API tools faq
paste
Guest User

Untitled

a guest
Aug 29th, 2022
43
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 420.35 KB | None | 0 0
raw download clone embed print report
  1. "Time of Day","Process Name","PID","Operation","Path","Result","Detail"
  2. "8:44:09.1298896 AM","QuickAssist.exe","7064","Process Start","","SUCCESS","Parent PID: 7512, Command line: ""C:\Program Files\WindowsApps\MicrosoftCorporationII.QuickAssist_2.0.8.0_x64__8wekyb3d8bbwe\QuickAssist.exe"" , Current directory: C:\Program Files\WindowsApps\MicrosoftCorporationII.QuickAssist_2.0.8.0_x64__8wekyb3d8bbwe\, Environment:
  3. ; =::=::\
  4. ; ALLUSERSPROFILE=C:\ProgramData
  5. ; APPDATA=C:\Users\Admin\AppData\Roaming
  6. ; CLIENTNAME=LAPTOP
  7. ; CommonProgramFiles=C:\Program Files\Common Files
  8. ; CommonProgramFiles(x86)=C:\Program Files (x86)\Common Files
  9. ; CommonProgramW6432=C:\Program Files\Common Files
  10. ; COMPUTERNAME=WIN-10BLPX6N58W
  11. ; ComSpec=C:\WINDOWS\system32\cmd.exe
  12. ; DriverData=C:\Windows\System32\Drivers\DriverData
  13. ; GALLIUM_DRIVER=llvmpipe
  14. ; HOMEDRIVE=C:
  15. ; HOMEPATH=\Users\Admin
  16. ; LIBGL_ALWAYS_SOFTWARE=true
  17. ; LOCALAPPDATA=C:\Users\Admin\AppData\Local
  18. ; LOGONSERVER=\\WIN-10BLPX6N58W
  19. ; MESA_GLSL_VERSION_OVERRIDE=460
  20. ; MESA_GL_VERSION_OVERRIDE=4.6COMPAT
  21. ; NUMBER_OF_PROCESSORS=16
  22. ; OneDrive=C:\Users\Admin\OneDrive
  23. ; OS=Windows_NT
  24. ; Path=C:\Program Files\Python 3.6.3\Scripts\;C:\Program Files\Python 3.6.3\;C:\Program Files (x86)\Common Files\Intel\OpenCL\windows\compiler\lib\intel64_win;C:\Program Files (x86)\Common Files\Intel\OpenCL\windows\compiler\lib\ia32_win;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\WINDOWS\System32\OpenSSH\;C:\Program Files\Process Lasso\;C:\Program Files\Prio;C:\Program Files (x86)\dotnet\;C:\Program Files\dotnet\;C:\Program Files\mtools\mabs\;c:\Program Files (x86)\Acustica\Framework\;c:\Program Files\Acustica\Framework\;C:\Program Files (x86)\PowerShell\7\;C:\Program Files\PowerShell\7\;C:\Users\Admin\AppData\Local\Microsoft\WindowsApps;C:\Program Files\mtools\mabs;
  25. ; PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC;.PY;.PYW
  26. ; POWERSHELL_DISTRIBUTION_CHANNEL=MSI:Windows 10 Enterprise
  27. ; PROCESSOR_ARCHITECTURE=AMD64
  28. ; PROCESSOR_IDENTIFIER=Intel64 Family 6 Model 158 Stepping 13, GenuineIntel
  29. ; PROCESSOR_LEVEL=6
  30. ; PROCESSOR_REVISION=9e0d
  31. ; ProgramData=C:\ProgramData
  32. ; ProgramFiles=C:\Program Files
  33. ; ProgramFiles(x86)=C:\Program Files (x86)
  34. ; ProgramW6432=C:\Program Files
  35. ; PSModulePath=C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\
  36. ; PUBLIC=C:\Users\Public
  37. ; RG_GPU_FRAMEWORK_ENGINE_RESOURCEDIR=C:\Program Files\Red Giant\RGFX
  38. ; SESSIONNAME=RDP-Tcp#28
  39. ; SystemDrive=C:
  40. ; SystemRoot=C:\WINDOWS
  41. ; TEMP=C:\Users\Admin\AppData\Local\Temp
  42. ; TMP=C:\Users\Admin\AppData\Local\Temp
  43. ; USERDOMAIN=WIN-10BLPX6N58W
  44. ; USERDOMAIN_ROAMINGPROFILE=WIN-10BLPX6N58W
  45. ; USERNAME=Admin
  46. ; USERPROFILE=C:\Users\Admin
  47. ; VEAI_MODEL_DIR=C:\ProgramData\Topaz Labs LLC\Topaz Video AI BETA\models
  48. ; windir=C:\WINDOWS"
  49. "8:44:09.1298989 AM","QuickAssist.exe","7064","Thread Create","","SUCCESS","Thread ID: 6724"
  50. "8:44:09.1467917 AM","QuickAssist.exe","7064","Load Image","C:\Program Files\WindowsApps\MicrosoftCorporationII.QuickAssist_2.0.8.0_x64__8wekyb3d8bbwe\QuickAssist.exe","SUCCESS","Image Base: 0x7ff69ea10000, Image Size: 0x103000"
  51. "8:44:09.1468369 AM","QuickAssist.exe","7064","Load Image","C:\Windows\System32\ntdll.dll","SUCCESS","Image Base: 0x7ffe694b0000, Image Size: 0x1f6000"
  52. "8:44:09.1469548 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\System\CurrentControlSet\Control\Session Manager","REPARSE","Desired Access: Query Value"
  53. "8:44:09.1469670 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\System\CurrentControlSet\Control\Session Manager","SUCCESS","Desired Access: Query Value"
  54. "8:44:09.1469780 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\System\CurrentControlSet\Control\Session Manager\RaiseExceptionOnPossibleDeadlock","NAME NOT FOUND","Length: 80"
  55. "8:44:09.1469879 AM","QuickAssist.exe","7064","RegCloseKey","HKLM\System\CurrentControlSet\Control\Session Manager","SUCCESS",""
  56. "8:44:09.1469978 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Segment Heap","REPARSE","Desired Access: Query Value"
  57. "8:44:09.1470061 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\System\CurrentControlSet\Control\Session Manager\Segment Heap","NAME NOT FOUND","Desired Access: Query Value"
  58. "8:44:09.1470387 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Control\Session Manager","REPARSE","Desired Access: Query Value, Enumerate Sub Keys"
  59. "8:44:09.1470502 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\System\CurrentControlSet\Control\Session Manager","SUCCESS","Desired Access: Query Value, Enumerate Sub Keys"
  60. "8:44:09.1470582 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\System\CurrentControlSet\Control\Session Manager\ResourcePolicies","NAME NOT FOUND","Length: 24"
  61. "8:44:09.1470789 AM","QuickAssist.exe","7064","RegCloseKey","HKLM\System\CurrentControlSet\Control\Session Manager","SUCCESS",""
  62. "8:44:09.1472911 AM","QuickAssist.exe","7064","CreateFile","C:\Program Files\WindowsApps\MicrosoftCorporationII.QuickAssist_2.0.8.0_x64__8wekyb3d8bbwe","SUCCESS","Desired Access: Execute/Traverse, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
  63. "8:44:09.1473915 AM","QuickAssist.exe","7064","Load Image","C:\Windows\System32\kernel32.dll","SUCCESS","Image Base: 0x7ffe68cb0000, Image Size: 0xbd000"
  64. "8:44:09.1475104 AM","QuickAssist.exe","7064","Load Image","C:\Windows\System32\KernelBase.dll","SUCCESS","Image Base: 0x7ffe66e20000, Image Size: 0x2c8000"
  65. "8:44:09.1480135 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\3c74afb9-8d82-44e3-b52c-365dbf48382a","NAME NOT FOUND","Length: 528"
  66. "8:44:09.1481212 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\05f95efe-7f75-49c7-a994-60a55cc09571","NAME NOT FOUND","Length: 528"
  67. "8:44:09.1481849 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\e36c4458-ed80-4ad7-a8be-52dda1eb5f1c","NAME NOT FOUND","Length: 528"
  68. "8:44:09.1483188 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\System\CurrentControlSet\Control\SafeBoot\Option","REPARSE","Desired Access: Query Value, Set Value"
  69. "8:44:09.1483281 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\System\CurrentControlSet\Control\SafeBoot\Option","NAME NOT FOUND","Desired Access: Query Value, Set Value"
  70. "8:44:09.1483374 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\System\CurrentControlSet\Control\Srp\GP\DLL","REPARSE","Desired Access: Read"
  71. "8:44:09.1483436 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\System\CurrentControlSet\Control\Srp\GP\DLL","NAME NOT FOUND","Desired Access: Read"
  72. "8:44:09.1483519 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers","SUCCESS","Desired Access: Query Value"
  73. "8:44:09.1483623 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\SOFTWARE\Policies\Microsoft\Windows\safer\CodeIdentifiers\TransparentEnabled","NAME NOT FOUND","Length: 80"
  74. "8:44:09.1483712 AM","QuickAssist.exe","7064","RegCloseKey","HKLM\SOFTWARE\Policies\Microsoft\Windows\safer\CodeIdentifiers","SUCCESS",""
  75. "8:44:09.1483810 AM","QuickAssist.exe","7064","RegOpenKey","HKCU\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers","NAME NOT FOUND","Desired Access: Query Value"
  76. "8:44:09.1484276 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\System\CurrentControlSet\Control\FileSystem\","REPARSE","Desired Access: Read"
  77. "8:44:09.1484360 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\System\CurrentControlSet\Control\FileSystem","SUCCESS","Desired Access: Read"
  78. "8:44:09.1484444 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\System\CurrentControlSet\Control\FileSystem\LongPathsEnabled","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1"
  79. "8:44:09.1484524 AM","QuickAssist.exe","7064","RegCloseKey","HKLM\System\CurrentControlSet\Control\FileSystem","SUCCESS",""
  80. "8:44:09.1484662 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\System\CurrentControlSet\Control\FileSystem\","REPARSE","Desired Access: Read"
  81. "8:44:09.1484733 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\System\CurrentControlSet\Control\FileSystem","SUCCESS","Desired Access: Read"
  82. "8:44:09.1484817 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\System\CurrentControlSet\Control\FileSystem\LPGO","NAME NOT FOUND","Length: 20"
  83. "8:44:09.1484882 AM","QuickAssist.exe","7064","RegCloseKey","HKLM\System\CurrentControlSet\Control\FileSystem","SUCCESS",""
  84. "8:44:09.1485917 AM","QuickAssist.exe","7064","Load Image","C:\Windows\System32\oleaut32.dll","SUCCESS","Image Base: 0x7ffe67ff0000, Image Size: 0xcd000"
  85. "8:44:09.1487125 AM","QuickAssist.exe","7064","Load Image","C:\Windows\System32\msvcp_win.dll","SUCCESS","Image Base: 0x7ffe66c20000, Image Size: 0x9d000"
  86. "8:44:09.1488046 AM","QuickAssist.exe","7064","Load Image","C:\Windows\System32\ucrtbase.dll","SUCCESS","Image Base: 0x7ffe67410000, Image Size: 0x100000"
  87. "8:44:09.1488765 AM","QuickAssist.exe","7064","Thread Create","","SUCCESS","Thread ID: 6180"
  88. "8:44:09.1489374 AM","QuickAssist.exe","7064","Thread Create","","SUCCESS","Thread ID: 9936"
  89. "8:44:09.1489729 AM","QuickAssist.exe","7064","Load Image","C:\Windows\System32\combase.dll","SUCCESS","Image Base: 0x7ffe67c90000, Image Size: 0x355000"
  90. "8:44:09.1491331 AM","QuickAssist.exe","7064","Load Image","C:\Windows\System32\rpcrt4.dll","SUCCESS","Image Base: 0x7ffe68fa0000, Image Size: 0x124000"
  91. "8:44:09.1492866 AM","QuickAssist.exe","7064","Thread Create","","SUCCESS","Thread ID: 6800"
  92. "8:44:09.1493793 AM","QuickAssist.exe","7064","Load Image","C:\Windows\System32\user32.dll","SUCCESS","Image Base: 0x7ffe68d80000, Image Size: 0x1a0000"
  93. "8:44:09.1494865 AM","QuickAssist.exe","7064","Load Image","C:\Windows\System32\win32u.dll","SUCCESS","Image Base: 0x7ffe66bf0000, Image Size: 0x22000"
  94. "8:44:09.1495757 AM","QuickAssist.exe","7064","Load Image","C:\Windows\System32\gdi32.dll","SUCCESS","Image Base: 0x7ffe67510000, Image Size: 0x2a000"
  95. "8:44:09.1496243 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Control\Session Manager","REPARSE","Desired Access: Query Value, Enumerate Sub Keys"
  96. "8:44:09.1496357 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\System\CurrentControlSet\Control\Session Manager","SUCCESS","Desired Access: Query Value, Enumerate Sub Keys"
  97. "8:44:09.1496507 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\System\CurrentControlSet\Control\Session Manager\ResourcePolicies","NAME NOT FOUND","Length: 24"
  98. "8:44:09.1496616 AM","QuickAssist.exe","7064","RegCloseKey","HKLM\System\CurrentControlSet\Control\Session Manager","SUCCESS",""
  99. "8:44:09.1498121 AM","QuickAssist.exe","7064","Load Image","C:\Windows\System32\gdi32full.dll","SUCCESS","Image Base: 0x7ffe670f0000, Image Size: 0x109000"
  100. "8:44:09.1499794 AM","QuickAssist.exe","7064","Load Image","C:\Windows\System32\SHCore.dll","SUCCESS","Image Base: 0x7ffe68660000, Image Size: 0xae000"
  101. "8:44:09.1501246 AM","QuickAssist.exe","7064","Load Image","C:\Windows\System32\msvcrt.dll","SUCCESS","Image Base: 0x7ffe685c0000, Image Size: 0x9e000"
  102. "8:44:09.1502339 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\Software\Microsoft\Windows\CurrentVersion\SideBySide\AssemblyStorageRoots","NAME NOT FOUND","Desired Access: Enumerate Sub Keys"
  103. "8:44:09.1502484 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\System\CurrentControlSet\Control\Notifications\418A073AA3BC8075","BUFFER TOO SMALL","Length: 0"
  104. "8:44:09.1502948 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\System\CurrentControlSet\Control\Notifications\418A073AA3BC8075","SUCCESS","Type: REG_BINARY, Length: 364, Data: 01 00 04 80 00 00 00 00 00 00 00 00 00 00 00 00"
  105. "8:44:09.1503338 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\System\CurrentControlSet\Control\Notifications\418A073AA3BC8075","BUFFER TOO SMALL","Length: 0"
  106. "8:44:09.1503359 AM","QuickAssist.exe","7064","CreateFile","C:\Program Files\WindowsApps\MicrosoftCorporationII.QuickAssist_2.0.8.0_x64__8wekyb3d8bbwe\QuickAssist.exe.Local","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
  107. "8:44:09.1503666 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\System\CurrentControlSet\Control\Notifications\418A073AA3BC8075","SUCCESS","Type: REG_BINARY, Length: 364, Data: 01 00 04 80 00 00 00 00 00 00 00 00 00 00 00 00"
  108. "8:44:09.1503991 AM","QuickAssist.exe","7064","CreateFile","C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.19041.630_none_fae7a41d761b04f0","SUCCESS","Desired Access: Execute/Traverse, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
  109. "8:44:09.1504041 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\System\CurrentControlSet\Control\Session Manager","REPARSE","Desired Access: Query Value"
  110. "8:44:09.1504173 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\System\CurrentControlSet\Control\Session Manager","SUCCESS","Desired Access: Query Value"
  111. "8:44:09.1504265 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\System\CurrentControlSet\Control\Session Manager\SafeDllSearchMode","NAME NOT FOUND","Length: 16"
  112. "8:44:09.1504874 AM","QuickAssist.exe","7064","Load Image","C:\Windows\System32\ole32.dll","SUCCESS","Image Base: 0x7ffe68470000, Image Size: 0x12a000"
  113. "8:44:09.1505228 AM","QuickAssist.exe","7064","CreateFile","C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.19041.630_none_fae7a41d761b04f0\GdiPlus.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
  114. "8:44:09.1505587 AM","QuickAssist.exe","7064","QueryBasicInformationFile","C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.19041.630_none_fae7a41d761b04f0\GdiPlus.dll","SUCCESS","CreationTime: 11/28/2020 11:17:20 PM, LastAccessTime: 8/29/2022 8:42:36 AM, LastWriteTime: 11/28/2020 11:17:22 PM, ChangeTime: 8/28/2022 7:25:12 PM, FileAttributes: A"
  115. "8:44:09.1505721 AM","QuickAssist.exe","7064","CloseFile","C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.19041.630_none_fae7a41d761b04f0\GdiPlus.dll","SUCCESS",""
  116. "8:44:09.1506010 AM","QuickAssist.exe","7064","CreateFile","C:\Program Files\WindowsApps\MicrosoftCorporationII.QuickAssist_2.0.8.0_x64__8wekyb3d8bbwe\urlmon.dll","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
  117. "8:44:09.1506269 AM","QuickAssist.exe","7064","CreateFile","C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.19041.630_none_fae7a41d761b04f0\GdiPlus.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
  118. "8:44:09.1506420 AM","QuickAssist.exe","7064","CreateFile","C:\Program Files\WindowsApps\MicrosoftCorporationII.QuickAssist_2.0.8.0_x64__8wekyb3d8bbwe\UxTheme.dll","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
  119. "8:44:09.1506458 AM","QuickAssist.exe","7064","CreateFileMapping","C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.19041.630_none_fae7a41d761b04f0\GdiPlus.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READWRITE|PAGE_NOCACHE"
  120. "8:44:09.1506647 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Read"
  121. "8:44:09.1506683 AM","QuickAssist.exe","7064","Load Image","C:\Windows\System32\shell32.dll","SUCCESS","Image Base: 0x7ffe67540000, Image Size: 0x741000"
  122. "8:44:09.1506760 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Read"
  123. "8:44:09.1506894 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 20"
  124. "8:44:09.1507021 AM","QuickAssist.exe","7064","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS",""
  125. "8:44:09.1507176 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Query Value"
  126. "8:44:09.1507346 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Query Value"
  127. "8:44:09.1507470 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 80"
  128. "8:44:09.1507585 AM","QuickAssist.exe","7064","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS",""
  129. "8:44:09.1507715 AM","QuickAssist.exe","7064","CreateFileMapping","C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.19041.630_none_fae7a41d761b04f0\GdiPlus.dll","SUCCESS","SyncType: SyncTypeOther"
  130. "8:44:09.1507882 AM","QuickAssist.exe","7064","CreateFile","C:\Windows\System32\urlmon.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
  131. "8:44:09.1508252 AM","QuickAssist.exe","7064","QueryBasicInformationFile","C:\Windows\System32\urlmon.dll","SUCCESS","CreationTime: 11/28/2020 11:17:22 PM, LastAccessTime: 8/29/2022 8:42:37 AM, LastWriteTime: 11/28/2020 11:17:22 PM, ChangeTime: 11/28/2020 11:45:33 PM, FileAttributes: A"
  132. "8:44:09.1508277 AM","QuickAssist.exe","7064","Load Image","C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.19041.630_none_fae7a41d761b04f0\GdiPlus.dll","SUCCESS","Image Base: 0x7ffe4cbc0000, Image Size: 0x1a6000"
  133. "8:44:09.1508334 AM","QuickAssist.exe","7064","CloseFile","C:\Windows\System32\urlmon.dll","SUCCESS",""
  134. "8:44:09.1509418 AM","QuickAssist.exe","7064","CloseFile","C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.19041.630_none_fae7a41d761b04f0\GdiPlus.dll","SUCCESS",""
  135. "8:44:09.1509656 AM","QuickAssist.exe","7064","Load Image","C:\Windows\System32\advapi32.dll","SUCCESS","Image Base: 0x7ffe683c0000, Image Size: 0xac000"
  136. "8:44:09.1509755 AM","QuickAssist.exe","7064","CreateFile","C:\Windows\System32\uxtheme.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
  137. "8:44:09.1509930 AM","QuickAssist.exe","7064","CreateFile","C:\Windows\System32\urlmon.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
  138. "8:44:09.1510272 AM","QuickAssist.exe","7064","QueryBasicInformationFile","C:\Windows\System32\uxtheme.dll","SUCCESS","CreationTime: 11/28/2020 11:17:24 PM, LastAccessTime: 8/29/2022 8:42:36 AM, LastWriteTime: 11/28/2020 11:17:24 PM, ChangeTime: 11/29/2020 12:03:24 AM, FileAttributes: A"
  139. "8:44:09.1510397 AM","QuickAssist.exe","7064","CloseFile","C:\Windows\System32\uxtheme.dll","SUCCESS",""
  140. "8:44:09.1510497 AM","QuickAssist.exe","7064","CreateFileMapping","C:\Windows\System32\urlmon.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READWRITE|PAGE_NOCACHE"
  141. "8:44:09.1510699 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Read"
  142. "8:44:09.1510823 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Read"
  143. "8:44:09.1510957 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 20"
  144. "8:44:09.1511046 AM","QuickAssist.exe","7064","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS",""
  145. "8:44:09.1511137 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Query Value"
  146. "8:44:09.1511172 AM","QuickAssist.exe","7064","Load Image","C:\Windows\System32\sechost.dll","SUCCESS","Image Base: 0x7ffe692f0000, Image Size: 0x9b000"
  147. "8:44:09.1511222 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Query Value"
  148. "8:44:09.1511327 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 80"
  149. "8:44:09.1511436 AM","QuickAssist.exe","7064","CreateFile","C:\Windows\System32\uxtheme.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
  150. "8:44:09.1511486 AM","QuickAssist.exe","7064","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS",""
  151. "8:44:09.1511627 AM","QuickAssist.exe","7064","CreateFileMapping","C:\Windows\System32\urlmon.dll","SUCCESS","SyncType: SyncTypeOther"
  152. "8:44:09.1511898 AM","QuickAssist.exe","7064","CreateFileMapping","C:\Windows\System32\uxtheme.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READWRITE|PAGE_NOCACHE"
  153. "8:44:09.1512323 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Read"
  154. "8:44:09.1512450 AM","QuickAssist.exe","7064","Load Image","C:\Windows\System32\urlmon.dll","SUCCESS","Image Base: 0x7ffe5df40000, Image Size: 0x1ed000"
  155. "8:44:09.1512582 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Read"
  156. "8:44:09.1512734 AM","QuickAssist.exe","7064","Load Image","C:\Windows\System32\crypt32.dll","SUCCESS","Image Base: 0x7ffe66cc0000, Image Size: 0x15d000"
  157. "8:44:09.1512880 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 20"
  158. "8:44:09.1513003 AM","QuickAssist.exe","7064","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS",""
  159. "8:44:09.1513200 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Query Value"
  160. "8:44:09.1513376 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Query Value"
  161. "8:44:09.1513535 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 80"
  162. "8:44:09.1513627 AM","QuickAssist.exe","7064","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS",""
  163. "8:44:09.1513723 AM","QuickAssist.exe","7064","CreateFileMapping","C:\Windows\System32\uxtheme.dll","SUCCESS","SyncType: SyncTypeOther"
  164. "8:44:09.1514198 AM","QuickAssist.exe","7064","CloseFile","C:\Windows\System32\urlmon.dll","SUCCESS",""
  165. "8:44:09.1514350 AM","QuickAssist.exe","7064","CreateFile","C:\Program Files\WindowsApps\MicrosoftCorporationII.QuickAssist_2.0.8.0_x64__8wekyb3d8bbwe\d2d1.dll","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
  166. "8:44:09.1514567 AM","QuickAssist.exe","7064","Load Image","C:\Windows\System32\uxtheme.dll","SUCCESS","Image Base: 0x7ffe64680000, Image Size: 0x9e000"
  167. "8:44:09.1515191 AM","QuickAssist.exe","7064","CreateFile","C:\Program Files\WindowsApps\MicrosoftCorporationII.QuickAssist_2.0.8.0_x64__8wekyb3d8bbwe\d3d11.dll","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
  168. "8:44:09.1515626 AM","QuickAssist.exe","7064","CloseFile","C:\Windows\System32\uxtheme.dll","SUCCESS",""
  169. "8:44:09.1516273 AM","QuickAssist.exe","7064","CreateFile","C:\Windows\System32\d2d1.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
  170. "8:44:09.1516700 AM","QuickAssist.exe","7064","QueryBasicInformationFile","C:\Windows\System32\d2d1.dll","SUCCESS","CreationTime: 11/28/2020 11:17:00 PM, LastAccessTime: 8/29/2022 8:42:37 AM, LastWriteTime: 11/28/2020 11:17:00 PM, ChangeTime: 12/1/2020 9:50:36 PM, FileAttributes: A"
  171. "8:44:09.1516753 AM","QuickAssist.exe","7064","CreateFile","C:\Program Files\WindowsApps\MicrosoftCorporationII.QuickAssist_2.0.8.0_x64__8wekyb3d8bbwe\iertutil.dll","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
  172. "8:44:09.1516801 AM","QuickAssist.exe","7064","CloseFile","C:\Windows\System32\d2d1.dll","SUCCESS",""
  173. "8:44:09.1518790 AM","QuickAssist.exe","7064","CreateFile","C:\Program Files\WindowsApps\MicrosoftCorporationII.QuickAssist_2.0.8.0_x64__8wekyb3d8bbwe\MDMRegistration.DLL","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
  174. "8:44:09.1518909 AM","QuickAssist.exe","7064","CreateFile","C:\Windows\System32\d3d11.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
  175. "8:44:09.1519316 AM","QuickAssist.exe","7064","CreateFile","C:\Windows\System32\d2d1.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
  176. "8:44:09.1519374 AM","QuickAssist.exe","7064","QueryBasicInformationFile","C:\Windows\System32\d3d11.dll","SUCCESS","CreationTime: 11/28/2020 11:17:00 PM, LastAccessTime: 8/29/2022 8:42:37 AM, LastWriteTime: 11/28/2020 11:17:00 PM, ChangeTime: 12/1/2020 9:50:13 PM, FileAttributes: A"
  177. "8:44:09.1519451 AM","QuickAssist.exe","7064","CloseFile","C:\Windows\System32\d3d11.dll","SUCCESS",""
  178. "8:44:09.1519885 AM","QuickAssist.exe","7064","CreateFileMapping","C:\Windows\System32\d2d1.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READWRITE|PAGE_NOCACHE"
  179. "8:44:09.1520146 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Read"
  180. "8:44:09.1520301 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Read"
  181. "8:44:09.1520435 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 20"
  182. "8:44:09.1520561 AM","QuickAssist.exe","7064","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS",""
  183. "8:44:09.1520704 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Query Value"
  184. "8:44:09.1520829 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Query Value"
  185. "8:44:09.1520950 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 80"
  186. "8:44:09.1521003 AM","QuickAssist.exe","7064","CreateFile","C:\Windows\System32\iertutil.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
  187. "8:44:09.1521068 AM","QuickAssist.exe","7064","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS",""
  188. "8:44:09.1521185 AM","QuickAssist.exe","7064","CreateFileMapping","C:\Windows\System32\d2d1.dll","SUCCESS","SyncType: SyncTypeOther"
  189. "8:44:09.1521231 AM","QuickAssist.exe","7064","CreateFile","C:\Windows\System32\d3d11.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
  190. "8:44:09.1521588 AM","QuickAssist.exe","7064","QueryBasicInformationFile","C:\Windows\System32\iertutil.dll","SUCCESS","CreationTime: 11/28/2020 11:17:22 PM, LastAccessTime: 8/29/2022 8:42:37 AM, LastWriteTime: 11/28/2020 11:17:22 PM, ChangeTime: 11/28/2020 11:45:33 PM, FileAttributes: A"
  191. "8:44:09.1521679 AM","QuickAssist.exe","7064","CloseFile","C:\Windows\System32\iertutil.dll","SUCCESS",""
  192. "8:44:09.1521853 AM","QuickAssist.exe","7064","CreateFileMapping","C:\Windows\System32\d3d11.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READWRITE|PAGE_NOCACHE"
  193. "8:44:09.1522068 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Read"
  194. "8:44:09.1522223 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Read"
  195. "8:44:09.1522345 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 20"
  196. "8:44:09.1522473 AM","QuickAssist.exe","7064","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS",""
  197. "8:44:09.1522590 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Query Value"
  198. "8:44:09.1522624 AM","QuickAssist.exe","7064","Load Image","C:\Windows\System32\d2d1.dll","SUCCESS","Image Base: 0x7ffe621e0000, Image Size: 0x5c0000"
  199. "8:44:09.1522680 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Query Value"
  200. "8:44:09.1522756 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 80"
  201. "8:44:09.1522875 AM","QuickAssist.exe","7064","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS",""
  202. "8:44:09.1522987 AM","QuickAssist.exe","7064","CreateFile","C:\Windows\System32\mdmregistration.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
  203. "8:44:09.1523019 AM","QuickAssist.exe","7064","CreateFileMapping","C:\Windows\System32\d3d11.dll","SUCCESS","SyncType: SyncTypeOther"
  204. "8:44:09.1523287 AM","QuickAssist.exe","7064","CreateFile","C:\Windows\System32\iertutil.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
  205. "8:44:09.1523424 AM","QuickAssist.exe","7064","QueryBasicInformationFile","C:\Windows\System32\mdmregistration.dll","SUCCESS","CreationTime: 11/28/2020 11:17:07 PM, LastAccessTime: 8/29/2022 5:19:33 AM, LastWriteTime: 11/28/2020 11:17:07 PM, ChangeTime: 11/29/2020 12:02:38 AM, FileAttributes: A"
  206. "8:44:09.1523543 AM","QuickAssist.exe","7064","CloseFile","C:\Windows\System32\mdmregistration.dll","SUCCESS",""
  207. "8:44:09.1523639 AM","QuickAssist.exe","7064","CreateFileMapping","C:\Windows\System32\iertutil.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READWRITE|PAGE_NOCACHE"
  208. "8:44:09.1523797 AM","QuickAssist.exe","7064","CloseFile","C:\Windows\System32\d2d1.dll","SUCCESS",""
  209. "8:44:09.1523875 AM","QuickAssist.exe","7064","Load Image","C:\Windows\System32\d3d11.dll","SUCCESS","Image Base: 0x7ffe63c70000, Image Size: 0x264000"
  210. "8:44:09.1524036 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Read"
  211. "8:44:09.1524343 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Read"
  212. "8:44:09.1524573 AM","QuickAssist.exe","7064","CreateFile","C:\Windows\System32\mdmregistration.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
  213. "8:44:09.1524622 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 20"
  214. "8:44:09.1524759 AM","QuickAssist.exe","7064","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS",""
  215. "8:44:09.1524881 AM","QuickAssist.exe","7064","CreateFileMapping","C:\Windows\System32\mdmregistration.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READWRITE|PAGE_NOCACHE"
  216. "8:44:09.1524913 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Query Value"
  217. "8:44:09.1524966 AM","QuickAssist.exe","7064","CloseFile","C:\Windows\System32\d3d11.dll","SUCCESS",""
  218. "8:44:09.1525060 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Query Value"
  219. "8:44:09.1525199 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 80"
  220. "8:44:09.1525322 AM","QuickAssist.exe","7064","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS",""
  221. "8:44:09.1525552 AM","QuickAssist.exe","7064","CreateFileMapping","C:\Windows\System32\iertutil.dll","SUCCESS","SyncType: SyncTypeOther"
  222. "8:44:09.1525725 AM","QuickAssist.exe","7064","CreateFile","C:\Program Files\WindowsApps\MicrosoftCorporationII.QuickAssist_2.0.8.0_x64__8wekyb3d8bbwe\NETAPI32.dll","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
  223. "8:44:09.1525962 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Read"
  224. "8:44:09.1526109 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Read"
  225. "8:44:09.1526221 AM","QuickAssist.exe","7064","CreateFile","C:\Program Files\WindowsApps\MicrosoftCorporationII.QuickAssist_2.0.8.0_x64__8wekyb3d8bbwe\dcomp.dll","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
  226. "8:44:09.1526328 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 20"
  227. "8:44:09.1526432 AM","QuickAssist.exe","7064","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS",""
  228. "8:44:09.1526505 AM","QuickAssist.exe","7064","Load Image","C:\Windows\System32\iertutil.dll","SUCCESS","Image Base: 0x7ffe5e520000, Image Size: 0x2b0000"
  229. "8:44:09.1526532 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Query Value"
  230. "8:44:09.1526617 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Query Value"
  231. "8:44:09.1526756 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 80"
  232. "8:44:09.1526977 AM","QuickAssist.exe","7064","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS",""
  233. "8:44:09.1527163 AM","QuickAssist.exe","7064","CreateFileMapping","C:\Windows\System32\mdmregistration.dll","SUCCESS","SyncType: SyncTypeOther"
  234. "8:44:09.1527629 AM","QuickAssist.exe","7064","CloseFile","C:\Windows\System32\iertutil.dll","SUCCESS",""
  235. "8:44:09.1528317 AM","QuickAssist.exe","7064","CreateFile","C:\Windows\System32\netapi32.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
  236. "8:44:09.1528332 AM","QuickAssist.exe","7064","Load Image","C:\Windows\System32\mdmregistration.dll","SUCCESS","Image Base: 0x7ffe4ce90000, Image Size: 0x56000"
  237. "8:44:09.1528571 AM","QuickAssist.exe","7064","CreateFile","C:\Program Files\WindowsApps\MicrosoftCorporationII.QuickAssist_2.0.8.0_x64__8wekyb3d8bbwe\SAS.dll","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
  238. "8:44:09.1528749 AM","QuickAssist.exe","7064","QueryBasicInformationFile","C:\Windows\System32\netapi32.dll","SUCCESS","CreationTime: 11/28/2020 11:17:07 PM, LastAccessTime: 8/29/2022 8:42:37 AM, LastWriteTime: 11/28/2020 11:17:07 PM, ChangeTime: 11/29/2020 12:18:48 AM, FileAttributes: A"
  239. "8:44:09.1528886 AM","QuickAssist.exe","7064","CloseFile","C:\Windows\System32\netapi32.dll","SUCCESS",""
  240. "8:44:09.1529122 AM","QuickAssist.exe","7064","CreateFile","C:\Windows\System32\dcomp.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
  241. "8:44:09.1529386 AM","QuickAssist.exe","7064","CloseFile","C:\Windows\System32\mdmregistration.dll","SUCCESS",""
  242. "8:44:09.1529567 AM","QuickAssist.exe","7064","QueryBasicInformationFile","C:\Windows\System32\dcomp.dll","SUCCESS","CreationTime: 11/28/2020 11:17:15 PM, LastAccessTime: 8/29/2022 8:42:31 AM, LastWriteTime: 11/28/2020 11:17:15 PM, ChangeTime: 12/1/2020 9:50:13 PM, FileAttributes: A"
  243. "8:44:09.1529657 AM","QuickAssist.exe","7064","CloseFile","C:\Windows\System32\dcomp.dll","SUCCESS",""
  244. "8:44:09.1531285 AM","QuickAssist.exe","7064","CreateFile","C:\Windows\System32\netapi32.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
  245. "8:44:09.1531587 AM","QuickAssist.exe","7064","CreateFile","C:\Windows\System32\sas.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
  246. "8:44:09.1531893 AM","QuickAssist.exe","7064","CreateFile","C:\Windows\System32\dcomp.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
  247. "8:44:09.1531952 AM","QuickAssist.exe","7064","QueryBasicInformationFile","C:\Windows\System32\sas.dll","SUCCESS","CreationTime: 12/7/2019 5:08:16 AM, LastAccessTime: 8/29/2022 5:19:33 AM, LastWriteTime: 12/7/2019 5:08:16 AM, ChangeTime: 11/28/2020 11:18:46 PM, FileAttributes: A"
  248. "8:44:09.1531973 AM","QuickAssist.exe","7064","CreateFileMapping","C:\Windows\System32\netapi32.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READWRITE|PAGE_NOCACHE"
  249. "8:44:09.1532044 AM","QuickAssist.exe","7064","CloseFile","C:\Windows\System32\sas.dll","SUCCESS",""
  250. "8:44:09.1532148 AM","QuickAssist.exe","7064","CreateFile","C:\Program Files\WindowsApps\MicrosoftCorporationII.QuickAssist_2.0.8.0_x64__8wekyb3d8bbwe\dxgi.dll","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
  251. "8:44:09.1532249 AM","QuickAssist.exe","7064","CreateFileMapping","C:\Windows\System32\dcomp.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READWRITE|PAGE_NOCACHE"
  252. "8:44:09.1532268 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Read"
  253. "8:44:09.1532381 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Read"
  254. "8:44:09.1532440 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Read"
  255. "8:44:09.1532479 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 20"
  256. "8:44:09.1532559 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Read"
  257. "8:44:09.1532576 AM","QuickAssist.exe","7064","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS",""
  258. "8:44:09.1532668 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 20"
  259. "8:44:09.1532683 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Query Value"
  260. "8:44:09.1532807 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Query Value"
  261. "8:44:09.1532904 AM","QuickAssist.exe","7064","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS",""
  262. "8:44:09.1532921 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 80"
  263. "8:44:09.1533035 AM","QuickAssist.exe","7064","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS",""
  264. "8:44:09.1533094 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Query Value"
  265. "8:44:09.1533226 AM","QuickAssist.exe","7064","CreateFileMapping","C:\Windows\System32\netapi32.dll","SUCCESS","SyncType: SyncTypeOther"
  266. "8:44:09.1533244 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Query Value"
  267. "8:44:09.1533341 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 80"
  268. "8:44:09.1533586 AM","QuickAssist.exe","7064","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS",""
  269. "8:44:09.1533653 AM","QuickAssist.exe","7064","CreateFileMapping","C:\Windows\System32\dcomp.dll","SUCCESS","SyncType: SyncTypeOther"
  270. "8:44:09.1534113 AM","QuickAssist.exe","7064","CreateFile","C:\Windows\System32\sas.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
  271. "8:44:09.1534388 AM","QuickAssist.exe","7064","Load Image","C:\Windows\System32\dcomp.dll","SUCCESS","Image Base: 0x7ffe627a0000, Image Size: 0x1e5000"
  272. "8:44:09.1534396 AM","QuickAssist.exe","7064","CreateFileMapping","C:\Windows\System32\sas.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READWRITE|PAGE_NOCACHE"
  273. "8:44:09.1534478 AM","QuickAssist.exe","7064","Load Image","C:\Windows\System32\netapi32.dll","SUCCESS","Image Base: 0x7ffe5a1a0000, Image Size: 0x18000"
  274. "8:44:09.1534924 AM","QuickAssist.exe","7064","CreateFile","C:\Windows\System32\dxgi.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
  275. "8:44:09.1534991 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Read"
  276. "8:44:09.1535217 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Read"
  277. "8:44:09.1535359 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 20"
  278. "8:44:09.1535402 AM","QuickAssist.exe","7064","QueryBasicInformationFile","C:\Windows\System32\dxgi.dll","SUCCESS","CreationTime: 11/28/2020 11:17:00 PM, LastAccessTime: 8/29/2022 8:42:37 AM, LastWriteTime: 11/28/2020 11:17:00 PM, ChangeTime: 11/29/2020 12:02:39 AM, FileAttributes: A"
  279. "8:44:09.1535436 AM","QuickAssist.exe","7064","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS",""
  280. "8:44:09.1535502 AM","QuickAssist.exe","7064","CloseFile","C:\Windows\System32\dxgi.dll","SUCCESS",""
  281. "8:44:09.1535519 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Query Value"
  282. "8:44:09.1535604 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Query Value"
  283. "8:44:09.1535642 AM","QuickAssist.exe","7064","CloseFile","C:\Windows\System32\netapi32.dll","SUCCESS",""
  284. "8:44:09.1535663 AM","QuickAssist.exe","7064","CloseFile","C:\Windows\System32\dcomp.dll","SUCCESS",""
  285. "8:44:09.1535683 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 80"
  286. "8:44:09.1535741 AM","QuickAssist.exe","7064","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS",""
  287. "8:44:09.1535813 AM","QuickAssist.exe","7064","CreateFileMapping","C:\Windows\System32\sas.dll","SUCCESS","SyncType: SyncTypeOther"
  288. "8:44:09.1536193 AM","QuickAssist.exe","7064","CreateFile","C:\Windows\System32\dxgi.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
  289. "8:44:09.1536419 AM","QuickAssist.exe","7064","Load Image","C:\Windows\System32\sas.dll","SUCCESS","Image Base: 0x7ffe56890000, Image Size: 0x9000"
  290. "8:44:09.1536459 AM","QuickAssist.exe","7064","CreateFileMapping","C:\Windows\System32\dxgi.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READWRITE|PAGE_NOCACHE"
  291. "8:44:09.1536730 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Read"
  292. "8:44:09.1536955 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Read"
  293. "8:44:09.1537071 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 20"
  294. "8:44:09.1537191 AM","QuickAssist.exe","7064","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS",""
  295. "8:44:09.1537319 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Query Value"
  296. "8:44:09.1537380 AM","QuickAssist.exe","7064","CloseFile","C:\Windows\System32\sas.dll","SUCCESS",""
  297. "8:44:09.1537428 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Query Value"
  298. "8:44:09.1537490 AM","QuickAssist.exe","7064","CreateFile","C:\Program Files\WindowsApps\MicrosoftCorporationII.QuickAssist_2.0.8.0_x64__8wekyb3d8bbwe\msvcp110_win.dll","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
  299. "8:44:09.1537531 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 80"
  300. "8:44:09.1537635 AM","QuickAssist.exe","7064","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS",""
  301. "8:44:09.1537737 AM","QuickAssist.exe","7064","CreateFileMapping","C:\Windows\System32\dxgi.dll","SUCCESS","SyncType: SyncTypeOther"
  302. "8:44:09.1538944 AM","QuickAssist.exe","7064","Load Image","C:\Windows\System32\dxgi.dll","SUCCESS","Image Base: 0x7ffe65540000, Image Size: 0xf3000"
  303. "8:44:09.1539279 AM","QuickAssist.exe","7064","CreateFile","C:\Windows\System32\kernel.appcore.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
  304. "8:44:09.1539586 AM","QuickAssist.exe","7064","CreateFile","C:\Windows\System32\msvcp110_win.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
  305. "8:44:09.1539618 AM","QuickAssist.exe","7064","QueryBasicInformationFile","C:\Windows\System32\kernel.appcore.dll","SUCCESS","CreationTime: 11/28/2020 11:17:04 PM, LastAccessTime: 8/29/2022 8:43:53 AM, LastWriteTime: 11/28/2020 11:17:04 PM, ChangeTime: 11/28/2020 11:42:30 PM, FileAttributes: A"
  306. "8:44:09.1539757 AM","QuickAssist.exe","7064","CloseFile","C:\Windows\System32\kernel.appcore.dll","SUCCESS",""
  307. "8:44:09.1539797 AM","QuickAssist.exe","7064","QueryBasicInformationFile","C:\Windows\System32\msvcp110_win.dll","SUCCESS","CreationTime: 11/28/2020 11:16:40 PM, LastAccessTime: 8/29/2022 8:42:31 AM, LastWriteTime: 11/28/2020 11:16:40 PM, ChangeTime: 11/28/2020 11:42:31 PM, FileAttributes: A"
  308. "8:44:09.1539869 AM","QuickAssist.exe","7064","CloseFile","C:\Windows\System32\msvcp110_win.dll","SUCCESS",""
  309. "8:44:09.1540063 AM","QuickAssist.exe","7064","CloseFile","C:\Windows\System32\dxgi.dll","SUCCESS",""
  310. "8:44:09.1540618 AM","QuickAssist.exe","7064","CreateFile","C:\Program Files\WindowsApps\MicrosoftCorporationII.QuickAssist_2.0.8.0_x64__8wekyb3d8bbwe\DSREG.DLL","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
  311. "8:44:09.1541188 AM","QuickAssist.exe","7064","CreateFile","C:\Windows\System32\kernel.appcore.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
  312. "8:44:09.1541205 AM","QuickAssist.exe","7064","CreateFile","C:\Windows\System32\msvcp110_win.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
  313. "8:44:09.1541373 AM","QuickAssist.exe","7064","CreateFileMapping","C:\Windows\System32\msvcp110_win.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READWRITE|PAGE_NOCACHE"
  314. "8:44:09.1541432 AM","QuickAssist.exe","7064","CreateFileMapping","C:\Windows\System32\kernel.appcore.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READWRITE|PAGE_NOCACHE"
  315. "8:44:09.1541556 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Read"
  316. "8:44:09.1541652 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Read"
  317. "8:44:09.1541655 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Read"
  318. "8:44:09.1541733 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 20"
  319. "8:44:09.1541761 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Read"
  320. "8:44:09.1541804 AM","QuickAssist.exe","7064","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS",""
  321. "8:44:09.1541876 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 20"
  322. "8:44:09.1542021 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Query Value"
  323. "8:44:09.1542030 AM","QuickAssist.exe","7064","CreateFile","C:\Windows\System32\dsreg.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
  324. "8:44:09.1542043 AM","QuickAssist.exe","7064","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS",""
  325. "8:44:09.1542186 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Query Value"
  326. "8:44:09.1542259 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Query Value"
  327. "8:44:09.1542291 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Query Value"
  328. "8:44:09.1542327 AM","QuickAssist.exe","7064","QueryBasicInformationFile","C:\Windows\System32\dsreg.dll","SUCCESS","CreationTime: 11/28/2020 11:16:44 PM, LastAccessTime: 8/29/2022 8:42:35 AM, LastWriteTime: 11/28/2020 11:16:44 PM, ChangeTime: 11/29/2020 12:18:48 AM, FileAttributes: A"
  329. "8:44:09.1542398 AM","QuickAssist.exe","7064","CloseFile","C:\Windows\System32\dsreg.dll","SUCCESS",""
  330. "8:44:09.1542427 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 80"
  331. "8:44:09.1542435 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 80"
  332. "8:44:09.1542516 AM","QuickAssist.exe","7064","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS",""
  333. "8:44:09.1542537 AM","QuickAssist.exe","7064","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS",""
  334. "8:44:09.1542630 AM","QuickAssist.exe","7064","CreateFileMapping","C:\Windows\System32\msvcp110_win.dll","SUCCESS","SyncType: SyncTypeOther"
  335. "8:44:09.1542647 AM","QuickAssist.exe","7064","CreateFileMapping","C:\Windows\System32\kernel.appcore.dll","SUCCESS","SyncType: SyncTypeOther"
  336. "8:44:09.1543242 AM","QuickAssist.exe","7064","CreateFile","C:\Windows\System32\dsreg.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
  337. "8:44:09.1543464 AM","QuickAssist.exe","7064","CreateFileMapping","C:\Windows\System32\dsreg.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READWRITE|PAGE_NOCACHE"
  338. "8:44:09.1543468 AM","QuickAssist.exe","7064","Load Image","C:\Windows\System32\msvcp110_win.dll","SUCCESS","Image Base: 0x7ffe65d40000, Image Size: 0x8a000"
  339. "8:44:09.1543570 AM","QuickAssist.exe","7064","Load Image","C:\Windows\System32\kernel.appcore.dll","SUCCESS","Image Base: 0x7ffe64b60000, Image Size: 0x12000"
  340. "8:44:09.1543730 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Read"
  341. "8:44:09.1543867 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Read"
  342. "8:44:09.1543992 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 20"
  343. "8:44:09.1544127 AM","QuickAssist.exe","7064","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS",""
  344. "8:44:09.1544206 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Query Value"
  345. "8:44:09.1544216 AM","QuickAssist.exe","7064","CloseFile","C:\Windows\System32\msvcp110_win.dll","SUCCESS",""
  346. "8:44:09.1544277 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Query Value"
  347. "8:44:09.1544342 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 80"
  348. "8:44:09.1544397 AM","QuickAssist.exe","7064","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS",""
  349. "8:44:09.1544517 AM","QuickAssist.exe","7064","CreateFileMapping","C:\Windows\System32\dsreg.dll","SUCCESS","SyncType: SyncTypeOther"
  350. "8:44:09.1544545 AM","QuickAssist.exe","7064","CloseFile","C:\Windows\System32\kernel.appcore.dll","SUCCESS",""
  351. "8:44:09.1545131 AM","QuickAssist.exe","7064","Load Image","C:\Windows\System32\dsreg.dll","SUCCESS","Image Base: 0x7ffe61ae0000, Image Size: 0x132000"
  352. "8:44:09.1545917 AM","QuickAssist.exe","7064","CloseFile","C:\Windows\System32\dsreg.dll","SUCCESS",""
  353. "8:44:09.1546845 AM","QuickAssist.exe","7064","CreateFile","C:\Windows\System32\cryptsp.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
  354. "8:44:09.1547057 AM","QuickAssist.exe","7064","QueryBasicInformationFile","C:\Windows\System32\cryptsp.dll","SUCCESS","CreationTime: 11/28/2020 11:17:17 PM, LastAccessTime: 8/29/2022 8:42:37 AM, LastWriteTime: 11/28/2020 11:17:17 PM, ChangeTime: 11/28/2020 11:45:22 PM, FileAttributes: A"
  355. "8:44:09.1547122 AM","QuickAssist.exe","7064","CloseFile","C:\Windows\System32\cryptsp.dll","SUCCESS",""
  356. "8:44:09.1547795 AM","QuickAssist.exe","7064","CreateFile","C:\Windows\System32\cryptsp.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
  357. "8:44:09.1548064 AM","QuickAssist.exe","7064","CreateFileMapping","C:\Windows\System32\cryptsp.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READWRITE|PAGE_NOCACHE"
  358. "8:44:09.1548324 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Read"
  359. "8:44:09.1548455 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Read"
  360. "8:44:09.1548562 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 20"
  361. "8:44:09.1548662 AM","QuickAssist.exe","7064","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS",""
  362. "8:44:09.1548764 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Query Value"
  363. "8:44:09.1548871 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Query Value"
