{
"info": {
"started": "2014-05-27 23:35:53",
"version": "v0.1"
},
"network": {
"http": [],
"udp": [
{
"dport": 67,
"src": "0.0.0.0",
"dst": "255.255.255.255",
"sport": 68
},
{
"dport": 68,
"src": "10.0.2.2",
"dst": "10.0.2.15",
"sport": 67
},
{
"dport": 67,
"src": "0.0.0.0",
"dst": "255.255.255.255",
"sport": 68
},
{
"dport": 68,
"src": "10.0.2.2",
"dst": "10.0.2.15",
"sport": 67
},
{
"dport": 1900,
"src": "10.0.2.15",
"dst": "239.255.255.250",
"sport": 1037
},
{
"dport": 53,
"src": "10.0.2.15",
"dst": "10.0.2.2",
"sport": 1025
},
{
"dport": 1025,
"src": "10.0.2.2",
"dst": "10.0.2.15",
"sport": 53
},
{
"dport": 123,
"src": "10.0.2.15",
"dst": "65.55.56.206",
"sport": 123
},
{
"dport": 1900,
"src": "10.0.2.15",
"dst": "239.255.255.250",
"sport": 1041
},
{
"dport": 137,
"src": "10.0.2.15",
"dst": "10.0.2.255",
"sport": 137
},
{
"dport": 137,
"src": "10.0.2.15",
"dst": "10.0.2.255",
"sport": 137
},
{
"dport": 137,
"src": "10.0.2.15",
"dst": "10.0.2.255",
"sport": 137
},
{
"dport": 137,
"src": "10.0.2.15",
"dst": "10.0.2.255",
"sport": 137
},
{
"dport": 1900,
"src": "10.0.2.15",
"dst": "239.255.255.250",
"sport": 1041
},
{
"dport": 137,
"src": "10.0.2.15",
"dst": "10.0.2.255",
"sport": 137
},
{
"dport": 137,
"src": "10.0.2.15",
"dst": "10.0.2.255",
"sport": 137
},
{
"dport": 137,
"src": "10.0.2.15",
"dst": "10.0.2.255",
"sport": 137
},
{
"dport": 137,
"src": "10.0.2.15",
"dst": "10.0.2.255",
"sport": 137
},
{
"dport": 1900,
"src": "10.0.2.15",
"dst": "239.255.255.250",
"sport": 1041
},
{
"dport": 137,
"src": "10.0.2.15",
"dst": "10.0.2.255",
"sport": 137
},
{
"dport": 137,
"src": "10.0.2.15",
"dst": "10.0.2.255",
"sport": 137
},
{
"dport": 137,
"src": "10.0.2.15",
"dst": "10.0.2.255",
"sport": 137
},
{
"dport": 137,
"src": "10.0.2.15",
"dst": "10.0.2.255",
"sport": 137
},
{
"dport": 137,
"src": "10.0.2.15",
"dst": "10.0.2.255",
"sport": 137
},
{
"dport": 137,
"src": "10.0.2.15",
"dst": "10.0.2.255",
"sport": 137
},
{
"dport": 137,
"src": "10.0.2.15",
"dst": "10.0.2.255",
"sport": 137
},
{
"dport": 137,
"src": "10.0.2.15",
"dst": "10.0.2.255",
"sport": 137
},
{
"dport": 138,
"src": "10.0.2.15",
"dst": "10.0.2.255",
"sport": 138
},
{
"dport": 138,
"src": "10.0.2.15",
"dst": "10.0.2.255",
"sport": 138
}
],
"hosts": [
"0.0.0.0",
"255.255.255.255",
"10.0.2.2",
"10.0.2.15",
"239.255.255.250",
"65.55.56.206",
"224.0.0.22",
"10.0.2.255"
],
"dns": [],
"tcp": []
},
"behavior": {
"processes": [
{
"parent_id": "552",
"process_name": "000000a0c759e01208001eb1b8764a7a7c9464f477576aa6b6a7d2f3f5571c70",
"process_id": "508",
"first_seen": "20140527213607.042",
"calls": [
{
"category": "filesystem",
"status": "SUCCESS",
"return": "0x00000024",
"timestamp": "20140527213607.042",
"repeated": 0,
"api": "CreateFileW",
"arguments": [
{
"name": "lpFileName",
"value": "C:\\000000a0c759e01208001eb1b8764a7a7c9464f477576aa6b6a7d2f3f5571c70"
},
{
"name": "dwDesiredAccess",
"value": "GENERIC_READ"
}
]
},
{
"category": "filesystem",
"status": "SUCCESS",
"return": "",
"timestamp": "20140527213607.042",
"repeated": 0,
"api": "ReadFile",
"arguments": [
{
"name": "hFile",
"value": "0x00000024"
},
{
"name": "nNumberOfBytesToRead",
"value": "4096"
}
]
},
{
"category": "filesystem",
"status": "SUCCESS",
"return": "",
"timestamp": "20140527213607.042",
"repeated": 0,
"api": "ReadFile",
"arguments": [
{
"name": "hFile",
"value": "0x00000024"
},
{
"name": "nNumberOfBytesToRead",
"value": "4079"
}
]
},
{
"category": "filesystem",
"status": "SUCCESS",
"return": "0x00000024",
"timestamp": "20140527213607.052",
"repeated": 0,
"api": "CreateFileW",
"arguments": [
{
"name": "lpFileName",
"value": "C:\\DOCUME~1\\JANETT~1\\LOCALS~1\\Temp\\7zS1.tmp"
},
{
"name": "dwDesiredAccess",
"value": "GENERIC_READ"
}
]
},
{
"category": "filesystem",
"status": "SUCCESS",
"return": "",
"timestamp": "20140527213607.052",
"repeated": 0,
"api": "DeleteFileW",
"arguments": [
{
"name": "lpFileName",
"value": "C:\\DOCUME~1\\JANETT~1\\LOCALS~1\\Temp\\7zS1.tmp"
}
]
},
{
"category": "filesystem",
"status": "SUCCESS",
"return": "0x00000074",
"timestamp": "20140527213607.052",
"repeated": 0,
"api": "CreateFileW",
"arguments": [
{
"name": "lpFileName",
"value": "C:\\000000a0c759e01208001eb1b8764a7a7c9464f477576aa6b6a7d2f3f5571c70"
},
{
"name": "dwDesiredAccess",
"value": "GENERIC_READ"
}
]
},
{
"category": "filesystem",
"status": "SUCCESS",
"return": "",
"timestamp": "20140527213607.052",
"repeated": 0,
"api": "ReadFile",
"arguments": [
{
"name": "hFile",
"value": "0x00000074"
},
{
"name": "nNumberOfBytesToRead",
"value": "32"
}
]
},
{
"category": "filesystem",
"status": "SUCCESS",
"return": "",
"timestamp": "20140527213607.052",
"repeated": 0,
"api": "ReadFile",
"arguments": [
{
"name": "hFile",
"value": "0x00000074"
},
{
"name": "nNumberOfBytesToRead",
"value": "65504"
}
]
},
{
"category": "filesystem",
"status": "SUCCESS",
"return": "",
"timestamp": "20140527213607.052",
"repeated": 0,
"api": "ReadFile",
"arguments": [
{
"name": "hFile",
"value": "0x00000074"
},
{
"name": "nNumberOfBytesToRead",
"value": "36"
}
]
},
{
"category": "filesystem",
"status": "SUCCESS",
"return": "",
"timestamp": "20140527213607.052",
"repeated": 0,
"api": "ReadFile",
"arguments": [
{
"name": "hFile",
"value": "0x00000074"
},
{
"name": "nNumberOfBytesToRead",
"value": "415"
}
]
},
{
"category": "filesystem",
"status": "SUCCESS",
"return": "",
"timestamp": "20140527213607.052",
"repeated": 0,
"api": "ReadFile",
"arguments": [
{
"name": "hFile",
"value": "0x00000074"
},
{
"name": "nNumberOfBytesToRead",
"value": "119514"
}
]
},
{
"category": "filesystem",
"status": "SUCCESS",
"return": "0x00000078",
"timestamp": "20140527213607.102",
"repeated": 0,
"api": "CreateFileW",
"arguments": [
{
"name": "lpFileName",
"value": "C:\\DOCUME~1\\JANETT~1\\LOCALS~1\\Temp\\7zS1.tmp\\yee9ey@u-o.net\\chrome.manifest"
},
{
"name": "dwDesiredAccess",
"value": "GENERIC_WRITE"
}
]
},
{
"category": "filesystem",
"status": "SUCCESS",
"return": "",
"timestamp": "20140527213607.102",
"repeated": 0,
"api": "WriteFile",
"arguments": [
{
"name": "hFile",
"value": "0x00000078"
},
{
"name": "nNumberOfBytesToWrite",
"value": "116"
}
]
},
{
"category": "filesystem",
"status": "SUCCESS",
"return": "0x00000078",
"timestamp": "20140527213607.102",
"repeated": 0,
"api": "CreateFileW",
"arguments": [
{
"name": "lpFileName",
"value": "C:\\DOCUME~1\\JANETT~1\\LOCALS~1\\Temp\\7zS1.tmp\\obaeaklppdgpcpjkeolcjfmeiecpgnnk\\background.html"
},
{
"name": "dwDesiredAccess",
"value": "GENERIC_WRITE"
}
]
},
{
"category": "filesystem",
"status": "SUCCESS",
"return": "",
"timestamp": "20140527213607.102",
"repeated": 0,
"api": "WriteFile",
"arguments": [
{
"name": "hFile",
"value": "0x00000078"
},
{
"name": "nNumberOfBytesToWrite",
"value": "161"
}
]
},
{
"category": "filesystem",
"status": "SUCCESS",
"return": "0x00000078",
"timestamp": "20140527213607.112",
"repeated": 0,
"api": "CreateFileW",
"arguments": [
{
"name": "lpFileName",
"value": "C:\\DOCUME~1\\JANETT~1\\LOCALS~1\\Temp\\7zS1.tmp\\obaeaklppdgpcpjkeolcjfmeiecpgnnk\\51ff86477a7424.75260021.js"
},
{
"name": "dwDesiredAccess",
"value": "GENERIC_WRITE"
}
]
},
{
"category": "filesystem",
"status": "SUCCESS",
"return": "",
"timestamp": "20140527213607.112",
"repeated": 0,
"api": "WriteFile",
"arguments": [
{
"name": "hFile",
"value": "0x00000078"
},
{
"name": "nNumberOfBytesToWrite",
"value": "4970"
}
]
},
{
"category": "filesystem",
"status": "SUCCESS",
"return": "0x00000078",
"timestamp": "20140527213607.112",
"repeated": 0,
"api": "CreateFileW",
"arguments": [
{
"name": "lpFileName",
"value": "C:\\DOCUME~1\\JANETT~1\\LOCALS~1\\Temp\\7zS1.tmp\\yee9ey@u-o.net\\content\\bg.js"
},
{
"name": "dwDesiredAccess",
"value": "GENERIC_WRITE"
}
]
},
{
"category": "filesystem",
"status": "SUCCESS",
"return": "",
"timestamp": "20140527213607.112",
"repeated": 0,
"api": "WriteFile",
"arguments": [
{
"name": "hFile",
"value": "0x00000078"
},
{
"name": "nNumberOfBytesToWrite",
"value": "9104"
}
]
},
{
"category": "filesystem",
"status": "SUCCESS",
"return": "0x00000078",
"timestamp": "20140527213607.112",
"repeated": 0,
"api": "CreateFileW",
"arguments": [
{
"name": "lpFileName",
"value": "C:\\DOCUME~1\\JANETT~1\\LOCALS~1\\Temp\\7zS1.tmp\\yee9ey@u-o.net\\bootstrap.js"
},
{
"name": "dwDesiredAccess",
"value": "GENERIC_WRITE"
}
]
},
{
"category": "filesystem",
"status": "SUCCESS",
"return": "",
"timestamp": "20140527213607.112",
"repeated": 0,
"api": "WriteFile",
"arguments": [
{
"name": "hFile",
"value": "0x00000078"
},
{
"name": "nNumberOfBytesToWrite",
"value": "2750"
}
]
},
{
"category": "filesystem",
"status": "SUCCESS",
"return": "0x00000078",
"timestamp": "20140527213607.112",
"repeated": 0,
"api": "CreateFileW",
"arguments": [
{
"name": "lpFileName",
"value": "C:\\DOCUME~1\\JANETT~1\\LOCALS~1\\Temp\\7zS1.tmp\\obaeaklppdgpcpjkeolcjfmeiecpgnnk\\content.js"
},
{
"name": "dwDesiredAccess",
"value": "GENERIC_WRITE"
}
]
},
{
"category": "filesystem",
"status": "SUCCESS",
"return": "",
"timestamp": "20140527213607.112",
"repeated": 0,
"api": "WriteFile",
"arguments": [
{
"name": "hFile",
"value": "0x00000078"
},
{
"name": "nNumberOfBytesToWrite",
"value": "197"
}
]
},
{
"category": "filesystem",
"status": "SUCCESS",
"return": "0x00000078",
"timestamp": "20140527213607.112",
"repeated": 0,
"api": "CreateFileW",
"arguments": [
{
"name": "lpFileName",
"value": "C:\\DOCUME~1\\JANETT~1\\LOCALS~1\\Temp\\7zS1.tmp\\obaeaklppdgpcpjkeolcjfmeiecpgnnk\\lsdb.js"
},
{
"name": "dwDesiredAccess",
"value": "GENERIC_WRITE"
}
]
},
{
"category": "filesystem",
"status": "SUCCESS",
"return": "",
"timestamp": "20140527213607.112",
"repeated": 0,
"api": "WriteFile",
"arguments": [
{
"name": "hFile",
"value": "0x00000078"
},
{
"name": "nNumberOfBytesToWrite",
"value": "559"
}
]
},
{
"category": "filesystem",
"status": "SUCCESS",
"return": "0x00000078",
"timestamp": "20140527213607.112",
"repeated": 0,
"api": "CreateFileW",
"arguments": [
{
"name": "lpFileName",
"value": "C:\\DOCUME~1\\JANETT~1\\LOCALS~1\\Temp\\7zS1.tmp\\obaeaklppdgpcpjkeolcjfmeiecpgnnk\\sqlite.js"
},
{
"name": "dwDesiredAccess",
"value": "GENERIC_WRITE"
}
]
},
{
"category": "filesystem",
"status": "SUCCESS",
"return": "",
"timestamp": "20140527213607.112",
"repeated": 0,
"api": "WriteFile",
"arguments": [
{
"name": "hFile",
"value": "0x00000078"
},
{
"name": "nNumberOfBytesToWrite",
"value": "1211"
}
]
},
{
"category": "filesystem",
"status": "SUCCESS",
"return": "0x00000078",
"timestamp": "20140527213607.112",
"repeated": 0,
"api": "CreateFileW",
"arguments": [
{
"name": "lpFileName",
"value": "C:\\DOCUME~1\\JANETT~1\\LOCALS~1\\Temp\\7zS1.tmp\\settings.ini"
},
{
"name": "dwDesiredAccess",
"value": "GENERIC_WRITE"
}
]
},
{
"category": "filesystem",
"status": "SUCCESS",
"return": "",
"timestamp": "20140527213607.112",
"repeated": 0,
"api": "WriteFile",
"arguments": [
{
"name": "hFile",
"value": "0x00000078"
},
{
"name": "nNumberOfBytesToWrite",
"value": "7285"
}
]
},
{
"category": "filesystem",
"status": "SUCCESS",
"return": "0x00000078",
"timestamp": "20140527213607.122",
"repeated": 0,
"api": "CreateFileW",
"arguments": [
{
"name": "lpFileName",
"value": "C:\\DOCUME~1\\JANETT~1\\LOCALS~1\\Temp\\7zS1.tmp\\51ff86477a8f8.exe"
},
{
"name": "dwDesiredAccess",
"value": "GENERIC_WRITE"
}
]
},
{
"category": "filesystem",
"status": "SUCCESS",
"return": "",
"timestamp": "20140527213607.122",
"repeated": 0,
"api": "WriteFile",
"arguments": [
{
"name": "hFile",
"value": "0x00000078"
},
{
"name": "nNumberOfBytesToWrite",
"value": "72787"
}
]
},
{
"category": "filesystem",
"status": "SUCCESS",
"return": "0x00000078",
"timestamp": "20140527213607.122",
"repeated": 0,
"api": "CreateFileW",
"arguments": [
{
"name": "lpFileName",
"value": "C:\\DOCUME~1\\JANETT~1\\LOCALS~1\\Temp\\7zS1.tmp\\51ff86477a92f.dll"
},
{
"name": "dwDesiredAccess",
"value": "GENERIC_WRITE"
}
]
},
{
"category": "filesystem",
"status": "SUCCESS",
"return": "",
"timestamp": "20140527213607.132",
"repeated": 0,
"api": "WriteFile",
"arguments": [
{
"name": "hFile",
"value": "0x00000078"
},
{
"name": "nNumberOfBytesToWrite",
"value": "118784"
}
]
},
{
"category": "filesystem",
"status": "SUCCESS",
"return": "0x00000078",
"timestamp": "20140527213607.132",
"repeated": 0,
"api": "CreateFileW",
"arguments": [
{
"name": "lpFileName",
"value": "C:\\DOCUME~1\\JANETT~1\\LOCALS~1\\Temp\\7zS1.tmp\\51ff86477a92f.tlb"
},
{
"name": "dwDesiredAccess",
"value": "GENERIC_WRITE"
}
]
},
{
"category": "filesystem",
"status": "SUCCESS",
"return": "",
"timestamp": "20140527213607.132",
"repeated": 0,
"api": "WriteFile",
"arguments": [
{
"name": "hFile",
"value": "0x00000078"
},
{
"name": "nNumberOfBytesToWrite",
"value": "18480"
}
]
},
{
"category": "filesystem",
"status": "SUCCESS",
"return": "0x00000078",
"timestamp": "20140527213607.132",
"repeated": 0,
"api": "CreateFileW",
"arguments": [
{
"name": "lpFileName",
"value": "C:\\DOCUME~1\\JANETT~1\\LOCALS~1\\Temp\\7zS1.tmp\\obaeaklppdgpcpjkeolcjfmeiecpgnnk\\manifest.json"
},
{
"name": "dwDesiredAccess",
"value": "GENERIC_WRITE"
}
]
},
{
"category": "filesystem",
"status": "SUCCESS",
"return": "",
"timestamp": "20140527213607.132",
"repeated": 0,
"api": "WriteFile",
"arguments": [
{
"name": "hFile",
"value": "0x00000078"
},
{
"name": "nNumberOfBytesToWrite",
"value": "504"
}
]
},
{
"category": "filesystem",
"status": "SUCCESS",
"return": "0x00000078",
"timestamp": "20140527213607.132",
"repeated": 0,
"api": "CreateFileW",
"arguments": [
{
"name": "lpFileName",
"value": "C:\\DOCUME~1\\JANETT~1\\LOCALS~1\\Temp\\7zS1.tmp\\yee9ey@u-o.net\\install.rdf"
},
{
"name": "dwDesiredAccess",
"value": "GENERIC_WRITE"
}
]
},
{
"category": "filesystem",
"status": "SUCCESS",
"return": "",
"timestamp": "20140527213607.132",
"repeated": 0,
"api": "WriteFile",
"arguments": [
{
"name": "hFile",
"value": "0x00000078"
},
{
"name": "nNumberOfBytesToWrite",
"value": "600"
}
]
},
{
"category": "filesystem",
"status": "SUCCESS",
"return": "0x00000078",
"timestamp": "20140527213607.132",
"repeated": 0,
"api": "CreateFileW",
"arguments": [
{
"name": "lpFileName",
"value": "C:\\DOCUME~1\\JANETT~1\\LOCALS~1\\Temp\\7zS1.tmp\\yee9ey@u-o.net\\content"
},
{
"name": "dwDesiredAccess",
"value": "GENERIC_WRITE"
}
]
},
{
"category": "filesystem",
"status": "SUCCESS",
"return": "0x00000078",
"timestamp": "20140527213607.132",
"repeated": 0,
"api": "CreateFileW",
"arguments": [
{
"name": "lpFileName",
"value": "C:\\DOCUME~1\\JANETT~1\\LOCALS~1\\Temp\\7zS1.tmp\\yee9ey@u-o.net"
},
{
"name": "dwDesiredAccess",
"value": "GENERIC_WRITE"
}
]
},
{
"category": "filesystem",
"status": "SUCCESS",
"return": "0x00000078",
"timestamp": "20140527213607.132",
"repeated": 0,
"api": "CreateFileW",
"arguments": [
{
"name": "lpFileName",
"value": "C:\\DOCUME~1\\JANETT~1\\LOCALS~1\\Temp\\7zS1.tmp\\obaeaklppdgpcpjkeolcjfmeiecpgnnk"
},
{
"name": "dwDesiredAccess",
"value": "GENERIC_WRITE"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "0x0000007c",
"timestamp": "20140527213607.152",
"repeated": 0,
"api": "RegOpenKeyExW",
"arguments": [
{
"name": "hKey",
"value": "0x00000080"
},
{
"name": "lpSubKey",
"value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Shell Folders"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "",
"timestamp": "20140527213607.152",
"repeated": 0,
"api": "RegQueryValueExW",
"arguments": [
{
"name": "hKey",
"value": "0x0000007c"
},
{
"name": "lpValueName",
"value": "Cache"
}
]
},
{
"category": "system",
"status": "SUCCESS",
"return": "0x77dd0000",
"timestamp": "20140527213607.152",
"repeated": 0,
"api": "LoadLibraryA",
"arguments": [
{
"name": "lpFileName",
"value": "advapi32.dll"
}
]
},
{
"category": "process",
"status": "SUCCESS",
"return": "1064",
"timestamp": "20140527213607.162",
"repeated": 0,
"api": "CreateProcessInternalW",
"arguments": [
{
"name": "lpApplicationName",
"value": "(null)"
},
{
"name": "lpCommandLine",
"value": ".\\51ff86477a8f8.exe /s"
}
]
},
{
"category": "filesystem",
"status": "FAILURE",
"return": "",
"timestamp": "20140527213607.162",
"repeated": 0,
"api": "DeleteFileW",
"arguments": [
{
"name": "lpFileName",
"value": "C:\\DOCUME~1\\JANETT~1\\LOCALS~1\\Temp\\7zS1.tmp\\51ff86477a8f8.exe"
}
]
},
{
"category": "process",
"status": "",
"return": "",
"timestamp": "20140527213607.162",
"repeated": 0,
"api": "ExitProcess",
"arguments": [
{
"name": "uExitCode",
"value": "0x00000000"
}
]
}
]
},
{
"parent_id": "508",
"process_name": "51ff86477a8f8.exe",
"process_id": "1064",
"first_seen": "20140527213607.232",
"calls": [
{
"category": "system",
"status": "SUCCESS",
"return": "0x774e0000",
"timestamp": "20140527213607.232",
"repeated": 0,
"api": "LoadLibraryA",
"arguments": [
{
"name": "lpFileName",
"value": "ole32.dll"
}
]
},
{
"category": "registry",
"status": "FAILURE",
"return": "",
"timestamp": "20140527213607.232",
"repeated": 0,
"api": "RegOpenKeyExW",
"arguments": [
{
"name": "hKey",
"value": "HKEY_LOCAL_MACHINE"
},
{
"name": "lpSubKey",
"value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "0x00000080",
"timestamp": "20140527213607.232",
"repeated": 0,
"api": "RegOpenKeyExW",
"arguments": [
{
"name": "hKey",
"value": "HKEY_CURRENT_USER"
},
{
"name": "lpSubKey",
"value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
}
]
},
{
"category": "registry",
"status": "FAILURE",
"return": "",
"timestamp": "20140527213607.232",
"repeated": 0,
"api": "RegQueryValueExW",
"arguments": [
{
"name": "hKey",
"value": "0x00000080"
},
{
"name": "lpValueName",
"value": "NoNetHood"
}
]
},
{
"category": "registry",
"status": "FAILURE",
"return": "",
"timestamp": "20140527213607.232",
"repeated": 0,
"api": "RegQueryValueExW",
"arguments": [
{
"name": "hKey",
"value": "0x00000080"
},
{
"name": "lpValueName",
"value": "NoPropertiesMyComputer"
}
]
},
{
"category": "registry",
"status": "FAILURE",
"return": "",
"timestamp": "20140527213607.232",
"repeated": 0,
"api": "RegQueryValueExW",
"arguments": [
{
"name": "hKey",
"value": "0x00000080"
},
{
"name": "lpValueName",
"value": "NoInternetIcon"
}
]
},
{
"category": "registry",
"status": "FAILURE",
"return": "",
"timestamp": "20140527213607.232",
"repeated": 0,
"api": "RegOpenKeyExA",
"arguments": [
{
"name": "hKey",
"value": "HKEY_LOCAL_MACHINE"
},
{
"name": "lpSubKey",
"value": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\ShellCompatibility\\Applications\\51ff86477a8f8.exe"
}
]
},
{
"category": "registry",
"status": "FAILURE",
"return": "",
"timestamp": "20140527213607.232",
"repeated": 0,
"api": "RegQueryValueExW",
"arguments": [
{
"name": "hKey",
"value": "0x00000080"
},
{
"name": "lpValueName",
"value": "NoCommonGroups"
}
]
},
{
"category": "registry",
"status": "FAILURE",
"return": "",
"timestamp": "20140527213607.232",
"repeated": 0,
"api": "RegOpenKeyExA",
"arguments": [
{
"name": "hKey",
"value": "HKEY_LOCAL_MACHINE"
},
{
"name": "lpSubKey",
"value": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\ShellCompatibility\\Objects\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}"
}
]
},
{
"category": "registry",
"status": "FAILURE",
"return": "",
"timestamp": "20140527213607.232",
"repeated": 0,
"api": "RegQueryValueExW",
"arguments": [
{
"name": "hKey",
"value": "0x00000080"
},
{
"name": "lpValueName",
"value": "NoControlPanel"
}
]
},
{
"category": "registry",
"status": "FAILURE",
"return": "",
"timestamp": "20140527213607.232",
"repeated": 0,
"api": "RegQueryValueExW",
"arguments": [
{
"name": "hKey",
"value": "0x00000080"
},
{
"name": "lpValueName",
"value": "NoSetFolders"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "0x00000082",
"timestamp": "20140527213607.232",
"repeated": 0,
"api": "RegOpenKeyExA",
"arguments": [
{
"name": "hKey",
"value": "HKEY_CLASSES_ROOT"
},
{
"name": "lpSubKey",
"value": "CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\InProcServer32"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "",
"timestamp": "20140527213607.232",
"repeated": 0,
"api": "RegQueryValueExW",
"arguments": [
{
"name": "hKey",
"value": "0x00000082"
},
{
"name": "lpValueName",
"value": "(null)"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "0x00000050",
"timestamp": "20140527213607.232",
"repeated": 0,
"api": "RegOpenKeyExW",
"arguments": [
{
"name": "hKey",
"value": "HKEY_LOCAL_MACHINE"
},
{
"name": "lpSubKey",
"value": "System\\Setup"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "",
"timestamp": "20140527213607.232",
"repeated": 0,
"api": "RegQueryValueExW",
"arguments": [
{
"name": "hKey",
"value": "0x00000050"
},
{
"name": "lpValueName",
"value": "SystemSetupInProgress"
}
]
},
{
"category": "registry",
"status": "FAILURE",
"return": "",
"timestamp": "20140527213607.232",
"repeated": 0,
"api": "RegOpenKeyExW",
"arguments": [
{
"name": "hKey",
"value": "HKEY_LOCAL_MACHINE"
},
{
"name": "lpSubKey",
"value": "SYSTEM\\CurrentControlSet\\Control\\MiniNT"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "0x00000050",
"timestamp": "20140527213607.232",
"repeated": 0,
"api": "RegOpenKeyExW",
"arguments": [
{
"name": "hKey",
"value": "HKEY_LOCAL_MACHINE"
},
{
"name": "lpSubKey",
"value": "System\\WPA\\PnP"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "",
"timestamp": "20140527213607.232",
"repeated": 0,
"api": "RegQueryValueExW",
"arguments": [
{
"name": "hKey",
"value": "0x00000050"
},
{
"name": "lpValueName",
"value": "seed"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "0x00000050",
"timestamp": "20140527213607.232",
"repeated": 0,
"api": "RegOpenKeyExW",
"arguments": [
{
"name": "hKey",
"value": "HKEY_LOCAL_MACHINE"
},
{
"name": "lpSubKey",
"value": "SYSTEM\\Setup"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "",
"timestamp": "20140527213607.232",
"repeated": 0,
"api": "RegQueryValueExW",
"arguments": [
{
"name": "hKey",
"value": "0x00000050"
},
{
"name": "lpValueName",
"value": "OsLoaderPath"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "",
"timestamp": "20140527213607.232",
"repeated": 0,
"api": "RegQueryValueExW",
"arguments": [
{
"name": "hKey",
"value": "0x00000050"
},
{
"name": "lpValueName",
"value": "SystemPartition"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "0x00000050",
"timestamp": "20140527213607.232",
"repeated": 0,
"api": "RegOpenKeyExW",
"arguments": [
{
"name": "hKey",
"value": "HKEY_LOCAL_MACHINE"
},
{
"name": "lpSubKey",
