nsuan/gist:182998

## gistfile1.txt
Found: 10431746 <13>Sep  8 10:08:20 home-off-d5f0ac cwsandbox::#1.2904: resContinue <= PID:2808,TID:2868,Caller:$00400000("10431746.exe"),BEFORE,typFileSystem."CreateFileA" - <create_open_file filetype="file" srcfile="C:\\WINDOWS\\system32\\3ca9bac5d9or2z22.cpl" creationdistribution="OPEN_ALWAYS" desiredaccess="FILE_ANY_ACCESS" shareaccess="FILE_SHARE_READ FILE_SHARE_WRITE" flags="FILE_ATTRIBUTE_NORMAL SECURITY_ANONYMOUS"/>
Found: 10431746 <13>Sep  8 10:08:20 home-off-d5f0ac cwsandbox::#1.2917: resContinue <= PID:2808,TID:2868,Caller:$00400000("10431746.exe"),BEFORE,typFileSystem."CreateFileA" - <create_open_file filetype="file" srcfile="C:\\WINDOWS\\system32\\69bdzackdoo529299.dll" creationdistribution="OPEN_ALWAYS" desiredaccess="FILE_ANY_ACCESS" shareaccess="FILE_SHARE_READ FILE_SHARE_WRITE" flags="FILE_ATTRIBUTE_NORMAL SECURITY_ANONYMOUS"/>
Found: 10431746 <13>Sep  8 10:08:20 home-off-d5f0ac cwsandbox::#1.2923: resContinue <= PID:2808,TID:2868,Caller:$00400000("10431746.exe"),BEFORE,typFileSystem."CreateFileA" - <create_open_file filetype="file" srcfile="C:\\WINDOWS\\system32\\27490s5ambz94e2.cpl" creationdistribution="OPEN_ALWAYS" desiredaccess="FILE_ANY_ACCESS" shareaccess="FILE_SHARE_READ FILE_SHARE_WRITE" flags="FILE_ATTRIBUTE_NORMAL SECURITY_ANONYMOUS"/>
Found: 10431746 <13>Sep  8 10:08:20 home-off-d5f0ac cwsandbox::#1.2935: resContinue <= PID:2808,TID:2868,Caller:$00400000("10431746.exe"),BEFORE,typFileSystem."CreateFileA" - <create_open_file filetype="file" srcfile="C:\\WINDOWS\\system32\\5df4virz598.bin" creationdistribution="OPEN_ALWAYS" desiredaccess="FILE_ANY_ACCESS" shareaccess="FILE_SHARE_READ FILE_SHARE_WRITE" flags="FILE_ATTRIBUTE_NORMAL SECURITY_ANONYMOUS"/>
Found: 10431746 <13>Sep  8 10:08:20 home-off-d5f0ac cwsandbox::#1.2953: resContinue <= PID:2808,TID:2868,Caller:$00400000("10431746.exe"),BEFORE,typFileSystem."CreateFileA" - <create_open_file filetype="file" srcfile="C:\\WINDOWS\\system32\\6887vi5105z9.bin" creationdistribution="OPEN_ALWAYS" desiredaccess="FILE_ANY_ACCESS" shareaccess="FILE_SHARE_READ FILE_SHARE_WRITE" flags="FILE_ATTRIBUTE_NORMAL SECURITY_ANONYMOUS"/>
Found: 10431746 <13>Sep  8 10:08:20 home-off-d5f0ac cwsandbox::#1.2960: resContinue <= PID:2808,TID:2868,Caller:$00400000("10431746.exe"),BEFORE,typFileSystem."CreateFileA" - <create_open_file filetype="file" srcfile="C:\\WINDOWS\\system32\\5519vir3z1.ocx" creationdistribution="OPEN_ALWAYS" desiredaccess="FILE_ANY_ACCESS" shareaccess="FILE_SHARE_READ FILE_SHARE_WRITE" flags="FILE_ATTRIBUTE_NORMAL SECURITY_ANONYMOUS"/>
Found: 10431746 <13>Sep  8 10:08:20 home-off-d5f0ac cwsandbox::#1.2972: resContinue <= PID:2808,TID:2868,Caller:$00400000("10431746.exe"),BEFORE,typFileSystem."CreateFileA" - <create_open_file filetype="file" srcfile="C:\\WINDOWS\\system32\\65259zy509.ocx" creationdistribution="OPEN_ALWAYS" desiredaccess="FILE_ANY_ACCESS" shareaccess="FILE_SHARE_READ FILE_SHARE_WRITE" flags="FILE_ATTRIBUTE_NORMAL SECURITY_ANONYMOUS"/>
