Time of Day;fraction;Process Name;PID;Operation;Path;Result;Detail
16:41:38;6587011;MySQLWorkbench.exe;3160;QueryOpen;C:\WINDOWS\system32\msimtf.dll;SUCCESS;CreationTime: 28-02-2006 13:00:00, LastAccessTime: 22-02-2010 16:41:37, LastWriteTime: 14-04-2008 01:11:59, ChangeTime: 07-09-2008 18:00:16, AllocationSize: 159.744, EndOfFile: 159.232, FileAttributes: A
16:41:38;6590509;MySQLWorkbench.exe;3160;CreateFile;C:\WINDOWS\system32\msimtf.dll;SUCCESS;Desired Access: Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened
16:41:38;6594400;MySQLWorkbench.exe;3160;QueryStandardInformationFile;C:\WINDOWS\system32\msimtf.dll;SUCCESS;AllocationSize: 159.744, EndOfFile: 159.232, NumberOfLinks: 1, DeletePending: False, Directory: False
16:41:38;6597719;MySQLWorkbench.exe;3160;CloseFile;C:\WINDOWS\system32\msimtf.dll;SUCCESS;
16:41:39;5122495;MySQLWorkbench.exe;3160;QueryOpen;C:\WINDOWS\system32\cmd.exe;SUCCESS;CreationTime: 28-02-2006 13:00:00, LastAccessTime: 22-02-2010 16:41:37, LastWriteTime: 14-04-2008 01:12:14, ChangeTime: 22-02-2010 16:41:37, AllocationSize: 389.120, EndOfFile: 389.120, FileAttributes: A
16:41:39;5125462;MySQLWorkbench.exe;3160;QueryOpen;C:\WINDOWS\system32\cmd.exe;SUCCESS;CreationTime: 28-02-2006 13:00:00, LastAccessTime: 22-02-2010 16:41:37, LastWriteTime: 14-04-2008 01:12:14, ChangeTime: 22-02-2010 16:41:37, AllocationSize: 389.120, EndOfFile: 389.120, FileAttributes: A
16:41:39;5129329;MySQLWorkbench.exe;3160;CreateFile;C:\WINDOWS\system32\cmd.exe;SUCCESS;Desired Access: Read Data/List Directory, Execute/Traverse, Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened
16:41:39;5136651;MySQLWorkbench.exe;3160;CreateFile;C:\WINDOWS\AppPatch\sysmain.sdb;SUCCESS;Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, AllocationSize: n/a, OpenResult: Opened
16:41:39;5139947;MySQLWorkbench.exe;3160;QueryStandardInformationFile;C:\WINDOWS\AppPatch\sysmain.sdb;SUCCESS;AllocationSize: 1.208.320, EndOfFile: 1.206.508, NumberOfLinks: 1, DeletePending: False, Directory: False
16:41:39;5142266;MySQLWorkbench.exe;3160;QueryStandardInformationFile;C:\WINDOWS\AppPatch\sysmain.sdb;SUCCESS;AllocationSize: 1.208.320, EndOfFile: 1.206.508, NumberOfLinks: 1, DeletePending: False, Directory: False
16:41:39;5144856;MySQLWorkbench.exe;3160;QueryStandardInformationFile;C:\WINDOWS\AppPatch\sysmain.sdb;SUCCESS;AllocationSize: 1.208.320, EndOfFile: 1.206.508, NumberOfLinks: 1, DeletePending: False, Directory: False
16:41:39;5149110;MySQLWorkbench.exe;3160;CreateFile;C:\WINDOWS\AppPatch\systest.sdb;NAME NOT FOUND;Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, AllocationSize: n/a
16:41:39;5150401;MySQLWorkbench.exe;3160;RegOpenKey;HKLM\System\WPA\TabletPC;NAME NOT FOUND;Desired Access: Query Value, WOW64_64Key
16:41:39;5150678;MySQLWorkbench.exe;3160;RegOpenKey;HKLM\SYSTEM\WPA\MediaCenter;SUCCESS;Desired Access: Query Value, WOW64_64Key
16:41:39;5151521;MySQLWorkbench.exe;3160;RegQueryValue;HKLM\SYSTEM\WPA\MediaCenter\Installed;SUCCESS;Type: REG_DWORD, Length: 4, Data: 0
16:41:39;5151887;MySQLWorkbench.exe;3160;RegCloseKey;HKLM\SYSTEM\WPA\MediaCenter;SUCCESS;
16:41:39;5154351;MySQLWorkbench.exe;3160;CreateFile;C:\WINDOWS\system32;SUCCESS;Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened
16:41:39;5155877;MySQLWorkbench.exe;3160;QueryDirectory;C:\WINDOWS\system32\cmd.exe;SUCCESS;Filter: cmd.exe, 1: cmd.exe
16:41:39;5157782;MySQLWorkbench.exe;3160;CloseFile;C:\WINDOWS\system32;SUCCESS;
16:41:39;5161573;MySQLWorkbench.exe;3160;QueryOpen;C:\WINDOWS\system32\cmd.exe;SUCCESS;CreationTime: 28-02-2006 13:00:00, LastAccessTime: 22-02-2010 16:41:37, LastWriteTime: 14-04-2008 01:12:14, ChangeTime: 22-02-2010 16:41:37, AllocationSize: 389.120, EndOfFile: 389.120, FileAttributes: A
16:41:39;5161970;MySQLWorkbench.exe;3160;CreateFile;C:\;SUCCESS;Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened
16:41:39;5162372;MySQLWorkbench.exe;3160;QueryDirectory;C:\WINDOWS;SUCCESS;Filter: WINDOWS, 1: WINDOWS
16:41:39;5162830;MySQLWorkbench.exe;3160;CloseFile;C:\;SUCCESS;
16:41:39;5164565;MySQLWorkbench.exe;3160;CreateFile;C:\WINDOWS;SUCCESS;Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened
16:41:39;5165613;MySQLWorkbench.exe;3160;QueryDirectory;C:\WINDOWS\system32;SUCCESS;Filter: system32, 1: system32
16:41:39;5166831;MySQLWorkbench.exe;3160;CloseFile;C:\WINDOWS;SUCCESS;
16:41:39;5169208;MySQLWorkbench.exe;3160;CreateFile;C:\WINDOWS\system32;SUCCESS;Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened
16:41:39;5170895;MySQLWorkbench.exe;3160;QueryDirectory;C:\WINDOWS\system32\cmd.exe;SUCCESS;Filter: cmd.exe, 1: cmd.exe
16:41:39;5172541;MySQLWorkbench.exe;3160;CloseFile;C:\WINDOWS\system32;SUCCESS;
16:41:39;5173058;MySQLWorkbench.exe;3160;RegOpenKey;HKLM\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers;SUCCESS;Desired Access: Read, WOW64_64Key
16:41:39;5173547;MySQLWorkbench.exe;3160;RegQueryValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\WINDOWS\system32\cmd.exe;NAME NOT FOUND;Length: 1.024
16:41:39;5173910;MySQLWorkbench.exe;3160;RegCloseKey;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers;SUCCESS;
16:41:39;5174533;MySQLWorkbench.exe;3160;RegOpenKey;HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers;NAME NOT FOUND;Desired Access: Read, WOW64_64Key
16:41:39;5174809;MySQLWorkbench.exe;3160;RegOpenKey;HKLM\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom\cmd.exe;NAME NOT FOUND;Desired Access: Read, WOW64_64Key
16:41:39;5179125;MySQLWorkbench.exe;3160;QueryOpen;C:\WINDOWS\system32\cmd.exe;SUCCESS;CreationTime: 28-02-2006 13:00:00, LastAccessTime: 22-02-2010 16:41:37, LastWriteTime: 14-04-2008 01:12:14, ChangeTime: 22-02-2010 16:41:37, AllocationSize: 389.120, EndOfFile: 389.120, FileAttributes: A
16:41:39;5182475;MySQLWorkbench.exe;3160;QueryOpen;C:\WINDOWS\system32\cmd.exe;SUCCESS;CreationTime: 28-02-2006 13:00:00, LastAccessTime: 22-02-2010 16:41:37, LastWriteTime: 14-04-2008 01:12:14, ChangeTime: 22-02-2010 16:41:37, AllocationSize: 389.120, EndOfFile: 389.120, FileAttributes: A
16:41:39;5188646;MySQLWorkbench.exe;3160;CreateFile;C:\WINDOWS\system32\cmd.exe;SUCCESS;Desired Access: Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened
16:41:39;5203422;MySQLWorkbench.exe;3160;QueryStandardInformationFile;C:\WINDOWS\system32\cmd.exe;SUCCESS;AllocationSize: 389.120, EndOfFile: 389.120, NumberOfLinks: 1, DeletePending: False, Directory: False
16:41:39;5206302;MySQLWorkbench.exe;3160;CloseFile;C:\WINDOWS\system32\cmd.exe;SUCCESS;
16:41:39;5211289;MySQLWorkbench.exe;3160;QueryOpen;C:\WINDOWS\system32\cmd.exe;SUCCESS;CreationTime: 28-02-2006 13:00:00, LastAccessTime: 22-02-2010 16:41:39, LastWriteTime: 14-04-2008 01:12:14, ChangeTime: 22-02-2010 16:41:37, AllocationSize: 389.120, EndOfFile: 389.120, FileAttributes: A
16:41:39;5215035;MySQLWorkbench.exe;3160;CreateFile;C:\WINDOWS\system32\cmd.exe;SUCCESS;Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened
16:41:39;5221058;MySQLWorkbench.exe;3160;QueryStandardInformationFile;C:\WINDOWS\system32\cmd.exe;SUCCESS;AllocationSize: 389.120, EndOfFile: 389.120, NumberOfLinks: 1, DeletePending: False, Directory: False
16:41:39;5224131;MySQLWorkbench.exe;3160;CloseFile;C:\WINDOWS\system32\cmd.exe;SUCCESS;
16:41:39;5231107;MySQLWorkbench.exe;3160;QueryOpen;C:\WINDOWS\system32\cmd.exe;SUCCESS;CreationTime: 28-02-2006 13:00:00, LastAccessTime: 22-02-2010 16:41:39, LastWriteTime: 14-04-2008 01:12:14, ChangeTime: 22-02-2010 16:41:37, AllocationSize: 389.120, EndOfFile: 389.120, FileAttributes: A
16:41:39;5234141;MySQLWorkbench.exe;3160;CreateFile;C:\WINDOWS\system32\cmd.exe;SUCCESS;Desired Access: Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened
16:41:39;5250378;MySQLWorkbench.exe;3160;QueryStandardInformationFile;C:\WINDOWS\system32\cmd.exe;SUCCESS;AllocationSize: 389.120, EndOfFile: 389.120, NumberOfLinks: 1, DeletePending: False, Directory: False
16:41:39;5253263;MySQLWorkbench.exe;3160;CloseFile;C:\WINDOWS\system32\cmd.exe;SUCCESS;
16:41:39;5258714;MySQLWorkbench.exe;3160;QueryOpen;C:\WINDOWS\system32\cmd.exe;SUCCESS;CreationTime: 28-02-2006 13:00:00, LastAccessTime: 22-02-2010 16:41:39, LastWriteTime: 14-04-2008 01:12:14, ChangeTime: 22-02-2010 16:41:37, AllocationSize: 389.120, EndOfFile: 389.120, FileAttributes: A
16:41:39;5262259;MySQLWorkbench.exe;3160;CreateFile;C:\WINDOWS\system32\cmd.exe;SUCCESS;Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened
16:41:39;5267234;MySQLWorkbench.exe;3160;QueryStandardInformationFile;C:\WINDOWS\system32\cmd.exe;SUCCESS;AllocationSize: 389.120, EndOfFile: 389.120, NumberOfLinks: 1, DeletePending: False, Directory: False
16:41:39;5269813;MySQLWorkbench.exe;3160;CloseFile;C:\WINDOWS\system32\cmd.exe;SUCCESS;
16:41:39;5273895;MySQLWorkbench.exe;3160;RegOpenKey;HKLM\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags;SUCCESS;Desired Access: Read, WOW64_64Key
16:41:39;5274509;MySQLWorkbench.exe;3160;RegQueryValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\{d021b888-14a2-4219-8812-31b4a9370c33};NAME NOT FOUND;Length: 1.024
16:41:39;5274875;MySQLWorkbench.exe;3160;RegCloseKey;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags;SUCCESS;
16:41:39;5275182;MySQLWorkbench.exe;3160;RegOpenKey;HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags;NAME NOT FOUND;Desired Access: Read, WOW64_64Key
16:41:39;5278887;MySQLWorkbench.exe;3160;CloseFile;C:\WINDOWS\AppPatch\sysmain.sdb;SUCCESS;
16:41:39;5279507;MySQLWorkbench.exe;3160;RegOpenKey;HKLM\System\CurrentControlSet\Control\SafeBoot\Option;NAME NOT FOUND;Desired Access: Query Value, Set Value
16:41:39;5280552;MySQLWorkbench.exe;3160;RegOpenKey;HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers;SUCCESS;Desired Access: Maximum Allowed
16:41:39;5280979;MySQLWorkbench.exe;3160;RegQueryKey;HKLM\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers;SUCCESS;Query: Basic, Name: CodeIdentifiers
16:41:39;5281337;MySQLWorkbench.exe;3160;RegCloseKey;HKLM\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers;SUCCESS;
16:41:39;5281706;MySQLWorkbench.exe;3160;RegOpenKey;HKCU;SUCCESS;Desired Access: Read
16:41:39;5282032;MySQLWorkbench.exe;3160;RegOpenKey;HKCU\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers;NAME NOT FOUND;Desired Access: Maximum Allowed
16:41:39;5282362;MySQLWorkbench.exe;3160;RegCloseKey;HKCU;SUCCESS;
16:41:39;5299247;MySQLWorkbench.exe;3160;QueryNameInformationFile;C:\WINDOWS\system32\cmd.exe;SUCCESS;Name: \WINDOWS\system32\cmd.exe
16:41:39;5303940;MySQLWorkbench.exe;3160;QueryOpen;C:\WINDOWS\system32\cmd.exe;SUCCESS;CreationTime: 28-02-2006 13:00:00, LastAccessTime: 22-02-2010 16:41:39, LastWriteTime: 14-04-2008 01:12:14, ChangeTime: 22-02-2010 16:41:37, AllocationSize: 389.120, EndOfFile: 389.120, FileAttributes: A
16:41:39;5304588;MySQLWorkbench.exe;3160;CreateFile;C:\;SUCCESS;Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened
16:41:39;5305080;MySQLWorkbench.exe;3160;QueryDirectory;C:\WINDOWS;SUCCESS;Filter: WINDOWS, 1: WINDOWS
16:41:39;5305656;MySQLWorkbench.exe;3160;CloseFile;C:\;SUCCESS;
16:41:39;5312128;MySQLWorkbench.exe;3160;CreateFile;C:\WINDOWS;SUCCESS;Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened
16:41:39;5313207;MySQLWorkbench.exe;3160;QueryDirectory;C:\WINDOWS\system32;SUCCESS;Filter: system32, 1: system32
16:41:39;5314411;MySQLWorkbench.exe;3160;CloseFile;C:\WINDOWS;SUCCESS;
16:41:39;5316749;MySQLWorkbench.exe;3160;CreateFile;C:\WINDOWS\system32;SUCCESS;Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened
16:41:39;5341917;MySQLWorkbench.exe;3160;QueryDirectory;C:\WINDOWS\system32\cmd.exe;SUCCESS;Filter: cmd.exe, 1: cmd.exe
16:41:39;5344378;MySQLWorkbench.exe;3160;CloseFile;C:\WINDOWS\system32;SUCCESS;
16:41:39;5347228;MySQLWorkbench.exe;3160;QueryStandardInformationFile;C:\WINDOWS\system32\cmd.exe;SUCCESS;AllocationSize: 389.120, EndOfFile: 389.120, NumberOfLinks: 1, DeletePending: False, Directory: False
16:41:39;5349918;MySQLWorkbench.exe;3160;QueryStandardInformationFile;C:\WINDOWS\system32\cmd.exe;SUCCESS;AllocationSize: 389.120, EndOfFile: 389.120, NumberOfLinks: 1, DeletePending: False, Directory: False
16:41:39;5350759;MySQLWorkbench.exe;3160;RegOpenKey;HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers;SUCCESS;Desired Access: Query Value
16:41:39;5351362;MySQLWorkbench.exe;3160;RegQueryValue;HKLM\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\LogFileName;NAME NOT FOUND;Length: 536
16:41:39;5351865;MySQLWorkbench.exe;3160;RegCloseKey;HKLM\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers;SUCCESS;
16:41:39;5352743;MySQLWorkbench.exe;3160;RegOpenKey;HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmd.exe;NAME NOT FOUND;Desired Access: Read
16:41:39;5358137;MySQLWorkbench.exe;3160;CreateFile;C:\WINDOWS\system32\cmd.exe.Manifest;NAME NOT FOUND;Desired Access: Generic Read/Execute, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, AllocationSize: n/a
16:41:39;5361956;MySQLWorkbench.exe;3160;Process Create;C:\WINDOWS\system32\cmd.exe;SUCCESS;PID: 2464, Command line: C:\WINDOWS\system32\cmd.exe /c sc query mysql 
16:41:39;5361992;cmd.exe;2464;Process Start;;SUCCESS;Parent PID: 3160
16:41:39;5362023;cmd.exe;2464;Thread Create;;SUCCESS;Thread ID: 2592
16:41:39;5365247;MySQLWorkbench.exe;3160;CloseFile;C:\WINDOWS\system32\cmd.exe;SUCCESS;
16:41:39;5366934;cmd.exe;2464;QueryNameInformationFile;C:\WINDOWS\system32\cmd.exe;SUCCESS;Name: \WINDOWS\system32\cmd.exe
16:41:39;5370415;cmd.exe;2464;Load Image;C:\WINDOWS\system32\cmd.exe;SUCCESS;Image Base: 0x4ad00000, Image Size: 0x61000
16:41:39;5377966;cmd.exe;2464;Load Image;C:\WINDOWS\system32\ntdll.dll;SUCCESS;Image Base: 0x7c900000, Image Size: 0xb2000
16:41:39;5378425;cmd.exe;2464;QueryNameInformationFile;C:\WINDOWS\system32\cmd.exe;SUCCESS;Name: \WINDOWS\system32\cmd.exe
16:41:39;5382051;cmd.exe;2464;CreateFile;C:\WINDOWS\Prefetch\CMD.EXE-034B0549.pf;SUCCESS;Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Attributes: n/a, ShareMode: None, AllocationSize: n/a, OpenResult: Opened
16:41:39;5386445;cmd.exe;2464;QueryStandardInformationFile;C:\WINDOWS\Prefetch\CMD.EXE-034B0549.pf;SUCCESS;AllocationSize: 16.384, EndOfFile: 12.392, NumberOfLinks: 1, DeletePending: False, Directory: False
16:41:39;5389887;cmd.exe;2464;ReadFile;C:\WINDOWS\Prefetch\CMD.EXE-034B0549.pf;SUCCESS;Offset: 0, Length: 12.392
16:41:39;5392194;cmd.exe;2464;CloseFile;C:\WINDOWS\Prefetch\CMD.EXE-034B0549.pf;SUCCESS;
16:41:39;5393457;cmd.exe;2464;RegOpenKey;HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmd.exe;NAME NOT FOUND;Desired Access: Read
16:41:39;5395902;cmd.exe;2464;FileSystemControl;C:\Program Files\MySQL\MySQL Workbench 5.2 OSS;SUCCESS;Control: FSCTL_IS_VOLUME_MOUNTED
16:41:39;5396952;cmd.exe;2464;FileSystemControl;C:\Program Files\MySQL\MySQL Workbench 5.2 OSS;SUCCESS;Control: FSCTL_IS_VOLUME_MOUNTED
16:41:39;5399371;cmd.exe;2464;QueryOpen;C:\WINDOWS\system32\cmd.exe.Local;NAME NOT FOUND;
16:41:39;5402643;cmd.exe;2464;Load Image;C:\WINDOWS\system32\kernel32.dll;SUCCESS;Image Base: 0x7c800000, Image Size: 0xf6000
16:41:39;5406031;cmd.exe;2464;RegOpenKey;HKLM\System\CurrentControlSet\Control\Terminal Server;SUCCESS;Desired Access: Read
16:41:39;5406657;cmd.exe;2464;RegQueryValue;HKLM\System\CurrentControlSet\Control\Terminal Server\TSAppCompat;SUCCESS;Type: REG_DWORD, Length: 4, Data: 0
16:41:39;5407065;cmd.exe;2464;RegCloseKey;HKLM\System\CurrentControlSet\Control\Terminal Server;SUCCESS;
16:41:39;5407227;cmd.exe;2464;RegOpenKey;HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmd.exe;NAME NOT FOUND;Desired Access: Read
16:41:39;5496040;cmd.exe;2464;Load Image;C:\WINDOWS\system32\msvcrt.dll;SUCCESS;Image Base: 0x77c10000, Image Size: 0x58000
16:41:39;5513766;cmd.exe;2464;Load Image;C:\WINDOWS\system32\user32.dll;SUCCESS;Image Base: 0x7e410000, Image Size: 0x91000
16:41:39;5538051;cmd.exe;2464;Load Image;C:\WINDOWS\system32\gdi32.dll;SUCCESS;Image Base: 0x77f10000, Image Size: 0x49000
16:41:39;5543809;cmd.exe;2464;QueryOpen;C:\WINDOWS\system32\shimeng.dll;SUCCESS;CreationTime: 28-02-2006 13:00:00, LastAccessTime: 22-02-2010 16:41:37, LastWriteTime: 14-04-2008 01:12:05, ChangeTime: 07-09-2008 18:13:41, AllocationSize: 65.536, EndOfFile: 65.024, FileAttributes: A
16:41:39;5547264;cmd.exe;2464;CreateFile;C:\WINDOWS\system32\shimeng.dll;SUCCESS;Desired Access: Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened
16:41:39;5554743;cmd.exe;2464;RegOpenKey;HKLM\System\CurrentControlSet\Control\SafeBoot\Option;NAME NOT FOUND;Desired Access: Query Value, Set Value
16:41:39;5555198;cmd.exe;2464;RegOpenKey;HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers;SUCCESS;Desired Access: Query Value
16:41:39;5557123;cmd.exe;2464;RegQueryValue;HKLM\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\TransparentEnabled;SUCCESS;Type: REG_DWORD, Length: 4, Data: 1
16:41:39;5557528;cmd.exe;2464;RegCloseKey;HKLM\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers;SUCCESS;
16:41:39;5557836;cmd.exe;2464;RegOpenKey;HKCU\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers;NAME NOT FOUND;Desired Access: Query Value
16:41:39;5560434;cmd.exe;2464;CloseFile;C:\WINDOWS\system32\shimeng.dll;SUCCESS;
16:41:39;5565599;cmd.exe;2464;Load Image;C:\WINDOWS\system32\shimeng.dll;SUCCESS;Image Base: 0x5cb70000, Image Size: 0x26000
16:41:39;5570955;cmd.exe;2464;CreateFile;C:\WINDOWS\AppPatch\sysmain.sdb;SUCCESS;Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, AllocationSize: n/a, OpenResult: Opened
16:41:39;5576352;cmd.exe;2464;QueryStandardInformationFile;C:\WINDOWS\AppPatch\sysmain.sdb;SUCCESS;AllocationSize: 1.208.320, EndOfFile: 1.206.508, NumberOfLinks: 1, DeletePending: False, Directory: False
16:41:39;5578852;cmd.exe;2464;QueryStandardInformationFile;C:\WINDOWS\AppPatch\sysmain.sdb;SUCCESS;AllocationSize: 1.208.320, EndOfFile: 1.206.508, NumberOfLinks: 1, DeletePending: False, Directory: False
16:41:39;5581397;cmd.exe;2464;QueryStandardInformationFile;C:\WINDOWS\AppPatch\sysmain.sdb;SUCCESS;AllocationSize: 1.208.320, EndOfFile: 1.206.508, NumberOfLinks: 1, DeletePending: False, Directory: False
16:41:39;5584071;cmd.exe;2464;CreateFile;C:\WINDOWS\AppPatch\systest.sdb;NAME NOT FOUND;Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, AllocationSize: n/a
16:41:39;5591295;cmd.exe;2464;RegOpenKey;HKLM\System\WPA\TabletPC;NAME NOT FOUND;Desired Access: Query Value, WOW64_64Key
16:41:39;5591583;cmd.exe;2464;RegOpenKey;HKLM\SYSTEM\WPA\MediaCenter;SUCCESS;Desired Access: Query Value, WOW64_64Key
16:41:39;5591977;cmd.exe;2464;RegQueryValue;HKLM\SYSTEM\WPA\MediaCenter\Installed;SUCCESS;Type: REG_DWORD, Length: 4, Data: 0
16:41:39;5592323;cmd.exe;2464;RegCloseKey;HKLM\SYSTEM\WPA\MediaCenter;SUCCESS;
16:41:39;5603260;cmd.exe;2464;CreateFile;C:\WINDOWS\AppPatch\acgenral.dll;SUCCESS;Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, AllocationSize: n/a, OpenResult: Opened
16:41:39;5606568;cmd.exe;2464;CloseFile;C:\WINDOWS\AppPatch\acgenral.dll;SUCCESS;
16:41:39;5610029;cmd.exe;2464;QueryOpen;C:\WINDOWS\AppPatch\acgenral.dll;SUCCESS;CreationTime: 28-02-2006 13:00:00, LastAccessTime: 22-02-2010 16:41:37, LastWriteTime: 14-04-2008 01:11:48, ChangeTime: 07-09-2008 18:14:01, AllocationSize: 1.855.488, EndOfFile: 1.852.928, FileAttributes: A
16:41:39;5612709;cmd.exe;2464;CreateFile;C:\WINDOWS\AppPatch\acgenral.dll;SUCCESS;Desired Access: Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened
16:41:39;5616430;cmd.exe;2464;QueryStandardInformationFile;C:\WINDOWS\AppPatch\acgenral.dll;SUCCESS;AllocationSize: 1.855.488, EndOfFile: 1.852.928, NumberOfLinks: 1, DeletePending: False, Directory: False
16:41:39;5619360;cmd.exe;2464;CloseFile;C:\WINDOWS\AppPatch\acgenral.dll;SUCCESS;
16:41:39;5623059;cmd.exe;2464;QueryOpen;C:\WINDOWS\AppPatch\acgenral.dll;SUCCESS;CreationTime: 28-02-2006 13:00:00, LastAccessTime: 22-02-2010 16:41:39, LastWriteTime: 14-04-2008 01:11:48, ChangeTime: 07-09-2008 18:14:01, AllocationSize: 1.855.488, EndOfFile: 1.852.928, FileAttributes: A
16:41:39;5630032;cmd.exe;2464;CreateFile;C:\WINDOWS\AppPatch\acgenral.dll;SUCCESS;Desired Access: Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened
16:41:39;5634225;cmd.exe;2464;QueryStandardInformationFile;C:\WINDOWS\AppPatch\acgenral.dll;SUCCESS;AllocationSize: 1.855.488, EndOfFile: 1.852.928, NumberOfLinks: 1, DeletePending: False, Directory: False
16:41:39;5636935;cmd.exe;2464;CloseFile;C:\WINDOWS\AppPatch\acgenral.dll;SUCCESS;
16:41:39;5640581;cmd.exe;2464;QueryOpen;C:\WINDOWS\AppPatch\acgenral.dll;SUCCESS;CreationTime: 28-02-2006 13:00:00, LastAccessTime: 22-02-2010 16:41:39, LastWriteTime: 14-04-2008 01:11:48, ChangeTime: 07-09-2008 18:14:01, AllocationSize: 1.855.488, EndOfFile: 1.852.928, FileAttributes: A
16:41:39;5653094;cmd.exe;2464;CreateFile;C:\WINDOWS\AppPatch\acgenral.dll;SUCCESS;Desired Access: Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened
16:41:39;5660852;cmd.exe;2464;CloseFile;C:\WINDOWS\AppPatch\acgenral.dll;SUCCESS;
16:41:39;5664846;cmd.exe;2464;Load Image;C:\WINDOWS\AppPatch\acgenral.dll;SUCCESS;Image Base: 0x6f880000, Image Size: 0x1ca000
16:41:39;5671319;cmd.exe;2464;Load Image;C:\WINDOWS\system32\advapi32.dll;SUCCESS;Image Base: 0x77dd0000, Image Size: 0x9b000
16:41:39;5684360;cmd.exe;2464;Load Image;C:\WINDOWS\system32\rpcrt4.dll;SUCCESS;Image Base: 0x77e70000, Image Size: 0x92000
16:41:39;5734808;cmd.exe;2464;Load Image;C:\WINDOWS\system32\secur32.dll;SUCCESS;Image Base: 0x77fe0000, Image Size: 0x11000
16:41:39;5739864;cmd.exe;2464;QueryOpen;C:\WINDOWS\system32\winmm.dll;SUCCESS;CreationTime: 28-02-2006 13:00:00, LastAccessTime: 22-02-2010 16:41:37, LastWriteTime: 14-04-2008 01:12:09, ChangeTime: 07-09-2008 18:13:37, AllocationSize: 176.128, EndOfFile: 176.128, FileAttributes: A
16:41:39;5742652;cmd.exe;2464;CreateFile;C:\WINDOWS\system32\winmm.dll;SUCCESS;Desired Access: Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened
16:41:39;5749173;cmd.exe;2464;CloseFile;C:\WINDOWS\system32\winmm.dll;SUCCESS;
16:41:39;5753712;cmd.exe;2464;Load Image;C:\WINDOWS\system32\winmm.dll;SUCCESS;Image Base: 0x76b40000, Image Size: 0x2d000
16:41:39;5768927;cmd.exe;2464;Load Image;C:\WINDOWS\system32\ole32.dll;SUCCESS;Image Base: 0x774e0000, Image Size: 0x13d000
16:41:39;5782381;cmd.exe;2464;Load Image;C:\WINDOWS\system32\oleaut32.dll;SUCCESS;Image Base: 0x77120000, Image Size: 0x8b000
16:41:39;5850278;cmd.exe;2464;QueryOpen;C:\WINDOWS\system32\msacm32.dll;SUCCESS;CreationTime: 28-02-2006 13:00:00, LastAccessTime: 22-02-2010 16:41:37, LastWriteTime: 14-04-2008 01:11:58, ChangeTime: 07-09-2008 18:13:49, AllocationSize: 73.728, EndOfFile: 71.680, FileAttributes: A
16:41:39;5853334;cmd.exe;2464;CreateFile;C:\WINDOWS\system32\msacm32.dll;SUCCESS;Desired Access: Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened
16:41:39;5859963;cmd.exe;2464;CloseFile;C:\WINDOWS\system32\msacm32.dll;SUCCESS;
16:41:39;5869277;cmd.exe;2464;Load Image;C:\WINDOWS\system32\msacm32.dll;SUCCESS;Image Base: 0x77be0000, Image Size: 0x15000
16:41:39;5880838;cmd.exe;2464;Load Image;C:\WINDOWS\system32\version.dll;SUCCESS;Image Base: 0x77c00000, Image Size: 0x8000
16:41:39;5885902;cmd.exe;2464;Load Image;C:\WINDOWS\system32\shell32.dll;SUCCESS;Image Base: 0x7c9c0000, Image Size: 0x817000
16:41:39;5904896;cmd.exe;2464;Load Image;C:\WINDOWS\system32\shlwapi.dll;SUCCESS;Image Base: 0x77f60000, Image Size: 0x76000
16:41:39;5911445;cmd.exe;2464;Load Image;C:\WINDOWS\system32\userenv.dll;SUCCESS;Image Base: 0x769c0000, Image Size: 0xb4000
16:41:39;5949735;cmd.exe;2464;QueryOpen;C:\WINDOWS\system32\uxtheme.dll;SUCCESS;CreationTime: 28-02-2006 13:00:00, LastAccessTime: 22-02-2010 16:41:37, LastWriteTime: 14-04-2008 01:12:08, ChangeTime: 07-09-2008 18:13:38, AllocationSize: 221.184, EndOfFile: 218.624, FileAttributes: A
16:41:39;5952715;cmd.exe;2464;CreateFile;C:\WINDOWS\system32\uxtheme.dll;SUCCESS;Desired Access: Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened
16:41:39;5959834;cmd.exe;2464;CloseFile;C:\WINDOWS\system32\uxtheme.dll;SUCCESS;
16:41:39;5969704;cmd.exe;2464;Load Image;C:\WINDOWS\system32\uxtheme.dll;SUCCESS;Image Base: 0x5ad70000, Image Size: 0x38000
16:41:39;5987100;cmd.exe;2464;RegOpenKey;HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AcGenral.DLL;NAME NOT FOUND;Desired Access: Read
16:41:39;5989963;cmd.exe;2464;RegOpenKey;HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ntdll.dll;NAME NOT FOUND;Desired Access: Read
16:41:39;5990237;cmd.exe;2464;RegOpenKey;HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kernel32.dll;NAME NOT FOUND;Desired Access: Read
16:41:39;5990441;cmd.exe;2464;RegOpenKey;HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msvcrt.dll;NAME NOT FOUND;Desired Access: Read
16:41:39;5990648;cmd.exe;2464;RegOpenKey;HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GDI32.dll;NAME NOT FOUND;Desired Access: Read
16:41:39;5990854;cmd.exe;2464;RegOpenKey;HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\USER32.dll;NAME NOT FOUND;Desired Access: Read
16:41:39;5991058;cmd.exe;2464;RegOpenKey;HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ShimEng.dll;NAME NOT FOUND;Desired Access: Read
16:41:39;5991265;cmd.exe;2464;RegOpenKey;HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Secur32.dll;NAME NOT FOUND;Desired Access: Read
16:41:39;5991469;cmd.exe;2464;RegOpenKey;HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RPCRT4.dll;NAME NOT FOUND;Desired Access: Read
16:41:39;5991670;cmd.exe;2464;RegOpenKey;HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ADVAPI32.dll;NAME NOT FOUND;Desired Access: Read
16:41:39;5991868;cmd.exe;2464;RegOpenKey;HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WINMM.dll;NAME NOT FOUND;Desired Access: Read
16:41:39;5992120;cmd.exe;2464;RegOpenKey;HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ole32.dll;NAME NOT FOUND;Desired Access: Read
16:41:39;5992371;cmd.exe;2464;RegOpenKey;HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\OLEAUT32.dll;NAME NOT FOUND;Desired Access: Read
16:41:39;5992606;cmd.exe;2464;RegOpenKey;HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MSACM32.dll;NAME NOT FOUND;Desired Access: Read
16:41:39;5992810;cmd.exe;2464;RegOpenKey;HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\VERSION.dll;NAME NOT FOUND;Desired Access: Read
16:41:39;5993011;cmd.exe;2464;RegOpenKey;HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SHLWAPI.dll;NAME NOT FOUND;Desired Access: Read
16:41:39;5993212;cmd.exe;2464;RegOpenKey;HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SHELL32.dll;NAME NOT FOUND;Desired Access: Read
16:41:39;5993450;cmd.exe;2464;RegOpenKey;HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\USERENV.dll;NAME NOT FOUND;Desired Access: Read
16:41:39;5993654;cmd.exe;2464;RegOpenKey;HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UxTheme.dll;NAME NOT FOUND;Desired Access: Read
16:41:39;5999830;cmd.exe;2464;CloseFile;C:\WINDOWS\AppPatch\sysmain.sdb;SUCCESS;
16:41:39;6004376;cmd.exe;2464;RegOpenKey;HKLM\System\CurrentControlSet\Control\Session Manager;SUCCESS;Desired Access: Query Value
16:41:39;6005054;cmd.exe;2464;RegQueryValue;HKLM\System\CurrentControlSet\Control\Session Manager\SafeDllSearchMode;NAME NOT FOUND;Length: 16
16:41:39;6005479;cmd.exe;2464;RegCloseKey;HKLM\System\CurrentControlSet\Control\Session Manager;SUCCESS;
16:41:39;6009301;cmd.exe;2464;QueryOpen;C:\WINDOWS\system32\imm32.dll;SUCCESS;CreationTime: 28-02-2006 13:00:00, LastAccessTime: 22-02-2010 16:41:37, LastWriteTime: 14-04-2008 01:11:54, ChangeTime: 07-09-2008 18:13:51, AllocationSize: 110.592, EndOfFile: 110.080, FileAttributes: A
16:41:39;6011815;cmd.exe;2464;CreateFile;C:\WINDOWS\system32\imm32.dll;SUCCESS;Desired Access: Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened
16:41:39;6015427;cmd.exe;2464;QueryStandardInformationFile;C:\WINDOWS\system32\imm32.dll;SUCCESS;AllocationSize: 110.592, EndOfFile: 110.080, NumberOfLinks: 1, DeletePending: False, Directory: False
16:41:39;6018151;cmd.exe;2464;CloseFile;C:\WINDOWS\system32\imm32.dll;SUCCESS;
16:41:39;6021976;cmd.exe;2464;QueryOpen;C:\WINDOWS\system32\imm32.dll;SUCCESS;CreationTime: 28-02-2006 13:00:00, LastAccessTime: 22-02-2010 16:41:39, LastWriteTime: 14-04-2008 01:11:54, ChangeTime: 07-09-2008 18:13:51, AllocationSize: 110.592, EndOfFile: 110.080, FileAttributes: A
16:41:39;6024487;cmd.exe;2464;CreateFile;C:\WINDOWS\system32\imm32.dll;SUCCESS;Desired Access: Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened
16:41:39;6031985;cmd.exe;2464;QueryStandardInformationFile;C:\WINDOWS\system32\imm32.dll;SUCCESS;AllocationSize: 110.592, EndOfFile: 110.080, NumberOfLinks: 1, DeletePending: False, Directory: False
16:41:39;6034273;cmd.exe;2464;CloseFile;C:\WINDOWS\system32\imm32.dll;SUCCESS;
16:41:39;6067923;cmd.exe;2464;QueryOpen;C:\WINDOWS\system32\imm32.dll;SUCCESS;CreationTime: 28-02-2006 13:00:00, LastAccessTime: 22-02-2010 16:41:39, LastWriteTime: 14-04-2008 01:11:54, ChangeTime: 07-09-2008 18:13:51, AllocationSize: 110.592, EndOfFile: 110.080, FileAttributes: A
16:41:39;6070649;cmd.exe;2464;CreateFile;C:\WINDOWS\system32\imm32.dll;SUCCESS;Desired Access: Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened
16:41:39;6084850;cmd.exe;2464;CloseFile;C:\WINDOWS\system32\imm32.dll;SUCCESS;
16:41:39;6089099;cmd.exe;2464;Load Image;C:\WINDOWS\system32\imm32.dll;SUCCESS;Image Base: 0x76390000, Image Size: 0x1d000
16:41:39;6091046;cmd.exe;2464;RegOpenKey;HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\IMM32.DLL;NAME NOT FOUND;Desired Access: Read
16:41:39;6094680;cmd.exe;2464;QueryOpen;C:\WINDOWS\system32\imm32.dll;SUCCESS;CreationTime: 28-02-2006 13:00:00, LastAccessTime: 22-02-2010 16:41:39, LastWriteTime: 14-04-2008 01:11:54, ChangeTime: 07-09-2008 18:13:51, AllocationSize: 110.592, EndOfFile: 110.080, FileAttributes: A
16:41:39;6111629;cmd.exe;2464;QueryOpen;C:\WINDOWS\system32\imm32.dll;SUCCESS;CreationTime: 28-02-2006 13:00:00, LastAccessTime: 22-02-2010 16:41:39, LastWriteTime: 14-04-2008 01:11:54, ChangeTime: 07-09-2008 18:13:51, AllocationSize: 110.592, EndOfFile: 110.080, FileAttributes: A
16:41:39;6111993;cmd.exe;2464;RegOpenKey;HKLM\System\CurrentControlSet\Control\Error Message Instrument;NAME NOT FOUND;Desired Access: Read
16:41:39;6112496;cmd.exe;2464;RegOpenKey;HKLM\Software\Microsoft\Windows NT\CurrentVersion\GRE_Initialize;SUCCESS;Desired Access: Read
16:41:39;6112942;cmd.exe;2464;RegQueryValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles;NAME NOT FOUND;Length: 20
16:41:39;6113314;cmd.exe;2464;RegCloseKey;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize;SUCCESS;
16:41:39;6115096;cmd.exe;2464;RegOpenKey;HKLM\Software\Microsoft\Windows NT\CurrentVersion\Compatibility32;SUCCESS;Desired Access: Read
16:41:39;6115474;cmd.exe;2464;RegQueryValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Compatibility32\cmd;NAME NOT FOUND;Length: 172
16:41:39;6115778;cmd.exe;2464;RegCloseKey;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Compatibility32;SUCCESS;
16:41:39;6115884;cmd.exe;2464;RegOpenKey;HKLM\Software\Microsoft\Windows NT\CurrentVersion\IME Compatibility;SUCCESS;Desired Access: Read
16:41:39;6116189;cmd.exe;2464;RegQueryValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IME Compatibility\cmd;NAME NOT FOUND;Length: 172
16:41:39;6116457;cmd.exe;2464;RegCloseKey;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IME Compatibility;SUCCESS;
