"19:16:32.2230328","logger.exe","3388","FileSystemControl","C:","INVALID DEVICE REQUEST","Control: FSCTL_FILE_PREFETCH"
"19:16:32.2232452","logger.exe","3388","QueryDirectory","C:\","NO MORE FILES",""
"19:16:32.2238961","logger.exe","3388","QueryDirectory","C:\WINDOWS","NO MORE FILES",""
"19:16:32.2281000","logger.exe","3388","QueryDirectory","C:\WINDOWS\system32","NO MORE FILES",""
"19:16:32.7634700","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\logger.exe","NAME NOT FOUND","Desired Access: Read"
"19:16:32.7643667","logger.exe","3388","CreateFile","C:\Documents and Settings\%USER%\%Desktop%\logger.exe.Local","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"19:16:32.7925119","logger.exe","3388","RegOpenKey","HKLM\System\CurrentControlSet\Control\SafeBoot\Option","NAME NOT FOUND","Desired Access: Query Value, Set Value"
"19:16:32.7926759","logger.exe","3388","RegOpenKey","HKCU\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers","NAME NOT FOUND","Desired Access: Query Value"
"19:16:33.3717347","logger.exe","3388","CreateFile","C:\WINDOWS\system32\mscoree.dll.local","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"19:16:33.4117009","logger.exe","3388","RegQueryValue","HKLM\System\CurrentControlSet\Control\Session Manager\SafeDllSearchMode","NAME NOT FOUND","Length: 16"
"19:16:33.4169452","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Secur32.dll","NAME NOT FOUND","Desired Access: Read"
"19:16:33.4169944","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RPCRT4.dll","NAME NOT FOUND","Desired Access: Read"
"19:16:33.4170273","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ADVAPI32.dll","NAME NOT FOUND","Desired Access: Read"
"19:16:33.4324189","logger.exe","3388","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\LeakTrack","NAME NOT FOUND","Length: 144"
"19:16:33.4324832","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\Diagnostics","NAME NOT FOUND","Desired Access: Read"
"19:16:33.4325176","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ntdll.dll","NAME NOT FOUND","Desired Access: Read"
"19:16:33.4325357","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KERNEL32.dll","NAME NOT FOUND","Desired Access: Read"
"19:16:33.4499818","logger.exe","3388","RegQueryValue","HKLM\System\CurrentControlSet\Control\Session Manager\AppCompatibility\DisableAppCompat","NAME NOT FOUND","Length: 20"
"19:16:33.4501033","logger.exe","3388","RegOpenKey","HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers","NAME NOT FOUND","Desired Access: Read"
"19:16:33.4502500","logger.exe","3388","RegQueryValue","HKLM\SOFTWARE\Microsoft\.NETFramewo%USER%\CLRLoadLogDir","NAME NOT FOUND","Length: 144"
"19:16:33.5041186","logger.exe","3388","RegQueryValue","HKLM\SOFTWARE\Microsoft\.NETFramewo%USER%\OnlyUseLatestCLR","NAME NOT FOUND","Length: 144"
"19:16:33.5055347","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\USER32.dll","NAME NOT FOUND","Desired Access: Read"
"19:16:33.5148244","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\IMM32.DLL","NAME NOT FOUND","Desired Access: Read"
"19:16:33.5164017","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GDI32.dll","NAME NOT FOUND","Desired Access: Read"
"19:16:33.5164204","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msvcrt.dll","NAME NOT FOUND","Desired Access: Read"
"19:16:33.5164405","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SHLWAPI.dll","NAME NOT FOUND","Desired Access: Read"
"19:16:33.5178924","logger.exe","3388","RegOpenKey","HKLM\System\CurrentControlSet\Control\Error Message Instrument\","NAME NOT FOUND","Desired Access: Read"
"19:16:33.5179583","logger.exe","3388","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles","NAME NOT FOUND","Length: 20"
"19:16:33.5792787","logger.exe","3388","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Compatibility32\sample1","NAME NOT FOUND","Length: 172"
"19:16:33.5793354","logger.exe","3388","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IME Compatibility\sample1","NAME NOT FOUND","Length: 172"
"19:16:33.5801944","logger.exe","3388","CreateFile","C:\Documents and Settings\%USER%\%Desktop%\LPK.DLL","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"19:16:33.5824458","logger.exe","3388","CreateFile","C:\Documents and Settings\%USER%\%Desktop%\USP10.dll","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"19:16:33.5885148","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\USP10.dll","NAME NOT FOUND","Desired Access: Read"
"19:16:33.5886639","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\LPK.DLL","NAME NOT FOUND","Desired Access: Read"
"19:16:33.5887648","logger.exe","3388","RegOpenKey","HKCU\Software\Policies\Microsoft\Control Panel\Desktop","NAME NOT FOUND","Desired Access: Read"
"19:16:33.5888000","logger.exe","3388","RegQueryValue","HKCU\Control Panel\Desktop\MultiUILanguageId","NAME NOT FOUND","Length: 256"
"19:16:33.6298248","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Performance","NAME NOT FOUND","Desired Access: Maximum Allowed"
"19:16:33.6300569","logger.exe","3388","CreateFile","C:\Documents and Settings\%USER%\%Desktop%\logger.exe.config","NAME NOT FOUND","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, AllocationSize: n/a"
"19:16:33.6339437","logger.exe","3388","RegOpenKey","HKCU\Software\Microsoft\.NETFramewo%USER%\Policy\Standards","NAME NOT FOUND","Desired Access: Read"
"19:16:33.6441330","logger.exe","3388","RegOpenKey","HKLM\SOFTWARE\Microsoft\.NETFramewo%USER%\Policy\standards\v2.0.50727","NAME NOT FOUND","Desired Access: Read"
"19:16:33.6862375","logger.exe","3388","RegOpenKey","HKCU\Software\Policies\Microsoft\Control Panel\Desktop","NAME NOT FOUND","Desired Access: Read"
"19:16:33.6862730","logger.exe","3388","RegQueryValue","HKCU\Control Panel\Desktop\MultiUILanguageId","NAME NOT FOUND","Length: 256"
"19:16:33.6864389","logger.exe","3388","CreateFile","C:\WINDOWS\Microsoft.NET\Framewo%USER%\v2.0.50727\mscorwks.dll.2.Manifest","NAME NOT FOUND","Desired Access: Generic Read/Execute, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, AllocationSize: n/a"
"19:16:33.7041183","logger.exe","3388","CreateFile","C:\WINDOWS\Microsoft.NET\Framewo%USER%\v2.0.50727\mscorwks.dll.2.Config","NAME NOT FOUND","Desired Access: Generic Read/Execute, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, AllocationSize: n/a"
"19:16:33.9480051","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\Windows\CurrentVersion\SideBySide\AssemblyStorageRoots","NAME NOT FOUND","Desired Access: Enumerate Sub Keys"
"19:16:33.9483862","logger.exe","3388","CreateFile","C:\Documents and Settings\%USER%\%Desktop%\logger.exe.Local","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"19:16:34.1377935","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MSVCR80.dll","NAME NOT FOUND","Desired Access: Read"
"19:16:34.2196559","logger.exe","3388","RegOpenKey","HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers","NAME NOT FOUND","Desired Access: Read"
"19:16:34.6790796","logger.exe","3388","RegOpenKey","HKCU\Software\Microsoft\.NETFramewo%USER%","NAME NOT FOUND","Desired Access: Read"
"19:16:34.6791240","logger.exe","3388","RegQueryValue","HKLM\SOFTWARE\Microsoft\.NETFramewo%USER%\GCStressStart","NAME NOT FOUND","Length: 144"
"19:16:34.6791640","logger.exe","3388","RegOpenKey","HKCU\Software\Microsoft\.NETFramewo%USER%","NAME NOT FOUND","Desired Access: Read"
"19:16:34.6791944","logger.exe","3388","RegQueryValue","HKLM\SOFTWARE\Microsoft\.NETFramewo%USER%\GCStressStartAtJit","NAME NOT FOUND","Length: 144"
"19:16:34.6792486","logger.exe","3388","RegOpenKey","HKCU\Software\Microsoft\.NETFramewo%USER%","NAME NOT FOUND","Desired Access: Read"
"19:16:34.6792783","logger.exe","3388","RegQueryValue","HKLM\SOFTWARE\Microsoft\.NETFramewo%USER%\GCStressStart","NAME NOT FOUND","Length: 144"
"19:16:34.6793090","logger.exe","3388","RegOpenKey","HKCU\Software\Microsoft\.NETFramewo%USER%","NAME NOT FOUND","Desired Access: Read"
"19:16:34.6793375","logger.exe","3388","RegQueryValue","HKLM\SOFTWARE\Microsoft\.NETFramewo%USER%\GCStressStartAtJit","NAME NOT FOUND","Length: 144"
"19:16:34.7323878","logger.exe","3388","RegOpenKey","HKCU\Software\Microsoft\.NETFramewo%USER%","NAME NOT FOUND","Desired Access: Read"
"19:16:34.7324252","logger.exe","3388","RegQueryValue","HKLM\SOFTWARE\Microsoft\.NETFramewo%USER%\DisableConfigCache","NAME NOT FOUND","Length: 144"
"19:16:34.7329172","logger.exe","3388","RegOpenKey","HKCU\Software\Microsoft\.NETFramewo%USER%","NAME NOT FOUND","Desired Access: Read"
"19:16:34.7495696","logger.exe","3388","RegEnumValue","HKLM\SOFTWARE\Microsoft\.NETFramewo%USER%","NO MORE ENTRIES","Index: 1, Length: 220"
"19:16:35.1842321","logger.exe","3388","CreateFile","C:\Documents and Settings\%USER%\%Desktop%\logger.exe.config","NAME NOT FOUND","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, AllocationSize: n/a"
"19:16:35.2773009","logger.exe","3388","CreateFile","C:\WINDOWS\Microsoft.NET\Framewo%USER%\v2.0.50727\fusion.localgac","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"19:16:35.3526412","logger.exe","3388","RegQueryValue","HKLM\SOFTWARE\Microsoft\Fusion\CacheLocation","NAME NOT FOUND","Length: 144"
"19:16:35.4079094","logger.exe","3388","RegQueryValue","HKLM\SOFTWARE\Microsoft\Fusion\DownloadCacheQuotaInKB","NAME NOT FOUND","Length: 144"
"19:16:35.4079292","logger.exe","3388","RegOpenKey","HKCU\Software\Microsoft\Fusion","NAME NOT FOUND","Desired Access: Read"
"19:16:35.4079985","logger.exe","3388","RegQueryValue","HKLM\SOFTWARE\Microsoft\Fusion\EnableLog","NAME NOT FOUND","Length: 144"
"19:16:35.4080153","logger.exe","3388","RegQueryValue","HKLM\SOFTWARE\Microsoft\Fusion\LoggingLevel","NAME NOT FOUND","Length: 144"
"19:16:35.4080309","logger.exe","3388","RegQueryValue","HKLM\SOFTWARE\Microsoft\Fusion\ForceLog","NAME NOT FOUND","Length: 144"
"19:16:35.4080466","logger.exe","3388","RegQueryValue","HKLM\SOFTWARE\Microsoft\Fusion\LogFailures","NAME NOT FOUND","Length: 144"
"19:16:35.4080622","logger.exe","3388","RegQueryValue","HKLM\SOFTWARE\Microsoft\Fusion\LogResourceBinds","NAME NOT FOUND","Length: 144"
"19:16:35.4080904","logger.exe","3388","RegQueryValue","HKLM\SOFTWARE\Microsoft\Fusion\UseLegacyIdentityFormat","NAME NOT FOUND","Length: 144"
"19:16:35.4081058","logger.exe","3388","RegQueryValue","HKLM\SOFTWARE\Microsoft\Fusion\DisableMSIPeek","NAME NOT FOUND","Length: 144"
"19:16:35.5254400","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\.NETFramewo%USER%\Security\Policy\Extensions\NamedPermissionSets","NAME NOT FOUND","Desired Access: Read"
"19:16:35.5258146","logger.exe","3388","CreateFile","C:\WINDOWS\Microsoft.NET\Framewo%USER%\v2.0.50727\CONFIG\security.config","NAME NOT FOUND","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, Delete, AllocationSize: n/a"
"19:16:35.5299819","logger.exe","3388","CreateFile","C:\WINDOWS\Microsoft.NET\Framewo%USER%\v2.0.50727\CONFIG\security.config.cch","NAME NOT FOUND","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, Delete, AllocationSize: n/a"
"19:16:35.5302822","logger.exe","3388","CreateFile","C:\WINDOWS\Microsoft.NET\Framewo%USER%\v2.0.50727\CONFIG\enterprisesec.config","NAME NOT FOUND","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, Delete, AllocationSize: n/a"
"19:16:35.5305633","logger.exe","3388","CreateFile","C:\WINDOWS\Microsoft.NET\Framewo%USER%\v2.0.50727\CONFIG\enterprisesec.config.cch","NAME NOT FOUND","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, Delete, AllocationSize: n/a"
"19:16:35.7470818","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\shell32.dll","NAME NOT FOUND","Desired Access: Read"
"19:16:35.8000118","logger.exe","3388","RegOpenKey","HKCU\Software\Policies\Microsoft\Control Panel\Desktop","NAME NOT FOUND","Desired Access: Read"
"19:16:35.8000665","logger.exe","3388","RegQueryValue","HKCU\Control Panel\Desktop\MultiUILanguageId","NAME NOT FOUND","Length: 256"
"19:16:35.8693572","logger.exe","3388","CreateFile","C:\WINDOWS\system32\shell32.dll.124.Manifest","NAME NOT FOUND","Desired Access: Generic Read/Execute, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, AllocationSize: n/a"
"19:16:35.9565641","logger.exe","3388","CreateFile","C:\WINDOWS\system32\shell32.dll.124.Config","NAME NOT FOUND","Desired Access: Generic Read/Execute, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, AllocationSize: n/a"
"19:16:36.1345266","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\Windows\CurrentVersion\SideBySide\AssemblyStorageRoots","NAME NOT FOUND","Desired Access: Enumerate Sub Keys"
"19:16:36.1598072","logger.exe","3388","CreateFile","C:\Documents and Settings\%USER%\%Desktop%\logger.exe.Local","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"19:16:36.3327934","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\comctl32.dll","NAME NOT FOUND","Desired Access: Read"
"19:16:36.3329429","logger.exe","3388","RegOpenKey","HKCU\Software\Policies\Microsoft\Control Panel\Desktop","NAME NOT FOUND","Desired Access: Read"
"19:16:36.3330013","logger.exe","3388","RegQueryValue","HKCU\Control Panel\Desktop\MultiUILanguageId","NAME NOT FOUND","Length: 256"
"19:16:36.3616214","logger.exe","3388","CreateFile","C:\WINDOWS\WindowsShell.Config","NAME NOT FOUND","Desired Access: Generic Read/Execute, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, AllocationSize: n/a"
"19:16:36.4084888","logger.exe","3388","RegQueryValue","HKCU\Control Panel\Desktop\SmoothScroll","NAME NOT FOUND","Length: 144"
"19:16:36.4086366","logger.exe","3388","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\EnableBalloonTips","NAME NOT FOUND","Length: 144"
"19:16:36.4623736","logger.exe","3388","RegEnumValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack","NO MORE ENTRIES","Index: 1, Length: 220"
"19:16:36.6590947","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\comctl32.dll","NAME NOT FOUND","Desired Access: Read"
"19:16:36.7625193","logger.exe","3388","RegOpenKey","HKCU\Software\Policies\Microsoft\Control Panel\Desktop","NAME NOT FOUND","Desired Access: Read"
"19:16:36.7625774","logger.exe","3388","RegQueryValue","HKCU\Control Panel\Desktop\MultiUILanguageId","NAME NOT FOUND","Length: 256"
"19:16:36.7636798","logger.exe","3388","CreateFile","C:\WINDOWS\system32\comctl32.dll.124.Manifest","NAME NOT FOUND","Desired Access: Generic Read/Execute, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, AllocationSize: n/a"
"19:16:36.7641698","logger.exe","3388","CreateFile","C:\WINDOWS\system32\comctl32.dll.124.Config","NAME NOT FOUND","Desired Access: Generic Read/Execute, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, AllocationSize: n/a"
"19:16:36.9259244","logger.exe","3388","RegQueryValue","HKCU\Control Panel\Desktop\SmoothScroll","NAME NOT FOUND","Length: 144"
"19:16:37.9337528","logger.exe","3388","CreateFile","C:\Documents and Settings\%USER%\Application Data\Microsoft\CLR Security Config\v2.0.50727.42\security.config","PATH NOT FOUND","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, Delete, AllocationSize: n/a"
"19:16:37.9339170","logger.exe","3388","CreateFile","C:\Documents and Settings\%USER%\Application Data\Microsoft\CLR Security Config\v2.0.50727.42\security.config.cch","PATH NOT FOUND","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, Delete, AllocationSize: n/a"
"19:16:37.9339936","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\.NETFramewo%USER%\v2.0.50727\Security\Policy","NAME NOT FOUND","Desired Access: Read"
"19:16:38.8594911","logger.exe","3388","RegEnumKey","HKLM\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\3c74e9a9","NO MORE ENTRIES","Index: 1, Length: 288"
"19:16:38.8599082","logger.exe","3388","RegQueryValue","HKLM\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\3c74e9a9\1\EvalationData","NAME NOT FOUND","Length: 144"
"19:16:38.8599867","logger.exe","3388","RegQueryValue","HKLM\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\3c74e9a9\1\NIDependencies","NAME NOT FOUND","Length: 144"
"19:16:38.8600096","logger.exe","3388","RegQueryValue","HKLM\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\3c74e9a9\1\MissingDependencies","NAME NOT FOUND","Length: 144"
"19:16:38.9035104","logger.exe","3388","RegQueryValue","HKLM\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\319545b3\1\Modules","BUFFER OVERFLOW","Length: 144"
"19:16:39.7740596","logger.exe","3388","QueryDirectory","C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.INI","NO SUCH FILE","Filter: mscorlib.INI"
"19:16:40.7097201","logger.exe","3388","CreateFile","C:\WINDOWS\Microsoft.NET\Framewo%USER%\v2.0.50727\ole32.dll","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"19:16:40.7111309","logger.exe","3388","CreateFile","C:\WINDOWS\Microsoft.NET\Framewo%USER%\v2.0.50727\ole32.dll","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"19:16:40.7120374","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ole32.dll","NAME NOT FOUND","Desired Access: Read"
"19:16:40.7322638","logger.exe","3388","RegQueryValue","HKLM\SOFTWARE\Microsoft\Ole\RWLockResourceTimeOut","NAME NOT FOUND","Length: 144"
"19:16:40.7324836","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mscorlib.ni.dll","NAME NOT FOUND","Desired Access: Read"
"19:16:40.7978257","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\uxtheme.dll","NAME NOT FOUND","Desired Access: Read"
"19:16:40.7980115","logger.exe","3388","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\ThemeManager\Compositing","NAME NOT FOUND","Length: 144"
"19:16:40.8004356","logger.exe","3388","RegQueryValue","HKCU\Control Panel\Desktop\LameButtonText","NAME NOT FOUND","Length: 144"
"19:16:40.8564396","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MSCTF.dll","NAME NOT FOUND","Desired Access: Read"
"19:16:40.8618939","logger.exe","3388","RegOpenKey","HKLM\SOFTWARE\Microsoft\CTF\Compatibility\logger.exe","NAME NOT FOUND","Desired Access: Read"
"19:16:40.8621814","logger.exe","3388","RegQueryValue","HKCU\Keyboard Layout\Toggle\Language Hotkey","NAME NOT FOUND","Length: 144"
"19:16:40.8622001","logger.exe","3388","RegQueryValue","HKCU\Keyboard Layout\Toggle\Hotkey","NAME NOT FOUND","Length: 144"
"19:16:40.8622183","logger.exe","3388","RegQueryValue","HKCU\Keyboard Layout\Toggle\Layout Hotkey","NAME NOT FOUND","Length: 144"
"19:16:40.8639844","logger.exe","3388","RegOpenKey","HKCU\Software\Policies\Microsoft\Control Panel\Desktop","NAME NOT FOUND","Desired Access: Read"
"19:16:40.8640386","logger.exe","3388","RegQueryValue","HKCU\Control Panel\Desktop\MultiUILanguageId","NAME NOT FOUND","Length: 256"
"19:16:40.8641537","logger.exe","3388","RegQueryValue","HKLM\SOFTWARE\Microsoft\CTF\EnableAnchorContext","NAME NOT FOUND","Length: 144"
"19:16:41.1941320","logger.exe","3388","CreateFile","C:\Documents and Settings\%USER%\%Desktop%\logger.exe.config","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"19:16:41.1949318","logger.exe","3388","RegOpenKey","HKLM\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\39918b11\6066a7f4","NAME NOT FOUND","Desired Access: Read"
"19:16:41.1955430","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\StrongName","NAME NOT FOUND","Desired Access: Read"
"19:16:41.2112889","logger.exe","3388","QueryDirectory","C:\Documents and Settings\%USER%\%Desktop%\sample1.INI","NO SUCH FILE","Filter: sample1.INI"
"19:16:41.3144827","logger.exe","3388","RegOpenKey","HKCU\Software\Policies\Microsoft\Control Panel\Desktop","NAME NOT FOUND","Desired Access: Read"
"19:16:41.3145190","logger.exe","3388","RegQueryValue","HKCU\Control Panel\Desktop\MultiUILanguageId","NAME NOT FOUND","Length: 256"
"19:16:41.3146864","logger.exe","3388","CreateFile","C:\WINDOWS\Microsoft.NET\Framewo%USER%\v2.0.50727\mscorjit.dll.2.Manifest","NAME NOT FOUND","Desired Access: Generic Read/Execute, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, AllocationSize: n/a"
"19:16:41.3149129","logger.exe","3388","CreateFile","C:\WINDOWS\Microsoft.NET\Framewo%USER%\v2.0.50727\mscorjit.dll.2.Config","NAME NOT FOUND","Desired Access: Generic Read/Execute, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, AllocationSize: n/a"
"19:16:41.3296916","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\Windows\CurrentVersion\SideBySide\AssemblyStorageRoots","NAME NOT FOUND","Desired Access: Enumerate Sub Keys"
"19:16:41.3299339","logger.exe","3388","CreateFile","C:\Documents and Settings\%USER%\%Desktop%\logger.exe.Local","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"19:16:41.3323445","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mscorjit.dll","NAME NOT FOUND","Desired Access: Read"
"19:16:41.8394964","logger.exe","3388","CreateFile","C:\WINDOWS\Globalization\ja-jp.nlp","PATH NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"19:16:41.8399973","logger.exe","3388","RegOpenKey","HKCU\Software\Policies\Microsoft\Control Panel\Desktop","NAME NOT FOUND","Desired Access: Read"
"19:16:41.8400557","logger.exe","3388","RegQueryValue","HKCU\Control Panel\Desktop\MultiUILanguageId","NAME NOT FOUND","Length: 256"
"19:16:42.2323502","logger.exe","3388","CreateFile","C:\Documents and Settings\%USER%\%Desktop%\logger.exe.config","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"19:16:42.2456377","logger.exe","3388","CreateFile","C:\WINDOWS\assembly\GAC\PublisherPolicy.tme","PATH NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"19:16:42.2494834","logger.exe","3388","RegOpenKey","HKLM\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7bf84e28\65b1aef9","NAME NOT FOUND","Desired Access: Read"
"19:16:42.2502240","logger.exe","3388","CreateFile","C:\Documents and Settings\%USER%\%Desktop%\ja-JP\logger.resources.dll","PATH NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"19:16:42.2505422","logger.exe","3388","CreateFile","C:\Documents and Settings\%USER%\%Desktop%\ja-JP\logger.resources\logger.resources.dll","PATH NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"19:16:42.2508509","logger.exe","3388","CreateFile","C:\Documents and Settings\%USER%\%Desktop%\ja-JP\logger.resources.exe","PATH NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"19:16:42.2511607","logger.exe","3388","CreateFile","C:\Documents and Settings\%USER%\%Desktop%\ja-JP\logger.resources\logger.resources.exe","PATH NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"19:16:42.2589385","logger.exe","3388","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-1214440339-926492609-1644491937-1003\Installer\Assemblies\C:|Documents and Settings|%USER%|%Desktop%|logger.exe","NAME NOT FOUND","Desired Access: Read"
