009201101.863","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToRead->61440"
"20191009201101.863","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToWrite->61440"
"20191009201101.863","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToRead->11725"
"20191009201101.863","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToWrite->11725"
"20191009201101.863","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","memory","VirtualAllocEx","SUCCESS","0x01014000","th32ProcessID->724","szExeFile->HelpMe.exe","lpAddress->0x01014000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20191009201101.863","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001e8","nNumberOfBytesToRead->61440"
"20191009201101.863","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToWrite->61440"
"20191009201101.863","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001e8","nNumberOfBytesToRead->61440"
"20191009201101.863","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToWrite->61440"
"20191009201101.863","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001e8","nNumberOfBytesToRead->61440"
"20191009201101.863","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToWrite->61440"
"20191009201101.863","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001e8","nNumberOfBytesToRead->12288"
"20191009201101.863","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToWrite->12288"
"20191009201101.863","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToWrite->268"
"20191009201101.863","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToWrite->268"
"20191009201101.863","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","DeleteFileW","SUCCESS","","lpFileName->C:\cuckoo\dll\cmonitor.dll"
"20191009201101.863","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","MoveFileWithProgressW","SUCCESS","","lpExistingFileName->C:\cuckoo\dll\cmonitor.dll.exe","lpNewFileName->C:\cuckoo\dll\cmonitor.dll"
"20191009201101.863","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","CreateFileW","SUCCESS","0x000001e4","lpFileName->C:\cuckoo\dll\DtROGk.dll","dwDesiredAccess->GENERIC_READ"
"20191009201101.863","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToRead->268"
"20191009201101.863","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","CreateFileW","SUCCESS","0x000001e4","lpFileName->C:\fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","dwDesiredAccess->GENERIC_READ"
"20191009201101.863","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","CreateFileW","SUCCESS","0x000001e8","lpFileName->C:\cuckoo\dll\DtROGk.dll","dwDesiredAccess->GENERIC_READ"
"20191009201101.863","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","CreateFileW","SUCCESS","0x000001ec","lpFileName->C:\cuckoo\dll\DtROGk.dll.exe","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20191009201101.863","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","memory","VirtualAllocEx","SUCCESS","0x01014000","th32ProcessID->724","szExeFile->HelpMe.exe","lpAddress->0x01014000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20191009201101.863","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToRead->61440"
"20191009201101.863","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToWrite->61440"
"20191009201101.863","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToRead->61440"
"20191009201101.863","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToWrite->61440"
"20191009201101.863","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToRead->61440"
"20191009201101.863","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToWrite->61440"
"20191009201101.863","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToRead->61440"
"20191009201101.863","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToWrite->61440"
"20191009201101.863","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToRead->61440"
"20191009201101.863","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToWrite->61440"
"20191009201101.863","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToRead->61440"
"20191009201101.863","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToWrite->61440"
"20191009201101.863","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToRead->61440"
"20191009201101.863","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToWrite->61440"
"20191009201101.863","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToRead->61440"
"20191009201101.863","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToWrite->61440"
"20191009201101.863","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToRead->61440"
"20191009201101.863","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToWrite->61440"
"20191009201101.863","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToRead->61440"
"20191009201101.863","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToWrite->61440"
"20191009201101.863","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToRead->61440"
"20191009201101.863","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToWrite->61440"
"20191009201101.863","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToRead->61440"
"20191009201101.863","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToWrite->61440"
"20191009201101.863","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToRead->61440"
"20191009201101.863","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToWrite->61440"
"20191009201101.863","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToRead->11725"
"20191009201101.863","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToWrite->11725"
"20191009201101.863","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","memory","VirtualAllocEx","SUCCESS","0x01014000","th32ProcessID->724","szExeFile->HelpMe.exe","lpAddress->0x01014000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20191009201101.863","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001e8","nNumberOfBytesToRead->61440"
"20191009201101.873","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToWrite->61440"
"20191009201101.873","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001e8","nNumberOfBytesToRead->61440"
"20191009201101.873","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToWrite->61440"