Found: 10431746 <13>Sep  8 10:08:20 home-off-d5f0ac cwsandbox::#1.2978: resContinue <= PID:2808,TID:2868,Caller:$00400000("10431746.exe"),BEFORE,typFileSystem."CreateFileA" - <create_open_file filetype="file" srcfile="C:\\WINDOWS\\system32\\23599worm6zc.ocx" creationdistribution="OPEN_ALWAYS" desiredaccess="FILE_ANY_ACCESS" shareaccess="FILE_SHARE_READ FILE_SHARE_WRITE" flags="FILE_ATTRIBUTE_NORMAL SECURITY_ANONYMOUS"/>
Found: 10431746 <13>Sep  8 10:08:21 home-off-d5f0ac cwsandbox::#1.3043: resContinue <= PID:2808,TID:2868,Caller:$00400000("10431746.exe"),BEFORE,typFileSystem."CreateFileA" - <create_open_file filetype="file" srcfile="C:\\WINDOWS\\system32\\5c49addwarz5169.ocx" creationdistribution="OPEN_ALWAYS" desiredaccess="FILE_ANY_ACCESS" shareaccess="FILE_SHARE_READ FILE_SHARE_WRITE" flags="FILE_ATTRIBUTE_NORMAL SECURITY_ANONYMOUS"/>
Found: 10431746 <13>Sep  8 10:08:21 home-off-d5f0ac cwsandbox::#1.3055: resContinue <= PID:2808,TID:2868,Caller:$00400000("10431746.exe"),BEFORE,typFileSystem."CreateFileA" - <create_open_file filetype="file" srcfile="C:\\WINDOWS\\system32\\22415worm689z.cpl" creationdistribution="OPEN_ALWAYS" desiredaccess="FILE_ANY_ACCESS" shareaccess="FILE_SHARE_READ FILE_SHARE_WRITE" flags="FILE_ATTRIBUTE_NORMAL SECURITY_ANONYMOUS"/>
Found: 10431746 <13>Sep  8 10:08:21 home-off-d5f0ac cwsandbox::#1.3062: resContinue <= PID:2808,TID:2868,Caller:$00400000("10431746.exe"),BEFORE,typFileSystem."CreateFileA" - <create_open_file filetype="file" srcfile="C:\\WINDOWS\\system32\\5861steal2598z.exe" creationdistribution="OPEN_ALWAYS" desiredaccess="FILE_ANY_ACCESS" shareaccess="FILE_SHARE_READ FILE_SHARE_WRITE" flags="FILE_ATTRIBUTE_NORMAL SECURITY_ANONYMOUS"/>
Found: 10431746 <13>Sep  8 10:08:21 home-off-d5f0ac cwsandbox::#1.3076: resContinue <= PID:2808,TID:2868,Caller:$00400000("10431746.exe"),BEFORE,typFileSystem."CreateFileA" - <create_open_file filetype="file" srcfile="C:\\WINDOWS\\system32\\1b95dowzl95der3067.dll" creationdistribution="OPEN_ALWAYS" desiredaccess="FILE_ANY_ACCESS" shareaccess="FILE_SHARE_READ FILE_SHARE_WRITE" flags="FILE_ATTRIBUTE_NORMAL SECURITY_ANONYMOUS"/>
Found: 10431746 <13>Sep  8 10:08:22 home-off-d5f0ac cwsandbox::#1.3096: resContinue <= PID:2808,TID:2868,Caller:$00400000("10431746.exe"),BEFORE,typFileSystem."CreateFileA" - <create_open_file filetype="file" srcfile="C:\\WINDOWS\\system32\\54f3t59eat31z98.exe" creationdistribution="OPEN_ALWAYS" desiredaccess="FILE_ANY_ACCESS" shareaccess="FILE_SHARE_READ FILE_SHARE_WRITE" flags="FILE_ATTRIBUTE_NORMAL SECURITY_ANONYMOUS"/>
Found: 10431746 <13>Sep  8 10:08:22 home-off-d5f0ac cwsandbox::#1.3114: resContinue <= PID:2808,TID:2868,Caller:$00400000("10431746.exe"),BEFORE,typFileSystem."CreateFileA" - <create_open_file filetype="file" srcfile="C:\\WINDOWS\\system32\\27265troj196z.dll" creationdistribution="OPEN_ALWAYS" desiredaccess="FILE_ANY_ACCESS" shareaccess="FILE_SHARE_READ FILE_SHARE_WRITE" flags="FILE_ATTRIBUTE_NORMAL SECURITY_ANONYMOUS"/>