"value": "Software\\Microsoft\\Windows\\CurrentVersion\\Setup"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "",
"timestamp": "20140527213607.232",
"repeated": 0,
"api": "RegQueryValueExW",
"arguments": [
{
"name": "hKey",
"value": "0x00000050"
},
{
"name": "lpValueName",
"value": "SourcePath"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "",
"timestamp": "20140527213607.232",
"repeated": 0,
"api": "RegQueryValueExW",
"arguments": [
{
"name": "hKey",
"value": "0x00000050"
},
{
"name": "lpValueName",
"value": "ServicePackSourcePath"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "",
"timestamp": "20140527213607.232",
"repeated": 0,
"api": "RegQueryValueExW",
"arguments": [
{
"name": "hKey",
"value": "0x00000050"
},
{
"name": "lpValueName",
"value": "ServicePackCachePath"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "",
"timestamp": "20140527213607.232",
"repeated": 0,
"api": "RegQueryValueExW",
"arguments": [
{
"name": "hKey",
"value": "0x00000050"
},
{
"name": "lpValueName",
"value": "DriverCachePath"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "0x00000050",
"timestamp": "20140527213607.232",
"repeated": 0,
"api": "RegOpenKeyExW",
"arguments": [
{
"name": "hKey",
"value": "HKEY_LOCAL_MACHINE"
},
{
"name": "lpSubKey",
"value": "Software\\Microsoft\\Windows\\CurrentVersion"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "",
"timestamp": "20140527213607.232",
"repeated": 0,
"api": "RegQueryValueExW",
"arguments": [
{
"name": "hKey",
"value": "0x00000050"
},
{
"name": "lpValueName",
"value": "DevicePath"
}
]
},
{
"category": "synchronization",
"status": "SUCCESS",
"return": "0x00000080",
"timestamp": "20140527213607.232",
"repeated": 0,
"api": "CreateMutexW",
"arguments": [
{
"name": "lpName",
"value": "(null)"
}
]
},
{
"category": "synchronization",
"status": "SUCCESS",
"return": "0x00000088",
"timestamp": "20140527213607.232",
"repeated": 0,
"api": "CreateMutexW",
"arguments": [
{
"name": "lpName",
"value": "(null)"
}
]
},
{
"category": "synchronization",
"status": "SUCCESS",
"return": "0x00000090",
"timestamp": "20140527213607.232",
"repeated": 0,
"api": "CreateMutexW",
"arguments": [
{
"name": "lpName",
"value": "(null)"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "0x00000094",
"timestamp": "20140527213607.232",
"repeated": 0,
"api": "RegOpenKeyExW",
"arguments": [
{
"name": "hKey",
"value": "HKEY_LOCAL_MACHINE"
},
{
"name": "lpSubKey",
"value": "Software\\Microsoft\\Windows\\CurrentVersion\\Setup"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "",
"timestamp": "20140527213607.232",
"repeated": 0,
"api": "RegQueryValueExW",
"arguments": [
{
"name": "hKey",
"value": "0x00000094"
},
{
"name": "lpValueName",
"value": "LogLevel"
}
]
},
{
"category": "registry",
"status": "FAILURE",
"return": "",
"timestamp": "20140527213607.232",
"repeated": 0,
"api": "RegQueryValueExW",
"arguments": [
{
"name": "hKey",
"value": "0x00000094"
},
{
"name": "lpValueName",
"value": "LogPath"
}
]
},
{
"category": "registry",
"status": "FAILURE",
"return": "",
"timestamp": "20140527213607.232",
"repeated": 0,
"api": "RegOpenKeyExW",
"arguments": [
{
"name": "hKey",
"value": "0x00000094"
},
{
"name": "lpSubKey",
"value": "AppLogLevels"
}
]
},
{
"category": "system",
"status": "SUCCESS",
"return": "0x77920000",
"timestamp": "20140527213607.232",
"repeated": 0,
"api": "LoadLibraryA",
"arguments": [
{
"name": "lpFileName",
"value": "SETUPAPI.dll"
}
]
},
{
"category": "registry",
"status": "FAILURE",
"return": "",
"timestamp": "20140527213607.232",
"repeated": 0,
"api": "RegOpenKeyExW",
"arguments": [
{
"name": "hKey",
"value": "HKEY_LOCAL_MACHINE"
},
{
"name": "lpSubKey",
"value": "Software\\Microsoft\\Rpc\\PagedBuffers"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "0x00000094",
"timestamp": "20140527213607.232",
"repeated": 0,
"api": "RegOpenKeyExA",
"arguments": [
{
"name": "hKey",
"value": "HKEY_LOCAL_MACHINE"
},
{
"name": "lpSubKey",
"value": "Software\\Microsoft\\Rpc"
}
]
},
{
"category": "registry",
"status": "FAILURE",
"return": "",
"timestamp": "20140527213607.232",
"repeated": 0,
"api": "RegOpenKeyExW",
"arguments": [
{
"name": "hKey",
"value": "HKEY_LOCAL_MACHINE"
},
{
"name": "lpSubKey",
"value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\51ff86477a8f8.exe\\RpcThreadPoolThrottle"
}
]
},
{
"category": "registry",
"status": "FAILURE",
"return": "",
"timestamp": "20140527213607.232",
"repeated": 0,
"api": "RegOpenKeyExW",
"arguments": [
{
"name": "hKey",
"value": "HKEY_LOCAL_MACHINE"
},
{
"name": "lpSubKey",
"value": "Software\\Policies\\Microsoft\\Windows NT\\Rpc"
}
]
},
{
"category": "system",
"status": "SUCCESS",
"return": "0x77e70000",
"timestamp": "20140527213607.232",
"repeated": 0,
"api": "LoadLibraryW",
"arguments": [
{
"name": "lpFileName",
"value": "rpcrt4.dll"
}
]
},
{
"category": "filesystem",
"status": "SUCCESS",
"return": "0x000000b8",
"timestamp": "20140527213607.232",
"repeated": 0,
"api": "CreateFileW",
"arguments": [
{
"name": "lpFileName",
"value": "\\\\.\\PIPE\\lsarpc"
},
{
"name": "dwDesiredAccess",
"value": "GENERIC_READ | GENERIC_WRITE"
}
]
},
{
"category": "filesystem",
"status": "SUCCESS",
"return": "0x000000b4",
"timestamp": "20140527213607.232",
"repeated": 0,
"api": "CreateFileW",
"arguments": [
{
"name": "lpFileName",
"value": "\\\\.\\PIPE\\lsarpc"
},
{
"name": "dwDesiredAccess",
"value": "GENERIC_READ | GENERIC_WRITE"
}
]
},
{
"category": "device",
"status": "SUCCESS",
"return": "",
"timestamp": "20140527213607.232",
"repeated": 0,
"api": "DeviceIoControl",
"arguments": [
{
"name": "hDevice",
"value": "0x000000bc"
},
{
"name": "dwIoControlCode",
"value": "0x004d0008"
},
{
"name": "lpInBuffer",
"value": "0x00000000"
},
{
"name": "nInBufferSize",
"value": "0x00000000"
},
{
"name": "lpOutBuffer",
"value": "0x0012ec7c"
},
{
"name": "nOutBufferSize",
"value": "0x00000208"
},
{
"name": "lpBytesReturned",
"value": "0x0012ec74"
},
{
"name": "lpOverlapped",
"value": "0x00000000"
}
]
},
{
"category": "filesystem",
"status": "SUCCESS",
"return": "0x000000bc",
"timestamp": "20140527213607.232",
"repeated": 0,
"api": "CreateFileW",
"arguments": [
{
"name": "lpFileName",
"value": "\\\\.\\MountPointManager"
},
{
"name": "dwDesiredAccess",
"value": "ATTRIBUTES"
}
]
},
{
"category": "device",
"status": "FAILURE",
"return": "",
"timestamp": "20140527213607.232",
"repeated": 0,
"api": "DeviceIoControl",
"arguments": [
{
"name": "hDevice",
"value": "0x000000bc"
},
{
"name": "dwIoControlCode",
"value": "0x006d0008"
},
{
"name": "lpInBuffer",
"value": "0x001640b0"
},
{
"name": "nInBufferSize",
"value": "0x00000046"
},
{
"name": "lpOutBuffer",
"value": "0x00163590"
},
{
"name": "nOutBufferSize",
"value": "0x00000020"
},
{
"name": "lpBytesReturned",
"value": "0x0012ec74"
},
{
"name": "lpOverlapped",
"value": "0x00000000"
}
]
},
{
"category": "device",
"status": "SUCCESS",
"return": "",
"timestamp": "20140527213607.232",
"repeated": 0,
"api": "DeviceIoControl",
"arguments": [
{
"name": "hDevice",
"value": "0x000000bc"
},
{
"name": "dwIoControlCode",
"value": "0x006d0008"
},
{
"name": "lpInBuffer",
"value": "0x001640b0"
},
{
"name": "nInBufferSize",
"value": "0x00000046"
},
{
"name": "lpOutBuffer",
"value": "0x00153130"
},
{
"name": "nOutBufferSize",
"value": "0x000000ee"
},
{
"name": "lpBytesReturned",
"value": "0x0012ec74"
},
{
"name": "lpOverlapped",
"value": "0x00000000"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "0x000000bc",
"timestamp": "20140527213607.232",
"repeated": 0,
"api": "RegOpenKeyExW",
"arguments": [
{
"name": "hKey",
"value": "HKEY_CURRENT_USER"
},
{
"name": "lpSubKey",
"value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "0x000000c0",
"timestamp": "20140527213607.232",
"repeated": 0,
"api": "RegOpenKeyExW",
"arguments": [
{
"name": "hKey",
"value": "0x000000bc"
},
{
"name": "lpSubKey",
"value": "{a20cd692-8e41-11e1-9999-806d6172696f}\\"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "",
"timestamp": "20140527213607.232",
"repeated": 0,
"api": "RegQueryValueExW",
"arguments": [
{
"name": "hKey",
"value": "0x000000c0"
},
{
"name": "lpValueName",
"value": "Data"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "0x000000c0",
"timestamp": "20140527213607.232",
"repeated": 0,
"api": "RegOpenKeyExW",
"arguments": [
{
"name": "hKey",
"value": "HKEY_CURRENT_USER"
},
{
"name": "lpSubKey",
"value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "0x000000bc",
"timestamp": "20140527213607.232",
"repeated": 0,
"api": "RegOpenKeyExW",
"arguments": [
{
"name": "hKey",
"value": "0x000000c0"
},
{
"name": "lpSubKey",
"value": "{a20cd692-8e41-11e1-9999-806d6172696f}\\"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "",
"timestamp": "20140527213607.232",
"repeated": 0,
"api": "RegQueryValueExW",
"arguments": [
{
"name": "hKey",
"value": "0x000000bc"
},
{
"name": "lpValueName",
"value": "Generation"
}
]
},
{
"category": "device",
"status": "FAILURE",
"return": "",
"timestamp": "20140527213607.232",
"repeated": 0,
"api": "DeviceIoControl",
"arguments": [
{
"name": "hDevice",
"value": "0x000000bc"
},
{
"name": "dwIoControlCode",
"value": "0x006d0034"
},
{
"name": "lpInBuffer",
"value": "0x00164100"
},
{
"name": "nInBufferSize",
"value": "0x00000208"
},
{
"name": "lpOutBuffer",
"value": "0x00162780"
},
{
"name": "nOutBufferSize",
"value": "0x00000008"
},
{
"name": "lpBytesReturned",
"value": "0x0012f184"
},
{
"name": "lpOverlapped",
"value": "0x00000000"
}
]
},
{
"category": "device",
"status": "SUCCESS",
"return": "",
"timestamp": "20140527213607.232",
"repeated": 0,
"api": "DeviceIoControl",
"arguments": [
{
"name": "hDevice",
"value": "0x000000bc"
},
{
"name": "dwIoControlCode",
"value": "0x006d0034"
},
{
"name": "lpInBuffer",
"value": "0x00164100"
},
{
"name": "nInBufferSize",
"value": "0x00000208"
},
{
"name": "lpOutBuffer",
"value": "0x00164310"
},
{
"name": "nOutBufferSize",
"value": "0x00000010"
},
{
"name": "lpBytesReturned",
"value": "0x0012f184"
},
{
"name": "lpOverlapped",
"value": "0x00000000"
}
]
},
{
"category": "device",
"status": "SUCCESS",
"return": "",
"timestamp": "20140527213607.232",
"repeated": 0,
"api": "DeviceIoControl",
"arguments": [
{
"name": "hDevice",
"value": "0x000000bc"
},
{
"name": "dwIoControlCode",
"value": "0x006d0034"
},
{
"name": "lpInBuffer",
"value": "0x00164100"
},
{
"name": "nInBufferSize",
"value": "0x00000208"
},
{
"name": "lpOutBuffer",
"value": "0x00164328"
},
{
"name": "nOutBufferSize",
"value": "0x00000010"
},
{
"name": "lpBytesReturned",
"value": "0x0012f184"
},
{
"name": "lpOverlapped",
"value": "0x00000000"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "0x000000bc",
"timestamp": "20140527213607.232",
"repeated": 0,
"api": "RegCreateKeyExW",
"arguments": [
{
"name": "hKey",
"value": "HKEY_CURRENT_USER"
},
{
"name": "lpSubKey",
"value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\{a20cd692-8e41-11e1-9999-806d6172696f}\\"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "",
"timestamp": "20140527213607.232",
"repeated": 0,
"api": "RegSetValueExW",
"arguments": [
{
"name": "hKey",
"value": "0x000000bc"
},
{
"name": "lpValueName",
"value": "BaseClass"
},
{
"name": "dwType",
"value": "1"
},
{
"name": "lpData",
"value": "Drive"
},
{
"name": "cbData",
"value": "12"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "",
"timestamp": "20140527213607.232",
"repeated": 0,
"api": "RegQueryValueExW",
"arguments": [
{
"name": "hKey",
"value": "0x000000c0"
},
{
"name": "lpValueName",
"value": "Generation"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "0x000000c2",
"timestamp": "20140527213607.232",
"repeated": 0,
"api": "RegOpenKeyExW",
"arguments": [
{
"name": "hKey",
"value": "HKEY_CLASSES_ROOT"
},
{
"name": "lpSubKey",
"value": "Drive\\shellex\\FolderExtensions"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "0x000000be",
"timestamp": "20140527213607.232",
"repeated": 0,
"api": "RegOpenKeyExW",
"arguments": [
{
"name": "hKey",
"value": "HKEY_CLASSES_ROOT"
},
{
"name": "lpSubKey",
"value": "Drive\\shellex\\FolderExtensions\\{fbeb8a05-beee-4442-804e-409d6c4515e9}"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "",
"timestamp": "20140527213607.232",
"repeated": 0,
"api": "RegQueryValueExW",
"arguments": [
{
"name": "hKey",
"value": "0x000000be"
},
{
"name": "lpValueName",
"value": "DriveMask"
}
]
},
{
"category": "system",
"status": "SUCCESS",
"return": "0x7c9c0000",
"timestamp": "20140527213607.232",
"repeated": 0,
"api": "LoadLibraryA",
"arguments": [
{
"name": "lpFileName",
"value": "SHELL32.dll"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "0x000000c2",
"timestamp": "20140527213607.232",
"repeated": 0,
"api": "RegOpenKeyExW",
"arguments": [
{
"name": "hKey",
"value": "HKEY_CLASSES_ROOT"
},
{
"name": "lpSubKey",
"value": "Directory"
}
]
},
{
"category": "registry",
"status": "FAILURE",
"return": "",
"timestamp": "20140527213607.232",
"repeated": 0,
"api": "RegOpenKeyExW",
"arguments": [
{
"name": "hKey",
"value": "0x000000c2"
},
{
"name": "lpSubKey",
"value": "CurVer"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "0x000000be",
"timestamp": "20140527213607.232",
"repeated": 0,
"api": "RegOpenKeyExW",
"arguments": [
{
"name": "hKey",
"value": "0x000000c2"
},
{
"name": "lpSubKey",
"value": "(null)"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "0x000000c0",
"timestamp": "20140527213607.232",
"repeated": 0,
"api": "RegOpenKeyExW",
"arguments": [
{
"name": "hKey",
"value": "HKEY_CURRENT_USER"
},
{
"name": "lpSubKey",
"value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
}
]
},
{
"category": "registry",
"status": "FAILURE",
"return": "",
"timestamp": "20140527213607.232",
"repeated": 0,
"api": "RegQueryValueExW",
"arguments": [
{
"name": "hKey",
"value": "0x000000c0"
},
{
"name": "lpValueName",
"value": "DontShowSuperHidden"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "0x000000c0",
"timestamp": "20140527213607.232",
"repeated": 0,
"api": "RegOpenKeyExW",
"arguments": [
{
"name": "hKey",
"value": "HKEY_CURRENT_USER"
},
{
"name": "lpSubKey",
"value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "0x000000c4",
"timestamp": "20140527213607.232",
"repeated": 0,
"api": "RegOpenKeyExW",
"arguments": [
{
"name": "hKey",
"value": "0x000000c0"
},
{
"name": "lpSubKey",
"value": "(null)"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "",
"timestamp": "20140527213607.232",
"repeated": 0,
"api": "RegQueryValueExW",
"arguments": [
{
"name": "hKey",
"value": "0x000000c4"
},
{
"name": "lpValueName",
"value": "ShellState"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "0x000000c4",
"timestamp": "20140527213607.232",
"repeated": 0,
"api": "RegOpenKeyExW",
"arguments": [
{
"name": "hKey",
"value": "HKEY_CURRENT_USER"
},
{
"name": "lpSubKey",
"value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
}
]
},
{
"category": "registry",
"status": "FAILURE",
"return": "",
"timestamp": "20140527213607.232",
"repeated": 0,
"api": "RegQueryValueExW",
"arguments": [
{
"name": "hKey",
"value": "0x000000c4"
},
{
"name": "lpValueName",
"value": "ForceActiveDesktopOn"
}
]
},
{
"category": "registry",
"status": "FAILURE",
"return": "",
"timestamp": "20140527213607.232",
"repeated": 0,
"api": "RegQueryValueExW",
"arguments": [
{
"name": "hKey",
"value": "0x000000c4"
},
{
"name": "lpValueName",
"value": "NoActiveDesktop"
}
]
},
{
"category": "registry",
"status": "FAILURE",
"return": "",
"timestamp": "20140527213607.232",
"repeated": 0,
"api": "RegOpenKeyExW",
"arguments": [
{
"name": "hKey",
"value": "HKEY_CURRENT_USER"
},
{
"name": "lpSubKey",
"value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System"
}
]
},
{
"category": "registry",
"status": "FAILURE",
"return": "",
"timestamp": "20140527213607.232",
"repeated": 0,
"api": "RegQueryValueExW",
"arguments": [
{
"name": "hKey",
"value": "0x000000c4"
},
{
"name": "lpValueName",
"value": "NoWebView"
}
]
},
{
"category": "registry",
"status": "FAILURE",
"return": "",
"timestamp": "20140527213607.232",
"repeated": 0,
"api": "RegQueryValueExW",
"arguments": [
{
"name": "hKey",
"value": "0x000000c4"
},
{
"name": "lpValueName",
"value": "ClassicShell"
}
]
},
{
"category": "registry",
"status": "FAILURE",
"return": "",
"timestamp": "20140527213607.232",
"repeated": 0,
"api": "RegQueryValueExW",
"arguments": [
{
"name": "hKey",
"value": "0x000000c4"
},
{
"name": "lpValueName",
"value": "SeparateProcess"
}
]
},
{
"category": "registry",
"status": "FAILURE",
"return": "",
"timestamp": "20140527213607.232",
"repeated": 0,
"api": "RegQueryValueExW",
"arguments": [
{
"name": "hKey",
"value": "0x000000c4"
},
{
"name": "lpValueName",
"value": "NoNetCrawling"
}
]
},
{
"category": "registry",
"status": "FAILURE",
"return": "",
"timestamp": "20140527213607.232",
"repeated": 0,
"api": "RegQueryValueExW",
"arguments": [
{
"name": "hKey",
"value": "0x000000c4"
},
{
"name": "lpValueName",
"value": "NoSimpleStartMenu"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "0x000000c4",
"timestamp": "20140527213607.232",
"repeated": 0,
"api": "RegOpenKeyExW",
"arguments": [
{
"name": "hKey",
"value": "0x000000c0"
},
{
"name": "lpSubKey",
"value": "Advanced"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "",
"timestamp": "20140527213607.232",
"repeated": 0,
"api": "RegQueryValueExW",
"arguments": [
{
"name": "hKey",
"value": "0x000000c4"
},
{
"name": "lpValueName",
"value": "Hidden"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "",
"timestamp": "20140527213607.232",
"repeated": 0,
"api": "RegQueryValueExW",
"arguments": [
{
"name": "hKey",
"value": "0x000000c4"
},
{
"name": "lpValueName",
"value": "ShowCompColor"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "",
"timestamp": "20140527213607.232",
"repeated": 0,
"api": "RegQueryValueExW",
"arguments": [
{
"name": "hKey",
"value": "0x000000c4"
},
{
"name": "lpValueName",
"value": "HideFileExt"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "",
"timestamp": "20140527213607.232",
"repeated": 0,
"api": "RegQueryValueExW",
"arguments": [
{
"name": "hKey",
"value": "0x000000c4"
},
{
"name": "lpValueName",
"value": "DontPrettyPath"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "",
"timestamp": "20140527213607.232",
"repeated": 0,
"api": "RegQueryValueExW",
"arguments": [
{
"name": "hKey",
"value": "0x000000c4"
},
{
"name": "lpValueName",
"value": "ShowInfoTip"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "",
"timestamp": "20140527213607.232",
"repeated": 0,
"api": "RegQueryValueExW",
"arguments": [
{
"name": "hKey",
"value": "0x000000c4"
},
{
"name": "lpValueName",
"value": "HideIcons"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "",
"timestamp": "20140527213607.232",
"repeated": 0,
"api": "RegQueryValueExW",
"arguments": [
{
"name": "hKey",
"value": "0x000000c4"
},
{
"name": "lpValueName",
"value": "MapNetDrvBtn"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "",
"timestamp": "20140527213607.232",
"repeated": 0,
"api": "RegQueryValueExW",
"arguments": [
{
"name": "hKey",
"value": "0x000000c4"
},
{
"name": "lpValueName",
"value": "WebView"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "",
"timestamp": "20140527213607.232",
"repeated": 0,
"api": "RegQueryValueExW",
"arguments": [
{
"name": "hKey",
"value": "0x000000c4"
},
{
"name": "lpValueName",
"value": "Filter"
}
]
},
{
"category": "registry",
"status": "FAILURE",
"return": "",
"timestamp": "20140527213607.232",
"repeated": 0,
"api": "RegQueryValueExW",
"arguments": [
{
"name": "hKey",
"value": "0x000000c4"
},
{
"name": "lpValueName",
"value": "ShowSuperHidden"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "",
"timestamp": "20140527213607.232",
"repeated": 0,
"api": "RegQueryValueExW",
"arguments": [
{
"name": "hKey",
"value": "0x000000c4"
},
{
"name": "lpValueName",
"value": "SeparateProcess"
}
]
},
{
"category": "registry",
"status": "FAILURE",
"return": "",
"timestamp": "20140527213607.232",
"repeated": 0,
"api": "RegOpenKeyExW",
"arguments": [
{
"name": "hKey",
"value": "0x000000be"
},
{
"name": "lpSubKey",
"value": "ShellEx\\IconHandler"
}
]
},
{
"category": "registry",
"status": "FAILURE",
"return": "",
"timestamp": "20140527213607.232",
"repeated": 0,
"api": "RegQueryValueExW",
"arguments": [
{
"name": "hKey",
"value": "0x000000be"
},
{
"name": "lpValueName",
"value": "DocObject"
}
]
},
{
"category": "registry",
"status": "FAILURE",
"return": "",
"timestamp": "20140527213607.232",
"repeated": 0,
"api": "RegQueryValueExW",
"arguments": [
{
"name": "hKey",
"value": "0x000000be"
},
{
"name": "lpValueName",
"value": "BrowseInPlace"
}
]
},
{
"category": "registry",
"status": "FAILURE",
"return": "",
"timestamp": "20140527213607.232",
"repeated": 0,
"api": "RegOpenKeyExW",
"arguments": [
{
"name": "hKey",
"value": "0x000000be"
},
{
"name": "lpSubKey",
"value": "Clsid"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "0x000000ca",
"timestamp": "20140527213607.232",
"repeated": 0,
"api": "RegOpenKeyExW",
"arguments": [
{
"name": "hKey",
"value": "HKEY_CLASSES_ROOT"
},
{
"name": "lpSubKey",
"value": "Folder"
}
]
},
{
"category": "registry",
"status": "FAILURE",
"return": "",
"timestamp": "20140527213607.232",
"repeated": 0,
"api": "RegOpenKeyExW",
"arguments": [
{
"name": "hKey",
"value": "0x000000ca"
},
{
"name": "lpSubKey",
"value": "Clsid"
}
]
},
{
"category": "registry",
"status": "FAILURE",
"return": "",
"timestamp": "20140527213607.232",
"repeated": 0,
"api": "RegQueryValueExW",
"arguments": [
{
"name": "hKey",
"value": "0x000000be"
},
{
"name": "lpValueName",
"value": "IsShortcut"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "",
"timestamp": "20140527213607.232",
"repeated": 0,
"api": "RegQueryValueExW",
"arguments": [
{
"name": "hKey",
"value": "0x000000be"
},
{
"name": "lpValueName",
"value": "AlwaysShowExt"
}
]
},
{
"category": "registry",
"status": "FAILURE",
"return": "",
"timestamp": "20140527213607.232",
"repeated": 0,
"api": "RegQueryValueExW",
"arguments": [
{
"name": "hKey",
"value": "0x000000be"
},
{
"name": "lpValueName",
"value": "NeverShowExt"
}
]
},
{
"category": "filesystem",
"status": "SUCCESS",
"return": "0x000000c8",
"timestamp": "20140527213607.242",
"repeated": 0,
"api": "CreateFileW",
"arguments": [
{
"name": "lpFileName",
"value": "C:\\DOCUME~1\\JANETT~1\\LOCALS~1\\Temp\\nsq2.tmp"
