Shadow Logger Process Record

1. "19:16:32.2230328","logger.exe","3388","FileSystemControl","C:","INVALID DEVICE REQUEST","Control: FSCTL_FILE_PREFETCH"
2. "19:16:32.2232452","logger.exe","3388","QueryDirectory","C:\","NO MORE FILES",""
3. "19:16:32.2238961","logger.exe","3388","QueryDirectory","C:\WINDOWS","NO MORE FILES",""
4. "19:16:32.2281000","logger.exe","3388","QueryDirectory","C:\WINDOWS\system32","NO MORE FILES",""
5. "19:16:32.7634700","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\logger.exe","NAME NOT FOUND","Desired Access: Read"
6. "19:16:32.7643667","logger.exe","3388","CreateFile","C:\Documents and Settings\%USER%\%Desktop%\logger.exe.Local","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
7. "19:16:32.7925119","logger.exe","3388","RegOpenKey","HKLM\System\CurrentControlSet\Control\SafeBoot\Option","NAME NOT FOUND","Desired Access: Query Value, Set Value"
8. "19:16:32.7926759","logger.exe","3388","RegOpenKey","HKCU\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers","NAME NOT FOUND","Desired Access: Query Value"
9. "19:16:33.3717347","logger.exe","3388","CreateFile","C:\WINDOWS\system32\mscoree.dll.local","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
10. "19:16:33.4117009","logger.exe","3388","RegQueryValue","HKLM\System\CurrentControlSet\Control\Session Manager\SafeDllSearchMode","NAME NOT FOUND","Length: 16"
11. "19:16:33.4169452","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Secur32.dll","NAME NOT FOUND","Desired Access: Read"
12. "19:16:33.4169944","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RPCRT4.dll","NAME NOT FOUND","Desired Access: Read"
13. "19:16:33.4170273","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ADVAPI32.dll","NAME NOT FOUND","Desired Access: Read"
14. "19:16:33.4324189","logger.exe","3388","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\LeakTrack","NAME NOT FOUND","Length: 144"
15. "19:16:33.4324832","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\Diagnostics","NAME NOT FOUND","Desired Access: Read"
16. "19:16:33.4325176","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ntdll.dll","NAME NOT FOUND","Desired Access: Read"
17. "19:16:33.4325357","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KERNEL32.dll","NAME NOT FOUND","Desired Access: Read"
18. "19:16:33.4499818","logger.exe","3388","RegQueryValue","HKLM\System\CurrentControlSet\Control\Session Manager\AppCompatibility\DisableAppCompat","NAME NOT FOUND","Length: 20"
19. "19:16:33.4501033","logger.exe","3388","RegOpenKey","HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers","NAME NOT FOUND","Desired Access: Read"
20. "19:16:33.4502500","logger.exe","3388","RegQueryValue","HKLM\SOFTWARE\Microsoft\.NETFramewo%USER%\CLRLoadLogDir","NAME NOT FOUND","Length: 144"
21. "19:16:33.5041186","logger.exe","3388","RegQueryValue","HKLM\SOFTWARE\Microsoft\.NETFramewo%USER%\OnlyUseLatestCLR","NAME NOT FOUND","Length: 144"
22. "19:16:33.5055347","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\USER32.dll","NAME NOT FOUND","Desired Access: Read"
23. "19:16:33.5148244","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\IMM32.DLL","NAME NOT FOUND","Desired Access: Read"
24. "19:16:33.5164017","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GDI32.dll","NAME NOT FOUND","Desired Access: Read"
25. "19:16:33.5164204","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msvcrt.dll","NAME NOT FOUND","Desired Access: Read"
26. "19:16:33.5164405","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SHLWAPI.dll","NAME NOT FOUND","Desired Access: Read"
27. "19:16:33.5178924","logger.exe","3388","RegOpenKey","HKLM\System\CurrentControlSet\Control\Error Message Instrument\","NAME NOT FOUND","Desired Access: Read"
28. "19:16:33.5179583","logger.exe","3388","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles","NAME NOT FOUND","Length: 20"
29. "19:16:33.5792787","logger.exe","3388","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Compatibility32\sample1","NAME NOT FOUND","Length: 172"
30. "19:16:33.5793354","logger.exe","3388","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IME Compatibility\sample1","NAME NOT FOUND","Length: 172"
31. "19:16:33.5801944","logger.exe","3388","CreateFile","C:\Documents and Settings\%USER%\%Desktop%\LPK.DLL","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
32. "19:16:33.5824458","logger.exe","3388","CreateFile","C:\Documents and Settings\%USER%\%Desktop%\USP10.dll","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
33. "19:16:33.5885148","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\USP10.dll","NAME NOT FOUND","Desired Access: Read"
34. "19:16:33.5886639","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\LPK.DLL","NAME NOT FOUND","Desired Access: Read"
35. "19:16:33.5887648","logger.exe","3388","RegOpenKey","HKCU\Software\Policies\Microsoft\Control Panel\Desktop","NAME NOT FOUND","Desired Access: Read"
36. "19:16:33.5888000","logger.exe","3388","RegQueryValue","HKCU\Control Panel\Desktop\MultiUILanguageId","NAME NOT FOUND","Length: 256"
37. "19:16:33.6298248","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Performance","NAME NOT FOUND","Desired Access: Maximum Allowed"
38. "19:16:33.6300569","logger.exe","3388","CreateFile","C:\Documents and Settings\%USER%\%Desktop%\logger.exe.config","NAME NOT FOUND","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, AllocationSize: n/a"
39. "19:16:33.6339437","logger.exe","3388","RegOpenKey","HKCU\Software\Microsoft\.NETFramewo%USER%\Policy\Standards","NAME NOT FOUND","Desired Access: Read"
40. "19:16:33.6441330","logger.exe","3388","RegOpenKey","HKLM\SOFTWARE\Microsoft\.NETFramewo%USER%\Policy\standards\v2.0.50727","NAME NOT FOUND","Desired Access: Read"
41. "19:16:33.6862375","logger.exe","3388","RegOpenKey","HKCU\Software\Policies\Microsoft\Control Panel\Desktop","NAME NOT FOUND","Desired Access: Read"
42. "19:16:33.6862730","logger.exe","3388","RegQueryValue","HKCU\Control Panel\Desktop\MultiUILanguageId","NAME NOT FOUND","Length: 256"
43. "19:16:33.6864389","logger.exe","3388","CreateFile","C:\WINDOWS\Microsoft.NET\Framewo%USER%\v2.0.50727\mscorwks.dll.2.Manifest","NAME NOT FOUND","Desired Access: Generic Read/Execute, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, AllocationSize: n/a"
44. "19:16:33.7041183","logger.exe","3388","CreateFile","C:\WINDOWS\Microsoft.NET\Framewo%USER%\v2.0.50727\mscorwks.dll.2.Config","NAME NOT FOUND","Desired Access: Generic Read/Execute, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, AllocationSize: n/a"
45. "19:16:33.9480051","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\Windows\CurrentVersion\SideBySide\AssemblyStorageRoots","NAME NOT FOUND","Desired Access: Enumerate Sub Keys"
46. "19:16:33.9483862","logger.exe","3388","CreateFile","C:\Documents and Settings\%USER%\%Desktop%\logger.exe.Local","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
47. "19:16:34.1377935","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MSVCR80.dll","NAME NOT FOUND","Desired Access: Read"
48. "19:16:34.2196559","logger.exe","3388","RegOpenKey","HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers","NAME NOT FOUND","Desired Access: Read"
49. "19:16:34.6790796","logger.exe","3388","RegOpenKey","HKCU\Software\Microsoft\.NETFramewo%USER%","NAME NOT FOUND","Desired Access: Read"
50. "19:16:34.6791240","logger.exe","3388","RegQueryValue","HKLM\SOFTWARE\Microsoft\.NETFramewo%USER%\GCStressStart","NAME NOT FOUND","Length: 144"
51. "19:16:34.6791640","logger.exe","3388","RegOpenKey","HKCU\Software\Microsoft\.NETFramewo%USER%","NAME NOT FOUND","Desired Access: Read"
52. "19:16:34.6791944","logger.exe","3388","RegQueryValue","HKLM\SOFTWARE\Microsoft\.NETFramewo%USER%\GCStressStartAtJit","NAME NOT FOUND","Length: 144"
53. "19:16:34.6792486","logger.exe","3388","RegOpenKey","HKCU\Software\Microsoft\.NETFramewo%USER%","NAME NOT FOUND","Desired Access: Read"
54. "19:16:34.6792783","logger.exe","3388","RegQueryValue","HKLM\SOFTWARE\Microsoft\.NETFramewo%USER%\GCStressStart","NAME NOT FOUND","Length: 144"
55. "19:16:34.6793090","logger.exe","3388","RegOpenKey","HKCU\Software\Microsoft\.NETFramewo%USER%","NAME NOT FOUND","Desired Access: Read"
56. "19:16:34.6793375","logger.exe","3388","RegQueryValue","HKLM\SOFTWARE\Microsoft\.NETFramewo%USER%\GCStressStartAtJit","NAME NOT FOUND","Length: 144"
57. "19:16:34.7323878","logger.exe","3388","RegOpenKey","HKCU\Software\Microsoft\.NETFramewo%USER%","NAME NOT FOUND","Desired Access: Read"
58. "19:16:34.7324252","logger.exe","3388","RegQueryValue","HKLM\SOFTWARE\Microsoft\.NETFramewo%USER%\DisableConfigCache","NAME NOT FOUND","Length: 144"
59. "19:16:34.7329172","logger.exe","3388","RegOpenKey","HKCU\Software\Microsoft\.NETFramewo%USER%","NAME NOT FOUND","Desired Access: Read"
60. "19:16:34.7495696","logger.exe","3388","RegEnumValue","HKLM\SOFTWARE\Microsoft\.NETFramewo%USER%","NO MORE ENTRIES","Index: 1, Length: 220"
61. "19:16:35.1842321","logger.exe","3388","CreateFile","C:\Documents and Settings\%USER%\%Desktop%\logger.exe.config","NAME NOT FOUND","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, AllocationSize: n/a"
62. "19:16:35.2773009","logger.exe","3388","CreateFile","C:\WINDOWS\Microsoft.NET\Framewo%USER%\v2.0.50727\fusion.localgac","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
63. "19:16:35.3526412","logger.exe","3388","RegQueryValue","HKLM\SOFTWARE\Microsoft\Fusion\CacheLocation","NAME NOT FOUND","Length: 144"
64. "19:16:35.4079094","logger.exe","3388","RegQueryValue","HKLM\SOFTWARE\Microsoft\Fusion\DownloadCacheQuotaInKB","NAME NOT FOUND","Length: 144"
65. "19:16:35.4079292","logger.exe","3388","RegOpenKey","HKCU\Software\Microsoft\Fusion","NAME NOT FOUND","Desired Access: Read"
66. "19:16:35.4079985","logger.exe","3388","RegQueryValue","HKLM\SOFTWARE\Microsoft\Fusion\EnableLog","NAME NOT FOUND","Length: 144"
67. "19:16:35.4080153","logger.exe","3388","RegQueryValue","HKLM\SOFTWARE\Microsoft\Fusion\LoggingLevel","NAME NOT FOUND","Length: 144"
68. "19:16:35.4080309","logger.exe","3388","RegQueryValue","HKLM\SOFTWARE\Microsoft\Fusion\ForceLog","NAME NOT FOUND","Length: 144"
69. "19:16:35.4080466","logger.exe","3388","RegQueryValue","HKLM\SOFTWARE\Microsoft\Fusion\LogFailures","NAME NOT FOUND","Length: 144"
70. "19:16:35.4080622","logger.exe","3388","RegQueryValue","HKLM\SOFTWARE\Microsoft\Fusion\LogResourceBinds","NAME NOT FOUND","Length: 144"
71. "19:16:35.4080904","logger.exe","3388","RegQueryValue","HKLM\SOFTWARE\Microsoft\Fusion\UseLegacyIdentityFormat","NAME NOT FOUND","Length: 144"
72. "19:16:35.4081058","logger.exe","3388","RegQueryValue","HKLM\SOFTWARE\Microsoft\Fusion\DisableMSIPeek","NAME NOT FOUND","Length: 144"
73. "19:16:35.5254400","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\.NETFramewo%USER%\Security\Policy\Extensions\NamedPermissionSets","NAME NOT FOUND","Desired Access: Read"
74. "19:16:35.5258146","logger.exe","3388","CreateFile","C:\WINDOWS\Microsoft.NET\Framewo%USER%\v2.0.50727\CONFIG\security.config","NAME NOT FOUND","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, Delete, AllocationSize: n/a"
75. "19:16:35.5299819","logger.exe","3388","CreateFile","C:\WINDOWS\Microsoft.NET\Framewo%USER%\v2.0.50727\CONFIG\security.config.cch","NAME NOT FOUND","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, Delete, AllocationSize: n/a"
76. "19:16:35.5302822","logger.exe","3388","CreateFile","C:\WINDOWS\Microsoft.NET\Framewo%USER%\v2.0.50727\CONFIG\enterprisesec.config","NAME NOT FOUND","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, Delete, AllocationSize: n/a"
77. "19:16:35.5305633","logger.exe","3388","CreateFile","C:\WINDOWS\Microsoft.NET\Framewo%USER%\v2.0.50727\CONFIG\enterprisesec.config.cch","NAME NOT FOUND","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, Delete, AllocationSize: n/a"
78. "19:16:35.7470818","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\shell32.dll","NAME NOT FOUND","Desired Access: Read"
79. "19:16:35.8000118","logger.exe","3388","RegOpenKey","HKCU\Software\Policies\Microsoft\Control Panel\Desktop","NAME NOT FOUND","Desired Access: Read"
80. "19:16:35.8000665","logger.exe","3388","RegQueryValue","HKCU\Control Panel\Desktop\MultiUILanguageId","NAME NOT FOUND","Length: 256"
81. "19:16:35.8693572","logger.exe","3388","CreateFile","C:\WINDOWS\system32\shell32.dll.124.Manifest","NAME NOT FOUND","Desired Access: Generic Read/Execute, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, AllocationSize: n/a"
82. "19:16:35.9565641","logger.exe","3388","CreateFile","C:\WINDOWS\system32\shell32.dll.124.Config","NAME NOT FOUND","Desired Access: Generic Read/Execute, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, AllocationSize: n/a"
83. "19:16:36.1345266","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\Windows\CurrentVersion\SideBySide\AssemblyStorageRoots","NAME NOT FOUND","Desired Access: Enumerate Sub Keys"
84. "19:16:36.1598072","logger.exe","3388","CreateFile","C:\Documents and Settings\%USER%\%Desktop%\logger.exe.Local","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
85. "19:16:36.3327934","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\comctl32.dll","NAME NOT FOUND","Desired Access: Read"
86. "19:16:36.3329429","logger.exe","3388","RegOpenKey","HKCU\Software\Policies\Microsoft\Control Panel\Desktop","NAME NOT FOUND","Desired Access: Read"
87. "19:16:36.3330013","logger.exe","3388","RegQueryValue","HKCU\Control Panel\Desktop\MultiUILanguageId","NAME NOT FOUND","Length: 256"
88. "19:16:36.3616214","logger.exe","3388","CreateFile","C:\WINDOWS\WindowsShell.Config","NAME NOT FOUND","Desired Access: Generic Read/Execute, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, AllocationSize: n/a"
89. "19:16:36.4084888","logger.exe","3388","RegQueryValue","HKCU\Control Panel\Desktop\SmoothScroll","NAME NOT FOUND","Length: 144"
90. "19:16:36.4086366","logger.exe","3388","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\EnableBalloonTips","NAME NOT FOUND","Length: 144"
91. "19:16:36.4623736","logger.exe","3388","RegEnumValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack","NO MORE ENTRIES","Index: 1, Length: 220"
92. "19:16:36.6590947","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\comctl32.dll","NAME NOT FOUND","Desired Access: Read"
93. "19:16:36.7625193","logger.exe","3388","RegOpenKey","HKCU\Software\Policies\Microsoft\Control Panel\Desktop","NAME NOT FOUND","Desired Access: Read"
94. "19:16:36.7625774","logger.exe","3388","RegQueryValue","HKCU\Control Panel\Desktop\MultiUILanguageId","NAME NOT FOUND","Length: 256"
95. "19:16:36.7636798","logger.exe","3388","CreateFile","C:\WINDOWS\system32\comctl32.dll.124.Manifest","NAME NOT FOUND","Desired Access: Generic Read/Execute, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, AllocationSize: n/a"
96. "19:16:36.7641698","logger.exe","3388","CreateFile","C:\WINDOWS\system32\comctl32.dll.124.Config","NAME NOT FOUND","Desired Access: Generic Read/Execute, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, AllocationSize: n/a"
97. "19:16:36.9259244","logger.exe","3388","RegQueryValue","HKCU\Control Panel\Desktop\SmoothScroll","NAME NOT FOUND","Length: 144"
98. "19:16:37.9337528","logger.exe","3388","CreateFile","C:\Documents and Settings\%USER%\Application Data\Microsoft\CLR Security Config\v2.0.50727.42\security.config","PATH NOT FOUND","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, Delete, AllocationSize: n/a"
99. "19:16:37.9339170","logger.exe","3388","CreateFile","C:\Documents and Settings\%USER%\Application Data\Microsoft\CLR Security Config\v2.0.50727.42\security.config.cch","PATH NOT FOUND","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, Delete, AllocationSize: n/a"
100. "19:16:37.9339936","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\.NETFramewo%USER%\v2.0.50727\Security\Policy","NAME NOT FOUND","Desired Access: Read"
101. "19:16:38.8594911","logger.exe","3388","RegEnumKey","HKLM\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\3c74e9a9","NO MORE ENTRIES","Index: 1, Length: 288"
102. "19:16:38.8599082","logger.exe","3388","RegQueryValue","HKLM\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\3c74e9a9\1\EvalationData","NAME NOT FOUND","Length: 144"
103. "19:16:38.8599867","logger.exe","3388","RegQueryValue","HKLM\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\3c74e9a9\1\NIDependencies","NAME NOT FOUND","Length: 144"
104. "19:16:38.8600096","logger.exe","3388","RegQueryValue","HKLM\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\3c74e9a9\1\MissingDependencies","NAME NOT FOUND","Length: 144"
105. "19:16:38.9035104","logger.exe","3388","RegQueryValue","HKLM\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\319545b3\1\Modules","BUFFER OVERFLOW","Length: 144"
106. "19:16:39.7740596","logger.exe","3388","QueryDirectory","C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.INI","NO SUCH FILE","Filter: mscorlib.INI"
107. "19:16:40.7097201","logger.exe","3388","CreateFile","C:\WINDOWS\Microsoft.NET\Framewo%USER%\v2.0.50727\ole32.dll","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
108. "19:16:40.7111309","logger.exe","3388","CreateFile","C:\WINDOWS\Microsoft.NET\Framewo%USER%\v2.0.50727\ole32.dll","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
109. "19:16:40.7120374","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ole32.dll","NAME NOT FOUND","Desired Access: Read"
110. "19:16:40.7322638","logger.exe","3388","RegQueryValue","HKLM\SOFTWARE\Microsoft\Ole\RWLockResourceTimeOut","NAME NOT FOUND","Length: 144"
111. "19:16:40.7324836","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mscorlib.ni.dll","NAME NOT FOUND","Desired Access: Read"
112. "19:16:40.7978257","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\uxtheme.dll","NAME NOT FOUND","Desired Access: Read"
113. "19:16:40.7980115","logger.exe","3388","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\ThemeManager\Compositing","NAME NOT FOUND","Length: 144"
114. "19:16:40.8004356","logger.exe","3388","RegQueryValue","HKCU\Control Panel\Desktop\LameButtonText","NAME NOT FOUND","Length: 144"
115. "19:16:40.8564396","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MSCTF.dll","NAME NOT FOUND","Desired Access: Read"
116. "19:16:40.8618939","logger.exe","3388","RegOpenKey","HKLM\SOFTWARE\Microsoft\CTF\Compatibility\logger.exe","NAME NOT FOUND","Desired Access: Read"
117. "19:16:40.8621814","logger.exe","3388","RegQueryValue","HKCU\Keyboard Layout\Toggle\Language Hotkey","NAME NOT FOUND","Length: 144"
118. "19:16:40.8622001","logger.exe","3388","RegQueryValue","HKCU\Keyboard Layout\Toggle\Hotkey","NAME NOT FOUND","Length: 144"
119. "19:16:40.8622183","logger.exe","3388","RegQueryValue","HKCU\Keyboard Layout\Toggle\Layout Hotkey","NAME NOT FOUND","Length: 144"
120. "19:16:40.8639844","logger.exe","3388","RegOpenKey","HKCU\Software\Policies\Microsoft\Control Panel\Desktop","NAME NOT FOUND","Desired Access: Read"
121. "19:16:40.8640386","logger.exe","3388","RegQueryValue","HKCU\Control Panel\Desktop\MultiUILanguageId","NAME NOT FOUND","Length: 256"
122. "19:16:40.8641537","logger.exe","3388","RegQueryValue","HKLM\SOFTWARE\Microsoft\CTF\EnableAnchorContext","NAME NOT FOUND","Length: 144"
123. "19:16:41.1941320","logger.exe","3388","CreateFile","C:\Documents and Settings\%USER%\%Desktop%\logger.exe.config","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
124. "19:16:41.1949318","logger.exe","3388","RegOpenKey","HKLM\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\39918b11\6066a7f4","NAME NOT FOUND","Desired Access: Read"
125. "19:16:41.1955430","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\StrongName","NAME NOT FOUND","Desired Access: Read"
126. "19:16:41.2112889","logger.exe","3388","QueryDirectory","C:\Documents and Settings\%USER%\%Desktop%\sample1.INI","NO SUCH FILE","Filter: sample1.INI"
127. "19:16:41.3144827","logger.exe","3388","RegOpenKey","HKCU\Software\Policies\Microsoft\Control Panel\Desktop","NAME NOT FOUND","Desired Access: Read"
128. "19:16:41.3145190","logger.exe","3388","RegQueryValue","HKCU\Control Panel\Desktop\MultiUILanguageId","NAME NOT FOUND","Length: 256"
129. "19:16:41.3146864","logger.exe","3388","CreateFile","C:\WINDOWS\Microsoft.NET\Framewo%USER%\v2.0.50727\mscorjit.dll.2.Manifest","NAME NOT FOUND","Desired Access: Generic Read/Execute, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, AllocationSize: n/a"
130. "19:16:41.3149129","logger.exe","3388","CreateFile","C:\WINDOWS\Microsoft.NET\Framewo%USER%\v2.0.50727\mscorjit.dll.2.Config","NAME NOT FOUND","Desired Access: Generic Read/Execute, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, AllocationSize: n/a"
131. "19:16:41.3296916","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\Windows\CurrentVersion\SideBySide\AssemblyStorageRoots","NAME NOT FOUND","Desired Access: Enumerate Sub Keys"
132. "19:16:41.3299339","logger.exe","3388","CreateFile","C:\Documents and Settings\%USER%\%Desktop%\logger.exe.Local","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
133. "19:16:41.3323445","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mscorjit.dll","NAME NOT FOUND","Desired Access: Read"
134. "19:16:41.8394964","logger.exe","3388","CreateFile","C:\WINDOWS\Globalization\ja-jp.nlp","PATH NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
135. "19:16:41.8399973","logger.exe","3388","RegOpenKey","HKCU\Software\Policies\Microsoft\Control Panel\Desktop","NAME NOT FOUND","Desired Access: Read"
136. "19:16:41.8400557","logger.exe","3388","RegQueryValue","HKCU\Control Panel\Desktop\MultiUILanguageId","NAME NOT FOUND","Length: 256"
137. "19:16:42.2323502","logger.exe","3388","CreateFile","C:\Documents and Settings\%USER%\%Desktop%\logger.exe.config","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
138. "19:16:42.2456377","logger.exe","3388","CreateFile","C:\WINDOWS\assembly\GAC\PublisherPolicy.tme","PATH NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
139. "19:16:42.2494834","logger.exe","3388","RegOpenKey","HKLM\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7bf84e28\65b1aef9","NAME NOT FOUND","Desired Access: Read"
140. "19:16:42.2502240","logger.exe","3388","CreateFile","C:\Documents and Settings\%USER%\%Desktop%\ja-JP\logger.resources.dll","PATH NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
141. "19:16:42.2505422","logger.exe","3388","CreateFile","C:\Documents and Settings\%USER%\%Desktop%\ja-JP\logger.resources\logger.resources.dll","PATH NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
142. "19:16:42.2508509","logger.exe","3388","CreateFile","C:\Documents and Settings\%USER%\%Desktop%\ja-JP\logger.resources.exe","PATH NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