"19:16:42.2965461","logger.exe","3388","RegOpenKey","HKCU\Software\Microsoft\Installer\Assemblies\C:|Documents and Settings|%USER%|%Desktop%|logger.exe","NAME NOT FOUND","Desired Access: Read"
"19:16:42.2966254","logger.exe","3388","RegOpenKey","HKCR\Installer\Assemblies\C:|Documents and Settings|%USER%|%Desktop%|logger.exe","NAME NOT FOUND","Desired Access: Read"
"19:16:42.3327591","logger.exe","3388","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-1214440339-926492609-1644491937-1003\Installer\Assemblies\Global","NAME NOT FOUND","Desired Access: Read"
"19:16:42.3327973","logger.exe","3388","RegOpenKey","HKCU\Software\Microsoft\Installer\Assemblies\Global","NAME NOT FOUND","Desired Access: Read"
"19:16:42.3328289","logger.exe","3388","RegOpenKey","HKCR\Installer\Assemblies\Global","NAME NOT FOUND","Desired Access: Read"
"19:16:42.3812250","logger.exe","3388","RegOpenKey","HKCU\Software\Policies\Microsoft\Control Panel\Desktop","NAME NOT FOUND","Desired Access: Read"
"19:16:42.3812820","logger.exe","3388","RegQueryValue","HKCU\Control Panel\Desktop\MultiUILanguageId","NAME NOT FOUND","Length: 256"
"19:16:42.3822254","logger.exe","3388","CreateFile","C:\WINDOWS\Microsoft.NET\Framewo%USER%\v2.0.50727\culture.dll.2.Manifest","NAME NOT FOUND","Desired Access: Generic Read/Execute, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, AllocationSize: n/a"
"19:16:42.3825822","logger.exe","3388","CreateFile","C:\WINDOWS\Microsoft.NET\Framewo%USER%\v2.0.50727\culture.dll.2.Config","NAME NOT FOUND","Desired Access: Generic Read/Execute, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, AllocationSize: n/a"
"19:16:42.4113179","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\Windows\CurrentVersion\SideBySide\AssemblyStorageRoots","NAME NOT FOUND","Desired Access: Enumerate Sub Keys"
"19:16:42.4117510","logger.exe","3388","CreateFile","C:\Documents and Settings\%USER%\%Desktop%\logger.exe.Local","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"19:16:42.4257988","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\culture.dll","NAME NOT FOUND","Desired Access: Read"
"19:16:42.4276647","logger.exe","3388","CreateFile","C:\WINDOWS\Microsoft.NET\Framewo%USER%\v2.0.50727\ja-JP\mscorrc.dll","PATH NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"19:16:42.4282693","logger.exe","3388","CreateFile","C:\WINDOWS\Microsoft.NET\Framewo%USER%\v2.0.50727\ja-JP\mscorrc.dll","PATH NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"19:16:42.4293023","logger.exe","3388","CreateFile","C:\WINDOWS\Microsoft.NET\Framewo%USER%\v2.0.50727\ja-JP\mscorrc.dll.DLL","PATH NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"19:16:42.4307975","logger.exe","3388","CreateFile","C:\WINDOWS\Microsoft.NET\Framewo%USER%\v2.0.50727\ja\mscorrc.dll","PATH NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"19:16:42.4313976","logger.exe","3388","CreateFile","C:\WINDOWS\Microsoft.NET\Framewo%USER%\v2.0.50727\ja\mscorrc.dll","PATH NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"19:16:42.4319856","logger.exe","3388","CreateFile","C:\WINDOWS\Microsoft.NET\Framewo%USER%\v2.0.50727\ja\mscorrc.dll.DLL","PATH NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"19:16:42.4686397","logger.exe","3388","CreateFile","C:\WINDOWS\Globalization\ja.nlp","PATH NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"19:16:42.4689549","logger.exe","3388","RegOpenKey","HKLM\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7bf84e28\5af76302","NAME NOT FOUND","Desired Access: Read"
"19:16:42.4696396","logger.exe","3388","CreateFile","C:\Documents and Settings\%USER%\%Desktop%\ja\logger.resources.dll","PATH NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"19:16:42.4699486","logger.exe","3388","CreateFile","C:\Documents and Settings\%USER%\%Desktop%\ja\logger.resources\logger.resources.dll","PATH NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"19:16:42.4702388","logger.exe","3388","CreateFile","C:\Documents and Settings\%USER%\%Desktop%\ja\logger.resources.exe","PATH NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"19:16:42.4705425","logger.exe","3388","CreateFile","C:\Documents and Settings\%USER%\%Desktop%\ja\logger.resources\logger.resources.exe","PATH NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"19:16:42.4706791","logger.exe","3388","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-1214440339-926492609-1644491937-1003\Installer\Assemblies\C:|Documents and Settings|%USER%|%Desktop%|logger.exe","NAME NOT FOUND","Desired Access: Read"
"19:16:42.4707355","logger.exe","3388","RegOpenKey","HKCU\Software\Microsoft\Installer\Assemblies\C:|Documents and Settings|%USER%|%Desktop%|logger.exe","NAME NOT FOUND","Desired Access: Read"
"19:16:42.4842677","logger.exe","3388","RegOpenKey","HKCR\Installer\Assemblies\C:|Documents and Settings|%USER%|%Desktop%|logger.exe","NAME NOT FOUND","Desired Access: Read"
"19:16:42.4843130","logger.exe","3388","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-1214440339-926492609-1644491937-1003\Installer\Assemblies\Global","NAME NOT FOUND","Desired Access: Read"
"19:16:42.4843476","logger.exe","3388","RegOpenKey","HKCU\Software\Microsoft\Installer\Assemblies\Global","NAME NOT FOUND","Desired Access: Read"
"19:16:42.4843716","logger.exe","3388","RegOpenKey","HKCR\Installer\Assemblies\Global","NAME NOT FOUND","Desired Access: Read"
"19:16:43.2070059","logger.exe","3388","RegEnumKey","HKLM\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\69db6748","NO MORE ENTRIES","Index: 1, Length: 288"
"19:16:43.2074862","logger.exe","3388","RegQueryValue","HKLM\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\69db6748\3\EvalationData","NAME NOT FOUND","Length: 144"
"19:16:43.2075177","logger.exe","3388","RegQueryValue","HKLM\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\69db6748\3\ILDependencies","BUFFER OVERFLOW","Length: 144"
"19:16:43.2075781","logger.exe","3388","RegQueryValue","HKLM\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\69db6748\3\MissingDependencies","NAME NOT FOUND","Length: 144"
"19:16:43.2110347","logger.exe","3388","RegQueryValue","HKLM\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2995e574\17\Modules","NAME NOT FOUND","Length: 144"
"19:16:43.2112054","logger.exe","3388","RegQueryValue","HKLM\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\291a02d0\7\Modules","NAME NOT FOUND","Length: 144"
"19:16:43.2115194","logger.exe","3388","RegQueryValue","HKLM\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\3914f670\b\Modules","NAME NOT FOUND","Length: 144"
"19:16:43.2116800","logger.exe","3388","RegQueryValue","HKLM\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\67e63d5c\6\Modules","NAME NOT FOUND","Length: 144"
"19:16:43.2118038","logger.exe","3388","RegQueryValue","HKLM\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\4426ac2f\f\DisplayName","BUFFER OVERFLOW","Length: 144"
"19:16:43.2118605","logger.exe","3388","RegQueryValue","HKLM\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\4426ac2f\f\Modules","NAME NOT FOUND","Length: 144"
"19:16:43.2122049","logger.exe","3388","RegQueryValue","HKLM\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\7f729234\18\Modules","NAME NOT FOUND","Length: 144"
"19:16:43.2123656","logger.exe","3388","RegQueryValue","HKLM\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\268e923b\a\Modules","NAME NOT FOUND","Length: 144"
"19:16:43.2125742","logger.exe","3388","RegQueryValue","HKLM\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\1d498232\8\EvalationData","NAME NOT FOUND","Length: 144"
"19:16:43.2126402","logger.exe","3388","RegQueryValue","HKLM\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\1d498232\8\MissingDependencies","NAME NOT FOUND","Length: 144"
"19:16:43.2127754","logger.exe","3388","RegQueryValue","HKLM\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6e9ac653\8\Modules","NAME NOT FOUND","Length: 144"
"19:16:43.2129869","logger.exe","3388","RegQueryValue","HKLM\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\31de29a4\5\EvalationData","NAME NOT FOUND","Length: 144"
"19:16:43.2130503","logger.exe","3388","RegQueryValue","HKLM\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\31de29a4\5\MissingDependencies","NAME NOT FOUND","Length: 144"
"19:16:43.2131685","logger.exe","3388","RegQueryValue","HKLM\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\3fcdfaca\11\Modules","NAME NOT FOUND","Length: 144"
"19:16:43.6667026","logger.exe","3388","QueryDirectory","C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.INI","NO SUCH FILE","Filter: System.Windows.Forms.INI"
"19:16:43.6774814","logger.exe","3388","RegOpenKey","HKLM\SOFTWARE\Microsoft\.NETFramewo%USER%\Policy\APTCA","NAME NOT FOUND","Desired Access: Read"
"19:16:43.7504041","logger.exe","3388","QueryDirectory","C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.INI","NO SUCH FILE","Filter: System.INI"
"19:16:43.8174771","logger.exe","3388","QueryDirectory","C:\WINDOWS\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.INI","NO SUCH FILE","Filter: System.Drawing.INI"
"19:17:45.4591584","logger.exe","3388","RegEnumKey","HKLM\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\7d04a1bb","NO MORE ENTRIES","Index: 1, Length: 288"
"19:17:45.4595355","logger.exe","3388","RegQueryValue","HKLM\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\7d04a1bb\2\EvalationData","NAME NOT FOUND","Length: 144"
"19:17:45.4596517","logger.exe","3388","RegQueryValue","HKLM\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\7d04a1bb\2\MissingDependencies","NAME NOT FOUND","Length: 144"
"19:17:45.4598573","logger.exe","3388","RegQueryValue","HKLM\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\75638fee\19057a88\16\Modules","NAME NOT FOUND","Length: 144"
"19:17:45.5759637","logger.exe","3388","QueryDirectory","C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.INI","NO SUCH FILE","Filter: System.Xml.INI"
"19:17:45.7134527","logger.exe","3388","ReadFile","C:\WINDOWS\Microsoft.NET\Framewo%USER%\v2.0.50727\CONFIG\machine.config","END OF FILE","Offset: 20,057, Length: 4,096"
"19:17:45.7140438","logger.exe","3388","CreateFile","C:\Documents and Settings\%USER%\%Desktop%\logger.exe.config","NAME NOT FOUND","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Open No Recall, Attributes: n/a, ShareMode: Read, AllocationSize: n/a"
"19:17:45.8222428","logger.exe","3388","CreateFile","C:\WINDOWS\Globalization\en-us.nlp","PATH NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"19:17:45.8511090","logger.exe","3388","RegOpenKey","HKLM\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5e8c75c\622dbd87","NAME NOT FOUND","Desired Access: Read"
"19:17:45.8513515","logger.exe","3388","CreateFile","C:\WINDOWS\assembly\GAC_32\mscorlib.resources\2.0.0.0_ja-JP_b77a5c561934e089","PATH NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"19:17:45.8516264","logger.exe","3388","CreateFile","C:\WINDOWS\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_ja-JP_b77a5c561934e089","PATH NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"19:17:45.8518949","logger.exe","3388","CreateFile","C:\WINDOWS\assembly\GAC\mscorlib.resources\2.0.0.0_ja-JP_b77a5c561934e089","PATH NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"19:17:45.8526710","logger.exe","3388","CreateFile","C:\Documents and Settings\%USER%\%Desktop%\ja-JP\mscorlib.resources.dll","PATH NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"19:17:45.8529875","logger.exe","3388","CreateFile","C:\Documents and Settings\%USER%\%Desktop%\ja-JP\mscorlib.resources\mscorlib.resources.dll","PATH NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"19:17:45.8532875","logger.exe","3388","CreateFile","C:\Documents and Settings\%USER%\%Desktop%\ja-JP\mscorlib.resources.exe","PATH NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"19:17:45.8535962","logger.exe","3388","CreateFile","C:\Documents and Settings\%USER%\%Desktop%\ja-JP\mscorlib.resources\mscorlib.resources.exe","PATH NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"19:17:45.8537351","logger.exe","3388","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-1214440339-926492609-1644491937-1003\Installer\Assemblies\C:|Documents and Settings|%USER%|%Desktop%|logger.exe","NAME NOT FOUND","Desired Access: Read"
"19:17:45.8537968","logger.exe","3388","RegOpenKey","HKCU\Software\Microsoft\Installer\Assemblies\C:|Documents and Settings|%USER%|%Desktop%|logger.exe","NAME NOT FOUND","Desired Access: Read"
"19:17:45.8538379","logger.exe","3388","RegOpenKey","HKCR\Installer\Assemblies\C:|Documents and Settings|%USER%|%Desktop%|logger.exe","NAME NOT FOUND","Desired Access: Read"
"19:17:45.8538823","logger.exe","3388","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-1214440339-926492609-1644491937-1003\Installer\Assemblies\Global","NAME NOT FOUND","Desired Access: Read"
"19:17:45.8539169","logger.exe","3388","RegOpenKey","HKCU\Software\Microsoft\Installer\Assemblies\Global","NAME NOT FOUND","Desired Access: Read"
"19:17:45.8539415","logger.exe","3388","RegOpenKey","HKCR\Installer\Assemblies\Global","NAME NOT FOUND","Desired Access: Read"
"19:17:45.8726573","logger.exe","3388","RegOpenKey","HKLM\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5e8c75c\223aaab6","NAME NOT FOUND","Desired Access: Read"
"19:17:45.8728906","logger.exe","3388","CreateFile","C:\WINDOWS\assembly\GAC_32\mscorlib.resources\2.0.0.0_ja_b77a5c561934e089","PATH NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"19:17:45.8731599","logger.exe","3388","CreateFile","C:\WINDOWS\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_ja_b77a5c561934e089","PATH NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"19:17:45.8734166","logger.exe","3388","CreateFile","C:\WINDOWS\assembly\GAC\mscorlib.resources\2.0.0.0_ja_b77a5c561934e089","PATH NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"19:17:45.8741039","logger.exe","3388","CreateFile","C:\Documents and Settings\%USER%\%Desktop%\ja\mscorlib.resources.dll","PATH NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"19:17:45.8744139","logger.exe","3388","CreateFile","C:\Documents and Settings\%USER%\%Desktop%\ja\mscorlib.resources\mscorlib.resources.dll","PATH NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"19:17:45.8751124","logger.exe","3388","CreateFile","C:\Documents and Settings\%USER%\%Desktop%\ja\mscorlib.resources.exe","PATH NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"19:17:45.8754191","logger.exe","3388","CreateFile","C:\Documents and Settings\%USER%\%Desktop%\ja\mscorlib.resources\mscorlib.resources.exe","PATH NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"19:17:45.8755535","logger.exe","3388","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-1214440339-926492609-1644491937-1003\Installer\Assemblies\C:|Documents and Settings|%USER%|%Desktop%|logger.exe","NAME NOT FOUND","Desired Access: Read"
"19:17:45.8756077","logger.exe","3388","RegOpenKey","HKCU\Software\Microsoft\Installer\Assemblies\C:|Documents and Settings|%USER%|%Desktop%|logger.exe","NAME NOT FOUND","Desired Access: Read"
"19:17:45.8756473","logger.exe","3388","RegOpenKey","HKCR\Installer\Assemblies\C:|Documents and Settings|%USER%|%Desktop%|logger.exe","NAME NOT FOUND","Desired Access: Read"
"19:17:45.8756898","logger.exe","3388","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-1214440339-926492609-1644491937-1003\Installer\Assemblies\Global","NAME NOT FOUND","Desired Access: Read"
"19:17:45.8757228","logger.exe","3388","RegOpenKey","HKCU\Software\Microsoft\Installer\Assemblies\Global","NAME NOT FOUND","Desired Access: Read"
"19:17:45.8757460","logger.exe","3388","RegOpenKey","HKCR\Installer\Assemblies\Global","NAME NOT FOUND","Desired Access: Read"
"19:17:46.2585955","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\version.dll","NAME NOT FOUND","Desired Access: Read"
"19:17:46.2586418","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\System.ni.dll","NAME NOT FOUND","Desired Access: Read"
"19:17:46.2586955","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\System.Drawing.ni.dll","NAME NOT FOUND","Desired Access: Read"
"19:17:46.2587368","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\System.Windows.Forms.ni.dll","NAME NOT FOUND","Desired Access: Read"
"19:17:46.2587796","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\System.Xml.ni.dll","NAME NOT FOUND","Desired Access: Read"
"19:17:46.2779538","logger.exe","3388","RegOpenKey","HKCU\Software\Policies\Microsoft\Control Panel\Desktop","NAME NOT FOUND","Desired Access: Read"
"19:17:46.2780124","logger.exe","3388","RegQueryValue","HKCU\Control Panel\Desktop\MultiUILanguageId","NAME NOT FOUND","Length: 256"
"19:17:46.3818829","logger.exe","3388","CreateFile","C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\shell32.dll","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"19:17:46.3848931","logger.exe","3388","CreateFile","C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\shell32.dll","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"19:17:46.4086151","logger.exe","3388","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MaximizeApps","NAME NOT FOUND","Length: 144"
"19:17:46.4086841","logger.exe","3388","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MaximizeApps","NAME NOT FOUND","Length: 144"
"19:17:46.4345312","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\netapi32.dll","NAME NOT FOUND","Desired Access: Read"
"19:17:46.4346784","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\Rpc\PagedBuffers","NAME NOT FOUND","Desired Access: Read"
"19:17:46.4347419","logger.exe","3388","RegQueryValue","HKLM\SOFTWARE\Microsoft\Rpc\MaxRpcSize","NAME NOT FOUND","Length: 144"
"19:17:46.4347905","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\logger.exe\RpcThreadPoolThrottle","NAME NOT FOUND","Desired Access: Read"
"19:17:46.4348813","logger.exe","3388","RegOpenKey","HKLM\Software\Policies\Microsoft\Windows NT\Rpc","NAME NOT FOUND","Desired Access: Read"
"19:17:46.4542457","logger.exe","3388","CreateFile","C:\Documents and Settings\%USER%\%Desktop%\cmd.exe","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"19:17:46.4728752","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer","NAME NOT FOUND","Desired Access: Query Value"
"19:17:46.4729537","logger.exe","3388","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoNetHood","NAME NOT FOUND","Length: 144"
"19:17:46.4730191","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer","NAME NOT FOUND","Desired Access: Query Value"
"19:17:46.4730822","logger.exe","3388","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoPropertiesMyComputer","NAME NOT FOUND","Length: 144"
"19:17:46.4731392","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer","NAME NOT FOUND","Desired Access: Query Value"
"19:17:46.4732007","logger.exe","3388","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoInternetIcon","NAME NOT FOUND","Length: 144"
"19:17:46.4733300","logger.exe","3388","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Applications\logger.exe","NAME NOT FOUND","Desired Access: Query Value, Enumerate Sub Keys"
"19:17:46.4897874","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer","NAME NOT FOUND","Desired Access: Query Value"
"19:17:46.4898561","logger.exe","3388","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoCommonGroups","NAME NOT FOUND","Length: 144"
"19:17:46.4984720","logger.exe","3388","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\{1f4de370-d627-11d1-ba4f-00a0c91eedba}\SuppressionPolicy","NAME NOT FOUND","Length: 144"
"19:17:46.4986078","logger.exe","3388","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\{450D8FBA-AD25-11D0-98A8-0800361B1103}\SuppressionPolicy","NAME NOT FOUND","Length: 144"
"19:17:46.4987391","logger.exe","3388","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\{645FF040-5081-101B-9F08-00AA002F954E}\SuppressionPolicy","NAME NOT FOUND","Length: 144"
"19:17:46.4988634","logger.exe","3388","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\{e17d4fc0-5564-11d1-83f2-00a0c90dc849}\SuppressionPolicy","NAME NOT FOUND","Length: 144"
"19:17:46.4989246","logger.exe","3388","RegEnumKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace","NO MORE ENTRIES","Index: 4, Length: 288"
"19:17:46.4989721","logger.exe","3388","RegOpenKey","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace","NAME NOT FOUND","Desired Access: Read"
"19:17:46.4992154","logger.exe","3388","RegOpenKey","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\000000000000d5c0\Desktop\NameSpace","NAME NOT FOUND","Desired Access: Read"
"19:17:46.4993906","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder","NAME NOT FOUND","Desired Access: Maximum Allowed"
"19:17:46.5026226","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder","NAME NOT FOUND","Desired Access: Maximum Allowed"
"19:17:46.5026583","logger.exe","3388","RegQueryValue","HKCR\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\WantsParseDisplayName","NAME NOT FOUND","Length: 144"
"19:17:46.5027418","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder","NAME NOT FOUND","Desired Access: Maximum Allowed"
"19:17:46.5165020","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder","NAME NOT FOUND","Desired Access: Maximum Allowed"
"19:17:46.5165369","logger.exe","3388","RegQueryValue","HKCR\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\WantsParseDisplayName","NAME NOT FOUND","Length: 144"
"19:17:46.5166190","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder","NAME NOT FOUND","Desired Access: Maximum Allowed"