"20191009201101.873","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001e8","nNumberOfBytesToRead->61440"
"20191009201101.873","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToWrite->61440"
"20191009201101.873","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001e8","nNumberOfBytesToRead->12288"
"20191009201101.873","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToWrite->12288"
"20191009201101.873","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToWrite->268"
"20191009201101.873","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToWrite->268"
"20191009201101.873","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","DeleteFileW","FAILURE","","lpFileName->C:\cuckoo\dll\DtROGk.dll"
"20191009201101.873","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","MoveFileWithProgressW","FAILURE","","lpExistingFileName->C:\cuckoo\dll\DtROGk.dll.exe","lpNewFileName->C:\cuckoo\dll\DtROGk.dll"
"20191009201101.873","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","CreateFileW","SUCCESS","0x000001ec","lpFileName->C:\cuckoo\dll\pjOQIf.dll","dwDesiredAccess->GENERIC_READ"
"20191009201101.873","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToRead->268"
"20191009201101.873","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","CreateFileW","SUCCESS","0x000001ec","lpFileName->C:\fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","dwDesiredAccess->GENERIC_READ"
"20191009201101.873","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","CreateFileW","SUCCESS","0x000001e8","lpFileName->C:\cuckoo\dll\pjOQIf.dll","dwDesiredAccess->GENERIC_READ"
"20191009201101.873","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","CreateFileW","SUCCESS","0x000001e4","lpFileName->C:\cuckoo\dll\pjOQIf.dll.exe","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20191009201101.873","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","memory","VirtualAllocEx","SUCCESS","0x01014000","th32ProcessID->724","szExeFile->HelpMe.exe","lpAddress->0x01014000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20191009201101.873","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToRead->61440"
"20191009201101.873","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToWrite->61440"
"20191009201101.873","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToRead->61440"
"20191009201101.873","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToWrite->61440"
"20191009201101.873","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToRead->61440"
"20191009201101.873","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToWrite->61440"
"20191009201101.873","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToRead->61440"
"20191009201101.873","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToWrite->61440"
"20191009201101.873","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToRead->61440"
"20191009201101.873","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToWrite->61440"
"20191009201101.873","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToRead->61440"
"20191009201101.873","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToWrite->61440"
"20191009201101.873","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToRead->61440"
"20191009201101.873","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToWrite->61440"
"20191009201101.873","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToRead->61440"
"20191009201101.873","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToWrite->61440"
"20191009201101.873","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToRead->61440"
"20191009201101.873","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToWrite->61440"
"20191009201101.873","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToRead->61440"
"20191009201101.873","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToWrite->61440"
"20191009201101.873","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToRead->61440"
"20191009201101.873","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToWrite->61440"
"20191009201101.873","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToRead->61440"
"20191009201101.873","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToWrite->61440"
"20191009201101.873","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToRead->61440"
"20191009201101.873","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToWrite->61440"
"20191009201101.873","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToRead->11725"
"20191009201101.873","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToWrite->11725"
"20191009201101.873","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","memory","VirtualAllocEx","SUCCESS","0x01014000","th32ProcessID->724","szExeFile->HelpMe.exe","lpAddress->0x01014000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20191009201101.873","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001e8","nNumberOfBytesToRead->61440"
"20191009201101.873","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToWrite->61440"
"20191009201101.873","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001e8","nNumberOfBytesToRead->61440"
"20191009201101.873","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToWrite->61440"
"20191009201101.873","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001e8","nNumberOfBytesToRead->61440"
"20191009201101.873","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToWrite->61440"
"20191009201101.873","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001e8","nNumberOfBytesToRead->12288"
"20191009201101.873","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToWrite->12288"
"20191009201101.873","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToWrite->268"
"20191009201101.873","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToWrite->268"
"20191009201101.873","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","DeleteFileW","FAILURE","","lpFileName->C:\cuckoo\dll\pjOQIf.dll"
"20191009201101.873","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","MoveFileWithProgressW","FAILURE","","lpExistingFileName->C:\cuckoo\dll\pjOQIf.dll.exe","lpNewFileName->C:\cuckoo\dll\pjOQIf.dll"
"20191009201101.873","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","CreateFileW","SUCCESS","0x000001e4","lpFileName->C:\cuckoo\files\.gitignore","dwDesiredAccess->GENERIC_READ"