16:41:39;6117401;cmd.exe;2464;RegOpenKey;HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows;SUCCESS;Desired Access: Read
16:41:39;6117759;cmd.exe;2464;RegQueryValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs;SUCCESS;Type: REG_SZ, Length: 2, Data: 
16:41:39;6118074;cmd.exe;2464;RegCloseKey;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows;SUCCESS;
16:41:39;6119410;cmd.exe;2464;RegOpenKey;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon;SUCCESS;Desired Access: Read
16:41:39;6119742;cmd.exe;2464;RegQueryValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\LeakTrack;NAME NOT FOUND;Length: 144
16:41:39;6120086;cmd.exe;2464;RegCloseKey;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon;SUCCESS;
16:41:39;6120206;cmd.exe;2464;RegOpenKey;HKLM;SUCCESS;Desired Access: Maximum Allowed
16:41:39;6120474;cmd.exe;2464;RegOpenKey;HKLM\Software\Microsoft\Windows NT\CurrentVersion\Diagnostics;NAME NOT FOUND;Desired Access: Read
16:41:39;6121142;cmd.exe;2464;RegOpenKey;HKLM\Software\Microsoft\Windows NT\CurrentVersion\DRIVERS32;SUCCESS;Desired Access: Read
16:41:39;6121477;cmd.exe;2464;RegQueryValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\wave;SUCCESS;Type: REG_SZ, Length: 22, Data: wdmaud.drv
16:41:39;6121955;cmd.exe;2464;RegQueryValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\wave;SUCCESS;Type: REG_SZ, Length: 22, Data: wdmaud.drv
16:41:39;6122229;cmd.exe;2464;RegQueryValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\wave1;SUCCESS;Type: REG_SZ, Length: 22, Data: wdmaud.drv
16:41:39;6122474;cmd.exe;2464;RegQueryValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\wave1;SUCCESS;Type: REG_SZ, Length: 22, Data: wdmaud.drv
16:41:39;6122687;cmd.exe;2464;RegQueryValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\wave2;SUCCESS;Type: REG_SZ, Length: 22, Data: wdmaud.drv
16:41:39;6122921;cmd.exe;2464;RegQueryValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\wave2;SUCCESS;Type: REG_SZ, Length: 22, Data: wdmaud.drv
16:41:39;6123145;cmd.exe;2464;RegQueryValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\wave3;NAME NOT FOUND;Length: 536
16:41:39;6123357;cmd.exe;2464;RegQueryValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\wave4;NAME NOT FOUND;Length: 536
16:41:39;6123567;cmd.exe;2464;RegQueryValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\wave5;NAME NOT FOUND;Length: 536
16:41:39;6123773;cmd.exe;2464;RegQueryValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\wave6;NAME NOT FOUND;Length: 536
16:41:39;6123972;cmd.exe;2464;RegQueryValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\wave7;NAME NOT FOUND;Length: 536
16:41:39;6124173;cmd.exe;2464;RegQueryValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\wave8;NAME NOT FOUND;Length: 536
16:41:39;6124377;cmd.exe;2464;RegQueryValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\wave9;NAME NOT FOUND;Length: 536
16:41:39;6124586;cmd.exe;2464;RegQueryValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\midi;SUCCESS;Type: REG_SZ, Length: 22, Data: wdmaud.drv
16:41:39;6124813;cmd.exe;2464;RegQueryValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\midi;SUCCESS;Type: REG_SZ, Length: 22, Data: wdmaud.drv
16:41:39;6125031;cmd.exe;2464;RegQueryValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\midi1;SUCCESS;Type: REG_SZ, Length: 22, Data: wdmaud.drv
16:41:39;6125251;cmd.exe;2464;RegQueryValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\midi1;SUCCESS;Type: REG_SZ, Length: 22, Data: wdmaud.drv
16:41:39;6125469;cmd.exe;2464;RegQueryValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\midi2;SUCCESS;Type: REG_SZ, Length: 22, Data: wdmaud.drv
16:41:39;6125696;cmd.exe;2464;RegQueryValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\midi2;SUCCESS;Type: REG_SZ, Length: 22, Data: wdmaud.drv
16:41:39;6125919;cmd.exe;2464;RegQueryValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\midi3;NAME NOT FOUND;Length: 536
16:41:39;6126131;cmd.exe;2464;RegQueryValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\midi4;NAME NOT FOUND;Length: 536
16:41:39;6126338;cmd.exe;2464;RegQueryValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\midi5;NAME NOT FOUND;Length: 536
16:41:39;6126545;cmd.exe;2464;RegQueryValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\midi6;NAME NOT FOUND;Length: 536
16:41:39;6126754;cmd.exe;2464;RegQueryValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\midi7;NAME NOT FOUND;Length: 536
16:41:39;6126967;cmd.exe;2464;RegQueryValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\midi8;NAME NOT FOUND;Length: 536
16:41:39;6127176;cmd.exe;2464;RegQueryValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\midi9;NAME NOT FOUND;Length: 536
16:41:39;6127405;cmd.exe;2464;RegQueryValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\aux;NAME NOT FOUND;Length: 536
16:41:39;6127606;cmd.exe;2464;RegQueryValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\aux1;NAME NOT FOUND;Length: 536
16:41:39;6127799;cmd.exe;2464;RegQueryValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\aux2;NAME NOT FOUND;Length: 536
16:41:39;6128000;cmd.exe;2464;RegQueryValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\aux3;NAME NOT FOUND;Length: 536
16:41:39;6128199;cmd.exe;2464;RegQueryValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\aux4;NAME NOT FOUND;Length: 536
16:41:39;6128397;cmd.exe;2464;RegQueryValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\aux5;NAME NOT FOUND;Length: 536
16:41:39;6128601;cmd.exe;2464;RegQueryValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\aux6;NAME NOT FOUND;Length: 536
16:41:39;6128802;cmd.exe;2464;RegQueryValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\aux7;NAME NOT FOUND;Length: 536
16:41:39;6129000;cmd.exe;2464;RegQueryValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\aux8;NAME NOT FOUND;Length: 536
16:41:39;6129210;cmd.exe;2464;RegQueryValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\aux9;NAME NOT FOUND;Length: 536
16:41:39;6129411;cmd.exe;2464;RegOpenKey;HKLM\System\CurrentControlSet\Control\MediaProperties\PrivateProperties\Joystick\Winmm;SUCCESS;Desired Access: All Access
16:41:39;6129914;cmd.exe;2464;RegQueryValue;HKLM\System\CurrentControlSet\Control\MediaProperties\PrivateProperties\Joystick\Winmm\wheel;SUCCESS;Type: REG_DWORD, Length: 4, Data: 1
16:41:39;6130227;cmd.exe;2464;RegCloseKey;HKLM\System\CurrentControlSet\Control\MediaProperties\PrivateProperties\Joystick\Winmm;SUCCESS;
16:41:39;6130492;cmd.exe;2464;RegQueryValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\mixer;SUCCESS;Type: REG_SZ, Length: 22, Data: wdmaud.drv
16:41:39;6130738;cmd.exe;2464;RegQueryValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\mixer;SUCCESS;Type: REG_SZ, Length: 22, Data: wdmaud.drv
16:41:39;6130962;cmd.exe;2464;RegQueryValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\mixer1;SUCCESS;Type: REG_SZ, Length: 22, Data: wdmaud.drv
16:41:39;6131193;cmd.exe;2464;RegQueryValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\mixer1;SUCCESS;Type: REG_SZ, Length: 22, Data: wdmaud.drv
16:41:39;6131420;cmd.exe;2464;RegQueryValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\mixer2;SUCCESS;Type: REG_SZ, Length: 22, Data: wdmaud.drv
16:41:39;6131643;cmd.exe;2464;RegQueryValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\mixer2;SUCCESS;Type: REG_SZ, Length: 22, Data: wdmaud.drv
16:41:39;6131867;cmd.exe;2464;RegQueryValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\mixer3;NAME NOT FOUND;Length: 536
16:41:39;6132079;cmd.exe;2464;RegQueryValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\mixer4;NAME NOT FOUND;Length: 536
16:41:39;6132291;cmd.exe;2464;RegQueryValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\mixer5;NAME NOT FOUND;Length: 536
16:41:39;6132501;cmd.exe;2464;RegQueryValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\mixer6;NAME NOT FOUND;Length: 536
16:41:39;6132710;cmd.exe;2464;RegQueryValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\mixer7;NAME NOT FOUND;Length: 536
16:41:39;6132923;cmd.exe;2464;RegQueryValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\mixer8;NAME NOT FOUND;Length: 536
16:41:39;6133129;cmd.exe;2464;RegQueryValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\mixer9;NAME NOT FOUND;Length: 536
16:41:39;6136465;cmd.exe;2464;RegSetValue;HKLM\SOFTWARE\Microsoft\Cryptography\RNG\Seed;SUCCESS;Type: REG_BINARY, Length: 80, Data: 99 A4 F0 29 DB 60 B6 01 41 AB B7 4A 4D A5 34 6B
16:41:39;6138027;cmd.exe;2464;RegOpenKey;HKLM\SYSTEM\CurrentControlSet\Control\Session Manager;SUCCESS;Desired Access: Read
16:41:39;6138538;cmd.exe;2464;RegQueryValue;HKLM\System\CurrentControlSet\Control\Session Manager\CriticalSectionTimeout;SUCCESS;Type: REG_DWORD, Length: 4, Data: 2592000
16:41:39;6138873;cmd.exe;2464;RegCloseKey;HKLM\System\CurrentControlSet\Control\Session Manager;SUCCESS;
16:41:39;6138999;cmd.exe;2464;RegOpenKey;HKLM\Software\Microsoft\Ole;SUCCESS;Desired Access: Read
16:41:39;6139281;cmd.exe;2464;RegQueryValue;HKLM\SOFTWARE\Microsoft\Ole\RWLockResourceTimeOut;NAME NOT FOUND;Length: 144
16:41:39;6139549;cmd.exe;2464;RegCloseKey;HKLM\SOFTWARE\Microsoft\Ole;SUCCESS;
16:41:39;6139778;cmd.exe;2464;RegOpenKey;HKCR\Interface;SUCCESS;Desired Access: Read
16:41:39;6140382;cmd.exe;2464;RegCloseKey;HKCR\Interface;SUCCESS;
16:41:39;6140466;cmd.exe;2464;RegOpenKey;HKCR\Interface\{00020400-0000-0000-C000-000000000046};SUCCESS;Desired Access: Read
16:41:39;6141463;cmd.exe;2464;RegCloseKey;HKCR\Interface\{00020400-0000-0000-C000-000000000046};SUCCESS;
16:41:39;6141932;cmd.exe;2464;RegOpenKey;HKLM\SOFTWARE\Microsoft\OLEAUT;NAME NOT FOUND;Desired Access: Query Value
16:41:39;6142329;cmd.exe;2464;RegOpenKey;HKLM\SOFTWARE\Microsoft\OLEAUT\UserEra;NAME NOT FOUND;Desired Access: Query Value, Enumerate Sub Keys
16:41:39;6142538;cmd.exe;2464;RegOpenKey;HKLM\SOFTWARE\Microsoft\OLEAUT;NAME NOT FOUND;Desired Access: Query Value
16:41:39;6142952;cmd.exe;2464;RegOpenKey;HKCU;SUCCESS;Desired Access: Maximum Allowed
16:41:39;6143265;cmd.exe;2464;RegCreateKey;HKCU\Software\Microsoft\Multimedia\Audio;SUCCESS;Desired Access: Write, Query Value
16:41:39;6143586;cmd.exe;2464;RegQueryValue;HKCU\Software\Microsoft\Multimedia\Audio\SystemFormats;SUCCESS;Type: REG_SZ, Length: 86, Data: CD Quality,Radio Quality,Telephone Quality
16:41:39;6143882;cmd.exe;2464;RegCloseKey;HKCU\Software\Microsoft\Multimedia\Audio;SUCCESS;
16:41:39;6144069;cmd.exe;2464;RegCloseKey;HKCU;SUCCESS;
16:41:39;6144472;cmd.exe;2464;RegOpenKey;HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32;SUCCESS;Desired Access: Read
16:41:39;6144846;cmd.exe;2464;RegEnumValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32;SUCCESS;Index: 0, Type: REG_SZ
16:41:39;6145036;cmd.exe;2464;RegEnumValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32;SUCCESS;Index: 1, Type: REG_SZ
16:41:39;6145206;cmd.exe;2464;RegEnumValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32;SUCCESS;Index: 2, Type: REG_SZ
16:41:39;6145366;cmd.exe;2464;RegEnumValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32;SUCCESS;Index: 3, Type: REG_SZ
16:41:39;6145536;cmd.exe;2464;RegEnumValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32;SUCCESS;Index: 4, Type: REG_SZ
16:41:39;6145704;cmd.exe;2464;RegEnumValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32;SUCCESS;Index: 5, Type: REG_SZ
16:41:39;6145868;cmd.exe;2464;RegEnumValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32;SUCCESS;Index: 6, Type: REG_SZ
16:41:39;6146030;cmd.exe;2464;RegEnumValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32;SUCCESS;Index: 7, Type: REG_SZ
16:41:39;6146198;cmd.exe;2464;RegEnumValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32;SUCCESS;Index: 8, Type: REG_SZ
16:41:39;6146369;cmd.exe;2464;RegEnumValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32;SUCCESS;Index: 9, Type: REG_SZ
16:41:39;6146539;cmd.exe;2464;RegEnumValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32;SUCCESS;Index: 10, Type: REG_SZ
16:41:39;6146704;cmd.exe;2464;RegEnumValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32;SUCCESS;Index: 11, Type: REG_SZ
16:41:39;6146871;cmd.exe;2464;RegEnumValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32;SUCCESS;Index: 12, Type: REG_SZ
16:41:39;6147042;cmd.exe;2464;RegEnumValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32;SUCCESS;Index: 13, Type: REG_SZ
16:41:39;6147215;cmd.exe;2464;RegEnumValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32;SUCCESS;Index: 14, Type: REG_SZ
16:41:39;6147385;cmd.exe;2464;RegEnumValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32;SUCCESS;Index: 15, Type: REG_SZ
16:41:39;6147556;cmd.exe;2464;RegEnumValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32;SUCCESS;Index: 16, Type: REG_SZ
16:41:39;6147723;cmd.exe;2464;RegEnumValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32;SUCCESS;Index: 17, Type: REG_SZ
16:41:39;6147891;cmd.exe;2464;RegEnumValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32;SUCCESS;Index: 18, Type: REG_SZ
16:41:39;6148064;cmd.exe;2464;RegEnumValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32;SUCCESS;Index: 19, Type: REG_SZ
16:41:39;6148237;cmd.exe;2464;RegEnumValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32;SUCCESS;Index: 20, Type: REG_SZ
16:41:39;6148413;cmd.exe;2464;RegEnumValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32;SUCCESS;Index: 21, Type: REG_SZ
16:41:39;6148584;cmd.exe;2464;RegEnumValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32;SUCCESS;Index: 22, Type: REG_SZ
16:41:39;6148855;cmd.exe;2464;RegCloseKey;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32;SUCCESS;
16:41:39;6149009;cmd.exe;2464;RegQueryKey;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32;BUFFER OVERFLOW;Query: Basic, Length: 24
16:41:39;6149204;cmd.exe;2464;RegEnumValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32;SUCCESS;Index: 0, Type: REG_SZ
16:41:39;6149374;cmd.exe;2464;RegEnumValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32;SUCCESS;Index: 1, Type: REG_SZ
16:41:39;6149542;cmd.exe;2464;RegEnumValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32;SUCCESS;Index: 2, Type: REG_SZ
16:41:39;6149713;cmd.exe;2464;RegEnumValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32;SUCCESS;Index: 3, Type: REG_SZ
16:41:39;6149883;cmd.exe;2464;RegEnumValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32;SUCCESS;Index: 4, Type: REG_SZ
16:41:39;6150053;cmd.exe;2464;RegEnumValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32;SUCCESS;Index: 5, Type: REG_SZ
16:41:39;6150221;cmd.exe;2464;RegEnumValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32;SUCCESS;Index: 6, Type: REG_SZ
16:41:39;6150386;cmd.exe;2464;RegEnumValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32;SUCCESS;Index: 7, Type: REG_SZ
16:41:39;6150553;cmd.exe;2464;RegEnumValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32;SUCCESS;Index: 8, Type: REG_SZ
16:41:39;6150746;cmd.exe;2464;RegEnumValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32;SUCCESS;Index: 9, Type: REG_SZ
16:41:39;6150919;cmd.exe;2464;RegEnumValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32;SUCCESS;Index: 10, Type: REG_SZ
16:41:39;6151087;cmd.exe;2464;RegEnumValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32;SUCCESS;Index: 11, Type: REG_SZ
16:41:39;6151252;cmd.exe;2464;RegEnumValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32;SUCCESS;Index: 12, Type: REG_SZ
16:41:39;6151419;cmd.exe;2464;RegEnumValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32;SUCCESS;Index: 13, Type: REG_SZ
16:41:39;6151584;cmd.exe;2464;RegEnumValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32;SUCCESS;Index: 14, Type: REG_SZ
16:41:39;6151755;cmd.exe;2464;RegEnumValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32;SUCCESS;Index: 15, Type: REG_SZ
16:41:39;6151922;cmd.exe;2464;RegEnumValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32;SUCCESS;Index: 16, Type: REG_SZ
16:41:39;6152098;cmd.exe;2464;RegEnumValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32;SUCCESS;Index: 17, Type: REG_SZ
16:41:39;6152266;cmd.exe;2464;RegEnumValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32;SUCCESS;Index: 18, Type: REG_SZ
16:41:39;6152434;cmd.exe;2464;RegEnumValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32;SUCCESS;Index: 19, Type: REG_SZ
16:41:39;6152607;cmd.exe;2464;RegEnumValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32;SUCCESS;Index: 20, Type: REG_SZ
16:41:39;6152772;cmd.exe;2464;RegEnumValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32;SUCCESS;Index: 21, Type: REG_SZ
16:41:39;6152942;cmd.exe;2464;RegEnumValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32;SUCCESS;Index: 22, Type: REG_SZ
16:41:39;6153118;cmd.exe;2464;RegEnumValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32;SUCCESS;Index: 23, Type: REG_SZ
16:41:39;6153291;cmd.exe;2464;RegEnumValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32;SUCCESS;Index: 24, Type: REG_SZ
16:41:39;6153473;cmd.exe;2464;RegEnumValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32;SUCCESS;Index: 25, Type: REG_SZ
16:41:39;6153646;cmd.exe;2464;RegEnumValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32;SUCCESS;Index: 26, Type: REG_SZ
16:41:39;6153816;cmd.exe;2464;RegEnumValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32;SUCCESS;Index: 27, Type: REG_SZ
16:41:39;6153981;cmd.exe;2464;RegEnumValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32;SUCCESS;Index: 28, Type: REG_SZ
16:41:39;6154154;cmd.exe;2464;RegEnumValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32;SUCCESS;Index: 29, Type: REG_SZ
16:41:39;6154328;cmd.exe;2464;RegEnumValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32;SUCCESS;Index: 30, Type: REG_SZ
16:41:39;6154498;cmd.exe;2464;RegEnumValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32;SUCCESS;Index: 31, Type: REG_SZ
16:41:39;6154671;cmd.exe;2464;RegEnumValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32;SUCCESS;Index: 32, Type: REG_SZ
16:41:39;6154839;cmd.exe;2464;RegEnumValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32;SUCCESS;Index: 33, Type: REG_SZ
16:41:39;6155009;cmd.exe;2464;RegEnumValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32;SUCCESS;Index: 34, Type: REG_SZ
16:41:39;6155174;cmd.exe;2464;RegEnumValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32;SUCCESS;Index: 35, Type: REG_SZ
16:41:39;6155345;cmd.exe;2464;RegEnumValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32;NO MORE ENTRIES;Index: 36, Length: 512
16:41:39;6155610;cmd.exe;2464;RegCloseKey;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32;SUCCESS;
16:41:39;6155822;cmd.exe;2464;RegQueryKey;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32;BUFFER OVERFLOW;Query: Basic, Length: 24
16:41:39;6156026;cmd.exe;2464;RegQueryValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\msacm.imaadpcm;BUFFER OVERFLOW;Length: 16
16:41:39;6156222;cmd.exe;2464;RegQueryValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\msacm.imaadpcm;SUCCESS;Type: REG_SZ, Length: 26, Data: imaadp32.acm
16:41:39;6156498;cmd.exe;2464;RegCloseKey;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32;SUCCESS;
16:41:39;6156646;cmd.exe;2464;RegOpenKey;HKLM\Software\Microsoft\AudioCompressionManager\DriverCache;SUCCESS;Desired Access: Maximum Allowed
16:41:39;6157012;cmd.exe;2464;RegOpenKey;HKLM\SOFTWARE\Microsoft\AudioCompressionManager\DriverCache\msacm.imaadpcm;SUCCESS;Desired Access: Maximum Allowed
16:41:39;6157295;cmd.exe;2464;RegQueryValue;HKLM\SOFTWARE\Microsoft\AudioCompressionManager\DriverCache\msacm.imaadpcm\fdwSupport;SUCCESS;Type: REG_DWORD, Length: 4, Data: 1
16:41:39;6157496;cmd.exe;2464;RegQueryValue;HKLM\SOFTWARE\Microsoft\AudioCompressionManager\DriverCache\msacm.imaadpcm\cFormatTags;SUCCESS;Type: REG_DWORD, Length: 4, Data: 2
16:41:39;6157691;cmd.exe;2464;RegQueryValue;HKLM\SOFTWARE\Microsoft\AudioCompressionManager\DriverCache\msacm.imaadpcm\aFormatTagCache;SUCCESS;Type: REG_BINARY, Length: 16, Data: 01 00 00 00 10 00 00 00 11 00 00 00 14 00 00 00
16:41:39;6157878;cmd.exe;2464;RegQueryValue;HKLM\SOFTWARE\Microsoft\AudioCompressionManager\DriverCache\msacm.imaadpcm\cFilterTags;SUCCESS;Type: REG_DWORD, Length: 4, Data: 0
16:41:39;6158149;cmd.exe;2464;RegCloseKey;HKLM\SOFTWARE\Microsoft\AudioCompressionManager\DriverCache\msacm.imaadpcm;SUCCESS;
16:41:39;6158364;cmd.exe;2464;RegCloseKey;HKLM\SOFTWARE\Microsoft\AudioCompressionManager\DriverCache;SUCCESS;
16:41:39;6158521;cmd.exe;2464;RegQueryKey;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32;BUFFER OVERFLOW;Query: Basic, Length: 24
16:41:39;6158714;cmd.exe;2464;RegQueryValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\msacm.msadpcm;BUFFER OVERFLOW;Length: 16
16:41:39;6158890;cmd.exe;2464;RegQueryValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\msacm.msadpcm;SUCCESS;Type: REG_SZ, Length: 24, Data: msadp32.acm
16:41:39;6159158;cmd.exe;2464;RegCloseKey;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32;SUCCESS;
16:41:39;6159356;cmd.exe;2464;RegOpenKey;HKLM\Software\Microsoft\AudioCompressionManager\DriverCache;SUCCESS;Desired Access: Maximum Allowed
16:41:39;6159652;cmd.exe;2464;RegOpenKey;HKLM\SOFTWARE\Microsoft\AudioCompressionManager\DriverCache\msacm.msadpcm;SUCCESS;Desired Access: Maximum Allowed
16:41:39;6159918;cmd.exe;2464;RegQueryValue;HKLM\SOFTWARE\Microsoft\AudioCompressionManager\DriverCache\msacm.msadpcm\fdwSupport;SUCCESS;Type: REG_DWORD, Length: 4, Data: 1
16:41:39;6160105;cmd.exe;2464;RegQueryValue;HKLM\SOFTWARE\Microsoft\AudioCompressionManager\DriverCache\msacm.msadpcm\cFormatTags;SUCCESS;Type: REG_DWORD, Length: 4, Data: 2
16:41:39;6160287;cmd.exe;2464;RegQueryValue;HKLM\SOFTWARE\Microsoft\AudioCompressionManager\DriverCache\msacm.msadpcm\aFormatTagCache;SUCCESS;Type: REG_BINARY, Length: 16, Data: 01 00 00 00 10 00 00 00 02 00 00 00 32 00 00 00
16:41:39;6160488;cmd.exe;2464;RegQueryValue;HKLM\SOFTWARE\Microsoft\AudioCompressionManager\DriverCache\msacm.msadpcm\cFilterTags;SUCCESS;Type: REG_DWORD, Length: 4, Data: 0
16:41:39;6160750;cmd.exe;2464;RegCloseKey;HKLM\SOFTWARE\Microsoft\AudioCompressionManager\DriverCache\msacm.msadpcm;SUCCESS;
16:41:39;6160957;cmd.exe;2464;RegCloseKey;HKLM\SOFTWARE\Microsoft\AudioCompressionManager\DriverCache;SUCCESS;
16:41:39;6161105;cmd.exe;2464;RegQueryKey;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32;BUFFER OVERFLOW;Query: Basic, Length: 24
16:41:39;6161298;cmd.exe;2464;RegQueryValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\msacm.msg711;BUFFER OVERFLOW;Length: 16
16:41:39;6161477;cmd.exe;2464;RegQueryValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\msacm.msg711;SUCCESS;Type: REG_SZ, Length: 22, Data: msg711.acm
16:41:39;6161742;cmd.exe;2464;RegCloseKey;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32;SUCCESS;
16:41:39;6161873;cmd.exe;2464;RegOpenKey;HKLM\Software\Microsoft\AudioCompressionManager\DriverCache;SUCCESS;Desired Access: Maximum Allowed
16:41:39;6162155;cmd.exe;2464;RegOpenKey;HKLM\SOFTWARE\Microsoft\AudioCompressionManager\DriverCache\msacm.msg711;SUCCESS;Desired Access: Maximum Allowed
16:41:39;6162418;cmd.exe;2464;RegQueryValue;HKLM\SOFTWARE\Microsoft\AudioCompressionManager\DriverCache\msacm.msg711\fdwSupport;SUCCESS;Type: REG_DWORD, Length: 4, Data: 1
16:41:39;6162602;cmd.exe;2464;RegQueryValue;HKLM\SOFTWARE\Microsoft\AudioCompressionManager\DriverCache\msacm.msg711\cFormatTags;SUCCESS;Type: REG_DWORD, Length: 4, Data: 3
16:41:39;6162784;cmd.exe;2464;RegQueryValue;HKLM\SOFTWARE\Microsoft\AudioCompressionManager\DriverCache\msacm.msg711\aFormatTagCache;SUCCESS;Type: REG_BINARY, Length: 24, Data: 01 00 00 00 10 00 00 00 06 00 00 00 12 00 00 00
16:41:39;6162966;cmd.exe;2464;RegQueryValue;HKLM\SOFTWARE\Microsoft\AudioCompressionManager\DriverCache\msacm.msg711\cFilterTags;SUCCESS;Type: REG_DWORD, Length: 4, Data: 0
16:41:39;6163239;cmd.exe;2464;RegCloseKey;HKLM\SOFTWARE\Microsoft\AudioCompressionManager\DriverCache\msacm.msg711;SUCCESS;
16:41:39;6163443;cmd.exe;2464;RegCloseKey;HKLM\SOFTWARE\Microsoft\AudioCompressionManager\DriverCache;SUCCESS;
16:41:39;6163586;cmd.exe;2464;RegQueryKey;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32;BUFFER OVERFLOW;Query: Basic, Length: 24
16:41:39;6163776;cmd.exe;2464;RegQueryValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\msacm.msgsm610;BUFFER OVERFLOW;Length: 16
16:41:39;6163957;cmd.exe;2464;RegQueryValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\msacm.msgsm610;SUCCESS;Type: REG_SZ, Length: 24, Data: msgsm32.acm
16:41:39;6164226;cmd.exe;2464;RegCloseKey;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32;SUCCESS;
16:41:39;6164354;cmd.exe;2464;RegOpenKey;HKLM\Software\Microsoft\AudioCompressionManager\DriverCache;SUCCESS;Desired Access: Maximum Allowed
16:41:39;6164636;cmd.exe;2464;RegOpenKey;HKLM\SOFTWARE\Microsoft\AudioCompressionManager\DriverCache\msacm.msgsm610;SUCCESS;Desired Access: Maximum Allowed
16:41:39;6164904;cmd.exe;2464;RegQueryValue;HKLM\SOFTWARE\Microsoft\AudioCompressionManager\DriverCache\msacm.msgsm610\fdwSupport;SUCCESS;Type: REG_DWORD, Length: 4, Data: 1
16:41:39;6165092;cmd.exe;2464;RegQueryValue;HKLM\SOFTWARE\Microsoft\AudioCompressionManager\DriverCache\msacm.msgsm610\cFormatTags;SUCCESS;Type: REG_DWORD, Length: 4, Data: 2
16:41:39;6165270;cmd.exe;2464;RegQueryValue;HKLM\SOFTWARE\Microsoft\AudioCompressionManager\DriverCache\msacm.msgsm610\aFormatTagCache;SUCCESS;Type: REG_BINARY, Length: 16, Data: 01 00 00 00 10 00 00 00 31 00 00 00 14 00 00 00
16:41:39;6165452;cmd.exe;2464;RegQueryValue;HKLM\SOFTWARE\Microsoft\AudioCompressionManager\DriverCache\msacm.msgsm610\cFilterTags;SUCCESS;Type: REG_DWORD, Length: 4, Data: 0
16:41:39;6165726;cmd.exe;2464;RegCloseKey;HKLM\SOFTWARE\Microsoft\AudioCompressionManager\DriverCache\msacm.msgsm610;SUCCESS;
16:41:39;6165927;cmd.exe;2464;RegCloseKey;HKLM\SOFTWARE\Microsoft\AudioCompressionManager\DriverCache;SUCCESS;
16:41:39;6166072;cmd.exe;2464;RegQueryKey;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32;BUFFER OVERFLOW;Query: Basic, Length: 24
16:41:39;6166262;cmd.exe;2464;RegQueryValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\msacm.trspch;BUFFER OVERFLOW;Length: 16
16:41:39;6166447;cmd.exe;2464;RegQueryValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\msacm.trspch;SUCCESS;Type: REG_SZ, Length: 26, Data: tssoft32.acm
16:41:39;6166712;cmd.exe;2464;RegCloseKey;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32;SUCCESS;
16:41:39;6166835;cmd.exe;2464;RegOpenKey;HKLM\Software\Microsoft\AudioCompressionManager\DriverCache;SUCCESS;Desired Access: Maximum Allowed
16:41:39;6167131;cmd.exe;2464;RegOpenKey;HKLM\SOFTWARE\Microsoft\AudioCompressionManager\DriverCache\msacm.trspch;SUCCESS;Desired Access: Maximum Allowed
16:41:39;6167391;cmd.exe;2464;RegQueryValue;HKLM\SOFTWARE\Microsoft\AudioCompressionManager\DriverCache\msacm.trspch\fdwSupport;SUCCESS;Type: REG_DWORD, Length: 4, Data: 1
16:41:39;6167578;cmd.exe;2464;RegQueryValue;HKLM\SOFTWARE\Microsoft\AudioCompressionManager\DriverCache\msacm.trspch\cFormatTags;SUCCESS;Type: REG_DWORD, Length: 4, Data: 2
16:41:39;6167762;cmd.exe;2464;RegQueryValue;HKLM\SOFTWARE\Microsoft\AudioCompressionManager\DriverCache\msacm.trspch\aFormatTagCache;SUCCESS;Type: REG_BINARY, Length: 16, Data: 01 00 00 00 10 00 00 00 22 00 00 00 32 00 00 00
16:41:39;6167944;cmd.exe;2464;RegQueryValue;HKLM\SOFTWARE\Microsoft\AudioCompressionManager\DriverCache\msacm.trspch\cFilterTags;SUCCESS;Type: REG_DWORD, Length: 4, Data: 0
16:41:39;6168215;cmd.exe;2464;RegCloseKey;HKLM\SOFTWARE\Microsoft\AudioCompressionManager\DriverCache\msacm.trspch;SUCCESS;
16:41:39;6168419;cmd.exe;2464;RegCloseKey;HKLM\SOFTWARE\Microsoft\AudioCompressionManager\DriverCache;SUCCESS;
16:41:39;6168575;cmd.exe;2464;RegQueryKey;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32;BUFFER OVERFLOW;Query: Basic, Length: 24
16:41:39;6168762;cmd.exe;2464;RegQueryValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\msacm.msg723;BUFFER OVERFLOW;Length: 16
16:41:39;6168966;cmd.exe;2464;RegQueryValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\msacm.msg723;SUCCESS;Type: REG_SZ, Length: 22, Data: msg723.acm
16:41:39;6169246;cmd.exe;2464;RegCloseKey;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32;SUCCESS;
16:41:39;6169374;cmd.exe;2464;RegOpenKey;HKLM\Software\Microsoft\AudioCompressionManager\DriverCache;SUCCESS;Desired Access: Maximum Allowed
16:41:39;6169656;cmd.exe;2464;RegOpenKey;HKLM\SOFTWARE\Microsoft\AudioCompressionManager\DriverCache\msacm.msg723;SUCCESS;Desired Access: Maximum Allowed
16:41:39;6169916;cmd.exe;2464;RegQueryValue;HKLM\SOFTWARE\Microsoft\AudioCompressionManager\DriverCache\msacm.msg723\fdwSupport;SUCCESS;Type: REG_DWORD, Length: 4, Data: 1
16:41:39;6170101;cmd.exe;2464;RegQueryValue;HKLM\SOFTWARE\Microsoft\AudioCompressionManager\DriverCache\msacm.msg723\cFormatTags;SUCCESS;Type: REG_DWORD, Length: 4, Data: 2
16:41:39;6170313;cmd.exe;2464;RegQueryValue;HKLM\SOFTWARE\Microsoft\AudioCompressionManager\DriverCache\msacm.msg723\aFormatTagCache;SUCCESS;Type: REG_BINARY, Length: 16, Data: 01 00 00 00 10 00 00 00 42 00 00 00 1C 00 00 00
16:41:39;6170500;cmd.exe;2464;RegQueryValue;HKLM\SOFTWARE\Microsoft\AudioCompressionManager\DriverCache\msacm.msg723\cFilterTags;SUCCESS;Type: REG_DWORD, Length: 4, Data: 0
16:41:39;6170765;cmd.exe;2464;RegCloseKey;HKLM\SOFTWARE\Microsoft\AudioCompressionManager\DriverCache\msacm.msg723;SUCCESS;
16:41:39;6170969;cmd.exe;2464;RegCloseKey;HKLM\SOFTWARE\Microsoft\AudioCompressionManager\DriverCache;SUCCESS;
16:41:39;6171117;cmd.exe;2464;RegQueryKey;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32;BUFFER OVERFLOW;Query: Basic, Length: 24
16:41:39;6171307;cmd.exe;2464;RegQueryValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\msacm.msaudio1;BUFFER OVERFLOW;Length: 16
16:41:39;6171509;cmd.exe;2464;RegQueryValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\msacm.msaudio1;SUCCESS;Type: REG_SZ, Length: 24, Data: msaud32.acm
16:41:39;6171794;cmd.exe;2464;RegCloseKey;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32;SUCCESS;
16:41:39;6171922;cmd.exe;2464;RegOpenKey;HKLM\Software\Microsoft\AudioCompressionManager\DriverCache;SUCCESS;Desired Access: Maximum Allowed
16:41:39;6172199;cmd.exe;2464;RegOpenKey;HKLM\SOFTWARE\Microsoft\AudioCompressionManager\DriverCache\msacm.msaudio1;SUCCESS;Desired Access: Maximum Allowed
16:41:39;6172461;cmd.exe;2464;RegQueryValue;HKLM\SOFTWARE\Microsoft\AudioCompressionManager\DriverCache\msacm.msaudio1\fdwSupport;SUCCESS;Type: REG_DWORD, Length: 4, Data: 1
16:41:39;6172646;cmd.exe;2464;RegQueryValue;HKLM\SOFTWARE\Microsoft\AudioCompressionManager\DriverCache\msacm.msaudio1\cFormatTags;SUCCESS;Type: REG_DWORD, Length: 4, Data: 3
16:41:39;6172830;cmd.exe;2464;RegQueryValue;HKLM\SOFTWARE\Microsoft\AudioCompressionManager\DriverCache\msacm.msaudio1\aFormatTagCache;SUCCESS;Type: REG_BINARY, Length: 24, Data: 01 00 00 00 12 00 00 00 60 01 00 00 16 00 00 00
16:41:39;6173014;cmd.exe;2464;RegQueryValue;HKLM\SOFTWARE\Microsoft\AudioCompressionManager\DriverCache\msacm.msaudio1\cFilterTags;SUCCESS;Type: REG_DWORD, Length: 4, Data: 0
16:41:39;6173285;cmd.exe;2464;RegCloseKey;HKLM\SOFTWARE\Microsoft\AudioCompressionManager\DriverCache\msacm.msaudio1;SUCCESS;
16:41:39;6173489;cmd.exe;2464;RegCloseKey;HKLM\SOFTWARE\Microsoft\AudioCompressionManager\DriverCache;SUCCESS;