143. "19:16:42.2511607","logger.exe","3388","CreateFile","C:\Documents and Settings\%USER%\%Desktop%\ja-JP\logger.resources\logger.resources.exe","PATH NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
144. "19:16:42.2589385","logger.exe","3388","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-1214440339-926492609-1644491937-1003\Installer\Assemblies\C:|Documents and Settings|%USER%|%Desktop%|logger.exe","NAME NOT FOUND","Desired Access: Read"
145. "19:16:42.2965461","logger.exe","3388","RegOpenKey","HKCU\Software\Microsoft\Installer\Assemblies\C:|Documents and Settings|%USER%|%Desktop%|logger.exe","NAME NOT FOUND","Desired Access: Read"
146. "19:16:42.2966254","logger.exe","3388","RegOpenKey","HKCR\Installer\Assemblies\C:|Documents and Settings|%USER%|%Desktop%|logger.exe","NAME NOT FOUND","Desired Access: Read"
147. "19:16:42.3327591","logger.exe","3388","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-1214440339-926492609-1644491937-1003\Installer\Assemblies\Global","NAME NOT FOUND","Desired Access: Read"
148. "19:16:42.3327973","logger.exe","3388","RegOpenKey","HKCU\Software\Microsoft\Installer\Assemblies\Global","NAME NOT FOUND","Desired Access: Read"
149. "19:16:42.3328289","logger.exe","3388","RegOpenKey","HKCR\Installer\Assemblies\Global","NAME NOT FOUND","Desired Access: Read"
150. "19:16:42.3812250","logger.exe","3388","RegOpenKey","HKCU\Software\Policies\Microsoft\Control Panel\Desktop","NAME NOT FOUND","Desired Access: Read"
151. "19:16:42.3812820","logger.exe","3388","RegQueryValue","HKCU\Control Panel\Desktop\MultiUILanguageId","NAME NOT FOUND","Length: 256"
152. "19:16:42.3822254","logger.exe","3388","CreateFile","C:\WINDOWS\Microsoft.NET\Framewo%USER%\v2.0.50727\culture.dll.2.Manifest","NAME NOT FOUND","Desired Access: Generic Read/Execute, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, AllocationSize: n/a"
153. "19:16:42.3825822","logger.exe","3388","CreateFile","C:\WINDOWS\Microsoft.NET\Framewo%USER%\v2.0.50727\culture.dll.2.Config","NAME NOT FOUND","Desired Access: Generic Read/Execute, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, AllocationSize: n/a"
154. "19:16:42.4113179","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\Windows\CurrentVersion\SideBySide\AssemblyStorageRoots","NAME NOT FOUND","Desired Access: Enumerate Sub Keys"
155. "19:16:42.4117510","logger.exe","3388","CreateFile","C:\Documents and Settings\%USER%\%Desktop%\logger.exe.Local","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
156. "19:16:42.4257988","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\culture.dll","NAME NOT FOUND","Desired Access: Read"
157. "19:16:42.4276647","logger.exe","3388","CreateFile","C:\WINDOWS\Microsoft.NET\Framewo%USER%\v2.0.50727\ja-JP\mscorrc.dll","PATH NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
158. "19:16:42.4282693","logger.exe","3388","CreateFile","C:\WINDOWS\Microsoft.NET\Framewo%USER%\v2.0.50727\ja-JP\mscorrc.dll","PATH NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
159. "19:16:42.4293023","logger.exe","3388","CreateFile","C:\WINDOWS\Microsoft.NET\Framewo%USER%\v2.0.50727\ja-JP\mscorrc.dll.DLL","PATH NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
160. "19:16:42.4307975","logger.exe","3388","CreateFile","C:\WINDOWS\Microsoft.NET\Framewo%USER%\v2.0.50727\ja\mscorrc.dll","PATH NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
161. "19:16:42.4313976","logger.exe","3388","CreateFile","C:\WINDOWS\Microsoft.NET\Framewo%USER%\v2.0.50727\ja\mscorrc.dll","PATH NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
162. "19:16:42.4319856","logger.exe","3388","CreateFile","C:\WINDOWS\Microsoft.NET\Framewo%USER%\v2.0.50727\ja\mscorrc.dll.DLL","PATH NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
163. "19:16:42.4686397","logger.exe","3388","CreateFile","C:\WINDOWS\Globalization\ja.nlp","PATH NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
164. "19:16:42.4689549","logger.exe","3388","RegOpenKey","HKLM\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7bf84e28\5af76302","NAME NOT FOUND","Desired Access: Read"
165. "19:16:42.4696396","logger.exe","3388","CreateFile","C:\Documents and Settings\%USER%\%Desktop%\ja\logger.resources.dll","PATH NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
166. "19:16:42.4699486","logger.exe","3388","CreateFile","C:\Documents and Settings\%USER%\%Desktop%\ja\logger.resources\logger.resources.dll","PATH NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
167. "19:16:42.4702388","logger.exe","3388","CreateFile","C:\Documents and Settings\%USER%\%Desktop%\ja\logger.resources.exe","PATH NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
168. "19:16:42.4705425","logger.exe","3388","CreateFile","C:\Documents and Settings\%USER%\%Desktop%\ja\logger.resources\logger.resources.exe","PATH NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
169. "19:16:42.4706791","logger.exe","3388","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-1214440339-926492609-1644491937-1003\Installer\Assemblies\C:|Documents and Settings|%USER%|%Desktop%|logger.exe","NAME NOT FOUND","Desired Access: Read"
170. "19:16:42.4707355","logger.exe","3388","RegOpenKey","HKCU\Software\Microsoft\Installer\Assemblies\C:|Documents and Settings|%USER%|%Desktop%|logger.exe","NAME NOT FOUND","Desired Access: Read"
171. "19:16:42.4842677","logger.exe","3388","RegOpenKey","HKCR\Installer\Assemblies\C:|Documents and Settings|%USER%|%Desktop%|logger.exe","NAME NOT FOUND","Desired Access: Read"
172. "19:16:42.4843130","logger.exe","3388","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-1214440339-926492609-1644491937-1003\Installer\Assemblies\Global","NAME NOT FOUND","Desired Access: Read"
173. "19:16:42.4843476","logger.exe","3388","RegOpenKey","HKCU\Software\Microsoft\Installer\Assemblies\Global","NAME NOT FOUND","Desired Access: Read"
174. "19:16:42.4843716","logger.exe","3388","RegOpenKey","HKCR\Installer\Assemblies\Global","NAME NOT FOUND","Desired Access: Read"
175. "19:16:43.2070059","logger.exe","3388","RegEnumKey","HKLM\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\69db6748","NO MORE ENTRIES","Index: 1, Length: 288"
176. "19:16:43.2074862","logger.exe","3388","RegQueryValue","HKLM\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\69db6748\3\EvalationData","NAME NOT FOUND","Length: 144"
177. "19:16:43.2075177","logger.exe","3388","RegQueryValue","HKLM\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\69db6748\3\ILDependencies","BUFFER OVERFLOW","Length: 144"
178. "19:16:43.2075781","logger.exe","3388","RegQueryValue","HKLM\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\69db6748\3\MissingDependencies","NAME NOT FOUND","Length: 144"
179. "19:16:43.2110347","logger.exe","3388","RegQueryValue","HKLM\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2995e574\17\Modules","NAME NOT FOUND","Length: 144"
180. "19:16:43.2112054","logger.exe","3388","RegQueryValue","HKLM\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\291a02d0\7\Modules","NAME NOT FOUND","Length: 144"
181. "19:16:43.2115194","logger.exe","3388","RegQueryValue","HKLM\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\3914f670\b\Modules","NAME NOT FOUND","Length: 144"
182. "19:16:43.2116800","logger.exe","3388","RegQueryValue","HKLM\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\67e63d5c\6\Modules","NAME NOT FOUND","Length: 144"
183. "19:16:43.2118038","logger.exe","3388","RegQueryValue","HKLM\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\4426ac2f\f\DisplayName","BUFFER OVERFLOW","Length: 144"
184. "19:16:43.2118605","logger.exe","3388","RegQueryValue","HKLM\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\4426ac2f\f\Modules","NAME NOT FOUND","Length: 144"
185. "19:16:43.2122049","logger.exe","3388","RegQueryValue","HKLM\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\7f729234\18\Modules","NAME NOT FOUND","Length: 144"
186. "19:16:43.2123656","logger.exe","3388","RegQueryValue","HKLM\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\268e923b\a\Modules","NAME NOT FOUND","Length: 144"
187. "19:16:43.2125742","logger.exe","3388","RegQueryValue","HKLM\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\1d498232\8\EvalationData","NAME NOT FOUND","Length: 144"
188. "19:16:43.2126402","logger.exe","3388","RegQueryValue","HKLM\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\1d498232\8\MissingDependencies","NAME NOT FOUND","Length: 144"
189. "19:16:43.2127754","logger.exe","3388","RegQueryValue","HKLM\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6e9ac653\8\Modules","NAME NOT FOUND","Length: 144"
190. "19:16:43.2129869","logger.exe","3388","RegQueryValue","HKLM\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\31de29a4\5\EvalationData","NAME NOT FOUND","Length: 144"
191. "19:16:43.2130503","logger.exe","3388","RegQueryValue","HKLM\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\31de29a4\5\MissingDependencies","NAME NOT FOUND","Length: 144"
192. "19:16:43.2131685","logger.exe","3388","RegQueryValue","HKLM\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\3fcdfaca\11\Modules","NAME NOT FOUND","Length: 144"
193. "19:16:43.6667026","logger.exe","3388","QueryDirectory","C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.INI","NO SUCH FILE","Filter: System.Windows.Forms.INI"
194. "19:16:43.6774814","logger.exe","3388","RegOpenKey","HKLM\SOFTWARE\Microsoft\.NETFramewo%USER%\Policy\APTCA","NAME NOT FOUND","Desired Access: Read"
195. "19:16:43.7504041","logger.exe","3388","QueryDirectory","C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.INI","NO SUCH FILE","Filter: System.INI"
196. "19:16:43.8174771","logger.exe","3388","QueryDirectory","C:\WINDOWS\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.INI","NO SUCH FILE","Filter: System.Drawing.INI"
197. "19:17:45.4591584","logger.exe","3388","RegEnumKey","HKLM\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\7d04a1bb","NO MORE ENTRIES","Index: 1, Length: 288"
198. "19:17:45.4595355","logger.exe","3388","RegQueryValue","HKLM\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\7d04a1bb\2\EvalationData","NAME NOT FOUND","Length: 144"
199. "19:17:45.4596517","logger.exe","3388","RegQueryValue","HKLM\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\7d04a1bb\2\MissingDependencies","NAME NOT FOUND","Length: 144"
200. "19:17:45.4598573","logger.exe","3388","RegQueryValue","HKLM\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\75638fee\19057a88\16\Modules","NAME NOT FOUND","Length: 144"
201. "19:17:45.5759637","logger.exe","3388","QueryDirectory","C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.INI","NO SUCH FILE","Filter: System.Xml.INI"
202. "19:17:45.7134527","logger.exe","3388","ReadFile","C:\WINDOWS\Microsoft.NET\Framewo%USER%\v2.0.50727\CONFIG\machine.config","END OF FILE","Offset: 20,057, Length: 4,096"
203. "19:17:45.7140438","logger.exe","3388","CreateFile","C:\Documents and Settings\%USER%\%Desktop%\logger.exe.config","NAME NOT FOUND","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Open No Recall, Attributes: n/a, ShareMode: Read, AllocationSize: n/a"
204. "19:17:45.8222428","logger.exe","3388","CreateFile","C:\WINDOWS\Globalization\en-us.nlp","PATH NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
205. "19:17:45.8511090","logger.exe","3388","RegOpenKey","HKLM\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5e8c75c\622dbd87","NAME NOT FOUND","Desired Access: Read"
206. "19:17:45.8513515","logger.exe","3388","CreateFile","C:\WINDOWS\assembly\GAC_32\mscorlib.resources\2.0.0.0_ja-JP_b77a5c561934e089","PATH NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
207. "19:17:45.8516264","logger.exe","3388","CreateFile","C:\WINDOWS\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_ja-JP_b77a5c561934e089","PATH NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
208. "19:17:45.8518949","logger.exe","3388","CreateFile","C:\WINDOWS\assembly\GAC\mscorlib.resources\2.0.0.0_ja-JP_b77a5c561934e089","PATH NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
209. "19:17:45.8526710","logger.exe","3388","CreateFile","C:\Documents and Settings\%USER%\%Desktop%\ja-JP\mscorlib.resources.dll","PATH NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
210. "19:17:45.8529875","logger.exe","3388","CreateFile","C:\Documents and Settings\%USER%\%Desktop%\ja-JP\mscorlib.resources\mscorlib.resources.dll","PATH NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
211. "19:17:45.8532875","logger.exe","3388","CreateFile","C:\Documents and Settings\%USER%\%Desktop%\ja-JP\mscorlib.resources.exe","PATH NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
212. "19:17:45.8535962","logger.exe","3388","CreateFile","C:\Documents and Settings\%USER%\%Desktop%\ja-JP\mscorlib.resources\mscorlib.resources.exe","PATH NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
213. "19:17:45.8537351","logger.exe","3388","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-1214440339-926492609-1644491937-1003\Installer\Assemblies\C:|Documents and Settings|%USER%|%Desktop%|logger.exe","NAME NOT FOUND","Desired Access: Read"
214. "19:17:45.8537968","logger.exe","3388","RegOpenKey","HKCU\Software\Microsoft\Installer\Assemblies\C:|Documents and Settings|%USER%|%Desktop%|logger.exe","NAME NOT FOUND","Desired Access: Read"
215. "19:17:45.8538379","logger.exe","3388","RegOpenKey","HKCR\Installer\Assemblies\C:|Documents and Settings|%USER%|%Desktop%|logger.exe","NAME NOT FOUND","Desired Access: Read"
216. "19:17:45.8538823","logger.exe","3388","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-1214440339-926492609-1644491937-1003\Installer\Assemblies\Global","NAME NOT FOUND","Desired Access: Read"
217. "19:17:45.8539169","logger.exe","3388","RegOpenKey","HKCU\Software\Microsoft\Installer\Assemblies\Global","NAME NOT FOUND","Desired Access: Read"
218. "19:17:45.8539415","logger.exe","3388","RegOpenKey","HKCR\Installer\Assemblies\Global","NAME NOT FOUND","Desired Access: Read"
219. "19:17:45.8726573","logger.exe","3388","RegOpenKey","HKLM\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5e8c75c\223aaab6","NAME NOT FOUND","Desired Access: Read"
220. "19:17:45.8728906","logger.exe","3388","CreateFile","C:\WINDOWS\assembly\GAC_32\mscorlib.resources\2.0.0.0_ja_b77a5c561934e089","PATH NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
221. "19:17:45.8731599","logger.exe","3388","CreateFile","C:\WINDOWS\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_ja_b77a5c561934e089","PATH NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
222. "19:17:45.8734166","logger.exe","3388","CreateFile","C:\WINDOWS\assembly\GAC\mscorlib.resources\2.0.0.0_ja_b77a5c561934e089","PATH NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
223. "19:17:45.8741039","logger.exe","3388","CreateFile","C:\Documents and Settings\%USER%\%Desktop%\ja\mscorlib.resources.dll","PATH NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
224. "19:17:45.8744139","logger.exe","3388","CreateFile","C:\Documents and Settings\%USER%\%Desktop%\ja\mscorlib.resources\mscorlib.resources.dll","PATH NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
225. "19:17:45.8751124","logger.exe","3388","CreateFile","C:\Documents and Settings\%USER%\%Desktop%\ja\mscorlib.resources.exe","PATH NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
226. "19:17:45.8754191","logger.exe","3388","CreateFile","C:\Documents and Settings\%USER%\%Desktop%\ja\mscorlib.resources\mscorlib.resources.exe","PATH NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
227. "19:17:45.8755535","logger.exe","3388","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-1214440339-926492609-1644491937-1003\Installer\Assemblies\C:|Documents and Settings|%USER%|%Desktop%|logger.exe","NAME NOT FOUND","Desired Access: Read"
228. "19:17:45.8756077","logger.exe","3388","RegOpenKey","HKCU\Software\Microsoft\Installer\Assemblies\C:|Documents and Settings|%USER%|%Desktop%|logger.exe","NAME NOT FOUND","Desired Access: Read"
229. "19:17:45.8756473","logger.exe","3388","RegOpenKey","HKCR\Installer\Assemblies\C:|Documents and Settings|%USER%|%Desktop%|logger.exe","NAME NOT FOUND","Desired Access: Read"
230. "19:17:45.8756898","logger.exe","3388","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-1214440339-926492609-1644491937-1003\Installer\Assemblies\Global","NAME NOT FOUND","Desired Access: Read"
231. "19:17:45.8757228","logger.exe","3388","RegOpenKey","HKCU\Software\Microsoft\Installer\Assemblies\Global","NAME NOT FOUND","Desired Access: Read"
232. "19:17:45.8757460","logger.exe","3388","RegOpenKey","HKCR\Installer\Assemblies\Global","NAME NOT FOUND","Desired Access: Read"
233. "19:17:46.2585955","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\version.dll","NAME NOT FOUND","Desired Access: Read"
234. "19:17:46.2586418","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\System.ni.dll","NAME NOT FOUND","Desired Access: Read"
235. "19:17:46.2586955","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\System.Drawing.ni.dll","NAME NOT FOUND","Desired Access: Read"
236. "19:17:46.2587368","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\System.Windows.Forms.ni.dll","NAME NOT FOUND","Desired Access: Read"
237. "19:17:46.2587796","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\System.Xml.ni.dll","NAME NOT FOUND","Desired Access: Read"
238. "19:17:46.2779538","logger.exe","3388","RegOpenKey","HKCU\Software\Policies\Microsoft\Control Panel\Desktop","NAME NOT FOUND","Desired Access: Read"
239. "19:17:46.2780124","logger.exe","3388","RegQueryValue","HKCU\Control Panel\Desktop\MultiUILanguageId","NAME NOT FOUND","Length: 256"
240. "19:17:46.3818829","logger.exe","3388","CreateFile","C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\shell32.dll","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
241. "19:17:46.3848931","logger.exe","3388","CreateFile","C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\shell32.dll","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
242. "19:17:46.4086151","logger.exe","3388","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MaximizeApps","NAME NOT FOUND","Length: 144"
243. "19:17:46.4086841","logger.exe","3388","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MaximizeApps","NAME NOT FOUND","Length: 144"
244. "19:17:46.4345312","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\netapi32.dll","NAME NOT FOUND","Desired Access: Read"
245. "19:17:46.4346784","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\Rpc\PagedBuffers","NAME NOT FOUND","Desired Access: Read"
246. "19:17:46.4347419","logger.exe","3388","RegQueryValue","HKLM\SOFTWARE\Microsoft\Rpc\MaxRpcSize","NAME NOT FOUND","Length: 144"
247. "19:17:46.4347905","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\logger.exe\RpcThreadPoolThrottle","NAME NOT FOUND","Desired Access: Read"
248. "19:17:46.4348813","logger.exe","3388","RegOpenKey","HKLM\Software\Policies\Microsoft\Windows NT\Rpc","NAME NOT FOUND","Desired Access: Read"
249. "19:17:46.4542457","logger.exe","3388","CreateFile","C:\Documents and Settings\%USER%\%Desktop%\cmd.exe","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
250. "19:17:46.4728752","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer","NAME NOT FOUND","Desired Access: Query Value"
251. "19:17:46.4729537","logger.exe","3388","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoNetHood","NAME NOT FOUND","Length: 144"
252. "19:17:46.4730191","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer","NAME NOT FOUND","Desired Access: Query Value"
253. "19:17:46.4730822","logger.exe","3388","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoPropertiesMyComputer","NAME NOT FOUND","Length: 144"
254. "19:17:46.4731392","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer","NAME NOT FOUND","Desired Access: Query Value"
255. "19:17:46.4732007","logger.exe","3388","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoInternetIcon","NAME NOT FOUND","Length: 144"
256. "19:17:46.4733300","logger.exe","3388","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Applications\logger.exe","NAME NOT FOUND","Desired Access: Query Value, Enumerate Sub Keys"
257. "19:17:46.4897874","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer","NAME NOT FOUND","Desired Access: Query Value"
258. "19:17:46.4898561","logger.exe","3388","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoCommonGroups","NAME NOT FOUND","Length: 144"
259. "19:17:46.4984720","logger.exe","3388","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\{1f4de370-d627-11d1-ba4f-00a0c91eedba}\SuppressionPolicy","NAME NOT FOUND","Length: 144"
260. "19:17:46.4986078","logger.exe","3388","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\{450D8FBA-AD25-11D0-98A8-0800361B1103}\SuppressionPolicy","NAME NOT FOUND","Length: 144"
261. "19:17:46.4987391","logger.exe","3388","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\{645FF040-5081-101B-9F08-00AA002F954E}\SuppressionPolicy","NAME NOT FOUND","Length: 144"
262. "19:17:46.4988634","logger.exe","3388","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\{e17d4fc0-5564-11d1-83f2-00a0c90dc849}\SuppressionPolicy","NAME NOT FOUND","Length: 144"
263. "19:17:46.4989246","logger.exe","3388","RegEnumKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace","NO MORE ENTRIES","Index: 4, Length: 288"
264. "19:17:46.4989721","logger.exe","3388","RegOpenKey","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace","NAME NOT FOUND","Desired Access: Read"
265. "19:17:46.4992154","logger.exe","3388","RegOpenKey","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\000000000000d5c0\Desktop\NameSpace","NAME NOT FOUND","Desired Access: Read"
266. "19:17:46.4993906","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder","NAME NOT FOUND","Desired Access: Maximum Allowed"
267. "19:17:46.5026226","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder","NAME NOT FOUND","Desired Access: Maximum Allowed"
268. "19:17:46.5026583","logger.exe","3388","RegQueryValue","HKCR\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\WantsParseDisplayName","NAME NOT FOUND","Length: 144"
269. "19:17:46.5027418","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder","NAME NOT FOUND","Desired Access: Maximum Allowed"
270. "19:17:46.5165020","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder","NAME NOT FOUND","Desired Access: Maximum Allowed"
271. "19:17:46.5165369","logger.exe","3388","RegQueryValue","HKCR\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\WantsParseDisplayName","NAME NOT FOUND","Length: 144"
272. "19:17:46.5166190","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder","NAME NOT FOUND","Desired Access: Maximum Allowed"
273. "19:17:46.5219873","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder","NAME NOT FOUND","Desired Access: Maximum Allowed"