},
{
"name": "dwDesiredAccess",
"value": "GENERIC_READ"
}
]
},
{
"category": "filesystem",
"status": "SUCCESS",
"return": "",
"timestamp": "20140527213607.242",
"repeated": 0,
"api": "DeleteFileW",
"arguments": [
{
"name": "lpFileName",
"value": "C:\\DOCUME~1\\JANETT~1\\LOCALS~1\\Temp\\nsq2.tmp"
}
]
},
{
"category": "filesystem",
"status": "SUCCESS",
"return": "0x000000c8",
"timestamp": "20140527213607.242",
"repeated": 0,
"api": "CreateFileW",
"arguments": [
{
"name": "lpFileName",
"value": "C:\\DOCUME~1\\JANETT~1\\LOCALS~1\\Temp\\7zS1.tmp\\51ff86477a8f8.exe"
},
{
"name": "dwDesiredAccess",
"value": "GENERIC_READ"
}
]
},
{
"category": "filesystem",
"status": "SUCCESS",
"return": "",
"timestamp": "20140527213607.242",
"repeated": 0,
"api": "ReadFile",
"arguments": [
{
"name": "hFile",
"value": "0x000000c8"
},
{
"name": "nNumberOfBytesToRead",
"value": "512"
}
]
},
{
"category": "filesystem",
"status": "SUCCESS",
"return": "",
"timestamp": "20140527213607.242",
"repeated": 0,
"api": "ReadFile",
"arguments": [
{
"name": "hFile",
"value": "0x000000c8"
},
{
"name": "nNumberOfBytesToRead",
"value": "26191"
}
]
},
{
"category": "filesystem",
"status": "SUCCESS",
"return": "",
"timestamp": "20140527213607.242",
"repeated": 0,
"api": "ReadFile",
"arguments": [
{
"name": "hFile",
"value": "0x000000c8"
},
{
"name": "nNumberOfBytesToRead",
"value": "4"
}
]
},
{
"category": "filesystem",
"status": "SUCCESS",
"return": "",
"timestamp": "20140527213607.242",
"repeated": 0,
"api": "ReadFile",
"arguments": [
{
"name": "hFile",
"value": "0x000000c8"
},
{
"name": "nNumberOfBytesToRead",
"value": "4287"
}
]
},
{
"category": "filesystem",
"status": "SUCCESS",
"return": "0x000000bc",
"timestamp": "20140527213607.242",
"repeated": 0,
"api": "CreateFileW",
"arguments": [
{
"name": "lpFileName",
"value": "C:\\DOCUME~1\\JANETT~1\\LOCALS~1\\Temp\\nsq3.tmp"
},
{
"name": "dwDesiredAccess",
"value": "GENERIC_READ"
}
]
},
{
"category": "filesystem",
"status": "SUCCESS",
"return": "",
"timestamp": "20140527213607.242",
"repeated": 0,
"api": "DeleteFileW",
"arguments": [
{
"name": "lpFileName",
"value": "C:\\DOCUME~1\\JANETT~1\\LOCALS~1\\Temp\\nsq3.tmp"
}
]
},
{
"category": "filesystem",
"status": "SUCCESS",
"return": "0x000000bc",
"timestamp": "20140527213607.242",
"repeated": 0,
"api": "CreateFileW",
"arguments": [
{
"name": "lpFileName",
"value": "C:\\DOCUME~1\\JANETT~1\\LOCALS~1\\Temp\\nsq3.tmp\\UserInfo.dll"
},
{
"name": "dwDesiredAccess",
"value": "GENERIC_WRITE"
}
]
},
{
"category": "filesystem",
"status": "SUCCESS",
"return": "",
"timestamp": "20140527213607.242",
"repeated": 0,
"api": "ReadFile",
"arguments": [
{
"name": "hFile",
"value": "0x000000c8"
},
{
"name": "nNumberOfBytesToRead",
"value": "1273"
}
]
},
{
"category": "filesystem",
"status": "SUCCESS",
"return": "",
"timestamp": "20140527213607.242",
"repeated": 0,
"api": "WriteFile",
"arguments": [
{
"name": "hFile",
"value": "0x000000bc"
},
{
"name": "nNumberOfBytesToWrite",
"value": "4096"
}
]
},
{
"category": "system",
"status": "SUCCESS",
"return": "0x7c9c0000",
"timestamp": "20140527213607.252",
"repeated": 0,
"api": "LoadLibraryA",
"arguments": [
{
"name": "lpFileName",
"value": "shell32.dll"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "0x000000bc",
"timestamp": "20140527213607.252",
"repeated": 0,
"api": "RegCreateKeyExW",
"arguments": [
{
"name": "hKey",
"value": "HKEY_CURRENT_USER"
},
{
"name": "lpSubKey",
"value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "",
"timestamp": "20140527213607.252",
"repeated": 0,
"api": "RegQueryValueExW",
"arguments": [
{
"name": "hKey",
"value": "0x000000bc"
},
{
"name": "lpValueName",
"value": "AppData"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "0x000000bc",
"timestamp": "20140527213607.252",
"repeated": 0,
"api": "RegCreateKeyExW",
"arguments": [
{
"name": "hKey",
"value": "HKEY_CURRENT_USER"
},
{
"name": "lpSubKey",
"value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Shell Folders"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "",
"timestamp": "20140527213607.252",
"repeated": 0,
"api": "RegSetValueExW",
"arguments": [
{
"name": "hKey",
"value": "0x000000bc"
},
{
"name": "lpValueName",
"value": "AppData"
},
{
"name": "dwType",
"value": "1"
},
{
"name": "lpData",
"value": "C:\\Documents and Settings\\janettedoe\\Application Data"
},
{
"name": "cbData",
"value": "108"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "0x000000bc",
"timestamp": "20140527213607.252",
"repeated": 0,
"api": "RegCreateKeyExW",
"arguments": [
{
"name": "hKey",
"value": "HKEY_LOCAL_MACHINE"
},
{
"name": "lpSubKey",
"value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "",
"timestamp": "20140527213607.252",
"repeated": 0,
"api": "RegQueryValueExW",
"arguments": [
{
"name": "hKey",
"value": "0x000000bc"
},
{
"name": "lpValueName",
"value": "Common AppData"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "0x000000bc",
"timestamp": "20140527213607.252",
"repeated": 0,
"api": "RegCreateKeyExW",
"arguments": [
{
"name": "hKey",
"value": "HKEY_LOCAL_MACHINE"
},
{
"name": "lpSubKey",
"value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Shell Folders"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "",
"timestamp": "20140527213607.252",
"repeated": 0,
"api": "RegSetValueExW",
"arguments": [
{
"name": "hKey",
"value": "0x000000bc"
},
{
"name": "lpValueName",
"value": "Common AppData"
},
{
"name": "dwType",
"value": "1"
},
{
"name": "lpData",
"value": "C:\\Documents and Settings\\All Users\\Application Data"
},
{
"name": "cbData",
"value": "106"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "0x0000000c",
"timestamp": "20140527213607.252",
"repeated": 0,
"api": "RegCreateKeyExW",
"arguments": [
{
"name": "hKey",
"value": "HKEY_CURRENT_USER"
},
{
"name": "lpSubKey",
"value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "",
"timestamp": "20140527213607.252",
"repeated": 0,
"api": "RegQueryValueExW",
"arguments": [
{
"name": "hKey",
"value": "0x0000000c"
},
{
"name": "lpValueName",
"value": "Local AppData"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "0x0000000c",
"timestamp": "20140527213607.252",
"repeated": 0,
"api": "RegCreateKeyExW",
"arguments": [
{
"name": "hKey",
"value": "HKEY_CURRENT_USER"
},
{
"name": "lpSubKey",
"value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Shell Folders"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "",
"timestamp": "20140527213607.252",
"repeated": 0,
"api": "RegSetValueExW",
"arguments": [
{
"name": "hKey",
"value": "0x0000000c"
},
{
"name": "lpValueName",
"value": "Local AppData"
},
{
"name": "dwType",
"value": "1"
},
{
"name": "lpData",
"value": "C:\\Documents and Settings\\janettedoe\\Local Settings\\Application Data"
},
{
"name": "cbData",
"value": "138"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "0x000000bc",
"timestamp": "20140527213607.252",
"repeated": 0,
"api": "RegOpenKeyExW",
"arguments": [
{
"name": "hKey",
"value": "HKEY_CURRENT_USER"
},
{
"name": "lpSubKey",
"value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer"
}
]
},
{
"category": "registry",
"status": "FAILURE",
"return": "",
"timestamp": "20140527213607.252",
"repeated": 0,
"api": "RegQueryValueExW",
"arguments": [
{
"name": "hKey",
"value": "0x000000bc"
},
{
"name": "lpValueName",
"value": "NoFileFolderConnection"
}
]
},
{
"category": "registry",
"status": "FAILURE",
"return": "",
"timestamp": "20140527213607.252",
"repeated": 0,
"api": "RegOpenKeyExA",
"arguments": [
{
"name": "hKey",
"value": "HKEY_LOCAL_MACHINE"
},
{
"name": "lpSubKey",
"value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Performance"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "0x000000d0",
"timestamp": "20140527213607.262",
"repeated": 0,
"api": "RegOpenKeyExW",
"arguments": [
{
"name": "hKey",
"value": "HKEY_CURRENT_USER"
},
{
"name": "lpSubKey",
"value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "0x000000d4",
"timestamp": "20140527213607.262",
"repeated": 0,
"api": "RegOpenKeyExW",
"arguments": [
{
"name": "hKey",
"value": "0x000000d0"
},
{
"name": "lpSubKey",
"value": "{a20cd692-8e41-11e1-9999-806d6172696f}\\"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "",
"timestamp": "20140527213607.262",
"repeated": 0,
"api": "RegQueryValueExW",
"arguments": [
{
"name": "hKey",
"value": "0x000000d4"
},
{
"name": "lpValueName",
"value": "Generation"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "0x000000d0",
"timestamp": "20140527213607.262",
"repeated": 0,
"api": "RegOpenKeyExW",
"arguments": [
{
"name": "hKey",
"value": "HKEY_CURRENT_USER"
},
{
"name": "lpSubKey",
"value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
}
]
},
{
"category": "registry",
"status": "FAILURE",
"return": "",
"timestamp": "20140527213607.262",
"repeated": 0,
"api": "RegQueryValueExW",
"arguments": [
{
"name": "hKey",
"value": "0x000000d0"
},
{
"name": "lpValueName",
"value": "ForceCopyACLWithFile"
}
]
},
{
"category": "filesystem",
"status": "SUCCESS",
"return": "0x000000d0",
"timestamp": "20140527213607.262",
"repeated": 0,
"api": "CreateFileW",
"arguments": [
{
"name": "lpFileName",
"value": "C:\\DOCUME~1\\JANETT~1\\LOCALS~1\\Temp\\7zS1.tmp\\obaeaklppdgpcpjkeolcjfmeiecpgnnk\\51ff86477a7424.75260021.js"
},
{
"name": "dwDesiredAccess",
"value": "GENERIC_READ"
}
]
},
{
"category": "filesystem",
"status": "SUCCESS",
"return": "",
"timestamp": "20140527213607.262",
"repeated": 0,
"api": "WriteFile",
"arguments": [
{
"name": "hFile",
"value": "0x000000d4"
},
{
"name": "nNumberOfBytesToWrite",
"value": "4970"
}
]
},
{
"category": "filesystem",
"status": "SUCCESS",
"return": "",
"timestamp": "20140527213607.262",
"repeated": 0,
"api": "CopyFileExW",
"arguments": [
{
"name": "lpExistingFileName",
"value": "C:\\DOCUME~1\\JANETT~1\\LOCALS~1\\Temp\\7zS1.tmp\\obaeaklppdgpcpjkeolcjfmeiecpgnnk\\51ff86477a7424.75260021.js"
},
{
"name": "lpNewFileName",
"value": "C:\\Documents and Settings\\janettedoe\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\obaeaklppdgpcpjkeolcjfmeiecpgnnk\\1\\51ff86477a7424.75260021.js"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "0x000000d6",
"timestamp": "20140527213607.262",
"repeated": 0,
"api": "RegOpenKeyExW",
"arguments": [
{
"name": "hKey",
"value": "HKEY_CLASSES_ROOT"
},
{
"name": "lpSubKey",
"value": "Drive\\shellex\\FolderExtensions"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "0x000000d2",
"timestamp": "20140527213607.262",
"repeated": 0,
"api": "RegOpenKeyExW",
"arguments": [
{
"name": "hKey",
"value": "HKEY_CLASSES_ROOT"
},
{
"name": "lpSubKey",
"value": "Drive\\shellex\\FolderExtensions\\{fbeb8a05-beee-4442-804e-409d6c4515e9}"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "",
"timestamp": "20140527213607.262",
"repeated": 0,
"api": "RegQueryValueExW",
"arguments": [
{
"name": "hKey",
"value": "0x000000d2"
},
{
"name": "lpValueName",
"value": "DriveMask"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "0x000000d4",
"timestamp": "20140527213607.262",
"repeated": 0,
"api": "RegOpenKeyExW",
"arguments": [
{
"name": "hKey",
"value": "HKEY_CURRENT_USER"
},
{
"name": "lpSubKey",
"value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
}
]
},
{
"category": "registry",
"status": "FAILURE",
"return": "",
"timestamp": "20140527213607.262",
"repeated": 0,
"api": "RegQueryValueExW",
"arguments": [
{
"name": "hKey",
"value": "0x000000d4"
},
{
"name": "lpValueName",
"value": "AllowFileCLSIDJunctions"
}
]
},
{
"category": "filesystem",
"status": "SUCCESS",
"return": "0x000000d0",
"timestamp": "20140527213607.262",
"repeated": 0,
"api": "CreateFileW",
"arguments": [
{
"name": "lpFileName",
"value": "C:\\DOCUME~1\\JANETT~1\\LOCALS~1\\Temp\\7zS1.tmp\\obaeaklppdgpcpjkeolcjfmeiecpgnnk\\background.html"
},
{
"name": "dwDesiredAccess",
"value": "GENERIC_READ"
}
]
},
{
"category": "filesystem",
"status": "SUCCESS",
"return": "",
"timestamp": "20140527213607.262",
"repeated": 0,
"api": "WriteFile",
"arguments": [
{
"name": "hFile",
"value": "0x000000d4"
},
{
"name": "nNumberOfBytesToWrite",
"value": "161"
}
]
},
{
"category": "filesystem",
"status": "SUCCESS",
"return": "",
"timestamp": "20140527213607.262",
"repeated": 0,
"api": "CopyFileExW",
"arguments": [
{
"name": "lpExistingFileName",
"value": "C:\\DOCUME~1\\JANETT~1\\LOCALS~1\\Temp\\7zS1.tmp\\obaeaklppdgpcpjkeolcjfmeiecpgnnk\\background.html"
},
{
"name": "lpNewFileName",
"value": "C:\\Documents and Settings\\janettedoe\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\obaeaklppdgpcpjkeolcjfmeiecpgnnk\\1\\background.html"
}
]
},
{
"category": "filesystem",
"status": "SUCCESS",
"return": "0x000000d0",
"timestamp": "20140527213607.262",
"repeated": 0,
"api": "CreateFileW",
"arguments": [
{
"name": "lpFileName",
"value": "C:\\DOCUME~1\\JANETT~1\\LOCALS~1\\Temp\\7zS1.tmp\\obaeaklppdgpcpjkeolcjfmeiecpgnnk\\content.js"
},
{
"name": "dwDesiredAccess",
"value": "GENERIC_READ"
}
]
},
{
"category": "filesystem",
"status": "SUCCESS",
"return": "",
"timestamp": "20140527213607.262",
"repeated": 0,
"api": "WriteFile",
"arguments": [
{
"name": "hFile",
"value": "0x000000d4"
},
{
"name": "nNumberOfBytesToWrite",
"value": "197"
}
]
},
{
"category": "filesystem",
"status": "SUCCESS",
"return": "",
"timestamp": "20140527213607.262",
"repeated": 0,
"api": "CopyFileExW",
"arguments": [
{
"name": "lpExistingFileName",
"value": "C:\\DOCUME~1\\JANETT~1\\LOCALS~1\\Temp\\7zS1.tmp\\obaeaklppdgpcpjkeolcjfmeiecpgnnk\\content.js"
},
{
"name": "lpNewFileName",
"value": "C:\\Documents and Settings\\janettedoe\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\obaeaklppdgpcpjkeolcjfmeiecpgnnk\\1\\content.js"
}
]
},
{
"category": "filesystem",
"status": "SUCCESS",
"return": "0x000000d0",
"timestamp": "20140527213607.262",
"repeated": 0,
"api": "CreateFileW",
"arguments": [
{
"name": "lpFileName",
"value": "C:\\DOCUME~1\\JANETT~1\\LOCALS~1\\Temp\\7zS1.tmp\\obaeaklppdgpcpjkeolcjfmeiecpgnnk\\lsdb.js"
},
{
"name": "dwDesiredAccess",
"value": "GENERIC_READ"
}
]
},
{
"category": "filesystem",
"status": "SUCCESS",
"return": "",
"timestamp": "20140527213607.262",
"repeated": 0,
"api": "WriteFile",
"arguments": [
{
"name": "hFile",
"value": "0x000000d4"
},
{
"name": "nNumberOfBytesToWrite",
"value": "559"
}
]
},
{
"category": "filesystem",
"status": "SUCCESS",
"return": "",
"timestamp": "20140527213607.262",
"repeated": 0,
"api": "CopyFileExW",
"arguments": [
{
"name": "lpExistingFileName",
"value": "C:\\DOCUME~1\\JANETT~1\\LOCALS~1\\Temp\\7zS1.tmp\\obaeaklppdgpcpjkeolcjfmeiecpgnnk\\lsdb.js"
},
{
"name": "lpNewFileName",
"value": "C:\\Documents and Settings\\janettedoe\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\obaeaklppdgpcpjkeolcjfmeiecpgnnk\\1\\lsdb.js"
}
]
},
{
"category": "filesystem",
"status": "SUCCESS",
"return": "0x000000d0",
"timestamp": "20140527213607.262",
"repeated": 0,
"api": "CreateFileW",
"arguments": [
{
"name": "lpFileName",
"value": "C:\\DOCUME~1\\JANETT~1\\LOCALS~1\\Temp\\7zS1.tmp\\obaeaklppdgpcpjkeolcjfmeiecpgnnk\\manifest.json"
},
{
"name": "dwDesiredAccess",
"value": "GENERIC_READ"
}
]
},
{
"category": "filesystem",
"status": "SUCCESS",
"return": "",
"timestamp": "20140527213607.262",
"repeated": 0,
"api": "WriteFile",
"arguments": [
{
"name": "hFile",
"value": "0x000000d4"
},
{
"name": "nNumberOfBytesToWrite",
"value": "504"
}
]
},
{
"category": "filesystem",
"status": "SUCCESS",
"return": "",
"timestamp": "20140527213607.262",
"repeated": 0,
"api": "CopyFileExW",
"arguments": [
{
"name": "lpExistingFileName",
"value": "C:\\DOCUME~1\\JANETT~1\\LOCALS~1\\Temp\\7zS1.tmp\\obaeaklppdgpcpjkeolcjfmeiecpgnnk\\manifest.json"
},
{
"name": "lpNewFileName",
"value": "C:\\Documents and Settings\\janettedoe\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\obaeaklppdgpcpjkeolcjfmeiecpgnnk\\1\\manifest.json"
}
]
},
{
"category": "filesystem",
"status": "SUCCESS",
"return": "0x000000d0",
"timestamp": "20140527213607.262",
"repeated": 0,
"api": "CreateFileW",
"arguments": [
{
"name": "lpFileName",
"value": "C:\\DOCUME~1\\JANETT~1\\LOCALS~1\\Temp\\7zS1.tmp\\obaeaklppdgpcpjkeolcjfmeiecpgnnk\\sqlite.js"
},
{
"name": "dwDesiredAccess",
"value": "GENERIC_READ"
}
]
},
{
"category": "filesystem",
"status": "SUCCESS",
"return": "",
"timestamp": "20140527213607.272",
"repeated": 0,
"api": "WriteFile",
"arguments": [
{
"name": "hFile",
"value": "0x000000d4"
},
{
"name": "nNumberOfBytesToWrite",
"value": "1211"
}
]
},
{
"category": "filesystem",
"status": "SUCCESS",
"return": "",
"timestamp": "20140527213607.272",
"repeated": 0,
"api": "CopyFileExW",
"arguments": [
{
"name": "lpExistingFileName",
"value": "C:\\DOCUME~1\\JANETT~1\\LOCALS~1\\Temp\\7zS1.tmp\\obaeaklppdgpcpjkeolcjfmeiecpgnnk\\sqlite.js"
},
{
"name": "lpNewFileName",
"value": "C:\\Documents and Settings\\janettedoe\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\obaeaklppdgpcpjkeolcjfmeiecpgnnk\\1\\sqlite.js"
}
]
},
{
"category": "filesystem",
"status": "SUCCESS",
"return": "0x000000d0",
"timestamp": "20140527213607.272",
"repeated": 0,
"api": "CreateFileW",
"arguments": [
{
"name": "lpFileName",
"value": "C:\\DOCUME~1\\JANETT~1\\LOCALS~1\\Temp\\nsq3.tmp\\nsJSON.dll"
},
{
"name": "dwDesiredAccess",
"value": "GENERIC_WRITE"
}
]
},
{
"category": "filesystem",
"status": "SUCCESS",
"return": "",
"timestamp": "20140527213607.272",
"repeated": 0,
"api": "ReadFile",
"arguments": [
{
"name": "hFile",
"value": "0x000000c8"
},
{
"name": "nNumberOfBytesToRead",
"value": "5274"
}
]
},
{
"category": "filesystem",
"status": "SUCCESS",
"return": "",
"timestamp": "20140527213607.272",
"repeated": 0,
"api": "WriteFile",
"arguments": [
{
"name": "hFile",
"value": "0x000000d0"
},
{
"name": "nNumberOfBytesToWrite",
"value": "7168"
}
]
},
{
"category": "system",
"status": "SUCCESS",
"return": "0x7c800000",
"timestamp": "20140527213607.282",
"repeated": 0,
"api": "LoadLibraryA",
"arguments": [
{
"name": "lpFileName",
"value": "KERNEL32.DLL"
}
]
},
{
"category": "system",
"status": "SUCCESS",
"return": "0x7e410000",
"timestamp": "20140527213607.282",
"repeated": 0,
"api": "LoadLibraryA",
"arguments": [
{
"name": "lpFileName",
"value": "USER32.dll"
}
]
},
{
"category": "filesystem",
"status": "FAILURE",
"return": "",
"timestamp": "20140527213607.282",
"repeated": 0,
"api": "CreateFileW",
"arguments": [
{
"name": "lpFileName",
"value": "C:\\Documents and Settings\\janettedoe\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Preferences"
},
{
"name": "dwDesiredAccess",
"value": "GENERIC_READ"
}
]
},
{
"category": "filesystem",
"status": "FAILURE",
"return": "",
"timestamp": "20140527213607.282",
"repeated": 0,
"api": "CreateFileW",
"arguments": [
{
"name": "lpFileName",
"value": "C:\\DOCUME~1\\JANETT~1\\LOCALS~1\\Temp\\nsq3.tmp\\nsJSON.dll"
},
{
"name": "dwDesiredAccess",
"value": "GENERIC_WRITE"
}
]
},
{
"category": "filesystem",
"status": "SUCCESS",
"return": "0x000000bc",
"timestamp": "20140527213607.292",
"repeated": 0,
"api": "CreateFileW",
"arguments": [
{
"name": "lpFileName",
"value": "C:\\Documents and Settings\\janettedoe\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\obaeaklppdgpcpjkeolcjfmeiecpgnnk\\1\\manifest.json"
},
{
"name": "dwDesiredAccess",
"value": "GENERIC_READ"
}
]
},
{
"category": "filesystem",
"status": "SUCCESS",
"return": "",
"timestamp": "20140527213607.292",
"repeated": 0,
"api": "ReadFile",
"arguments": [
{
"name": "hFile",
"value": "0x000000bc"
},
{
"name": "nNumberOfBytesToRead",
"value": "504"
}
]
},
{
"category": "filesystem",
"status": "SUCCESS",
"return": "0x000000bc",
"timestamp": "20140527213607.292",
"repeated": 0,
"api": "CreateFileW",
"arguments": [
{
"name": "lpFileName",
"value": "C:\\Documents and Settings\\janettedoe\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Preferences"
},
{
"name": "dwDesiredAccess",
"value": "GENERIC_WRITE"
}
]
},
{
"category": "filesystem",
"status": "SUCCESS",
"return": "",
"timestamp": "20140527213607.292",
"repeated": 0,
"api": "WriteFile",
"arguments": [
{
"name": "hFile",
"value": "0x000000bc"
},
{
"name": "nNumberOfBytesToWrite",
"value": "1"
}
]
},
{
"category": "filesystem",
"status": "SUCCESS",
"return": "",
"timestamp": "20140527213607.292",
"repeated": 0,
"api": "WriteFile",
"arguments": [
{
"name": "hFile",
"value": "0x000000bc"
},
{
"name": "nNumberOfBytesToWrite",
"value": "2"
}
]
},
{
"category": "filesystem",
"status": "SUCCESS",
"return": "",
"timestamp": "20140527213607.292",
"repeated": 0,
"api": "WriteFile",
"arguments": [
{
"name": "hFile",
"value": "0x000000bc"
},
{
"name": "nNumberOfBytesToWrite",
"value": "13"
}
]
},
{
"category": "filesystem",
"status": "SUCCESS",
"return": "",
"timestamp": "20140527213607.292",
"repeated": 0,
"api": "WriteFile",
"arguments": [
{
"name": "hFile",
"value": "0x000000bc"
},
{
"name": "nNumberOfBytesToWrite",
"value": "11"
}
]
},
{
"category": "filesystem",
"status": "SUCCESS",
"return": "",
"timestamp": "20140527213607.292",
"repeated": 0,
"api": "WriteFile",
"arguments": [
{
"name": "hFile",
"value": "0x000000bc"
},
{
"name": "nNumberOfBytesToWrite",
"value": "35"
}
]
},
{
"category": "filesystem",
"status": "SUCCESS",
"return": "",
"timestamp": "20140527213607.292",
"repeated": 0,
"api": "WriteFile",
"arguments": [
{
"name": "hFile",
"value": "0x000000bc"
},
{
"name": "nNumberOfBytesToWrite",
"value": "15"
}
]
},
{
"category": "filesystem",
"status": "SUCCESS",
"return": "",
"timestamp": "20140527213607.292",
"repeated": 0,
"api": "WriteFile",
"arguments": [
{
"name": "hFile",
"value": "0x000000bc"
},
{
"name": "nNumberOfBytesToWrite",
"value": "4"
}
]
},
{
"category": "filesystem",
"status": "SUCCESS",
"return": "",
"timestamp": "20140527213607.292",
"repeated": 0,
"api": "WriteFile",
"arguments": [
{
"name": "hFile",
"value": "0x000000bc"
},
{
"name": "nNumberOfBytesToWrite",
"value": "21"
}
]
},
{
"category": "filesystem",
"status": "SUCCESS",
"return": "",
"timestamp": "20140527213607.292",
"repeated": 0,
"api": "WriteFile",
"arguments": [
{
"name": "hFile",
"value": "0x000000bc"
},
{
"name": "nNumberOfBytesToWrite",
"value": "6"
}
]
},
{
"category": "filesystem",
"status": "SUCCESS",
"return": "",
"timestamp": "20140527213607.292",
"repeated": 0,
"api": "WriteFile",
"arguments": [
{
"name": "hFile",
"value": "0x000000bc"
},
{
"name": "nNumberOfBytesToWrite",