"19:17:46.5219873","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder","NAME NOT FOUND","Desired Access: Maximum Allowed"
"19:17:46.5220918","logger.exe","3388","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Objects\{871C5380-42A0-1069-A2EA-08002B30309D}","NAME NOT FOUND","Desired Access: Query Value"
"19:17:46.5221745","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\InProcServer32","NAME NOT FOUND","Desired Access: Query Value"
"19:17:46.5222798","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\InProcServer32","NAME NOT FOUND","Desired Access: Maximum Allowed"
"19:17:46.5223860","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\InProcServer32","NAME NOT FOUND","Desired Access: Maximum Allowed"
"19:17:46.5224189","logger.exe","3388","RegQueryValue","HKCR\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\InProcServer32\LoadWithoutCOM","NAME NOT FOUND","Length: 144"
"19:17:46.5441468","logger.exe","3388","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Blocked\{871C5380-42A0-1069-A2EA-08002B30309D}","NAME NOT FOUND","Length: 144"
"19:17:46.5445536","logger.exe","3388","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Blocked\{871C5380-42A0-1069-A2EA-08002B30309D}","NAME NOT FOUND","Length: 144"
"19:17:46.5445840","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer","NAME NOT FOUND","Desired Access: Query Value"
"19:17:46.5446502","logger.exe","3388","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\EnforceShellExtensionSecurity","NAME NOT FOUND","Length: 144"
"19:17:46.5447522","logger.exe","3388","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{871C5380-42A0-1069-A2EA-08002B30309D} {000214E6-0000-0000-C000-000000000046} 0x401","NAME NOT FOUND","Length: 144"
"19:17:46.5800263","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\appHelp.dll","NAME NOT FOUND","Desired Access: Read"
"19:17:46.5801427","logger.exe","3388","RegQueryValue","HKLM\System\CurrentControlSet\Control\Session Manager\AppCompatibility\DisableAppCompat","NAME NOT FOUND","Length: 20"
"19:17:46.5823419","logger.exe","3388","RegOpenKey","HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers","NAME NOT FOUND","Desired Access: Read"
"19:17:46.5894571","logger.exe","3388","CreateFile","C:\Documents and Settings\%USER%\%Desktop%\CLBCATQ.DLL","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"19:17:46.5986286","logger.exe","3388","CreateFile","C:\Documents and Settings\%USER%\%Desktop%\COMRes.dll","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"19:17:46.7043879","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\COMRes.dll","NAME NOT FOUND","Desired Access: Read"
"19:17:46.7044488","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\OLEAUT32.dll","NAME NOT FOUND","Desired Access: Read"
"19:17:46.7050136","logger.exe","3388","RegOpenKey","HKLM\SOFTWARE\Microsoft\OLEAUT","NAME NOT FOUND","Desired Access: Query Value"
"19:17:46.7134725","logger.exe","3388","RegOpenKey","HKLM\SOFTWARE\Microsoft\OLEAUT\UserEra","NAME NOT FOUND","Desired Access: Query Value, Enumerate Sub Keys"
"19:17:46.7135022","logger.exe","3388","RegOpenKey","HKLM\SOFTWARE\Microsoft\OLEAUT","NAME NOT FOUND","Desired Access: Query Value"
"19:17:46.7135270","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CLBCATQ.DLL","NAME NOT FOUND","Desired Access: Read"
"19:17:46.7281141","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\COM3\Debug","NAME NOT FOUND","Desired Access: All Access"
"19:17:46.7281381","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\COM3\Debug","NAME NOT FOUND","Desired Access: Read"
"19:17:46.7282186","logger.exe","3388","RegQueryValue","HKLM\SOFTWARE\Microsoft\Ole\MinimumFreeMemPercentageToCreateProcess","NAME NOT FOUND","Length: 144"
"19:17:46.7282389","logger.exe","3388","RegQueryValue","HKLM\SOFTWARE\Microsoft\Ole\MinimumFreeMemPercentageToCreateObject","NAME NOT FOUND","Length: 144"
"19:17:46.7428361","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}","NAME NOT FOUND","Desired Access: Read"
"19:17:46.7429330","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\TreatAs","NAME NOT FOUND","Desired Access: Query Value"
"19:17:46.7429646","logger.exe","3388","RegOpenKey","HKCR\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\TreatAs","NAME NOT FOUND","Desired Access: Query Value"
"19:17:46.7430906","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}","NAME NOT FOUND","Desired Access: Read"
"19:17:46.7431772","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\InprocServer32","NAME NOT FOUND","Desired Access: Maximum Allowed"
"19:17:46.7432833","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\InProcServer32","NAME NOT FOUND","Desired Access: Maximum Allowed"
"19:17:46.7433171","logger.exe","3388","RegQueryValue","HKCR\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\InProcServer32\InprocServer32","NAME NOT FOUND","Length: 144"
"19:17:46.7434074","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\InprocServerX86","NAME NOT FOUND","Desired Access: Maximum Allowed"
"19:17:46.7434395","logger.exe","3388","RegOpenKey","HKCR\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\InprocServerX86","NAME NOT FOUND","Desired Access: Maximum Allowed"
"19:17:46.7434945","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\LocalServer32","NAME NOT FOUND","Desired Access: Maximum Allowed"
"19:17:46.7435258","logger.exe","3388","RegOpenKey","HKCR\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\LocalServer32","NAME NOT FOUND","Desired Access: Maximum Allowed"
"19:17:46.7435811","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\InprocServer32","NAME NOT FOUND","Desired Access: Maximum Allowed"
"19:17:46.7436792","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\InProcServer32","NAME NOT FOUND","Desired Access: Maximum Allowed"
"19:17:46.7438138","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\InprocHandler32","NAME NOT FOUND","Desired Access: Maximum Allowed"
"19:17:46.7438454","logger.exe","3388","RegOpenKey","HKCR\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\InprocHandler32","NAME NOT FOUND","Desired Access: Maximum Allowed"
"19:17:46.7439004","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\InprocHandlerX86","NAME NOT FOUND","Desired Access: Maximum Allowed"
"19:17:46.7439314","logger.exe","3388","RegOpenKey","HKCR\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\InprocHandlerX86","NAME NOT FOUND","Desired Access: Maximum Allowed"
"19:17:46.7439862","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\LocalServer32","NAME NOT FOUND","Desired Access: Maximum Allowed"
"19:17:46.7440166","logger.exe","3388","RegOpenKey","HKCR\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\LocalServer32","NAME NOT FOUND","Desired Access: Maximum Allowed"
"19:17:46.7440697","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\LocalServer","NAME NOT FOUND","Desired Access: Maximum Allowed"
"19:17:46.7440996","logger.exe","3388","RegOpenKey","HKCR\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\LocalServer","NAME NOT FOUND","Desired Access: Maximum Allowed"
"19:17:46.7441418","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}","NAME NOT FOUND","Desired Access: Read"
"19:17:46.7442245","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}","NAME NOT FOUND","Desired Access: Maximum Allowed"
"19:17:46.7442533","logger.exe","3388","RegQueryValue","HKCR\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\AppID","NAME NOT FOUND","Length: 144"
"19:17:46.7444106","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}","NAME NOT FOUND","Desired Access: Read"
"19:17:46.7445229","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}","NAME NOT FOUND","Desired Access: Read"
"19:17:46.7446067","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\InprocServer32","NAME NOT FOUND","Desired Access: Maximum Allowed"
"19:17:46.7447070","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\InProcServer32","NAME NOT FOUND","Desired Access: Maximum Allowed"
"19:17:46.7448788","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}","NAME NOT FOUND","Desired Access: Read"
"19:17:46.7449665","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\TreatAs","NAME NOT FOUND","Desired Access: Query Value"
"19:17:46.7449972","logger.exe","3388","RegOpenKey","HKCR\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\TreatAs","NAME NOT FOUND","Desired Access: Query Value"
"19:17:47.1890014","logger.exe","3388","RegOpenKey","HKCU\Software\Policies\Microsoft\Control Panel\Desktop","NAME NOT FOUND","Desired Access: Read"
"19:17:47.1890397","logger.exe","3388","RegQueryValue","HKCU\Control Panel\Desktop\MultiUILanguageId","NAME NOT FOUND","Length: 256"
"19:17:47.1892308","logger.exe","3388","CreateFile","C:\WINDOWS\system32\CRYPTUI.dll.2.Manifest","NAME NOT FOUND","Desired Access: Generic Read/Execute, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, AllocationSize: n/a"
"19:17:47.1895205","logger.exe","3388","CreateFile","C:\WINDOWS\system32\CRYPTUI.dll.2.Config","NAME NOT FOUND","Desired Access: Generic Read/Execute, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, AllocationSize: n/a"
"19:17:47.4379227","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MSASN1.dll","NAME NOT FOUND","Desired Access: Read"
"19:17:47.4428912","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CRYPT32.dll","NAME NOT FOUND","Desired Access: Read"
"19:17:47.4591983","logger.exe","3388","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Services\crypt32\Performance","NAME NOT FOUND","Desired Access: Read"
"19:17:47.4599054","logger.exe","3388","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\msasn1","NAME NOT FOUND","Desired Access: Read"
"19:17:47.4610176","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WININET.dll","NAME NOT FOUND","Desired Access: Read"
"19:17:47.4726978","logger.exe","3388","RegOpenKey","HKCU\Software\Policies\Microsoft\Control Panel\Desktop","NAME NOT FOUND","Desired Access: Read"
"19:17:47.4727344","logger.exe","3388","RegQueryValue","HKCU\Control Panel\Desktop\MultiUILanguageId","NAME NOT FOUND","Length: 256"
"19:17:47.4733666","logger.exe","3388","CreateFile","C:\WINDOWS\system32\WININET.dll.123.Manifest","NAME NOT FOUND","Desired Access: Generic Read/Execute, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, AllocationSize: n/a"
"19:17:47.4736560","logger.exe","3388","CreateFile","C:\WINDOWS\system32\WININET.dll.123.Config","NAME NOT FOUND","Desired Access: Generic Read/Execute, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, AllocationSize: n/a"
"19:17:47.4963762","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\Windows\CurrentVersion\SideBySide\AssemblyStorageRoots","NAME NOT FOUND","Desired Access: Enumerate Sub Keys"
"19:17:47.4966157","logger.exe","3388","CreateFile","C:\Documents and Settings\%USER%\%Desktop%\logger.exe.Local","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"19:17:47.4975549","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\IMAGEHLP.dll","NAME NOT FOUND","Desired Access: Read"
"19:17:47.4976532","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WINTRUST.dll","NAME NOT FOUND","Desired Access: Read"
"19:17:47.4977013","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WLDAP32.dll","NAME NOT FOUND","Desired Access: Read"
"19:17:47.4978063","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CRYPTUI.dll","NAME NOT FOUND","Desired Access: Read"
"19:17:47.4978722","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\Windows\CurrentVersion\SideBySide\AssemblyStorageRoots","NAME NOT FOUND","Desired Access: Enumerate Sub Keys"
"19:17:47.4980957","logger.exe","3388","CreateFile","C:\Documents and Settings\%USER%\%Desktop%\logger.exe.Local","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"19:17:47.4992322","logger.exe","3388","CreateFile","C:\Documents and Settings\%USER%\%Desktop%\RichEd20.dll","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"19:17:47.5280409","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RichEd20.dll","NAME NOT FOUND","Desired Access: Read"
"19:17:47.5318198","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\shdocvw.dll","NAME NOT FOUND","Desired Access: Read"
"19:17:47.5437029","logger.exe","3388","RegOpenKey","HKCU\Software\Policies\Microsoft\Control Panel\Desktop","NAME NOT FOUND","Desired Access: Read"
"19:17:47.5437602","logger.exe","3388","RegQueryValue","HKCU\Control Panel\Desktop\MultiUILanguageId","NAME NOT FOUND","Length: 256"
"19:17:47.5458093","logger.exe","3388","CreateFile","C:\WINDOWS\system32\shdocvw.dll.123.Manifest","NAME NOT FOUND","Desired Access: Generic Read/Execute, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, AllocationSize: n/a"
"19:17:47.5462896","logger.exe","3388","CreateFile","C:\WINDOWS\system32\shdocvw.dll.123.Config","NAME NOT FOUND","Desired Access: Generic Read/Execute, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, AllocationSize: n/a"
"19:17:47.5797122","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\Windows\CurrentVersion\SideBySide\AssemblyStorageRoots","NAME NOT FOUND","Desired Access: Enumerate Sub Keys"
"19:17:47.5800765","logger.exe","3388","CreateFile","C:\Documents and Settings\%USER%\%Desktop%\logger.exe.Local","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"19:17:47.5835052","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Performance","NAME NOT FOUND","Desired Access: Maximum Allowed"
"19:17:47.5857792","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\clsid\{c90250f3-4d7d-4991-9b69-a5c5bc1c2ae6}","NAME NOT FOUND","Desired Access: Query Value"
"19:17:47.5858013","logger.exe","3388","RegOpenKey","HKCR\clsid\{c90250f3-4d7d-4991-9b69-a5c5bc1c2ae6}","NAME NOT FOUND","Desired Access: Query Value"
"19:17:47.5858583","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\Interface\{EAB22AC1-30C1-11CF-A7EB-0000C05BAE0B}\Typelib","NAME NOT FOUND","Desired Access: Query Value"
"19:17:47.6128184","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\Interface\{EAB22AC1-30C1-11CF-A7EB-0000C05BAE0B}\TypeLib","NAME NOT FOUND","Desired Access: Maximum Allowed"
"19:17:47.6129592","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\Interface\{b722bccb-4e68-101b-a2bc-00aa00404770}\ProxyStubClsid32","NAME NOT FOUND","Desired Access: Query Value"
"19:17:47.6279754","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\Interface\{B722BCCB-4E68-101B-A2BC-00AA00404770}\ProxyStubClsid32","NAME NOT FOUND","Desired Access: Maximum Allowed"
"19:17:47.6281111","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\Interface\{79eac9c4-baf9-11ce-8c82-00aa004ba90b}\ProxyStubClsid32","NAME NOT FOUND","Desired Access: Query Value"
"19:17:47.6390787","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\Interface\{79EAC9C4-BAF9-11CE-8C82-00AA004BA90B}\ProxyStubClsid32","NAME NOT FOUND","Desired Access: Maximum Allowed"
"19:17:47.6392067","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\Interface\{000214E6-0000-0000-C000-000000000046}\ProxyStubClsid32","NAME NOT FOUND","Desired Access: Query Value"
"19:17:47.6496426","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\Interface\{000214E6-0000-0000-C000-000000000046}\ProxyStubClsid32","NAME NOT FOUND","Desired Access: Maximum Allowed"
"19:17:47.6497700","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\Interface\{93F2F68C-1D1B-11D3-A30E-00C04F79ABD1}\ProxyStubClsid32","NAME NOT FOUND","Desired Access: Query Value"
"19:17:47.8941011","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\Interface\{93F2F68C-1D1B-11D3-A30E-00C04F79ABD1}\ProxyStubClsid32","NAME NOT FOUND","Desired Access: Maximum Allowed"
"19:17:47.8942721","logger.exe","3388","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Objects\{871C5380-42A0-1069-A2EA-08002B30309D}","NAME NOT FOUND","Desired Access: Query Value"
"19:17:47.9144925","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{1F4DE370-D627-11D1-BA4F-00A0C91EEDBA}\ShellFolder","NAME NOT FOUND","Desired Access: Maximum Allowed"
"19:17:47.9279367","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{1f4de370-d627-11d1-ba4f-00a0c91eedba}\ShellFolder","NAME NOT FOUND","Desired Access: Maximum Allowed"
"19:17:47.9279582","logger.exe","3388","RegQueryValue","HKCR\CLSID\{1f4de370-d627-11d1-ba4f-00a0c91eedba}\ShellFolder\WantsParseDisplayName","NAME NOT FOUND","Length: 144"
"19:17:47.9280124","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{450D8FBA-AD25-11D0-98A8-0800361B1103}\ShellFolder","NAME NOT FOUND","Desired Access: Maximum Allowed"
"19:17:47.9321699","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{450D8FBA-AD25-11D0-98A8-0800361B1103}\ShellFolder","NAME NOT FOUND","Desired Access: Maximum Allowed"
"19:17:47.9321906","logger.exe","3388","RegQueryValue","HKCR\CLSID\{450D8FBA-AD25-11D0-98A8-0800361B1103}\ShellFolder\WantsParseDisplayName","NAME NOT FOUND","Length: 144"
"19:17:47.9322417","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\ShellFolder","NAME NOT FOUND","Desired Access: Maximum Allowed"
"19:17:47.9445779","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\ShellFolder","NAME NOT FOUND","Desired Access: Maximum Allowed"
"19:17:47.9445988","logger.exe","3388","RegQueryValue","HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\ShellFolder\WantsParseDisplayName","NAME NOT FOUND","Length: 144"
"19:17:47.9446480","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{E17D4FC0-5564-11D1-83F2-00A0C90DC849}\ShellFolder","NAME NOT FOUND","Desired Access: Maximum Allowed"
"19:17:47.9481982","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{e17d4fc0-5564-11d1-83f2-00a0c90dc849}\ShellFolder","NAME NOT FOUND","Desired Access: Maximum Allowed"
"19:17:47.9482189","logger.exe","3388","RegQueryValue","HKCR\CLSID\{e17d4fc0-5564-11d1-83f2-00a0c90dc849}\ShellFolder\WantsParseDisplayName","NAME NOT FOUND","Length: 144"
"19:17:47.9483292","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{AEB6717E-7E19-11D0-97EE-00C04FD91972}\InProcServer32","NAME NOT FOUND","Desired Access: Query Value"
"19:17:47.9483868","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\InProcServer32","NAME NOT FOUND","Desired Access: Maximum Allowed"
"19:17:47.9484404","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\InProcServer32","NAME NOT FOUND","Desired Access: Maximum Allowed"
"19:17:47.9484594","logger.exe","3388","RegQueryValue","HKCR\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\InProcServer32\LoadWithoutCOM","NAME NOT FOUND","Length: 144"
"19:17:47.9484918","logger.exe","3388","RegEnumValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks","NO MORE ENTRIES","Index: 1, Length: 220"
"19:17:47.9610088","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\cmd.exe","NAME NOT FOUND","Desired Access: Query Value"
"19:17:47.9901949","logger.exe","3388","CreateFile","C:\Documents and Settings\%USER%\%Desktop%\cmd.exe","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"19:17:47.9968421","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Associations","NAME NOT FOUND","Desired Access: Query Value"
"19:17:47.9968616","logger.exe","3388","RegOpenKey","HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Associations","NAME NOT FOUND","Desired Access: Query Value"
"19:17:47.9968837","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Associations","NAME NOT FOUND","Desired Access: Query Value"
"19:17:47.9968979","logger.exe","3388","RegOpenKey","HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Associations","NAME NOT FOUND","Desired Access: Query Value"
"19:17:47.9969178","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Associations","NAME NOT FOUND","Desired Access: Query Value"
"19:17:47.9969318","logger.exe","3388","RegOpenKey","HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Associations","NAME NOT FOUND","Desired Access: Query Value"
"19:17:47.9969507","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Associations","NAME NOT FOUND","Desired Access: Query Value"
"19:17:47.9969647","logger.exe","3388","RegOpenKey","HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Associations","NAME NOT FOUND","Desired Access: Query Value"
"19:17:47.9969932","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\.exe","NAME NOT FOUND","Desired Access: Query Value"
"19:17:47.9970455","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\.exe","NAME NOT FOUND","Desired Access: Maximum Allowed"
"19:17:47.9971052","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\.ade","NAME NOT FOUND","Desired Access: Query Value"
"19:17:47.9971142","logger.exe","3388","RegOpenKey","HKCR\.ade","NAME NOT FOUND","Desired Access: Query Value"
"19:17:47.9971396","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\.adp","NAME NOT FOUND","Desired Access: Query Value"
"19:17:47.9971483","logger.exe","3388","RegOpenKey","HKCR\.adp","NAME NOT FOUND","Desired Access: Query Value"
"19:17:47.9971734","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\.app","NAME NOT FOUND","Desired Access: Query Value"
"19:17:47.9971818","logger.exe","3388","RegOpenKey","HKCR\.app","NAME NOT FOUND","Desired Access: Query Value"
"19:17:47.9972064","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\.asp","NAME NOT FOUND","Desired Access: Query Value"
"19:17:47.9972516","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\.asp","NAME NOT FOUND","Desired Access: Maximum Allowed"
"19:17:47.9973072","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\.bas","NAME NOT FOUND","Desired Access: Query Value"
"19:17:47.9973156","logger.exe","3388","RegOpenKey","HKCR\.bas","NAME NOT FOUND","Desired Access: Query Value"
"19:17:47.9973407","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\.bat","NAME NOT FOUND","Desired Access: Query Value"
"19:17:47.9973852","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\.bat","NAME NOT FOUND","Desired Access: Maximum Allowed"
"19:17:47.9974394","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\.cer","NAME NOT FOUND","Desired Access: Query Value"
"19:17:47.9974832","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\.cer","NAME NOT FOUND","Desired Access: Maximum Allowed"
