12fb7332920a7797c2d02df29b57c640

Currently being analyzed, stay tuned!

ToDo:

  • Better formatting for Procmon output
  • Research Malware Analyst Cookbook for further analysis steps
  • Give Malware limited Access to other Resources (Trick into spreading to SMB Server to trigger advanced routines)
  • Some kind of Binary Reverse Engineering
  • Think of more ToDo’s!

————

General Infos:

Date of first Catch in Dionaea: May 8th 2013
Numbers of catches by Dionaea until now: 1 time

File output:

Ran the malware through file:

macbook-wired:malware! sebastianbrabetz$ file 12fb7332920a7797c2d02df29b57c640 
12fb7332920a7797c2d02df29b57c640: PE32 executable (GUI) Intel 80386, for MS Windows

Virus Total

Scan results:

SHA256: c7247d162cf720c07979946afd01b6b1907db9a4be6916a3a6be268993638fee
SHA1: 47707d46e3324be11cde22cdfe2be7d17193a5a2
MD5: 12fb7332920a7797c2d02df29b57c640
File size: 56.0 KB ( 57344 bytes )
File name: 12fb7332920a7797c2d02df29b57c640
File type: Win32 EXE
Detection ratio: 42 / 46
Analysis date: 2013-08-27 21:25:31 UTC ( 0 minutes ago )

Link to Virus Total scan:

https://www.virustotal.com/en/file/c7247d162cf720c07979946afd01b6b…..

Full Virus Total Report from 2013-08-27 as PDF:

Antivirus scan for 12fb7332920a7797c2d02df29b57c640 at UTC – VirusTotal

Most important Names:

AntiVir – TR/Agent.mtv
BitDefender – Worm.Generic.281334
ClamAV – Trojan.Spy-78857
Kaspersky – Trojan-Spy.Win32.Agent.bmxb
McAfee – Downloader-CUZ
Microsoft – Trojan:Win32/Brambul.A

Strings output

Ran the malware through strings and found the following interesting strings in the binary:

gmail-smtp-in.l.google.com
johnS203@yahoo.com
google.com
whiat1001@gmail.com
mail1234
mail123
mail1
web1234
web123
web1
mail
~!@#$%^&*()_+
!@#$%^&*()
!@#$%^&*(
!@#$%^&*
!@#$%^&
!@#$%^
111111
1111
4321
54321
1234567
12345
1234
asdfgh
asdfg
asdf
BUMBLE
angel
passwd
!@#$
root
!@#$%
admin
test1234
pass
654321
123456
password
db2admin
administrator
%d.%d.%d.%d|
QUIT
From: "Microsoft" <provider@microsoft.com>
DATA
RCPT TO:<
MAIL FROM:<
HELO <
209.85.223.33
209.85.210.24
209.85.223.27
Windows Update
SOFTWARE\Microsoft\Windows\CurrentVersion\Run
cmd.exe /c "net share c$ /d"
cmd.exe /c "net share admin$ /d"
\lsasvc.exe
RT_RCDATA
wgudtr
Microsoft Windows Genuine Updater
%SystemRoot%\csrss.exe
%s\admin$\csrss.exe
wglmgr
Windows Genuine Logon Manager
cmd.exe /c "net share admin$"
Subject: %s|%s|%s
%s\ipc$
%s!@#$
%s123
%s12
@%s@
@%s!@
%s!@
%s%s%s
ApiBuffe
AddConne
CancelCo
rEnum
rFree
ction2A
nnection2A
32.dll
WNet
WinXp
Win2003
Unkown
WinVista
WinNt
Win2000
Subject: 
SYSTEM
gmail.com
%d.%d.%d.%d
\\%s
DnsQuery_A
dnsapi.dll
GetNetworkParams
SERROR!
Corrupt Data!
a.Sh
PWjj
SRWU
Y[X[
 s"j'X+
QVVPP
GAKu
GFJ;
X97u
F;ur
E ;E
);WQR
9EuK9
);WQ
ExitProcess
LoadLibraryA
GetProcAddress
VirtualProtect
GlobalAlloc
GlobalFree
GetModuleHandleA
MessageBoxA
wsprintfA
RegCloseKey
KERNEL32.dll
USER32.dll
ADVAPI32.dll
WS2_32.dll

Guess in which Regkey this badboy wants to eternalize itself ;)
Also some email addresses and hints that its going to use smb and smtp to spread.

Packet capture

The malware seems to show some pretty basic behavior after being fired up. One small screenshot sums it up:

Bildschirmfoto 2013-08-27 um 23.52.36

Basically it resolves the gmail.com MX record. Probably for later use to send to the email addresses seen in the strings output above. Then it just starts to try to connect to smb shares on the interwebs. The target IP Addresses are looking random for now without more inside into the code. Then it starts to do some reverse DNS Lookups and the cycle begins again: SMB -> Reverse DNS Lookups -> SMB ->…..

The network traffic could be limited due to the fact, that it is not able to communicate with the outside world so far so it does not trigger any point in the code where it is.

Procmon: Disk, Network and Registry access

19:10:57,0152329,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 1620"

19:10:57,0159171,"12fb7332920a7797c2d02df29b57c640.exe","1964","QueryNameInformationFile","C:\Dokumente und Einstellungen\brabetz\Desktop\12fb7332920a7797c2d02df29b57c640.exe","SUCCESS","Name: \Dokumente und Einstellungen\brabetz\Desktop\12fb7332920a7797c2d02df29b57c640.exe"

19:10:57,0162694,"12fb7332920a7797c2d02df29b57c640.exe","1964","Load Image","C:\Dokumente und Einstellungen\brabetz\Desktop\12fb7332920a7797c2d02df29b57c640.exe","SUCCESS","Image Base: 0x400000, Image Size: 0xf000"

19:10:57,0165716,"12fb7332920a7797c2d02df29b57c640.exe","1964","Load Image","C:\WINDOWS\system32\ntdll.dll","SUCCESS","Image Base: 0x7c910000, Image Size: 0xb6000"

19:10:57,0165892,"12fb7332920a7797c2d02df29b57c640.exe","1964","QueryNameInformationFile","C:\Dokumente und Einstellungen\brabetz\Desktop\12fb7332920a7797c2d02df29b57c640.exe","SUCCESS","Name: \Dokumente und Einstellungen\brabetz\Desktop\12fb7332920a7797c2d02df29b57c640.exe"

19:10:57,0167976,"12fb7332920a7797c2d02df29b57c640.exe","1964","CreateFile","C:\WINDOWS\Prefetch\12FB7332920A7797C2D02DF29B57C-2B3F936B.pf","NAME NOT FOUND","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Attributes: n/a, ShareMode: None, AllocationSize: n/a"

19:10:57,0171672,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\12fb7332920a7797c2d02df29b57c640.exe","NAME NOT FOUND","Desired Access: Read"

19:10:57,0200430,"12fb7332920a7797c2d02df29b57c640.exe","1964","CreateFile","C:\Dokumente und Einstellungen\brabetz\Desktop","SUCCESS","Desired Access: Execute/Traverse, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"

19:10:57,0208213,"12fb7332920a7797c2d02df29b57c640.exe","1964","FileSystemControl","C:\Dokumente und Einstellungen\brabetz\Desktop","SUCCESS","Control: FSCTL_IS_VOLUME_MOUNTED"

19:10:57,0209957,"12fb7332920a7797c2d02df29b57c640.exe","1964","QueryOpen","C:\Dokumente und Einstellungen\brabetz\Desktop\12fb7332920a7797c2d02df29b57c640.exe.Local","NAME NOT FOUND",""

19:10:57,0213287,"12fb7332920a7797c2d02df29b57c640.exe","1964","Load Image","C:\WINDOWS\system32\kernel32.dll","SUCCESS","Image Base: 0x7c800000, Image Size: 0x108000"

19:10:57,0225869,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegOpenKey","HKLM\System\CurrentControlSet\Control\Terminal Server","SUCCESS","Desired Access: Read"

19:10:57,0226143,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegQueryValue","HKLM\System\CurrentControlSet\Control\Terminal Server\TSAppCompat","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"

19:10:57,0226422,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegCloseKey","HKLM\System\CurrentControlSet\Control\Terminal Server","SUCCESS",""

19:10:57,0231292,"12fb7332920a7797c2d02df29b57c640.exe","1964","ReadFile","C:\Dokumente und Einstellungen\brabetz\Desktop\12fb7332920a7797c2d02df29b57c640.exe","SUCCESS","Offset: 28.672, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O"

19:10:57,0406498,"12fb7332920a7797c2d02df29b57c640.exe","1964","Load Image","C:\WINDOWS\system32\user32.dll","SUCCESS","Image Base: 0x7e360000, Image Size: 0x91000"

19:10:57,0410038,"12fb7332920a7797c2d02df29b57c640.exe","1964","Load Image","C:\WINDOWS\system32\gdi32.dll","SUCCESS","Image Base: 0x77ef0000, Image Size: 0x49000"

19:10:57,0414435,"12fb7332920a7797c2d02df29b57c640.exe","1964","Load Image","C:\WINDOWS\system32\advapi32.dll","SUCCESS","Image Base: 0x77da0000, Image Size: 0xaa000"

19:10:57,0418436,"12fb7332920a7797c2d02df29b57c640.exe","1964","Load Image","C:\WINDOWS\system32\rpcrt4.dll","SUCCESS","Image Base: 0x77e50000, Image Size: 0x92000"

19:10:57,0421917,"12fb7332920a7797c2d02df29b57c640.exe","1964","Load Image","C:\WINDOWS\system32\secur32.dll","SUCCESS","Image Base: 0x77fc0000, Image Size: 0x11000"

19:10:57,0425311,"12fb7332920a7797c2d02df29b57c640.exe","1964","QueryOpen","C:\Dokumente und Einstellungen\brabetz\Desktop\WS2_32.dll","NAME NOT FOUND",""

19:10:57,0444162,"12fb7332920a7797c2d02df29b57c640.exe","1964","QueryOpen","C:\WINDOWS\system32\ws2_32.dll","SUCCESS","CreationTime: 14.04.2008 07:52:34, LastAccessTime: 26.08.2013 19:10:47, LastWriteTime: 14.04.2008 07:52:34, ChangeTime: 24.08.2013 22:09:35, AllocationSize: 86.016, EndOfFile: 82.432, FileAttributes: A"

19:10:57,0446629,"12fb7332920a7797c2d02df29b57c640.exe","1964","CreateFile","C:\WINDOWS\system32\ws2_32.dll","SUCCESS","Desired Access: Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"

19:10:57,0448389,"12fb7332920a7797c2d02df29b57c640.exe","1964","CreateFileMapping","C:\WINDOWS\system32\ws2_32.dll","SUCCESS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE"

19:10:57,0448909,"12fb7332920a7797c2d02df29b57c640.exe","1964","CreateFileMapping","C:\WINDOWS\system32\ws2_32.dll","SUCCESS","SyncType: SyncTypeOther"

19:10:57,0449230,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegOpenKey","HKLM\System\CurrentControlSet\Control\SafeBoot\Option","NAME NOT FOUND","Desired Access: Query Value, Set Value"

19:10:57,0449398,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegOpenKey","HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers","SUCCESS","Desired Access: Query Value"

19:10:57,0449658,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegQueryValue","HKLM\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\TransparentEnabled","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1"

19:10:57,0449898,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegCloseKey","HKLM\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers","SUCCESS",""

19:10:57,0450054,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegOpenKey","HKCU\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers","NAME NOT FOUND","Desired Access: Query Value"

19:10:57,0451895,"12fb7332920a7797c2d02df29b57c640.exe","1964","CloseFile","C:\WINDOWS\system32\ws2_32.dll","SUCCESS",""

19:10:57,0460815,"12fb7332920a7797c2d02df29b57c640.exe","1964","Load Image","C:\WINDOWS\system32\ws2_32.dll","SUCCESS","Image Base: 0x71a10000, Image Size: 0x17000"

19:10:57,0468110,"12fb7332920a7797c2d02df29b57c640.exe","1964","Load Image","C:\WINDOWS\system32\msvcrt.dll","SUCCESS","Image Base: 0x77be0000, Image Size: 0x58000"

19:10:57,0584085,"12fb7332920a7797c2d02df29b57c640.exe","1964","QueryOpen","C:\Dokumente und Einstellungen\brabetz\Desktop\WS2HELP.dll","NAME NOT FOUND",""

19:10:57,0586351,"12fb7332920a7797c2d02df29b57c640.exe","1964","QueryOpen","C:\WINDOWS\system32\ws2help.dll","SUCCESS","CreationTime: 14.04.2008 07:52:34, LastAccessTime: 26.08.2013 19:10:47, LastWriteTime: 14.04.2008 07:52:34, ChangeTime: 24.08.2013 22:09:35, AllocationSize: 20.480, EndOfFile: 19.968, FileAttributes: A"

19:10:57,0588619,"12fb7332920a7797c2d02df29b57c640.exe","1964","CreateFile","C:\WINDOWS\system32\ws2help.dll","SUCCESS","Desired Access: Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"