"value": "14"
}
]
},
{
"category": "filesystem",
"status": "SUCCESS",
"return": "",
"timestamp": "20140527213607.292",
"repeated": 0,
"api": "WriteFile",
"arguments": [
{
"name": "hFile",
"value": "0x000000bc"
},
{
"name": "nNumberOfBytesToWrite",
"value": "9"
}
]
},
{
"category": "filesystem",
"status": "SUCCESS",
"return": "",
"timestamp": "20140527213607.292",
"repeated": 0,
"api": "WriteFile",
"arguments": [
{
"name": "hFile",
"value": "0x000000bc"
},
{
"name": "nNumberOfBytesToWrite",
"value": "12"
}
]
},
{
"category": "filesystem",
"status": "SUCCESS",
"return": "",
"timestamp": "20140527213607.292",
"repeated": 0,
"api": "WriteFile",
"arguments": [
{
"name": "hFile",
"value": "0x000000bc"
},
{
"name": "nNumberOfBytesToWrite",
"value": "16"
}
]
},
{
"category": "filesystem",
"status": "SUCCESS",
"return": "",
"timestamp": "20140527213607.292",
"repeated": 0,
"api": "WriteFile",
"arguments": [
{
"name": "hFile",
"value": "0x000000bc"
},
{
"name": "nNumberOfBytesToWrite",
"value": "18"
}
]
},
{
"category": "filesystem",
"status": "SUCCESS",
"return": "",
"timestamp": "20140527213607.292",
"repeated": 0,
"api": "WriteFile",
"arguments": [
{
"name": "hFile",
"value": "0x000000bc"
},
{
"name": "nNumberOfBytesToWrite",
"value": "22"
}
]
},
{
"category": "filesystem",
"status": "SUCCESS",
"return": "",
"timestamp": "20140527213607.302",
"repeated": 0,
"api": "WriteFile",
"arguments": [
{
"name": "hFile",
"value": "0x000000bc"
},
{
"name": "nNumberOfBytesToWrite",
"value": "5"
}
]
},
{
"category": "filesystem",
"status": "SUCCESS",
"return": "",
"timestamp": "20140527213607.302",
"repeated": 0,
"api": "WriteFile",
"arguments": [
{
"name": "hFile",
"value": "0x000000bc"
},
{
"name": "nNumberOfBytesToWrite",
"value": "7"
}
]
},
{
"category": "filesystem",
"status": "SUCCESS",
"return": "",
"timestamp": "20140527213607.302",
"repeated": 0,
"api": "WriteFile",
"arguments": [
{
"name": "hFile",
"value": "0x000000bc"
},
{
"name": "nNumberOfBytesToWrite",
"value": "10"
}
]
},
{
"category": "filesystem",
"status": "SUCCESS",
"return": "",
"timestamp": "20140527213607.302",
"repeated": 0,
"api": "WriteFile",
"arguments": [
{
"name": "hFile",
"value": "0x000000bc"
},
{
"name": "nNumberOfBytesToWrite",
"value": "19"
}
]
},
{
"category": "filesystem",
"status": "SUCCESS",
"return": "",
"timestamp": "20140527213607.302",
"repeated": 0,
"api": "WriteFile",
"arguments": [
{
"name": "hFile",
"value": "0x000000bc"
},
{
"name": "nNumberOfBytesToWrite",
"value": "17"
}
]
},
{
"category": "filesystem",
"status": "SUCCESS",
"return": "",
"timestamp": "20140527213607.302",
"repeated": 0,
"api": "WriteFile",
"arguments": [
{
"name": "hFile",
"value": "0x000000bc"
},
{
"name": "nNumberOfBytesToWrite",
"value": "218"
}
]
},
{
"category": "filesystem",
"status": "SUCCESS",
"return": "",
"timestamp": "20140527213607.302",
"repeated": 0,
"api": "WriteFile",
"arguments": [
{
"name": "hFile",
"value": "0x000000bc"
},
{
"name": "nNumberOfBytesToWrite",
"value": "8"
}
]
},
{
"category": "filesystem",
"status": "SUCCESS",
"return": "",
"timestamp": "20140527213607.302",
"repeated": 0,
"api": "WriteFile",
"arguments": [
{
"name": "hFile",
"value": "0x000000bc"
},
{
"name": "nNumberOfBytesToWrite",
"value": "37"
}
]
},
{
"category": "filesystem",
"status": "SUCCESS",
"return": "",
"timestamp": "20140527213607.302",
"repeated": 0,
"api": "WriteFile",
"arguments": [
{
"name": "hFile",
"value": "0x000000bc"
},
{
"name": "nNumberOfBytesToWrite",
"value": "27"
}
]
},
{
"category": "filesystem",
"status": "SUCCESS",
"return": "0x000000d0",
"timestamp": "20140527213607.302",
"repeated": 0,
"api": "CreateFileW",
"arguments": [
{
"name": "lpFileName",
"value": "C:\\DOCUME~1\\JANETT~1\\LOCALS~1\\Temp\\7zS1.tmp\\settings.ini"
},
{
"name": "dwDesiredAccess",
"value": "GENERIC_READ"
}
]
},
{
"category": "filesystem",
"status": "SUCCESS",
"return": "",
"timestamp": "20140527213607.302",
"repeated": 0,
"api": "WriteFile",
"arguments": [
{
"name": "hFile",
"value": "0x000000d4"
},
{
"name": "nNumberOfBytesToWrite",
"value": "7285"
}
]
},
{
"category": "filesystem",
"status": "SUCCESS",
"return": "",
"timestamp": "20140527213607.302",
"repeated": 0,
"api": "CopyFileExW",
"arguments": [
{
"name": "lpExistingFileName",
"value": "C:\\DOCUME~1\\JANETT~1\\LOCALS~1\\Temp\\7zS1.tmp\\settings.ini"
},
{
"name": "lpNewFileName",
"value": "C:\\Documents and Settings\\All Users\\Application Data\\DowwnLaowApp\\settings.ini"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "0x000000d0",
"timestamp": "20140527213607.312",
"repeated": 0,
"api": "RegOpenKeyExW",
"arguments": [
{
"name": "hKey",
"value": "HKEY_CURRENT_USER"
},
{
"name": "lpSubKey",
"value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer"
}
]
},
{
"category": "registry",
"status": "FAILURE",
"return": "",
"timestamp": "20140527213607.312",
"repeated": 0,
"api": "RegQueryValueExW",
"arguments": [
{
"name": "hKey",
"value": "0x000000d0"
},
{
"name": "lpValueName",
"value": "NoFileFolderConnection"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "0x000000d4",
"timestamp": "20140527213607.312",
"repeated": 0,
"api": "RegOpenKeyExW",
"arguments": [
{
"name": "hKey",
"value": "0x000000bc"
},
{
"name": "lpSubKey",
"value": "{a20cd692-8e41-11e1-9999-806d6172696f}\\"
}
]
},
{
"category": "filesystem",
"status": "SUCCESS",
"return": "0x000000bc",
"timestamp": "20140527213607.312",
"repeated": 0,
"api": "CreateFileW",
"arguments": [
{
"name": "lpFileName",
"value": "C:\\DOCUME~1\\JANETT~1\\LOCALS~1\\Temp\\7zS1.tmp\\51ff86477a92f.dll"
},
{
"name": "dwDesiredAccess",
"value": "GENERIC_READ"
}
]
},
{
"category": "filesystem",
"status": "SUCCESS",
"return": "",
"timestamp": "20140527213607.312",
"repeated": 0,
"api": "WriteFile",
"arguments": [
{
"name": "hFile",
"value": "0x000000d4"
},
{
"name": "nNumberOfBytesToWrite",
"value": "65536"
}
]
},
{
"category": "filesystem",
"status": "SUCCESS",
"return": "",
"timestamp": "20140527213607.312",
"repeated": 0,
"api": "WriteFile",
"arguments": [
{
"name": "hFile",
"value": "0x000000d4"
},
{
"name": "nNumberOfBytesToWrite",
"value": "53248"
}
]
},
{
"category": "filesystem",
"status": "SUCCESS",
"return": "",
"timestamp": "20140527213607.312",
"repeated": 0,
"api": "CopyFileExW",
"arguments": [
{
"name": "lpExistingFileName",
"value": "C:\\DOCUME~1\\JANETT~1\\LOCALS~1\\Temp\\7zS1.tmp\\51ff86477a92f.dll"
},
{
"name": "lpNewFileName",
"value": "C:\\Documents and Settings\\All Users\\Application Data\\DowwnLaowApp\\51ff86477a92f.dll"
}
]
},
{
"category": "filesystem",
"status": "SUCCESS",
"return": "0x000000d0",
"timestamp": "20140527213607.312",
"repeated": 0,
"api": "CreateFileW",
"arguments": [
{
"name": "lpFileName",
"value": "C:\\DOCUME~1\\JANETT~1\\LOCALS~1\\Temp\\7zS1.tmp\\51ff86477a92f.tlb"
},
{
"name": "dwDesiredAccess",
"value": "GENERIC_READ"
}
]
},
{
"category": "filesystem",
"status": "SUCCESS",
"return": "",
"timestamp": "20140527213607.312",
"repeated": 0,
"api": "WriteFile",
"arguments": [
{
"name": "hFile",
"value": "0x000000d4"
},
{
"name": "nNumberOfBytesToWrite",
"value": "18480"
}
]
},
{
"category": "filesystem",
"status": "SUCCESS",
"return": "",
"timestamp": "20140527213607.312",
"repeated": 0,
"api": "CopyFileExW",
"arguments": [
{
"name": "lpExistingFileName",
"value": "C:\\DOCUME~1\\JANETT~1\\LOCALS~1\\Temp\\7zS1.tmp\\51ff86477a92f.tlb"
},
{
"name": "lpNewFileName",
"value": "C:\\Documents and Settings\\All Users\\Application Data\\DowwnLaowApp\\51ff86477a92f.tlb"
}
]
},
{
"category": "system",
"status": "SUCCESS",
"return": "0x77120000",
"timestamp": "20140527213607.322",
"repeated": 0,
"api": "LoadLibraryA",
"arguments": [
{
"name": "lpFileName",
"value": "oleaut32.dll"
}
]
},
{
"category": "filesystem",
"status": "SUCCESS",
"return": "0x000000d0",
"timestamp": "20140527213607.322",
"repeated": 0,
"api": "CreateFileW",
"arguments": [
{
"name": "lpFileName",
"value": "C:\\Documents and Settings\\All Users\\Application Data\\DowwnLaowApp\\51ff86477a92f.tlb"
},
{
"name": "dwDesiredAccess",
"value": "GENERIC_READ"
}
]
},
{
"category": "filesystem",
"status": "SUCCESS",
"return": "",
"timestamp": "20140527213607.322",
"repeated": 0,
"api": "ReadFile",
"arguments": [
{
"name": "hFile",
"value": "0x000000d0"
},
{
"name": "nNumberOfBytesToRead",
"value": "64"
}
]
},
{
"category": "registry",
"status": "FAILURE",
"return": "",
"timestamp": "20140527213607.322",
"repeated": 0,
"api": "RegOpenKeyExA",
"arguments": [
{
"name": "hKey",
"value": "HKEY_LOCAL_MACHINE"
},
{
"name": "lpSubKey",
"value": "SOFTWARE\\Microsoft\\OLEAUT"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "0x000000d6",
"timestamp": "20140527213607.322",
"repeated": 0,
"api": "RegOpenKeyExW",
"arguments": [
{
"name": "hKey",
"value": "HKEY_CLASSES_ROOT"
},
{
"name": "lpSubKey",
"value": "TypeLib"
}
]
},
{
"category": "registry",
"status": "FAILURE",
"return": "",
"timestamp": "20140527213607.322",
"repeated": 0,
"api": "RegOpenKeyExW",
"arguments": [
{
"name": "hKey",
"value": "0x000000d6"
},
{
"name": "lpSubKey",
"value": "{E2343056-CC08-46AC-B898-BFC7ACF4E755}"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "0x000000de",
"timestamp": "20140527213607.322",
"repeated": 0,
"api": "RegCreateKeyExW",
"arguments": [
{
"name": "hKey",
"value": "0x000000d6"
},
{
"name": "lpSubKey",
"value": "{E2343056-CC08-46AC-B898-BFC7ACF4E755}"
}
]
},
{
"category": "registry",
"status": "FAILURE",
"return": "",
"timestamp": "20140527213607.322",
"repeated": 0,
"api": "RegOpenKeyExW",
"arguments": [
{
"name": "hKey",
"value": "0x000000de"
},
{
"name": "lpSubKey",
"value": "1.0"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "0x000000e2",
"timestamp": "20140527213607.322",
"repeated": 0,
"api": "RegCreateKeyExW",
"arguments": [
{
"name": "hKey",
"value": "0x000000de"
},
{
"name": "lpSubKey",
"value": "1.0"
}
]
},
{
"category": "registry",
"status": "FAILURE",
"return": "",
"timestamp": "20140527213607.322",
"repeated": 0,
"api": "RegQueryValueExW",
"arguments": [
{
"name": "hKey",
"value": "0x000000e2"
},
{
"name": "lpValueName",
"value": "(null)"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "",
"timestamp": "20140527213607.322",
"repeated": 0,
"api": "RegSetValueExW",
"arguments": [
{
"name": "hKey",
"value": "0x000000e2"
},
{
"name": "lpValueName",
"value": "(null)"
},
{
"name": "dwType",
"value": "1"
},
{
"name": "lpData",
"value": "IEPluginLib"
},
{
"name": "cbData",
"value": "24"
}
]
},
{
"category": "registry",
"status": "FAILURE",
"return": "",
"timestamp": "20140527213607.322",
"repeated": 0,
"api": "RegOpenKeyExW",
"arguments": [
{
"name": "hKey",
"value": "0x000000e2"
},
{
"name": "lpSubKey",
"value": "FLAGS"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "0x000000e6",
"timestamp": "20140527213607.322",
"repeated": 0,
"api": "RegCreateKeyExW",
"arguments": [
{
"name": "hKey",
"value": "0x000000e2"
},
{
"name": "lpSubKey",
"value": "FLAGS"
}
]
},
{
"category": "registry",
"status": "FAILURE",
"return": "",
"timestamp": "20140527213607.322",
"repeated": 0,
"api": "RegQueryValueExW",
"arguments": [
{
"name": "hKey",
"value": "0x000000e6"
},
{
"name": "lpValueName",
"value": "(null)"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "",
"timestamp": "20140527213607.322",
"repeated": 0,
"api": "RegSetValueExW",
"arguments": [
{
"name": "hKey",
"value": "0x000000e6"
},
{
"name": "lpValueName",
"value": "(null)"
},
{
"name": "dwType",
"value": "1"
},
{
"name": "lpData",
"value": "0"
},
{
"name": "cbData",
"value": "4"
}
]
},
{
"category": "registry",
"status": "FAILURE",
"return": "",
"timestamp": "20140527213607.322",
"repeated": 0,
"api": "RegOpenKeyExW",
"arguments": [
{
"name": "hKey",
"value": "0x000000e2"
},
{
"name": "lpSubKey",
"value": "0"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "0x000000da",
"timestamp": "20140527213607.322",
"repeated": 0,
"api": "RegCreateKeyExW",
"arguments": [
{
"name": "hKey",
"value": "0x000000e2"
},
{
"name": "lpSubKey",
"value": "0"
}
]
},
{
"category": "registry",
"status": "FAILURE",
"return": "",
"timestamp": "20140527213607.322",
"repeated": 0,
"api": "RegOpenKeyExW",
"arguments": [
{
"name": "hKey",
"value": "0x000000da"
},
{
"name": "lpSubKey",
"value": "win32"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "0x000000ea",
"timestamp": "20140527213607.322",
"repeated": 0,
"api": "RegCreateKeyExW",
"arguments": [
{
"name": "hKey",
"value": "0x000000da"
},
{
"name": "lpSubKey",
"value": "win32"
}
]
},
{
"category": "registry",
"status": "FAILURE",
"return": "",
"timestamp": "20140527213607.322",
"repeated": 0,
"api": "RegQueryValueExW",
"arguments": [
{
"name": "hKey",
"value": "0x000000ea"
},
{
"name": "lpValueName",
"value": "(null)"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "",
"timestamp": "20140527213607.322",
"repeated": 0,
"api": "RegSetValueExW",
"arguments": [
{
"name": "hKey",
"value": "0x000000ea"
},
{
"name": "lpValueName",
"value": "(null)"
},
{
"name": "dwType",
"value": "1"
},
{
"name": "lpData",
"value": "C:\\Documents and Settings\\All Users\\Application Data\\DowwnLaowApp\\51ff86477a92f.tlb"
},
{
"name": "cbData",
"value": "168"
}
]
},
{
"category": "registry",
"status": "FAILURE",
"return": "",
"timestamp": "20140527213607.322",
"repeated": 0,
"api": "RegOpenKeyExW",
"arguments": [
{
"name": "hKey",
"value": "0x000000e2"
},
{
"name": "lpSubKey",
"value": "HELPDIR"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "0x000000ee",
"timestamp": "20140527213607.322",
"repeated": 0,
"api": "RegCreateKeyExW",
"arguments": [
{
"name": "hKey",
"value": "0x000000e2"
},
{
"name": "lpSubKey",
"value": "HELPDIR"
}
]
},
{
"category": "registry",
"status": "FAILURE",
"return": "",
"timestamp": "20140527213607.322",
"repeated": 0,
"api": "RegQueryValueExW",
"arguments": [
{
"name": "hKey",
"value": "0x000000ee"
},
{
"name": "lpValueName",
"value": "(null)"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "",
"timestamp": "20140527213607.322",
"repeated": 0,
"api": "RegSetValueExW",
"arguments": [
{
"name": "hKey",
"value": "0x000000ee"
},
{
"name": "lpValueName",
"value": "(null)"
},
{
"name": "dwType",
"value": "1"
},
{
"name": "lpData",
"value": "C:\\Documents and Settings\\All Users\\Application Data\\DowwnLaowApp"
},
{
"name": "cbData",
"value": "132"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "0x000000ee",
"timestamp": "20140527213607.322",
"repeated": 0,
"api": "RegOpenKeyExW",
"arguments": [
{
"name": "hKey",
"value": "HKEY_CLASSES_ROOT"
},
{
"name": "lpSubKey",
"value": "Interface"
}
]
},
{
"category": "registry",
"status": "FAILURE",
"return": "",
"timestamp": "20140527213607.322",
"repeated": 0,
"api": "RegOpenKeyExW",
"arguments": [
{
"name": "hKey",
"value": "0x000000ee"
},
{
"name": "lpSubKey",
"value": "{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "0x000000f2",
"timestamp": "20140527213607.322",
"repeated": 0,
"api": "RegCreateKeyExW",
"arguments": [
{
"name": "hKey",
"value": "0x000000ee"
},
{
"name": "lpSubKey",
"value": "{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}"
}
]
},
{
"category": "registry",
"status": "FAILURE",
"return": "",
"timestamp": "20140527213607.322",
"repeated": 0,
"api": "RegQueryValueExW",
"arguments": [
{
"name": "hKey",
"value": "0x000000f2"
},
{
"name": "lpValueName",
"value": "(null)"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "",
"timestamp": "20140527213607.322",
"repeated": 0,
"api": "RegSetValueExW",
"arguments": [
{
"name": "hKey",
"value": "0x000000f2"
},
{
"name": "lpValueName",
"value": "(null)"
},
{
"name": "dwType",
"value": "1"
},
{
"name": "lpData",
"value": "IIEPluginMain"
},
{
"name": "cbData",
"value": "28"
}
]
},
{
"category": "registry",
"status": "FAILURE",
"return": "",
"timestamp": "20140527213607.322",
"repeated": 0,
"api": "RegOpenKeyExW",
"arguments": [
{
"name": "hKey",
"value": "0x000000f2"
},
{
"name": "lpSubKey",
"value": "ProxyStubClsid"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "0x000000f6",
"timestamp": "20140527213607.322",
"repeated": 0,
"api": "RegCreateKeyExW",
"arguments": [
{
"name": "hKey",
"value": "0x000000f2"
},
{
"name": "lpSubKey",
"value": "ProxyStubClsid"
}
]
},
{
"category": "registry",
"status": "FAILURE",
"return": "",
"timestamp": "20140527213607.322",
"repeated": 0,
"api": "RegQueryValueExW",
"arguments": [
{
"name": "hKey",
"value": "0x000000f6"
},
{
"name": "lpValueName",
"value": "(null)"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "",
"timestamp": "20140527213607.322",
"repeated": 0,
"api": "RegSetValueExW",
"arguments": [
{
"name": "hKey",
"value": "0x000000f6"
},
{
"name": "lpValueName",
"value": "(null)"
},
{
"name": "dwType",
"value": "1"
},
{
"name": "lpData",
"value": "{00020424-0000-0000-C000-000000000046}"
},
{
"name": "cbData",
"value": "78"
}
]
},
{
"category": "registry",
"status": "FAILURE",
"return": "",
"timestamp": "20140527213607.322",
"repeated": 0,
"api": "RegOpenKeyExW",
"arguments": [
{
"name": "hKey",
"value": "0x000000f2"
},
{
"name": "lpSubKey",
"value": "ProxyStubClsid32"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "0x000000e6",
"timestamp": "20140527213607.322",
"repeated": 0,
"api": "RegCreateKeyExW",
"arguments": [
{
"name": "hKey",
"value": "0x000000f2"
},
{
"name": "lpSubKey",
"value": "ProxyStubClsid32"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "",
"timestamp": "20140527213607.322",
"repeated": 0,
"api": "RegSetValueExW",
"arguments": [
{
"name": "hKey",
"value": "0x000000e6"
},
{
"name": "lpValueName",
"value": "(null)"
},
{
"name": "dwType",
"value": "1"
},
{
"name": "lpData",
"value": "{00020424-0000-0000-C000-000000000046}"
},
{
"name": "cbData",
"value": "78"
}
]
},
{
"category": "registry",
"status": "FAILURE",
"return": "",
"timestamp": "20140527213607.322",
"repeated": 0,
"api": "RegOpenKeyExW",
"arguments": [
{
"name": "hKey",
"value": "0x000000f2"
},
{
"name": "lpSubKey",
"value": "TypeLib"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "0x000000f6",
"timestamp": "20140527213607.322",
"repeated": 0,
"api": "RegCreateKeyExW",
"arguments": [
{
"name": "hKey",
"value": "0x000000f2"
},
{
"name": "lpSubKey",
"value": "TypeLib"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "",
"timestamp": "20140527213607.322",
"repeated": 0,
"api": "RegSetValueExW",
"arguments": [
{
"name": "hKey",
"value": "0x000000f6"
},
{
"name": "lpValueName",
"value": "(null)"
},
{
"name": "dwType",
"value": "1"
},
{
"name": "lpData",
"value": "{E2343056-CC08-46AC-B898-BFC7ACF4E755}"
},
{
"name": "cbData",
"value": "78"
}
]
},
{
"category": "registry",
"status": "FAILURE",
"return": "",
"timestamp": "20140527213607.322",
"repeated": 0,
"api": "RegQueryValueExW",
"arguments": [
{
"name": "hKey",
"value": "0x000000f6"
},
{
"name": "lpValueName",
"value": "Version"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "",
"timestamp": "20140527213607.322",
"repeated": 0,
"api": "RegSetValueExW",
"arguments": [
{
"name": "hKey",
"value": "0x000000f6"
},
{
"name": "lpValueName",
"value": "Version"
},
{
"name": "dwType",
"value": "1"
},
{
"name": "lpData",
"value": "1.0"
},
{
"name": "cbData",
"value": "8"
}
]
},
{
"category": "registry",
"status": "FAILURE",
"return": "",
"timestamp": "20140527213607.322",
"repeated": 0,
"api": "RegOpenKeyExW",
"arguments": [
{
"name": "hKey",
"value": "0x000000ee"
},
{
"name": "lpSubKey",
"value": "{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "0x000000f6",
"timestamp": "20140527213607.322",
"repeated": 0,
"api": "RegCreateKeyExW",
"arguments": [
{
"name": "hKey",
"value": "0x000000ee"
},
{
"name": "lpSubKey",
"value": "{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "",
"timestamp": "20140527213607.322",
"repeated": 0,
"api": "RegSetValueExW",
"arguments": [
{
"name": "hKey",
"value": "0x000000f6"
},
{
"name": "lpValueName",
"value": "(null)"
},
{
"name": "dwType",
"value": "1"
},
{
"name": "lpData",
"value": "ILocalStorage"
},
{
"name": "cbData",
"value": "28"
}
]
},
{
"category": "registry",
"status": "FAILURE",
"return": "",
"timestamp": "20140527213607.322",
"repeated": 0,
"api": "RegOpenKeyExW",
"arguments": [
{
"name": "hKey",
"value": "0x000000f6"
},
{
"name": "lpSubKey",
"value": "ProxyStubClsid"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "0x000000e6",
"timestamp": "20140527213607.322",
"repeated": 0,
"api": "RegCreateKeyExW",
"arguments": [
{
"name": "hKey",
"value": "0x000000f6"
},
{
"name": "lpSubKey",
"value": "ProxyStubClsid"
}
]
},
{
"category": "registry",
"status": "FAILURE",
"return": "",
"timestamp": "20140527213607.322",
"repeated": 0,
"api": "RegOpenKeyExW",
"arguments": [
{
"name": "hKey",
"value": "0x000000f6"
},
{
"name": "lpSubKey",
"value": "ProxyStubClsid32"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "0x000000f2",
"timestamp": "20140527213607.322",
"repeated": 0,
"api": "RegCreateKeyExW",
"arguments": [
{
"name": "hKey",
"value": "0x000000f6"
},
{
"name": "lpSubKey",
"value": "ProxyStubClsid32"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "",
"timestamp": "20140527213607.322",
"repeated": 0,
"api": "RegSetValueExW",
"arguments": [
{
"name": "hKey",
"value": "0x000000f2"
},
{
"name": "lpValueName",
"value": "(null)"
},
{
"name": "dwType",
"value": "1"
},
{
"name": "lpData",
"value": "{00020424-0000-0000-C000-000000000046}"
},
{
"name": "cbData",
"value": "78"
}
]
},
{
"category": "registry",
"status": "FAILURE",
"return": "",
"timestamp": "20140527213607.322",
"repeated": 0,
"api": "RegOpenKeyExW",
"arguments": [
{
"name": "hKey",
"value": "0x000000f6"
},
{
"name": "lpSubKey",
"value": "TypeLib"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "0x000000e6",
"timestamp": "20140527213607.322",
"repeated": 0,
"api": "RegCreateKeyExW",
"arguments": [
{
"name": "hKey",
"value": "0x000000f6"
},
{
"name": "lpSubKey",
"value": "TypeLib"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "",
"timestamp": "20140527213607.322",
"repeated": 0,
"api": "RegSetValueExW",
"arguments": [
{
"name": "hKey",
"value": "0x000000e6"
},
{
"name": "lpValueName",
"value": "(null)"
},
{
"name": "dwType",
"value": "1"
},
{
"name": "lpData",
"value": "{E2343056-CC08-46AC-B898-BFC7ACF4E755}"
},
{
"name": "cbData",
"value": "78"
}
]
},
{
"category": "registry",
"status": "FAILURE",
"return": "",
"timestamp": "20140527213607.322",