"19:17:47.9975377","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\.chm","NAME NOT FOUND","Desired Access: Query Value"
"19:17:47.9975818","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\.chm","NAME NOT FOUND","Desired Access: Maximum Allowed"
"19:17:47.9976369","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\.cmd","NAME NOT FOUND","Desired Access: Query Value"
"19:17:47.9976802","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\.cmd","NAME NOT FOUND","Desired Access: Maximum Allowed"
"19:17:47.9977341","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\.com","NAME NOT FOUND","Desired Access: Query Value"
"19:17:47.9977768","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\.com","NAME NOT FOUND","Desired Access: Maximum Allowed"
"19:17:47.9978307","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\.cpl","NAME NOT FOUND","Desired Access: Query Value"
"19:17:47.9978746","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\.cpl","NAME NOT FOUND","Desired Access: Maximum Allowed"
"19:17:47.9979288","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\.crt","NAME NOT FOUND","Desired Access: Query Value"
"19:17:47.9979721","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\.crt","NAME NOT FOUND","Desired Access: Maximum Allowed"
"19:17:47.9980257","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\.csh","NAME NOT FOUND","Desired Access: Query Value"
"19:17:47.9980341","logger.exe","3388","RegOpenKey","HKCR\.csh","NAME NOT FOUND","Desired Access: Query Value"
"19:17:47.9982319","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}","NAME NOT FOUND","Desired Access: Read"
"19:17:48.0016860","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{7b8a2d94-0ac9-11d1-896c-00c04Fb6bfc4}\TreatAs","NAME NOT FOUND","Desired Access: Query Value"
"19:17:48.0017064","logger.exe","3388","RegOpenKey","HKCR\CLSID\{7b8a2d94-0ac9-11d1-896c-00c04Fb6bfc4}\TreatAs","NAME NOT FOUND","Desired Access: Query Value"
"19:17:48.0017796","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}","NAME NOT FOUND","Desired Access: Read"
"19:17:48.0018296","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{7b8a2d94-0ac9-11d1-896c-00c04Fb6bfc4}\InprocServer32","NAME NOT FOUND","Desired Access: Maximum Allowed"
"19:17:48.0018905","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{7b8a2d94-0ac9-11d1-896c-00c04Fb6bfc4}\InprocServer32","NAME NOT FOUND","Desired Access: Maximum Allowed"
"19:17:48.0019103","logger.exe","3388","RegQueryValue","HKCR\CLSID\{7b8a2d94-0ac9-11d1-896c-00c04Fb6bfc4}\InprocServer32\InprocServer32","NAME NOT FOUND","Length: 144"
"19:17:48.0019600","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{7b8a2d94-0ac9-11d1-896c-00c04Fb6bfc4}\InprocServerX86","NAME NOT FOUND","Desired Access: Maximum Allowed"
"19:17:48.0019788","logger.exe","3388","RegOpenKey","HKCR\CLSID\{7b8a2d94-0ac9-11d1-896c-00c04Fb6bfc4}\InprocServerX86","NAME NOT FOUND","Desired Access: Maximum Allowed"
"19:17:48.0020109","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{7b8a2d94-0ac9-11d1-896c-00c04Fb6bfc4}\LocalServer32","NAME NOT FOUND","Desired Access: Maximum Allowed"
"19:17:48.0020296","logger.exe","3388","RegOpenKey","HKCR\CLSID\{7b8a2d94-0ac9-11d1-896c-00c04Fb6bfc4}\LocalServer32","NAME NOT FOUND","Desired Access: Maximum Allowed"
"19:17:48.0020615","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{7b8a2d94-0ac9-11d1-896c-00c04Fb6bfc4}\InprocServer32","NAME NOT FOUND","Desired Access: Maximum Allowed"
"19:17:48.0021179","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{7b8a2d94-0ac9-11d1-896c-00c04Fb6bfc4}\InprocServer32","NAME NOT FOUND","Desired Access: Maximum Allowed"
"19:17:48.0021902","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{7b8a2d94-0ac9-11d1-896c-00c04Fb6bfc4}\InprocHandler32","NAME NOT FOUND","Desired Access: Maximum Allowed"
"19:17:48.0022092","logger.exe","3388","RegOpenKey","HKCR\CLSID\{7b8a2d94-0ac9-11d1-896c-00c04Fb6bfc4}\InprocHandler32","NAME NOT FOUND","Desired Access: Maximum Allowed"
"19:17:48.0022411","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{7b8a2d94-0ac9-11d1-896c-00c04Fb6bfc4}\InprocHandlerX86","NAME NOT FOUND","Desired Access: Maximum Allowed"
"19:17:48.0022598","logger.exe","3388","RegOpenKey","HKCR\CLSID\{7b8a2d94-0ac9-11d1-896c-00c04Fb6bfc4}\InprocHandlerX86","NAME NOT FOUND","Desired Access: Maximum Allowed"
"19:17:48.0022917","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{7b8a2d94-0ac9-11d1-896c-00c04Fb6bfc4}\LocalServer32","NAME NOT FOUND","Desired Access: Maximum Allowed"
"19:17:48.0023101","logger.exe","3388","RegOpenKey","HKCR\CLSID\{7b8a2d94-0ac9-11d1-896c-00c04Fb6bfc4}\LocalServer32","NAME NOT FOUND","Desired Access: Maximum Allowed"
"19:17:48.0023414","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{7b8a2d94-0ac9-11d1-896c-00c04Fb6bfc4}\LocalServer","NAME NOT FOUND","Desired Access: Maximum Allowed"
"19:17:48.0023601","logger.exe","3388","RegOpenKey","HKCR\CLSID\{7b8a2d94-0ac9-11d1-896c-00c04Fb6bfc4}\LocalServer","NAME NOT FOUND","Desired Access: Maximum Allowed"
"19:17:48.0023852","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}","NAME NOT FOUND","Desired Access: Read"
"19:17:48.0024336","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{7b8a2d94-0ac9-11d1-896c-00c04Fb6bfc4}","NAME NOT FOUND","Desired Access: Maximum Allowed"
"19:17:48.0024503","logger.exe","3388","RegQueryValue","HKCR\CLSID\{7b8a2d94-0ac9-11d1-896c-00c04Fb6bfc4}\AppID","NAME NOT FOUND","Length: 144"
"19:17:48.0053345","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}","NAME NOT FOUND","Desired Access: Read"
"19:17:48.0053884","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{7b8a2d94-0ac9-11d1-896c-00c04Fb6bfc4}\InprocServer32","NAME NOT FOUND","Desired Access: Maximum Allowed"
"19:17:48.0054471","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{7b8a2d94-0ac9-11d1-896c-00c04Fb6bfc4}\InprocServer32","NAME NOT FOUND","Desired Access: Maximum Allowed"
"19:17:48.0055390","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}","NAME NOT FOUND","Desired Access: Read"
"19:17:48.0055898","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{7b8a2d94-0ac9-11d1-896c-00c04Fb6bfc4}\TreatAs","NAME NOT FOUND","Desired Access: Query Value"
"19:17:48.0056074","logger.exe","3388","RegOpenKey","HKCR\CLSID\{7b8a2d94-0ac9-11d1-896c-00c04Fb6bfc4}\TreatAs","NAME NOT FOUND","Desired Access: Query Value"
"19:17:48.1235735","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\urlmon.dll","NAME NOT FOUND","Desired Access: Read"
"19:17:48.1399835","logger.exe","3388","RegOpenKey","HKCU\Software\Policies\Microsoft\Control Panel\Desktop","NAME NOT FOUND","Desired Access: Read"
"19:17:48.1400195","logger.exe","3388","RegQueryValue","HKCU\Control Panel\Desktop\MultiUILanguageId","NAME NOT FOUND","Length: 256"
"19:17:48.1406928","logger.exe","3388","CreateFile","C:\WINDOWS\system32\urlmon.dll.123.Manifest","NAME NOT FOUND","Desired Access: Generic Read/Execute, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, AllocationSize: n/a"
"19:17:48.1414345","logger.exe","3388","CreateFile","C:\WINDOWS\system32\urlmon.dll.123.Config","NAME NOT FOUND","Desired Access: Generic Read/Execute, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, AllocationSize: n/a"
"19:17:48.1619555","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\Windows\CurrentVersion\SideBySide\AssemblyStorageRoots","NAME NOT FOUND","Desired Access: Enumerate Sub Keys"
"19:17:48.1621812","logger.exe","3388","CreateFile","C:\Documents and Settings\%USER%\%Desktop%\logger.exe.Local","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"19:17:48.1650908","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\PROTOCOLS\Name-Space Handler\","NAME NOT FOUND","Desired Access: Maximum Allowed"
"19:17:48.1803517","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\PROTOCOLS\Name-Space Handler","NAME NOT FOUND","Desired Access: Maximum Allowed"
"19:17:48.1803956","logger.exe","3388","RegEnumKey","HKCR\PROTOCOLS\Name-Space Handler","NO MORE ENTRIES","Index: 1, Length: 288"
"19:17:48.1804375","logger.exe","3388","RegOpenKey","HKCU\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings","NAME NOT FOUND","Desired Access: Query Value"
"19:17:48.1804573","logger.exe","3388","RegOpenKey","HKCU\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings","NAME NOT FOUND","Desired Access: Query Value"
"19:17:48.1804995","logger.exe","3388","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\DisableImprovedZoneCheck","NAME NOT FOUND","Length: 144"
"19:17:48.1805411","logger.exe","3388","RegOpenKey","HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\","NAME NOT FOUND","Desired Access: Query Value"
"19:17:48.1805696","logger.exe","3388","RegOpenKey","HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\","NAME NOT FOUND","Desired Access: Read"
"19:17:48.1805883","logger.exe","3388","RegOpenKey","HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\","NAME NOT FOUND","Desired Access: Read"
"19:17:48.1806084","logger.exe","3388","RegOpenKey","HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\","NAME NOT FOUND","Desired Access: Read"
"19:17:48.1806249","logger.exe","3388","RegOpenKey","HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\","NAME NOT FOUND","Desired Access: Read"
"19:17:48.1806462","logger.exe","3388","RegOpenKey","HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings","NAME NOT FOUND","Desired Access: Query Value"
"19:17:48.1806596","logger.exe","3388","RegOpenKey","HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl","NAME NOT FOUND","Desired Access: Query Value"
"19:17:48.1806758","logger.exe","3388","RegOpenKey","HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl","NAME NOT FOUND","Desired Access: Query Value"
"19:17:48.1807118","logger.exe","3388","RegOpenKey","HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl","NAME NOT FOUND","Desired Access: Query Value"
"19:17:48.1963116","logger.exe","3388","RegQueryValue","HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_OBJECT_CACHING\logger.exe","NAME NOT FOUND","Length: 144"
"19:17:48.1963280","logger.exe","3388","RegQueryValue","HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_OBJECT_CACHING\*","NAME NOT FOUND","Length: 144"
"19:17:48.1963892","logger.exe","3388","RegQueryValue","HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION\logger.exe","NAME NOT FOUND","Length: 144"
"19:17:48.1964057","logger.exe","3388","RegQueryValue","HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION\*","NAME NOT FOUND","Length: 144"
"19:17:48.1964627","logger.exe","3388","RegQueryValue","HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING\logger.exe","NAME NOT FOUND","Length: 144"
"19:17:48.1964789","logger.exe","3388","RegQueryValue","HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING\*","NAME NOT FOUND","Length: 144"
"19:17:48.1965348","logger.exe","3388","RegQueryValue","HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_SNIFFING\logger.exe","NAME NOT FOUND","Length: 144"
"19:17:48.1965504","logger.exe","3388","RegQueryValue","HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_SNIFFING\*","NAME NOT FOUND","Length: 144"
"19:17:48.1966071","logger.exe","3388","RegQueryValue","HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS\logger.exe","NAME NOT FOUND","Length: 144"
"19:17:48.1966242","logger.exe","3388","RegQueryValue","HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS\*","NAME NOT FOUND","Length: 144"
"19:17:48.1966795","logger.exe","3388","RegQueryValue","HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WEBOC_POPUPMANAGEMENT\logger.exe","NAME NOT FOUND","Length: 144"
"19:17:48.1966965","logger.exe","3388","RegQueryValue","HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WEBOC_POPUPMANAGEMENT\*","NAME NOT FOUND","Length: 144"
"19:17:48.1967502","logger.exe","3388","RegQueryValue","HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BEHAVIORS\logger.exe","NAME NOT FOUND","Length: 144"
"19:17:48.1968236","logger.exe","3388","RegQueryValue","HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_MK_PROTOCOL\logger.exe","NAME NOT FOUND","Length: 144"
"19:17:48.1968993","logger.exe","3388","RegQueryValue","HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN\logger.exe","NAME NOT FOUND","Length: 144"
"19:17:48.1969164","logger.exe","3388","RegQueryValue","HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN\*","NAME NOT FOUND","Length: 144"
"19:17:48.1969471","logger.exe","3388","RegOpenKey","HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITYBAND","NAME NOT FOUND","Desired Access: Query Value"
"19:17:48.1969622","logger.exe","3388","RegOpenKey","HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ACTIVEXINSTALL","NAME NOT FOUND","Desired Access: Query Value"
"19:17:48.1969759","logger.exe","3388","RegOpenKey","HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_VALIDATE_NAVIGATE_URL","NAME NOT FOUND","Desired Access: Query Value"
"19:17:48.1969899","logger.exe","3388","RegOpenKey","HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD","NAME NOT FOUND","Desired Access: Query Value"
"19:17:48.1970035","logger.exe","3388","RegOpenKey","HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ADDON_MANAGEMENT","NAME NOT FOUND","Desired Access: Query Value"
"19:17:48.1970413","logger.exe","3388","RegQueryValue","HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_PROTOCOL_LOCKDOWN\logger.exe","NAME NOT FOUND","Length: 144"
"19:17:48.1970566","logger.exe","3388","RegQueryValue","HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_PROTOCOL_LOCKDOWN\*","NAME NOT FOUND","Length: 144"
"19:17:48.1970871","logger.exe","3388","RegOpenKey","HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE","NAME NOT FOUND","Desired Access: Query Value"
"19:17:48.1971256","logger.exe","3388","RegQueryValue","HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SAFE_BINDTOOBJECT\logger.exe","NAME NOT FOUND","Length: 144"
"19:17:48.1971407","logger.exe","3388","RegQueryValue","HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SAFE_BINDTOOBJECT\*","NAME NOT FOUND","Length: 144"
"19:17:48.1971712","logger.exe","3388","RegOpenKey","HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_UNC_SAVEDFILECHECK","NAME NOT FOUND","Desired Access: Query Value"
"19:17:48.1971857","logger.exe","3388","RegOpenKey","HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_GET_URL_DOM_FILEPATH_UNENCODED","NAME NOT FOUND","Desired Access: Query Value"
"19:17:48.1972835","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}\InProcServer32","NAME NOT FOUND","Desired Access: Query Value"
"19:17:48.1973449","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{7b8a2d94-0ac9-11d1-896c-00c04Fb6bfc4}\InprocServer32","NAME NOT FOUND","Desired Access: Maximum Allowed"
"19:17:48.2004045","logger.exe","3388","RegOpenKey","HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\","NAME NOT FOUND","Desired Access: Read"
"19:17:48.2004210","logger.exe","3388","RegOpenKey","HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\","NAME NOT FOUND","Desired Access: Read"
"19:17:48.2338574","logger.exe","3388","RegOpenKey","HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\","NAME NOT FOUND","Desired Access: Read"
"19:17:48.2338775","logger.exe","3388","RegOpenKey","HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\","NAME NOT FOUND","Desired Access: Read"
"19:17:48.2338993","logger.exe","3388","RegOpenKey","HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\","NAME NOT FOUND","Desired Access: Read"
"19:17:48.2339147","logger.exe","3388","RegOpenKey","HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\","NAME NOT FOUND","Desired Access: Read"
"19:17:48.2340116","logger.exe","3388","RegOpenKey","HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0","NAME NOT FOUND","Desired Access: Read"
"19:17:48.2340275","logger.exe","3388","RegOpenKey","HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0","NAME NOT FOUND","Desired Access: Read"
"19:17:48.2341868","logger.exe","3388","RegOpenKey","HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1","NAME NOT FOUND","Desired Access: Read"
"19:17:48.2342030","logger.exe","3388","RegOpenKey","HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1","NAME NOT FOUND","Desired Access: Read"
"19:17:48.2344748","logger.exe","3388","RegOpenKey","HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2","NAME NOT FOUND","Desired Access: Read"
"19:17:48.2344913","logger.exe","3388","RegOpenKey","HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2","NAME NOT FOUND","Desired Access: Read"
"19:17:48.2346413","logger.exe","3388","RegOpenKey","HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3","NAME NOT FOUND","Desired Access: Read"
"19:17:48.2346575","logger.exe","3388","RegOpenKey","HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3","NAME NOT FOUND","Desired Access: Read"
"19:17:48.2348072","logger.exe","3388","RegOpenKey","HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4","NAME NOT FOUND","Desired Access: Read"
"19:17:48.2348237","logger.exe","3388","RegOpenKey","HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4","NAME NOT FOUND","Desired Access: Read"
"19:17:48.2349293","logger.exe","3388","RegEnumKey","HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones","NO MORE ENTRIES","Index: 5, Length: 288"
"19:17:48.2349707","logger.exe","3388","RegOpenKey","HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\","NAME NOT FOUND","Desired Access: Read"
"19:17:48.2349871","logger.exe","3388","RegOpenKey","HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\","NAME NOT FOUND","Desired Access: Read"
"19:17:48.2350061","logger.exe","3388","RegOpenKey","HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\","NAME NOT FOUND","Desired Access: Read"
"19:17:48.2350218","logger.exe","3388","RegOpenKey","HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\","NAME NOT FOUND","Desired Access: Read"
"19:17:48.2351103","logger.exe","3388","RegOpenKey","HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0","NAME NOT FOUND","Desired Access: Read"
"19:17:48.2351274","logger.exe","3388","RegOpenKey","HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0","NAME NOT FOUND","Desired Access: Read"
"19:17:48.2355235","logger.exe","3388","RegOpenKey","HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1","NAME NOT FOUND","Desired Access: Read"
"19:17:48.2355403","logger.exe","3388","RegOpenKey","HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1","NAME NOT FOUND","Desired Access: Read"
"19:17:48.2357976","logger.exe","3388","RegOpenKey","HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2","NAME NOT FOUND","Desired Access: Read"
"19:17:48.2358143","logger.exe","3388","RegOpenKey","HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2","NAME NOT FOUND","Desired Access: Read"
"19:17:48.2361306","logger.exe","3388","RegOpenKey","HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3","NAME NOT FOUND","Desired Access: Read"
"19:17:48.2361474","logger.exe","3388","RegOpenKey","HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3","NAME NOT FOUND","Desired Access: Read"
"19:17:48.2363063","logger.exe","3388","RegOpenKey","HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4","NAME NOT FOUND","Desired Access: Read"
"19:17:48.2363231","logger.exe","3388","RegOpenKey","HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4","NAME NOT FOUND","Desired Access: Read"
"19:17:48.2364309","logger.exe","3388","RegEnumKey","HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones","NO MORE ENTRIES","Index: 5, Length: 288"
"19:17:48.2366220","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\PROTOCOLS\Name-Space Handler\","NAME NOT FOUND","Desired Access: Read"
"19:17:48.2366706","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\PROTOCOLS\Name-Space Handler\C\","NAME NOT FOUND","Desired Access: Read"
"19:17:48.2366804","logger.exe","3388","RegOpenKey","HKCR\PROTOCOLS\Name-Space Handler\C","NAME NOT FOUND","Desired Access: Read"
"19:17:48.2367086","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\PROTOCOLS\Name-Space Handler\*\","NAME NOT FOUND","Desired Access: Read"
"19:17:48.2367178","logger.exe","3388","RegOpenKey","HKCR\PROTOCOLS\Name-Space Handler\*","NAME NOT FOUND","Desired Access: Read"
"19:17:48.2367620","logger.exe","3388","RegOpenKey","HKCU\SOFTWARE\Classes\PROTOCOLS\Handler\C","NAME NOT FOUND","Desired Access: Query Value"
"19:17:48.2367846","logger.exe","3388","RegOpenKey","HKCR\PROTOCOLS\Handler\C","NAME NOT FOUND","Desired Access: Query Value"
"19:17:48.2368067","logger.exe","3388","RegOpenKey","HKCU\SOFTWARE\Classes\PROTOCOLS\Handler\C","NAME NOT FOUND","Desired Access: Query Value"
"19:17:48.2368256","logger.exe","3388","RegOpenKey","HKCR\PROTOCOLS\Handler\C","NAME NOT FOUND","Desired Access: Query Value"
"19:17:48.2515990","logger.exe","3388","CreateFile","C:\WINDOWS\system32\cmd.exe:Zone.Identifier","NAME INVALID","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"19:17:48.2517954","logger.exe","3388","RegOpenKey","HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings","NAME NOT FOUND","Desired Access: Query Value"
"19:17:48.2518128","logger.exe","3388","RegOpenKey","HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl","NAME NOT FOUND","Desired Access: Query Value"
"19:17:48.2518284","logger.exe","3388","RegOpenKey","HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl","NAME NOT FOUND","Desired Access: Query Value"
"19:17:48.2518644","logger.exe","3388","RegOpenKey","HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl","NAME NOT FOUND","Desired Access: Query Value"
"19:17:48.2518859","logger.exe","3388","RegOpenKey","HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESPECT_OBJECTSAFETY_POLICY_KB905547","NAME NOT FOUND","Desired Access: Query Value"
"19:17:48.2520795","logger.exe","3388","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Objects\{20D04FE0-3AEA-1069-A2D8-08002B30309D}","NAME NOT FOUND","Desired Access: Query Value"