Found: 10431746 <13>Sep  8 10:08:22 home-off-d5f0ac cwsandbox::#1.3139: resContinue <= PID:2808,TID:2868,Caller:$00400000("10431746.exe"),BEFORE,typFileSystem."CreateFileA" - <create_open_file filetype="file" srcfile="C:\\WINDOWS\\system32\\7985vizus1355.ocx" creationdistribution="OPEN_ALWAYS" desiredaccess="FILE_ANY_ACCESS" shareaccess="FILE_SHARE_READ FILE_SHARE_WRITE" flags="FILE_ATTRIBUTE_NORMAL SECURITY_ANONYMOUS"/>
Found: 10431746 <13>Sep  8 10:08:22 home-off-d5f0ac cwsandbox::#1.3151: resContinue <= PID:2808,TID:2868,Caller:$00400000("10431746.exe"),BEFORE,typFileSystem."CreateFileA" - <create_open_file filetype="file" srcfile="C:\\WINDOWS\\system32\\48b15pywarz11809.dll" creationdistribution="OPEN_ALWAYS" desiredaccess="FILE_ANY_ACCESS" shareaccess="FILE_SHARE_READ FILE_SHARE_WRITE" flags="FILE_ATTRIBUTE_NORMAL SECURITY_ANONYMOUS"/>
Found: 10431746 <13>Sep  8 10:08:22 home-off-d5f0ac cwsandbox::#1.3164: resContinue <= PID:2808,TID:2868,Caller:$00400000("10431746.exe"),BEFORE,typFileSystem."CreateFileA" - <create_open_file filetype="file" srcfile="C:\\WINDOWS\\system32\\2df5s5ywa9e80z.cpl" creationdistribution="OPEN_ALWAYS" desiredaccess="FILE_ANY_ACCESS" shareaccess="FILE_SHARE_READ FILE_SHARE_WRITE" flags="FILE_ATTRIBUTE_NORMAL SECURITY_ANONYMOUS"/>
Found: 10431746 <13>Sep  8 10:08:22 home-off-d5f0ac cwsandbox::#1.3176: resContinue <= PID:2808,TID:2868,Caller:$00400000("10431746.exe"),BEFORE,typFileSystem."CreateFileA" - <create_open_file filetype="file" srcfile="C:\\WINDOWS\\system32\\936cazdware53.cpl" creationdistribution="OPEN_ALWAYS" desiredaccess="FILE_ANY_ACCESS" shareaccess="FILE_SHARE_READ FILE_SHARE_WRITE" flags="FILE_ATTRIBUTE_NORMAL SECURITY_ANONYMOUS"/>
Found: 10431746 <13>Sep  8 10:08:22 home-off-d5f0ac cwsandbox::#1.3182: resContinue <= PID:2808,TID:2868,Caller:$00400000("10431746.exe"),BEFORE,typFileSystem."CreateFileA" - <create_open_file filetype="file" srcfile="C:\\WINDOWS\\system32\\19984zp94155.ocx" creationdistribution="OPEN_ALWAYS" desiredaccess="FILE_ANY_ACCESS" shareaccess="FILE_SHARE_READ FILE_SHARE_WRITE" flags="FILE_ATTRIBUTE_NORMAL SECURITY_ANONYMOUS"/>
Found: 10431746 <13>Sep  8 10:08:22 home-off-d5f0ac cwsandbox::#1.3188: resContinue <= PID:2808,TID:2868,Caller:$00400000("10431746.exe"),BEFORE,typFileSystem."CreateFileA" - <create_open_file filetype="file" srcfile="C:\\WINDOWS\\system32\\42z5arse999.ocx" creationdistribution="OPEN_ALWAYS" desiredaccess="FILE_ANY_ACCESS" shareaccess="FILE_SHARE_READ FILE_SHARE_WRITE" flags="FILE_ATTRIBUTE_NORMAL SECURITY_ANONYMOUS"/>
Found: 10431746 <13>Sep  8 10:08:22 home-off-d5f0ac cwsandbox::#1.3194: resContinue <= PID:2808,TID:2868,Caller:$00400000("10431746.exe"),BEFORE,typFileSystem."CreateFileA" - <create_open_file filetype="file" srcfile="C:\\WINDOWS\\system32\\2901z5roj57f.cpl" creationdistribution="OPEN_ALWAYS" desiredaccess="FILE_ANY_ACCESS" shareaccess="FILE_SHARE_READ FILE_SHARE_WRITE" flags="FILE_ATTRIBUTE_NORMAL SECURITY_ANONYMOUS"/>