  364. "8:44:09.1548975 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 80"
  365. "8:44:09.1549070 AM","QuickAssist.exe","7064","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS",""
  366. "8:44:09.1549163 AM","QuickAssist.exe","7064","CreateFileMapping","C:\Windows\System32\cryptsp.dll","SUCCESS","SyncType: SyncTypeOther"
  367. "8:44:09.1549813 AM","QuickAssist.exe","7064","Load Image","C:\Windows\System32\cryptsp.dll","SUCCESS","Image Base: 0x7ffe664e0000, Image Size: 0x18000"
  368. "8:44:09.1550410 AM","QuickAssist.exe","7064","CloseFile","C:\Windows\System32\cryptsp.dll","SUCCESS",""
  369. "8:44:09.1552319 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\Sorting\Versions","REPARSE","Desired Access: Read"
  370. "8:44:09.1552436 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\Sorting\Versions","SUCCESS","Desired Access: Read"
  371. "8:44:09.1552566 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\Sorting\Versions\(Default)","SUCCESS","Type: REG_SZ, Length: 18, Data: 00060305"
  372. "8:44:09.1554293 AM","QuickAssist.exe","7064","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
  373. "8:44:09.1554393 AM","QuickAssist.exe","7064","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
  374. "8:44:09.1554642 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\SOFTWARE\Microsoft\OLE","SUCCESS","Desired Access: Read"
  375. "8:44:09.1554785 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\SOFTWARE\Microsoft\Ole\PageAllocatorUseSystemHeap","NAME NOT FOUND","Length: 20"
  376. "8:44:09.1554942 AM","QuickAssist.exe","7064","RegCloseKey","HKLM\SOFTWARE\Microsoft\Ole","SUCCESS",""
  377. "8:44:09.1555039 AM","QuickAssist.exe","7064","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
  378. "8:44:09.1555159 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\SOFTWARE\Microsoft\OLE","SUCCESS","Desired Access: Read"
  379. "8:44:09.1555283 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\SOFTWARE\Microsoft\Ole\PageAllocatorSystemHeapIsPrivate","NAME NOT FOUND","Length: 20"
  380. "8:44:09.1555397 AM","QuickAssist.exe","7064","RegCloseKey","HKLM\SOFTWARE\Microsoft\Ole","SUCCESS",""
  381. "8:44:09.1555509 AM","QuickAssist.exe","7064","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
  382. "8:44:09.1555613 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\SOFTWARE\Microsoft\OLE","SUCCESS","Desired Access: Read"
  383. "8:44:09.1555726 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\SOFTWARE\Microsoft\Ole\AggressiveMTATesting","NAME NOT FOUND","Length: 16"
  384. "8:44:09.1555833 AM","QuickAssist.exe","7064","RegCloseKey","HKLM\SOFTWARE\Microsoft\Ole","SUCCESS",""
  385. "8:44:09.1556693 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\System\CurrentControlSet\Control\Notifications\418A073AA3BC8075","BUFFER TOO SMALL","Length: 0"
  386. "8:44:09.1557159 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\System\CurrentControlSet\Control\Notifications\418A073AA3BC8075","SUCCESS","Type: REG_BINARY, Length: 364, Data: 01 00 04 80 00 00 00 00 00 00 00 00 00 00 00 00"
  387. "8:44:09.1557754 AM","QuickAssist.exe","7064","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
  388. "8:44:09.1558021 AM","QuickAssist.exe","7064","RegOpenKey","HKLM","SUCCESS","Desired Access: Read"
  389. "8:44:09.1558148 AM","QuickAssist.exe","7064","RegSetInfoKey","HKLM","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
  390. "8:44:09.1558249 AM","QuickAssist.exe","7064","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x100"
  391. "8:44:09.1558358 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\Software\Microsoft\Ole\FeatureDevelopmentProperties","NAME NOT FOUND","Desired Access: Read"
  392. "8:44:09.1558790 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\SOFTWARE\Microsoft\AppModel\Lookaside\Packages","NAME NOT FOUND","Desired Access: Read"
  393. "8:44:09.1559191 AM","QuickAssist.exe","7064","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x100"
  394. "8:44:09.1559287 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\Software\Microsoft\Ole\FeatureDevelopmentProperties","NAME NOT FOUND","Desired Access: Read"
  395. "8:44:09.1559369 AM","QuickAssist.exe","7064","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x100"
  396. "8:44:09.1559426 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\Software\Microsoft\Ole","SUCCESS","Desired Access: Read"
  397. "8:44:09.1559755 AM","QuickAssist.exe","7064","RegOpenKey","HKCU","SUCCESS","Desired Access: Read"
  398. "8:44:09.1559856 AM","QuickAssist.exe","7064","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
  399. "8:44:09.1559915 AM","QuickAssist.exe","7064","RegOpenKey","HKCU\Software\Classes\Local Settings","REPARSE","Desired Access: Read"
  400. "8:44:09.1560135 AM","QuickAssist.exe","7064","RegOpenKey","HKCU\Software\Classes\Local Settings","SUCCESS","Desired Access: Read"
  401. "8:44:09.1560269 AM","QuickAssist.exe","7064","RegSetInfoKey","HKCU\Software\Classes\Local Settings","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
  402. "8:44:09.1560362 AM","QuickAssist.exe","7064","RegCloseKey","HKCU","SUCCESS",""
  403. "8:44:09.1560422 AM","QuickAssist.exe","7064","RegQueryKey","HKCU\Software\Classes\Local Settings","SUCCESS","Query: HandleTags, HandleTags: 0x100"
  404. "8:44:09.1560484 AM","QuickAssist.exe","7064","RegOpenKey","HKCU\Software\Classes\Local Settings\Software\Microsoft\Ole\FeatureDevelopmentProperties","NAME NOT FOUND","Desired Access: Read"
  405. "8:44:09.1560585 AM","QuickAssist.exe","7064","RegQueryKey","HKCU\Software\Classes\Local Settings","SUCCESS","Query: HandleTags, HandleTags: 0x100"
  406. "8:44:09.1560664 AM","QuickAssist.exe","7064","RegOpenKey","HKCU\Software\Classes\Local Settings\Software\Microsoft\Ole\FeatureDevelopmentProperties","NAME NOT FOUND","Desired Access: Read"
  407. "8:44:09.1560725 AM","QuickAssist.exe","7064","RegQueryKey","HKCU\Software\Classes\Local Settings","SUCCESS","Query: HandleTags, HandleTags: 0x100"
  408. "8:44:09.1560773 AM","QuickAssist.exe","7064","RegOpenKey","HKCU\Software\Classes\Local Settings\Software\Microsoft\Ole","NAME NOT FOUND","Desired Access: Read"
  409. "8:44:09.1560833 AM","QuickAssist.exe","7064","RegQueryKey","HKCU\Software\Classes\Local Settings","SUCCESS","Query: HandleTags, HandleTags: 0x100"
  410. "8:44:09.1560887 AM","QuickAssist.exe","7064","RegOpenKey","HKCU\Software\Classes\Local Settings\Software\Microsoft","SUCCESS","Desired Access: Read"
  411. "8:44:09.1561191 AM","QuickAssist.exe","7064","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
  412. "8:44:09.1561274 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\Software\Microsoft\OLE\Tracing","NAME NOT FOUND","Desired Access: Read"
  413. "8:44:09.1561709 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\1aff6089-e863-4d36-bdfd-3581f07440be","NAME NOT FOUND","Length: 528"
  414. "8:44:09.1562168 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\f0558438-f56a-5987-47da-040ca75aef05","NAME NOT FOUND","Length: 528"
  415. "8:44:09.1562841 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\c7e09e2a-c663-5399-af79-2fccd321d19a","NAME NOT FOUND","Length: 528"
  416. "8:44:09.1563182 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\703fcc13-b66f-5868-ddd9-e2db7f381ffb","NAME NOT FOUND","Length: 528"
  417. "8:44:09.1565426 AM","QuickAssist.exe","7064","CreateFile","C:\Windows\System32\imm32.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
  418. "8:44:09.1565639 AM","QuickAssist.exe","7064","QueryBasicInformationFile","C:\Windows\System32\imm32.dll","SUCCESS","CreationTime: 11/28/2020 11:17:20 PM, LastAccessTime: 8/29/2022 8:42:35 AM, LastWriteTime: 11/28/2020 11:17:20 PM, ChangeTime: 11/28/2020 11:38:23 PM, FileAttributes: A"
  419. "8:44:09.1565749 AM","QuickAssist.exe","7064","CloseFile","C:\Windows\System32\imm32.dll","SUCCESS",""
  420. "8:44:09.1566134 AM","QuickAssist.exe","7064","CreateFile","C:\Windows\System32\imm32.dll","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
  421. "8:44:09.1566358 AM","QuickAssist.exe","7064","CreateFileMapping","C:\Windows\System32\imm32.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READWRITE|PAGE_NOCACHE"
  422. "8:44:09.1566432 AM","QuickAssist.exe","7064","QueryStandardInformationFile","C:\Windows\System32\imm32.dll","SUCCESS","AllocationSize: 102,400, EndOfFile: 185,448, NumberOfLinks: 2, DeletePending: False, Directory: False"
  423. "8:44:09.1566564 AM","QuickAssist.exe","7064","CreateFileMapping","C:\Windows\System32\imm32.dll","SUCCESS","SyncType: SyncTypeOther"
  424. "8:44:09.1566916 AM","QuickAssist.exe","7064","CloseFile","C:\Windows\System32\imm32.dll","SUCCESS",""
  425. "8:44:09.1567746 AM","QuickAssist.exe","7064","Load Image","C:\Windows\System32\imm32.dll","SUCCESS","Image Base: 0x7ffe68bf0000, Image Size: 0x30000"
  426. "8:44:09.1568904 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\System\CurrentControlSet\Control\Error Message Instrument\","REPARSE","Desired Access: Read"
  427. "8:44:09.1568999 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\System\CurrentControlSet\Control\Error Message Instrument","NAME NOT FOUND","Desired Access: Read"
  428. "8:44:09.1569288 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QuickAssist.exe","NAME NOT FOUND","Desired Access: Read"
  429. "8:44:09.1569488 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\Software\Policies\Microsoft\Windows\Control Panel\Desktop","NAME NOT FOUND","Desired Access: Read"
  430. "8:44:09.1569618 AM","QuickAssist.exe","7064","RegOpenKey","HKCU\Software\Policies\Microsoft\Windows\Control Panel\Desktop","NAME NOT FOUND","Desired Access: Read"
  431. "8:44:09.1569731 AM","QuickAssist.exe","7064","RegOpenKey","HKCU\Control Panel\Desktop","SUCCESS","Desired Access: Read"
  432. "8:44:09.1569835 AM","QuickAssist.exe","7064","RegQueryValue","HKCU\Control Panel\Desktop\EnablePerProcessSystemDPI","NAME NOT FOUND","Length: 20"
  433. "8:44:09.1569996 AM","QuickAssist.exe","7064","RegCloseKey","HKCU\Control Panel\Desktop","SUCCESS",""
  434. "8:44:09.1570714 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\Compatibility32","SUCCESS","Desired Access: Read"
  435. "8:44:09.1570829 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Compatibility32\QuickAssist","NAME NOT FOUND","Length: 172"
  436. "8:44:09.1570929 AM","QuickAssist.exe","7064","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Compatibility32","SUCCESS",""
  437. "8:44:09.1571015 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\IME Compatibility","NAME NOT FOUND","Desired Access: Read"
  438. "8:44:09.1572598 AM","QuickAssist.exe","7064","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
  439. "8:44:09.1572756 AM","QuickAssist.exe","7064","RegOpenKey","HKCU\Control Panel\Desktop\MuiCached\MachineLanguageConfiguration","NAME NOT FOUND","Desired Access: Read"
  440. "8:44:09.1572881 AM","QuickAssist.exe","7064","RegCloseKey","HKCU","SUCCESS",""
  441. "8:44:09.1573025 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\Software\Policies\Microsoft\MUI\Settings","NAME NOT FOUND","Desired Access: Read"
  442. "8:44:09.1573147 AM","QuickAssist.exe","7064","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
  443. "8:44:09.1573269 AM","QuickAssist.exe","7064","RegOpenKey","HKCU\Software\Policies\Microsoft\Control Panel\Desktop","NAME NOT FOUND","Desired Access: Read"
  444. "8:44:09.1573360 AM","QuickAssist.exe","7064","RegOpenKey","HKCU\Control Panel\Desktop\LanguageConfiguration","SUCCESS","Desired Access: Read"
  445. "8:44:09.1573476 AM","QuickAssist.exe","7064","RegEnumValue","HKCU\Control Panel\Desktop\LanguageConfiguration","NO MORE ENTRIES","Index: 0, Length: 512"
  446. "8:44:09.1573568 AM","QuickAssist.exe","7064","RegCloseKey","HKCU\Control Panel\Desktop\LanguageConfiguration","SUCCESS",""
  447. "8:44:09.1573645 AM","QuickAssist.exe","7064","RegCloseKey","HKCU","SUCCESS",""
  448. "8:44:09.1573936 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\Software\Policies\Microsoft\MUI\Settings","NAME NOT FOUND","Desired Access: Read"
  449. "8:44:09.1574216 AM","QuickAssist.exe","7064","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
  450. "8:44:09.1574451 AM","QuickAssist.exe","7064","RegOpenKey","HKCU\Software\Policies\Microsoft\Control Panel\Desktop","NAME NOT FOUND","Desired Access: Read"
  451. "8:44:09.1574561 AM","QuickAssist.exe","7064","RegOpenKey","HKCU\Control Panel\Desktop","SUCCESS","Desired Access: Read"
  452. "8:44:09.1574707 AM","QuickAssist.exe","7064","RegQueryValue","HKCU\Control Panel\Desktop\PreferredUILanguages","NAME NOT FOUND","Length: 12"
  453. "8:44:09.1574880 AM","QuickAssist.exe","7064","RegCloseKey","HKCU\Control Panel\Desktop","SUCCESS",""
  454. "8:44:09.1575004 AM","QuickAssist.exe","7064","RegCloseKey","HKCU","SUCCESS",""
  455. "8:44:09.1575155 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\Software\Policies\Microsoft\MUI\Settings","NAME NOT FOUND","Desired Access: Read"
  456. "8:44:09.1575376 AM","QuickAssist.exe","7064","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
  457. "8:44:09.1575547 AM","QuickAssist.exe","7064","RegOpenKey","HKCU\Control Panel\Desktop\MuiCached","SUCCESS","Desired Access: Read"
  458. "8:44:09.1575662 AM","QuickAssist.exe","7064","RegQueryValue","HKCU\Control Panel\Desktop\MuiCached\MachinePreferredUILanguages","BUFFER OVERFLOW","Length: 12"
  459. "8:44:09.1575758 AM","QuickAssist.exe","7064","RegQueryValue","HKCU\Control Panel\Desktop\MuiCached\MachinePreferredUILanguages","SUCCESS","Type: REG_MULTI_SZ, Length: 12, Data: en-US"
  460. "8:44:09.1575873 AM","QuickAssist.exe","7064","RegCloseKey","HKCU\Control Panel\Desktop\MuiCached","SUCCESS",""
  461. "8:44:09.1575951 AM","QuickAssist.exe","7064","RegCloseKey","HKCU","SUCCESS",""
  462. "8:44:09.1576323 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\System\CurrentControlSet\Control\StateSeparation\RedirectionMap\Keys","REPARSE","Desired Access: Read"
  463. "8:44:09.1576491 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\System\CurrentControlSet\Control\StateSeparation\RedirectionMap\Keys","NAME NOT FOUND","Desired Access: Read"
  464. "8:44:09.1576606 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\Software\Microsoft\LanguageOverlay\OverlayPackages\en-US","NAME NOT FOUND","Desired Access: Read"
  465. "8:44:09.1577012 AM","QuickAssist.exe","7064","CreateFile","C:\Program Files\WindowsApps\MicrosoftCorporationII.QuickAssist_2.0.8.0_x64__8wekyb3d8bbwe\en-US\QuickAssist.exe.mui","PATH NOT FOUND","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a"
  466. "8:44:09.1577308 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\Software\Microsoft\LanguageOverlay\OverlayPackages\en","NAME NOT FOUND","Desired Access: Read"
  467. "8:44:09.1577597 AM","QuickAssist.exe","7064","CreateFile","C:\Program Files\WindowsApps\MicrosoftCorporationII.QuickAssist_2.0.8.0_x64__8wekyb3d8bbwe\en\QuickAssist.exe.mui","PATH NOT FOUND","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a"
  468. "8:44:09.1578268 AM","QuickAssist.exe","7064","CreateFile","C:\Program Files\WindowsApps\MicrosoftCorporationII.QuickAssist_2.0.8.0_x64__8wekyb3d8bbwe\QuickAssist.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
  469. "8:44:09.1578421 AM","QuickAssist.exe","7064","QueryBasicInformationFile","C:\Program Files\WindowsApps\MicrosoftCorporationII.QuickAssist_2.0.8.0_x64__8wekyb3d8bbwe\QuickAssist.exe","SUCCESS","CreationTime: 8/28/2022 9:00:23 PM, LastAccessTime: 8/29/2022 8:44:09 AM, LastWriteTime: 8/28/2022 9:00:24 PM, ChangeTime: 8/29/2022 8:06:57 AM, FileAttributes: A"
  470. "8:44:09.1578502 AM","QuickAssist.exe","7064","CloseFile","C:\Program Files\WindowsApps\MicrosoftCorporationII.QuickAssist_2.0.8.0_x64__8wekyb3d8bbwe\QuickAssist.exe","SUCCESS",""
  471. "8:44:09.1580140 AM","QuickAssist.exe","7064","CreateFile","C:\Windows\System32\edgegdi.dll","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
  472. "8:44:09.1580917 AM","QuickAssist.exe","7064","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
  473. "8:44:09.1581023 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows","SUCCESS","Desired Access: Read"
  474. "8:44:09.1581146 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\LoadAppInit_DLLs","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1"
  475. "8:44:09.1581433 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\RequireSignedAppInit_DLLs","NAME NOT FOUND","Length: 16"
  476. "8:44:09.1581589 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs","SUCCESS","Type: REG_SZ, Length: 18, Data: prio.dll"
  477. "8:44:09.1582451 AM","QuickAssist.exe","7064","CreateFile","C:\Program Files\WindowsApps\MicrosoftCorporationII.QuickAssist_2.0.8.0_x64__8wekyb3d8bbwe\prio.dll","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
  478. "8:44:09.1583156 AM","QuickAssist.exe","7064","CreateFile","C:\Windows\System32\prio.dll","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
  479. "8:44:09.1583793 AM","QuickAssist.exe","7064","CreateFile","C:\Windows\System\prio.dll","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
  480. "8:44:09.1584523 AM","QuickAssist.exe","7064","CreateFile","C:\Windows\prio.dll","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
  481. "8:44:09.1585132 AM","QuickAssist.exe","7064","CreateFile","C:\Program Files\WindowsApps\MicrosoftCorporationII.QuickAssist_2.0.8.0_x64__8wekyb3d8bbwe\prio.dll","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
  482. "8:44:09.1586160 AM","QuickAssist.exe","7064","CreateFile","C:\Program Files\Python 3.6.3\Scripts\prio.dll","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
  483. "8:44:09.1586977 AM","QuickAssist.exe","7064","CreateFile","C:\Program Files\Python 3.6.3\prio.dll","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
  484. "8:44:09.1587591 AM","QuickAssist.exe","7064","CreateFile","C:\Program Files (x86)\Common Files\Intel\OpenCL\windows\compiler\lib\intel64_win\prio.dll","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
  485. "8:44:09.1588773 AM","QuickAssist.exe","7064","CreateFile","C:\Program Files (x86)\Common Files\Intel\OpenCL\windows\compiler\lib\ia32_win\prio.dll","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
  486. "8:44:09.1589571 AM","QuickAssist.exe","7064","CreateFile","C:\Windows\System32\prio.dll","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
  487. "8:44:09.1590247 AM","QuickAssist.exe","7064","CreateFile","C:\Windows\prio.dll","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
  488. "8:44:09.1590936 AM","QuickAssist.exe","7064","CreateFile","C:\Windows\System32\wbem\prio.dll","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
  489. "8:44:09.1591665 AM","QuickAssist.exe","7064","CreateFile","C:\Windows\System32\WindowsPowerShell\v1.0\prio.dll","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
  490. "8:44:09.1592268 AM","QuickAssist.exe","7064","CreateFile","C:\Windows\System32\OpenSSH\prio.dll","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
  491. "8:44:09.1592830 AM","QuickAssist.exe","7064","CreateFile","C:\Program Files\Process Lasso\prio.dll","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
  492. "8:44:09.1593408 AM","QuickAssist.exe","7064","CreateFile","C:\Program Files\Prio\prio.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
  493. "8:44:09.1593584 AM","QuickAssist.exe","7064","QueryBasicInformationFile","C:\Program Files\Prio\prio.dll","SUCCESS","CreationTime: 1/15/2017 5:31:40 PM, LastAccessTime: 8/29/2022 8:43:53 AM, LastWriteTime: 1/15/2017 5:31:40 PM, ChangeTime: 7/5/2021 10:59:27 AM, FileAttributes: ANCI"
  494. "8:44:09.1593667 AM","QuickAssist.exe","7064","CloseFile","C:\Program Files\Prio\prio.dll","SUCCESS",""
  495. "8:44:09.1594048 AM","QuickAssist.exe","7064","CreateFile","C:\Program Files\Prio\prio.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
  496. "8:44:09.1594189 AM","QuickAssist.exe","7064","CreateFileMapping","C:\Program Files\Prio\prio.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_WRITECOPY"
  497. "8:44:09.1594395 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Read"
  498. "8:44:09.1594515 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Read"
  499. "8:44:09.1594618 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 20"
  500. "8:44:09.1594753 AM","QuickAssist.exe","7064","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS",""
  501. "8:44:09.1594870 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Query Value"
  502. "8:44:09.1594969 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Query Value"
  503. "8:44:09.1595231 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 80"
  504. "8:44:09.1595336 AM","QuickAssist.exe","7064","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS",""
  505. "8:44:09.1595455 AM","QuickAssist.exe","7064","CreateFileMapping","C:\Program Files\Prio\prio.dll","SUCCESS","SyncType: SyncTypeOther"
  506. "8:44:09.1596111 AM","QuickAssist.exe","7064","Load Image","C:\Program Files\Prio\prio.dll","SUCCESS","Image Base: 0x180000000, Image Size: 0x7000"
  507. "8:44:09.1596578 AM","QuickAssist.exe","7064","CloseFile","C:\Program Files\Prio\prio.dll","SUCCESS",""
  508. "8:44:09.1597469 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Control\Session Manager","REPARSE","Desired Access: Query Value, Enumerate Sub Keys"
  509. "8:44:09.1597675 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\System\CurrentControlSet\Control\Session Manager","SUCCESS","Desired Access: Query Value, Enumerate Sub Keys"
  510. "8:44:09.1597853 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\System\CurrentControlSet\Control\Session Manager\ResourcePolicies","NAME NOT FOUND","Length: 24"
  511. "8:44:09.1597991 AM","QuickAssist.exe","7064","RegCloseKey","HKLM\System\CurrentControlSet\Control\Session Manager","SUCCESS",""
  512. "8:44:09.1598910 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\ca967c75-04bf-40b5-9a16-98b5f9332a92","NAME NOT FOUND","Length: 528"
  513. "8:44:09.1599569 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\b6fd710b-f783-4b1c-ab9c-c68099dcc0c7","NAME NOT FOUND","Length: 528"
  514. "8:44:09.1600433 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\c1376338-0984-48b8-b933-9c7d779fd84d","NAME NOT FOUND","Length: 528"
  515. "8:44:09.1601185 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","REPARSE","Desired Access: Read"
  516. "8:44:09.1601303 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","Desired Access: Read"
  517. "8:44:09.1601426 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale\en-US","NAME NOT FOUND","Length: 532"
  518. "8:44:09.1601622 AM","QuickAssist.exe","7064","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS",""
  519. "8:44:09.1601773 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","REPARSE","Desired Access: Read"
  520. "8:44:09.1601897 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","Desired Access: Read"
  521. "8:44:09.1602026 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale\en-US","NAME NOT FOUND","Length: 532"
  522. "8:44:09.1602280 AM","QuickAssist.exe","7064","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS",""
  523. "8:44:09.1602422 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\Sorting\Versions\000603xx","SUCCESS","Type: REG_SZ, Length: 26, Data: kernel32.dll"
  524. "8:44:09.1602971 AM","QuickAssist.exe","7064","CreateFile","C:\Windows\Globalization\Sorting\SortDefault.nls","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, AllocationSize: n/a, OpenResult: Opened"
  525. "8:44:09.1603360 AM","QuickAssist.exe","7064","CreateFileMapping","C:\Windows\Globalization\Sorting\SortDefault.nls","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_WRITECOPY"
  526. "8:44:09.1603493 AM","QuickAssist.exe","7064","QueryStandardInformationFile","C:\Windows\Globalization\Sorting\SortDefault.nls","SUCCESS","AllocationSize: 1,941,504, EndOfFile: 3,371,404, NumberOfLinks: 2, DeletePending: False, Directory: False"
  527. "8:44:09.1603669 AM","QuickAssist.exe","7064","CreateFileMapping","C:\Windows\Globalization\Sorting\SortDefault.nls","SUCCESS","SyncType: SyncTypeOther"
  528. "8:44:09.1603892 AM","QuickAssist.exe","7064","CloseFile","C:\Windows\Globalization\Sorting\SortDefault.nls","SUCCESS",""
  529. "8:44:09.1604312 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\Sorting\Ids","REPARSE","Desired Access: Read"
  530. "8:44:09.1604423 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\Sorting\Ids","SUCCESS","Desired Access: Read"
  531. "8:44:09.1604549 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\Sorting\Ids\en-US","NAME NOT FOUND","Length: 90"
  532. "8:44:09.1604663 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\Sorting\Ids\en","NAME NOT FOUND","Length: 90"
  533. "8:44:09.1605133 AM","QuickAssist.exe","7064","CreateFile","C:\Users\Admin\AppData\Roaming\prio.ini","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
  534. "8:44:09.1605651 AM","QuickAssist.exe","7064","CloseFile","C:\Users\Admin\AppData\Roaming\prio.ini","SUCCESS",""
  535. "8:44:09.1606247 AM","QuickAssist.exe","7064","CreateFile","C:\Windows\prio.ini","NAME NOT FOUND","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
  536. "8:44:09.1606778 AM","QuickAssist.exe","7064","CreateFile","C:\Users\Admin\AppData\Roaming\prio.ini","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
  537. "8:44:09.1606922 AM","QuickAssist.exe","7064","LockFile","C:\Users\Admin\AppData\Roaming\prio.ini","SUCCESS","Exclusive: False, Offset: 0, Length: 4,294,967,295, Fail Immediately: False"
  538. "8:44:09.1607007 AM","QuickAssist.exe","7064","QueryStandardInformationFile","C:\Users\Admin\AppData\Roaming\prio.ini","SUCCESS","AllocationSize: 32, EndOfFile: 26, NumberOfLinks: 1, DeletePending: False, Directory: False"
  539. "8:44:09.1607140 AM","QuickAssist.exe","7064","ReadFile","C:\Users\Admin\AppData\Roaming\prio.ini","SUCCESS","Offset: 0, Length: 26, Priority: Normal"
  540. "8:44:09.1607492 AM","QuickAssist.exe","7064","UnlockFileSingle","C:\Users\Admin\AppData\Roaming\prio.ini","SUCCESS","Offset: 0, Length: 4,294,967,295"
  541. "8:44:09.1607589 AM","QuickAssist.exe","7064","CloseFile","C:\Users\Admin\AppData\Roaming\prio.ini","SUCCESS",""
  542. "8:44:09.1608062 AM","QuickAssist.exe","7064","CreateFile","C:\Windows\prio.ini","NAME NOT FOUND","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
  543. "8:44:09.1608492 AM","QuickAssist.exe","7064","CreateFile","C:\Users\Admin\AppData\Roaming\prio.ini","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
  544. "8:44:09.1608678 AM","QuickAssist.exe","7064","LockFile","C:\Users\Admin\AppData\Roaming\prio.ini","SUCCESS","Exclusive: False, Offset: 0, Length: 4,294,967,295, Fail Immediately: False"
  545. "8:44:09.1608752 AM","QuickAssist.exe","7064","QueryStandardInformationFile","C:\Users\Admin\AppData\Roaming\prio.ini","SUCCESS","AllocationSize: 32, EndOfFile: 26, NumberOfLinks: 1, DeletePending: False, Directory: False"
  546. "8:44:09.1608891 AM","QuickAssist.exe","7064","ReadFile","C:\Users\Admin\AppData\Roaming\prio.ini","SUCCESS","Offset: 0, Length: 26, Priority: Normal"
  547. "8:44:09.1609081 AM","QuickAssist.exe","7064","UnlockFileSingle","C:\Users\Admin\AppData\Roaming\prio.ini","SUCCESS","Offset: 0, Length: 4,294,967,295"
  548. "8:44:09.1609164 AM","QuickAssist.exe","7064","CloseFile","C:\Users\Admin\AppData\Roaming\prio.ini","SUCCESS",""
  549. "8:44:09.1609669 AM","QuickAssist.exe","7064","CreateFile","C:\Windows\prio.ini","NAME NOT FOUND","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
  550. "8:44:09.1610080 AM","QuickAssist.exe","7064","CreateFile","C:\Users\Admin\AppData\Roaming\prio.ini","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
  551. "8:44:09.1610214 AM","QuickAssist.exe","7064","LockFile","C:\Users\Admin\AppData\Roaming\prio.ini","SUCCESS","Exclusive: False, Offset: 0, Length: 4,294,967,295, Fail Immediately: False"
  552. "8:44:09.1610285 AM","QuickAssist.exe","7064","QueryStandardInformationFile","C:\Users\Admin\AppData\Roaming\prio.ini","SUCCESS","AllocationSize: 32, EndOfFile: 26, NumberOfLinks: 1, DeletePending: False, Directory: False"
  553. "8:44:09.1610465 AM","QuickAssist.exe","7064","ReadFile","C:\Users\Admin\AppData\Roaming\prio.ini","SUCCESS","Offset: 0, Length: 26, Priority: Normal"
  554. "8:44:09.1610654 AM","QuickAssist.exe","7064","UnlockFileSingle","C:\Users\Admin\AppData\Roaming\prio.ini","SUCCESS","Offset: 0, Length: 4,294,967,295"
  555. "8:44:09.1610737 AM","QuickAssist.exe","7064","CloseFile","C:\Users\Admin\AppData\Roaming\prio.ini","SUCCESS",""
  556. "8:44:09.1611261 AM","QuickAssist.exe","7064","CreateFile","C:\Windows\prio.ini","NAME NOT FOUND","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
  557. "8:44:09.1611704 AM","QuickAssist.exe","7064","CreateFile","C:\Users\Admin\AppData\Roaming\prio.ini","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
  558. "8:44:09.1611850 AM","QuickAssist.exe","7064","LockFile","C:\Users\Admin\AppData\Roaming\prio.ini","SUCCESS","Exclusive: False, Offset: 0, Length: 4,294,967,295, Fail Immediately: False"
  559. "8:44:09.1611920 AM","QuickAssist.exe","7064","QueryStandardInformationFile","C:\Users\Admin\AppData\Roaming\prio.ini","SUCCESS","AllocationSize: 32, EndOfFile: 26, NumberOfLinks: 1, DeletePending: False, Directory: False"
  560. "8:44:09.1612038 AM","QuickAssist.exe","7064","ReadFile","C:\Users\Admin\AppData\Roaming\prio.ini","SUCCESS","Offset: 0, Length: 26, Priority: Normal"
  561. "8:44:09.1612279 AM","QuickAssist.exe","7064","UnlockFileSingle","C:\Users\Admin\AppData\Roaming\prio.ini","SUCCESS","Offset: 0, Length: 4,294,967,295"
  562. "8:44:09.1612405 AM","QuickAssist.exe","7064","CloseFile","C:\Users\Admin\AppData\Roaming\prio.ini","SUCCESS",""
  563. "8:44:09.1613207 AM","QuickAssist.exe","7064","CreateFile","C:\Windows\prio.ini","NAME NOT FOUND","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
  564. "8:44:09.1613762 AM","QuickAssist.exe","7064","CreateFile","C:\Users\Admin\AppData\Roaming\prio.ini","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
  565. "8:44:09.1614035 AM","QuickAssist.exe","7064","LockFile","C:\Users\Admin\AppData\Roaming\prio.ini","SUCCESS","Exclusive: False, Offset: 0, Length: 4,294,967,295, Fail Immediately: False"
  566. "8:44:09.1614174 AM","QuickAssist.exe","7064","QueryStandardInformationFile","C:\Users\Admin\AppData\Roaming\prio.ini","SUCCESS","AllocationSize: 32, EndOfFile: 26, NumberOfLinks: 1, DeletePending: False, Directory: False"
  567. "8:44:09.1614302 AM","QuickAssist.exe","7064","ReadFile","C:\Users\Admin\AppData\Roaming\prio.ini","SUCCESS","Offset: 0, Length: 26, Priority: Normal"
  568. "8:44:09.1614479 AM","QuickAssist.exe","7064","UnlockFileSingle","C:\Users\Admin\AppData\Roaming\prio.ini","SUCCESS","Offset: 0, Length: 4,294,967,295"
  569. "8:44:09.1614558 AM","QuickAssist.exe","7064","CloseFile","C:\Users\Admin\AppData\Roaming\prio.ini","SUCCESS",""
  570. "8:44:09.1615054 AM","QuickAssist.exe","7064","CreateFile","C:\Users\Admin\AppData\Roaming\prio.ini","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
  571. "8:44:09.1615198 AM","QuickAssist.exe","7064","LockFile","C:\Users\Admin\AppData\Roaming\prio.ini","SUCCESS","Exclusive: False, Offset: 0, Length: 4,294,967,295, Fail Immediately: False"
  572. "8:44:09.1615280 AM","QuickAssist.exe","7064","QueryStandardInformationFile","C:\Users\Admin\AppData\Roaming\prio.ini","SUCCESS","AllocationSize: 32, EndOfFile: 26, NumberOfLinks: 1, DeletePending: False, Directory: False"
  573. "8:44:09.1615479 AM","QuickAssist.exe","7064","ReadFile","C:\Users\Admin\AppData\Roaming\prio.ini","SUCCESS","Offset: 0, Length: 26, Priority: Normal"
  574. "8:44:09.1615683 AM","QuickAssist.exe","7064","UnlockFileSingle","C:\Users\Admin\AppData\Roaming\prio.ini","SUCCESS","Offset: 0, Length: 4,294,967,295"
  575. "8:44:09.1615765 AM","QuickAssist.exe","7064","CloseFile","C:\Users\Admin\AppData\Roaming\prio.ini","SUCCESS",""
  576. "8:44:09.1616247 AM","QuickAssist.exe","7064","CreateFile","C:\Users\Admin\AppData\Roaming\prio.ini","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
  577. "8:44:09.1616380 AM","QuickAssist.exe","7064","LockFile","C:\Users\Admin\AppData\Roaming\prio.ini","SUCCESS","Exclusive: False, Offset: 0, Length: 4,294,967,295, Fail Immediately: False"
  578. "8:44:09.1616497 AM","QuickAssist.exe","7064","QueryStandardInformationFile","C:\Users\Admin\AppData\Roaming\prio.ini","SUCCESS","AllocationSize: 32, EndOfFile: 26, NumberOfLinks: 1, DeletePending: False, Directory: False"
  579. "8:44:09.1616623 AM","QuickAssist.exe","7064","ReadFile","C:\Users\Admin\AppData\Roaming\prio.ini","SUCCESS","Offset: 0, Length: 26, Priority: Normal"
  580. "8:44:09.1616794 AM","QuickAssist.exe","7064","UnlockFileSingle","C:\Users\Admin\AppData\Roaming\prio.ini","SUCCESS","Offset: 0, Length: 4,294,967,295"
  581. "8:44:09.1616883 AM","QuickAssist.exe","7064","CloseFile","C:\Users\Admin\AppData\Roaming\prio.ini","SUCCESS",""
  582. "8:44:09.1617429 AM","QuickAssist.exe","7064","CreateFile","C:\Windows\prio.ini","NAME NOT FOUND","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
  583. "8:44:09.1617924 AM","QuickAssist.exe","7064","CreateFile","C:\Users\Admin\AppData\Roaming\prio.ini","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
  584. "8:44:09.1618109 AM","QuickAssist.exe","7064","LockFile","C:\Users\Admin\AppData\Roaming\prio.ini","SUCCESS","Exclusive: False, Offset: 0, Length: 4,294,967,295, Fail Immediately: False"
  585. "8:44:09.1618182 AM","QuickAssist.exe","7064","QueryStandardInformationFile","C:\Users\Admin\AppData\Roaming\prio.ini","SUCCESS","AllocationSize: 32, EndOfFile: 26, NumberOfLinks: 1, DeletePending: False, Directory: False"
  586. "8:44:09.1618303 AM","QuickAssist.exe","7064","ReadFile","C:\Users\Admin\AppData\Roaming\prio.ini","SUCCESS","Offset: 0, Length: 26, Priority: Normal"
  587. "8:44:09.1618490 AM","QuickAssist.exe","7064","UnlockFileSingle","C:\Users\Admin\AppData\Roaming\prio.ini","SUCCESS","Offset: 0, Length: 4,294,967,295"
  588. "8:44:09.1618569 AM","QuickAssist.exe","7064","CloseFile","C:\Users\Admin\AppData\Roaming\prio.ini","SUCCESS",""
  589. "8:44:09.1618882 AM","QuickAssist.exe","7064","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows","SUCCESS",""
  590. "8:44:09.1619934 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\f25bcd2e-2690-55dc-3bc4-07b65b1b41c9","NAME NOT FOUND","Length: 528"
  591. "8:44:09.1620462 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options","SUCCESS","Desired Access: Query Value, Enumerate Sub Keys"
  592. "8:44:09.1620630 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QuickAssist.exe","NAME NOT FOUND","Desired Access: Query Value, Enumerate Sub Keys"
  593. "8:44:09.1620757 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\Software\Policies\Microsoft\Windows\Display","NAME NOT FOUND","Desired Access: Read"
  594. "8:44:09.1620931 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\Software\Policies\Microsoft\Windows\Display","NAME NOT FOUND","Desired Access: Read"
  595. "8:44:09.1621064 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QuickAssist.exe","NAME NOT FOUND","Desired Access: Query Value, Enumerate Sub Keys"
  596. "8:44:09.1621187 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\Software\Policies\Microsoft\Windows\Display","NAME NOT FOUND","Desired Access: Read"
  597. "8:44:09.1621306 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\Software\Policies\Microsoft\Windows\Display","NAME NOT FOUND","Desired Access: Read"
  598. "8:44:09.1621768 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\GRE_Initialize","SUCCESS","Desired Access: Read"
  599. "8:44:09.1621933 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles","NAME NOT FOUND","Length: 20"
  600. "8:44:09.1622055 AM","QuickAssist.exe","7064","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize","SUCCESS",""
  601. "8:44:09.1622262 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QuickAssist.exe","NAME NOT FOUND","Desired Access: Query Value, Enumerate Sub Keys"
  602. "8:44:09.1622898 AM","QuickAssist.exe","7064","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
  603. "8:44:09.1622984 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\Software\Microsoft\OLE\Tracing","NAME NOT FOUND","Desired Access: Read"
  604. "8:44:09.1623308 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\1aff6089-e863-4d36-bdfd-3581f07440be","NAME NOT FOUND","Length: 528"
  605. "8:44:09.1623617 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\f0558438-f56a-5987-47da-040ca75aef05","NAME NOT FOUND","Length: 528"
  606. "8:44:09.1624432 AM","QuickAssist.exe","7064","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
  607. "8:44:09.1624507 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\SOFTWARE\Microsoft\OLEAUT","NAME NOT FOUND","Desired Access: Query Value"
  608. "8:44:09.1625296 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\0bca4784-8257-51a0-d9ec-24fe1fe4c90d","NAME NOT FOUND","Length: 528"
  609. "8:44:09.1626159 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\ff32ada1-5a4b-583c-889e-a3c027b201f5","NAME NOT FOUND","Length: 528"
  610. "8:44:09.1628282 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\30336ed4-e327-447c-9de0-51b652c86108","NAME NOT FOUND","Length: 528"
  611. "8:44:09.1628739 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\32980f26-c8f5-5767-6b26-635b3fa83c61","NAME NOT FOUND","Length: 528"
  612. "8:44:09.1629079 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\703fcc13-b66f-5868-ddd9-e2db7f381ffb","NAME NOT FOUND","Length: 528"
  613. "8:44:09.1629833 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\7067398c-bae7-4191-bf16-c436de658baf","NAME NOT FOUND","Length: 528"
  614. "8:44:09.1630094 AM","QuickAssist.exe","7064","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
  615. "8:44:09.1630168 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\Software\Microsoft\Direct2D","NAME NOT FOUND","Desired Access: Query Value"
  616. "8:44:09.1630318 AM","QuickAssist.exe","7064","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
  617. "8:44:09.1630406 AM","QuickAssist.exe","7064","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
  618. "8:44:09.1630460 AM","QuickAssist.exe","7064","RegOpenKey","HKCU\Software\Microsoft\Direct3D\Direct2D","NAME NOT FOUND","Desired Access: Query Value"
  619. "8:44:09.1630680 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\dcb453db-c652-48be-a0f8-a64459d5162e","NAME NOT FOUND","Length: 528"
  620. "8:44:09.1631622 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\03bbe5b8-c788-4d0b-b47e-5b5731398a89","NAME NOT FOUND","Length: 528"
  621. "8:44:09.1632440 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\86cc27ea-6f87-47f7-8b43-3473527d4a87","NAME NOT FOUND","Length: 528"
  622. "8:44:09.1634020 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\e74efd1a-b62d-4b83-ab00-66f4a166a2d3","NAME NOT FOUND","Length: 528"
  623. "8:44:09.1634301 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\f9e3b648-9af1-4dc3-9a8e-bf42c0fbce9a","NAME NOT FOUND","Length: 528"
  624. "8:44:09.1635303 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\93112de2-0aa3-4ed7-91e3-4264555220c1","NAME NOT FOUND","Length: 528"
  625. "8:44:09.1635563 AM","QuickAssist.exe","7064","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
  626. "8:44:09.1635756 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\Software\Microsoft\Windows\Dwm","SUCCESS","Desired Access: Read"
  627. "8:44:09.1635877 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\Dwm\DebugFailFast","NAME NOT FOUND","Length: 16"
  628. "8:44:09.1635989 AM","QuickAssist.exe","7064","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows\Dwm","SUCCESS",""
  629. "8:44:09.1636674 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\acc49822-f0b2-49ff-bff2-1092384822b6","NAME NOT FOUND","Length: 528"
  630. "8:44:09.1637969 AM","QuickAssist.exe","7064","QueryNameInformationFile","C:\Program Files\WindowsApps\MicrosoftCorporationII.QuickAssist_2.0.8.0_x64__8wekyb3d8bbwe\QuickAssist.exe","SUCCESS","Name: \Program Files\WindowsApps\MicrosoftCorporationII.QuickAssist_2.0.8.0_x64__8wekyb3d8bbwe\QuickAssist.exe"
  631. "8:44:09.1638958 AM","QuickAssist.exe","7064","CreateFile","C:\Windows\System32\rpcss.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
  632. "8:44:09.1639143 AM","QuickAssist.exe","7064","QueryBasicInformationFile","C:\Windows\System32\rpcss.dll","SUCCESS","CreationTime: 11/28/2020 11:17:17 PM, LastAccessTime: 8/29/2022 8:43:53 AM, LastWriteTime: 11/28/2020 11:17:17 PM, ChangeTime: 11/28/2020 11:21:07 PM, FileAttributes: A"
  633. "8:44:09.1639209 AM","QuickAssist.exe","7064","CloseFile","C:\Windows\System32\rpcss.dll","SUCCESS",""
  634. "8:44:09.1639612 AM","QuickAssist.exe","7064","CreateFile","C:\Windows\System32\rpcss.dll","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
  635. "8:44:09.1639858 AM","QuickAssist.exe","7064","CreateFileMapping","C:\Windows\System32\rpcss.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READWRITE|PAGE_NOCACHE"
  636. "8:44:09.1639952 AM","QuickAssist.exe","7064","QueryStandardInformationFile","C:\Windows\System32\rpcss.dll","SUCCESS","AllocationSize: 770,048, EndOfFile: 1,330,688, NumberOfLinks: 2, DeletePending: False, Directory: False"
  637. "8:44:09.1640119 AM","QuickAssist.exe","7064","CreateFileMapping","C:\Windows\System32\rpcss.dll","SUCCESS","SyncType: SyncTypeOther"
  638. "8:44:09.1640470 AM","QuickAssist.exe","7064","CloseFile","C:\Windows\System32\rpcss.dll","SUCCESS",""
  639. "8:44:09.1641743 AM","QuickAssist.exe","7064","Load Image","C:\Windows\System32\bcryptprimitives.dll","SUCCESS","Image Base: 0x7ffe67390000, Image Size: 0x7f000"
  640. "8:44:09.1642645 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\System\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy","REPARSE","Desired Access: Query Value"
  641. "8:44:09.1642754 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\System\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy","SUCCESS","Desired Access: Query Value"
  642. "8:44:09.1642893 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\System\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy\Enabled","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
  643. "8:44:09.1642994 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\System\CurrentControlSet\Control\Lsa","REPARSE","Desired Access: Query Value"
  644. "8:44:09.1643074 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\System\CurrentControlSet\Control\Lsa","SUCCESS","Desired Access: Query Value"
  645. "8:44:09.1643156 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\System\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy","NAME NOT FOUND","Length: 20"
  646. "8:44:09.1643239 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\System\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy\MDMEnabled","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
  647. "8:44:09.1643316 AM","QuickAssist.exe","7064","RegCloseKey","HKLM\System\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy","SUCCESS",""
  648. "8:44:09.1643379 AM","QuickAssist.exe","7064","RegCloseKey","HKLM\System\CurrentControlSet\Control\Lsa","SUCCESS",""
  649. "8:44:09.1643482 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Policies\Microsoft\Cryptography\Configuration","REPARSE","Desired Access: Query Value"
  650. "8:44:09.1643565 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\System\CurrentControlSet\Policies\Microsoft\Cryptography\Configuration","NAME NOT FOUND","Desired Access: Query Value"
  651. "8:44:09.1646582 AM","QuickAssist.exe","7064","RegOpenKey","HKCU","SUCCESS","Desired Access: Read"
  652. "8:44:09.1646716 AM","QuickAssist.exe","7064","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
  653. "8:44:09.1646802 AM","QuickAssist.exe","7064","RegOpenKey","HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Themes\Personalize","SUCCESS","Desired Access: Query Value"
  654. "8:44:09.1646910 AM","QuickAssist.exe","7064","RegQueryValue","HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Themes\Personalize\AppsUseLightTheme","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1"
  655. "8:44:09.1647006 AM","QuickAssist.exe","7064","RegCloseKey","HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Themes\Personalize","SUCCESS",""
  656. "8:44:09.1647089 AM","QuickAssist.exe","7064","RegCloseKey","HKCU","SUCCESS",""
  657. "8:44:09.1647378 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\673cf800-208a-5327-3f4b-2be44a66627a","NAME NOT FOUND","Length: 528"
  658. "8:44:09.1650170 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\1029012f-9e40-5284-2037-2e9d52b292f9","NAME NOT FOUND","Length: 528"
  659. "8:44:09.1650974 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\91558f59-b78a-4994-8b64-8067b33bdd71","NAME NOT FOUND","Length: 528"
  660. "8:44:09.1651260 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\91558f59-b78a-4994-8b64-8067b33bdd71","NAME NOT FOUND","Length: 528"
  661. "8:44:09.1655510 AM","QuickAssist.exe","7064","RegOpenKey","HKCU\Software\Classes","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
  662. "8:44:09.1655845 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\System\CurrentControlSet\Control\Notifications\418A073AA3BC8075","BUFFER TOO SMALL","Length: 0"
  663. "8:44:09.1656277 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\System\CurrentControlSet\Control\Notifications\418A073AA3BC8075","SUCCESS","Type: REG_BINARY, Length: 364, Data: 01 00 04 80 00 00 00 00 00 00 00 00 00 00 00 00"
  664. "8:44:09.1657277 AM","QuickAssist.exe","7064","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
  665. "8:44:09.1657359 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\Software\Microsoft\COM3","SUCCESS","Desired Access: Read"
  666. "8:44:09.1657458 AM","QuickAssist.exe","7064","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\COM3","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
  667. "8:44:09.1657650 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\SOFTWARE\Microsoft\COM3\Com+Enabled","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1"
  668. "8:44:09.1657743 AM","QuickAssist.exe","7064","RegCloseKey","HKLM\SOFTWARE\Microsoft\COM3","SUCCESS",""
  669. "8:44:09.1658358 AM","QuickAssist.exe","7064","Load Image","C:\Windows\System32\clbcatq.dll","SUCCESS","Image Base: 0x7ffe680c0000, Image Size: 0xa9000"
  670. "8:44:09.1660088 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\Software\Microsoft\WindowsRuntime","SUCCESS","Desired Access: Read"
  671. "8:44:09.1660257 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId","SUCCESS","Desired Access: Read"
  672. "8:44:09.1660370 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.Resources.ResourceLoader","SUCCESS","Desired Access: Read"
  673. "8:44:09.1660616 AM","QuickAssist.exe","7064","RegQueryKey","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.Resources.ResourceLoader","SUCCESS","Query: Basic, Name: Windows.ApplicationModel.Resources.ResourceLoader"
  674. "8:44:09.1660832 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.Resources.ResourceLoader\ActivationType","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
  675. "8:44:09.1660910 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.Resources.ResourceLoader\Server","NAME NOT FOUND","Length: 144"