"20191009201101.873","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToRead->268"
"20191009201101.873","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","CreateFileW","SUCCESS","0x000001e4","lpFileName->C:\fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","dwDesiredAccess->GENERIC_READ"
"20191009201101.873","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","CreateFileW","SUCCESS","0x000001e8","lpFileName->C:\cuckoo\files\.gitignore","dwDesiredAccess->GENERIC_READ"
"20191009201101.873","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","CreateFileW","SUCCESS","0x000001ec","lpFileName->C:\cuckoo\files\.gitignore.exe","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20191009201101.873","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","memory","VirtualAllocEx","SUCCESS","0x01014000","th32ProcessID->724","szExeFile->HelpMe.exe","lpAddress->0x01014000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20191009201101.873","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToRead->61440"
"20191009201101.873","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToWrite->61440"
"20191009201101.873","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToRead->61440"
"20191009201101.873","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToWrite->61440"
"20191009201101.873","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToRead->61440"
"20191009201101.873","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToWrite->61440"
"20191009201101.873","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToRead->61440"
"20191009201101.873","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToWrite->61440"
"20191009201101.873","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToRead->61440"
"20191009201101.873","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToWrite->61440"
"20191009201101.873","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToRead->61440"
"20191009201101.873","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToWrite->61440"
"20191009201101.873","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToRead->61440"
"20191009201101.873","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToWrite->61440"
"20191009201101.873","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToRead->61440"
"20191009201101.873","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToWrite->61440"
"20191009201101.873","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToRead->61440"
"20191009201101.873","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToWrite->61440"
"20191009201101.873","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToRead->61440"
"20191009201101.873","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToWrite->61440"
"20191009201101.873","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToRead->61440"
"20191009201101.873","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToWrite->61440"
"20191009201101.873","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToRead->61440"
"20191009201101.873","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToWrite->61440"
"20191009201101.873","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToRead->61440"
"20191009201101.873","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToWrite->61440"
"20191009201101.873","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToRead->11725"
"20191009201101.873","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToWrite->11725"
"20191009201101.873","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001e8","nNumberOfBytesToRead->71"
"20191009201101.873","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToWrite->71"
"20191009201101.873","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToWrite->268"
"20191009201101.873","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToWrite->268"
"20191009201101.873","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","DeleteFileW","SUCCESS","","lpFileName->C:\cuckoo\files\.gitignore"
"20191009201101.883","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","MoveFileWithProgressW","SUCCESS","","lpExistingFileName->C:\cuckoo\files\.gitignore.exe","lpNewFileName->C:\cuckoo\files\.gitignore"
"20191009201101.883","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","CreateFileW","SUCCESS","0x000001ec","lpFileName->C:\cuckoo\logs\.gitignore","dwDesiredAccess->GENERIC_READ"
"20191009201101.883","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToRead->268"
"20191009201101.883","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","CreateFileW","SUCCESS","0x000001ec","lpFileName->C:\fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","dwDesiredAccess->GENERIC_READ"
"20191009201101.883","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","CreateFileW","SUCCESS","0x000001e8","lpFileName->C:\cuckoo\logs\.gitignore","dwDesiredAccess->GENERIC_READ"
"20191009201101.883","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","CreateFileW","SUCCESS","0x000001e4","lpFileName->C:\cuckoo\logs\.gitignore.exe","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20191009201101.883","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","memory","VirtualAllocEx","SUCCESS","0x01014000","th32ProcessID->724","szExeFile->HelpMe.exe","lpAddress->0x01014000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20191009201101.883","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToRead->61440"
"20191009201101.883","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToWrite->61440"
"20191009201101.883","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToRead->61440"
"20191009201101.883","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToWrite->61440"
"20191009201101.883","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToRead->61440"
"20191009201101.883","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToWrite->61440"
"20191009201101.883","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToRead->61440"
"20191009201101.883","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToWrite->61440"
"20191009201101.883","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToRead->61440"
"20191009201101.883","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToWrite->61440"