274. "19:17:46.5220918","logger.exe","3388","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Objects\{871C5380-42A0-1069-A2EA-08002B30309D}","NAME NOT FOUND","Desired Access: Query Value"
275. "19:17:46.5221745","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\InProcServer32","NAME NOT FOUND","Desired Access: Query Value"
276. "19:17:46.5222798","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\InProcServer32","NAME NOT FOUND","Desired Access: Maximum Allowed"
277. "19:17:46.5223860","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\InProcServer32","NAME NOT FOUND","Desired Access: Maximum Allowed"
278. "19:17:46.5224189","logger.exe","3388","RegQueryValue","HKCR\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\InProcServer32\LoadWithoutCOM","NAME NOT FOUND","Length: 144"
279. "19:17:46.5441468","logger.exe","3388","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Blocked\{871C5380-42A0-1069-A2EA-08002B30309D}","NAME NOT FOUND","Length: 144"
280. "19:17:46.5445536","logger.exe","3388","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Blocked\{871C5380-42A0-1069-A2EA-08002B30309D}","NAME NOT FOUND","Length: 144"
281. "19:17:46.5445840","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer","NAME NOT FOUND","Desired Access: Query Value"
282. "19:17:46.5446502","logger.exe","3388","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\EnforceShellExtensionSecurity","NAME NOT FOUND","Length: 144"
283. "19:17:46.5447522","logger.exe","3388","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{871C5380-42A0-1069-A2EA-08002B30309D} {000214E6-0000-0000-C000-000000000046} 0x401","NAME NOT FOUND","Length: 144"
284. "19:17:46.5800263","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\appHelp.dll","NAME NOT FOUND","Desired Access: Read"
285. "19:17:46.5801427","logger.exe","3388","RegQueryValue","HKLM\System\CurrentControlSet\Control\Session Manager\AppCompatibility\DisableAppCompat","NAME NOT FOUND","Length: 20"
286. "19:17:46.5823419","logger.exe","3388","RegOpenKey","HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers","NAME NOT FOUND","Desired Access: Read"
287. "19:17:46.5894571","logger.exe","3388","CreateFile","C:\Documents and Settings\%USER%\%Desktop%\CLBCATQ.DLL","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
288. "19:17:46.5986286","logger.exe","3388","CreateFile","C:\Documents and Settings\%USER%\%Desktop%\COMRes.dll","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
289. "19:17:46.7043879","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\COMRes.dll","NAME NOT FOUND","Desired Access: Read"
290. "19:17:46.7044488","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\OLEAUT32.dll","NAME NOT FOUND","Desired Access: Read"
291. "19:17:46.7050136","logger.exe","3388","RegOpenKey","HKLM\SOFTWARE\Microsoft\OLEAUT","NAME NOT FOUND","Desired Access: Query Value"
292. "19:17:46.7134725","logger.exe","3388","RegOpenKey","HKLM\SOFTWARE\Microsoft\OLEAUT\UserEra","NAME NOT FOUND","Desired Access: Query Value, Enumerate Sub Keys"
293. "19:17:46.7135022","logger.exe","3388","RegOpenKey","HKLM\SOFTWARE\Microsoft\OLEAUT","NAME NOT FOUND","Desired Access: Query Value"
294. "19:17:46.7135270","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CLBCATQ.DLL","NAME NOT FOUND","Desired Access: Read"
295. "19:17:46.7281141","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\COM3\Debug","NAME NOT FOUND","Desired Access: All Access"
296. "19:17:46.7281381","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\COM3\Debug","NAME NOT FOUND","Desired Access: Read"
297. "19:17:46.7282186","logger.exe","3388","RegQueryValue","HKLM\SOFTWARE\Microsoft\Ole\MinimumFreeMemPercentageToCreateProcess","NAME NOT FOUND","Length: 144"
298. "19:17:46.7282389","logger.exe","3388","RegQueryValue","HKLM\SOFTWARE\Microsoft\Ole\MinimumFreeMemPercentageToCreateObject","NAME NOT FOUND","Length: 144"
299. "19:17:46.7428361","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}","NAME NOT FOUND","Desired Access: Read"
300. "19:17:46.7429330","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\TreatAs","NAME NOT FOUND","Desired Access: Query Value"
301. "19:17:46.7429646","logger.exe","3388","RegOpenKey","HKCR\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\TreatAs","NAME NOT FOUND","Desired Access: Query Value"
302. "19:17:46.7430906","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}","NAME NOT FOUND","Desired Access: Read"
303. "19:17:46.7431772","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\InprocServer32","NAME NOT FOUND","Desired Access: Maximum Allowed"
304. "19:17:46.7432833","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\InProcServer32","NAME NOT FOUND","Desired Access: Maximum Allowed"
305. "19:17:46.7433171","logger.exe","3388","RegQueryValue","HKCR\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\InProcServer32\InprocServer32","NAME NOT FOUND","Length: 144"
306. "19:17:46.7434074","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\InprocServerX86","NAME NOT FOUND","Desired Access: Maximum Allowed"
307. "19:17:46.7434395","logger.exe","3388","RegOpenKey","HKCR\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\InprocServerX86","NAME NOT FOUND","Desired Access: Maximum Allowed"
308. "19:17:46.7434945","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\LocalServer32","NAME NOT FOUND","Desired Access: Maximum Allowed"
309. "19:17:46.7435258","logger.exe","3388","RegOpenKey","HKCR\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\LocalServer32","NAME NOT FOUND","Desired Access: Maximum Allowed"
310. "19:17:46.7435811","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\InprocServer32","NAME NOT FOUND","Desired Access: Maximum Allowed"
311. "19:17:46.7436792","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\InProcServer32","NAME NOT FOUND","Desired Access: Maximum Allowed"
312. "19:17:46.7438138","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\InprocHandler32","NAME NOT FOUND","Desired Access: Maximum Allowed"
313. "19:17:46.7438454","logger.exe","3388","RegOpenKey","HKCR\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\InprocHandler32","NAME NOT FOUND","Desired Access: Maximum Allowed"
314. "19:17:46.7439004","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\InprocHandlerX86","NAME NOT FOUND","Desired Access: Maximum Allowed"
315. "19:17:46.7439314","logger.exe","3388","RegOpenKey","HKCR\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\InprocHandlerX86","NAME NOT FOUND","Desired Access: Maximum Allowed"
316. "19:17:46.7439862","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\LocalServer32","NAME NOT FOUND","Desired Access: Maximum Allowed"
317. "19:17:46.7440166","logger.exe","3388","RegOpenKey","HKCR\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\LocalServer32","NAME NOT FOUND","Desired Access: Maximum Allowed"
318. "19:17:46.7440697","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\LocalServer","NAME NOT FOUND","Desired Access: Maximum Allowed"
319. "19:17:46.7440996","logger.exe","3388","RegOpenKey","HKCR\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\LocalServer","NAME NOT FOUND","Desired Access: Maximum Allowed"
320. "19:17:46.7441418","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}","NAME NOT FOUND","Desired Access: Read"
321. "19:17:46.7442245","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}","NAME NOT FOUND","Desired Access: Maximum Allowed"
322. "19:17:46.7442533","logger.exe","3388","RegQueryValue","HKCR\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\AppID","NAME NOT FOUND","Length: 144"
323. "19:17:46.7444106","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}","NAME NOT FOUND","Desired Access: Read"
324. "19:17:46.7445229","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}","NAME NOT FOUND","Desired Access: Read"
325. "19:17:46.7446067","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\InprocServer32","NAME NOT FOUND","Desired Access: Maximum Allowed"
326. "19:17:46.7447070","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\InProcServer32","NAME NOT FOUND","Desired Access: Maximum Allowed"
327. "19:17:46.7448788","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}","NAME NOT FOUND","Desired Access: Read"
328. "19:17:46.7449665","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\TreatAs","NAME NOT FOUND","Desired Access: Query Value"
329. "19:17:46.7449972","logger.exe","3388","RegOpenKey","HKCR\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\TreatAs","NAME NOT FOUND","Desired Access: Query Value"
330. "19:17:47.1890014","logger.exe","3388","RegOpenKey","HKCU\Software\Policies\Microsoft\Control Panel\Desktop","NAME NOT FOUND","Desired Access: Read"
331. "19:17:47.1890397","logger.exe","3388","RegQueryValue","HKCU\Control Panel\Desktop\MultiUILanguageId","NAME NOT FOUND","Length: 256"
332. "19:17:47.1892308","logger.exe","3388","CreateFile","C:\WINDOWS\system32\CRYPTUI.dll.2.Manifest","NAME NOT FOUND","Desired Access: Generic Read/Execute, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, AllocationSize: n/a"
333. "19:17:47.1895205","logger.exe","3388","CreateFile","C:\WINDOWS\system32\CRYPTUI.dll.2.Config","NAME NOT FOUND","Desired Access: Generic Read/Execute, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, AllocationSize: n/a"
334. "19:17:47.4379227","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MSASN1.dll","NAME NOT FOUND","Desired Access: Read"
335. "19:17:47.4428912","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CRYPT32.dll","NAME NOT FOUND","Desired Access: Read"
336. "19:17:47.4591983","logger.exe","3388","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Services\crypt32\Performance","NAME NOT FOUND","Desired Access: Read"
337. "19:17:47.4599054","logger.exe","3388","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\msasn1","NAME NOT FOUND","Desired Access: Read"
338. "19:17:47.4610176","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WININET.dll","NAME NOT FOUND","Desired Access: Read"
339. "19:17:47.4726978","logger.exe","3388","RegOpenKey","HKCU\Software\Policies\Microsoft\Control Panel\Desktop","NAME NOT FOUND","Desired Access: Read"
340. "19:17:47.4727344","logger.exe","3388","RegQueryValue","HKCU\Control Panel\Desktop\MultiUILanguageId","NAME NOT FOUND","Length: 256"
341. "19:17:47.4733666","logger.exe","3388","CreateFile","C:\WINDOWS\system32\WININET.dll.123.Manifest","NAME NOT FOUND","Desired Access: Generic Read/Execute, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, AllocationSize: n/a"
342. "19:17:47.4736560","logger.exe","3388","CreateFile","C:\WINDOWS\system32\WININET.dll.123.Config","NAME NOT FOUND","Desired Access: Generic Read/Execute, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, AllocationSize: n/a"
343. "19:17:47.4963762","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\Windows\CurrentVersion\SideBySide\AssemblyStorageRoots","NAME NOT FOUND","Desired Access: Enumerate Sub Keys"
344. "19:17:47.4966157","logger.exe","3388","CreateFile","C:\Documents and Settings\%USER%\%Desktop%\logger.exe.Local","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
345. "19:17:47.4975549","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\IMAGEHLP.dll","NAME NOT FOUND","Desired Access: Read"
346. "19:17:47.4976532","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WINTRUST.dll","NAME NOT FOUND","Desired Access: Read"
347. "19:17:47.4977013","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WLDAP32.dll","NAME NOT FOUND","Desired Access: Read"
348. "19:17:47.4978063","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CRYPTUI.dll","NAME NOT FOUND","Desired Access: Read"
349. "19:17:47.4978722","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\Windows\CurrentVersion\SideBySide\AssemblyStorageRoots","NAME NOT FOUND","Desired Access: Enumerate Sub Keys"
350. "19:17:47.4980957","logger.exe","3388","CreateFile","C:\Documents and Settings\%USER%\%Desktop%\logger.exe.Local","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
351. "19:17:47.4992322","logger.exe","3388","CreateFile","C:\Documents and Settings\%USER%\%Desktop%\RichEd20.dll","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
352. "19:17:47.5280409","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RichEd20.dll","NAME NOT FOUND","Desired Access: Read"
353. "19:17:47.5318198","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\shdocvw.dll","NAME NOT FOUND","Desired Access: Read"
354. "19:17:47.5437029","logger.exe","3388","RegOpenKey","HKCU\Software\Policies\Microsoft\Control Panel\Desktop","NAME NOT FOUND","Desired Access: Read"
355. "19:17:47.5437602","logger.exe","3388","RegQueryValue","HKCU\Control Panel\Desktop\MultiUILanguageId","NAME NOT FOUND","Length: 256"
356. "19:17:47.5458093","logger.exe","3388","CreateFile","C:\WINDOWS\system32\shdocvw.dll.123.Manifest","NAME NOT FOUND","Desired Access: Generic Read/Execute, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, AllocationSize: n/a"
357. "19:17:47.5462896","logger.exe","3388","CreateFile","C:\WINDOWS\system32\shdocvw.dll.123.Config","NAME NOT FOUND","Desired Access: Generic Read/Execute, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, AllocationSize: n/a"
358. "19:17:47.5797122","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\Windows\CurrentVersion\SideBySide\AssemblyStorageRoots","NAME NOT FOUND","Desired Access: Enumerate Sub Keys"
359. "19:17:47.5800765","logger.exe","3388","CreateFile","C:\Documents and Settings\%USER%\%Desktop%\logger.exe.Local","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
360. "19:17:47.5835052","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Performance","NAME NOT FOUND","Desired Access: Maximum Allowed"
361. "19:17:47.5857792","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\clsid\{c90250f3-4d7d-4991-9b69-a5c5bc1c2ae6}","NAME NOT FOUND","Desired Access: Query Value"
362. "19:17:47.5858013","logger.exe","3388","RegOpenKey","HKCR\clsid\{c90250f3-4d7d-4991-9b69-a5c5bc1c2ae6}","NAME NOT FOUND","Desired Access: Query Value"
363. "19:17:47.5858583","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\Interface\{EAB22AC1-30C1-11CF-A7EB-0000C05BAE0B}\Typelib","NAME NOT FOUND","Desired Access: Query Value"
364. "19:17:47.6128184","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\Interface\{EAB22AC1-30C1-11CF-A7EB-0000C05BAE0B}\TypeLib","NAME NOT FOUND","Desired Access: Maximum Allowed"
365. "19:17:47.6129592","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\Interface\{b722bccb-4e68-101b-a2bc-00aa00404770}\ProxyStubClsid32","NAME NOT FOUND","Desired Access: Query Value"
366. "19:17:47.6279754","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\Interface\{B722BCCB-4E68-101B-A2BC-00AA00404770}\ProxyStubClsid32","NAME NOT FOUND","Desired Access: Maximum Allowed"
367. "19:17:47.6281111","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\Interface\{79eac9c4-baf9-11ce-8c82-00aa004ba90b}\ProxyStubClsid32","NAME NOT FOUND","Desired Access: Query Value"
368. "19:17:47.6390787","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\Interface\{79EAC9C4-BAF9-11CE-8C82-00AA004BA90B}\ProxyStubClsid32","NAME NOT FOUND","Desired Access: Maximum Allowed"
369. "19:17:47.6392067","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\Interface\{000214E6-0000-0000-C000-000000000046}\ProxyStubClsid32","NAME NOT FOUND","Desired Access: Query Value"
370. "19:17:47.6496426","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\Interface\{000214E6-0000-0000-C000-000000000046}\ProxyStubClsid32","NAME NOT FOUND","Desired Access: Maximum Allowed"
371. "19:17:47.6497700","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\Interface\{93F2F68C-1D1B-11D3-A30E-00C04F79ABD1}\ProxyStubClsid32","NAME NOT FOUND","Desired Access: Query Value"
372. "19:17:47.8941011","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\Interface\{93F2F68C-1D1B-11D3-A30E-00C04F79ABD1}\ProxyStubClsid32","NAME NOT FOUND","Desired Access: Maximum Allowed"
373. "19:17:47.8942721","logger.exe","3388","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Objects\{871C5380-42A0-1069-A2EA-08002B30309D}","NAME NOT FOUND","Desired Access: Query Value"
374. "19:17:47.9144925","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{1F4DE370-D627-11D1-BA4F-00A0C91EEDBA}\ShellFolder","NAME NOT FOUND","Desired Access: Maximum Allowed"
375. "19:17:47.9279367","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{1f4de370-d627-11d1-ba4f-00a0c91eedba}\ShellFolder","NAME NOT FOUND","Desired Access: Maximum Allowed"
376. "19:17:47.9279582","logger.exe","3388","RegQueryValue","HKCR\CLSID\{1f4de370-d627-11d1-ba4f-00a0c91eedba}\ShellFolder\WantsParseDisplayName","NAME NOT FOUND","Length: 144"
377. "19:17:47.9280124","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{450D8FBA-AD25-11D0-98A8-0800361B1103}\ShellFolder","NAME NOT FOUND","Desired Access: Maximum Allowed"
378. "19:17:47.9321699","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{450D8FBA-AD25-11D0-98A8-0800361B1103}\ShellFolder","NAME NOT FOUND","Desired Access: Maximum Allowed"
379. "19:17:47.9321906","logger.exe","3388","RegQueryValue","HKCR\CLSID\{450D8FBA-AD25-11D0-98A8-0800361B1103}\ShellFolder\WantsParseDisplayName","NAME NOT FOUND","Length: 144"
380. "19:17:47.9322417","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\ShellFolder","NAME NOT FOUND","Desired Access: Maximum Allowed"
381. "19:17:47.9445779","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\ShellFolder","NAME NOT FOUND","Desired Access: Maximum Allowed"
382. "19:17:47.9445988","logger.exe","3388","RegQueryValue","HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\ShellFolder\WantsParseDisplayName","NAME NOT FOUND","Length: 144"
383. "19:17:47.9446480","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{E17D4FC0-5564-11D1-83F2-00A0C90DC849}\ShellFolder","NAME NOT FOUND","Desired Access: Maximum Allowed"
384. "19:17:47.9481982","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{e17d4fc0-5564-11d1-83f2-00a0c90dc849}\ShellFolder","NAME NOT FOUND","Desired Access: Maximum Allowed"
385. "19:17:47.9482189","logger.exe","3388","RegQueryValue","HKCR\CLSID\{e17d4fc0-5564-11d1-83f2-00a0c90dc849}\ShellFolder\WantsParseDisplayName","NAME NOT FOUND","Length: 144"
386. "19:17:47.9483292","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{AEB6717E-7E19-11D0-97EE-00C04FD91972}\InProcServer32","NAME NOT FOUND","Desired Access: Query Value"
387. "19:17:47.9483868","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\InProcServer32","NAME NOT FOUND","Desired Access: Maximum Allowed"
388. "19:17:47.9484404","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\InProcServer32","NAME NOT FOUND","Desired Access: Maximum Allowed"
389. "19:17:47.9484594","logger.exe","3388","RegQueryValue","HKCR\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\InProcServer32\LoadWithoutCOM","NAME NOT FOUND","Length: 144"
390. "19:17:47.9484918","logger.exe","3388","RegEnumValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks","NO MORE ENTRIES","Index: 1, Length: 220"
391. "19:17:47.9610088","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\cmd.exe","NAME NOT FOUND","Desired Access: Query Value"
392. "19:17:47.9901949","logger.exe","3388","CreateFile","C:\Documents and Settings\%USER%\%Desktop%\cmd.exe","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
393. "19:17:47.9968421","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Associations","NAME NOT FOUND","Desired Access: Query Value"
394. "19:17:47.9968616","logger.exe","3388","RegOpenKey","HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Associations","NAME NOT FOUND","Desired Access: Query Value"
395. "19:17:47.9968837","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Associations","NAME NOT FOUND","Desired Access: Query Value"
396. "19:17:47.9968979","logger.exe","3388","RegOpenKey","HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Associations","NAME NOT FOUND","Desired Access: Query Value"
397. "19:17:47.9969178","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Associations","NAME NOT FOUND","Desired Access: Query Value"
398. "19:17:47.9969318","logger.exe","3388","RegOpenKey","HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Associations","NAME NOT FOUND","Desired Access: Query Value"
399. "19:17:47.9969507","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Associations","NAME NOT FOUND","Desired Access: Query Value"
400. "19:17:47.9969647","logger.exe","3388","RegOpenKey","HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Associations","NAME NOT FOUND","Desired Access: Query Value"
401. "19:17:47.9969932","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\.exe","NAME NOT FOUND","Desired Access: Query Value"
402. "19:17:47.9970455","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\.exe","NAME NOT FOUND","Desired Access: Maximum Allowed"
403. "19:17:47.9971052","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\.ade","NAME NOT FOUND","Desired Access: Query Value"
404. "19:17:47.9971142","logger.exe","3388","RegOpenKey","HKCR\.ade","NAME NOT FOUND","Desired Access: Query Value"
405. "19:17:47.9971396","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\.adp","NAME NOT FOUND","Desired Access: Query Value"
406. "19:17:47.9971483","logger.exe","3388","RegOpenKey","HKCR\.adp","NAME NOT FOUND","Desired Access: Query Value"
407. "19:17:47.9971734","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\.app","NAME NOT FOUND","Desired Access: Query Value"
408. "19:17:47.9971818","logger.exe","3388","RegOpenKey","HKCR\.app","NAME NOT FOUND","Desired Access: Query Value"
409. "19:17:47.9972064","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\.asp","NAME NOT FOUND","Desired Access: Query Value"
410. "19:17:47.9972516","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\.asp","NAME NOT FOUND","Desired Access: Maximum Allowed"
411. "19:17:47.9973072","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\.bas","NAME NOT FOUND","Desired Access: Query Value"
412. "19:17:47.9973156","logger.exe","3388","RegOpenKey","HKCR\.bas","NAME NOT FOUND","Desired Access: Query Value"
413. "19:17:47.9973407","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\.bat","NAME NOT FOUND","Desired Access: Query Value"
414. "19:17:47.9973852","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\.bat","NAME NOT FOUND","Desired Access: Maximum Allowed"
415. "19:17:47.9974394","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\.cer","NAME NOT FOUND","Desired Access: Query Value"
416. "19:17:47.9974832","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\.cer","NAME NOT FOUND","Desired Access: Maximum Allowed"
417. "19:17:47.9975377","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\.chm","NAME NOT FOUND","Desired Access: Query Value"