"repeated": 0,
"api": "RegQueryValueExW",
"arguments": [
{
"name": "hKey",
"value": "0x000000e6"
},
{
"name": "lpValueName",
"value": "Version"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "",
"timestamp": "20140527213607.322",
"repeated": 0,
"api": "RegSetValueExW",
"arguments": [
{
"name": "hKey",
"value": "0x000000e6"
},
{
"name": "lpValueName",
"value": "Version"
},
{
"name": "dwType",
"value": "1"
},
{
"name": "lpData",
"value": "1.0"
},
{
"name": "cbData",
"value": "8"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "0x000000bc",
"timestamp": "20140527213607.322",
"repeated": 0,
"api": "RegCreateKeyExW",
"arguments": [
{
"name": "hKey",
"value": "HKEY_LOCAL_MACHINE"
},
{
"name": "lpSubKey",
"value": "Software\\Classes\\CLSID\\{FB216696-6B2A-3521-AF85-876CAE91A763}"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "",
"timestamp": "20140527213607.322",
"repeated": 0,
"api": "RegSetValueExA",
"arguments": [
{
"name": "hKey",
"value": "0x000000bc"
},
{
"name": "lpValueName",
"value": ""
},
{
"name": "dwType",
"value": "1"
},
{
"name": "lpData",
"value": "DowwnLaowApp"
},
{
"name": "cbData",
"value": "13"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "0x000000bc",
"timestamp": "20140527213607.322",
"repeated": 0,
"api": "RegCreateKeyExW",
"arguments": [
{
"name": "hKey",
"value": "HKEY_LOCAL_MACHINE"
},
{
"name": "lpSubKey",
"value": "Software\\Classes\\CLSID\\{FB216696-6B2A-3521-AF85-876CAE91A763}\\InProcServer32"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "",
"timestamp": "20140527213607.322",
"repeated": 0,
"api": "RegSetValueExA",
"arguments": [
{
"name": "hKey",
"value": "0x000000bc"
},
{
"name": "lpValueName",
"value": ""
},
{
"name": "dwType",
"value": "1"
},
{
"name": "lpData",
"value": "C:\\Documents and Settings\\All Users\\Application Data\\DowwnLaowApp\\51ff86477a92f.dll"
},
{
"name": "cbData",
"value": "84"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "",
"timestamp": "20140527213607.322",
"repeated": 0,
"api": "RegSetValueExA",
"arguments": [
{
"name": "hKey",
"value": "0x000000bc"
},
{
"name": "lpValueName",
"value": "ThreadingModel"
},
{
"name": "dwType",
"value": "1"
},
{
"name": "lpData",
"value": "Apartment"
},
{
"name": "cbData",
"value": "10"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "0x000000bc",
"timestamp": "20140527213607.332",
"repeated": 0,
"api": "RegCreateKeyExW",
"arguments": [
{
"name": "hKey",
"value": "HKEY_LOCAL_MACHINE"
},
{
"name": "lpSubKey",
"value": "Software\\Classes\\CLSID\\{FB216696-6B2A-3521-AF85-876CAE91A763}\\ProgID"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "",
"timestamp": "20140527213607.332",
"repeated": 0,
"api": "RegSetValueExA",
"arguments": [
{
"name": "hKey",
"value": "0x000000bc"
},
{
"name": "lpValueName",
"value": ""
},
{
"name": "dwType",
"value": "1"
},
{
"name": "lpData",
"value": "DowwnLaowApp.1"
},
{
"name": "cbData",
"value": "15"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "0x000000bc",
"timestamp": "20140527213607.332",
"repeated": 0,
"api": "RegCreateKeyExW",
"arguments": [
{
"name": "hKey",
"value": "HKEY_LOCAL_MACHINE"
},
{
"name": "lpSubKey",
"value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects\\{FB216696-6B2A-3521-AF85-876CAE91A763}"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "",
"timestamp": "20140527213607.332",
"repeated": 0,
"api": "RegSetValueExA",
"arguments": [
{
"name": "hKey",
"value": "0x000000bc"
},
{
"name": "lpValueName",
"value": "NoExplorer"
},
{
"name": "dwType",
"value": "4"
},
{
"name": "lpData",
"value": "1"
},
{
"name": "cbData",
"value": "4"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "0x000000bc",
"timestamp": "20140527213607.332",
"repeated": 0,
"api": "RegCreateKeyExW",
"arguments": [
{
"name": "hKey",
"value": "HKEY_LOCAL_MACHINE"
},
{
"name": "lpSubKey",
"value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Ext\\CLSID"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "",
"timestamp": "20140527213607.332",
"repeated": 0,
"api": "RegSetValueExA",
"arguments": [
{
"name": "hKey",
"value": "0x000000bc"
},
{
"name": "lpValueName",
"value": "{FB216696-6B2A-3521-AF85-876CAE91A763}"
},
{
"name": "dwType",
"value": "1"
},
{
"name": "lpData",
"value": "1"
},
{
"name": "cbData",
"value": "2"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "0x0000000c",
"timestamp": "20140527213607.332",
"repeated": 0,
"api": "RegOpenKeyExW",
"arguments": [
{
"name": "hKey",
"value": "HKEY_CURRENT_USER"
},
{
"name": "lpSubKey",
"value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer"
}
]
},
{
"category": "registry",
"status": "FAILURE",
"return": "",
"timestamp": "20140527213607.332",
"repeated": 0,
"api": "RegQueryValueExW",
"arguments": [
{
"name": "hKey",
"value": "0x0000000c"
},
{
"name": "lpValueName",
"value": "NoFileFolderConnection"
}
]
},
{
"category": "filesystem",
"status": "FAILURE",
"return": "",
"timestamp": "20140527213607.332",
"repeated": 0,
"api": "CopyFileExW",
"arguments": [
{
"name": "lpExistingFileName",
"value": "C:\\DOCUME~1\\JANETT~1\\LOCALS~1\\Temp\\7zS1.tmp\\settings.ini"
},
{
"name": "lpNewFileName",
"value": "C:\\Documents and Settings\\All Users\\Application Data\\DowwnLaowApp\\settings.ini"
}
]
},
{
"category": "filesystem",
"status": "SUCCESS",
"return": "0x000000d0",
"timestamp": "20140527213607.332",
"repeated": 0,
"api": "CreateFileW",
"arguments": [
{
"name": "lpFileName",
"value": "C:\\Documents and Settings\\All Users\\Application Data\\DowwnLaowApp\\uninstall.exe"
},
{
"name": "dwDesiredAccess",
"value": "GENERIC_WRITE"
}
]
},
{
"category": "filesystem",
"status": "SUCCESS",
"return": "",
"timestamp": "20140527213607.332",
"repeated": 0,
"api": "ReadFile",
"arguments": [
{
"name": "hFile",
"value": "0x000000c8"
},
{
"name": "nNumberOfBytesToRead",
"value": "46080"
}
]
},
{
"category": "filesystem",
"status": "SUCCESS",
"return": "",
"timestamp": "20140527213607.332",
"repeated": 0,
"api": "ReadFile",
"arguments": [
{
"name": "hFile",
"value": "0x000000c8"
},
{
"name": "nNumberOfBytesToRead",
"value": "504"
}
]
},
{
"category": "filesystem",
"status": "SUCCESS",
"return": "",
"timestamp": "20140527213607.332",
"repeated": 0,
"api": "WriteFile",
"arguments": [
{
"name": "hFile",
"value": "0x000000d0"
},
{
"name": "nNumberOfBytesToWrite",
"value": "46080"
}
]
},
{
"category": "filesystem",
"status": "SUCCESS",
"return": "",
"timestamp": "20140527213607.332",
"repeated": 0,
"api": "ReadFile",
"arguments": [
{
"name": "hFile",
"value": "0x000000c8"
},
{
"name": "nNumberOfBytesToRead",
"value": "3744"
}
]
},
{
"category": "filesystem",
"status": "SUCCESS",
"return": "",
"timestamp": "20140527213607.332",
"repeated": 0,
"api": "WriteFile",
"arguments": [
{
"name": "hFile",
"value": "0x000000d0"
},
{
"name": "nNumberOfBytesToWrite",
"value": "3744"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "0x000000d0",
"timestamp": "20140527213607.332",
"repeated": 0,
"api": "RegCreateKeyExW",
"arguments": [
{
"name": "hKey",
"value": "HKEY_LOCAL_MACHINE"
},
{
"name": "lpSubKey",
"value": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{15BFA1EF-4B89-F075-6B00-0B4EAD6EFA43}"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "",
"timestamp": "20140527213607.332",
"repeated": 0,
"api": "RegSetValueExA",
"arguments": [
{
"name": "hKey",
"value": "0x000000d0"
},
{
"name": "lpValueName",
"value": "DisplayName"
},
{
"name": "dwType",
"value": "1"
},
{
"name": "lpData",
"value": "DowwnLaowApp"
},
{
"name": "cbData",
"value": "13"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "",
"timestamp": "20140527213607.332",
"repeated": 0,
"api": "RegSetValueExA",
"arguments": [
{
"name": "hKey",
"value": "0x000000d0"
},
{
"name": "lpValueName",
"value": "DisplayVersion"
},
{
"name": "dwType",
"value": "1"
},
{
"name": "lpData",
"value": ""
},
{
"name": "cbData",
"value": "1"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "",
"timestamp": "20140527213607.332",
"repeated": 0,
"api": "RegSetValueExA",
"arguments": [
{
"name": "hKey",
"value": "0x000000d0"
},
{
"name": "lpValueName",
"value": "Publisher"
},
{
"name": "dwType",
"value": "1"
},
{
"name": "lpData",
"value": "DownLowApp"
},
{
"name": "cbData",
"value": "11"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "",
"timestamp": "20140527213607.332",
"repeated": 0,
"api": "RegSetValueExA",
"arguments": [
{
"name": "hKey",
"value": "0x000000d0"
},
{
"name": "lpValueName",
"value": "URLInfoAbout"
},
{
"name": "dwType",
"value": "1"
},
{
"name": "lpData",
"value": "http://downlowapp.info/"
},
{
"name": "cbData",
"value": "24"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "",
"timestamp": "20140527213607.332",
"repeated": 0,
"api": "RegSetValueExA",
"arguments": [
{
"name": "hKey",
"value": "0x000000d0"
},
{
"name": "lpValueName",
"value": "DisplayIcon"
},
{
"name": "dwType",
"value": "1"
},
{
"name": "lpData",
"value": "C:\\Documents and Settings\\All Users\\Application Data\\DowwnLaowApp\\uninstall.exe"
},
{
"name": "cbData",
"value": "80"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "",
"timestamp": "20140527213607.332",
"repeated": 0,
"api": "RegSetValueExA",
"arguments": [
{
"name": "hKey",
"value": "0x000000d0"
},
{
"name": "lpValueName",
"value": "UninstallString"
},
{
"name": "dwType",
"value": "1"
},
{
"name": "lpData",
"value": "C:\\Documents and Settings\\All Users\\Application Data\\DowwnLaowApp\\uninstall.exe\" /path=C:\\Documents and Settings\\All Users\\Application Data\\DowwnLaowApp\""
},
{
"name": "cbData",
"value": "154"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "",
"timestamp": "20140527213607.332",
"repeated": 0,
"api": "RegSetValueExA",
"arguments": [
{
"name": "hKey",
"value": "0x000000d0"
},
{
"name": "lpValueName",
"value": "InstallDate"
},
{
"name": "dwType",
"value": "1"
},
{
"name": "lpData",
"value": "20080206"
},
{
"name": "cbData",
"value": "9"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "",
"timestamp": "20140527213607.332",
"repeated": 0,
"api": "RegSetValueExA",
"arguments": [
{
"name": "hKey",
"value": "0x000000d0"
},
{
"name": "lpValueName",
"value": "NoModify"
},
{
"name": "dwType",
"value": "4"
},
{
"name": "lpData",
"value": "1"
},
{
"name": "cbData",
"value": "4"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "",
"timestamp": "20140527213607.332",
"repeated": 0,
"api": "RegSetValueExA",
"arguments": [
{
"name": "hKey",
"value": "0x000000d0"
},
{
"name": "lpValueName",
"value": "NoRepair"
},
{
"name": "dwType",
"value": "4"
},
{
"name": "lpData",
"value": "1"
},
{
"name": "cbData",
"value": "4"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "",
"timestamp": "20140527213607.332",
"repeated": 0,
"api": "RegSetValueExA",
"arguments": [
{
"name": "hKey",
"value": "0x000000d0"
},
{
"name": "lpValueName",
"value": "CategoryName"
},
{
"name": "dwType",
"value": "1"
},
{
"name": "lpData",
"value": "DownLow"
},
{
"name": "cbData",
"value": "8"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "0x000000d0",
"timestamp": "20140527213607.332",
"repeated": 0,
"api": "RegCreateKeyExW",
"arguments": [
{
"name": "hKey",
"value": "HKEY_LOCAL_MACHINE"
},
{
"name": "lpSubKey",
"value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "",
"timestamp": "20140527213607.332",
"repeated": 0,
"api": "RegQueryValueExW",
"arguments": [
{
"name": "hKey",
"value": "0x000000d0"
},
{
"name": "lpValueName",
"value": "Common Programs"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "0x000000d0",
"timestamp": "20140527213607.332",
"repeated": 0,
"api": "RegCreateKeyExW",
"arguments": [
{
"name": "hKey",
"value": "HKEY_LOCAL_MACHINE"
},
{
"name": "lpSubKey",
"value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Shell Folders"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "",
"timestamp": "20140527213607.332",
"repeated": 0,
"api": "RegSetValueExW",
"arguments": [
{
"name": "hKey",
"value": "0x000000d0"
},
{
"name": "lpValueName",
"value": "Common Programs"
},
{
"name": "dwType",
"value": "1"
},
{
"name": "lpData",
"value": "C:\\Documents and Settings\\All Users\\Start Menu\\Programs"
},
{
"name": "cbData",
"value": "112"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "0x000000d0",
"timestamp": "20140527213607.332",
"repeated": 0,
"api": "RegOpenKeyExW",
"arguments": [
{
"name": "hKey",
"value": "HKEY_LOCAL_MACHINE"
},
{
"name": "lpSubKey",
"value": "Software\\Microsoft\\COM3"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "",
"timestamp": "20140527213607.332",
"repeated": 0,
"api": "RegQueryValueExW",
"arguments": [
{
"name": "hKey",
"value": "0x000000d0"
},
{
"name": "lpValueName",
"value": "Com+Enabled"
}
]
},
{
"category": "registry",
"status": "FAILURE",
"return": "",
"timestamp": "20140527213607.332",
"repeated": 0,
"api": "RegOpenKeyExW",
"arguments": [
{
"name": "hKey",
"value": "HKEY_LOCAL_MACHINE"
},
{
"name": "lpSubKey",
"value": "Software\\Microsoft\\COM3\\Debug"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "0x000000d0",
"timestamp": "20140527213607.332",
"repeated": 0,
"api": "RegOpenKeyExW",
"arguments": [
{
"name": "hKey",
"value": "HKEY_LOCAL_MACHINE"
},
{
"name": "lpSubKey",
"value": "SOFTWARE\\Microsoft\\OLE"
}
]
},
{
"category": "registry",
"status": "FAILURE",
"return": "",
"timestamp": "20140527213607.332",
"repeated": 0,
"api": "RegQueryValueExW",
"arguments": [
{
"name": "hKey",
"value": "0x000000d0"
},
{
"name": "lpValueName",
"value": "MinimumFreeMemPercentageToCreateProcess"
}
]
},
{
"category": "registry",
"status": "FAILURE",
"return": "",
"timestamp": "20140527213607.332",
"repeated": 0,
"api": "RegQueryValueExW",
"arguments": [
{
"name": "hKey",
"value": "0x000000d0"
},
{
"name": "lpValueName",
"value": "MinimumFreeMemPercentageToCreateObject"
}
]
},
{
"category": "system",
"status": "SUCCESS",
"return": "0x76fd0000",
"timestamp": "20140527213607.332",
"repeated": 0,
"api": "LoadLibraryA",
"arguments": [
{
"name": "lpFileName",
"value": "CLBCATQ.DLL"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "0x000000d0",
"timestamp": "20140527213607.332",
"repeated": 0,
"api": "RegOpenKeyExW",
"arguments": [
{
"name": "hKey",
"value": "HKEY_LOCAL_MACHINE"
},
{
"name": "lpSubKey",
"value": "Software\\Classes"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "0x000000dc",
"timestamp": "20140527213607.332",
"repeated": 0,
"api": "RegOpenKeyExW",
"arguments": [
{
"name": "hKey",
"value": "HKEY_LOCAL_MACHINE"
},
{
"name": "lpSubKey",
"value": "Software\\Microsoft\\COM3"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "0x000000ec",
"timestamp": "20140527213607.332",
"repeated": 0,
"api": "RegOpenKeyExW",
"arguments": [
{
"name": "hKey",
"value": "HKEY_LOCAL_MACHINE"
},
{
"name": "lpSubKey",
"value": "Software\\Classes"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "0x000000f8",
"timestamp": "20140527213607.332",
"repeated": 0,
"api": "RegOpenKeyExW",
"arguments": [
{
"name": "hKey",
"value": "HKEY_LOCAL_MACHINE"
},
{
"name": "lpSubKey",
"value": "Software\\Microsoft\\COM3"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "0x00000100",
"timestamp": "20140527213607.332",
"repeated": 0,
"api": "RegOpenKeyExW",
"arguments": [
{
"name": "hKey",
"value": "HKEY_LOCAL_MACHINE"
},
{
"name": "lpSubKey",
"value": "Software\\Microsoft\\COM3"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "0x00000108",
"timestamp": "20140527213607.332",
"repeated": 0,
"api": "RegOpenKeyExW",
"arguments": [
{
"name": "hKey",
"value": "HKEY_LOCAL_MACHINE"
},
{
"name": "lpSubKey",
"value": "Software\\Classes\\CLSID"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "0x00000110",
"timestamp": "20140527213607.332",
"repeated": 0,
"api": "RegOpenKeyExW",
"arguments": [
{
"name": "hKey",
"value": "HKEY_LOCAL_MACHINE"
},
{
"name": "lpSubKey",
"value": "Software\\Classes"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "0x00000118",
"timestamp": "20140527213607.332",
"repeated": 0,
"api": "RegOpenKeyExW",
"arguments": [
{
"name": "hKey",
"value": "HKEY_LOCAL_MACHINE"
},
{
"name": "lpSubKey",
"value": "Software\\Microsoft\\COM3"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "0x00000128",
"timestamp": "20140527213607.332",
"repeated": 0,
"api": "RegOpenKeyExW",
"arguments": [
{
"name": "hKey",
"value": "HKEY_LOCAL_MACHINE"
},
{
"name": "lpSubKey",
"value": "Software\\Microsoft\\COM3"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "0x00000130",
"timestamp": "20140527213607.332",
"repeated": 0,
"api": "RegOpenKeyExW",
"arguments": [
{
"name": "hKey",
"value": "HKEY_LOCAL_MACHINE"
},
{
"name": "lpSubKey",
"value": "Software\\Microsoft\\COM3"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "0x00000138",
"timestamp": "20140527213607.332",
"repeated": 0,
"api": "RegOpenKeyExW",
"arguments": [
{
"name": "hKey",
"value": "HKEY_LOCAL_MACHINE"
},
{
"name": "lpSubKey",
"value": "Software\\Classes\\CLSID"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "0x00000140",
"timestamp": "20140527213607.332",
"repeated": 0,
"api": "RegOpenKeyExW",
"arguments": [
{
"name": "hKey",
"value": "HKEY_LOCAL_MACHINE"
},
{
"name": "lpSubKey",
"value": "Software\\Microsoft\\COM3"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "",
"timestamp": "20140527213607.332",
"repeated": 0,
"api": "RegQueryValueExW",
"arguments": [
{
"name": "hKey",
"value": "0x00000140"
},
{
"name": "lpValueName",
"value": "REGDBVersion"
}
]
},
{
"category": "filesystem",
"status": "SUCCESS",
"return": "0x00000140",
"timestamp": "20140527213607.332",
"repeated": 0,
"api": "CreateFileW",
"arguments": [
{
"name": "lpFileName",
"value": "C:\\WINDOWS\\Registration\\R000000000007.clb"
},
{
"name": "dwDesiredAccess",
"value": "GENERIC_READ"
}
]
},
{
"category": "filesystem",
"status": "SUCCESS",
"return": "",
"timestamp": "20140527213607.332",
"repeated": 0,
"api": "ReadFile",
"arguments": [
{
"name": "hFile",
"value": "0x00000140"
},
{
"name": "nNumberOfBytesToRead",
"value": "22512"
}
]
},
{
"category": "memory",
"status": "SUCCESS",
"return": "0x00930000",
"timestamp": "20140527213607.332",
"repeated": 0,
"api": "VirtualAllocEx",
"arguments": [
{
"name": "th32ProcessID",
"value": "1064"
},
{
"name": "szExeFile",
"value": "51ff86477a8f8.exe"
},
{
"name": "lpAddress",
"value": "0x00000000"
},
{
"name": "dwSize",
"value": "65536"
},
{
"name": "flAllocationType",
"value": "0x00002000"
},
{
"name": "flProtect",
"value": "0x00000001"
}
]
},
{
"category": "memory",
"status": "SUCCESS",
"return": "0x00930000",
"timestamp": "20140527213607.332",
"repeated": 0,
"api": "VirtualAllocEx",
"arguments": [
{
"name": "th32ProcessID",
"value": "1064"
},
{
"name": "szExeFile",
"value": "51ff86477a8f8.exe"
},
{
"name": "lpAddress",
"value": "0x00930000"
},
{
"name": "dwSize",
"value": "4096"
},
{
"name": "flAllocationType",
"value": "0x00001000"
},
{
"name": "flProtect",
"value": "0x00000004"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "0x00000142",
"timestamp": "20140527213607.332",
"repeated": 0,
"api": "RegOpenKeyExW",
"arguments": [
{
"name": "hKey",
"value": "0x0000000e"
},
{
"name": "lpSubKey",
"value": "CLSID\\{00021401-0000-0000-C000-000000000046}"
}
]
},
{
"category": "registry",
"status": "FAILURE",
"return": "",
"timestamp": "20140527213607.332",
"repeated": 0,
"api": "RegOpenKeyExW",
"arguments": [
{
"name": "hKey",
"value": "0x00000142"
},
{
"name": "lpSubKey",
"value": "TreatAs"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "0x0000014e",
"timestamp": "20140527213607.332",
"repeated": 0,
"api": "RegOpenKeyExW",
"arguments": [
{
"name": "hKey",
"value": "0x0000000e"
},
{
"name": "lpSubKey",
"value": "(null)"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "0x00000142",
"timestamp": "20140527213607.332",
"repeated": 0,
"api": "RegOpenKeyExW",
"arguments": [
{
"name": "hKey",
"value": "0x0000014e"
},
{
"name": "lpSubKey",
"value": "CLSID\\{00021401-0000-0000-C000-000000000046}"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "0x00000152",
"timestamp": "20140527213607.332",
"repeated": 0,
"api": "RegOpenKeyExW",
"arguments": [
{
"name": "hKey",
"value": "0x00000142"
},
{
"name": "lpSubKey",
"value": "InprocServer32"
}
]
},
{
"category": "registry",
"status": "FAILURE",
"return": "",
"timestamp": "20140527213607.332",
"repeated": 0,
"api": "RegQueryValueExW",
"arguments": [
{
"name": "hKey",
"value": "0x00000152"
},
{
"name": "lpValueName",
"value": "InprocServer32"
}
]
},
{
"category": "registry",
"status": "FAILURE",
"return": "",
"timestamp": "20140527213607.332",
"repeated": 0,
"api": "RegOpenKeyExW",
"arguments": [
{
"name": "hKey",
"value": "0x00000142"
},
{
"name": "lpSubKey",
"value": "InprocServerX86"
}
]
},
{
"category": "registry",
"status": "FAILURE",
"return": "",
"timestamp": "20140527213607.332",
"repeated": 0,
"api": "RegOpenKeyExW",
"arguments": [
{
"name": "hKey",
"value": "0x00000142"
},
{
"name": "lpSubKey",
"value": "LocalServer32"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "",
"timestamp": "20140527213607.332",
"repeated": 0,
"api": "RegQueryValueExW",
"arguments": [
{
"name": "hKey",
"value": "0x00000152"
},
{
"name": "lpValueName",
"value": "(null)"
}
]
},
{
"category": "registry",
"status": "FAILURE",
"return": "",
"timestamp": "20140527213607.332",
"repeated": 0,
"api": "RegOpenKeyExW",
"arguments": [
{
"name": "hKey",
"value": "0x00000142"
},
{
"name": "lpSubKey",
"value": "InprocHandler32"
}
]
},
{
"category": "registry",
"status": "FAILURE",
"return": "",
"timestamp": "20140527213607.332",
"repeated": 0,
"api": "RegOpenKeyExW",
"arguments": [
{
"name": "hKey",
"value": "0x00000142"
},
{
"name": "lpSubKey",
"value": "InprocHandlerX86"
}
]
},
{
"category": "registry",
"status": "FAILURE",
"return": "",
"timestamp": "20140527213607.332",
"repeated": 0,
"api": "RegOpenKeyExW",
"arguments": [
{
"name": "hKey",
"value": "0x00000142"
},
{
"name": "lpSubKey",
"value": "LocalServer"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "0x00000152",
"timestamp": "20140527213607.332",
"repeated": 0,
"api": "RegOpenKeyExW",
"arguments": [
{
"name": "hKey",
"value": "0x0000014e"
},
{
"name": "lpSubKey",
"value": "CLSID\\{00021401-0000-0000-C000-000000000046}"
}
]
},
{
"category": "registry",
"status": "FAILURE",
"return": "",
"timestamp": "20140527213607.332",
"repeated": 0,
"api": "RegQueryValueExW",
"arguments": [