  676. "8:44:09.1660973 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.Resources.ResourceLoader\DllPath","SUCCESS","Type: REG_SZ, Length: 66, Data: C:\Windows\System32\MrmCoreR.dll"
  677. "8:44:09.1661047 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.Resources.ResourceLoader\Threading","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
  678. "8:44:09.1661102 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.Resources.ResourceLoader\TrustLevel","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
  679. "8:44:09.1661172 AM","QuickAssist.exe","7064","RegQueryKey","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.Resources.ResourceLoader","SUCCESS","Query: HandleTags, HandleTags: 0x0"
  680. "8:44:09.1661323 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.Resources.ResourceLoader\CustomAttributes","NAME NOT FOUND","Desired Access: Read"
  681. "8:44:09.1661471 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.Resources.ResourceLoader\RemoteServer","NAME NOT FOUND","Length: 144"
  682. "8:44:09.1661558 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.Resources.ResourceLoader\ActivateAsUser","NAME NOT FOUND","Length: 16"
  683. "8:44:09.1661622 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.Resources.ResourceLoader\ActivateInSharedBroker","NAME NOT FOUND","Length: 16"
  684. "8:44:09.1661709 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.Resources.ResourceLoader\ActivateInBrokerForMediumILContainer","NAME NOT FOUND","Length: 16"
  685. "8:44:09.1661781 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.Resources.ResourceLoader\Permissions","NAME NOT FOUND","Length: 140"
  686. "8:44:09.1661845 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.Resources.ResourceLoader\ActivateOnHostFlags","NAME NOT FOUND","Length: 16"
  687. "8:44:09.1661934 AM","QuickAssist.exe","7064","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
  688. "8:44:09.1662010 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\SOFTWARE\Microsoft\OLE\Diagnosis","NAME NOT FOUND","Desired Access: Read"
  689. "8:44:09.1662146 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\System\CurrentControlSet\Control\Notifications\418A073AA3BC8075","BUFFER TOO SMALL","Length: 0"
  690. "8:44:09.1662458 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\System\CurrentControlSet\Control\Notifications\418A073AA3BC8075","SUCCESS","Type: REG_BINARY, Length: 364, Data: 01 00 04 80 00 00 00 00 00 00 00 00 00 00 00 00"
  691. "8:44:09.1662882 AM","QuickAssist.exe","7064","RegCloseKey","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.Resources.ResourceLoader","SUCCESS",""
  692. "8:44:09.1663053 AM","QuickAssist.exe","7064","RegOpenKey","HKCU","SUCCESS","Desired Access: Read"
  693. "8:44:09.1663165 AM","QuickAssist.exe","7064","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
  694. "8:44:09.1663227 AM","QuickAssist.exe","7064","RegOpenKey","HKCU\Software\Classes","REPARSE","Desired Access: Notify"
  695. "8:44:09.1663295 AM","QuickAssist.exe","7064","RegOpenKey","HKCU\Software\Classes","SUCCESS","Desired Access: Notify"
  696. "8:44:09.1663395 AM","QuickAssist.exe","7064","RegCloseKey","HKCU","SUCCESS",""
  697. "8:44:09.1663596 AM","QuickAssist.exe","7064","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
  698. "8:44:09.1663661 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\Software\Microsoft\OLE","SUCCESS","Desired Access: Read"
  699. "8:44:09.1663740 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\SOFTWARE\Microsoft\Ole\MaxSxSHashCount","NAME NOT FOUND","Length: 16"
  700. "8:44:09.1663811 AM","QuickAssist.exe","7064","RegCloseKey","HKLM\SOFTWARE\Microsoft\Ole","SUCCESS",""
  701. "8:44:09.1664616 AM","QuickAssist.exe","7064","CreateFile","C:\Windows\System32\MrmCoreR.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
  702. "8:44:09.1664827 AM","QuickAssist.exe","7064","QueryBasicInformationFile","C:\Windows\System32\MrmCoreR.dll","SUCCESS","CreationTime: 11/28/2020 11:17:04 PM, LastAccessTime: 8/29/2022 8:42:37 AM, LastWriteTime: 11/28/2020 11:17:04 PM, ChangeTime: 11/28/2020 11:45:19 PM, FileAttributes: A"
  703. "8:44:09.1664900 AM","QuickAssist.exe","7064","CloseFile","C:\Windows\System32\MrmCoreR.dll","SUCCESS",""
  704. "8:44:09.1665277 AM","QuickAssist.exe","7064","CreateFile","C:\Windows\System32\MrmCoreR.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
  705. "8:44:09.1665451 AM","QuickAssist.exe","7064","CreateFileMapping","C:\Windows\System32\MrmCoreR.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READWRITE|PAGE_NOCACHE"
  706. "8:44:09.1665615 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Read"
  707. "8:44:09.1665721 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Read"
  708. "8:44:09.1665856 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 20"
  709. "8:44:09.1665943 AM","QuickAssist.exe","7064","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS",""
  710. "8:44:09.1666031 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Query Value"
  711. "8:44:09.1666115 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Query Value"
  712. "8:44:09.1666221 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 80"
  713. "8:44:09.1666300 AM","QuickAssist.exe","7064","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS",""
  714. "8:44:09.1666375 AM","QuickAssist.exe","7064","CreateFileMapping","C:\Windows\System32\MrmCoreR.dll","SUCCESS","SyncType: SyncTypeOther"
  715. "8:44:09.1666860 AM","QuickAssist.exe","7064","Load Image","C:\Windows\System32\MrmCoreR.dll","SUCCESS","Image Base: 0x7ffe60ec0000, Image Size: 0xf4000"
  716. "8:44:09.1668084 AM","QuickAssist.exe","7064","CloseFile","C:\Windows\System32\MrmCoreR.dll","SUCCESS",""
  717. "8:44:09.1668856 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\19c13211-dec8-42d5-885a-c4cfa82ea1ed","NAME NOT FOUND","Length: 528"
  718. "8:44:09.1670237 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.Resources.Core.ResourceContext","SUCCESS","Desired Access: Read"
  719. "8:44:09.1670433 AM","QuickAssist.exe","7064","RegQueryKey","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.Resources.Core.ResourceContext","SUCCESS","Query: Basic, Name: Windows.ApplicationModel.Resources.Core.ResourceContext"
  720. "8:44:09.1670572 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.Resources.Core.ResourceContext\ActivationType","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
  721. "8:44:09.1670681 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.Resources.Core.ResourceContext\Server","NAME NOT FOUND","Length: 144"
  722. "8:44:09.1670856 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.Resources.Core.ResourceContext\DllPath","SUCCESS","Type: REG_SZ, Length: 66, Data: C:\Windows\System32\MrmCoreR.dll"
  723. "8:44:09.1671025 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.Resources.Core.ResourceContext\Threading","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
  724. "8:44:09.1671221 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.Resources.Core.ResourceContext\TrustLevel","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
  725. "8:44:09.1671299 AM","QuickAssist.exe","7064","RegQueryKey","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.Resources.Core.ResourceContext","SUCCESS","Query: HandleTags, HandleTags: 0x0"
  726. "8:44:09.1671369 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.Resources.Core.ResourceContext\CustomAttributes","NAME NOT FOUND","Desired Access: Read"
  727. "8:44:09.1671469 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.Resources.Core.ResourceContext\RemoteServer","NAME NOT FOUND","Length: 144"
  728. "8:44:09.1671567 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.Resources.Core.ResourceContext\ActivateAsUser","NAME NOT FOUND","Length: 16"
  729. "8:44:09.1671630 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.Resources.Core.ResourceContext\ActivateInSharedBroker","NAME NOT FOUND","Length: 16"
  730. "8:44:09.1671833 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.Resources.Core.ResourceContext\ActivateInBrokerForMediumILContainer","NAME NOT FOUND","Length: 16"
  731. "8:44:09.1671936 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.Resources.Core.ResourceContext\Permissions","NAME NOT FOUND","Length: 140"
  732. "8:44:09.1672024 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.Resources.Core.ResourceContext\ActivateOnHostFlags","NAME NOT FOUND","Length: 16"
  733. "8:44:09.1672272 AM","QuickAssist.exe","7064","RegCloseKey","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.Resources.Core.ResourceContext","SUCCESS",""
  734. "8:44:09.1674287 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\System\CurrentControlSet\Control\Notifications\418A073AA3BC8075","BUFFER TOO SMALL","Length: 0"
  735. "8:44:09.1674717 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\System\CurrentControlSet\Control\Notifications\418A073AA3BC8075","SUCCESS","Type: REG_BINARY, Length: 364, Data: 01 00 04 80 00 00 00 00 00 00 00 00 00 00 00 00"
  736. "8:44:09.1676116 AM","QuickAssist.exe","7064","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
  737. "8:44:09.1676308 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Scaling","NAME NOT FOUND","Desired Access: Query Value"
  738. "8:44:09.1676569 AM","QuickAssist.exe","7064","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
  739. "8:44:09.1676696 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Scaling","NAME NOT FOUND","Desired Access: Query Value"
  740. "8:44:09.1677270 AM","QuickAssist.exe","7064","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
  741. "8:44:09.1677391 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Scaling","NAME NOT FOUND","Desired Access: Query Value"
  742. "8:44:09.1677940 AM","QuickAssist.exe","7064","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
  743. "8:44:09.1678067 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Scaling","NAME NOT FOUND","Desired Access: Query Value"
  744. "8:44:09.1678465 AM","QuickAssist.exe","7064","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
  745. "8:44:09.1678555 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\Software\Microsoft\Windows\CurrentVersion\Mrt\_Merged","NAME NOT FOUND","Desired Access: Query Value"
  746. "8:44:09.1679584 AM","QuickAssist.exe","7064","CreateFile","C:\Program Files\WindowsApps\MicrosoftCorporationII.QuickAssist_2.0.8.0_x64__8wekyb3d8bbwe\Resources.pri","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
  747. "8:44:09.1679806 AM","QuickAssist.exe","7064","QueryNetworkOpenInformationFile","C:\Program Files\WindowsApps\MicrosoftCorporationII.QuickAssist_2.0.8.0_x64__8wekyb3d8bbwe\Resources.pri","SUCCESS","CreationTime: 8/28/2022 9:00:23 PM, LastAccessTime: 8/29/2022 5:19:33 AM, LastWriteTime: 8/28/2022 9:00:24 PM, ChangeTime: 8/29/2022 8:06:57 AM, AllocationSize: 28672, EndOfFile: 66368, FileAttributes: A"
  748. "8:44:09.1679911 AM","QuickAssist.exe","7064","CloseFile","C:\Program Files\WindowsApps\MicrosoftCorporationII.QuickAssist_2.0.8.0_x64__8wekyb3d8bbwe\Resources.pri","SUCCESS",""
  749. "8:44:09.1680543 AM","QuickAssist.exe","7064","CreateFile","C:\Program Files\WindowsApps\MicrosoftCorporationII.QuickAssist_2.0.8.0_x64__8wekyb3d8bbwe\Resources.pri","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
  750. "8:44:09.1680738 AM","QuickAssist.exe","7064","QueryStandardInformationFile","C:\Program Files\WindowsApps\MicrosoftCorporationII.QuickAssist_2.0.8.0_x64__8wekyb3d8bbwe\Resources.pri","SUCCESS","AllocationSize: 28,672, EndOfFile: 66,368, NumberOfLinks: 1, DeletePending: False, Directory: False"
  751. "8:44:09.1680862 AM","QuickAssist.exe","7064","CreateFileMapping","C:\Program Files\WindowsApps\MicrosoftCorporationII.QuickAssist_2.0.8.0_x64__8wekyb3d8bbwe\Resources.pri","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READWRITE|PAGE_NOCACHE"
  752. "8:44:09.1680967 AM","QuickAssist.exe","7064","QueryStandardInformationFile","C:\Program Files\WindowsApps\MicrosoftCorporationII.QuickAssist_2.0.8.0_x64__8wekyb3d8bbwe\Resources.pri","SUCCESS","AllocationSize: 28,672, EndOfFile: 66,368, NumberOfLinks: 1, DeletePending: False, Directory: False"
  753. "8:44:09.1681156 AM","QuickAssist.exe","7064","CreateFileMapping","C:\Program Files\WindowsApps\MicrosoftCorporationII.QuickAssist_2.0.8.0_x64__8wekyb3d8bbwe\Resources.pri","SUCCESS","SyncType: SyncTypeOther"
  754. "8:44:09.1681487 AM","QuickAssist.exe","7064","CloseFile","C:\Program Files\WindowsApps\MicrosoftCorporationII.QuickAssist_2.0.8.0_x64__8wekyb3d8bbwe\Resources.pri","SUCCESS",""
  755. "8:44:09.1683887 AM","QuickAssist.exe","7064","CreateFile","C:\Windows\System32\BCP47mrm.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
  756. "8:44:09.1684214 AM","QuickAssist.exe","7064","QueryBasicInformationFile","C:\Windows\System32\BCP47mrm.dll","SUCCESS","CreationTime: 11/28/2020 11:17:04 PM, LastAccessTime: 8/29/2022 8:42:37 AM, LastWriteTime: 11/28/2020 11:17:04 PM, ChangeTime: 11/28/2020 11:45:35 PM, FileAttributes: A"
  757. "8:44:09.1684340 AM","QuickAssist.exe","7064","CloseFile","C:\Windows\System32\BCP47mrm.dll","SUCCESS",""
  758. "8:44:09.1684991 AM","QuickAssist.exe","7064","CreateFile","C:\Windows\System32\BCP47mrm.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
  759. "8:44:09.1685260 AM","QuickAssist.exe","7064","CreateFileMapping","C:\Windows\System32\BCP47mrm.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READWRITE|PAGE_NOCACHE"
  760. "8:44:09.1685533 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Read"
  761. "8:44:09.1685684 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Read"
  762. "8:44:09.1685826 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 20"
  763. "8:44:09.1685970 AM","QuickAssist.exe","7064","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS",""
  764. "8:44:09.1686118 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Query Value"
  765. "8:44:09.1686261 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Query Value"
  766. "8:44:09.1686390 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 80"
  767. "8:44:09.1686536 AM","QuickAssist.exe","7064","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS",""
  768. "8:44:09.1686664 AM","QuickAssist.exe","7064","CreateFileMapping","C:\Windows\System32\BCP47mrm.dll","SUCCESS","SyncType: SyncTypeOther"
  769. "8:44:09.1687365 AM","QuickAssist.exe","7064","Load Image","C:\Windows\System32\BCP47mrm.dll","SUCCESS","Image Base: 0x7ffe5f9e0000, Image Size: 0x2d000"
  770. "8:44:09.1688146 AM","QuickAssist.exe","7064","CloseFile","C:\Windows\System32\BCP47mrm.dll","SUCCESS",""
  771. "8:44:09.1696121 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.UI.ViewManagement.AccessibilitySettings","SUCCESS","Desired Access: Read"
  772. "8:44:09.1696264 AM","QuickAssist.exe","7064","RegQueryKey","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.UI.ViewManagement.AccessibilitySettings","SUCCESS","Query: Basic, Name: Windows.UI.ViewManagement.AccessibilitySettings"
  773. "8:44:09.1696405 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.UI.ViewManagement.AccessibilitySettings\ActivationType","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
  774. "8:44:09.1696543 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.UI.ViewManagement.AccessibilitySettings\Server","NAME NOT FOUND","Length: 144"
  775. "8:44:09.1696705 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.UI.ViewManagement.AccessibilitySettings\DllPath","SUCCESS","Type: REG_SZ, Length: 70, Data: C:\Windows\System32\Windows.UI.dll"
  776. "8:44:09.1696822 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.UI.ViewManagement.AccessibilitySettings\Threading","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
  777. "8:44:09.1696981 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.UI.ViewManagement.AccessibilitySettings\TrustLevel","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
  778. "8:44:09.1697083 AM","QuickAssist.exe","7064","RegQueryKey","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.UI.ViewManagement.AccessibilitySettings","SUCCESS","Query: HandleTags, HandleTags: 0x0"
  779. "8:44:09.1697185 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.UI.ViewManagement.AccessibilitySettings\CustomAttributes","NAME NOT FOUND","Desired Access: Read"
  780. "8:44:09.1697303 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.UI.ViewManagement.AccessibilitySettings\RemoteServer","NAME NOT FOUND","Length: 144"
  781. "8:44:09.1697418 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.UI.ViewManagement.AccessibilitySettings\ActivateAsUser","NAME NOT FOUND","Length: 16"
  782. "8:44:09.1697512 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.UI.ViewManagement.AccessibilitySettings\ActivateInSharedBroker","NAME NOT FOUND","Length: 16"
  783. "8:44:09.1697611 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.UI.ViewManagement.AccessibilitySettings\ActivateInBrokerForMediumILContainer","NAME NOT FOUND","Length: 16"
  784. "8:44:09.1697812 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.UI.ViewManagement.AccessibilitySettings\Permissions","NAME NOT FOUND","Length: 140"
  785. "8:44:09.1697887 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.UI.ViewManagement.AccessibilitySettings\ActivateOnHostFlags","NAME NOT FOUND","Length: 16"
  786. "8:44:09.1698039 AM","QuickAssist.exe","7064","RegCloseKey","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.UI.ViewManagement.AccessibilitySettings","SUCCESS",""
  787. "8:44:09.1698940 AM","QuickAssist.exe","7064","CreateFile","C:\Windows\System32\Windows.UI.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
  788. "8:44:09.1699106 AM","QuickAssist.exe","7064","QueryBasicInformationFile","C:\Windows\System32\Windows.UI.dll","SUCCESS","CreationTime: 11/28/2020 11:17:10 PM, LastAccessTime: 8/29/2022 8:42:37 AM, LastWriteTime: 11/28/2020 11:17:10 PM, ChangeTime: 11/28/2020 11:45:35 PM, FileAttributes: A"
  789. "8:44:09.1699180 AM","QuickAssist.exe","7064","CloseFile","C:\Windows\System32\Windows.UI.dll","SUCCESS",""
  790. "8:44:09.1699583 AM","QuickAssist.exe","7064","CreateFile","C:\Windows\System32\Windows.UI.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
  791. "8:44:09.1699740 AM","QuickAssist.exe","7064","CreateFileMapping","C:\Windows\System32\Windows.UI.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READWRITE|PAGE_NOCACHE"
  792. "8:44:09.1699919 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Read"
  793. "8:44:09.1700021 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Read"
  794. "8:44:09.1700110 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 20"
  795. "8:44:09.1700204 AM","QuickAssist.exe","7064","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS",""
  796. "8:44:09.1700289 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Query Value"
  797. "8:44:09.1700380 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Query Value"
  798. "8:44:09.1700459 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 80"
  799. "8:44:09.1700539 AM","QuickAssist.exe","7064","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS",""
  800. "8:44:09.1700708 AM","QuickAssist.exe","7064","CreateFileMapping","C:\Windows\System32\Windows.UI.dll","SUCCESS","SyncType: SyncTypeOther"
  801. "8:44:09.1701516 AM","QuickAssist.exe","7064","Load Image","C:\Windows\System32\Windows.UI.dll","SUCCESS","Image Base: 0x7ffe60d00000, Image Size: 0x14c000"
  802. "8:44:09.1702473 AM","QuickAssist.exe","7064","CloseFile","C:\Windows\System32\Windows.UI.dll","SUCCESS",""
  803. "8:44:09.1704068 AM","QuickAssist.exe","7064","CreateFile","C:\Windows\System32\WindowManagementAPI.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
  804. "8:44:09.1704230 AM","QuickAssist.exe","7064","QueryBasicInformationFile","C:\Windows\System32\WindowManagementAPI.dll","SUCCESS","CreationTime: 11/28/2020 11:17:04 PM, LastAccessTime: 8/29/2022 8:42:37 AM, LastWriteTime: 11/28/2020 11:17:04 PM, ChangeTime: 11/28/2020 11:45:35 PM, FileAttributes: A"
  805. "8:44:09.1704286 AM","QuickAssist.exe","7064","CloseFile","C:\Windows\System32\WindowManagementAPI.dll","SUCCESS",""
  806. "8:44:09.1704928 AM","QuickAssist.exe","7064","CreateFile","C:\Windows\System32\TextInputFramework.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
  807. "8:44:09.1705123 AM","QuickAssist.exe","7064","QueryBasicInformationFile","C:\Windows\System32\TextInputFramework.dll","SUCCESS","CreationTime: 11/28/2020 11:17:02 PM, LastAccessTime: 8/29/2022 8:42:29 AM, LastWriteTime: 11/28/2020 11:17:02 PM, ChangeTime: 11/28/2020 11:45:35 PM, FileAttributes: A"
  808. "8:44:09.1705188 AM","QuickAssist.exe","7064","CloseFile","C:\Windows\System32\TextInputFramework.dll","SUCCESS",""
  809. "8:44:09.1705397 AM","QuickAssist.exe","7064","CreateFile","C:\Windows\System32\InputHost.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
  810. "8:44:09.1705418 AM","QuickAssist.exe","7064","CreateFile","C:\Windows\System32\WindowManagementAPI.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
  811. "8:44:09.1705586 AM","QuickAssist.exe","7064","CreateFileMapping","C:\Windows\System32\WindowManagementAPI.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READWRITE|PAGE_NOCACHE"
  812. "8:44:09.1705637 AM","QuickAssist.exe","7064","QueryBasicInformationFile","C:\Windows\System32\InputHost.dll","SUCCESS","CreationTime: 11/28/2020 11:17:03 PM, LastAccessTime: 8/29/2022 8:42:37 AM, LastWriteTime: 11/28/2020 11:17:03 PM, ChangeTime: 11/28/2020 11:45:35 PM, FileAttributes: A"
  813. "8:44:09.1705648 AM","QuickAssist.exe","7064","CreateFile","C:\Windows\System32\TextInputFramework.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
  814. "8:44:09.1705734 AM","QuickAssist.exe","7064","CloseFile","C:\Windows\System32\InputHost.dll","SUCCESS",""
  815. "8:44:09.1705747 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Read"
  816. "8:44:09.1705797 AM","QuickAssist.exe","7064","CreateFileMapping","C:\Windows\System32\TextInputFramework.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READWRITE|PAGE_NOCACHE"
  817. "8:44:09.1705826 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Read"
  818. "8:44:09.1705899 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 20"
  819. "8:44:09.1705966 AM","QuickAssist.exe","7064","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS",""
  820. "8:44:09.1706052 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Read"
  821. "8:44:09.1706084 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Query Value"
  822. "8:44:09.1706151 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Read"
  823. "8:44:09.1706162 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Query Value"
  824. "8:44:09.1706233 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 20"
  825. "8:44:09.1706293 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 80"
  826. "8:44:09.1706326 AM","QuickAssist.exe","7064","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS",""
  827. "8:44:09.1706419 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Query Value"
  828. "8:44:09.1706462 AM","QuickAssist.exe","7064","CreateFile","C:\Windows\System32\InputHost.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
  829. "8:44:09.1706500 AM","QuickAssist.exe","7064","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS",""
  830. "8:44:09.1706515 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Query Value"
  831. "8:44:09.1706618 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 80"
  832. "8:44:09.1706631 AM","QuickAssist.exe","7064","CreateFileMapping","C:\Windows\System32\WindowManagementAPI.dll","SUCCESS","SyncType: SyncTypeOther"
  833. "8:44:09.1706694 AM","QuickAssist.exe","7064","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS",""
  834. "8:44:09.1706762 AM","QuickAssist.exe","7064","CreateFileMapping","C:\Windows\System32\TextInputFramework.dll","SUCCESS","SyncType: SyncTypeOther"
  835. "8:44:09.1706839 AM","QuickAssist.exe","7064","CreateFileMapping","C:\Windows\System32\InputHost.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READWRITE|PAGE_NOCACHE"
  836. "8:44:09.1707036 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Read"
  837. "8:44:09.1707127 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Read"
  838. "8:44:09.1707209 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 20"
  839. "8:44:09.1707233 AM","QuickAssist.exe","7064","Load Image","C:\Windows\System32\WindowManagementAPI.dll","SUCCESS","Image Base: 0x7ffe60aa0000, Image Size: 0xa3000"
  840. "8:44:09.1707241 AM","QuickAssist.exe","7064","Load Image","C:\Windows\System32\TextInputFramework.dll","SUCCESS","Image Base: 0x7ffe60b50000, Image Size: 0xfc000"
  841. "8:44:09.1707404 AM","QuickAssist.exe","7064","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS",""
  842. "8:44:09.1707543 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Query Value"
  843. "8:44:09.1707766 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Query Value"
  844. "8:44:09.1707893 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 80"
  845. "8:44:09.1707995 AM","QuickAssist.exe","7064","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS",""
  846. "8:44:09.1708068 AM","QuickAssist.exe","7064","CreateFileMapping","C:\Windows\System32\InputHost.dll","SUCCESS","SyncType: SyncTypeOther"
  847. "8:44:09.1708356 AM","QuickAssist.exe","7064","CloseFile","C:\Windows\System32\WindowManagementAPI.dll","SUCCESS",""
  848. "8:44:09.1708373 AM","QuickAssist.exe","7064","CloseFile","C:\Windows\System32\TextInputFramework.dll","SUCCESS",""
  849. "8:44:09.1708609 AM","QuickAssist.exe","7064","Load Image","C:\Windows\System32\InputHost.dll","SUCCESS","Image Base: 0x7ffe60940000, Image Size: 0x152000"
  850. "8:44:09.1709616 AM","QuickAssist.exe","7064","CreateFile","C:\Windows\System32\twinapi.appcore.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
  851. "8:44:09.1709650 AM","QuickAssist.exe","7064","CreateFile","C:\Windows\System32\WinTypes.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
  852. "8:44:09.1709840 AM","QuickAssist.exe","7064","QueryBasicInformationFile","C:\Windows\System32\twinapi.appcore.dll","SUCCESS","CreationTime: 11/28/2020 11:16:51 PM, LastAccessTime: 8/29/2022 8:42:36 AM, LastWriteTime: 11/28/2020 11:16:51 PM, ChangeTime: 11/28/2020 11:45:35 PM, FileAttributes: A"
  853. "8:44:09.1709884 AM","QuickAssist.exe","7064","QueryBasicInformationFile","C:\Windows\System32\WinTypes.dll","SUCCESS","CreationTime: 11/28/2020 11:17:16 PM, LastAccessTime: 8/29/2022 8:42:36 AM, LastWriteTime: 11/28/2020 11:17:17 PM, ChangeTime: 11/28/2020 11:45:35 PM, FileAttributes: A"
  854. "8:44:09.1709911 AM","QuickAssist.exe","7064","CloseFile","C:\Windows\System32\twinapi.appcore.dll","SUCCESS",""
  855. "8:44:09.1709935 AM","QuickAssist.exe","7064","CloseFile","C:\Windows\System32\InputHost.dll","SUCCESS",""
  856. "8:44:09.1709946 AM","QuickAssist.exe","7064","CloseFile","C:\Windows\System32\WinTypes.dll","SUCCESS",""
  857. "8:44:09.1710800 AM","QuickAssist.exe","7064","CreateFile","C:\Windows\System32\twinapi.appcore.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
  858. "8:44:09.1710967 AM","QuickAssist.exe","7064","CreateFile","C:\Windows\System32\WinTypes.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
  859. "8:44:09.1711064 AM","QuickAssist.exe","7064","CreateFileMapping","C:\Windows\System32\twinapi.appcore.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READWRITE|PAGE_NOCACHE"
  860. "8:44:09.1711287 AM","QuickAssist.exe","7064","CreateFileMapping","C:\Windows\System32\WinTypes.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READWRITE|PAGE_NOCACHE"
  861. "8:44:09.1711313 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Read"
  862. "8:44:09.1711404 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Read"
  863. "8:44:09.1711436 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Read"
  864. "8:44:09.1711484 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 20"
  865. "8:44:09.1711527 AM","QuickAssist.exe","7064","CreateFile","C:\Windows\System32\CoreUIComponents.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
  866. "8:44:09.1711559 AM","QuickAssist.exe","7064","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS",""
  867. "8:44:09.1711588 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Read"
  868. "8:44:09.1711628 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Query Value"
  869. "8:44:09.1711721 AM","QuickAssist.exe","7064","QueryBasicInformationFile","C:\Windows\System32\CoreUIComponents.dll","SUCCESS","CreationTime: 11/28/2020 11:17:00 PM, LastAccessTime: 8/29/2022 8:42:36 AM, LastWriteTime: 11/28/2020 11:17:00 PM, ChangeTime: 11/28/2020 11:45:35 PM, FileAttributes: A"
  870. "8:44:09.1711780 AM","QuickAssist.exe","7064","CloseFile","C:\Windows\System32\CoreUIComponents.dll","SUCCESS",""
  871. "8:44:09.1711798 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 20"
  872. "8:44:09.1711954 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Query Value"
  873. "8:44:09.1712128 AM","QuickAssist.exe","7064","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS",""
  874. "8:44:09.1712244 AM","QuickAssist.exe","7064","CreateFile","C:\Windows\System32\CoreUIComponents.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
  875. "8:44:09.1712427 AM","QuickAssist.exe","7064","CreateFileMapping","C:\Windows\System32\CoreUIComponents.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READWRITE|PAGE_NOCACHE"
  876. "8:44:09.1712605 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Read"
  877. "8:44:09.1712608 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 80"
  878. "8:44:09.1712726 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Query Value"
  879. "8:44:09.1713272 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Read"
  880. "8:44:09.1713287 AM","QuickAssist.exe","7064","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS",""
  881. "8:44:09.1713335 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Query Value"
  882. "8:44:09.1713959 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 80"
  883. "8:44:09.1713982 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 20"
  884. "8:44:09.1714044 AM","QuickAssist.exe","7064","CreateFileMapping","C:\Windows\System32\twinapi.appcore.dll","SUCCESS","SyncType: SyncTypeOther"
  885. "8:44:09.1714442 AM","QuickAssist.exe","7064","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS",""
  886. "8:44:09.1714554 AM","QuickAssist.exe","7064","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS",""
  887. "8:44:09.1714615 AM","QuickAssist.exe","7064","Load Image","C:\Windows\System32\twinapi.appcore.dll","SUCCESS","Image Base: 0x7ffe60730000, Image Size: 0x208000"
  888. "8:44:09.1714708 AM","QuickAssist.exe","7064","CreateFileMapping","C:\Windows\System32\WinTypes.dll","SUCCESS","SyncType: SyncTypeOther"
  889. "8:44:09.1714905 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Query Value"
  890. "8:44:09.1715193 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Query Value"
  891. "8:44:09.1715327 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 80"
  892. "8:44:09.1715435 AM","QuickAssist.exe","7064","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS",""
  893. "8:44:09.1715449 AM","QuickAssist.exe","7064","Load Image","C:\Windows\System32\WinTypes.dll","SUCCESS","Image Base: 0x7ffe61c20000, Image Size: 0x156000"
  894. "8:44:09.1715486 AM","QuickAssist.exe","7064","CloseFile","C:\Windows\System32\twinapi.appcore.dll","SUCCESS",""
  895. "8:44:09.1715891 AM","QuickAssist.exe","7064","CreateFileMapping","C:\Windows\System32\CoreUIComponents.dll","SUCCESS","SyncType: SyncTypeOther"
  896. "8:44:09.1716188 AM","QuickAssist.exe","7064","CloseFile","C:\Windows\System32\WinTypes.dll","SUCCESS",""
  897. "8:44:09.1716496 AM","QuickAssist.exe","7064","CreateFile","C:\Windows\System32\CoreMessaging.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
  898. "8:44:09.1716640 AM","QuickAssist.exe","7064","QueryBasicInformationFile","C:\Windows\System32\CoreMessaging.dll","SUCCESS","CreationTime: 11/28/2020 11:17:15 PM, LastAccessTime: 8/29/2022 8:42:36 AM, LastWriteTime: 11/28/2020 11:17:15 PM, ChangeTime: 11/28/2020 11:45:35 PM, FileAttributes: A"
  899. "8:44:09.1716740 AM","QuickAssist.exe","7064","Load Image","C:\Windows\System32\CoreUIComponents.dll","SUCCESS","Image Base: 0x7ffe62ab0000, Image Size: 0x35e000"
  900. "8:44:09.1716799 AM","QuickAssist.exe","7064","CloseFile","C:\Windows\System32\CoreMessaging.dll","SUCCESS",""
  901. "8:44:09.1717081 AM","QuickAssist.exe","7064","CreateFile","C:\Windows\System32\CoreMessaging.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
  902. "8:44:09.1717268 AM","QuickAssist.exe","7064","QueryBasicInformationFile","C:\Windows\System32\CoreMessaging.dll","SUCCESS","CreationTime: 11/28/2020 11:17:15 PM, LastAccessTime: 8/29/2022 8:42:36 AM, LastWriteTime: 11/28/2020 11:17:15 PM, ChangeTime: 11/28/2020 11:45:35 PM, FileAttributes: A"
  903. "8:44:09.1717357 AM","QuickAssist.exe","7064","CloseFile","C:\Windows\System32\CoreMessaging.dll","SUCCESS",""
  904. "8:44:09.1717445 AM","QuickAssist.exe","7064","CreateFile","C:\Windows\System32\CoreMessaging.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
  905. "8:44:09.1717623 AM","QuickAssist.exe","7064","CloseFile","C:\Windows\System32\CoreUIComponents.dll","SUCCESS",""
  906. "8:44:09.1717641 AM","QuickAssist.exe","7064","CreateFileMapping","C:\Windows\System32\CoreMessaging.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READWRITE|PAGE_NOCACHE"
  907. "8:44:09.1717786 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Read"
  908. "8:44:09.1717795 AM","QuickAssist.exe","7064","CreateFile","C:\Windows\System32\CoreMessaging.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
  909. "8:44:09.1717874 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Read"
  910. "8:44:09.1717963 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 20"
  911. "8:44:09.1718017 AM","QuickAssist.exe","7064","CreateFileMapping","C:\Windows\System32\CoreMessaging.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READWRITE|PAGE_NOCACHE"
  912. "8:44:09.1718140 AM","QuickAssist.exe","7064","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS",""
  913. "8:44:09.1718164 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Read"
  914. "8:44:09.1718506 AM","QuickAssist.exe","7064","CreateFile","C:\Windows\System32\twinapi.appcore.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
  915. "8:44:09.1718689 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Query Value"
  916. "8:44:09.1718693 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Read"
  917. "8:44:09.1718717 AM","QuickAssist.exe","7064","QueryBasicInformationFile","C:\Windows\System32\twinapi.appcore.dll","SUCCESS","CreationTime: 11/28/2020 11:16:51 PM, LastAccessTime: 8/29/2022 8:44:09 AM, LastWriteTime: 11/28/2020 11:16:51 PM, ChangeTime: 11/28/2020 11:45:35 PM, FileAttributes: A"
  918. "8:44:09.1718787 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Query Value"
  919. "8:44:09.1718791 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 20"
  920. "8:44:09.1718889 AM","QuickAssist.exe","7064","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS",""
  921. "8:44:09.1718953 AM","QuickAssist.exe","7064","CloseFile","C:\Windows\System32\twinapi.appcore.dll","SUCCESS",""
  922. "8:44:09.1718966 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Query Value"
  923. "8:44:09.1719043 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Query Value"
  924. "8:44:09.1719060 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 80"
  925. "8:44:09.1719164 AM","QuickAssist.exe","7064","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS",""
  926. "8:44:09.1719245 AM","QuickAssist.exe","7064","CreateFileMapping","C:\Windows\System32\CoreMessaging.dll","SUCCESS","SyncType: SyncTypeOther"
  927. "8:44:09.1719270 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 80"
  928. "8:44:09.1719343 AM","QuickAssist.exe","7064","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS",""
  929. "8:44:09.1719422 AM","QuickAssist.exe","7064","CreateFileMapping","C:\Windows\System32\CoreMessaging.dll","SUCCESS","SyncType: SyncTypeOther"
  930. "8:44:09.1719829 AM","QuickAssist.exe","7064","Load Image","C:\Windows\System32\CoreMessaging.dll","SUCCESS","Image Base: 0x7ffe63190000, Image Size: 0xf2000"
  931. "8:44:09.1720635 AM","QuickAssist.exe","7064","Load Image","C:\Windows\System32\CoreMessaging.dll","SUCCESS","Image Base: 0x1d992e20000, Image Size: 0xf2000"
  932. "8:44:09.1720903 AM","QuickAssist.exe","7064","CreateFile","C:\Windows\System32\CoreMessaging.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
  933. "8:44:09.1720927 AM","QuickAssist.exe","7064","Load Image","C:\Windows\System32\ws2_32.dll","SUCCESS","Image Base: 0x7ffe68710000, Image Size: 0x6b000"
  934. "8:44:09.1720969 AM","QuickAssist.exe","7064","CloseFile","C:\Windows\System32\CoreMessaging.dll","SUCCESS",""
  935. "8:44:09.1721081 AM","QuickAssist.exe","7064","QueryBasicInformationFile","C:\Windows\System32\CoreMessaging.dll","SUCCESS","CreationTime: 11/28/2020 11:17:15 PM, LastAccessTime: 8/29/2022 8:44:09 AM, LastWriteTime: 11/28/2020 11:17:15 PM, ChangeTime: 11/28/2020 11:45:35 PM, FileAttributes: A"
  936. "8:44:09.1721187 AM","QuickAssist.exe","7064","CloseFile","C:\Windows\System32\CoreMessaging.dll","SUCCESS",""
  937. "8:44:09.1721661 AM","QuickAssist.exe","7064","CloseFile","C:\Windows\System32\CoreMessaging.dll","SUCCESS",""
  938. "8:44:09.1723025 AM","QuickAssist.exe","7064","CreateFile","C:\Windows\System32\propsys.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
  939. "8:44:09.1723080 AM","QuickAssist.exe","7064","CreateFile","C:\Windows\System32\WinTypes.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
  940. "8:44:09.1723255 AM","QuickAssist.exe","7064","QueryBasicInformationFile","C:\Windows\System32\propsys.dll","SUCCESS","CreationTime: 11/28/2020 11:17:04 PM, LastAccessTime: 8/29/2022 8:43:53 AM, LastWriteTime: 11/28/2020 11:17:04 PM, ChangeTime: 11/28/2020 11:45:35 PM, FileAttributes: A"
  941. "8:44:09.1723289 AM","QuickAssist.exe","7064","QueryBasicInformationFile","C:\Windows\System32\WinTypes.dll","SUCCESS","CreationTime: 11/28/2020 11:17:16 PM, LastAccessTime: 8/29/2022 8:44:09 AM, LastWriteTime: 11/28/2020 11:17:17 PM, ChangeTime: 11/28/2020 11:45:35 PM, FileAttributes: A"
  942. "8:44:09.1723316 AM","QuickAssist.exe","7064","CloseFile","C:\Windows\System32\propsys.dll","SUCCESS",""
  943. "8:44:09.1723350 AM","QuickAssist.exe","7064","CreateFile","C:\Windows\System32\CoreUIComponents.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
  944. "8:44:09.1723357 AM","QuickAssist.exe","7064","CloseFile","C:\Windows\System32\WinTypes.dll","SUCCESS",""
  945. "8:44:09.1723502 AM","QuickAssist.exe","7064","QueryBasicInformationFile","C:\Windows\System32\CoreUIComponents.dll","SUCCESS","CreationTime: 11/28/2020 11:17:00 PM, LastAccessTime: 8/29/2022 8:44:09 AM, LastWriteTime: 11/28/2020 11:17:00 PM, ChangeTime: 11/28/2020 11:45:35 PM, FileAttributes: A"
  946. "8:44:09.1723559 AM","QuickAssist.exe","7064","CloseFile","C:\Windows\System32\CoreUIComponents.dll","SUCCESS",""
  947. "8:44:09.1723730 AM","QuickAssist.exe","7064","CreateFile","C:\Windows\System32\propsys.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
  948. "8:44:09.1723944 AM","QuickAssist.exe","7064","CreateFileMapping","C:\Windows\System32\propsys.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READWRITE|PAGE_NOCACHE"
  949. "8:44:09.1724331 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Read"
  950. "8:44:09.1724433 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Read"
  951. "8:44:09.1724510 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 20"
  952. "8:44:09.1724591 AM","QuickAssist.exe","7064","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS",""
  953. "8:44:09.1724747 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Query Value"
  954. "8:44:09.1724896 AM","QuickAssist.exe","7064","CreateFile","C:\Windows\System32\ntmarta.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
  955. "8:44:09.1724918 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Query Value"
  956. "8:44:09.1724997 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 80"
  957. "8:44:09.1725080 AM","QuickAssist.exe","7064","QueryBasicInformationFile","C:\Windows\System32\ntmarta.dll","SUCCESS","CreationTime: 11/28/2020 11:17:17 PM, LastAccessTime: 8/29/2022 8:42:33 AM, LastWriteTime: 11/28/2020 11:17:17 PM, ChangeTime: 11/28/2020 11:38:49 PM, FileAttributes: A"
  958. "8:44:09.1725120 AM","QuickAssist.exe","7064","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS",""
  959. "8:44:09.1725135 AM","QuickAssist.exe","7064","CloseFile","C:\Windows\System32\ntmarta.dll","SUCCESS",""
  960. "8:44:09.1725208 AM","QuickAssist.exe","7064","CreateFileMapping","C:\Windows\System32\propsys.dll","SUCCESS","SyncType: SyncTypeOther"
  961. "8:44:09.1725259 AM","QuickAssist.exe","7064","CreateFile","C:\Windows\System32\CoreMessaging.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
  962. "8:44:09.1725491 AM","QuickAssist.exe","7064","CreateFile","C:\Windows\System32\ntmarta.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
  963. "8:44:09.1725633 AM","QuickAssist.exe","7064","QueryBasicInformationFile","C:\Windows\System32\CoreMessaging.dll","SUCCESS","CreationTime: 11/28/2020 11:17:15 PM, LastAccessTime: 8/29/2022 8:44:09 AM, LastWriteTime: 11/28/2020 11:17:15 PM, ChangeTime: 11/28/2020 11:45:35 PM, FileAttributes: A"
  964. "8:44:09.1725656 AM","QuickAssist.exe","7064","CreateFileMapping","C:\Windows\System32\ntmarta.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READWRITE|PAGE_NOCACHE"
  965. "8:44:09.1725744 AM","QuickAssist.exe","7064","CloseFile","C:\Windows\System32\CoreMessaging.dll","SUCCESS",""
  966. "8:44:09.1725822 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Read"
  967. "8:44:09.1725859 AM","QuickAssist.exe","7064","Load Image","C:\Windows\System32\propsys.dll","SUCCESS","Image Base: 0x7ffe63b40000, Image Size: 0xf7000"
  968. "8:44:09.1725948 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Read"
  969. "8:44:09.1726109 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 20"
  970. "8:44:09.1726245 AM","QuickAssist.exe","7064","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS",""
  971. "8:44:09.1726330 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Query Value"
  972. "8:44:09.1726424 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Query Value"
  973. "8:44:09.1726546 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 80"
  974. "8:44:09.1726620 AM","QuickAssist.exe","7064","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS",""
  975. "8:44:09.1726712 AM","QuickAssist.exe","7064","CreateFileMapping","C:\Windows\System32\ntmarta.dll","SUCCESS","SyncType: SyncTypeOther"
  976. "8:44:09.1726720 AM","QuickAssist.exe","7064","CloseFile","C:\Windows\System32\propsys.dll","SUCCESS",""
  977. "8:44:09.1727260 AM","QuickAssist.exe","7064","Load Image","C:\Windows\System32\ntmarta.dll","SUCCESS","Image Base: 0x7ffe659c0000, Image Size: 0x33000"
  978. "8:44:09.1728008 AM","QuickAssist.exe","7064","CloseFile","C:\Windows\System32\ntmarta.dll","SUCCESS",""
  979. "8:44:09.1729809 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\4e7add1a-6945-435a-82b6-612688ba9f57","NAME NOT FOUND","Length: 528"
  980. "8:44:09.1730844 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\bc71577f-76e9-583a-ecd6-62d0250d900f","NAME NOT FOUND","Length: 528"
  981. "8:44:09.1731357 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\072665fb-8953-5a85-931d-d06aeab3d109","NAME NOT FOUND","Length: 528"
  982. "8:44:09.1731998 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\d0f1a5c6-fc43-48ae-99bf-efb1c38be9d1","NAME NOT FOUND","Length: 528"
  983. "8:44:09.1733454 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\3720dda7-caea-4af3-a138-375aafc3f1d6","NAME NOT FOUND","Length: 528"
  984. "8:44:09.1734204 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\ebadf775-48aa-4bf3-8f8e-ec68d113c98e","NAME NOT FOUND","Length: 528"
  985. "8:44:09.1734581 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\3f30522e-d47a-407c-9067-2e928d00d54e","NAME NOT FOUND","Length: 528"
  986. "8:44:09.1735621 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\32980f26-c8f5-5767-6b26-635b3fa83c61","NAME NOT FOUND","Length: 528"
  987. "8:44:09.1735980 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\703fcc13-b66f-5868-ddd9-e2db7f381ffb","NAME NOT FOUND","Length: 528"
  988. "8:44:09.1736831 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\4b01be74-d810-5994-228e-ee8417be3468","NAME NOT FOUND","Length: 528"
  989. "8:44:09.1738225 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.UI.Core.CoreWindow","SUCCESS","Desired Access: Read"
  990. "8:44:09.1738476 AM","QuickAssist.exe","7064","RegQueryKey","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.UI.Core.CoreWindow","SUCCESS","Query: Basic, Name: Windows.UI.Core.CoreWindow"
  991. "8:44:09.1738627 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.UI.Core.CoreWindow\ActivationType","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
  992. "8:44:09.1738711 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.UI.Core.CoreWindow\Server","NAME NOT FOUND","Length: 144"
  993. "8:44:09.1738808 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.UI.Core.CoreWindow\DllPath","SUCCESS","Type: REG_SZ, Length: 70, Data: C:\Windows\System32\Windows.UI.dll"
  994. "8:44:09.1738880 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.UI.Core.CoreWindow\Threading","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
  995. "8:44:09.1738949 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.UI.Core.CoreWindow\TrustLevel","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
  996. "8:44:09.1739019 AM","QuickAssist.exe","7064","RegQueryKey","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.UI.Core.CoreWindow","SUCCESS","Query: HandleTags, HandleTags: 0x0"
  997. "8:44:09.1739092 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.UI.Core.CoreWindow\CustomAttributes","NAME NOT FOUND","Desired Access: Read"
  998. "8:44:09.1739174 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.UI.Core.CoreWindow\RemoteServer","NAME NOT FOUND","Length: 144"
  999. "8:44:09.1739238 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.UI.Core.CoreWindow\ActivateAsUser","NAME NOT FOUND","Length: 16"
  1000. "8:44:09.1739300 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.UI.Core.CoreWindow\ActivateInSharedBroker","NAME NOT FOUND","Length: 16"
  1001. "8:44:09.1739376 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.UI.Core.CoreWindow\ActivateInBrokerForMediumILContainer","NAME NOT FOUND","Length: 16"
  1002. "8:44:09.1739439 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.UI.Core.CoreWindow\Permissions","NAME NOT FOUND","Length: 140"
  1003. "8:44:09.1739509 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.UI.Core.CoreWindow\ActivateOnHostFlags","NAME NOT FOUND","Length: 16"
  1004. "8:44:09.1739623 AM","QuickAssist.exe","7064","RegCloseKey","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.UI.Core.CoreWindow","SUCCESS",""
  1005. "8:44:09.1739934 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.Core.CoreApplication","SUCCESS","Desired Access: Read"