"19:17:48.2521145","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer","NAME NOT FOUND","Desired Access: Query Value"
"19:17:48.2521550","logger.exe","3388","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoControlPanel","NAME NOT FOUND","Length: 144"
"19:17:48.2521913","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer","NAME NOT FOUND","Desired Access: Query Value"
"19:17:48.2522282","logger.exe","3388","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetFolders","NAME NOT FOUND","Length: 144"
"19:17:48.2522919","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32","NAME NOT FOUND","Desired Access: Query Value"
"19:17:48.2523584","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32","NAME NOT FOUND","Desired Access: Maximum Allowed"
"19:17:48.2536144","logger.exe","3388","CreateFile","C:\Documents and Settings\%USER%\%Desktop%\SETUPAPI.dll","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"19:17:48.2830578","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SETUPAPI.dll","NAME NOT FOUND","Desired Access: Read"
"19:17:48.5507069","logger.exe","3388","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Control\MiniNT","NAME NOT FOUND","Desired Access: All Access"
"19:17:48.5707131","logger.exe","3388","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\ServicePackCachePath","NAME NOT FOUND","Length: 144"
"19:17:48.5710248","logger.exe","3388","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\LogLevel","NAME NOT FOUND","Length: 144"
"19:17:48.5710455","logger.exe","3388","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\LogPath","NAME NOT FOUND","Length: 144"
"19:17:48.5710651","logger.exe","3388","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\AppLogLevels","NAME NOT FOUND","Desired Access: Query Value"
"19:17:48.5891623","logger.exe","3388","RegOpenKey","HKLM\Software\Policies\Microsoft\System\DNSclient","NAME NOT FOUND","Desired Access: Read"
"19:17:48.6078496","logger.exe","3388","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{18dc298f-c791-11e2-91fd-0012f0e93e3e}\Data","BUFFER OVERFLOW","Length: 144"
"19:17:48.6085933","logger.exe","3388","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{11948642-10a9-11e2-95b6-806d6172696f}\Data","BUFFER OVERFLOW","Length: 144"
"19:17:48.6099999","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\Drive\shellex\FolderExtensions","NAME NOT FOUND","Desired Access: Enumerate Sub Keys"
"19:17:48.6101005","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\Drive\shellex\FolderExtensions","NAME NOT FOUND","Desired Access: Maximum Allowed"
"19:17:48.6101773","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\Drive\shellex\FolderExtensions\{fbeb8a05-beee-4442-804e-409d6c4515e9}","NAME NOT FOUND","Desired Access: Query Value"
"19:17:48.6102737","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\Drive\shellex\FolderExtensions\{fbeb8a05-beee-4442-804e-409d6c4515e9}","NAME NOT FOUND","Desired Access: Maximum Allowed"
"19:17:48.6103670","logger.exe","3388","RegEnumKey","HKCR\Drive\shellex\FolderExtensions","NO MORE ENTRIES","Index: 1, Length: 288"
"19:17:48.6142303","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\Directory","NAME NOT FOUND","Desired Access: Maximum Allowed"
"19:17:48.6143253","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\Directory\CurVer","NAME NOT FOUND","Desired Access: Query Value"
"19:17:48.6143535","logger.exe","3388","RegOpenKey","HKCR\Directory\CurVer","NAME NOT FOUND","Desired Access: Query Value"
"19:17:48.6144069","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\Directory","NAME NOT FOUND","Desired Access: Maximum Allowed"
"19:17:48.6145061","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer","NAME NOT FOUND","Desired Access: Query Value"
"19:17:48.6145742","logger.exe","3388","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DontShowSuperHidden","NAME NOT FOUND","Length: 144"
"19:17:48.6147572","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer","NAME NOT FOUND","Desired Access: Query Value"
"19:17:48.6148212","logger.exe","3388","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\ForceActiveDesktopOn","NAME NOT FOUND","Length: 144"
"19:17:48.6148787","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer","NAME NOT FOUND","Desired Access: Query Value"
"19:17:48.6149402","logger.exe","3388","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktop","NAME NOT FOUND","Length: 144"
"19:17:48.6150014","logger.exe","3388","RegOpenKey","HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System","NAME NOT FOUND","Desired Access: Query Value"
"19:17:48.6150360","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer","NAME NOT FOUND","Desired Access: Query Value"
"19:17:48.6150969","logger.exe","3388","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoWebView","NAME NOT FOUND","Length: 144"
"19:17:48.6151542","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer","NAME NOT FOUND","Desired Access: Query Value"
"19:17:48.6152156","logger.exe","3388","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\ClassicShell","NAME NOT FOUND","Length: 144"
"19:17:48.6152765","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer","NAME NOT FOUND","Desired Access: Query Value"
"19:17:48.6153369","logger.exe","3388","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\SeparateProcess","NAME NOT FOUND","Length: 144"
"19:17:48.6153936","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer","NAME NOT FOUND","Desired Access: Query Value"
"19:17:48.6154545","logger.exe","3388","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoNetCrawling","NAME NOT FOUND","Length: 144"
"19:17:48.6155112","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer","NAME NOT FOUND","Desired Access: Query Value"
"19:17:48.6155727","logger.exe","3388","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSimpleStartMenu","NAME NOT FOUND","Length: 144"
"19:17:48.6277656","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\Directory\ShellEx\IconHandler","NAME NOT FOUND","Desired Access: Query Value"
"19:17:48.6277971","logger.exe","3388","RegOpenKey","HKCR\Directory\ShellEx\IconHandler","NAME NOT FOUND","Desired Access: Query Value"
"19:17:48.6278561","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\Directory","NAME NOT FOUND","Desired Access: Maximum Allowed"
"19:17:48.6278826","logger.exe","3388","RegQueryValue","HKCR\Directory\DocObject","NAME NOT FOUND","Length: 144"
"19:17:48.6279332","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\Directory","NAME NOT FOUND","Desired Access: Maximum Allowed"
"19:17:48.6279589","logger.exe","3388","RegQueryValue","HKCR\Directory\BrowseInPlace","NAME NOT FOUND","Length: 144"
"19:17:48.6280094","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\Directory\Clsid","NAME NOT FOUND","Desired Access: Query Value"
"19:17:48.6280360","logger.exe","3388","RegOpenKey","HKCR\Directory\Clsid","NAME NOT FOUND","Desired Access: Query Value"
"19:17:48.6280860","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\Folder","NAME NOT FOUND","Desired Access: Maximum Allowed"
"19:17:48.6281740","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\Folder\Clsid","NAME NOT FOUND","Desired Access: Query Value"
"19:17:48.6282011","logger.exe","3388","RegOpenKey","HKCR\Folder\Clsid","NAME NOT FOUND","Desired Access: Query Value"
"19:17:48.6282550","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\Directory","NAME NOT FOUND","Desired Access: Maximum Allowed"
"19:17:48.6282810","logger.exe","3388","RegQueryValue","HKCR\Directory\IsShortcut","NAME NOT FOUND","Length: 144"
"19:17:48.6283304","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\Directory","NAME NOT FOUND","Desired Access: Maximum Allowed"
"19:17:48.6284061","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\Directory","NAME NOT FOUND","Desired Access: Maximum Allowed"
"19:17:48.6284316","logger.exe","3388","RegQueryValue","HKCR\Directory\NeverShowExt","NAME NOT FOUND","Length: 144"
"19:17:48.6297611","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer","NAME NOT FOUND","Desired Access: Query Value"
"19:17:48.6298326","logger.exe","3388","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\AllowFileCLSIDJunctions","NAME NOT FOUND","Length: 144"
"19:17:48.6300279","logger.exe","3388","RegOpenKey","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.exe","NAME NOT FOUND","Desired Access: Maximum Allowed"
"19:17:48.6300564","logger.exe","3388","RegOpenKey","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.exe","NAME NOT FOUND","Desired Access: Maximum Allowed"
"19:17:48.6301075","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\.exe","NAME NOT FOUND","Desired Access: Maximum Allowed"
"19:17:48.6301952","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\.exe","NAME NOT FOUND","Desired Access: Maximum Allowed"
"19:17:48.6302642","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\exefile","NAME NOT FOUND","Desired Access: Maximum Allowed"
"19:17:48.6303488","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\exefile\CurVer","NAME NOT FOUND","Desired Access: Query Value"
"19:17:48.6303759","logger.exe","3388","RegOpenKey","HKCR\exefile\CurVer","NAME NOT FOUND","Desired Access: Query Value"
"19:17:48.6304282","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\exefile","NAME NOT FOUND","Desired Access: Maximum Allowed"
"19:17:48.6305709","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\exefile\ShellEx\IconHandler","NAME NOT FOUND","Desired Access: Query Value"
"19:17:48.6305994","logger.exe","3388","RegOpenKey","HKCR\exefile\ShellEx\IconHandler","NAME NOT FOUND","Desired Access: Query Value"
"19:17:48.6306508","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\SystemFileAssociations\.exe","NAME NOT FOUND","Desired Access: Maximum Allowed"
"19:17:48.6306676","logger.exe","3388","RegOpenKey","HKCR\SystemFileAssociations\.exe","NAME NOT FOUND","Desired Access: Maximum Allowed"
"19:17:48.6307414","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\SystemFileAssociations\application","NAME NOT FOUND","Desired Access: Maximum Allowed"
"19:17:48.6307584","logger.exe","3388","RegOpenKey","HKCR\SystemFileAssociations\application","NAME NOT FOUND","Desired Access: Maximum Allowed"
"19:17:48.6308207","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\exefile","NAME NOT FOUND","Desired Access: Maximum Allowed"
"19:17:48.6308470","logger.exe","3388","RegQueryValue","HKCR\exefile\DocObject","NAME NOT FOUND","Length: 144"
"19:17:48.6308986","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\exefile","NAME NOT FOUND","Desired Access: Maximum Allowed"
"19:17:48.6309241","logger.exe","3388","RegQueryValue","HKCR\exefile\BrowseInPlace","NAME NOT FOUND","Length: 144"
"19:17:48.6309741","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\exefile\Clsid","NAME NOT FOUND","Desired Access: Query Value"
"19:17:48.6310003","logger.exe","3388","RegOpenKey","HKCR\exefile\Clsid","NAME NOT FOUND","Desired Access: Query Value"
"19:17:48.6310467","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\*","NAME NOT FOUND","Desired Access: Maximum Allowed"
"19:17:48.6311266","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\*\Clsid","NAME NOT FOUND","Desired Access: Query Value"
"19:17:48.6311520","logger.exe","3388","RegOpenKey","HKCR\*\Clsid","NAME NOT FOUND","Desired Access: Query Value"
"19:17:48.6312076","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\exefile","NAME NOT FOUND","Desired Access: Maximum Allowed"
"19:17:48.6312333","logger.exe","3388","RegQueryValue","HKCR\exefile\IsShortcut","NAME NOT FOUND","Length: 144"
"19:17:48.6312825","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\exefile","NAME NOT FOUND","Desired Access: Maximum Allowed"
"19:17:48.6313076","logger.exe","3388","RegQueryValue","HKCR\exefile\AlwaysShowExt","NAME NOT FOUND","Length: 144"
"19:17:48.6313557","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\exefile","NAME NOT FOUND","Desired Access: Maximum Allowed"
"19:17:48.6313803","logger.exe","3388","RegQueryValue","HKCR\exefile\NeverShowExt","NAME NOT FOUND","Length: 144"
"19:17:48.6315001","logger.exe","3388","RegOpenKey","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.exe","NAME NOT FOUND","Desired Access: Maximum Allowed"
"19:17:48.6315297","logger.exe","3388","RegOpenKey","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.exe","NAME NOT FOUND","Desired Access: Maximum Allowed"
"19:17:48.6315761","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\.exe","NAME NOT FOUND","Desired Access: Maximum Allowed"
"19:17:48.6316568","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\.exe","NAME NOT FOUND","Desired Access: Maximum Allowed"
"19:17:48.6317230","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\exefile","NAME NOT FOUND","Desired Access: Maximum Allowed"
"19:17:48.6318021","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\exefile\CurVer","NAME NOT FOUND","Desired Access: Query Value"
"19:17:48.6318281","logger.exe","3388","RegOpenKey","HKCR\exefile\CurVer","NAME NOT FOUND","Desired Access: Query Value"
"19:17:48.6318789","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\exefile","NAME NOT FOUND","Desired Access: Maximum Allowed"
"19:17:48.6362175","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\exefile\shell","NAME NOT FOUND","Desired Access: Maximum Allowed"
"19:17:48.6363194","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\exefile\shell","NAME NOT FOUND","Desired Access: Maximum Allowed"
"19:17:48.6363465","logger.exe","3388","RegQueryValue","HKCR\exefile\shell\(Default)","NAME NOT FOUND","Length: 144"
"19:17:48.6363968","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\exefile\shell\open","NAME NOT FOUND","Desired Access: Maximum Allowed"
"19:17:48.6365368","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\exefile\shell\open\command","NAME NOT FOUND","Desired Access: Query Value"
"19:17:48.6366284","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\exefile\shell\open\command","NAME NOT FOUND","Desired Access: Maximum Allowed"
"19:17:48.6369081","logger.exe","3388","RegOpenKey","HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\RestrictRun","NAME NOT FOUND","Desired Access: Read"
"19:17:48.6369818","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\exefile\shell\open\command","NAME NOT FOUND","Desired Access: Query Value"
"19:17:48.6370720","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\exefile\shell\open\command","NAME NOT FOUND","Desired Access: Maximum Allowed"
"19:17:48.6371014","logger.exe","3388","RegQueryValue","HKCR\exefile\shell\open\command\command","NAME NOT FOUND","Length: 144"
"19:17:48.6371673","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\cmd.exe","NAME NOT FOUND","Desired Access: Query Value"
"19:17:48.6372296","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\exefile\shell\open\command","NAME NOT FOUND","Desired Access: Query Value"
"19:17:48.6373184","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\exefile\shell\open\command","NAME NOT FOUND","Desired Access: Maximum Allowed"
"19:17:48.6374358","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\exefile\shell\open\ddeexec","NAME NOT FOUND","Desired Access: Query Value"
"19:17:48.6374643","logger.exe","3388","RegOpenKey","HKCR\exefile\shell\open\ddeexec","NAME NOT FOUND","Desired Access: Query Value"
"19:17:48.6375280","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\Applications\cmd.exe","NAME NOT FOUND","Desired Access: Maximum Allowed"
"19:17:48.6375442","logger.exe","3388","RegOpenKey","HKCR\Applications\cmd.exe","NAME NOT FOUND","Desired Access: Maximum Allowed"
"19:17:48.6634125","logger.exe","3388","RegOpenKey","HKCU\Software\Policies\Microsoft\Control Panel\Desktop","NAME NOT FOUND","Desired Access: Read"
"19:17:48.6634670","logger.exe","3388","RegQueryValue","HKCU\Control Panel\Desktop\MultiUILanguageId","NAME NOT FOUND","Length: 256"
"19:17:48.7173635","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\cmd.exe","NAME NOT FOUND","Desired Access: Query Value"
"19:17:48.7174105","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer","NAME NOT FOUND","Desired Access: Query Value"
"19:17:48.7174786","logger.exe","3388","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\InheritConsoleHandles","NAME NOT FOUND","Length: 144"
"19:17:48.7175482","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer","NAME NOT FOUND","Desired Access: Query Value"
"19:17:48.7176113","logger.exe","3388","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\RestrictRun","NAME NOT FOUND","Length: 144"
"19:17:48.7176689","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer","NAME NOT FOUND","Desired Access: Query Value"
"19:17:48.7177292","logger.exe","3388","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun","NAME NOT FOUND","Length: 144"
"19:17:48.7177854","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\cmd.exe","NAME NOT FOUND","Desired Access: Query Value"
"19:17:48.7178080","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\cmd.exe","NAME NOT FOUND","Desired Access: Query Value"
"19:17:48.7178421","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer","NAME NOT FOUND","Desired Access: Query Value"
"19:17:48.7179030","logger.exe","3388","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoRunasInstallPrompt","NAME NOT FOUND","Length: 144"
"19:17:48.7179586","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\cmd.exe","NAME NOT FOUND","Desired Access: Query Value"
"19:17:48.7192353","logger.exe","3388","RegOpenKey","HKLM\System\CurrentControlSet\Control\Session Manager\AppCertDlls","NAME NOT FOUND","Desired Access: Query Value"
"19:17:48.7617044","logger.exe","3388","CreateFile","C:\WINDOWS\AppPatch\systest.sdb","NAME NOT FOUND","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, AllocationSize: n/a"
"19:17:48.7617547","logger.exe","3388","RegOpenKey","HKLM\System\WPA\TabletPC","NAME NOT FOUND","Desired Access: Query Value, WOW64_64Key"
"19:17:48.7650235","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers","NAME NOT FOUND","Desired Access: Read, WOW64_64Key"
"19:17:48.7650718","logger.exe","3388","RegOpenKey","HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers","NAME NOT FOUND","Desired Access: Read, WOW64_64Key"
"19:17:48.7651028","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom\cmd.exe","NAME NOT FOUND","Desired Access: Read, WOW64_64Key"
"19:17:48.8427929","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags","NAME NOT FOUND","Desired Access: Read, WOW64_64Key"
"19:17:48.8428418","logger.exe","3388","RegOpenKey","HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags","NAME NOT FOUND","Desired Access: Read, WOW64_64Key"
"19:17:48.8458229","logger.exe","3388","RegOpenKey","HKLM\System\CurrentControlSet\Control\SafeBoot\Option","NAME NOT FOUND","Desired Access: Query Value, Set Value"
"19:17:48.8462679","logger.exe","3388","RegOpenKey","HKLM\Software\Policies\Microsoft\Windows\Safer\LevelObjects","NAME NOT FOUND","Desired Access: Read"
"19:17:48.8463288","logger.exe","3388","RegQueryValue","HKLM\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\Levels","NAME NOT FOUND","Length: 536"
"19:17:48.8651242","logger.exe","3388","RegEnumKey","HKLM\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths","NO MORE ENTRIES","Index: 1, Length: 280"
"19:17:48.8662031","logger.exe","3388","RegEnumKey","HKLM\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes","NO MORE ENTRIES","Index: 5, Length: 280"
"19:17:48.8662450","logger.exe","3388","RegOpenKey","HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\UrlZones","NAME NOT FOUND","Desired Access: Read"
"19:17:48.8662713","logger.exe","3388","RegOpenKey","HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\4096\Paths","NAME NOT FOUND","Desired Access: Read"
"19:17:48.8662959","logger.exe","3388","RegOpenKey","HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\4096\Hashes","NAME NOT FOUND","Desired Access: Read"
"19:17:48.8663185","logger.exe","3388","RegOpenKey","HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\4096\UrlZones","NAME NOT FOUND","Desired Access: Read"
"19:17:48.8663423","logger.exe","3388","RegOpenKey","HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\65536\Paths","NAME NOT FOUND","Desired Access: Read"
"19:17:48.8770185","logger.exe","3388","RegOpenKey","HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\65536\Hashes","NAME NOT FOUND","Desired Access: Read"
"19:17:48.8770498","logger.exe","3388","RegOpenKey","HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\65536\UrlZones","NAME NOT FOUND","Desired Access: Read"
"19:17:48.8770735","logger.exe","3388","RegOpenKey","HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\131072\Paths","NAME NOT FOUND","Desired Access: Read"
"19:17:48.8770981","logger.exe","3388","RegOpenKey","HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\131072\Hashes","NAME NOT FOUND","Desired Access: Read"
"19:17:48.8771216","logger.exe","3388","RegOpenKey","HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\131072\UrlZones","NAME NOT FOUND","Desired Access: Read"
"19:17:48.8771450","logger.exe","3388","RegOpenKey","HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths","NAME NOT FOUND","Desired Access: Read"
"19:17:48.8771685","logger.exe","3388","RegOpenKey","HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Hashes","NAME NOT FOUND","Desired Access: Read"
"19:17:48.8771911","logger.exe","3388","RegOpenKey","HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\UrlZones","NAME NOT FOUND","Desired Access: Read"
"19:17:48.8772361","logger.exe","3388","RegOpenKey","HKCU\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths","NAME NOT FOUND","Desired Access: Read"
"19:17:48.8772822","logger.exe","3388","RegOpenKey","HKCU\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes","NAME NOT FOUND","Desired Access: Read"
"19:17:48.8773238","logger.exe","3388","RegOpenKey","HKCU\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\UrlZones","NAME NOT FOUND","Desired Access: Read"