16:41:39;6173635;cmd.exe;2464;RegQueryKey;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32;BUFFER OVERFLOW;Query: Basic, Length: 24
16:41:39;6173819;cmd.exe;2464;RegQueryValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\msacm.sl_anet;BUFFER OVERFLOW;Length: 16
16:41:39;6174017;cmd.exe;2464;RegQueryValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\msacm.sl_anet;SUCCESS;Type: REG_SZ, Length: 24, Data: sl_anet.acm
16:41:39;6174305;cmd.exe;2464;RegCloseKey;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32;SUCCESS;
16:41:39;6174436;cmd.exe;2464;RegOpenKey;HKLM\Software\Microsoft\AudioCompressionManager\DriverCache;SUCCESS;Desired Access: Maximum Allowed
16:41:39;6174721;cmd.exe;2464;RegOpenKey;HKLM\SOFTWARE\Microsoft\AudioCompressionManager\DriverCache\msacm.sl_anet;SUCCESS;Desired Access: Maximum Allowed
16:41:39;6174987;cmd.exe;2464;RegQueryValue;HKLM\SOFTWARE\Microsoft\AudioCompressionManager\DriverCache\msacm.sl_anet\fdwSupport;SUCCESS;Type: REG_DWORD, Length: 4, Data: 1
16:41:39;6175177;cmd.exe;2464;RegQueryValue;HKLM\SOFTWARE\Microsoft\AudioCompressionManager\DriverCache\msacm.sl_anet\cFormatTags;SUCCESS;Type: REG_DWORD, Length: 4, Data: 2
16:41:39;6175369;cmd.exe;2464;RegQueryValue;HKLM\SOFTWARE\Microsoft\AudioCompressionManager\DriverCache\msacm.sl_anet\aFormatTagCache;SUCCESS;Type: REG_BINARY, Length: 16, Data: 01 00 00 00 10 00 00 00 30 01 00 00 16 00 00 00
16:41:39;6175554;cmd.exe;2464;RegQueryValue;HKLM\SOFTWARE\Microsoft\AudioCompressionManager\DriverCache\msacm.sl_anet\cFilterTags;SUCCESS;Type: REG_DWORD, Length: 4, Data: 0
16:41:39;6175825;cmd.exe;2464;RegCloseKey;HKLM\SOFTWARE\Microsoft\AudioCompressionManager\DriverCache\msacm.sl_anet;SUCCESS;
16:41:39;6176029;cmd.exe;2464;RegCloseKey;HKLM\SOFTWARE\Microsoft\AudioCompressionManager\DriverCache;SUCCESS;
16:41:39;6176182;cmd.exe;2464;RegQueryKey;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32;BUFFER OVERFLOW;Query: Basic, Length: 24
16:41:39;6176372;cmd.exe;2464;RegQueryValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\msacm.iac2;BUFFER OVERFLOW;Length: 16
16:41:39;6176576;cmd.exe;2464;RegQueryValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\msacm.iac2;SUCCESS;Type: REG_SZ, Length: 64, Data: C:\WINDOWS\system32\iac25_32.ax
16:41:39;6176861;cmd.exe;2464;RegCloseKey;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32;SUCCESS;
16:41:39;6177048;cmd.exe;2464;RegOpenKey;HKLM\Software\Microsoft\AudioCompressionManager\DriverCache;SUCCESS;Desired Access: Maximum Allowed
16:41:39;6177345;cmd.exe;2464;RegOpenKey;HKLM\SOFTWARE\Microsoft\AudioCompressionManager\DriverCache\msacm.iac2;SUCCESS;Desired Access: Maximum Allowed
16:41:39;6177607;cmd.exe;2464;RegQueryValue;HKLM\SOFTWARE\Microsoft\AudioCompressionManager\DriverCache\msacm.iac2\fdwSupport;SUCCESS;Type: REG_DWORD, Length: 4, Data: 1
16:41:39;6177792;cmd.exe;2464;RegQueryValue;HKLM\SOFTWARE\Microsoft\AudioCompressionManager\DriverCache\msacm.iac2\cFormatTags;SUCCESS;Type: REG_DWORD, Length: 4, Data: 2
16:41:39;6177979;cmd.exe;2464;RegQueryValue;HKLM\SOFTWARE\Microsoft\AudioCompressionManager\DriverCache\msacm.iac2\aFormatTagCache;SUCCESS;Type: REG_BINARY, Length: 16, Data: 01 00 00 00 10 00 00 00 02 04 00 00 14 00 00 00
16:41:39;6178163;cmd.exe;2464;RegQueryValue;HKLM\SOFTWARE\Microsoft\AudioCompressionManager\DriverCache\msacm.iac2\cFilterTags;SUCCESS;Type: REG_DWORD, Length: 4, Data: 0
16:41:39;6178431;cmd.exe;2464;RegCloseKey;HKLM\SOFTWARE\Microsoft\AudioCompressionManager\DriverCache\msacm.iac2;SUCCESS;
16:41:39;6178635;cmd.exe;2464;RegCloseKey;HKLM\SOFTWARE\Microsoft\AudioCompressionManager\DriverCache;SUCCESS;
16:41:39;6178789;cmd.exe;2464;RegQueryKey;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32;BUFFER OVERFLOW;Query: Basic, Length: 24
16:41:39;6178979;cmd.exe;2464;RegQueryValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\msacm.l3acm;BUFFER OVERFLOW;Length: 16
16:41:39;6179186;cmd.exe;2464;RegQueryValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\msacm.l3acm;SUCCESS;Type: REG_SZ, Length: 66, Data: C:\WINDOWS\system32\l3codeca.acm
16:41:39;6179473;cmd.exe;2464;RegCloseKey;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32;SUCCESS;
16:41:39;6179607;cmd.exe;2464;RegOpenKey;HKLM\Software\Microsoft\AudioCompressionManager\DriverCache;SUCCESS;Desired Access: Maximum Allowed
16:41:39;6179895;cmd.exe;2464;RegOpenKey;HKLM\SOFTWARE\Microsoft\AudioCompressionManager\DriverCache\msacm.l3acm;SUCCESS;Desired Access: Maximum Allowed
16:41:39;6180770;cmd.exe;2464;RegQueryValue;HKLM\SOFTWARE\Microsoft\AudioCompressionManager\DriverCache\msacm.l3acm\fdwSupport;SUCCESS;Type: REG_DWORD, Length: 4, Data: 1
16:41:39;6180973;cmd.exe;2464;RegQueryValue;HKLM\SOFTWARE\Microsoft\AudioCompressionManager\DriverCache\msacm.l3acm\cFormatTags;SUCCESS;Type: REG_DWORD, Length: 4, Data: 2
16:41:39;6181163;cmd.exe;2464;RegQueryValue;HKLM\SOFTWARE\Microsoft\AudioCompressionManager\DriverCache\msacm.l3acm\aFormatTagCache;SUCCESS;Type: REG_BINARY, Length: 16, Data: 01 00 00 00 10 00 00 00 55 00 00 00 1E 00 00 00
16:41:39;6181351;cmd.exe;2464;RegQueryValue;HKLM\SOFTWARE\Microsoft\AudioCompressionManager\DriverCache\msacm.l3acm\cFilterTags;SUCCESS;Type: REG_DWORD, Length: 4, Data: 0
16:41:39;6181627;cmd.exe;2464;RegCloseKey;HKLM\SOFTWARE\Microsoft\AudioCompressionManager\DriverCache\msacm.l3acm;SUCCESS;
16:41:39;6181831;cmd.exe;2464;RegCloseKey;HKLM\SOFTWARE\Microsoft\AudioCompressionManager\DriverCache;SUCCESS;
16:41:39;6182108;cmd.exe;2464;RegOpenKey;HKCU;SUCCESS;Desired Access: Maximum Allowed
16:41:39;6182429;cmd.exe;2464;RegCreateKey;HKCU\Software\Microsoft\Multimedia\Audio Compression Manager;SUCCESS;Desired Access: Write
16:41:39;6182778;cmd.exe;2464;RegCloseKey;HKCU;SUCCESS;
16:41:39;6182932;cmd.exe;2464;RegCreateKey;HKCU\Software\Microsoft\Multimedia\Audio Compression Manager\MSACM;SUCCESS;Desired Access: Read/Write
16:41:39;6183259;cmd.exe;2464;RegCloseKey;HKCU\Software\Microsoft\Multimedia\Audio Compression Manager;SUCCESS;
16:41:39;6183415;cmd.exe;2464;RegQueryValue;HKCU\Software\Microsoft\Multimedia\Audio Compression Manager\MSACM\NoPCMConverter;NAME NOT FOUND;Length: 144
16:41:39;6183706;cmd.exe;2464;RegCloseKey;HKCU\Software\Microsoft\Multimedia\Audio Compression Manager\MSACM;SUCCESS;
16:41:39;6184276;cmd.exe;2464;RegOpenKey;HKCU;SUCCESS;Desired Access: Maximum Allowed
16:41:39;6184583;cmd.exe;2464;RegOpenKey;HKCU\Software\Policies\Microsoft\Control Panel\Desktop;NAME NOT FOUND;Desired Access: Read
16:41:39;6184776;cmd.exe;2464;RegOpenKey;HKCU\Control Panel\Desktop;SUCCESS;Desired Access: Read
16:41:39;6185049;cmd.exe;2464;RegQueryValue;HKCU\Control Panel\Desktop\MultiUILanguageId;NAME NOT FOUND;Length: 256
16:41:39;6185376;cmd.exe;2464;RegCloseKey;HKCU\Control Panel\Desktop;SUCCESS;
16:41:39;6185561;cmd.exe;2464;RegCloseKey;HKCU;SUCCESS;
16:41:39;6186047;cmd.exe;2464;RegOpenKey;HKCU;SUCCESS;Desired Access: Maximum Allowed
16:41:39;6186329;cmd.exe;2464;RegCreateKey;HKCU\Software\Microsoft\Multimedia\Audio Compression Manager;SUCCESS;Desired Access: Write
16:41:39;6186667;cmd.exe;2464;RegCloseKey;HKCU;SUCCESS;
16:41:39;6186812;cmd.exe;2464;RegCreateKey;HKCU\Software\Microsoft\Multimedia\Audio Compression Manager\Priority v4.00;SUCCESS;Desired Access: Read/Write
16:41:39;6187145;cmd.exe;2464;RegCloseKey;HKCU\Software\Microsoft\Multimedia\Audio Compression Manager;SUCCESS;
16:41:39;6187329;cmd.exe;2464;RegQueryValue;HKCU\Software\Microsoft\Multimedia\Audio Compression Manager\Priority v4.00\Priority1;NAME NOT FOUND;Length: 144
16:41:39;6187628;cmd.exe;2464;RegCloseKey;HKCU\Software\Microsoft\Multimedia\Audio Compression Manager\Priority v4.00;SUCCESS;
16:41:39;6187762;cmd.exe;2464;RegOpenKey;HKLM\System\CurrentControlSet\Control\MediaResources\acm;NAME NOT FOUND;Desired Access: Query Value, Enumerate Sub Keys
16:41:39;6188310;cmd.exe;2464;RegOpenKey;HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Performance;NAME NOT FOUND;Desired Access: Maximum Allowed
16:41:39;6189813;cmd.exe;2464;RegOpenKey;HKLM\SYSTEM\Setup;SUCCESS;Desired Access: Query Value
16:41:39;6190117;cmd.exe;2464;RegQueryValue;HKLM\SYSTEM\Setup\SystemSetupInProgress;SUCCESS;Type: REG_DWORD, Length: 4, Data: 0
16:41:39;6190380;cmd.exe;2464;RegCloseKey;HKLM\SYSTEM\Setup;SUCCESS;
16:41:39;6190768;cmd.exe;2464;RegOpenKey;HKCU;SUCCESS;Desired Access: Maximum Allowed
16:41:39;6191059;cmd.exe;2464;RegOpenKey;HKCU\Software\Policies\Microsoft\Control Panel\Desktop;NAME NOT FOUND;Desired Access: Read
16:41:39;6191235;cmd.exe;2464;RegOpenKey;HKCU\Control Panel\Desktop;SUCCESS;Desired Access: Read
16:41:39;6191486;cmd.exe;2464;RegQueryValue;HKCU\Control Panel\Desktop\MultiUILanguageId;NAME NOT FOUND;Length: 256
16:41:39;6191735;cmd.exe;2464;RegCloseKey;HKCU\Control Panel\Desktop;SUCCESS;
16:41:39;6191897;cmd.exe;2464;RegCloseKey;HKCU;SUCCESS;
16:41:39;6196031;cmd.exe;2464;CreateFile;C:\WINDOWS\system32\shell32.dll;SUCCESS;Desired Access: Generic Read/Execute, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, AllocationSize: n/a, OpenResult: Opened
16:41:39;6199861;cmd.exe;2464;QueryStandardInformationFile;C:\WINDOWS\system32\shell32.dll;SUCCESS;AllocationSize: 8.462.336, EndOfFile: 8.461.312, NumberOfLinks: 1, DeletePending: False, Directory: False
16:41:39;6202256;cmd.exe;2464;CreateFile;C:\WINDOWS\system32\SHELL32.dll.124.Manifest;NAME NOT FOUND;Desired Access: Generic Read/Execute, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, AllocationSize: n/a
16:41:39;6205739;cmd.exe;2464;CreateFile;C:\WINDOWS\system32\SHELL32.dll.124.Config;NAME NOT FOUND;Desired Access: Generic Read/Execute, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, AllocationSize: n/a
16:41:39;6433195;cmd.exe;2464;CloseFile;C:\WINDOWS\system32\shell32.dll;SUCCESS;
16:41:39;6434349;cmd.exe;2464;RegOpenKey;HKLM\Software\Microsoft\Windows\CurrentVersion\SideBySide\AssemblyStorageRoots;NAME NOT FOUND;Desired Access: Enumerate Sub Keys
16:41:39;6436671;cmd.exe;2464;QueryOpen;C:\WINDOWS\system32\cmd.exe.Local;NAME NOT FOUND;
16:41:39;6438914;cmd.exe;2464;QueryOpen;C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83;SUCCESS;CreationTime: 07-09-2008 18:05:23, LastAccessTime: 22-02-2010 16:41:39, LastWriteTime: 07-09-2008 18:05:23, ChangeTime: 07-09-2008 18:05:23, AllocationSize: 0, EndOfFile: 0, FileAttributes: D
16:41:39;6441149;cmd.exe;2464;CreateFile;C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83;SUCCESS;Desired Access: Execute/Traverse, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened
16:41:39;6448108;cmd.exe;2464;CreateFile;C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll;SUCCESS;Desired Access: Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened
16:41:39;6451810;cmd.exe;2464;QueryStandardInformationFile;C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll;SUCCESS;AllocationSize: 1.056.768, EndOfFile: 1.054.208, NumberOfLinks: 1, DeletePending: False, Directory: False
16:41:39;6467583;cmd.exe;2464;CloseFile;C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll;SUCCESS;
16:41:39;6470862;cmd.exe;2464;CreateFile;C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll;SUCCESS;Desired Access: Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened
16:41:39;6497075;cmd.exe;2464;CloseFile;C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll;SUCCESS;
16:41:39;6506574;cmd.exe;2464;Load Image;C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll;SUCCESS;Image Base: 0x773d0000, Image Size: 0x103000
16:41:39;6511613;cmd.exe;2464;RegOpenKey;HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\comctl32.dll;NAME NOT FOUND;Desired Access: Read
16:41:39;6513108;cmd.exe;2464;RegOpenKey;HKCU;SUCCESS;Desired Access: Maximum Allowed
16:41:39;6513580;cmd.exe;2464;RegOpenKey;HKCU\Software\Policies\Microsoft\Control Panel\Desktop;NAME NOT FOUND;Desired Access: Read
16:41:39;6513795;cmd.exe;2464;RegOpenKey;HKCU\Control Panel\Desktop;SUCCESS;Desired Access: Read
16:41:39;6514116;cmd.exe;2464;RegQueryValue;HKCU\Control Panel\Desktop\MultiUILanguageId;NAME NOT FOUND;Length: 256
16:41:39;6514480;cmd.exe;2464;RegCloseKey;HKCU\Control Panel\Desktop;SUCCESS;
16:41:39;6514695;cmd.exe;2464;RegCloseKey;HKCU;SUCCESS;
16:41:39;6516695;cmd.exe;2464;QueryOpen;C:\WINDOWS\WindowsShell.Manifest;SUCCESS;CreationTime: 29-01-2008 14:33:25, LastAccessTime: 22-02-2010 16:41:37, LastWriteTime: 29-01-2008 14:33:25, ChangeTime: 29-01-2008 14:33:25, AllocationSize: 4.096, EndOfFile: 749, FileAttributes: RHA
16:41:39;6538273;cmd.exe;2464;CreateFile;C:\WINDOWS\WindowsShell.Manifest;SUCCESS;Desired Access: Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened
16:41:39;6542095;cmd.exe;2464;QueryStandardInformationFile;C:\WINDOWS\WindowsShell.Manifest;SUCCESS;AllocationSize: 4.096, EndOfFile: 749, NumberOfLinks: 1, DeletePending: False, Directory: False
16:41:39;6543436;cmd.exe;2464;CloseFile;C:\WINDOWS\WindowsShell.Manifest;SUCCESS;
16:41:39;6545958;cmd.exe;2464;QueryOpen;C:\WINDOWS\WindowsShell.Manifest;SUCCESS;CreationTime: 29-01-2008 14:33:25, LastAccessTime: 22-02-2010 16:41:39, LastWriteTime: 29-01-2008 14:33:25, ChangeTime: 29-01-2008 14:33:25, AllocationSize: 4.096, EndOfFile: 749, FileAttributes: RHA
16:41:39;6547671;cmd.exe;2464;CreateFile;C:\WINDOWS\WindowsShell.Manifest;SUCCESS;Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened
16:41:39;6550023;cmd.exe;2464;QueryStandardInformationFile;C:\WINDOWS\WindowsShell.Manifest;SUCCESS;AllocationSize: 4.096, EndOfFile: 749, NumberOfLinks: 1, DeletePending: False, Directory: False
16:41:39;6551311;cmd.exe;2464;CloseFile;C:\WINDOWS\WindowsShell.Manifest;SUCCESS;
16:41:39;6557924;cmd.exe;2464;CreateFile;C:\WINDOWS\WindowsShell.Manifest;SUCCESS;Desired Access: Generic Read/Execute, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, AllocationSize: n/a, OpenResult: Opened
16:41:39;6572308;cmd.exe;2464;QueryStandardInformationFile;C:\WINDOWS\WindowsShell.Manifest;SUCCESS;AllocationSize: 4.096, EndOfFile: 749, NumberOfLinks: 1, DeletePending: False, Directory: False
16:41:39;6573694;cmd.exe;2464;QueryStandardInformationFile;C:\WINDOWS\WindowsShell.Manifest;SUCCESS;AllocationSize: 4.096, EndOfFile: 749, NumberOfLinks: 1, DeletePending: False, Directory: False
16:41:39;6591484;cmd.exe;2464;CreateFile;C:\WINDOWS\WindowsShell.Config;NAME NOT FOUND;Desired Access: Generic Read/Execute, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, AllocationSize: n/a
16:41:39;6763601;cmd.exe;2464;CloseFile;C:\WINDOWS\WindowsShell.Manifest;SUCCESS;
16:41:39;6765218;cmd.exe;2464;RegOpenKey;HKCU;SUCCESS;Desired Access: Read
16:41:39;6765872;cmd.exe;2464;RegOpenKey;HKCU\Control Panel\Desktop;SUCCESS;Desired Access: Read
16:41:39;6766193;cmd.exe;2464;RegQueryValue;HKCU\Control Panel\Desktop\SmoothScroll;NAME NOT FOUND;Length: 144
16:41:39;6766665;cmd.exe;2464;RegCloseKey;HKCU\Control Panel\Desktop;SUCCESS;
16:41:39;6767079;cmd.exe;2464;RegOpenKey;HKCU\software\Microsoft\Windows\CurrentVersion\Explorer\Advanced;SUCCESS;Desired Access: Read
16:41:39;6767447;cmd.exe;2464;RegQueryValue;HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\EnableBalloonTips;NAME NOT FOUND;Length: 144
16:41:39;6767883;cmd.exe;2464;RegCloseKey;HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced;SUCCESS;
16:41:39;6768336;cmd.exe;2464;RegCloseKey;HKCU;SUCCESS;
16:41:39;6768677;cmd.exe;2464;RegOpenKey;HKLM\Software\Microsoft\Windows NT\CurrentVersion\LanguagePack;SUCCESS;Desired Access: Query Value
16:41:39;6769079;cmd.exe;2464;RegEnumValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack;NO MORE ENTRIES;Index: 0, Length: 220
16:41:39;6769361;cmd.exe;2464;RegCloseKey;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack;SUCCESS;
16:41:39;6775926;cmd.exe;2464;Load Image;C:\WINDOWS\system32\comctl32.dll;SUCCESS;Image Base: 0x5d090000, Image Size: 0x9a000
16:41:39;6778010;cmd.exe;2464;RegOpenKey;HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\comctl32.dll;NAME NOT FOUND;Desired Access: Read
16:41:39;6780078;cmd.exe;2464;RegOpenKey;HKCU;SUCCESS;Desired Access: Maximum Allowed
16:41:39;6780483;cmd.exe;2464;RegOpenKey;HKCU\Software\Policies\Microsoft\Control Panel\Desktop;NAME NOT FOUND;Desired Access: Read
16:41:39;6780701;cmd.exe;2464;RegOpenKey;HKCU\Control Panel\Desktop;SUCCESS;Desired Access: Read
16:41:39;6781002;cmd.exe;2464;RegQueryValue;HKCU\Control Panel\Desktop\MultiUILanguageId;NAME NOT FOUND;Length: 256
16:41:39;6781379;cmd.exe;2464;RegCloseKey;HKCU\Control Panel\Desktop;SUCCESS;
16:41:39;6781569;cmd.exe;2464;RegCloseKey;HKCU;SUCCESS;
16:41:39;6785263;cmd.exe;2464;CreateFile;C:\WINDOWS\system32\comctl32.dll;SUCCESS;Desired Access: Generic Read/Execute, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, AllocationSize: n/a, OpenResult: Opened
16:41:39;6790316;cmd.exe;2464;QueryStandardInformationFile;C:\WINDOWS\system32\comctl32.dll;SUCCESS;AllocationSize: 618.496, EndOfFile: 617.472, NumberOfLinks: 1, DeletePending: False, Directory: False
16:41:39;6793501;cmd.exe;2464;CreateFile;C:\WINDOWS\system32\comctl32.dll.124.Manifest;NAME NOT FOUND;Desired Access: Generic Read/Execute, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, AllocationSize: n/a
16:41:39;6796767;cmd.exe;2464;CreateFile;C:\WINDOWS\system32\comctl32.dll.124.Config;NAME NOT FOUND;Desired Access: Generic Read/Execute, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, AllocationSize: n/a
16:41:39;6812814;cmd.exe;2464;CloseFile;C:\WINDOWS\system32\comctl32.dll;SUCCESS;
16:41:39;6814585;cmd.exe;2464;RegOpenKey;HKCU;SUCCESS;Desired Access: Read
16:41:39;6815384;cmd.exe;2464;RegOpenKey;HKCU\Control Panel\Desktop;SUCCESS;Desired Access: Read
16:41:39;6816538;cmd.exe;2464;RegQueryValue;HKCU\Control Panel\Desktop\SmoothScroll;NAME NOT FOUND;Length: 144
16:41:39;6817057;cmd.exe;2464;RegCloseKey;HKCU\Control Panel\Desktop;SUCCESS;
16:41:39;6817420;cmd.exe;2464;RegCloseKey;HKCU;SUCCESS;
16:41:39;6824315;cmd.exe;2464;RegOpenKey;HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon;SUCCESS;Desired Access: Maximum Allowed
16:41:39;6824863;cmd.exe;2464;RegQueryValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserEnvDebugLevel;NAME NOT FOUND;Length: 144
16:41:39;6825284;cmd.exe;2464;RegCloseKey;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon;SUCCESS;
16:41:39;6825452;cmd.exe;2464;RegOpenKey;HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon;SUCCESS;Desired Access: Maximum Allowed
16:41:39;6825754;cmd.exe;2464;RegQueryValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\ChkAccDebugLevel;NAME NOT FOUND;Length: 144
16:41:39;6826086;cmd.exe;2464;RegCloseKey;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon;SUCCESS;
16:41:39;6826290;cmd.exe;2464;RegOpenKey;HKLM\System\CurrentControlSet\Control\ProductOptions;SUCCESS;Desired Access: Read
16:41:39;6826835;cmd.exe;2464;RegQueryValue;HKLM\System\CurrentControlSet\Control\ProductOptions\ProductType;SUCCESS;Type: REG_SZ, Length: 12, Data: WinNT
16:41:39;6827179;cmd.exe;2464;RegCloseKey;HKLM\System\CurrentControlSet\Control\ProductOptions;SUCCESS;
16:41:39;6828033;cmd.exe;2464;RegOpenKey;HKCU;SUCCESS;Desired Access: Read
16:41:39;6828363;cmd.exe;2464;RegOpenKey;HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders;SUCCESS;Desired Access: Read
16:41:39;6828765;cmd.exe;2464;RegQueryValue;HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Personal;SUCCESS;Type: REG_EXPAND_SZ, Length: 54, Data: %USERPROFILE%\My Documents
16:41:39;6829059;cmd.exe;2464;RegQueryValue;HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Local Settings;SUCCESS;Type: REG_EXPAND_SZ, Length: 58, Data: %USERPROFILE%\Local Settings
16:41:39;6829506;cmd.exe;2464;RegCloseKey;HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders;SUCCESS;
16:41:39;6829791;cmd.exe;2464;RegCloseKey;HKCU;SUCCESS;
16:41:39;6830034;cmd.exe;2464;RegOpenKey;HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon;SUCCESS;Desired Access: Maximum Allowed
16:41:39;6830380;cmd.exe;2464;RegQueryValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\RsopDebugLevel;NAME NOT FOUND;Length: 144
16:41:39;6830721;cmd.exe;2464;RegCloseKey;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon;SUCCESS;
16:41:39;6830858;cmd.exe;2464;RegOpenKey;HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon;SUCCESS;Desired Access: Maximum Allowed
16:41:39;6831154;cmd.exe;2464;RegQueryValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserEnvDebugLevel;NAME NOT FOUND;Length: 144
16:41:39;6831361;cmd.exe;2464;RegQueryValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\RsopLogging;NAME NOT FOUND;Length: 144
16:41:39;6831643;cmd.exe;2464;RegCloseKey;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon;SUCCESS;
16:41:39;6831755;cmd.exe;2464;RegOpenKey;HKLM\Software\Policies\Microsoft\Windows\System;SUCCESS;Desired Access: Maximum Allowed
16:41:39;6832207;cmd.exe;2464;RegQueryValue;HKLM\SOFTWARE\Policies\Microsoft\Windows\System\UserEnvDebugLevel;NAME NOT FOUND;Length: 144
16:41:39;6832391;cmd.exe;2464;RegQueryValue;HKLM\SOFTWARE\Policies\Microsoft\Windows\System\RsopLogging;NAME NOT FOUND;Length: 144
16:41:39;6832654;cmd.exe;2464;RegCloseKey;HKLM\SOFTWARE\Policies\Microsoft\Windows\System;SUCCESS;
16:41:39;6832813;cmd.exe;2464;RegOpenKey;HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon;SUCCESS;Desired Access: Maximum Allowed
16:41:39;6833107;cmd.exe;2464;RegQueryValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserEnvDebugLevel;NAME NOT FOUND;Length: 144
16:41:39;6833422;cmd.exe;2464;RegCloseKey;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon;SUCCESS;
16:41:39;6833554;cmd.exe;2464;RegOpenKey;HKLM\Software\Policies\Microsoft\Windows\System;SUCCESS;Desired Access: Maximum Allowed
16:41:39;6833850;cmd.exe;2464;RegQueryValue;HKLM\SOFTWARE\Policies\Microsoft\Windows\System\UserEnvDebugLevel;NAME NOT FOUND;Length: 144
16:41:39;6834126;cmd.exe;2464;RegCloseKey;HKLM\SOFTWARE\Policies\Microsoft\Windows\System;SUCCESS;
16:41:39;6834987;cmd.exe;2464;RegOpenKey;HKCU;SUCCESS;Desired Access: Read/Write
16:41:39;6835275;cmd.exe;2464;RegOpenKey;HKCU\Software\Microsoft\Windows\CurrentVersion\ThemeManager;SUCCESS;Desired Access: Query Value
16:41:39;6835596;cmd.exe;2464;RegQueryValue;HKCU\Software\Microsoft\Windows\CurrentVersion\ThemeManager\Compositing;NAME NOT FOUND;Length: 144
16:41:39;6835984;cmd.exe;2464;RegCloseKey;HKCU\Software\Microsoft\Windows\CurrentVersion\ThemeManager;SUCCESS;
16:41:39;6837160;cmd.exe;2464;RegCloseKey;HKCU;SUCCESS;
16:41:39;6837621;cmd.exe;2464;RegOpenKey;HKCU;SUCCESS;Desired Access: Read
16:41:39;6837926;cmd.exe;2464;RegOpenKey;HKCU\Control Panel\Desktop;SUCCESS;Desired Access: Query Value
16:41:39;6838211;cmd.exe;2464;RegQueryValue;HKCU\Control Panel\Desktop\LameButtonText;NAME NOT FOUND;Length: 144
16:41:39;6838599;cmd.exe;2464;RegCloseKey;HKCU\Control Panel\Desktop;SUCCESS;
16:41:39;6838795;cmd.exe;2464;RegCloseKey;HKCU;SUCCESS;
16:41:39;6839979;cmd.exe;2464;RegOpenKey;HKCU;SUCCESS;Desired Access: Maximum Allowed
16:41:39;6840317;cmd.exe;2464;RegOpenKey;HKCU\Software\Policies\Microsoft\Control Panel\Desktop;NAME NOT FOUND;Desired Access: Read
16:41:39;6840527;cmd.exe;2464;RegOpenKey;HKCU\Control Panel\Desktop;SUCCESS;Desired Access: Read
16:41:39;6840784;cmd.exe;2464;RegQueryValue;HKCU\Control Panel\Desktop\MultiUILanguageId;NAME NOT FOUND;Length: 256
16:41:39;6841074;cmd.exe;2464;RegCloseKey;HKCU\Control Panel\Desktop;SUCCESS;
16:41:39;6841267;cmd.exe;2464;RegCloseKey;HKCU;SUCCESS;
16:41:39;6842334;cmd.exe;2464;RegOpenKey;HKCU;SUCCESS;Desired Access: Maximum Allowed
16:41:39;6842650;cmd.exe;2464;RegOpenKey;HKCU\Software\Policies\Microsoft\Windows\System;NAME NOT FOUND;Desired Access: Read
16:41:39;6843675;cmd.exe;2464;RegOpenKey;HKLM\Software\Microsoft\Command Processor;SUCCESS;Desired Access: Maximum Allowed
16:41:39;6844147;cmd.exe;2464;RegQueryValue;HKLM\SOFTWARE\Microsoft\Command Processor\DisableUNCCheck;NAME NOT FOUND;Length: 144
16:41:39;6844354;cmd.exe;2464;RegQueryValue;HKLM\SOFTWARE\Microsoft\Command Processor\EnableExtensions;SUCCESS;Type: REG_DWORD, Length: 4, Data: 1
16:41:39;6844552;cmd.exe;2464;RegQueryValue;HKLM\SOFTWARE\Microsoft\Command Processor\DelayedExpansion;NAME NOT FOUND;Length: 144
16:41:39;6844723;cmd.exe;2464;RegQueryValue;HKLM\SOFTWARE\Microsoft\Command Processor\DefaultColor;SUCCESS;Type: REG_DWORD, Length: 4, Data: 0
16:41:39;6844901;cmd.exe;2464;RegQueryValue;HKLM\SOFTWARE\Microsoft\Command Processor\CompletionChar;SUCCESS;Type: REG_DWORD, Length: 4, Data: 64
16:41:39;6845083;cmd.exe;2464;RegQueryValue;HKLM\SOFTWARE\Microsoft\Command Processor\PathCompletionChar;SUCCESS;Type: REG_DWORD, Length: 4, Data: 64
16:41:39;6845298;cmd.exe;2464;RegQueryValue;HKLM\SOFTWARE\Microsoft\Command Processor\AutoRun;SUCCESS;Type: REG_SZ, Length: 2, Data: 
16:41:39;6845611;cmd.exe;2464;RegCloseKey;HKLM\SOFTWARE\Microsoft\Command Processor;SUCCESS;
16:41:39;6845748;cmd.exe;2464;RegOpenKey;HKCU\Software\Microsoft\Command Processor;SUCCESS;Desired Access: Maximum Allowed
16:41:39;6846078;cmd.exe;2464;RegQueryValue;HKCU\Software\Microsoft\Command Processor\DisableUNCCheck;NAME NOT FOUND;Length: 144
16:41:39;6846287;cmd.exe;2464;RegQueryValue;HKCU\Software\Microsoft\Command Processor\EnableExtensions;SUCCESS;Type: REG_DWORD, Length: 4, Data: 1
16:41:39;6846474;cmd.exe;2464;RegQueryValue;HKCU\Software\Microsoft\Command Processor\DelayedExpansion;NAME NOT FOUND;Length: 144
16:41:39;6846653;cmd.exe;2464;RegQueryValue;HKCU\Software\Microsoft\Command Processor\DefaultColor;SUCCESS;Type: REG_DWORD, Length: 4, Data: 0
16:41:39;6846857;cmd.exe;2464;RegQueryValue;HKCU\Software\Microsoft\Command Processor\CompletionChar;SUCCESS;Type: REG_DWORD, Length: 4, Data: 9
16:41:39;6847053;cmd.exe;2464;RegQueryValue;HKCU\Software\Microsoft\Command Processor\PathCompletionChar;NAME NOT FOUND;Length: 144
16:41:39;6847234;cmd.exe;2464;RegQueryValue;HKCU\Software\Microsoft\Command Processor\AutoRun;NAME NOT FOUND;Length: 144
16:41:39;6847522;cmd.exe;2464;RegCloseKey;HKCU\Software\Microsoft\Command Processor;SUCCESS;
16:41:39;6850036;cmd.exe;2464;QueryOpen;C:\Program Files\MySQL\MySQL Workbench 5.2 OSS;SUCCESS;CreationTime: 22-02-2010 10:59:08, LastAccessTime: 22-02-2010 16:41:39, LastWriteTime: 22-02-2010 12:00:04, ChangeTime: 22-02-2010 12:00:04, AllocationSize: 0, EndOfFile: 0, FileAttributes: D
16:41:39;6850464;cmd.exe;2464;CreateFile;C:\;SUCCESS;Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened
16:41:39;6850858;cmd.exe;2464;QueryDirectory;C:\Program Files;SUCCESS;Filter: Program Files, 1: Program Files
16:41:39;6851338;cmd.exe;2464;CloseFile;C:\;SUCCESS;
16:41:39;6852587;cmd.exe;2464;CreateFile;C:\Program Files;SUCCESS;Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened
16:41:39;6854031;cmd.exe;2464;QueryDirectory;C:\Program Files\MySQL;SUCCESS;Filter: MySQL, 1: MySQL
16:41:39;6854531;cmd.exe;2464;CloseFile;C:\Program Files;SUCCESS;
16:41:39;6856436;cmd.exe;2464;CreateFile;C:\Program Files\MySQL;SUCCESS;Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened
16:41:39;6863851;cmd.exe;2464;QueryDirectory;C:\Program Files\MySQL\MySQL Workbench 5.2 OSS;SUCCESS;Filter: MySQL Workbench 5.2 OSS, 1: MySQL Workbench 5.2 OSS
16:41:39;6865865;cmd.exe;2464;CloseFile;C:\Program Files\MySQL;SUCCESS;
16:41:39;6867885;cmd.exe;2464;QueryOpen;C:\Program Files\MySQL\MySQL Workbench 5.2 OSS;SUCCESS;CreationTime: 22-02-2010 10:59:08, LastAccessTime: 22-02-2010 16:41:39, LastWriteTime: 22-02-2010 12:00:04, ChangeTime: 22-02-2010 12:00:04, AllocationSize: 0, EndOfFile: 0, FileAttributes: D
16:41:39;6869810;cmd.exe;2464;RegOpenKey;HKLM\System\CurrentControlSet\Control\Nls\Codepage;SUCCESS;Desired Access: Read
16:41:39;6870363;cmd.exe;2464;RegQueryValue;HKLM\System\CurrentControlSet\Control\Nls\CodePage\850;SUCCESS;Type: REG_SZ, Length: 20, Data: c_850.nls
16:41:39;6870751;cmd.exe;2464;RegOpenKey;HKLM\System\CurrentControlSet\Control\Nls\Locale;SUCCESS;Desired Access: Read
16:41:39;6871086;cmd.exe;2464;RegOpenKey;HKLM\System\CurrentControlSet\Control\Nls\Locale\Alternate Sorts;SUCCESS;Desired Access: Read
16:41:39;6871408;cmd.exe;2464;RegOpenKey;HKLM\System\CurrentControlSet\Control\Nls\Language Groups;SUCCESS;Desired Access: Read
16:41:39;6871813;cmd.exe;2464;RegQueryValue;HKLM\System\CurrentControlSet\Control\Nls\Locale\00000413;SUCCESS;Type: REG_SZ, Length: 4, Data: 1
16:41:39;6872072;cmd.exe;2464;RegQueryValue;HKLM\System\CurrentControlSet\Control\Nls\Language Groups\1;SUCCESS;Type: REG_SZ, Length: 4, Data: 1
16:41:39;6878635;cmd.exe;2464;CreateFile;C:\Program Files\MySQL\MySQL Workbench 5.2 OSS;SUCCESS;Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened
16:41:39;6879836;cmd.exe;2464;QueryDirectory;C:\Program Files\MySQL\MySQL Workbench 5.2 OSS\sc.*;NO SUCH FILE;Filter: sc.*
16:41:39;6884133;cmd.exe;2464;CloseFile;C:\Program Files\MySQL\MySQL Workbench 5.2 OSS;SUCCESS;
16:41:39;6885873;cmd.exe;2464;CreateFile;C:\Program Files\MySQL\MySQL Workbench 5.2 OSS;SUCCESS;Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened
16:41:39;6891251;cmd.exe;2464;QueryDirectory;C:\Program Files\MySQL\MySQL Workbench 5.2 OSS\sc;NO SUCH FILE;Filter: sc
16:41:39;6892416;cmd.exe;2464;CloseFile;C:\Program Files\MySQL\MySQL Workbench 5.2 OSS;SUCCESS;
16:41:39;6894405;cmd.exe;2464;CreateFile;C:\Program Files\PHP;SUCCESS;Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened
16:41:39;6896545;cmd.exe;2464;QueryDirectory;C:\Program Files\PHP\sc.*;NO SUCH FILE;Filter: sc.*
16:41:39;6897743;cmd.exe;2464;CloseFile;C:\Program Files\PHP;SUCCESS;
16:41:39;6901414;cmd.exe;2464;CreateFile;C:\Program Files\PHP;SUCCESS;Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened
16:41:39;6903208;cmd.exe;2464;QueryDirectory;C:\Program Files\PHP\sc;NO SUCH FILE;Filter: sc
16:41:39;6904367;cmd.exe;2464;CloseFile;C:\Program Files\PHP;SUCCESS;
16:41:39;6905677;cmd.exe;2464;CreateFile;C:\Program Files\imagemagick-6.4.9-q16;SUCCESS;Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened
16:41:39;6906261;cmd.exe;2464;QueryDirectory;C:\Program Files\ImageMagick-6.4.9-Q16\sc.*;NO SUCH FILE;Filter: sc.*
16:41:39;6906703;cmd.exe;2464;CloseFile;C:\Program Files\ImageMagick-6.4.9-Q16;SUCCESS;
16:41:39;6917617;cmd.exe;2464;CreateFile;C:\Program Files\imagemagick-6.4.9-q16;SUCCESS;Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened
16:41:39;6918129;cmd.exe;2464;QueryDirectory;C:\Program Files\ImageMagick-6.4.9-Q16\sc;NO SUCH FILE;Filter: sc
16:41:39;6918548;cmd.exe;2464;CloseFile;C:\Program Files\ImageMagick-6.4.9-Q16;SUCCESS;
16:41:39;6930387;cmd.exe;2464;CreateFile;C:\WINDOWS\system32;SUCCESS;Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened
16:41:39;6933024;cmd.exe;2464;QueryDirectory;C:\WINDOWS\system32\sc.*;SUCCESS;Filter: sc.*, 1: sc.exe
16:41:39;6935433;cmd.exe;2464;CloseFile;C:\WINDOWS\system32;SUCCESS;
16:41:39;6944724;cmd.exe;2464;CreateFile;C:\WINDOWS\system32;SUCCESS;Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened
16:41:39;6946479;cmd.exe;2464;QueryDirectory;C:\WINDOWS\system32\sc.COM;NO SUCH FILE;Filter: sc.COM
16:41:39;6954343;cmd.exe;2464;CloseFile;C:\WINDOWS\system32;SUCCESS;
16:41:39;6956907;cmd.exe;2464;CreateFile;C:\WINDOWS\system32;SUCCESS;Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened
16:41:39;6964967;cmd.exe;2464;QueryDirectory;C:\WINDOWS\system32\sc.EXE;SUCCESS;Filter: sc.EXE, 1: sc.exe
16:41:39;6966794;cmd.exe;2464;CloseFile;C:\WINDOWS\system32;SUCCESS;