Found: 10431746 <13>Sep  8 10:08:22 home-off-d5f0ac cwsandbox::#1.3213: resContinue <= PID:2808,TID:2868,Caller:$00400000("10431746.exe"),BEFORE,typFileSystem."CreateFileA" - <create_open_file filetype="file" srcfile="C:\\WINDOWS\\system32\\66abbazkd95r1941.ocx" creationdistribution="OPEN_ALWAYS" desiredaccess="FILE_ANY_ACCESS" shareaccess="FILE_SHARE_READ FILE_SHARE_WRITE" flags="FILE_ATTRIBUTE_NORMAL SECURITY_ANONYMOUS"/>


Found: 10431746 <13>Sep  8 10:08:28 home-off-d5f0ac cwsandbox::#1.4999: resContinue <= PID:2808,TID:2868,Caller:$00400000("10431746.exe"),BEFORE,typFileSystem."CreateFileA" - <create_open_file filetype="file" srcfile="C:\\WINDOWS\\system32\\2c6dthie51292z.dll" creationdistribution="OPEN_ALWAYS" desiredaccess="FILE_ANY_ACCESS" shareaccess="FILE_SHARE_READ FILE_SHARE_WRITE" flags="FILE_ATTRIBUTE_NORMAL SECURITY_ANONYMOUS"/>
Found: 10431746 <13>Sep  8 10:08:28 home-off-d5f0ac cwsandbox::#1.5005: resContinue <= PID:2808,TID:2868,Caller:$00400000("10431746.exe"),BEFORE,typFileSystem."CreateFileA" - <create_open_file filetype="file" srcfile="C:\\WINDOWS\\system32\\41f0do9zload5r22.exe" creationdistribution="OPEN_ALWAYS" desiredaccess="FILE_ANY_ACCESS" shareaccess="FILE_SHARE_READ FILE_SHARE_WRITE" flags="FILE_ATTRIBUTE_NORMAL SECURITY_ANONYMOUS"/>
Found: 10431746 <13>Sep  8 10:08:28 home-off-d5f0ac cwsandbox::#1.5030: resContinue <= PID:2808,TID:2868,Caller:$00400000("10431746.exe"),BEFORE,typFileSystem."CreateFileA" - <create_open_file filetype="file" srcfile="C:\\WINDOWS\\system32\\4z709ot-a-vir5s5ca.exe" creationdistribution="OPEN_ALWAYS" desiredaccess="FILE_ANY_ACCESS" shareaccess="FILE_SHARE_READ FILE_SHARE_WRITE" flags="FILE_ATTRIBUTE_NORMAL SECURITY_ANONYMOUS"/>
Found: 10431746 <13>Sep  8 10:08:28 home-off-d5f0ac cwsandbox::#1.5067: resContinue <= PID:2808,TID:2868,Caller:$00400000("10431746.exe"),BEFORE,typFileSystem."CreateFileA" - <create_open_file filetype="file" srcfile="C:\\WINDOWS\\system32\\596backdooz296.cpl" creationdistribution="OPEN_ALWAYS" desiredaccess="FILE_ANY_ACCESS" shareaccess="FILE_SHARE_READ FILE_SHARE_WRITE" flags="FILE_ATTRIBUTE_NORMAL SECURITY_ANONYMOUS"/>
Found: 10431746 <13>Sep  8 10:08:29 home-off-d5f0ac cwsandbox::#1.5110: resContinue <= PID:2808,TID:2868,Caller:$00400000("10431746.exe"),BEFORE,typFileSystem."CreateFileA" - <create_open_file filetype="file" srcfile="C:\\WINDOWS\\system32\\20595spy595z.exe" creationdistribution="OPEN_ALWAYS" desiredaccess="FILE_ANY_ACCESS" shareaccess="FILE_SHARE_READ FILE_SHARE_WRITE" flags="FILE_ATTRIBUTE_NORMAL SECURITY_ANONYMOUS"/>
Found: 10431746 <13>Sep  8 10:08:29 home-off-d5f0ac cwsandbox::#1.5122: resContinue <= PID:2808,TID:2868,Caller:$00400000("10431746.exe"),BEFORE,typFileSystem."CreateFileA" - <create_open_file filetype="file" srcfile="C:\\WINDOWS\\system32\\28796v5ruz5fd.exe" creationdistribution="OPEN_ALWAYS" desiredaccess="FILE_ANY_ACCESS" shareaccess="FILE_SHARE_READ FILE_SHARE_WRITE" flags="FILE_ATTRIBUTE_NORMAL SECURITY_ANONYMOUS"/>
Found: 10431746 <13>Sep  8 10:08:29 home-off-d5f0ac cwsandbox::#1.5135: resContinue <= PID:2808,TID:2868,Caller:$00400000("10431746.exe"),BEFORE,typFileSystem."CreateFileA" - <create_open_file filetype="file"