  1006. "8:44:09.1740057 AM","QuickAssist.exe","7064","RegQueryKey","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.Core.CoreApplication","SUCCESS","Query: Basic, Name: Windows.ApplicationModel.Core.CoreApplication"
  1007. "8:44:09.1740139 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.Core.CoreApplication\ActivationType","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
  1008. "8:44:09.1740204 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.Core.CoreApplication\Server","NAME NOT FOUND","Length: 144"
  1009. "8:44:09.1740281 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.Core.CoreApplication\DllPath","SUCCESS","Type: REG_SZ, Length: 80, Data: C:\Windows\System32\twinapi.appcore.dll"
  1010. "8:44:09.1740346 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.Core.CoreApplication\Threading","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
  1011. "8:44:09.1740401 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.Core.CoreApplication\TrustLevel","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
  1012. "8:44:09.1740468 AM","QuickAssist.exe","7064","RegQueryKey","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.Core.CoreApplication","SUCCESS","Query: HandleTags, HandleTags: 0x0"
  1013. "8:44:09.1740536 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.Core.CoreApplication\CustomAttributes","NAME NOT FOUND","Desired Access: Read"
  1014. "8:44:09.1740610 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.Core.CoreApplication\RemoteServer","NAME NOT FOUND","Length: 144"
  1015. "8:44:09.1740679 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.Core.CoreApplication\ActivateAsUser","NAME NOT FOUND","Length: 16"
  1016. "8:44:09.1740735 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.Core.CoreApplication\ActivateInSharedBroker","NAME NOT FOUND","Length: 16"
  1017. "8:44:09.1740841 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.Core.CoreApplication\ActivateInBrokerForMediumILContainer","NAME NOT FOUND","Length: 16"
  1018. "8:44:09.1740912 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.Core.CoreApplication\Permissions","NAME NOT FOUND","Length: 140"
  1019. "8:44:09.1740976 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.Core.CoreApplication\ActivateOnHostFlags","NAME NOT FOUND","Length: 16"
  1020. "8:44:09.1741084 AM","QuickAssist.exe","7064","RegCloseKey","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.Core.CoreApplication","SUCCESS",""
  1021. "8:44:09.1741829 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\a9da4dcc-e78e-5ce7-4078-411a9928f082","NAME NOT FOUND","Length: 528"
  1022. "8:44:09.1742487 AM","QuickAssist.exe","7064","Thread Create","","SUCCESS","Thread ID: 716"
  1023. "8:44:09.1743262 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\Software\Microsoft\Rpc\Extensions","SUCCESS","Desired Access: Read"
  1024. "8:44:09.1743402 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\SOFTWARE\Microsoft\Rpc\Extensions\NdrOleExtDLL","SUCCESS","Type: REG_EXPAND_SZ, Length: 24, Data: combase.dll"
  1025. "8:44:09.1743508 AM","QuickAssist.exe","7064","RegCloseKey","HKLM\SOFTWARE\Microsoft\Rpc\Extensions","SUCCESS",""
  1026. "8:44:09.1743798 AM","QuickAssist.exe","7064","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
  1027. "8:44:09.1743908 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\Software\Microsoft\Rpc","SUCCESS","Desired Access: Read"
  1028. "8:44:09.1744043 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\SOFTWARE\Microsoft\Rpc\MaxRpcSize","NAME NOT FOUND","Length: 16"
  1029. "8:44:09.1744168 AM","QuickAssist.exe","7064","RegCloseKey","HKLM\SOFTWARE\Microsoft\Rpc","SUCCESS",""
  1030. "8:44:09.1744555 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\System\CurrentControlSet\Services\CCG","REPARSE","Desired Access: Read"
  1031. "8:44:09.1744673 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\System\CurrentControlSet\Services\CCG","NAME NOT FOUND","Desired Access: Read"
  1032. "8:44:09.1744799 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\System\CurrentControlSet\Services\CCG","REPARSE","Desired Access: Read"
  1033. "8:44:09.1744892 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\System\CurrentControlSet\Services\CCG","NAME NOT FOUND","Desired Access: Read"
  1034. "8:44:09.1745004 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\System\CurrentControlSet\Control\ComputerName\ActiveComputerName","REPARSE","Desired Access: Read"
  1035. "8:44:09.1745103 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\System\CurrentControlSet\Control\ComputerName\ActiveComputerName","SUCCESS","Desired Access: Read"
  1036. "8:44:09.1745278 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\System\CurrentControlSet\Control\ComputerName\ActiveComputerName\ComputerName","SUCCESS","Type: REG_SZ, Length: 32, Data: WIN-10BLPX6N58W"
  1037. "8:44:09.1745362 AM","QuickAssist.exe","7064","RegCloseKey","HKLM\System\CurrentControlSet\Control\ComputerName\ActiveComputerName","SUCCESS",""
  1038. "8:44:09.1745461 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\System\Setup","SUCCESS","Desired Access: Read"
  1039. "8:44:09.1745540 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\SYSTEM\Setup\OOBEInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
  1040. "8:44:09.1745603 AM","QuickAssist.exe","7064","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
  1041. "8:44:09.1745663 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\System\Setup","SUCCESS","Desired Access: Read"
  1042. "8:44:09.1745729 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
  1043. "8:44:09.1745795 AM","QuickAssist.exe","7064","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
  1044. "8:44:09.1745878 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QuickAssist.exe","NAME NOT FOUND","Desired Access: Query Value, Enumerate Sub Keys"
  1045. "8:44:09.1746172 AM","QuickAssist.exe","7064","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
  1046. "8:44:09.1746239 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\Software\Policies\Microsoft\Windows NT\Rpc","NAME NOT FOUND","Desired Access: Read"
  1047. "8:44:09.1746750 AM","QuickAssist.exe","7064","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
  1048. "8:44:09.1746911 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\Software\Microsoft\Rpc","SUCCESS","Desired Access: Query Value"
  1049. "8:44:09.1747014 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\SOFTWARE\Microsoft\Rpc\IdleTimerWindow","NAME NOT FOUND","Length: 16"
  1050. "8:44:09.1747083 AM","QuickAssist.exe","7064","RegCloseKey","HKLM\SOFTWARE\Microsoft\Rpc","SUCCESS",""
  1051. "8:44:09.1747563 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Foundation.Collections.PropertySet","SUCCESS","Desired Access: Read"
  1052. "8:44:09.1747660 AM","QuickAssist.exe","7064","RegQueryKey","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Foundation.Collections.PropertySet","SUCCESS","Query: Basic, Name: Windows.Foundation.Collections.PropertySet"
  1053. "8:44:09.1747753 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Foundation.Collections.PropertySet\ActivationType","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
  1054. "8:44:09.1747820 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Foundation.Collections.PropertySet\Server","NAME NOT FOUND","Length: 144"
  1055. "8:44:09.1747881 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Foundation.Collections.PropertySet\DllPath","SUCCESS","Type: REG_SZ, Length: 66, Data: C:\Windows\System32\WinTypes.dll"
  1056. "8:44:09.1747943 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Foundation.Collections.PropertySet\Threading","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
  1057. "8:44:09.1748011 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Foundation.Collections.PropertySet\TrustLevel","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
  1058. "8:44:09.1748088 AM","QuickAssist.exe","7064","RegQueryKey","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Foundation.Collections.PropertySet","SUCCESS","Query: HandleTags, HandleTags: 0x0"
  1059. "8:44:09.1748146 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Foundation.Collections.PropertySet\CustomAttributes","NAME NOT FOUND","Desired Access: Read"
  1060. "8:44:09.1748307 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Foundation.Collections.PropertySet\RemoteServer","NAME NOT FOUND","Length: 144"
  1061. "8:44:09.1748407 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Foundation.Collections.PropertySet\ActivateAsUser","NAME NOT FOUND","Length: 16"
  1062. "8:44:09.1748468 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Foundation.Collections.PropertySet\ActivateInSharedBroker","NAME NOT FOUND","Length: 16"
  1063. "8:44:09.1748531 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Foundation.Collections.PropertySet\ActivateInBrokerForMediumILContainer","NAME NOT FOUND","Length: 16"
  1064. "8:44:09.1748619 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Foundation.Collections.PropertySet\Permissions","NAME NOT FOUND","Length: 140"
  1065. "8:44:09.1748677 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Foundation.Collections.PropertySet\ActivateOnHostFlags","NAME NOT FOUND","Length: 16"
  1066. "8:44:09.1748772 AM","QuickAssist.exe","7064","RegCloseKey","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Foundation.Collections.PropertySet","SUCCESS",""
  1067. "8:44:09.1749421 AM","QuickAssist.exe","7064","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
  1068. "8:44:09.1749483 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\Software\Microsoft\XAML","SUCCESS","Desired Access: Query Value"
  1069. "8:44:09.1749596 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\SOFTWARE\Microsoft\XAML\OneCoreTransformsEnabledByDefault","NAME NOT FOUND","Length: 16"
  1070. "8:44:09.1749745 AM","QuickAssist.exe","7064","RegCloseKey","HKLM\SOFTWARE\Microsoft\XAML","SUCCESS",""
  1071. "8:44:09.1754999 AM","QuickAssist.exe","7064","Load Image","C:\Windows\System32\msctf.dll","SUCCESS","Image Base: 0x7ffe68170000, Image Size: 0x115000"
  1072. "8:44:09.1756524 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\ebadf775-48aa-4bf3-8f8e-ec68d113c98e","NAME NOT FOUND","Length: 528"
  1073. "8:44:09.1762900 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\System\CurrentControlSet\Control\Notifications\418A073AA3BC8075","BUFFER TOO SMALL","Length: 0"
  1074. "8:44:09.1763297 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\System\CurrentControlSet\Control\Notifications\418A073AA3BC8075","SUCCESS","Type: REG_BINARY, Length: 364, Data: 01 00 04 80 00 00 00 00 00 00 00 00 00 00 00 00"
  1075. "8:44:09.1767301 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Control\Session Manager","REPARSE","Desired Access: Query Value, Enumerate Sub Keys"
  1076. "8:44:09.1767443 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\System\CurrentControlSet\Control\Session Manager","SUCCESS","Desired Access: Query Value, Enumerate Sub Keys"
  1077. "8:44:09.1767565 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\System\CurrentControlSet\Control\Session Manager\ResourcePolicies","NAME NOT FOUND","Length: 24"
  1078. "8:44:09.1767678 AM","QuickAssist.exe","7064","RegCloseKey","HKLM\System\CurrentControlSet\Control\Session Manager","SUCCESS",""
  1079. "8:44:09.1790753 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\System\CurrentControlSet\Control\Notifications\418A073AA3BC8075","BUFFER TOO SMALL","Length: 0"
  1080. "8:44:09.1791298 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\System\CurrentControlSet\Control\Notifications\418A073AA3BC8075","SUCCESS","Type: REG_BINARY, Length: 364, Data: 01 00 04 80 00 00 00 00 00 00 00 00 00 00 00 00"
  1081. "8:44:09.1792198 AM","QuickAssist.exe","7064","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
  1082. "8:44:09.1792320 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\SOFTWARE\Microsoft\CTF\Compatibility\QuickAssist.exe","NAME NOT FOUND","Desired Access: Read"
  1083. "8:44:09.1798455 AM","QuickAssist.exe","7064","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
  1084. "8:44:09.1798586 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\SOFTWARE\Microsoft\CTF\Compatibility\QuickAssist.exe","NAME NOT FOUND","Desired Access: Read"
  1085. "8:44:09.1811334 AM","QuickAssist.exe","7064","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
  1086. "8:44:09.1811490 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\OOBE","SUCCESS","Desired Access: Query Value"
  1087. "8:44:09.1811687 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\OOBE\LaunchUserOOBE","NAME NOT FOUND","Length: 16"
  1088. "8:44:09.1811814 AM","QuickAssist.exe","7064","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\OOBE","SUCCESS",""
  1089. "8:44:09.1835366 AM","QuickAssist.exe","7064","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
  1090. "8:44:09.1835572 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\OOBE","SUCCESS","Desired Access: Query Value"
  1091. "8:44:09.1835801 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\OOBE\LaunchUserOOBE","NAME NOT FOUND","Length: 16"
  1092. "8:44:09.1835970 AM","QuickAssist.exe","7064","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\OOBE","SUCCESS",""
  1093. "8:44:09.1836769 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\System\CurrentControlSet\Control\Notifications\418A073AA3BC8075","BUFFER TOO SMALL","Length: 0"
  1094. "8:44:09.1837240 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\System\CurrentControlSet\Control\Notifications\418A073AA3BC8075","SUCCESS","Type: REG_BINARY, Length: 364, Data: 01 00 04 80 00 00 00 00 00 00 00 00 00 00 00 00"
  1095. "8:44:09.1837801 AM","QuickAssist.exe","7064","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
  1096. "8:44:09.1837959 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\SOFTWARE\Microsoft\CTF\Compatibility\AppCompatClassName","NAME NOT FOUND","Desired Access: Read"
  1097. "8:44:09.1838211 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\System\CurrentControlSet\Control\Notifications\418A073AA3BC8075","BUFFER TOO SMALL","Length: 0"
  1098. "8:44:09.1838590 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\System\CurrentControlSet\Control\Notifications\418A073AA3BC8075","SUCCESS","Type: REG_BINARY, Length: 364, Data: 01 00 04 80 00 00 00 00 00 00 00 00 00 00 00 00"
  1099. "8:44:09.1841212 AM","QuickAssist.exe","7064","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
  1100. "8:44:09.1841324 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\SOFTWARE\Microsoft\CTF\","SUCCESS","Desired Access: Read"
  1101. "8:44:09.1841461 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\SOFTWARE\Microsoft\CTF\EnableAnchorContext","NAME NOT FOUND","Length: 16"
  1102. "8:44:09.1841586 AM","QuickAssist.exe","7064","RegCloseKey","HKLM\SOFTWARE\Microsoft\CTF","SUCCESS",""
  1103. "8:44:09.1846669 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\System\CurrentControlSet\Control\Notifications\418A073AA3BC8075","BUFFER TOO SMALL","Length: 0"
  1104. "8:44:09.1847147 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\System\CurrentControlSet\Control\Notifications\418A073AA3BC8075","SUCCESS","Type: REG_BINARY, Length: 364, Data: 01 00 04 80 00 00 00 00 00 00 00 00 00 00 00 00"
  1105. "8:44:09.1861555 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\System\CurrentControlSet\Control\Notifications\418A073AA3BC8075","BUFFER TOO SMALL","Length: 0"
  1106. "8:44:09.1862013 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\System\CurrentControlSet\Control\Notifications\418A073AA3BC8075","SUCCESS","Type: REG_BINARY, Length: 364, Data: 01 00 04 80 00 00 00 00 00 00 00 00 00 00 00 00"
  1107. "8:44:09.1862912 AM","QuickAssist.exe","7064","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
  1108. "8:44:09.1863101 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows","SUCCESS","Desired Access: Read"
  1109. "8:44:09.1863312 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\IsVailContainer","NAME NOT FOUND","Length: 16"
  1110. "8:44:09.1863490 AM","QuickAssist.exe","7064","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows","SUCCESS",""
  1111. "8:44:09.1863646 AM","QuickAssist.exe","7064","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
  1112. "8:44:09.1863794 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\Software\Microsoft\Input","SUCCESS","Desired Access: Read"
  1113. "8:44:09.1864022 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\SOFTWARE\Microsoft\Input\ResyncResetTime","NAME NOT FOUND","Length: 16"
  1114. "8:44:09.1864181 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\SOFTWARE\Microsoft\Input\MaxResyncAttempts","NAME NOT FOUND","Length: 16"
  1115. "8:44:09.1864337 AM","QuickAssist.exe","7064","RegCloseKey","HKLM\SOFTWARE\Microsoft\Input","SUCCESS",""
  1116. "8:44:09.1865603 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\System\CurrentControlSet\Control\Notifications\418A073AA3BC8075","BUFFER TOO SMALL","Length: 0"
  1117. "8:44:09.1866001 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\System\CurrentControlSet\Control\Notifications\418A073AA3BC8075","SUCCESS","Type: REG_BINARY, Length: 364, Data: 01 00 04 80 00 00 00 00 00 00 00 00 00 00 00 00"
  1118. "8:44:09.1867847 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\System\CurrentControlSet\Control\Notifications\418A073AA3BC8075","BUFFER TOO SMALL","Length: 0"
  1119. "8:44:09.1868216 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\System\CurrentControlSet\Control\Notifications\418A073AA3BC8075","SUCCESS","Type: REG_BINARY, Length: 364, Data: 01 00 04 80 00 00 00 00 00 00 00 00 00 00 00 00"
  1120. "8:44:09.1869645 AM","QuickAssist.exe","7064","CreateFile","C:\Windows\SystemResources\user32.dll.mun","NAME NOT FOUND","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a"
  1121. "8:44:09.1887120 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Data.Json.JsonObject","SUCCESS","Desired Access: Read"
  1122. "8:44:09.1887330 AM","QuickAssist.exe","7064","RegQueryKey","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Data.Json.JsonObject","SUCCESS","Query: Basic, Name: Windows.Data.Json.JsonObject"
  1123. "8:44:09.1887530 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Data.Json.JsonObject\ActivationType","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
  1124. "8:44:09.1887743 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Data.Json.JsonObject\Server","NAME NOT FOUND","Length: 144"
  1125. "8:44:09.1887875 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Data.Json.JsonObject\DllPath","SUCCESS","Type: REG_SZ, Length: 72, Data: C:\Windows\System32\Windows.Web.dll"
  1126. "8:44:09.1888039 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Data.Json.JsonObject\Threading","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
  1127. "8:44:09.1901801 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Data.Json.JsonObject\TrustLevel","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
  1128. "8:44:09.1902003 AM","QuickAssist.exe","7064","RegQueryKey","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Data.Json.JsonObject","SUCCESS","Query: HandleTags, HandleTags: 0x0"
  1129. "8:44:09.1902101 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Data.Json.JsonObject\CustomAttributes","NAME NOT FOUND","Desired Access: Read"
  1130. "8:44:09.1902213 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Data.Json.JsonObject\RemoteServer","NAME NOT FOUND","Length: 144"
  1131. "8:44:09.1902440 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Data.Json.JsonObject\ActivateAsUser","NAME NOT FOUND","Length: 16"
  1132. "8:44:09.1902516 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Data.Json.JsonObject\ActivateInSharedBroker","NAME NOT FOUND","Length: 16"
  1133. "8:44:09.1902582 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Data.Json.JsonObject\ActivateInBrokerForMediumILContainer","NAME NOT FOUND","Length: 16"
  1134. "8:44:09.1902641 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Data.Json.JsonObject\Permissions","NAME NOT FOUND","Length: 140"
  1135. "8:44:09.1902705 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Data.Json.JsonObject\ActivateOnHostFlags","NAME NOT FOUND","Length: 16"
  1136. "8:44:09.1902829 AM","QuickAssist.exe","7064","RegCloseKey","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Data.Json.JsonObject","SUCCESS",""
  1137. "8:44:09.1904148 AM","QuickAssist.exe","7064","CreateFile","C:\Windows\System32\Windows.Web.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
  1138. "8:44:09.1904323 AM","QuickAssist.exe","7064","QueryBasicInformationFile","C:\Windows\System32\Windows.Web.dll","SUCCESS","CreationTime: 11/28/2020 11:16:50 PM, LastAccessTime: 8/29/2022 8:42:36 AM, LastWriteTime: 11/28/2020 11:16:50 PM, ChangeTime: 11/29/2020 12:18:49 AM, FileAttributes: A"
  1139. "8:44:09.1904418 AM","QuickAssist.exe","7064","CloseFile","C:\Windows\System32\Windows.Web.dll","SUCCESS",""
  1140. "8:44:09.1905118 AM","QuickAssist.exe","7064","CreateFile","C:\Windows\System32\Windows.Web.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
  1141. "8:44:09.1905297 AM","QuickAssist.exe","7064","CreateFileMapping","C:\Windows\System32\Windows.Web.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READWRITE|PAGE_NOCACHE"
  1142. "8:44:09.1905466 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Read"
  1143. "8:44:09.1905574 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Read"
  1144. "8:44:09.1905668 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 20"
  1145. "8:44:09.1905747 AM","QuickAssist.exe","7064","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS",""
  1146. "8:44:09.1905863 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Query Value"
  1147. "8:44:09.1905952 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Query Value"
  1148. "8:44:09.1906029 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 80"
  1149. "8:44:09.1906130 AM","QuickAssist.exe","7064","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS",""
  1150. "8:44:09.1906208 AM","QuickAssist.exe","7064","CreateFileMapping","C:\Windows\System32\Windows.Web.dll","SUCCESS","SyncType: SyncTypeOther"
  1151. "8:44:09.1906799 AM","QuickAssist.exe","7064","Load Image","C:\Windows\System32\Windows.Web.dll","SUCCESS","Image Base: 0x7ffe4fa10000, Image Size: 0xc3000"
  1152. "8:44:09.1907989 AM","QuickAssist.exe","7064","CloseFile","C:\Windows\System32\Windows.Web.dll","SUCCESS",""
  1153. "8:44:09.1908961 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Networking.Connectivity.NetworkInformation","SUCCESS","Desired Access: Read"
  1154. "8:44:09.1909116 AM","QuickAssist.exe","7064","RegQueryKey","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Networking.Connectivity.NetworkInformation","SUCCESS","Query: Basic, Name: Windows.Networking.Connectivity.NetworkInformation"
  1155. "8:44:09.1909212 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Networking.Connectivity.NetworkInformation\ActivationType","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
  1156. "8:44:09.1909283 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Networking.Connectivity.NetworkInformation\Server","NAME NOT FOUND","Length: 144"
  1157. "8:44:09.1909343 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Networking.Connectivity.NetworkInformation\DllPath","SUCCESS","Type: REG_SZ, Length: 112, Data: C:\Windows\System32\Windows.Networking.Connectivity.dll"
  1158. "8:44:09.1909411 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Networking.Connectivity.NetworkInformation\Threading","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
  1159. "8:44:09.1909469 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Networking.Connectivity.NetworkInformation\TrustLevel","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
  1160. "8:44:09.1909529 AM","QuickAssist.exe","7064","RegQueryKey","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Networking.Connectivity.NetworkInformation","SUCCESS","Query: HandleTags, HandleTags: 0x0"
  1161. "8:44:09.1909594 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Networking.Connectivity.NetworkInformation\CustomAttributes","NAME NOT FOUND","Desired Access: Read"
  1162. "8:44:09.1909667 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Networking.Connectivity.NetworkInformation\RemoteServer","NAME NOT FOUND","Length: 144"
  1163. "8:44:09.1909725 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Networking.Connectivity.NetworkInformation\ActivateAsUser","NAME NOT FOUND","Length: 16"
  1164. "8:44:09.1909786 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Networking.Connectivity.NetworkInformation\ActivateInSharedBroker","NAME NOT FOUND","Length: 16"
  1165. "8:44:09.1909952 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Networking.Connectivity.NetworkInformation\ActivateInBrokerForMediumILContainer","NAME NOT FOUND","Length: 16"
  1166. "8:44:09.1910049 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Networking.Connectivity.NetworkInformation\Permissions","NAME NOT FOUND","Length: 140"
  1167. "8:44:09.1910139 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Networking.Connectivity.NetworkInformation\ActivateOnHostFlags","NAME NOT FOUND","Length: 16"
  1168. "8:44:09.1910350 AM","QuickAssist.exe","7064","RegCloseKey","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Networking.Connectivity.NetworkInformation","SUCCESS",""
  1169. "8:44:09.1911196 AM","QuickAssist.exe","7064","CreateFile","C:\Windows\System32\Windows.Networking.Connectivity.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
  1170. "8:44:09.1911410 AM","QuickAssist.exe","7064","QueryBasicInformationFile","C:\Windows\System32\Windows.Networking.Connectivity.dll","SUCCESS","CreationTime: 11/28/2020 11:16:51 PM, LastAccessTime: 8/29/2022 8:42:35 AM, LastWriteTime: 11/28/2020 11:16:51 PM, ChangeTime: 12/6/2020 4:31:29 PM, FileAttributes: A"
  1171. "8:44:09.1911516 AM","QuickAssist.exe","7064","CloseFile","C:\Windows\System32\Windows.Networking.Connectivity.dll","SUCCESS",""
  1172. "8:44:09.1912168 AM","QuickAssist.exe","7064","CreateFile","C:\Windows\System32\Windows.Networking.Connectivity.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
  1173. "8:44:09.1912329 AM","QuickAssist.exe","7064","CreateFileMapping","C:\Windows\System32\Windows.Networking.Connectivity.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READWRITE|PAGE_NOCACHE"
  1174. "8:44:09.1912500 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Read"
  1175. "8:44:09.1912610 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Read"
  1176. "8:44:09.1912705 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 20"
  1177. "8:44:09.1912784 AM","QuickAssist.exe","7064","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS",""
  1178. "8:44:09.1912873 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Query Value"
  1179. "8:44:09.1912960 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Query Value"
  1180. "8:44:09.1913070 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 80"
  1181. "8:44:09.1913141 AM","QuickAssist.exe","7064","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS",""
  1182. "8:44:09.1913228 AM","QuickAssist.exe","7064","CreateFileMapping","C:\Windows\System32\Windows.Networking.Connectivity.dll","SUCCESS","SyncType: SyncTypeOther"
  1183. "8:44:09.1913817 AM","QuickAssist.exe","7064","Load Image","C:\Windows\System32\Windows.Networking.Connectivity.dll","SUCCESS","Image Base: 0x7ffe50340000, Image Size: 0xb9000"
  1184. "8:44:09.1915143 AM","QuickAssist.exe","7064","CloseFile","C:\Windows\System32\Windows.Networking.Connectivity.dll","SUCCESS",""
  1185. "8:44:09.1915984 AM","QuickAssist.exe","7064","ReadFile","C:\Windows\System32\Windows.Networking.Connectivity.dll","SUCCESS","Offset: 694,784, Length: 14,336, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O, Priority: Normal"
  1186. "8:44:09.1970561 AM","QuickAssist.exe","7064","ReadFile","C:\Windows\System32\Windows.Networking.Connectivity.dll","SUCCESS","Offset: 686,592, Length: 8,192, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O, Priority: Normal"
  1187. "8:44:09.2053246 AM","QuickAssist.exe","7064","ReadFile","C:\Windows\System32\Windows.Networking.Connectivity.dll","SUCCESS","Offset: 647,680, Length: 16,384, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O, Priority: Normal"
  1188. "8:44:09.2135952 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\5a8a94f3-249f-49f8-86d1-e6527c80622b","NAME NOT FOUND","Length: 528"
  1189. "8:44:09.2136761 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\703fcc13-b66f-5868-ddd9-e2db7f381ffb","NAME NOT FOUND","Length: 528"
  1190. "8:44:09.2138472 AM","QuickAssist.exe","7064","CreateFile","C:\Program Files\WindowsApps\SystemResources\QuickAssist.exe.mun","PATH NOT FOUND","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a"
  1191. "8:44:09.2154328 AM","QuickAssist.exe","7064","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
  1192. "8:44:09.2154465 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Control\MiniNT","REPARSE","Desired Access: Read"
  1193. "8:44:09.2154581 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\System\CurrentControlSet\Control\MiniNT","NAME NOT FOUND","Desired Access: Read"
  1194. "8:44:09.2155173 AM","QuickAssist.exe","7064","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
  1195. "8:44:09.2155270 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Services\crypt32","REPARSE","Desired Access: Read"
  1196. "8:44:09.2155368 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\System\CurrentControlSet\Services\crypt32","SUCCESS","Desired Access: Read"
  1197. "8:44:09.2155493 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\System\CurrentControlSet\Services\crypt32\DiagLevel","NAME NOT FOUND","Length: 16"
  1198. "8:44:09.2155563 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\System\CurrentControlSet\Services\crypt32\DiagMatchAnyMask","NAME NOT FOUND","Length: 20"
  1199. "8:44:09.2155655 AM","QuickAssist.exe","7064","RegCloseKey","HKLM\System\CurrentControlSet\Services\crypt32","SUCCESS",""
  1200. "8:44:09.2155724 AM","QuickAssist.exe","7064","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
  1201. "8:44:09.2155796 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Services\crypt32","REPARSE","Desired Access: Read"
  1202. "8:44:09.2155872 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\System\CurrentControlSet\Services\crypt32","SUCCESS","Desired Access: Read"
  1203. "8:44:09.2156510 AM","QuickAssist.exe","7064","Thread Create","","SUCCESS","Thread ID: 5308"
  1204. "8:44:09.2156731 AM","QuickAssist.exe","7064","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
  1205. "8:44:09.2156819 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\Software\Microsoft\Cryptography\OID","SUCCESS","Desired Access: Read"
  1206. "8:44:09.2156985 AM","QuickAssist.exe","7064","RegEnumKey","HKLM\SOFTWARE\Microsoft\Cryptography\OID","SUCCESS","Index: 0, Name: EncodingType 0"
  1207. "8:44:09.2157073 AM","QuickAssist.exe","7064","RegQueryKey","HKLM\SOFTWARE\Microsoft\Cryptography\OID","SUCCESS","Query: HandleTags, HandleTags: 0x0"
  1208. "8:44:09.2157138 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0","SUCCESS","Desired Access: Read"
  1209. "8:44:09.2157313 AM","QuickAssist.exe","7064","RegQueryKey","HKLM\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0","SUCCESS","Query: HandleTags, HandleTags: 0x0"
  1210. "8:44:09.2157391 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllOpenStoreProv","SUCCESS","Desired Access: Read"
  1211. "8:44:09.2157512 AM","QuickAssist.exe","7064","RegEnumKey","HKLM\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllOpenStoreProv","SUCCESS","Index: 0, Name: #16"
  1212. "8:44:09.2157584 AM","QuickAssist.exe","7064","RegQueryKey","HKLM\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllOpenStoreProv","SUCCESS","Query: HandleTags, HandleTags: 0x0"
  1213. "8:44:09.2157648 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllOpenStoreProv\#16","SUCCESS","Desired Access: Read"
  1214. "8:44:09.2157745 AM","QuickAssist.exe","7064","RegQueryKey","HKLM\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllOpenStoreProv\#16","SUCCESS","Query: Cached, SubKeys: 0, Values: 2"
  1215. "8:44:09.2157867 AM","QuickAssist.exe","7064","RegEnumValue","HKLM\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllOpenStoreProv\#16","SUCCESS","Index: 0, Name: Dll, Type: REG_SZ, Length: 66, Data: C:\Windows\System32\cryptnet.dll"
  1216. "8:44:09.2157951 AM","QuickAssist.exe","7064","RegEnumValue","HKLM\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllOpenStoreProv\#16","SUCCESS","Index: 1, Name: FuncName, Type: REG_SZ, Length: 36, Data: LdapProvOpenStore"
  1217. "8:44:09.2158121 AM","QuickAssist.exe","7064","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllOpenStoreProv\#16","SUCCESS",""
  1218. "8:44:09.2158236 AM","QuickAssist.exe","7064","RegEnumKey","HKLM\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllOpenStoreProv","SUCCESS","Index: 1, Name: Ldap"
  1219. "8:44:09.2158309 AM","QuickAssist.exe","7064","RegQueryKey","HKLM\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllOpenStoreProv","SUCCESS","Query: HandleTags, HandleTags: 0x0"
  1220. "8:44:09.2158378 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllOpenStoreProv\Ldap","SUCCESS","Desired Access: Read"
  1221. "8:44:09.2158486 AM","QuickAssist.exe","7064","RegQueryKey","HKLM\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllOpenStoreProv\Ldap","SUCCESS","Query: Cached, SubKeys: 0, Values: 2"
  1222. "8:44:09.2158559 AM","QuickAssist.exe","7064","RegEnumValue","HKLM\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllOpenStoreProv\Ldap","SUCCESS","Index: 0, Name: Dll, Type: REG_SZ, Length: 66, Data: C:\Windows\System32\cryptnet.dll"
  1223. "8:44:09.2158623 AM","QuickAssist.exe","7064","RegEnumValue","HKLM\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllOpenStoreProv\Ldap","SUCCESS","Index: 1, Name: FuncName, Type: REG_SZ, Length: 36, Data: LdapProvOpenStore"
  1224. "8:44:09.2158734 AM","QuickAssist.exe","7064","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllOpenStoreProv\Ldap","SUCCESS",""
  1225. "8:44:09.2158836 AM","QuickAssist.exe","7064","RegEnumKey","HKLM\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllOpenStoreProv","NO MORE ENTRIES","Index: 2, Length: 288"
  1226. "8:44:09.2158910 AM","QuickAssist.exe","7064","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllOpenStoreProv","SUCCESS",""
  1227. "8:44:09.2158972 AM","QuickAssist.exe","7064","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0","SUCCESS",""
  1228. "8:44:09.2159036 AM","QuickAssist.exe","7064","RegEnumKey","HKLM\SOFTWARE\Microsoft\Cryptography\OID","SUCCESS","Index: 1, Name: EncodingType 1"
  1229. "8:44:09.2159115 AM","QuickAssist.exe","7064","RegQueryKey","HKLM\SOFTWARE\Microsoft\Cryptography\OID","SUCCESS","Query: HandleTags, HandleTags: 0x0"
  1230. "8:44:09.2159185 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 1","SUCCESS","Desired Access: Read"
  1231. "8:44:09.2159297 AM","QuickAssist.exe","7064","RegQueryKey","HKLM\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 1","SUCCESS","Query: HandleTags, HandleTags: 0x0"
  1232. "8:44:09.2159361 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 1\CertDllOpenStoreProv","NAME NOT FOUND","Desired Access: Read"
  1233. "8:44:09.2159452 AM","QuickAssist.exe","7064","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 1","SUCCESS",""
  1234. "8:44:09.2159550 AM","QuickAssist.exe","7064","RegEnumKey","HKLM\SOFTWARE\Microsoft\Cryptography\OID","NO MORE ENTRIES","Index: 2, Length: 288"
  1235. "8:44:09.2159629 AM","QuickAssist.exe","7064","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography\OID","SUCCESS",""
  1236. "8:44:09.2159808 AM","QuickAssist.exe","7064","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
  1237. "8:44:09.2159888 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\Software\Microsoft\SystemCertificates\My\PhysicalStores","NAME NOT FOUND","Desired Access: Read"
  1238. "8:44:09.2160007 AM","QuickAssist.exe","7064","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
  1239. "8:44:09.2160074 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\Software\Microsoft\SystemCertificates\My","SUCCESS","Desired Access: Read"
  1240. "8:44:09.2160205 AM","QuickAssist.exe","7064","RegCloseKey","HKLM\SOFTWARE\Microsoft\SystemCertificates\My","SUCCESS",""
  1241. "8:44:09.2160318 AM","QuickAssist.exe","7064","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
  1242. "8:44:09.2160386 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\Software\Microsoft\SystemCertificates\My","SUCCESS","Desired Access: Read"
  1243. "8:44:09.2160476 AM","QuickAssist.exe","7064","RegQueryKey","HKLM\SOFTWARE\Microsoft\SystemCertificates\My","SUCCESS","Query: HandleTags, HandleTags: 0x0"
  1244. "8:44:09.2160544 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\SOFTWARE\Microsoft\SystemCertificates\My","SUCCESS","Desired Access: Read"
  1245. "8:44:09.2160630 AM","QuickAssist.exe","7064","RegQueryKey","HKLM\SOFTWARE\Microsoft\SystemCertificates\My","SUCCESS","Query: HandleTags, HandleTags: 0x0"
  1246. "8:44:09.2160707 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\SOFTWARE\Microsoft\SystemCertificates\My\Certificates","SUCCESS","Desired Access: Read"
  1247. "8:44:09.2160803 AM","QuickAssist.exe","7064","RegQueryKey","HKLM\SOFTWARE\Microsoft\SystemCertificates\My\Certificates","SUCCESS","Query: Cached, SubKeys: 0, Values: 0"
  1248. "8:44:09.2160899 AM","QuickAssist.exe","7064","RegQueryKey","HKLM\SOFTWARE\Microsoft\SystemCertificates\My\Certificates","SUCCESS","Query: Cached, SubKeys: 0, Values: 0"
  1249. "8:44:09.2160977 AM","QuickAssist.exe","7064","RegCloseKey","HKLM\SOFTWARE\Microsoft\SystemCertificates\My\Certificates","SUCCESS",""
  1250. "8:44:09.2161057 AM","QuickAssist.exe","7064","RegQueryKey","HKLM\SOFTWARE\Microsoft\SystemCertificates\My","SUCCESS","Query: HandleTags, HandleTags: 0x0"
  1251. "8:44:09.2161128 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\SOFTWARE\Microsoft\SystemCertificates\My\CRLs","SUCCESS","Desired Access: Read"
  1252. "8:44:09.2161221 AM","QuickAssist.exe","7064","RegQueryKey","HKLM\SOFTWARE\Microsoft\SystemCertificates\My\CRLs","SUCCESS","Query: Cached, SubKeys: 0, Values: 0"
  1253. "8:44:09.2161288 AM","QuickAssist.exe","7064","RegQueryKey","HKLM\SOFTWARE\Microsoft\SystemCertificates\My\CRLs","SUCCESS","Query: Cached, SubKeys: 0, Values: 0"
  1254. "8:44:09.2161365 AM","QuickAssist.exe","7064","RegCloseKey","HKLM\SOFTWARE\Microsoft\SystemCertificates\My\CRLs","SUCCESS",""
  1255. "8:44:09.2161430 AM","QuickAssist.exe","7064","RegQueryKey","HKLM\SOFTWARE\Microsoft\SystemCertificates\My","SUCCESS","Query: HandleTags, HandleTags: 0x0"
  1256. "8:44:09.2161500 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\SOFTWARE\Microsoft\SystemCertificates\My\CTLs","SUCCESS","Desired Access: Read"
  1257. "8:44:09.2161575 AM","QuickAssist.exe","7064","RegQueryKey","HKLM\SOFTWARE\Microsoft\SystemCertificates\My\CTLs","SUCCESS","Query: Cached, SubKeys: 0, Values: 0"
  1258. "8:44:09.2161636 AM","QuickAssist.exe","7064","RegQueryKey","HKLM\SOFTWARE\Microsoft\SystemCertificates\My\CTLs","SUCCESS","Query: Cached, SubKeys: 0, Values: 0"
  1259. "8:44:09.2161705 AM","QuickAssist.exe","7064","RegCloseKey","HKLM\SOFTWARE\Microsoft\SystemCertificates\My\CTLs","SUCCESS",""
  1260. "8:44:09.2161786 AM","QuickAssist.exe","7064","RegCloseKey","HKLM\SOFTWARE\Microsoft\SystemCertificates\My","SUCCESS",""
  1261. "8:44:09.2162060 AM","QuickAssist.exe","7064","RegCloseKey","HKLM\SOFTWARE\Microsoft\SystemCertificates\My","SUCCESS",""
  1262. "8:44:09.2163043 AM","QuickAssist.exe","7064","RegOpenKey","HKU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
  1263. "8:44:09.2163156 AM","QuickAssist.exe","7064","RegQueryKey","HKU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
  1264. "8:44:09.2163230 AM","QuickAssist.exe","7064","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
  1265. "8:44:09.2163323 AM","QuickAssist.exe","7064","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
  1266. "8:44:09.2163392 AM","QuickAssist.exe","7064","RegOpenKey","HKCU\Software\Microsoft\SystemCertificates\My\PhysicalStores","NAME NOT FOUND","Desired Access: Read"
  1267. "8:44:09.2163601 AM","QuickAssist.exe","7064","RegCloseKey","HKCU","SUCCESS",""
  1268. "8:44:09.2163825 AM","QuickAssist.exe","7064","RegQueryKey","HKU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
  1269. "8:44:09.2163906 AM","QuickAssist.exe","7064","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
  1270. "8:44:09.2163990 AM","QuickAssist.exe","7064","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
  1271. "8:44:09.2164064 AM","QuickAssist.exe","7064","RegOpenKey","HKCU\Software\Microsoft\SystemCertificates\My","SUCCESS","Desired Access: Read"
  1272. "8:44:09.2164163 AM","QuickAssist.exe","7064","RegCloseKey","HKCU","SUCCESS",""
  1273. "8:44:09.2164245 AM","QuickAssist.exe","7064","RegCloseKey","HKCU\SOFTWARE\Microsoft\SystemCertificates\My","SUCCESS",""
  1274. "8:44:09.2165513 AM","QuickAssist.exe","7064","CreateFile","C:\Program Files\WindowsApps\MicrosoftCorporationII.QuickAssist_2.0.8.0_x64__8wekyb3d8bbwe\profapi.dll","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
  1275. "8:44:09.2166359 AM","QuickAssist.exe","7064","CreateFile","C:\Windows\System32\profapi.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
  1276. "8:44:09.2166624 AM","QuickAssist.exe","7064","QueryBasicInformationFile","C:\Windows\System32\profapi.dll","SUCCESS","CreationTime: 11/28/2020 11:17:18 PM, LastAccessTime: 8/29/2022 8:42:31 AM, LastWriteTime: 11/28/2020 11:17:18 PM, ChangeTime: 11/28/2020 11:38:40 PM, FileAttributes: A"
  1277. "8:44:09.2166716 AM","QuickAssist.exe","7064","CloseFile","C:\Windows\System32\profapi.dll","SUCCESS",""
  1278. "8:44:09.2167222 AM","QuickAssist.exe","7064","CreateFile","C:\Windows\System32\profapi.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
  1279. "8:44:09.2167555 AM","QuickAssist.exe","7064","CreateFileMapping","C:\Windows\System32\profapi.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READWRITE|PAGE_NOCACHE"
  1280. "8:44:09.2167788 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Read"
  1281. "8:44:09.2167923 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Read"
  1282. "8:44:09.2168035 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 20"
  1283. "8:44:09.2168141 AM","QuickAssist.exe","7064","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS",""
  1284. "8:44:09.2168282 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Query Value"
  1285. "8:44:09.2168386 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Query Value"
  1286. "8:44:09.2168483 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 80"
  1287. "8:44:09.2168575 AM","QuickAssist.exe","7064","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS",""
  1288. "8:44:09.2168677 AM","QuickAssist.exe","7064","CreateFileMapping","C:\Windows\System32\profapi.dll","SUCCESS","SyncType: SyncTypeOther"
  1289. "8:44:09.2169388 AM","QuickAssist.exe","7064","Load Image","C:\Windows\System32\profapi.dll","SUCCESS","Image Base: 0x7ffe66b20000, Image Size: 0x26000"
  1290. "8:44:09.2170062 AM","QuickAssist.exe","7064","CloseFile","C:\Windows\System32\profapi.dll","SUCCESS",""
  1291. "8:44:09.2171354 AM","QuickAssist.exe","7064","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
  1292. "8:44:09.2171468 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-4154835769-2933532478-2743509022-1003","SUCCESS","Desired Access: Read"
  1293. "8:44:09.2171636 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-4154835769-2933532478-2743509022-1003\ProfileImagePath","BUFFER OVERFLOW","Length: 12"
  1294. "8:44:09.2171720 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-4154835769-2933532478-2743509022-1003\ProfileImagePath","SUCCESS","Type: REG_EXPAND_SZ, Length: 30, Data: C:\Users\Admin"
  1295. "8:44:09.2171825 AM","QuickAssist.exe","7064","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-4154835769-2933532478-2743509022-1003","SUCCESS",""
  1296. "8:44:09.2172150 AM","QuickAssist.exe","7064","RegQueryKey","HKU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
  1297. "8:44:09.2172241 AM","QuickAssist.exe","7064","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
  1298. "8:44:09.2172343 AM","QuickAssist.exe","7064","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
  1299. "8:44:09.2172418 AM","QuickAssist.exe","7064","RegOpenKey","HKCU\Software\Microsoft\SystemCertificates\My","SUCCESS","Desired Access: Read"
  1300. "8:44:09.2172523 AM","QuickAssist.exe","7064","RegCloseKey","HKCU","SUCCESS",""
  1301. "8:44:09.2173451 AM","QuickAssist.exe","7064","CreateFile","C:\Users\Admin\AppData\Roaming\Microsoft\SystemCertificates\My\AppContainerUserCertRead","SUCCESS","Desired Access: Read Control, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
  1302. "8:44:09.2173655 AM","QuickAssist.exe","7064","QuerySecurityFile","C:\Users\Admin\AppData\Roaming\Microsoft\SystemCertificates\My\AppContainerUserCertRead","SUCCESS","Information: DACL"
  1303. "8:44:09.2173741 AM","QuickAssist.exe","7064","CloseFile","C:\Users\Admin\AppData\Roaming\Microsoft\SystemCertificates\My\AppContainerUserCertRead","SUCCESS",""
  1304. "8:44:09.2174232 AM","QuickAssist.exe","7064","CreateFile","C:\Users\Admin\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
  1305. "8:44:09.2174403 AM","QuickAssist.exe","7064","QueryDirectory","C:\Users\Admin\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\*","SUCCESS","FileInformationClass: FileBothDirectoryInformation, Filter: *, 2: ."
  1306. "8:44:09.2174768 AM","QuickAssist.exe","7064","QueryDirectory","C:\Users\Admin\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates","SUCCESS","FileInformationClass: FileBothDirectoryInformation, 1: .."
  1307. "8:44:09.2174970 AM","QuickAssist.exe","7064","QueryDirectory","C:\Users\Admin\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates","NO MORE FILES","FileInformationClass: FileBothDirectoryInformation"
  1308. "8:44:09.2175124 AM","QuickAssist.exe","7064","CloseFile","C:\Users\Admin\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates","SUCCESS",""
  1309. "8:44:09.2175495 AM","QuickAssist.exe","7064","RegQueryKey","HKCU\SOFTWARE\Microsoft\SystemCertificates\My","SUCCESS","Query: HandleTags, HandleTags: 0x0"
  1310. "8:44:09.2175585 AM","QuickAssist.exe","7064","RegOpenKey","HKCU\SOFTWARE\Microsoft\SystemCertificates\My","SUCCESS","Desired Access: Read"
  1311. "8:44:09.2175678 AM","QuickAssist.exe","7064","RegQueryKey","HKCU\SOFTWARE\Microsoft\SystemCertificates\My","SUCCESS","Query: HandleTags, HandleTags: 0x0"
  1312. "8:44:09.2175753 AM","QuickAssist.exe","7064","RegOpenKey","HKCU\SOFTWARE\Microsoft\SystemCertificates\My\Certificates","NAME NOT FOUND","Desired Access: Read"
  1313. "8:44:09.2176148 AM","QuickAssist.exe","7064","CreateFile","C:\Users\Admin\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
  1314. "8:44:09.2176294 AM","QuickAssist.exe","7064","QueryDirectory","C:\Users\Admin\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\*","SUCCESS","FileInformationClass: FileBothDirectoryInformation, Filter: *, 2: ."