19:10:57,0590441,"12fb7332920a7797c2d02df29b57c640.exe","1964","CreateFileMapping","C:\WINDOWS\system32\ws2help.dll","SUCCESS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE"

19:10:57,0590955,"12fb7332920a7797c2d02df29b57c640.exe","1964","CreateFileMapping","C:\WINDOWS\system32\ws2help.dll","SUCCESS","SyncType: SyncTypeOther"

19:10:57,0592796,"12fb7332920a7797c2d02df29b57c640.exe","1964","CloseFile","C:\WINDOWS\system32\ws2help.dll","SUCCESS",""

19:10:57,0600808,"12fb7332920a7797c2d02df29b57c640.exe","1964","Load Image","C:\WINDOWS\system32\ws2help.dll","SUCCESS","Image Base: 0x71a00000, Image Size: 0x8000"

19:10:57,0602194,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegOpenKey","HKLM\System\CurrentControlSet\Control\Terminal Server","SUCCESS","Desired Access: Read"

19:10:57,0602428,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegQueryValue","HKLM\System\CurrentControlSet\Control\Terminal Server\TSAppCompat","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"

19:10:57,0602677,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegCloseKey","HKLM\System\CurrentControlSet\Control\Terminal Server","SUCCESS",""

19:10:57,0606284,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GDI32.dll","NAME NOT FOUND","Desired Access: Read"

19:10:57,0606518,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\USER32.dll","NAME NOT FOUND","Desired Access: Read"

19:10:57,0607703,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegOpenKey","HKLM\System\CurrentControlSet\Control\Session Manager","SUCCESS","Desired Access: Query Value"

19:10:57,0607915,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegQueryValue","HKLM\System\CurrentControlSet\Control\Session Manager\SafeDllSearchMode","NAME NOT FOUND","Length: 16"

19:10:57,0610653,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegCloseKey","HKLM\System\CurrentControlSet\Control\Session Manager","SUCCESS",""

19:10:57,0613072,"12fb7332920a7797c2d02df29b57c640.exe","1964","QueryOpen","C:\WINDOWS\system32\imm32.dll","SUCCESS","CreationTime: 14.04.2008 07:52:14, LastAccessTime: 26.08.2013 19:10:50, LastWriteTime: 14.04.2008 07:52:14, ChangeTime: 24.08.2013 22:09:35, AllocationSize: 110.592, EndOfFile: 110.080, FileAttributes: A"

19:10:57,0615313,"12fb7332920a7797c2d02df29b57c640.exe","1964","CreateFile","C:\WINDOWS\system32\imm32.dll","SUCCESS","Desired Access: Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"

19:10:57,0617073,"12fb7332920a7797c2d02df29b57c640.exe","1964","CreateFileMapping","C:\WINDOWS\system32\imm32.dll","SUCCESS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE"

19:10:57,0617207,"12fb7332920a7797c2d02df29b57c640.exe","1964","QueryStandardInformationFile","C:\WINDOWS\system32\imm32.dll","SUCCESS","AllocationSize: 110.592, EndOfFile: 110.080, NumberOfLinks: 1, DeletePending: False, Directory: False"

19:10:57,0617455,"12fb7332920a7797c2d02df29b57c640.exe","1964","CreateFileMapping","C:\WINDOWS\system32\imm32.dll","SUCCESS","SyncType: SyncTypeOther"

19:10:57,0621503,"12fb7332920a7797c2d02df29b57c640.exe","1964","CloseFile","C:\WINDOWS\system32\imm32.dll","SUCCESS",""

19:10:57,0624741,"12fb7332920a7797c2d02df29b57c640.exe","1964","QueryOpen","C:\WINDOWS\system32\imm32.dll","SUCCESS","CreationTime: 14.04.2008 07:52:14, LastAccessTime: 26.08.2013 19:10:57, LastWriteTime: 14.04.2008 07:52:14, ChangeTime: 24.08.2013 22:09:35, AllocationSize: 110.592, EndOfFile: 110.080, FileAttributes: A"

19:10:57,0626965,"12fb7332920a7797c2d02df29b57c640.exe","1964","CreateFile","C:\WINDOWS\system32\imm32.dll","SUCCESS","Desired Access: Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"

19:10:57,0646697,"12fb7332920a7797c2d02df29b57c640.exe","1964","CreateFileMapping","C:\WINDOWS\system32\imm32.dll","SUCCESS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE"

19:10:57,0646831,"12fb7332920a7797c2d02df29b57c640.exe","1964","QueryStandardInformationFile","C:\WINDOWS\system32\imm32.dll","SUCCESS","AllocationSize: 110.592, EndOfFile: 110.080, NumberOfLinks: 1, DeletePending: False, Directory: False"

19:10:57,0647079,"12fb7332920a7797c2d02df29b57c640.exe","1964","CreateFileMapping","C:\WINDOWS\system32\imm32.dll","SUCCESS","SyncType: SyncTypeOther"

19:10:57,0648909,"12fb7332920a7797c2d02df29b57c640.exe","1964","CloseFile","C:\WINDOWS\system32\imm32.dll","SUCCESS",""

19:10:57,0651650,"12fb7332920a7797c2d02df29b57c640.exe","1964","QueryOpen","C:\WINDOWS\system32\imm32.dll","SUCCESS","CreationTime: 14.04.2008 07:52:14, LastAccessTime: 26.08.2013 19:10:57, LastWriteTime: 14.04.2008 07:52:14, ChangeTime: 24.08.2013 22:09:35, AllocationSize: 110.592, EndOfFile: 110.080, FileAttributes: A"

19:10:57,0653854,"12fb7332920a7797c2d02df29b57c640.exe","1964","CreateFile","C:\WINDOWS\system32\imm32.dll","SUCCESS","Desired Access: Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"

19:10:57,0664347,"12fb7332920a7797c2d02df29b57c640.exe","1964","CreateFileMapping","C:\WINDOWS\system32\imm32.dll","SUCCESS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE"

19:10:57,0664858,"12fb7332920a7797c2d02df29b57c640.exe","1964","CreateFileMapping","C:\WINDOWS\system32\imm32.dll","SUCCESS","SyncType: SyncTypeOther"

19:10:57,0666699,"12fb7332920a7797c2d02df29b57c640.exe","1964","CloseFile","C:\WINDOWS\system32\imm32.dll","SUCCESS",""

19:10:57,0669300,"12fb7332920a7797c2d02df29b57c640.exe","1964","Load Image","C:\WINDOWS\system32\imm32.dll","SUCCESS","Image Base: 0x76330000, Image Size: 0x1d000"

19:10:57,0670985,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\IMM32.DLL","NAME NOT FOUND","Desired Access: Read"

19:10:57,0673510,"12fb7332920a7797c2d02df29b57c640.exe","1964","QueryOpen","C:\WINDOWS\system32\imm32.dll","SUCCESS","CreationTime: 14.04.2008 07:52:14, LastAccessTime: 26.08.2013 19:10:57, LastWriteTime: 14.04.2008 07:52:14, ChangeTime: 24.08.2013 22:09:35, AllocationSize: 110.592, EndOfFile: 110.080, FileAttributes: A"

19:10:57,0673862,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ntdll.dll","NAME NOT FOUND","Desired Access: Read"

19:10:57,0674027,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kernel32.dll","NAME NOT FOUND","Desired Access: Read"

19:10:57,0674248,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Secur32.dll","NAME NOT FOUND","Desired Access: Read"

19:10:57,0674524,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RPCRT4.dll","NAME NOT FOUND","Desired Access: Read"

19:10:57,0674658,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ADVAPI32.dll","NAME NOT FOUND","Desired Access: Read"

19:10:57,0674784,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msvcrt.dll","NAME NOT FOUND","Desired Access: Read"

19:10:57,0674988,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WS2HELP.dll","NAME NOT FOUND","Desired Access: Read"

19:10:57,0675125,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WS2_32.dll","NAME NOT FOUND","Desired Access: Read"

19:10:57,0677670,"12fb7332920a7797c2d02df29b57c640.exe","1964","QueryOpen","C:\WINDOWS\system32\imm32.dll","SUCCESS","CreationTime: 14.04.2008 07:52:14, LastAccessTime: 26.08.2013 19:10:57, LastWriteTime: 14.04.2008 07:52:14, ChangeTime: 24.08.2013 22:09:35, AllocationSize: 110.592, EndOfFile: 110.080, FileAttributes: A"

19:10:57,0677826,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegOpenKey","HKLM\System\CurrentControlSet\Control\Error Message Instrument\","NAME NOT FOUND","Desired Access: Read"

19:10:57,0678142,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\GRE_Initialize","SUCCESS","Desired Access: Read"

19:10:57,0678480,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles","NAME NOT FOUND","Length: 20"

19:10:57,0678712,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize","SUCCESS",""

19:10:57,0680363,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\Compatibility32","SUCCESS","Desired Access: Read"

19:10:57,0680609,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Compatibility32\12fb7332920a7797c2d02df29b57c640","NAME NOT FOUND","Length: 172"

19:10:57,0680787,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Compatibility32","SUCCESS",""

19:10:57,0680927,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\IME Compatibility","SUCCESS","Desired Access: Read"

19:10:57,0681145,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IME Compatibility\12fb7332920a7797c2d02df29b57c640","NAME NOT FOUND","Length: 172"

19:10:57,0681310,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IME Compatibility","SUCCESS",""

19:10:57,0682980,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows","SUCCESS","Desired Access: Read"

19:10:57,0683173,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs","SUCCESS","Type: REG_SZ, Length: 2, Data: "

19:10:57,0683765,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows","SUCCESS",""

19:10:57,0686660,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegOpenKey","HKLM\System\CurrentControlSet\Control\Terminal Server","SUCCESS","Desired Access: Read"

19:10:57,0686869,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegQueryValue","HKLM\System\CurrentControlSet\Control\Terminal Server\TSAppCompat","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"

19:10:57,0686992,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegQueryValue","HKLM\System\CurrentControlSet\Control\Terminal Server\TSUserEnabled","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"

19:10:57,0687218,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegCloseKey","HKLM\System\CurrentControlSet\Control\Terminal Server","SUCCESS",""

19:10:57,0687372,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon","SUCCESS","Desired Access: Read"

19:10:57,0687551,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\LeakTrack","NAME NOT FOUND","Length: 144"

19:10:57,0687811,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon","SUCCESS",""

19:10:57,0687894,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed"

19:10:57,0688051,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\Diagnostics","NAME NOT FOUND","Desired Access: Read"

19:10:57,0693468,"12fb7332920a7797c2d02df29b57c640.exe","1964","ReadFile","C:\Dokumente und Einstellungen\brabetz\Desktop\12fb7332920a7797c2d02df29b57c640.exe","SUCCESS","Offset: 4.096, Length: 24.576, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O"

19:10:57,0983633,"12fb7332920a7797c2d02df29b57c640.exe","1964","ReadFile","C:\Dokumente und Einstellungen\brabetz\Desktop\12fb7332920a7797c2d02df29b57c640.exe","SUCCESS","Offset: 32.768, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O"

19:10:57,1155278,"12fb7332920a7797c2d02df29b57c640.exe","1964","ReadFile","C:\WINDOWS\system32\sortkey.nls","SUCCESS","Offset: 32.768, Length: 32.768, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O"

19:10:57,1431145,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegOpenKey","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters","SUCCESS","Desired Access: Maximum Allowed"

19:10:57,1431453,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\WinSock_Registry_Version","SUCCESS","Type: REG_SZ, Length: 8, Data: 2.0"

19:10:57,1431710,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\WinSock_Registry_Version","SUCCESS","Type: REG_SZ, Length: 8, Data: 2.0"

19:10:57,1432051,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegOpenKey","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9","SUCCESS","Desired Access: Maximum Allowed"

19:10:57,1432229,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Serial_Access_Num","SUCCESS","Type: REG_DWORD, Length: 4, Data: 4"

19:10:57,1432458,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Serial_Access_Num","SUCCESS","Type: REG_DWORD, Length: 4, Data: 4"

19:10:57,1432961,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegOpenKey","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog90000004","NAME NOT FOUND","Desired Access: Maximum Allowed"

19:10:57,1433098,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Next_Catalog_Entry_ID","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1012"

19:10:57,1433224,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Num_Catalog_Entries","SUCCESS","Type: REG_DWORD, Length: 4, Data: 11"

19:10:57,1433344,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegOpenKey","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries","SUCCESS","Desired Access: Maximum Allowed"

19:10:57,1433528,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegOpenKey","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries00000000001","SUCCESS","Desired Access: Read"

19:10:57,1433702,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries00000000001\PackedCatalogItem","BUFFER OVERFLOW","Length: 144"

19:10:57,1433838,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries00000000001\PackedCatalogItem","BUFFER OVERFLOW","Length: 144"

19:10:57,1434157,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries00000000001\PackedCatalogItem","SUCCESS","Type: REG_BINARY, Length: 888, Data: 25 53 79 73 74 65 6D 52 6F 6F 74 25 5C 73 79 73"