srcfile="C:\\WINDOWS\\system32\%
	Found: 10431746 <13>Sep 8 10:08:20 home-off-d5f0ac cwsandbox::#1.2904: resContinue <= PID:2808,TID:2868,Caller:$00400000("10431746.exe"),BEFORE,typFileSystem."CreateFileA" - <create_open_file filetype="file" srcfile="C:\\WINDOWS\\system32\\3ca9bac5d9or2z22.cpl" creationdistribution="OPEN_ALWAYS" desiredaccess="FILE_ANY_ACCESS" shareaccess="FILE_SHARE_READ FILE_SHARE_WRITE" flags="FILE_ATTRIBUTE_NORMAL SECURITY_ANONYMOUS"/>
	Found: 10431746 <13>Sep 8 10:08:20 home-off-d5f0ac cwsandbox::#1.2917: resContinue <= PID:2808,TID:2868,Caller:$00400000("10431746.exe"),BEFORE,typFileSystem."CreateFileA" - <create_open_file filetype="file" srcfile="C:\\WINDOWS\\system32\\69bdzackdoo529299.dll" creationdistribution="OPEN_ALWAYS" desiredaccess="FILE_ANY_ACCESS" shareaccess="FILE_SHARE_READ FILE_SHARE_WRITE" flags="FILE_ATTRIBUTE_NORMAL SECURITY_ANONYMOUS"/>
	Found: 10431746 <13>Sep 8 10:08:20 home-off-d5f0ac cwsandbox::#1.2923: resContinue <= PID:2808,TID:2868,Caller:$00400000("10431746.exe"),BEFORE,typFileSystem."CreateFileA" - <create_open_file filetype="file" srcfile="C:\\WINDOWS\\system32\\27490s5ambz94e2.cpl" creationdistribution="OPEN_ALWAYS" desiredaccess="FILE_ANY_ACCESS" shareaccess="FILE_SHARE_READ FILE_SHARE_WRITE" flags="FILE_ATTRIBUTE_NORMAL SECURITY_ANONYMOUS"/>
	Found: 10431746 <13>Sep 8 10:08:20 home-off-d5f0ac cwsandbox::#1.2935: resContinue <= PID:2808,TID:2868,Caller:$00400000("10431746.exe"),BEFORE,typFileSystem."CreateFileA" - <create_open_file filetype="file" srcfile="C:\\WINDOWS\\system32\\5df4virz598.bin" creationdistribution="OPEN_ALWAYS" desiredaccess="FILE_ANY_ACCESS" shareaccess="FILE_SHARE_READ FILE_SHARE_WRITE" flags="FILE_ATTRIBUTE_NORMAL SECURITY_ANONYMOUS"/>
	Found: 10431746 <13>Sep 8 10:08:20 home-off-d5f0ac cwsandbox::#1.2953: resContinue <= PID:2808,TID:2868,Caller:$00400000("10431746.exe"),BEFORE,typFileSystem."CreateFileA" - <create_open_file filetype="file" srcfile="C:\\WINDOWS\\system32\\6887vi5105z9.bin" creationdistribution="OPEN_ALWAYS" desiredaccess="FILE_ANY_ACCESS" shareaccess="FILE_SHARE_READ FILE_SHARE_WRITE" flags="FILE_ATTRIBUTE_NORMAL SECURITY_ANONYMOUS"/>
	Found: 10431746 <13>Sep 8 10:08:20 home-off-d5f0ac cwsandbox::#1.2960: resContinue <= PID:2808,TID:2868,Caller:$00400000("10431746.exe"),BEFORE,typFileSystem."CreateFileA" - <create_open_file filetype="file" srcfile="C:\\WINDOWS\\system32\\5519vir3z1.ocx" creationdistribution="OPEN_ALWAYS" desiredaccess="FILE_ANY_ACCESS" shareaccess="FILE_SHARE_READ FILE_SHARE_WRITE" flags="FILE_ATTRIBUTE_NORMAL SECURITY_ANONYMOUS"/>
	Found: 10431746 <13>Sep 8 10:08:20 home-off-d5f0ac cwsandbox::#1.2972: resContinue <= PID:2808,TID:2868,Caller:$00400000("10431746.exe"),BEFORE,typFileSystem."CreateFileA" - <create_open_file filetype="file" srcfile="C:\\WINDOWS\\system32\\65259zy509.ocx" creationdistribution="OPEN_ALWAYS" desiredaccess="FILE_ANY_ACCESS" shareaccess="FILE_SHARE_READ FILE_SHARE_WRITE" flags="FILE_ATTRIBUTE_NORMAL SECURITY_ANONYMOUS"/>