16:41:39;6970870;cmd.exe;2464;CreateFile;C:\WINDOWS\system32\sc.exe;SUCCESS;Desired Access: Read Data/List Directory, Execute/Traverse, Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened
16:41:39;6975161;cmd.exe;2464;RegOpenKey;HKLM\System\CurrentControlSet\Control\Session Manager\AppCertDlls;NAME NOT FOUND;Desired Access: Query Value
16:41:39;6975561;cmd.exe;2464;RegOpenKey;HKLM\System\CurrentControlSet\Control\Session Manager\AppCompatibility;SUCCESS;Desired Access: Query Value
16:41:39;6976005;cmd.exe;2464;RegQueryValue;HKLM\System\CurrentControlSet\Control\Session Manager\AppCompatibility\DisableAppCompat;NAME NOT FOUND;Length: 20
16:41:39;6976348;cmd.exe;2464;RegCloseKey;HKLM\System\CurrentControlSet\Control\Session Manager\AppCompatibility;SUCCESS;
16:41:39;6979650;cmd.exe;2464;QueryOpen;C:\WINDOWS\system32\apphelp.dll;SUCCESS;CreationTime: 28-02-2006 13:00:00, LastAccessTime: 22-02-2010 16:41:37, LastWriteTime: 14-04-2008 01:11:49, ChangeTime: 07-09-2008 18:13:55, AllocationSize: 126.976, EndOfFile: 125.952, FileAttributes: A
16:41:39;6983145;cmd.exe;2464;CreateFile;C:\WINDOWS\system32\apphelp.dll;SUCCESS;Desired Access: Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened
16:41:39;6986819;cmd.exe;2464;QueryStandardInformationFile;C:\WINDOWS\system32\apphelp.dll;SUCCESS;AllocationSize: 126.976, EndOfFile: 125.952, NumberOfLinks: 1, DeletePending: False, Directory: False
16:41:39;6989459;cmd.exe;2464;CloseFile;C:\WINDOWS\system32\apphelp.dll;SUCCESS;
16:41:39;6992878;cmd.exe;2464;QueryOpen;C:\WINDOWS\system32\apphelp.dll;SUCCESS;CreationTime: 28-02-2006 13:00:00, LastAccessTime: 22-02-2010 16:41:39, LastWriteTime: 14-04-2008 01:11:49, ChangeTime: 07-09-2008 18:13:55, AllocationSize: 126.976, EndOfFile: 125.952, FileAttributes: A
16:41:39;7003226;cmd.exe;2464;CreateFile;C:\WINDOWS\system32\apphelp.dll;SUCCESS;Desired Access: Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened
16:41:39;7009501;cmd.exe;2464;CloseFile;C:\WINDOWS\system32\apphelp.dll;SUCCESS;
16:41:39;7021413;cmd.exe;2464;Load Image;C:\WINDOWS\system32\apphelp.dll;SUCCESS;Image Base: 0x77b40000, Image Size: 0x22000
16:41:39;7027584;cmd.exe;2464;RegOpenKey;HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Apphelp.dll;NAME NOT FOUND;Desired Access: Read
16:41:39;7031123;cmd.exe;2464;CreateFile;C:\WINDOWS\AppPatch\sysmain.sdb;SUCCESS;Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, AllocationSize: n/a, OpenResult: Opened
16:41:39;7055185;cmd.exe;2464;QueryStandardInformationFile;C:\WINDOWS\AppPatch\sysmain.sdb;SUCCESS;AllocationSize: 1.208.320, EndOfFile: 1.206.508, NumberOfLinks: 1, DeletePending: False, Directory: False
16:41:39;7057180;cmd.exe;2464;QueryStandardInformationFile;C:\WINDOWS\AppPatch\sysmain.sdb;SUCCESS;AllocationSize: 1.208.320, EndOfFile: 1.206.508, NumberOfLinks: 1, DeletePending: False, Directory: False
16:41:39;7068366;cmd.exe;2464;QueryStandardInformationFile;C:\WINDOWS\AppPatch\sysmain.sdb;SUCCESS;AllocationSize: 1.208.320, EndOfFile: 1.206.508, NumberOfLinks: 1, DeletePending: False, Directory: False
16:41:39;7071017;cmd.exe;2464;CreateFile;C:\WINDOWS\AppPatch\systest.sdb;NAME NOT FOUND;Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, AllocationSize: n/a
16:41:39;7072185;cmd.exe;2464;RegOpenKey;HKLM\System\WPA\TabletPC;NAME NOT FOUND;Desired Access: Query Value, WOW64_64Key
16:41:39;7072453;cmd.exe;2464;RegOpenKey;HKLM\SYSTEM\WPA\MediaCenter;SUCCESS;Desired Access: Query Value, WOW64_64Key
16:41:39;7072835;cmd.exe;2464;RegQueryValue;HKLM\SYSTEM\WPA\MediaCenter\Installed;SUCCESS;Type: REG_DWORD, Length: 4, Data: 0
16:41:39;7073257;cmd.exe;2464;RegCloseKey;HKLM\SYSTEM\WPA\MediaCenter;SUCCESS;
16:41:39;7102149;cmd.exe;2464;CreateFile;C:\WINDOWS\system32;SUCCESS;Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened
16:41:39;7117238;cmd.exe;2464;QueryDirectory;C:\WINDOWS\system32\sc.exe;SUCCESS;Filter: sc.exe, 1: sc.exe
16:41:39;7119003;cmd.exe;2464;CloseFile;C:\WINDOWS\system32;SUCCESS;
16:41:39;7123029;cmd.exe;2464;QueryOpen;C:\WINDOWS\system32\sc.exe;SUCCESS;CreationTime: 28-02-2006 13:00:00, LastAccessTime: 22-02-2010 16:41:37, LastWriteTime: 06-02-2009 11:39:08, ChangeTime: 22-02-2010 12:18:51, AllocationSize: 36.864, EndOfFile: 35.328, FileAttributes: A
16:41:39;7123456;cmd.exe;2464;CreateFile;C:\;SUCCESS;Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened
16:41:39;7123842;cmd.exe;2464;QueryDirectory;C:\WINDOWS;SUCCESS;Filter: WINDOWS, 1: WINDOWS
16:41:39;7132907;cmd.exe;2464;CloseFile;C:\;SUCCESS;
16:41:39;7134676;cmd.exe;2464;CreateFile;C:\WINDOWS;SUCCESS;Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened
16:41:39;7135656;cmd.exe;2464;QueryDirectory;C:\WINDOWS\system32;SUCCESS;Filter: system32, 1: system32
16:41:39;7141755;cmd.exe;2464;CloseFile;C:\WINDOWS;SUCCESS;
16:41:39;7144048;cmd.exe;2464;CreateFile;C:\WINDOWS\system32;SUCCESS;Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened
16:41:39;7147772;cmd.exe;2464;QueryDirectory;C:\WINDOWS\system32\sc.exe;SUCCESS;Filter: sc.exe, 1: sc.exe
16:41:39;7173672;cmd.exe;2464;CloseFile;C:\WINDOWS\system32;SUCCESS;
16:41:39;7174209;cmd.exe;2464;RegOpenKey;HKLM\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers;SUCCESS;Desired Access: Read, WOW64_64Key
16:41:39;7174840;cmd.exe;2464;RegQueryValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\WINDOWS\system32\sc.exe;NAME NOT FOUND;Length: 1.024
16:41:39;7175209;cmd.exe;2464;RegCloseKey;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers;SUCCESS;
16:41:39;7175502;cmd.exe;2464;RegOpenKey;HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers;NAME NOT FOUND;Desired Access: Read, WOW64_64Key
16:41:39;7175765;cmd.exe;2464;RegOpenKey;HKLM\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom\sc.exe;NAME NOT FOUND;Desired Access: Read, WOW64_64Key
16:41:39;7180832;cmd.exe;2464;QueryOpen;C:\WINDOWS\system32\sc.exe;SUCCESS;CreationTime: 28-02-2006 13:00:00, LastAccessTime: 22-02-2010 16:41:37, LastWriteTime: 06-02-2009 11:39:08, ChangeTime: 22-02-2010 12:18:51, AllocationSize: 36.864, EndOfFile: 35.328, FileAttributes: A
16:41:39;7195242;cmd.exe;2464;QueryOpen;C:\WINDOWS\system32\sc.exe;SUCCESS;CreationTime: 28-02-2006 13:00:00, LastAccessTime: 22-02-2010 16:41:37, LastWriteTime: 06-02-2009 11:39:08, ChangeTime: 22-02-2010 12:18:51, AllocationSize: 36.864, EndOfFile: 35.328, FileAttributes: A
16:41:39;7198215;cmd.exe;2464;CreateFile;C:\WINDOWS\system32\sc.exe;SUCCESS;Desired Access: Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened
16:41:39;7201897;cmd.exe;2464;QueryStandardInformationFile;C:\WINDOWS\system32\sc.exe;SUCCESS;AllocationSize: 36.864, EndOfFile: 35.328, NumberOfLinks: 1, DeletePending: False, Directory: False
16:41:39;7207221;cmd.exe;2464;CloseFile;C:\WINDOWS\system32\sc.exe;SUCCESS;
16:41:39;7212295;cmd.exe;2464;QueryOpen;C:\WINDOWS\system32\sc.exe;SUCCESS;CreationTime: 28-02-2006 13:00:00, LastAccessTime: 22-02-2010 16:41:39, LastWriteTime: 06-02-2009 11:39:08, ChangeTime: 22-02-2010 12:18:51, AllocationSize: 36.864, EndOfFile: 35.328, FileAttributes: A
16:41:39;7216220;cmd.exe;2464;CreateFile;C:\WINDOWS\system32\sc.exe;SUCCESS;Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened
16:41:39;7227701;cmd.exe;2464;QueryStandardInformationFile;C:\WINDOWS\system32\sc.exe;SUCCESS;AllocationSize: 36.864, EndOfFile: 35.328, NumberOfLinks: 1, DeletePending: False, Directory: False
16:41:39;7230305;cmd.exe;2464;CloseFile;C:\WINDOWS\system32\sc.exe;SUCCESS;
16:41:39;7234281;cmd.exe;2464;QueryOpen;C:\WINDOWS\system32\sc.exe;SUCCESS;CreationTime: 28-02-2006 13:00:00, LastAccessTime: 22-02-2010 16:41:39, LastWriteTime: 06-02-2009 11:39:08, ChangeTime: 22-02-2010 12:18:51, AllocationSize: 36.864, EndOfFile: 35.328, FileAttributes: A
16:41:39;7237465;cmd.exe;2464;CreateFile;C:\WINDOWS\system32\sc.exe;SUCCESS;Desired Access: Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened
16:41:39;7241969;cmd.exe;2464;QueryStandardInformationFile;C:\WINDOWS\system32\sc.exe;SUCCESS;AllocationSize: 36.864, EndOfFile: 35.328, NumberOfLinks: 1, DeletePending: False, Directory: False
16:41:39;7248422;cmd.exe;2464;CloseFile;C:\WINDOWS\system32\sc.exe;SUCCESS;
16:41:39;7252006;cmd.exe;2464;QueryOpen;C:\WINDOWS\system32\sc.exe;SUCCESS;CreationTime: 28-02-2006 13:00:00, LastAccessTime: 22-02-2010 16:41:39, LastWriteTime: 06-02-2009 11:39:08, ChangeTime: 22-02-2010 12:18:51, AllocationSize: 36.864, EndOfFile: 35.328, FileAttributes: A
16:41:39;7255426;cmd.exe;2464;CreateFile;C:\WINDOWS\system32\sc.exe;SUCCESS;Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened
16:41:39;7266634;cmd.exe;2464;QueryStandardInformationFile;C:\WINDOWS\system32\sc.exe;SUCCESS;AllocationSize: 36.864, EndOfFile: 35.328, NumberOfLinks: 1, DeletePending: False, Directory: False
16:41:39;7269288;cmd.exe;2464;CloseFile;C:\WINDOWS\system32\sc.exe;SUCCESS;
16:41:39;7275805;cmd.exe;2464;RegOpenKey;HKLM\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags;SUCCESS;Desired Access: Read, WOW64_64Key
16:41:39;7276345;cmd.exe;2464;RegQueryValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\{be0aa9f6-56c7-4157-bcfe-dfee31a77987};NAME NOT FOUND;Length: 1.024
16:41:39;7277278;cmd.exe;2464;RegCloseKey;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags;SUCCESS;
16:41:39;7277610;cmd.exe;2464;RegOpenKey;HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags;NAME NOT FOUND;Desired Access: Read, WOW64_64Key
16:41:39;7281750;cmd.exe;2464;CloseFile;C:\WINDOWS\AppPatch\sysmain.sdb;SUCCESS;
16:41:39;7286527;cmd.exe;2464;RegOpenKey;HKLM\System\CurrentControlSet\Control\SafeBoot\Option;NAME NOT FOUND;Desired Access: Query Value, Set Value
16:41:39;7286930;cmd.exe;2464;RegOpenKey;HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers;SUCCESS;Desired Access: Query Value
16:41:39;7287332;cmd.exe;2464;RegQueryValue;HKLM\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\TransparentEnabled;SUCCESS;Type: REG_DWORD, Length: 4, Data: 1
16:41:39;7287586;cmd.exe;2464;RegQueryValue;HKLM\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\AuthenticodeEnabled;SUCCESS;Type: REG_DWORD, Length: 4, Data: 0
16:41:39;7287938;cmd.exe;2464;RegCloseKey;HKLM\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers;SUCCESS;
16:41:39;7288477;cmd.exe;2464;RegOpenKey;HKLM\Software\Policies\Microsoft\Windows\Safer\LevelObjects;NAME NOT FOUND;Desired Access: Read
16:41:39;7288687;cmd.exe;2464;RegOpenKey;HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers;SUCCESS;Desired Access: Query Value
16:41:39;7288989;cmd.exe;2464;RegQueryValue;HKLM\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\Levels;NAME NOT FOUND;Length: 536
16:41:39;7289299;cmd.exe;2464;RegCloseKey;HKLM\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers;SUCCESS;
16:41:39;7289880;cmd.exe;2464;RegOpenKey;HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths;SUCCESS;Desired Access: Read
16:41:39;7290232;cmd.exe;2464;RegEnumKey;HKLM\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths;SUCCESS;Index: 0, Name: {dda3f824-d8cb-441b-834d-be2efd2c1a33}
16:41:39;7290475;cmd.exe;2464;RegOpenKey;HKLM\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33};SUCCESS;Desired Access: Read
16:41:39;7290947;cmd.exe;2464;RegQueryValue;HKLM\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\ItemData;SUCCESS;Type: REG_EXPAND_SZ, Length: 190, Data: %HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cache%OLK*
16:41:39;7291232;cmd.exe;2464;RegQueryValue;HKLM\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\SaferFlags;SUCCESS;Type: REG_DWORD, Length: 4, Data: 0
16:41:39;7291570;cmd.exe;2464;RegCloseKey;HKLM\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33};SUCCESS;
16:41:39;7291738;cmd.exe;2464;RegEnumKey;HKLM\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths;NO MORE ENTRIES;Index: 1, Length: 280
16:41:39;7292014;cmd.exe;2464;RegCloseKey;HKLM\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths;SUCCESS;
16:41:39;7292123;cmd.exe;2464;RegOpenKey;HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes;SUCCESS;Desired Access: Read
16:41:39;7292467;cmd.exe;2464;RegEnumKey;HKLM\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes;SUCCESS;Index: 0, Name: {349d35ab-37b5-462f-9b89-edd5fbde1328}
16:41:39;7292696;cmd.exe;2464;RegOpenKey;HKLM\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328};SUCCESS;Desired Access: Read
16:41:39;7293020;cmd.exe;2464;RegQueryValue;HKLM\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\ItemData;SUCCESS;Type: REG_BINARY, Length: 16, Data: 5E AB 30 4F 95 7A 49 89 6A 00 6C 1C 31 15 40 15
16:41:39;7293257;cmd.exe;2464;RegQueryValue;HKLM\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\HashAlg;SUCCESS;Type: REG_DWORD, Length: 4, Data: 32771
16:41:39;7293478;cmd.exe;2464;RegQueryValue;HKLM\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\ItemSize;SUCCESS;Type: REG_QWORD, Length: 8, Data: 
16:41:39;7293704;cmd.exe;2464;RegQueryValue;HKLM\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\SaferFlags;SUCCESS;Type: REG_DWORD, Length: 4, Data: 0
16:41:39;7294042;cmd.exe;2464;RegCloseKey;HKLM\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328};SUCCESS;
16:41:39;7294193;cmd.exe;2464;RegEnumKey;HKLM\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes;SUCCESS;Index: 1, Name: {7fb9cd2e-3076-4df9-a57b-b813f72dbb91}
16:41:39;7295814;cmd.exe;2464;RegOpenKey;HKLM\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91};SUCCESS;Desired Access: Read
16:41:39;7296166;cmd.exe;2464;RegQueryValue;HKLM\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\ItemData;SUCCESS;Type: REG_BINARY, Length: 16, Data: 67 B0 D4 8B 34 3A 3F D3 BC E9 DC 64 67 04 F3 94
16:41:39;7296420;cmd.exe;2464;RegQueryValue;HKLM\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\HashAlg;SUCCESS;Type: REG_DWORD, Length: 4, Data: 32771
16:41:39;7296654;cmd.exe;2464;RegQueryValue;HKLM\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\ItemSize;SUCCESS;Type: REG_QWORD, Length: 8, Data: 
16:41:39;7297037;cmd.exe;2464;RegQueryValue;HKLM\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\SaferFlags;SUCCESS;Type: REG_DWORD, Length: 4, Data: 0
16:41:39;7297414;cmd.exe;2464;RegCloseKey;HKLM\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91};SUCCESS;
16:41:39;7297571;cmd.exe;2464;RegEnumKey;HKLM\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes;SUCCESS;Index: 2, Name: {81d1fe15-dd9d-4762-b16d-7c29ddecae3f}
16:41:39;7297800;cmd.exe;2464;RegOpenKey;HKLM\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f};SUCCESS;Desired Access: Read
16:41:39;7298129;cmd.exe;2464;RegQueryValue;HKLM\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\ItemData;SUCCESS;Type: REG_BINARY, Length: 16, Data: 32 78 02 DC FE F8 C8 93 DC 8A B0 06 DD 84 7D 1D
16:41:39;7298372;cmd.exe;2464;RegQueryValue;HKLM\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\HashAlg;SUCCESS;Type: REG_DWORD, Length: 4, Data: 32771
16:41:39;7298588;cmd.exe;2464;RegQueryValue;HKLM\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\ItemSize;SUCCESS;Type: REG_QWORD, Length: 8, Data: 
16:41:39;7298845;cmd.exe;2464;RegQueryValue;HKLM\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\SaferFlags;SUCCESS;Type: REG_DWORD, Length: 4, Data: 0
16:41:39;7299180;cmd.exe;2464;RegCloseKey;HKLM\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f};SUCCESS;
16:41:39;7299328;cmd.exe;2464;RegEnumKey;HKLM\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes;SUCCESS;Index: 3, Name: {94e3e076-8f53-42a5-8411-085bcc18a68d}
16:41:39;7299563;cmd.exe;2464;RegOpenKey;HKLM\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d};SUCCESS;Desired Access: Read
16:41:39;7299884;cmd.exe;2464;RegQueryValue;HKLM\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\ItemData;SUCCESS;Type: REG_BINARY, Length: 16, Data: BD 9A 2A DB 42 EB D8 56 0E 25 0E 4D F8 16 2F 67
16:41:39;7300113;cmd.exe;2464;RegQueryValue;HKLM\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\HashAlg;SUCCESS;Type: REG_DWORD, Length: 4, Data: 32771
16:41:39;7300331;cmd.exe;2464;RegQueryValue;HKLM\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\ItemSize;SUCCESS;Type: REG_QWORD, Length: 8, Data: 
16:41:39;7300549;cmd.exe;2464;RegQueryValue;HKLM\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\SaferFlags;SUCCESS;Type: REG_DWORD, Length: 4, Data: 0
16:41:39;7300912;cmd.exe;2464;RegCloseKey;HKLM\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d};SUCCESS;
16:41:39;7301588;cmd.exe;2464;RegEnumKey;HKLM\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes;SUCCESS;Index: 4, Name: {dc971ee5-44eb-4fe4-ae2e-b91490411bfc}
16:41:39;7301823;cmd.exe;2464;RegOpenKey;HKLM\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc};SUCCESS;Desired Access: Read
16:41:39;7302166;cmd.exe;2464;RegQueryValue;HKLM\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\ItemData;SUCCESS;Type: REG_BINARY, Length: 16, Data: 38 6B 08 5F 84 EC F6 69 D3 6B 95 6A 22 C0 1E 80
16:41:39;7302409;cmd.exe;2464;RegQueryValue;HKLM\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\HashAlg;SUCCESS;Type: REG_DWORD, Length: 4, Data: 32771
16:41:39;7302624;cmd.exe;2464;RegQueryValue;HKLM\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\ItemSize;SUCCESS;Type: REG_QWORD, Length: 8, Data: 
16:41:39;7302845;cmd.exe;2464;RegQueryValue;HKLM\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\SaferFlags;SUCCESS;Type: REG_DWORD, Length: 4, Data: 0
16:41:39;7303331;cmd.exe;2464;RegCloseKey;HKLM\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc};SUCCESS;
16:41:39;7303476;cmd.exe;2464;RegEnumKey;HKLM\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes;NO MORE ENTRIES;Index: 5, Length: 280
16:41:39;7303767;cmd.exe;2464;RegCloseKey;HKLM\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes;SUCCESS;
16:41:39;7303884;cmd.exe;2464;RegOpenKey;HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\UrlZones;NAME NOT FOUND;Desired Access: Read
16:41:39;7304125;cmd.exe;2464;RegOpenKey;HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\4096\Paths;NAME NOT FOUND;Desired Access: Read
16:41:39;7304365;cmd.exe;2464;RegOpenKey;HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\4096\Hashes;NAME NOT FOUND;Desired Access: Read
16:41:39;7304558;cmd.exe;2464;RegOpenKey;HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\4096\UrlZones;NAME NOT FOUND;Desired Access: Read
16:41:39;7304748;cmd.exe;2464;RegOpenKey;HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\65536\Paths;NAME NOT FOUND;Desired Access: Read
16:41:39;7304935;cmd.exe;2464;RegOpenKey;HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\65536\Hashes;NAME NOT FOUND;Desired Access: Read
16:41:39;7305114;cmd.exe;2464;RegOpenKey;HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\65536\UrlZones;NAME NOT FOUND;Desired Access: Read
16:41:39;7305292;cmd.exe;2464;RegOpenKey;HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\131072\Paths;NAME NOT FOUND;Desired Access: Read
16:41:39;7305482;cmd.exe;2464;RegOpenKey;HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\131072\Hashes;NAME NOT FOUND;Desired Access: Read
16:41:39;7305664;cmd.exe;2464;RegOpenKey;HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\131072\UrlZones;NAME NOT FOUND;Desired Access: Read
16:41:39;7305854;cmd.exe;2464;RegOpenKey;HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths;NAME NOT FOUND;Desired Access: Read
16:41:39;7306044;cmd.exe;2464;RegOpenKey;HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Hashes;NAME NOT FOUND;Desired Access: Read
16:41:39;7306253;cmd.exe;2464;RegOpenKey;HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\UrlZones;NAME NOT FOUND;Desired Access: Read
16:41:39;7306650;cmd.exe;2464;RegOpenKey;HKCU\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths;NAME NOT FOUND;Desired Access: Read
16:41:39;7307030;cmd.exe;2464;RegOpenKey;HKCU\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes;NAME NOT FOUND;Desired Access: Read
16:41:39;7307399;cmd.exe;2464;RegOpenKey;HKCU\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\UrlZones;NAME NOT FOUND;Desired Access: Read
16:41:39;7307765;cmd.exe;2464;RegOpenKey;HKCU\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\4096\Paths;NAME NOT FOUND;Desired Access: Read
16:41:39;7308187;cmd.exe;2464;RegOpenKey;HKCU\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\4096\Hashes;NAME NOT FOUND;Desired Access: Read
16:41:39;7308561;cmd.exe;2464;RegOpenKey;HKCU\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\4096\UrlZones;NAME NOT FOUND;Desired Access: Read
16:41:39;7308913;cmd.exe;2464;RegOpenKey;HKCU\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\65536\Paths;NAME NOT FOUND;Desired Access: Read
16:41:39;7309262;cmd.exe;2464;RegOpenKey;HKCU\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\65536\Hashes;NAME NOT FOUND;Desired Access: Read
16:41:39;7309614;cmd.exe;2464;RegOpenKey;HKCU\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\65536\UrlZones;NAME NOT FOUND;Desired Access: Read
16:41:39;7309958;cmd.exe;2464;RegOpenKey;HKCU\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\131072\Paths;NAME NOT FOUND;Desired Access: Read
16:41:39;7310324;cmd.exe;2464;RegOpenKey;HKCU\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\131072\Hashes;NAME NOT FOUND;Desired Access: Read
16:41:39;7310667;cmd.exe;2464;RegOpenKey;HKCU\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\131072\UrlZones;NAME NOT FOUND;Desired Access: Read
16:41:39;7311042;cmd.exe;2464;RegOpenKey;HKCU\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths;NAME NOT FOUND;Desired Access: Read
16:41:39;7311388;cmd.exe;2464;RegOpenKey;HKCU\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Hashes;NAME NOT FOUND;Desired Access: Read
16:41:39;7311748;cmd.exe;2464;RegOpenKey;HKCU\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\UrlZones;NAME NOT FOUND;Desired Access: Read
16:41:39;7311961;cmd.exe;2464;RegOpenKey;HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers;SUCCESS;Desired Access: Read
16:41:39;7312302;cmd.exe;2464;RegQueryValue;HKLM\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\DefaultLevel;SUCCESS;Type: REG_DWORD, Length: 4, Data: 262144
16:41:39;7312628;cmd.exe;2464;RegCloseKey;HKLM\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers;SUCCESS;
16:41:39;7312961;cmd.exe;2464;RegOpenKey;HKCU\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers;NAME NOT FOUND;Desired Access: Read
16:41:39;7313732;cmd.exe;2464;RegOpenKey;HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers;SUCCESS;Desired Access: Query Value
16:41:39;7314042;cmd.exe;2464;RegQueryValue;HKLM\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\PolicyScope;SUCCESS;Type: REG_DWORD, Length: 4, Data: 0
16:41:39;7314366;cmd.exe;2464;RegCloseKey;HKLM\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers;SUCCESS;
16:41:39;7317034;cmd.exe;2464;QueryNameInformationFile;C:\WINDOWS\system32\sc.exe;SUCCESS;Name: \WINDOWS\system32\sc.exe
16:41:39;7319926;cmd.exe;2464;QueryOpen;C:\WINDOWS\system32\sc.exe;SUCCESS;CreationTime: 28-02-2006 13:00:00, LastAccessTime: 22-02-2010 16:41:39, LastWriteTime: 06-02-2009 11:39:08, ChangeTime: 22-02-2010 12:18:51, AllocationSize: 36.864, EndOfFile: 35.328, FileAttributes: A
16:41:39;7320381;cmd.exe;2464;CreateFile;C:\;SUCCESS;Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened
16:41:39;7321445;cmd.exe;2464;QueryDirectory;C:\WINDOWS;SUCCESS;Filter: WINDOWS, 1: WINDOWS
16:41:39;7331745;cmd.exe;2464;CloseFile;C:\;SUCCESS;
16:41:39;7333776;cmd.exe;2464;CreateFile;C:\WINDOWS;SUCCESS;Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened
16:41:39;7338129;cmd.exe;2464;QueryDirectory;C:\WINDOWS\system32;SUCCESS;Filter: system32, 1: system32
16:41:39;7339350;cmd.exe;2464;CloseFile;C:\WINDOWS;SUCCESS;
16:41:39;7341752;cmd.exe;2464;CreateFile;C:\WINDOWS\system32;SUCCESS;Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened
16:41:39;7343859;cmd.exe;2464;QueryDirectory;C:\WINDOWS\system32\sc.exe;SUCCESS;Filter: sc.exe, 1: sc.exe
16:41:39;7345772;cmd.exe;2464;CloseFile;C:\WINDOWS\system32;SUCCESS;
16:41:39;7348351;cmd.exe;2464;QueryStandardInformationFile;C:\WINDOWS\system32\sc.exe;SUCCESS;AllocationSize: 36.864, EndOfFile: 35.328, NumberOfLinks: 1, DeletePending: False, Directory: False
16:41:39;7350639;cmd.exe;2464;QueryStandardInformationFile;C:\WINDOWS\system32\sc.exe;SUCCESS;AllocationSize: 36.864, EndOfFile: 35.328, NumberOfLinks: 1, DeletePending: False, Directory: False
16:41:39;7351642;cmd.exe;2464;RegOpenKey;HKCU;SUCCESS;Desired Access: Read
16:41:39;7352055;cmd.exe;2464;RegOpenKey;HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders;SUCCESS;Desired Access: Read
16:41:39;7352491;cmd.exe;2464;RegCloseKey;HKCU;SUCCESS;
16:41:39;7352709;cmd.exe;2464;RegQueryValue;HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cache;BUFFER OVERFLOW;Length: 144
16:41:39;7353016;cmd.exe;2464;RegQueryValue;HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cache;SUCCESS;Type: REG_SZ, Length: 150, Data: C:\Documents and Settings\Margriet\Local Settings\Temporary Internet Files
16:41:39;7353427;cmd.exe;2464;RegCloseKey;HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders;SUCCESS;
16:41:39;7353854;cmd.exe;2464;RegOpenKey;HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers;SUCCESS;Desired Access: Query Value
16:41:39;7354262;cmd.exe;2464;RegQueryValue;HKLM\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\LogFileName;NAME NOT FOUND;Length: 536
16:41:39;7354575;cmd.exe;2464;RegCloseKey;HKLM\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers;SUCCESS;
16:41:39;7354676;cmd.exe;2464;RegOpenKey;HKLM\System\CurrentControlSet\Control\SafeBoot\Option;NAME NOT FOUND;Desired Access: Query Value, Set Value
16:41:39;7356128;cmd.exe;2464;RegOpenKey;HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sc.exe;NAME NOT FOUND;Desired Access: Read
16:41:39;7360411;cmd.exe;2464;CreateFile;C:\WINDOWS\system32\sc.exe.Manifest;NAME NOT FOUND;Desired Access: Generic Read/Execute, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, AllocationSize: n/a
16:41:39;7366233;cmd.exe;2464;QueryOpen;C:\Program Files\MySQL\MySQL Workbench 5.2 OSS;SUCCESS;CreationTime: 22-02-2010 10:59:08, LastAccessTime: 22-02-2010 16:41:39, LastWriteTime: 22-02-2010 12:00:04, ChangeTime: 22-02-2010 12:00:04, AllocationSize: 0, EndOfFile: 0, FileAttributes: D
16:41:39;7368233;cmd.exe;2464;Process Create;C:\WINDOWS\system32\sc.exe;SUCCESS;PID: 3780, Command line: sc query mysql 
16:41:39;7371759;cmd.exe;2464;CloseFile;C:\WINDOWS\system32\sc.exe;SUCCESS;
16:41:39;8197917;MySQLWorkbench.exe;3160;QueryOpen;C:\WINDOWS\system32\msimtf.dll;SUCCESS;CreationTime: 28-02-2006 13:00:00, LastAccessTime: 22-02-2010 16:41:38, LastWriteTime: 14-04-2008 01:11:59, ChangeTime: 07-09-2008 18:00:16, AllocationSize: 159.744, EndOfFile: 159.232, FileAttributes: A
16:41:39;8201216;MySQLWorkbench.exe;3160;CreateFile;C:\WINDOWS\system32\msimtf.dll;SUCCESS;Desired Access: Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened
16:41:39;8205203;MySQLWorkbench.exe;3160;QueryStandardInformationFile;C:\WINDOWS\system32\msimtf.dll;SUCCESS;AllocationSize: 159.744, EndOfFile: 159.232, NumberOfLinks: 1, DeletePending: False, Directory: False
16:41:39;8207818;MySQLWorkbench.exe;3160;CloseFile;C:\WINDOWS\system32\msimtf.dll;SUCCESS;
16:41:39;8646505;cmd.exe;2464;RegOpenKey;HKCU;SUCCESS;Desired Access: Maximum Allowed
16:41:39;8646985;cmd.exe;2464;RegOpenKey;HKCU\Software\Policies\Microsoft\Control Panel\Desktop;NAME NOT FOUND;Desired Access: Read
16:41:39;8647206;cmd.exe;2464;RegOpenKey;HKCU\Control Panel\Desktop;SUCCESS;Desired Access: Read
16:41:39;8647519;cmd.exe;2464;RegQueryValue;HKCU\Control Panel\Desktop\MultiUILanguageId;NAME NOT FOUND;Length: 256
16:41:39;8647876;cmd.exe;2464;RegCloseKey;HKCU\Control Panel\Desktop;SUCCESS;
16:41:39;8648092;cmd.exe;2464;RegCloseKey;HKCU;SUCCESS;
16:41:39;8654911;cmd.exe;2464;RegCloseKey;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32;SUCCESS;
16:41:39;8656266;cmd.exe;2464;RegOpenKey;HKLM\Software\Microsoft\Windows NT\CurrentVersion\GRE_Initialize;SUCCESS;Desired Access: Read
16:41:39;8656685;cmd.exe;2464;RegQueryValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles;NAME NOT FOUND;Length: 20
16:41:39;8657017;cmd.exe;2464;RegCloseKey;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize;SUCCESS;
16:41:39;8658710;cmd.exe;2464;Thread Exit;;SUCCESS;User Time: 0.0000000, Kernel Time: 0.0781250
16:41:39;8665043;cmd.exe;2464;Process Exit;;SUCCESS;Exit Status: 0, User Time: 0.0156250, Kernel Time: 0.0781250, Private Bytes: 2.011.136, Peak Private Bytes: 2.060.288, Working Set: 2.732.032, Peak Working Set: 2.748.416
16:41:39;8667276;cmd.exe;2464;CloseFile;C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83;SUCCESS;
16:41:39;9250551;MySQLWorkbench.exe;3160;QueryOpen;C:\WINDOWS\system32\msimtf.dll;SUCCESS;CreationTime: 28-02-2006 13:00:00, LastAccessTime: 22-02-2010 16:41:39, LastWriteTime: 14-04-2008 01:11:59, ChangeTime: 07-09-2008 18:00:16, AllocationSize: 159.744, EndOfFile: 159.232, FileAttributes: A
16:41:39;9253523;MySQLWorkbench.exe;3160;CreateFile;C:\WINDOWS\system32\msimtf.dll;SUCCESS;Desired Access: Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened
16:41:39;9257323;MySQLWorkbench.exe;3160;QueryStandardInformationFile;C:\WINDOWS\system32\msimtf.dll;SUCCESS;AllocationSize: 159.744, EndOfFile: 159.232, NumberOfLinks: 1, DeletePending: False, Directory: False
16:41:39;9259943;MySQLWorkbench.exe;3160;CloseFile;C:\WINDOWS\system32\msimtf.dll;SUCCESS;
16:41:39;9292967;MySQLWorkbench.exe;3160;QueryOpen;C:\Program Files\MySQL\MySQL Workbench 5.2 OSS\mysql.exe;SUCCESS;CreationTime: 03-11-2009 21:08:02, LastAccessTime: 22-02-2010 11:59:04, LastWriteTime: 03-11-2009 21:08:02, ChangeTime: 22-02-2010 11:59:04, AllocationSize: 2.351.104, EndOfFile: 2.347.648, FileAttributes: A
16:41:39;9299381;MySQLWorkbench.exe;3160;QueryOpen;C:\Documents and Settings\Margriet\Application Data\MySQL\Workbench\workbench_user_data.dat;SUCCESS;CreationTime: 22-02-2010 14:57:05, LastAccessTime: 22-02-2010 16:41:19, LastWriteTime: 22-02-2010 14:57:05, ChangeTime: 22-02-2010 14:57:05, AllocationSize: 376, EndOfFile: 370, FileAttributes: A
16:41:39;9301811;MySQLWorkbench.exe;3160;CreateFile;C:\Documents and Settings\Margriet\Application Data\MySQL\Workbench\workbench_user_data.dat;SUCCESS;Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened
16:41:39;9304999;MySQLWorkbench.exe;3160;ReadFile;C:\Documents and Settings\Margriet\Application Data\MySQL\Workbench\workbench_user_data.dat;SUCCESS;Offset: 0, Length: 370
16:41:39;9306974;MySQLWorkbench.exe;3160;ReadFile;C:\Documents and Settings\Margriet\Application Data\MySQL\Workbench\workbench_user_data.dat;END OF FILE;Offset: 370, Length: 4.096
16:41:39;9308849;MySQLWorkbench.exe;3160;CloseFile;C:\Documents and Settings\Margriet\Application Data\MySQL\Workbench\workbench_user_data.dat;SUCCESS;
16:41:39;9399681;MySQLWorkbench.exe;3160;Thread Create;;SUCCESS;Thread ID: 3556
16:41:39;9412870;MySQLWorkbench.exe;3160;CreateFile;C:\WINDOWS\Temp\tmpmjridc;SUCCESS;Desired Access: Generic Read/Write, Disposition: Create, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, Write, AllocationSize: 0, OpenResult: Created
16:41:39;9418581;MySQLWorkbench.exe;3160;QueryInformationVolume;C:\WINDOWS\Temp\tmpmjridc;BUFFER OVERFLOW;VolumeCreationTime: 29-01-2008 15:00:09, VolumeSerialNumber: 9843-BA8B, SupportsObjects: True, VolumeLabel: Loc?