19:10:57,1434411,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegCloseKey","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries00000000001","SUCCESS",""

19:10:57,1434520,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegOpenKey","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries00000000002","SUCCESS","Desired Access: Read"

19:10:57,1434702,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries00000000002\PackedCatalogItem","BUFFER OVERFLOW","Length: 144"

19:10:57,1434836,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries00000000002\PackedCatalogItem","BUFFER OVERFLOW","Length: 144"

19:10:57,1434964,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries00000000002\PackedCatalogItem","SUCCESS","Type: REG_BINARY, Length: 888, Data: 25 53 79 73 74 65 6D 52 6F 6F 74 25 5C 73 79 73"

19:10:57,1435202,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegCloseKey","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries00000000002","SUCCESS",""

19:10:57,1435300,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegOpenKey","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries00000000003","SUCCESS","Desired Access: Read"

19:10:57,1435473,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries00000000003\PackedCatalogItem","BUFFER OVERFLOW","Length: 144"

19:10:57,1435607,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries00000000003\PackedCatalogItem","BUFFER OVERFLOW","Length: 144"

19:10:57,1435735,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries00000000003\PackedCatalogItem","SUCCESS","Type: REG_BINARY, Length: 888, Data: 25 53 79 73 74 65 6D 52 6F 6F 74 25 5C 73 79 73"

19:10:57,1435967,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegCloseKey","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries00000000003","SUCCESS",""

19:10:57,1436065,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegOpenKey","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries00000000004","SUCCESS","Desired Access: Read"

19:10:57,1436238,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries00000000004\PackedCatalogItem","BUFFER OVERFLOW","Length: 144"

19:10:57,1436375,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries00000000004\PackedCatalogItem","BUFFER OVERFLOW","Length: 144"

19:10:57,1436504,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries00000000004\PackedCatalogItem","SUCCESS","Type: REG_BINARY, Length: 888, Data: 25 53 79 73 74 65 6D 52 6F 6F 74 25 5C 73 79 73"

19:10:57,1436735,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegCloseKey","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries00000000004","SUCCESS",""

19:10:57,1436833,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegOpenKey","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries00000000005","SUCCESS","Desired Access: Read"

19:10:57,1437004,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries00000000005\PackedCatalogItem","BUFFER OVERFLOW","Length: 144"

19:10:57,1437138,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries00000000005\PackedCatalogItem","BUFFER OVERFLOW","Length: 144"

19:10:57,1437437,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries00000000005\PackedCatalogItem","SUCCESS","Type: REG_BINARY, Length: 888, Data: 25 53 79 73 74 65 6D 52 6F 6F 74 25 5C 73 79 73"

19:10:57,1437680,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegCloseKey","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries00000000005","SUCCESS",""

19:10:57,1437780,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegOpenKey","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries00000000006","SUCCESS","Desired Access: Read"

19:10:57,1437956,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries00000000006\PackedCatalogItem","BUFFER OVERFLOW","Length: 144"

19:10:57,1438090,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries00000000006\PackedCatalogItem","BUFFER OVERFLOW","Length: 144"

19:10:57,1438219,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries00000000006\PackedCatalogItem","SUCCESS","Type: REG_BINARY, Length: 888, Data: 25 53 79 73 74 65 6D 52 6F 6F 74 25 5C 73 79 73"

19:10:57,1438454,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegCloseKey","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries00000000006","SUCCESS",""

19:10:57,1438551,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegOpenKey","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries00000000007","SUCCESS","Desired Access: Read"

19:10:57,1438725,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries00000000007\PackedCatalogItem","BUFFER OVERFLOW","Length: 144"

19:10:57,1438856,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries00000000007\PackedCatalogItem","BUFFER OVERFLOW","Length: 144"

19:10:57,1438984,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries00000000007\PackedCatalogItem","SUCCESS","Type: REG_BINARY, Length: 888, Data: 25 53 79 73 74 65 6D 52 6F 6F 74 25 5C 73 79 73"

19:10:57,1439219,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegCloseKey","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries00000000007","SUCCESS",""

19:10:57,1439317,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegOpenKey","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries00000000008","SUCCESS","Desired Access: Read"

19:10:57,1439501,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries00000000008\PackedCatalogItem","BUFFER OVERFLOW","Length: 144"

19:10:57,1439649,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries00000000008\PackedCatalogItem","BUFFER OVERFLOW","Length: 144"

19:10:57,1439778,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries00000000008\PackedCatalogItem","SUCCESS","Type: REG_BINARY, Length: 888, Data: 25 53 79 73 74 65 6D 52 6F 6F 74 25 5C 73 79 73"

19:10:57,1440010,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegCloseKey","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries00000000008","SUCCESS",""

19:10:57,1440107,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegOpenKey","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries00000000009","SUCCESS","Desired Access: Read"

19:10:57,1440275,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries00000000009\PackedCatalogItem","BUFFER OVERFLOW","Length: 144"

19:10:57,1440409,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries00000000009\PackedCatalogItem","BUFFER OVERFLOW","Length: 144"

19:10:57,1440538,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries00000000009\PackedCatalogItem","SUCCESS","Type: REG_BINARY, Length: 888, Data: 25 53 79 73 74 65 6D 52 6F 6F 74 25 5C 73 79 73"

19:10:57,1440772,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegCloseKey","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries00000000009","SUCCESS",""

19:10:57,1440873,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegOpenKey","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries00000000010","SUCCESS","Desired Access: Read"

19:10:57,1441040,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries00000000010\PackedCatalogItem","BUFFER OVERFLOW","Length: 144"

19:10:57,1441175,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries00000000010\PackedCatalogItem","BUFFER OVERFLOW","Length: 144"

19:10:57,1441468,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries00000000010\PackedCatalogItem","SUCCESS","Type: REG_BINARY, Length: 888, Data: 25 53 79 73 74 65 6D 52 6F 6F 74 25 5C 73 79 73"

19:10:57,1441761,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegCloseKey","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries00000000010","SUCCESS",""

19:10:57,1441862,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegOpenKey","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries00000000011","SUCCESS","Desired Access: Read"

19:10:57,1442060,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries00000000011\PackedCatalogItem","BUFFER OVERFLOW","Length: 144"

19:10:57,1442228,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries00000000011\PackedCatalogItem","BUFFER OVERFLOW","Length: 144"

19:10:57,1442356,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries00000000011\PackedCatalogItem","SUCCESS","Type: REG_BINARY, Length: 888, Data: 25 53 79 73 74 65 6D 52 6F 6F 74 25 5C 73 79 73"

19:10:57,1442591,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegCloseKey","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries00000000011","SUCCESS",""

19:10:57,1442784,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegCloseKey","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries","SUCCESS",""

19:10:57,1443066,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegOpenKey","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5","SUCCESS","Desired Access: Maximum Allowed"

19:10:57,1443247,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Serial_Access_Num","SUCCESS","Type: REG_DWORD, Length: 4, Data: 4"

19:10:57,1443404,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Serial_Access_Num","SUCCESS","Type: REG_DWORD, Length: 4, Data: 4"

19:10:57,1443538,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegOpenKey","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog50000004","NAME NOT FOUND","Desired Access: Maximum Allowed"

19:10:57,1443667,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Num_Catalog_Entries","SUCCESS","Type: REG_DWORD, Length: 4, Data: 3"

19:10:57,1443789,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegOpenKey","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries","SUCCESS","Desired Access: Maximum Allowed"

19:10:57,1443965,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegOpenKey","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries00000000001","SUCCESS","Desired Access: Read"

19:10:57,1444136,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries00000000001\LibraryPath","SUCCESS","Type: REG_SZ, Length: 68, Data: %SystemRoot%\System32\mswsock.dll"

19:10:57,1444284,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries00000000001\LibraryPath","SUCCESS","Type: REG_SZ, Length: 68, Data: %SystemRoot%\System32\mswsock.dll"

19:10:57,1444421,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries00000000001\DisplayString","SUCCESS","Type: REG_SZ, Length: 14, Data: TCP/IP"

19:10:57,1444555,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries00000000001\DisplayString","SUCCESS","Type: REG_SZ, Length: 14, Data: TCP/IP"

19:10:57,1444689,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries00000000001\DisplayString","SUCCESS","Type: REG_SZ, Length: 14, Data: TCP/IP"

19:10:57,1444820,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries00000000001\DisplayString","SUCCESS","Type: REG_SZ, Length: 14, Data: TCP/IP"

19:10:57,1444957,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries00000000001\ProviderId","SUCCESS","Type: REG_BINARY, Length: 16, Data: 40 9D 05 22 9E 7E CF 11 AE 5A 00 AA 00 A7 11 2B"

19:10:57,1445091,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries00000000001\AddressFamily","NAME NOT FOUND","Length: 144"

19:10:57,1445225,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries00000000001\SupportedNameSpace","SUCCESS","Type: REG_DWORD, Length: 4, Data: 12"

19:10:57,1445359,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries00000000001\Enabled","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1"

19:10:57,1445488,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries00000000001\Version","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"

19:10:57,1445622,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries00000000001\StoresServiceClassInfo","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"

19:10:57,1445854,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegCloseKey","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries00000000001","SUCCESS",""

19:10:57,1445957,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegOpenKey","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries00000000002","SUCCESS","Desired Access: Read"

19:10:57,1446131,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries00000000002\LibraryPath","SUCCESS","Type: REG_SZ, Length: 66, Data: %SystemRoot%\System32\winrnr.dll"

19:10:57,1446267,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries00000000002\LibraryPath","SUCCESS","Type: REG_SZ, Length: 66, Data: %SystemRoot%\System32\winrnr.dll"

19:10:57,1446402,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries00000000002\DisplayString","SUCCESS","Type: REG_SZ, Length: 10, Data: NTDS"

19:10:57,1446533,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries00000000002\DisplayString","SUCCESS","Type: REG_SZ, Length: 10, Data: NTDS"

19:10:57,1446667,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries00000000002\DisplayString","SUCCESS","Type: REG_SZ, Length: 10, Data: NTDS"

19:10:57,1446801,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries00000000002\DisplayString","SUCCESS","Type: REG_SZ, Length: 10, Data: NTDS"

19:10:57,1446935,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries00000000002\ProviderId","SUCCESS","Type: REG_BINARY, Length: 16, Data: EE 37 26 3B 80 E5 CF 11 A5 55 00 C0 4F D8 D4 AC"

19:10:57,1447066,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries00000000002\AddressFamily","NAME NOT FOUND","Length: 144"

19:10:57,1447214,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries00000000002\SupportedNameSpace","SUCCESS","Type: REG_DWORD, Length: 4, Data: 32"

19:10:57,1447349,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries00000000002\Enabled","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1"

19:10:57,1447477,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries00000000002\Version","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"

19:10:57,1447608,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries00000000002\StoresServiceClassInfo","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"

19:10:57,1447840,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegCloseKey","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries00000000002","SUCCESS",""

19:10:57,1447944,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegOpenKey","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries00000000003","SUCCESS","Desired Access: Read"

19:10:57,1448117,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries00000000003\LibraryPath","SUCCESS","Type: REG_SZ, Length: 68, Data: %SystemRoot%\System32\mswsock.dll"

19:10:57,1448251,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries00000000003\LibraryPath","SUCCESS","Type: REG_SZ, Length: 68, Data: %SystemRoot%\System32\mswsock.dll"

19:10:57,1448385,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries00000000003\DisplayString","SUCCESS","Type: REG_SZ, Length: 28, Data: NLA-Namespace"

19:10:57,1448519,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries00000000003\DisplayString","SUCCESS","Type: REG_SZ, Length: 28, Data: NLA-Namespace"

19:10:57,1448650,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries00000000003\DisplayString","SUCCESS","Type: REG_SZ, Length: 28, Data: NLA-Namespace"

19:10:57,1448784,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries00000000003\DisplayString","SUCCESS","Type: REG_SZ, Length: 28, Data: NLA-Namespace"

19:10:57,1448919,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries00000000003\ProviderId","SUCCESS","Type: REG_BINARY, Length: 16, Data: 3A 24 42 66 A8 3B A6 4A BA A5 2E 0B D7 1F DD 83"

19:10:57,1449053,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries00000000003\AddressFamily","NAME NOT FOUND","Length: 144"

19:10:57,1449181,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries00000000003\SupportedNameSpace","SUCCESS","Type: REG_DWORD, Length: 4, Data: 15"

19:10:57,1449315,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries00000000003\Enabled","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1"

19:10:57,1449444,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries00000000003\Version","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"

19:10:57,1449575,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries00000000003\StoresServiceClassInfo","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"

19:10:57,1449807,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegCloseKey","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries00000000003","SUCCESS",""

19:10:57,1450000,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegCloseKey","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries","SUCCESS",""