{
"name": "hKey",
"value": "0x00000152"
},
{
"name": "lpValueName",
"value": "AppID"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "",
"timestamp": "20140527213607.332",
"repeated": 0,
"api": "RegQueryValueExW",
"arguments": [
{
"name": "hKey",
"value": "0x00000152"
},
{
"name": "lpValueName",
"value": "ThreadingModel"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "0x00000142",
"timestamp": "20140527213607.332",
"repeated": 0,
"api": "RegOpenKeyExW",
"arguments": [
{
"name": "hKey",
"value": "HKEY_CLASSES_ROOT"
},
{
"name": "lpSubKey",
"value": "CLSID\\{00021401-0000-0000-C000-000000000046}"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "0x00000150",
"timestamp": "20140527213607.332",
"repeated": 0,
"api": "RegOpenKeyExW",
"arguments": [
{
"name": "hKey",
"value": "HKEY_LOCAL_MACHINE"
},
{
"name": "lpSubKey",
"value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "0x00000154",
"timestamp": "20140527213607.332",
"repeated": 0,
"api": "RegOpenKeyExW",
"arguments": [
{
"name": "hKey",
"value": "0x00000150"
},
{
"name": "lpSubKey",
"value": "{1f4de370-d627-11d1-ba4f-00a0c91eedba}"
}
]
},
{
"category": "registry",
"status": "FAILURE",
"return": "",
"timestamp": "20140527213607.332",
"repeated": 0,
"api": "RegQueryValueExW",
"arguments": [
{
"name": "hKey",
"value": "0x00000154"
},
{
"name": "lpValueName",
"value": "SuppressionPolicy"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "0x00000154",
"timestamp": "20140527213607.332",
"repeated": 0,
"api": "RegOpenKeyExW",
"arguments": [
{
"name": "hKey",
"value": "0x00000150"
},
{
"name": "lpSubKey",
"value": "{450D8FBA-AD25-11D0-98A8-0800361B1103}"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "0x00000154",
"timestamp": "20140527213607.332",
"repeated": 0,
"api": "RegOpenKeyExW",
"arguments": [
{
"name": "hKey",
"value": "0x00000150"
},
{
"name": "lpSubKey",
"value": "{645FF040-5081-101B-9F08-00AA002F954E}"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "0x00000154",
"timestamp": "20140527213607.332",
"repeated": 0,
"api": "RegOpenKeyExW",
"arguments": [
{
"name": "hKey",
"value": "0x00000150"
},
{
"name": "lpSubKey",
"value": "{e17d4fc0-5564-11d1-83f2-00a0c90dc849}"
}
]
},
{
"category": "registry",
"status": "FAILURE",
"return": "",
"timestamp": "20140527213607.332",
"repeated": 0,
"api": "RegOpenKeyExW",
"arguments": [
{
"name": "hKey",
"value": "HKEY_CURRENT_USER"
},
{
"name": "lpSubKey",
"value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "0x00000150",
"timestamp": "20140527213607.332",
"repeated": 0,
"api": "RegOpenKeyExW",
"arguments": [
{
"name": "hKey",
"value": "0x000000c0"
},
{
"name": "lpSubKey",
"value": "(null)"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "0x00000154",
"timestamp": "20140527213607.332",
"repeated": 0,
"api": "RegCreateKeyExW",
"arguments": [
{
"name": "hKey",
"value": "0x00000150"
},
{
"name": "lpSubKey",
"value": "SessionInfo\\000000000000930c"
}
]
},
{
"category": "registry",
"status": "FAILURE",
"return": "",
"timestamp": "20140527213607.332",
"repeated": 0,
"api": "RegOpenKeyExW",
"arguments": [
{
"name": "hKey",
"value": "0x00000154"
},
{
"name": "lpSubKey",
"value": "Desktop\\NameSpace"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "0x00000156",
"timestamp": "20140527213607.332",
"repeated": 0,
"api": "RegOpenKeyExW",
"arguments": [
{
"name": "hKey",
"value": "HKEY_CLASSES_ROOT"
},
{
"name": "lpSubKey",
"value": "CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder"
}
]
},
{
"category": "registry",
"status": "FAILURE",
"return": "",
"timestamp": "20140527213607.332",
"repeated": 0,
"api": "RegQueryValueExW",
"arguments": [
{
"name": "hKey",
"value": "0x00000156"
},
{
"name": "lpValueName",
"value": "WantsParseDisplayName"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "0x00000156",
"timestamp": "20140527213607.332",
"repeated": 0,
"api": "RegOpenKeyExW",
"arguments": [
{
"name": "hKey",
"value": "HKEY_CLASSES_ROOT"
},
{
"name": "lpSubKey",
"value": "CLSID\\{208D2C60-3AEA-1069-A2D7-08002B30309D}\\ShellFolder"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "0x00000156",
"timestamp": "20140527213607.332",
"repeated": 0,
"api": "RegOpenKeyExW",
"arguments": [
{
"name": "hKey",
"value": "HKEY_CLASSES_ROOT"
},
{
"name": "lpSubKey",
"value": "CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}\\ShellFolder"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "",
"timestamp": "20140527213607.332",
"repeated": 0,
"api": "RegQueryValueExW",
"arguments": [
{
"name": "hKey",
"value": "0x00000156"
},
{
"name": "lpValueName",
"value": "WantsParseDisplayName"
}
]
},
{
"category": "registry",
"status": "FAILURE",
"return": "",
"timestamp": "20140527213607.332",
"repeated": 0,
"api": "RegOpenKeyExA",
"arguments": [
{
"name": "hKey",
"value": "HKEY_LOCAL_MACHINE"
},
{
"name": "lpSubKey",
"value": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\ShellCompatibility\\Objects\\{871C5380-42A0-1069-A2EA-08002B30309D}"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "0x00000156",
"timestamp": "20140527213607.332",
"repeated": 0,
"api": "RegOpenKeyExW",
"arguments": [
{
"name": "hKey",
"value": "HKEY_CLASSES_ROOT"
},
{
"name": "lpSubKey",
"value": "CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}\\InProcServer32"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "",
"timestamp": "20140527213607.332",
"repeated": 0,
"api": "RegQueryValueExW",
"arguments": [
{
"name": "hKey",
"value": "0x00000156"
},
{
"name": "lpValueName",
"value": "(null)"
}
]
},
{
"category": "registry",
"status": "FAILURE",
"return": "",
"timestamp": "20140527213607.332",
"repeated": 0,
"api": "RegQueryValueExW",
"arguments": [
{
"name": "hKey",
"value": "0x00000156"
},
{
"name": "lpValueName",
"value": "LoadWithoutCOM"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "0x00000154",
"timestamp": "20140527213607.342",
"repeated": 0,
"api": "RegCreateKeyExW",
"arguments": [
{
"name": "hKey",
"value": "HKEY_LOCAL_MACHINE"
},
{
"name": "lpSubKey",
"value": "Software\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Blocked"
}
]
},
{
"category": "registry",
"status": "FAILURE",
"return": "",
"timestamp": "20140527213607.342",
"repeated": 0,
"api": "RegQueryValueExW",
"arguments": [
{
"name": "hKey",
"value": "0x00000154"
},
{
"name": "lpValueName",
"value": "{871C5380-42A0-1069-A2EA-08002B30309D}"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "0x00000150",
"timestamp": "20140527213607.342",
"repeated": 0,
"api": "RegCreateKeyExW",
"arguments": [
{
"name": "hKey",
"value": "HKEY_CURRENT_USER"
},
{
"name": "lpSubKey",
"value": "Software\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Blocked"
}
]
},
{
"category": "registry",
"status": "FAILURE",
"return": "",
"timestamp": "20140527213607.342",
"repeated": 0,
"api": "RegQueryValueExW",
"arguments": [
{
"name": "hKey",
"value": "0x00000150"
},
{
"name": "lpValueName",
"value": "{871C5380-42A0-1069-A2EA-08002B30309D}"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "0x00000158",
"timestamp": "20140527213607.342",
"repeated": 0,
"api": "RegOpenKeyExW",
"arguments": [
{
"name": "hKey",
"value": "HKEY_CURRENT_USER"
},
{
"name": "lpSubKey",
"value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
}
]
},
{
"category": "registry",
"status": "FAILURE",
"return": "",
"timestamp": "20140527213607.342",
"repeated": 0,
"api": "RegQueryValueExW",
"arguments": [
{
"name": "hKey",
"value": "0x00000158"
},
{
"name": "lpValueName",
"value": "EnforceShellExtensionSecurity"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "0x00000158",
"timestamp": "20140527213607.342",
"repeated": 0,
"api": "RegCreateKeyExW",
"arguments": [
{
"name": "hKey",
"value": "HKEY_LOCAL_MACHINE"
},
{
"name": "lpSubKey",
"value": "Software\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Cached"
}
]
},
{
"category": "registry",
"status": "FAILURE",
"return": "",
"timestamp": "20140527213607.342",
"repeated": 0,
"api": "RegQueryValueExW",
"arguments": [
{
"name": "hKey",
"value": "0x00000158"
},
{
"name": "lpValueName",
"value": "{871C5380-42A0-1069-A2EA-08002B30309D} {000214E6-0000-0000-C000-000000000046} 0x401"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "0x0000015c",
"timestamp": "20140527213607.342",
"repeated": 0,
"api": "RegCreateKeyExW",
"arguments": [
{
"name": "hKey",
"value": "HKEY_CURRENT_USER"
},
{
"name": "lpSubKey",
"value": "Software\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Cached"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "",
"timestamp": "20140527213607.342",
"repeated": 0,
"api": "RegQueryValueExW",
"arguments": [
{
"name": "hKey",
"value": "0x0000015c"
},
{
"name": "lpValueName",
"value": "{871C5380-42A0-1069-A2EA-08002B30309D} {000214E6-0000-0000-C000-000000000046} 0x401"
}
]
},
{
"category": "system",
"status": "SUCCESS",
"return": "0x77b40000",
"timestamp": "20140527213607.342",
"repeated": 0,
"api": "LoadLibraryA",
"arguments": [
{
"name": "lpFileName",
"value": "appHelp.dll"
}
]
},
{
"category": "synchronization",
"status": "SUCCESS",
"return": "0x00000164",
"timestamp": "20140527213607.342",
"repeated": 0,
"api": "OpenMutexW",
"arguments": [
{
"name": "dwDesiredAccess",
"value": "0x00120001"
},
{
"name": "lpName",
"value": "ShimCacheMutex"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "0x00000160",
"timestamp": "20140527213607.342",
"repeated": 0,
"api": "RegOpenKeyExW",
"arguments": [
{
"name": "hKey",
"value": "HKEY_LOCAL_MACHINE"
},
{
"name": "lpSubKey",
"value": "Software\\Microsoft\\COM3"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "",
"timestamp": "20140527213607.342",
"repeated": 0,
"api": "RegQueryValueExW",
"arguments": [
{
"name": "hKey",
"value": "0x00000160"
},
{
"name": "lpValueName",
"value": "REGDBVersion"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "0x00000162",
"timestamp": "20140527213607.342",
"repeated": 0,
"api": "RegOpenKeyExW",
"arguments": [
{
"name": "hKey",
"value": "0x0000000e"
},
{
"name": "lpSubKey",
"value": "CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}"
}
]
},
{
"category": "registry",
"status": "FAILURE",
"return": "",
"timestamp": "20140527213607.342",
"repeated": 0,
"api": "RegOpenKeyExW",
"arguments": [
{
"name": "hKey",
"value": "0x00000162"
},
{
"name": "lpSubKey",
"value": "TreatAs"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "0x0000016e",
"timestamp": "20140527213607.342",
"repeated": 0,
"api": "RegOpenKeyExW",
"arguments": [
{
"name": "hKey",
"value": "0x0000000e"
},
{
"name": "lpSubKey",
"value": "(null)"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "0x00000162",
"timestamp": "20140527213607.342",
"repeated": 0,
"api": "RegOpenKeyExW",
"arguments": [
{
"name": "hKey",
"value": "0x0000016e"
},
{
"name": "lpSubKey",
"value": "CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "0x00000172",
"timestamp": "20140527213607.342",
"repeated": 0,
"api": "RegOpenKeyExW",
"arguments": [
{
"name": "hKey",
"value": "0x00000162"
},
{
"name": "lpSubKey",
"value": "InprocServer32"
}
]
},
{
"category": "registry",
"status": "FAILURE",
"return": "",
"timestamp": "20140527213607.342",
"repeated": 0,
"api": "RegQueryValueExW",
"arguments": [
{
"name": "hKey",
"value": "0x00000172"
},
{
"name": "lpValueName",
"value": "InprocServer32"
}
]
},
{
"category": "registry",
"status": "FAILURE",
"return": "",
"timestamp": "20140527213607.342",
"repeated": 0,
"api": "RegOpenKeyExW",
"arguments": [
{
"name": "hKey",
"value": "0x00000162"
},
{
"name": "lpSubKey",
"value": "InprocServerX86"
}
]
},
{
"category": "registry",
"status": "FAILURE",
"return": "",
"timestamp": "20140527213607.342",
"repeated": 0,
"api": "RegOpenKeyExW",
"arguments": [
{
"name": "hKey",
"value": "0x00000162"
},
{
"name": "lpSubKey",
"value": "LocalServer32"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "",
"timestamp": "20140527213607.342",
"repeated": 0,
"api": "RegQueryValueExW",
"arguments": [
{
"name": "hKey",
"value": "0x00000172"
},
{
"name": "lpValueName",
"value": "(null)"
}
]
},
{
"category": "registry",
"status": "FAILURE",
"return": "",
"timestamp": "20140527213607.342",
"repeated": 0,
"api": "RegOpenKeyExW",
"arguments": [
{
"name": "hKey",
"value": "0x00000162"
},
{
"name": "lpSubKey",
"value": "InprocHandler32"
}
]
},
{
"category": "registry",
"status": "FAILURE",
"return": "",
"timestamp": "20140527213607.342",
"repeated": 0,
"api": "RegOpenKeyExW",
"arguments": [
{
"name": "hKey",
"value": "0x00000162"
},
{
"name": "lpSubKey",
"value": "InprocHandlerX86"
}
]
},
{
"category": "registry",
"status": "FAILURE",
"return": "",
"timestamp": "20140527213607.342",
"repeated": 0,
"api": "RegOpenKeyExW",
"arguments": [
{
"name": "hKey",
"value": "0x00000162"
},
{
"name": "lpSubKey",
"value": "LocalServer"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "0x00000172",
"timestamp": "20140527213607.342",
"repeated": 0,
"api": "RegOpenKeyExW",
"arguments": [
{
"name": "hKey",
"value": "0x0000016e"
},
{
"name": "lpSubKey",
"value": "CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}"
}
]
},
{
"category": "registry",
"status": "FAILURE",
"return": "",
"timestamp": "20140527213607.342",
"repeated": 0,
"api": "RegQueryValueExW",
"arguments": [
{
"name": "hKey",
"value": "0x00000172"
},
{
"name": "lpValueName",
"value": "AppID"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "",
"timestamp": "20140527213607.342",
"repeated": 0,
"api": "RegQueryValueExW",
"arguments": [
{
"name": "hKey",
"value": "0x00000172"
},
{
"name": "lpValueName",
"value": "ThreadingModel"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "0x00000162",
"timestamp": "20140527213607.342",
"repeated": 0,
"api": "RegOpenKeyExW",
"arguments": [
{
"name": "hKey",
"value": "HKEY_CLASSES_ROOT"
},
{
"name": "lpSubKey",
"value": "CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}"
}
]
},
{
"category": "synchronization",
"status": "SUCCESS",
"return": "0x00000160",
"timestamp": "20140527213607.342",
"repeated": 0,
"api": "CreateMutexW",
"arguments": [
{
"name": "lpName",
"value": "(null)"
}
]
},
{
"category": "synchronization",
"status": "SUCCESS",
"return": "0x00000174",
"timestamp": "20140527213607.342",
"repeated": 0,
"api": "CreateMutexW",
"arguments": [
{
"name": "lpName",
"value": "(null)"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "0x00000184",
"timestamp": "20140527213607.342",
"repeated": 0,
"api": "RegOpenKeyExW",
"arguments": [
{
"name": "hKey",
"value": "HKEY_LOCAL_MACHINE"
},
{
"name": "lpSubKey",
"value": "System\\CurrentControlSet\\Services\\LDAP"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "",
"timestamp": "20140527213607.342",
"repeated": 0,
"api": "RegQueryValueExW",
"arguments": [
{
"name": "hKey",
"value": "0x00000184"
},
{
"name": "lpValueName",
"value": "LdapClientIntegrity"
}
]
},
{
"category": "system",
"status": "SUCCESS",
"return": "0x773d0000",
"timestamp": "20140527213607.342",
"repeated": 0,
"api": "LoadLibraryW",
"arguments": [
{
"name": "lpFileName",
"value": "Comctl32.dll"
}
]
},
{
"category": "system",
"status": "SUCCESS",
"return": "0x74e30000",
"timestamp": "20140527213607.352",
"repeated": 0,
"api": "LoadLibraryA",
"arguments": [
{
"name": "lpFileName",
"value": "RichEd20.dll"
}
]
},
{
"category": "system",
"status": "SUCCESS",
"return": "0x773d0000",
"timestamp": "20140527213607.352",
"repeated": 0,
"api": "LoadLibraryW",
"arguments": [
{
"name": "lpFileName",
"value": "comctl32.dll"
}
]
},
{
"category": "registry",
"status": "FAILURE",
"return": "",
"timestamp": "20140527213607.352",
"repeated": 0,
"api": "RegOpenKeyExW",
"arguments": [
{
"name": "hKey",
"value": "HKEY_CLASSES_ROOT"
},
{
"name": "lpSubKey",
"value": "clsid\\{c90250f3-4d7d-4991-9b69-a5c5bc1c2ae6}"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "0x0000018e",
"timestamp": "20140527213607.352",
"repeated": 0,
"api": "RegOpenKeyExW",
"arguments": [
{
"name": "hKey",
"value": "HKEY_CLASSES_ROOT"
},
{
"name": "lpSubKey",
"value": "Interface\\{EAB22AC1-30C1-11CF-A7EB-0000C05BAE0B}\\Typelib"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "",
"timestamp": "20140527213607.352",
"repeated": 0,
"api": "RegQueryValueExW",
"arguments": [
{
"name": "hKey",
"value": "0x0000018e"
},
{
"name": "lpValueName",
"value": "(null)"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "0x0000018e",
"timestamp": "20140527213607.352",
"repeated": 0,
"api": "RegOpenKeyExW",
"arguments": [
{
"name": "hKey",
"value": "HKEY_CLASSES_ROOT"
},
{
"name": "lpSubKey",
"value": "Interface\\{b722bccb-4e68-101b-a2bc-00aa00404770}\\ProxyStubClsid32"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "0x0000018e",
"timestamp": "20140527213607.352",
"repeated": 0,
"api": "RegOpenKeyExW",
"arguments": [
{
"name": "hKey",
"value": "HKEY_CLASSES_ROOT"
},
{
"name": "lpSubKey",
"value": "Interface\\{79eac9c4-baf9-11ce-8c82-00aa004ba90b}\\ProxyStubClsid32"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "0x0000018e",
"timestamp": "20140527213607.352",
"repeated": 0,
"api": "RegOpenKeyExW",
"arguments": [
{
"name": "hKey",
"value": "HKEY_CLASSES_ROOT"
},
{
"name": "lpSubKey",
"value": "Interface\\{000214E6-0000-0000-C000-000000000046}\\ProxyStubClsid32"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "0x0000018e",
"timestamp": "20140527213607.352",
"repeated": 0,
"api": "RegOpenKeyExW",
"arguments": [
{
"name": "hKey",
"value": "HKEY_CLASSES_ROOT"
},
{
"name": "lpSubKey",
"value": "Interface\\{93F2F68C-1D1B-11D3-A30E-00C04F79ABD1}\\ProxyStubClsid32"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "0x0000018e",
"timestamp": "20140527213607.352",
"repeated": 0,
"api": "RegOpenKeyExA",
"arguments": [
{
"name": "hKey",
"value": "HKEY_CLASSES_ROOT"
},
{
"name": "lpSubKey",
"value": "http"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "0x0000018e",
"timestamp": "20140527213607.352",
"repeated": 0,
"api": "RegOpenKeyExW",
"arguments": [
{
"name": "hKey",
"value": "HKEY_CLASSES_ROOT"
},
{
"name": "lpSubKey",
"value": "CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}\\InProcServer32"
}
]
},
{
"category": "registry",
"status": "FAILURE",
"return": "",
"timestamp": "20140527213607.352",
"repeated": 0,
"api": "RegQueryValueExW",
"arguments": [
{
"name": "hKey",
"value": "0x0000018e"
},
{
"name": "lpValueName",
"value": "LoadWithoutCOM"
}
]
},
{
"category": "filesystem",
"status": "SUCCESS",
"return": "0x0000018c",
"timestamp": "20140527213607.352",
"repeated": 0,
"api": "CreateFileW",
"arguments": [
{
"name": "lpFileName",
"value": "C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\DowwnLaowApp\\DowwnLaowApp.lnk"
},
{
"name": "dwDesiredAccess",
"value": "GENERIC_READ | GENERIC_WRITE"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "0x00000192",
"timestamp": "20140527213607.352",
"repeated": 0,
"api": "RegOpenKeyExA",
"arguments": [
{
"name": "hKey",
"value": "HKEY_CLASSES_ROOT"
},
{
"name": "lpSubKey",
"value": "CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\InProcServer32"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "",
"timestamp": "20140527213607.352",
"repeated": 0,
"api": "RegQueryValueExW",
"arguments": [
{
"name": "hKey",
"value": "0x00000192"
},
{
"name": "lpValueName",
"value": "(null)"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "0x00000192",
"timestamp": "20140527213607.352",
"repeated": 0,
"api": "RegOpenKeyExW",
"arguments": [
{
"name": "hKey",
"value": "HKEY_CLASSES_ROOT"
},
{
"name": "lpSubKey",
"value": "Drive\\shellex\\FolderExtensions"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "0x00000196",
"timestamp": "20140527213607.352",
"repeated": 0,
"api": "RegOpenKeyExW",
"arguments": [
{
"name": "hKey",
"value": "HKEY_CLASSES_ROOT"
},
{
"name": "lpSubKey",
"value": "Drive\\shellex\\FolderExtensions\\{fbeb8a05-beee-4442-804e-409d6c4515e9}"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "",
"timestamp": "20140527213607.352",
"repeated": 0,
"api": "RegQueryValueExW",
"arguments": [
{
"name": "hKey",
"value": "0x00000196"
},
{
"name": "lpValueName",
"value": "DriveMask"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "0x00000196",
"timestamp": "20140527213607.362",
"repeated": 0,
"api": "RegOpenKeyExW",
"arguments": [
{
"name": "hKey",
"value": "HKEY_CLASSES_ROOT"
},
{
"name": "lpSubKey",
"value": "CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}\\InProcServer32"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "",
"timestamp": "20140527213607.362",
"repeated": 0,
"api": "RegQueryValueExW",
"arguments": [
{
"name": "hKey",
"value": "0x00000196"
},
{
"name": "lpValueName",
"value": "(null)"
}
]
},
{
"category": "registry",
"status": "FAILURE",
"return": "",
"timestamp": "20140527213607.362",
"repeated": 0,
"api": "RegQueryValueExW",
"arguments": [
{
"name": "hKey",
"value": "0x00000196"
},
{
"name": "lpValueName",
"value": "LoadWithoutCOM"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "0x00000194",
"timestamp": "20140527213607.362",
"repeated": 0,
"api": "RegCreateKeyExW",
"arguments": [
{
"name": "hKey",
"value": "HKEY_CURRENT_USER"
},
{
"name": "lpSubKey",
"value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "",
"timestamp": "20140527213607.362",
"repeated": 0,
"api": "RegQueryValueExW",
"arguments": [
{
"name": "hKey",
"value": "0x00000194"
},
{
"name": "lpValueName",
"value": "Desktop"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "0x00000194",
"timestamp": "20140527213607.362",
"repeated": 0,
"api": "RegCreateKeyExW",
"arguments": [
{
"name": "hKey",
"value": "HKEY_CURRENT_USER"
},
{
"name": "lpSubKey",
"value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Shell Folders"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "",
"timestamp": "20140527213607.362",
"repeated": 0,
"api": "RegSetValueExW",
"arguments": [
{
"name": "hKey",
"value": "0x00000194"
},
{
"name": "lpValueName",
"value": "Desktop"
},
{
"name": "dwType",
"value": "1"
},
{
"name": "lpData",
"value": "C:\\Documents and Settings\\janettedoe\\Desktop"
},
{
"name": "cbData",
"value": "90"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "0x00000196",
"timestamp": "20140527213607.362",
"repeated": 0,
"api": "RegOpenKeyExA",
"arguments": [
{
"name": "hKey",
"value": "HKEY_CLASSES_ROOT"
},
{
"name": "lpSubKey",
"value": "CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\InProcServer32"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "0x00000194",