	Found: 10431746 <13>Sep 8 10:08:20 home-off-d5f0ac cwsandbox::#1.2978: resContinue <= PID:2808,TID:2868,Caller:$00400000("10431746.exe"),BEFORE,typFileSystem."CreateFileA" - <create_open_file filetype="file" srcfile="C:\\WINDOWS\\system32\\23599worm6zc.ocx" creationdistribution="OPEN_ALWAYS" desiredaccess="FILE_ANY_ACCESS" shareaccess="FILE_SHARE_READ FILE_SHARE_WRITE" flags="FILE_ATTRIBUTE_NORMAL SECURITY_ANONYMOUS"/>
	Found: 10431746 <13>Sep 8 10:08:21 home-off-d5f0ac cwsandbox::#1.3043: resContinue <= PID:2808,TID:2868,Caller:$00400000("10431746.exe"),BEFORE,typFileSystem."CreateFileA" - <create_open_file filetype="file" srcfile="C:\\WINDOWS\\system32\\5c49addwarz5169.ocx" creationdistribution="OPEN_ALWAYS" desiredaccess="FILE_ANY_ACCESS" shareaccess="FILE_SHARE_READ FILE_SHARE_WRITE" flags="FILE_ATTRIBUTE_NORMAL SECURITY_ANONYMOUS"/>
	Found: 10431746 <13>Sep 8 10:08:21 home-off-d5f0ac cwsandbox::#1.3055: resContinue <= PID:2808,TID:2868,Caller:$00400000("10431746.exe"),BEFORE,typFileSystem."CreateFileA" - <create_open_file filetype="file" srcfile="C:\\WINDOWS\\system32\\22415worm689z.cpl" creationdistribution="OPEN_ALWAYS" desiredaccess="FILE_ANY_ACCESS" shareaccess="FILE_SHARE_READ FILE_SHARE_WRITE" flags="FILE_ATTRIBUTE_NORMAL SECURITY_ANONYMOUS"/>
	Found: 10431746 <13>Sep 8 10:08:21 home-off-d5f0ac cwsandbox::#1.3062: resContinue <= PID:2808,TID:2868,Caller:$00400000("10431746.exe"),BEFORE,typFileSystem."CreateFileA" - <create_open_file filetype="file" srcfile="C:\\WINDOWS\\system32\\5861steal2598z.exe" creationdistribution="OPEN_ALWAYS" desiredaccess="FILE_ANY_ACCESS" shareaccess="FILE_SHARE_READ FILE_SHARE_WRITE" flags="FILE_ATTRIBUTE_NORMAL SECURITY_ANONYMOUS"/>
	Found: 10431746 <13>Sep 8 10:08:21 home-off-d5f0ac cwsandbox::#1.3076: resContinue <= PID:2808,TID:2868,Caller:$00400000("10431746.exe"),BEFORE,typFileSystem."CreateFileA" - <create_open_file filetype="file" srcfile="C:\\WINDOWS\\system32\\1b95dowzl95der3067.dll" creationdistribution="OPEN_ALWAYS" desiredaccess="FILE_ANY_ACCESS" shareaccess="FILE_SHARE_READ FILE_SHARE_WRITE" flags="FILE_ATTRIBUTE_NORMAL SECURITY_ANONYMOUS"/>
	Found: 10431746 <13>Sep 8 10:08:22 home-off-d5f0ac cwsandbox::#1.3096: resContinue <= PID:2808,TID:2868,Caller:$00400000("10431746.exe"),BEFORE,typFileSystem."CreateFileA" - <create_open_file filetype="file" srcfile="C:\\WINDOWS\\system32\\54f3t59eat31z98.exe" creationdistribution="OPEN_ALWAYS" desiredaccess="FILE_ANY_ACCESS" shareaccess="FILE_SHARE_READ FILE_SHARE_WRITE" flags="FILE_ATTRIBUTE_NORMAL SECURITY_ANONYMOUS"/>
	Found: 10431746 <13>Sep 8 10:08:22 home-off-d5f0ac cwsandbox::#1.3114: resContinue <= PID:2808,TID:2868,Caller:$00400000("10431746.exe"),BEFORE,typFileSystem."CreateFileA" - <create_open_file filetype="file" srcfile="C:\\WINDOWS\\system32\\27265troj196z.dll" creationdistribution="OPEN_ALWAYS" desiredaccess="FILE_ANY_ACCESS" shareaccess="FILE_SHARE_READ FILE_SHARE_WRITE" flags="FILE_ATTRIBUTE_NORMAL SECURITY_ANONYMOUS"/>