19:10:57,1464929,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegCloseKey","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters","SUCCESS",""

19:10:57,1465032,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegOpenKey","HKLM\System\CurrentControlSet\Services\Winsock2\Parameters","SUCCESS","Desired Access: Query Value"

19:10:57,1465239,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Ws2_32NumHandleBuckets","NAME NOT FOUND","Length: 144"

19:10:57,1465468,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegCloseKey","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters","SUCCESS",""

19:10:57,1468591,"12fb7332920a7797c2d02df29b57c640.exe","1964","Load Image","C:\WINDOWS\system32\netapi32.dll","SUCCESS","Image Base: 0x597d0000, Image Size: 0x55000"

19:10:57,1471782,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NetApi32.dll","NAME NOT FOUND","Desired Access: Read"

19:10:57,1475201,"12fb7332920a7797c2d02df29b57c640.exe","1964","Load Image","C:\WINDOWS\system32\mpr.dll","SUCCESS","Image Base: 0x71a80000, Image Size: 0x12000"

19:10:57,1476637,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Mpr.dll","NAME NOT FOUND","Desired Access: Read"

19:10:57,1476905,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegOpenKey","HKLM\system\CurrentControlSet\control\NetworkProvider\HwOrder","SUCCESS","Desired Access: Read"

19:10:57,1510538,"12fb7332920a7797c2d02df29b57c640.exe","1964","QueryOpen","C:\Dokumente und Einstellungen\brabetz\Desktop\dnsapi.dll","NAME NOT FOUND",""

19:10:57,1512832,"12fb7332920a7797c2d02df29b57c640.exe","1964","QueryOpen","C:\WINDOWS\system32\dnsapi.dll","SUCCESS","CreationTime: 14.04.2008 07:52:10, LastAccessTime: 26.08.2013 19:10:47, LastWriteTime: 14.04.2008 07:52:10, ChangeTime: 24.08.2013 22:09:34, AllocationSize: 151.552, EndOfFile: 147.968, FileAttributes: A"

19:10:57,1515050,"12fb7332920a7797c2d02df29b57c640.exe","1964","CreateFile","C:\WINDOWS\system32\dnsapi.dll","SUCCESS","Desired Access: Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"

19:10:57,1529988,"12fb7332920a7797c2d02df29b57c640.exe","1964","CreateFileMapping","C:\WINDOWS\system32\dnsapi.dll","SUCCESS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE"

19:10:57,1530510,"12fb7332920a7797c2d02df29b57c640.exe","1964","CreateFileMapping","C:\WINDOWS\system32\dnsapi.dll","SUCCESS","SyncType: SyncTypeOther"

19:10:57,1532387,"12fb7332920a7797c2d02df29b57c640.exe","1964","CloseFile","C:\WINDOWS\system32\dnsapi.dll","SUCCESS",""

19:10:57,1535675,"12fb7332920a7797c2d02df29b57c640.exe","1964","Load Image","C:\WINDOWS\system32\dnsapi.dll","SUCCESS","Image Base: 0x76ee0000, Image Size: 0x27000"

19:10:57,1538019,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dnsapi.dll","NAME NOT FOUND","Desired Access: Read"

19:10:57,1538438,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegCreateKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters","SUCCESS","Desired Access: Read"

19:10:57,1538645,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegOpenKey","HKLM\System\CurrentControlSet\Services\DnsCache\Parameters","SUCCESS","Desired Access: Read"

19:10:57,1538829,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegOpenKey","HKLM\Software\Policies\Microsoft\Windows NT\DnsClient","NAME NOT FOUND","Desired Access: Read"

19:10:57,1538980,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegQueryValue","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\QueryAdapterName","NAME NOT FOUND","Length: 144"

19:10:57,1539109,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DisableAdapterDomainName","NAME NOT FOUND","Length: 144"

19:10:57,1539243,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegQueryValue","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\UseDomainNameDevolution","NAME NOT FOUND","Length: 144"

19:10:57,1539355,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\UseDomainNameDevolution","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1"

19:10:57,1539480,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegQueryValue","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\PrioritizeRecordData","NAME NOT FOUND","Length: 144"

19:10:57,1539592,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\PrioritizeRecordData","NAME NOT FOUND","Length: 144"

19:10:57,1539707,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegQueryValue","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\AllowUnqualifiedQuery","NAME NOT FOUND","Length: 144"

19:10:57,1539818,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\AllowUnqualifiedQuery","NAME NOT FOUND","Length: 144"

19:10:57,1539936,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegQueryValue","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\AppendToMultiLabelName","NAME NOT FOUND","Length: 144"

19:10:57,1540047,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegQueryValue","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\ScreenBadTlds","NAME NOT FOUND","Length: 144"

19:10:57,1540159,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegQueryValue","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\ScreenUnreachableServers","NAME NOT FOUND","Length: 144"

19:10:57,1540274,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegQueryValue","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\FilterClusterIp","NAME NOT FOUND","Length: 144"

19:10:57,1540386,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegQueryValue","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\WaitForNameErrorOnAll","NAME NOT FOUND","Length: 144"

19:10:57,1540494,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegQueryValue","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\UseEdns","NAME NOT FOUND","Length: 144"

19:10:57,1540606,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegQueryValue","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\QueryIpMatching","NAME NOT FOUND","Length: 144"

19:10:57,1540718,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegQueryValue","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\UseHostsFile","NAME NOT FOUND","Length: 144"

19:10:57,1540830,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegQueryValue","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\RegistrationEnabled","NAME NOT FOUND","Length: 144"

19:10:57,1540941,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DisableDynamicUpdate","NAME NOT FOUND","Length: 144"

19:10:57,1541062,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegQueryValue","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\RegisterPrimaryName","NAME NOT FOUND","Length: 144"

19:10:57,1541173,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegQueryValue","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\RegisterAdapterName","NAME NOT FOUND","Length: 144"

19:10:57,1541285,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\EnableAdapterDomainNameRegistration","NAME NOT FOUND","Length: 144"

19:10:57,1541402,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegQueryValue","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\RegisterReverseLookup","NAME NOT FOUND","Length: 144"

19:10:57,1541517,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DisableReverseAddressRegistrations","NAME NOT FOUND","Length: 144"

19:10:57,1541634,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegQueryValue","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\RegisterWanAdapters","NAME NOT FOUND","Length: 144"

19:10:57,1541746,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DisableWanDynamicUpdate","NAME NOT FOUND","Length: 144"

19:10:57,1541863,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegQueryValue","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\RegistrationTtl","NAME NOT FOUND","Length: 144"

19:10:57,1541975,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DefaultRegistrationTTL","NAME NOT FOUND","Length: 144"

19:10:57,1542095,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegQueryValue","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\RegistrationRefreshInterval","NAME NOT FOUND","Length: 144"

19:10:57,1542207,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DefaultRegistrationRefreshInterval","NAME NOT FOUND","Length: 144"

19:10:57,1542324,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegQueryValue","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\RegistrationMaxAddressCount","NAME NOT FOUND","Length: 144"

19:10:57,1542439,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\MaxNumberOfAddressesToRegister","NAME NOT FOUND","Length: 144"

19:10:57,1542553,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegQueryValue","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\UpdateSecurityLevel","NAME NOT FOUND","Length: 144"

19:10:57,1542665,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\UpdateSecurityLevel","NAME NOT FOUND","Length: 144"

19:10:57,1542791,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegQueryValue","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\UpdateZoneExcludeFile","NAME NOT FOUND","Length: 144"

19:10:57,1542903,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegQueryValue","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\UpdateTopLevelDomainZones","NAME NOT FOUND","Length: 144"

19:10:57,1543014,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegQueryValue","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\DnsTest","NAME NOT FOUND","Length: 144"

19:10:57,1543207,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegQueryValue","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\MaxCacheSize","NAME NOT FOUND","Length: 144"

19:10:57,1543322,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegQueryValue","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\MaxCacheTtl","NAME NOT FOUND","Length: 144"

19:10:57,1543431,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegQueryValue","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\MaxNegativeCacheTtl","NAME NOT FOUND","Length: 144"

19:10:57,1543542,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegQueryValue","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\AdapterTimeoutLimit","NAME NOT FOUND","Length: 144"

19:10:57,1543654,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegQueryValue","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\ServerPriorityTimeLimit","NAME NOT FOUND","Length: 144"

19:10:57,1543769,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegQueryValue","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\MaxCachedSockets","NAME NOT FOUND","Length: 144"

19:10:57,1543878,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegQueryValue","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\MulticastListenLevel","NAME NOT FOUND","Length: 144"

19:10:57,1543992,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegQueryValue","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\MulticastSendLevel","NAME NOT FOUND","Length: 144"

19:10:57,1544109,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegOpenKey","HKLM\System\Setup","SUCCESS","Desired Access: Query Value"

19:10:57,1544260,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"

19:10:57,1556178,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""

19:10:57,1556575,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegCloseKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters","SUCCESS",""

19:10:57,1556767,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegCloseKey","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters","SUCCESS",""

19:10:57,1556860,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegOpenKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters","SUCCESS","Desired Access: Query Value"

19:10:57,1557066,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DnsQueryTimeouts","NAME NOT FOUND","Length: 144"

19:10:57,1557192,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DnsQuickQueryTimeouts","NAME NOT FOUND","Length: 144"

19:10:57,1557309,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DnsMulticastQueryTimeouts","NAME NOT FOUND","Length: 144"

19:10:57,1577759,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegCloseKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters","SUCCESS",""

19:10:57,1579259,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegOpenKey","HKLM\Software\Microsoft\Rpc\PagedBuffers","NAME NOT FOUND","Desired Access: Read"

19:10:57,1579404,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegOpenKey","HKLM\Software\Microsoft\Rpc","SUCCESS","Desired Access: Read"

19:10:57,1579586,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegQueryValue","HKLM\SOFTWARE\Microsoft\Rpc\MaxRpcSize","NAME NOT FOUND","Length: 144"

19:10:57,1579815,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegCloseKey","HKLM\SOFTWARE\Microsoft\Rpc","SUCCESS",""

19:10:57,1579905,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\12fb7332920a7797c2d02df29b57c640.exe\RpcThreadPoolThrottle","NAME NOT FOUND","Desired Access: Read"

19:10:57,1580441,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegOpenKey","HKLM\Software\Policies\Microsoft\Windows NT\Rpc","NAME NOT FOUND","Desired Access: Read"

19:10:57,1582363,"12fb7332920a7797c2d02df29b57c640.exe","1964","QueryNameInformationFile","C:\Dokumente und Einstellungen\brabetz\Desktop\12fb7332920a7797c2d02df29b57c640.exe","BUFFER OVERFLOW","Name: \D"

19:10:57,1582626,"12fb7332920a7797c2d02df29b57c640.exe","1964","QueryNameInformationFile","C:\Dokumente und Einstellungen\brabetz\Desktop\12fb7332920a7797c2d02df29b57c640.exe","SUCCESS","Name: \Dokumente und Einstellungen\brabetz\Desktop\12fb7332920a7797c2d02df29b57c640.exe"

19:10:57,1583226,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegSetValue","HKLM\SOFTWARE\Microsoft\Cryptography\RNG\Seed","SUCCESS","Type: REG_BINARY, Length: 80, Data: 1E E9 2C 1C 82 12 D6 A3 99 26 67 AF 5B A8 71 32"

19:10:57,1585590,"12fb7332920a7797c2d02df29b57c640.exe","1964","SetEndOfFileInformationFile","C:\WINDOWS\system32\config\software.LOG","SUCCESS","EndOfFile: 8.192"

19:10:57,1623133,"12fb7332920a7797c2d02df29b57c640.exe","1964","SetEndOfFileInformationFile","C:\WINDOWS\system32\config\software.LOG","SUCCESS","EndOfFile: 8.192"

19:10:57,5180960,"12fb7332920a7797c2d02df29b57c640.exe","1964","ReadFile","C:\WINDOWS\system32\dnsapi.dll","SUCCESS","Offset: 50.176, Length: 12.288, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O"

19:10:57,5273251,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 188"

19:10:57,5288457,"12fb7332920a7797c2d02df29b57c640.exe","1964","QueryOpen","C:\WINDOWS\system32\mswsock.dll","SUCCESS","CreationTime: 14.04.2008 07:52:20, LastAccessTime: 26.08.2013 19:10:57, LastWriteTime: 14.04.2008 07:52:20, ChangeTime: 24.08.2013 22:09:35, AllocationSize: 249.856, EndOfFile: 247.296, FileAttributes: A"

19:10:57,5290678,"12fb7332920a7797c2d02df29b57c640.exe","1964","CreateFile","C:\WINDOWS\system32\mswsock.dll","SUCCESS","Desired Access: Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"

19:10:57,5302945,"12fb7332920a7797c2d02df29b57c640.exe","1964","CreateFileMapping","C:\WINDOWS\system32\mswsock.dll","SUCCESS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE"