"timestamp": "20140527213607.362",
"repeated": 0,
"api": "RegOpenKeyExW",
"arguments": [
{
"name": "hKey",
"value": "HKEY_CURRENT_USER"
},
{
"name": "lpSubKey",
"value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "0x00000190",
"timestamp": "20140527213607.362",
"repeated": 0,
"api": "RegOpenKeyExW",
"arguments": [
{
"name": "hKey",
"value": "0x00000194"
},
{
"name": "lpSubKey",
"value": "{a20cd692-8e41-11e1-9999-806d6172696f}\\"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "",
"timestamp": "20140527213607.362",
"repeated": 0,
"api": "RegQueryValueExW",
"arguments": [
{
"name": "hKey",
"value": "0x00000190"
},
{
"name": "lpValueName",
"value": "Generation"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "0x00000190",
"timestamp": "20140527213607.362",
"repeated": 0,
"api": "RegCreateKeyExW",
"arguments": [
{
"name": "hKey",
"value": "HKEY_CURRENT_USER"
},
{
"name": "lpSubKey",
"value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "",
"timestamp": "20140527213607.362",
"repeated": 0,
"api": "RegQueryValueExW",
"arguments": [
{
"name": "hKey",
"value": "0x00000190"
},
{
"name": "lpValueName",
"value": "Start Menu"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "0x00000190",
"timestamp": "20140527213607.362",
"repeated": 0,
"api": "RegCreateKeyExW",
"arguments": [
{
"name": "hKey",
"value": "HKEY_CURRENT_USER"
},
{
"name": "lpSubKey",
"value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Shell Folders"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "",
"timestamp": "20140527213607.362",
"repeated": 0,
"api": "RegSetValueExW",
"arguments": [
{
"name": "hKey",
"value": "0x00000190"
},
{
"name": "lpValueName",
"value": "Start Menu"
},
{
"name": "dwType",
"value": "1"
},
{
"name": "lpData",
"value": "C:\\Documents and Settings\\janettedoe\\Start Menu"
},
{
"name": "cbData",
"value": "96"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "0x00000190",
"timestamp": "20140527213607.362",
"repeated": 0,
"api": "RegOpenKeyExW",
"arguments": [
{
"name": "hKey",
"value": "HKEY_CURRENT_USER"
},
{
"name": "lpSubKey",
"value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "0x00000194",
"timestamp": "20140527213607.362",
"repeated": 0,
"api": "RegOpenKeyExW",
"arguments": [
{
"name": "hKey",
"value": "0x00000190"
},
{
"name": "lpSubKey",
"value": "{a20cd692-8e41-11e1-9999-806d6172696f}\\"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "",
"timestamp": "20140527213607.362",
"repeated": 0,
"api": "RegQueryValueExW",
"arguments": [
{
"name": "hKey",
"value": "0x00000194"
},
{
"name": "lpValueName",
"value": "Generation"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "0x00000194",
"timestamp": "20140527213607.362",
"repeated": 0,
"api": "RegOpenKeyExW",
"arguments": [
{
"name": "hKey",
"value": "HKEY_CURRENT_USER"
},
{
"name": "lpSubKey",
"value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
}
]
},
{
"category": "registry",
"status": "FAILURE",
"return": "",
"timestamp": "20140527213607.362",
"repeated": 0,
"api": "RegQueryValueExW",
"arguments": [
{
"name": "hKey",
"value": "0x00000194"
},
{
"name": "lpValueName",
"value": "UseDesktopIniCache"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "0x00000194",
"timestamp": "20140527213607.362",
"repeated": 0,
"api": "RegCreateKeyExW",
"arguments": [
{
"name": "hKey",
"value": "HKEY_LOCAL_MACHINE"
},
{
"name": "lpSubKey",
"value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "",
"timestamp": "20140527213607.362",
"repeated": 0,
"api": "RegQueryValueExW",
"arguments": [
{
"name": "hKey",
"value": "0x00000194"
},
{
"name": "lpValueName",
"value": "Common Start Menu"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "0x00000194",
"timestamp": "20140527213607.362",
"repeated": 0,
"api": "RegCreateKeyExW",
"arguments": [
{
"name": "hKey",
"value": "HKEY_LOCAL_MACHINE"
},
{
"name": "lpSubKey",
"value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Shell Folders"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "",
"timestamp": "20140527213607.362",
"repeated": 0,
"api": "RegSetValueExW",
"arguments": [
{
"name": "hKey",
"value": "0x00000194"
},
{
"name": "lpValueName",
"value": "Common Start Menu"
},
{
"name": "dwType",
"value": "1"
},
{
"name": "lpData",
"value": "C:\\Documents and Settings\\All Users\\Start Menu"
},
{
"name": "cbData",
"value": "94"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "0x00000190",
"timestamp": "20140527213607.362",
"repeated": 0,
"api": "RegCreateKeyExW",
"arguments": [
{
"name": "hKey",
"value": "HKEY_LOCAL_MACHINE"
},
{
"name": "lpSubKey",
"value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "",
"timestamp": "20140527213607.362",
"repeated": 0,
"api": "RegQueryValueExW",
"arguments": [
{
"name": "hKey",
"value": "0x00000190"
},
{
"name": "lpValueName",
"value": "Common Desktop"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "0x00000190",
"timestamp": "20140527213607.362",
"repeated": 0,
"api": "RegCreateKeyExW",
"arguments": [
{
"name": "hKey",
"value": "HKEY_LOCAL_MACHINE"
},
{
"name": "lpSubKey",
"value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Shell Folders"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "",
"timestamp": "20140527213607.362",
"repeated": 0,
"api": "RegSetValueExW",
"arguments": [
{
"name": "hKey",
"value": "0x00000190"
},
{
"name": "lpValueName",
"value": "Common Desktop"
},
{
"name": "dwType",
"value": "1"
},
{
"name": "lpData",
"value": "C:\\Documents and Settings\\All Users\\Desktop"
},
{
"name": "cbData",
"value": "88"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "",
"timestamp": "20140527213607.362",
"repeated": 0,
"api": "RegQueryValueExW",
"arguments": [
{
"name": "hKey",
"value": "0x00000190"
},
{
"name": "lpValueName",
"value": "My Pictures"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "",
"timestamp": "20140527213607.362",
"repeated": 0,
"api": "RegSetValueExW",
"arguments": [
{
"name": "hKey",
"value": "0x00000190"
},
{
"name": "lpValueName",
"value": "My Pictures"
},
{
"name": "dwType",
"value": "1"
},
{
"name": "lpData",
"value": "C:\\Documents and Settings\\janettedoe\\My Documents\\My Pictures"
},
{
"name": "cbData",
"value": "124"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "",
"timestamp": "20140527213607.362",
"repeated": 0,
"api": "RegQueryValueExW",
"arguments": [
{
"name": "hKey",
"value": "0x00000194"
},
{
"name": "lpValueName",
"value": "Personal"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "",
"timestamp": "20140527213607.362",
"repeated": 0,
"api": "RegSetValueExW",
"arguments": [
{
"name": "hKey",
"value": "0x00000194"
},
{
"name": "lpValueName",
"value": "Personal"
},
{
"name": "dwType",
"value": "1"
},
{
"name": "lpData",
"value": "C:\\Documents and Settings\\janettedoe\\My Documents"
},
{
"name": "cbData",
"value": "100"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "0x00000190",
"timestamp": "20140527213607.362",
"repeated": 0,
"api": "RegOpenKeyExW",
"arguments": [
{
"name": "hKey",
"value": "HKEY_CURRENT_USER"
},
{
"name": "lpSubKey",
"value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
}
]
},
{
"category": "registry",
"status": "FAILURE",
"return": "",
"timestamp": "20140527213607.362",
"repeated": 0,
"api": "RegQueryValueExW",
"arguments": [
{
"name": "hKey",
"value": "0x00000190"
},
{
"name": "lpValueName",
"value": "CompareJunctionness"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "0x00000190",
"timestamp": "20140527213607.362",
"repeated": 0,
"api": "RegOpenKeyExW",
"arguments": [
{
"name": "hKey",
"value": "HKEY_LOCAL_MACHINE"
},
{
"name": "lpSubKey",
"value": "Software\\Microsoft\\Windows\\CurrentVersion"
}
]
},
{
"category": "registry",
"status": "FAILURE",
"return": "",
"timestamp": "20140527213607.362",
"repeated": 0,
"api": "RegQueryValueExW",
"arguments": [
{
"name": "hKey",
"value": "0x00000190"
},
{
"name": "lpValueName",
"value": "ProgramFilesDir (x86)"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "",
"timestamp": "20140527213607.362",
"repeated": 0,
"api": "RegQueryValueExW",
"arguments": [
{
"name": "hKey",
"value": "0x00000190"
},
{
"name": "lpValueName",
"value": "ProgramFilesDir"
}
]
},
{
"category": "registry",
"status": "FAILURE",
"return": "",
"timestamp": "20140527213607.362",
"repeated": 0,
"api": "RegQueryValueExW",
"arguments": [
{
"name": "hKey",
"value": "0x00000194"
},
{
"name": "lpValueName",
"value": "CommonPictures"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "0x00000194",
"timestamp": "20140527213607.362",
"repeated": 0,
"api": "RegOpenKeyExW",
"arguments": [
{
"name": "hKey",
"value": "HKEY_LOCAL_MACHINE"
},
{
"name": "lpSubKey",
"value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\winlogon"
}
]
},
{
"category": "registry",
"status": "FAILURE",
"return": "",
"timestamp": "20140527213607.362",
"repeated": 0,
"api": "RegQueryValueExW",
"arguments": [
{
"name": "hKey",
"value": "0x00000194"
},
{
"name": "lpValueName",
"value": "UserEnvDebugLevel"
}
]
},
{
"category": "registry",
"status": "FAILURE",
"return": "",
"timestamp": "20140527213607.362",
"repeated": 0,
"api": "RegQueryValueExW",
"arguments": [
{
"name": "hKey",
"value": "0x00000194"
},
{
"name": "lpValueName",
"value": "ChkAccDebugLevel"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "0x00000194",
"timestamp": "20140527213607.362",
"repeated": 0,
"api": "RegOpenKeyExW",
"arguments": [
{
"name": "hKey",
"value": "HKEY_LOCAL_MACHINE"
},
{
"name": "lpSubKey",
"value": "System\\CurrentControlSet\\Control\\ProductOptions"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "",
"timestamp": "20140527213607.362",
"repeated": 0,
"api": "RegQueryValueExW",
"arguments": [
{
"name": "hKey",
"value": "0x00000194"
},
{
"name": "lpValueName",
"value": "ProductType"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "0x00000198",
"timestamp": "20140527213607.362",
"repeated": 0,
"api": "RegOpenKeyExW",
"arguments": [
{
"name": "hKey",
"value": "0x00000190"
},
{
"name": "lpSubKey",
"value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "",
"timestamp": "20140527213607.362",
"repeated": 0,
"api": "RegQueryValueExW",
"arguments": [
{
"name": "hKey",
"value": "0x00000198"
},
{
"name": "lpValueName",
"value": "Personal"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "",
"timestamp": "20140527213607.362",
"repeated": 0,
"api": "RegQueryValueExW",
"arguments": [
{
"name": "hKey",
"value": "0x00000198"
},
{
"name": "lpValueName",
"value": "Local Settings"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "0x00000190",
"timestamp": "20140527213607.362",
"repeated": 0,
"api": "RegOpenKeyExW",
"arguments": [
{
"name": "hKey",
"value": "HKEY_LOCAL_MACHINE"
},
{
"name": "lpSubKey",
"value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\winlogon"
}
]
},
{
"category": "registry",
"status": "FAILURE",
"return": "",
"timestamp": "20140527213607.362",
"repeated": 0,
"api": "RegQueryValueExW",
"arguments": [
{
"name": "hKey",
"value": "0x00000190"
},
{
"name": "lpValueName",
"value": "RsopDebugLevel"
}
]
},
{
"category": "registry",
"status": "FAILURE",
"return": "",
"timestamp": "20140527213607.362",
"repeated": 0,
"api": "RegQueryValueExW",
"arguments": [
{
"name": "hKey",
"value": "0x00000190"
},
{
"name": "lpValueName",
"value": "UserEnvDebugLevel"
}
]
},
{
"category": "registry",
"status": "FAILURE",
"return": "",
"timestamp": "20140527213607.362",
"repeated": 0,
"api": "RegQueryValueExW",
"arguments": [
{
"name": "hKey",
"value": "0x00000190"
},
{
"name": "lpValueName",
"value": "RsopLogging"
}
]
},
{
"category": "registry",
"status": "FAILURE",
"return": "",
"timestamp": "20140527213607.362",
"repeated": 0,
"api": "RegOpenKeyExW",
"arguments": [
{
"name": "hKey",
"value": "HKEY_LOCAL_MACHINE"
},
{
"name": "lpSubKey",
"value": "Software\\Policies\\Microsoft\\Windows\\System"
}
]
},
{
"category": "system",
"status": "SUCCESS",
"return": "0x769c0000",
"timestamp": "20140527213607.362",
"repeated": 0,
"api": "LoadLibraryA",
"arguments": [
{
"name": "lpFileName",
"value": "USERENV.dll"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "0x00000190",
"timestamp": "20140527213607.362",
"repeated": 0,
"api": "RegOpenKeyExW",
"arguments": [
{
"name": "hKey",
"value": "HKEY_LOCAL_MACHINE"
},
{
"name": "lpSubKey",
"value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "",
"timestamp": "20140527213607.362",
"repeated": 0,
"api": "RegQueryValueExW",
"arguments": [
{
"name": "hKey",
"value": "0x00000190"
},
{
"name": "lpValueName",
"value": "ProfilesDirectory"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "",
"timestamp": "20140527213607.362",
"repeated": 0,
"api": "RegQueryValueExW",
"arguments": [
{
"name": "hKey",
"value": "0x00000190"
},
{
"name": "lpValueName",
"value": "AllUsersProfile"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "",
"timestamp": "20140527213607.362",
"repeated": 0,
"api": "RegSetValueExW",
"arguments": [
{
"name": "hKey",
"value": "0x00000190"
},
{
"name": "lpValueName",
"value": "CommonPictures"
},
{
"name": "dwType",
"value": "1"
},
{
"name": "lpData",
"value": "C:\\Documents and Settings\\All Users\\Documents\\My Pictures"
},
{
"name": "cbData",
"value": "116"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "0x00000198",
"timestamp": "20140527213607.362",
"repeated": 0,
"api": "RegOpenKeyExW",
"arguments": [
{
"name": "hKey",
"value": "0x00000190"
},
{
"name": "lpSubKey",
"value": "{a20cd692-8e41-11e1-9999-806d6172696f}\\"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "",
"timestamp": "20140527213607.362",
"repeated": 0,
"api": "RegQueryValueExW",
"arguments": [
{
"name": "hKey",
"value": "0x00000198"
},
{
"name": "lpValueName",
"value": "Generation"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "0x00000198",
"timestamp": "20140527213607.362",
"repeated": 0,
"api": "RegCreateKeyExW",
"arguments": [
{
"name": "hKey",
"value": "HKEY_LOCAL_MACHINE"
},
{
"name": "lpSubKey",
"value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "",
"timestamp": "20140527213607.362",
"repeated": 0,
"api": "RegQueryValueExW",
"arguments": [
{
"name": "hKey",
"value": "0x00000198"
},
{
"name": "lpValueName",
"value": "Common Documents"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "0x00000198",
"timestamp": "20140527213607.362",
"repeated": 0,
"api": "RegCreateKeyExW",
"arguments": [
{
"name": "hKey",
"value": "HKEY_LOCAL_MACHINE"
},
{
"name": "lpSubKey",
"value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Shell Folders"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "",
"timestamp": "20140527213607.362",
"repeated": 0,
"api": "RegSetValueExW",
"arguments": [
{
"name": "hKey",
"value": "0x00000198"
},
{
"name": "lpValueName",
"value": "Common Documents"
},
{
"name": "dwType",
"value": "1"
},
{
"name": "lpData",
"value": "C:\\Documents and Settings\\All Users\\Documents"
},
{
"name": "cbData",
"value": "92"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "0x00000198",
"timestamp": "20140527213607.362",
"repeated": 0,
"api": "RegOpenKeyExW",
"arguments": [
{
"name": "hKey",
"value": "HKEY_CURRENT_USER"
},
{
"name": "lpSubKey",
"value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "0x00000190",
"timestamp": "20140527213607.362",
"repeated": 0,
"api": "RegOpenKeyExW",
"arguments": [
{
"name": "hKey",
"value": "0x00000198"
},
{
"name": "lpSubKey",
"value": "{a20cd692-8e41-11e1-9999-806d6172696f}\\"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "0x00000192",
"timestamp": "20140527213607.362",
"repeated": 0,
"api": "RegOpenKeyExA",
"arguments": [
{
"name": "hKey",
"value": "HKEY_CLASSES_ROOT"
},
{
"name": "lpSubKey",
"value": "CLSID\\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\\InProcServer32"
}
]
},
{
"category": "registry",
"status": "FAILURE",
"return": "",
"timestamp": "20140527213607.362",
"repeated": 0,
"api": "RegQueryValueExW",
"arguments": [
{
"name": "hKey",
"value": "0x00000190"
},
{
"name": "lpValueName",
"value": "NoSharedDocuments"
}
]
},
{
"category": "system",
"status": "SUCCESS",
"return": "0x5b860000",
"timestamp": "20140527213607.362",
"repeated": 0,
"api": "LoadLibraryA",
"arguments": [
{
"name": "lpFileName",
"value": "netapi32"
}
]
},
{
"category": "filesystem",
"status": "SUCCESS",
"return": "0x00000198",
"timestamp": "20140527213607.362",
"repeated": 0,
"api": "CreateFileW",
"arguments": [
{
"name": "lpFileName",
"value": "\\\\.\\PIPE\\wkssvc"
},
{
"name": "dwDesiredAccess",
"value": "GENERIC_READ | GENERIC_WRITE"
}
]
},
{
"category": "registry",
"status": "FAILURE",
"return": "",
"timestamp": "20140527213607.373",
"repeated": 0,
"api": "RegQueryValueExW",
"arguments": [
{
"name": "hKey",
"value": "0x00000198"
},
{
"name": "lpValueName",
"value": "CommonMusic"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "0x00000198",
"timestamp": "20140527213607.373",
"repeated": 0,
"api": "RegOpenKeyExW",
"arguments": [
{
"name": "hKey",
"value": "HKEY_LOCAL_MACHINE"
},
{
"name": "lpSubKey",
"value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "",
"timestamp": "20140527213607.373",
"repeated": 0,
"api": "RegQueryValueExW",
"arguments": [
{
"name": "hKey",
"value": "0x00000198"
},
{
"name": "lpValueName",
"value": "ProfilesDirectory"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "",
"timestamp": "20140527213607.373",
"repeated": 0,
"api": "RegQueryValueExW",
"arguments": [
{
"name": "hKey",
"value": "0x00000198"
},
{
"name": "lpValueName",
"value": "AllUsersProfile"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "",
"timestamp": "20140527213607.373",
"repeated": 0,
"api": "RegSetValueExW",
"arguments": [
{
"name": "hKey",
"value": "0x00000198"
},
{
"name": "lpValueName",
"value": "CommonMusic"
},
{
"name": "dwType",
"value": "1"
},
{
"name": "lpData",
"value": "C:\\Documents and Settings\\All Users\\Documents\\My Music"
},
{
"name": "cbData",
"value": "110"
}
]
},
{
"category": "registry",
"status": "FAILURE",
"return": "",
"timestamp": "20140527213607.373",
"repeated": 0,
"api": "RegQueryValueExW",
"arguments": [
{
"name": "hKey",
"value": "0x00000190"
},
{
"name": "lpValueName",
"value": "CommonVideo"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "",
"timestamp": "20140527213607.373",
"repeated": 0,
"api": "RegSetValueExW",
"arguments": [
{
"name": "hKey",
"value": "0x00000190"
},
{
"name": "lpValueName",
"value": "CommonVideo"
},
{
"name": "dwType",
"value": "1"
},
{
"name": "lpData",
"value": "C:\\Documents and Settings\\All Users\\Documents\\My Videos"
},
{
"name": "cbData",
"value": "112"
}
]
},
{
"category": "filesystem",
"status": "SUCCESS",
"return": "",
"timestamp": "20140527213607.373",
"repeated": 0,
"api": "WriteFile",
"arguments": [
{
"name": "hFile",
"value": "0x0000018c"
},
{
"name": "nNumberOfBytesToWrite",
"value": "294"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "0x0000019a",
"timestamp": "20140527213607.373",
"repeated": 0,
"api": "RegOpenKeyExW",
"arguments": [
{
"name": "hKey",
"value": "HKEY_CLASSES_ROOT"
},
{
"name": "lpSubKey",
"value": "Drive\\shellex\\FolderExtensions"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "0x00000192",
"timestamp": "20140527213607.373",
"repeated": 0,
"api": "RegOpenKeyExW",
"arguments": [
{
"name": "hKey",
"value": "HKEY_CLASSES_ROOT"
},
{
"name": "lpSubKey",
"value": "Drive\\shellex\\FolderExtensions\\{fbeb8a05-beee-4442-804e-409d6c4515e9}"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "",
"timestamp": "20140527213607.373",
"repeated": 0,
"api": "RegQueryValueExW",
"arguments": [
{
"name": "hKey",
"value": "0x00000192"
},
{
"name": "lpValueName",
"value": "DriveMask"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "0x0000018e",
"timestamp": "20140527213607.373",
"repeated": 0,
"api": "RegOpenKeyExW",
"arguments": [
{
"name": "hKey",
"value": "HKEY_CLASSES_ROOT"
},
{
"name": "lpSubKey",
"value": "Drive\\shellex\\FolderExtensions"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "0x0000018c",
"timestamp": "20140527213607.373",
"repeated": 0,
"api": "RegOpenKeyExW",
"arguments": [
{
"name": "hKey",
"value": "HKEY_CURRENT_USER"
},
{
"name": "lpSubKey",
"value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "0x00000190",
"timestamp": "20140527213607.373",
"repeated": 0,
"api": "RegOpenKeyExW",
"arguments": [
{
"name": "hKey",
"value": "0x0000018c"
},
{
"name": "lpSubKey",
"value": "{a20cd692-8e41-11e1-9999-806d6172696f}\\"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "0x0000018e",
"timestamp": "20140527213607.373",
"repeated": 0,
"api": "RegOpenKeyExW",
"arguments": [
{
"name": "hKey",
"value": "HKEY_CLASSES_ROOT"
},
{
"name": "lpSubKey",
"value": "Drive\\shellex\\FolderExtensions\\{fbeb8a05-beee-4442-804e-409d6c4515e9}"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "",
"timestamp": "20140527213607.373",
"repeated": 0,
"api": "RegQueryValueExW",
"arguments": [
{
"name": "hKey",
"value": "0x0000018e"
},
{
"name": "lpValueName",
"value": "DriveMask"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "0x00000190",
"timestamp": "20140527213607.373",
"repeated": 0,
"api": "RegOpenKeyExW",
"arguments": [
{
"name": "hKey",
"value": "0x000000c0"
},
{
"name": "lpSubKey",
"value": "FileExts"
}
]
},
{
"category": "registry",
"status": "FAILURE",
"return": "",
"timestamp": "20140527213607.373",
"repeated": 0,
"api": "RegOpenKeyExW",
"arguments": [
{
"name": "hKey",
"value": "0x00000190"
},
{
"name": "lpSubKey",
"value": ".exe"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "0x0000018e",
"timestamp": "20140527213607.373",
"repeated": 0,
"api": "RegOpenKeyExW",
"arguments": [
{
"name": "hKey",
"value": "HKEY_CLASSES_ROOT"
},
{
"name": "lpSubKey",
"value": ".exe"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "0x0000019a",
"timestamp": "20140527213607.373",
"repeated": 0,
"api": "RegOpenKeyExW",
"arguments": [
{
"name": "hKey",
"value": "HKEY_CLASSES_ROOT"
},
{
"name": "lpSubKey",
"value": "exefile"
}
]
},
{
"category": "registry",
"status": "FAILURE",
"return": "",
"timestamp": "20140527213607.373",
"repeated": 0,
"api": "RegOpenKeyExW",
"arguments": [
{
"name": "hKey",
"value": "0x0000019a"
},
{
"name": "lpSubKey",
"value": "CurVer"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "0x0000019e",
"timestamp": "20140527213607.373",