"19:17:48.8773654","logger.exe","3388","RegOpenKey","HKCU\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\4096\Paths","NAME NOT FOUND","Desired Access: Read"
"19:17:48.8774076","logger.exe","3388","RegOpenKey","HKCU\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\4096\Hashes","NAME NOT FOUND","Desired Access: Read"
"19:17:48.8774492","logger.exe","3388","RegOpenKey","HKCU\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\4096\UrlZones","NAME NOT FOUND","Desired Access: Read"
"19:17:48.8774914","logger.exe","3388","RegOpenKey","HKCU\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\65536\Paths","NAME NOT FOUND","Desired Access: Read"
"19:17:48.8775333","logger.exe","3388","RegOpenKey","HKCU\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\65536\Hashes","NAME NOT FOUND","Desired Access: Read"
"19:17:48.8775747","logger.exe","3388","RegOpenKey","HKCU\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\65536\UrlZones","NAME NOT FOUND","Desired Access: Read"
"19:17:48.8776163","logger.exe","3388","RegOpenKey","HKCU\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\131072\Paths","NAME NOT FOUND","Desired Access: Read"
"19:17:48.8776579","logger.exe","3388","RegOpenKey","HKCU\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\131072\Hashes","NAME NOT FOUND","Desired Access: Read"
"19:17:48.8776993","logger.exe","3388","RegOpenKey","HKCU\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\131072\UrlZones","NAME NOT FOUND","Desired Access: Read"
"19:17:48.8777406","logger.exe","3388","RegOpenKey","HKCU\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths","NAME NOT FOUND","Desired Access: Read"
"19:17:48.8777820","logger.exe","3388","RegOpenKey","HKCU\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Hashes","NAME NOT FOUND","Desired Access: Read"
"19:17:48.8778230","logger.exe","3388","RegOpenKey","HKCU\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\UrlZones","NAME NOT FOUND","Desired Access: Read"
"19:17:48.8779566","logger.exe","3388","RegOpenKey","HKCU\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers","NAME NOT FOUND","Desired Access: Read"
"19:17:48.8860987","logger.exe","3388","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cache","BUFFER OVERFLOW","Length: 144"
"19:17:48.8862643","logger.exe","3388","RegQueryValue","HKLM\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\LogFileName","NAME NOT FOUND","Length: 536"
"19:17:48.8863054","logger.exe","3388","RegOpenKey","HKLM\System\CurrentControlSet\Control\SafeBoot\Option","NAME NOT FOUND","Desired Access: Query Value, Set Value"
"19:17:48.8864090","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmd.exe","NAME NOT FOUND","Desired Access: Read"
"19:17:48.9057654","logger.exe","3388","CreateFile","C:\WINDOWS\system32\cmd.exe.Manifest","NAME NOT FOUND","Desired Access: Generic Read/Execute, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, AllocationSize: n/a"
"19:17:54.5584246","logger.exe","3388","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Run\gens","NAME NOT FOUND","Length: 144"
"19:17:54.5957255","logger.exe","3388","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MaximizeApps","NAME NOT FOUND","Length: 144"
"19:17:54.5957858","logger.exe","3388","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MaximizeApps","NAME NOT FOUND","Length: 144"
"19:17:54.5988773","logger.exe","3388","CreateFile","C:\Documents and Settings\%USER%\%Desktop%\cmd.exe","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"19:17:54.6002981","logger.exe","3388","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\{1f4de370-d627-11d1-ba4f-00a0c91eedba}\SuppressionPolicy","NAME NOT FOUND","Length: 144"
"19:17:54.6004283","logger.exe","3388","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\{450D8FBA-AD25-11D0-98A8-0800361B1103}\SuppressionPolicy","NAME NOT FOUND","Length: 144"
"19:17:54.6005588","logger.exe","3388","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\{645FF040-5081-101B-9F08-00AA002F954E}\SuppressionPolicy","NAME NOT FOUND","Length: 144"
"19:17:54.6006828","logger.exe","3388","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\{e17d4fc0-5564-11d1-83f2-00a0c90dc849}\SuppressionPolicy","NAME NOT FOUND","Length: 144"
"19:17:54.6007431","logger.exe","3388","RegEnumKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace","NO MORE ENTRIES","Index: 4, Length: 288"
"19:17:54.6062947","logger.exe","3388","RegOpenKey","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace","NAME NOT FOUND","Desired Access: Read"
"19:17:54.6064441","logger.exe","3388","RegOpenKey","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\000000000000d5c0\Desktop\NameSpace","NAME NOT FOUND","Desired Access: Read"
"19:17:54.6065455","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder","NAME NOT FOUND","Desired Access: Maximum Allowed"
"19:17:54.6066520","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder","NAME NOT FOUND","Desired Access: Maximum Allowed"
"19:17:54.6066872","logger.exe","3388","RegQueryValue","HKCR\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\WantsParseDisplayName","NAME NOT FOUND","Length: 144"
"19:17:54.6067682","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder","NAME NOT FOUND","Desired Access: Maximum Allowed"
"19:17:54.6068637","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder","NAME NOT FOUND","Desired Access: Maximum Allowed"
"19:17:54.6068970","logger.exe","3388","RegQueryValue","HKCR\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\WantsParseDisplayName","NAME NOT FOUND","Length: 144"
"19:17:54.6069758","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder","NAME NOT FOUND","Desired Access: Maximum Allowed"
"19:17:54.6070699","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder","NAME NOT FOUND","Desired Access: Maximum Allowed"
"19:17:54.6075267","logger.exe","3388","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Objects\{871C5380-42A0-1069-A2EA-08002B30309D}","NAME NOT FOUND","Desired Access: Query Value"
"19:17:54.6076024","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\InProcServer32","NAME NOT FOUND","Desired Access: Query Value"
"19:17:54.6076990","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\InProcServer32","NAME NOT FOUND","Desired Access: Maximum Allowed"
"19:17:54.6078049","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\InProcServer32","NAME NOT FOUND","Desired Access: Maximum Allowed"
"19:17:54.6078382","logger.exe","3388","RegQueryValue","HKCR\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\InProcServer32\LoadWithoutCOM","NAME NOT FOUND","Length: 144"
"19:17:54.6078999","logger.exe","3388","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Blocked\{871C5380-42A0-1069-A2EA-08002B30309D}","NAME NOT FOUND","Length: 144"
"19:17:54.6079276","logger.exe","3388","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Blocked\{871C5380-42A0-1069-A2EA-08002B30309D}","NAME NOT FOUND","Length: 144"
"19:17:54.6079731","logger.exe","3388","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{871C5380-42A0-1069-A2EA-08002B30309D} {000214E6-0000-0000-C000-000000000046} 0x401","NAME NOT FOUND","Length: 144"
"19:17:54.6096093","logger.exe","3388","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Objects\{871C5380-42A0-1069-A2EA-08002B30309D}","NAME NOT FOUND","Desired Access: Query Value"
"19:17:54.6097390","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{1F4DE370-D627-11D1-BA4F-00A0C91EEDBA}\ShellFolder","NAME NOT FOUND","Desired Access: Maximum Allowed"
"19:17:54.6098415","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{1f4de370-d627-11d1-ba4f-00a0c91eedba}\ShellFolder","NAME NOT FOUND","Desired Access: Maximum Allowed"
"19:17:54.6098767","logger.exe","3388","RegQueryValue","HKCR\CLSID\{1f4de370-d627-11d1-ba4f-00a0c91eedba}\ShellFolder\WantsParseDisplayName","NAME NOT FOUND","Length: 144"
"19:17:54.6099602","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{450D8FBA-AD25-11D0-98A8-0800361B1103}\ShellFolder","NAME NOT FOUND","Desired Access: Maximum Allowed"
"19:17:54.6100560","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{450D8FBA-AD25-11D0-98A8-0800361B1103}\ShellFolder","NAME NOT FOUND","Desired Access: Maximum Allowed"
"19:17:54.6100896","logger.exe","3388","RegQueryValue","HKCR\CLSID\{450D8FBA-AD25-11D0-98A8-0800361B1103}\ShellFolder\WantsParseDisplayName","NAME NOT FOUND","Length: 144"
"19:17:54.6101703","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\ShellFolder","NAME NOT FOUND","Desired Access: Maximum Allowed"
"19:17:54.6102645","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\ShellFolder","NAME NOT FOUND","Desired Access: Maximum Allowed"
"19:17:54.6102974","logger.exe","3388","RegQueryValue","HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\ShellFolder\WantsParseDisplayName","NAME NOT FOUND","Length: 144"
"19:17:54.6103762","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{E17D4FC0-5564-11D1-83F2-00A0C90DC849}\ShellFolder","NAME NOT FOUND","Desired Access: Maximum Allowed"
"19:17:54.6104703","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{e17d4fc0-5564-11d1-83f2-00a0c90dc849}\ShellFolder","NAME NOT FOUND","Desired Access: Maximum Allowed"
"19:17:54.6105041","logger.exe","3388","RegQueryValue","HKCR\CLSID\{e17d4fc0-5564-11d1-83f2-00a0c90dc849}\ShellFolder\WantsParseDisplayName","NAME NOT FOUND","Length: 144"
"19:17:54.6106625","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{AEB6717E-7E19-11D0-97EE-00C04FD91972}\InProcServer32","NAME NOT FOUND","Desired Access: Query Value"
"19:17:54.6107561","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\InProcServer32","NAME NOT FOUND","Desired Access: Maximum Allowed"
"19:17:54.6108461","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\InProcServer32","NAME NOT FOUND","Desired Access: Maximum Allowed"
"19:17:54.6108782","logger.exe","3388","RegQueryValue","HKCR\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\InProcServer32\LoadWithoutCOM","NAME NOT FOUND","Length: 144"
"19:17:54.6109307","logger.exe","3388","RegEnumValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks","NO MORE ENTRIES","Index: 1, Length: 220"
"19:17:54.6115311","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\cmd.exe","NAME NOT FOUND","Desired Access: Query Value"
"19:17:54.6120518","logger.exe","3388","CreateFile","C:\Documents and Settings\%USER%\%Desktop%\cmd.exe","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"19:17:54.6161870","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\.exe","NAME NOT FOUND","Desired Access: Query Value"
"19:17:54.6162758","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\.exe","NAME NOT FOUND","Desired Access: Maximum Allowed"
"19:17:54.6163756","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\.ade","NAME NOT FOUND","Desired Access: Query Value"
"19:17:54.6213189","logger.exe","3388","RegOpenKey","HKCR\.ade","NAME NOT FOUND","Desired Access: Query Value"
"19:17:54.6213717","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\.adp","NAME NOT FOUND","Desired Access: Query Value"
"19:17:54.6213854","logger.exe","3388","RegOpenKey","HKCR\.adp","NAME NOT FOUND","Desired Access: Query Value"
"19:17:54.6214282","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\.app","NAME NOT FOUND","Desired Access: Query Value"
"19:17:54.6214410","logger.exe","3388","RegOpenKey","HKCR\.app","NAME NOT FOUND","Desired Access: Query Value"
"19:17:54.6214826","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\.asp","NAME NOT FOUND","Desired Access: Query Value"
"19:17:54.6215634","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\.asp","NAME NOT FOUND","Desired Access: Maximum Allowed"
"19:17:54.6216612","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\.bas","NAME NOT FOUND","Desired Access: Query Value"
"19:17:54.6216751","logger.exe","3388","RegOpenKey","HKCR\.bas","NAME NOT FOUND","Desired Access: Query Value"
"19:17:54.6217179","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\.bat","NAME NOT FOUND","Desired Access: Query Value"
"19:17:54.6217930","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\.bat","NAME NOT FOUND","Desired Access: Maximum Allowed"
"19:17:54.6218838","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\.cer","NAME NOT FOUND","Desired Access: Query Value"
"19:17:54.6219581","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\.cer","NAME NOT FOUND","Desired Access: Maximum Allowed"
"19:17:54.6220484","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\.chm","NAME NOT FOUND","Desired Access: Query Value"
"19:17:54.6221215","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\.chm","NAME NOT FOUND","Desired Access: Maximum Allowed"
"19:17:54.6222109","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\.cmd","NAME NOT FOUND","Desired Access: Query Value"
"19:17:54.6222839","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\.cmd","NAME NOT FOUND","Desired Access: Maximum Allowed"
"19:17:54.6223735","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\.com","NAME NOT FOUND","Desired Access: Query Value"
"19:17:54.6224464","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\.com","NAME NOT FOUND","Desired Access: Maximum Allowed"
"19:17:54.6226183","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\.cpl","NAME NOT FOUND","Desired Access: Query Value"
"19:17:54.6226945","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\.cpl","NAME NOT FOUND","Desired Access: Maximum Allowed"
"19:17:54.6227859","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\.crt","NAME NOT FOUND","Desired Access: Query Value"
"19:17:54.6228596","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\.crt","NAME NOT FOUND","Desired Access: Maximum Allowed"
"19:17:54.6229493","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\.csh","NAME NOT FOUND","Desired Access: Query Value"
"19:17:54.6229630","logger.exe","3388","RegOpenKey","HKCR\.csh","NAME NOT FOUND","Desired Access: Query Value"
"19:17:54.6230502","logger.exe","3388","RegOpenKey","HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\","NAME NOT FOUND","Desired Access: Read"
"19:17:54.6230795","logger.exe","3388","RegOpenKey","HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\","NAME NOT FOUND","Desired Access: Read"
"19:17:54.6233650","logger.exe","3388","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Objects\{20D04FE0-3AEA-1069-A2D8-08002B30309D}","NAME NOT FOUND","Desired Access: Query Value"
"19:17:54.6234642","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32","NAME NOT FOUND","Desired Access: Query Value"
"19:17:54.6235603","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32","NAME NOT FOUND","Desired Access: Maximum Allowed"
"19:17:54.6252854","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\Drive\shellex\FolderExtensions","NAME NOT FOUND","Desired Access: Enumerate Sub Keys"
"19:17:54.6253820","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\Drive\shellex\FolderExtensions","NAME NOT FOUND","Desired Access: Maximum Allowed"
"19:17:54.6254577","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\Drive\shellex\FolderExtensions\{fbeb8a05-beee-4442-804e-409d6c4515e9}","NAME NOT FOUND","Desired Access: Query Value"
"19:17:54.6255541","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\Drive\shellex\FolderExtensions\{fbeb8a05-beee-4442-804e-409d6c4515e9}","NAME NOT FOUND","Desired Access: Maximum Allowed"
"19:17:54.6256471","logger.exe","3388","RegEnumKey","HKCR\Drive\shellex\FolderExtensions","NO MORE ENTRIES","Index: 1, Length: 288"
"19:17:54.6276938","logger.exe","3388","RegOpenKey","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.exe","NAME NOT FOUND","Desired Access: Maximum Allowed"
"19:17:54.6277253","logger.exe","3388","RegOpenKey","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.exe","NAME NOT FOUND","Desired Access: Maximum Allowed"
"19:17:54.6277753","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\.exe","NAME NOT FOUND","Desired Access: Maximum Allowed"
"19:17:54.6278656","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\.exe","NAME NOT FOUND","Desired Access: Maximum Allowed"
"19:17:54.6279363","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\exefile","NAME NOT FOUND","Desired Access: Maximum Allowed"
"19:17:54.6280201","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\exefile\CurVer","NAME NOT FOUND","Desired Access: Query Value"
"19:17:54.6280474","logger.exe","3388","RegOpenKey","HKCR\exefile\CurVer","NAME NOT FOUND","Desired Access: Query Value"
"19:17:54.6280994","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\exefile","NAME NOT FOUND","Desired Access: Maximum Allowed"
"19:17:54.6282355","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\exefile\shell","NAME NOT FOUND","Desired Access: Maximum Allowed"
"19:17:54.6283237","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\exefile\shell","NAME NOT FOUND","Desired Access: Maximum Allowed"
"19:17:54.6283514","logger.exe","3388","RegQueryValue","HKCR\exefile\shell\(Default)","NAME NOT FOUND","Length: 144"
"19:17:54.6284011","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\exefile\shell\open","NAME NOT FOUND","Desired Access: Maximum Allowed"
"19:17:54.6285260","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\exefile\shell\open\command","NAME NOT FOUND","Desired Access: Query Value"
"19:17:54.6286168","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\exefile\shell\open\command","NAME NOT FOUND","Desired Access: Maximum Allowed"
"19:17:54.6287358","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\exefile\shell\open\command","NAME NOT FOUND","Desired Access: Query Value"
"19:17:54.6288244","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\exefile\shell\open\command","NAME NOT FOUND","Desired Access: Maximum Allowed"
"19:17:54.6288531","logger.exe","3388","RegQueryValue","HKCR\exefile\shell\open\command\command","NAME NOT FOUND","Length: 144"
"19:17:54.6289143","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\cmd.exe","NAME NOT FOUND","Desired Access: Query Value"
"19:17:54.6289766","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\exefile\shell\open\command","NAME NOT FOUND","Desired Access: Query Value"
"19:17:54.6290680","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\exefile\shell\open\command","NAME NOT FOUND","Desired Access: Maximum Allowed"
"19:17:54.6291831","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\exefile\shell\open\ddeexec","NAME NOT FOUND","Desired Access: Query Value"
"19:17:54.6292113","logger.exe","3388","RegOpenKey","HKCR\exefile\shell\open\ddeexec","NAME NOT FOUND","Desired Access: Query Value"
"19:17:54.6293255","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\Applications\cmd.exe","NAME NOT FOUND","Desired Access: Maximum Allowed"
"19:17:54.6293423","logger.exe","3388","RegOpenKey","HKCR\Applications\cmd.exe","NAME NOT FOUND","Desired Access: Maximum Allowed"
"19:17:54.6390039","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\cmd.exe","NAME NOT FOUND","Desired Access: Query Value"
"19:17:54.6390597","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\cmd.exe","NAME NOT FOUND","Desired Access: Query Value"
"19:17:54.6390818","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\cmd.exe","NAME NOT FOUND","Desired Access: Query Value"
"19:17:54.6391176","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\cmd.exe","NAME NOT FOUND","Desired Access: Query Value"
"19:17:54.6415357","logger.exe","3388","CreateFile","C:\WINDOWS\AppPatch\systest.sdb","NAME NOT FOUND","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, AllocationSize: n/a"
"19:17:54.6415788","logger.exe","3388","RegOpenKey","HKLM\System\WPA\TabletPC","NAME NOT FOUND","Desired Access: Query Value, WOW64_64Key"
"19:17:54.6448535","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers","NAME NOT FOUND","Desired Access: Read, WOW64_64Key"
"19:17:54.6449015","logger.exe","3388","RegOpenKey","HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers","NAME NOT FOUND","Desired Access: Read, WOW64_64Key"
"19:17:54.6449320","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom\cmd.exe","NAME NOT FOUND","Desired Access: Read, WOW64_64Key"
"19:17:54.6573562","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags","NAME NOT FOUND","Desired Access: Read, WOW64_64Key"
"19:17:54.6574034","logger.exe","3388","RegOpenKey","HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags","NAME NOT FOUND","Desired Access: Read, WOW64_64Key"
"19:17:54.6608594","logger.exe","3388","RegOpenKey","HKLM\System\CurrentControlSet\Control\SafeBoot\Option","NAME NOT FOUND","Desired Access: Query Value, Set Value"
"19:17:54.6610966","logger.exe","3388","RegOpenKey","HKCU\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers","NAME NOT FOUND","Desired Access: Maximum Allowed"
"19:17:54.6698835","logger.exe","3388","RegQueryValue","HKLM\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\LogFileName","NAME NOT FOUND","Length: 536"
"19:17:54.6699880","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmd.exe","NAME NOT FOUND","Desired Access: Read"
"19:17:54.6704995","logger.exe","3388","CreateFile","C:\WINDOWS\system32\cmd.exe.Manifest","NAME NOT FOUND","Desired Access: Generic Read/Execute, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, AllocationSize: n/a"
"19:17:54.6770140","logger.exe","3388","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Run\gens","NAME NOT FOUND","Length: 144"
"19:17:54.6771428","logger.exe","3388","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MaximizeApps","NAME NOT FOUND","Length: 144"
"19:17:54.6772031","logger.exe","3388","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MaximizeApps","NAME NOT FOUND","Length: 144"
"19:17:54.6821473","logger.exe","3388","CreateFile","C:\Documents and Settings\%USER%\%Desktop%\cmd.exe","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"19:17:54.6823636","logger.exe","3388","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\{1f4de370-d627-11d1-ba4f-00a0c91eedba}\SuppressionPolicy","NAME NOT FOUND","Length: 144"