  1315. "8:44:09.2176576 AM","QuickAssist.exe","7064","QueryDirectory","C:\Users\Admin\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates","SUCCESS","FileInformationClass: FileBothDirectoryInformation, 1: .."
  1316. "8:44:09.2176721 AM","QuickAssist.exe","7064","QueryDirectory","C:\Users\Admin\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates","NO MORE FILES","FileInformationClass: FileBothDirectoryInformation"
  1317. "8:44:09.2176825 AM","QuickAssist.exe","7064","CloseFile","C:\Users\Admin\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates","SUCCESS",""
  1318. "8:44:09.2177024 AM","QuickAssist.exe","7064","RegQueryKey","HKCU\SOFTWARE\Microsoft\SystemCertificates\My","SUCCESS","Query: HandleTags, HandleTags: 0x0"
  1319. "8:44:09.2177112 AM","QuickAssist.exe","7064","RegOpenKey","HKCU\SOFTWARE\Microsoft\SystemCertificates\My\CRLs","NAME NOT FOUND","Desired Access: Read"
  1320. "8:44:09.2177483 AM","QuickAssist.exe","7064","CreateFile","C:\Users\Admin\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
  1321. "8:44:09.2177721 AM","QuickAssist.exe","7064","QueryDirectory","C:\Users\Admin\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs\*","SUCCESS","FileInformationClass: FileBothDirectoryInformation, Filter: *, 2: ."
  1322. "8:44:09.2177877 AM","QuickAssist.exe","7064","QueryDirectory","C:\Users\Admin\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs","SUCCESS","FileInformationClass: FileBothDirectoryInformation, 1: .."
  1323. "8:44:09.2178001 AM","QuickAssist.exe","7064","QueryDirectory","C:\Users\Admin\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs","NO MORE FILES","FileInformationClass: FileBothDirectoryInformation"
  1324. "8:44:09.2178104 AM","QuickAssist.exe","7064","CloseFile","C:\Users\Admin\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs","SUCCESS",""
  1325. "8:44:09.2178390 AM","QuickAssist.exe","7064","RegQueryKey","HKCU\SOFTWARE\Microsoft\SystemCertificates\My","SUCCESS","Query: HandleTags, HandleTags: 0x0"
  1326. "8:44:09.2178474 AM","QuickAssist.exe","7064","RegOpenKey","HKCU\SOFTWARE\Microsoft\SystemCertificates\My\CTLs","NAME NOT FOUND","Desired Access: Read"
  1327. "8:44:09.2178842 AM","QuickAssist.exe","7064","CreateFile","C:\Users\Admin\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
  1328. "8:44:09.2179057 AM","QuickAssist.exe","7064","QueryDirectory","C:\Users\Admin\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs\*","SUCCESS","FileInformationClass: FileBothDirectoryInformation, Filter: *, 2: ."
  1329. "8:44:09.2179582 AM","QuickAssist.exe","7064","QueryDirectory","C:\Users\Admin\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs","SUCCESS","FileInformationClass: FileBothDirectoryInformation, 1: .."
  1330. "8:44:09.2179710 AM","QuickAssist.exe","7064","QueryDirectory","C:\Users\Admin\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs","NO MORE FILES","FileInformationClass: FileBothDirectoryInformation"
  1331. "8:44:09.2179815 AM","QuickAssist.exe","7064","CloseFile","C:\Users\Admin\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs","SUCCESS",""
  1332. "8:44:09.2180091 AM","QuickAssist.exe","7064","RegCloseKey","HKCU\SOFTWARE\Microsoft\SystemCertificates\My","SUCCESS",""
  1333. "8:44:09.2180288 AM","QuickAssist.exe","7064","RegCloseKey","HKCU\SOFTWARE\Microsoft\SystemCertificates\My","SUCCESS",""
  1334. "8:44:09.2180623 AM","QuickAssist.exe","7064","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
  1335. "8:44:09.2180707 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\OemInformation","SUCCESS","Desired Access: Query Value"
  1336. "8:44:09.2180861 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\OEMInformation\Manufacturer","NAME NOT FOUND","Length: 144"
  1337. "8:44:09.2180938 AM","QuickAssist.exe","7064","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\OEMInformation","SUCCESS",""
  1338. "8:44:09.2181073 AM","QuickAssist.exe","7064","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
  1339. "8:44:09.2181136 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\OemInformation","SUCCESS","Desired Access: Query Value"
  1340. "8:44:09.2181213 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\OEMInformation\SupportURL","NAME NOT FOUND","Length: 144"
  1341. "8:44:09.2181280 AM","QuickAssist.exe","7064","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\OEMInformation","SUCCESS",""
  1342. "8:44:09.2181344 AM","QuickAssist.exe","7064","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
  1343. "8:44:09.2181407 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\OemInformation","SUCCESS","Desired Access: Query Value"
  1344. "8:44:09.2181479 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\OEMInformation\SupportAppURL","NAME NOT FOUND","Length: 144"
  1345. "8:44:09.2181543 AM","QuickAssist.exe","7064","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\OEMInformation","SUCCESS",""
  1346. "8:44:09.2181597 AM","QuickAssist.exe","7064","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
  1347. "8:44:09.2181653 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\OemInformation","SUCCESS","Desired Access: Query Value"
  1348. "8:44:09.2181803 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\OEMInformation\Model","NAME NOT FOUND","Length: 144"
  1349. "8:44:09.2181899 AM","QuickAssist.exe","7064","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\OEMInformation","SUCCESS",""
  1350. "8:44:09.2181964 AM","QuickAssist.exe","7064","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
  1351. "8:44:09.2182026 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion","SUCCESS","Desired Access: Query Value"
  1352. "8:44:09.2182108 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\EditionID","SUCCESS","Type: REG_SZ, Length: 26, Data: Professional"
  1353. "8:44:09.2182189 AM","QuickAssist.exe","7064","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion","SUCCESS",""
  1354. "8:44:09.2182254 AM","QuickAssist.exe","7064","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
  1355. "8:44:09.2182311 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion","SUCCESS","Desired Access: Query Value"
  1356. "8:44:09.2182433 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProductName","SUCCESS","Type: REG_SZ, Length: 30, Data: Windows 10 Pro"
  1357. "8:44:09.2182521 AM","QuickAssist.exe","7064","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion","SUCCESS",""
  1358. "8:44:09.2182618 AM","QuickAssist.exe","7064","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
  1359. "8:44:09.2182697 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion","SUCCESS","Desired Access: Query Value"
  1360. "8:44:09.2182769 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\CurrentBuildNumber","SUCCESS","Type: REG_SZ, Length: 12, Data: 19041"
  1361. "8:44:09.2182843 AM","QuickAssist.exe","7064","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion","SUCCESS",""
  1362. "8:44:09.2182915 AM","QuickAssist.exe","7064","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
  1363. "8:44:09.2182972 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\HARDWARE\DESCRIPTION\System\BIOS","SUCCESS","Desired Access: Query Value"
  1364. "8:44:09.2183120 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily","SUCCESS","Type: REG_SZ, Length: 2, Data: "
  1365. "8:44:09.2183198 AM","QuickAssist.exe","7064","RegCloseKey","HKLM\HARDWARE\DESCRIPTION\System\BIOS","SUCCESS",""
  1366. "8:44:09.2183308 AM","QuickAssist.exe","7064","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
  1367. "8:44:09.2183372 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\HARDWARE\DESCRIPTION\System\BIOS","SUCCESS","Desired Access: Query Value"
  1368. "8:44:09.2183443 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer","SUCCESS","Type: REG_SZ, Length: 26, Data: VMware, Inc."
  1369. "8:44:09.2183517 AM","QuickAssist.exe","7064","RegCloseKey","HKLM\HARDWARE\DESCRIPTION\System\BIOS","SUCCESS",""
  1370. "8:44:09.2183577 AM","QuickAssist.exe","7064","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
  1371. "8:44:09.2183646 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\HARDWARE\DESCRIPTION\System\BIOS","SUCCESS","Desired Access: Query Value"
  1372. "8:44:09.2183720 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName","SUCCESS","Type: REG_SZ, Length: 20, Data: VMware7,1"
  1373. "8:44:09.2183793 AM","QuickAssist.exe","7064","RegCloseKey","HKLM\HARDWARE\DESCRIPTION\System\BIOS","SUCCESS",""
  1374. "8:44:09.2183854 AM","QuickAssist.exe","7064","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
  1375. "8:44:09.2183911 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\HARDWARE\DESCRIPTION\System\BIOS","SUCCESS","Desired Access: Query Value"
  1376. "8:44:09.2184123 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU","SUCCESS","Type: REG_SZ, Length: 2, Data: "
  1377. "8:44:09.2184307 AM","QuickAssist.exe","7064","RegCloseKey","HKLM\HARDWARE\DESCRIPTION\System\BIOS","SUCCESS",""
  1378. "8:44:09.2184421 AM","QuickAssist.exe","7064","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
  1379. "8:44:09.2184568 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\HARDWARE\DESCRIPTION\System\BIOS","SUCCESS","Desired Access: Query Value"
  1380. "8:44:09.2184687 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\HARDWARE\DESCRIPTION\System\BIOS\SystemVersion","SUCCESS","Type: REG_SZ, Length: 10, Data: None"
  1381. "8:44:09.2184778 AM","QuickAssist.exe","7064","RegCloseKey","HKLM\HARDWARE\DESCRIPTION\System\BIOS","SUCCESS",""
  1382. "8:44:09.2184847 AM","QuickAssist.exe","7064","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
  1383. "8:44:09.2184922 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Control\ComputerName\ComputerName","REPARSE","Desired Access: Query Value"
  1384. "8:44:09.2185014 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\System\CurrentControlSet\Control\ComputerName\ComputerName","SUCCESS","Desired Access: Query Value"
  1385. "8:44:09.2185139 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\System\CurrentControlSet\Control\ComputerName\ComputerName\ComputerName","SUCCESS","Type: REG_SZ, Length: 32, Data: WIN-10BLPX6N58W"
  1386. "8:44:09.2185219 AM","QuickAssist.exe","7064","RegCloseKey","HKLM\System\CurrentControlSet\Control\ComputerName\ComputerName","SUCCESS",""
  1387. "8:44:09.2185373 AM","QuickAssist.exe","7064","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
  1388. "8:44:09.2185438 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion","SUCCESS","Desired Access: Query Value"
  1389. "8:44:09.2185529 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\CurrentMajorVersionNumber","SUCCESS","Type: REG_DWORD, Length: 4, Data: 10"
  1390. "8:44:09.2185620 AM","QuickAssist.exe","7064","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion","SUCCESS",""
  1391. "8:44:09.2185681 AM","QuickAssist.exe","7064","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
  1392. "8:44:09.2185790 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion","SUCCESS","Desired Access: Query Value"
  1393. "8:44:09.2185862 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\CurrentMinorVersionNumber","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
  1394. "8:44:09.2185935 AM","QuickAssist.exe","7064","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion","SUCCESS",""
  1395. "8:44:09.2185995 AM","QuickAssist.exe","7064","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
  1396. "8:44:09.2186095 AM","QuickAssist.exe","7064","RegOpenKey","HKCU\SOFTWARE\Microsoft\QuickAssist","NAME NOT FOUND","Desired Access: Query Value"
  1397. "8:44:09.2186188 AM","QuickAssist.exe","7064","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
  1398. "8:44:09.2186247 AM","QuickAssist.exe","7064","RegOpenKey","HKCU\SOFTWARE\Microsoft\QuickAssist","NAME NOT FOUND","Desired Access: Query Value"
  1399. "8:44:09.2186312 AM","QuickAssist.exe","7064","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
  1400. "8:44:09.2186366 AM","QuickAssist.exe","7064","RegOpenKey","HKCU\QA000000000\Objects\[904fcc42-b957-433c-ab16-c2f52c293e0a]\Elements\25295374","NAME NOT FOUND","Desired Access: Query Value"
  1401. "8:44:09.2186444 AM","QuickAssist.exe","7064","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
  1402. "8:44:09.2186497 AM","QuickAssist.exe","7064","RegOpenKey","HKCU\QA000000000\Objects\[904fcc42-b957-433c-ab16-c2f52c293e0a]\Elements\86370093","NAME NOT FOUND","Desired Access: Query Value"
  1403. "8:44:09.2186737 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.System.Profile.AnalyticsInfo","SUCCESS","Desired Access: Read"
  1404. "8:44:09.2186896 AM","QuickAssist.exe","7064","RegQueryKey","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.System.Profile.AnalyticsInfo","SUCCESS","Query: Basic, Name: Windows.System.Profile.AnalyticsInfo"
  1405. "8:44:09.2187003 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.System.Profile.AnalyticsInfo\ActivationType","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
  1406. "8:44:09.2187084 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.System.Profile.AnalyticsInfo\Server","NAME NOT FOUND","Length: 144"
  1407. "8:44:09.2187155 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.System.Profile.AnalyticsInfo\DllPath","SUCCESS","Type: REG_SZ, Length: 80, Data: C:\Windows\System32\twinapi.appcore.dll"
  1408. "8:44:09.2187225 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.System.Profile.AnalyticsInfo\Threading","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
  1409. "8:44:09.2187323 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.System.Profile.AnalyticsInfo\TrustLevel","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
  1410. "8:44:09.2187393 AM","QuickAssist.exe","7064","RegQueryKey","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.System.Profile.AnalyticsInfo","SUCCESS","Query: HandleTags, HandleTags: 0x0"
  1411. "8:44:09.2187466 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.System.Profile.AnalyticsInfo\CustomAttributes","NAME NOT FOUND","Desired Access: Read"
  1412. "8:44:09.2187582 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.System.Profile.AnalyticsInfo\RemoteServer","NAME NOT FOUND","Length: 144"
  1413. "8:44:09.2187650 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.System.Profile.AnalyticsInfo\ActivateAsUser","NAME NOT FOUND","Length: 16"
  1414. "8:44:09.2187713 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.System.Profile.AnalyticsInfo\ActivateInSharedBroker","NAME NOT FOUND","Length: 16"
  1415. "8:44:09.2187784 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.System.Profile.AnalyticsInfo\ActivateInBrokerForMediumILContainer","NAME NOT FOUND","Length: 16"
  1416. "8:44:09.2187854 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.System.Profile.AnalyticsInfo\Permissions","NAME NOT FOUND","Length: 140"
  1417. "8:44:09.2187915 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.System.Profile.AnalyticsInfo\ActivateOnHostFlags","NAME NOT FOUND","Length: 16"
  1418. "8:44:09.2188036 AM","QuickAssist.exe","7064","RegCloseKey","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.System.Profile.AnalyticsInfo","SUCCESS",""
  1419. "8:44:09.2188538 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion","SUCCESS","Desired Access: Read"
  1420. "8:44:09.2188645 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\UBR","SUCCESS","Type: REG_DWORD, Length: 4, Data: 630"
  1421. "8:44:09.2188730 AM","QuickAssist.exe","7064","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion","SUCCESS",""
  1422. "8:44:09.2189148 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\System\CurrentControlSet\Control\Notifications\418A073AA3BC8075","BUFFER TOO SMALL","Length: 0"
  1423. "8:44:09.2189595 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\System\CurrentControlSet\Control\Notifications\418A073AA3BC8075","SUCCESS","Type: REG_BINARY, Length: 364, Data: 01 00 04 80 00 00 00 00 00 00 00 00 00 00 00 00"
  1424. "8:44:09.2190498 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\System\CurrentControlSet\Control\Notifications\418A073AA3BC8075","BUFFER TOO SMALL","Length: 0"
  1425. "8:44:09.2190841 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\System\CurrentControlSet\Control\Notifications\418A073AA3BC8075","SUCCESS","Type: REG_BINARY, Length: 364, Data: 01 00 04 80 00 00 00 00 00 00 00 00 00 00 00 00"
  1426. "8:44:09.2191297 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\OEM","SUCCESS","Desired Access: Read"
  1427. "8:44:09.2191412 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\OEM\DeviceForm","NAME NOT FOUND","Length: 20"
  1428. "8:44:09.2191483 AM","QuickAssist.exe","7064","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\OEM","SUCCESS",""
  1429. "8:44:09.2191608 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\OEM","SUCCESS","Desired Access: Read"
  1430. "8:44:09.2191689 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\OEM\DeviceForm","NAME NOT FOUND","Length: 20"
  1431. "8:44:09.2191755 AM","QuickAssist.exe","7064","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\OEM","SUCCESS",""
  1432. "8:44:09.2191975 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\System\CurrentControlSet\Control\Notifications\418A073AA3BC8075","BUFFER TOO SMALL","Length: 0"
  1433. "8:44:09.2192305 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\System\CurrentControlSet\Control\Notifications\418A073AA3BC8075","SUCCESS","Type: REG_BINARY, Length: 364, Data: 01 00 04 80 00 00 00 00 00 00 00 00 00 00 00 00"
  1434. "8:44:09.2192750 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Networking.NetworkOperators.MobileBroadbandModem","SUCCESS","Desired Access: Read"
  1435. "8:44:09.2192880 AM","QuickAssist.exe","7064","RegQueryKey","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Networking.NetworkOperators.MobileBroadbandModem","SUCCESS","Query: Basic, Name: Windows.Networking.NetworkOperators.MobileBroadbandModem"
  1436. "8:44:09.2192974 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Networking.NetworkOperators.MobileBroadbandModem\ActivationType","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
  1437. "8:44:09.2193047 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Networking.NetworkOperators.MobileBroadbandModem\Server","NAME NOT FOUND","Length: 144"
  1438. "8:44:09.2193119 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Networking.NetworkOperators.MobileBroadbandModem\DllPath","SUCCESS","Type: REG_SZ, Length: 76, Data: C:\Windows\System32\MbaeApiPublic.dll"
  1439. "8:44:09.2193196 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Networking.NetworkOperators.MobileBroadbandModem\Threading","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
  1440. "8:44:09.2193260 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Networking.NetworkOperators.MobileBroadbandModem\TrustLevel","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1"
  1441. "8:44:09.2193329 AM","QuickAssist.exe","7064","RegQueryKey","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Networking.NetworkOperators.MobileBroadbandModem","SUCCESS","Query: HandleTags, HandleTags: 0x0"
  1442. "8:44:09.2193401 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Networking.NetworkOperators.MobileBroadbandModem\CustomAttributes","NAME NOT FOUND","Desired Access: Read"
  1443. "8:44:09.2193519 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Networking.NetworkOperators.MobileBroadbandModem\RemoteServer","NAME NOT FOUND","Length: 144"
  1444. "8:44:09.2193580 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Networking.NetworkOperators.MobileBroadbandModem\ActivateAsUser","NAME NOT FOUND","Length: 16"
  1445. "8:44:09.2193639 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Networking.NetworkOperators.MobileBroadbandModem\ActivateInSharedBroker","NAME NOT FOUND","Length: 16"
  1446. "8:44:09.2193711 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Networking.NetworkOperators.MobileBroadbandModem\ActivateInBrokerForMediumILContainer","NAME NOT FOUND","Length: 16"
  1447. "8:44:09.2193784 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Networking.NetworkOperators.MobileBroadbandModem\Permissions","NAME NOT FOUND","Length: 140"
  1448. "8:44:09.2193849 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Networking.NetworkOperators.MobileBroadbandModem\ActivateOnHostFlags","NAME NOT FOUND","Length: 16"
  1449. "8:44:09.2193961 AM","QuickAssist.exe","7064","RegCloseKey","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Networking.NetworkOperators.MobileBroadbandModem","SUCCESS",""
  1450. "8:44:09.2195019 AM","QuickAssist.exe","7064","CreateFile","C:\Windows\System32\MbaeApiPublic.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
  1451. "8:44:09.2195256 AM","QuickAssist.exe","7064","QueryBasicInformationFile","C:\Windows\System32\MbaeApiPublic.dll","SUCCESS","CreationTime: 11/28/2020 11:17:03 PM, LastAccessTime: 8/29/2022 5:19:33 AM, LastWriteTime: 11/28/2020 11:17:03 PM, ChangeTime: 11/28/2020 11:21:07 PM, FileAttributes: A"
  1452. "8:44:09.2195341 AM","QuickAssist.exe","7064","CloseFile","C:\Windows\System32\MbaeApiPublic.dll","SUCCESS",""
  1453. "8:44:09.2195807 AM","QuickAssist.exe","7064","CreateFile","C:\Windows\System32\MbaeApiPublic.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
  1454. "8:44:09.2195972 AM","QuickAssist.exe","7064","CreateFileMapping","C:\Windows\System32\MbaeApiPublic.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READWRITE|PAGE_NOCACHE"
  1455. "8:44:09.2198426 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Read"
  1456. "8:44:09.2198554 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Read"
  1457. "8:44:09.2198658 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 20"
  1458. "8:44:09.2198758 AM","QuickAssist.exe","7064","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS",""
  1459. "8:44:09.2198854 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Query Value"
  1460. "8:44:09.2198947 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Query Value"
  1461. "8:44:09.2199031 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 80"
  1462. "8:44:09.2199114 AM","QuickAssist.exe","7064","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS",""
  1463. "8:44:09.2199212 AM","QuickAssist.exe","7064","CreateFileMapping","C:\Windows\System32\MbaeApiPublic.dll","SUCCESS","SyncType: SyncTypeOther"
  1464. "8:44:09.2200070 AM","QuickAssist.exe","7064","Load Image","C:\Windows\System32\MbaeApiPublic.dll","SUCCESS","Image Base: 0x7ffe4a820000, Image Size: 0x132000"
  1465. "8:44:09.2200809 AM","QuickAssist.exe","7064","CloseFile","C:\Windows\System32\MbaeApiPublic.dll","SUCCESS",""
  1466. "8:44:09.2201696 AM","QuickAssist.exe","7064","CreateFile","C:\Windows\System32\mobilenetworking.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
  1467. "8:44:09.2201883 AM","QuickAssist.exe","7064","QueryBasicInformationFile","C:\Windows\System32\mobilenetworking.dll","SUCCESS","CreationTime: 11/28/2020 11:17:03 PM, LastAccessTime: 8/29/2022 8:42:32 AM, LastWriteTime: 11/28/2020 11:17:03 PM, ChangeTime: 11/28/2020 11:21:07 PM, FileAttributes: A"
  1468. "8:44:09.2201960 AM","QuickAssist.exe","7064","CloseFile","C:\Windows\System32\mobilenetworking.dll","SUCCESS",""
  1469. "8:44:09.2202400 AM","QuickAssist.exe","7064","CreateFile","C:\Windows\System32\mobilenetworking.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
  1470. "8:44:09.2202556 AM","QuickAssist.exe","7064","CreateFileMapping","C:\Windows\System32\mobilenetworking.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READWRITE|PAGE_NOCACHE"
  1471. "8:44:09.2202733 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Read"
  1472. "8:44:09.2202840 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Read"
  1473. "8:44:09.2202927 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 20"
  1474. "8:44:09.2203128 AM","QuickAssist.exe","7064","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS",""
  1475. "8:44:09.2203220 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Query Value"
  1476. "8:44:09.2203344 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Query Value"
  1477. "8:44:09.2203422 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 80"
  1478. "8:44:09.2203493 AM","QuickAssist.exe","7064","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS",""
  1479. "8:44:09.2203571 AM","QuickAssist.exe","7064","CreateFileMapping","C:\Windows\System32\mobilenetworking.dll","SUCCESS","SyncType: SyncTypeOther"
  1480. "8:44:09.2204290 AM","QuickAssist.exe","7064","Load Image","C:\Windows\System32\mobilenetworking.dll","SUCCESS","Image Base: 0x7ffe5c860000, Image Size: 0xa000"
  1481. "8:44:09.2204901 AM","QuickAssist.exe","7064","CloseFile","C:\Windows\System32\mobilenetworking.dll","SUCCESS",""
  1482. "8:44:09.2206269 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\2e2bbb16-0c36-4b9b-a567-40924a199fd5","NAME NOT FOUND","Length: 528"
  1483. "8:44:09.2206842 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\56dd9c57-06cc-48ba-b123-876a6495ba13","NAME NOT FOUND","Length: 528"
  1484. "8:44:09.2208039 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\1aff6089-e863-4d36-bdfd-3581f07440be","NAME NOT FOUND","Length: 528"
  1485. "8:44:09.2208873 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\Software\Microsoft\SecurityManager\AdminCapabilities","SUCCESS","Desired Access: Read"
  1486. "8:44:09.2209026 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\SOFTWARE\Microsoft\SecurityManager\AdminCapabilities\cellularDeviceIdentity","NAME NOT FOUND","Length: 16"
  1487. "8:44:09.2209204 AM","QuickAssist.exe","7064","RegCloseKey","HKLM\SOFTWARE\Microsoft\SecurityManager\AdminCapabilities","SUCCESS",""
  1488. "8:44:09.2209473 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\27a8fdf4-9b77-575b-be3b-e7163ef159bb","NAME NOT FOUND","Length: 528"
  1489. "8:44:09.2210748 AM","QuickAssist.exe","7064","CreateFile","C:\Windows\System32\wwapi.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
  1490. "8:44:09.2211012 AM","QuickAssist.exe","7064","QueryBasicInformationFile","C:\Windows\System32\wwapi.dll","SUCCESS","CreationTime: 11/28/2020 11:16:40 PM, LastAccessTime: 8/29/2022 8:42:34 AM, LastWriteTime: 11/28/2020 11:16:40 PM, ChangeTime: 11/28/2020 11:45:23 PM, FileAttributes: A"
  1491. "8:44:09.2211102 AM","QuickAssist.exe","7064","CloseFile","C:\Windows\System32\wwapi.dll","SUCCESS",""
  1492. "8:44:09.2211568 AM","QuickAssist.exe","7064","CreateFile","C:\Windows\System32\wwapi.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
  1493. "8:44:09.2211787 AM","QuickAssist.exe","7064","CreateFileMapping","C:\Windows\System32\wwapi.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READWRITE|PAGE_NOCACHE"
  1494. "8:44:09.2211981 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Read"
  1495. "8:44:09.2212092 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Read"
  1496. "8:44:09.2212224 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 20"
  1497. "8:44:09.2212319 AM","QuickAssist.exe","7064","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS",""
  1498. "8:44:09.2212412 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Query Value"
  1499. "8:44:09.2212501 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Query Value"
  1500. "8:44:09.2212584 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 80"
  1501. "8:44:09.2212665 AM","QuickAssist.exe","7064","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS",""
  1502. "8:44:09.2212748 AM","QuickAssist.exe","7064","CreateFileMapping","C:\Windows\System32\wwapi.dll","SUCCESS","SyncType: SyncTypeOther"
  1503. "8:44:09.2213418 AM","QuickAssist.exe","7064","Load Image","C:\Windows\System32\wwapi.dll","SUCCESS","Image Base: 0x7ffe58900000, Image Size: 0x1a000"
  1504. "8:44:09.2213976 AM","QuickAssist.exe","7064","CloseFile","C:\Windows\System32\wwapi.dll","SUCCESS",""
  1505. "8:44:09.2229748 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\System\CurrentControlSet\Control\Notifications\418A073AA3BC8075","BUFFER TOO SMALL","Length: 0"
  1506. "8:44:09.2230150 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\System\CurrentControlSet\Control\Notifications\418A073AA3BC8075","SUCCESS","Type: REG_BINARY, Length: 364, Data: 01 00 04 80 00 00 00 00 00 00 00 00 00 00 00 00"
  1507. "8:44:09.2232152 AM","QuickAssist.exe","7064","Thread Create","","SUCCESS","Thread ID: 1072"
  1508. "8:44:09.2232515 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\785e3ea5-a921-427c-8edb-0583d49c7636","NAME NOT FOUND","Length: 528"
  1509. "8:44:09.2236323 AM","QuickAssist.exe","7064","CreateFile","C:\WINDOWS\WinSxS\SystemResources\gdiplus.dll.mun","PATH NOT FOUND","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a"
  1510. "8:44:09.2243293 AM","QuickAssist.exe","7064","CreateFile","C:\Program Files\WindowsApps\MicrosoftCorporationII.QuickAssist_2.0.8.0_x64__8wekyb3d8bbwe\WindowsCodecs.dll","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
  1511. "8:44:09.2244191 AM","QuickAssist.exe","7064","CreateFile","C:\Windows\System32\WindowsCodecs.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
  1512. "8:44:09.2244458 AM","QuickAssist.exe","7064","QueryBasicInformationFile","C:\Windows\System32\WindowsCodecs.dll","SUCCESS","CreationTime: 11/28/2020 11:17:00 PM, LastAccessTime: 8/29/2022 8:42:31 AM, LastWriteTime: 11/28/2020 11:17:01 PM, ChangeTime: 12/1/2020 10:00:04 PM, FileAttributes: A"
  1513. "8:44:09.2244586 AM","QuickAssist.exe","7064","CloseFile","C:\Windows\System32\WindowsCodecs.dll","SUCCESS",""
  1514. "8:44:09.2245205 AM","QuickAssist.exe","7064","CreateFile","C:\Windows\System32\WindowsCodecs.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
  1515. "8:44:09.2245481 AM","QuickAssist.exe","7064","CreateFileMapping","C:\Windows\System32\WindowsCodecs.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READWRITE|PAGE_NOCACHE"
  1516. "8:44:09.2245773 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Read"
  1517. "8:44:09.2245945 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Read"
  1518. "8:44:09.2246083 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 20"
  1519. "8:44:09.2246213 AM","QuickAssist.exe","7064","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS",""
  1520. "8:44:09.2246363 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Query Value"
  1521. "8:44:09.2246501 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Query Value"
  1522. "8:44:09.2246640 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 80"
  1523. "8:44:09.2246779 AM","QuickAssist.exe","7064","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS",""
  1524. "8:44:09.2246917 AM","QuickAssist.exe","7064","CreateFileMapping","C:\Windows\System32\WindowsCodecs.dll","SUCCESS","SyncType: SyncTypeOther"
  1525. "8:44:09.2247736 AM","QuickAssist.exe","7064","Load Image","C:\Windows\System32\WindowsCodecs.dll","SUCCESS","Image Base: 0x7ffe5fab0000, Image Size: 0x1b4000"
  1526. "8:44:09.2249075 AM","QuickAssist.exe","7064","Load Image","C:\Windows\System32\bcrypt.dll","SUCCESS","Image Base: 0x7ffe67300000, Image Size: 0x27000"
  1527. "8:44:09.2250278 AM","QuickAssist.exe","7064","CloseFile","C:\Windows\System32\WindowsCodecs.dll","SUCCESS",""
  1528. "8:44:09.2250986 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\f3a71a4b-6118-4257-8ccb-39a33ba059d4","NAME NOT FOUND","Length: 528"
  1529. "8:44:09.2252102 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\7c29709d-3c02-47fb-8a39-d8287522fadb","NAME NOT FOUND","Length: 528"
  1530. "8:44:09.2252874 AM","QuickAssist.exe","7064","RegOpenKey","HKCU\Software\Classes","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
  1531. "8:44:09.2253032 AM","QuickAssist.exe","7064","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: Name"
  1532. "8:44:09.2253135 AM","QuickAssist.exe","7064","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x0"
  1533. "8:44:09.2253205 AM","QuickAssist.exe","7064","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x0"
  1534. "8:44:09.2253289 AM","QuickAssist.exe","7064","RegOpenKey","HKCU\Software\Classes\CLSID\{A26CEC36-234C-4950-AE16-E34AACE71D0D}","NAME NOT FOUND","Desired Access: Read"
  1535. "8:44:09.2253398 AM","QuickAssist.exe","7064","RegOpenKey","HKCR\CLSID\{A26CEC36-234C-4950-AE16-E34AACE71D0D}","SUCCESS","Desired Access: Read"
  1536. "8:44:09.2253614 AM","QuickAssist.exe","7064","RegCloseKey","HKCR\CLSID\{A26CEC36-234C-4950-AE16-E34AACE71D0D}","SUCCESS",""
  1537. "8:44:09.2253734 AM","QuickAssist.exe","7064","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: Name"
  1538. "8:44:09.2253819 AM","QuickAssist.exe","7064","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x0"
  1539. "8:44:09.2253878 AM","QuickAssist.exe","7064","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x0"
  1540. "8:44:09.2254016 AM","QuickAssist.exe","7064","RegOpenKey","HKCU\Software\Classes\CLSID\{E9A4A80A-44FE-4DE4-8971-7150B10A5199}","NAME NOT FOUND","Desired Access: Read"
  1541. "8:44:09.2254132 AM","QuickAssist.exe","7064","RegOpenKey","HKCR\CLSID\{E9A4A80A-44FE-4DE4-8971-7150B10A5199}","SUCCESS","Desired Access: Read"
  1542. "8:44:09.2254337 AM","QuickAssist.exe","7064","RegCloseKey","HKCR\CLSID\{E9A4A80A-44FE-4DE4-8971-7150B10A5199}","SUCCESS",""
  1543. "8:44:09.2254437 AM","QuickAssist.exe","7064","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: Name"
  1544. "8:44:09.2254527 AM","QuickAssist.exe","7064","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x0"
  1545. "8:44:09.2254589 AM","QuickAssist.exe","7064","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x0"
  1546. "8:44:09.2254662 AM","QuickAssist.exe","7064","RegOpenKey","HKCU\Software\Classes\CLSID\{7693E886-51C9-4070-8419-9F70738EC8FA}","NAME NOT FOUND","Desired Access: Read"
  1547. "8:44:09.2254752 AM","QuickAssist.exe","7064","RegOpenKey","HKCR\CLSID\{7693E886-51C9-4070-8419-9F70738EC8FA}","SUCCESS","Desired Access: Read"
  1548. "8:44:09.2254868 AM","QuickAssist.exe","7064","RegCloseKey","HKCR\CLSID\{7693E886-51C9-4070-8419-9F70738EC8FA}","SUCCESS",""
  1549. "8:44:09.2254964 AM","QuickAssist.exe","7064","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: Name"
  1550. "8:44:09.2255042 AM","QuickAssist.exe","7064","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x0"
  1551. "8:44:09.2255107 AM","QuickAssist.exe","7064","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x0"
  1552. "8:44:09.2255187 AM","QuickAssist.exe","7064","RegOpenKey","HKCU\Software\Classes\CLSID\{AC4CE3CB-E1C1-44CD-8215-5A1665509EC2}","NAME NOT FOUND","Desired Access: Read"
  1553. "8:44:09.2255280 AM","QuickAssist.exe","7064","RegOpenKey","HKCR\CLSID\{AC4CE3CB-E1C1-44CD-8215-5A1665509EC2}","SUCCESS","Desired Access: Read"
  1554. "8:44:09.2255396 AM","QuickAssist.exe","7064","RegCloseKey","HKCR\CLSID\{AC4CE3CB-E1C1-44CD-8215-5A1665509EC2}","SUCCESS",""
  1555. "8:44:09.2255480 AM","QuickAssist.exe","7064","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: Name"
  1556. "8:44:09.2255563 AM","QuickAssist.exe","7064","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x0"
  1557. "8:44:09.2255623 AM","QuickAssist.exe","7064","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x0"
  1558. "8:44:09.2255689 AM","QuickAssist.exe","7064","RegOpenKey","HKCU\Software\Classes\CLSID\{0DBECEC1-9EB3-4860-9C6F-DDBE86634575}","NAME NOT FOUND","Desired Access: Read"
  1559. "8:44:09.2255788 AM","QuickAssist.exe","7064","RegOpenKey","HKCR\CLSID\{0DBECEC1-9EB3-4860-9C6F-DDBE86634575}","SUCCESS","Desired Access: Read"
  1560. "8:44:09.2255902 AM","QuickAssist.exe","7064","RegCloseKey","HKCR\CLSID\{0dbecec1-9eb3-4860-9c6f-ddbe86634575}","SUCCESS",""
  1561. "8:44:09.2256036 AM","QuickAssist.exe","7064","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: Name"
  1562. "8:44:09.2256154 AM","QuickAssist.exe","7064","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x0"
  1563. "8:44:09.2256219 AM","QuickAssist.exe","7064","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x0"
  1564. "8:44:09.2256308 AM","QuickAssist.exe","7064","RegOpenKey","HKCU\Software\Classes\CLSID\{72B624DF-AE11-4948-A65C-351EB0829419}","NAME NOT FOUND","Desired Access: Read"
  1565. "8:44:09.2256432 AM","QuickAssist.exe","7064","RegOpenKey","HKCR\CLSID\{72B624DF-AE11-4948-A65C-351EB0829419}","SUCCESS","Desired Access: Read"
  1566. "8:44:09.2256577 AM","QuickAssist.exe","7064","RegCloseKey","HKCR\CLSID\{72B624DF-AE11-4948-A65C-351EB0829419}","SUCCESS",""
  1567. "8:44:09.2256671 AM","QuickAssist.exe","7064","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: Name"
  1568. "8:44:09.2256755 AM","QuickAssist.exe","7064","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x0"
  1569. "8:44:09.2256817 AM","QuickAssist.exe","7064","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x0"
  1570. "8:44:09.2256899 AM","QuickAssist.exe","7064","RegOpenKey","HKCU\Software\Classes\CLSID\{01B90D9A-8209-47F7-9C52-E1244BF50CED}","NAME NOT FOUND","Desired Access: Read"
  1571. "8:44:09.2256998 AM","QuickAssist.exe","7064","RegOpenKey","HKCR\CLSID\{01B90D9A-8209-47F7-9C52-E1244BF50CED}","SUCCESS","Desired Access: Read"
  1572. "8:44:09.2257112 AM","QuickAssist.exe","7064","RegCloseKey","HKCR\CLSID\{01B90D9A-8209-47F7-9C52-E1244BF50CED}","SUCCESS",""
  1573. "8:44:09.2257194 AM","QuickAssist.exe","7064","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: Name"
  1574. "8:44:09.2257269 AM","QuickAssist.exe","7064","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x0"
  1575. "8:44:09.2257327 AM","QuickAssist.exe","7064","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x0"
  1576. "8:44:09.2257395 AM","QuickAssist.exe","7064","RegOpenKey","HKCU\Software\Classes\CLSID\{E7E79A30-4F2C-4FAB-8D00-394F2D6BBEBE}","NAME NOT FOUND","Desired Access: Read"
  1577. "8:44:09.2257481 AM","QuickAssist.exe","7064","RegOpenKey","HKCR\CLSID\{E7E79A30-4F2C-4FAB-8D00-394F2D6BBEBE}","SUCCESS","Desired Access: Read"
  1578. "8:44:09.2257592 AM","QuickAssist.exe","7064","RegCloseKey","HKCR\CLSID\{E7E79A30-4F2C-4FAB-8D00-394F2D6BBEBE}","SUCCESS",""
  1579. "8:44:09.2257674 AM","QuickAssist.exe","7064","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: Name"
  1580. "8:44:09.2257754 AM","QuickAssist.exe","7064","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x0"
  1581. "8:44:09.2257826 AM","QuickAssist.exe","7064","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x0"
  1582. "8:44:09.2257899 AM","QuickAssist.exe","7064","RegOpenKey","HKCU\Software\Classes\CLSID\{7F12E753-FC71-43D7-A51D-92F35977ABB5}","NAME NOT FOUND","Desired Access: Read"
  1583. "8:44:09.2257987 AM","QuickAssist.exe","7064","RegOpenKey","HKCR\CLSID\{7F12E753-FC71-43D7-A51D-92F35977ABB5}","SUCCESS","Desired Access: Read"
  1584. "8:44:09.2258093 AM","QuickAssist.exe","7064","RegCloseKey","HKCR\CLSID\{7F12E753-FC71-43D7-A51D-92F35977ABB5}","SUCCESS",""
  1585. "8:44:09.2258172 AM","QuickAssist.exe","7064","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: Name"
  1586. "8:44:09.2258268 AM","QuickAssist.exe","7064","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x0"
  1587. "8:44:09.2258340 AM","QuickAssist.exe","7064","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x0"
  1588. "8:44:09.2258416 AM","QuickAssist.exe","7064","RegOpenKey","HKCU\Software\Classes\CLSID\{AA94DCC2-B8B0-4898-B835-000AABD74393}","NAME NOT FOUND","Desired Access: Read"
  1589. "8:44:09.2258510 AM","QuickAssist.exe","7064","RegOpenKey","HKCR\CLSID\{AA94DCC2-B8B0-4898-B835-000AABD74393}","SUCCESS","Desired Access: Read"
  1590. "8:44:09.2258619 AM","QuickAssist.exe","7064","RegCloseKey","HKCR\CLSID\{AA94DCC2-B8B0-4898-B835-000AABD74393}","SUCCESS",""
  1591. "8:44:09.2258734 AM","QuickAssist.exe","7064","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: Name"
  1592. "8:44:09.2258823 AM","QuickAssist.exe","7064","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x0"
  1593. "8:44:09.2258897 AM","QuickAssist.exe","7064","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x0"
  1594. "8:44:09.2258971 AM","QuickAssist.exe","7064","RegOpenKey","HKCU\Software\Classes\CLSID\{1765E14E-1BD4-462E-B6B1-590BF1262AC6}","NAME NOT FOUND","Desired Access: Read"
  1595. "8:44:09.2259067 AM","QuickAssist.exe","7064","RegOpenKey","HKCR\CLSID\{1765E14E-1BD4-462E-B6B1-590BF1262AC6}","SUCCESS","Desired Access: Read"
  1596. "8:44:09.2259181 AM","QuickAssist.exe","7064","RegCloseKey","HKCR\CLSID\{1765E14E-1BD4-462E-B6B1-590BF1262AC6}","SUCCESS",""
  1597. "8:44:09.2259274 AM","QuickAssist.exe","7064","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: Name"
  1598. "8:44:09.2259358 AM","QuickAssist.exe","7064","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x0"
  1599. "8:44:09.2259421 AM","QuickAssist.exe","7064","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x0"
  1600. "8:44:09.2259508 AM","QuickAssist.exe","7064","RegOpenKey","HKCU\Software\Classes\CLSID\{22C21F93-7DDB-411C-9B17-C5B7BD064ABC}","NAME NOT FOUND","Desired Access: Read"
  1601. "8:44:09.2259610 AM","QuickAssist.exe","7064","RegOpenKey","HKCR\CLSID\{22C21F93-7DDB-411C-9B17-C5B7BD064ABC}","SUCCESS","Desired Access: Read"
  1602. "8:44:09.2259725 AM","QuickAssist.exe","7064","RegCloseKey","HKCR\CLSID\{22C21F93-7DDB-411C-9B17-C5B7BD064ABC}","SUCCESS",""
  1603. "8:44:09.2259849 AM","QuickAssist.exe","7064","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: Name"
  1604. "8:44:09.2259934 AM","QuickAssist.exe","7064","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x0"
  1605. "8:44:09.2259992 AM","QuickAssist.exe","7064","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x0"
  1606. "8:44:09.2260088 AM","QuickAssist.exe","7064","RegOpenKey","HKCU\Software\Classes\CLSID\{ED822C8C-D6BE-4301-A631-0E1416BAD28F}","NAME NOT FOUND","Desired Access: Read"
  1607. "8:44:09.2260201 AM","QuickAssist.exe","7064","RegOpenKey","HKCR\CLSID\{ED822C8C-D6BE-4301-A631-0E1416BAD28F}","SUCCESS","Desired Access: Read"
  1608. "8:44:09.2260320 AM","QuickAssist.exe","7064","RegCloseKey","HKCR\CLSID\{ED822C8C-D6BE-4301-A631-0E1416BAD28F}","SUCCESS",""
  1609. "8:44:09.2260404 AM","QuickAssist.exe","7064","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: Name"
  1610. "8:44:09.2260480 AM","QuickAssist.exe","7064","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x0"
  1611. "8:44:09.2260541 AM","QuickAssist.exe","7064","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x0"
  1612. "8:44:09.2260613 AM","QuickAssist.exe","7064","RegOpenKey","HKCU\Software\Classes\CLSID\{6D68D1DE-D432-4B0F-923A-091183A9BDA7}","NAME NOT FOUND","Desired Access: Read"
  1613. "8:44:09.2260732 AM","QuickAssist.exe","7064","RegOpenKey","HKCR\CLSID\{6D68D1DE-D432-4B0F-923A-091183A9BDA7}","SUCCESS","Desired Access: Read"
  1614. "8:44:09.2260840 AM","QuickAssist.exe","7064","RegCloseKey","HKCR\CLSID\{6D68D1DE-D432-4B0F-923A-091183A9BDA7}","SUCCESS",""
  1615. "8:44:09.2261047 AM","QuickAssist.exe","7064","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: Name"
  1616. "8:44:09.2261179 AM","QuickAssist.exe","7064","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x0"
  1617. "8:44:09.2261283 AM","QuickAssist.exe","7064","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x0"
  1618. "8:44:09.2261408 AM","QuickAssist.exe","7064","RegOpenKey","HKCU\Software\Classes\CLSID\{076C2A6C-F78F-4C46-A723-3583E70876EA}","NAME NOT FOUND","Desired Access: Read"
  1619. "8:44:09.2261558 AM","QuickAssist.exe","7064","RegOpenKey","HKCR\CLSID\{076C2A6C-F78F-4C46-A723-3583E70876EA}","SUCCESS","Desired Access: Read"
  1620. "8:44:09.2261820 AM","QuickAssist.exe","7064","RegCloseKey","HKCR\CLSID\{076C2A6C-F78F-4C46-A723-3583E70876EA}","SUCCESS",""
  1621. "8:44:09.2261990 AM","QuickAssist.exe","7064","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: Name"
  1622. "8:44:09.2262131 AM","QuickAssist.exe","7064","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x0"
  1623. "8:44:09.2262239 AM","QuickAssist.exe","7064","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x0"
  1624. "8:44:09.2262367 AM","QuickAssist.exe","7064","RegOpenKey","HKCU\Software\Classes\CLSID\{C17CABB2-D4A3-47D7-A557-339B2EFBD4F1}","NAME NOT FOUND","Desired Access: Read"
  1625. "8:44:09.2262522 AM","QuickAssist.exe","7064","RegOpenKey","HKCR\CLSID\{C17CABB2-D4A3-47D7-A557-339B2EFBD4F1}","SUCCESS","Desired Access: Read"
  1626. "8:44:09.2262706 AM","QuickAssist.exe","7064","RegCloseKey","HKCR\CLSID\{C17CABB2-D4A3-47D7-A557-339B2EFBD4F1}","SUCCESS",""
  1627. "8:44:09.2262837 AM","QuickAssist.exe","7064","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: Name"
  1628. "8:44:09.2262967 AM","QuickAssist.exe","7064","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x0"
  1629. "8:44:09.2263055 AM","QuickAssist.exe","7064","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x0"
  1630. "8:44:09.2263206 AM","QuickAssist.exe","7064","RegOpenKey","HKCU\Software\Classes\CLSID\{9CB5172B-D600-46BA-AB77-77BB7E3A00D9}","NAME NOT FOUND","Desired Access: Read"
  1631. "8:44:09.2263360 AM","QuickAssist.exe","7064","RegOpenKey","HKCR\CLSID\{9CB5172B-D600-46BA-AB77-77BB7E3A00D9}","SUCCESS","Desired Access: Read"
  1632. "8:44:09.2263587 AM","QuickAssist.exe","7064","RegCloseKey","HKCR\CLSID\{9CB5172B-D600-46BA-AB77-77BB7E3A00D9}","SUCCESS",""
  1633. "8:44:09.2263721 AM","QuickAssist.exe","7064","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: Name"
  1634. "8:44:09.2263856 AM","QuickAssist.exe","7064","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x0"
  1635. "8:44:09.2263964 AM","QuickAssist.exe","7064","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x0"
  1636. "8:44:09.2264091 AM","QuickAssist.exe","7064","RegOpenKey","HKCU\Software\Classes\CLSID\{FAE3D380-FEA4-4623-8C75-C6B61110B681}\Instance","NAME NOT FOUND","Desired Access: Read"