16:41:39;9420092;MySQLWorkbench.exe;3160;QueryAllInformationFile;C:\WINDOWS\Temp\tmpmjridc;BUFFER OVERFLOW;CreationTime: 22-02-2010 16:41:39, LastAccessTime: 22-02-2010 16:41:39, LastWriteTime: 22-02-2010 16:41:39, ChangeTime: 22-02-2010 16:41:39, FileAttributes: A, AllocationSize: 0, EndOfFile: 0, NumberOfLinks: 1, DeletePending: False, Directory: False, IndexNumber: 0x340000000230f2, EaSize: 0, Access: Generic Read/Write, Position: 0, Mode: Synchronous IO Non-Alert, AlignmentRequirement: Word
16:41:39;9424551;MySQLWorkbench.exe;3160;CreateFile;C:\WINDOWS\Temp\tmpmjridc;SUCCESS;Desired Access: Generic Write, Read Attributes, Disposition: OverwriteIf, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, Write, AllocationSize: 0, OpenResult: Overwritten
16:41:39;9427981;MySQLWorkbench.exe;3160;CreateFile;C:\WINDOWS\Temp;SUCCESS;Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Open For Backup, Attributes: N, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened
16:41:39;9429666;MySQLWorkbench.exe;3160;CloseFile;C:\WINDOWS\Temp;SUCCESS;
16:41:39;9434786;MySQLWorkbench.exe;3160;QueryInformationVolume;C:\WINDOWS\Temp\tmpmjridc;BUFFER OVERFLOW;VolumeCreationTime: 29-01-2008 15:00:09, VolumeSerialNumber: 9843-BA8B, SupportsObjects: True, VolumeLabel: Loc

16:41:39;9437812;MySQLWorkbench.exe;3160;QueryAllInformationFile;C:\WINDOWS\Temp\tmpmjridc;BUFFER OVERFLOW;CreationTime: 22-02-2010 16:41:39, LastAccessTime: 22-02-2010 16:41:39, LastWriteTime: 22-02-2010 16:41:39, ChangeTime: 22-02-2010 16:41:39, FileAttributes: A, AllocationSize: 0, EndOfFile: 0, NumberOfLinks: 1, DeletePending: False, Directory: False, IndexNumber: 0x340000000230f2, EaSize: 0, Access: Generic Read/Write, Position: 0, Mode: Synchronous IO Non-Alert, AlignmentRequirement: Word
16:41:39;9439714;MySQLWorkbench.exe;3160;CloseFile;C:\WINDOWS\Temp\tmpmjridc;SUCCESS;
16:41:39;9442659;MySQLWorkbench.exe;3160;WriteFile;C:\WINDOWS\Temp\tmpmjridc;SUCCESS;Offset: 0, Length: 27
16:41:39;9445299;MySQLWorkbench.exe;3160;CloseFile;C:\WINDOWS\Temp\tmpmjridc;SUCCESS;
16:41:39;9449068;MySQLWorkbench.exe;3160;CreateFile;C:\WINDOWS\Temp\tmpmjridc;SUCCESS;Desired Access: Generic Read, Write Attributes, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Complete If Oplocked, Random Access, Attributes: N, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened
16:41:39;9450937;MySQLWorkbench.exe;3160;QueryBasicInformationFile;C:\WINDOWS\Temp\tmpmjridc;SUCCESS;CreationTime: 22-02-2010 16:41:39, LastAccessTime: 22-02-2010 16:41:39, LastWriteTime: 22-02-2010 16:41:39, ChangeTime: 22-02-2010 16:41:39, FileAttributes: A
16:41:39;9452599;MySQLWorkbench.exe;3160;SetBasicInformationFile;C:\WINDOWS\Temp\tmpmjridc;SUCCESS;CreationTime: 01-01-1601 00:59:59, LastAccessTime: 01-01-1601 00:59:59, LastWriteTime: 01-01-1601 00:59:59, ChangeTime: 01-01-1601 00:59:59, FileAttributes: n/a
16:41:39;9454317;MySQLWorkbench.exe;3160;QueryStandardInformationFile;C:\WINDOWS\Temp\tmpmjridc;SUCCESS;AllocationSize: 32, EndOfFile: 27, NumberOfLinks: 1, DeletePending: False, Directory: False
16:41:39;9455946;MySQLWorkbench.exe;3160;ReadFile;C:\WINDOWS\Temp\tmpmjridc;SUCCESS;Offset: 0, Length: 27
16:41:39;9458153;MySQLWorkbench.exe;3160;ReadFile;C:\WINDOWS\Temp\tmpmjridc;SUCCESS;Offset: 0, Length: 27
16:41:39;9460175;MySQLWorkbench.exe;3160;ReadFile;C:\WINDOWS\Temp\tmpmjridc;SUCCESS;Offset: 0, Length: 27
16:41:39;9462664;MySQLWorkbench.exe;3160;ReadFile;C:\WINDOWS\Temp\tmpmjridc;SUCCESS;Offset: 0, Length: 2
16:41:39;9464519;MySQLWorkbench.exe;3160;ReadFile;C:\WINDOWS\Temp\tmpmjridc;SUCCESS;Offset: 0, Length: 27
16:41:39;9467366;MySQLWorkbench.exe;3160;ReadFile;C:\WINDOWS\Temp\tmpmjridc;SUCCESS;Offset: 0, Length: 27
16:41:39;9469126;MySQLWorkbench.exe;3160;ReadFile;C:\WINDOWS\Temp\tmpmjridc;SUCCESS;Offset: 0, Length: 27
16:41:39;9472721;MySQLWorkbench.exe;3160;ReadFile;C:\WINDOWS\Temp\tmpmjridc;SUCCESS;Offset: 0, Length: 27
16:41:39;9474588;MySQLWorkbench.exe;3160;ReadFile;C:\WINDOWS\Temp\tmpmjridc;SUCCESS;Offset: 0, Length: 27
16:41:39;9476426;MySQLWorkbench.exe;3160;ReadFile;C:\WINDOWS\Temp\tmpmjridc;SUCCESS;Offset: 0, Length: 27
16:41:39;9479468;MySQLWorkbench.exe;3160;ReadFile;C:\WINDOWS\Temp\tmpmjridc;SUCCESS;Offset: 0, Length: 27
16:41:39;9481443;MySQLWorkbench.exe;3160;ReadFile;C:\WINDOWS\Temp\tmpmjridc;SUCCESS;Offset: 0, Length: 4
16:41:39;9484181;MySQLWorkbench.exe;3160;CloseFile;C:\WINDOWS\Temp\tmpmjridc;SUCCESS;
16:41:39;9486760;MySQLWorkbench.exe;3160;CreateFile;C:\WINDOWS\Temp\tmpmjridc;SUCCESS;Desired Access: Read Attributes, Write Attributes, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened
16:41:39;9488458;MySQLWorkbench.exe;3160;QueryBasicInformationFile;C:\WINDOWS\Temp\tmpmjridc;SUCCESS;CreationTime: 22-02-2010 16:41:39, LastAccessTime: 22-02-2010 16:41:39, LastWriteTime: 22-02-2010 16:41:39, ChangeTime: 22-02-2010 16:41:39, FileAttributes: A
16:41:39;9490134;MySQLWorkbench.exe;3160;CloseFile;C:\WINDOWS\Temp\tmpmjridc;SUCCESS;
16:41:39;9495730;MySQLWorkbench.exe;3160;CreateFile;C:\WINDOWS\Temp\tmpmjridc;SUCCESS;Desired Access: Read Attributes, Delete, Disposition: Open, Options: Non-Directory File, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened
16:41:39;9497448;MySQLWorkbench.exe;3160;QueryAttributeTagFile;C:\WINDOWS\Temp\tmpmjridc;SUCCESS;Attributes: A, ReparseTag: 0x0
16:41:39;9499015;MySQLWorkbench.exe;3160;SetDispositionInformationFile;C:\WINDOWS\Temp\tmpmjridc;SUCCESS;Delete: True
16:41:39;9500781;MySQLWorkbench.exe;3160;CloseFile;C:\WINDOWS\Temp\tmpmjridc;SUCCESS;
16:41:39;9505902;MySQLWorkbench.exe;3160;QueryOpen;C:\Program Files\MySQL\MySQL Workbench 5.2 OSS\python\threading.py;SUCCESS;CreationTime: 20-10-2009 20:36:20, LastAccessTime: 22-02-2010 16:41:19, LastWriteTime: 20-10-2009 20:36:20, ChangeTime: 22-02-2010 11:59:13, AllocationSize: 32.768, EndOfFile: 32.459, FileAttributes: A
16:41:39;9508765;MySQLWorkbench.exe;3160;QueryOpen;C:\Program Files\MySQL\MySQL Workbench 5.2 OSS\modules\wb_admin_export.py;SUCCESS;CreationTime: 16-02-2010 20:30:14, LastAccessTime: 22-02-2010 16:41:19, LastWriteTime: 16-02-2010 20:30:14, ChangeTime: 22-02-2010 11:59:17, AllocationSize: 57.344, EndOfFile: 55.477, FileAttributes: A
16:41:39;9513109;MySQLWorkbench.exe;3160;QueryOpen;C:\Program Files\MySQL\MySQL Workbench 5.2 OSS\modules\wb_admin_export.py;SUCCESS;CreationTime: 16-02-2010 20:30:14, LastAccessTime: 22-02-2010 16:41:19, LastWriteTime: 16-02-2010 20:30:14, ChangeTime: 22-02-2010 11:59:17, AllocationSize: 57.344, EndOfFile: 55.477, FileAttributes: A
16:41:39;9516098;MySQLWorkbench.exe;3160;QueryOpen;C:\Program Files\MySQL\MySQL Workbench 5.2 OSS\python\subprocess.py;SUCCESS;CreationTime: 20-10-2009 20:36:20, LastAccessTime: 22-02-2010 16:41:19, LastWriteTime: 20-10-2009 20:36:20, ChangeTime: 22-02-2010 11:59:13, AllocationSize: 49.152, EndOfFile: 47.822, FileAttributes: A
16:41:39;9518870;MySQLWorkbench.exe;3160;QueryOpen;C:\Program Files\MySQL\MySQL Workbench 5.2 OSS\python\subprocess.py;SUCCESS;CreationTime: 20-10-2009 20:36:20, LastAccessTime: 22-02-2010 16:41:19, LastWriteTime: 20-10-2009 20:36:20, ChangeTime: 22-02-2010 11:59:13, AllocationSize: 49.152, EndOfFile: 47.822, FileAttributes: A
16:41:39;9531827;MySQLWorkbench.exe;3160;QueryOpen;C:\Program Files\MySQL\MySQL Workbench 5.2 OSS\python\subprocess.py;SUCCESS;CreationTime: 20-10-2009 20:36:20, LastAccessTime: 22-02-2010 16:41:19, LastWriteTime: 20-10-2009 20:36:20, ChangeTime: 22-02-2010 11:59:13, AllocationSize: 49.152, EndOfFile: 47.822, FileAttributes: A
16:41:39;9540124;MySQLWorkbench.exe;3160;Thread Exit;;SUCCESS;User Time: 0.0000000, Kernel Time: 0.0000000
16:41:41;8678277;MySQLWorkbench.exe;3160;QueryOpen;C:\WINDOWS\system32\cmd.exe;SUCCESS;CreationTime: 28-02-2006 13:00:00, LastAccessTime: 22-02-2010 16:41:39, LastWriteTime: 14-04-2008 01:12:14, ChangeTime: 22-02-2010 16:41:39, AllocationSize: 389.120, EndOfFile: 389.120, FileAttributes: A
16:41:41;8680788;MySQLWorkbench.exe;3160;QueryOpen;C:\WINDOWS\system32\cmd.exe;SUCCESS;CreationTime: 28-02-2006 13:00:00, LastAccessTime: 22-02-2010 16:41:39, LastWriteTime: 14-04-2008 01:12:14, ChangeTime: 22-02-2010 16:41:39, AllocationSize: 389.120, EndOfFile: 389.120, FileAttributes: A
16:41:41;8683448;MySQLWorkbench.exe;3160;CreateFile;C:\WINDOWS\system32\cmd.exe;SUCCESS;Desired Access: Read Data/List Directory, Execute/Traverse, Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened
16:41:41;8690217;MySQLWorkbench.exe;3160;CreateFile;C:\WINDOWS\AppPatch\sysmain.sdb;SUCCESS;Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, AllocationSize: n/a, OpenResult: Opened
16:41:41;8693083;MySQLWorkbench.exe;3160;QueryStandardInformationFile;C:\WINDOWS\AppPatch\sysmain.sdb;SUCCESS;AllocationSize: 1.208.320, EndOfFile: 1.206.508, NumberOfLinks: 1, DeletePending: False, Directory: False
16:41:41;8694947;MySQLWorkbench.exe;3160;QueryStandardInformationFile;C:\WINDOWS\AppPatch\sysmain.sdb;SUCCESS;AllocationSize: 1.208.320, EndOfFile: 1.206.508, NumberOfLinks: 1, DeletePending: False, Directory: False
16:41:41;8697165;MySQLWorkbench.exe;3160;QueryStandardInformationFile;C:\WINDOWS\AppPatch\sysmain.sdb;SUCCESS;AllocationSize: 1.208.320, EndOfFile: 1.206.508, NumberOfLinks: 1, DeletePending: False, Directory: False
16:41:41;8699573;MySQLWorkbench.exe;3160;CreateFile;C:\WINDOWS\AppPatch\systest.sdb;NAME NOT FOUND;Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, AllocationSize: n/a
16:41:41;8700408;MySQLWorkbench.exe;3160;RegOpenKey;HKLM\System\WPA\TabletPC;NAME NOT FOUND;Desired Access: Query Value, WOW64_64Key
16:41:41;8700674;MySQLWorkbench.exe;3160;RegOpenKey;HKLM\SYSTEM\WPA\MediaCenter;SUCCESS;Desired Access: Query Value, WOW64_64Key
16:41:41;8701020;MySQLWorkbench.exe;3160;RegQueryValue;HKLM\SYSTEM\WPA\MediaCenter\Installed;SUCCESS;Type: REG_DWORD, Length: 4, Data: 0
16:41:41;8701375;MySQLWorkbench.exe;3160;RegCloseKey;HKLM\SYSTEM\WPA\MediaCenter;SUCCESS;
16:41:41;8703451;MySQLWorkbench.exe;3160;CreateFile;C:\WINDOWS\system32;SUCCESS;Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened
16:41:41;8704881;MySQLWorkbench.exe;3160;QueryDirectory;C:\WINDOWS\system32\cmd.exe;SUCCESS;Filter: cmd.exe, 1: cmd.exe
16:41:41;8706940;MySQLWorkbench.exe;3160;CloseFile;C:\WINDOWS\system32;SUCCESS;
16:41:41;8710627;MySQLWorkbench.exe;3160;QueryOpen;C:\WINDOWS\system32\cmd.exe;SUCCESS;CreationTime: 28-02-2006 13:00:00, LastAccessTime: 22-02-2010 16:41:39, LastWriteTime: 14-04-2008 01:12:14, ChangeTime: 22-02-2010 16:41:39, AllocationSize: 389.120, EndOfFile: 389.120, FileAttributes: A
16:41:41;8710977;MySQLWorkbench.exe;3160;CreateFile;C:\;SUCCESS;Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened
16:41:41;8711329;MySQLWorkbench.exe;3160;QueryDirectory;C:\WINDOWS;SUCCESS;Filter: WINDOWS, 1: WINDOWS
16:41:41;8711739;MySQLWorkbench.exe;3160;CloseFile;C:\;SUCCESS;
16:41:41;8713253;MySQLWorkbench.exe;3160;CreateFile;C:\WINDOWS;SUCCESS;Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened
16:41:41;8714145;MySQLWorkbench.exe;3160;QueryDirectory;C:\WINDOWS\system32;SUCCESS;Filter: system32, 1: system32
16:41:41;8715094;MySQLWorkbench.exe;3160;CloseFile;C:\WINDOWS;SUCCESS;
16:41:41;8717357;MySQLWorkbench.exe;3160;CreateFile;C:\WINDOWS\system32;SUCCESS;Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened
16:41:41;8718776;MySQLWorkbench.exe;3160;QueryDirectory;C:\WINDOWS\system32\cmd.exe;SUCCESS;Filter: cmd.exe, 1: cmd.exe
16:41:41;8720313;MySQLWorkbench.exe;3160;CloseFile;C:\WINDOWS\system32;SUCCESS;
16:41:41;8720925;MySQLWorkbench.exe;3160;RegOpenKey;HKLM\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers;SUCCESS;Desired Access: Read, WOW64_64Key
16:41:41;8721419;MySQLWorkbench.exe;3160;RegQueryValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\WINDOWS\system32\cmd.exe;NAME NOT FOUND;Length: 1.024
16:41:41;8721743;MySQLWorkbench.exe;3160;RegCloseKey;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers;SUCCESS;
16:41:41;8722025;MySQLWorkbench.exe;3160;RegOpenKey;HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers;NAME NOT FOUND;Desired Access: Read, WOW64_64Key
16:41:41;8722274;MySQLWorkbench.exe;3160;RegOpenKey;HKLM\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom\cmd.exe;NAME NOT FOUND;Desired Access: Read, WOW64_64Key
16:41:41;8726057;MySQLWorkbench.exe;3160;QueryOpen;C:\WINDOWS\system32\cmd.exe;SUCCESS;CreationTime: 28-02-2006 13:00:00, LastAccessTime: 22-02-2010 16:41:39, LastWriteTime: 14-04-2008 01:12:14, ChangeTime: 22-02-2010 16:41:39, AllocationSize: 389.120, EndOfFile: 389.120, FileAttributes: A
16:41:41;8728895;MySQLWorkbench.exe;3160;QueryOpen;C:\WINDOWS\system32\cmd.exe;SUCCESS;CreationTime: 28-02-2006 13:00:00, LastAccessTime: 22-02-2010 16:41:39, LastWriteTime: 14-04-2008 01:12:14, ChangeTime: 22-02-2010 16:41:39, AllocationSize: 389.120, EndOfFile: 389.120, FileAttributes: A
16:41:41;8731387;MySQLWorkbench.exe;3160;CreateFile;C:\WINDOWS\system32\cmd.exe;SUCCESS;Desired Access: Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened
16:41:41;8734566;MySQLWorkbench.exe;3160;QueryStandardInformationFile;C:\WINDOWS\system32\cmd.exe;SUCCESS;AllocationSize: 389.120, EndOfFile: 389.120, NumberOfLinks: 1, DeletePending: False, Directory: False
16:41:41;8736754;MySQLWorkbench.exe;3160;CloseFile;C:\WINDOWS\system32\cmd.exe;SUCCESS;
16:41:41;8739910;MySQLWorkbench.exe;3160;QueryOpen;C:\WINDOWS\system32\cmd.exe;SUCCESS;CreationTime: 28-02-2006 13:00:00, LastAccessTime: 22-02-2010 16:41:41, LastWriteTime: 14-04-2008 01:12:14, ChangeTime: 22-02-2010 16:41:39, AllocationSize: 389.120, EndOfFile: 389.120, FileAttributes: A
16:41:41;8742305;MySQLWorkbench.exe;3160;CreateFile;C:\WINDOWS\system32\cmd.exe;SUCCESS;Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened
16:41:41;8745294;MySQLWorkbench.exe;3160;QueryStandardInformationFile;C:\WINDOWS\system32\cmd.exe;SUCCESS;AllocationSize: 389.120, EndOfFile: 389.120, NumberOfLinks: 1, DeletePending: False, Directory: False
16:41:41;8747453;MySQLWorkbench.exe;3160;CloseFile;C:\WINDOWS\system32\cmd.exe;SUCCESS;
16:41:41;8751431;MySQLWorkbench.exe;3160;QueryOpen;C:\WINDOWS\system32\cmd.exe;SUCCESS;CreationTime: 28-02-2006 13:00:00, LastAccessTime: 22-02-2010 16:41:41, LastWriteTime: 14-04-2008 01:12:14, ChangeTime: 22-02-2010 16:41:39, AllocationSize: 389.120, EndOfFile: 389.120, FileAttributes: A
16:41:41;8754348;MySQLWorkbench.exe;3160;CreateFile;C:\WINDOWS\system32\cmd.exe;SUCCESS;Desired Access: Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened
16:41:41;8758114;MySQLWorkbench.exe;3160;QueryStandardInformationFile;C:\WINDOWS\system32\cmd.exe;SUCCESS;AllocationSize: 389.120, EndOfFile: 389.120, NumberOfLinks: 1, DeletePending: False, Directory: False
16:41:41;8761877;MySQLWorkbench.exe;3160;CloseFile;C:\WINDOWS\system32\cmd.exe;SUCCESS;
16:41:41;8765193;MySQLWorkbench.exe;3160;QueryOpen;C:\WINDOWS\system32\cmd.exe;SUCCESS;CreationTime: 28-02-2006 13:00:00, LastAccessTime: 22-02-2010 16:41:41, LastWriteTime: 14-04-2008 01:12:14, ChangeTime: 22-02-2010 16:41:39, AllocationSize: 389.120, EndOfFile: 389.120, FileAttributes: A
16:41:41;8767623;MySQLWorkbench.exe;3160;CreateFile;C:\WINDOWS\system32\cmd.exe;SUCCESS;Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened
16:41:41;8770741;MySQLWorkbench.exe;3160;QueryStandardInformationFile;C:\WINDOWS\system32\cmd.exe;SUCCESS;AllocationSize: 389.120, EndOfFile: 389.120, NumberOfLinks: 1, DeletePending: False, Directory: False
16:41:41;8772931;MySQLWorkbench.exe;3160;CloseFile;C:\WINDOWS\system32\cmd.exe;SUCCESS;
16:41:41;8775175;MySQLWorkbench.exe;3160;RegOpenKey;HKLM\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags;SUCCESS;Desired Access: Read, WOW64_64Key
16:41:41;8775652;MySQLWorkbench.exe;3160;RegQueryValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\{d021b888-14a2-4219-8812-31b4a9370c33};NAME NOT FOUND;Length: 1.024
16:41:41;8775979;MySQLWorkbench.exe;3160;RegCloseKey;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags;SUCCESS;
16:41:41;8776256;MySQLWorkbench.exe;3160;RegOpenKey;HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags;NAME NOT FOUND;Desired Access: Read, WOW64_64Key
16:41:41;8779700;MySQLWorkbench.exe;3160;CloseFile;C:\WINDOWS\AppPatch\sysmain.sdb;SUCCESS;
16:41:41;8780228;MySQLWorkbench.exe;3160;RegOpenKey;HKLM\System\CurrentControlSet\Control\SafeBoot\Option;NAME NOT FOUND;Desired Access: Query Value, Set Value
16:41:41;8781120;MySQLWorkbench.exe;3160;RegOpenKey;HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers;SUCCESS;Desired Access: Maximum Allowed
16:41:41;8781486;MySQLWorkbench.exe;3160;RegQueryKey;HKLM\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers;SUCCESS;Query: Basic, Name: CodeIdentifiers
16:41:41;8781784;MySQLWorkbench.exe;3160;RegCloseKey;HKLM\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers;SUCCESS;
16:41:41;8782019;MySQLWorkbench.exe;3160;RegOpenKey;HKCU;SUCCESS;Desired Access: Read
16:41:41;8782310;MySQLWorkbench.exe;3160;RegOpenKey;HKCU\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers;NAME NOT FOUND;Desired Access: Maximum Allowed
16:41:41;8782600;MySQLWorkbench.exe;3160;RegCloseKey;HKCU;SUCCESS;
16:41:41;8784788;MySQLWorkbench.exe;3160;QueryNameInformationFile;C:\WINDOWS\system32\cmd.exe;SUCCESS;Name: \WINDOWS\system32\cmd.exe
16:41:41;8787380;MySQLWorkbench.exe;3160;QueryOpen;C:\WINDOWS\system32\cmd.exe;SUCCESS;CreationTime: 28-02-2006 13:00:00, LastAccessTime: 22-02-2010 16:41:41, LastWriteTime: 14-04-2008 01:12:14, ChangeTime: 22-02-2010 16:41:39, AllocationSize: 389.120, EndOfFile: 389.120, FileAttributes: A
16:41:41;8788026;MySQLWorkbench.exe;3160;CreateFile;C:\;SUCCESS;Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened
16:41:41;8788391;MySQLWorkbench.exe;3160;QueryDirectory;C:\WINDOWS;SUCCESS;Filter: WINDOWS, 1: WINDOWS
16:41:41;8788808;MySQLWorkbench.exe;3160;CloseFile;C:\;SUCCESS;
16:41:41;8790341;MySQLWorkbench.exe;3160;CreateFile;C:\WINDOWS;SUCCESS;Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened
16:41:41;8791233;MySQLWorkbench.exe;3160;QueryDirectory;C:\WINDOWS\system32;SUCCESS;Filter: system32, 1: system32
16:41:41;8792196;MySQLWorkbench.exe;3160;CloseFile;C:\WINDOWS;SUCCESS;
16:41:41;8794241;MySQLWorkbench.exe;3160;CreateFile;C:\WINDOWS\system32;SUCCESS;Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened
16:41:41;8795655;MySQLWorkbench.exe;3160;QueryDirectory;C:\WINDOWS\system32\cmd.exe;SUCCESS;Filter: cmd.exe, 1: cmd.exe
16:41:41;8797152;MySQLWorkbench.exe;3160;CloseFile;C:\WINDOWS\system32;SUCCESS;
16:41:41;8800586;MySQLWorkbench.exe;3160;QueryStandardInformationFile;C:\WINDOWS\system32\cmd.exe;SUCCESS;AllocationSize: 389.120, EndOfFile: 389.120, NumberOfLinks: 1, DeletePending: False, Directory: False
16:41:41;8802505;MySQLWorkbench.exe;3160;QueryStandardInformationFile;C:\WINDOWS\system32\cmd.exe;SUCCESS;AllocationSize: 389.120, EndOfFile: 389.120, NumberOfLinks: 1, DeletePending: False, Directory: False
16:41:41;8803220;MySQLWorkbench.exe;3160;RegOpenKey;HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers;SUCCESS;Desired Access: Query Value
16:41:41;8803589;MySQLWorkbench.exe;3160;RegQueryValue;HKLM\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\LogFileName;NAME NOT FOUND;Length: 536
16:41:41;8803905;MySQLWorkbench.exe;3160;RegCloseKey;HKLM\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers;SUCCESS;
16:41:41;8804500;MySQLWorkbench.exe;3160;RegOpenKey;HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmd.exe;NAME NOT FOUND;Desired Access: Read
16:41:41;8808807;MySQLWorkbench.exe;3160;CreateFile;C:\WINDOWS\system32\cmd.exe.Manifest;NAME NOT FOUND;Desired Access: Generic Read/Execute, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, AllocationSize: n/a
16:41:41;8811825;MySQLWorkbench.exe;3160;Process Create;C:\WINDOWS\system32\cmd.exe;SUCCESS;PID: 3564, Command line: C:\WINDOWS\system32\cmd.exe /c sc query mysql 
16:41:41;8811858;cmd.exe;3564;Process Start;;SUCCESS;Parent PID: 3160
16:41:41;8811892;cmd.exe;3564;Thread Create;;SUCCESS;Thread ID: 3540
16:41:41;8813076;cmd.exe;3564;QueryNameInformationFile;C:\WINDOWS\system32\cmd.exe;SUCCESS;Name: \WINDOWS\system32\cmd.exe
16:41:41;8815037;MySQLWorkbench.exe;3160;CloseFile;C:\WINDOWS\system32\cmd.exe;SUCCESS;
16:41:41;8816705;cmd.exe;3564;Load Image;C:\WINDOWS\system32\cmd.exe;SUCCESS;Image Base: 0x4ad00000, Image Size: 0x61000
16:41:41;8820510;cmd.exe;3564;Load Image;C:\WINDOWS\system32\ntdll.dll;SUCCESS;Image Base: 0x7c900000, Image Size: 0xb2000
16:41:41;8820775;cmd.exe;3564;QueryNameInformationFile;C:\WINDOWS\system32\cmd.exe;SUCCESS;Name: \WINDOWS\system32\cmd.exe
16:41:41;8823566;cmd.exe;3564;CreateFile;C:\WINDOWS\Prefetch\CMD.EXE-034B0549.pf;SUCCESS;Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Attributes: n/a, ShareMode: None, AllocationSize: n/a, OpenResult: Opened
16:41:41;8826586;cmd.exe;3564;QueryStandardInformationFile;C:\WINDOWS\Prefetch\CMD.EXE-034B0549.pf;SUCCESS;AllocationSize: 16.384, EndOfFile: 12.392, NumberOfLinks: 1, DeletePending: False, Directory: False
16:41:41;8828190;cmd.exe;3564;ReadFile;C:\WINDOWS\Prefetch\CMD.EXE-034B0549.pf;SUCCESS;Offset: 0, Length: 12.392
16:41:41;8831531;cmd.exe;3564;CloseFile;C:\WINDOWS\Prefetch\CMD.EXE-034B0549.pf;SUCCESS;
16:41:41;8832481;cmd.exe;3564;RegOpenKey;HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmd.exe;NAME NOT FOUND;Desired Access: Read
16:41:41;8834950;cmd.exe;3564;FileSystemControl;C:\Program Files\MySQL\MySQL Workbench 5.2 OSS;SUCCESS;Control: FSCTL_IS_VOLUME_MOUNTED
16:41:41;8835987;cmd.exe;3564;FileSystemControl;C:\Program Files\MySQL\MySQL Workbench 5.2 OSS;SUCCESS;Control: FSCTL_IS_VOLUME_MOUNTED
16:41:41;8838289;cmd.exe;3564;QueryOpen;C:\WINDOWS\system32\cmd.exe.Local;NAME NOT FOUND;
16:41:41;8841460;cmd.exe;3564;Load Image;C:\WINDOWS\system32\kernel32.dll;SUCCESS;Image Base: 0x7c800000, Image Size: 0xf6000
16:41:41;8846416;cmd.exe;3564;RegOpenKey;HKLM\System\CurrentControlSet\Control\Terminal Server;SUCCESS;Desired Access: Read
16:41:41;8847041;cmd.exe;3564;RegQueryValue;HKLM\System\CurrentControlSet\Control\Terminal Server\TSAppCompat;SUCCESS;Type: REG_DWORD, Length: 4, Data: 0
16:41:41;8847458;cmd.exe;3564;RegCloseKey;HKLM\System\CurrentControlSet\Control\Terminal Server;SUCCESS;
16:41:41;8847631;cmd.exe;3564;RegOpenKey;HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmd.exe;NAME NOT FOUND;Desired Access: Read
16:41:41;8903194;cmd.exe;3564;Load Image;C:\WINDOWS\system32\msvcrt.dll;SUCCESS;Image Base: 0x77c10000, Image Size: 0x58000
16:41:41;8908750;cmd.exe;3564;Load Image;C:\WINDOWS\system32\user32.dll;SUCCESS;Image Base: 0x7e410000, Image Size: 0x91000
16:41:41;8914109;cmd.exe;3564;Load Image;C:\WINDOWS\system32\gdi32.dll;SUCCESS;Image Base: 0x77f10000, Image Size: 0x49000
16:41:41;8920450;cmd.exe;3564;QueryOpen;C:\WINDOWS\system32\shimeng.dll;SUCCESS;CreationTime: 28-02-2006 13:00:00, LastAccessTime: 22-02-2010 16:41:39, LastWriteTime: 14-04-2008 01:12:05, ChangeTime: 07-09-2008 18:13:41, AllocationSize: 65.536, EndOfFile: 65.024, FileAttributes: A
16:41:41;8923596;cmd.exe;3564;CreateFile;C:\WINDOWS\system32\shimeng.dll;SUCCESS;Desired Access: Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened
16:41:41;8928191;cmd.exe;3564;RegOpenKey;HKLM\System\CurrentControlSet\Control\SafeBoot\Option;NAME NOT FOUND;Desired Access: Query Value, Set Value
16:41:41;8928661;cmd.exe;3564;RegOpenKey;HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers;SUCCESS;Desired Access: Query Value
16:41:41;8929074;cmd.exe;3564;RegQueryValue;HKLM\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\TransparentEnabled;SUCCESS;Type: REG_DWORD, Length: 4, Data: 1
16:41:41;8929454;cmd.exe;3564;RegCloseKey;HKLM\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers;SUCCESS;
16:41:41;8929767;cmd.exe;3564;RegOpenKey;HKCU\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers;NAME NOT FOUND;Desired Access: Query Value
16:41:41;8932628;cmd.exe;3564;CloseFile;C:\WINDOWS\system32\shimeng.dll;SUCCESS;
16:41:41;8935952;cmd.exe;3564;Load Image;C:\WINDOWS\system32\shimeng.dll;SUCCESS;Image Base: 0x5cb70000, Image Size: 0x26000
16:41:41;8941299;cmd.exe;3564;CreateFile;C:\WINDOWS\AppPatch\sysmain.sdb;SUCCESS;Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, AllocationSize: n/a, OpenResult: Opened
16:41:41;8946367;cmd.exe;3564;QueryStandardInformationFile;C:\WINDOWS\AppPatch\sysmain.sdb;SUCCESS;AllocationSize: 1.208.320, EndOfFile: 1.206.508, NumberOfLinks: 1, DeletePending: False, Directory: False
16:41:41;8948378;cmd.exe;3564;QueryStandardInformationFile;C:\WINDOWS\AppPatch\sysmain.sdb;SUCCESS;AllocationSize: 1.208.320, EndOfFile: 1.206.508, NumberOfLinks: 1, DeletePending: False, Directory: False
16:41:41;8951032;cmd.exe;3564;QueryStandardInformationFile;C:\WINDOWS\AppPatch\sysmain.sdb;SUCCESS;AllocationSize: 1.208.320, EndOfFile: 1.206.508, NumberOfLinks: 1, DeletePending: False, Directory: False
16:41:41;8953915;cmd.exe;3564;CreateFile;C:\WINDOWS\AppPatch\systest.sdb;NAME NOT FOUND;Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, AllocationSize: n/a
16:41:41;8955935;cmd.exe;3564;RegOpenKey;HKLM\System\WPA\TabletPC;NAME NOT FOUND;Desired Access: Query Value, WOW64_64Key
16:41:41;8956231;cmd.exe;3564;RegOpenKey;HKLM\SYSTEM\WPA\MediaCenter;SUCCESS;Desired Access: Query Value, WOW64_64Key
16:41:41;8956597;cmd.exe;3564;RegQueryValue;HKLM\SYSTEM\WPA\MediaCenter\Installed;SUCCESS;Type: REG_DWORD, Length: 4, Data: 0
16:41:41;8956949;cmd.exe;3564;RegCloseKey;HKLM\SYSTEM\WPA\MediaCenter;SUCCESS;
16:41:41;8965934;cmd.exe;3564;CreateFile;C:\WINDOWS\AppPatch\acgenral.dll;SUCCESS;Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, AllocationSize: n/a, OpenResult: Opened
16:41:41;8969646;cmd.exe;3564;CloseFile;C:\WINDOWS\AppPatch\acgenral.dll;SUCCESS;
16:41:41;8972937;cmd.exe;3564;QueryOpen;C:\WINDOWS\AppPatch\acgenral.dll;SUCCESS;CreationTime: 28-02-2006 13:00:00, LastAccessTime: 22-02-2010 16:41:39, LastWriteTime: 14-04-2008 01:11:48, ChangeTime: 07-09-2008 18:14:01, AllocationSize: 1.855.488, EndOfFile: 1.852.928, FileAttributes: A
16:41:41;8975527;cmd.exe;3564;CreateFile;C:\WINDOWS\AppPatch\acgenral.dll;SUCCESS;Desired Access: Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened
16:41:41;8979016;cmd.exe;3564;QueryStandardInformationFile;C:\WINDOWS\AppPatch\acgenral.dll;SUCCESS;AllocationSize: 1.855.488, EndOfFile: 1.852.928, NumberOfLinks: 1, DeletePending: False, Directory: False
16:41:41;8981209;cmd.exe;3564;CloseFile;C:\WINDOWS\AppPatch\acgenral.dll;SUCCESS;
16:41:41;8984333;cmd.exe;3564;QueryOpen;C:\WINDOWS\AppPatch\acgenral.dll;SUCCESS;CreationTime: 28-02-2006 13:00:00, LastAccessTime: 22-02-2010 16:41:41, LastWriteTime: 14-04-2008 01:11:48, ChangeTime: 07-09-2008 18:14:01, AllocationSize: 1.855.488, EndOfFile: 1.852.928, FileAttributes: A
16:41:41;8986741;cmd.exe;3564;CreateFile;C:\WINDOWS\AppPatch\acgenral.dll;SUCCESS;Desired Access: Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened
16:41:41;8990023;cmd.exe;3564;QueryStandardInformationFile;C:\WINDOWS\AppPatch\acgenral.dll;SUCCESS;AllocationSize: 1.855.488, EndOfFile: 1.852.928, NumberOfLinks: 1, DeletePending: False, Directory: False
16:41:41;8992158;cmd.exe;3564;CloseFile;C:\WINDOWS\AppPatch\acgenral.dll;SUCCESS;
16:41:41;8995094;cmd.exe;3564;QueryOpen;C:\WINDOWS\AppPatch\acgenral.dll;SUCCESS;CreationTime: 28-02-2006 13:00:00, LastAccessTime: 22-02-2010 16:41:41, LastWriteTime: 14-04-2008 01:11:48, ChangeTime: 07-09-2008 18:14:01, AllocationSize: 1.855.488, EndOfFile: 1.852.928, FileAttributes: A
16:41:41;8997463;cmd.exe;3564;CreateFile;C:\WINDOWS\AppPatch\acgenral.dll;SUCCESS;Desired Access: Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened
16:41:41;9004117;cmd.exe;3564;CloseFile;C:\WINDOWS\AppPatch\acgenral.dll;SUCCESS;
16:41:41;9007352;cmd.exe;3564;Load Image;C:\WINDOWS\AppPatch\acgenral.dll;SUCCESS;Image Base: 0x6f880000, Image Size: 0x1ca000
16:41:41;9011305;cmd.exe;3564;Load Image;C:\WINDOWS\system32\advapi32.dll;SUCCESS;Image Base: 0x77dd0000, Image Size: 0x9b000
16:41:41;9015742;cmd.exe;3564;Load Image;C:\WINDOWS\system32\rpcrt4.dll;SUCCESS;Image Base: 0x77e70000, Image Size: 0x92000
16:41:41;9020435;cmd.exe;3564;Load Image;C:\WINDOWS\system32\secur32.dll;SUCCESS;Image Base: 0x77fe0000, Image Size: 0x11000
16:41:41;9025553;cmd.exe;3564;QueryOpen;C:\WINDOWS\system32\winmm.dll;SUCCESS;CreationTime: 28-02-2006 13:00:00, LastAccessTime: 22-02-2010 16:41:39, LastWriteTime: 14-04-2008 01:12:09, ChangeTime: 07-09-2008 18:13:37, AllocationSize: 176.128, EndOfFile: 176.128, FileAttributes: A
16:41:41;9028509;cmd.exe;3564;CreateFile;C:\WINDOWS\system32\winmm.dll;SUCCESS;Desired Access: Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened
16:41:41;9034523;cmd.exe;3564;CloseFile;C:\WINDOWS\system32\winmm.dll;SUCCESS;
16:41:41;9037582;cmd.exe;3564;Load Image;C:\WINDOWS\system32\winmm.dll;SUCCESS;Image Base: 0x76b40000, Image Size: 0x2d000
16:41:41;9042485;cmd.exe;3564;Load Image;C:\WINDOWS\system32\ole32.dll;SUCCESS;Image Base: 0x774e0000, Image Size: 0x13d000
16:41:41;9048165;cmd.exe;3564;Load Image;C:\WINDOWS\system32\oleaut32.dll;SUCCESS;Image Base: 0x77120000, Image Size: 0x8b000
16:41:41;9052925;cmd.exe;3564;QueryOpen;C:\WINDOWS\system32\msacm32.dll;SUCCESS;CreationTime: 28-02-2006 13:00:00, LastAccessTime: 22-02-2010 16:41:39, LastWriteTime: 14-04-2008 01:11:58, ChangeTime: 07-09-2008 18:13:49, AllocationSize: 73.728, EndOfFile: 71.680, FileAttributes: A
16:41:41;9055844;cmd.exe;3564;CreateFile;C:\WINDOWS\system32\msacm32.dll;SUCCESS;Desired Access: Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened
16:41:41;9062748;cmd.exe;3564;CloseFile;C:\WINDOWS\system32\msacm32.dll;SUCCESS;
16:41:41;9068961;cmd.exe;3564;Load Image;C:\WINDOWS\system32\msacm32.dll;SUCCESS;Image Base: 0x77be0000, Image Size: 0x15000
16:41:41;9075551;cmd.exe;3564;Load Image;C:\WINDOWS\system32\version.dll;SUCCESS;Image Base: 0x77c00000, Image Size: 0x8000
16:41:41;9080297;cmd.exe;3564;Load Image;C:\WINDOWS\system32\shell32.dll;SUCCESS;Image Base: 0x7c9c0000, Image Size: 0x817000
16:41:41;9085577;cmd.exe;3564;Load Image;C:\WINDOWS\system32\shlwapi.dll;SUCCESS;Image Base: 0x77f60000, Image Size: 0x76000
16:41:41;9092257;cmd.exe;3564;Load Image;C:\WINDOWS\system32\userenv.dll;SUCCESS;Image Base: 0x769c0000, Image Size: 0xb4000
16:41:41;9097406;cmd.exe;3564;QueryOpen;C:\WINDOWS\system32\uxtheme.dll;SUCCESS;CreationTime: 28-02-2006 13:00:00, LastAccessTime: 22-02-2010 16:41:39, LastWriteTime: 14-04-2008 01:12:08, ChangeTime: 07-09-2008 18:13:38, AllocationSize: 221.184, EndOfFile: 218.624, FileAttributes: A
16:41:41;9100384;cmd.exe;3564;CreateFile;C:\WINDOWS\system32\uxtheme.dll;SUCCESS;Desired Access: Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened
16:41:41;9139581;cmd.exe;3564;CloseFile;C:\WINDOWS\system32\uxtheme.dll;SUCCESS;
16:41:41;9145529;cmd.exe;3564;Load Image;C:\WINDOWS\system32\uxtheme.dll;SUCCESS;Image Base: 0x5ad70000, Image Size: 0x38000
16:41:41;9148677;cmd.exe;3564;RegOpenKey;HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AcGenral.DLL;NAME NOT FOUND;Desired Access: Read
16:41:41;9153603;cmd.exe;3564;RegOpenKey;HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ntdll.dll;NAME NOT FOUND;Desired Access: Read
16:41:41;9153916;cmd.exe;3564;RegOpenKey;HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kernel32.dll;NAME NOT FOUND;Desired Access: Read
16:41:41;9154142;cmd.exe;3564;RegOpenKey;HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msvcrt.dll;NAME NOT FOUND;Desired Access: Read
16:41:41;9154365;cmd.exe;3564;RegOpenKey;HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GDI32.dll;NAME NOT FOUND;Desired Access: Read
16:41:41;9154583;cmd.exe;3564;RegOpenKey;HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\USER32.dll;NAME NOT FOUND;Desired Access: Read
16:41:41;9154793;cmd.exe;3564;RegOpenKey;HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ShimEng.dll;NAME NOT FOUND;Desired Access: Read
16:41:41;9155005;cmd.exe;3564;RegOpenKey;HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Secur32.dll;NAME NOT FOUND;Desired Access: Read
16:41:41;9155215;cmd.exe;3564;RegOpenKey;HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RPCRT4.dll;NAME NOT FOUND;Desired Access: Read