418. "19:17:47.9975818","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\.chm","NAME NOT FOUND","Desired Access: Maximum Allowed"
419. "19:17:47.9976369","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\.cmd","NAME NOT FOUND","Desired Access: Query Value"
420. "19:17:47.9976802","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\.cmd","NAME NOT FOUND","Desired Access: Maximum Allowed"
421. "19:17:47.9977341","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\.com","NAME NOT FOUND","Desired Access: Query Value"
422. "19:17:47.9977768","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\.com","NAME NOT FOUND","Desired Access: Maximum Allowed"
423. "19:17:47.9978307","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\.cpl","NAME NOT FOUND","Desired Access: Query Value"
424. "19:17:47.9978746","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\.cpl","NAME NOT FOUND","Desired Access: Maximum Allowed"
425. "19:17:47.9979288","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\.crt","NAME NOT FOUND","Desired Access: Query Value"
426. "19:17:47.9979721","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\.crt","NAME NOT FOUND","Desired Access: Maximum Allowed"
427. "19:17:47.9980257","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\.csh","NAME NOT FOUND","Desired Access: Query Value"
428. "19:17:47.9980341","logger.exe","3388","RegOpenKey","HKCR\.csh","NAME NOT FOUND","Desired Access: Query Value"
429. "19:17:47.9982319","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}","NAME NOT FOUND","Desired Access: Read"
430. "19:17:48.0016860","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{7b8a2d94-0ac9-11d1-896c-00c04Fb6bfc4}\TreatAs","NAME NOT FOUND","Desired Access: Query Value"
431. "19:17:48.0017064","logger.exe","3388","RegOpenKey","HKCR\CLSID\{7b8a2d94-0ac9-11d1-896c-00c04Fb6bfc4}\TreatAs","NAME NOT FOUND","Desired Access: Query Value"
432. "19:17:48.0017796","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}","NAME NOT FOUND","Desired Access: Read"
433. "19:17:48.0018296","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{7b8a2d94-0ac9-11d1-896c-00c04Fb6bfc4}\InprocServer32","NAME NOT FOUND","Desired Access: Maximum Allowed"
434. "19:17:48.0018905","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{7b8a2d94-0ac9-11d1-896c-00c04Fb6bfc4}\InprocServer32","NAME NOT FOUND","Desired Access: Maximum Allowed"
435. "19:17:48.0019103","logger.exe","3388","RegQueryValue","HKCR\CLSID\{7b8a2d94-0ac9-11d1-896c-00c04Fb6bfc4}\InprocServer32\InprocServer32","NAME NOT FOUND","Length: 144"
436. "19:17:48.0019600","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{7b8a2d94-0ac9-11d1-896c-00c04Fb6bfc4}\InprocServerX86","NAME NOT FOUND","Desired Access: Maximum Allowed"
437. "19:17:48.0019788","logger.exe","3388","RegOpenKey","HKCR\CLSID\{7b8a2d94-0ac9-11d1-896c-00c04Fb6bfc4}\InprocServerX86","NAME NOT FOUND","Desired Access: Maximum Allowed"
438. "19:17:48.0020109","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{7b8a2d94-0ac9-11d1-896c-00c04Fb6bfc4}\LocalServer32","NAME NOT FOUND","Desired Access: Maximum Allowed"
439. "19:17:48.0020296","logger.exe","3388","RegOpenKey","HKCR\CLSID\{7b8a2d94-0ac9-11d1-896c-00c04Fb6bfc4}\LocalServer32","NAME NOT FOUND","Desired Access: Maximum Allowed"
440. "19:17:48.0020615","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{7b8a2d94-0ac9-11d1-896c-00c04Fb6bfc4}\InprocServer32","NAME NOT FOUND","Desired Access: Maximum Allowed"
441. "19:17:48.0021179","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{7b8a2d94-0ac9-11d1-896c-00c04Fb6bfc4}\InprocServer32","NAME NOT FOUND","Desired Access: Maximum Allowed"
442. "19:17:48.0021902","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{7b8a2d94-0ac9-11d1-896c-00c04Fb6bfc4}\InprocHandler32","NAME NOT FOUND","Desired Access: Maximum Allowed"
443. "19:17:48.0022092","logger.exe","3388","RegOpenKey","HKCR\CLSID\{7b8a2d94-0ac9-11d1-896c-00c04Fb6bfc4}\InprocHandler32","NAME NOT FOUND","Desired Access: Maximum Allowed"
444. "19:17:48.0022411","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{7b8a2d94-0ac9-11d1-896c-00c04Fb6bfc4}\InprocHandlerX86","NAME NOT FOUND","Desired Access: Maximum Allowed"
445. "19:17:48.0022598","logger.exe","3388","RegOpenKey","HKCR\CLSID\{7b8a2d94-0ac9-11d1-896c-00c04Fb6bfc4}\InprocHandlerX86","NAME NOT FOUND","Desired Access: Maximum Allowed"
446. "19:17:48.0022917","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{7b8a2d94-0ac9-11d1-896c-00c04Fb6bfc4}\LocalServer32","NAME NOT FOUND","Desired Access: Maximum Allowed"
447. "19:17:48.0023101","logger.exe","3388","RegOpenKey","HKCR\CLSID\{7b8a2d94-0ac9-11d1-896c-00c04Fb6bfc4}\LocalServer32","NAME NOT FOUND","Desired Access: Maximum Allowed"
448. "19:17:48.0023414","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{7b8a2d94-0ac9-11d1-896c-00c04Fb6bfc4}\LocalServer","NAME NOT FOUND","Desired Access: Maximum Allowed"
449. "19:17:48.0023601","logger.exe","3388","RegOpenKey","HKCR\CLSID\{7b8a2d94-0ac9-11d1-896c-00c04Fb6bfc4}\LocalServer","NAME NOT FOUND","Desired Access: Maximum Allowed"
450. "19:17:48.0023852","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}","NAME NOT FOUND","Desired Access: Read"
451. "19:17:48.0024336","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{7b8a2d94-0ac9-11d1-896c-00c04Fb6bfc4}","NAME NOT FOUND","Desired Access: Maximum Allowed"
452. "19:17:48.0024503","logger.exe","3388","RegQueryValue","HKCR\CLSID\{7b8a2d94-0ac9-11d1-896c-00c04Fb6bfc4}\AppID","NAME NOT FOUND","Length: 144"
453. "19:17:48.0053345","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}","NAME NOT FOUND","Desired Access: Read"
454. "19:17:48.0053884","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{7b8a2d94-0ac9-11d1-896c-00c04Fb6bfc4}\InprocServer32","NAME NOT FOUND","Desired Access: Maximum Allowed"
455. "19:17:48.0054471","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{7b8a2d94-0ac9-11d1-896c-00c04Fb6bfc4}\InprocServer32","NAME NOT FOUND","Desired Access: Maximum Allowed"
456. "19:17:48.0055390","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}","NAME NOT FOUND","Desired Access: Read"
457. "19:17:48.0055898","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{7b8a2d94-0ac9-11d1-896c-00c04Fb6bfc4}\TreatAs","NAME NOT FOUND","Desired Access: Query Value"
458. "19:17:48.0056074","logger.exe","3388","RegOpenKey","HKCR\CLSID\{7b8a2d94-0ac9-11d1-896c-00c04Fb6bfc4}\TreatAs","NAME NOT FOUND","Desired Access: Query Value"
459. "19:17:48.1235735","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\urlmon.dll","NAME NOT FOUND","Desired Access: Read"
460. "19:17:48.1399835","logger.exe","3388","RegOpenKey","HKCU\Software\Policies\Microsoft\Control Panel\Desktop","NAME NOT FOUND","Desired Access: Read"
461. "19:17:48.1400195","logger.exe","3388","RegQueryValue","HKCU\Control Panel\Desktop\MultiUILanguageId","NAME NOT FOUND","Length: 256"
462. "19:17:48.1406928","logger.exe","3388","CreateFile","C:\WINDOWS\system32\urlmon.dll.123.Manifest","NAME NOT FOUND","Desired Access: Generic Read/Execute, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, AllocationSize: n/a"
463. "19:17:48.1414345","logger.exe","3388","CreateFile","C:\WINDOWS\system32\urlmon.dll.123.Config","NAME NOT FOUND","Desired Access: Generic Read/Execute, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, AllocationSize: n/a"
464. "19:17:48.1619555","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\Windows\CurrentVersion\SideBySide\AssemblyStorageRoots","NAME NOT FOUND","Desired Access: Enumerate Sub Keys"
465. "19:17:48.1621812","logger.exe","3388","CreateFile","C:\Documents and Settings\%USER%\%Desktop%\logger.exe.Local","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
466. "19:17:48.1650908","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\PROTOCOLS\Name-Space Handler\","NAME NOT FOUND","Desired Access: Maximum Allowed"
467. "19:17:48.1803517","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\PROTOCOLS\Name-Space Handler","NAME NOT FOUND","Desired Access: Maximum Allowed"
468. "19:17:48.1803956","logger.exe","3388","RegEnumKey","HKCR\PROTOCOLS\Name-Space Handler","NO MORE ENTRIES","Index: 1, Length: 288"
469. "19:17:48.1804375","logger.exe","3388","RegOpenKey","HKCU\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings","NAME NOT FOUND","Desired Access: Query Value"
470. "19:17:48.1804573","logger.exe","3388","RegOpenKey","HKCU\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings","NAME NOT FOUND","Desired Access: Query Value"
471. "19:17:48.1804995","logger.exe","3388","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\DisableImprovedZoneCheck","NAME NOT FOUND","Length: 144"
472. "19:17:48.1805411","logger.exe","3388","RegOpenKey","HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\","NAME NOT FOUND","Desired Access: Query Value"
473. "19:17:48.1805696","logger.exe","3388","RegOpenKey","HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\","NAME NOT FOUND","Desired Access: Read"
474. "19:17:48.1805883","logger.exe","3388","RegOpenKey","HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\","NAME NOT FOUND","Desired Access: Read"
475. "19:17:48.1806084","logger.exe","3388","RegOpenKey","HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\","NAME NOT FOUND","Desired Access: Read"
476. "19:17:48.1806249","logger.exe","3388","RegOpenKey","HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\","NAME NOT FOUND","Desired Access: Read"
477. "19:17:48.1806462","logger.exe","3388","RegOpenKey","HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings","NAME NOT FOUND","Desired Access: Query Value"
478. "19:17:48.1806596","logger.exe","3388","RegOpenKey","HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl","NAME NOT FOUND","Desired Access: Query Value"
479. "19:17:48.1806758","logger.exe","3388","RegOpenKey","HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl","NAME NOT FOUND","Desired Access: Query Value"
480. "19:17:48.1807118","logger.exe","3388","RegOpenKey","HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl","NAME NOT FOUND","Desired Access: Query Value"
481. "19:17:48.1963116","logger.exe","3388","RegQueryValue","HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_OBJECT_CACHING\logger.exe","NAME NOT FOUND","Length: 144"
482. "19:17:48.1963280","logger.exe","3388","RegQueryValue","HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_OBJECT_CACHING\*","NAME NOT FOUND","Length: 144"
483. "19:17:48.1963892","logger.exe","3388","RegQueryValue","HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION\logger.exe","NAME NOT FOUND","Length: 144"
484. "19:17:48.1964057","logger.exe","3388","RegQueryValue","HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION\*","NAME NOT FOUND","Length: 144"
485. "19:17:48.1964627","logger.exe","3388","RegQueryValue","HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING\logger.exe","NAME NOT FOUND","Length: 144"
486. "19:17:48.1964789","logger.exe","3388","RegQueryValue","HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING\*","NAME NOT FOUND","Length: 144"
487. "19:17:48.1965348","logger.exe","3388","RegQueryValue","HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_SNIFFING\logger.exe","NAME NOT FOUND","Length: 144"
488. "19:17:48.1965504","logger.exe","3388","RegQueryValue","HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_SNIFFING\*","NAME NOT FOUND","Length: 144"
489. "19:17:48.1966071","logger.exe","3388","RegQueryValue","HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS\logger.exe","NAME NOT FOUND","Length: 144"
490. "19:17:48.1966242","logger.exe","3388","RegQueryValue","HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS\*","NAME NOT FOUND","Length: 144"
491. "19:17:48.1966795","logger.exe","3388","RegQueryValue","HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WEBOC_POPUPMANAGEMENT\logger.exe","NAME NOT FOUND","Length: 144"
492. "19:17:48.1966965","logger.exe","3388","RegQueryValue","HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WEBOC_POPUPMANAGEMENT\*","NAME NOT FOUND","Length: 144"
493. "19:17:48.1967502","logger.exe","3388","RegQueryValue","HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BEHAVIORS\logger.exe","NAME NOT FOUND","Length: 144"
494. "19:17:48.1968236","logger.exe","3388","RegQueryValue","HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_MK_PROTOCOL\logger.exe","NAME NOT FOUND","Length: 144"
495. "19:17:48.1968993","logger.exe","3388","RegQueryValue","HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN\logger.exe","NAME NOT FOUND","Length: 144"
496. "19:17:48.1969164","logger.exe","3388","RegQueryValue","HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN\*","NAME NOT FOUND","Length: 144"
497. "19:17:48.1969471","logger.exe","3388","RegOpenKey","HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITYBAND","NAME NOT FOUND","Desired Access: Query Value"
498. "19:17:48.1969622","logger.exe","3388","RegOpenKey","HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ACTIVEXINSTALL","NAME NOT FOUND","Desired Access: Query Value"
499. "19:17:48.1969759","logger.exe","3388","RegOpenKey","HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_VALIDATE_NAVIGATE_URL","NAME NOT FOUND","Desired Access: Query Value"
500. "19:17:48.1969899","logger.exe","3388","RegOpenKey","HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD","NAME NOT FOUND","Desired Access: Query Value"
501. "19:17:48.1970035","logger.exe","3388","RegOpenKey","HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ADDON_MANAGEMENT","NAME NOT FOUND","Desired Access: Query Value"
502. "19:17:48.1970413","logger.exe","3388","RegQueryValue","HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_PROTOCOL_LOCKDOWN\logger.exe","NAME NOT FOUND","Length: 144"
503. "19:17:48.1970566","logger.exe","3388","RegQueryValue","HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_PROTOCOL_LOCKDOWN\*","NAME NOT FOUND","Length: 144"
504. "19:17:48.1970871","logger.exe","3388","RegOpenKey","HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE","NAME NOT FOUND","Desired Access: Query Value"
505. "19:17:48.1971256","logger.exe","3388","RegQueryValue","HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SAFE_BINDTOOBJECT\logger.exe","NAME NOT FOUND","Length: 144"
506. "19:17:48.1971407","logger.exe","3388","RegQueryValue","HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SAFE_BINDTOOBJECT\*","NAME NOT FOUND","Length: 144"
507. "19:17:48.1971712","logger.exe","3388","RegOpenKey","HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_UNC_SAVEDFILECHECK","NAME NOT FOUND","Desired Access: Query Value"
508. "19:17:48.1971857","logger.exe","3388","RegOpenKey","HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_GET_URL_DOM_FILEPATH_UNENCODED","NAME NOT FOUND","Desired Access: Query Value"
509. "19:17:48.1972835","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}\InProcServer32","NAME NOT FOUND","Desired Access: Query Value"
510. "19:17:48.1973449","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{7b8a2d94-0ac9-11d1-896c-00c04Fb6bfc4}\InprocServer32","NAME NOT FOUND","Desired Access: Maximum Allowed"
511. "19:17:48.2004045","logger.exe","3388","RegOpenKey","HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\","NAME NOT FOUND","Desired Access: Read"
512. "19:17:48.2004210","logger.exe","3388","RegOpenKey","HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\","NAME NOT FOUND","Desired Access: Read"
513. "19:17:48.2338574","logger.exe","3388","RegOpenKey","HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\","NAME NOT FOUND","Desired Access: Read"
514. "19:17:48.2338775","logger.exe","3388","RegOpenKey","HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\","NAME NOT FOUND","Desired Access: Read"
515. "19:17:48.2338993","logger.exe","3388","RegOpenKey","HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\","NAME NOT FOUND","Desired Access: Read"
516. "19:17:48.2339147","logger.exe","3388","RegOpenKey","HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\","NAME NOT FOUND","Desired Access: Read"
517. "19:17:48.2340116","logger.exe","3388","RegOpenKey","HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0","NAME NOT FOUND","Desired Access: Read"
518. "19:17:48.2340275","logger.exe","3388","RegOpenKey","HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0","NAME NOT FOUND","Desired Access: Read"
519. "19:17:48.2341868","logger.exe","3388","RegOpenKey","HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1","NAME NOT FOUND","Desired Access: Read"
520. "19:17:48.2342030","logger.exe","3388","RegOpenKey","HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1","NAME NOT FOUND","Desired Access: Read"
521. "19:17:48.2344748","logger.exe","3388","RegOpenKey","HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2","NAME NOT FOUND","Desired Access: Read"
522. "19:17:48.2344913","logger.exe","3388","RegOpenKey","HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2","NAME NOT FOUND","Desired Access: Read"
523. "19:17:48.2346413","logger.exe","3388","RegOpenKey","HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3","NAME NOT FOUND","Desired Access: Read"
524. "19:17:48.2346575","logger.exe","3388","RegOpenKey","HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3","NAME NOT FOUND","Desired Access: Read"
525. "19:17:48.2348072","logger.exe","3388","RegOpenKey","HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4","NAME NOT FOUND","Desired Access: Read"
526. "19:17:48.2348237","logger.exe","3388","RegOpenKey","HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4","NAME NOT FOUND","Desired Access: Read"
527. "19:17:48.2349293","logger.exe","3388","RegEnumKey","HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones","NO MORE ENTRIES","Index: 5, Length: 288"
528. "19:17:48.2349707","logger.exe","3388","RegOpenKey","HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\","NAME NOT FOUND","Desired Access: Read"
529. "19:17:48.2349871","logger.exe","3388","RegOpenKey","HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\","NAME NOT FOUND","Desired Access: Read"
530. "19:17:48.2350061","logger.exe","3388","RegOpenKey","HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\","NAME NOT FOUND","Desired Access: Read"
531. "19:17:48.2350218","logger.exe","3388","RegOpenKey","HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\","NAME NOT FOUND","Desired Access: Read"
532. "19:17:48.2351103","logger.exe","3388","RegOpenKey","HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0","NAME NOT FOUND","Desired Access: Read"
533. "19:17:48.2351274","logger.exe","3388","RegOpenKey","HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0","NAME NOT FOUND","Desired Access: Read"
534. "19:17:48.2355235","logger.exe","3388","RegOpenKey","HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1","NAME NOT FOUND","Desired Access: Read"
535. "19:17:48.2355403","logger.exe","3388","RegOpenKey","HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1","NAME NOT FOUND","Desired Access: Read"
536. "19:17:48.2357976","logger.exe","3388","RegOpenKey","HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2","NAME NOT FOUND","Desired Access: Read"
537. "19:17:48.2358143","logger.exe","3388","RegOpenKey","HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2","NAME NOT FOUND","Desired Access: Read"
538. "19:17:48.2361306","logger.exe","3388","RegOpenKey","HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3","NAME NOT FOUND","Desired Access: Read"
539. "19:17:48.2361474","logger.exe","3388","RegOpenKey","HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3","NAME NOT FOUND","Desired Access: Read"
540. "19:17:48.2363063","logger.exe","3388","RegOpenKey","HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4","NAME NOT FOUND","Desired Access: Read"
541. "19:17:48.2363231","logger.exe","3388","RegOpenKey","HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4","NAME NOT FOUND","Desired Access: Read"
542. "19:17:48.2364309","logger.exe","3388","RegEnumKey","HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones","NO MORE ENTRIES","Index: 5, Length: 288"
543. "19:17:48.2366220","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\PROTOCOLS\Name-Space Handler\","NAME NOT FOUND","Desired Access: Read"
544. "19:17:48.2366706","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\PROTOCOLS\Name-Space Handler\C\","NAME NOT FOUND","Desired Access: Read"
545. "19:17:48.2366804","logger.exe","3388","RegOpenKey","HKCR\PROTOCOLS\Name-Space Handler\C","NAME NOT FOUND","Desired Access: Read"
546. "19:17:48.2367086","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\PROTOCOLS\Name-Space Handler\*\","NAME NOT FOUND","Desired Access: Read"
547. "19:17:48.2367178","logger.exe","3388","RegOpenKey","HKCR\PROTOCOLS\Name-Space Handler\*","NAME NOT FOUND","Desired Access: Read"
548. "19:17:48.2367620","logger.exe","3388","RegOpenKey","HKCU\SOFTWARE\Classes\PROTOCOLS\Handler\C","NAME NOT FOUND","Desired Access: Query Value"
549. "19:17:48.2367846","logger.exe","3388","RegOpenKey","HKCR\PROTOCOLS\Handler\C","NAME NOT FOUND","Desired Access: Query Value"
550. "19:17:48.2368067","logger.exe","3388","RegOpenKey","HKCU\SOFTWARE\Classes\PROTOCOLS\Handler\C","NAME NOT FOUND","Desired Access: Query Value"
551. "19:17:48.2368256","logger.exe","3388","RegOpenKey","HKCR\PROTOCOLS\Handler\C","NAME NOT FOUND","Desired Access: Query Value"
552. "19:17:48.2515990","logger.exe","3388","CreateFile","C:\WINDOWS\system32\cmd.exe:Zone.Identifier","NAME INVALID","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
553. "19:17:48.2517954","logger.exe","3388","RegOpenKey","HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings","NAME NOT FOUND","Desired Access: Query Value"
554. "19:17:48.2518128","logger.exe","3388","RegOpenKey","HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl","NAME NOT FOUND","Desired Access: Query Value"
555. "19:17:48.2518284","logger.exe","3388","RegOpenKey","HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl","NAME NOT FOUND","Desired Access: Query Value"
556. "19:17:48.2518644","logger.exe","3388","RegOpenKey","HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl","NAME NOT FOUND","Desired Access: Query Value"
557. "19:17:48.2518859","logger.exe","3388","RegOpenKey","HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESPECT_OBJECTSAFETY_POLICY_KB905547","NAME NOT FOUND","Desired Access: Query Value"
558. "19:17:48.2520795","logger.exe","3388","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Objects\{20D04FE0-3AEA-1069-A2D8-08002B30309D}","NAME NOT FOUND","Desired Access: Query Value"
559. "19:17:48.2521145","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer","NAME NOT FOUND","Desired Access: Query Value"
560. "19:17:48.2521550","logger.exe","3388","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoControlPanel","NAME NOT FOUND","Length: 144"