"20191009201101.883","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToRead->61440"
"20191009201101.883","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToWrite->61440"
"20191009201101.883","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToRead->61440"
"20191009201101.883","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToWrite->61440"
"20191009201101.883","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToRead->61440"
"20191009201101.883","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToWrite->61440"
"20191009201101.883","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToRead->61440"
"20191009201101.883","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToWrite->61440"
"20191009201101.883","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToRead->61440"
"20191009201101.883","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToWrite->61440"
"20191009201101.883","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToRead->61440"
"20191009201101.883","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToWrite->61440"
"20191009201101.883","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToRead->61440"
"20191009201101.883","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToWrite->61440"
"20191009201101.883","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToRead->61440"
"20191009201101.883","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToWrite->61440"
"20191009201101.883","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToRead->11725"
"20191009201101.883","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToWrite->11725"
"20191009201101.883","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001e8","nNumberOfBytesToRead->71"
"20191009201101.883","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToWrite->71"
"20191009201101.883","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToWrite->268"
"20191009201101.883","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToWrite->268"
"20191009201101.883","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","DeleteFileW","SUCCESS","","lpFileName->C:\cuckoo\logs\.gitignore"
"20191009201101.883","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","MoveFileWithProgressW","SUCCESS","","lpExistingFileName->C:\cuckoo\logs\.gitignore.exe","lpNewFileName->C:\cuckoo\logs\.gitignore"
"20191009201101.883","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","CreateFileW","SUCCESS","0x000001e4","lpFileName->C:\cuckoo\logs\420.csv","dwDesiredAccess->GENERIC_READ"
"20191009201101.883","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToRead->268"
"20191009201101.883","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","CreateFileW","SUCCESS","0x000001e4","lpFileName->C:\fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","dwDesiredAccess->GENERIC_READ"
"20191009201101.883","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","CreateFileW","SUCCESS","0x000001e8","lpFileName->C:\cuckoo\logs\420.csv","dwDesiredAccess->GENERIC_READ"
"20191009201101.883","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","CreateFileW","SUCCESS","0x000001ec","lpFileName->C:\cuckoo\logs\420.csv.exe","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20191009201101.883","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","memory","VirtualAllocEx","SUCCESS","0x01014000","th32ProcessID->724","szExeFile->HelpMe.exe","lpAddress->0x01014000","dwSize->65536","flAllocationType->0x00001000","flProtect->0x00000004"
"20191009201101.883","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToRead->61440"
"20191009201101.883","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToWrite->61440"
"20191009201101.883","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToRead->61440"
"20191009201101.883","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToWrite->61440"
"20191009201101.883","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToRead->61440"
"20191009201101.883","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToWrite->61440"
"20191009201101.883","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToRead->61440"
"20191009201101.883","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToWrite->61440"
"20191009201101.883","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToRead->61440"
"20191009201101.883","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToWrite->61440"
"20191009201101.883","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToRead->61440"
"20191009201101.883","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToWrite->61440"
"20191009201101.883","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToRead->61440"
"20191009201101.883","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToWrite->61440"
"20191009201101.883","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToRead->61440"
"20191009201101.883","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToWrite->61440"
"20191009201101.883","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToRead->61440"
"20191009201101.883","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToWrite->61440"
"20191009201101.883","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToRead->61440"
"20191009201101.883","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToWrite->61440"
"20191009201101.883","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToRead->61440"
"20191009201101.883","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToWrite->61440"
"20191009201101.883","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToRead->61440"
"20191009201101.883","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToWrite->61440"
"20191009201101.883","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToRead->61440"
"20191009201101.883","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToWrite->61440"
"20191009201101.883","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","ReadFile","SUCCESS","","hFile->0x000001e4","nNumberOfBytesToRead->11725"
"20191009201101.883","420","fa62e57ab53098c2af236cf4a767631cd21c1334e72e9bb1c19019e731677a3c","600","filesystem","WriteFile","SUCCESS","","hFile->0x000001ec","nNumberOfBytesToWrite->11725"
420.csv
[autorun]
open=AutoRun.exe
shell\1=Open
shell\1\Command=AutoRun.exe
shell\2\=Browser
shell\2\Command=AutoRun.exe
shellexecute=AutoRun.exe
AUTORUN.INF