19:10:57,5303073,"12fb7332920a7797c2d02df29b57c640.exe","1964","QueryStandardInformationFile","C:\WINDOWS\system32\mswsock.dll","SUCCESS","AllocationSize: 249.856, EndOfFile: 247.296, NumberOfLinks: 1, DeletePending: False, Directory: False"

19:10:57,5303319,"12fb7332920a7797c2d02df29b57c640.exe","1964","CreateFileMapping","C:\WINDOWS\system32\mswsock.dll","SUCCESS","SyncType: SyncTypeOther"

19:10:57,5305146,"12fb7332920a7797c2d02df29b57c640.exe","1964","CloseFile","C:\WINDOWS\system32\mswsock.dll","SUCCESS",""

19:10:57,5320388,"12fb7332920a7797c2d02df29b57c640.exe","1964","QueryOpen","C:\WINDOWS\system32\mswsock.dll","SUCCESS","CreationTime: 14.04.2008 07:52:20, LastAccessTime: 26.08.2013 19:10:57, LastWriteTime: 14.04.2008 07:52:20, ChangeTime: 24.08.2013 22:09:35, AllocationSize: 249.856, EndOfFile: 247.296, FileAttributes: A"

19:10:57,5322673,"12fb7332920a7797c2d02df29b57c640.exe","1964","CreateFile","C:\WINDOWS\system32\mswsock.dll","SUCCESS","Desired Access: Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"

19:10:57,5324433,"12fb7332920a7797c2d02df29b57c640.exe","1964","CreateFileMapping","C:\WINDOWS\system32\mswsock.dll","SUCCESS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE"

19:10:57,5324961,"12fb7332920a7797c2d02df29b57c640.exe","1964","CreateFileMapping","C:\WINDOWS\system32\mswsock.dll","SUCCESS","SyncType: SyncTypeOther"

19:10:57,5326803,"12fb7332920a7797c2d02df29b57c640.exe","1964","CloseFile","C:\WINDOWS\system32\mswsock.dll","SUCCESS",""

19:10:57,5374043,"12fb7332920a7797c2d02df29b57c640.exe","1964","Load Image","C:\WINDOWS\system32\mswsock.dll","SUCCESS","Image Base: 0x719b0000, Image Size: 0x40000"

19:10:57,5375831,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mswsock.dll","NAME NOT FOUND","Desired Access: Read"

19:10:57,5378463,"12fb7332920a7797c2d02df29b57c640.exe","1964","QueryOpen","C:\Dokumente und Einstellungen\brabetz\Desktop\hnetcfg.dll","NAME NOT FOUND",""

19:10:57,5380790,"12fb7332920a7797c2d02df29b57c640.exe","1964","QueryOpen","C:\WINDOWS\system32\hnetcfg.dll","SUCCESS","CreationTime: 14.04.2008 07:52:12, LastAccessTime: 26.08.2013 19:10:57, LastWriteTime: 14.04.2008 07:52:12, ChangeTime: 24.08.2013 22:09:35, AllocationSize: 352.256, EndOfFile: 348.672, FileAttributes: A"

19:10:57,5402242,"12fb7332920a7797c2d02df29b57c640.exe","1964","CreateFile","C:\WINDOWS\system32\hnetcfg.dll","SUCCESS","Desired Access: Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"

19:10:57,5403999,"12fb7332920a7797c2d02df29b57c640.exe","1964","CreateFileMapping","C:\WINDOWS\system32\hnetcfg.dll","SUCCESS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE"

19:10:57,5404533,"12fb7332920a7797c2d02df29b57c640.exe","1964","CreateFileMapping","C:\WINDOWS\system32\hnetcfg.dll","SUCCESS","SyncType: SyncTypeOther"

19:10:57,5406500,"12fb7332920a7797c2d02df29b57c640.exe","1964","CloseFile","C:\WINDOWS\system32\hnetcfg.dll","SUCCESS",""

19:10:57,5514941,"12fb7332920a7797c2d02df29b57c640.exe","1964","Load Image","C:\WINDOWS\system32\hnetcfg.dll","SUCCESS","Image Base: 0x66710000, Image Size: 0x59000"

19:10:57,5516958,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hnetcfg.dll","NAME NOT FOUND","Desired Access: Read"

19:10:57,5518089,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegOpenKey","HKLM\Software\Microsoft\Rpc\SecurityService","SUCCESS","Desired Access: Read"

19:10:57,5518305,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegQueryValue","HKLM\SOFTWARE\Microsoft\Rpc\SecurityService\DefaultAuthLevel","NAME NOT FOUND","Length: 144"

19:10:57,5518553,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegCloseKey","HKLM\SOFTWARE\Microsoft\Rpc\SecurityService","SUCCESS",""

19:10:57,5521227,"12fb7332920a7797c2d02df29b57c640.exe","1964","QueryOpen","C:\WINDOWS\system32\mswsock.dll","SUCCESS","CreationTime: 14.04.2008 07:52:20, LastAccessTime: 26.08.2013 19:10:57, LastWriteTime: 14.04.2008 07:52:20, ChangeTime: 24.08.2013 22:09:35, AllocationSize: 249.856, EndOfFile: 247.296, FileAttributes: A"

19:10:57,5521696,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Services\Winsock\Parameters","SUCCESS","Desired Access: Read"

19:10:57,5521936,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegQueryValue","HKLM\System\CurrentControlSet\Services\Winsock\Parameters\Transports","SUCCESS","Type: REG_MULTI_SZ, Length: 30, Data: Tcpip, NetBIOS"

19:10:57,5522065,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegQueryValue","HKLM\System\CurrentControlSet\Services\Winsock\Parameters\Transports","SUCCESS","Type: REG_MULTI_SZ, Length: 30, Data: Tcpip, NetBIOS"

19:10:57,5522294,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegCloseKey","HKLM\System\CurrentControlSet\Services\Winsock\Parameters","SUCCESS",""

19:10:57,5522380,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegOpenKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock","SUCCESS","Desired Access: Read"

19:10:57,5522593,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock\Mapping","BUFFER OVERFLOW","Length: 144"

19:10:57,5522922,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock\Mapping","BUFFER OVERFLOW","Length: 144"

19:10:57,5523048,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock\Mapping","SUCCESS","Type: REG_BINARY, Length: 140, Data: 0B 00 00 00 03 00 00 00 02 00 00 00 01 00 00 00"

19:10:57,5523277,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegCloseKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock","SUCCESS",""

19:10:57,5523456,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegOpenKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock","SUCCESS","Desired Access: Read"

19:10:57,5523652,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock\MinSockaddrLength","SUCCESS","Type: REG_DWORD, Length: 4, Data: 16"

19:10:57,5523774,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock\MaxSockaddrLength","SUCCESS","Type: REG_DWORD, Length: 4, Data: 16"

19:10:57,5523895,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock\UseDelayedAcceptance","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"

19:10:57,5524012,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock\HelperDllName","SUCCESS","Type: REG_EXPAND_SZ, Length: 70, Data: %SystemRoot%\System32\wshtcpip.dll"

19:10:57,5544087,"12fb7332920a7797c2d02df29b57c640.exe","1964","QueryOpen","C:\WINDOWS\system32\wshtcpip.dll","SUCCESS","CreationTime: 14.04.2008 07:52:34, LastAccessTime: 26.08.2013 19:10:57, LastWriteTime: 14.04.2008 07:52:34, ChangeTime: 24.08.2013 22:09:35, AllocationSize: 20.480, EndOfFile: 19.456, FileAttributes: A"

19:10:57,5546311,"12fb7332920a7797c2d02df29b57c640.exe","1964","CreateFile","C:\WINDOWS\system32\wshtcpip.dll","SUCCESS","Desired Access: Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"

19:10:57,5548068,"12fb7332920a7797c2d02df29b57c640.exe","1964","CreateFileMapping","C:\WINDOWS\system32\wshtcpip.dll","SUCCESS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE"

19:10:57,5548199,"12fb7332920a7797c2d02df29b57c640.exe","1964","QueryStandardInformationFile","C:\WINDOWS\system32\wshtcpip.dll","SUCCESS","AllocationSize: 20.480, EndOfFile: 19.456, NumberOfLinks: 1, DeletePending: False, Directory: False"

19:10:57,5548448,"12fb7332920a7797c2d02df29b57c640.exe","1964","CreateFileMapping","C:\WINDOWS\system32\wshtcpip.dll","SUCCESS","SyncType: SyncTypeOther"

19:10:57,5550275,"12fb7332920a7797c2d02df29b57c640.exe","1964","CloseFile","C:\WINDOWS\system32\wshtcpip.dll","SUCCESS",""

19:10:57,5577055,"12fb7332920a7797c2d02df29b57c640.exe","1964","QueryOpen","C:\WINDOWS\system32\wshtcpip.dll","SUCCESS","CreationTime: 14.04.2008 07:52:34, LastAccessTime: 26.08.2013 19:10:57, LastWriteTime: 14.04.2008 07:52:34, ChangeTime: 24.08.2013 22:09:35, AllocationSize: 20.480, EndOfFile: 19.456, FileAttributes: A"

19:10:57,5579273,"12fb7332920a7797c2d02df29b57c640.exe","1964","CreateFile","C:\WINDOWS\system32\wshtcpip.dll","SUCCESS","Desired Access: Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"

19:10:57,5581033,"12fb7332920a7797c2d02df29b57c640.exe","1964","CreateFileMapping","C:\WINDOWS\system32\wshtcpip.dll","SUCCESS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE"

19:10:57,5581542,"12fb7332920a7797c2d02df29b57c640.exe","1964","CreateFileMapping","C:\WINDOWS\system32\wshtcpip.dll","SUCCESS","SyncType: SyncTypeOther"

19:10:57,5583377,"12fb7332920a7797c2d02df29b57c640.exe","1964","CloseFile","C:\WINDOWS\system32\wshtcpip.dll","SUCCESS",""

19:10:57,5614875,"12fb7332920a7797c2d02df29b57c640.exe","1964","Load Image","C:\WINDOWS\system32\wshtcpip.dll","SUCCESS","Image Base: 0x719f0000, Image Size: 0x8000"

19:10:57,5615722,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wshtcpip.dll","NAME NOT FOUND","Desired Access: Read"

19:10:57,5616026,"12fb7332920a7797c2d02df29b57c640.exe","1964","RegCloseKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock","SUCCESS",""

19:10:57,5804986,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 232"

19:10:57,6103435,"12fb7332920a7797c2d02df29b57c640.exe","1964","ReadFile","C:\WINDOWS\system32\mswsock.dll","SUCCESS","Offset: 50.176, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O"

19:10:57,6132254,"12fb7332920a7797c2d02df29b57c640.exe","1964","QueryOpen","C:\WINDOWS\system32\mswsock.dll","SUCCESS","CreationTime: 14.04.2008 07:52:20, LastAccessTime: 26.08.2013 19:10:57, LastWriteTime: 14.04.2008 07:52:20, ChangeTime: 24.08.2013 22:09:35, AllocationSize: 249.856, EndOfFile: 247.296, FileAttributes: A"

19:10:57,6133279,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 236"

19:10:57,6473532,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 272"

19:10:57,7029002,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 1952"

19:10:57,7651053,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 1672"

19:10:57,8440665,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 308"

19:10:57,9058280,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 764"

19:10:57,9687234,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 968"

19:10:58,0533596,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 436"

19:10:58,1089918,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 424"

19:10:58,1717754,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 360"

19:10:58,2341228,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 536"

19:10:58,2965972,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 540"

19:10:58,3598055,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 112"

19:10:58,4214161,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 568"

19:10:58,4839710,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 576"

19:10:58,5463937,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 580"

19:10:58,6126287,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 588"

19:10:58,6714074,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 584"

19:10:58,7339223,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 1916"

19:10:58,7964149,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 1928"

19:10:58,8590773,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 372"

19:10:58,9213688,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 364"

19:10:58,9839711,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 440"

19:10:59,0464402,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 216"

19:10:59,1090580,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 528"

19:10:59,1713603,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 800"

19:10:59,2339280,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 1268"

19:10:59,2963709,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 592"

19:10:59,3589897,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 1948"

19:10:59,4213714,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 128"

19:10:59,4839341,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 688"

19:10:59,5464013,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 1908"

19:10:59,6089687,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 1896"

19:10:59,6714077,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 1900"

19:10:59,7339229,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 1912"

19:10:59,7963755,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 1924"

19:10:59,8676170,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 1904"

19:10:59,9214107,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 1892"

19:10:59,9839105,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 1888"

19:11:00,0463975,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 1120"

19:11:00,1089172,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 244"

19:11:00,1713746,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 1328"

19:11:00,2340792,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 1608"

19:11:00,2963541,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 1724"

19:11:00,3589263,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 740"

19:11:00,4214052,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 404"

19:11:00,4838584,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 784"

19:11:00,5463501,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 1336"

19:11:00,5513823,"12fb7332920a7797c2d02df29b57c640.exe","1964","TCP Reconnect","prd-01:1037 -> softbank060064040174.bbtec.net:microsoft-ds","SUCCESS","Length: 0"