561. "19:17:48.2521913","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer","NAME NOT FOUND","Desired Access: Query Value"
562. "19:17:48.2522282","logger.exe","3388","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetFolders","NAME NOT FOUND","Length: 144"
563. "19:17:48.2522919","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32","NAME NOT FOUND","Desired Access: Query Value"
564. "19:17:48.2523584","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32","NAME NOT FOUND","Desired Access: Maximum Allowed"
565. "19:17:48.2536144","logger.exe","3388","CreateFile","C:\Documents and Settings\%USER%\%Desktop%\SETUPAPI.dll","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
566. "19:17:48.2830578","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SETUPAPI.dll","NAME NOT FOUND","Desired Access: Read"
567. "19:17:48.5507069","logger.exe","3388","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Control\MiniNT","NAME NOT FOUND","Desired Access: All Access"
568. "19:17:48.5707131","logger.exe","3388","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\ServicePackCachePath","NAME NOT FOUND","Length: 144"
569. "19:17:48.5710248","logger.exe","3388","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\LogLevel","NAME NOT FOUND","Length: 144"
570. "19:17:48.5710455","logger.exe","3388","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\LogPath","NAME NOT FOUND","Length: 144"
571. "19:17:48.5710651","logger.exe","3388","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\AppLogLevels","NAME NOT FOUND","Desired Access: Query Value"
572. "19:17:48.5891623","logger.exe","3388","RegOpenKey","HKLM\Software\Policies\Microsoft\System\DNSclient","NAME NOT FOUND","Desired Access: Read"
573. "19:17:48.6078496","logger.exe","3388","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{18dc298f-c791-11e2-91fd-0012f0e93e3e}\Data","BUFFER OVERFLOW","Length: 144"
574. "19:17:48.6085933","logger.exe","3388","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{11948642-10a9-11e2-95b6-806d6172696f}\Data","BUFFER OVERFLOW","Length: 144"
575. "19:17:48.6099999","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\Drive\shellex\FolderExtensions","NAME NOT FOUND","Desired Access: Enumerate Sub Keys"
576. "19:17:48.6101005","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\Drive\shellex\FolderExtensions","NAME NOT FOUND","Desired Access: Maximum Allowed"
577. "19:17:48.6101773","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\Drive\shellex\FolderExtensions\{fbeb8a05-beee-4442-804e-409d6c4515e9}","NAME NOT FOUND","Desired Access: Query Value"
578. "19:17:48.6102737","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\Drive\shellex\FolderExtensions\{fbeb8a05-beee-4442-804e-409d6c4515e9}","NAME NOT FOUND","Desired Access: Maximum Allowed"
579. "19:17:48.6103670","logger.exe","3388","RegEnumKey","HKCR\Drive\shellex\FolderExtensions","NO MORE ENTRIES","Index: 1, Length: 288"
580. "19:17:48.6142303","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\Directory","NAME NOT FOUND","Desired Access: Maximum Allowed"
581. "19:17:48.6143253","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\Directory\CurVer","NAME NOT FOUND","Desired Access: Query Value"
582. "19:17:48.6143535","logger.exe","3388","RegOpenKey","HKCR\Directory\CurVer","NAME NOT FOUND","Desired Access: Query Value"
583. "19:17:48.6144069","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\Directory","NAME NOT FOUND","Desired Access: Maximum Allowed"
584. "19:17:48.6145061","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer","NAME NOT FOUND","Desired Access: Query Value"
585. "19:17:48.6145742","logger.exe","3388","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DontShowSuperHidden","NAME NOT FOUND","Length: 144"
586. "19:17:48.6147572","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer","NAME NOT FOUND","Desired Access: Query Value"
587. "19:17:48.6148212","logger.exe","3388","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\ForceActiveDesktopOn","NAME NOT FOUND","Length: 144"
588. "19:17:48.6148787","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer","NAME NOT FOUND","Desired Access: Query Value"
589. "19:17:48.6149402","logger.exe","3388","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktop","NAME NOT FOUND","Length: 144"
590. "19:17:48.6150014","logger.exe","3388","RegOpenKey","HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System","NAME NOT FOUND","Desired Access: Query Value"
591. "19:17:48.6150360","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer","NAME NOT FOUND","Desired Access: Query Value"
592. "19:17:48.6150969","logger.exe","3388","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoWebView","NAME NOT FOUND","Length: 144"
593. "19:17:48.6151542","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer","NAME NOT FOUND","Desired Access: Query Value"
594. "19:17:48.6152156","logger.exe","3388","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\ClassicShell","NAME NOT FOUND","Length: 144"
595. "19:17:48.6152765","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer","NAME NOT FOUND","Desired Access: Query Value"
596. "19:17:48.6153369","logger.exe","3388","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\SeparateProcess","NAME NOT FOUND","Length: 144"
597. "19:17:48.6153936","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer","NAME NOT FOUND","Desired Access: Query Value"
598. "19:17:48.6154545","logger.exe","3388","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoNetCrawling","NAME NOT FOUND","Length: 144"
599. "19:17:48.6155112","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer","NAME NOT FOUND","Desired Access: Query Value"
600. "19:17:48.6155727","logger.exe","3388","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSimpleStartMenu","NAME NOT FOUND","Length: 144"
601. "19:17:48.6277656","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\Directory\ShellEx\IconHandler","NAME NOT FOUND","Desired Access: Query Value"
602. "19:17:48.6277971","logger.exe","3388","RegOpenKey","HKCR\Directory\ShellEx\IconHandler","NAME NOT FOUND","Desired Access: Query Value"
603. "19:17:48.6278561","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\Directory","NAME NOT FOUND","Desired Access: Maximum Allowed"
604. "19:17:48.6278826","logger.exe","3388","RegQueryValue","HKCR\Directory\DocObject","NAME NOT FOUND","Length: 144"
605. "19:17:48.6279332","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\Directory","NAME NOT FOUND","Desired Access: Maximum Allowed"
606. "19:17:48.6279589","logger.exe","3388","RegQueryValue","HKCR\Directory\BrowseInPlace","NAME NOT FOUND","Length: 144"
607. "19:17:48.6280094","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\Directory\Clsid","NAME NOT FOUND","Desired Access: Query Value"
608. "19:17:48.6280360","logger.exe","3388","RegOpenKey","HKCR\Directory\Clsid","NAME NOT FOUND","Desired Access: Query Value"
609. "19:17:48.6280860","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\Folder","NAME NOT FOUND","Desired Access: Maximum Allowed"
610. "19:17:48.6281740","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\Folder\Clsid","NAME NOT FOUND","Desired Access: Query Value"
611. "19:17:48.6282011","logger.exe","3388","RegOpenKey","HKCR\Folder\Clsid","NAME NOT FOUND","Desired Access: Query Value"
612. "19:17:48.6282550","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\Directory","NAME NOT FOUND","Desired Access: Maximum Allowed"
613. "19:17:48.6282810","logger.exe","3388","RegQueryValue","HKCR\Directory\IsShortcut","NAME NOT FOUND","Length: 144"
614. "19:17:48.6283304","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\Directory","NAME NOT FOUND","Desired Access: Maximum Allowed"
615. "19:17:48.6284061","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\Directory","NAME NOT FOUND","Desired Access: Maximum Allowed"
616. "19:17:48.6284316","logger.exe","3388","RegQueryValue","HKCR\Directory\NeverShowExt","NAME NOT FOUND","Length: 144"
617. "19:17:48.6297611","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer","NAME NOT FOUND","Desired Access: Query Value"
618. "19:17:48.6298326","logger.exe","3388","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\AllowFileCLSIDJunctions","NAME NOT FOUND","Length: 144"
619. "19:17:48.6300279","logger.exe","3388","RegOpenKey","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.exe","NAME NOT FOUND","Desired Access: Maximum Allowed"
620. "19:17:48.6300564","logger.exe","3388","RegOpenKey","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.exe","NAME NOT FOUND","Desired Access: Maximum Allowed"
621. "19:17:48.6301075","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\.exe","NAME NOT FOUND","Desired Access: Maximum Allowed"
622. "19:17:48.6301952","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\.exe","NAME NOT FOUND","Desired Access: Maximum Allowed"
623. "19:17:48.6302642","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\exefile","NAME NOT FOUND","Desired Access: Maximum Allowed"
624. "19:17:48.6303488","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\exefile\CurVer","NAME NOT FOUND","Desired Access: Query Value"
625. "19:17:48.6303759","logger.exe","3388","RegOpenKey","HKCR\exefile\CurVer","NAME NOT FOUND","Desired Access: Query Value"
626. "19:17:48.6304282","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\exefile","NAME NOT FOUND","Desired Access: Maximum Allowed"
627. "19:17:48.6305709","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\exefile\ShellEx\IconHandler","NAME NOT FOUND","Desired Access: Query Value"
628. "19:17:48.6305994","logger.exe","3388","RegOpenKey","HKCR\exefile\ShellEx\IconHandler","NAME NOT FOUND","Desired Access: Query Value"
629. "19:17:48.6306508","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\SystemFileAssociations\.exe","NAME NOT FOUND","Desired Access: Maximum Allowed"
630. "19:17:48.6306676","logger.exe","3388","RegOpenKey","HKCR\SystemFileAssociations\.exe","NAME NOT FOUND","Desired Access: Maximum Allowed"
631. "19:17:48.6307414","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\SystemFileAssociations\application","NAME NOT FOUND","Desired Access: Maximum Allowed"
632. "19:17:48.6307584","logger.exe","3388","RegOpenKey","HKCR\SystemFileAssociations\application","NAME NOT FOUND","Desired Access: Maximum Allowed"
633. "19:17:48.6308207","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\exefile","NAME NOT FOUND","Desired Access: Maximum Allowed"
634. "19:17:48.6308470","logger.exe","3388","RegQueryValue","HKCR\exefile\DocObject","NAME NOT FOUND","Length: 144"
635. "19:17:48.6308986","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\exefile","NAME NOT FOUND","Desired Access: Maximum Allowed"
636. "19:17:48.6309241","logger.exe","3388","RegQueryValue","HKCR\exefile\BrowseInPlace","NAME NOT FOUND","Length: 144"
637. "19:17:48.6309741","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\exefile\Clsid","NAME NOT FOUND","Desired Access: Query Value"
638. "19:17:48.6310003","logger.exe","3388","RegOpenKey","HKCR\exefile\Clsid","NAME NOT FOUND","Desired Access: Query Value"
639. "19:17:48.6310467","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\*","NAME NOT FOUND","Desired Access: Maximum Allowed"
640. "19:17:48.6311266","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\*\Clsid","NAME NOT FOUND","Desired Access: Query Value"
641. "19:17:48.6311520","logger.exe","3388","RegOpenKey","HKCR\*\Clsid","NAME NOT FOUND","Desired Access: Query Value"
642. "19:17:48.6312076","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\exefile","NAME NOT FOUND","Desired Access: Maximum Allowed"
643. "19:17:48.6312333","logger.exe","3388","RegQueryValue","HKCR\exefile\IsShortcut","NAME NOT FOUND","Length: 144"
644. "19:17:48.6312825","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\exefile","NAME NOT FOUND","Desired Access: Maximum Allowed"
645. "19:17:48.6313076","logger.exe","3388","RegQueryValue","HKCR\exefile\AlwaysShowExt","NAME NOT FOUND","Length: 144"
646. "19:17:48.6313557","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\exefile","NAME NOT FOUND","Desired Access: Maximum Allowed"
647. "19:17:48.6313803","logger.exe","3388","RegQueryValue","HKCR\exefile\NeverShowExt","NAME NOT FOUND","Length: 144"
648. "19:17:48.6315001","logger.exe","3388","RegOpenKey","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.exe","NAME NOT FOUND","Desired Access: Maximum Allowed"
649. "19:17:48.6315297","logger.exe","3388","RegOpenKey","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.exe","NAME NOT FOUND","Desired Access: Maximum Allowed"
650. "19:17:48.6315761","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\.exe","NAME NOT FOUND","Desired Access: Maximum Allowed"
651. "19:17:48.6316568","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\.exe","NAME NOT FOUND","Desired Access: Maximum Allowed"
652. "19:17:48.6317230","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\exefile","NAME NOT FOUND","Desired Access: Maximum Allowed"
653. "19:17:48.6318021","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\exefile\CurVer","NAME NOT FOUND","Desired Access: Query Value"
654. "19:17:48.6318281","logger.exe","3388","RegOpenKey","HKCR\exefile\CurVer","NAME NOT FOUND","Desired Access: Query Value"
655. "19:17:48.6318789","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\exefile","NAME NOT FOUND","Desired Access: Maximum Allowed"
656. "19:17:48.6362175","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\exefile\shell","NAME NOT FOUND","Desired Access: Maximum Allowed"
657. "19:17:48.6363194","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\exefile\shell","NAME NOT FOUND","Desired Access: Maximum Allowed"
658. "19:17:48.6363465","logger.exe","3388","RegQueryValue","HKCR\exefile\shell\(Default)","NAME NOT FOUND","Length: 144"
659. "19:17:48.6363968","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\exefile\shell\open","NAME NOT FOUND","Desired Access: Maximum Allowed"
660. "19:17:48.6365368","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\exefile\shell\open\command","NAME NOT FOUND","Desired Access: Query Value"
661. "19:17:48.6366284","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\exefile\shell\open\command","NAME NOT FOUND","Desired Access: Maximum Allowed"
662. "19:17:48.6369081","logger.exe","3388","RegOpenKey","HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\RestrictRun","NAME NOT FOUND","Desired Access: Read"
663. "19:17:48.6369818","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\exefile\shell\open\command","NAME NOT FOUND","Desired Access: Query Value"
664. "19:17:48.6370720","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\exefile\shell\open\command","NAME NOT FOUND","Desired Access: Maximum Allowed"
665. "19:17:48.6371014","logger.exe","3388","RegQueryValue","HKCR\exefile\shell\open\command\command","NAME NOT FOUND","Length: 144"
666. "19:17:48.6371673","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\cmd.exe","NAME NOT FOUND","Desired Access: Query Value"
667. "19:17:48.6372296","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\exefile\shell\open\command","NAME NOT FOUND","Desired Access: Query Value"
668. "19:17:48.6373184","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\exefile\shell\open\command","NAME NOT FOUND","Desired Access: Maximum Allowed"
669. "19:17:48.6374358","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\exefile\shell\open\ddeexec","NAME NOT FOUND","Desired Access: Query Value"
670. "19:17:48.6374643","logger.exe","3388","RegOpenKey","HKCR\exefile\shell\open\ddeexec","NAME NOT FOUND","Desired Access: Query Value"
671. "19:17:48.6375280","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\Applications\cmd.exe","NAME NOT FOUND","Desired Access: Maximum Allowed"
672. "19:17:48.6375442","logger.exe","3388","RegOpenKey","HKCR\Applications\cmd.exe","NAME NOT FOUND","Desired Access: Maximum Allowed"
673. "19:17:48.6634125","logger.exe","3388","RegOpenKey","HKCU\Software\Policies\Microsoft\Control Panel\Desktop","NAME NOT FOUND","Desired Access: Read"
674. "19:17:48.6634670","logger.exe","3388","RegQueryValue","HKCU\Control Panel\Desktop\MultiUILanguageId","NAME NOT FOUND","Length: 256"
675. "19:17:48.7173635","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\cmd.exe","NAME NOT FOUND","Desired Access: Query Value"
676. "19:17:48.7174105","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer","NAME NOT FOUND","Desired Access: Query Value"
677. "19:17:48.7174786","logger.exe","3388","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\InheritConsoleHandles","NAME NOT FOUND","Length: 144"
678. "19:17:48.7175482","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer","NAME NOT FOUND","Desired Access: Query Value"
679. "19:17:48.7176113","logger.exe","3388","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\RestrictRun","NAME NOT FOUND","Length: 144"
680. "19:17:48.7176689","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer","NAME NOT FOUND","Desired Access: Query Value"
681. "19:17:48.7177292","logger.exe","3388","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun","NAME NOT FOUND","Length: 144"
682. "19:17:48.7177854","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\cmd.exe","NAME NOT FOUND","Desired Access: Query Value"
683. "19:17:48.7178080","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\cmd.exe","NAME NOT FOUND","Desired Access: Query Value"
684. "19:17:48.7178421","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer","NAME NOT FOUND","Desired Access: Query Value"
685. "19:17:48.7179030","logger.exe","3388","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoRunasInstallPrompt","NAME NOT FOUND","Length: 144"
686. "19:17:48.7179586","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\cmd.exe","NAME NOT FOUND","Desired Access: Query Value"
687. "19:17:48.7192353","logger.exe","3388","RegOpenKey","HKLM\System\CurrentControlSet\Control\Session Manager\AppCertDlls","NAME NOT FOUND","Desired Access: Query Value"
688. "19:17:48.7617044","logger.exe","3388","CreateFile","C:\WINDOWS\AppPatch\systest.sdb","NAME NOT FOUND","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, AllocationSize: n/a"
689. "19:17:48.7617547","logger.exe","3388","RegOpenKey","HKLM\System\WPA\TabletPC","NAME NOT FOUND","Desired Access: Query Value, WOW64_64Key"
690. "19:17:48.7650235","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers","NAME NOT FOUND","Desired Access: Read, WOW64_64Key"
691. "19:17:48.7650718","logger.exe","3388","RegOpenKey","HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers","NAME NOT FOUND","Desired Access: Read, WOW64_64Key"
692. "19:17:48.7651028","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom\cmd.exe","NAME NOT FOUND","Desired Access: Read, WOW64_64Key"
693. "19:17:48.8427929","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags","NAME NOT FOUND","Desired Access: Read, WOW64_64Key"
694. "19:17:48.8428418","logger.exe","3388","RegOpenKey","HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags","NAME NOT FOUND","Desired Access: Read, WOW64_64Key"
695. "19:17:48.8458229","logger.exe","3388","RegOpenKey","HKLM\System\CurrentControlSet\Control\SafeBoot\Option","NAME NOT FOUND","Desired Access: Query Value, Set Value"
696. "19:17:48.8462679","logger.exe","3388","RegOpenKey","HKLM\Software\Policies\Microsoft\Windows\Safer\LevelObjects","NAME NOT FOUND","Desired Access: Read"
697. "19:17:48.8463288","logger.exe","3388","RegQueryValue","HKLM\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\Levels","NAME NOT FOUND","Length: 536"
698. "19:17:48.8651242","logger.exe","3388","RegEnumKey","HKLM\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths","NO MORE ENTRIES","Index: 1, Length: 280"
699. "19:17:48.8662031","logger.exe","3388","RegEnumKey","HKLM\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes","NO MORE ENTRIES","Index: 5, Length: 280"
700. "19:17:48.8662450","logger.exe","3388","RegOpenKey","HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\UrlZones","NAME NOT FOUND","Desired Access: Read"
701. "19:17:48.8662713","logger.exe","3388","RegOpenKey","HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\4096\Paths","NAME NOT FOUND","Desired Access: Read"
702. "19:17:48.8662959","logger.exe","3388","RegOpenKey","HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\4096\Hashes","NAME NOT FOUND","Desired Access: Read"
703. "19:17:48.8663185","logger.exe","3388","RegOpenKey","HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\4096\UrlZones","NAME NOT FOUND","Desired Access: Read"
704. "19:17:48.8663423","logger.exe","3388","RegOpenKey","HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\65536\Paths","NAME NOT FOUND","Desired Access: Read"
705. "19:17:48.8770185","logger.exe","3388","RegOpenKey","HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\65536\Hashes","NAME NOT FOUND","Desired Access: Read"
706. "19:17:48.8770498","logger.exe","3388","RegOpenKey","HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\65536\UrlZones","NAME NOT FOUND","Desired Access: Read"
707. "19:17:48.8770735","logger.exe","3388","RegOpenKey","HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\131072\Paths","NAME NOT FOUND","Desired Access: Read"
708. "19:17:48.8770981","logger.exe","3388","RegOpenKey","HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\131072\Hashes","NAME NOT FOUND","Desired Access: Read"
709. "19:17:48.8771216","logger.exe","3388","RegOpenKey","HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\131072\UrlZones","NAME NOT FOUND","Desired Access: Read"
710. "19:17:48.8771450","logger.exe","3388","RegOpenKey","HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths","NAME NOT FOUND","Desired Access: Read"
711. "19:17:48.8771685","logger.exe","3388","RegOpenKey","HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Hashes","NAME NOT FOUND","Desired Access: Read"
712. "19:17:48.8771911","logger.exe","3388","RegOpenKey","HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\UrlZones","NAME NOT FOUND","Desired Access: Read"
713. "19:17:48.8772361","logger.exe","3388","RegOpenKey","HKCU\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths","NAME NOT FOUND","Desired Access: Read"
714. "19:17:48.8772822","logger.exe","3388","RegOpenKey","HKCU\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes","NAME NOT FOUND","Desired Access: Read"
715. "19:17:48.8773238","logger.exe","3388","RegOpenKey","HKCU\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\UrlZones","NAME NOT FOUND","Desired Access: Read"
716. "19:17:48.8773654","logger.exe","3388","RegOpenKey","HKCU\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\4096\Paths","NAME NOT FOUND","Desired Access: Read"