  1637. "8:44:09.2264256 AM","QuickAssist.exe","7064","RegOpenKey","HKCR\CLSID\{FAE3D380-FEA4-4623-8C75-C6B61110B681}\Instance","SUCCESS","Desired Access: Read"
  1638. "8:44:09.2264427 AM","QuickAssist.exe","7064","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: Name"
  1639. "8:44:09.2264558 AM","QuickAssist.exe","7064","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x0"
  1640. "8:44:09.2264653 AM","QuickAssist.exe","7064","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x0"
  1641. "8:44:09.2264772 AM","QuickAssist.exe","7064","RegOpenKey","HKCU\Software\Classes\CLSID\{FAE3D380-FEA4-4623-8C75-C6B61110B681}\Instance\Disabled","NAME NOT FOUND","Desired Access: Read"
  1642. "8:44:09.2264926 AM","QuickAssist.exe","7064","RegOpenKey","HKCR\CLSID\{FAE3D380-FEA4-4623-8C75-C6B61110B681}\Instance\Disabled","NAME NOT FOUND","Desired Access: Read"
  1643. "8:44:09.2265133 AM","QuickAssist.exe","7064","RegCloseKey","HKCR\CLSID\{FAE3D380-FEA4-4623-8C75-C6B61110B681}\Instance","SUCCESS",""
  1644. "8:44:09.2269570 AM","QuickAssist.exe","7064","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: Name"
  1645. "8:44:09.2269759 AM","QuickAssist.exe","7064","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x0"
  1646. "8:44:09.2269880 AM","QuickAssist.exe","7064","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x0"
  1647. "8:44:09.2270077 AM","QuickAssist.exe","7064","RegOpenKey","HKCU\Software\Classes\CLSID\{FAE3D380-FEA4-4623-8C75-C6B61110B681}","NAME NOT FOUND","Desired Access: Read"
  1648. "8:44:09.2270297 AM","QuickAssist.exe","7064","RegOpenKey","HKCR\CLSID\{FAE3D380-FEA4-4623-8C75-C6B61110B681}","SUCCESS","Desired Access: Read"
  1649. "8:44:09.2270503 AM","QuickAssist.exe","7064","RegQueryKey","HKCR\CLSID\{FAE3D380-FEA4-4623-8C75-C6B61110B681}","SUCCESS","Query: Name"
  1650. "8:44:09.2270651 AM","QuickAssist.exe","7064","RegQueryKey","HKCR\CLSID\{FAE3D380-FEA4-4623-8C75-C6B61110B681}","SUCCESS","Query: HandleTags, HandleTags: 0x0"
  1651. "8:44:09.2270814 AM","QuickAssist.exe","7064","RegOpenKey","HKCU\Software\Classes\CLSID\{FAE3D380-FEA4-4623-8C75-C6B61110B681}\Namespaces","NAME NOT FOUND","Desired Access: Read"
  1652. "8:44:09.2270961 AM","QuickAssist.exe","7064","RegQueryKey","HKCR\CLSID\{FAE3D380-FEA4-4623-8C75-C6B61110B681}","SUCCESS","Query: HandleTags, HandleTags: 0x0"
  1653. "8:44:09.2271086 AM","QuickAssist.exe","7064","RegOpenKey","HKCR\CLSID\{FAE3D380-FEA4-4623-8C75-C6B61110B681}\Namespaces","SUCCESS","Desired Access: Read"
  1654. "8:44:09.2271296 AM","QuickAssist.exe","7064","RegQueryKey","HKCR\CLSID\{FAE3D380-FEA4-4623-8C75-C6B61110B681}\Namespaces","SUCCESS","Query: Name"
  1655. "8:44:09.2271440 AM","QuickAssist.exe","7064","RegQueryKey","HKCR\CLSID\{FAE3D380-FEA4-4623-8C75-C6B61110B681}\Namespaces","SUCCESS","Query: HandleTags, HandleTags: 0x0"
  1656. "8:44:09.2271605 AM","QuickAssist.exe","7064","RegOpenKey","HKCU\Software\Classes\CLSID\{FAE3D380-FEA4-4623-8C75-C6B61110B681}\Namespaces","NAME NOT FOUND","Desired Access: Maximum Allowed"
  1657. "8:44:09.2271761 AM","QuickAssist.exe","7064","RegEnumValue","HKCR\CLSID\{FAE3D380-FEA4-4623-8C75-C6B61110B681}\Namespaces","NO MORE ENTRIES","Index: 0, Length: 384"
  1658. "8:44:09.2271922 AM","QuickAssist.exe","7064","RegCloseKey","HKCR\CLSID\{FAE3D380-FEA4-4623-8C75-C6B61110B681}\Namespaces","SUCCESS",""
  1659. "8:44:09.2272064 AM","QuickAssist.exe","7064","RegCloseKey","HKCR\CLSID\{FAE3D380-FEA4-4623-8C75-C6B61110B681}","SUCCESS",""
  1660. "8:44:09.2297285 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Security.Authentication.Web.Core.WebAuthenticationCoreManager","SUCCESS","Desired Access: Read"
  1661. "8:44:09.2297505 AM","QuickAssist.exe","7064","RegQueryKey","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Security.Authentication.Web.Core.WebAuthenticationCoreManager","SUCCESS","Query: Basic, Name: Windows.Security.Authentication.Web.Core.WebAuthenticationCoreManager"
  1662. "8:44:09.2297625 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Security.Authentication.Web.Core.WebAuthenticationCoreManager\ActivationType","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
  1663. "8:44:09.2297707 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Security.Authentication.Web.Core.WebAuthenticationCoreManager\Server","NAME NOT FOUND","Length: 144"
  1664. "8:44:09.2297773 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Security.Authentication.Web.Core.WebAuthenticationCoreManager\DllPath","SUCCESS","Type: REG_SZ, Length: 130, Data: C:\Windows\System32\Windows.Security.Authentication.Web.Core.dll"
  1665. "8:44:09.2297866 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Security.Authentication.Web.Core.WebAuthenticationCoreManager\Threading","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
  1666. "8:44:09.2297950 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Security.Authentication.Web.Core.WebAuthenticationCoreManager\TrustLevel","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
  1667. "8:44:09.2298022 AM","QuickAssist.exe","7064","RegQueryKey","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Security.Authentication.Web.Core.WebAuthenticationCoreManager","SUCCESS","Query: HandleTags, HandleTags: 0x0"
  1668. "8:44:09.2298096 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Security.Authentication.Web.Core.WebAuthenticationCoreManager\CustomAttributes","NAME NOT FOUND","Desired Access: Read"
  1669. "8:44:09.2298177 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Security.Authentication.Web.Core.WebAuthenticationCoreManager\RemoteServer","NAME NOT FOUND","Length: 144"
  1670. "8:44:09.2298235 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Security.Authentication.Web.Core.WebAuthenticationCoreManager\ActivateAsUser","NAME NOT FOUND","Length: 16"
  1671. "8:44:09.2298315 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Security.Authentication.Web.Core.WebAuthenticationCoreManager\ActivateInSharedBroker","NAME NOT FOUND","Length: 16"
  1672. "8:44:09.2298386 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Security.Authentication.Web.Core.WebAuthenticationCoreManager\ActivateInBrokerForMediumILContainer","NAME NOT FOUND","Length: 16"
  1673. "8:44:09.2298447 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Security.Authentication.Web.Core.WebAuthenticationCoreManager\Permissions","NAME NOT FOUND","Length: 140"
  1674. "8:44:09.2298506 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Security.Authentication.Web.Core.WebAuthenticationCoreManager\ActivateOnHostFlags","NAME NOT FOUND","Length: 16"
  1675. "8:44:09.2298628 AM","QuickAssist.exe","7064","RegCloseKey","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Security.Authentication.Web.Core.WebAuthenticationCoreManager","SUCCESS",""
  1676. "8:44:09.2299572 AM","QuickAssist.exe","7064","CreateFile","C:\Windows\System32\Windows.Security.Authentication.Web.Core.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
  1677. "8:44:09.2299743 AM","QuickAssist.exe","7064","QueryBasicInformationFile","C:\Windows\System32\Windows.Security.Authentication.Web.Core.dll","SUCCESS","CreationTime: 11/28/2020 11:16:50 PM, LastAccessTime: 8/29/2022 8:42:35 AM, LastWriteTime: 11/28/2020 11:16:50 PM, ChangeTime: 11/29/2020 12:05:30 AM, FileAttributes: A"
  1678. "8:44:09.2299818 AM","QuickAssist.exe","7064","CloseFile","C:\Windows\System32\Windows.Security.Authentication.Web.Core.dll","SUCCESS",""
  1679. "8:44:09.2300244 AM","QuickAssist.exe","7064","CreateFile","C:\Windows\System32\Windows.Security.Authentication.Web.Core.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
  1680. "8:44:09.2300396 AM","QuickAssist.exe","7064","CreateFileMapping","C:\Windows\System32\Windows.Security.Authentication.Web.Core.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READWRITE|PAGE_NOCACHE"
  1681. "8:44:09.2300571 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Read"
  1682. "8:44:09.2300676 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Read"
  1683. "8:44:09.2300764 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 20"
  1684. "8:44:09.2300847 AM","QuickAssist.exe","7064","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS",""
  1685. "8:44:09.2300929 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Query Value"
  1686. "8:44:09.2301012 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Query Value"
  1687. "8:44:09.2301088 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 80"
  1688. "8:44:09.2301164 AM","QuickAssist.exe","7064","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS",""
  1689. "8:44:09.2301289 AM","QuickAssist.exe","7064","CreateFileMapping","C:\Windows\System32\Windows.Security.Authentication.Web.Core.dll","SUCCESS","SyncType: SyncTypeOther"
  1690. "8:44:09.2302061 AM","QuickAssist.exe","7064","Load Image","C:\Windows\System32\Windows.Security.Authentication.Web.Core.dll","SUCCESS","Image Base: 0x7ffe53cd0000, Image Size: 0x11d000"
  1691. "8:44:09.2303425 AM","QuickAssist.exe","7064","CloseFile","C:\Windows\System32\Windows.Security.Authentication.Web.Core.dll","SUCCESS",""
  1692. "8:44:09.2304625 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\077b8c4a-e425-578d-f1ac-6fdf1220ff68","NAME NOT FOUND","Length: 528"
  1693. "8:44:09.2305103 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\703fcc13-b66f-5868-ddd9-e2db7f381ffb","NAME NOT FOUND","Length: 528"
  1694. "8:44:09.2305458 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\7acf487e-104b-533e-f68a-a7e9b0431edb","NAME NOT FOUND","Length: 528"
  1695. "8:44:09.2306096 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Security.Authentication.Web.Core.WebTokenRequest","SUCCESS","Desired Access: Read"
  1696. "8:44:09.2306234 AM","QuickAssist.exe","7064","RegQueryKey","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Security.Authentication.Web.Core.WebTokenRequest","SUCCESS","Query: Basic, Name: Windows.Security.Authentication.Web.Core.WebTokenRequest"
  1697. "8:44:09.2306328 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Security.Authentication.Web.Core.WebTokenRequest\ActivationType","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
  1698. "8:44:09.2306402 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Security.Authentication.Web.Core.WebTokenRequest\Server","NAME NOT FOUND","Length: 144"
  1699. "8:44:09.2306463 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Security.Authentication.Web.Core.WebTokenRequest\DllPath","SUCCESS","Type: REG_SZ, Length: 130, Data: C:\Windows\System32\Windows.Security.Authentication.Web.Core.dll"
  1700. "8:44:09.2306535 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Security.Authentication.Web.Core.WebTokenRequest\Threading","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
  1701. "8:44:09.2306597 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Security.Authentication.Web.Core.WebTokenRequest\TrustLevel","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
  1702. "8:44:09.2306662 AM","QuickAssist.exe","7064","RegQueryKey","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Security.Authentication.Web.Core.WebTokenRequest","SUCCESS","Query: HandleTags, HandleTags: 0x0"
  1703. "8:44:09.2306732 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Security.Authentication.Web.Core.WebTokenRequest\CustomAttributes","NAME NOT FOUND","Desired Access: Read"
  1704. "8:44:09.2306804 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Security.Authentication.Web.Core.WebTokenRequest\RemoteServer","NAME NOT FOUND","Length: 144"
  1705. "8:44:09.2306859 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Security.Authentication.Web.Core.WebTokenRequest\ActivateAsUser","NAME NOT FOUND","Length: 16"
  1706. "8:44:09.2306912 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Security.Authentication.Web.Core.WebTokenRequest\ActivateInSharedBroker","NAME NOT FOUND","Length: 16"
  1707. "8:44:09.2306969 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Security.Authentication.Web.Core.WebTokenRequest\ActivateInBrokerForMediumILContainer","NAME NOT FOUND","Length: 16"
  1708. "8:44:09.2307036 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Security.Authentication.Web.Core.WebTokenRequest\Permissions","NAME NOT FOUND","Length: 140"
  1709. "8:44:09.2307098 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Security.Authentication.Web.Core.WebTokenRequest\ActivateOnHostFlags","NAME NOT FOUND","Length: 16"
  1710. "8:44:09.2307209 AM","QuickAssist.exe","7064","RegCloseKey","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Security.Authentication.Web.Core.WebTokenRequest","SUCCESS",""
  1711. "8:44:09.2307553 AM","QuickAssist.exe","7064","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
  1712. "8:44:09.2307619 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\DeviceAccess","SUCCESS","Desired Access: Query Value"
  1713. "8:44:09.2307782 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\DeviceAccess\ActivePolicyCode","SUCCESS","Type: REG_SZ, Length: 2, Data: "
  1714. "8:44:09.2307862 AM","QuickAssist.exe","7064","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\DeviceAccess","SUCCESS",""
  1715. "8:44:09.2307965 AM","QuickAssist.exe","7064","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
  1716. "8:44:09.2308019 AM","QuickAssist.exe","7064","RegOpenKey","HKCU\SOFTWARE\Microsoft\QuickAssist","NAME NOT FOUND","Desired Access: Query Value"
  1717. "8:44:09.2308864 AM","QuickAssist.exe","7064","CreateFile","C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Quick Assist.lnk","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
  1718. "8:44:09.2309141 AM","QuickAssist.exe","7064","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
  1719. "8:44:09.2309207 AM","QuickAssist.exe","7064","RegOpenKey","HKCU\SOFTWARE\Microsoft\QuickAssist","NAME NOT FOUND","Desired Access: Query Value"
  1720. "8:44:09.2309835 AM","QuickAssist.exe","7064","CreateFile","C:\Users\Admin\AppData\Local\Temp","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
  1721. "8:44:09.2310031 AM","QuickAssist.exe","7064","QueryBasicInformationFile","C:\Users\Admin\AppData\Local\Temp","SUCCESS","CreationTime: 11/28/2020 11:48:25 PM, LastAccessTime: 8/29/2022 8:23:48 AM, LastWriteTime: 8/29/2022 8:23:48 AM, ChangeTime: 8/29/2022 8:23:48 AM, FileAttributes: DA"
  1722. "8:44:09.2310092 AM","QuickAssist.exe","7064","CloseFile","C:\Users\Admin\AppData\Local\Temp","SUCCESS",""
  1723. "8:44:09.2310475 AM","QuickAssist.exe","7064","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
  1724. "8:44:09.2310547 AM","QuickAssist.exe","7064","RegOpenKey","HKCU\Software\Policies\Microsoft\Edge\WebView2\","NAME NOT FOUND","Desired Access: Read"
  1725. "8:44:09.2310704 AM","QuickAssist.exe","7064","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
  1726. "8:44:09.2310760 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\Software\Policies\Microsoft\Edge\WebView2\","NAME NOT FOUND","Desired Access: Read"
  1727. "8:44:09.2310981 AM","QuickAssist.exe","7064","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
  1728. "8:44:09.2311039 AM","QuickAssist.exe","7064","RegQueryKey","HKLM","SUCCESS","Query: Name"
  1729. "8:44:09.2311276 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\EdgeUpdate\ClientState\{F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}","SUCCESS","Desired Access: Read"
  1730. "8:44:09.2311442 AM","QuickAssist.exe","7064","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\EdgeUpdate\ClientState\{F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
  1731. "8:44:09.2311496 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\EdgeUpdate\ClientState\{F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}\EBWebView","BUFFER OVERFLOW","Length: 144"
  1732. "8:44:09.2311564 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\EdgeUpdate\ClientState\{F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}\EBWebView","SUCCESS","Type: REG_SZ, Length: 142, Data: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\104.0.1293.70"
  1733. "8:44:09.2311649 AM","QuickAssist.exe","7064","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\EdgeUpdate\ClientState\{F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}","SUCCESS",""
  1734. "8:44:09.2312546 AM","QuickAssist.exe","7064","CreateFile","C:\Program Files (x86)\Microsoft\EdgeWebView\Application\104.0.1293.70\EBWebView\x64\EmbeddedBrowserWebView.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
  1735. "8:44:09.2312718 AM","QuickAssist.exe","7064","QueryBasicInformationFile","C:\Program Files (x86)\Microsoft\EdgeWebView\Application\104.0.1293.70\EBWebView\x64\EmbeddedBrowserWebView.dll","SUCCESS","CreationTime: 8/28/2022 8:38:59 PM, LastAccessTime: 8/29/2022 5:19:33 AM, LastWriteTime: 8/25/2022 2:58:14 AM, ChangeTime: 8/28/2022 8:39:07 PM, FileAttributes: A"
  1736. "8:44:09.2312777 AM","QuickAssist.exe","7064","CloseFile","C:\Program Files (x86)\Microsoft\EdgeWebView\Application\104.0.1293.70\EBWebView\x64\EmbeddedBrowserWebView.dll","SUCCESS",""
  1737. "8:44:09.2313040 AM","QuickAssist.exe","7064","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
  1738. "8:44:09.2313132 AM","QuickAssist.exe","7064","RegOpenKey","HKCU\Software\Policies\Microsoft\Edge\WebView2\","NAME NOT FOUND","Desired Access: Read"
  1739. "8:44:09.2313219 AM","QuickAssist.exe","7064","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
  1740. "8:44:09.2313276 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\Software\Policies\Microsoft\Edge\WebView2\","NAME NOT FOUND","Desired Access: Read"
  1741. "8:44:09.2313393 AM","QuickAssist.exe","7064","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
  1742. "8:44:09.2313444 AM","QuickAssist.exe","7064","RegQueryKey","HKLM","SUCCESS","Query: Name"
  1743. "8:44:09.2313548 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\EdgeUpdate\ClientState\{F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}","SUCCESS","Desired Access: Read"
  1744. "8:44:09.2313636 AM","QuickAssist.exe","7064","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\EdgeUpdate\ClientState\{F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
  1745. "8:44:09.2313685 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\EdgeUpdate\ClientState\{F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}\EBWebView","BUFFER OVERFLOW","Length: 144"
  1746. "8:44:09.2313743 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\EdgeUpdate\ClientState\{F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}\EBWebView","SUCCESS","Type: REG_SZ, Length: 142, Data: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\104.0.1293.70"
  1747. "8:44:09.2313826 AM","QuickAssist.exe","7064","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\EdgeUpdate\ClientState\{F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}","SUCCESS",""
  1748. "8:44:09.2314350 AM","QuickAssist.exe","7064","CreateFile","C:\Program Files (x86)\Microsoft\EdgeWebView\Application\104.0.1293.70\EBWebView\x64\EmbeddedBrowserWebView.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
  1749. "8:44:09.2314445 AM","QuickAssist.exe","7064","QueryBasicInformationFile","C:\Program Files (x86)\Microsoft\EdgeWebView\Application\104.0.1293.70\EBWebView\x64\EmbeddedBrowserWebView.dll","SUCCESS","CreationTime: 8/28/2022 8:38:59 PM, LastAccessTime: 8/29/2022 5:19:33 AM, LastWriteTime: 8/25/2022 2:58:14 AM, ChangeTime: 8/28/2022 8:39:07 PM, FileAttributes: A"
  1750. "8:44:09.2314503 AM","QuickAssist.exe","7064","CloseFile","C:\Program Files (x86)\Microsoft\EdgeWebView\Application\104.0.1293.70\EBWebView\x64\EmbeddedBrowserWebView.dll","SUCCESS",""
  1751. "8:44:09.2315109 AM","QuickAssist.exe","7064","CreateFile","C:\Program Files (x86)\Microsoft\EdgeWebView\Application\104.0.1293.70\EBWebView\x64\EmbeddedBrowserWebView.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
  1752. "8:44:09.2315200 AM","QuickAssist.exe","7064","QueryBasicInformationFile","C:\Program Files (x86)\Microsoft\EdgeWebView\Application\104.0.1293.70\EBWebView\x64\EmbeddedBrowserWebView.dll","SUCCESS","CreationTime: 8/28/2022 8:38:59 PM, LastAccessTime: 8/29/2022 5:19:33 AM, LastWriteTime: 8/25/2022 2:58:14 AM, ChangeTime: 8/28/2022 8:39:07 PM, FileAttributes: A"
  1753. "8:44:09.2315254 AM","QuickAssist.exe","7064","CloseFile","C:\Program Files (x86)\Microsoft\EdgeWebView\Application\104.0.1293.70\EBWebView\x64\EmbeddedBrowserWebView.dll","SUCCESS",""
  1754. "8:44:09.2315627 AM","QuickAssist.exe","7064","CreateFile","C:\Program Files (x86)\Microsoft\EdgeWebView\Application\104.0.1293.70\EBWebView\x64\EmbeddedBrowserWebView.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
  1755. "8:44:09.2315755 AM","QuickAssist.exe","7064","CreateFileMapping","C:\Program Files (x86)\Microsoft\EdgeWebView\Application\104.0.1293.70\EBWebView\x64\EmbeddedBrowserWebView.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READWRITE|PAGE_NOCACHE"
  1756. "8:44:09.2319537 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Read"
  1757. "8:44:09.2319651 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Read"
  1758. "8:44:09.2319741 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 20"
  1759. "8:44:09.2319826 AM","QuickAssist.exe","7064","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS",""
  1760. "8:44:09.2319906 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Query Value"
  1761. "8:44:09.2319983 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Query Value"
  1762. "8:44:09.2320053 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 80"
  1763. "8:44:09.2320125 AM","QuickAssist.exe","7064","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS",""
  1764. "8:44:09.2320215 AM","QuickAssist.exe","7064","CreateFileMapping","C:\Program Files (x86)\Microsoft\EdgeWebView\Application\104.0.1293.70\EBWebView\x64\EmbeddedBrowserWebView.dll","SUCCESS","SyncType: SyncTypeOther"
  1765. "8:44:09.2321494 AM","QuickAssist.exe","7064","Load Image","C:\Program Files (x86)\Microsoft\EdgeWebView\Application\104.0.1293.70\EBWebView\x64\EmbeddedBrowserWebView.dll","SUCCESS","Image Base: 0x7ffe3db70000, Image Size: 0x408000"
  1766. "8:44:09.2322341 AM","QuickAssist.exe","7064","CloseFile","C:\Program Files (x86)\Microsoft\EdgeWebView\Application\104.0.1293.70\EBWebView\x64\EmbeddedBrowserWebView.dll","SUCCESS",""
  1767. "8:44:09.2324238 AM","QuickAssist.exe","7064","CreateFile","C:\Program Files\WindowsApps\MicrosoftCorporationII.QuickAssist_2.0.8.0_x64__8wekyb3d8bbwe\CRYPTBASE.DLL","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
  1768. "8:44:09.2324928 AM","QuickAssist.exe","7064","CreateFile","C:\Windows\System32\cryptbase.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
  1769. "8:44:09.2325066 AM","QuickAssist.exe","7064","QueryBasicInformationFile","C:\Windows\System32\cryptbase.dll","SUCCESS","CreationTime: 11/28/2020 11:17:18 PM, LastAccessTime: 8/29/2022 8:43:54 AM, LastWriteTime: 11/28/2020 11:17:18 PM, ChangeTime: 11/28/2020 11:42:30 PM, FileAttributes: A"
  1770. "8:44:09.2325127 AM","QuickAssist.exe","7064","CloseFile","C:\Windows\System32\cryptbase.dll","SUCCESS",""
  1771. "8:44:09.2325502 AM","QuickAssist.exe","7064","CreateFile","C:\Windows\System32\cryptbase.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
  1772. "8:44:09.2325638 AM","QuickAssist.exe","7064","CreateFileMapping","C:\Windows\System32\cryptbase.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READWRITE|PAGE_NOCACHE"
  1773. "8:44:09.2325794 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Read"
  1774. "8:44:09.2325888 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Read"
  1775. "8:44:09.2325969 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 20"
  1776. "8:44:09.2326045 AM","QuickAssist.exe","7064","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS",""
  1777. "8:44:09.2326122 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Query Value"
  1778. "8:44:09.2326192 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Query Value"
  1779. "8:44:09.2326260 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 80"
  1780. "8:44:09.2326325 AM","QuickAssist.exe","7064","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS",""
  1781. "8:44:09.2326390 AM","QuickAssist.exe","7064","CreateFileMapping","C:\Windows\System32\cryptbase.dll","SUCCESS","SyncType: SyncTypeOther"
  1782. "8:44:09.2326954 AM","QuickAssist.exe","7064","Load Image","C:\Windows\System32\cryptbase.dll","SUCCESS","Image Base: 0x7ffe66500000, Image Size: 0xc000"
  1783. "8:44:09.2327377 AM","QuickAssist.exe","7064","CloseFile","C:\Windows\System32\cryptbase.dll","SUCCESS",""
  1784. "8:44:09.2330112 AM","QuickAssist.exe","7064","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
  1785. "8:44:09.2330232 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion","SUCCESS","Desired Access: Query Value"
  1786. "8:44:09.2330420 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\UBR","SUCCESS","Type: REG_DWORD, Length: 4, Data: 630"
  1787. "8:44:09.2330533 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\DisplayVersion","NAME NOT FOUND","Length: 144"
  1788. "8:44:09.2330614 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ReleaseId","SUCCESS","Type: REG_SZ, Length: 10, Data: 2004"
  1789. "8:44:09.2330777 AM","QuickAssist.exe","7064","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion","SUCCESS",""
  1790. "8:44:09.2332825 AM","QuickAssist.exe","7064","CreateFile","C:\Windows\System32\usp10.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
  1791. "8:44:09.2333050 AM","QuickAssist.exe","7064","QueryBasicInformationFile","C:\Windows\System32\usp10.dll","SUCCESS","CreationTime: 11/28/2020 11:17:20 PM, LastAccessTime: 8/29/2022 5:19:41 AM, LastWriteTime: 11/28/2020 11:17:20 PM, ChangeTime: 11/28/2020 11:21:07 PM, FileAttributes: A"
  1792. "8:44:09.2333127 AM","QuickAssist.exe","7064","CloseFile","C:\Windows\System32\usp10.dll","SUCCESS",""
  1793. "8:44:09.2333815 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\EdgeUpdate\Clients\{F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}","SUCCESS","Desired Access: Query Value"
  1794. "8:44:09.2334016 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\EdgeUpdate\Clients\{F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}\channel","NAME NOT FOUND","Length: 24"
  1795. "8:44:09.2334111 AM","QuickAssist.exe","7064","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\EdgeUpdate\Clients\{F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}","SUCCESS",""
  1796. "8:44:09.2334320 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\EdgeUpdate\ClientState\{F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}","SUCCESS","Desired Access: Query Value"
  1797. "8:44:09.2334420 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\EdgeUpdate\ClientState\{F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}\ap","NAME NOT FOUND","Length: 24"
  1798. "8:44:09.2334499 AM","QuickAssist.exe","7064","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\EdgeUpdate\ClientState\{F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}","SUCCESS",""
  1799. "8:44:09.2334737 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\EdgeUpdate\ClientState\{F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}\cohort","SUCCESS","Desired Access: Query Value"
  1800. "8:44:09.2334887 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\EdgeUpdate\ClientState\{F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}\cohort\name","BUFFER OVERFLOW","Length: 24"
  1801. "8:44:09.2334952 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\EdgeUpdate\ClientState\{F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}\cohort\name","SUCCESS","Type: REG_SZ, Length: 2, Data: "
  1802. "8:44:09.2335034 AM","QuickAssist.exe","7064","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\EdgeUpdate\ClientState\{F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}\cohort","SUCCESS",""
  1803. "8:44:09.2335495 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\e16ec3d2-bb0f-4e8f-bdb8-de0bea82dc3d","NAME NOT FOUND","Length: 528"
  1804. "8:44:09.2336257 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\2102e897-4bb0-4a07-9989-63844719a8ea","NAME NOT FOUND","Length: 528"
  1805. "8:44:09.2336939 AM","QuickAssist.exe","7064","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
  1806. "8:44:09.2337029 AM","QuickAssist.exe","7064","RegOpenKey","HKCU\Software\Policies\Microsoft\Edge\WebView2\","NAME NOT FOUND","Desired Access: Read"
  1807. "8:44:09.2337123 AM","QuickAssist.exe","7064","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
  1808. "8:44:09.2337180 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\Software\Policies\Microsoft\Edge\WebView2\","NAME NOT FOUND","Desired Access: Read"
  1809. "8:44:09.2338444 AM","QuickAssist.exe","7064","CreateFile","C:\Program Files (x86)\Microsoft\EdgeWebView\Application\104.0.1293.70","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
  1810. "8:44:09.2338576 AM","QuickAssist.exe","7064","QueryBasicInformationFile","C:\Program Files (x86)\Microsoft\EdgeWebView\Application\104.0.1293.70","SUCCESS","CreationTime: 8/28/2022 8:39:07 PM, LastAccessTime: 8/29/2022 5:22:18 AM, LastWriteTime: 8/28/2022 8:39:07 PM, ChangeTime: 8/28/2022 8:39:07 PM, FileAttributes: D"
  1811. "8:44:09.2338645 AM","QuickAssist.exe","7064","CloseFile","C:\Program Files (x86)\Microsoft\EdgeWebView\Application\104.0.1293.70","SUCCESS",""
  1812. "8:44:09.2339415 AM","QuickAssist.exe","7064","CreateFile","C:\Program Files (x86)\Microsoft\EdgeWebView\Application\104.0.1293.70\msedgewebview2.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
  1813. "8:44:09.2339543 AM","QuickAssist.exe","7064","QueryBasicInformationFile","C:\Program Files (x86)\Microsoft\EdgeWebView\Application\104.0.1293.70\msedgewebview2.exe","SUCCESS","CreationTime: 8/28/2022 8:39:06 PM, LastAccessTime: 8/29/2022 8:23:12 AM, LastWriteTime: 8/25/2022 2:57:38 AM, ChangeTime: 8/28/2022 8:39:07 PM, FileAttributes: A"
  1814. "8:44:09.2339603 AM","QuickAssist.exe","7064","CloseFile","C:\Program Files (x86)\Microsoft\EdgeWebView\Application\104.0.1293.70\msedgewebview2.exe","SUCCESS",""
  1815. "8:44:09.2340059 AM","QuickAssist.exe","7064","CreateFile","C:\Program Files (x86)\Microsoft\EdgeWebView\Application\104.0.1293.70\msedgewebview2.exe","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
  1816. "8:44:09.2340313 AM","QuickAssist.exe","7064","QueryNameInformationFile","C:\Program Files (x86)\Microsoft\EdgeWebView\Application\104.0.1293.70\msedgewebview2.exe","SUCCESS","Name: \Program Files (x86)\Microsoft\EdgeWebView\Application\104.0.1293.70\msedgewebview2.exe"
  1817. "8:44:09.2340448 AM","QuickAssist.exe","7064","QueryNameInformationFile","C:\Program Files (x86)\Microsoft\EdgeWebView\Application\104.0.1293.70\msedgewebview2.exe","SUCCESS","Name: \Program Files (x86)\Microsoft\EdgeWebView\Application\104.0.1293.70\msedgewebview2.exe"
  1818. "8:44:09.2340533 AM","QuickAssist.exe","7064","QueryNormalizedNameInformationFile","C:\Program Files (x86)\Microsoft\EdgeWebView\Application\104.0.1293.70\msedgewebview2.exe","SUCCESS",""
  1819. "8:44:09.2341048 AM","QuickAssist.exe","7064","CloseFile","C:\Program Files (x86)\Microsoft\EdgeWebView\Application\104.0.1293.70\msedgewebview2.exe","SUCCESS",""
  1820. "8:44:09.2341493 AM","QuickAssist.exe","7064","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
  1821. "8:44:09.2341582 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System","SUCCESS","Desired Access: Read"
  1822. "8:44:09.2341702 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
  1823. "8:44:09.2341801 AM","QuickAssist.exe","7064","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System","SUCCESS",""
  1824. "8:44:09.2342619 AM","QuickAssist.exe","7064","CreateFile","C:\Program Files\WindowsApps\MicrosoftCorporationII.QuickAssist_2.0.8.0_x64__8wekyb3d8bbwe\VERSION.dll","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
  1825. "8:44:09.2343410 AM","QuickAssist.exe","7064","CreateFile","C:\Windows\System32\version.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
  1826. "8:44:09.2343594 AM","QuickAssist.exe","7064","QueryBasicInformationFile","C:\Windows\System32\version.dll","SUCCESS","CreationTime: 11/28/2020 11:17:27 PM, LastAccessTime: 8/29/2022 8:42:36 AM, LastWriteTime: 11/28/2020 11:17:27 PM, ChangeTime: 11/29/2020 12:02:32 AM, FileAttributes: A"
  1827. "8:44:09.2343653 AM","QuickAssist.exe","7064","CloseFile","C:\Windows\System32\version.dll","SUCCESS",""
  1828. "8:44:09.2344005 AM","QuickAssist.exe","7064","CreateFile","C:\Windows\System32\version.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
  1829. "8:44:09.2344174 AM","QuickAssist.exe","7064","CreateFileMapping","C:\Windows\System32\version.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READWRITE|PAGE_NOCACHE"
  1830. "8:44:09.2344325 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Read"
  1831. "8:44:09.2344438 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Read"
  1832. "8:44:09.2344514 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 20"
  1833. "8:44:09.2344585 AM","QuickAssist.exe","7064","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS",""
  1834. "8:44:09.2344652 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Query Value"
  1835. "8:44:09.2344718 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Query Value"
  1836. "8:44:09.2344779 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 80"
  1837. "8:44:09.2344840 AM","QuickAssist.exe","7064","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS",""
  1838. "8:44:09.2344905 AM","QuickAssist.exe","7064","CreateFileMapping","C:\Windows\System32\version.dll","SUCCESS","SyncType: SyncTypeOther"
  1839. "8:44:09.2345375 AM","QuickAssist.exe","7064","Load Image","C:\Windows\System32\version.dll","SUCCESS","Image Base: 0x7ffe5e130000, Image Size: 0xa000"
  1840. "8:44:09.2345931 AM","QuickAssist.exe","7064","CloseFile","C:\Windows\System32\version.dll","SUCCESS",""
  1841. "8:44:09.2346809 AM","QuickAssist.exe","7064","CreateFile","C:\Program Files\WindowsApps\MicrosoftCorporationII.QuickAssist_2.0.8.0_x64__8wekyb3d8bbwe\QuickAssist.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
  1842. "8:44:09.2346956 AM","QuickAssist.exe","7064","QueryBasicInformationFile","C:\Program Files\WindowsApps\MicrosoftCorporationII.QuickAssist_2.0.8.0_x64__8wekyb3d8bbwe\QuickAssist.exe","SUCCESS","CreationTime: 8/28/2022 9:00:23 PM, LastAccessTime: 8/29/2022 8:44:09 AM, LastWriteTime: 8/28/2022 9:00:24 PM, ChangeTime: 8/29/2022 8:06:57 AM, FileAttributes: A"
  1843. "8:44:09.2347022 AM","QuickAssist.exe","7064","CloseFile","C:\Program Files\WindowsApps\MicrosoftCorporationII.QuickAssist_2.0.8.0_x64__8wekyb3d8bbwe\QuickAssist.exe","SUCCESS",""
  1844. "8:44:09.2347435 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\540dc156-e9d6-42dc-a225-29794149a495","NAME NOT FOUND","Length: 528"
  1845. "8:44:09.2348122 AM","QuickAssist.exe","7064","CreateFile","C:\Program Files\WindowsApps\MicrosoftCorporationII.QuickAssist_2.0.8.0_x64__8wekyb3d8bbwe\QuickAssist.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
  1846. "8:44:09.2348228 AM","QuickAssist.exe","7064","QueryBasicInformationFile","C:\Program Files\WindowsApps\MicrosoftCorporationII.QuickAssist_2.0.8.0_x64__8wekyb3d8bbwe\QuickAssist.exe","SUCCESS","CreationTime: 8/28/2022 9:00:23 PM, LastAccessTime: 8/29/2022 8:44:09 AM, LastWriteTime: 8/28/2022 9:00:24 PM, ChangeTime: 8/29/2022 8:06:57 AM, FileAttributes: A"
  1847. "8:44:09.2348288 AM","QuickAssist.exe","7064","CloseFile","C:\Program Files\WindowsApps\MicrosoftCorporationII.QuickAssist_2.0.8.0_x64__8wekyb3d8bbwe\QuickAssist.exe","SUCCESS",""
  1848. "8:44:09.2348995 AM","QuickAssist.exe","7064","CreateFile","C:\Program Files\WindowsApps\MicrosoftCorporationII.QuickAssist_2.0.8.0_x64__8wekyb3d8bbwe\QuickAssist.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
  1849. "8:44:09.2349098 AM","QuickAssist.exe","7064","QueryBasicInformationFile","C:\Program Files\WindowsApps\MicrosoftCorporationII.QuickAssist_2.0.8.0_x64__8wekyb3d8bbwe\QuickAssist.exe","SUCCESS","CreationTime: 8/28/2022 9:00:23 PM, LastAccessTime: 8/29/2022 8:44:09 AM, LastWriteTime: 8/28/2022 9:00:24 PM, ChangeTime: 8/29/2022 8:06:57 AM, FileAttributes: A"
  1850. "8:44:09.2349158 AM","QuickAssist.exe","7064","CloseFile","C:\Program Files\WindowsApps\MicrosoftCorporationII.QuickAssist_2.0.8.0_x64__8wekyb3d8bbwe\QuickAssist.exe","SUCCESS",""
  1851. "8:44:09.2349751 AM","QuickAssist.exe","7064","CreateFile","C:\Program Files\WindowsApps\MicrosoftCorporationII.QuickAssist_2.0.8.0_x64__8wekyb3d8bbwe\QuickAssist.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
  1852. "8:44:09.2349848 AM","QuickAssist.exe","7064","QueryBasicInformationFile","C:\Program Files\WindowsApps\MicrosoftCorporationII.QuickAssist_2.0.8.0_x64__8wekyb3d8bbwe\QuickAssist.exe","SUCCESS","CreationTime: 8/28/2022 9:00:23 PM, LastAccessTime: 8/29/2022 8:44:09 AM, LastWriteTime: 8/28/2022 9:00:24 PM, ChangeTime: 8/29/2022 8:06:57 AM, FileAttributes: A"
  1853. "8:44:09.2349901 AM","QuickAssist.exe","7064","CloseFile","C:\Program Files\WindowsApps\MicrosoftCorporationII.QuickAssist_2.0.8.0_x64__8wekyb3d8bbwe\QuickAssist.exe","SUCCESS",""
  1854. "8:44:09.2350915 AM","QuickAssist.exe","7064","Thread Create","","SUCCESS","Thread ID: 10992"
  1855. "8:44:09.2351491 AM","QuickAssist.exe","7064","CreateFile","C:\Program Files (x86)\Microsoft\EdgeWebView\Application\104.0.1293.70\icudtl.dat","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
  1856. "8:44:09.2351839 AM","QuickAssist.exe","7064","CreateFileMapping","C:\Program Files (x86)\Microsoft\EdgeWebView\Application\104.0.1293.70\icudtl.dat","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READWRITE|PAGE_NOCACHE"
  1857. "8:44:09.2351914 AM","QuickAssist.exe","7064","QueryStandardInformationFile","C:\Program Files (x86)\Microsoft\EdgeWebView\Application\104.0.1293.70\icudtl.dat","SUCCESS","AllocationSize: 12,247,040, EndOfFile: 12,246,928, NumberOfLinks: 3, DeletePending: False, Directory: False"
  1858. "8:44:09.2352043 AM","QuickAssist.exe","7064","CreateFileMapping","C:\Program Files (x86)\Microsoft\EdgeCore\104.0.1293.70\icudtl.dat","SUCCESS","SyncType: SyncTypeOther"
  1859. "8:44:09.2352151 AM","QuickAssist.exe","7064","QueryStandardInformationFile","C:\Program Files (x86)\Microsoft\EdgeWebView\Application\104.0.1293.70\icudtl.dat","SUCCESS","AllocationSize: 12,247,040, EndOfFile: 12,246,928, NumberOfLinks: 3, DeletePending: False, Directory: False"
  1860. "8:44:09.2355264 AM","QuickAssist.exe","7064","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
  1861. "8:44:09.2355365 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion","SUCCESS","Desired Access: Query Value"
  1862. "8:44:09.2355479 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\UBR","SUCCESS","Type: REG_DWORD, Length: 4, Data: 630"
  1863. "8:44:09.2355580 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\DisplayVersion","NAME NOT FOUND","Length: 144"
  1864. "8:44:09.2355646 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ReleaseId","SUCCESS","Type: REG_SZ, Length: 10, Data: 2004"
  1865. "8:44:09.2355742 AM","QuickAssist.exe","7064","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion","SUCCESS",""
  1866. "8:44:09.2356001 AM","QuickAssist.exe","7064","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
  1867. "8:44:09.2356110 AM","QuickAssist.exe","7064","RegQueryKey","HKLM","SUCCESS","Query: Name"
  1868. "8:44:09.2356236 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\EdgeUpdate\ClientState\{F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}","SUCCESS","Desired Access: Read"
  1869. "8:44:09.2356332 AM","QuickAssist.exe","7064","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\EdgeUpdate\ClientState\{F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
  1870. "8:44:09.2356384 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\EdgeUpdate\ClientState\{F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}\EBWebView","BUFFER OVERFLOW","Length: 144"
  1871. "8:44:09.2356443 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\EdgeUpdate\ClientState\{F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}\EBWebView","SUCCESS","Type: REG_SZ, Length: 142, Data: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\104.0.1293.70"
  1872. "8:44:09.2356516 AM","QuickAssist.exe","7064","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\EdgeUpdate\ClientState\{F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}","SUCCESS",""
  1873. "8:44:09.2357095 AM","QuickAssist.exe","7064","CreateFile","C:\Program Files (x86)\Microsoft\EdgeWebView\Application\104.0.1293.70\EBWebView\x64\EmbeddedBrowserWebView.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
  1874. "8:44:09.2357204 AM","QuickAssist.exe","7064","QueryBasicInformationFile","C:\Program Files (x86)\Microsoft\EdgeWebView\Application\104.0.1293.70\EBWebView\x64\EmbeddedBrowserWebView.dll","SUCCESS","CreationTime: 8/28/2022 8:38:59 PM, LastAccessTime: 8/29/2022 8:44:09 AM, LastWriteTime: 8/25/2022 2:58:14 AM, ChangeTime: 8/28/2022 8:39:07 PM, FileAttributes: A"
  1875. "8:44:09.2357265 AM","QuickAssist.exe","7064","CloseFile","C:\Program Files (x86)\Microsoft\EdgeWebView\Application\104.0.1293.70\EBWebView\x64\EmbeddedBrowserWebView.dll","SUCCESS",""
  1876. "8:44:09.2358314 AM","QuickAssist.exe","7064","CreateFile","C:\Windows\System32\windows.storage.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
  1877. "8:44:09.2358480 AM","QuickAssist.exe","7064","QueryBasicInformationFile","C:\Windows\System32\windows.storage.dll","SUCCESS","CreationTime: 11/28/2020 11:17:04 PM, LastAccessTime: 8/29/2022 8:42:35 AM, LastWriteTime: 11/28/2020 11:17:04 PM, ChangeTime: 11/28/2020 11:55:54 PM, FileAttributes: A"
  1878. "8:44:09.2358595 AM","QuickAssist.exe","7064","CloseFile","C:\Windows\System32\windows.storage.dll","SUCCESS",""
  1879. "8:44:09.2359054 AM","QuickAssist.exe","7064","CreateFile","C:\Windows\System32\windows.storage.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
  1880. "8:44:09.2359200 AM","QuickAssist.exe","7064","CreateFileMapping","C:\Windows\System32\windows.storage.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READWRITE|PAGE_NOCACHE"
  1881. "8:44:09.2359373 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Read"
  1882. "8:44:09.2359474 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Read"
  1883. "8:44:09.2359564 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 20"
  1884. "8:44:09.2359658 AM","QuickAssist.exe","7064","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS",""
  1885. "8:44:09.2359741 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Query Value"
  1886. "8:44:09.2359823 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Query Value"
  1887. "8:44:09.2359927 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 80"
  1888. "8:44:09.2360001 AM","QuickAssist.exe","7064","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS",""
  1889. "8:44:09.2360076 AM","QuickAssist.exe","7064","CreateFileMapping","C:\Windows\System32\windows.storage.dll","SUCCESS","SyncType: SyncTypeOther"
  1890. "8:44:09.2360745 AM","QuickAssist.exe","7064","Load Image","C:\Windows\System32\windows.storage.dll","SUCCESS","Image Base: 0x7ffe64d60000, Image Size: 0x795000"
  1891. "8:44:09.2361576 AM","QuickAssist.exe","7064","CloseFile","C:\Windows\System32\windows.storage.dll","SUCCESS",""
  1892. "8:44:09.2362059 AM","QuickAssist.exe","7064","CreateFile","C:\Windows\System32\wldp.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
  1893. "8:44:09.2362251 AM","QuickAssist.exe","7064","QueryBasicInformationFile","C:\Windows\System32\wldp.dll","SUCCESS","CreationTime: 11/28/2020 11:17:15 PM, LastAccessTime: 8/29/2022 8:42:35 AM, LastWriteTime: 11/28/2020 11:17:15 PM, ChangeTime: 11/28/2020 11:45:20 PM, FileAttributes: A"
  1894. "8:44:09.2362315 AM","QuickAssist.exe","7064","CloseFile","C:\Windows\System32\wldp.dll","SUCCESS",""
  1895. "8:44:09.2362680 AM","QuickAssist.exe","7064","CreateFile","C:\Windows\System32\wldp.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
  1896. "8:44:09.2362849 AM","QuickAssist.exe","7064","CreateFileMapping","C:\Windows\System32\wldp.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READWRITE|PAGE_NOCACHE"
  1897. "8:44:09.2362991 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Read"
  1898. "8:44:09.2363076 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Read"
  1899. "8:44:09.2363146 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 20"
  1900. "8:44:09.2363212 AM","QuickAssist.exe","7064","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS",""
  1901. "8:44:09.2363277 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Query Value"
  1902. "8:44:09.2363345 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Query Value"
  1903. "8:44:09.2363403 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 80"
  1904. "8:44:09.2363462 AM","QuickAssist.exe","7064","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS",""
  1905. "8:44:09.2363522 AM","QuickAssist.exe","7064","CreateFileMapping","C:\Windows\System32\wldp.dll","SUCCESS","SyncType: SyncTypeOther"
  1906. "8:44:09.2364021 AM","QuickAssist.exe","7064","Load Image","C:\Windows\System32\wldp.dll","SUCCESS","Image Base: 0x7ffe66590000, Image Size: 0x2c000"
  1907. "8:44:09.2364554 AM","QuickAssist.exe","7064","CloseFile","C:\Windows\System32\wldp.dll","SUCCESS",""
  1908. "8:44:09.2366126 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\9a2edb8f-5883-499f-aced-6e4b69d43ddf","NAME NOT FOUND","Length: 528"
  1909. "8:44:09.2367718 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\30336ed4-e327-447c-9de0-51b652c86108","NAME NOT FOUND","Length: 528"