"19:17:54.6847161","logger.exe","3388","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\{450D8FBA-AD25-11D0-98A8-0800361B1103}\SuppressionPolicy","NAME NOT FOUND","Length: 144"
"19:17:54.6848535","logger.exe","3388","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\{645FF040-5081-101B-9F08-00AA002F954E}\SuppressionPolicy","NAME NOT FOUND","Length: 144"
"19:17:54.6849787","logger.exe","3388","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\{e17d4fc0-5564-11d1-83f2-00a0c90dc849}\SuppressionPolicy","NAME NOT FOUND","Length: 144"
"19:17:54.6850396","logger.exe","3388","RegEnumKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace","NO MORE ENTRIES","Index: 4, Length: 288"
"19:17:54.6850854","logger.exe","3388","RegOpenKey","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace","NAME NOT FOUND","Desired Access: Read"
"19:17:54.6852282","logger.exe","3388","RegOpenKey","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\000000000000d5c0\Desktop\NameSpace","NAME NOT FOUND","Desired Access: Read"
"19:17:54.6881998","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder","NAME NOT FOUND","Desired Access: Maximum Allowed"
"19:17:54.6883112","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder","NAME NOT FOUND","Desired Access: Maximum Allowed"
"19:17:54.6883467","logger.exe","3388","RegQueryValue","HKCR\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\WantsParseDisplayName","NAME NOT FOUND","Length: 144"
"19:17:54.6884308","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder","NAME NOT FOUND","Desired Access: Maximum Allowed"
"19:17:54.6885269","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder","NAME NOT FOUND","Desired Access: Maximum Allowed"
"19:17:54.6885602","logger.exe","3388","RegQueryValue","HKCR\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\WantsParseDisplayName","NAME NOT FOUND","Length: 144"
"19:17:54.6886389","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder","NAME NOT FOUND","Desired Access: Maximum Allowed"
"19:17:54.6887339","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder","NAME NOT FOUND","Desired Access: Maximum Allowed"
"19:17:54.6888351","logger.exe","3388","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Objects\{871C5380-42A0-1069-A2EA-08002B30309D}","NAME NOT FOUND","Desired Access: Query Value"
"19:17:54.6889063","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\InProcServer32","NAME NOT FOUND","Desired Access: Query Value"
"19:17:54.6889976","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\InProcServer32","NAME NOT FOUND","Desired Access: Maximum Allowed"
"19:17:54.6890996","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\InProcServer32","NAME NOT FOUND","Desired Access: Maximum Allowed"
"19:17:54.6891326","logger.exe","3388","RegQueryValue","HKCR\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\InProcServer32\LoadWithoutCOM","NAME NOT FOUND","Length: 144"
"19:17:54.6891932","logger.exe","3388","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Blocked\{871C5380-42A0-1069-A2EA-08002B30309D}","NAME NOT FOUND","Length: 144"
"19:17:54.6892203","logger.exe","3388","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Blocked\{871C5380-42A0-1069-A2EA-08002B30309D}","NAME NOT FOUND","Length: 144"
"19:17:54.6892622","logger.exe","3388","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{871C5380-42A0-1069-A2EA-08002B30309D} {000214E6-0000-0000-C000-000000000046} 0x401","NAME NOT FOUND","Length: 144"
"19:17:54.6899556","logger.exe","3388","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Objects\{871C5380-42A0-1069-A2EA-08002B30309D}","NAME NOT FOUND","Desired Access: Query Value"
"19:17:54.6900651","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{1F4DE370-D627-11D1-BA4F-00A0C91EEDBA}\ShellFolder","NAME NOT FOUND","Desired Access: Maximum Allowed"
"19:17:54.6901657","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{1f4de370-d627-11d1-ba4f-00a0c91eedba}\ShellFolder","NAME NOT FOUND","Desired Access: Maximum Allowed"
"19:17:54.6902003","logger.exe","3388","RegQueryValue","HKCR\CLSID\{1f4de370-d627-11d1-ba4f-00a0c91eedba}\ShellFolder\WantsParseDisplayName","NAME NOT FOUND","Length: 144"
"19:17:54.6902808","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{450D8FBA-AD25-11D0-98A8-0800361B1103}\ShellFolder","NAME NOT FOUND","Desired Access: Maximum Allowed"
"19:17:54.6903749","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{450D8FBA-AD25-11D0-98A8-0800361B1103}\ShellFolder","NAME NOT FOUND","Desired Access: Maximum Allowed"
"19:17:54.6904082","logger.exe","3388","RegQueryValue","HKCR\CLSID\{450D8FBA-AD25-11D0-98A8-0800361B1103}\ShellFolder\WantsParseDisplayName","NAME NOT FOUND","Length: 144"
"19:17:54.6904886","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\ShellFolder","NAME NOT FOUND","Desired Access: Maximum Allowed"
"19:17:54.6905816","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\ShellFolder","NAME NOT FOUND","Desired Access: Maximum Allowed"
"19:17:54.6906146","logger.exe","3388","RegQueryValue","HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\ShellFolder\WantsParseDisplayName","NAME NOT FOUND","Length: 144"
"19:17:54.6906920","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{E17D4FC0-5564-11D1-83F2-00A0C90DC849}\ShellFolder","NAME NOT FOUND","Desired Access: Maximum Allowed"
"19:17:54.6907850","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{e17d4fc0-5564-11d1-83f2-00a0c90dc849}\ShellFolder","NAME NOT FOUND","Desired Access: Maximum Allowed"
"19:17:54.6908183","logger.exe","3388","RegQueryValue","HKCR\CLSID\{e17d4fc0-5564-11d1-83f2-00a0c90dc849}\ShellFolder\WantsParseDisplayName","NAME NOT FOUND","Length: 144"
"19:17:54.6909761","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{AEB6717E-7E19-11D0-97EE-00C04FD91972}\InProcServer32","NAME NOT FOUND","Desired Access: Query Value"
"19:17:54.6910683","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\InProcServer32","NAME NOT FOUND","Desired Access: Maximum Allowed"
"19:17:54.6911571","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\InProcServer32","NAME NOT FOUND","Desired Access: Maximum Allowed"
"19:17:54.6911898","logger.exe","3388","RegQueryValue","HKCR\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\InProcServer32\LoadWithoutCOM","NAME NOT FOUND","Length: 144"
"19:17:54.6912418","logger.exe","3388","RegEnumValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks","NO MORE ENTRIES","Index: 1, Length: 220"
"19:17:54.6912951","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\cmd.exe","NAME NOT FOUND","Desired Access: Query Value"
"19:17:54.7828976","logger.exe","3388","CreateFile","C:\Documents and Settings\%USER%\%Desktop%\cmd.exe","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"19:17:55.2868558","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\.exe","NAME NOT FOUND","Desired Access: Query Value"
"19:17:55.2869172","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\.exe","NAME NOT FOUND","Desired Access: Maximum Allowed"
"19:17:55.2869871","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\.ade","NAME NOT FOUND","Desired Access: Query Value"
"19:17:55.2869963","logger.exe","3388","RegOpenKey","HKCR\.ade","NAME NOT FOUND","Desired Access: Query Value"
"19:17:55.2870225","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\.adp","NAME NOT FOUND","Desired Access: Query Value"
"19:17:55.2870309","logger.exe","3388","RegOpenKey","HKCR\.adp","NAME NOT FOUND","Desired Access: Query Value"
"19:17:55.2870555","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\.app","NAME NOT FOUND","Desired Access: Query Value"
"19:17:55.2870642","logger.exe","3388","RegOpenKey","HKCR\.app","NAME NOT FOUND","Desired Access: Query Value"
"19:17:55.2870890","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\.asp","NAME NOT FOUND","Desired Access: Query Value"
"19:17:55.2871334","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\.asp","NAME NOT FOUND","Desired Access: Maximum Allowed"
"19:17:55.2900503","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\.bas","NAME NOT FOUND","Desired Access: Query Value"
"19:17:55.2900606","logger.exe","3388","RegOpenKey","HKCR\.bas","NAME NOT FOUND","Desired Access: Query Value"
"19:17:55.2900877","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\.bat","NAME NOT FOUND","Desired Access: Query Value"
"19:17:55.2901363","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\.bat","NAME NOT FOUND","Desired Access: Maximum Allowed"
"19:17:55.2901972","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\.cer","NAME NOT FOUND","Desired Access: Query Value"
"19:17:55.2902425","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\.cer","NAME NOT FOUND","Desired Access: Maximum Allowed"
"19:17:55.2902975","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\.chm","NAME NOT FOUND","Desired Access: Query Value"
"19:17:55.2903417","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\.chm","NAME NOT FOUND","Desired Access: Maximum Allowed"
"19:17:55.2903959","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\.cmd","NAME NOT FOUND","Desired Access: Query Value"
"19:17:55.2904397","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\.cmd","NAME NOT FOUND","Desired Access: Maximum Allowed"
"19:17:55.2904934","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\.com","NAME NOT FOUND","Desired Access: Query Value"
"19:17:55.2905367","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\.com","NAME NOT FOUND","Desired Access: Maximum Allowed"
"19:17:55.2905900","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\.cpl","NAME NOT FOUND","Desired Access: Query Value"
"19:17:55.2906336","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\.cpl","NAME NOT FOUND","Desired Access: Maximum Allowed"
"19:17:55.2936703","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\.crt","NAME NOT FOUND","Desired Access: Query Value"
"19:17:55.2937220","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\.crt","NAME NOT FOUND","Desired Access: Maximum Allowed"
"19:17:55.2937848","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\.csh","NAME NOT FOUND","Desired Access: Query Value"
"19:17:55.2937938","logger.exe","3388","RegOpenKey","HKCR\.csh","NAME NOT FOUND","Desired Access: Query Value"
"19:17:55.2938558","logger.exe","3388","RegOpenKey","HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\","NAME NOT FOUND","Desired Access: Read"
"19:17:55.2938745","logger.exe","3388","RegOpenKey","HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\","NAME NOT FOUND","Desired Access: Read"
"19:17:55.2967875","logger.exe","3388","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Objects\{20D04FE0-3AEA-1069-A2D8-08002B30309D}","NAME NOT FOUND","Desired Access: Query Value"
"19:17:55.2968562","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32","NAME NOT FOUND","Desired Access: Query Value"
"19:17:55.2969202","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32","NAME NOT FOUND","Desired Access: Maximum Allowed"
"19:17:55.3025117","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\Drive\shellex\FolderExtensions","NAME NOT FOUND","Desired Access: Enumerate Sub Keys"
"19:17:55.3025684","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\Drive\shellex\FolderExtensions","NAME NOT FOUND","Desired Access: Maximum Allowed"
"19:17:55.3026136","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\Drive\shellex\FolderExtensions\{fbeb8a05-beee-4442-804e-409d6c4515e9}","NAME NOT FOUND","Desired Access: Query Value"
"19:17:55.3026703","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\Drive\shellex\FolderExtensions\{fbeb8a05-beee-4442-804e-409d6c4515e9}","NAME NOT FOUND","Desired Access: Maximum Allowed"
"19:17:55.3055224","logger.exe","3388","RegEnumKey","HKCR\Drive\shellex\FolderExtensions","NO MORE ENTRIES","Index: 1, Length: 288"
"19:17:55.3247801","logger.exe","3388","RegOpenKey","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.exe","NAME NOT FOUND","Desired Access: Maximum Allowed"
"19:17:55.3247994","logger.exe","3388","RegOpenKey","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.exe","NAME NOT FOUND","Desired Access: Maximum Allowed"
"19:17:55.3248321","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\.exe","NAME NOT FOUND","Desired Access: Maximum Allowed"
"19:17:55.3248916","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\.exe","NAME NOT FOUND","Desired Access: Maximum Allowed"
"19:17:55.3249343","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\exefile","NAME NOT FOUND","Desired Access: Maximum Allowed"
"19:17:55.3249860","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\exefile\CurVer","NAME NOT FOUND","Desired Access: Query Value"
"19:17:55.3250025","logger.exe","3388","RegOpenKey","HKCR\exefile\CurVer","NAME NOT FOUND","Desired Access: Query Value"
"19:17:55.3250327","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\exefile","NAME NOT FOUND","Desired Access: Maximum Allowed"
"19:17:55.3272195","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\exefile\shell","NAME NOT FOUND","Desired Access: Maximum Allowed"
"19:17:55.3272754","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\exefile\shell","NAME NOT FOUND","Desired Access: Maximum Allowed"
"19:17:55.3272919","logger.exe","3388","RegQueryValue","HKCR\exefile\shell\(Default)","NAME NOT FOUND","Length: 144"
"19:17:55.3273223","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\exefile\shell\open","NAME NOT FOUND","Desired Access: Maximum Allowed"
"19:17:55.3273997","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\exefile\shell\open\command","NAME NOT FOUND","Desired Access: Query Value"
"19:17:55.3274542","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\exefile\shell\open\command","NAME NOT FOUND","Desired Access: Maximum Allowed"
"19:17:55.3275263","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\exefile\shell\open\command","NAME NOT FOUND","Desired Access: Query Value"
"19:17:55.3275777","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\exefile\shell\open\command","NAME NOT FOUND","Desired Access: Maximum Allowed"
"19:17:55.3275947","logger.exe","3388","RegQueryValue","HKCR\exefile\shell\open\command\command","NAME NOT FOUND","Length: 144"
"19:17:55.3276350","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\cmd.exe","NAME NOT FOUND","Desired Access: Query Value"
"19:17:55.3276716","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\exefile\shell\open\command","NAME NOT FOUND","Desired Access: Query Value"
"19:17:55.3277235","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\exefile\shell\open\command","NAME NOT FOUND","Desired Access: Maximum Allowed"
"19:17:55.3277914","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\exefile\shell\open\ddeexec","NAME NOT FOUND","Desired Access: Query Value"
"19:17:55.3278084","logger.exe","3388","RegOpenKey","HKCR\exefile\shell\open\ddeexec","NAME NOT FOUND","Desired Access: Query Value"
"19:17:55.3278459","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\Applications\cmd.exe","NAME NOT FOUND","Desired Access: Maximum Allowed"
"19:17:55.3278565","logger.exe","3388","RegOpenKey","HKCR\Applications\cmd.exe","NAME NOT FOUND","Desired Access: Maximum Allowed"
"19:17:55.3365699","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\cmd.exe","NAME NOT FOUND","Desired Access: Query Value"
"19:17:55.3366051","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\cmd.exe","NAME NOT FOUND","Desired Access: Query Value"
"19:17:55.3366182","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\cmd.exe","NAME NOT FOUND","Desired Access: Query Value"
"19:17:55.3366403","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\cmd.exe","NAME NOT FOUND","Desired Access: Query Value"
"19:17:55.3430165","logger.exe","3388","CreateFile","C:\WINDOWS\AppPatch\systest.sdb","NAME NOT FOUND","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, AllocationSize: n/a"
"19:17:55.3430442","logger.exe","3388","RegOpenKey","HKLM\System\WPA\TabletPC","NAME NOT FOUND","Desired Access: Query Value, WOW64_64Key"
"19:17:55.3590448","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers","NAME NOT FOUND","Desired Access: Read, WOW64_64Key"
"19:17:55.3590778","logger.exe","3388","RegOpenKey","HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers","NAME NOT FOUND","Desired Access: Read, WOW64_64Key"
"19:17:55.3590982","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom\cmd.exe","NAME NOT FOUND","Desired Access: Read, WOW64_64Key"
"19:17:55.5715403","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags","NAME NOT FOUND","Desired Access: Read, WOW64_64Key"
"19:17:55.5715713","logger.exe","3388","RegOpenKey","HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags","NAME NOT FOUND","Desired Access: Read, WOW64_64Key"
"19:17:55.5848079","logger.exe","3388","RegOpenKey","HKLM\System\CurrentControlSet\Control\SafeBoot\Option","NAME NOT FOUND","Desired Access: Query Value, Set Value"
"19:17:55.5849590","logger.exe","3388","RegOpenKey","HKCU\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers","NAME NOT FOUND","Desired Access: Maximum Allowed"
"19:17:55.6008744","logger.exe","3388","RegQueryValue","HKLM\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\LogFileName","NAME NOT FOUND","Length: 536"
"19:17:55.6009493","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmd.exe","NAME NOT FOUND","Desired Access: Read"
"19:17:55.6317432","logger.exe","3388","CreateFile","C:\WINDOWS\system32\cmd.exe.Manifest","NAME NOT FOUND","Desired Access: Generic Read/Execute, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, AllocationSize: n/a"
"19:17:55.6409653","logger.exe","3388","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Run\gens","NAME NOT FOUND","Length: 144"
"19:17:55.6410611","logger.exe","3388","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MaximizeApps","NAME NOT FOUND","Length: 144"
"19:17:55.6411011","logger.exe","3388","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MaximizeApps","NAME NOT FOUND","Length: 144"
"19:17:55.6513904","logger.exe","3388","CreateFile","C:\Documents and Settings\%USER%\%Desktop%\cmd.exe","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"19:17:55.6515429","logger.exe","3388","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\{1f4de370-d627-11d1-ba4f-00a0c91eedba}\SuppressionPolicy","NAME NOT FOUND","Length: 144"
"19:17:55.6516256","logger.exe","3388","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\{450D8FBA-AD25-11D0-98A8-0800361B1103}\SuppressionPolicy","NAME NOT FOUND","Length: 144"
"19:17:55.6517069","logger.exe","3388","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\{645FF040-5081-101B-9F08-00AA002F954E}\SuppressionPolicy","NAME NOT FOUND","Length: 144"
"19:17:55.6538345","logger.exe","3388","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\{e17d4fc0-5564-11d1-83f2-00a0c90dc849}\SuppressionPolicy","NAME NOT FOUND","Length: 144"
"19:17:55.6538756","logger.exe","3388","RegEnumKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace","NO MORE ENTRIES","Index: 4, Length: 288"
"19:17:55.6539060","logger.exe","3388","RegOpenKey","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace","NAME NOT FOUND","Desired Access: Read"
"19:17:55.6539999","logger.exe","3388","RegOpenKey","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\000000000000d5c0\Desktop\NameSpace","NAME NOT FOUND","Desired Access: Read"
"19:17:55.6540658","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder","NAME NOT FOUND","Desired Access: Maximum Allowed"
"19:17:55.6541315","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder","NAME NOT FOUND","Desired Access: Maximum Allowed"
"19:17:55.6542846","logger.exe","3388","RegQueryValue","HKCR\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\WantsParseDisplayName","NAME NOT FOUND","Length: 144"
"19:17:55.6543343","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder","NAME NOT FOUND","Desired Access: Maximum Allowed"
"19:17:55.6543921","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder","NAME NOT FOUND","Desired Access: Maximum Allowed"
"19:17:55.6544117","logger.exe","3388","RegQueryValue","HKCR\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\WantsParseDisplayName","NAME NOT FOUND","Length: 144"
"19:17:55.6590486","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder","NAME NOT FOUND","Desired Access: Maximum Allowed"
"19:17:55.6591095","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder","NAME NOT FOUND","Desired Access: Maximum Allowed"
"19:17:55.6619311","logger.exe","3388","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Objects\{871C5380-42A0-1069-A2EA-08002B30309D}","NAME NOT FOUND","Desired Access: Query Value"
"19:17:55.6619788","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\InProcServer32","NAME NOT FOUND","Desired Access: Query Value"
"19:17:55.6620384","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\InProcServer32","NAME NOT FOUND","Desired Access: Maximum Allowed"
"19:17:55.6621020","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\InProcServer32","NAME NOT FOUND","Desired Access: Maximum Allowed"
"19:17:55.6621224","logger.exe","3388","RegQueryValue","HKCR\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\InProcServer32\LoadWithoutCOM","NAME NOT FOUND","Length: 144"
"19:17:55.6621638","logger.exe","3388","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Blocked\{871C5380-42A0-1069-A2EA-08002B30309D}","NAME NOT FOUND","Length: 144"
"19:17:55.6621828","logger.exe","3388","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Blocked\{871C5380-42A0-1069-A2EA-08002B30309D}","NAME NOT FOUND","Length: 144"
"19:17:55.6622102","logger.exe","3388","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{871C5380-42A0-1069-A2EA-08002B30309D} {000214E6-0000-0000-C000-000000000046} 0x401","NAME NOT FOUND","Length: 144"
"19:17:55.6623688","logger.exe","3388","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Objects\{871C5380-42A0-1069-A2EA-08002B30309D}","NAME NOT FOUND","Desired Access: Query Value"