	Found: 10431746 <13>Sep 8 10:08:22 home-off-d5f0ac cwsandbox::#1.3139: resContinue <= PID:2808,TID:2868,Caller:$00400000("10431746.exe"),BEFORE,typFileSystem."CreateFileA" - <create_open_file filetype="file" srcfile="C:\\WINDOWS\\system32\\7985vizus1355.ocx" creationdistribution="OPEN_ALWAYS" desiredaccess="FILE_ANY_ACCESS" shareaccess="FILE_SHARE_READ FILE_SHARE_WRITE" flags="FILE_ATTRIBUTE_NORMAL SECURITY_ANONYMOUS"/>
	Found: 10431746 <13>Sep 8 10:08:22 home-off-d5f0ac cwsandbox::#1.3151: resContinue <= PID:2808,TID:2868,Caller:$00400000("10431746.exe"),BEFORE,typFileSystem."CreateFileA" - <create_open_file filetype="file" srcfile="C:\\WINDOWS\\system32\\48b15pywarz11809.dll" creationdistribution="OPEN_ALWAYS" desiredaccess="FILE_ANY_ACCESS" shareaccess="FILE_SHARE_READ FILE_SHARE_WRITE" flags="FILE_ATTRIBUTE_NORMAL SECURITY_ANONYMOUS"/>
	Found: 10431746 <13>Sep 8 10:08:22 home-off-d5f0ac cwsandbox::#1.3164: resContinue <= PID:2808,TID:2868,Caller:$00400000("10431746.exe"),BEFORE,typFileSystem."CreateFileA" - <create_open_file filetype="file" srcfile="C:\\WINDOWS\\system32\\2df5s5ywa9e80z.cpl" creationdistribution="OPEN_ALWAYS" desiredaccess="FILE_ANY_ACCESS" shareaccess="FILE_SHARE_READ FILE_SHARE_WRITE" flags="FILE_ATTRIBUTE_NORMAL SECURITY_ANONYMOUS"/>
	Found: 10431746 <13>Sep 8 10:08:22 home-off-d5f0ac cwsandbox::#1.3176: resContinue <= PID:2808,TID:2868,Caller:$00400000("10431746.exe"),BEFORE,typFileSystem."CreateFileA" - <create_open_file filetype="file" srcfile="C:\\WINDOWS\\system32\\936cazdware53.cpl" creationdistribution="OPEN_ALWAYS" desiredaccess="FILE_ANY_ACCESS" shareaccess="FILE_SHARE_READ FILE_SHARE_WRITE" flags="FILE_ATTRIBUTE_NORMAL SECURITY_ANONYMOUS"/>
	Found: 10431746 <13>Sep 8 10:08:22 home-off-d5f0ac cwsandbox::#1.3182: resContinue <= PID:2808,TID:2868,Caller:$00400000("10431746.exe"),BEFORE,typFileSystem."CreateFileA" - <create_open_file filetype="file" srcfile="C:\\WINDOWS\\system32\\19984zp94155.ocx" creationdistribution="OPEN_ALWAYS" desiredaccess="FILE_ANY_ACCESS" shareaccess="FILE_SHARE_READ FILE_SHARE_WRITE" flags="FILE_ATTRIBUTE_NORMAL SECURITY_ANONYMOUS"/>
	Found: 10431746 <13>Sep 8 10:08:22 home-off-d5f0ac cwsandbox::#1.3188: resContinue <= PID:2808,TID:2868,Caller:$00400000("10431746.exe"),BEFORE,typFileSystem."CreateFileA" - <create_open_file filetype="file" srcfile="C:\\WINDOWS\\system32\\42z5arse999.ocx" creationdistribution="OPEN_ALWAYS" desiredaccess="FILE_ANY_ACCESS" shareaccess="FILE_SHARE_READ FILE_SHARE_WRITE" flags="FILE_ATTRIBUTE_NORMAL SECURITY_ANONYMOUS"/>
	Found: 10431746 <13>Sep 8 10:08:22 home-off-d5f0ac cwsandbox::#1.3194: resContinue <= PID:2808,TID:2868,Caller:$00400000("10431746.exe"),BEFORE,typFileSystem."CreateFileA" - <create_open_file filetype="file" srcfile="C:\\WINDOWS\\system32\\2901z5roj57f.cpl" creationdistribution="OPEN_ALWAYS" desiredaccess="FILE_ANY_ACCESS" shareaccess="FILE_SHARE_READ FILE_SHARE_WRITE" flags="FILE_ATTRIBUTE_NORMAL SECURITY_ANONYMOUS"/>