717. "19:17:48.8774076","logger.exe","3388","RegOpenKey","HKCU\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\4096\Hashes","NAME NOT FOUND","Desired Access: Read"
718. "19:17:48.8774492","logger.exe","3388","RegOpenKey","HKCU\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\4096\UrlZones","NAME NOT FOUND","Desired Access: Read"
719. "19:17:48.8774914","logger.exe","3388","RegOpenKey","HKCU\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\65536\Paths","NAME NOT FOUND","Desired Access: Read"
720. "19:17:48.8775333","logger.exe","3388","RegOpenKey","HKCU\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\65536\Hashes","NAME NOT FOUND","Desired Access: Read"
721. "19:17:48.8775747","logger.exe","3388","RegOpenKey","HKCU\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\65536\UrlZones","NAME NOT FOUND","Desired Access: Read"
722. "19:17:48.8776163","logger.exe","3388","RegOpenKey","HKCU\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\131072\Paths","NAME NOT FOUND","Desired Access: Read"
723. "19:17:48.8776579","logger.exe","3388","RegOpenKey","HKCU\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\131072\Hashes","NAME NOT FOUND","Desired Access: Read"
724. "19:17:48.8776993","logger.exe","3388","RegOpenKey","HKCU\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\131072\UrlZones","NAME NOT FOUND","Desired Access: Read"
725. "19:17:48.8777406","logger.exe","3388","RegOpenKey","HKCU\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths","NAME NOT FOUND","Desired Access: Read"
726. "19:17:48.8777820","logger.exe","3388","RegOpenKey","HKCU\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Hashes","NAME NOT FOUND","Desired Access: Read"
727. "19:17:48.8778230","logger.exe","3388","RegOpenKey","HKCU\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\UrlZones","NAME NOT FOUND","Desired Access: Read"
728. "19:17:48.8779566","logger.exe","3388","RegOpenKey","HKCU\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers","NAME NOT FOUND","Desired Access: Read"
729. "19:17:48.8860987","logger.exe","3388","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cache","BUFFER OVERFLOW","Length: 144"
730. "19:17:48.8862643","logger.exe","3388","RegQueryValue","HKLM\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\LogFileName","NAME NOT FOUND","Length: 536"
731. "19:17:48.8863054","logger.exe","3388","RegOpenKey","HKLM\System\CurrentControlSet\Control\SafeBoot\Option","NAME NOT FOUND","Desired Access: Query Value, Set Value"
732. "19:17:48.8864090","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmd.exe","NAME NOT FOUND","Desired Access: Read"
733. "19:17:48.9057654","logger.exe","3388","CreateFile","C:\WINDOWS\system32\cmd.exe.Manifest","NAME NOT FOUND","Desired Access: Generic Read/Execute, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, AllocationSize: n/a"
734. "19:17:54.5584246","logger.exe","3388","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Run\gens","NAME NOT FOUND","Length: 144"
735. "19:17:54.5957255","logger.exe","3388","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MaximizeApps","NAME NOT FOUND","Length: 144"
736. "19:17:54.5957858","logger.exe","3388","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MaximizeApps","NAME NOT FOUND","Length: 144"
737. "19:17:54.5988773","logger.exe","3388","CreateFile","C:\Documents and Settings\%USER%\%Desktop%\cmd.exe","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
738. "19:17:54.6002981","logger.exe","3388","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\{1f4de370-d627-11d1-ba4f-00a0c91eedba}\SuppressionPolicy","NAME NOT FOUND","Length: 144"
739. "19:17:54.6004283","logger.exe","3388","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\{450D8FBA-AD25-11D0-98A8-0800361B1103}\SuppressionPolicy","NAME NOT FOUND","Length: 144"
740. "19:17:54.6005588","logger.exe","3388","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\{645FF040-5081-101B-9F08-00AA002F954E}\SuppressionPolicy","NAME NOT FOUND","Length: 144"
741. "19:17:54.6006828","logger.exe","3388","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\{e17d4fc0-5564-11d1-83f2-00a0c90dc849}\SuppressionPolicy","NAME NOT FOUND","Length: 144"
742. "19:17:54.6007431","logger.exe","3388","RegEnumKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace","NO MORE ENTRIES","Index: 4, Length: 288"
743. "19:17:54.6062947","logger.exe","3388","RegOpenKey","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace","NAME NOT FOUND","Desired Access: Read"
744. "19:17:54.6064441","logger.exe","3388","RegOpenKey","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\000000000000d5c0\Desktop\NameSpace","NAME NOT FOUND","Desired Access: Read"
745. "19:17:54.6065455","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder","NAME NOT FOUND","Desired Access: Maximum Allowed"
746. "19:17:54.6066520","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder","NAME NOT FOUND","Desired Access: Maximum Allowed"
747. "19:17:54.6066872","logger.exe","3388","RegQueryValue","HKCR\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\WantsParseDisplayName","NAME NOT FOUND","Length: 144"
748. "19:17:54.6067682","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder","NAME NOT FOUND","Desired Access: Maximum Allowed"
749. "19:17:54.6068637","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder","NAME NOT FOUND","Desired Access: Maximum Allowed"
750. "19:17:54.6068970","logger.exe","3388","RegQueryValue","HKCR\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\WantsParseDisplayName","NAME NOT FOUND","Length: 144"
751. "19:17:54.6069758","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder","NAME NOT FOUND","Desired Access: Maximum Allowed"
752. "19:17:54.6070699","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder","NAME NOT FOUND","Desired Access: Maximum Allowed"
753. "19:17:54.6075267","logger.exe","3388","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Objects\{871C5380-42A0-1069-A2EA-08002B30309D}","NAME NOT FOUND","Desired Access: Query Value"
754. "19:17:54.6076024","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\InProcServer32","NAME NOT FOUND","Desired Access: Query Value"
755. "19:17:54.6076990","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\InProcServer32","NAME NOT FOUND","Desired Access: Maximum Allowed"
756. "19:17:54.6078049","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\InProcServer32","NAME NOT FOUND","Desired Access: Maximum Allowed"
757. "19:17:54.6078382","logger.exe","3388","RegQueryValue","HKCR\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\InProcServer32\LoadWithoutCOM","NAME NOT FOUND","Length: 144"
758. "19:17:54.6078999","logger.exe","3388","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Blocked\{871C5380-42A0-1069-A2EA-08002B30309D}","NAME NOT FOUND","Length: 144"
759. "19:17:54.6079276","logger.exe","3388","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Blocked\{871C5380-42A0-1069-A2EA-08002B30309D}","NAME NOT FOUND","Length: 144"
760. "19:17:54.6079731","logger.exe","3388","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{871C5380-42A0-1069-A2EA-08002B30309D} {000214E6-0000-0000-C000-000000000046} 0x401","NAME NOT FOUND","Length: 144"
761. "19:17:54.6096093","logger.exe","3388","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Objects\{871C5380-42A0-1069-A2EA-08002B30309D}","NAME NOT FOUND","Desired Access: Query Value"
762. "19:17:54.6097390","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{1F4DE370-D627-11D1-BA4F-00A0C91EEDBA}\ShellFolder","NAME NOT FOUND","Desired Access: Maximum Allowed"
763. "19:17:54.6098415","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{1f4de370-d627-11d1-ba4f-00a0c91eedba}\ShellFolder","NAME NOT FOUND","Desired Access: Maximum Allowed"
764. "19:17:54.6098767","logger.exe","3388","RegQueryValue","HKCR\CLSID\{1f4de370-d627-11d1-ba4f-00a0c91eedba}\ShellFolder\WantsParseDisplayName","NAME NOT FOUND","Length: 144"
765. "19:17:54.6099602","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{450D8FBA-AD25-11D0-98A8-0800361B1103}\ShellFolder","NAME NOT FOUND","Desired Access: Maximum Allowed"
766. "19:17:54.6100560","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{450D8FBA-AD25-11D0-98A8-0800361B1103}\ShellFolder","NAME NOT FOUND","Desired Access: Maximum Allowed"
767. "19:17:54.6100896","logger.exe","3388","RegQueryValue","HKCR\CLSID\{450D8FBA-AD25-11D0-98A8-0800361B1103}\ShellFolder\WantsParseDisplayName","NAME NOT FOUND","Length: 144"
768. "19:17:54.6101703","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\ShellFolder","NAME NOT FOUND","Desired Access: Maximum Allowed"
769. "19:17:54.6102645","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\ShellFolder","NAME NOT FOUND","Desired Access: Maximum Allowed"
770. "19:17:54.6102974","logger.exe","3388","RegQueryValue","HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\ShellFolder\WantsParseDisplayName","NAME NOT FOUND","Length: 144"
771. "19:17:54.6103762","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{E17D4FC0-5564-11D1-83F2-00A0C90DC849}\ShellFolder","NAME NOT FOUND","Desired Access: Maximum Allowed"
772. "19:17:54.6104703","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{e17d4fc0-5564-11d1-83f2-00a0c90dc849}\ShellFolder","NAME NOT FOUND","Desired Access: Maximum Allowed"
773. "19:17:54.6105041","logger.exe","3388","RegQueryValue","HKCR\CLSID\{e17d4fc0-5564-11d1-83f2-00a0c90dc849}\ShellFolder\WantsParseDisplayName","NAME NOT FOUND","Length: 144"
774. "19:17:54.6106625","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{AEB6717E-7E19-11D0-97EE-00C04FD91972}\InProcServer32","NAME NOT FOUND","Desired Access: Query Value"
775. "19:17:54.6107561","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\InProcServer32","NAME NOT FOUND","Desired Access: Maximum Allowed"
776. "19:17:54.6108461","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\InProcServer32","NAME NOT FOUND","Desired Access: Maximum Allowed"
777. "19:17:54.6108782","logger.exe","3388","RegQueryValue","HKCR\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\InProcServer32\LoadWithoutCOM","NAME NOT FOUND","Length: 144"
778. "19:17:54.6109307","logger.exe","3388","RegEnumValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks","NO MORE ENTRIES","Index: 1, Length: 220"
779. "19:17:54.6115311","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\cmd.exe","NAME NOT FOUND","Desired Access: Query Value"
780. "19:17:54.6120518","logger.exe","3388","CreateFile","C:\Documents and Settings\%USER%\%Desktop%\cmd.exe","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
781. "19:17:54.6161870","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\.exe","NAME NOT FOUND","Desired Access: Query Value"
782. "19:17:54.6162758","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\.exe","NAME NOT FOUND","Desired Access: Maximum Allowed"
783. "19:17:54.6163756","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\.ade","NAME NOT FOUND","Desired Access: Query Value"
784. "19:17:54.6213189","logger.exe","3388","RegOpenKey","HKCR\.ade","NAME NOT FOUND","Desired Access: Query Value"
785. "19:17:54.6213717","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\.adp","NAME NOT FOUND","Desired Access: Query Value"
786. "19:17:54.6213854","logger.exe","3388","RegOpenKey","HKCR\.adp","NAME NOT FOUND","Desired Access: Query Value"
787. "19:17:54.6214282","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\.app","NAME NOT FOUND","Desired Access: Query Value"
788. "19:17:54.6214410","logger.exe","3388","RegOpenKey","HKCR\.app","NAME NOT FOUND","Desired Access: Query Value"
789. "19:17:54.6214826","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\.asp","NAME NOT FOUND","Desired Access: Query Value"
790. "19:17:54.6215634","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\.asp","NAME NOT FOUND","Desired Access: Maximum Allowed"
791. "19:17:54.6216612","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\.bas","NAME NOT FOUND","Desired Access: Query Value"
792. "19:17:54.6216751","logger.exe","3388","RegOpenKey","HKCR\.bas","NAME NOT FOUND","Desired Access: Query Value"
793. "19:17:54.6217179","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\.bat","NAME NOT FOUND","Desired Access: Query Value"
794. "19:17:54.6217930","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\.bat","NAME NOT FOUND","Desired Access: Maximum Allowed"
795. "19:17:54.6218838","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\.cer","NAME NOT FOUND","Desired Access: Query Value"
796. "19:17:54.6219581","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\.cer","NAME NOT FOUND","Desired Access: Maximum Allowed"
797. "19:17:54.6220484","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\.chm","NAME NOT FOUND","Desired Access: Query Value"
798. "19:17:54.6221215","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\.chm","NAME NOT FOUND","Desired Access: Maximum Allowed"
799. "19:17:54.6222109","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\.cmd","NAME NOT FOUND","Desired Access: Query Value"
800. "19:17:54.6222839","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\.cmd","NAME NOT FOUND","Desired Access: Maximum Allowed"
801. "19:17:54.6223735","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\.com","NAME NOT FOUND","Desired Access: Query Value"
802. "19:17:54.6224464","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\.com","NAME NOT FOUND","Desired Access: Maximum Allowed"
803. "19:17:54.6226183","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\.cpl","NAME NOT FOUND","Desired Access: Query Value"
804. "19:17:54.6226945","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\.cpl","NAME NOT FOUND","Desired Access: Maximum Allowed"
805. "19:17:54.6227859","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\.crt","NAME NOT FOUND","Desired Access: Query Value"
806. "19:17:54.6228596","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\.crt","NAME NOT FOUND","Desired Access: Maximum Allowed"
807. "19:17:54.6229493","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\.csh","NAME NOT FOUND","Desired Access: Query Value"
808. "19:17:54.6229630","logger.exe","3388","RegOpenKey","HKCR\.csh","NAME NOT FOUND","Desired Access: Query Value"
809. "19:17:54.6230502","logger.exe","3388","RegOpenKey","HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\","NAME NOT FOUND","Desired Access: Read"
810. "19:17:54.6230795","logger.exe","3388","RegOpenKey","HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\","NAME NOT FOUND","Desired Access: Read"
811. "19:17:54.6233650","logger.exe","3388","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Objects\{20D04FE0-3AEA-1069-A2D8-08002B30309D}","NAME NOT FOUND","Desired Access: Query Value"
812. "19:17:54.6234642","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32","NAME NOT FOUND","Desired Access: Query Value"
813. "19:17:54.6235603","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32","NAME NOT FOUND","Desired Access: Maximum Allowed"
814. "19:17:54.6252854","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\Drive\shellex\FolderExtensions","NAME NOT FOUND","Desired Access: Enumerate Sub Keys"
815. "19:17:54.6253820","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\Drive\shellex\FolderExtensions","NAME NOT FOUND","Desired Access: Maximum Allowed"
816. "19:17:54.6254577","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\Drive\shellex\FolderExtensions\{fbeb8a05-beee-4442-804e-409d6c4515e9}","NAME NOT FOUND","Desired Access: Query Value"
817. "19:17:54.6255541","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\Drive\shellex\FolderExtensions\{fbeb8a05-beee-4442-804e-409d6c4515e9}","NAME NOT FOUND","Desired Access: Maximum Allowed"
818. "19:17:54.6256471","logger.exe","3388","RegEnumKey","HKCR\Drive\shellex\FolderExtensions","NO MORE ENTRIES","Index: 1, Length: 288"
819. "19:17:54.6276938","logger.exe","3388","RegOpenKey","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.exe","NAME NOT FOUND","Desired Access: Maximum Allowed"
820. "19:17:54.6277253","logger.exe","3388","RegOpenKey","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.exe","NAME NOT FOUND","Desired Access: Maximum Allowed"
821. "19:17:54.6277753","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\.exe","NAME NOT FOUND","Desired Access: Maximum Allowed"
822. "19:17:54.6278656","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\.exe","NAME NOT FOUND","Desired Access: Maximum Allowed"
823. "19:17:54.6279363","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\exefile","NAME NOT FOUND","Desired Access: Maximum Allowed"
824. "19:17:54.6280201","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\exefile\CurVer","NAME NOT FOUND","Desired Access: Query Value"
825. "19:17:54.6280474","logger.exe","3388","RegOpenKey","HKCR\exefile\CurVer","NAME NOT FOUND","Desired Access: Query Value"
826. "19:17:54.6280994","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\exefile","NAME NOT FOUND","Desired Access: Maximum Allowed"
827. "19:17:54.6282355","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\exefile\shell","NAME NOT FOUND","Desired Access: Maximum Allowed"
828. "19:17:54.6283237","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\exefile\shell","NAME NOT FOUND","Desired Access: Maximum Allowed"
829. "19:17:54.6283514","logger.exe","3388","RegQueryValue","HKCR\exefile\shell\(Default)","NAME NOT FOUND","Length: 144"
830. "19:17:54.6284011","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\exefile\shell\open","NAME NOT FOUND","Desired Access: Maximum Allowed"
831. "19:17:54.6285260","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\exefile\shell\open\command","NAME NOT FOUND","Desired Access: Query Value"
832. "19:17:54.6286168","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\exefile\shell\open\command","NAME NOT FOUND","Desired Access: Maximum Allowed"
833. "19:17:54.6287358","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\exefile\shell\open\command","NAME NOT FOUND","Desired Access: Query Value"
834. "19:17:54.6288244","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\exefile\shell\open\command","NAME NOT FOUND","Desired Access: Maximum Allowed"
835. "19:17:54.6288531","logger.exe","3388","RegQueryValue","HKCR\exefile\shell\open\command\command","NAME NOT FOUND","Length: 144"
836. "19:17:54.6289143","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\cmd.exe","NAME NOT FOUND","Desired Access: Query Value"
837. "19:17:54.6289766","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\exefile\shell\open\command","NAME NOT FOUND","Desired Access: Query Value"
838. "19:17:54.6290680","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\exefile\shell\open\command","NAME NOT FOUND","Desired Access: Maximum Allowed"
839. "19:17:54.6291831","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\exefile\shell\open\ddeexec","NAME NOT FOUND","Desired Access: Query Value"
840. "19:17:54.6292113","logger.exe","3388","RegOpenKey","HKCR\exefile\shell\open\ddeexec","NAME NOT FOUND","Desired Access: Query Value"
841. "19:17:54.6293255","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\Applications\cmd.exe","NAME NOT FOUND","Desired Access: Maximum Allowed"
842. "19:17:54.6293423","logger.exe","3388","RegOpenKey","HKCR\Applications\cmd.exe","NAME NOT FOUND","Desired Access: Maximum Allowed"
843. "19:17:54.6390039","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\cmd.exe","NAME NOT FOUND","Desired Access: Query Value"
844. "19:17:54.6390597","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\cmd.exe","NAME NOT FOUND","Desired Access: Query Value"
845. "19:17:54.6390818","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\cmd.exe","NAME NOT FOUND","Desired Access: Query Value"
846. "19:17:54.6391176","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\cmd.exe","NAME NOT FOUND","Desired Access: Query Value"
847. "19:17:54.6415357","logger.exe","3388","CreateFile","C:\WINDOWS\AppPatch\systest.sdb","NAME NOT FOUND","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, AllocationSize: n/a"
848. "19:17:54.6415788","logger.exe","3388","RegOpenKey","HKLM\System\WPA\TabletPC","NAME NOT FOUND","Desired Access: Query Value, WOW64_64Key"
849. "19:17:54.6448535","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers","NAME NOT FOUND","Desired Access: Read, WOW64_64Key"
850. "19:17:54.6449015","logger.exe","3388","RegOpenKey","HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers","NAME NOT FOUND","Desired Access: Read, WOW64_64Key"
851. "19:17:54.6449320","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom\cmd.exe","NAME NOT FOUND","Desired Access: Read, WOW64_64Key"
852. "19:17:54.6573562","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags","NAME NOT FOUND","Desired Access: Read, WOW64_64Key"
853. "19:17:54.6574034","logger.exe","3388","RegOpenKey","HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags","NAME NOT FOUND","Desired Access: Read, WOW64_64Key"
854. "19:17:54.6608594","logger.exe","3388","RegOpenKey","HKLM\System\CurrentControlSet\Control\SafeBoot\Option","NAME NOT FOUND","Desired Access: Query Value, Set Value"
855. "19:17:54.6610966","logger.exe","3388","RegOpenKey","HKCU\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers","NAME NOT FOUND","Desired Access: Maximum Allowed"
856. "19:17:54.6698835","logger.exe","3388","RegQueryValue","HKLM\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\LogFileName","NAME NOT FOUND","Length: 536"
857. "19:17:54.6699880","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmd.exe","NAME NOT FOUND","Desired Access: Read"
858. "19:17:54.6704995","logger.exe","3388","CreateFile","C:\WINDOWS\system32\cmd.exe.Manifest","NAME NOT FOUND","Desired Access: Generic Read/Execute, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, AllocationSize: n/a"
859. "19:17:54.6770140","logger.exe","3388","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Run\gens","NAME NOT FOUND","Length: 144"
860. "19:17:54.6771428","logger.exe","3388","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MaximizeApps","NAME NOT FOUND","Length: 144"
861. "19:17:54.6772031","logger.exe","3388","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MaximizeApps","NAME NOT FOUND","Length: 144"
862. "19:17:54.6821473","logger.exe","3388","CreateFile","C:\Documents and Settings\%USER%\%Desktop%\cmd.exe","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
863. "19:17:54.6823636","logger.exe","3388","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\{1f4de370-d627-11d1-ba4f-00a0c91eedba}\SuppressionPolicy","NAME NOT FOUND","Length: 144"
864. "19:17:54.6847161","logger.exe","3388","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\{450D8FBA-AD25-11D0-98A8-0800361B1103}\SuppressionPolicy","NAME NOT FOUND","Length: 144"