"repeated": 0,
"api": "RegOpenKeyExW",
"arguments": [
{
"name": "hKey",
"value": "0x0000019a"
},
{
"name": "lpSubKey",
"value": "(null)"
}
]
},
{
"category": "registry",
"status": "FAILURE",
"return": "",
"timestamp": "20140527213607.373",
"repeated": 0,
"api": "RegOpenKeyExW",
"arguments": [
{
"name": "hKey",
"value": "0x0000019e"
},
{
"name": "lpSubKey",
"value": "ShellEx\\IconHandler"
}
]
},
{
"category": "registry",
"status": "FAILURE",
"return": "",
"timestamp": "20140527213607.373",
"repeated": 0,
"api": "RegOpenKeyExW",
"arguments": [
{
"name": "hKey",
"value": "HKEY_CLASSES_ROOT"
},
{
"name": "lpSubKey",
"value": "SystemFileAssociations\\.exe"
}
]
},
{
"category": "registry",
"status": "FAILURE",
"return": "",
"timestamp": "20140527213607.373",
"repeated": 0,
"api": "RegOpenKeyExW",
"arguments": [
{
"name": "hKey",
"value": "HKEY_CLASSES_ROOT"
},
{
"name": "lpSubKey",
"value": "SystemFileAssociations\\application"
}
]
},
{
"category": "registry",
"status": "FAILURE",
"return": "",
"timestamp": "20140527213607.373",
"repeated": 0,
"api": "RegQueryValueExW",
"arguments": [
{
"name": "hKey",
"value": "0x0000019e"
},
{
"name": "lpValueName",
"value": "DocObject"
}
]
},
{
"category": "registry",
"status": "FAILURE",
"return": "",
"timestamp": "20140527213607.373",
"repeated": 0,
"api": "RegQueryValueExW",
"arguments": [
{
"name": "hKey",
"value": "0x0000019e"
},
{
"name": "lpValueName",
"value": "BrowseInPlace"
}
]
},
{
"category": "registry",
"status": "FAILURE",
"return": "",
"timestamp": "20140527213607.373",
"repeated": 0,
"api": "RegOpenKeyExW",
"arguments": [
{
"name": "hKey",
"value": "0x0000019e"
},
{
"name": "lpSubKey",
"value": "Clsid"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "0x0000019a",
"timestamp": "20140527213607.373",
"repeated": 0,
"api": "RegOpenKeyExW",
"arguments": [
{
"name": "hKey",
"value": "HKEY_CLASSES_ROOT"
},
{
"name": "lpSubKey",
"value": "*"
}
]
},
{
"category": "registry",
"status": "FAILURE",
"return": "",
"timestamp": "20140527213607.373",
"repeated": 0,
"api": "RegOpenKeyExW",
"arguments": [
{
"name": "hKey",
"value": "0x0000019a"
},
{
"name": "lpSubKey",
"value": "Clsid"
}
]
},
{
"category": "registry",
"status": "FAILURE",
"return": "",
"timestamp": "20140527213607.373",
"repeated": 0,
"api": "RegQueryValueExW",
"arguments": [
{
"name": "hKey",
"value": "0x0000019e"
},
{
"name": "lpValueName",
"value": "IsShortcut"
}
]
},
{
"category": "registry",
"status": "FAILURE",
"return": "",
"timestamp": "20140527213607.373",
"repeated": 0,
"api": "RegQueryValueExW",
"arguments": [
{
"name": "hKey",
"value": "0x0000019e"
},
{
"name": "lpValueName",
"value": "AlwaysShowExt"
}
]
},
{
"category": "registry",
"status": "FAILURE",
"return": "",
"timestamp": "20140527213607.373",
"repeated": 0,
"api": "RegQueryValueExW",
"arguments": [
{
"name": "hKey",
"value": "0x0000019e"
},
{
"name": "lpValueName",
"value": "NeverShowExt"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "0x0000019e",
"timestamp": "20140527213607.373",
"repeated": 0,
"api": "RegOpenKeyExW",
"arguments": [
{
"name": "hKey",
"value": "0x0000006e"
},
{
"name": "lpSubKey",
"value": "Network\\SharingHandler"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "",
"timestamp": "20140527213607.373",
"repeated": 0,
"api": "RegQueryValueExW",
"arguments": [
{
"name": "hKey",
"value": "0x0000019e"
},
{
"name": "lpValueName",
"value": "(null)"
}
]
},
{
"category": "system",
"status": "SUCCESS",
"return": "0x76990000",
"timestamp": "20140527213607.383",
"repeated": 0,
"api": "LoadLibraryW",
"arguments": [
{
"name": "lpFileName",
"value": "ntshrui.dll"
}
]
},
{
"category": "system",
"status": "SUCCESS",
"return": "0x76980000",
"timestamp": "20140527213607.383",
"repeated": 0,
"api": "LoadLibraryA",
"arguments": [
{
"name": "lpFileName",
"value": "LINKINFO.dll"
}
]
},
{
"category": "filesystem",
"status": "SUCCESS",
"return": "0x0000018c",
"timestamp": "20140527213607.383",
"repeated": 0,
"api": "CreateFileW",
"arguments": [
{
"name": "lpFileName",
"value": "\\\\.\\PIPE\\srvsvc"
},
{
"name": "dwDesiredAccess",
"value": "GENERIC_READ | GENERIC_WRITE"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "0x0000018c",
"timestamp": "20140527213607.383",
"repeated": 0,
"api": "RegOpenKeyExW",
"arguments": [
{
"name": "hKey",
"value": "HKEY_LOCAL_MACHINE"
},
{
"name": "lpSubKey",
"value": "System\\CurrentControlSet\\Control\\ProductOptions"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "",
"timestamp": "20140527213607.383",
"repeated": 0,
"api": "RegQueryValueExW",
"arguments": [
{
"name": "hKey",
"value": "0x0000018c"
},
{
"name": "lpValueName",
"value": "ProductType"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "0x0000018c",
"timestamp": "20140527213607.383",
"repeated": 0,
"api": "RegOpenKeyExW",
"arguments": [
{
"name": "hKey",
"value": "HKEY_LOCAL_MACHINE"
},
{
"name": "lpSubKey",
"value": "System\\CurrentControlSet\\Services\\LanmanServer\\DefaultSecurity"
}
]
},
{
"category": "registry",
"status": "FAILURE",
"return": "",
"timestamp": "20140527213607.383",
"repeated": 0,
"api": "RegQueryValueExW",
"arguments": [
{
"name": "hKey",
"value": "0x0000018c"
},
{
"name": "lpValueName",
"value": "SrvsvcDefaultShareInfo"
}
]
},
{
"category": "filesystem",
"status": "SUCCESS",
"return": "0x0000019c",
"timestamp": "20140527213607.383",
"repeated": 0,
"api": "CreateFileW",
"arguments": [
{
"name": "lpFileName",
"value": "\\\\.\\PIPE\\lsarpc"
},
{
"name": "dwDesiredAccess",
"value": "GENERIC_READ | GENERIC_WRITE"
}
]
},
{
"category": "filesystem",
"status": "SUCCESS",
"return": "0x0000018c",
"timestamp": "20140527213607.383",
"repeated": 0,
"api": "CreateFileW",
"arguments": [
{
"name": "lpFileName",
"value": "C:\\Documents and Settings\\All Users\\Application Data\\DowwnLaowApp\\uninstall.exe"
},
{
"name": "dwDesiredAccess",
"value": "0x00000080"
}
]
},
{
"category": "device",
"status": "SUCCESS",
"return": "",
"timestamp": "20140527213607.383",
"repeated": 0,
"api": "DeviceIoControl",
"arguments": [
{
"name": "hDevice",
"value": "0x0000018c"
},
{
"name": "dwIoControlCode",
"value": "0x000900c0"
},
{
"name": "lpInBuffer",
"value": "0x00000000"
},
{
"name": "nInBufferSize",
"value": "0x00000000"
},
{
"name": "lpOutBuffer",
"value": "0x0012eb2c"
},
{
"name": "nOutBufferSize",
"value": "0x00000040"
},
{
"name": "lpBytesReturned",
"value": "0x0012eb24"
},
{
"name": "lpOverlapped",
"value": "0x00000000"
}
]
},
{
"category": "filesystem",
"status": "SUCCESS",
"return": "0x0000019c",
"timestamp": "20140527213607.383",
"repeated": 0,
"api": "CreateFileW",
"arguments": [
{
"name": "lpFileName",
"value": "C:\\Documents and Settings\\All Users\\Application Data\\DowwnLaowApp\\"
},
{
"name": "dwDesiredAccess",
"value": "ATTRIBUTES"
}
]
},
{
"category": "device",
"status": "FAILURE",
"return": "",
"timestamp": "20140527213607.383",
"repeated": 0,
"api": "DeviceIoControl",
"arguments": [
{
"name": "hDevice",
"value": "0x0000019c"
},
{
"name": "dwIoControlCode",
"value": "0x000900a8"
},
{
"name": "lpInBuffer",
"value": "0x00000000"
},
{
"name": "nInBufferSize",
"value": "0x00000000"
},
{
"name": "lpOutBuffer",
"value": "0x00173fb0"
},
{
"name": "nOutBufferSize",
"value": "0x00004000"
},
{
"name": "lpBytesReturned",
"value": "0x0012e3f4"
},
{
"name": "lpOverlapped",
"value": "0x00000000"
}
]
},
{
"category": "filesystem",
"status": "SUCCESS",
"return": "0x0000018c",
"timestamp": "20140527213607.383",
"repeated": 0,
"api": "CreateFileW",
"arguments": [
{
"name": "lpFileName",
"value": "C:\\Documents and Settings\\All Users\\Application Data\\DowwnLaowApp\\uninstall.exe"
},
{
"name": "dwDesiredAccess",
"value": "0x80000100"
}
]
},
{
"category": "filesystem",
"status": "SUCCESS",
"return": "",
"timestamp": "20140527213607.383",
"repeated": 0,
"api": "ReadFile",
"arguments": [
{
"name": "hFile",
"value": "0x0000018c"
},
{
"name": "nNumberOfBytesToRead",
"value": "64"
}
]
},
{
"category": "filesystem",
"status": "SUCCESS",
"return": "",
"timestamp": "20140527213607.383",
"repeated": 0,
"api": "ReadFile",
"arguments": [
{
"name": "hFile",
"value": "0x0000018c"
},
{
"name": "nNumberOfBytesToRead",
"value": "4"
}
]
},
{
"category": "filesystem",
"status": "SUCCESS",
"return": "0x0000018c",
"timestamp": "20140527213607.383",
"repeated": 0,
"api": "CreateFileW",
"arguments": [
{
"name": "lpFileName",
"value": "C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\DowwnLaowApp\\Uninstall.lnk"
},
{
"name": "dwDesiredAccess",
"value": "GENERIC_READ | GENERIC_WRITE"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "0x0000019e",
"timestamp": "20140527213607.383",
"repeated": 0,
"api": "RegOpenKeyExW",
"arguments": [
{
"name": "hKey",
"value": "HKEY_CLASSES_ROOT"
},
{
"name": "lpSubKey",
"value": "Drive\\shellex\\FolderExtensions"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "0x000001a2",
"timestamp": "20140527213607.383",
"repeated": 0,
"api": "RegOpenKeyExW",
"arguments": [
{
"name": "hKey",
"value": "HKEY_CLASSES_ROOT"
},
{
"name": "lpSubKey",
"value": "Drive\\shellex\\FolderExtensions\\{fbeb8a05-beee-4442-804e-409d6c4515e9}"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "",
"timestamp": "20140527213607.383",
"repeated": 0,
"api": "RegQueryValueExW",
"arguments": [
{
"name": "hKey",
"value": "0x000001a2"
},
{
"name": "lpValueName",
"value": "DriveMask"
}
]
},
{
"category": "filesystem",
"status": "SUCCESS",
"return": "",
"timestamp": "20140527213607.393",
"repeated": 0,
"api": "WriteFile",
"arguments": [
{
"name": "hFile",
"value": "0x0000018c"
},
{
"name": "nNumberOfBytesToWrite",
"value": "1157"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "0x000001a2",
"timestamp": "20140527213607.393",
"repeated": 0,
"api": "RegOpenKeyExW",
"arguments": [
{
"name": "hKey",
"value": "HKEY_CLASSES_ROOT"
},
{
"name": "lpSubKey",
"value": "Drive\\shellex\\FolderExtensions"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "0x0000019e",
"timestamp": "20140527213607.393",
"repeated": 0,
"api": "RegOpenKeyExW",
"arguments": [
{
"name": "hKey",
"value": "HKEY_CLASSES_ROOT"
},
{
"name": "lpSubKey",
"value": "Drive\\shellex\\FolderExtensions\\{fbeb8a05-beee-4442-804e-409d6c4515e9}"
}
]
},
{
"category": "registry",
"status": "SUCCESS",
"return": "",
"timestamp": "20140527213607.393",
"repeated": 0,
"api": "RegQueryValueExW",
"arguments": [
{
"name": "hKey",
"value": "0x0000019e"
},
{
"name": "lpValueName",
"value": "DriveMask"
}
]
},
{
"category": "filesystem",
"status": "SUCCESS",
"return": "",
"timestamp": "20140527213607.393",
"repeated": 0,
"api": "DeleteFileW",
"arguments": [
{
"name": "lpFileName",
"value": "C:\\DOCUME~1\\JANETT~1\\LOCALS~1\\Temp\\nsq3.tmp\\nsJSON.dll"
}
]
},
{
"category": "filesystem",
"status": "SUCCESS",
"return": "",
"timestamp": "20140527213607.393",
"repeated": 0,
"api": "DeleteFileW",
"arguments": [
{
"name": "lpFileName",
"value": "C:\\DOCUME~1\\JANETT~1\\LOCALS~1\\Temp\\nsq3.tmp\\UserInfo.dll"
}
]
},
{
"category": "process",
"status": "",
"return": "",
"timestamp": "20140527213607.393",
"repeated": 0,
"api": "ExitProcess",
"arguments": [
{
"name": "uExitCode",
"value": "0x00000000"
}
]
}
]
}
],
"processtree": [
{
"pid": 508,
"name": "000000a0c759e01208001eb1b8764a7a7c9464f477576aa6b6a7d2f3f5571c70",
"children": []
}
],
"summary": {
"files": [
"C:\\000000a0c759e01208001eb1b8764a7a7c9464f477576aa6b6a7d2f3f5571c70",
"C:\\DOCUME~1\\JANETT~1\\LOCALS~1\\Temp\\7zS1.tmp",
"C:\\DOCUME~1\\JANETT~1\\LOCALS~1\\Temp\\7zS1.tmp\\yee9ey@u-o.net\\chrome.manifest",
"C:\\DOCUME~1\\JANETT~1\\LOCALS~1\\Temp\\7zS1.tmp\\obaeaklppdgpcpjkeolcjfmeiecpgnnk\\background.html",
"C:\\DOCUME~1\\JANETT~1\\LOCALS~1\\Temp\\7zS1.tmp\\obaeaklppdgpcpjkeolcjfmeiecpgnnk\\51ff86477a7424.75260021.js",
"C:\\DOCUME~1\\JANETT~1\\LOCALS~1\\Temp\\7zS1.tmp\\yee9ey@u-o.net\\content\\bg.js",
"C:\\DOCUME~1\\JANETT~1\\LOCALS~1\\Temp\\7zS1.tmp\\yee9ey@u-o.net\\bootstrap.js",
"C:\\DOCUME~1\\JANETT~1\\LOCALS~1\\Temp\\7zS1.tmp\\obaeaklppdgpcpjkeolcjfmeiecpgnnk\\content.js",
"C:\\DOCUME~1\\JANETT~1\\LOCALS~1\\Temp\\7zS1.tmp\\obaeaklppdgpcpjkeolcjfmeiecpgnnk\\lsdb.js",
"C:\\DOCUME~1\\JANETT~1\\LOCALS~1\\Temp\\7zS1.tmp\\obaeaklppdgpcpjkeolcjfmeiecpgnnk\\sqlite.js",
"C:\\DOCUME~1\\JANETT~1\\LOCALS~1\\Temp\\7zS1.tmp\\settings.ini",
"C:\\DOCUME~1\\JANETT~1\\LOCALS~1\\Temp\\7zS1.tmp\\51ff86477a8f8.exe",
"C:\\DOCUME~1\\JANETT~1\\LOCALS~1\\Temp\\7zS1.tmp\\51ff86477a92f.dll",
"C:\\DOCUME~1\\JANETT~1\\LOCALS~1\\Temp\\7zS1.tmp\\51ff86477a92f.tlb",
"C:\\DOCUME~1\\JANETT~1\\LOCALS~1\\Temp\\7zS1.tmp\\obaeaklppdgpcpjkeolcjfmeiecpgnnk\\manifest.json",
"C:\\DOCUME~1\\JANETT~1\\LOCALS~1\\Temp\\7zS1.tmp\\yee9ey@u-o.net\\install.rdf",
"C:\\DOCUME~1\\JANETT~1\\LOCALS~1\\Temp\\7zS1.tmp\\yee9ey@u-o.net\\content",
"C:\\DOCUME~1\\JANETT~1\\LOCALS~1\\Temp\\7zS1.tmp\\yee9ey@u-o.net",
"C:\\DOCUME~1\\JANETT~1\\LOCALS~1\\Temp\\7zS1.tmp\\obaeaklppdgpcpjkeolcjfmeiecpgnnk",
"\\\\.\\PIPE\\lsarpc",
"\\\\.\\MountPointManager",
"C:\\DOCUME~1\\JANETT~1\\LOCALS~1\\Temp\\nsq2.tmp",
"C:\\DOCUME~1\\JANETT~1\\LOCALS~1\\Temp\\nsq3.tmp",
"C:\\DOCUME~1\\JANETT~1\\LOCALS~1\\Temp\\nsq3.tmp\\UserInfo.dll",
"C:\\DOCUME~1\\JANETT~1\\LOCALS~1\\Temp\\nsq3.tmp\\nsJSON.dll",
"C:\\Documents and Settings\\janettedoe\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Preferences",
"C:\\Documents and Settings\\janettedoe\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\obaeaklppdgpcpjkeolcjfmeiecpgnnk\\1\\manifest.json",
"C:\\Documents and Settings\\All Users\\Application Data\\DowwnLaowApp\\51ff86477a92f.tlb",
"C:\\Documents and Settings\\All Users\\Application Data\\DowwnLaowApp\\uninstall.exe",
"C:\\WINDOWS\\Registration\\R000000000007.clb",
"C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\DowwnLaowApp\\DowwnLaowApp.lnk",
"\\\\.\\PIPE\\wkssvc",
"\\\\.\\PIPE\\srvsvc",
"C:\\Documents and Settings\\All Users\\Application Data\\DowwnLaowApp\\",
"C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\DowwnLaowApp\\Uninstall.lnk"
],
"keys": [
"0x00000080\\\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Shell Folders",
"HKEY_LOCAL_MACHINE\\\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer",
"HKEY_CURRENT_USER\\\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer",
"HKEY_LOCAL_MACHINE\\\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\ShellCompatibility\\Applications\\51ff86477a8f8.exe",
"HKEY_LOCAL_MACHINE\\\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\ShellCompatibility\\Objects\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}",
"HKEY_CLASSES_ROOT\\\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\InProcServer32",
"HKEY_LOCAL_MACHINE\\\\System\\Setup",
"HKEY_LOCAL_MACHINE\\\\SYSTEM\\CurrentControlSet\\Control\\MiniNT",
"HKEY_LOCAL_MACHINE\\\\System\\WPA\\PnP",
"HKEY_LOCAL_MACHINE\\\\SYSTEM\\Setup",
"HKEY_LOCAL_MACHINE\\\\Software\\Microsoft\\Windows\\CurrentVersion\\Setup",
"HKEY_LOCAL_MACHINE\\\\Software\\Microsoft\\Windows\\CurrentVersion",
"0x00000094\\\\AppLogLevels",
"HKEY_LOCAL_MACHINE\\\\Software\\Microsoft\\Rpc\\PagedBuffers",
"HKEY_LOCAL_MACHINE\\\\Software\\Microsoft\\Rpc",
"HKEY_LOCAL_MACHINE\\\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\51ff86477a8f8.exe\\RpcThreadPoolThrottle",
"HKEY_LOCAL_MACHINE\\\\Software\\Policies\\Microsoft\\Windows NT\\Rpc",
"HKEY_CURRENT_USER\\\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume",
"0x000000bc\\\\{a20cd692-8e41-11e1-9999-806d6172696f}\\",
"0x000000c0\\\\{a20cd692-8e41-11e1-9999-806d6172696f}\\",
"HKEY_CURRENT_USER\\\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\{a20cd692-8e41-11e1-9999-806d6172696f}\\",
"HKEY_CLASSES_ROOT\\\\Drive\\shellex\\FolderExtensions",
"HKEY_CLASSES_ROOT\\\\Drive\\shellex\\FolderExtensions\\{fbeb8a05-beee-4442-804e-409d6c4515e9}",
"HKEY_CLASSES_ROOT\\\\Directory",
"0x000000c2\\\\CurVer",
"0x000000c2\\\\(null)",
"HKEY_CURRENT_USER\\\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer",
"0x000000c0\\\\(null)",
"HKEY_CURRENT_USER\\\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System",
"0x000000c0\\\\Advanced",
"0x000000be\\\\ShellEx\\IconHandler",
"0x000000be\\\\Clsid",
"HKEY_CLASSES_ROOT\\\\Folder",
"0x000000ca\\\\Clsid",
"HKEY_CURRENT_USER\\\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders",
"HKEY_CURRENT_USER\\\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Shell Folders",
"HKEY_LOCAL_MACHINE\\\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders",
"HKEY_LOCAL_MACHINE\\\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Shell Folders",
"HKEY_LOCAL_MACHINE\\\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Performance",
"0x000000d0\\\\{a20cd692-8e41-11e1-9999-806d6172696f}\\",
"HKEY_LOCAL_MACHINE\\\\SOFTWARE\\Microsoft\\OLEAUT",
"HKEY_CLASSES_ROOT\\\\TypeLib",
"0x000000d6\\\\{E2343056-CC08-46AC-B898-BFC7ACF4E755}",
"0x000000de\\\\1.0",
"0x000000e2\\\\FLAGS",
"0x000000e2\\\\0",
"0x000000da\\\\win32",
"0x000000e2\\\\HELPDIR",
"HKEY_CLASSES_ROOT\\\\Interface",
"0x000000ee\\\\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}",
"0x000000f2\\\\ProxyStubClsid",
"0x000000f2\\\\ProxyStubClsid32",
"0x000000f2\\\\TypeLib",
"0x000000ee\\\\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}",
"0x000000f6\\\\ProxyStubClsid",
"0x000000f6\\\\ProxyStubClsid32",
"0x000000f6\\\\TypeLib",
"HKEY_LOCAL_MACHINE\\\\Software\\Classes\\CLSID\\{FB216696-6B2A-3521-AF85-876CAE91A763}",
"HKEY_LOCAL_MACHINE\\\\Software\\Classes\\CLSID\\{FB216696-6B2A-3521-AF85-876CAE91A763}\\InProcServer32",
"HKEY_LOCAL_MACHINE\\\\Software\\Classes\\CLSID\\{FB216696-6B2A-3521-AF85-876CAE91A763}\\ProgID",
"HKEY_LOCAL_MACHINE\\\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects\\{FB216696-6B2A-3521-AF85-876CAE91A763}",
"HKEY_LOCAL_MACHINE\\\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Ext\\CLSID",
"HKEY_LOCAL_MACHINE\\\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{15BFA1EF-4B89-F075-6B00-0B4EAD6EFA43}",
"HKEY_LOCAL_MACHINE\\\\Software\\Microsoft\\COM3",
"HKEY_LOCAL_MACHINE\\\\Software\\Microsoft\\COM3\\Debug",
"HKEY_LOCAL_MACHINE\\\\SOFTWARE\\Microsoft\\OLE",
"HKEY_LOCAL_MACHINE\\\\Software\\Classes",
"HKEY_LOCAL_MACHINE\\\\Software\\Classes\\CLSID",
"0x0000000e\\\\CLSID\\{00021401-0000-0000-C000-000000000046}",
"0x00000142\\\\TreatAs",
"0x0000000e\\\\(null)",
"0x0000014e\\\\CLSID\\{00021401-0000-0000-C000-000000000046}",
"0x00000142\\\\InprocServer32",
"0x00000142\\\\InprocServerX86",
"0x00000142\\\\LocalServer32",
"0x00000142\\\\InprocHandler32",
"0x00000142\\\\InprocHandlerX86",
"0x00000142\\\\LocalServer",
"HKEY_CLASSES_ROOT\\\\CLSID\\{00021401-0000-0000-C000-000000000046}",
"HKEY_LOCAL_MACHINE\\\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace",
"0x00000150\\\\{1f4de370-d627-11d1-ba4f-00a0c91eedba}",
"0x00000150\\\\{450D8FBA-AD25-11D0-98A8-0800361B1103}",
"0x00000150\\\\{645FF040-5081-101B-9F08-00AA002F954E}",
"0x00000150\\\\{e17d4fc0-5564-11d1-83f2-00a0c90dc849}",
"HKEY_CURRENT_USER\\\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace",
"0x00000150\\\\SessionInfo\\000000000000930c",
"0x00000154\\\\Desktop\\NameSpace",
"HKEY_CLASSES_ROOT\\\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder",
"HKEY_CLASSES_ROOT\\\\CLSID\\{208D2C60-3AEA-1069-A2D7-08002B30309D}\\ShellFolder",
"HKEY_CLASSES_ROOT\\\\CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}\\ShellFolder",
"HKEY_LOCAL_MACHINE\\\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\ShellCompatibility\\Objects\\{871C5380-42A0-1069-A2EA-08002B30309D}",
"HKEY_CLASSES_ROOT\\\\CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}\\InProcServer32",
"HKEY_LOCAL_MACHINE\\\\Software\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Blocked",
"HKEY_CURRENT_USER\\\\Software\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Blocked",
"HKEY_LOCAL_MACHINE\\\\Software\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Cached",
"HKEY_CURRENT_USER\\\\Software\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Cached",
"0x0000000e\\\\CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}",
"0x00000162\\\\TreatAs",
"0x0000016e\\\\CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}",
"0x00000162\\\\InprocServer32",
"0x00000162\\\\InprocServerX86",
"0x00000162\\\\LocalServer32",
"0x00000162\\\\InprocHandler32",
"0x00000162\\\\InprocHandlerX86",
"0x00000162\\\\LocalServer",
"HKEY_CLASSES_ROOT\\\\CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}",
"HKEY_LOCAL_MACHINE\\\\System\\CurrentControlSet\\Services\\LDAP",
"HKEY_CLASSES_ROOT\\\\clsid\\{c90250f3-4d7d-4991-9b69-a5c5bc1c2ae6}",
"HKEY_CLASSES_ROOT\\\\Interface\\{EAB22AC1-30C1-11CF-A7EB-0000C05BAE0B}\\Typelib",
"HKEY_CLASSES_ROOT\\\\Interface\\{b722bccb-4e68-101b-a2bc-00aa00404770}\\ProxyStubClsid32",
"HKEY_CLASSES_ROOT\\\\Interface\\{79eac9c4-baf9-11ce-8c82-00aa004ba90b}\\ProxyStubClsid32",
"HKEY_CLASSES_ROOT\\\\Interface\\{000214E6-0000-0000-C000-000000000046}\\ProxyStubClsid32",
"HKEY_CLASSES_ROOT\\\\Interface\\{93F2F68C-1D1B-11D3-A30E-00C04F79ABD1}\\ProxyStubClsid32",
"HKEY_CLASSES_ROOT\\\\http",
"0x00000194\\\\{a20cd692-8e41-11e1-9999-806d6172696f}\\",
"0x00000190\\\\{a20cd692-8e41-11e1-9999-806d6172696f}\\",
"HKEY_LOCAL_MACHINE\\\\Software\\Microsoft\\Windows NT\\CurrentVersion\\winlogon",
"HKEY_LOCAL_MACHINE\\\\System\\CurrentControlSet\\Control\\ProductOptions",
"0x00000190\\\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders",
"HKEY_LOCAL_MACHINE\\\\Software\\Policies\\Microsoft\\Windows\\System",
"HKEY_LOCAL_MACHINE\\\\Software\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList",
"0x00000198\\\\{a20cd692-8e41-11e1-9999-806d6172696f}\\",
"HKEY_CLASSES_ROOT\\\\CLSID\\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\\InProcServer32",
"0x0000018c\\\\{a20cd692-8e41-11e1-9999-806d6172696f}\\",
"0x000000c0\\\\FileExts",
"0x00000190\\\\.exe",
"HKEY_CLASSES_ROOT\\\\.exe",
"HKEY_CLASSES_ROOT\\\\exefile",
"0x0000019a\\\\CurVer",
"0x0000019a\\\\(null)",
"0x0000019e\\\\ShellEx\\IconHandler",
"HKEY_CLASSES_ROOT\\\\SystemFileAssociations\\.exe",
"HKEY_CLASSES_ROOT\\\\SystemFileAssociations\\application",
"0x0000019e\\\\Clsid",
"HKEY_CLASSES_ROOT\\\\*",
"0x0000019a\\\\Clsid",
"0x0000006e\\\\Network\\SharingHandler",
"HKEY_LOCAL_MACHINE\\\\System\\CurrentControlSet\\Services\\LanmanServer\\DefaultSecurity"
],
"mutexes": [
"(null)",
"ShimCacheMutex"
]
}
}
}