19:11:00,5514916,"12fb7332920a7797c2d02df29b57c640.exe","1964","TCP Reconnect","prd-01:1038 -> 74.114.214.228:microsoft-ds","SUCCESS","Length: 0"

19:11:00,5515307,"12fb7332920a7797c2d02df29b57c640.exe","1964","TCP Reconnect","prd-01:1039 -> c83-252-118-187.bredband.comhem.se:microsoft-ds","SUCCESS","Length: 0"

19:11:00,5982958,"12fb7332920a7797c2d02df29b57c640.exe","1964","TCP Disconnect","prd-01:1037 -> softbank060064040174.bbtec.net:microsoft-ds","SUCCESS","Length: 0"

19:11:00,6091095,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 788"

19:11:00,6295425,"12fb7332920a7797c2d02df29b57c640.exe","1964","TCP Disconnect","prd-01:1038 -> 74.114.214.228:microsoft-ds","SUCCESS","Length: 0"

19:11:00,6607552,"12fb7332920a7797c2d02df29b57c640.exe","1964","TCP Reconnect","prd-01:1040 -> 241.sub-97-47-36.myvzw.com:microsoft-ds","SUCCESS","Length: 0"

19:11:00,6714876,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 1056"

19:11:00,6923103,"12fb7332920a7797c2d02df29b57c640.exe","1964","TCP Disconnect","prd-01:1039 -> c83-252-118-187.bredband.comhem.se:microsoft-ds","SUCCESS","Length: 0"

19:11:00,7338659,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 460"

19:11:00,7545573,"12fb7332920a7797c2d02df29b57c640.exe","1964","TCP Disconnect","prd-01:1040 -> 241.sub-97-47-36.myvzw.com:microsoft-ds","SUCCESS","Length: 0"

19:11:00,7701302,"12fb7332920a7797c2d02df29b57c640.exe","1964","TCP Reconnect","prd-01:1041 -> 106.185.195.201:microsoft-ds","SUCCESS","Length: 0"

19:11:00,7702157,"12fb7332920a7797c2d02df29b57c640.exe","1964","TCP Reconnect","prd-01:1042 -> 188.225.225.227:microsoft-ds","SUCCESS","Length: 0"

19:11:00,7964289,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 204"

19:11:00,8329525,"12fb7332920a7797c2d02df29b57c640.exe","1964","TCP Disconnect","prd-01:1041 -> 106.185.195.201:microsoft-ds","SUCCESS","Length: 0"

19:11:00,8591572,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 1112"

19:11:00,8952059,"12fb7332920a7797c2d02df29b57c640.exe","1964","TCP Disconnect","prd-01:1042 -> 188.225.225.227:microsoft-ds","SUCCESS","Length: 0"

19:11:00,9213783,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 1260"

19:11:00,9576951,"12fb7332920a7797c2d02df29b57c640.exe","1964","TCP Disconnect","prd-01:1043 -> papercut.lakemichigancollege.edu:microsoft-ds","SUCCESS","Length: 0"

19:11:00,9838627,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 1272"

19:11:01,0357931,"12fb7332920a7797c2d02df29b57c640.exe","1964","TCP Disconnect","prd-01:1044 -> 211.158.47.241:microsoft-ds","SUCCESS","Length: 0"

19:11:01,0466914,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 1340"

19:11:01,0982454,"12fb7332920a7797c2d02df29b57c640.exe","1964","TCP Reconnect","prd-01:1045 -> 34.159.61.46:microsoft-ds","SUCCESS","Length: 0"

19:11:01,0983915,"12fb7332920a7797c2d02df29b57c640.exe","1964","TCP Disconnect","prd-01:1045 -> 34.159.61.46:microsoft-ds","SUCCESS","Length: 0"

19:11:01,1091756,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 1320"

19:11:01,1607997,"12fb7332920a7797c2d02df29b57c640.exe","1964","TCP Disconnect","prd-01:1046 -> 44.42.93.133:microsoft-ds","SUCCESS","Length: 0"

19:11:01,1716103,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 996"

19:11:01,2339322,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 1324"

19:11:01,2965108,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 732"

19:11:01,3589747,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 1172"

19:11:01,4242846,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 1192"

19:11:01,4863869,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 1308"

19:11:01,5466323,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 168"

19:11:01,6096286,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 664"

19:11:01,6869722,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 848"

19:11:01,7495441,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 1404"

19:11:01,8119761,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 1420"

19:11:01,8745340,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 432"

19:11:01,9369923,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 1968"

19:11:01,9996410,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 488"

19:11:02,0619693,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 512"

19:11:02,1244814,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 1032"

19:11:02,1869964,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 924"

19:11:02,2495353,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 1708"

19:11:02,3120452,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 464"

19:11:02,3810643,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 388"

19:11:02,4370033,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 1484"

19:11:02,4995179,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 1840"

19:11:02,5620273,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 1652"

19:11:02,6244975,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 572"

19:11:02,6870124,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 172"

19:11:02,7495092,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 1372"

19:11:02,8120208,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 1392"

19:11:02,8746740,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 1296"

19:11:02,9370185,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 1292"

19:11:02,9994943,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 1236"

19:11:03,0637584,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 1460"

19:11:03,1245706,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 1228"

19:11:03,1870349,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 1516"

19:11:03,2497831,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 1500"

19:11:03,3120290,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 1368"

19:11:03,3783584,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 1688"

19:11:03,4370228,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 1664"

19:11:03,4995294,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 1316"

19:11:03,5620404,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 1440"

19:11:03,6245433,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 1800"

19:11:03,6870110,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 1816"

19:11:03,7496243,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 1820"

19:11:03,8120571,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 1824"

19:11:03,8748173,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 1828"

19:11:03,9370607,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 1832"

19:11:03,9995234,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 1836"

19:11:04,0620107,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 1844"

19:11:04,1245574,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 1444"

19:11:04,1872129,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 824"

19:11:04,2496946,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 1848"

19:11:04,3123235,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 700"

19:11:04,3745713,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 1108"

19:11:04,4370195,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 1728"

19:11:04,4995995,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 1232"

19:11:04,5621312,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 1716"

19:11:04,6245481,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 1476"

19:11:04,6870468,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 508"

19:11:04,7495760,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 1696"

19:11:04,8121314,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 1720"

19:11:04,8745863,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 1804"

19:11:04,9370459,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 1760"

19:11:04,9995723,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 1692"

19:11:05,0622579,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 1756"

19:11:05,1245577,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 1780"

19:11:05,1873034,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 1732"

19:11:05,2495848,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 1784"

19:11:05,3121383,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 1768"

19:11:05,3745741,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 1788"

19:11:05,4370857,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 1752"

19:11:05,4995914,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 1744"

19:11:05,5622100,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 1084"

19:11:05,6246129,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 1048"

19:11:05,6870594,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 220"

19:11:05,7496553,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 1280"

19:11:05,8121736,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 1348"

19:11:05,8745650,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 1876"

19:11:05,9370769,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 1868"

19:11:05,9995519,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 1872"

19:11:06,0621461,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 1880"

19:11:06,1245697,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 1884"

19:11:06,1870536,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 1936"

19:11:06,2495666,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 1856"

19:11:06,3121640,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 1860"

19:11:06,3745797,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 816"

19:11:06,4370094,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 1060"

19:11:06,4995660,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 1252"

19:11:06,5624086,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 1284"

19:11:06,6247026,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 1640"

19:11:06,6870817,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 1980"

19:11:06,7496154,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 1992"

19:11:06,8121722,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 1212"

19:11:06,8745734,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 1852"

19:11:06,9370744,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 880"

19:11:06,9997997,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 2052"

19:11:07,0632225,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 2056"

19:11:07,1247164,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 2060"

19:11:07,1871212,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 2064"

19:11:07,2495934,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 2068"

19:11:07,3122215,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 2072"

19:11:07,3745990,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 2076"

19:11:07,4370580,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 2080"

19:11:07,4995967,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 2084"

19:11:07,5623740,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 2088"

19:11:07,6249330,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 2092"

19:11:07,6872563,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 2096"

19:11:07,7499302,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 2100"

19:11:07,8125030,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 2104"

19:11:07,8748338,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 2108"

19:11:07,9371898,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 2112"

19:11:07,9997438,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 2116"

19:11:08,0623478,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 2120"

19:11:08,1247365,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 2124"

19:11:08,1872545,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 2128"

19:11:08,2499136,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 2132"

19:11:08,3125651,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 2136"

19:11:08,3747373,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 2140"

19:11:08,4372257,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 2144"

19:11:08,4997026,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 2148"

19:11:08,5623972,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 2152"

19:11:08,6247274,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 2156"

19:11:08,6872532,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 2160"

19:11:08,7497402,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 2164"

19:11:08,8123110,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 2168"

19:11:08,8749495,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 2172"

19:11:08,9372495,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 2176"

19:11:08,9997631,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 2180"

19:11:09,0623093,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 2184"

19:11:09,1247457,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 2188"

19:11:09,1872567,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 2192"

19:11:09,2497538,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 2196"

19:11:09,3122640,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 2200"

19:11:09,3747311,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 2204"

19:11:09,4372178,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 2208"

19:11:09,4998973,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 2212"

19:11:09,5623849,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 2216"

19:11:09,6247165,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 2220"

19:11:09,6871049,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 2224"

19:11:09,7498098,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 2228"

19:11:09,8123099,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 2232"

19:11:09,8748176,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 2236"

19:11:09,9372269,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 2240"

19:11:09,9997536,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 2244"

19:11:10,0623386,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 2248"

19:11:10,1249944,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 2252"

19:11:10,1873568,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 2256"

19:11:10,2497462,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 2260"

19:11:10,3124182,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 2264"

19:11:10,3747426,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 2268"

19:11:10,4372511,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 2272"

19:11:10,4997439,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 2276"

19:11:10,5624237,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 2280"

19:11:10,6247780,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 2284"

19:11:10,6873480,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 2288"

19:11:10,7500249,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 2292"

19:11:10,8126530,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 2296"

19:11:10,8748260,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 2300"

19:11:10,9372884,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 2304"

19:11:10,9997759,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 2308"

19:11:11,0623939,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 2312"

19:11:11,1248080,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 2316"

19:11:11,1872241,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 2320"

19:11:11,2496594,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 2324"

19:11:11,3123796,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 2328"

19:11:11,3748169,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 2332"

19:11:11,4371525,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 2336"

19:11:11,5000426,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 2340"

19:11:11,5622949,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 2344"

19:11:11,6246716,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 2348"

19:11:11,6871113,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 2352"

19:11:11,7495668,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 2356"

19:11:11,8144549,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 2360"

19:11:11,8745826,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 2364"

19:11:11,9370951,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 2368"

19:11:11,9997784,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 2372"

19:11:12,0622761,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 2376"

19:11:12,1246354,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 2380"

19:11:12,1871576,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 2384"

19:11:12,2496652,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 2388"

19:11:12,3121880,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 2392"

19:11:12,3746202,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 2396"

19:11:12,4387152,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 2400"

19:11:12,4997752,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 2404"

19:11:12,5624125,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 2408"

19:11:12,6247542,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 2412"

19:11:12,6870873,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 2416"

19:11:12,7496687,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 2420"

19:11:12,8122323,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 2424"

19:11:12,8748067,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 2428"

19:11:12,9371004,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 2432"

19:11:12,9997114,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 2436"

19:11:13,0623040,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 2440"

19:11:13,1246354,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 2444"

19:11:13,1871548,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 2448"

19:11:13,2496577,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 2452"

19:11:13,3122724,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 2456"

19:11:13,3746493,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 2460"

19:11:13,4373301,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 2464"

19:11:13,4998297,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Create","","SUCCESS","Thread ID: 2468"

19:12:30,5731189,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 236, User Time: 0.0000000, Kernel Time: 0.0000000"

19:12:30,5733178,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 1620, User Time: 0.0000000, Kernel Time: 0.0312500"

19:12:30,5734240,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 232, User Time: 0.0000000, Kernel Time: 0.0000000"

19:12:30,5753670,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 272, User Time: 0.0000000, Kernel Time: 0.0000000"

19:12:30,5772680,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 1952, User Time: 0.0000000, Kernel Time: 0.0000000"

19:12:30,5792686,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 308, User Time: 0.0000000, Kernel Time: 0.0000000"

19:12:30,5811370,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 764, User Time: 0.0000000, Kernel Time: 0.0000000"

19:12:30,5829777,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 968, User Time: 0.0000000, Kernel Time: 0.0000000"

19:12:30,5848257,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 424, User Time: 0.0000000, Kernel Time: 0.0000000"

19:12:30,5866815,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 588, User Time: 0.0000000, Kernel Time: 0.0000000"

19:12:30,5885340,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 584, User Time: 0.0000000, Kernel Time: 0.0000000"

19:12:30,5905474,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 1916, User Time: 0.0000000, Kernel Time: 0.0000000"

19:12:30,5926250,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 372, User Time: 0.0000000, Kernel Time: 0.0000000"