865. "19:17:54.6848535","logger.exe","3388","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\{645FF040-5081-101B-9F08-00AA002F954E}\SuppressionPolicy","NAME NOT FOUND","Length: 144"
866. "19:17:54.6849787","logger.exe","3388","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\{e17d4fc0-5564-11d1-83f2-00a0c90dc849}\SuppressionPolicy","NAME NOT FOUND","Length: 144"
867. "19:17:54.6850396","logger.exe","3388","RegEnumKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace","NO MORE ENTRIES","Index: 4, Length: 288"
868. "19:17:54.6850854","logger.exe","3388","RegOpenKey","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace","NAME NOT FOUND","Desired Access: Read"
869. "19:17:54.6852282","logger.exe","3388","RegOpenKey","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\000000000000d5c0\Desktop\NameSpace","NAME NOT FOUND","Desired Access: Read"
870. "19:17:54.6881998","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder","NAME NOT FOUND","Desired Access: Maximum Allowed"
871. "19:17:54.6883112","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder","NAME NOT FOUND","Desired Access: Maximum Allowed"
872. "19:17:54.6883467","logger.exe","3388","RegQueryValue","HKCR\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\WantsParseDisplayName","NAME NOT FOUND","Length: 144"
873. "19:17:54.6884308","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder","NAME NOT FOUND","Desired Access: Maximum Allowed"
874. "19:17:54.6885269","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder","NAME NOT FOUND","Desired Access: Maximum Allowed"
875. "19:17:54.6885602","logger.exe","3388","RegQueryValue","HKCR\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\WantsParseDisplayName","NAME NOT FOUND","Length: 144"
876. "19:17:54.6886389","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder","NAME NOT FOUND","Desired Access: Maximum Allowed"
877. "19:17:54.6887339","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder","NAME NOT FOUND","Desired Access: Maximum Allowed"
878. "19:17:54.6888351","logger.exe","3388","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Objects\{871C5380-42A0-1069-A2EA-08002B30309D}","NAME NOT FOUND","Desired Access: Query Value"
879. "19:17:54.6889063","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\InProcServer32","NAME NOT FOUND","Desired Access: Query Value"
880. "19:17:54.6889976","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\InProcServer32","NAME NOT FOUND","Desired Access: Maximum Allowed"
881. "19:17:54.6890996","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\InProcServer32","NAME NOT FOUND","Desired Access: Maximum Allowed"
882. "19:17:54.6891326","logger.exe","3388","RegQueryValue","HKCR\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\InProcServer32\LoadWithoutCOM","NAME NOT FOUND","Length: 144"
883. "19:17:54.6891932","logger.exe","3388","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Blocked\{871C5380-42A0-1069-A2EA-08002B30309D}","NAME NOT FOUND","Length: 144"
884. "19:17:54.6892203","logger.exe","3388","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Blocked\{871C5380-42A0-1069-A2EA-08002B30309D}","NAME NOT FOUND","Length: 144"
885. "19:17:54.6892622","logger.exe","3388","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{871C5380-42A0-1069-A2EA-08002B30309D} {000214E6-0000-0000-C000-000000000046} 0x401","NAME NOT FOUND","Length: 144"
886. "19:17:54.6899556","logger.exe","3388","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Objects\{871C5380-42A0-1069-A2EA-08002B30309D}","NAME NOT FOUND","Desired Access: Query Value"
887. "19:17:54.6900651","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{1F4DE370-D627-11D1-BA4F-00A0C91EEDBA}\ShellFolder","NAME NOT FOUND","Desired Access: Maximum Allowed"
888. "19:17:54.6901657","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{1f4de370-d627-11d1-ba4f-00a0c91eedba}\ShellFolder","NAME NOT FOUND","Desired Access: Maximum Allowed"
889. "19:17:54.6902003","logger.exe","3388","RegQueryValue","HKCR\CLSID\{1f4de370-d627-11d1-ba4f-00a0c91eedba}\ShellFolder\WantsParseDisplayName","NAME NOT FOUND","Length: 144"
890. "19:17:54.6902808","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{450D8FBA-AD25-11D0-98A8-0800361B1103}\ShellFolder","NAME NOT FOUND","Desired Access: Maximum Allowed"
891. "19:17:54.6903749","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{450D8FBA-AD25-11D0-98A8-0800361B1103}\ShellFolder","NAME NOT FOUND","Desired Access: Maximum Allowed"
892. "19:17:54.6904082","logger.exe","3388","RegQueryValue","HKCR\CLSID\{450D8FBA-AD25-11D0-98A8-0800361B1103}\ShellFolder\WantsParseDisplayName","NAME NOT FOUND","Length: 144"
893. "19:17:54.6904886","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\ShellFolder","NAME NOT FOUND","Desired Access: Maximum Allowed"
894. "19:17:54.6905816","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\ShellFolder","NAME NOT FOUND","Desired Access: Maximum Allowed"
895. "19:17:54.6906146","logger.exe","3388","RegQueryValue","HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\ShellFolder\WantsParseDisplayName","NAME NOT FOUND","Length: 144"
896. "19:17:54.6906920","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{E17D4FC0-5564-11D1-83F2-00A0C90DC849}\ShellFolder","NAME NOT FOUND","Desired Access: Maximum Allowed"
897. "19:17:54.6907850","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{e17d4fc0-5564-11d1-83f2-00a0c90dc849}\ShellFolder","NAME NOT FOUND","Desired Access: Maximum Allowed"
898. "19:17:54.6908183","logger.exe","3388","RegQueryValue","HKCR\CLSID\{e17d4fc0-5564-11d1-83f2-00a0c90dc849}\ShellFolder\WantsParseDisplayName","NAME NOT FOUND","Length: 144"
899. "19:17:54.6909761","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{AEB6717E-7E19-11D0-97EE-00C04FD91972}\InProcServer32","NAME NOT FOUND","Desired Access: Query Value"
900. "19:17:54.6910683","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\InProcServer32","NAME NOT FOUND","Desired Access: Maximum Allowed"
901. "19:17:54.6911571","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\InProcServer32","NAME NOT FOUND","Desired Access: Maximum Allowed"
902. "19:17:54.6911898","logger.exe","3388","RegQueryValue","HKCR\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\InProcServer32\LoadWithoutCOM","NAME NOT FOUND","Length: 144"
903. "19:17:54.6912418","logger.exe","3388","RegEnumValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks","NO MORE ENTRIES","Index: 1, Length: 220"
904. "19:17:54.6912951","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\cmd.exe","NAME NOT FOUND","Desired Access: Query Value"
905. "19:17:54.7828976","logger.exe","3388","CreateFile","C:\Documents and Settings\%USER%\%Desktop%\cmd.exe","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
906. "19:17:55.2868558","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\.exe","NAME NOT FOUND","Desired Access: Query Value"
907. "19:17:55.2869172","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\.exe","NAME NOT FOUND","Desired Access: Maximum Allowed"
908. "19:17:55.2869871","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\.ade","NAME NOT FOUND","Desired Access: Query Value"
909. "19:17:55.2869963","logger.exe","3388","RegOpenKey","HKCR\.ade","NAME NOT FOUND","Desired Access: Query Value"
910. "19:17:55.2870225","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\.adp","NAME NOT FOUND","Desired Access: Query Value"
911. "19:17:55.2870309","logger.exe","3388","RegOpenKey","HKCR\.adp","NAME NOT FOUND","Desired Access: Query Value"
912. "19:17:55.2870555","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\.app","NAME NOT FOUND","Desired Access: Query Value"
913. "19:17:55.2870642","logger.exe","3388","RegOpenKey","HKCR\.app","NAME NOT FOUND","Desired Access: Query Value"
914. "19:17:55.2870890","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\.asp","NAME NOT FOUND","Desired Access: Query Value"
915. "19:17:55.2871334","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\.asp","NAME NOT FOUND","Desired Access: Maximum Allowed"
916. "19:17:55.2900503","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\.bas","NAME NOT FOUND","Desired Access: Query Value"
917. "19:17:55.2900606","logger.exe","3388","RegOpenKey","HKCR\.bas","NAME NOT FOUND","Desired Access: Query Value"
918. "19:17:55.2900877","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\.bat","NAME NOT FOUND","Desired Access: Query Value"
919. "19:17:55.2901363","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\.bat","NAME NOT FOUND","Desired Access: Maximum Allowed"
920. "19:17:55.2901972","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\.cer","NAME NOT FOUND","Desired Access: Query Value"
921. "19:17:55.2902425","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\.cer","NAME NOT FOUND","Desired Access: Maximum Allowed"
922. "19:17:55.2902975","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\.chm","NAME NOT FOUND","Desired Access: Query Value"
923. "19:17:55.2903417","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\.chm","NAME NOT FOUND","Desired Access: Maximum Allowed"
924. "19:17:55.2903959","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\.cmd","NAME NOT FOUND","Desired Access: Query Value"
925. "19:17:55.2904397","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\.cmd","NAME NOT FOUND","Desired Access: Maximum Allowed"
926. "19:17:55.2904934","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\.com","NAME NOT FOUND","Desired Access: Query Value"
927. "19:17:55.2905367","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\.com","NAME NOT FOUND","Desired Access: Maximum Allowed"
928. "19:17:55.2905900","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\.cpl","NAME NOT FOUND","Desired Access: Query Value"
929. "19:17:55.2906336","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\.cpl","NAME NOT FOUND","Desired Access: Maximum Allowed"
930. "19:17:55.2936703","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\.crt","NAME NOT FOUND","Desired Access: Query Value"
931. "19:17:55.2937220","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\.crt","NAME NOT FOUND","Desired Access: Maximum Allowed"
932. "19:17:55.2937848","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\.csh","NAME NOT FOUND","Desired Access: Query Value"
933. "19:17:55.2937938","logger.exe","3388","RegOpenKey","HKCR\.csh","NAME NOT FOUND","Desired Access: Query Value"
934. "19:17:55.2938558","logger.exe","3388","RegOpenKey","HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\","NAME NOT FOUND","Desired Access: Read"
935. "19:17:55.2938745","logger.exe","3388","RegOpenKey","HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\","NAME NOT FOUND","Desired Access: Read"
936. "19:17:55.2967875","logger.exe","3388","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Objects\{20D04FE0-3AEA-1069-A2D8-08002B30309D}","NAME NOT FOUND","Desired Access: Query Value"
937. "19:17:55.2968562","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32","NAME NOT FOUND","Desired Access: Query Value"
938. "19:17:55.2969202","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32","NAME NOT FOUND","Desired Access: Maximum Allowed"
939. "19:17:55.3025117","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\Drive\shellex\FolderExtensions","NAME NOT FOUND","Desired Access: Enumerate Sub Keys"
940. "19:17:55.3025684","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\Drive\shellex\FolderExtensions","NAME NOT FOUND","Desired Access: Maximum Allowed"
941. "19:17:55.3026136","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\Drive\shellex\FolderExtensions\{fbeb8a05-beee-4442-804e-409d6c4515e9}","NAME NOT FOUND","Desired Access: Query Value"
942. "19:17:55.3026703","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\Drive\shellex\FolderExtensions\{fbeb8a05-beee-4442-804e-409d6c4515e9}","NAME NOT FOUND","Desired Access: Maximum Allowed"
943. "19:17:55.3055224","logger.exe","3388","RegEnumKey","HKCR\Drive\shellex\FolderExtensions","NO MORE ENTRIES","Index: 1, Length: 288"
944. "19:17:55.3247801","logger.exe","3388","RegOpenKey","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.exe","NAME NOT FOUND","Desired Access: Maximum Allowed"
945. "19:17:55.3247994","logger.exe","3388","RegOpenKey","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.exe","NAME NOT FOUND","Desired Access: Maximum Allowed"
946. "19:17:55.3248321","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\.exe","NAME NOT FOUND","Desired Access: Maximum Allowed"
947. "19:17:55.3248916","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\.exe","NAME NOT FOUND","Desired Access: Maximum Allowed"
948. "19:17:55.3249343","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\exefile","NAME NOT FOUND","Desired Access: Maximum Allowed"
949. "19:17:55.3249860","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\exefile\CurVer","NAME NOT FOUND","Desired Access: Query Value"
950. "19:17:55.3250025","logger.exe","3388","RegOpenKey","HKCR\exefile\CurVer","NAME NOT FOUND","Desired Access: Query Value"
951. "19:17:55.3250327","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\exefile","NAME NOT FOUND","Desired Access: Maximum Allowed"
952. "19:17:55.3272195","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\exefile\shell","NAME NOT FOUND","Desired Access: Maximum Allowed"
953. "19:17:55.3272754","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\exefile\shell","NAME NOT FOUND","Desired Access: Maximum Allowed"
954. "19:17:55.3272919","logger.exe","3388","RegQueryValue","HKCR\exefile\shell\(Default)","NAME NOT FOUND","Length: 144"
955. "19:17:55.3273223","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\exefile\shell\open","NAME NOT FOUND","Desired Access: Maximum Allowed"
956. "19:17:55.3273997","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\exefile\shell\open\command","NAME NOT FOUND","Desired Access: Query Value"
957. "19:17:55.3274542","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\exefile\shell\open\command","NAME NOT FOUND","Desired Access: Maximum Allowed"
958. "19:17:55.3275263","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\exefile\shell\open\command","NAME NOT FOUND","Desired Access: Query Value"
959. "19:17:55.3275777","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\exefile\shell\open\command","NAME NOT FOUND","Desired Access: Maximum Allowed"
960. "19:17:55.3275947","logger.exe","3388","RegQueryValue","HKCR\exefile\shell\open\command\command","NAME NOT FOUND","Length: 144"
961. "19:17:55.3276350","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\cmd.exe","NAME NOT FOUND","Desired Access: Query Value"
962. "19:17:55.3276716","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\exefile\shell\open\command","NAME NOT FOUND","Desired Access: Query Value"
963. "19:17:55.3277235","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\exefile\shell\open\command","NAME NOT FOUND","Desired Access: Maximum Allowed"
964. "19:17:55.3277914","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\exefile\shell\open\ddeexec","NAME NOT FOUND","Desired Access: Query Value"
965. "19:17:55.3278084","logger.exe","3388","RegOpenKey","HKCR\exefile\shell\open\ddeexec","NAME NOT FOUND","Desired Access: Query Value"
966. "19:17:55.3278459","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\Applications\cmd.exe","NAME NOT FOUND","Desired Access: Maximum Allowed"
967. "19:17:55.3278565","logger.exe","3388","RegOpenKey","HKCR\Applications\cmd.exe","NAME NOT FOUND","Desired Access: Maximum Allowed"
968. "19:17:55.3365699","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\cmd.exe","NAME NOT FOUND","Desired Access: Query Value"
969. "19:17:55.3366051","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\cmd.exe","NAME NOT FOUND","Desired Access: Query Value"
970. "19:17:55.3366182","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\cmd.exe","NAME NOT FOUND","Desired Access: Query Value"
971. "19:17:55.3366403","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\cmd.exe","NAME NOT FOUND","Desired Access: Query Value"
972. "19:17:55.3430165","logger.exe","3388","CreateFile","C:\WINDOWS\AppPatch\systest.sdb","NAME NOT FOUND","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, AllocationSize: n/a"
973. "19:17:55.3430442","logger.exe","3388","RegOpenKey","HKLM\System\WPA\TabletPC","NAME NOT FOUND","Desired Access: Query Value, WOW64_64Key"
974. "19:17:55.3590448","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers","NAME NOT FOUND","Desired Access: Read, WOW64_64Key"
975. "19:17:55.3590778","logger.exe","3388","RegOpenKey","HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers","NAME NOT FOUND","Desired Access: Read, WOW64_64Key"
976. "19:17:55.3590982","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom\cmd.exe","NAME NOT FOUND","Desired Access: Read, WOW64_64Key"
977. "19:17:55.5715403","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags","NAME NOT FOUND","Desired Access: Read, WOW64_64Key"
978. "19:17:55.5715713","logger.exe","3388","RegOpenKey","HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags","NAME NOT FOUND","Desired Access: Read, WOW64_64Key"
979. "19:17:55.5848079","logger.exe","3388","RegOpenKey","HKLM\System\CurrentControlSet\Control\SafeBoot\Option","NAME NOT FOUND","Desired Access: Query Value, Set Value"
980. "19:17:55.5849590","logger.exe","3388","RegOpenKey","HKCU\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers","NAME NOT FOUND","Desired Access: Maximum Allowed"
981. "19:17:55.6008744","logger.exe","3388","RegQueryValue","HKLM\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\LogFileName","NAME NOT FOUND","Length: 536"
982. "19:17:55.6009493","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmd.exe","NAME NOT FOUND","Desired Access: Read"
983. "19:17:55.6317432","logger.exe","3388","CreateFile","C:\WINDOWS\system32\cmd.exe.Manifest","NAME NOT FOUND","Desired Access: Generic Read/Execute, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, AllocationSize: n/a"
984. "19:17:55.6409653","logger.exe","3388","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Run\gens","NAME NOT FOUND","Length: 144"
985. "19:17:55.6410611","logger.exe","3388","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MaximizeApps","NAME NOT FOUND","Length: 144"
986. "19:17:55.6411011","logger.exe","3388","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MaximizeApps","NAME NOT FOUND","Length: 144"
987. "19:17:55.6513904","logger.exe","3388","CreateFile","C:\Documents and Settings\%USER%\%Desktop%\cmd.exe","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
988. "19:17:55.6515429","logger.exe","3388","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\{1f4de370-d627-11d1-ba4f-00a0c91eedba}\SuppressionPolicy","NAME NOT FOUND","Length: 144"
989. "19:17:55.6516256","logger.exe","3388","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\{450D8FBA-AD25-11D0-98A8-0800361B1103}\SuppressionPolicy","NAME NOT FOUND","Length: 144"
990. "19:17:55.6517069","logger.exe","3388","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\{645FF040-5081-101B-9F08-00AA002F954E}\SuppressionPolicy","NAME NOT FOUND","Length: 144"
991. "19:17:55.6538345","logger.exe","3388","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\{e17d4fc0-5564-11d1-83f2-00a0c90dc849}\SuppressionPolicy","NAME NOT FOUND","Length: 144"
992. "19:17:55.6538756","logger.exe","3388","RegEnumKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace","NO MORE ENTRIES","Index: 4, Length: 288"
993. "19:17:55.6539060","logger.exe","3388","RegOpenKey","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace","NAME NOT FOUND","Desired Access: Read"
994. "19:17:55.6539999","logger.exe","3388","RegOpenKey","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\000000000000d5c0\Desktop\NameSpace","NAME NOT FOUND","Desired Access: Read"
995. "19:17:55.6540658","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder","NAME NOT FOUND","Desired Access: Maximum Allowed"
996. "19:17:55.6541315","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder","NAME NOT FOUND","Desired Access: Maximum Allowed"
997. "19:17:55.6542846","logger.exe","3388","RegQueryValue","HKCR\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\WantsParseDisplayName","NAME NOT FOUND","Length: 144"
998. "19:17:55.6543343","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder","NAME NOT FOUND","Desired Access: Maximum Allowed"
999. "19:17:55.6543921","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder","NAME NOT FOUND","Desired Access: Maximum Allowed"
1000. "19:17:55.6544117","logger.exe","3388","RegQueryValue","HKCR\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\WantsParseDisplayName","NAME NOT FOUND","Length: 144"
1001. "19:17:55.6590486","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder","NAME NOT FOUND","Desired Access: Maximum Allowed"
1002. "19:17:55.6591095","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder","NAME NOT FOUND","Desired Access: Maximum Allowed"
1003. "19:17:55.6619311","logger.exe","3388","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Objects\{871C5380-42A0-1069-A2EA-08002B30309D}","NAME NOT FOUND","Desired Access: Query Value"
1004. "19:17:55.6619788","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\InProcServer32","NAME NOT FOUND","Desired Access: Query Value"
1005. "19:17:55.6620384","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\InProcServer32","NAME NOT FOUND","Desired Access: Maximum Allowed"
1006. "19:17:55.6621020","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\InProcServer32","NAME NOT FOUND","Desired Access: Maximum Allowed"
1007. "19:17:55.6621224","logger.exe","3388","RegQueryValue","HKCR\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\InProcServer32\LoadWithoutCOM","NAME NOT FOUND","Length: 144"
1008. "19:17:55.6621638","logger.exe","3388","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Blocked\{871C5380-42A0-1069-A2EA-08002B30309D}","NAME NOT FOUND","Length: 144"
1009. "19:17:55.6621828","logger.exe","3388","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Blocked\{871C5380-42A0-1069-A2EA-08002B30309D}","NAME NOT FOUND","Length: 144"
1010. "19:17:55.6622102","logger.exe","3388","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{871C5380-42A0-1069-A2EA-08002B30309D} {000214E6-0000-0000-C000-000000000046} 0x401","NAME NOT FOUND","Length: 144"
1011. "19:17:55.6623688","logger.exe","3388","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Objects\{871C5380-42A0-1069-A2EA-08002B30309D}","NAME NOT FOUND","Desired Access: Query Value"
1012. "19:17:55.6624306","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{1F4DE370-D627-11D1-BA4F-00A0C91EEDBA}\ShellFolder","NAME NOT FOUND","Desired Access: Maximum Allowed"