16:41:41;9155424;cmd.exe;3564;RegOpenKey;HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ADVAPI32.dll;NAME NOT FOUND;Desired Access: Read
16:41:41;9155656;cmd.exe;3564;RegOpenKey;HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WINMM.dll;NAME NOT FOUND;Desired Access: Read
16:41:41;9155919;cmd.exe;3564;RegOpenKey;HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ole32.dll;NAME NOT FOUND;Desired Access: Read
16:41:41;9156190;cmd.exe;3564;RegOpenKey;HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\OLEAUT32.dll;NAME NOT FOUND;Desired Access: Read
16:41:41;9156430;cmd.exe;3564;RegOpenKey;HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MSACM32.dll;NAME NOT FOUND;Desired Access: Read
16:41:41;9156639;cmd.exe;3564;RegOpenKey;HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\VERSION.dll;NAME NOT FOUND;Desired Access: Read
16:41:41;9156871;cmd.exe;3564;RegOpenKey;HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SHLWAPI.dll;NAME NOT FOUND;Desired Access: Read
16:41:41;9157092;cmd.exe;3564;RegOpenKey;HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SHELL32.dll;NAME NOT FOUND;Desired Access: Read
16:41:41;9157335;cmd.exe;3564;RegOpenKey;HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\USERENV.dll;NAME NOT FOUND;Desired Access: Read
16:41:41;9157550;cmd.exe;3564;RegOpenKey;HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UxTheme.dll;NAME NOT FOUND;Desired Access: Read
16:41:41;9161989;cmd.exe;3564;CloseFile;C:\WINDOWS\AppPatch\sysmain.sdb;SUCCESS;
16:41:41;9167867;cmd.exe;3564;RegOpenKey;HKLM\System\CurrentControlSet\Control\Session Manager;SUCCESS;Desired Access: Query Value
16:41:41;9168473;cmd.exe;3564;RegQueryValue;HKLM\System\CurrentControlSet\Control\Session Manager\SafeDllSearchMode;NAME NOT FOUND;Length: 16
16:41:41;9168940;cmd.exe;3564;RegCloseKey;HKLM\System\CurrentControlSet\Control\Session Manager;SUCCESS;
16:41:41;9172097;cmd.exe;3564;QueryOpen;C:\WINDOWS\system32\imm32.dll;SUCCESS;CreationTime: 28-02-2006 13:00:00, LastAccessTime: 22-02-2010 16:41:39, LastWriteTime: 14-04-2008 01:11:54, ChangeTime: 07-09-2008 18:13:51, AllocationSize: 110.592, EndOfFile: 110.080, FileAttributes: A
16:41:41;9174957;cmd.exe;3564;CreateFile;C:\WINDOWS\system32\imm32.dll;SUCCESS;Desired Access: Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened
16:41:41;9179176;cmd.exe;3564;QueryStandardInformationFile;C:\WINDOWS\system32\imm32.dll;SUCCESS;AllocationSize: 110.592, EndOfFile: 110.080, NumberOfLinks: 1, DeletePending: False, Directory: False
16:41:41;9181550;cmd.exe;3564;CloseFile;C:\WINDOWS\system32\imm32.dll;SUCCESS;
16:41:41;9185037;cmd.exe;3564;QueryOpen;C:\WINDOWS\system32\imm32.dll;SUCCESS;CreationTime: 28-02-2006 13:00:00, LastAccessTime: 22-02-2010 16:41:41, LastWriteTime: 14-04-2008 01:11:54, ChangeTime: 07-09-2008 18:13:51, AllocationSize: 110.592, EndOfFile: 110.080, FileAttributes: A
16:41:41;9195843;cmd.exe;3564;CreateFile;C:\WINDOWS\system32\imm32.dll;SUCCESS;Desired Access: Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened
16:41:41;9199824;cmd.exe;3564;QueryStandardInformationFile;C:\WINDOWS\system32\imm32.dll;SUCCESS;AllocationSize: 110.592, EndOfFile: 110.080, NumberOfLinks: 1, DeletePending: False, Directory: False
16:41:41;9202899;cmd.exe;3564;CloseFile;C:\WINDOWS\system32\imm32.dll;SUCCESS;
16:41:41;9210037;cmd.exe;3564;QueryOpen;C:\WINDOWS\system32\imm32.dll;SUCCESS;CreationTime: 28-02-2006 13:00:00, LastAccessTime: 22-02-2010 16:41:41, LastWriteTime: 14-04-2008 01:11:54, ChangeTime: 07-09-2008 18:13:51, AllocationSize: 110.592, EndOfFile: 110.080, FileAttributes: A
16:41:41;9212649;cmd.exe;3564;CreateFile;C:\WINDOWS\system32\imm32.dll;SUCCESS;Desired Access: Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened
16:41:41;9234800;cmd.exe;3564;CloseFile;C:\WINDOWS\system32\imm32.dll;SUCCESS;
16:41:41;9239066;cmd.exe;3564;Load Image;C:\WINDOWS\system32\imm32.dll;SUCCESS;Image Base: 0x76390000, Image Size: 0x1d000
16:41:41;9241150;cmd.exe;3564;RegOpenKey;HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\IMM32.DLL;NAME NOT FOUND;Desired Access: Read
16:41:41;9250827;cmd.exe;3564;QueryOpen;C:\WINDOWS\system32\imm32.dll;SUCCESS;CreationTime: 28-02-2006 13:00:00, LastAccessTime: 22-02-2010 16:41:41, LastWriteTime: 14-04-2008 01:11:54, ChangeTime: 07-09-2008 18:13:51, AllocationSize: 110.592, EndOfFile: 110.080, FileAttributes: A
16:41:41;9254797;cmd.exe;3564;QueryOpen;C:\WINDOWS\system32\imm32.dll;SUCCESS;CreationTime: 28-02-2006 13:00:00, LastAccessTime: 22-02-2010 16:41:41, LastWriteTime: 14-04-2008 01:11:54, ChangeTime: 07-09-2008 18:13:51, AllocationSize: 110.592, EndOfFile: 110.080, FileAttributes: A
16:41:41;9255082;cmd.exe;3564;RegOpenKey;HKLM\System\CurrentControlSet\Control\Error Message Instrument;NAME NOT FOUND;Desired Access: Read
16:41:41;9255593;cmd.exe;3564;RegOpenKey;HKLM\Software\Microsoft\Windows NT\CurrentVersion\GRE_Initialize;SUCCESS;Desired Access: Read
16:41:41;9256049;cmd.exe;3564;RegQueryValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles;NAME NOT FOUND;Length: 20
16:41:41;9256420;cmd.exe;3564;RegCloseKey;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize;SUCCESS;
16:41:41;9258289;cmd.exe;3564;RegOpenKey;HKLM\Software\Microsoft\Windows NT\CurrentVersion\Compatibility32;SUCCESS;Desired Access: Read
16:41:41;9258686;cmd.exe;3564;RegQueryValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Compatibility32\cmd;NAME NOT FOUND;Length: 172
16:41:41;9258999;cmd.exe;3564;RegCloseKey;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Compatibility32;SUCCESS;
16:41:41;9259116;cmd.exe;3564;RegOpenKey;HKLM\Software\Microsoft\Windows NT\CurrentVersion\IME Compatibility;SUCCESS;Desired Access: Read
16:41:41;9259465;cmd.exe;3564;RegQueryValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IME Compatibility\cmd;NAME NOT FOUND;Length: 172
16:41:41;9259773;cmd.exe;3564;RegCloseKey;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IME Compatibility;SUCCESS;
16:41:41;9260722;cmd.exe;3564;RegOpenKey;HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows;SUCCESS;Desired Access: Read
16:41:41;9261086;cmd.exe;3564;RegQueryValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs;SUCCESS;Type: REG_SZ, Length: 2, Data: 
16:41:41;9261401;cmd.exe;3564;RegCloseKey;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows;SUCCESS;
16:41:41;9262876;cmd.exe;3564;RegOpenKey;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon;SUCCESS;Desired Access: Read
16:41:41;9263240;cmd.exe;3564;RegQueryValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\LeakTrack;NAME NOT FOUND;Length: 144
16:41:41;9263625;cmd.exe;3564;RegCloseKey;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon;SUCCESS;
16:41:41;9263754;cmd.exe;3564;RegOpenKey;HKLM;SUCCESS;Desired Access: Maximum Allowed
16:41:41;9264030;cmd.exe;3564;RegOpenKey;HKLM\Software\Microsoft\Windows NT\CurrentVersion\Diagnostics;NAME NOT FOUND;Desired Access: Read
16:41:41;9264715;cmd.exe;3564;RegOpenKey;HKLM\Software\Microsoft\Windows NT\CurrentVersion\DRIVERS32;SUCCESS;Desired Access: Read
16:41:41;9265036;cmd.exe;3564;RegQueryValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\wave;SUCCESS;Type: REG_SZ, Length: 22, Data: wdmaud.drv
16:41:41;9265522;cmd.exe;3564;RegQueryValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\wave;SUCCESS;Type: REG_SZ, Length: 22, Data: wdmaud.drv
16:41:41;9265824;cmd.exe;3564;RegQueryValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\wave1;SUCCESS;Type: REG_SZ, Length: 22, Data: wdmaud.drv
16:41:41;9266103;cmd.exe;3564;RegQueryValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\wave1;SUCCESS;Type: REG_SZ, Length: 22, Data: wdmaud.drv
16:41:41;9266329;cmd.exe;3564;RegQueryValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\wave2;SUCCESS;Type: REG_SZ, Length: 22, Data: wdmaud.drv
16:41:41;9266586;cmd.exe;3564;RegQueryValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\wave2;SUCCESS;Type: REG_SZ, Length: 22, Data: wdmaud.drv
16:41:41;9266807;cmd.exe;3564;RegQueryValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\wave3;NAME NOT FOUND;Length: 536
16:41:41;9267019;cmd.exe;3564;RegQueryValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\wave4;NAME NOT FOUND;Length: 536
16:41:41;9267220;cmd.exe;3564;RegQueryValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\wave5;NAME NOT FOUND;Length: 536
16:41:41;9267424;cmd.exe;3564;RegQueryValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\wave6;NAME NOT FOUND;Length: 536
16:41:41;9267628;cmd.exe;3564;RegQueryValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\wave7;NAME NOT FOUND;Length: 536
16:41:41;9267832;cmd.exe;3564;RegQueryValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\wave8;NAME NOT FOUND;Length: 536
16:41:41;9268045;cmd.exe;3564;RegQueryValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\wave9;NAME NOT FOUND;Length: 536
16:41:41;9268249;cmd.exe;3564;RegQueryValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\midi;SUCCESS;Type: REG_SZ, Length: 22, Data: wdmaud.drv
16:41:41;9268464;cmd.exe;3564;RegQueryValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\midi;SUCCESS;Type: REG_SZ, Length: 22, Data: wdmaud.drv
16:41:41;9268684;cmd.exe;3564;RegQueryValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\midi1;SUCCESS;Type: REG_SZ, Length: 22, Data: wdmaud.drv
16:41:41;9268913;cmd.exe;3564;RegQueryValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\midi1;SUCCESS;Type: REG_SZ, Length: 22, Data: wdmaud.drv
16:41:41;9269143;cmd.exe;3564;RegQueryValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\midi2;SUCCESS;Type: REG_SZ, Length: 22, Data: wdmaud.drv
16:41:41;9269369;cmd.exe;3564;RegQueryValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\midi2;SUCCESS;Type: REG_SZ, Length: 22, Data: wdmaud.drv
16:41:41;9269598;cmd.exe;3564;RegQueryValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\midi3;NAME NOT FOUND;Length: 536
16:41:41;9269810;cmd.exe;3564;RegQueryValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\midi4;NAME NOT FOUND;Length: 536
16:41:41;9270017;cmd.exe;3564;RegQueryValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\midi5;NAME NOT FOUND;Length: 536
16:41:41;9270229;cmd.exe;3564;RegQueryValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\midi6;NAME NOT FOUND;Length: 536
16:41:41;9270467;cmd.exe;3564;RegQueryValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\midi7;NAME NOT FOUND;Length: 536
16:41:41;9270673;cmd.exe;3564;RegQueryValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\midi8;NAME NOT FOUND;Length: 536
16:41:41;9270877;cmd.exe;3564;RegQueryValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\midi9;NAME NOT FOUND;Length: 536
16:41:41;9271115;cmd.exe;3564;RegQueryValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\aux;NAME NOT FOUND;Length: 536
16:41:41;9271313;cmd.exe;3564;RegQueryValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\aux1;NAME NOT FOUND;Length: 536
16:41:41;9271520;cmd.exe;3564;RegQueryValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\aux2;NAME NOT FOUND;Length: 536
16:41:41;9271729;cmd.exe;3564;RegQueryValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\aux3;NAME NOT FOUND;Length: 536
16:41:41;9271936;cmd.exe;3564;RegQueryValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\aux4;NAME NOT FOUND;Length: 536
16:41:41;9272148;cmd.exe;3564;RegQueryValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\aux5;NAME NOT FOUND;Length: 536
16:41:41;9272352;cmd.exe;3564;RegQueryValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\aux6;NAME NOT FOUND;Length: 536
16:41:41;9272551;cmd.exe;3564;RegQueryValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\aux7;NAME NOT FOUND;Length: 536
16:41:41;9272752;cmd.exe;3564;RegQueryValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\aux8;NAME NOT FOUND;Length: 536
16:41:41;9272967;cmd.exe;3564;RegQueryValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\aux9;NAME NOT FOUND;Length: 536
16:41:41;9273202;cmd.exe;3564;RegOpenKey;HKLM\System\CurrentControlSet\Control\MediaProperties\PrivateProperties\Joystick\Winmm;SUCCESS;Desired Access: All Access
16:41:41;9273780;cmd.exe;3564;RegQueryValue;HKLM\System\CurrentControlSet\Control\MediaProperties\PrivateProperties\Joystick\Winmm\wheel;SUCCESS;Type: REG_DWORD, Length: 4, Data: 1
16:41:41;9274140;cmd.exe;3564;RegCloseKey;HKLM\System\CurrentControlSet\Control\MediaProperties\PrivateProperties\Joystick\Winmm;SUCCESS;
16:41:41;9274442;cmd.exe;3564;RegQueryValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\mixer;SUCCESS;Type: REG_SZ, Length: 22, Data: wdmaud.drv
16:41:41;9274713;cmd.exe;3564;RegQueryValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\mixer;SUCCESS;Type: REG_SZ, Length: 22, Data: wdmaud.drv
16:41:41;9274942;cmd.exe;3564;RegQueryValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\mixer1;SUCCESS;Type: REG_SZ, Length: 22, Data: wdmaud.drv
16:41:41;9275188;cmd.exe;3564;RegQueryValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\mixer1;SUCCESS;Type: REG_SZ, Length: 22, Data: wdmaud.drv
16:41:41;9275529;cmd.exe;3564;RegQueryValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\mixer2;SUCCESS;Type: REG_SZ, Length: 22, Data: wdmaud.drv
16:41:41;9275763;cmd.exe;3564;RegQueryValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\mixer2;SUCCESS;Type: REG_SZ, Length: 22, Data: wdmaud.drv
16:41:41;9276001;cmd.exe;3564;RegQueryValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\mixer3;NAME NOT FOUND;Length: 536
16:41:41;9276227;cmd.exe;3564;RegQueryValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\mixer4;NAME NOT FOUND;Length: 536
16:41:41;9276440;cmd.exe;3564;RegQueryValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\mixer5;NAME NOT FOUND;Length: 536
16:41:41;9276646;cmd.exe;3564;RegQueryValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\mixer6;NAME NOT FOUND;Length: 536
16:41:41;9276859;cmd.exe;3564;RegQueryValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\mixer7;NAME NOT FOUND;Length: 536
16:41:41;9277065;cmd.exe;3564;RegQueryValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\mixer8;NAME NOT FOUND;Length: 536
16:41:41;9277300;cmd.exe;3564;RegQueryValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\mixer9;NAME NOT FOUND;Length: 536
16:41:41;9280823;cmd.exe;3564;RegSetValue;HKLM\SOFTWARE\Microsoft\Cryptography\RNG\Seed;SUCCESS;Type: REG_BINARY, Length: 80, Data: D0 27 3B F9 B6 39 19 EC 4F D3 2D 45 0B 55 52 21
16:41:41;9282373;cmd.exe;3564;RegOpenKey;HKLM\SYSTEM\CurrentControlSet\Control\Session Manager;SUCCESS;Desired Access: Read
16:41:41;9282882;cmd.exe;3564;RegQueryValue;HKLM\System\CurrentControlSet\Control\Session Manager\CriticalSectionTimeout;SUCCESS;Type: REG_DWORD, Length: 4, Data: 2592000
16:41:41;9283225;cmd.exe;3564;RegCloseKey;HKLM\System\CurrentControlSet\Control\Session Manager;SUCCESS;
16:41:41;9283345;cmd.exe;3564;RegOpenKey;HKLM\Software\Microsoft\Ole;SUCCESS;Desired Access: Read
16:41:41;9283630;cmd.exe;3564;RegQueryValue;HKLM\SOFTWARE\Microsoft\Ole\RWLockResourceTimeOut;NAME NOT FOUND;Length: 144
16:41:41;9283896;cmd.exe;3564;RegCloseKey;HKLM\SOFTWARE\Microsoft\Ole;SUCCESS;
16:41:41;9284119;cmd.exe;3564;RegOpenKey;HKCR\Interface;SUCCESS;Desired Access: Read
16:41:41;9284745;cmd.exe;3564;RegCloseKey;HKCR\Interface;SUCCESS;
16:41:41;9284837;cmd.exe;3564;RegOpenKey;HKCR\Interface\{00020400-0000-0000-C000-000000000046};SUCCESS;Desired Access: Read
16:41:41;9285382;cmd.exe;3564;RegCloseKey;HKCR\Interface\{00020400-0000-0000-C000-000000000046};SUCCESS;
16:41:41;9285851;cmd.exe;3564;RegOpenKey;HKLM\SOFTWARE\Microsoft\OLEAUT;NAME NOT FOUND;Desired Access: Query Value
16:41:41;9286290;cmd.exe;3564;RegOpenKey;HKLM\SOFTWARE\Microsoft\OLEAUT\UserEra;NAME NOT FOUND;Desired Access: Query Value, Enumerate Sub Keys
16:41:41;9286499;cmd.exe;3564;RegOpenKey;HKLM\SOFTWARE\Microsoft\OLEAUT;NAME NOT FOUND;Desired Access: Query Value
16:41:41;9286896;cmd.exe;3564;RegOpenKey;HKCU;SUCCESS;Desired Access: Maximum Allowed
16:41:41;9287226;cmd.exe;3564;RegCreateKey;HKCU\Software\Microsoft\Multimedia\Audio;SUCCESS;Desired Access: Write, Query Value
16:41:41;9287555;cmd.exe;3564;RegQueryValue;HKCU\Software\Microsoft\Multimedia\Audio\SystemFormats;SUCCESS;Type: REG_SZ, Length: 86, Data: CD Quality,Radio Quality,Telephone Quality
16:41:41;9287852;cmd.exe;3564;RegCloseKey;HKCU\Software\Microsoft\Multimedia\Audio;SUCCESS;
16:41:41;9288042;cmd.exe;3564;RegCloseKey;HKCU;SUCCESS;
16:41:41;9288461;cmd.exe;3564;RegOpenKey;HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32;SUCCESS;Desired Access: Read
16:41:41;9288849;cmd.exe;3564;RegEnumValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32;SUCCESS;Index: 0, Type: REG_SZ
16:41:41;9289039;cmd.exe;3564;RegEnumValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32;SUCCESS;Index: 1, Type: REG_SZ
16:41:41;9289209;cmd.exe;3564;RegEnumValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32;SUCCESS;Index: 2, Type: REG_SZ
16:41:41;9289377;cmd.exe;3564;RegEnumValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32;SUCCESS;Index: 3, Type: REG_SZ
16:41:41;9289556;cmd.exe;3564;RegEnumValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32;SUCCESS;Index: 4, Type: REG_SZ
16:41:41;9289740;cmd.exe;3564;RegEnumValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32;SUCCESS;Index: 5, Type: REG_SZ
16:41:41;9289916;cmd.exe;3564;RegEnumValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32;SUCCESS;Index: 6, Type: REG_SZ
16:41:41;9290087;cmd.exe;3564;RegEnumValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32;SUCCESS;Index: 7, Type: REG_SZ
16:41:41;9290257;cmd.exe;3564;RegEnumValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32;SUCCESS;Index: 8, Type: REG_SZ
16:41:41;9290430;cmd.exe;3564;RegEnumValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32;SUCCESS;Index: 9, Type: REG_SZ
16:41:41;9290606;cmd.exe;3564;RegEnumValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32;SUCCESS;Index: 10, Type: REG_SZ
16:41:41;9290774;cmd.exe;3564;RegEnumValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32;SUCCESS;Index: 11, Type: REG_SZ
16:41:41;9290950;cmd.exe;3564;RegEnumValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32;SUCCESS;Index: 12, Type: REG_SZ
16:41:41;9291123;cmd.exe;3564;RegEnumValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32;SUCCESS;Index: 13, Type: REG_SZ
16:41:41;9291305;cmd.exe;3564;RegEnumValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32;SUCCESS;Index: 14, Type: REG_SZ
16:41:41;9291481;cmd.exe;3564;RegEnumValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32;SUCCESS;Index: 15, Type: REG_SZ
16:41:41;9291651;cmd.exe;3564;RegEnumValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32;SUCCESS;Index: 16, Type: REG_SZ
16:41:41;9291824;cmd.exe;3564;RegEnumValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32;SUCCESS;Index: 17, Type: REG_SZ
16:41:41;9292009;cmd.exe;3564;RegEnumValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32;SUCCESS;Index: 18, Type: REG_SZ
16:41:41;9292182;cmd.exe;3564;RegEnumValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32;SUCCESS;Index: 19, Type: REG_SZ
16:41:41;9292355;cmd.exe;3564;RegEnumValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32;SUCCESS;Index: 20, Type: REG_SZ
16:41:41;9292539;cmd.exe;3564;RegEnumValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32;SUCCESS;Index: 21, Type: REG_SZ
16:41:41;9292715;cmd.exe;3564;RegEnumValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32;SUCCESS;Index: 22, Type: REG_SZ
16:41:41;9293042;cmd.exe;3564;RegCloseKey;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32;SUCCESS;
16:41:41;9293386;cmd.exe;3564;RegQueryKey;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32;BUFFER OVERFLOW;Query: Basic, Length: 24
16:41:41;9293587;cmd.exe;3564;RegEnumValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32;SUCCESS;Index: 0, Type: REG_SZ
16:41:41;9293769;cmd.exe;3564;RegEnumValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32;SUCCESS;Index: 1, Type: REG_SZ
16:41:41;9293939;cmd.exe;3564;RegEnumValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32;SUCCESS;Index: 2, Type: REG_SZ
16:41:41;9294109;cmd.exe;3564;RegEnumValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32;SUCCESS;Index: 3, Type: REG_SZ
16:41:41;9294283;cmd.exe;3564;RegEnumValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32;SUCCESS;Index: 4, Type: REG_SZ
16:41:41;9294489;cmd.exe;3564;RegEnumValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32;SUCCESS;Index: 5, Type: REG_SZ
16:41:41;9294713;cmd.exe;3564;RegEnumValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32;SUCCESS;Index: 6, Type: REG_SZ
16:41:41;9294894;cmd.exe;3564;RegEnumValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32;SUCCESS;Index: 7, Type: REG_SZ
16:41:41;9295070;cmd.exe;3564;RegEnumValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32;SUCCESS;Index: 8, Type: REG_SZ
16:41:41;9295238;cmd.exe;3564;RegEnumValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32;SUCCESS;Index: 9, Type: REG_SZ
16:41:41;9295436;cmd.exe;3564;RegEnumValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32;SUCCESS;Index: 10, Type: REG_SZ
16:41:41;9295607;cmd.exe;3564;RegEnumValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32;SUCCESS;Index: 11, Type: REG_SZ
16:41:41;9295780;cmd.exe;3564;RegEnumValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32;SUCCESS;Index: 12, Type: REG_SZ
16:41:41;9295953;cmd.exe;3564;RegEnumValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32;SUCCESS;Index: 13, Type: REG_SZ
16:41:41;9296138;cmd.exe;3564;RegEnumValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32;SUCCESS;Index: 14, Type: REG_SZ
16:41:41;9296311;cmd.exe;3564;RegEnumValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32;SUCCESS;Index: 15, Type: REG_SZ
16:41:41;9296478;cmd.exe;3564;RegEnumValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32;SUCCESS;Index: 16, Type: REG_SZ
16:41:41;9296674;cmd.exe;3564;RegEnumValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32;SUCCESS;Index: 17, Type: REG_SZ
16:41:41;9296895;cmd.exe;3564;RegEnumValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32;SUCCESS;Index: 18, Type: REG_SZ
16:41:41;9297082;cmd.exe;3564;RegEnumValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32;SUCCESS;Index: 19, Type: REG_SZ
16:41:41;9297252;cmd.exe;3564;RegEnumValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32;SUCCESS;Index: 20, Type: REG_SZ
16:41:41;9297425;cmd.exe;3564;RegEnumValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32;SUCCESS;Index: 21, Type: REG_SZ
16:41:41;9297621;cmd.exe;3564;RegEnumValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32;SUCCESS;Index: 22, Type: REG_SZ
16:41:41;9297786;cmd.exe;3564;RegEnumValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32;SUCCESS;Index: 23, Type: REG_SZ
16:41:41;9297956;cmd.exe;3564;RegEnumValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32;SUCCESS;Index: 24, Type: REG_SZ
16:41:41;9298157;cmd.exe;3564;RegEnumValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32;SUCCESS;Index: 25, Type: REG_SZ
16:41:41;9298328;cmd.exe;3564;RegEnumValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32;SUCCESS;Index: 26, Type: REG_SZ
16:41:41;9298495;cmd.exe;3564;RegEnumValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32;SUCCESS;Index: 27, Type: REG_SZ
16:41:41;9298677;cmd.exe;3564;RegEnumValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32;SUCCESS;Index: 28, Type: REG_SZ
16:41:41;9298900;cmd.exe;3564;RegEnumValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32;SUCCESS;Index: 29, Type: REG_SZ
16:41:41;9299183;cmd.exe;3564;RegEnumValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32;SUCCESS;Index: 30, Type: REG_SZ
16:41:41;9299361;cmd.exe;3564;RegEnumValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32;SUCCESS;Index: 31, Type: REG_SZ
16:41:41;9299540;cmd.exe;3564;RegEnumValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32;SUCCESS;Index: 32, Type: REG_SZ
16:41:41;9299767;cmd.exe;3564;RegEnumValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32;SUCCESS;Index: 33, Type: REG_SZ
16:41:41;9300051;cmd.exe;3564;RegEnumValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32;SUCCESS;Index: 34, Type: REG_SZ
16:41:41;9300230;cmd.exe;3564;RegEnumValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32;SUCCESS;Index: 35, Type: REG_SZ
16:41:41;9300403;cmd.exe;3564;RegEnumValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32;NO MORE ENTRIES;Index: 36, Length: 512
16:41:41;9300677;cmd.exe;3564;RegCloseKey;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32;SUCCESS;
16:41:41;9300906;cmd.exe;3564;RegQueryKey;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32;BUFFER OVERFLOW;Query: Basic, Length: 24
16:41:41;9301133;cmd.exe;3564;RegQueryValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\msacm.imaadpcm;BUFFER OVERFLOW;Length: 16
16:41:41;9301339;cmd.exe;3564;RegQueryValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\msacm.imaadpcm;SUCCESS;Type: REG_SZ, Length: 26, Data: imaadp32.acm
16:41:41;9301622;cmd.exe;3564;RegCloseKey;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32;SUCCESS;
16:41:41;9301781;cmd.exe;3564;RegOpenKey;HKLM\Software\Microsoft\AudioCompressionManager\DriverCache;SUCCESS;Desired Access: Maximum Allowed
16:41:41;9302136;cmd.exe;3564;RegOpenKey;HKLM\SOFTWARE\Microsoft\AudioCompressionManager\DriverCache\msacm.imaadpcm;SUCCESS;Desired Access: Maximum Allowed
16:41:41;9302448;cmd.exe;3564;RegQueryValue;HKLM\SOFTWARE\Microsoft\AudioCompressionManager\DriverCache\msacm.imaadpcm\fdwSupport;SUCCESS;Type: REG_DWORD, Length: 4, Data: 1
16:41:41;9302652;cmd.exe;3564;RegQueryValue;HKLM\SOFTWARE\Microsoft\AudioCompressionManager\DriverCache\msacm.imaadpcm\cFormatTags;SUCCESS;Type: REG_DWORD, Length: 4, Data: 2
16:41:41;9302862;cmd.exe;3564;RegQueryValue;HKLM\SOFTWARE\Microsoft\AudioCompressionManager\DriverCache\msacm.imaadpcm\aFormatTagCache;SUCCESS;Type: REG_BINARY, Length: 16, Data: 01 00 00 00 10 00 00 00 11 00 00 00 14 00 00 00
16:41:41;9303052;cmd.exe;3564;RegQueryValue;HKLM\SOFTWARE\Microsoft\AudioCompressionManager\DriverCache\msacm.imaadpcm\cFilterTags;SUCCESS;Type: REG_DWORD, Length: 4, Data: 0
16:41:41;9303359;cmd.exe;3564;RegCloseKey;HKLM\SOFTWARE\Microsoft\AudioCompressionManager\DriverCache\msacm.imaadpcm;SUCCESS;
16:41:41;9303647;cmd.exe;3564;RegCloseKey;HKLM\SOFTWARE\Microsoft\AudioCompressionManager\DriverCache;SUCCESS;
16:41:41;9303831;cmd.exe;3564;RegQueryKey;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32;BUFFER OVERFLOW;Query: Basic, Length: 24
16:41:41;9304032;cmd.exe;3564;RegQueryValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\msacm.msadpcm;BUFFER OVERFLOW;Length: 16
16:41:41;9304217;cmd.exe;3564;RegQueryValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\msacm.msadpcm;SUCCESS;Type: REG_SZ, Length: 24, Data: msadp32.acm
16:41:41;9304502;cmd.exe;3564;RegCloseKey;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32;SUCCESS;
16:41:41;9304725;cmd.exe;3564;RegOpenKey;HKLM\Software\Microsoft\AudioCompressionManager\DriverCache;SUCCESS;Desired Access: Maximum Allowed
16:41:41;9305245;cmd.exe;3564;RegOpenKey;HKLM\SOFTWARE\Microsoft\AudioCompressionManager\DriverCache\msacm.msadpcm;SUCCESS;Desired Access: Maximum Allowed
16:41:41;9305723;cmd.exe;3564;RegQueryValue;HKLM\SOFTWARE\Microsoft\AudioCompressionManager\DriverCache\msacm.msadpcm\fdwSupport;SUCCESS;Type: REG_DWORD, Length: 4, Data: 1
16:41:41;9309525;cmd.exe;3564;RegQueryValue;HKLM\SOFTWARE\Microsoft\AudioCompressionManager\DriverCache\msacm.msadpcm\cFormatTags;SUCCESS;Type: REG_DWORD, Length: 4, Data: 2
16:41:41;9310913;cmd.exe;3564;RegQueryValue;HKLM\SOFTWARE\Microsoft\AudioCompressionManager\DriverCache\msacm.msadpcm\aFormatTagCache;SUCCESS;Type: REG_BINARY, Length: 16, Data: 01 00 00 00 10 00 00 00 02 00 00 00 32 00 00 00
16:41:41;9311106;cmd.exe;3564;RegQueryValue;HKLM\SOFTWARE\Microsoft\AudioCompressionManager\DriverCache\msacm.msadpcm\cFilterTags;SUCCESS;Type: REG_DWORD, Length: 4, Data: 0
16:41:41;9315735;cmd.exe;3564;RegCloseKey;HKLM\SOFTWARE\Microsoft\AudioCompressionManager\DriverCache\msacm.msadpcm;SUCCESS;
16:41:41;9330921;cmd.exe;3564;RegCloseKey;HKLM\SOFTWARE\Microsoft\AudioCompressionManager\DriverCache;SUCCESS;
16:41:41;9331237;cmd.exe;3564;RegQueryKey;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32;BUFFER OVERFLOW;Query: Basic, Length: 24
16:41:41;9331494;cmd.exe;3564;RegQueryValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\msacm.msg711;BUFFER OVERFLOW;Length: 16
16:41:41;9331734;cmd.exe;3564;RegQueryValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\msacm.msg711;SUCCESS;Type: REG_SZ, Length: 22, Data: msg711.acm
16:41:41;9332829;cmd.exe;3564;RegCloseKey;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32;SUCCESS;
16:41:41;9333058;cmd.exe;3564;RegOpenKey;HKLM\Software\Microsoft\AudioCompressionManager\DriverCache;SUCCESS;Desired Access: Maximum Allowed
16:41:41;9333455;cmd.exe;3564;RegOpenKey;HKLM\SOFTWARE\Microsoft\AudioCompressionManager\DriverCache\msacm.msg711;SUCCESS;Desired Access: Maximum Allowed
16:41:41;9335489;cmd.exe;3564;RegQueryValue;HKLM\SOFTWARE\Microsoft\AudioCompressionManager\DriverCache\msacm.msg711\fdwSupport;SUCCESS;Type: REG_DWORD, Length: 4, Data: 1
16:41:41;9335712;cmd.exe;3564;RegQueryValue;HKLM\SOFTWARE\Microsoft\AudioCompressionManager\DriverCache\msacm.msg711\cFormatTags;SUCCESS;Type: REG_DWORD, Length: 4, Data: 3
16:41:41;9335916;cmd.exe;3564;RegQueryValue;HKLM\SOFTWARE\Microsoft\AudioCompressionManager\DriverCache\msacm.msg711\aFormatTagCache;SUCCESS;Type: REG_BINARY, Length: 24, Data: 01 00 00 00 10 00 00 00 06 00 00 00 12 00 00 00
16:41:41;9336112;cmd.exe;3564;RegQueryValue;HKLM\SOFTWARE\Microsoft\AudioCompressionManager\DriverCache\msacm.msg711\cFilterTags;SUCCESS;Type: REG_DWORD, Length: 4, Data: 0
16:41:41;9336425;cmd.exe;3564;RegCloseKey;HKLM\SOFTWARE\Microsoft\AudioCompressionManager\DriverCache\msacm.msg711;SUCCESS;
16:41:41;9336685;cmd.exe;3564;RegCloseKey;HKLM\SOFTWARE\Microsoft\AudioCompressionManager\DriverCache;SUCCESS;
16:41:41;9337070;cmd.exe;3564;RegQueryKey;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32;BUFFER OVERFLOW;Query: Basic, Length: 24
16:41:41;9337313;cmd.exe;3564;RegQueryValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\msacm.msgsm610;BUFFER OVERFLOW;Length: 16
16:41:41;9337531;cmd.exe;3564;RegQueryValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\msacm.msgsm610;SUCCESS;Type: REG_SZ, Length: 24, Data: msgsm32.acm
16:41:41;9337919;cmd.exe;3564;RegCloseKey;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32;SUCCESS;
16:41:41;9338160;cmd.exe;3564;RegOpenKey;HKLM\Software\Microsoft\AudioCompressionManager\DriverCache;SUCCESS;Desired Access: Maximum Allowed
16:41:41;9338526;cmd.exe;3564;RegOpenKey;HKLM\SOFTWARE\Microsoft\AudioCompressionManager\DriverCache\msacm.msgsm610;SUCCESS;Desired Access: Maximum Allowed
16:41:41;9338841;cmd.exe;3564;RegQueryValue;HKLM\SOFTWARE\Microsoft\AudioCompressionManager\DriverCache\msacm.msgsm610\fdwSupport;SUCCESS;Type: REG_DWORD, Length: 4, Data: 1
16:41:41;9339054;cmd.exe;3564;RegQueryValue;HKLM\SOFTWARE\Microsoft\AudioCompressionManager\DriverCache\msacm.msgsm610\cFormatTags;SUCCESS;Type: REG_DWORD, Length: 4, Data: 2
16:41:41;9339249;cmd.exe;3564;RegQueryValue;HKLM\SOFTWARE\Microsoft\AudioCompressionManager\DriverCache\msacm.msgsm610\aFormatTagCache;SUCCESS;Type: REG_BINARY, Length: 16, Data: 01 00 00 00 10 00 00 00 31 00 00 00 14 00 00 00
16:41:41;9339498;cmd.exe;3564;RegQueryValue;HKLM\SOFTWARE\Microsoft\AudioCompressionManager\DriverCache\msacm.msgsm610\cFilterTags;SUCCESS;Type: REG_DWORD, Length: 4, Data: 0
16:41:41;9339825;cmd.exe;3564;RegCloseKey;HKLM\SOFTWARE\Microsoft\AudioCompressionManager\DriverCache\msacm.msgsm610;SUCCESS;
16:41:41;9340166;cmd.exe;3564;RegCloseKey;HKLM\SOFTWARE\Microsoft\AudioCompressionManager\DriverCache;SUCCESS;
16:41:41;9340339;cmd.exe;3564;RegQueryKey;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32;BUFFER OVERFLOW;Query: Basic, Length: 24