19:12:30,5946387,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 364, User Time: 0.0000000, Kernel Time: 0.0000000"

19:12:30,5965722,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 440, User Time: 0.0000000, Kernel Time: 0.0000000"

19:12:30,5984540,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 216, User Time: 0.0000000, Kernel Time: 0.0000000"

19:12:30,6003201,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 800, User Time: 0.0000000, Kernel Time: 0.0156250"

19:12:30,6021877,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 128, User Time: 0.0000000, Kernel Time: 0.0000000"

19:12:30,6040390,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 688, User Time: 0.0000000, Kernel Time: 0.0000000"

19:12:30,6059491,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 1896, User Time: 0.0000000, Kernel Time: 0.0000000"

19:12:30,6077948,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 1900, User Time: 0.0000000, Kernel Time: 0.0000000"

19:12:30,6097174,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 1912, User Time: 0.0000000, Kernel Time: 0.0000000"

19:12:30,6114805,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 1904, User Time: 0.0000000, Kernel Time: 0.0000000"

19:12:30,6132519,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 1892, User Time: 0.0000000, Kernel Time: 0.0000000"

19:12:30,6149918,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 1888, User Time: 0.0000000, Kernel Time: 0.0156250"

19:12:30,6167362,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 1120, User Time: 0.0000000, Kernel Time: 0.0000000"

19:12:30,6184772,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 1608, User Time: 0.0000000, Kernel Time: 0.0000000"

19:12:30,6203791,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 1724, User Time: 0.0000000, Kernel Time: 0.0156250"

19:12:30,6222330,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 204, User Time: 0.0000000, Kernel Time: 0.0312500"

19:12:30,6240866,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 1112, User Time: 0.0000000, Kernel Time: 0.0000000"

19:12:30,6259583,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 1260, User Time: 0.0000000, Kernel Time: 0.0000000"

19:12:30,6278055,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 1272, User Time: 0.0000000, Kernel Time: 0.0000000"

19:12:30,6297828,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 1340, User Time: 0.0000000, Kernel Time: 0.0000000"

19:12:30,6317493,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 996, User Time: 0.0000000, Kernel Time: 0.0000000"

19:12:30,6335975,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 1324, User Time: 0.0000000, Kernel Time: 0.0000000"

19:12:30,6354436,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 732, User Time: 0.0000000, Kernel Time: 0.0000000"

19:12:30,6372768,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 1172, User Time: 0.0000000, Kernel Time: 0.0000000"

19:12:30,6391379,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 1192, User Time: 0.0000000, Kernel Time: 0.0000000"

19:12:30,6410180,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 168, User Time: 0.0000000, Kernel Time: 0.0000000"

19:12:30,6428672,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 1404, User Time: 0.0000000, Kernel Time: 0.0000000"

19:12:30,6447196,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 1420, User Time: 0.0000000, Kernel Time: 0.0156250"

19:12:30,6465646,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 1968, User Time: 0.0000000, Kernel Time: 0.0000000"

19:12:30,6484201,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 488, User Time: 0.0000000, Kernel Time: 0.0000000"

19:12:30,6502793,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 512, User Time: 0.0000000, Kernel Time: 0.0000000"

19:12:30,6521206,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 1032, User Time: 0.0000000, Kernel Time: 0.0000000"

19:12:30,6539350,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 924, User Time: 0.0000000, Kernel Time: 0.0000000"

19:12:30,6563303,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 464, User Time: 0.0000000, Kernel Time: 0.0000000"

19:12:30,6601543,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 388, User Time: 0.0000000, Kernel Time: 0.0000000"

19:12:30,6635771,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 1652, User Time: 0.0000000, Kernel Time: 0.0000000"

19:12:30,6659511,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 1372, User Time: 0.0000000, Kernel Time: 0.0000000"

19:12:30,6684310,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 1392, User Time: 0.0000000, Kernel Time: 0.0000000"

19:12:30,6701575,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 1516, User Time: 0.0000000, Kernel Time: 0.0000000"

19:12:30,6719496,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 1500, User Time: 0.0000000, Kernel Time: 0.0000000"

19:12:30,6736507,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 1368, User Time: 0.0000000, Kernel Time: 0.0000000"

19:12:30,6753654,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 1688, User Time: 0.0000000, Kernel Time: 0.0000000"

19:12:30,6770615,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 1440, User Time: 0.0000000, Kernel Time: 0.0000000"

19:12:30,6787681,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 1800, User Time: 0.0000000, Kernel Time: 0.0000000"

19:12:30,6805004,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 1816, User Time: 0.0000000, Kernel Time: 0.0000000"

19:12:30,6822029,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 1820, User Time: 0.0000000, Kernel Time: 0.0000000"

19:12:30,6838925,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 1824, User Time: 0.0000000, Kernel Time: 0.0000000"

19:12:30,6855896,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 1844, User Time: 0.0000000, Kernel Time: 0.0156250"

19:12:30,6874996,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 1848, User Time: 0.0000000, Kernel Time: 0.0000000"

19:12:30,6892200,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 700, User Time: 0.0000000, Kernel Time: 0.0000000"

19:12:30,6909230,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 1728, User Time: 0.0000000, Kernel Time: 0.0000000"

19:12:30,6926199,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 1232, User Time: 0.0000000, Kernel Time: 0.0000000"

19:12:30,6943170,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 1716, User Time: 0.0000000, Kernel Time: 0.0000000"

19:12:30,6960097,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 1476, User Time: 0.0000000, Kernel Time: 0.0000000"

19:12:30,6977183,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 508, User Time: 0.0000000, Kernel Time: 0.0156250"

19:12:30,6994291,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 1804, User Time: 0.0000000, Kernel Time: 0.0000000"

19:12:30,7011274,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 1784, User Time: 0.0000000, Kernel Time: 0.0000000"

19:12:30,7032779,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 1768, User Time: 0.0000000, Kernel Time: 0.0000000"

19:12:30,7049770,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 1752, User Time: 0.0000000, Kernel Time: 0.0000000"

19:12:30,7067932,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 1048, User Time: 0.0000000, Kernel Time: 0.0000000"

19:12:30,7085177,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 220, User Time: 0.0000000, Kernel Time: 0.0000000"

19:12:30,7102201,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 1348, User Time: 0.0000000, Kernel Time: 0.0000000"

19:12:30,7119206,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 1876, User Time: 0.0000000, Kernel Time: 0.0156250"

19:12:30,7136108,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 1872, User Time: 0.0000000, Kernel Time: 0.0000000"

19:12:30,7152353,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 1880, User Time: 0.0000000, Kernel Time: 0.0000000"

19:12:30,7168411,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 1884, User Time: 0.0000000, Kernel Time: 0.0000000"

19:12:30,7186637,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 816, User Time: 0.0000000, Kernel Time: 0.0000000"

19:12:30,7202736,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 1252, User Time: 0.0000000, Kernel Time: 0.0000000"

19:12:30,7218677,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 1640, User Time: 0.0000000, Kernel Time: 0.0000000"

19:12:30,7234704,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 1212, User Time: 0.0000000, Kernel Time: 0.0000000"

19:12:30,7250734,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 880, User Time: 0.0000000, Kernel Time: 0.0000000"

19:12:30,7266826,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 2052, User Time: 0.0000000, Kernel Time: 0.0000000"

19:12:30,7282850,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 2064, User Time: 0.0000000, Kernel Time: 0.0000000"

19:12:30,7298922,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 2088, User Time: 0.0000000, Kernel Time: 0.0000000"

19:12:30,7314952,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 2100, User Time: 0.0000000, Kernel Time: 0.0000000"

19:12:30,7331946,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 2112, User Time: 0.0000000, Kernel Time: 0.0000000"

19:12:30,7349845,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 2116, User Time: 0.0000000, Kernel Time: 0.0000000"

19:12:30,7365679,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 2120, User Time: 0.0000000, Kernel Time: 0.0000000"

19:12:30,7381681,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 2128, User Time: 0.0000000, Kernel Time: 0.0000000"

19:12:30,7397535,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 2144, User Time: 0.0000000, Kernel Time: 0.0000000"

19:12:30,7413828,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 2156, User Time: 0.0000000, Kernel Time: 0.0000000"

19:12:30,7429830,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 2160, User Time: 0.0000000, Kernel Time: 0.0000000"

19:12:30,7445907,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 2164, User Time: 0.0000000, Kernel Time: 0.0000000"

19:12:30,7461864,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 2172, User Time: 0.0000000, Kernel Time: 0.0000000"

19:12:30,7477785,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 2176, User Time: 0.0000000, Kernel Time: 0.0000000"

19:12:30,7494134,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 2180, User Time: 0.0000000, Kernel Time: 0.0156250"

19:12:30,7511815,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 2184, User Time: 0.0000000, Kernel Time: 0.0000000"

19:12:30,7527655,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 2196, User Time: 0.0000000, Kernel Time: 0.0000000"

19:12:30,7542782,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 2200, User Time: 0.0000000, Kernel Time: 0.0000000"

19:12:30,7557715,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 2204, User Time: 0.0000000, Kernel Time: 0.0156250"

19:12:30,7572644,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 2212, User Time: 0.0000000, Kernel Time: 0.0000000"

19:12:30,7587629,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 2224, User Time: 0.0000000, Kernel Time: 0.0000000"

19:12:30,7602664,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 2232, User Time: 0.0000000, Kernel Time: 0.0156250"

19:12:30,7617566,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 2236, User Time: 0.0000000, Kernel Time: 0.0000000"

19:12:30,7632562,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 2240, User Time: 0.0000000, Kernel Time: 0.0000000"

19:12:30,7648835,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 2248, User Time: 0.0000000, Kernel Time: 0.0000000"

19:12:30,7666080,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 2260, User Time: 0.0000000, Kernel Time: 0.0000000"

19:12:30,7681278,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 2264, User Time: 0.0000000, Kernel Time: 0.0000000"

19:12:30,7696134,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 2268, User Time: 0.0000000, Kernel Time: 0.0000000"

19:12:30,7711337,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 2272, User Time: 0.0000000, Kernel Time: 0.0156250"

19:12:30,7726152,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 2276, User Time: 0.0000000, Kernel Time: 0.0000000"

19:12:30,7741070,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 2292, User Time: 0.0000000, Kernel Time: 0.0156250"

19:12:30,7756058,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 2296, User Time: 0.0000000, Kernel Time: 0.0156250"

19:12:30,7771205,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 2304, User Time: 0.0000000, Kernel Time: 0.0000000"

19:12:30,7786068,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 2308, User Time: 0.0000000, Kernel Time: 0.0000000"

19:12:30,7801257,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 2316, User Time: 0.0000000, Kernel Time: 0.0000000"

19:12:30,7818290,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 2320, User Time: 0.0000000, Kernel Time: 0.0000000"

19:12:30,7833205,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 2328, User Time: 0.0000000, Kernel Time: 0.0000000"

19:12:30,7848187,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 2332, User Time: 0.0000000, Kernel Time: 0.0000000"

19:12:30,7863253,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 2360, User Time: 0.0000000, Kernel Time: 0.0156250"

19:12:30,7878155,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 2368, User Time: 0.0000000, Kernel Time: 0.0000000"

19:12:30,7893087,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 2372, User Time: 0.0000000, Kernel Time: 0.0156250"

19:12:30,7908195,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 2380, User Time: 0.0000000, Kernel Time: 0.0000000"

19:12:30,7924046,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 2384, User Time: 0.0000000, Kernel Time: 0.0000000"

19:12:30,7975083,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 2388, User Time: 0.0156250, Kernel Time: 0.0000000"

19:12:30,7990102,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 2396, User Time: 0.0000000, Kernel Time: 0.0000000"

19:12:30,8004187,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 2400, User Time: 0.0000000, Kernel Time: 0.0000000"

19:12:30,8018058,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 2408, User Time: 0.0000000, Kernel Time: 0.0000000"

19:12:30,8033705,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 2412, User Time: 0.0000000, Kernel Time: 0.0000000"

19:12:30,8048025,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 2416, User Time: 0.0000000, Kernel Time: 0.0000000"

19:12:30,8062949,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 2420, User Time: 0.0000000, Kernel Time: 0.0000000"

19:12:30,8076800,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 2424, User Time: 0.0000000, Kernel Time: 0.0000000"

19:12:30,8090665,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 2452, User Time: 0.0000000, Kernel Time: 0.0000000"

19:12:30,8104653,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 2456, User Time: 0.0000000, Kernel Time: 0.0000000"

19:12:30,8118624,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 2468, User Time: 0.0000000, Kernel Time: 0.0000000"

19:12:30,8140107,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 1320, User Time: 0.0000000, Kernel Time: 0.0156250"

19:12:30,8158322,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 568, User Time: 0.0000000, Kernel Time: 0.0156250"

19:12:30,8176360,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 2252, User Time: 0.0000000, Kernel Time: 0.0000000"

19:12:30,8191181,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 1664, User Time: 0.0000000, Kernel Time: 0.0000000"