  1910. "8:44:09.2368239 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\a40b455c-253c-4311-ac6d-6e667edccefc","NAME NOT FOUND","Length: 528"
  1911. "8:44:09.2368618 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\703fcc13-b66f-5868-ddd9-e2db7f381ffb","NAME NOT FOUND","Length: 528"
  1912. "8:44:09.2368947 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\32980f26-c8f5-5767-6b26-635b3fa83c61","NAME NOT FOUND","Length: 528"
  1913. "8:44:09.2369801 AM","QuickAssist.exe","7064","Load Image","C:\Windows\System32\shlwapi.dll","SUCCESS","Image Base: 0x7ffe69290000, Image Size: 0x55000"
  1914. "8:44:09.2371813 AM","QuickAssist.exe","7064","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: Name"
  1915. "8:44:09.2371955 AM","QuickAssist.exe","7064","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x0"
  1916. "8:44:09.2372014 AM","QuickAssist.exe","7064","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x0"
  1917. "8:44:09.2372101 AM","QuickAssist.exe","7064","RegOpenKey","HKCU\Software\Classes\CLSID\{56AD4C5D-B908-4F85-8FF1-7940C29B3BCF}\Instance","NAME NOT FOUND","Desired Access: Read"
  1918. "8:44:09.2372205 AM","QuickAssist.exe","7064","RegOpenKey","HKCR\CLSID\{56AD4C5D-B908-4F85-8FF1-7940C29B3BCF}\Instance","NAME NOT FOUND","Desired Access: Read"
  1919. "8:44:09.2373798 AM","QuickAssist.exe","7064","CreateFile","C:\Windows\Registration\R00000000001b.clb","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, AllocationSize: n/a, OpenResult: Opened"
  1920. "8:44:09.2373998 AM","QuickAssist.exe","7064","QueryStandardInformationFile","C:\Windows\Registration\R00000000001b.clb","SUCCESS","AllocationSize: 28,672, EndOfFile: 28,476, NumberOfLinks: 1, DeletePending: False, Directory: False"
  1921. "8:44:09.2374103 AM","QuickAssist.exe","7064","CreateFileMapping","C:\Windows\Registration\R00000000001b.clb","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READWRITE|PAGE_NOCACHE"
  1922. "8:44:09.2374176 AM","QuickAssist.exe","7064","QueryStandardInformationFile","C:\Windows\Registration\R00000000001b.clb","SUCCESS","AllocationSize: 28,672, EndOfFile: 28,476, NumberOfLinks: 1, DeletePending: False, Directory: False"
  1923. "8:44:09.2374301 AM","QuickAssist.exe","7064","CreateFileMapping","C:\Windows\Registration\R00000000001b.clb","SUCCESS","SyncType: SyncTypeOther"
  1924. "8:44:09.2374997 AM","QuickAssist.exe","7064","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: Name"
  1925. "8:44:09.2375096 AM","QuickAssist.exe","7064","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x0"
  1926. "8:44:09.2375160 AM","QuickAssist.exe","7064","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x0"
  1927. "8:44:09.2375267 AM","QuickAssist.exe","7064","RegOpenKey","HKCU\Software\Classes\CLSID\{1F486A52-3CB1-48FD-8F50-B8DC300D9F9D}","NAME NOT FOUND","Desired Access: Read"
  1928. "8:44:09.2375366 AM","QuickAssist.exe","7064","RegOpenKey","HKCR\CLSID\{1F486A52-3CB1-48FD-8F50-B8DC300D9F9D}","SUCCESS","Desired Access: Read"
  1929. "8:44:09.2375475 AM","QuickAssist.exe","7064","RegQueryKey","HKCR\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}","SUCCESS","Query: Name"
  1930. "8:44:09.2375561 AM","QuickAssist.exe","7064","RegQueryKey","HKCR\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}","SUCCESS","Query: HandleTags, HandleTags: 0x0"
  1931. "8:44:09.2375660 AM","QuickAssist.exe","7064","RegOpenKey","HKCU\Software\Classes\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\TreatAs","NAME NOT FOUND","Desired Access: Query Value"
  1932. "8:44:09.2375744 AM","QuickAssist.exe","7064","RegQueryKey","HKCR\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}","SUCCESS","Query: HandleTags, HandleTags: 0x0"
  1933. "8:44:09.2375811 AM","QuickAssist.exe","7064","RegOpenKey","HKCR\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\TreatAs","NAME NOT FOUND","Desired Access: Query Value"
  1934. "8:44:09.2375892 AM","QuickAssist.exe","7064","RegQueryKey","HKCR\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}","SUCCESS","Query: Name"
  1935. "8:44:09.2376003 AM","QuickAssist.exe","7064","RegQueryKey","HKCR\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}","SUCCESS","Query: Name"
  1936. "8:44:09.2376074 AM","QuickAssist.exe","7064","RegQueryKey","HKCR\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}","SUCCESS","Query: HandleTags, HandleTags: 0x0"
  1937. "8:44:09.2376162 AM","QuickAssist.exe","7064","RegOpenKey","HKCU\Software\Classes\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}","NAME NOT FOUND","Desired Access: Maximum Allowed"
  1938. "8:44:09.2376248 AM","QuickAssist.exe","7064","RegQueryValue","HKCR\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\ActivateOnHostFlags","NAME NOT FOUND","Length: 16"
  1939. "8:44:09.2376321 AM","QuickAssist.exe","7064","RegQueryKey","HKCR\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}","SUCCESS","Query: Name"
  1940. "8:44:09.2376391 AM","QuickAssist.exe","7064","RegQueryKey","HKCR\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}","SUCCESS","Query: HandleTags, HandleTags: 0x0"
  1941. "8:44:09.2376467 AM","QuickAssist.exe","7064","RegOpenKey","HKCU\Software\Classes\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}","NAME NOT FOUND","Desired Access: Maximum Allowed"
  1942. "8:44:09.2376544 AM","QuickAssist.exe","7064","RegQueryValue","HKCR\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\(Default)","BUFFER OVERFLOW","Length: 12"
  1943. "8:44:09.2376613 AM","QuickAssist.exe","7064","RegQueryKey","HKCR\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}","SUCCESS","Query: Name"
  1944. "8:44:09.2376689 AM","QuickAssist.exe","7064","RegQueryKey","HKCR\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}","SUCCESS","Query: HandleTags, HandleTags: 0x0"
  1945. "8:44:09.2376870 AM","QuickAssist.exe","7064","RegOpenKey","HKCU\Software\Classes\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}","NAME NOT FOUND","Desired Access: Maximum Allowed"
  1946. "8:44:09.2376949 AM","QuickAssist.exe","7064","RegQueryValue","HKCR\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\(Default)","SUCCESS","Type: REG_SZ, Length: 48, Data: Memory Mapped Cache Mgr"
  1947. "8:44:09.2377030 AM","QuickAssist.exe","7064","RegQueryKey","HKCR\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}","SUCCESS","Query: Name"
  1948. "8:44:09.2377114 AM","QuickAssist.exe","7064","RegQueryKey","HKCR\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}","SUCCESS","Query: HandleTags, HandleTags: 0x0"
  1949. "8:44:09.2377225 AM","QuickAssist.exe","7064","RegOpenKey","HKCU\Software\Classes\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InprocServer32","NAME NOT FOUND","Desired Access: Read"
  1950. "8:44:09.2377327 AM","QuickAssist.exe","7064","RegQueryKey","HKCR\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}","SUCCESS","Query: HandleTags, HandleTags: 0x0"
  1951. "8:44:09.2377392 AM","QuickAssist.exe","7064","RegOpenKey","HKCR\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InprocServer32","SUCCESS","Desired Access: Read"
  1952. "8:44:09.2377486 AM","QuickAssist.exe","7064","RegQueryKey","HKCR\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32","SUCCESS","Query: Name"
  1953. "8:44:09.2377577 AM","QuickAssist.exe","7064","RegQueryKey","HKCR\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32","SUCCESS","Query: HandleTags, HandleTags: 0x0"
  1954. "8:44:09.2377663 AM","QuickAssist.exe","7064","RegOpenKey","HKCU\Software\Classes\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32","NAME NOT FOUND","Desired Access: Maximum Allowed"
  1955. "8:44:09.2377750 AM","QuickAssist.exe","7064","RegQueryValue","HKCR\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32\InprocServer32","NAME NOT FOUND","Length: 12"
  1956. "8:44:09.2377820 AM","QuickAssist.exe","7064","RegQueryKey","HKCR\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32","SUCCESS","Query: Name"
  1957. "8:44:09.2377899 AM","QuickAssist.exe","7064","RegQueryKey","HKCR\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32","SUCCESS","Query: HandleTags, HandleTags: 0x0"
  1958. "8:44:09.2377984 AM","QuickAssist.exe","7064","RegOpenKey","HKCU\Software\Classes\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32","NAME NOT FOUND","Desired Access: Maximum Allowed"
  1959. "8:44:09.2378062 AM","QuickAssist.exe","7064","RegQueryValue","HKCR\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32\(Default)","BUFFER OVERFLOW","Length: 12"
  1960. "8:44:09.2378135 AM","QuickAssist.exe","7064","RegQueryKey","HKCR\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32","SUCCESS","Query: Name"
  1961. "8:44:09.2378217 AM","QuickAssist.exe","7064","RegQueryKey","HKCR\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32","SUCCESS","Query: HandleTags, HandleTags: 0x0"
  1962. "8:44:09.2378331 AM","QuickAssist.exe","7064","RegOpenKey","HKCU\Software\Classes\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32","NAME NOT FOUND","Desired Access: Maximum Allowed"
  1963. "8:44:09.2378415 AM","QuickAssist.exe","7064","RegQueryValue","HKCR\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32\(Default)","SUCCESS","Type: REG_EXPAND_SZ, Length: 68, Data: %SystemRoot%\system32\propsys.dll"
  1964. "8:44:09.2378519 AM","QuickAssist.exe","7064","RegQueryKey","HKCR\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32","SUCCESS","Query: Name"
  1965. "8:44:09.2378593 AM","QuickAssist.exe","7064","RegQueryKey","HKCR\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32","SUCCESS","Query: HandleTags, HandleTags: 0x0"
  1966. "8:44:09.2378669 AM","QuickAssist.exe","7064","RegOpenKey","HKCU\Software\Classes\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32","NAME NOT FOUND","Desired Access: Maximum Allowed"
  1967. "8:44:09.2378754 AM","QuickAssist.exe","7064","RegQueryValue","HKCR\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32\(Default)","SUCCESS","Type: REG_EXPAND_SZ, Length: 68, Data: %SystemRoot%\system32\propsys.dll"
  1968. "8:44:09.2378882 AM","QuickAssist.exe","7064","RegQueryKey","HKCR\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32","SUCCESS","Query: Name"
  1969. "8:44:09.2379008 AM","QuickAssist.exe","7064","RegQueryKey","HKCR\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32","SUCCESS","Query: HandleTags, HandleTags: 0x0"
  1970. "8:44:09.2379148 AM","QuickAssist.exe","7064","RegOpenKey","HKCU\Software\Classes\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32","NAME NOT FOUND","Desired Access: Maximum Allowed"
  1971. "8:44:09.2379274 AM","QuickAssist.exe","7064","RegQueryValue","HKCR\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32\ThreadingModel","SUCCESS","Type: REG_SZ, Length: 10, Data: Both"
  1972. "8:44:09.2379425 AM","QuickAssist.exe","7064","RegCloseKey","HKCR\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32","SUCCESS",""
  1973. "8:44:09.2379540 AM","QuickAssist.exe","7064","RegQueryKey","HKCR\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}","SUCCESS","Query: Name"
  1974. "8:44:09.2379791 AM","QuickAssist.exe","7064","RegQueryKey","HKCR\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}","SUCCESS","Query: HandleTags, HandleTags: 0x0"
  1975. "8:44:09.2379946 AM","QuickAssist.exe","7064","RegOpenKey","HKCU\Software\Classes\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InprocHandler32","NAME NOT FOUND","Desired Access: Query Value"
  1976. "8:44:09.2380188 AM","QuickAssist.exe","7064","RegQueryKey","HKCR\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}","SUCCESS","Query: HandleTags, HandleTags: 0x0"
  1977. "8:44:09.2380301 AM","QuickAssist.exe","7064","RegOpenKey","HKCR\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InprocHandler32","NAME NOT FOUND","Desired Access: Query Value"
  1978. "8:44:09.2380412 AM","QuickAssist.exe","7064","RegQueryKey","HKCR\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}","SUCCESS","Query: Name"
  1979. "8:44:09.2380532 AM","QuickAssist.exe","7064","RegQueryKey","HKCR\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}","SUCCESS","Query: HandleTags, HandleTags: 0x0"
  1980. "8:44:09.2380665 AM","QuickAssist.exe","7064","RegOpenKey","HKCU\Software\Classes\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InprocHandler","NAME NOT FOUND","Desired Access: Query Value"
  1981. "8:44:09.2380758 AM","QuickAssist.exe","7064","RegQueryKey","HKCR\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}","SUCCESS","Query: HandleTags, HandleTags: 0x0"
  1982. "8:44:09.2380826 AM","QuickAssist.exe","7064","RegOpenKey","HKCR\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InprocHandler","NAME NOT FOUND","Desired Access: Query Value"
  1983. "8:44:09.2380932 AM","QuickAssist.exe","7064","RegCloseKey","HKCR\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}","SUCCESS",""
  1984. "8:44:09.2381331 AM","QuickAssist.exe","7064","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: Name"
  1985. "8:44:09.2381447 AM","QuickAssist.exe","7064","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x0"
  1986. "8:44:09.2381514 AM","QuickAssist.exe","7064","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x0"
  1987. "8:44:09.2381595 AM","QuickAssist.exe","7064","RegOpenKey","HKCU\Software\Classes\CLSID\{1F486A52-3CB1-48FD-8F50-B8DC300D9F9D}","NAME NOT FOUND","Desired Access: Read"
  1988. "8:44:09.2381734 AM","QuickAssist.exe","7064","RegOpenKey","HKCR\CLSID\{1F486A52-3CB1-48FD-8F50-B8DC300D9F9D}","SUCCESS","Desired Access: Read"
  1989. "8:44:09.2381848 AM","QuickAssist.exe","7064","RegQueryKey","HKCR\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}","SUCCESS","Query: Name"
  1990. "8:44:09.2381946 AM","QuickAssist.exe","7064","RegQueryKey","HKCR\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}","SUCCESS","Query: HandleTags, HandleTags: 0x0"
  1991. "8:44:09.2382277 AM","QuickAssist.exe","7064","RegOpenKey","HKCU\Software\Classes\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\TreatAs","NAME NOT FOUND","Desired Access: Query Value"
  1992. "8:44:09.2382454 AM","QuickAssist.exe","7064","RegQueryKey","HKCR\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}","SUCCESS","Query: HandleTags, HandleTags: 0x0"
  1993. "8:44:09.2382622 AM","QuickAssist.exe","7064","RegOpenKey","HKCR\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\TreatAs","NAME NOT FOUND","Desired Access: Query Value"
  1994. "8:44:09.2382772 AM","QuickAssist.exe","7064","RegQueryKey","HKCR\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}","SUCCESS","Query: Name"
  1995. "8:44:09.2382948 AM","QuickAssist.exe","7064","RegQueryKey","HKCR\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}","SUCCESS","Query: Name"
  1996. "8:44:09.2383087 AM","QuickAssist.exe","7064","RegQueryKey","HKCR\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}","SUCCESS","Query: HandleTags, HandleTags: 0x0"
  1997. "8:44:09.2383254 AM","QuickAssist.exe","7064","RegOpenKey","HKCU\Software\Classes\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}","NAME NOT FOUND","Desired Access: Maximum Allowed"
  1998. "8:44:09.2383405 AM","QuickAssist.exe","7064","RegQueryValue","HKCR\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\ActivateOnHostFlags","NAME NOT FOUND","Length: 16"
  1999. "8:44:09.2383542 AM","QuickAssist.exe","7064","RegQueryKey","HKCR\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}","SUCCESS","Query: Name"
  2000. "8:44:09.2383717 AM","QuickAssist.exe","7064","RegQueryKey","HKCR\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}","SUCCESS","Query: HandleTags, HandleTags: 0x0"
  2001. "8:44:09.2383878 AM","QuickAssist.exe","7064","RegOpenKey","HKCU\Software\Classes\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}","NAME NOT FOUND","Desired Access: Maximum Allowed"
  2002. "8:44:09.2384028 AM","QuickAssist.exe","7064","RegQueryValue","HKCR\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\(Default)","BUFFER OVERFLOW","Length: 12"
  2003. "8:44:09.2384189 AM","QuickAssist.exe","7064","RegQueryKey","HKCR\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}","SUCCESS","Query: Name"
  2004. "8:44:09.2384334 AM","QuickAssist.exe","7064","RegQueryKey","HKCR\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}","SUCCESS","Query: HandleTags, HandleTags: 0x0"
  2005. "8:44:09.2384498 AM","QuickAssist.exe","7064","RegOpenKey","HKCU\Software\Classes\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}","NAME NOT FOUND","Desired Access: Maximum Allowed"
  2006. "8:44:09.2384650 AM","QuickAssist.exe","7064","RegQueryValue","HKCR\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\(Default)","SUCCESS","Type: REG_SZ, Length: 48, Data: Memory Mapped Cache Mgr"
  2007. "8:44:09.2384787 AM","QuickAssist.exe","7064","RegQueryKey","HKCR\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}","SUCCESS","Query: Name"
  2008. "8:44:09.2384936 AM","QuickAssist.exe","7064","RegQueryKey","HKCR\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}","SUCCESS","Query: HandleTags, HandleTags: 0x0"
  2009. "8:44:09.2385108 AM","QuickAssist.exe","7064","RegOpenKey","HKCU\Software\Classes\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InprocServer32","NAME NOT FOUND","Desired Access: Read"
  2010. "8:44:09.2385260 AM","QuickAssist.exe","7064","RegQueryKey","HKCR\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}","SUCCESS","Query: HandleTags, HandleTags: 0x0"
  2011. "8:44:09.2385398 AM","QuickAssist.exe","7064","RegOpenKey","HKCR\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InprocServer32","SUCCESS","Desired Access: Read"
  2012. "8:44:09.2385568 AM","QuickAssist.exe","7064","RegQueryKey","HKCR\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32","SUCCESS","Query: Name"
  2013. "8:44:09.2385726 AM","QuickAssist.exe","7064","RegQueryKey","HKCR\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32","SUCCESS","Query: HandleTags, HandleTags: 0x0"
  2014. "8:44:09.2385914 AM","QuickAssist.exe","7064","RegOpenKey","HKCU\Software\Classes\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32","NAME NOT FOUND","Desired Access: Maximum Allowed"
  2015. "8:44:09.2386073 AM","QuickAssist.exe","7064","RegQueryValue","HKCR\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32\InprocServer32","NAME NOT FOUND","Length: 12"
  2016. "8:44:09.2386215 AM","QuickAssist.exe","7064","RegQueryKey","HKCR\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32","SUCCESS","Query: Name"
  2017. "8:44:09.2386368 AM","QuickAssist.exe","7064","RegQueryKey","HKCR\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32","SUCCESS","Query: HandleTags, HandleTags: 0x0"
  2018. "8:44:09.2386536 AM","QuickAssist.exe","7064","RegOpenKey","HKCU\Software\Classes\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32","NAME NOT FOUND","Desired Access: Maximum Allowed"
  2019. "8:44:09.2386684 AM","QuickAssist.exe","7064","RegQueryValue","HKCR\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32\(Default)","BUFFER OVERFLOW","Length: 12"
  2020. "8:44:09.2386825 AM","QuickAssist.exe","7064","RegQueryKey","HKCR\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32","SUCCESS","Query: Name"
  2021. "8:44:09.2386970 AM","QuickAssist.exe","7064","RegQueryKey","HKCR\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32","SUCCESS","Query: HandleTags, HandleTags: 0x0"
  2022. "8:44:09.2387137 AM","QuickAssist.exe","7064","RegOpenKey","HKCU\Software\Classes\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32","NAME NOT FOUND","Desired Access: Maximum Allowed"
  2023. "8:44:09.2387323 AM","QuickAssist.exe","7064","RegQueryValue","HKCR\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32\(Default)","SUCCESS","Type: REG_EXPAND_SZ, Length: 68, Data: %SystemRoot%\system32\propsys.dll"
  2024. "8:44:09.2387477 AM","QuickAssist.exe","7064","RegQueryKey","HKCR\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32","SUCCESS","Query: Name"
  2025. "8:44:09.2387649 AM","QuickAssist.exe","7064","RegQueryKey","HKCR\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32","SUCCESS","Query: HandleTags, HandleTags: 0x0"
  2026. "8:44:09.2387802 AM","QuickAssist.exe","7064","RegOpenKey","HKCU\Software\Classes\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32","NAME NOT FOUND","Desired Access: Maximum Allowed"
  2027. "8:44:09.2387941 AM","QuickAssist.exe","7064","RegQueryValue","HKCR\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32\(Default)","SUCCESS","Type: REG_EXPAND_SZ, Length: 68, Data: %SystemRoot%\system32\propsys.dll"
  2028. "8:44:09.2388083 AM","QuickAssist.exe","7064","RegQueryKey","HKCR\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32","SUCCESS","Query: Name"
  2029. "8:44:09.2388232 AM","QuickAssist.exe","7064","RegQueryKey","HKCR\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32","SUCCESS","Query: HandleTags, HandleTags: 0x0"
  2030. "8:44:09.2388420 AM","QuickAssist.exe","7064","RegOpenKey","HKCU\Software\Classes\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32","NAME NOT FOUND","Desired Access: Maximum Allowed"
  2031. "8:44:09.2388569 AM","QuickAssist.exe","7064","RegQueryValue","HKCR\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32\ThreadingModel","SUCCESS","Type: REG_SZ, Length: 10, Data: Both"
  2032. "8:44:09.2388737 AM","QuickAssist.exe","7064","RegCloseKey","HKCR\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32","SUCCESS",""
  2033. "8:44:09.2388866 AM","QuickAssist.exe","7064","RegQueryKey","HKCR\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}","SUCCESS","Query: Name"
  2034. "8:44:09.2389016 AM","QuickAssist.exe","7064","RegQueryKey","HKCR\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}","SUCCESS","Query: HandleTags, HandleTags: 0x0"
  2035. "8:44:09.2389179 AM","QuickAssist.exe","7064","RegOpenKey","HKCU\Software\Classes\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InprocHandler32","NAME NOT FOUND","Desired Access: Query Value"
  2036. "8:44:09.2389317 AM","QuickAssist.exe","7064","RegQueryKey","HKCR\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}","SUCCESS","Query: HandleTags, HandleTags: 0x0"
  2037. "8:44:09.2389448 AM","QuickAssist.exe","7064","RegOpenKey","HKCR\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InprocHandler32","NAME NOT FOUND","Desired Access: Query Value"
  2038. "8:44:09.2389593 AM","QuickAssist.exe","7064","RegQueryKey","HKCR\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}","SUCCESS","Query: Name"
  2039. "8:44:09.2389740 AM","QuickAssist.exe","7064","RegQueryKey","HKCR\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}","SUCCESS","Query: HandleTags, HandleTags: 0x0"
  2040. "8:44:09.2389930 AM","QuickAssist.exe","7064","RegOpenKey","HKCU\Software\Classes\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InprocHandler","NAME NOT FOUND","Desired Access: Query Value"
  2041. "8:44:09.2390174 AM","QuickAssist.exe","7064","RegQueryKey","HKCR\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}","SUCCESS","Query: HandleTags, HandleTags: 0x0"
  2042. "8:44:09.2390321 AM","QuickAssist.exe","7064","RegOpenKey","HKCR\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InprocHandler","NAME NOT FOUND","Desired Access: Query Value"
  2043. "8:44:09.2390480 AM","QuickAssist.exe","7064","RegQueryKey","HKCR\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}","SUCCESS","Query: Name"
  2044. "8:44:09.2390655 AM","QuickAssist.exe","7064","RegQueryKey","HKCR\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}","SUCCESS","Query: HandleTags, HandleTags: 0x0"
  2045. "8:44:09.2390820 AM","QuickAssist.exe","7064","RegOpenKey","HKCU\Software\Classes\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\LocalServer32","NAME NOT FOUND","Desired Access: Read"
  2046. "8:44:09.2390961 AM","QuickAssist.exe","7064","RegQueryKey","HKCR\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}","SUCCESS","Query: HandleTags, HandleTags: 0x0"
  2047. "8:44:09.2391111 AM","QuickAssist.exe","7064","RegOpenKey","HKCR\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\LocalServer32","NAME NOT FOUND","Desired Access: Read"
  2048. "8:44:09.2391300 AM","QuickAssist.exe","7064","RegQueryKey","HKCR\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}","SUCCESS","Query: Name"
  2049. "8:44:09.2391449 AM","QuickAssist.exe","7064","RegQueryKey","HKCR\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}","SUCCESS","Query: HandleTags, HandleTags: 0x0"
  2050. "8:44:09.2391696 AM","QuickAssist.exe","7064","RegOpenKey","HKCU\Software\Classes\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}","NAME NOT FOUND","Desired Access: Maximum Allowed"
  2051. "8:44:09.2391850 AM","QuickAssist.exe","7064","RegQueryValue","HKCR\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\AppID","NAME NOT FOUND","Length: 112"
  2052. "8:44:09.2391987 AM","QuickAssist.exe","7064","RegQueryKey","HKCR\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}","SUCCESS","Query: Name"
  2053. "8:44:09.2392134 AM","QuickAssist.exe","7064","RegQueryKey","HKCR\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}","SUCCESS","Query: HandleTags, HandleTags: 0x0"
  2054. "8:44:09.2392342 AM","QuickAssist.exe","7064","RegOpenKey","HKCU\Software\Classes\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\LocalServer","NAME NOT FOUND","Desired Access: Query Value"
  2055. "8:44:09.2392440 AM","QuickAssist.exe","7064","RegQueryKey","HKCR\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}","SUCCESS","Query: HandleTags, HandleTags: 0x0"
  2056. "8:44:09.2392520 AM","QuickAssist.exe","7064","RegOpenKey","HKCR\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\LocalServer","NAME NOT FOUND","Desired Access: Query Value"
  2057. "8:44:09.2392621 AM","QuickAssist.exe","7064","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: Name"
  2058. "8:44:09.2392712 AM","QuickAssist.exe","7064","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x0"
  2059. "8:44:09.2392777 AM","QuickAssist.exe","7064","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x0"
  2060. "8:44:09.2392853 AM","QuickAssist.exe","7064","RegOpenKey","HKCU\Software\Classes\CLSID\{1F486A52-3CB1-48FD-8F50-B8DC300D9F9D}","NAME NOT FOUND","Desired Access: Read"
  2061. "8:44:09.2392942 AM","QuickAssist.exe","7064","RegOpenKey","HKCR\CLSID\{1F486A52-3CB1-48FD-8F50-B8DC300D9F9D}","SUCCESS","Desired Access: Read"
  2062. "8:44:09.2393040 AM","QuickAssist.exe","7064","RegQueryKey","HKCR\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}","SUCCESS","Query: Name"
  2063. "8:44:09.2393293 AM","QuickAssist.exe","7064","RegQueryKey","HKCR\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}","SUCCESS","Query: HandleTags, HandleTags: 0x0"
  2064. "8:44:09.2393388 AM","QuickAssist.exe","7064","RegOpenKey","HKCU\Software\Classes\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\Elevation","NAME NOT FOUND","Desired Access: Read"
  2065. "8:44:09.2393472 AM","QuickAssist.exe","7064","RegQueryKey","HKCR\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}","SUCCESS","Query: HandleTags, HandleTags: 0x0"
  2066. "8:44:09.2393542 AM","QuickAssist.exe","7064","RegOpenKey","HKCR\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\Elevation","NAME NOT FOUND","Desired Access: Read"
  2067. "8:44:09.2393641 AM","QuickAssist.exe","7064","RegCloseKey","HKCR\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}","SUCCESS",""
  2068. "8:44:09.2393716 AM","QuickAssist.exe","7064","RegCloseKey","HKCR\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}","SUCCESS",""
  2069. "8:44:09.2393859 AM","QuickAssist.exe","7064","RegOpenKey","HKCU\Software\Classes","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
  2070. "8:44:09.2393965 AM","QuickAssist.exe","7064","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: Name"
  2071. "8:44:09.2394047 AM","QuickAssist.exe","7064","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x0"
  2072. "8:44:09.2394107 AM","QuickAssist.exe","7064","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x0"
  2073. "8:44:09.2394176 AM","QuickAssist.exe","7064","RegOpenKey","HKCU\Software\Classes\CLSID\{1F486A52-3CB1-48FD-8F50-B8DC300D9F9D}","NAME NOT FOUND","Desired Access: Read"
  2074. "8:44:09.2394271 AM","QuickAssist.exe","7064","RegOpenKey","HKCR\CLSID\{1F486A52-3CB1-48FD-8F50-B8DC300D9F9D}","SUCCESS","Desired Access: Read"
  2075. "8:44:09.2394457 AM","QuickAssist.exe","7064","RegQueryKey","HKCR\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}","SUCCESS","Query: Name"
  2076. "8:44:09.2394653 AM","QuickAssist.exe","7064","RegQueryKey","HKCR\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}","SUCCESS","Query: HandleTags, HandleTags: 0x0"
  2077. "8:44:09.2394824 AM","QuickAssist.exe","7064","RegOpenKey","HKCU\Software\Classes\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\TreatAs","NAME NOT FOUND","Desired Access: Read"
  2078. "8:44:09.2394974 AM","QuickAssist.exe","7064","RegQueryKey","HKCR\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}","SUCCESS","Query: HandleTags, HandleTags: 0x0"
  2079. "8:44:09.2395111 AM","QuickAssist.exe","7064","RegOpenKey","HKCR\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\TreatAs","NAME NOT FOUND","Desired Access: Read"
  2080. "8:44:09.2395361 AM","QuickAssist.exe","7064","RegCloseKey","HKCR\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}","SUCCESS",""
  2081. "8:44:09.2396049 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\b1642597-285e-560a-7f60-7e02f5da22c0","NAME NOT FOUND","Length: 528"
  2082. "8:44:09.2396835 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\System\CurrentControlSet\Control\Notifications\418A073AA3BC8075","BUFFER TOO SMALL","Length: 0"
  2083. "8:44:09.2397217 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\System\CurrentControlSet\Control\Notifications\418A073AA3BC8075","SUCCESS","Type: REG_BINARY, Length: 364, Data: 01 00 04 80 00 00 00 00 00 00 00 00 00 00 00 00"
  2084. "8:44:09.2398811 AM","QuickAssist.exe","7064","CreateFile","C:\Windows\SysWOW64\propsys.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
  2085. "8:44:09.2399033 AM","QuickAssist.exe","7064","QueryBasicInformationFile","C:\Windows\SysWOW64\propsys.dll","SUCCESS","CreationTime: 11/28/2020 11:17:39 PM, LastAccessTime: 8/29/2022 8:22:55 AM, LastWriteTime: 11/28/2020 11:17:39 PM, ChangeTime: 11/28/2020 11:21:09 PM, FileAttributes: A"
  2086. "8:44:09.2399108 AM","QuickAssist.exe","7064","CloseFile","C:\Windows\SysWOW64\propsys.dll","SUCCESS",""
  2087. "8:44:09.2399751 AM","QuickAssist.exe","7064","CreateFile","C:\Windows\SysWOW64\propsys.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
  2088. "8:44:09.2399899 AM","QuickAssist.exe","7064","QueryNetworkOpenInformationFile","C:\Windows\SysWOW64\propsys.dll","SUCCESS","CreationTime: 11/28/2020 11:17:39 PM, LastAccessTime: 8/29/2022 8:22:55 AM, LastWriteTime: 11/28/2020 11:17:39 PM, ChangeTime: 11/28/2020 11:21:09 PM, AllocationSize: 458752, EndOfFile: 797448, FileAttributes: A"
  2089. "8:44:09.2399966 AM","QuickAssist.exe","7064","CloseFile","C:\Windows\SysWOW64\propsys.dll","SUCCESS",""
  2090. "8:44:09.2400701 AM","QuickAssist.exe","7064","CreateFile","C:\Windows\System32\propsys.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
  2091. "8:44:09.2400871 AM","QuickAssist.exe","7064","QueryNetworkOpenInformationFile","C:\Windows\System32\propsys.dll","SUCCESS","CreationTime: 11/28/2020 11:17:04 PM, LastAccessTime: 8/29/2022 8:44:09 AM, LastWriteTime: 11/28/2020 11:17:04 PM, ChangeTime: 11/28/2020 11:45:35 PM, AllocationSize: 520192, EndOfFile: 1009216, FileAttributes: A"
  2092. "8:44:09.2400932 AM","QuickAssist.exe","7064","CloseFile","C:\Windows\System32\propsys.dll","SUCCESS",""
  2093. "8:44:09.2402023 AM","QuickAssist.exe","7064","CreateFile","C:\Windows\SysWOW64\propsys.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
  2094. "8:44:09.2402178 AM","QuickAssist.exe","7064","QueryBasicInformationFile","C:\Windows\SysWOW64\propsys.dll","SUCCESS","CreationTime: 11/28/2020 11:17:39 PM, LastAccessTime: 8/29/2022 8:22:55 AM, LastWriteTime: 11/28/2020 11:17:39 PM, ChangeTime: 11/28/2020 11:21:09 PM, FileAttributes: A"
  2095. "8:44:09.2402244 AM","QuickAssist.exe","7064","CloseFile","C:\Windows\SysWOW64\propsys.dll","SUCCESS",""
  2096. "8:44:09.2402874 AM","QuickAssist.exe","7064","CreateFile","C:\Windows\SysWOW64\propsys.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
  2097. "8:44:09.2403016 AM","QuickAssist.exe","7064","QueryNetworkOpenInformationFile","C:\Windows\SysWOW64\propsys.dll","SUCCESS","CreationTime: 11/28/2020 11:17:39 PM, LastAccessTime: 8/29/2022 8:22:55 AM, LastWriteTime: 11/28/2020 11:17:39 PM, ChangeTime: 11/28/2020 11:21:09 PM, AllocationSize: 458752, EndOfFile: 797448, FileAttributes: A"
  2098. "8:44:09.2403079 AM","QuickAssist.exe","7064","CloseFile","C:\Windows\SysWOW64\propsys.dll","SUCCESS",""
  2099. "8:44:09.2403740 AM","QuickAssist.exe","7064","CreateFile","C:\Windows\System32\propsys.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
  2100. "8:44:09.2403885 AM","QuickAssist.exe","7064","QueryNetworkOpenInformationFile","C:\Windows\System32\propsys.dll","SUCCESS","CreationTime: 11/28/2020 11:17:04 PM, LastAccessTime: 8/29/2022 8:44:09 AM, LastWriteTime: 11/28/2020 11:17:04 PM, ChangeTime: 11/28/2020 11:45:35 PM, AllocationSize: 520192, EndOfFile: 1009216, FileAttributes: A"
  2101. "8:44:09.2403944 AM","QuickAssist.exe","7064","CloseFile","C:\Windows\System32\propsys.dll","SUCCESS",""
  2102. "8:44:09.2407779 AM","QuickAssist.exe","7064","Thread Create","","SUCCESS","Thread ID: 6552"
  2103. "8:44:09.2408035 AM","QuickAssist.exe","7064","CreateFile","C:\Program Files (x86)\Microsoft\EdgeWebView\Application\104.0.1293.70\msedgewebview2.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
  2104. "8:44:09.2408164 AM","QuickAssist.exe","7064","QueryBasicInformationFile","C:\Program Files (x86)\Microsoft\EdgeWebView\Application\104.0.1293.70\msedgewebview2.exe","SUCCESS","CreationTime: 8/28/2022 8:39:06 PM, LastAccessTime: 8/29/2022 8:23:12 AM, LastWriteTime: 8/25/2022 2:57:38 AM, ChangeTime: 8/28/2022 8:39:07 PM, FileAttributes: A"
  2105. "8:44:09.2408234 AM","QuickAssist.exe","7064","CloseFile","C:\Program Files (x86)\Microsoft\EdgeWebView\Application\104.0.1293.70\msedgewebview2.exe","SUCCESS",""
  2106. "8:44:09.2413052 AM","QuickAssist.exe","7064","CreateFile","C:\Program Files (x86)\Microsoft\EdgeWebView\Application\104.0.1293.70\msedgewebview2.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
  2107. "8:44:09.2413237 AM","QuickAssist.exe","7064","QueryBasicInformationFile","C:\Program Files (x86)\Microsoft\EdgeWebView\Application\104.0.1293.70\msedgewebview2.exe","SUCCESS","CreationTime: 8/28/2022 8:39:06 PM, LastAccessTime: 8/29/2022 8:23:12 AM, LastWriteTime: 8/25/2022 2:57:38 AM, ChangeTime: 8/28/2022 8:39:07 PM, FileAttributes: A"
  2108. "8:44:09.2413395 AM","QuickAssist.exe","7064","CloseFile","C:\Program Files (x86)\Microsoft\EdgeWebView\Application\104.0.1293.70\msedgewebview2.exe","SUCCESS",""
  2109. "8:44:09.2414347 AM","QuickAssist.exe","7064","CreateFile","C:\Program Files (x86)\Microsoft\EdgeWebView\Application\104.0.1293.70\msedgewebview2.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
  2110. "8:44:09.2414501 AM","QuickAssist.exe","7064","QueryBasicInformationFile","C:\Program Files (x86)\Microsoft\EdgeWebView\Application\104.0.1293.70\msedgewebview2.exe","SUCCESS","CreationTime: 8/28/2022 8:39:06 PM, LastAccessTime: 8/29/2022 8:23:12 AM, LastWriteTime: 8/25/2022 2:57:38 AM, ChangeTime: 8/28/2022 8:39:07 PM, FileAttributes: A"
  2111. "8:44:09.2414593 AM","QuickAssist.exe","7064","CloseFile","C:\Program Files (x86)\Microsoft\EdgeWebView\Application\104.0.1293.70\msedgewebview2.exe","SUCCESS",""
  2112. "8:44:09.2415137 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msedgewebview2.exe","NAME NOT FOUND","Desired Access: Query Value, Enumerate Sub Keys"
  2113. "8:44:09.2415292 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\Software\Microsoft\Wow64\x86\xtajit","NAME NOT FOUND","Desired Access: Query Value"
  2114. "8:44:09.2415861 AM","QuickAssist.exe","7064","CreateFile","C:\Program Files (x86)\Microsoft\EdgeWebView\Application\104.0.1293.70\msedgewebview2.exe","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
  2115. "8:44:09.2416129 AM","QuickAssist.exe","7064","CreateFileMapping","C:\Program Files (x86)\Microsoft\EdgeWebView\Application\104.0.1293.70\msedgewebview2.exe","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READ|PAGE_NOCACHE"
  2116. "8:44:09.2416433 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Read"
  2117. "8:44:09.2416585 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Read"
  2118. "8:44:09.2416719 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 20"
  2119. "8:44:09.2416839 AM","QuickAssist.exe","7064","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS",""
  2120. "8:44:09.2416957 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Query Value"
  2121. "8:44:09.2417083 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Query Value"
  2122. "8:44:09.2417201 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 80"
  2123. "8:44:09.2417359 AM","QuickAssist.exe","7064","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS",""
  2124. "8:44:09.2417481 AM","QuickAssist.exe","7064","CreateFileMapping","C:\Program Files (x86)\Microsoft\EdgeWebView\Application\104.0.1293.70\msedgewebview2.exe","SUCCESS","SyncType: SyncTypeOther"
  2125. "8:44:09.2417807 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msedgewebview2.exe","NAME NOT FOUND","Desired Access: Query Value, Enumerate Sub Keys"
  2126. "8:44:09.2418065 AM","QuickAssist.exe","7064","QuerySecurityFile","C:\Program Files (x86)\Microsoft\EdgeWebView\Application\104.0.1293.70\msedgewebview2.exe","SUCCESS","Information: Label"
  2127. "8:44:09.2418465 AM","QuickAssist.exe","7064","QueryNameInformationFile","C:\Program Files (x86)\Microsoft\EdgeWebView\Application\104.0.1293.70\msedgewebview2.exe","SUCCESS","Name: \Program Files (x86)\Microsoft\EdgeWebView\Application\104.0.1293.70\msedgewebview2.exe"
  2128. "8:44:09.2422239 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\System\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-4154835769-2933532478-2743509022-1003","SUCCESS","Desired Access: All Access"
  2129. "8:44:09.2422359 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\System\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-4154835769-2933532478-2743509022-1003\\Device\HarddiskVolume2\Program Files (x86)\Microsoft\EdgeWebView\Application\104.0.1293.70\msedgewebview2.exe","SUCCESS","Type: REG_BINARY, Length: 24, Data: 95 C1 08 D6 88 BB D8 01 00 00 00 00 00 00 00 00"
  2130. "8:44:09.2422488 AM","QuickAssist.exe","7064","RegSetValue","HKLM\System\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-4154835769-2933532478-2743509022-1003\\Device\HarddiskVolume2\Program Files (x86)\Microsoft\EdgeWebView\Application\104.0.1293.70\msedgewebview2.exe","SUCCESS","Type: REG_BINARY, Length: 24, Data: EE A0 68 08 A5 BB D8 01 00 00 00 00 00 00 00 00"
  2131. "8:44:09.2423181 AM","QuickAssist.exe","7064","RegCloseKey","HKLM\System\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-4154835769-2933532478-2743509022-1003","SUCCESS",""
  2132. "8:44:09.2423290 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\BAM","REPARSE","Desired Access: Query Value"
  2133. "8:44:09.2423378 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\System\CurrentControlSet\Control\Session Manager\BAM","NAME NOT FOUND","Desired Access: Query Value"
  2134. "8:44:09.2423583 AM","QuickAssist.exe","7064","Process Create","C:\Program Files (x86)\Microsoft\EdgeWebView\Application\104.0.1293.70\msedgewebview2.exe","SUCCESS","PID: 7004, Command line: ""C:\Program Files (x86)\Microsoft\EdgeWebView\Application\104.0.1293.70\msedgewebview2.exe"" --embedded-browser-webview=1 --webview-exe-name=QuickAssist.exe --webview-exe-version=10.0.25054.1000 --user-data-dir=""C:\Users\Admin\AppData\Local\Temp\\QuickAssist\EBWebView"" --noerrdialogs --embedded-browser-webview-dpi-awareness=2 --disable-features=msSmartScreenProtection --enable-features=msSingleSignOnOSForPrimaryAccountIsShared --mojo-named-platform-channel-pipe=7064.10992.12042031145835532166"
  2135. "8:44:09.2423897 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\System\CurrentControlSet\Control\Session Manager\AppCertDlls","REPARSE","Desired Access: Query Value"
  2136. "8:44:09.2423972 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\System\CurrentControlSet\Control\Session Manager\AppCertDlls","NAME NOT FOUND","Desired Access: Query Value"
  2137. "8:44:09.2424157 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\System\CurrentControlSet\Control\SafeBoot\Option","REPARSE","Desired Access: Query Value, Set Value"
  2138. "8:44:09.2424396 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\System\CurrentControlSet\Control\SafeBoot\Option","NAME NOT FOUND","Desired Access: Query Value, Set Value"
  2139. "8:44:09.2424595 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers","SUCCESS","Desired Access: Query Value"
  2140. "8:44:09.2424785 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\SOFTWARE\Policies\Microsoft\Windows\safer\CodeIdentifiers\TransparentEnabled","NAME NOT FOUND","Length: 80"
  2141. "8:44:09.2424894 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\SOFTWARE\Policies\Microsoft\Windows\safer\CodeIdentifiers\AuthenticodeEnabled","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
  2142. "8:44:09.2425015 AM","QuickAssist.exe","7064","RegCloseKey","HKLM\SOFTWARE\Policies\Microsoft\Windows\safer\CodeIdentifiers","SUCCESS",""
  2143. "8:44:09.2425151 AM","QuickAssist.exe","7064","RegOpenKey","HKCU\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers","NAME NOT FOUND","Desired Access: Query Value"
  2144. "8:44:09.2425598 AM","QuickAssist.exe","7064","RegOpenKey","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders","SUCCESS","Desired Access: Query Value"
  2145. "8:44:09.2425746 AM","QuickAssist.exe","7064","RegQueryValue","HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cache","SUCCESS","Type: REG_SZ, Length: 114, Data: C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache"
  2146. "8:44:09.2425899 AM","QuickAssist.exe","7064","RegCloseKey","HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders","SUCCESS",""
  2147. "8:44:09.2426069 AM","QuickAssist.exe","7064","RegOpenKey","HKCU\Software\Microsoft\Windows NT\CurrentVersion","SUCCESS","Desired Access: Enumerate Sub Keys"
  2148. "8:44:09.2426262 AM","QuickAssist.exe","7064","RegOpenKey","HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers","SUCCESS","Desired Access: Query Value"
  2149. "8:44:09.2426412 AM","QuickAssist.exe","7064","RegQueryValue","HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Program Files (x86)\Microsoft\EdgeWebView\Application\104.0.1293.70\msedgewebview2.exe","NAME NOT FOUND","Length: 16"
  2150. "8:44:09.2426570 AM","QuickAssist.exe","7064","RegCloseKey","HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers","SUCCESS",""
  2151. "8:44:09.2426872 AM","QuickAssist.exe","7064","QuerySecurityFile","C:\Program Files (x86)\Microsoft\EdgeWebView\Application\104.0.1293.70\msedgewebview2.exe","SUCCESS","Information: Owner, Group, DACL, SACL, Label, Attribute, Process Trust Label, 0x100"
  2152. "8:44:09.2427446 AM","QuickAssist.exe","7064","CreateFile","C:\Windows\apppatch\sysmain.sdb","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, AllocationSize: n/a, OpenResult: Opened"
  2153. "8:44:09.2427725 AM","QuickAssist.exe","7064","QueryBasicInformationFile","C:\Windows\apppatch\sysmain.sdb","SUCCESS","CreationTime: 11/28/2020 11:16:48 PM, LastAccessTime: 8/29/2022 8:44:09 AM, LastWriteTime: 11/28/2020 11:16:48 PM, ChangeTime: 11/28/2020 11:21:06 PM, FileAttributes: A"
  2154. "8:44:09.2427780 AM","QuickAssist.exe","7064","CloseFile","C:\Windows\apppatch\sysmain.sdb","SUCCESS",""
  2155. "8:44:09.2427964 AM","QuickAssist.exe","7064","QueryBasicInformationFile","C:\Program Files (x86)\Microsoft\EdgeWebView\Application\104.0.1293.70\msedgewebview2.exe","SUCCESS","CreationTime: 8/28/2022 8:39:06 PM, LastAccessTime: 8/29/2022 8:23:12 AM, LastWriteTime: 8/25/2022 2:57:38 AM, ChangeTime: 8/28/2022 8:39:07 PM, FileAttributes: A"
  2156. "8:44:09.2428654 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\Software\Microsoft\Windows\CurrentVersion\SideBySide","SUCCESS","Desired Access: Read"
  2157. "8:44:09.2428782 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest","NAME NOT FOUND","Length: 20"
  2158. "8:44:09.2428867 AM","QuickAssist.exe","7064","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide","SUCCESS",""
  2159. "8:44:09.2436142 AM","QuickAssist.exe","7064","CloseFile","C:\Program Files (x86)\Microsoft\EdgeWebView\Application\104.0.1293.70\msedgewebview2.exe","SUCCESS",""
  2160. "8:44:09.2438098 AM","QuickAssist.exe","7064","CreateFile","C:\Program Files (x86)\Microsoft\EdgeWebView\Application","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
  2161. "8:44:09.2438228 AM","QuickAssist.exe","7064","QueryBasicInformationFile","C:\Program Files (x86)\Microsoft\EdgeWebView\Application","SUCCESS","CreationTime: 8/28/2022 8:39:07 PM, LastAccessTime: 8/29/2022 8:44:09 AM, LastWriteTime: 8/28/2022 8:39:07 PM, ChangeTime: 8/28/2022 8:39:07 PM, FileAttributes: D"
  2162. "8:44:09.2438292 AM","QuickAssist.exe","7064","CloseFile","C:\Program Files (x86)\Microsoft\EdgeWebView\Application","SUCCESS",""
  2163. "8:44:09.2438704 AM","QuickAssist.exe","7064","CreateFile","C:\Program Files (x86)\Microsoft\EdgeWebView\Application","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
  2164. "8:44:09.2438818 AM","QuickAssist.exe","7064","QueryDirectory","C:\Program Files (x86)\Microsoft\EdgeWebView\Application\*","SUCCESS","FileInformationClass: FileFullDirectoryInformation, Filter: *, 2: ."