16:41:41;9340537;cmd.exe;3564;RegQueryValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\msacm.trspch;BUFFER OVERFLOW;Length: 16
16:41:41;9340853;cmd.exe;3564;RegQueryValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\msacm.trspch;SUCCESS;Type: REG_SZ, Length: 26, Data: tssoft32.acm
16:41:41;9341277;cmd.exe;3564;RegCloseKey;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32;SUCCESS;
16:41:41;9341437;cmd.exe;3564;RegOpenKey;HKLM\Software\Microsoft\AudioCompressionManager\DriverCache;SUCCESS;Desired Access: Maximum Allowed
16:41:41;9342107;cmd.exe;3564;RegOpenKey;HKLM\SOFTWARE\Microsoft\AudioCompressionManager\DriverCache\msacm.trspch;SUCCESS;Desired Access: Maximum Allowed
16:41:41;9342431;cmd.exe;3564;RegQueryValue;HKLM\SOFTWARE\Microsoft\AudioCompressionManager\DriverCache\msacm.trspch\fdwSupport;SUCCESS;Type: REG_DWORD, Length: 4, Data: 1
16:41:41;9342630;cmd.exe;3564;RegQueryValue;HKLM\SOFTWARE\Microsoft\AudioCompressionManager\DriverCache\msacm.trspch\cFormatTags;SUCCESS;Type: REG_DWORD, Length: 4, Data: 2
16:41:41;9342945;cmd.exe;3564;RegQueryValue;HKLM\SOFTWARE\Microsoft\AudioCompressionManager\DriverCache\msacm.trspch\aFormatTagCache;SUCCESS;Type: REG_BINARY, Length: 16, Data: 01 00 00 00 10 00 00 00 22 00 00 00 32 00 00 00
16:41:41;9343169;cmd.exe;3564;RegQueryValue;HKLM\SOFTWARE\Microsoft\AudioCompressionManager\DriverCache\msacm.trspch\cFilterTags;SUCCESS;Type: REG_DWORD, Length: 4, Data: 0
16:41:41;9343523;cmd.exe;3564;RegCloseKey;HKLM\SOFTWARE\Microsoft\AudioCompressionManager\DriverCache\msacm.trspch;SUCCESS;
16:41:41;9343814;cmd.exe;3564;RegCloseKey;HKLM\SOFTWARE\Microsoft\AudioCompressionManager\DriverCache;SUCCESS;
16:41:41;9344040;cmd.exe;3564;RegQueryKey;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32;BUFFER OVERFLOW;Query: Basic, Length: 24
16:41:41;9344300;cmd.exe;3564;RegQueryValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\msacm.msg723;BUFFER OVERFLOW;Length: 16
16:41:41;9344579;cmd.exe;3564;RegQueryValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\msacm.msg723;SUCCESS;Type: REG_SZ, Length: 22, Data: msg723.acm
16:41:41;9344901;cmd.exe;3564;RegCloseKey;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32;SUCCESS;
16:41:41;9345091;cmd.exe;3564;RegOpenKey;HKLM\Software\Microsoft\AudioCompressionManager\DriverCache;SUCCESS;Desired Access: Maximum Allowed
16:41:41;9345540;cmd.exe;3564;RegOpenKey;HKLM\SOFTWARE\Microsoft\AudioCompressionManager\DriverCache\msacm.msg723;SUCCESS;Desired Access: Maximum Allowed
16:41:41;9345831;cmd.exe;3564;RegQueryValue;HKLM\SOFTWARE\Microsoft\AudioCompressionManager\DriverCache\msacm.msg723\fdwSupport;SUCCESS;Type: REG_DWORD, Length: 4, Data: 1
16:41:41;9346024;cmd.exe;3564;RegQueryValue;HKLM\SOFTWARE\Microsoft\AudioCompressionManager\DriverCache\msacm.msg723\cFormatTags;SUCCESS;Type: REG_DWORD, Length: 4, Data: 2
16:41:41;9346217;cmd.exe;3564;RegQueryValue;HKLM\SOFTWARE\Microsoft\AudioCompressionManager\DriverCache\msacm.msg723\aFormatTagCache;SUCCESS;Type: REG_BINARY, Length: 16, Data: 01 00 00 00 10 00 00 00 42 00 00 00 1C 00 00 00
16:41:41;9346401;cmd.exe;3564;RegQueryValue;HKLM\SOFTWARE\Microsoft\AudioCompressionManager\DriverCache\msacm.msg723\cFilterTags;SUCCESS;Type: REG_DWORD, Length: 4, Data: 0
16:41:41;9346700;cmd.exe;3564;RegCloseKey;HKLM\SOFTWARE\Microsoft\AudioCompressionManager\DriverCache\msacm.msg723;SUCCESS;
16:41:41;9346912;cmd.exe;3564;RegCloseKey;HKLM\SOFTWARE\Microsoft\AudioCompressionManager\DriverCache;SUCCESS;
16:41:41;9347085;cmd.exe;3564;RegQueryKey;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32;BUFFER OVERFLOW;Query: Basic, Length: 24
16:41:41;9347289;cmd.exe;3564;RegQueryValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\msacm.msaudio1;BUFFER OVERFLOW;Length: 16
16:41:41;9347518;cmd.exe;3564;RegQueryValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\msacm.msaudio1;SUCCESS;Type: REG_SZ, Length: 24, Data: msaud32.acm
16:41:41;9347815;cmd.exe;3564;RegCloseKey;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32;SUCCESS;
16:41:41;9347971;cmd.exe;3564;RegOpenKey;HKLM\Software\Microsoft\AudioCompressionManager\DriverCache;SUCCESS;Desired Access: Maximum Allowed
16:41:41;9348303;cmd.exe;3564;RegOpenKey;HKLM\SOFTWARE\Microsoft\AudioCompressionManager\DriverCache\msacm.msaudio1;SUCCESS;Desired Access: Maximum Allowed
16:41:41;9348605;cmd.exe;3564;RegQueryValue;HKLM\SOFTWARE\Microsoft\AudioCompressionManager\DriverCache\msacm.msaudio1\fdwSupport;SUCCESS;Type: REG_DWORD, Length: 4, Data: 1
16:41:41;9348801;cmd.exe;3564;RegQueryValue;HKLM\SOFTWARE\Microsoft\AudioCompressionManager\DriverCache\msacm.msaudio1\cFormatTags;SUCCESS;Type: REG_DWORD, Length: 4, Data: 3
16:41:41;9348996;cmd.exe;3564;RegQueryValue;HKLM\SOFTWARE\Microsoft\AudioCompressionManager\DriverCache\msacm.msaudio1\aFormatTagCache;SUCCESS;Type: REG_BINARY, Length: 24, Data: 01 00 00 00 12 00 00 00 60 01 00 00 16 00 00 00
16:41:41;9349186;cmd.exe;3564;RegQueryValue;HKLM\SOFTWARE\Microsoft\AudioCompressionManager\DriverCache\msacm.msaudio1\cFilterTags;SUCCESS;Type: REG_DWORD, Length: 4, Data: 0
16:41:41;9349488;cmd.exe;3564;RegCloseKey;HKLM\SOFTWARE\Microsoft\AudioCompressionManager\DriverCache\msacm.msaudio1;SUCCESS;
16:41:41;9349700;cmd.exe;3564;RegCloseKey;HKLM\SOFTWARE\Microsoft\AudioCompressionManager\DriverCache;SUCCESS;
16:41:41;9349865;cmd.exe;3564;RegQueryKey;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32;BUFFER OVERFLOW;Query: Basic, Length: 24
16:41:41;9350058;cmd.exe;3564;RegQueryValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\msacm.sl_anet;BUFFER OVERFLOW;Length: 16
16:41:41;9350290;cmd.exe;3564;RegQueryValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\msacm.sl_anet;SUCCESS;Type: REG_SZ, Length: 24, Data: sl_anet.acm
16:41:41;9350731;cmd.exe;3564;RegCloseKey;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32;SUCCESS;
16:41:41;9350902;cmd.exe;3564;RegOpenKey;HKLM\Software\Microsoft\AudioCompressionManager\DriverCache;SUCCESS;Desired Access: Maximum Allowed
16:41:41;9352413;cmd.exe;3564;RegOpenKey;HKLM\SOFTWARE\Microsoft\AudioCompressionManager\DriverCache\msacm.sl_anet;SUCCESS;Desired Access: Maximum Allowed
16:41:41;9352703;cmd.exe;3564;RegQueryValue;HKLM\SOFTWARE\Microsoft\AudioCompressionManager\DriverCache\msacm.sl_anet\fdwSupport;SUCCESS;Type: REG_DWORD, Length: 4, Data: 1
16:41:41;9352919;cmd.exe;3564;RegQueryValue;HKLM\SOFTWARE\Microsoft\AudioCompressionManager\DriverCache\msacm.sl_anet\cFormatTags;SUCCESS;Type: REG_DWORD, Length: 4, Data: 2
16:41:41;9353120;cmd.exe;3564;RegQueryValue;HKLM\SOFTWARE\Microsoft\AudioCompressionManager\DriverCache\msacm.sl_anet\aFormatTagCache;SUCCESS;Type: REG_BINARY, Length: 16, Data: 01 00 00 00 10 00 00 00 30 01 00 00 16 00 00 00
16:41:41;9353312;cmd.exe;3564;RegQueryValue;HKLM\SOFTWARE\Microsoft\AudioCompressionManager\DriverCache\msacm.sl_anet\cFilterTags;SUCCESS;Type: REG_DWORD, Length: 4, Data: 0
16:41:41;9353625;cmd.exe;3564;RegCloseKey;HKLM\SOFTWARE\Microsoft\AudioCompressionManager\DriverCache\msacm.sl_anet;SUCCESS;
16:41:41;9353863;cmd.exe;3564;RegCloseKey;HKLM\SOFTWARE\Microsoft\AudioCompressionManager\DriverCache;SUCCESS;
16:41:41;9354058;cmd.exe;3564;RegQueryKey;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32;BUFFER OVERFLOW;Query: Basic, Length: 24
16:41:41;9354271;cmd.exe;3564;RegQueryValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\msacm.iac2;BUFFER OVERFLOW;Length: 16
16:41:41;9354505;cmd.exe;3564;RegQueryValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\msacm.iac2;SUCCESS;Type: REG_SZ, Length: 64, Data: C:\WINDOWS\system32\iac25_32.ax
16:41:41;9354804;cmd.exe;3564;RegCloseKey;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32;SUCCESS;
16:41:41;9355061;cmd.exe;3564;RegOpenKey;HKLM\Software\Microsoft\AudioCompressionManager\DriverCache;SUCCESS;Desired Access: Maximum Allowed
16:41:41;9355394;cmd.exe;3564;RegOpenKey;HKLM\SOFTWARE\Microsoft\AudioCompressionManager\DriverCache\msacm.iac2;SUCCESS;Desired Access: Maximum Allowed
16:41:41;9355679;cmd.exe;3564;RegQueryValue;HKLM\SOFTWARE\Microsoft\AudioCompressionManager\DriverCache\msacm.iac2\fdwSupport;SUCCESS;Type: REG_DWORD, Length: 4, Data: 1
16:41:41;9355883;cmd.exe;3564;RegQueryValue;HKLM\SOFTWARE\Microsoft\AudioCompressionManager\DriverCache\msacm.iac2\cFormatTags;SUCCESS;Type: REG_DWORD, Length: 4, Data: 2
16:41:41;9356087;cmd.exe;3564;RegQueryValue;HKLM\SOFTWARE\Microsoft\AudioCompressionManager\DriverCache\msacm.iac2\aFormatTagCache;SUCCESS;Type: REG_BINARY, Length: 16, Data: 01 00 00 00 10 00 00 00 02 04 00 00 14 00 00 00
16:41:41;9356274;cmd.exe;3564;RegQueryValue;HKLM\SOFTWARE\Microsoft\AudioCompressionManager\DriverCache\msacm.iac2\cFilterTags;SUCCESS;Type: REG_DWORD, Length: 4, Data: 0
16:41:41;9356573;cmd.exe;3564;RegCloseKey;HKLM\SOFTWARE\Microsoft\AudioCompressionManager\DriverCache\msacm.iac2;SUCCESS;
16:41:41;9356791;cmd.exe;3564;RegCloseKey;HKLM\SOFTWARE\Microsoft\AudioCompressionManager\DriverCache;SUCCESS;
16:41:41;9356955;cmd.exe;3564;RegQueryKey;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32;BUFFER OVERFLOW;Query: Basic, Length: 24
16:41:41;9357159;cmd.exe;3564;RegQueryValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\msacm.l3acm;BUFFER OVERFLOW;Length: 16
16:41:41;9357388;cmd.exe;3564;RegQueryValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\msacm.l3acm;SUCCESS;Type: REG_SZ, Length: 66, Data: C:\WINDOWS\system32\l3codeca.acm
16:41:41;9357690;cmd.exe;3564;RegCloseKey;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32;SUCCESS;
16:41:41;9357847;cmd.exe;3564;RegOpenKey;HKLM\Software\Microsoft\AudioCompressionManager\DriverCache;SUCCESS;Desired Access: Maximum Allowed
16:41:41;9359324;cmd.exe;3564;RegOpenKey;HKLM\SOFTWARE\Microsoft\AudioCompressionManager\DriverCache\msacm.l3acm;SUCCESS;Desired Access: Maximum Allowed
16:41:41;9359665;cmd.exe;3564;RegQueryValue;HKLM\SOFTWARE\Microsoft\AudioCompressionManager\DriverCache\msacm.l3acm\fdwSupport;SUCCESS;Type: REG_DWORD, Length: 4, Data: 1
16:41:41;9359908;cmd.exe;3564;RegQueryValue;HKLM\SOFTWARE\Microsoft\AudioCompressionManager\DriverCache\msacm.l3acm\cFormatTags;SUCCESS;Type: REG_DWORD, Length: 4, Data: 2
16:41:41;9360433;cmd.exe;3564;RegQueryValue;HKLM\SOFTWARE\Microsoft\AudioCompressionManager\DriverCache\msacm.l3acm\aFormatTagCache;SUCCESS;Type: REG_BINARY, Length: 16, Data: 01 00 00 00 10 00 00 00 55 00 00 00 1E 00 00 00
16:41:41;9360651;cmd.exe;3564;RegQueryValue;HKLM\SOFTWARE\Microsoft\AudioCompressionManager\DriverCache\msacm.l3acm\cFilterTags;SUCCESS;Type: REG_DWORD, Length: 4, Data: 0
16:41:41;9360978;cmd.exe;3564;RegCloseKey;HKLM\SOFTWARE\Microsoft\AudioCompressionManager\DriverCache\msacm.l3acm;SUCCESS;
16:41:41;9361523;cmd.exe;3564;RegCloseKey;HKLM\SOFTWARE\Microsoft\AudioCompressionManager\DriverCache;SUCCESS;
16:41:41;9362316;cmd.exe;3564;RegOpenKey;HKCU;SUCCESS;Desired Access: Maximum Allowed
16:41:41;9362668;cmd.exe;3564;RegCreateKey;HKCU\Software\Microsoft\Multimedia\Audio Compression Manager;SUCCESS;Desired Access: Write
16:41:41;9363361;cmd.exe;3564;RegCloseKey;HKCU;SUCCESS;
16:41:41;9363571;cmd.exe;3564;RegCreateKey;HKCU\Software\Microsoft\Multimedia\Audio Compression Manager\MSACM;SUCCESS;Desired Access: Read/Write
16:41:41;9365529;cmd.exe;3564;RegCloseKey;HKCU\Software\Microsoft\Multimedia\Audio Compression Manager;SUCCESS;
16:41:41;9366046;cmd.exe;3564;RegQueryValue;HKCU\Software\Microsoft\Multimedia\Audio Compression Manager\MSACM\NoPCMConverter;NAME NOT FOUND;Length: 144
16:41:41;9366376;cmd.exe;3564;RegCloseKey;HKCU\Software\Microsoft\Multimedia\Audio Compression Manager\MSACM;SUCCESS;
16:41:41;9367105;cmd.exe;3564;RegOpenKey;HKCU;SUCCESS;Desired Access: Maximum Allowed
16:41:41;9367451;cmd.exe;3564;RegOpenKey;HKCU\Software\Policies\Microsoft\Control Panel\Desktop;NAME NOT FOUND;Desired Access: Read
16:41:41;9367649;cmd.exe;3564;RegOpenKey;HKCU\Control Panel\Desktop;SUCCESS;Desired Access: Read
16:41:41;9367920;cmd.exe;3564;RegQueryValue;HKCU\Control Panel\Desktop\MultiUILanguageId;NAME NOT FOUND;Length: 256
16:41:41;9368256;cmd.exe;3564;RegCloseKey;HKCU\Control Panel\Desktop;SUCCESS;
16:41:41;9368443;cmd.exe;3564;RegCloseKey;HKCU;SUCCESS;
16:41:41;9368971;cmd.exe;3564;RegOpenKey;HKCU;SUCCESS;Desired Access: Maximum Allowed
16:41:41;9369270;cmd.exe;3564;RegCreateKey;HKCU\Software\Microsoft\Multimedia\Audio Compression Manager;SUCCESS;Desired Access: Write
16:41:41;9369641;cmd.exe;3564;RegCloseKey;HKCU;SUCCESS;
16:41:41;9369792;cmd.exe;3564;RegCreateKey;HKCU\Software\Microsoft\Multimedia\Audio Compression Manager\Priority v4.00;SUCCESS;Desired Access: Read/Write
16:41:41;9370122;cmd.exe;3564;RegCloseKey;HKCU\Software\Microsoft\Multimedia\Audio Compression Manager;SUCCESS;
16:41:41;9370306;cmd.exe;3564;RegQueryValue;HKCU\Software\Microsoft\Multimedia\Audio Compression Manager\Priority v4.00\Priority1;NAME NOT FOUND;Length: 144
16:41:41;9370605;cmd.exe;3564;RegCloseKey;HKCU\Software\Microsoft\Multimedia\Audio Compression Manager\Priority v4.00;SUCCESS;
16:41:41;9370745;cmd.exe;3564;RegOpenKey;HKLM\System\CurrentControlSet\Control\MediaResources\acm;NAME NOT FOUND;Desired Access: Query Value, Enumerate Sub Keys
16:41:41;9371343;cmd.exe;3564;RegOpenKey;HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Performance;NAME NOT FOUND;Desired Access: Maximum Allowed
16:41:41;9372957;cmd.exe;3564;RegOpenKey;HKLM\SYSTEM\Setup;SUCCESS;Desired Access: Query Value
16:41:41;9373287;cmd.exe;3564;RegQueryValue;HKLM\SYSTEM\Setup\SystemSetupInProgress;SUCCESS;Type: REG_DWORD, Length: 4, Data: 0
16:41:41;9373594;cmd.exe;3564;RegCloseKey;HKLM\SYSTEM\Setup;SUCCESS;
16:41:41;9374240;cmd.exe;3564;RegOpenKey;HKCU;SUCCESS;Desired Access: Maximum Allowed
16:41:41;9374594;cmd.exe;3564;RegOpenKey;HKCU\Software\Policies\Microsoft\Control Panel\Desktop;NAME NOT FOUND;Desired Access: Read
16:41:41;9374796;cmd.exe;3564;RegOpenKey;HKCU\Control Panel\Desktop;SUCCESS;Desired Access: Read
16:41:41;9375072;cmd.exe;3564;RegQueryValue;HKCU\Control Panel\Desktop\MultiUILanguageId;NAME NOT FOUND;Length: 256
16:41:41;9375740;cmd.exe;3564;RegCloseKey;HKCU\Control Panel\Desktop;SUCCESS;
16:41:41;9375930;cmd.exe;3564;RegCloseKey;HKCU;SUCCESS;
16:41:41;9379458;cmd.exe;3564;CreateFile;C:\WINDOWS\system32\shell32.dll;SUCCESS;Desired Access: Generic Read/Execute, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, AllocationSize: n/a, OpenResult: Opened
16:41:41;9383020;cmd.exe;3564;QueryStandardInformationFile;C:\WINDOWS\system32\shell32.dll;SUCCESS;AllocationSize: 8.462.336, EndOfFile: 8.461.312, NumberOfLinks: 1, DeletePending: False, Directory: False
16:41:41;9385532;cmd.exe;3564;CreateFile;C:\WINDOWS\system32\SHELL32.dll.124.Manifest;NAME NOT FOUND;Desired Access: Generic Read/Execute, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, AllocationSize: n/a
16:41:41;9390373;cmd.exe;3564;CreateFile;C:\WINDOWS\system32\SHELL32.dll.124.Config;NAME NOT FOUND;Desired Access: Generic Read/Execute, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, AllocationSize: n/a
16:41:41;9570343;cmd.exe;3564;CloseFile;C:\WINDOWS\system32\shell32.dll;SUCCESS;
16:41:41;9571416;cmd.exe;3564;RegOpenKey;HKLM\Software\Microsoft\Windows\CurrentVersion\SideBySide\AssemblyStorageRoots;NAME NOT FOUND;Desired Access: Enumerate Sub Keys
16:41:41;9573617;cmd.exe;3564;QueryOpen;C:\WINDOWS\system32\cmd.exe.Local;NAME NOT FOUND;
16:41:41;9576022;cmd.exe;3564;QueryOpen;C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83;SUCCESS;CreationTime: 07-09-2008 18:05:23, LastAccessTime: 22-02-2010 16:41:41, LastWriteTime: 07-09-2008 18:05:23, ChangeTime: 07-09-2008 18:05:23, AllocationSize: 0, EndOfFile: 0, FileAttributes: D
16:41:41;9578132;cmd.exe;3564;CreateFile;C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83;SUCCESS;Desired Access: Execute/Traverse, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened
16:41:41;9581017;cmd.exe;3564;CreateFile;C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll;SUCCESS;Desired Access: Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened
16:41:41;9584792;cmd.exe;3564;QueryStandardInformationFile;C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll;SUCCESS;AllocationSize: 1.056.768, EndOfFile: 1.054.208, NumberOfLinks: 1, DeletePending: False, Directory: False
16:41:41;9587043;cmd.exe;3564;CloseFile;C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll;SUCCESS;
16:41:41;9590211;cmd.exe;3564;CreateFile;C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll;SUCCESS;Desired Access: Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened
16:41:41;9595782;cmd.exe;3564;CloseFile;C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll;SUCCESS;
16:41:41;9598989;cmd.exe;3564;Load Image;C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll;SUCCESS;Image Base: 0x773d0000, Image Size: 0x103000
16:41:41;9602596;cmd.exe;3564;RegOpenKey;HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\comctl32.dll;NAME NOT FOUND;Desired Access: Read
16:41:41;9603517;cmd.exe;3564;RegOpenKey;HKCU;SUCCESS;Desired Access: Maximum Allowed
16:41:41;9603925;cmd.exe;3564;RegOpenKey;HKCU\Software\Policies\Microsoft\Control Panel\Desktop;NAME NOT FOUND;Desired Access: Read
16:41:41;9604138;cmd.exe;3564;RegOpenKey;HKCU\Control Panel\Desktop;SUCCESS;Desired Access: Read
16:41:41;9604428;cmd.exe;3564;RegQueryValue;HKCU\Control Panel\Desktop\MultiUILanguageId;NAME NOT FOUND;Length: 256
16:41:41;9604791;cmd.exe;3564;RegCloseKey;HKCU\Control Panel\Desktop;SUCCESS;
16:41:41;9604978;cmd.exe;3564;RegCloseKey;HKCU;SUCCESS;
16:41:41;9607294;cmd.exe;3564;QueryOpen;C:\WINDOWS\WindowsShell.Manifest;SUCCESS;CreationTime: 29-01-2008 14:33:25, LastAccessTime: 22-02-2010 16:41:39, LastWriteTime: 29-01-2008 14:33:25, ChangeTime: 29-01-2008 14:33:25, AllocationSize: 4.096, EndOfFile: 749, FileAttributes: RHA
16:41:41;9608772;cmd.exe;3564;CreateFile;C:\WINDOWS\WindowsShell.Manifest;SUCCESS;Desired Access: Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened
16:41:41;9611094;cmd.exe;3564;QueryStandardInformationFile;C:\WINDOWS\WindowsShell.Manifest;SUCCESS;AllocationSize: 4.096, EndOfFile: 749, NumberOfLinks: 1, DeletePending: False, Directory: False
16:41:41;9612228;cmd.exe;3564;CloseFile;C:\WINDOWS\WindowsShell.Manifest;SUCCESS;
16:41:41;9614175;cmd.exe;3564;QueryOpen;C:\WINDOWS\WindowsShell.Manifest;SUCCESS;CreationTime: 29-01-2008 14:33:25, LastAccessTime: 22-02-2010 16:41:41, LastWriteTime: 29-01-2008 14:33:25, ChangeTime: 29-01-2008 14:33:25, AllocationSize: 4.096, EndOfFile: 749, FileAttributes: RHA
16:41:41;9615491;cmd.exe;3564;CreateFile;C:\WINDOWS\WindowsShell.Manifest;SUCCESS;Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened
16:41:41;9617399;cmd.exe;3564;QueryStandardInformationFile;C:\WINDOWS\WindowsShell.Manifest;SUCCESS;AllocationSize: 4.096, EndOfFile: 749, NumberOfLinks: 1, DeletePending: False, Directory: False
16:41:41;9618536;cmd.exe;3564;CloseFile;C:\WINDOWS\WindowsShell.Manifest;SUCCESS;
16:41:41;9620290;cmd.exe;3564;CreateFile;C:\WINDOWS\WindowsShell.Manifest;SUCCESS;Desired Access: Generic Read/Execute, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, AllocationSize: n/a, OpenResult: Opened
16:41:41;9622282;cmd.exe;3564;QueryStandardInformationFile;C:\WINDOWS\WindowsShell.Manifest;SUCCESS;AllocationSize: 4.096, EndOfFile: 749, NumberOfLinks: 1, DeletePending: False, Directory: False
16:41:41;9623428;cmd.exe;3564;QueryStandardInformationFile;C:\WINDOWS\WindowsShell.Manifest;SUCCESS;AllocationSize: 4.096, EndOfFile: 749, NumberOfLinks: 1, DeletePending: False, Directory: False
16:41:41;9624640;cmd.exe;3564;CreateFile;C:\WINDOWS\WindowsShell.Config;NAME NOT FOUND;Desired Access: Generic Read/Execute, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, AllocationSize: n/a
16:41:41;9764122;cmd.exe;3564;CloseFile;C:\WINDOWS\WindowsShell.Manifest;SUCCESS;
16:41:41;9765572;cmd.exe;3564;RegOpenKey;HKCU;SUCCESS;Desired Access: Read
16:41:41;9766181;cmd.exe;3564;RegOpenKey;HKCU\Control Panel\Desktop;SUCCESS;Desired Access: Read
16:41:41;9766482;cmd.exe;3564;RegQueryValue;HKCU\Control Panel\Desktop\SmoothScroll;NAME NOT FOUND;Length: 144
16:41:41;9766921;cmd.exe;3564;RegCloseKey;HKCU\Control Panel\Desktop;SUCCESS;
16:41:41;9767295;cmd.exe;3564;RegOpenKey;HKCU\software\Microsoft\Windows\CurrentVersion\Explorer\Advanced;SUCCESS;Desired Access: Read
16:41:41;9767647;cmd.exe;3564;RegQueryValue;HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\EnableBalloonTips;NAME NOT FOUND;Length: 144
16:41:41;9768041;cmd.exe;3564;RegCloseKey;HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced;SUCCESS;
16:41:41;9768262;cmd.exe;3564;RegCloseKey;HKCU;SUCCESS;
16:41:41;9768460;cmd.exe;3564;RegOpenKey;HKLM\Software\Microsoft\Windows NT\CurrentVersion\LanguagePack;SUCCESS;Desired Access: Query Value
16:41:41;9768815;cmd.exe;3564;RegEnumValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack;NO MORE ENTRIES;Index: 0, Length: 220
16:41:41;9769075;cmd.exe;3564;RegCloseKey;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack;SUCCESS;
16:41:41;9775545;cmd.exe;3564;Load Image;C:\WINDOWS\system32\comctl32.dll;SUCCESS;Image Base: 0x5d090000, Image Size: 0x9a000
16:41:41;9777830;cmd.exe;3564;RegOpenKey;HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\comctl32.dll;NAME NOT FOUND;Desired Access: Read
16:41:41;9779936;cmd.exe;3564;RegOpenKey;HKCU;SUCCESS;Desired Access: Maximum Allowed
16:41:41;9780364;cmd.exe;3564;RegOpenKey;HKCU\Software\Policies\Microsoft\Control Panel\Desktop;NAME NOT FOUND;Desired Access: Read
16:41:41;9780582;cmd.exe;3564;RegOpenKey;HKCU\Control Panel\Desktop;SUCCESS;Desired Access: Read
16:41:41;9780878;cmd.exe;3564;RegQueryValue;HKCU\Control Panel\Desktop\MultiUILanguageId;NAME NOT FOUND;Length: 256
16:41:41;9781258;cmd.exe;3564;RegCloseKey;HKCU\Control Panel\Desktop;SUCCESS;
16:41:41;9781467;cmd.exe;3564;RegCloseKey;HKCU;SUCCESS;
16:41:41;9784918;cmd.exe;3564;CreateFile;C:\WINDOWS\system32\comctl32.dll;SUCCESS;Desired Access: Generic Read/Execute, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, AllocationSize: n/a, OpenResult: Opened
16:41:41;9789725;cmd.exe;3564;QueryStandardInformationFile;C:\WINDOWS\system32\comctl32.dll;SUCCESS;AllocationSize: 618.496, EndOfFile: 617.472, NumberOfLinks: 1, DeletePending: False, Directory: False
16:41:41;9792357;cmd.exe;3564;CreateFile;C:\WINDOWS\system32\comctl32.dll.124.Manifest;NAME NOT FOUND;Desired Access: Generic Read/Execute, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, AllocationSize: n/a
16:41:41;9795603;cmd.exe;3564;CreateFile;C:\WINDOWS\system32\comctl32.dll.124.Config;NAME NOT FOUND;Desired Access: Generic Read/Execute, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, AllocationSize: n/a
16:41:41;9810999;cmd.exe;3564;CloseFile;C:\WINDOWS\system32\comctl32.dll;SUCCESS;
16:41:41;9812672;cmd.exe;3564;RegOpenKey;HKCU;SUCCESS;Desired Access: Read
16:41:41;9813242;cmd.exe;3564;RegOpenKey;HKCU\Control Panel\Desktop;SUCCESS;Desired Access: Read
16:41:41;9813564;cmd.exe;3564;RegQueryValue;HKCU\Control Panel\Desktop\SmoothScroll;NAME NOT FOUND;Length: 144
16:41:41;9813999;cmd.exe;3564;RegCloseKey;HKCU\Control Panel\Desktop;SUCCESS;
16:41:41;9814310;cmd.exe;3564;RegCloseKey;HKCU;SUCCESS;
16:41:41;9817550;cmd.exe;3564;RegOpenKey;HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon;SUCCESS;Desired Access: Maximum Allowed
16:41:41;9817972;cmd.exe;3564;RegQueryValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserEnvDebugLevel;NAME NOT FOUND;Length: 144
16:41:41;9818338;cmd.exe;3564;RegCloseKey;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon;SUCCESS;
16:41:41;9818486;cmd.exe;3564;RegOpenKey;HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon;SUCCESS;Desired Access: Maximum Allowed
16:41:41;9818771;cmd.exe;3564;RegQueryValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\ChkAccDebugLevel;NAME NOT FOUND;Length: 144
16:41:41;9819053;cmd.exe;3564;RegCloseKey;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon;SUCCESS;
16:41:41;9819229;cmd.exe;3564;RegOpenKey;HKLM\System\CurrentControlSet\Control\ProductOptions;SUCCESS;Desired Access: Read
16:41:41;9819718;cmd.exe;3564;RegQueryValue;HKLM\System\CurrentControlSet\Control\ProductOptions\ProductType;SUCCESS;Type: REG_SZ, Length: 12, Data: WinNT
16:41:41;9820254;cmd.exe;3564;RegCloseKey;HKLM\System\CurrentControlSet\Control\ProductOptions;SUCCESS;
16:41:41;9821109;cmd.exe;3564;RegOpenKey;HKCU;SUCCESS;Desired Access: Read
16:41:41;9821425;cmd.exe;3564;RegOpenKey;HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders;SUCCESS;Desired Access: Read
16:41:41;9821785;cmd.exe;3564;RegQueryValue;HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Personal;SUCCESS;Type: REG_EXPAND_SZ, Length: 54, Data: %USERPROFILE%\My Documents
16:41:41;9822073;cmd.exe;3564;RegQueryValue;HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Local Settings;SUCCESS;Type: REG_EXPAND_SZ, Length: 58, Data: %USERPROFILE%\Local Settings
16:41:41;9822509;cmd.exe;3564;RegCloseKey;HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders;SUCCESS;
16:41:41;9822707;cmd.exe;3564;RegCloseKey;HKCU;SUCCESS;
16:41:41;9822922;cmd.exe;3564;RegOpenKey;HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon;SUCCESS;Desired Access: Maximum Allowed
16:41:41;9823314;cmd.exe;3564;RegQueryValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\RsopDebugLevel;NAME NOT FOUND;Length: 144
16:41:41;9823618;cmd.exe;3564;RegCloseKey;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon;SUCCESS;
16:41:41;9823747;cmd.exe;3564;RegOpenKey;HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon;SUCCESS;Desired Access: Maximum Allowed
16:41:41;9824026;cmd.exe;3564;RegQueryValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserEnvDebugLevel;NAME NOT FOUND;Length: 144
16:41:41;9824224;cmd.exe;3564;RegQueryValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\RsopLogging;NAME NOT FOUND;Length: 144
16:41:41;9824501;cmd.exe;3564;RegCloseKey;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon;SUCCESS;
16:41:41;9824601;cmd.exe;3564;RegOpenKey;HKLM\Software\Policies\Microsoft\Windows\System;SUCCESS;Desired Access: Maximum Allowed
16:41:41;9825087;cmd.exe;3564;RegQueryValue;HKLM\SOFTWARE\Policies\Microsoft\Windows\System\UserEnvDebugLevel;NAME NOT FOUND;Length: 144
16:41:41;9825406;cmd.exe;3564;RegQueryValue;HKLM\SOFTWARE\Policies\Microsoft\Windows\System\RsopLogging;NAME NOT FOUND;Length: 144
16:41:41;9825666;cmd.exe;3564;RegCloseKey;HKLM\SOFTWARE\Policies\Microsoft\Windows\System;SUCCESS;
16:41:41;9825814;cmd.exe;3564;RegOpenKey;HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon;SUCCESS;Desired Access: Maximum Allowed
16:41:41;9826102;cmd.exe;3564;RegQueryValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserEnvDebugLevel;NAME NOT FOUND;Length: 144
16:41:41;9826387;cmd.exe;3564;RegCloseKey;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon;SUCCESS;
16:41:41;9826509;cmd.exe;3564;RegOpenKey;HKLM\Software\Policies\Microsoft\Windows\System;SUCCESS;Desired Access: Maximum Allowed
16:41:41;9826783;cmd.exe;3564;RegQueryValue;HKLM\SOFTWARE\Policies\Microsoft\Windows\System\UserEnvDebugLevel;NAME NOT FOUND;Length: 144
16:41:41;9827037;cmd.exe;3564;RegCloseKey;HKLM\SOFTWARE\Policies\Microsoft\Windows\System;SUCCESS;
16:41:41;9827605;cmd.exe;3564;RegOpenKey;HKCU;SUCCESS;Desired Access: Read/Write
16:41:41;9827878;cmd.exe;3564;RegOpenKey;HKCU\Software\Microsoft\Windows\CurrentVersion\ThemeManager;SUCCESS;Desired Access: Query Value
16:41:41;9828169;cmd.exe;3564;RegQueryValue;HKCU\Software\Microsoft\Windows\CurrentVersion\ThemeManager\Compositing;NAME NOT FOUND;Length: 144
16:41:41;9828473;cmd.exe;3564;RegCloseKey;HKCU\Software\Microsoft\Windows\CurrentVersion\ThemeManager;SUCCESS;
16:41:41;9828652;cmd.exe;3564;RegCloseKey;HKCU;SUCCESS;
16:41:41;9829013;cmd.exe;3564;RegOpenKey;HKCU;SUCCESS;Desired Access: Read
16:41:41;9829272;cmd.exe;3564;RegOpenKey;HKCU\Control Panel\Desktop;SUCCESS;Desired Access: Query Value
16:41:41;9829529;cmd.exe;3564;RegQueryValue;HKCU\Control Panel\Desktop\LameButtonText;NAME NOT FOUND;Length: 144
16:41:41;9829839;cmd.exe;3564;RegCloseKey;HKCU\Control Panel\Desktop;SUCCESS;
16:41:41;9830024;cmd.exe;3564;RegCloseKey;HKCU;SUCCESS;
16:41:41;9831105;cmd.exe;3564;RegOpenKey;HKCU;SUCCESS;Desired Access: Maximum Allowed
16:41:41;9831412;cmd.exe;3564;RegOpenKey;HKCU\Software\Policies\Microsoft\Control Panel\Desktop;NAME NOT FOUND;Desired Access: Read
16:41:41;9831608;cmd.exe;3564;RegOpenKey;HKCU\Control Panel\Desktop;SUCCESS;Desired Access: Read
16:41:41;9831862;cmd.exe;3564;RegQueryValue;HKCU\Control Panel\Desktop\MultiUILanguageId;NAME NOT FOUND;Length: 256
16:41:41;9832125;cmd.exe;3564;RegCloseKey;HKCU\Control Panel\Desktop;SUCCESS;
16:41:41;9832303;cmd.exe;3564;RegCloseKey;HKCU;SUCCESS;
16:41:41;9834826;cmd.exe;3564;RegOpenKey;HKCU;SUCCESS;Desired Access: Maximum Allowed
16:41:41;9835128;cmd.exe;3564;RegOpenKey;HKCU\Software\Policies\Microsoft\Windows\System;NAME NOT FOUND;Desired Access: Read
16:41:41;9836740;cmd.exe;3564;RegOpenKey;HKLM\Software\Microsoft\Command Processor;SUCCESS;Desired Access: Maximum Allowed
16:41:41;9837058;cmd.exe;3564;RegQueryValue;HKLM\SOFTWARE\Microsoft\Command Processor\DisableUNCCheck;NAME NOT FOUND;Length: 144
16:41:41;9837248;cmd.exe;3564;RegQueryValue;HKLM\SOFTWARE\Microsoft\Command Processor\EnableExtensions;SUCCESS;Type: REG_DWORD, Length: 4, Data: 1
16:41:41;9837441;cmd.exe;3564;RegQueryValue;HKLM\SOFTWARE\Microsoft\Command Processor\DelayedExpansion;NAME NOT FOUND;Length: 144
16:41:41;9837609;cmd.exe;3564;RegQueryValue;HKLM\SOFTWARE\Microsoft\Command Processor\DefaultColor;SUCCESS;Type: REG_DWORD, Length: 4, Data: 0
16:41:41;9837776;cmd.exe;3564;RegQueryValue;HKLM\SOFTWARE\Microsoft\Command Processor\CompletionChar;SUCCESS;Type: REG_DWORD, Length: 4, Data: 64
16:41:41;9837949;cmd.exe;3564;RegQueryValue;HKLM\SOFTWARE\Microsoft\Command Processor\PathCompletionChar;SUCCESS;Type: REG_DWORD, Length: 4, Data: 64
16:41:41;9838125;cmd.exe;3564;RegQueryValue;HKLM\SOFTWARE\Microsoft\Command Processor\AutoRun;SUCCESS;Type: REG_SZ, Length: 2, Data: 
16:41:41;9838410;cmd.exe;3564;RegCloseKey;HKLM\SOFTWARE\Microsoft\Command Processor;SUCCESS;
16:41:41;9838533;cmd.exe;3564;RegOpenKey;HKCU\Software\Microsoft\Command Processor;SUCCESS;Desired Access: Maximum Allowed
16:41:41;9838964;cmd.exe;3564;RegQueryValue;HKCU\Software\Microsoft\Command Processor\DisableUNCCheck;NAME NOT FOUND;Length: 144
16:41:41;9839349;cmd.exe;3564;RegQueryValue;HKCU\Software\Microsoft\Command Processor\EnableExtensions;SUCCESS;Type: REG_DWORD, Length: 4, Data: 1
16:41:41;9839539;cmd.exe;3564;RegQueryValue;HKCU\Software\Microsoft\Command Processor\DelayedExpansion;NAME NOT FOUND;Length: 144
16:41:41;9839715;cmd.exe;3564;RegQueryValue;HKCU\Software\Microsoft\Command Processor\DefaultColor;SUCCESS;Type: REG_DWORD, Length: 4, Data: 0
16:41:41;9839891;cmd.exe;3564;RegQueryValue;HKCU\Software\Microsoft\Command Processor\CompletionChar;SUCCESS;Type: REG_DWORD, Length: 4, Data: 9
16:41:41;9840073;cmd.exe;3564;RegQueryValue;HKCU\Software\Microsoft\Command Processor\PathCompletionChar;NAME NOT FOUND;Length: 144
16:41:41;9840249;cmd.exe;3564;RegQueryValue;HKCU\Software\Microsoft\Command Processor\AutoRun;NAME NOT FOUND;Length: 144
16:41:41;9840508;cmd.exe;3564;RegCloseKey;HKCU\Software\Microsoft\Command Processor;SUCCESS;
16:41:41;9843188;cmd.exe;3564;QueryOpen;C:\Program Files\MySQL\MySQL Workbench 5.2 OSS;SUCCESS;CreationTime: 22-02-2010 10:59:08, LastAccessTime: 22-02-2010 16:41:41, LastWriteTime: 22-02-2010 12:00:04, ChangeTime: 22-02-2010 12:00:04, AllocationSize: 0, EndOfFile: 0, FileAttributes: D
16:41:41;9843601;cmd.exe;3564;CreateFile;C:\;SUCCESS;Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened
16:41:41;9843998;cmd.exe;3564;QueryDirectory;C:\Program Files;SUCCESS;Filter: Program Files, 1: Program Files
16:41:41;9844461;cmd.exe;3564;CloseFile;C:\;SUCCESS;
16:41:41;9845501;cmd.exe;3564;CreateFile;C:\Program Files;SUCCESS;Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened
16:41:41;9845850;cmd.exe;3564;QueryDirectory;C:\Program Files\MySQL;SUCCESS;Filter: MySQL, 1: MySQL
16:41:41;9846258;cmd.exe;3564;CloseFile;C:\Program Files;SUCCESS;