	Found: 10431746 <13>Sep 8 10:08:22 home-off-d5f0ac cwsandbox::#1.3213: resContinue <= PID:2808,TID:2868,Caller:$00400000("10431746.exe"),BEFORE,typFileSystem."CreateFileA" - <create_open_file filetype="file" srcfile="C:\\WINDOWS\\system32\\66abbazkd95r1941.ocx" creationdistribution="OPEN_ALWAYS" desiredaccess="FILE_ANY_ACCESS" shareaccess="FILE_SHARE_READ FILE_SHARE_WRITE" flags="FILE_ATTRIBUTE_NORMAL SECURITY_ANONYMOUS"/>


	Found: 10431746 <13>Sep 8 10:08:28 home-off-d5f0ac cwsandbox::#1.4999: resContinue <= PID:2808,TID:2868,Caller:$00400000("10431746.exe"),BEFORE,typFileSystem."CreateFileA" - <create_open_file filetype="file" srcfile="C:\\WINDOWS\\system32\\2c6dthie51292z.dll" creationdistribution="OPEN_ALWAYS" desiredaccess="FILE_ANY_ACCESS" shareaccess="FILE_SHARE_READ FILE_SHARE_WRITE" flags="FILE_ATTRIBUTE_NORMAL SECURITY_ANONYMOUS"/>
	Found: 10431746 <13>Sep 8 10:08:28 home-off-d5f0ac cwsandbox::#1.5005: resContinue <= PID:2808,TID:2868,Caller:$00400000("10431746.exe"),BEFORE,typFileSystem."CreateFileA" - <create_open_file filetype="file" srcfile="C:\\WINDOWS\\system32\\41f0do9zload5r22.exe" creationdistribution="OPEN_ALWAYS" desiredaccess="FILE_ANY_ACCESS" shareaccess="FILE_SHARE_READ FILE_SHARE_WRITE" flags="FILE_ATTRIBUTE_NORMAL SECURITY_ANONYMOUS"/>
	Found: 10431746 <13>Sep 8 10:08:28 home-off-d5f0ac cwsandbox::#1.5030: resContinue <= PID:2808,TID:2868,Caller:$00400000("10431746.exe"),BEFORE,typFileSystem."CreateFileA" - <create_open_file filetype="file" srcfile="C:\\WINDOWS\\system32\\4z709ot-a-vir5s5ca.exe" creationdistribution="OPEN_ALWAYS" desiredaccess="FILE_ANY_ACCESS" shareaccess="FILE_SHARE_READ FILE_SHARE_WRITE" flags="FILE_ATTRIBUTE_NORMAL SECURITY_ANONYMOUS"/>
	Found: 10431746 <13>Sep 8 10:08:28 home-off-d5f0ac cwsandbox::#1.5067: resContinue <= PID:2808,TID:2868,Caller:$00400000("10431746.exe"),BEFORE,typFileSystem."CreateFileA" - <create_open_file filetype="file" srcfile="C:\\WINDOWS\\system32\\596backdooz296.cpl" creationdistribution="OPEN_ALWAYS" desiredaccess="FILE_ANY_ACCESS" shareaccess="FILE_SHARE_READ FILE_SHARE_WRITE" flags="FILE_ATTRIBUTE_NORMAL SECURITY_ANONYMOUS"/>
	Found: 10431746 <13>Sep 8 10:08:29 home-off-d5f0ac cwsandbox::#1.5110: resContinue <= PID:2808,TID:2868,Caller:$00400000("10431746.exe"),BEFORE,typFileSystem."CreateFileA" - <create_open_file filetype="file" srcfile="C:\\WINDOWS\\system32\\20595spy595z.exe" creationdistribution="OPEN_ALWAYS" desiredaccess="FILE_ANY_ACCESS" shareaccess="FILE_SHARE_READ FILE_SHARE_WRITE" flags="FILE_ATTRIBUTE_NORMAL SECURITY_ANONYMOUS"/>
	Found: 10431746 <13>Sep 8 10:08:29 home-off-d5f0ac cwsandbox::#1.5122: resContinue <= PID:2808,TID:2868,Caller:$00400000("10431746.exe"),BEFORE,typFileSystem."CreateFileA" - <create_open_file filetype="file" srcfile="C:\\WINDOWS\\system32\\28796v5ruz5fd.exe" creationdistribution="OPEN_ALWAYS" desiredaccess="FILE_ANY_ACCESS" shareaccess="FILE_SHARE_READ FILE_SHARE_WRITE" flags="FILE_ATTRIBUTE_NORMAL SECURITY_ANONYMOUS"/>
	Found: 10431746 <13>Sep 8 10:08:29 home-off-d5f0ac cwsandbox::#1.5135: resContinue <= PID:2808,TID:2868,Caller:$00400000("10431746.exe"),BEFORE,typFileSystem."CreateFileA" - <create_open_file filetype="file"
	srcfile="C:\\WINDOWS\\system32\%