  2165. "8:44:09.2439204 AM","QuickAssist.exe","7064","QueryDirectory","C:\Program Files (x86)\Microsoft\EdgeWebView\Application","SUCCESS","FileInformationClass: FileFullDirectoryInformation, 1: .., 2: 104.0.1293.70, 3: SetupMetrics"
  2166. "8:44:09.2439763 AM","QuickAssist.exe","7064","QueryDirectory","C:\Program Files (x86)\Microsoft\EdgeWebView\Application","NO MORE FILES","FileInformationClass: FileFullDirectoryInformation"
  2167. "8:44:09.2439867 AM","QuickAssist.exe","7064","CloseFile","C:\Program Files (x86)\Microsoft\EdgeWebView\Application","SUCCESS",""
  2168. "8:44:09.5016955 AM","QuickAssist.exe","7064","CreateFile","C:\Windows\System32\dbghelp.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
  2169. "8:44:09.5017216 AM","QuickAssist.exe","7064","QueryBasicInformationFile","C:\Windows\System32\dbghelp.dll","SUCCESS","CreationTime: 11/28/2020 11:17:17 PM, LastAccessTime: 8/29/2022 8:44:09 AM, LastWriteTime: 11/28/2020 11:17:17 PM, ChangeTime: 11/28/2020 11:43:01 PM, FileAttributes: A"
  2170. "8:44:09.5017315 AM","QuickAssist.exe","7064","CloseFile","C:\Windows\System32\dbghelp.dll","SUCCESS",""
  2171. "8:44:09.5017914 AM","QuickAssist.exe","7064","CreateFile","C:\Windows\System32\dbghelp.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
  2172. "8:44:09.5018143 AM","QuickAssist.exe","7064","CreateFileMapping","C:\Windows\System32\dbghelp.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READWRITE|PAGE_NOCACHE"
  2173. "8:44:09.5018356 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Read"
  2174. "8:44:09.5018506 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Read"
  2175. "8:44:09.5018609 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 20"
  2176. "8:44:09.5018705 AM","QuickAssist.exe","7064","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS",""
  2177. "8:44:09.5018798 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Query Value"
  2178. "8:44:09.5018909 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Query Value"
  2179. "8:44:09.5018996 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 80"
  2180. "8:44:09.5019076 AM","QuickAssist.exe","7064","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS",""
  2181. "8:44:09.5019163 AM","QuickAssist.exe","7064","CreateFileMapping","C:\Windows\System32\dbghelp.dll","SUCCESS","SyncType: SyncTypeOther"
  2182. "8:44:09.5019827 AM","QuickAssist.exe","7064","Load Image","C:\Windows\System32\dbghelp.dll","SUCCESS","Image Base: 0x7ffe56a30000, Image Size: 0x1e4000"
  2183. "8:44:09.5021101 AM","QuickAssist.exe","7064","CloseFile","C:\Windows\System32\dbghelp.dll","SUCCESS",""
  2184. "8:44:09.5024654 AM","QuickAssist.exe","7064","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
  2185. "8:44:09.5024770 AM","QuickAssist.exe","7064","RegOpenKey","HKCU\SOFTWARE\Microsoft\QuickAssist","NAME NOT FOUND","Desired Access: Query Value"
  2186. "8:44:09.7966946 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Data.Json.JsonValue","SUCCESS","Desired Access: Read"
  2187. "8:44:09.7967221 AM","QuickAssist.exe","7064","RegQueryKey","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Data.Json.JsonValue","SUCCESS","Query: Basic, Name: Windows.Data.Json.JsonValue"
  2188. "8:44:09.7967376 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Data.Json.JsonValue\ActivationType","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
  2189. "8:44:09.7967487 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Data.Json.JsonValue\Server","NAME NOT FOUND","Length: 144"
  2190. "8:44:09.7967572 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Data.Json.JsonValue\DllPath","SUCCESS","Type: REG_SZ, Length: 72, Data: C:\Windows\System32\Windows.Web.dll"
  2191. "8:44:09.7967654 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Data.Json.JsonValue\Threading","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
  2192. "8:44:09.7967724 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Data.Json.JsonValue\TrustLevel","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
  2193. "8:44:09.7967803 AM","QuickAssist.exe","7064","RegQueryKey","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Data.Json.JsonValue","SUCCESS","Query: HandleTags, HandleTags: 0x0"
  2194. "8:44:09.7967889 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Data.Json.JsonValue\CustomAttributes","NAME NOT FOUND","Desired Access: Read"
  2195. "8:44:09.7968042 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Data.Json.JsonValue\RemoteServer","NAME NOT FOUND","Length: 144"
  2196. "8:44:09.7968155 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Data.Json.JsonValue\ActivateAsUser","NAME NOT FOUND","Length: 16"
  2197. "8:44:09.7968232 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Data.Json.JsonValue\ActivateInSharedBroker","NAME NOT FOUND","Length: 16"
  2198. "8:44:09.7968307 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Data.Json.JsonValue\ActivateInBrokerForMediumILContainer","NAME NOT FOUND","Length: 16"
  2199. "8:44:09.7968381 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Data.Json.JsonValue\Permissions","NAME NOT FOUND","Length: 140"
  2200. "8:44:09.7968446 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Data.Json.JsonValue\ActivateOnHostFlags","NAME NOT FOUND","Length: 16"
  2201. "8:44:09.7968594 AM","QuickAssist.exe","7064","RegCloseKey","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Data.Json.JsonValue","SUCCESS",""
  2202. "8:44:09.7969057 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.Package","SUCCESS","Desired Access: Read"
  2203. "8:44:09.7969180 AM","QuickAssist.exe","7064","RegQueryKey","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.Package","SUCCESS","Query: Basic, Name: Windows.ApplicationModel.Package"
  2204. "8:44:09.7969271 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.Package\ActivationType","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
  2205. "8:44:09.7969344 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.Package\Server","NAME NOT FOUND","Length: 144"
  2206. "8:44:09.7969410 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.Package\DllPath","SUCCESS","Type: REG_SZ, Length: 98, Data: C:\Windows\System32\Windows.ApplicationModel.dll"
  2207. "8:44:09.7969489 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.Package\Threading","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
  2208. "8:44:09.7969553 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.Package\TrustLevel","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
  2209. "8:44:09.7969630 AM","QuickAssist.exe","7064","RegQueryKey","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.Package","SUCCESS","Query: HandleTags, HandleTags: 0x0"
  2210. "8:44:09.7969708 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.Package\CustomAttributes","NAME NOT FOUND","Desired Access: Read"
  2211. "8:44:09.7969790 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.Package\RemoteServer","NAME NOT FOUND","Length: 144"
  2212. "8:44:09.7969856 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.Package\ActivateAsUser","NAME NOT FOUND","Length: 16"
  2213. "8:44:09.7969920 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.Package\ActivateInSharedBroker","NAME NOT FOUND","Length: 16"
  2214. "8:44:09.7969986 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.Package\ActivateInBrokerForMediumILContainer","NAME NOT FOUND","Length: 16"
  2215. "8:44:09.7970055 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.Package\Permissions","NAME NOT FOUND","Length: 140"
  2216. "8:44:09.7970118 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.Package\ActivateOnHostFlags","NAME NOT FOUND","Length: 16"
  2217. "8:44:09.7970230 AM","QuickAssist.exe","7064","RegCloseKey","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.Package","SUCCESS",""
  2218. "8:44:09.7971403 AM","QuickAssist.exe","7064","CreateFile","C:\Windows\System32\Windows.ApplicationModel.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
  2219. "8:44:09.7971606 AM","QuickAssist.exe","7064","QueryBasicInformationFile","C:\Windows\System32\Windows.ApplicationModel.dll","SUCCESS","CreationTime: 11/28/2020 11:16:50 PM, LastAccessTime: 8/29/2022 8:42:36 AM, LastWriteTime: 11/28/2020 11:16:50 PM, ChangeTime: 12/9/2020 2:07:28 AM, FileAttributes: A"
  2220. "8:44:09.7971698 AM","QuickAssist.exe","7064","CloseFile","C:\Windows\System32\Windows.ApplicationModel.dll","SUCCESS",""
  2221. "8:44:09.7972191 AM","QuickAssist.exe","7064","CreateFile","C:\Windows\System32\Windows.ApplicationModel.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
  2222. "8:44:09.7972423 AM","QuickAssist.exe","7064","CreateFileMapping","C:\Windows\System32\Windows.ApplicationModel.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READWRITE|PAGE_NOCACHE"
  2223. "8:44:09.7972651 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Read"
  2224. "8:44:09.7972792 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Read"
  2225. "8:44:09.7972903 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 20"
  2226. "8:44:09.7972997 AM","QuickAssist.exe","7064","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS",""
  2227. "8:44:09.7973124 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Query Value"
  2228. "8:44:09.7973214 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Query Value"
  2229. "8:44:09.7973300 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 80"
  2230. "8:44:09.7973384 AM","QuickAssist.exe","7064","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS",""
  2231. "8:44:09.7973475 AM","QuickAssist.exe","7064","CreateFileMapping","C:\Windows\System32\Windows.ApplicationModel.dll","SUCCESS","SyncType: SyncTypeOther"
  2232. "8:44:09.7974246 AM","QuickAssist.exe","7064","Load Image","C:\Windows\System32\Windows.ApplicationModel.dll","SUCCESS","Image Base: 0x7ffe53f30000, Image Size: 0xe7000"
  2233. "8:44:09.7975898 AM","QuickAssist.exe","7064","CloseFile","C:\Windows\System32\Windows.ApplicationModel.dll","SUCCESS",""
  2234. "8:44:09.7977401 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\eadb8f1b-577d-4d09-8104-b61a3d9036e5","NAME NOT FOUND","Length: 528"
  2235. "8:44:09.7977976 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\eadb8f1b-577d-4d09-8104-b61a3d9036e5","NAME NOT FOUND","Length: 528"
  2236. "8:44:10.0107560 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.UI.ViewManagement.InputPane","SUCCESS","Desired Access: Read"
  2237. "8:44:10.0107815 AM","QuickAssist.exe","7064","RegQueryKey","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.UI.ViewManagement.InputPane","SUCCESS","Query: Basic, Name: Windows.UI.ViewManagement.InputPane"
  2238. "8:44:10.0107968 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.UI.ViewManagement.InputPane\ActivationType","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
  2239. "8:44:10.0108116 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.UI.ViewManagement.InputPane\Server","NAME NOT FOUND","Length: 144"
  2240. "8:44:10.0108194 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.UI.ViewManagement.InputPane\DllPath","SUCCESS","Type: REG_SZ, Length: 64, Data: C:\Windows\System32\twinapi.dll"
  2241. "8:44:10.0108278 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.UI.ViewManagement.InputPane\Threading","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1"
  2242. "8:44:10.0108392 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.UI.ViewManagement.InputPane\TrustLevel","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
  2243. "8:44:10.0108472 AM","QuickAssist.exe","7064","RegQueryKey","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.UI.ViewManagement.InputPane","SUCCESS","Query: HandleTags, HandleTags: 0x0"
  2244. "8:44:10.0108555 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.UI.ViewManagement.InputPane\CustomAttributes","NAME NOT FOUND","Desired Access: Read"
  2245. "8:44:10.0108645 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.UI.ViewManagement.InputPane\RemoteServer","NAME NOT FOUND","Length: 144"
  2246. "8:44:10.0108709 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.UI.ViewManagement.InputPane\ActivateAsUser","NAME NOT FOUND","Length: 16"
  2247. "8:44:10.0108770 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.UI.ViewManagement.InputPane\ActivateInSharedBroker","NAME NOT FOUND","Length: 16"
  2248. "8:44:10.0108839 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.UI.ViewManagement.InputPane\ActivateInBrokerForMediumILContainer","NAME NOT FOUND","Length: 16"
  2249. "8:44:10.0108906 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.UI.ViewManagement.InputPane\Permissions","NAME NOT FOUND","Length: 140"
  2250. "8:44:10.0108974 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.UI.ViewManagement.InputPane\ActivateOnHostFlags","NAME NOT FOUND","Length: 16"
  2251. "8:44:10.0109125 AM","QuickAssist.exe","7064","RegCloseKey","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.UI.ViewManagement.InputPane","SUCCESS",""
  2252. "8:44:10.0110300 AM","QuickAssist.exe","7064","CreateFile","C:\Windows\System32\twinapi.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
  2253. "8:44:10.0110581 AM","QuickAssist.exe","7064","QueryBasicInformationFile","C:\Windows\System32\twinapi.dll","SUCCESS","CreationTime: 11/28/2020 11:16:46 PM, LastAccessTime: 8/29/2022 8:42:37 AM, LastWriteTime: 11/28/2020 11:16:46 PM, ChangeTime: 12/1/2020 9:50:37 PM, FileAttributes: A"
  2254. "8:44:10.0110672 AM","QuickAssist.exe","7064","CloseFile","C:\Windows\System32\twinapi.dll","SUCCESS",""
  2255. "8:44:10.0111089 AM","QuickAssist.exe","7064","CreateFile","C:\Windows\System32\twinapi.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
  2256. "8:44:10.0111293 AM","QuickAssist.exe","7064","CreateFileMapping","C:\Windows\System32\twinapi.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READWRITE|PAGE_NOCACHE"
  2257. "8:44:10.0111499 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Read"
  2258. "8:44:10.0111626 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Read"
  2259. "8:44:10.0111731 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 20"
  2260. "8:44:10.0111821 AM","QuickAssist.exe","7064","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS",""
  2261. "8:44:10.0111912 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Query Value"
  2262. "8:44:10.0111997 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Query Value"
  2263. "8:44:10.0112077 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 80"
  2264. "8:44:10.0112216 AM","QuickAssist.exe","7064","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS",""
  2265. "8:44:10.0112319 AM","QuickAssist.exe","7064","CreateFileMapping","C:\Windows\System32\twinapi.dll","SUCCESS","SyncType: SyncTypeOther"
  2266. "8:44:10.0113224 AM","QuickAssist.exe","7064","Load Image","C:\Windows\System32\twinapi.dll","SUCCESS","Image Base: 0x7ffe55460000, Image Size: 0xa9000"
  2267. "8:44:10.0114665 AM","QuickAssist.exe","7064","CloseFile","C:\Windows\System32\twinapi.dll","SUCCESS",""
  2268. "8:44:10.0118091 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\SOFTWARE\Policies\Microsoft\Windows\Appx","SUCCESS","Desired Access: Read"
  2269. "8:44:10.0118277 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\SOFTWARE\Policies\Microsoft\Windows\Appx\AllowDevelopmentWithoutDevLicense","SUCCESS","Type: REG_DWORD, Length: 4, Data: 65535"
  2270. "8:44:10.0118407 AM","QuickAssist.exe","7064","RegCloseKey","HKLM\SOFTWARE\Policies\Microsoft\Windows\Appx","SUCCESS",""
  2271. "8:44:10.0118521 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModelUnlock","SUCCESS","Desired Access: Read"
  2272. "8:44:10.0118649 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModelUnlock\AllowDevelopmentWithoutDevLicense","NAME NOT FOUND","Length: 24"
  2273. "8:44:10.0118728 AM","QuickAssist.exe","7064","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModelUnlock","SUCCESS",""
  2274. "8:44:10.0120399 AM","QuickAssist.exe","7064","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: Name"
  2275. "8:44:10.0120512 AM","QuickAssist.exe","7064","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x0"
  2276. "8:44:10.0120576 AM","QuickAssist.exe","7064","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x0"
  2277. "8:44:10.0120659 AM","QuickAssist.exe","7064","RegOpenKey","HKCU\Software\Classes\AppID\QuickAssist.exe","NAME NOT FOUND","Desired Access: Read"
  2278. "8:44:10.0120775 AM","QuickAssist.exe","7064","RegOpenKey","HKCR\AppID\QuickAssist.exe","NAME NOT FOUND","Desired Access: Read"
  2279. "8:44:10.0120905 AM","QuickAssist.exe","7064","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: Name"
  2280. "8:44:10.0120991 AM","QuickAssist.exe","7064","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x0"
  2281. "8:44:10.0121073 AM","QuickAssist.exe","7064","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: Name"
  2282. "8:44:10.0121182 AM","QuickAssist.exe","7064","RegOpenKey","HKCU\Software\Classes\AppID\QuickAssist.exe","NAME NOT FOUND","Desired Access: Read"
  2283. "8:44:10.0121283 AM","QuickAssist.exe","7064","RegOpenKey","HKCR\AppID\QuickAssist.exe","NAME NOT FOUND","Desired Access: Read"
  2284. "8:44:10.0121392 AM","QuickAssist.exe","7064","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
  2285. "8:44:10.0121466 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\Software\Microsoft\OLE\AppCompat","SUCCESS","Desired Access: Read"
  2286. "8:44:10.0121576 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\SOFTWARE\Microsoft\Ole\AppCompat\RaiseDefaultAuthnLevel","NAME NOT FOUND","Length: 16"
  2287. "8:44:10.0121662 AM","QuickAssist.exe","7064","RegCloseKey","HKLM\SOFTWARE\Microsoft\Ole\AppCompat","SUCCESS",""
  2288. "8:44:10.0121727 AM","QuickAssist.exe","7064","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
  2289. "8:44:10.0121793 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\SOFTWARE\Microsoft\OLE","SUCCESS","Desired Access: Read"
  2290. "8:44:10.0121877 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\SOFTWARE\Microsoft\Ole\DefaultAccessPermission","NAME NOT FOUND","Length: 144"
  2291. "8:44:10.0122835 AM","QuickAssist.exe","7064","CreateFile","C:\Windows\System32\rpcss.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
  2292. "8:44:10.0123057 AM","QuickAssist.exe","7064","QueryBasicInformationFile","C:\Windows\System32\rpcss.dll","SUCCESS","CreationTime: 11/28/2020 11:17:17 PM, LastAccessTime: 8/29/2022 8:44:09 AM, LastWriteTime: 11/28/2020 11:17:17 PM, ChangeTime: 11/28/2020 11:21:07 PM, FileAttributes: A"
  2293. "8:44:10.0123144 AM","QuickAssist.exe","7064","CloseFile","C:\Windows\System32\rpcss.dll","SUCCESS",""
  2294. "8:44:10.0123590 AM","QuickAssist.exe","7064","CreateFile","C:\Windows\System32\rpcss.dll","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
  2295. "8:44:10.0123867 AM","QuickAssist.exe","7064","CreateFileMapping","C:\Windows\System32\rpcss.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READWRITE|PAGE_NOCACHE"
  2296. "8:44:10.0123993 AM","QuickAssist.exe","7064","QueryStandardInformationFile","C:\Windows\System32\rpcss.dll","SUCCESS","AllocationSize: 770,048, EndOfFile: 1,330,688, NumberOfLinks: 2, DeletePending: False, Directory: False"
  2297. "8:44:10.0124235 AM","QuickAssist.exe","7064","CreateFileMapping","C:\Windows\System32\rpcss.dll","SUCCESS","SyncType: SyncTypeOther"
  2298. "8:44:10.0124639 AM","QuickAssist.exe","7064","CloseFile","C:\Windows\System32\rpcss.dll","SUCCESS",""
  2299. "8:44:10.0124942 AM","QuickAssist.exe","7064","RegCloseKey","HKLM\SOFTWARE\Microsoft\Ole","SUCCESS",""
  2300. "8:44:10.0126357 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\System\CurrentControlSet\Control\Lsa","REPARSE","Desired Access: Query Value"
  2301. "8:44:10.0126481 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\System\CurrentControlSet\Control\Lsa","SUCCESS","Desired Access: Query Value"
  2302. "8:44:10.0126587 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\System\CurrentControlSet\Control\Lsa\AnonymousAppContainerImpersonationLevelCheck","NAME NOT FOUND","Length: 80"
  2303. "8:44:10.0126681 AM","QuickAssist.exe","7064","RegCloseKey","HKLM\System\CurrentControlSet\Control\Lsa","SUCCESS",""
  2304. "8:44:10.0126755 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\System\CurrentControlSet\Control\Lsa","REPARSE","Desired Access: Query Value"
  2305. "8:44:10.0126832 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\System\CurrentControlSet\Control\Lsa","SUCCESS","Desired Access: Query Value"
  2306. "8:44:10.0126903 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\System\CurrentControlSet\Control\Lsa\EveryoneIncludesAnonymous","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
  2307. "8:44:10.0126989 AM","QuickAssist.exe","7064","RegCloseKey","HKLM\System\CurrentControlSet\Control\Lsa","SUCCESS",""
  2308. "8:44:10.0127962 AM","QuickAssist.exe","7064","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: Name"
  2309. "8:44:10.0128082 AM","QuickAssist.exe","7064","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x0"
  2310. "8:44:10.0128154 AM","QuickAssist.exe","7064","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x0"
  2311. "8:44:10.0128237 AM","QuickAssist.exe","7064","RegOpenKey","HKCU\Software\Classes\Interface\{00000134-0000-0000-C000-000000000046}","NAME NOT FOUND","Desired Access: Read"
  2312. "8:44:10.0128348 AM","QuickAssist.exe","7064","RegOpenKey","HKCR\Interface\{00000134-0000-0000-C000-000000000046}","SUCCESS","Desired Access: Read"
  2313. "8:44:10.0128465 AM","QuickAssist.exe","7064","RegQueryKey","HKCR\Interface\{00000134-0000-0000-C000-000000000046}","SUCCESS","Query: Name"
  2314. "8:44:10.0128596 AM","QuickAssist.exe","7064","RegQueryKey","HKCR\Interface\{00000134-0000-0000-C000-000000000046}","SUCCESS","Query: HandleTags, HandleTags: 0x0"
  2315. "8:44:10.0128710 AM","QuickAssist.exe","7064","RegOpenKey","HKCU\Software\Classes\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32","NAME NOT FOUND","Desired Access: Read"
  2316. "8:44:10.0128802 AM","QuickAssist.exe","7064","RegQueryKey","HKCR\Interface\{00000134-0000-0000-C000-000000000046}","SUCCESS","Query: HandleTags, HandleTags: 0x0"
  2317. "8:44:10.0128875 AM","QuickAssist.exe","7064","RegOpenKey","HKCR\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32","SUCCESS","Desired Access: Read"
  2318. "8:44:10.0128973 AM","QuickAssist.exe","7064","RegQueryKey","HKCR\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32","SUCCESS","Query: Name"
  2319. "8:44:10.0129066 AM","QuickAssist.exe","7064","RegQueryKey","HKCR\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32","SUCCESS","Query: HandleTags, HandleTags: 0x0"
  2320. "8:44:10.0129163 AM","QuickAssist.exe","7064","RegOpenKey","HKCU\Software\Classes\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32","NAME NOT FOUND","Desired Access: Maximum Allowed"
  2321. "8:44:10.0129258 AM","QuickAssist.exe","7064","RegQueryValue","HKCR\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32\(Default)","SUCCESS","Type: REG_SZ, Length: 78, Data: {00000320-0000-0000-C000-000000000046}"
  2322. "8:44:10.0129363 AM","QuickAssist.exe","7064","RegCloseKey","HKCR\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32","SUCCESS",""
  2323. "8:44:10.0129439 AM","QuickAssist.exe","7064","RegCloseKey","HKCR\Interface\{00000134-0000-0000-C000-000000000046}","SUCCESS",""
  2324. "8:44:10.0130287 AM","QuickAssist.exe","7064","Thread Create","","SUCCESS","Thread ID: 11220"
  2325. "8:44:10.0133331 AM","QuickAssist.exe","7064","Thread Create","","SUCCESS","Thread ID: 8788"
  2326. "8:44:10.0134368 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\System\CurrentControlSet\Control\Notifications\418A073AA3BC8075","BUFFER TOO SMALL","Length: 0"
  2327. "8:44:10.0134875 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\System\CurrentControlSet\Control\Notifications\418A073AA3BC8075","SUCCESS","Type: REG_BINARY, Length: 364, Data: 01 00 04 80 00 00 00 00 00 00 00 00 00 00 00 00"
  2328. "8:44:10.0138844 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\Software\Microsoft\SecurityManager\AdminCapabilities","SUCCESS","Desired Access: Read"
  2329. "8:44:10.0139050 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\SOFTWARE\Microsoft\SecurityManager\AdminCapabilities\inputInjection","NAME NOT FOUND","Length: 16"
  2330. "8:44:10.0139736 AM","QuickAssist.exe","7064","RegCloseKey","HKLM\SOFTWARE\Microsoft\SecurityManager\AdminCapabilities","SUCCESS",""
  2331. "8:44:10.0140096 AM","QuickAssist.exe","7064","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: Name"
  2332. "8:44:10.0140282 AM","QuickAssist.exe","7064","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x0"
  2333. "8:44:10.0140382 AM","QuickAssist.exe","7064","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x0"
  2334. "8:44:10.0140511 AM","QuickAssist.exe","7064","RegOpenKey","HKCU\Software\Classes\CLSID\{4CE576FA-83DC-4F88-951C-9D0782B4E376}","NAME NOT FOUND","Desired Access: Read"
  2335. "8:44:10.0140658 AM","QuickAssist.exe","7064","RegOpenKey","HKCR\CLSID\{4CE576FA-83DC-4F88-951C-9D0782B4E376}","SUCCESS","Desired Access: Read"
  2336. "8:44:10.0140884 AM","QuickAssist.exe","7064","RegQueryKey","HKCR\CLSID\{4CE576FA-83DC-4f88-951C-9D0782B4E376}","SUCCESS","Query: Name"
  2337. "8:44:10.0140968 AM","QuickAssist.exe","7064","RegQueryKey","HKCR\CLSID\{4CE576FA-83DC-4f88-951C-9D0782B4E376}","SUCCESS","Query: HandleTags, HandleTags: 0x0"
  2338. "8:44:10.0141061 AM","QuickAssist.exe","7064","RegOpenKey","HKCU\Software\Classes\CLSID\{4CE576FA-83DC-4f88-951C-9D0782B4E376}\TreatAs","NAME NOT FOUND","Desired Access: Query Value"
  2339. "8:44:10.0141149 AM","QuickAssist.exe","7064","RegQueryKey","HKCR\CLSID\{4CE576FA-83DC-4f88-951C-9D0782B4E376}","SUCCESS","Query: HandleTags, HandleTags: 0x0"
  2340. "8:44:10.0141251 AM","QuickAssist.exe","7064","RegOpenKey","HKCR\CLSID\{4CE576FA-83DC-4f88-951C-9D0782B4E376}\TreatAs","NAME NOT FOUND","Desired Access: Query Value"
  2341. "8:44:10.0141381 AM","QuickAssist.exe","7064","RegQueryKey","HKCR\CLSID\{4CE576FA-83DC-4f88-951C-9D0782B4E376}","SUCCESS","Query: Name"
  2342. "8:44:10.0141525 AM","QuickAssist.exe","7064","RegQueryKey","HKCR\CLSID\{4CE576FA-83DC-4f88-951C-9D0782B4E376}","SUCCESS","Query: Name"
  2343. "8:44:10.0141629 AM","QuickAssist.exe","7064","RegQueryKey","HKCR\CLSID\{4CE576FA-83DC-4f88-951C-9D0782B4E376}","SUCCESS","Query: HandleTags, HandleTags: 0x0"
  2344. "8:44:10.0141758 AM","QuickAssist.exe","7064","RegOpenKey","HKCU\Software\Classes\CLSID\{4CE576FA-83DC-4f88-951C-9D0782B4E376}","NAME NOT FOUND","Desired Access: Maximum Allowed"
  2345. "8:44:10.0141878 AM","QuickAssist.exe","7064","RegQueryValue","HKCR\CLSID\{4CE576FA-83DC-4f88-951C-9D0782B4E376}\ActivateOnHostFlags","NAME NOT FOUND","Length: 16"
  2346. "8:44:10.0141993 AM","QuickAssist.exe","7064","RegQueryKey","HKCR\CLSID\{4CE576FA-83DC-4f88-951C-9D0782B4E376}","SUCCESS","Query: Name"
  2347. "8:44:10.0142107 AM","QuickAssist.exe","7064","RegQueryKey","HKCR\CLSID\{4CE576FA-83DC-4f88-951C-9D0782B4E376}","SUCCESS","Query: HandleTags, HandleTags: 0x0"
  2348. "8:44:10.0142272 AM","QuickAssist.exe","7064","RegOpenKey","HKCU\Software\Classes\CLSID\{4CE576FA-83DC-4f88-951C-9D0782B4E376}","NAME NOT FOUND","Desired Access: Maximum Allowed"
  2349. "8:44:10.0142395 AM","QuickAssist.exe","7064","RegQueryValue","HKCR\CLSID\{4CE576FA-83DC-4f88-951C-9D0782B4E376}\(Default)","BUFFER OVERFLOW","Length: 12"
  2350. "8:44:10.0142513 AM","QuickAssist.exe","7064","RegQueryKey","HKCR\CLSID\{4CE576FA-83DC-4f88-951C-9D0782B4E376}","SUCCESS","Query: Name"
  2351. "8:44:10.0142617 AM","QuickAssist.exe","7064","RegQueryKey","HKCR\CLSID\{4CE576FA-83DC-4f88-951C-9D0782B4E376}","SUCCESS","Query: HandleTags, HandleTags: 0x0"
  2352. "8:44:10.0142747 AM","QuickAssist.exe","7064","RegOpenKey","HKCU\Software\Classes\CLSID\{4CE576FA-83DC-4f88-951C-9D0782B4E376}","NAME NOT FOUND","Desired Access: Maximum Allowed"
  2353. "8:44:10.0142859 AM","QuickAssist.exe","7064","RegQueryValue","HKCR\CLSID\{4CE576FA-83DC-4f88-951C-9D0782B4E376}\(Default)","SUCCESS","Type: REG_SZ, Length: 42, Data: UIHostNoLaunch Class"
  2354. "8:44:10.0142980 AM","QuickAssist.exe","7064","RegQueryKey","HKCR\CLSID\{4CE576FA-83DC-4f88-951C-9D0782B4E376}","SUCCESS","Query: Name"
  2355. "8:44:10.0143124 AM","QuickAssist.exe","7064","RegQueryKey","HKCR\CLSID\{4CE576FA-83DC-4f88-951C-9D0782B4E376}","SUCCESS","Query: HandleTags, HandleTags: 0x0"
  2356. "8:44:10.0143291 AM","QuickAssist.exe","7064","RegOpenKey","HKCU\Software\Classes\CLSID\{4CE576FA-83DC-4f88-951C-9D0782B4E376}\InprocServer32","NAME NOT FOUND","Desired Access: Read"
  2357. "8:44:10.0143405 AM","QuickAssist.exe","7064","RegQueryKey","HKCR\CLSID\{4CE576FA-83DC-4f88-951C-9D0782B4E376}","SUCCESS","Query: HandleTags, HandleTags: 0x0"
  2358. "8:44:10.0143485 AM","QuickAssist.exe","7064","RegOpenKey","HKCR\CLSID\{4CE576FA-83DC-4f88-951C-9D0782B4E376}\InprocServer32","NAME NOT FOUND","Desired Access: Read"
  2359. "8:44:10.0143569 AM","QuickAssist.exe","7064","RegQueryKey","HKCR\CLSID\{4CE576FA-83DC-4f88-951C-9D0782B4E376}","SUCCESS","Query: Name"
  2360. "8:44:10.0143698 AM","QuickAssist.exe","7064","RegQueryKey","HKCR\CLSID\{4CE576FA-83DC-4f88-951C-9D0782B4E376}","SUCCESS","Query: HandleTags, HandleTags: 0x0"
  2361. "8:44:10.0143789 AM","QuickAssist.exe","7064","RegOpenKey","HKCU\Software\Classes\CLSID\{4CE576FA-83DC-4f88-951C-9D0782B4E376}\InprocHandler32","NAME NOT FOUND","Desired Access: Query Value"
  2362. "8:44:10.0143872 AM","QuickAssist.exe","7064","RegQueryKey","HKCR\CLSID\{4CE576FA-83DC-4f88-951C-9D0782B4E376}","SUCCESS","Query: HandleTags, HandleTags: 0x0"
  2363. "8:44:10.0143944 AM","QuickAssist.exe","7064","RegOpenKey","HKCR\CLSID\{4CE576FA-83DC-4f88-951C-9D0782B4E376}\InprocHandler32","NAME NOT FOUND","Desired Access: Query Value"
  2364. "8:44:10.0144020 AM","QuickAssist.exe","7064","RegQueryKey","HKCR\CLSID\{4CE576FA-83DC-4f88-951C-9D0782B4E376}","SUCCESS","Query: Name"
  2365. "8:44:10.0144092 AM","QuickAssist.exe","7064","RegQueryKey","HKCR\CLSID\{4CE576FA-83DC-4f88-951C-9D0782B4E376}","SUCCESS","Query: HandleTags, HandleTags: 0x0"
  2366. "8:44:10.0144171 AM","QuickAssist.exe","7064","RegOpenKey","HKCU\Software\Classes\CLSID\{4CE576FA-83DC-4f88-951C-9D0782B4E376}\InprocHandler","NAME NOT FOUND","Desired Access: Query Value"
  2367. "8:44:10.0144248 AM","QuickAssist.exe","7064","RegQueryKey","HKCR\CLSID\{4CE576FA-83DC-4f88-951C-9D0782B4E376}","SUCCESS","Query: HandleTags, HandleTags: 0x0"
  2368. "8:44:10.0144312 AM","QuickAssist.exe","7064","RegOpenKey","HKCR\CLSID\{4CE576FA-83DC-4f88-951C-9D0782B4E376}\InprocHandler","NAME NOT FOUND","Desired Access: Query Value"
  2369. "8:44:10.0144425 AM","QuickAssist.exe","7064","RegCloseKey","HKCR\CLSID\{4CE576FA-83DC-4f88-951C-9D0782B4E376}","SUCCESS",""
  2370. "8:44:10.0145645 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\System\CurrentControlSet\Control\Notifications\418A073AA3BC8075","BUFFER TOO SMALL","Length: 0"
  2371. "8:44:10.0145999 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\System\CurrentControlSet\Control\Notifications\418A073AA3BC8075","SUCCESS","Type: REG_BINARY, Length: 364, Data: 01 00 04 80 00 00 00 00 00 00 00 00 00 00 00 00"
  2372. "8:44:10.0151671 AM","QuickAssist.exe","7064","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
  2373. "8:44:10.0151911 AM","QuickAssist.exe","7064","RegOpenKey","HKCU\Software\Policies\Microsoft\Windows\App Management","NAME NOT FOUND","Desired Access: Query Value"
  2374. "8:44:10.0152072 AM","QuickAssist.exe","7064","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
  2375. "8:44:10.0152167 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\Software\Policies\Microsoft\Windows\App Management","NAME NOT FOUND","Desired Access: Query Value"
  2376. "8:44:10.0152847 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.Shell.Holographic.ContextIdentifier","SUCCESS","Desired Access: Read"
  2377. "8:44:10.0153041 AM","QuickAssist.exe","7064","RegQueryKey","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.Shell.Holographic.ContextIdentifier","SUCCESS","Query: Basic, Name: Windows.Internal.Shell.Holographic.ContextIdentifier"
  2378. "8:44:10.0153166 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.Shell.Holographic.ContextIdentifier\ActivationType","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
  2379. "8:44:10.0153265 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.Shell.Holographic.ContextIdentifier\Server","NAME NOT FOUND","Length: 144"
  2380. "8:44:10.0153342 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.Shell.Holographic.ContextIdentifier\DllPath","SUCCESS","Type: REG_EXPAND_SZ, Length: 68, Data: %SystemRoot%\system32\twinapi.dll"
  2381. "8:44:10.0153456 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.Shell.Holographic.ContextIdentifier\Threading","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
  2382. "8:44:10.0153545 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.Shell.Holographic.ContextIdentifier\TrustLevel","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
  2383. "8:44:10.0153623 AM","QuickAssist.exe","7064","RegQueryKey","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.Shell.Holographic.ContextIdentifier","SUCCESS","Query: HandleTags, HandleTags: 0x0"
  2384. "8:44:10.0153700 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.Shell.Holographic.ContextIdentifier\CustomAttributes","NAME NOT FOUND","Desired Access: Read"
  2385. "8:44:10.0153811 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.Shell.Holographic.ContextIdentifier\RemoteServer","NAME NOT FOUND","Length: 144"
  2386. "8:44:10.0153877 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.Shell.Holographic.ContextIdentifier\ActivateAsUser","NAME NOT FOUND","Length: 16"
  2387. "8:44:10.0153949 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.Shell.Holographic.ContextIdentifier\ActivateInSharedBroker","NAME NOT FOUND","Length: 16"
  2388. "8:44:10.0154021 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.Shell.Holographic.ContextIdentifier\ActivateInBrokerForMediumILContainer","NAME NOT FOUND","Length: 16"
  2389. "8:44:10.0154093 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.Shell.Holographic.ContextIdentifier\Permissions","NAME NOT FOUND","Length: 140"
  2390. "8:44:10.0154157 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.Shell.Holographic.ContextIdentifier\ActivateOnHostFlags","NAME NOT FOUND","Length: 16"
  2391. "8:44:10.0154290 AM","QuickAssist.exe","7064","RegCloseKey","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.Shell.Holographic.ContextIdentifier","SUCCESS",""
  2392. "8:44:10.9405371 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\Software\Microsoft\LanguageOverlay\OverlayPackages\en-US","NAME NOT FOUND","Desired Access: Read"
  2393. "8:44:10.9406415 AM","QuickAssist.exe","7064","CreateFile","C:\Windows\System32\en-US\user32.dll.mui","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
  2394. "8:44:10.9406783 AM","QuickAssist.exe","7064","CreateFileMapping","C:\Windows\System32\en-US\user32.dll.mui","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_WRITECOPY"
  2395. "8:44:10.9406919 AM","QuickAssist.exe","7064","QueryStandardInformationFile","C:\Windows\System32\en-US\user32.dll.mui","SUCCESS","AllocationSize: 8,192, EndOfFile: 17,408, NumberOfLinks: 4, DeletePending: False, Directory: False"
  2396. "8:44:10.9407142 AM","QuickAssist.exe","7064","CreateFileMapping","C:\Windows\System32\en-US\user32.dll.mui","SUCCESS","SyncType: SyncTypeOther"
  2397. "8:44:12.0999953 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\System\CurrentControlSet\Control\Notifications\418A073AA3BC8075","BUFFER TOO SMALL","Length: 0"
  2398. "8:44:12.1000502 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\System\CurrentControlSet\Control\Notifications\418A073AA3BC8075","SUCCESS","Type: REG_BINARY, Length: 364, Data: 01 00 04 80 00 00 00 00 00 00 00 00 00 00 00 00"
  2399. "8:44:14.7905321 AM","QuickAssist.exe","7064","RegOpenKey","HKCU","SUCCESS","Desired Access: Read"
  2400. "8:44:14.7905595 AM","QuickAssist.exe","7064","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
  2401. "8:44:14.7905776 AM","QuickAssist.exe","7064","RegOpenKey","HKCU\Software\Microsoft\CTF\DirectSwitchHotkeys","SUCCESS","Desired Access: Read"
  2402. "8:44:14.7906003 AM","QuickAssist.exe","7064","RegCloseKey","HKCU","SUCCESS",""
  2403. "8:44:14.7906144 AM","QuickAssist.exe","7064","RegEnumKey","HKCU\SOFTWARE\Microsoft\CTF\DirectSwitchHotkeys","NO MORE ENTRIES","Index: 0, Length: 288"
  2404. "8:44:14.7906307 AM","QuickAssist.exe","7064","RegCloseKey","HKCU\SOFTWARE\Microsoft\CTF\DirectSwitchHotkeys","SUCCESS",""
  2405. "8:44:21.0581422 AM","QuickAssist.exe","7064","Thread Exit","","SUCCESS","Thread ID: 1072, User Time: 0.0000000, Kernel Time: 0.0000000"
  2406. "8:44:21.0644695 AM","QuickAssist.exe","7064","CreateFile","C:\Program Files (x86)\Microsoft\EdgeWebView\Application\104.0.1293.70\msedgewebview2.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
  2407. "8:44:21.0644989 AM","QuickAssist.exe","7064","QueryBasicInformationFile","C:\Program Files (x86)\Microsoft\EdgeWebView\Application\104.0.1293.70\msedgewebview2.exe","SUCCESS","CreationTime: 8/28/2022 8:39:06 PM, LastAccessTime: 8/29/2022 8:44:13 AM, LastWriteTime: 8/25/2022 2:57:38 AM, ChangeTime: 8/28/2022 8:39:07 PM, FileAttributes: A"
  2408. "8:44:21.0645113 AM","QuickAssist.exe","7064","CloseFile","C:\Program Files (x86)\Microsoft\EdgeWebView\Application\104.0.1293.70\msedgewebview2.exe","SUCCESS",""
  2409. "8:44:21.0665943 AM","QuickAssist.exe","7064","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
  2410. "8:44:21.0666122 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\OOBE","SUCCESS","Desired Access: Query Value"
  2411. "8:44:21.0666318 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\OOBE\LaunchUserOOBE","NAME NOT FOUND","Length: 16"
  2412. "8:44:21.0666462 AM","QuickAssist.exe","7064","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\OOBE","SUCCESS",""
  2413. "8:44:21.0667071 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\System\CurrentControlSet\Control\Notifications\418A073AA3BC8075","BUFFER TOO SMALL","Length: 0"
  2414. "8:44:21.0667575 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\System\CurrentControlSet\Control\Notifications\418A073AA3BC8075","SUCCESS","Type: REG_BINARY, Length: 364, Data: 01 00 04 80 00 00 00 00 00 00 00 00 00 00 00 00"
  2415. "8:44:21.0727609 AM","QuickAssist.exe","7064","Thread Exit","","SUCCESS","Thread ID: 6180, User Time: 0.0000000, Kernel Time: 0.0000000"
  2416. "8:44:21.0727634 AM","QuickAssist.exe","7064","Thread Exit","","SUCCESS","Thread ID: 9936, User Time: 0.0000000, Kernel Time: 0.0000000"
  2417. "8:44:21.0727663 AM","QuickAssist.exe","7064","Thread Exit","","SUCCESS","Thread ID: 6800, User Time: 0.0000000, Kernel Time: 0.0000000"
  2418. "8:44:21.0727762 AM","QuickAssist.exe","7064","Thread Exit","","SUCCESS","Thread ID: 11220, User Time: 0.0000000, Kernel Time: 0.0000000"
  2419. "8:44:21.0727826 AM","QuickAssist.exe","7064","Thread Exit","","SUCCESS","Thread ID: 10992, User Time: 0.0000000, Kernel Time: 0.0156250"
  2420. "8:44:21.0727836 AM","QuickAssist.exe","7064","Thread Exit","","SUCCESS","Thread ID: 6552, User Time: 0.0000000, Kernel Time: 0.0000000"
  2421. "8:44:21.0727869 AM","QuickAssist.exe","7064","Thread Exit","","SUCCESS","Thread ID: 716, User Time: 0.0000000, Kernel Time: 0.0000000"
  2422. "8:44:21.0728002 AM","QuickAssist.exe","7064","Thread Exit","","SUCCESS","Thread ID: 5308, User Time: 0.0000000, Kernel Time: 0.0000000"
  2423. "8:44:21.0728013 AM","QuickAssist.exe","7064","Thread Exit","","SUCCESS","Thread ID: 8788, User Time: 0.0000000, Kernel Time: 0.0000000"
  2424. "8:44:21.0741730 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\GRE_Initialize","SUCCESS","Desired Access: Read"
  2425. "8:44:21.0741915 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles","NAME NOT FOUND","Length: 20"
  2426. "8:44:21.0742003 AM","QuickAssist.exe","7064","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize","SUCCESS",""
  2427. "8:44:21.0742520 AM","QuickAssist.exe","7064","RegCloseKey","HKCU\Software\Classes\Local Settings\Software\Microsoft","SUCCESS",""
  2428. "8:44:21.0742599 AM","QuickAssist.exe","7064","RegCloseKey","HKCU\Software\Classes\Local Settings","SUCCESS",""
  2429. "8:44:21.0742693 AM","QuickAssist.exe","7064","RegCloseKey","HKLM\SOFTWARE\Microsoft\Ole","SUCCESS",""
  2430. "8:44:21.0742757 AM","QuickAssist.exe","7064","RegCloseKey","HKLM","SUCCESS",""
  2431. "8:44:21.0742856 AM","QuickAssist.exe","7064","RegCloseKey","HKCU\Software\Classes","SUCCESS",""
  2432. "8:44:21.0742992 AM","QuickAssist.exe","7064","RegCloseKey","HKLM\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId","SUCCESS",""
  2433. "8:44:21.0743061 AM","QuickAssist.exe","7064","RegCloseKey","HKLM\SOFTWARE\Microsoft\WindowsRuntime","SUCCESS",""
  2434. "8:44:21.0743427 AM","QuickAssist.exe","7064","Thread Exit","","SUCCESS","Thread ID: 6724, User Time: 0.0312500, Kernel Time: 0.0937500"
  2435. "8:44:21.0774664 AM","QuickAssist.exe","7064","Process Exit","","SUCCESS","Exit Status: 0, User Time: 0.0312500 seconds, Kernel Time: 0.1250000 seconds, Private Bytes: 4,456,448, Peak Private Bytes: 6,344,704, Working Set: 26,087,424, Peak Working Set: 27,017,216"
  2436. "8:44:21.0774863 AM","QuickAssist.exe","7064","RegOpenKey","HKLM\System\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-4154835769-2933532478-2743509022-1003","SUCCESS","Desired Access: All Access"
  2437. "8:44:21.0774950 AM","QuickAssist.exe","7064","RegQueryValue","HKLM\System\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-4154835769-2933532478-2743509022-1003\\Device\HarddiskVolume2\Program Files\WindowsApps\MicrosoftCorporationII.QuickAssist_2.0.8.0_x64__8wekyb3d8bbwe\QuickAssist.exe","SUCCESS","Type: REG_BINARY, Length: 24, Data: 18 B3 5C 08 A5 BB D8 01 00 00 00 00 00 00 00 00"
  2438. "8:44:21.0775050 AM","QuickAssist.exe","7064","RegSetValue","HKLM\System\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-4154835769-2933532478-2743509022-1003\\Device\HarddiskVolume2\Program Files\WindowsApps\MicrosoftCorporationII.QuickAssist_2.0.8.0_x64__8wekyb3d8bbwe\QuickAssist.exe","SUCCESS","Type: REG_BINARY, Length: 24, Data: E2 8D 76 0F A5 BB D8 01 00 00 00 00 00 00 00 00"
  2439. "8:44:21.0775410 AM","QuickAssist.exe","7064","RegCloseKey","HKLM\System\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-4154835769-2933532478-2743509022-1003","SUCCESS",""
  2440. "8:44:21.0775758 AM","QuickAssist.exe","7064","CloseFile","C:\Program Files\WindowsApps\MicrosoftCorporationII.QuickAssist_2.0.8.0_x64__8wekyb3d8bbwe","SUCCESS",""
  2441. "8:44:21.0776136 AM","QuickAssist.exe","7064","CloseFile","C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.19041.630_none_fae7a41d761b04f0","SUCCESS",""
  2442. "8:44:21.0776280 AM","QuickAssist.exe","7064","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\Sorting\Versions","SUCCESS",""
  2443. "8:44:21.0776321 AM","QuickAssist.exe","7064","RegCloseKey","HKLM","SUCCESS",""
  2444. "8:44:21.0776445 AM","QuickAssist.exe","7064","RegCloseKey","HKLM\System\CurrentControlSet\Control\Session Manager","SUCCESS",""
  2445. "8:44:21.0776576 AM","QuickAssist.exe","7064","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options","SUCCESS",""
  2446. "8:44:21.0776641 AM","QuickAssist.exe","7064","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\Sorting\Ids","SUCCESS",""
  2447. "8:44:21.0776741 AM","QuickAssist.exe","7064","RegCloseKey","HKCU","SUCCESS",""
  2448. "8:44:21.0776956 AM","QuickAssist.exe","7064","RegCloseKey","HKCU\Software\Classes","SUCCESS",""
  2449. "8:44:21.0777268 AM","QuickAssist.exe","7064","RegCloseKey","HKLM\System\CurrentControlSet\Services\crypt32","SUCCESS",""
  2450. "8:44:21.0777416 AM","QuickAssist.exe","7064","RegCloseKey","HKU","SUCCESS",""
  2451. "8:44:21.0777739 AM","QuickAssist.exe","7064","RegCloseKey","HKCU\Software\Classes","SUCCESS",""
  2452. "8:44:21.0777844 AM","QuickAssist.exe","7064","CloseFile","C:\Program Files (x86)\Microsoft\EdgeWebView\Application\104.0.1293.70\icudtl.dat","SUCCESS",""
  2453. "8:44:21.0778269 AM","QuickAssist.exe","7064","RegCloseKey","HKCU\Software\Classes","SUCCESS",""
  2454. "8:44:21.0778320 AM","QuickAssist.exe","7064","CloseFile","C:\Windows\Registration\R00000000001b.clb","SUCCESS",""
  2455. "8:44:21.0778549 AM","QuickAssist.exe","7064","RegCloseKey","HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion","SUCCESS",""
  2456. "8:44:21.0778720 AM","QuickAssist.exe","7064","CloseFile","C:\Windows\System32\en-US\user32.dll.mui","SUCCESS",""
  2457.  
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!