1013. "19:17:55.6624895","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{1f4de370-d627-11d1-ba4f-00a0c91eedba}\ShellFolder","NAME NOT FOUND","Desired Access: Maximum Allowed"
1014. "19:17:55.6625099","logger.exe","3388","RegQueryValue","HKCR\CLSID\{1f4de370-d627-11d1-ba4f-00a0c91eedba}\ShellFolder\WantsParseDisplayName","NAME NOT FOUND","Length: 144"
1015. "19:17:55.6625577","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{450D8FBA-AD25-11D0-98A8-0800361B1103}\ShellFolder","NAME NOT FOUND","Desired Access: Maximum Allowed"
1016. "19:17:55.6626144","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{450D8FBA-AD25-11D0-98A8-0800361B1103}\ShellFolder","NAME NOT FOUND","Desired Access: Maximum Allowed"
1017. "19:17:55.6626342","logger.exe","3388","RegQueryValue","HKCR\CLSID\{450D8FBA-AD25-11D0-98A8-0800361B1103}\ShellFolder\WantsParseDisplayName","NAME NOT FOUND","Length: 144"
1018. "19:17:55.6626828","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\ShellFolder","NAME NOT FOUND","Desired Access: Maximum Allowed"
1019. "19:17:55.6627387","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\ShellFolder","NAME NOT FOUND","Desired Access: Maximum Allowed"
1020. "19:17:55.6627580","logger.exe","3388","RegQueryValue","HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\ShellFolder\WantsParseDisplayName","NAME NOT FOUND","Length: 144"
1021. "19:17:55.6628049","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{E17D4FC0-5564-11D1-83F2-00A0C90DC849}\ShellFolder","NAME NOT FOUND","Desired Access: Maximum Allowed"
1022. "19:17:55.6628600","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{e17d4fc0-5564-11d1-83f2-00a0c90dc849}\ShellFolder","NAME NOT FOUND","Desired Access: Maximum Allowed"
1023. "19:17:55.6628795","logger.exe","3388","RegQueryValue","HKCR\CLSID\{e17d4fc0-5564-11d1-83f2-00a0c90dc849}\ShellFolder\WantsParseDisplayName","NAME NOT FOUND","Length: 144"
1024. "19:17:55.6629767","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{AEB6717E-7E19-11D0-97EE-00C04FD91972}\InProcServer32","NAME NOT FOUND","Desired Access: Query Value"
1025. "19:17:55.6630307","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\InProcServer32","NAME NOT FOUND","Desired Access: Maximum Allowed"
1026. "19:17:55.6630823","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\InProcServer32","NAME NOT FOUND","Desired Access: Maximum Allowed"
1027. "19:17:55.6631013","logger.exe","3388","RegQueryValue","HKCR\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\InProcServer32\LoadWithoutCOM","NAME NOT FOUND","Length: 144"
1028. "19:17:55.6670261","logger.exe","3388","RegEnumValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks","NO MORE ENTRIES","Index: 1, Length: 220"
1029. "19:17:55.6694820","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\cmd.exe","NAME NOT FOUND","Desired Access: Query Value"
1030. "19:17:55.6698064","logger.exe","3388","CreateFile","C:\Documents and Settings\%USER%\%Desktop%\cmd.exe","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
1031. "19:17:55.6765005","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\.exe","NAME NOT FOUND","Desired Access: Query Value"
1032. "19:17:55.6765553","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\.exe","NAME NOT FOUND","Desired Access: Maximum Allowed"
1033. "19:17:55.6766181","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\.ade","NAME NOT FOUND","Desired Access: Query Value"
1034. "19:17:55.6766271","logger.exe","3388","RegOpenKey","HKCR\.ade","NAME NOT FOUND","Desired Access: Query Value"
1035. "19:17:55.6766531","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\.adp","NAME NOT FOUND","Desired Access: Query Value"
1036. "19:17:55.6766612","logger.exe","3388","RegOpenKey","HKCR\.adp","NAME NOT FOUND","Desired Access: Query Value"
1037. "19:17:55.6766860","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\.app","NAME NOT FOUND","Desired Access: Query Value"
1038. "19:17:55.6766941","logger.exe","3388","RegOpenKey","HKCR\.app","NAME NOT FOUND","Desired Access: Query Value"
1039. "19:17:55.6767187","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\.asp","NAME NOT FOUND","Desired Access: Query Value"
1040. "19:17:55.6767634","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\.asp","NAME NOT FOUND","Desired Access: Maximum Allowed"
1041. "19:17:55.6768193","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\.bas","NAME NOT FOUND","Desired Access: Query Value"
1042. "19:17:55.6768277","logger.exe","3388","RegOpenKey","HKCR\.bas","NAME NOT FOUND","Desired Access: Query Value"
1043. "19:17:55.6768528","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\.bat","NAME NOT FOUND","Desired Access: Query Value"
1044. "19:17:55.6768967","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\.bat","NAME NOT FOUND","Desired Access: Maximum Allowed"
1045. "19:17:55.6769506","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\.cer","NAME NOT FOUND","Desired Access: Query Value"
1046. "19:17:55.6769944","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\.cer","NAME NOT FOUND","Desired Access: Maximum Allowed"
1047. "19:17:55.6770503","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\.chm","NAME NOT FOUND","Desired Access: Query Value"
1048. "19:17:55.6770936","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\.chm","NAME NOT FOUND","Desired Access: Maximum Allowed"
1049. "19:17:55.6771478","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\.cmd","NAME NOT FOUND","Desired Access: Query Value"
1050. "19:17:55.6771908","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\.cmd","NAME NOT FOUND","Desired Access: Maximum Allowed"
1051. "19:17:55.6772453","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\.com","NAME NOT FOUND","Desired Access: Query Value"
1052. "19:17:55.6772881","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\.com","NAME NOT FOUND","Desired Access: Maximum Allowed"
1053. "19:17:55.6773414","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\.cpl","NAME NOT FOUND","Desired Access: Query Value"
1054. "19:17:55.6773858","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\.cpl","NAME NOT FOUND","Desired Access: Maximum Allowed"
1055. "19:17:55.6807737","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\.crt","NAME NOT FOUND","Desired Access: Query Value"
1056. "19:17:55.6808215","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\.crt","NAME NOT FOUND","Desired Access: Maximum Allowed"
1057. "19:17:55.6823708","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\.csh","NAME NOT FOUND","Desired Access: Query Value"
1058. "19:17:55.6823806","logger.exe","3388","RegOpenKey","HKCR\.csh","NAME NOT FOUND","Desired Access: Query Value"
1059. "19:17:55.6824387","logger.exe","3388","RegOpenKey","HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\","NAME NOT FOUND","Desired Access: Read"
1060. "19:17:55.6824571","logger.exe","3388","RegOpenKey","HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\","NAME NOT FOUND","Desired Access: Read"
1061. "19:17:55.6826482","logger.exe","3388","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Objects\{20D04FE0-3AEA-1069-A2D8-08002B30309D}","NAME NOT FOUND","Desired Access: Query Value"
1062. "19:17:55.6827063","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32","NAME NOT FOUND","Desired Access: Query Value"
1063. "19:17:55.6827670","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32","NAME NOT FOUND","Desired Access: Maximum Allowed"
1064. "19:17:55.6862671","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\Drive\shellex\FolderExtensions","NAME NOT FOUND","Desired Access: Enumerate Sub Keys"
1065. "19:17:55.6863264","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\Drive\shellex\FolderExtensions","NAME NOT FOUND","Desired Access: Maximum Allowed"
1066. "19:17:55.6863722","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\Drive\shellex\FolderExtensions\{fbeb8a05-beee-4442-804e-409d6c4515e9}","NAME NOT FOUND","Desired Access: Query Value"
1067. "19:17:55.6864289","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\Drive\shellex\FolderExtensions\{fbeb8a05-beee-4442-804e-409d6c4515e9}","NAME NOT FOUND","Desired Access: Maximum Allowed"
1068. "19:17:55.6864848","logger.exe","3388","RegEnumKey","HKCR\Drive\shellex\FolderExtensions","NO MORE ENTRIES","Index: 1, Length: 288"
1069. "19:17:55.7167816","logger.exe","3388","RegOpenKey","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.exe","NAME NOT FOUND","Desired Access: Maximum Allowed"
1070. "19:17:55.7168029","logger.exe","3388","RegOpenKey","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.exe","NAME NOT FOUND","Desired Access: Maximum Allowed"
1071. "19:17:55.7168369","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\.exe","NAME NOT FOUND","Desired Access: Maximum Allowed"
1072. "19:17:55.7169001","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\.exe","NAME NOT FOUND","Desired Access: Maximum Allowed"
1073. "19:17:55.7169445","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\exefile","NAME NOT FOUND","Desired Access: Maximum Allowed"
1074. "19:17:55.7169962","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\exefile\CurVer","NAME NOT FOUND","Desired Access: Query Value"
1075. "19:17:55.7170127","logger.exe","3388","RegOpenKey","HKCR\exefile\CurVer","NAME NOT FOUND","Desired Access: Query Value"
1076. "19:17:55.7170431","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\exefile","NAME NOT FOUND","Desired Access: Maximum Allowed"
1077. "19:17:55.7200508","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\exefile\shell","NAME NOT FOUND","Desired Access: Maximum Allowed"
1078. "19:17:55.7201077","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\exefile\shell","NAME NOT FOUND","Desired Access: Maximum Allowed"
1079. "19:17:55.7201242","logger.exe","3388","RegQueryValue","HKCR\exefile\shell\(Default)","NAME NOT FOUND","Length: 144"
1080. "19:17:55.7201538","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\exefile\shell\open","NAME NOT FOUND","Desired Access: Maximum Allowed"
1081. "19:17:55.7202323","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\exefile\shell\open\command","NAME NOT FOUND","Desired Access: Query Value"
1082. "19:17:55.7202871","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\exefile\shell\open\command","NAME NOT FOUND","Desired Access: Maximum Allowed"
1083. "19:17:55.7203589","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\exefile\shell\open\command","NAME NOT FOUND","Desired Access: Query Value"
1084. "19:17:55.7204111","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\exefile\shell\open\command","NAME NOT FOUND","Desired Access: Maximum Allowed"
1085. "19:17:55.7204279","logger.exe","3388","RegQueryValue","HKCR\exefile\shell\open\command\command","NAME NOT FOUND","Length: 144"
1086. "19:17:55.7204687","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\cmd.exe","NAME NOT FOUND","Desired Access: Query Value"
1087. "19:17:55.7205053","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\exefile\shell\open\command","NAME NOT FOUND","Desired Access: Query Value"
1088. "19:17:55.7205572","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\exefile\shell\open\command","NAME NOT FOUND","Desired Access: Maximum Allowed"
1089. "19:17:55.7206251","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\exefile\shell\open\ddeexec","NAME NOT FOUND","Desired Access: Query Value"
1090. "19:17:55.7206419","logger.exe","3388","RegOpenKey","HKCR\exefile\shell\open\ddeexec","NAME NOT FOUND","Desired Access: Query Value"
1091. "19:17:55.7206802","logger.exe","3388","RegOpenKey","HKCU\Software\Classes\Applications\cmd.exe","NAME NOT FOUND","Desired Access: Maximum Allowed"
1092. "19:17:55.7206905","logger.exe","3388","RegOpenKey","HKCR\Applications\cmd.exe","NAME NOT FOUND","Desired Access: Maximum Allowed"
1093. "19:17:55.7846210","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\cmd.exe","NAME NOT FOUND","Desired Access: Query Value"
1094. "19:17:55.7846606","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\cmd.exe","NAME NOT FOUND","Desired Access: Query Value"
1095. "19:17:55.7846735","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\cmd.exe","NAME NOT FOUND","Desired Access: Query Value"
1096. "19:17:55.7846964","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\cmd.exe","NAME NOT FOUND","Desired Access: Query Value"
1097. "19:17:55.9379516","logger.exe","3388","CreateFile","C:\WINDOWS\AppPatch\systest.sdb","NAME NOT FOUND","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, AllocationSize: n/a"
1098. "19:17:55.9379866","logger.exe","3388","RegOpenKey","HKLM\System\WPA\TabletPC","NAME NOT FOUND","Desired Access: Query Value, WOW64_64Key"
1099. "19:17:56.0183046","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers","NAME NOT FOUND","Desired Access: Read, WOW64_64Key"
1100. "19:17:56.0183367","logger.exe","3388","RegOpenKey","HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers","NAME NOT FOUND","Desired Access: Read, WOW64_64Key"
1101. "19:17:56.0183565","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom\cmd.exe","NAME NOT FOUND","Desired Access: Read, WOW64_64Key"
1102. "19:17:56.1544727","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags","NAME NOT FOUND","Desired Access: Read, WOW64_64Key"
1103. "19:17:56.1545079","logger.exe","3388","RegOpenKey","HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags","NAME NOT FOUND","Desired Access: Read, WOW64_64Key"
1104. "19:17:56.2938636","logger.exe","3388","RegOpenKey","HKLM\System\CurrentControlSet\Control\SafeBoot\Option","NAME NOT FOUND","Desired Access: Query Value, Set Value"
1105. "19:17:56.6822809","logger.exe","3388","RegOpenKey","HKCU\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers","NAME NOT FOUND","Desired Access: Maximum Allowed"
1106. "19:17:56.7483150","logger.exe","3388","RegQueryValue","HKLM\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\LogFileName","NAME NOT FOUND","Length: 536"
1107. "19:17:56.7483988","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmd.exe","NAME NOT FOUND","Desired Access: Read"
1108. "19:17:56.7487393","logger.exe","3388","CreateFile","C:\WINDOWS\system32\cmd.exe.Manifest","NAME NOT FOUND","Desired Access: Generic Read/Execute, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, AllocationSize: n/a"
1109. "19:17:57.3739135","logger.exe","3388","RegEnumValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink","BUFFER OVERFLOW","Index: 4, Length: 220"
1110. "19:17:57.3739531","logger.exe","3388","RegEnumValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink","NO MORE ENTRIES","Index: 5, Length: 220"
1111. "19:17:57.3752921","logger.exe","3388","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback","NAME NOT FOUND","Desired Access: Query Value, Enumerate Sub Keys"
1112. "19:17:59.0733850","logger.exe","3388","RegOpenKey","HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers","NAME NOT FOUND","Desired Access: Read"
1113. "19:17:59.5074089","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msctfime.ime","NAME NOT FOUND","Desired Access: Read"
1114. "19:18:00.2432686","logger.exe","3388","RegQueryValue","HKCU\Software\Microsoft\CTF\Disable Thread Input Manager","NAME NOT FOUND","Length: 144"
1115. "19:18:00.2434561","logger.exe","3388","RegOpenKey","HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers","NAME NOT FOUND","Desired Access: Read"
1116. "19:18:01.2583711","logger.exe","3388","CreateFile","C:\Documents and Settings\%USER%\%Desktop%\imjp81k.dll","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
1117. "19:18:01.9137525","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\imjp81k.dll","NAME NOT FOUND","Desired Access: Read"
1118. "19:18:03.5233218","logger.exe","3388","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\imjp81.ime","NAME NOT FOUND","Desired Access: Read"
1119. "19:18:04.3214009","logger.exe","3388","RegQueryValue","HKLM\SYSTEM\Setup\UpgradeInProgress","NAME NOT FOUND","Length: 144"
1120. "19:18:04.3214127","logger.exe","3388","RegQueryValue","HKLM\SYSTEM\Setup\OobeInProgress","NAME NOT FOUND","Length: 144"
1121. "19:18:04.8093339","logger.exe","3388","RegOpenKey","HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers","NAME NOT FOUND","Desired Access: Read"
1122. "19:18:05.6169189","logger.exe","3388","RegQueryValue","HKCU\Software\Microsoft\IMEJP\8.1\MSIME\ForwardException","NAME NOT FOUND","Length: 144"
1123. "19:18:07.0619389","logger.exe","3388","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Run\gens","","Length: 144"
1124. "19:18:07.0762430","logger.exe","3388","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Run\gens","","Length: 144"
1125. "19:18:13.8959726","logger.exe","3388","CreateFile","C:\Documents and Settings\%USER%\Application Data\Microsoft\IMJP8_1\imjp81u.dic","SHARING VIOLATION","Desired Access: Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a"
1126. "19:18:13.8988414","logger.exe","3388","CreateFile","C:\Documents and Settings\%USER%\Application Data\Microsoft\IMJP8_1\imjp81u.dic","SHARING VIOLATION","Desired Access: Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a"
1127. "19:18:14.5918652","logger.exe","3388","ReadFile","C:\WINDOWS\IME\IMJP8_1\Dicts\IMJPST.DIC","","Offset: 2,043,904, Length: 32,768, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O"
1128. "19:18:14.7878018","logger.exe","3388","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Run\gens","","Length: 144"
1129. "19:18:17.0105846","logger.exe","3388","ReadFile","C:\WINDOWS\IME\IMJP8_1\Dicts\IMJPZP.DIC","","Offset: 1,335,296, Length: 32,768, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O"
1130. "19:18:17.1872794","logger.exe","3388","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Run\gens","","Length: 144"
1131. "19:18:18.3817904","logger.exe","3388","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Run\gens","","Length: 144"
1132. "19:18:20.7993673","logger.exe","3388","ReadFile","C:\WINDOWS\IME\IMJP8_1\Dicts\IMJPLN.DIC","","Offset: 184,320, Length: 32,768, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O"
1133. "19:18:20.9211534","logger.exe","3388","ReadFile","C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\32e6f703c114f3a971cbe706586e3655\mscorlib.ni.dll","","Offset: 5,513,216, Length: 32,768, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O"
1134. "19:18:30.4338518","logger.exe","3388","RegOpenKey","HKCU\Software\Policies\Microsoft\Control Panel\Desktop","NAME NOT FOUND","Desired Access: Read"
1135. "19:18:30.4339211","logger.exe","3388","ReadFile","C:\Documents and Settings\%USER%\ntuser.dat","","Offset: 61,440, Length: 4,096, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O"
1136. "19:18:31.5700524","logger.exe","3388","RegQueryValue","HKCU\Control Panel\Desktop\MultiUILanguageId","NAME NOT FOUND","Length: 256"
1137. "19:18:31.9327038","logger.exe","3388","RegOpenKey","HKCU\Software\Policies\Microsoft\Control Panel\Desktop","NAME NOT FOUND","Desired Access: Read"
1138. "19:18:31.9327429","logger.exe","3388","RegQueryValue","HKCU\Control Panel\Desktop\MultiUILanguageId","NAME NOT FOUND","Length: 256"
1139. "19:18:31.9328379","logger.exe","3388","RegOpenKey","HKCU\Software\Policies\Microsoft\Control Panel\Desktop","NAME NOT FOUND","Desired Access: Read"
1140. "19:18:31.9329390","logger.exe","3388","RegQueryValue","HKCU\Control Panel\Desktop\MultiUILanguageId","NAME NOT FOUND","Length: 256"
1141. "19:18:31.9610266","logger.exe","3388","RegOpenKey","HKCU\Software\Policies\Microsoft\Control Panel\Desktop","NAME NOT FOUND","Desired Access: Read"
1142. "19:18:31.9610627","logger.exe","3388","RegQueryValue","HKCU\Control Panel\Desktop\MultiUILanguageId","NAME NOT FOUND","Length: 256"
1143. "19:18:31.9611627","logger.exe","3388","RegOpenKey","HKCU\SOFTWARE\Microsoft\CTF\LangBarAddIn\","NAME NOT FOUND","Desired Access: Read"
1144. "19:18:31.9611822","logger.exe","3388","RegOpenKey","HKLM\SOFTWARE\Microsoft\CTF\LangBarAddIn\","NAME NOT FOUND","Desired Access: Read"
1145. "19:18:35.8656377","logger.exe","3388","RegQueryValue","HKLM\System\CurrentControlSet\Control\Session Manager\SafeProcessSearchMode","NAME NOT FOUND","Length: 16"
1146. "19:18:35.9307236","logger.exe","3388","CreateFile","C:\Documents and Settings\%USER%\%Desktop%\imjp81.ime","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
1147. "19:18:35.9930723","logger.exe","3388","CreateFile","C:\Documents and Settings\%USER%\%Desktop%\imjp81.ime","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
1148. "19:18:48.5455587","logger.exe","3388","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Run\gens","","Length: 144"
1149. "19:18:52.5954723","logger.exe","3388","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Run\gens","","Length: 144"
1150. "19:19:07.5044770","logger.exe","3388","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Run\gens","","Length: 144"
1151. "19:19:09.5526370","logger.exe","3388","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Run\gens","","Length: 144"
1152. "19:19:11.5668749","logger.exe","3388","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Run\gens","","Length: 144"
1153. "19:19:16.8995479","logger.exe","3388","ReadFile","C:\WINDOWS\MICROSOFT.NET\FRAMEWO%USER%\V2.0.50727\MSCORWKS.DLL","","Offset: 66,560, Length: 4,096, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O"
1154. "19:19:16.9760802","logger.exe","3388","ReadFile","C:\WINDOWS\MICROSOFT.NET\FRAMEWO%USER%\V2.0.50727\MSCORWKS.DLL","","Offset: 1,651,712, Length: 32,768, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O"
1155. "19:20:14.3599284","logger.exe","3388","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Run\gens","","Length: 144"
1156. "19:20:14.3733843","logger.exe","3388","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Run\gens","","Length: 144"
1157. "19:20:23.9469804","logger.exe","3388","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Run\gens","","Length: 144"
1158. "19:20:26.2925822","logger.exe","3388","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Run\gens","","Length: 144"
1159. "19:20:26.3183011","logger.exe","3388","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Run\gens","","Length: 144"
1160. "19:20:31.1457563","logger.exe","3388","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Run\gens","","Length: 144"
1161. "19:20:32.1679144","logger.exe","3388","RegCloseKey","HKCU\Software\Microsoft\Windows\CurrentVersion\Run","",""
1162. "19:20:54.8540343","logger.exe","3388","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Run\gens","","Length: 144"
1163. "19:20:55.1393862","logger.exe","3388","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Run\gens","","Length: 144"