19:12:30,8208110,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 1084, User Time: 0.0000000, Kernel Time: 0.0000000"

19:12:30,8225221,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 1236, User Time: 0.0000000, Kernel Time: 0.0156250"

19:12:30,8242564,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 1316, User Time: 0.0000000, Kernel Time: 0.0000000"

19:12:30,8259499,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 1328, User Time: 0.0000000, Kernel Time: 0.0000000"

19:12:30,8280033,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 2108, User Time: 0.0000000, Kernel Time: 0.0000000"

19:12:30,8295970,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 2256, User Time: 0.0000000, Kernel Time: 0.0000000"

19:12:30,8310972,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 2404, User Time: 0.0000000, Kernel Time: 0.0000000"

19:12:30,8325008,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 1336, User Time: 0.0000000, Kernel Time: 0.0000000"

19:12:30,8341837,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 2216, User Time: 0.0000000, Kernel Time: 0.0000000"

19:12:30,8356696,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 1868, User Time: 0.0000000, Kernel Time: 0.0000000"

19:12:30,8373707,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 2132, User Time: 0.0000000, Kernel Time: 0.0000000"

19:12:30,8389563,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 2280, User Time: 0.0000000, Kernel Time: 0.0000000"

19:12:30,8404529,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 1828, User Time: 0.0000000, Kernel Time: 0.0000000"

19:12:30,8424177,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 2428, User Time: 0.0000000, Kernel Time: 0.0000000"

19:12:30,8446693,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 536, User Time: 0.0000000, Kernel Time: 0.0000000"

19:12:30,8469663,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 2348, User Time: 0.0000000, Kernel Time: 0.0000000"

19:12:30,8491761,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 1760, User Time: 0.0000000, Kernel Time: 0.0000000"

19:12:30,8509414,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 1268, User Time: 0.0000000, Kernel Time: 0.0000000"

19:12:30,8527827,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 2192, User Time: 0.0156250, Kernel Time: 0.0000000"

19:12:30,8542912,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 2464, User Time: 0.0000000, Kernel Time: 0.0156250"

19:12:30,8556842,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 592, User Time: 0.0000000, Kernel Time: 0.0000000"

19:12:30,8574682,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 2068, User Time: 0.0000000, Kernel Time: 0.0000000"

19:12:30,8592955,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 788, User Time: 0.0000000, Kernel Time: 0.0000000"

19:12:30,8612078,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 572, User Time: 0.0000000, Kernel Time: 0.0000000"

19:12:30,8630292,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 2136, User Time: 0.0000000, Kernel Time: 0.0000000"

19:12:30,8646375,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 664, User Time: 0.0000000, Kernel Time: 0.0000000"

19:12:30,8664249,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 2284, User Time: 0.0000000, Kernel Time: 0.0000000"

19:12:30,8679058,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 2432, User Time: 0.0000000, Kernel Time: 0.0000000"

19:12:30,8692937,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 1856, User Time: 0.0000000, Kernel Time: 0.0000000"

19:12:30,8709319,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 1832, User Time: 0.0000000, Kernel Time: 0.0000000"

19:12:30,8726285,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 540, User Time: 0.0000000, Kernel Time: 0.0000000"

19:12:30,8747223,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 2104, User Time: 0.0000000, Kernel Time: 0.0156250"

19:12:30,8763030,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 172, User Time: 0.0000000, Kernel Time: 0.0000000"

19:12:30,8783027,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 2352, User Time: 0.0000000, Kernel Time: 0.0000000"

19:12:30,8798020,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 1692, User Time: 0.0000000, Kernel Time: 0.0000000"

19:12:30,8815168,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 2072, User Time: 0.0000000, Kernel Time: 0.0000000"

19:12:30,8830991,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 2220, User Time: 0.0000000, Kernel Time: 0.0000000"

19:12:30,8845979,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 1292, User Time: 0.0000000, Kernel Time: 0.0000000"

19:12:30,8862841,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 244, User Time: 0.0000000, Kernel Time: 0.0000000"

19:12:30,8883442,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 1948, User Time: 0.0000000, Kernel Time: 0.0000000"

19:12:30,8903659,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 2140, User Time: 0.0000000, Kernel Time: 0.0000000"

19:12:30,8919633,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 848, User Time: 0.0000000, Kernel Time: 0.0000000"

19:12:30,8937563,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 2288, User Time: 0.0000000, Kernel Time: 0.0000000"

19:12:30,8952442,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 2436, User Time: 0.0000000, Kernel Time: 0.0000000"

19:12:30,8966240,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 1860, User Time: 0.0000000, Kernel Time: 0.0000000"

19:12:30,8982510,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 1836, User Time: 0.0000000, Kernel Time: 0.0000000"

19:12:30,8999800,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 112, User Time: 0.0000000, Kernel Time: 0.0000000"

19:12:30,9017679,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 2356, User Time: 0.0000000, Kernel Time: 0.0000000"

19:12:30,9032466,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 1756, User Time: 0.0000000, Kernel Time: 0.0000000"

19:12:30,9049429,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 1056, User Time: 0.0000000, Kernel Time: 0.0000000"

19:12:30,9069851,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 2076, User Time: 0.0000000, Kernel Time: 0.0000000"

19:12:30,9085777,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 2376, User Time: 0.0000000, Kernel Time: 0.0000000"

19:12:30,9102964,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 1788, User Time: 0.0000000, Kernel Time: 0.0000000"

19:12:30,9119860,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 2096, User Time: 0.0000000, Kernel Time: 0.0000000"

19:12:30,9135778,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 2244, User Time: 0.0000000, Kernel Time: 0.0000000"

19:12:30,9150797,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 360, User Time: 0.0000000, Kernel Time: 0.0156250"

19:12:30,9168623,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 784, User Time: 0.0000000, Kernel Time: 0.0156250"

19:12:30,9187394,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 2312, User Time: 0.0000000, Kernel Time: 0.0000000"

19:12:30,9202521,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 2392, User Time: 0.0000000, Kernel Time: 0.0000000"

19:12:30,9220691,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 1108, User Time: 0.0000000, Kernel Time: 0.0000000"

19:12:30,9237964,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 2460, User Time: 0.0000000, Kernel Time: 0.0000000"

19:12:30,9251827,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 2344, User Time: 0.0000000, Kernel Time: 0.0156250"

19:12:30,9266658,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 1980, User Time: 0.0000000, Kernel Time: 0.0000000"

19:12:30,9282649,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 432, User Time: 0.0000000, Kernel Time: 0.0000000"

19:12:30,9300634,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 2300, User Time: 0.0000000, Kernel Time: 0.0000000"

19:12:30,9315695,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 1780, User Time: 0.0000000, Kernel Time: 0.0000000"

19:12:30,9332750,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 460, User Time: 0.0000000, Kernel Time: 0.0000000"

19:12:30,9350923,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 2080, User Time: 0.0000000, Kernel Time: 0.0000000"

19:12:30,9366922,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 2228, User Time: 0.0000000, Kernel Time: 0.0000000"

19:12:30,9384234,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 1460, User Time: 0.0000000, Kernel Time: 0.0000000"

19:12:30,9401225,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 1936, User Time: 0.0000000, Kernel Time: 0.0000000"

19:12:30,9418160,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 2148, User Time: 0.0000000, Kernel Time: 0.0000000"

19:12:30,9436467,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 2444, User Time: 0.0000000, Kernel Time: 0.0000000"

19:12:30,9450519,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 1444, User Time: 0.0000000, Kernel Time: 0.0000000"

19:12:30,9467494,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 576, User Time: 0.0000000, Kernel Time: 0.0000000"

19:12:30,9485409,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 1924, User Time: 0.0000000, Kernel Time: 0.0000000"

19:12:30,9502624,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 1060, User Time: 0.0000000, Kernel Time: 0.0000000"

19:12:30,9518481,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 1732, User Time: 0.0000000, Kernel Time: 0.0000000"

19:12:30,9537779,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 2084, User Time: 0.0000000, Kernel Time: 0.0000000"

19:12:30,9553725,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 1228, User Time: 0.0000000, Kernel Time: 0.0000000"

19:12:30,9570716,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 2364, User Time: 0.0000000, Kernel Time: 0.0000000"

19:12:30,9585520,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 2152, User Time: 0.0000000, Kernel Time: 0.0000000"

19:12:30,9604014,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 580, User Time: 0.0000000, Kernel Time: 0.0000000"

19:12:30,9621879,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 824, User Time: 0.0000000, Kernel Time: 0.0000000"

19:12:30,9638806,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 2448, User Time: 0.0000000, Kernel Time: 0.0000000"

19:12:30,9689156,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 188, User Time: 0.0000000, Kernel Time: 0.0156250"

19:12:30,9709804,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 2440, User Time: 0.0000000, Kernel Time: 0.0000000"

19:12:30,9723822,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 2124, User Time: 0.0000000, Kernel Time: 0.0000000"

19:12:30,9739799,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 2188, User Time: 0.0000000, Kernel Time: 0.0000000"

19:12:30,9755737,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 528, User Time: 0.0000000, Kernel Time: 0.0000000"

19:12:30,9774016,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 436, User Time: 0.0000000, Kernel Time: 0.0000000"

19:12:30,9792004,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 740, User Time: 0.0000000, Kernel Time: 0.0000000"

19:12:30,9810121,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 1280, User Time: 0.0000000, Kernel Time: 0.0000000"

19:12:30,9827268,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 1484, User Time: 0.0000000, Kernel Time: 0.0000000"

19:12:30,9847374,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 2336, User Time: 0.0000000, Kernel Time: 0.0000000"

19:12:30,9862460,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 1696, User Time: 0.0000000, Kernel Time: 0.0000000"

19:12:30,9879342,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 2056, User Time: 0.0000000, Kernel Time: 0.0000000"

19:12:30,9895151,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 1672, User Time: 0.0000000, Kernel Time: 0.0000000"

19:12:30,9913377,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 1744, User Time: 0.0000000, Kernel Time: 0.0000000"

19:12:30,9930170,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 1992, User Time: 0.0000000, Kernel Time: 0.0000000"

19:12:30,9948421,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 2168, User Time: 0.0000000, Kernel Time: 0.0000000"

19:12:30,9964660,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 1928, User Time: 0.0000000, Kernel Time: 0.0000000"

19:12:30,9982531,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 1296, User Time: 0.0000000, Kernel Time: 0.0156250"

19:12:31,0002282,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 2092, User Time: 0.0000000, Kernel Time: 0.0000000"

19:12:31,0018125,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 1908, User Time: 0.0000000, Kernel Time: 0.0156250"

19:12:31,0035949,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 1284, User Time: 0.0000000, Kernel Time: 0.0156250"

19:12:31,0052638,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 404, User Time: 0.0000000, Kernel Time: 0.0000000"

19:12:31,0070598,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 2340, User Time: 0.0000000, Kernel Time: 0.0000000"

19:12:31,0085614,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 2060, User Time: 0.0000000, Kernel Time: 0.0000000"

19:12:31,0103826,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 1720, User Time: 0.0000000, Kernel Time: 0.0000000"

19:12:31,0120708,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 1708, User Time: 0.0000000, Kernel Time: 0.0000000"

19:12:31,0140093,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 2324, User Time: 0.0000000, Kernel Time: 0.0000000"

19:12:31,0162546,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 1852, User Time: 0.0000000, Kernel Time: 0.0000000"

19:12:31,0179827,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 1308, User Time: 0.0000000, Kernel Time: 0.0000000"

19:12:31,0197765,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 2208, User Time: 0.0000000, Kernel Time: 0.0000000"

19:12:31,0215172,"12fb7332920a7797c2d02df29b57c640.exe","1964","Thread Exit","","SUCCESS","Thread ID: 1840, User Time: 0.0000000, Kernel Time: 0.0000000"

19:12:31,2338453,"12fb7332920a7797c2d02df29b57c640.exe","1964","Process Exit","","SUCCESS","Exit Status: 1, User Time: 0.0468750 seconds, Kernel Time: 0.5625000 seconds, Private Bytes: 4.636.672, Peak Private Bytes: 5.697.536, Working Set: 4.886.528, Peak Working Set: 5.943.296"

19:12:31,2340311,"12fb7332920a7797c2d02df29b57c640.exe","1964","CloseFile","C:\Dokumente und Einstellungen\brabetz\Desktop","SUCCESS",""

External References:

This Badboy seems to already had an audience:

http://g3nto.blogspot.de/2010/07/analysis-of-12fbc640.html

Kudos!

Disclaimer:

I dont have any malicious intent. I just study malware I collected in a public Honeypot and post my findings here. None of the malware analyzed here has been written by me nor did I take any part in the creation of the malware!

If you find information belonging to you in the outputs (email addresses, IP Addresses, FQDN’s, anything else) which you are uncomfortable with just contact me via email or post a comment and I will anonymize the Information in question!

If you are the Author of the Malware analyzed above I would kindle ask you not to pursue me in any way. If you can prove that you are the author (with source code for example) I will comply with any demands regarding pulling down parts of the analysis or the whole page.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s