16:41:41;9847800;cmd.exe;3564;CreateFile;C:\Program Files\MySQL;SUCCESS;Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened
16:41:41;9848711;cmd.exe;3564;QueryDirectory;C:\Program Files\MySQL\MySQL Workbench 5.2 OSS;SUCCESS;Filter: MySQL Workbench 5.2 OSS, 1: MySQL Workbench 5.2 OSS
16:41:41;9849674;cmd.exe;3564;CloseFile;C:\Program Files\MySQL;SUCCESS;
16:41:41;9851186;cmd.exe;3564;QueryOpen;C:\Program Files\MySQL\MySQL Workbench 5.2 OSS;SUCCESS;CreationTime: 22-02-2010 10:59:08, LastAccessTime: 22-02-2010 16:41:41, LastWriteTime: 22-02-2010 12:00:04, ChangeTime: 22-02-2010 12:00:04, AllocationSize: 0, EndOfFile: 0, FileAttributes: D
16:41:41;9852613;cmd.exe;3564;RegOpenKey;HKLM\System\CurrentControlSet\Control\Nls\Codepage;SUCCESS;Desired Access: Read
16:41:41;9853111;cmd.exe;3564;RegQueryValue;HKLM\System\CurrentControlSet\Control\Nls\CodePage\850;SUCCESS;Type: REG_SZ, Length: 20, Data: c_850.nls
16:41:41;9853468;cmd.exe;3564;RegOpenKey;HKLM\System\CurrentControlSet\Control\Nls\Locale;SUCCESS;Desired Access: Read
16:41:41;9853775;cmd.exe;3564;RegOpenKey;HKLM\System\CurrentControlSet\Control\Nls\Locale\Alternate Sorts;SUCCESS;Desired Access: Read
16:41:41;9854072;cmd.exe;3564;RegOpenKey;HKLM\System\CurrentControlSet\Control\Nls\Language Groups;SUCCESS;Desired Access: Read
16:41:41;9854424;cmd.exe;3564;RegQueryValue;HKLM\System\CurrentControlSet\Control\Nls\Locale\00000413;SUCCESS;Type: REG_SZ, Length: 4, Data: 1
16:41:41;9854658;cmd.exe;3564;RegQueryValue;HKLM\System\CurrentControlSet\Control\Nls\Language Groups\1;SUCCESS;Type: REG_SZ, Length: 4, Data: 1
16:41:41;9859480;cmd.exe;3564;CreateFile;C:\Program Files\MySQL\MySQL Workbench 5.2 OSS;SUCCESS;Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened
16:41:41;9860458;cmd.exe;3564;QueryDirectory;C:\Program Files\MySQL\MySQL Workbench 5.2 OSS\sc.*;NO SUCH FILE;Filter: sc.*
16:41:41;9861464;cmd.exe;3564;CloseFile;C:\Program Files\MySQL\MySQL Workbench 5.2 OSS;SUCCESS;
16:41:41;9863126;cmd.exe;3564;CreateFile;C:\Program Files\MySQL\MySQL Workbench 5.2 OSS;SUCCESS;Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened
16:41:41;9864034;cmd.exe;3564;QueryDirectory;C:\Program Files\MySQL\MySQL Workbench 5.2 OSS\sc;NO SUCH FILE;Filter: sc
16:41:41;9864953;cmd.exe;3564;CloseFile;C:\Program Files\MySQL\MySQL Workbench 5.2 OSS;SUCCESS;
16:41:41;9868129;cmd.exe;3564;CreateFile;C:\Program Files\PHP;SUCCESS;Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened
16:41:41;9869216;cmd.exe;3564;QueryDirectory;C:\Program Files\PHP\sc.*;NO SUCH FILE;Filter: sc.*
16:41:41;9870180;cmd.exe;3564;CloseFile;C:\Program Files\PHP;SUCCESS;
16:41:41;9871767;cmd.exe;3564;CreateFile;C:\Program Files\PHP;SUCCESS;Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened
16:41:41;9872675;cmd.exe;3564;QueryDirectory;C:\Program Files\PHP\sc;NO SUCH FILE;Filter: sc
16:41:41;9873582;cmd.exe;3564;CloseFile;C:\Program Files\PHP;SUCCESS;
16:41:41;9874636;cmd.exe;3564;CreateFile;C:\Program Files\imagemagick-6.4.9-q16;SUCCESS;Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened
16:41:41;9875018;cmd.exe;3564;QueryDirectory;C:\Program Files\ImageMagick-6.4.9-Q16\sc.*;NO SUCH FILE;Filter: sc.*
16:41:41;9875412;cmd.exe;3564;CloseFile;C:\Program Files\ImageMagick-6.4.9-Q16;SUCCESS;
16:41:41;9876479;cmd.exe;3564;CreateFile;C:\Program Files\imagemagick-6.4.9-q16;SUCCESS;Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened
16:41:41;9876879;cmd.exe;3564;QueryDirectory;C:\Program Files\ImageMagick-6.4.9-Q16\sc;NO SUCH FILE;Filter: sc
16:41:41;9877242;cmd.exe;3564;CloseFile;C:\Program Files\ImageMagick-6.4.9-Q16;SUCCESS;
16:41:41;9879393;cmd.exe;3564;CreateFile;C:\WINDOWS\system32;SUCCESS;Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened
16:41:41;9880812;cmd.exe;3564;QueryDirectory;C:\WINDOWS\system32\sc.*;SUCCESS;Filter: sc.*, 1: sc.exe
16:41:41;9882514;cmd.exe;3564;CloseFile;C:\WINDOWS\system32;SUCCESS;
16:41:41;9884553;cmd.exe;3564;CreateFile;C:\WINDOWS\system32;SUCCESS;Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened
16:41:41;9885956;cmd.exe;3564;QueryDirectory;C:\WINDOWS\system32\sc.COM;NO SUCH FILE;Filter: sc.COM
16:41:41;9887391;cmd.exe;3564;CloseFile;C:\WINDOWS\system32;SUCCESS;
16:41:41;9889408;cmd.exe;3564;CreateFile;C:\WINDOWS\system32;SUCCESS;Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened
16:41:41;9890794;cmd.exe;3564;QueryDirectory;C:\WINDOWS\system32\sc.EXE;SUCCESS;Filter: sc.EXE, 1: sc.exe
16:41:41;9892641;cmd.exe;3564;CloseFile;C:\WINDOWS\system32;SUCCESS;
16:41:41;9896119;cmd.exe;3564;CreateFile;C:\WINDOWS\system32\sc.exe;SUCCESS;Desired Access: Read Data/List Directory, Execute/Traverse, Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened
16:41:41;9900075;cmd.exe;3564;RegOpenKey;HKLM\System\CurrentControlSet\Control\Session Manager\AppCertDlls;NAME NOT FOUND;Desired Access: Query Value
16:41:41;9900463;cmd.exe;3564;RegOpenKey;HKLM\System\CurrentControlSet\Control\Session Manager\AppCompatibility;SUCCESS;Desired Access: Query Value
16:41:41;9900879;cmd.exe;3564;RegQueryValue;HKLM\System\CurrentControlSet\Control\Session Manager\AppCompatibility\DisableAppCompat;NAME NOT FOUND;Length: 20
16:41:41;9901217;cmd.exe;3564;RegCloseKey;HKLM\System\CurrentControlSet\Control\Session Manager\AppCompatibility;SUCCESS;
16:41:41;9904044;cmd.exe;3564;QueryOpen;C:\WINDOWS\system32\apphelp.dll;SUCCESS;CreationTime: 28-02-2006 13:00:00, LastAccessTime: 22-02-2010 16:41:39, LastWriteTime: 14-04-2008 01:11:49, ChangeTime: 07-09-2008 18:13:55, AllocationSize: 126.976, EndOfFile: 125.952, FileAttributes: A
16:41:41;9906475;cmd.exe;3564;CreateFile;C:\WINDOWS\system32\apphelp.dll;SUCCESS;Desired Access: Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened
16:41:41;9910037;cmd.exe;3564;QueryStandardInformationFile;C:\WINDOWS\system32\apphelp.dll;SUCCESS;AllocationSize: 126.976, EndOfFile: 125.952, NumberOfLinks: 1, DeletePending: False, Directory: False
16:41:41;9913708;cmd.exe;3564;CloseFile;C:\WINDOWS\system32\apphelp.dll;SUCCESS;
16:41:41;9917557;cmd.exe;3564;QueryOpen;C:\WINDOWS\system32\apphelp.dll;SUCCESS;CreationTime: 28-02-2006 13:00:00, LastAccessTime: 22-02-2010 16:41:42, LastWriteTime: 14-04-2008 01:11:49, ChangeTime: 07-09-2008 18:13:55, AllocationSize: 126.976, EndOfFile: 125.952, FileAttributes: A
16:41:41;9920686;cmd.exe;3564;CreateFile;C:\WINDOWS\system32\apphelp.dll;SUCCESS;Desired Access: Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened
16:41:41;9927564;cmd.exe;3564;CloseFile;C:\WINDOWS\system32\apphelp.dll;SUCCESS;
16:41:41;9930699;cmd.exe;3564;Load Image;C:\WINDOWS\system32\apphelp.dll;SUCCESS;Image Base: 0x77b40000, Image Size: 0x22000
16:41:41;9932297;cmd.exe;3564;RegOpenKey;HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Apphelp.dll;NAME NOT FOUND;Desired Access: Read
16:41:41;9935493;cmd.exe;3564;CreateFile;C:\WINDOWS\AppPatch\sysmain.sdb;SUCCESS;Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, AllocationSize: n/a, OpenResult: Opened
16:41:41;9938750;cmd.exe;3564;QueryStandardInformationFile;C:\WINDOWS\AppPatch\sysmain.sdb;SUCCESS;AllocationSize: 1.208.320, EndOfFile: 1.206.508, NumberOfLinks: 1, DeletePending: False, Directory: False
16:41:41;9940759;cmd.exe;3564;QueryStandardInformationFile;C:\WINDOWS\AppPatch\sysmain.sdb;SUCCESS;AllocationSize: 1.208.320, EndOfFile: 1.206.508, NumberOfLinks: 1, DeletePending: False, Directory: False
16:41:41;9942940;cmd.exe;3564;QueryStandardInformationFile;C:\WINDOWS\AppPatch\sysmain.sdb;SUCCESS;AllocationSize: 1.208.320, EndOfFile: 1.206.508, NumberOfLinks: 1, DeletePending: False, Directory: False
16:41:41;9945290;cmd.exe;3564;CreateFile;C:\WINDOWS\AppPatch\systest.sdb;NAME NOT FOUND;Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, AllocationSize: n/a
16:41:41;9947665;cmd.exe;3564;RegOpenKey;HKLM\System\WPA\TabletPC;NAME NOT FOUND;Desired Access: Query Value, WOW64_64Key
16:41:41;9947949;cmd.exe;3564;RegOpenKey;HKLM\SYSTEM\WPA\MediaCenter;SUCCESS;Desired Access: Query Value, WOW64_64Key
16:41:41;9948329;cmd.exe;3564;RegQueryValue;HKLM\SYSTEM\WPA\MediaCenter\Installed;SUCCESS;Type: REG_DWORD, Length: 4, Data: 0
16:41:41;9948684;cmd.exe;3564;RegCloseKey;HKLM\SYSTEM\WPA\MediaCenter;SUCCESS;
16:41:41;9951045;cmd.exe;3564;CreateFile;C:\WINDOWS\system32;SUCCESS;Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened
16:41:41;9952528;cmd.exe;3564;QueryDirectory;C:\WINDOWS\system32\sc.exe;SUCCESS;Filter: sc.exe, 1: sc.exe
16:41:41;9954070;cmd.exe;3564;CloseFile;C:\WINDOWS\system32;SUCCESS;
16:41:41;9957710;cmd.exe;3564;QueryOpen;C:\WINDOWS\system32\sc.exe;SUCCESS;CreationTime: 28-02-2006 13:00:00, LastAccessTime: 22-02-2010 16:41:39, LastWriteTime: 06-02-2009 11:39:08, ChangeTime: 22-02-2010 12:18:51, AllocationSize: 36.864, EndOfFile: 35.328, FileAttributes: A
16:41:41;9958082;cmd.exe;3564;CreateFile;C:\;SUCCESS;Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened
16:41:41;9958426;cmd.exe;3564;QueryDirectory;C:\WINDOWS;SUCCESS;Filter: WINDOWS, 1: WINDOWS
16:41:41;9958825;cmd.exe;3564;CloseFile;C:\;SUCCESS;
16:41:41;9960350;cmd.exe;3564;CreateFile;C:\WINDOWS;SUCCESS;Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened
16:41:41;9961225;cmd.exe;3564;QueryDirectory;C:\WINDOWS\system32;SUCCESS;Filter: system32, 1: system32
16:41:41;9962180;cmd.exe;3564;CloseFile;C:\WINDOWS;SUCCESS;
16:41:41;9964183;cmd.exe;3564;CreateFile;C:\WINDOWS\system32;SUCCESS;Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened
16:41:41;9965580;cmd.exe;3564;QueryDirectory;C:\WINDOWS\system32\sc.exe;SUCCESS;Filter: sc.exe, 1: sc.exe
16:41:41;9967064;cmd.exe;3564;CloseFile;C:\WINDOWS\system32;SUCCESS;
16:41:41;9967480;cmd.exe;3564;RegOpenKey;HKLM\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers;SUCCESS;Desired Access: Read, WOW64_64Key
16:41:41;9967952;cmd.exe;3564;RegQueryValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\WINDOWS\system32\sc.exe;NAME NOT FOUND;Length: 1.024
16:41:41;9968259;cmd.exe;3564;RegCloseKey;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers;SUCCESS;
16:41:41;9968550;cmd.exe;3564;RegOpenKey;HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers;NAME NOT FOUND;Desired Access: Read, WOW64_64Key
16:41:41;9968798;cmd.exe;3564;RegOpenKey;HKLM\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom\sc.exe;NAME NOT FOUND;Desired Access: Read, WOW64_64Key
16:41:41;9972690;cmd.exe;3564;QueryOpen;C:\WINDOWS\system32\sc.exe;SUCCESS;CreationTime: 28-02-2006 13:00:00, LastAccessTime: 22-02-2010 16:41:39, LastWriteTime: 06-02-2009 11:39:08, ChangeTime: 22-02-2010 12:18:51, AllocationSize: 36.864, EndOfFile: 35.328, FileAttributes: A
16:41:41;9976188;cmd.exe;3564;QueryOpen;C:\WINDOWS\system32\sc.exe;SUCCESS;CreationTime: 28-02-2006 13:00:00, LastAccessTime: 22-02-2010 16:41:39, LastWriteTime: 06-02-2009 11:39:08, ChangeTime: 22-02-2010 12:18:51, AllocationSize: 36.864, EndOfFile: 35.328, FileAttributes: A
16:41:41;9978599;cmd.exe;3564;CreateFile;C:\WINDOWS\system32\sc.exe;SUCCESS;Desired Access: Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened
16:41:41;9981959;cmd.exe;3564;QueryStandardInformationFile;C:\WINDOWS\system32\sc.exe;SUCCESS;AllocationSize: 36.864, EndOfFile: 35.328, NumberOfLinks: 1, DeletePending: False, Directory: False
16:41:41;9984169;cmd.exe;3564;CloseFile;C:\WINDOWS\system32\sc.exe;SUCCESS;
16:41:41;9987217;cmd.exe;3564;QueryOpen;C:\WINDOWS\system32\sc.exe;SUCCESS;CreationTime: 28-02-2006 13:00:00, LastAccessTime: 22-02-2010 16:41:42, LastWriteTime: 06-02-2009 11:39:08, ChangeTime: 22-02-2010 12:18:51, AllocationSize: 36.864, EndOfFile: 35.328, FileAttributes: A
16:41:41;9990958;cmd.exe;3564;CreateFile;C:\WINDOWS\system32\sc.exe;SUCCESS;Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened
16:41:41;9994011;cmd.exe;3564;QueryStandardInformationFile;C:\WINDOWS\system32\sc.exe;SUCCESS;AllocationSize: 36.864, EndOfFile: 35.328, NumberOfLinks: 1, DeletePending: False, Directory: False
16:41:41;9996185;cmd.exe;3564;CloseFile;C:\WINDOWS\system32\sc.exe;SUCCESS;
16:41:41;9999643;cmd.exe;3564;QueryOpen;C:\WINDOWS\system32\sc.exe;SUCCESS;CreationTime: 28-02-2006 13:00:00, LastAccessTime: 22-02-2010 16:41:42, LastWriteTime: 06-02-2009 11:39:08, ChangeTime: 22-02-2010 12:18:51, AllocationSize: 36.864, EndOfFile: 35.328, FileAttributes: A
16:41:42;2495;cmd.exe;3564;CreateFile;C:\WINDOWS\system32\sc.exe;SUCCESS;Desired Access: Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened
16:41:42;5608;cmd.exe;3564;QueryStandardInformationFile;C:\WINDOWS\system32\sc.exe;SUCCESS;AllocationSize: 36.864, EndOfFile: 35.328, NumberOfLinks: 1, DeletePending: False, Directory: False
16:41:42;8446;cmd.exe;3564;CloseFile;C:\WINDOWS\system32\sc.exe;SUCCESS;
16:41:42;12243;cmd.exe;3564;QueryOpen;C:\WINDOWS\system32\sc.exe;SUCCESS;CreationTime: 28-02-2006 13:00:00, LastAccessTime: 22-02-2010 16:41:42, LastWriteTime: 06-02-2009 11:39:08, ChangeTime: 22-02-2010 12:18:51, AllocationSize: 36.864, EndOfFile: 35.328, FileAttributes: A
16:41:42;15131;cmd.exe;3564;CreateFile;C:\WINDOWS\system32\sc.exe;SUCCESS;Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened
16:41:42;18696;cmd.exe;3564;QueryStandardInformationFile;C:\WINDOWS\system32\sc.exe;SUCCESS;AllocationSize: 36.864, EndOfFile: 35.328, NumberOfLinks: 1, DeletePending: False, Directory: False
16:41:42;21517;cmd.exe;3564;CloseFile;C:\WINDOWS\system32\sc.exe;SUCCESS;
16:41:42;23579;cmd.exe;3564;RegOpenKey;HKLM\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags;SUCCESS;Desired Access: Read, WOW64_64Key
16:41:42;24146;cmd.exe;3564;RegQueryValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\{be0aa9f6-56c7-4157-bcfe-dfee31a77987};NAME NOT FOUND;Length: 1.024
16:41:42;24473;cmd.exe;3564;RegCloseKey;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags;SUCCESS;
16:41:42;24755;cmd.exe;3564;RegOpenKey;HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags;NAME NOT FOUND;Desired Access: Read, WOW64_64Key
16:41:42;28435;cmd.exe;3564;CloseFile;C:\WINDOWS\AppPatch\sysmain.sdb;SUCCESS;
16:41:42;29119;cmd.exe;3564;RegOpenKey;HKLM\System\CurrentControlSet\Control\SafeBoot\Option;NAME NOT FOUND;Desired Access: Query Value, Set Value
16:41:42;29507;cmd.exe;3564;RegOpenKey;HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers;SUCCESS;Desired Access: Query Value
16:41:42;29876;cmd.exe;3564;RegQueryValue;HKLM\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\TransparentEnabled;SUCCESS;Type: REG_DWORD, Length: 4, Data: 1
16:41:42;30094;cmd.exe;3564;RegQueryValue;HKLM\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\AuthenticodeEnabled;SUCCESS;Type: REG_DWORD, Length: 4, Data: 0
16:41:42;30401;cmd.exe;3564;RegCloseKey;HKLM\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers;SUCCESS;
16:41:42;30910;cmd.exe;3564;RegOpenKey;HKLM\Software\Policies\Microsoft\Windows\Safer\LevelObjects;NAME NOT FOUND;Desired Access: Read
16:41:42;31111;cmd.exe;3564;RegOpenKey;HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers;SUCCESS;Desired Access: Query Value
16:41:42;31401;cmd.exe;3564;RegQueryValue;HKLM\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\Levels;NAME NOT FOUND;Length: 536
16:41:42;31672;cmd.exe;3564;RegCloseKey;HKLM\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers;SUCCESS;
16:41:42;32226;cmd.exe;3564;RegOpenKey;HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths;SUCCESS;Desired Access: Read
16:41:42;32555;cmd.exe;3564;RegEnumKey;HKLM\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths;SUCCESS;Index: 0, Name: {dda3f824-d8cb-441b-834d-be2efd2c1a33}
16:41:42;32790;cmd.exe;3564;RegOpenKey;HKLM\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33};SUCCESS;Desired Access: Read
16:41:42;33117;cmd.exe;3564;RegQueryValue;HKLM\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\ItemData;SUCCESS;Type: REG_EXPAND_SZ, Length: 190, Data: %HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cache%OLK*
16:41:42;33365;cmd.exe;3564;RegQueryValue;HKLM\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\SaferFlags;SUCCESS;Type: REG_DWORD, Length: 4, Data: 0
16:41:42;33678;cmd.exe;3564;RegCloseKey;HKLM\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33};SUCCESS;
16:41:42;33818;cmd.exe;3564;RegEnumKey;HKLM\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths;NO MORE ENTRIES;Index: 1, Length: 280
16:41:42;34117;cmd.exe;3564;RegCloseKey;HKLM\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths;SUCCESS;
16:41:42;34217;cmd.exe;3564;RegOpenKey;HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes;SUCCESS;Desired Access: Read
16:41:42;34804;cmd.exe;3564;RegEnumKey;HKLM\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes;SUCCESS;Index: 0, Name: {349d35ab-37b5-462f-9b89-edd5fbde1328}
16:41:42;35044;cmd.exe;3564;RegOpenKey;HKLM\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328};SUCCESS;Desired Access: Read
16:41:42;35374;cmd.exe;3564;RegQueryValue;HKLM\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\ItemData;SUCCESS;Type: REG_BINARY, Length: 16, Data: 5E AB 30 4F 95 7A 49 89 6A 00 6C 1C 31 15 40 15
16:41:42;35620;cmd.exe;3564;RegQueryValue;HKLM\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\HashAlg;SUCCESS;Type: REG_DWORD, Length: 4, Data: 32771
16:41:42;35838;cmd.exe;3564;RegQueryValue;HKLM\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\ItemSize;SUCCESS;Type: REG_QWORD, Length: 8, Data: 
16:41:42;36517;cmd.exe;3564;RegQueryValue;HKLM\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\SaferFlags;SUCCESS;Type: REG_DWORD, Length: 4, Data: 0
16:41:42;36874;cmd.exe;3564;RegCloseKey;HKLM\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328};SUCCESS;
16:41:42;37022;cmd.exe;3564;RegEnumKey;HKLM\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes;SUCCESS;Index: 1, Name: {7fb9cd2e-3076-4df9-a57b-b813f72dbb91}
16:41:42;37240;cmd.exe;3564;RegOpenKey;HKLM\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91};SUCCESS;Desired Access: Read
16:41:42;37547;cmd.exe;3564;RegQueryValue;HKLM\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\ItemData;SUCCESS;Type: REG_BINARY, Length: 16, Data: 67 B0 D4 8B 34 3A 3F D3 BC E9 DC 64 67 04 F3 94
16:41:42;37779;cmd.exe;3564;RegQueryValue;HKLM\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\HashAlg;SUCCESS;Type: REG_DWORD, Length: 4, Data: 32771
16:41:42;38103;cmd.exe;3564;RegQueryValue;HKLM\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\ItemSize;SUCCESS;Type: REG_QWORD, Length: 8, Data: 
16:41:42;38330;cmd.exe;3564;RegQueryValue;HKLM\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\SaferFlags;SUCCESS;Type: REG_DWORD, Length: 4, Data: 0
16:41:42;38654;cmd.exe;3564;RegCloseKey;HKLM\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91};SUCCESS;
16:41:42;38799;cmd.exe;3564;RegEnumKey;HKLM\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes;SUCCESS;Index: 2, Name: {81d1fe15-dd9d-4762-b16d-7c29ddecae3f}
16:41:42;39017;cmd.exe;3564;RegOpenKey;HKLM\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f};SUCCESS;Desired Access: Read
16:41:42;39344;cmd.exe;3564;RegQueryValue;HKLM\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\ItemData;SUCCESS;Type: REG_BINARY, Length: 16, Data: 32 78 02 DC FE F8 C8 93 DC 8A B0 06 DD 84 7D 1D
16:41:42;39581;cmd.exe;3564;RegQueryValue;HKLM\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\HashAlg;SUCCESS;Type: REG_DWORD, Length: 4, Data: 32771
16:41:42;39799;cmd.exe;3564;RegQueryValue;HKLM\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\ItemSize;SUCCESS;Type: REG_QWORD, Length: 8, Data: 
16:41:42;40014;cmd.exe;3564;RegQueryValue;HKLM\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\SaferFlags;SUCCESS;Type: REG_DWORD, Length: 4, Data: 0
16:41:42;40341;cmd.exe;3564;RegCloseKey;HKLM\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f};SUCCESS;
16:41:42;40486;cmd.exe;3564;RegEnumKey;HKLM\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes;SUCCESS;Index: 3, Name: {94e3e076-8f53-42a5-8411-085bcc18a68d}
16:41:42;41763;cmd.exe;3564;RegOpenKey;HKLM\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d};SUCCESS;Desired Access: Read
16:41:42;42302;cmd.exe;3564;RegQueryValue;HKLM\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\ItemData;SUCCESS;Type: REG_BINARY, Length: 16, Data: BD 9A 2A DB 42 EB D8 56 0E 25 0E 4D F8 16 2F 67
16:41:42;42570;cmd.exe;3564;RegQueryValue;HKLM\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\HashAlg;SUCCESS;Type: REG_DWORD, Length: 4, Data: 32771
16:41:42;42786;cmd.exe;3564;RegQueryValue;HKLM\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\ItemSize;SUCCESS;Type: REG_QWORD, Length: 8, Data: 
16:41:42;43009;cmd.exe;3564;RegQueryValue;HKLM\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\SaferFlags;SUCCESS;Type: REG_DWORD, Length: 4, Data: 0
16:41:42;43361;cmd.exe;3564;RegCloseKey;HKLM\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d};SUCCESS;
16:41:42;43515;cmd.exe;3564;RegEnumKey;HKLM\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes;SUCCESS;Index: 4, Name: {dc971ee5-44eb-4fe4-ae2e-b91490411bfc}
16:41:42;43755;cmd.exe;3564;RegOpenKey;HKLM\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc};SUCCESS;Desired Access: Read
16:41:42;44110;cmd.exe;3564;RegQueryValue;HKLM\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\ItemData;SUCCESS;Type: REG_BINARY, Length: 16, Data: 38 6B 08 5F 84 EC F6 69 D3 6B 95 6A 22 C0 1E 80
16:41:42;44356;cmd.exe;3564;RegQueryValue;HKLM\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\HashAlg;SUCCESS;Type: REG_DWORD, Length: 4, Data: 32771
16:41:42;44568;cmd.exe;3564;RegQueryValue;HKLM\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\ItemSize;SUCCESS;Type: REG_QWORD, Length: 8, Data: 
16:41:42;44783;cmd.exe;3564;RegQueryValue;HKLM\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\SaferFlags;SUCCESS;Type: REG_DWORD, Length: 4, Data: 0
16:41:42;45107;cmd.exe;3564;RegCloseKey;HKLM\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc};SUCCESS;
16:41:42;45252;cmd.exe;3564;RegEnumKey;HKLM\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes;NO MORE ENTRIES;Index: 5, Length: 280
16:41:42;45864;cmd.exe;3564;RegCloseKey;HKLM\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes;SUCCESS;
16:41:42;45998;cmd.exe;3564;RegOpenKey;HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\UrlZones;NAME NOT FOUND;Desired Access: Read
16:41:42;46250;cmd.exe;3564;RegOpenKey;HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\4096\Paths;NAME NOT FOUND;Desired Access: Read
16:41:42;46445;cmd.exe;3564;RegOpenKey;HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\4096\Hashes;NAME NOT FOUND;Desired Access: Read
16:41:42;46630;cmd.exe;3564;RegOpenKey;HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\4096\UrlZones;NAME NOT FOUND;Desired Access: Read
16:41:42;46814;cmd.exe;3564;RegOpenKey;HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\65536\Paths;NAME NOT FOUND;Desired Access: Read
16:41:42;46996;cmd.exe;3564;RegOpenKey;HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\65536\Hashes;NAME NOT FOUND;Desired Access: Read
16:41:42;47174;cmd.exe;3564;RegOpenKey;HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\65536\UrlZones;NAME NOT FOUND;Desired Access: Read
16:41:42;47356;cmd.exe;3564;RegOpenKey;HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\131072\Paths;NAME NOT FOUND;Desired Access: Read
16:41:42;47540;cmd.exe;3564;RegOpenKey;HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\131072\Hashes;NAME NOT FOUND;Desired Access: Read
16:41:42;49082;cmd.exe;3564;RegOpenKey;HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\131072\UrlZones;NAME NOT FOUND;Desired Access: Read
16:41:42;49281;cmd.exe;3564;RegOpenKey;HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths;NAME NOT FOUND;Desired Access: Read
16:41:42;49462;cmd.exe;3564;RegOpenKey;HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Hashes;NAME NOT FOUND;Desired Access: Read
16:41:42;49641;cmd.exe;3564;RegOpenKey;HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\UrlZones;NAME NOT FOUND;Desired Access: Read
16:41:42;50013;cmd.exe;3564;RegOpenKey;HKCU\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths;NAME NOT FOUND;Desired Access: Read
16:41:42;50421;cmd.exe;3564;RegOpenKey;HKCU\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes;NAME NOT FOUND;Desired Access: Read
16:41:42;51007;cmd.exe;3564;RegOpenKey;HKCU\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\UrlZones;NAME NOT FOUND;Desired Access: Read
16:41:42;51348;cmd.exe;3564;RegOpenKey;HKCU\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\4096\Paths;NAME NOT FOUND;Desired Access: Read
16:41:42;51689;cmd.exe;3564;RegOpenKey;HKCU\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\4096\Hashes;NAME NOT FOUND;Desired Access: Read
16:41:42;52027;cmd.exe;3564;RegOpenKey;HKCU\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\4096\UrlZones;NAME NOT FOUND;Desired Access: Read
16:41:42;52371;cmd.exe;3564;RegOpenKey;HKCU\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\65536\Paths;NAME NOT FOUND;Desired Access: Read
16:41:42;52714;cmd.exe;3564;RegOpenKey;HKCU\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\65536\Hashes;NAME NOT FOUND;Desired Access: Read
16:41:42;53052;cmd.exe;3564;RegOpenKey;HKCU\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\65536\UrlZones;NAME NOT FOUND;Desired Access: Read
16:41:42;53393;cmd.exe;3564;RegOpenKey;HKCU\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\131072\Paths;NAME NOT FOUND;Desired Access: Read
16:41:42;53731;cmd.exe;3564;RegOpenKey;HKCU\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\131072\Hashes;NAME NOT FOUND;Desired Access: Read
16:41:42;54069;cmd.exe;3564;RegOpenKey;HKCU\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\131072\UrlZones;NAME NOT FOUND;Desired Access: Read
16:41:42;54611;cmd.exe;3564;RegOpenKey;HKCU\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths;NAME NOT FOUND;Desired Access: Read
16:41:42;54971;cmd.exe;3564;RegOpenKey;HKCU\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Hashes;NAME NOT FOUND;Desired Access: Read
16:41:42;55309;cmd.exe;3564;RegOpenKey;HKCU\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\UrlZones;NAME NOT FOUND;Desired Access: Read
16:41:42;55511;cmd.exe;3564;RegOpenKey;HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers;SUCCESS;Desired Access: Read
16:41:42;55812;cmd.exe;3564;RegQueryValue;HKLM\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\DefaultLevel;SUCCESS;Type: REG_DWORD, Length: 4, Data: 262144
16:41:42;56111;cmd.exe;3564;RegCloseKey;HKLM\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers;SUCCESS;
16:41:42;56349;cmd.exe;3564;RegOpenKey;HKCU\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers;NAME NOT FOUND;Desired Access: Read
16:41:42;57047;cmd.exe;3564;RegOpenKey;HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers;SUCCESS;Desired Access: Query Value
16:41:42;57335;cmd.exe;3564;RegQueryValue;HKLM\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\PolicyScope;SUCCESS;Type: REG_DWORD, Length: 4, Data: 0
16:41:42;57715;cmd.exe;3564;RegCloseKey;HKLM\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers;SUCCESS;
16:41:42;60601;cmd.exe;3564;QueryNameInformationFile;C:\WINDOWS\system32\sc.exe;SUCCESS;Name: \WINDOWS\system32\sc.exe
16:41:42;63168;cmd.exe;3564;QueryOpen;C:\WINDOWS\system32\sc.exe;SUCCESS;CreationTime: 28-02-2006 13:00:00, LastAccessTime: 22-02-2010 16:41:42, LastWriteTime: 06-02-2009 11:39:08, ChangeTime: 22-02-2010 12:18:51, AllocationSize: 36.864, EndOfFile: 35.328, FileAttributes: A
16:41:42;63548;cmd.exe;3564;CreateFile;C:\;SUCCESS;Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened
16:41:42;63922;cmd.exe;3564;QueryDirectory;C:\WINDOWS;SUCCESS;Filter: WINDOWS, 1: WINDOWS
16:41:42;64344;cmd.exe;3564;CloseFile;C:\;SUCCESS;
16:41:42;65881;cmd.exe;3564;CreateFile;C:\WINDOWS;SUCCESS;Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened
16:41:42;66763;cmd.exe;3564;QueryDirectory;C:\WINDOWS\system32;SUCCESS;Filter: system32, 1: system32
16:41:42;67842;cmd.exe;3564;CloseFile;C:\WINDOWS;SUCCESS;
16:41:42;69881;cmd.exe;3564;CreateFile;C:\WINDOWS\system32;SUCCESS;Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened
16:41:42;71284;cmd.exe;3564;QueryDirectory;C:\WINDOWS\system32\sc.exe;SUCCESS;Filter: sc.exe, 1: sc.exe
16:41:42;72767;cmd.exe;3564;CloseFile;C:\WINDOWS\system32;SUCCESS;
16:41:42;74862;cmd.exe;3564;QueryStandardInformationFile;C:\WINDOWS\system32\sc.exe;SUCCESS;AllocationSize: 36.864, EndOfFile: 35.328, NumberOfLinks: 1, DeletePending: False, Directory: False
16:41:42;77315;cmd.exe;3564;QueryStandardInformationFile;C:\WINDOWS\system32\sc.exe;SUCCESS;AllocationSize: 36.864, EndOfFile: 35.328, NumberOfLinks: 1, DeletePending: False, Directory: False
16:41:42;78125;cmd.exe;3564;RegOpenKey;HKCU;SUCCESS;Desired Access: Read
16:41:42;78460;cmd.exe;3564;RegOpenKey;HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders;SUCCESS;Desired Access: Read
16:41:42;78846;cmd.exe;3564;RegCloseKey;HKCU;SUCCESS;
16:41:42;79050;cmd.exe;3564;RegQueryValue;HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cache;BUFFER OVERFLOW;Length: 144
16:41:42;79340;cmd.exe;3564;RegQueryValue;HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cache;SUCCESS;Type: REG_SZ, Length: 150, Data: C:\Documents and Settings\Margriet\Local Settings\Temporary Internet Files
16:41:42;79670;cmd.exe;3564;RegCloseKey;HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders;SUCCESS;
16:41:42;79966;cmd.exe;3564;RegOpenKey;HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers;SUCCESS;Desired Access: Query Value
16:41:42;80299;cmd.exe;3564;RegQueryValue;HKLM\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\LogFileName;NAME NOT FOUND;Length: 536
16:41:42;80572;cmd.exe;3564;RegCloseKey;HKLM\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers;SUCCESS;
16:41:42;80659;cmd.exe;3564;RegOpenKey;HKLM\System\CurrentControlSet\Control\SafeBoot\Option;NAME NOT FOUND;Desired Access: Query Value, Set Value
16:41:42;81528;cmd.exe;3564;RegOpenKey;HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sc.exe;NAME NOT FOUND;Desired Access: Read
16:41:42;85358;cmd.exe;3564;CreateFile;C:\WINDOWS\system32\sc.exe.Manifest;NAME NOT FOUND;Desired Access: Generic Read/Execute, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, AllocationSize: n/a
16:41:42;89638;cmd.exe;3564;QueryOpen;C:\Program Files\MySQL\MySQL Workbench 5.2 OSS;SUCCESS;CreationTime: 22-02-2010 10:59:08, LastAccessTime: 22-02-2010 16:41:42, LastWriteTime: 22-02-2010 12:00:04, ChangeTime: 22-02-2010 12:00:04, AllocationSize: 0, EndOfFile: 0, FileAttributes: D
16:41:42;91328;cmd.exe;3564;Process Create;C:\WINDOWS\system32\sc.exe;SUCCESS;PID: 424, Command line: sc query mysql 
16:41:42;94714;cmd.exe;3564;CloseFile;C:\WINDOWS\system32\sc.exe;SUCCESS;
16:41:42;1048642;cmd.exe;3564;RegOpenKey;HKCU;SUCCESS;Desired Access: Maximum Allowed
16:41:42;1049123;cmd.exe;3564;RegOpenKey;HKCU\Software\Policies\Microsoft\Control Panel\Desktop;NAME NOT FOUND;Desired Access: Read
16:41:42;1049338;cmd.exe;3564;RegOpenKey;HKCU\Control Panel\Desktop;SUCCESS;Desired Access: Read
16:41:42;1049623;cmd.exe;3564;RegQueryValue;HKCU\Control Panel\Desktop\MultiUILanguageId;NAME NOT FOUND;Length: 256
16:41:42;1049969;cmd.exe;3564;RegCloseKey;HKCU\Control Panel\Desktop;SUCCESS;
16:41:42;1050151;cmd.exe;3564;RegCloseKey;HKCU;SUCCESS;
16:41:42;1056283;cmd.exe;3564;RegCloseKey;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32;SUCCESS;
16:41:42;1057479;cmd.exe;3564;RegOpenKey;HKLM\Software\Microsoft\Windows NT\CurrentVersion\GRE_Initialize;SUCCESS;Desired Access: Read
16:41:42;1057892;cmd.exe;3564;RegQueryValue;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles;NAME NOT FOUND;Length: 20
16:41:42;1058183;cmd.exe;3564;RegCloseKey;HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize;SUCCESS;
16:41:42;1058839;cmd.exe;3564;Thread Exit;;SUCCESS;User Time: 0.0000000, Kernel Time: 0.0625000
16:41:42;1064896;cmd.exe;3564;Process Exit;;SUCCESS;Exit Status: 0, User Time: 0.0156250, Kernel Time: 0.0468750, Private Bytes: 2.011.136, Peak Private Bytes: 2.060.288, Working Set: 2.727.936, Peak Working Set: 2.744.320
16:41:42;1068530;cmd.exe;3564;CloseFile;C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83;SUCCESS;