"19:17:55.6624306","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{1F4DE370-D627-11D1-BA4F-00A0C91EEDBA}\ShellFolder","NAME NOT FOUND","Desired Access: Maximum Allowed"
"19:17:55.6624895","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{1f4de370-d627-11d1-ba4f-00a0c91eedba}\ShellFolder","NAME NOT FOUND","Desired Access: Maximum Allowed"
"19:17:55.6625099","logger.exe","3388","RegQueryValue","HKCR\CLSID\{1f4de370-d627-11d1-ba4f-00a0c91eedba}\ShellFolder\WantsParseDisplayName","NAME NOT FOUND","Length: 144"
"19:17:55.6625577","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{450D8FBA-AD25-11D0-98A8-0800361B1103}\ShellFolder","NAME NOT FOUND","Desired Access: Maximum Allowed"
"19:17:55.6626144","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{450D8FBA-AD25-11D0-98A8-0800361B1103}\ShellFolder","NAME NOT FOUND","Desired Access: Maximum Allowed"
"19:17:55.6626342","logger.exe","3388","RegQueryValue","HKCR\CLSID\{450D8FBA-AD25-11D0-98A8-0800361B1103}\ShellFolder\WantsParseDisplayName","NAME NOT FOUND","Length: 144"
"19:17:55.6626828","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\ShellFolder","NAME NOT FOUND","Desired Access: Maximum Allowed"
"19:17:55.6627387","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\ShellFolder","NAME NOT FOUND","Desired Access: Maximum Allowed"
"19:17:55.6627580","logger.exe","3388","RegQueryValue","HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\ShellFolder\WantsParseDisplayName","NAME NOT FOUND","Length: 144"
"19:17:55.6628049","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{E17D4FC0-5564-11D1-83F2-00A0C90DC849}\ShellFolder","NAME NOT FOUND","Desired Access: Maximum Allowed"
"19:17:55.6628600","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{e17d4fc0-5564-11d1-83f2-00a0c90dc849}\ShellFolder","NAME NOT FOUND","Desired Access: Maximum Allowed"
"19:17:55.6628795","logger.exe","3388","RegQueryValue","HKCR\CLSID\{e17d4fc0-5564-11d1-83f2-00a0c90dc849}\ShellFolder\WantsParseDisplayName","NAME NOT FOUND","Length: 144"
"19:17:55.6629767","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{AEB6717E-7E19-11D0-97EE-00C04FD91972}\InProcServer32","NAME NOT FOUND","Desired Access: Query Value"
"19:17:55.6630307","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\InProcServer32","NAME NOT FOUND","Desired Access: Maximum Allowed"
"19:17:55.6630823","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\InProcServer32","NAME NOT FOUND","Desired Access: Maximum Allowed"
"19:17:55.6631013","logger.exe","3388","RegQueryValue","HKCR\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\InProcServer32\LoadWithoutCOM","NAME NOT FOUND","Length: 144"
"19:17:55.6670261","logger.exe","3388","RegEnumValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks","NO MORE ENTRIES","Index: 1, Length: 220"
"19:17:55.6694820","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\cmd.exe","NAME NOT FOUND","Desired Access: Query Value"
"19:17:55.6698064","logger.exe","3388","CreateFile","C:\Documents and Settings\%USER%\%Desktop%\cmd.exe","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"19:17:55.6765005","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\.exe","NAME NOT FOUND","Desired Access: Query Value"
"19:17:55.6765553","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\.exe","NAME NOT FOUND","Desired Access: Maximum Allowed"
"19:17:55.6766181","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\.ade","NAME NOT FOUND","Desired Access: Query Value"
"19:17:55.6766271","logger.exe","3388","RegOpenKey","HKCR\.ade","NAME NOT FOUND","Desired Access: Query Value"
"19:17:55.6766531","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\.adp","NAME NOT FOUND","Desired Access: Query Value"
"19:17:55.6766612","logger.exe","3388","RegOpenKey","HKCR\.adp","NAME NOT FOUND","Desired Access: Query Value"
"19:17:55.6766860","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\.app","NAME NOT FOUND","Desired Access: Query Value"
"19:17:55.6766941","logger.exe","3388","RegOpenKey","HKCR\.app","NAME NOT FOUND","Desired Access: Query Value"
"19:17:55.6767187","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\.asp","NAME NOT FOUND","Desired Access: Query Value"
"19:17:55.6767634","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\.asp","NAME NOT FOUND","Desired Access: Maximum Allowed"
"19:17:55.6768193","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\.bas","NAME NOT FOUND","Desired Access: Query Value"
"19:17:55.6768277","logger.exe","3388","RegOpenKey","HKCR\.bas","NAME NOT FOUND","Desired Access: Query Value"
"19:17:55.6768528","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\.bat","NAME NOT FOUND","Desired Access: Query Value"
"19:17:55.6768967","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\.bat","NAME NOT FOUND","Desired Access: Maximum Allowed"
"19:17:55.6769506","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\.cer","NAME NOT FOUND","Desired Access: Query Value"
"19:17:55.6769944","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\.cer","NAME NOT FOUND","Desired Access: Maximum Allowed"
"19:17:55.6770503","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\.chm","NAME NOT FOUND","Desired Access: Query Value"
"19:17:55.6770936","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\.chm","NAME NOT FOUND","Desired Access: Maximum Allowed"
"19:17:55.6771478","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\.cmd","NAME NOT FOUND","Desired Access: Query Value"
"19:17:55.6771908","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\.cmd","NAME NOT FOUND","Desired Access: Maximum Allowed"
"19:17:55.6772453","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\.com","NAME NOT FOUND","Desired Access: Query Value"
"19:17:55.6772881","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\.com","NAME NOT FOUND","Desired Access: Maximum Allowed"
"19:17:55.6773414","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\.cpl","NAME NOT FOUND","Desired Access: Query Value"
"19:17:55.6773858","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\.cpl","NAME NOT FOUND","Desired Access: Maximum Allowed"
"19:17:55.6807737","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\.crt","NAME NOT FOUND","Desired Access: Query Value"
"19:17:55.6808215","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\.crt","NAME NOT FOUND","Desired Access: Maximum Allowed"
"19:17:55.6823708","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\.csh","NAME NOT FOUND","Desired Access: Query Value"
"19:17:55.6823806","logger.exe","3388","RegOpenKey","HKCR\.csh","NAME NOT FOUND","Desired Access: Query Value"
"19:17:55.6824387","logger.exe","3388","RegOpenKey","HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\","NAME NOT FOUND","Desired Access: Read"
"19:17:55.6824571","logger.exe","3388","RegOpenKey","HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\","NAME NOT FOUND","Desired Access: Read"
"19:17:55.6826482","logger.exe","3388","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Objects\{20D04FE0-3AEA-1069-A2D8-08002B30309D}","NAME NOT FOUND","Desired Access: Query Value"
"19:17:55.6827063","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32","NAME NOT FOUND","Desired Access: Query Value"
"19:17:55.6827670","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32","NAME NOT FOUND","Desired Access: Maximum Allowed"
"19:17:55.6862671","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\Drive\shellex\FolderExtensions","NAME NOT FOUND","Desired Access: Enumerate Sub Keys"
"19:17:55.6863264","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\Drive\shellex\FolderExtensions","NAME NOT FOUND","Desired Access: Maximum Allowed"
"19:17:55.6863722","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\Drive\shellex\FolderExtensions\{fbeb8a05-beee-4442-804e-409d6c4515e9}","NAME NOT FOUND","Desired Access: Query Value"
"19:17:55.6864289","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\Drive\shellex\FolderExtensions\{fbeb8a05-beee-4442-804e-409d6c4515e9}","NAME NOT FOUND","Desired Access: Maximum Allowed"
"19:17:55.6864848","logger.exe","3388","RegEnumKey","HKCR\Drive\shellex\FolderExtensions","NO MORE ENTRIES","Index: 1, Length: 288"
"19:17:55.7167816","logger.exe","3388","RegOpenKey","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.exe","NAME NOT FOUND","Desired Access: Maximum Allowed"
"19:17:55.7168029","logger.exe","3388","RegOpenKey","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.exe","NAME NOT FOUND","Desired Access: Maximum Allowed"
"19:17:55.7168369","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\.exe","NAME NOT FOUND","Desired Access: Maximum Allowed"
"19:17:55.7169001","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\.exe","NAME NOT FOUND","Desired Access: Maximum Allowed"
"19:17:55.7169445","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\exefile","NAME NOT FOUND","Desired Access: Maximum Allowed"
"19:17:55.7169962","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\exefile\CurVer","NAME NOT FOUND","Desired Access: Query Value"
"19:17:55.7170127","logger.exe","3388","RegOpenKey","HKCR\exefile\CurVer","NAME NOT FOUND","Desired Access: Query Value"
"19:17:55.7170431","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\exefile","NAME NOT FOUND","Desired Access: Maximum Allowed"
"19:17:55.7200508","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\exefile\shell","NAME NOT FOUND","Desired Access: Maximum Allowed"
"19:17:55.7201077","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\exefile\shell","NAME NOT FOUND","Desired Access: Maximum Allowed"
"19:17:55.7201242","logger.exe","3388","RegQueryValue","HKCR\exefile\shell\(Default)","NAME NOT FOUND","Length: 144"
"19:17:55.7201538","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\exefile\shell\open","NAME NOT FOUND","Desired Access: Maximum Allowed"
"19:17:55.7202323","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\exefile\shell\open\command","NAME NOT FOUND","Desired Access: Query Value"
"19:17:55.7202871","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\exefile\shell\open\command","NAME NOT FOUND","Desired Access: Maximum Allowed"
"19:17:55.7203589","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\exefile\shell\open\command","NAME NOT FOUND","Desired Access: Query Value"
"19:17:55.7204111","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\exefile\shell\open\command","NAME NOT FOUND","Desired Access: Maximum Allowed"
"19:17:55.7204279","logger.exe","3388","RegQueryValue","HKCR\exefile\shell\open\command\command","NAME NOT FOUND","Length: 144"
"19:17:55.7204687","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\cmd.exe","NAME NOT FOUND","Desired Access: Query Value"
"19:17:55.7205053","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\exefile\shell\open\command","NAME NOT FOUND","Desired Access: Query Value"
"19:17:55.7205572","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\exefile\shell\open\command","NAME NOT FOUND","Desired Access: Maximum Allowed"
"19:17:55.7206251","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\exefile\shell\open\ddeexec","NAME NOT FOUND","Desired Access: Query Value"
"19:17:55.7206419","logger.exe","3388","RegOpenKey","HKCR\exefile\shell\open\ddeexec","NAME NOT FOUND","Desired Access: Query Value"
"19:17:55.7206802","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\Applications\cmd.exe","NAME NOT FOUND","Desired Access: Maximum Allowed"
"19:17:55.7206905","logger.exe","3388","RegOpenKey","HKCR\Applications\cmd.exe","NAME NOT FOUND","Desired Access: Maximum Allowed"
"19:17:55.7846210","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\cmd.exe","NAME NOT FOUND","Desired Access: Query Value"
"19:17:55.7846606","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\cmd.exe","NAME NOT FOUND","Desired Access: Query Value"
"19:17:55.7846735","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\cmd.exe","NAME NOT FOUND","Desired Access: Query Value"
"19:17:55.7846964","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\cmd.exe","NAME NOT FOUND","Desired Access: Query Value"
"19:17:55.9379516","logger.exe","3388","CreateFile","C:\WINDOWS\AppPatch\systest.sdb","NAME NOT FOUND","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, AllocationSize: n/a"
"19:17:55.9379866","logger.exe","3388","RegOpenKey","HKLM\System\WPA\TabletPC","NAME NOT FOUND","Desired Access: Query Value, WOW64_64Key"
"19:17:56.0183046","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers","NAME NOT FOUND","Desired Access: Read, WOW64_64Key"
"19:17:56.0183367","logger.exe","3388","RegOpenKey","HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers","NAME NOT FOUND","Desired Access: Read, WOW64_64Key"
"19:17:56.0183565","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom\cmd.exe","NAME NOT FOUND","Desired Access: Read, WOW64_64Key"
"19:17:56.1544727","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags","NAME NOT FOUND","Desired Access: Read, WOW64_64Key"
"19:17:56.1545079","logger.exe","3388","RegOpenKey","HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags","NAME NOT FOUND","Desired Access: Read, WOW64_64Key"
"19:17:56.2938636","logger.exe","3388","RegOpenKey","HKLM\System\CurrentControlSet\Control\SafeBoot\Option","NAME NOT FOUND","Desired Access: Query Value, Set Value"
"19:17:56.6822809","logger.exe","3388","RegOpenKey","HKCU\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers","NAME NOT FOUND","Desired Access: Maximum Allowed"
"19:17:56.7483150","logger.exe","3388","RegQueryValue","HKLM\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\LogFileName","NAME NOT FOUND","Length: 536"
"19:17:56.7483988","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmd.exe","NAME NOT FOUND","Desired Access: Read"
"19:17:56.7487393","logger.exe","3388","CreateFile","C:\WINDOWS\system32\cmd.exe.Manifest","NAME NOT FOUND","Desired Access: Generic Read/Execute, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, AllocationSize: n/a"
"19:17:57.3739135","logger.exe","3388","RegEnumValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink","BUFFER OVERFLOW","Index: 4, Length: 220"
"19:17:57.3739531","logger.exe","3388","RegEnumValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink","NO MORE ENTRIES","Index: 5, Length: 220"
"19:17:57.3752921","logger.exe","3388","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback","NAME NOT FOUND","Desired Access: Query Value, Enumerate Sub Keys"
"19:17:59.0733850","logger.exe","3388","RegOpenKey","HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers","NAME NOT FOUND","Desired Access: Read"
"19:17:59.5074089","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msctfime.ime","NAME NOT FOUND","Desired Access: Read"
"19:18:00.2432686","logger.exe","3388","RegQueryValue","HKCU\Software\Microsoft\CTF\Disable Thread Input Manager","NAME NOT FOUND","Length: 144"
"19:18:00.2434561","logger.exe","3388","RegOpenKey","HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers","NAME NOT FOUND","Desired Access: Read"
"19:18:01.2583711","logger.exe","3388","CreateFile","C:\Documents and Settings\%USER%\%Desktop%\imjp81k.dll","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"19:18:01.9137525","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\imjp81k.dll","NAME NOT FOUND","Desired Access: Read"
"19:18:03.5233218","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\imjp81.ime","NAME NOT FOUND","Desired Access: Read"
"19:18:04.3214009","logger.exe","3388","RegQueryValue","HKLM\SYSTEM\Setup\UpgradeInProgress","NAME NOT FOUND","Length: 144"
"19:18:04.3214127","logger.exe","3388","RegQueryValue","HKLM\SYSTEM\Setup\OobeInProgress","NAME NOT FOUND","Length: 144"
"19:18:04.8093339","logger.exe","3388","RegOpenKey","HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers","NAME NOT FOUND","Desired Access: Read"
"19:18:05.6169189","logger.exe","3388","RegQueryValue","HKCU\Software\Microsoft\IMEJP\8.1\MSIME\ForwardException","NAME NOT FOUND","Length: 144"
"19:18:07.0619389","logger.exe","3388","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Run\gens","","Length: 144"
"19:18:07.0762430","logger.exe","3388","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Run\gens","","Length: 144"
"19:18:13.8959726","logger.exe","3388","CreateFile","C:\Documents and Settings\%USER%\Application Data\Microsoft\IMJP8_1\imjp81u.dic","SHARING VIOLATION","Desired Access: Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a"
"19:18:13.8988414","logger.exe","3388","CreateFile","C:\Documents and Settings\%USER%\Application Data\Microsoft\IMJP8_1\imjp81u.dic","SHARING VIOLATION","Desired Access: Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a"
"19:18:14.5918652","logger.exe","3388","ReadFile","C:\WINDOWS\IME\IMJP8_1\Dicts\IMJPST.DIC","","Offset: 2,043,904, Length: 32,768, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O"
"19:18:14.7878018","logger.exe","3388","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Run\gens","","Length: 144"
"19:18:17.0105846","logger.exe","3388","ReadFile","C:\WINDOWS\IME\IMJP8_1\Dicts\IMJPZP.DIC","","Offset: 1,335,296, Length: 32,768, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O"
"19:18:17.1872794","logger.exe","3388","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Run\gens","","Length: 144"
"19:18:18.3817904","logger.exe","3388","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Run\gens","","Length: 144"
"19:18:20.7993673","logger.exe","3388","ReadFile","C:\WINDOWS\IME\IMJP8_1\Dicts\IMJPLN.DIC","","Offset: 184,320, Length: 32,768, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O"
"19:18:20.9211534","logger.exe","3388","ReadFile","C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\32e6f703c114f3a971cbe706586e3655\mscorlib.ni.dll","","Offset: 5,513,216, Length: 32,768, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O"
"19:18:30.4338518","logger.exe","3388","RegOpenKey","HKCU\Software\Policies\Microsoft\Control Panel\Desktop","NAME NOT FOUND","Desired Access: Read"
"19:18:30.4339211","logger.exe","3388","ReadFile","C:\Documents and Settings\%USER%\ntuser.dat","","Offset: 61,440, Length: 4,096, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O"
"19:18:31.5700524","logger.exe","3388","RegQueryValue","HKCU\Control Panel\Desktop\MultiUILanguageId","NAME NOT FOUND","Length: 256"
"19:18:31.9327038","logger.exe","3388","RegOpenKey","HKCU\Software\Policies\Microsoft\Control Panel\Desktop","NAME NOT FOUND","Desired Access: Read"
"19:18:31.9327429","logger.exe","3388","RegQueryValue","HKCU\Control Panel\Desktop\MultiUILanguageId","NAME NOT FOUND","Length: 256"
"19:18:31.9328379","logger.exe","3388","RegOpenKey","HKCU\Software\Policies\Microsoft\Control Panel\Desktop","NAME NOT FOUND","Desired Access: Read"
"19:18:31.9329390","logger.exe","3388","RegQueryValue","HKCU\Control Panel\Desktop\MultiUILanguageId","NAME NOT FOUND","Length: 256"
"19:18:31.9610266","logger.exe","3388","RegOpenKey","HKCU\Software\Policies\Microsoft\Control Panel\Desktop","NAME NOT FOUND","Desired Access: Read"
"19:18:31.9610627","logger.exe","3388","RegQueryValue","HKCU\Control Panel\Desktop\MultiUILanguageId","NAME NOT FOUND","Length: 256"
"19:18:31.9611627","logger.exe","3388","RegOpenKey","HKCU\SOFTWARE\Microsoft\CTF\LangBarAddIn\","NAME NOT FOUND","Desired Access: Read"
"19:18:31.9611822","logger.exe","3388","RegOpenKey","HKLM\SOFTWARE\Microsoft\CTF\LangBarAddIn\","NAME NOT FOUND","Desired Access: Read"
"19:18:35.8656377","logger.exe","3388","RegQueryValue","HKLM\System\CurrentControlSet\Control\Session Manager\SafeProcessSearchMode","NAME NOT FOUND","Length: 16"
"19:18:35.9307236","logger.exe","3388","CreateFile","C:\Documents and Settings\%USER%\%Desktop%\imjp81.ime","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"19:18:35.9930723","logger.exe","3388","CreateFile","C:\Documents and Settings\%USER%\%Desktop%\imjp81.ime","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"19:18:48.5455587","logger.exe","3388","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Run\gens","","Length: 144"
"19:18:52.5954723","logger.exe","3388","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Run\gens","","Length: 144"
"19:19:07.5044770","logger.exe","3388","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Run\gens","","Length: 144"
"19:19:09.5526370","logger.exe","3388","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Run\gens","","Length: 144"
"19:19:11.5668749","logger.exe","3388","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Run\gens","","Length: 144"
"19:19:16.8995479","logger.exe","3388","ReadFile","C:\WINDOWS\MICROSOFT.NET\FRAMEWO%USER%\V2.0.50727\MSCORWKS.DLL","","Offset: 66,560, Length: 4,096, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O"
"19:19:16.9760802","logger.exe","3388","ReadFile","C:\WINDOWS\MICROSOFT.NET\FRAMEWO%USER%\V2.0.50727\MSCORWKS.DLL","","Offset: 1,651,712, Length: 32,768, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O"
"19:20:14.3599284","logger.exe","3388","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Run\gens","","Length: 144"
"19:20:14.3733843","logger.exe","3388","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Run\gens","","Length: 144"
"19:20:23.9469804","logger.exe","3388","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Run\gens","","Length: 144"
"19:20:26.2925822","logger.exe","3388","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Run\gens","","Length: 144"
"19:20:26.3183011","logger.exe","3388","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Run\gens","","Length: 144"
"19:20:31.1457563","logger.exe","3388","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Run\gens","","Length: 144"
"19:20:32.1679144","logger.exe","3388","RegCloseKey","HKCU\Software\Microsoft\Windows\CurrentVersion\Run","",""
"19:20:54.8540343","logger.exe","3388","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Run\gens","","Length: 144"
"19:20:55.1393862","logger.exe","3388","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Run\gens","","Length: 144"