Time of Day,Process Name,PID,Operation,Path,Result,Detail
37:46.0,LocalServiceControl.exe,9196,Thread Create,,SUCCESS,Thread ID: 5908
37:46.0,LocalServiceControl.exe,9196,Load Image,C:\Program Files (x86)\LocalServiceComponents\LocalServiceControl.exe,SUCCESS,"Image Base: 0x5d0000, Image Size: 0x65000"
37:46.0,LocalServiceControl.exe,9196,Load Image,C:\Windows\System32\ntdll.dll,SUCCESS,"Image Base: 0x7ffe897f0000, Image Size: 0x1f6000"
37:46.0,LocalServiceControl.exe,9196,Load Image,C:\Windows\SysWOW64\ntdll.dll,SUCCESS,"Image Base: 0x770f0000, Image Size: 0x1a3000"
37:46.0,LocalServiceControl.exe,9196,CreateFile,C:\Windows\Prefetch\LOCALSERVICECONTROL.EXE-BBF52986.pf,SUCCESS,"Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Attributes: n/a, ShareMode: None, AllocationSize: n/a, OpenResult: Opened"
37:46.0,LocalServiceControl.exe,9196,QueryEAFile,C:\Windows\Prefetch\LOCALSERVICECONTROL.EXE-BBF52986.pf,SUCCESS,
37:46.0,LocalServiceControl.exe,9196,QueryStandardInformationFile,C:\Windows\Prefetch\LOCALSERVICECONTROL.EXE-BBF52986.pf,SUCCESS,"AllocationSize: 20,480, EndOfFile: 16,405, NumberOfLinks: 1, DeletePending: False, Directory: False"
37:46.0,LocalServiceControl.exe,9196,ReadFile,C:\Windows\Prefetch\LOCALSERVICECONTROL.EXE-BBF52986.pf,SUCCESS,"Offset: 0, Length: 16,405, Priority: Normal"
37:46.0,LocalServiceControl.exe,9196,CloseFile,C:\Windows\Prefetch\LOCALSERVICECONTROL.EXE-BBF52986.pf,SUCCESS,
37:46.0,LocalServiceControl.exe,9196,RegOpenKey,HKLM\System\CurrentControlSet\Control\Session Manager,REPARSE,Desired Access: Query Value
37:46.0,LocalServiceControl.exe,9196,RegOpenKey,HKLM\System\CurrentControlSet\Control\Session Manager,SUCCESS,Desired Access: Query Value
37:46.0,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Control\Session Manager\RaiseExceptionOnPossibleDeadlock,NAME NOT FOUND,Length: 80
37:46.0,LocalServiceControl.exe,9196,RegCloseKey,HKLM\System\CurrentControlSet\Control\Session Manager,SUCCESS,
37:46.0,LocalServiceControl.exe,9196,RegOpenKey,HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Segment Heap,REPARSE,Desired Access: Query Value
37:46.0,LocalServiceControl.exe,9196,RegOpenKey,HKLM\System\CurrentControlSet\Control\Session Manager\Segment Heap,NAME NOT FOUND,Desired Access: Query Value
37:46.0,LocalServiceControl.exe,9196,RegOpenKey,HKLM\SYSTEM\CurrentControlSet\Control\Session Manager,REPARSE,"Desired Access: Query Value, Enumerate Sub Keys"
37:46.0,LocalServiceControl.exe,9196,RegOpenKey,HKLM\System\CurrentControlSet\Control\Session Manager,SUCCESS,"Desired Access: Query Value, Enumerate Sub Keys"
37:46.0,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Control\Session Manager\ResourcePolicies,NAME NOT FOUND,Length: 24
37:46.0,LocalServiceControl.exe,9196,RegCloseKey,HKLM\System\CurrentControlSet\Control\Session Manager,SUCCESS,
37:46.0,LocalServiceControl.exe,9196,CreateFile,C:\Windows,SUCCESS,"Desired Access: Execute/Traverse, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
37:46.0,LocalServiceControl.exe,9196,Load Image,C:\Windows\System32\wow64.dll,SUCCESS,"Image Base: 0x7ffe87eb0000, Image Size: 0x59000"
37:46.0,LocalServiceControl.exe,9196,Load Image,C:\Windows\System32\wow64win.dll,SUCCESS,"Image Base: 0x7ffe89240000, Image Size: 0x83000"
37:46.0,LocalServiceControl.exe,9196,QueryOpen,C:\Windows\System32\wow64log.dll,NAME NOT FOUND,
37:46.0,LocalServiceControl.exe,9196,CreateFile,C:\Windows,SUCCESS,"Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
37:46.0,LocalServiceControl.exe,9196,QueryNameInformationFile,C:\Windows,SUCCESS,Name: \Windows
37:46.0,LocalServiceControl.exe,9196,CloseFile,C:\Windows,SUCCESS,
37:46.0,LocalServiceControl.exe,9196,RegOpenKey,HKLM\Software\Microsoft\Wow64\x86,SUCCESS,Desired Access: Read
37:46.0,LocalServiceControl.exe,9196,RegQueryValue,HKLM\SOFTWARE\Microsoft\Wow64\x86\LocalServiceControl.exe,NAME NOT FOUND,Length: 520
37:46.0,LocalServiceControl.exe,9196,RegQueryValue,HKLM\SOFTWARE\Microsoft\Wow64\x86\(Default),SUCCESS,"Type: REG_SZ, Length: 26, Data: wow64cpu.dll"
37:46.0,LocalServiceControl.exe,9196,RegCloseKey,HKLM\SOFTWARE\Microsoft\Wow64\x86,SUCCESS,
37:46.0,LocalServiceControl.exe,9196,Load Image,C:\Windows\System32\wow64cpu.dll,SUCCESS,"Image Base: 0x770e0000, Image Size: 0xa000"
37:46.0,LocalServiceControl.exe,9196,RegOpenKey,HKLM\System\CurrentControlSet\Control\Session Manager,REPARSE,Desired Access: Query Value
37:46.0,LocalServiceControl.exe,9196,RegOpenKey,HKLM\System\CurrentControlSet\Control\Session Manager,SUCCESS,Desired Access: Query Value
37:46.0,LocalServiceControl.exe,9196,RegSetInfoKey,HKLM\System\CurrentControlSet\Control\Session Manager,SUCCESS,"KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
37:46.0,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Control\Session Manager\RaiseExceptionOnPossibleDeadlock,NAME NOT FOUND,Length: 80
37:46.0,LocalServiceControl.exe,9196,RegCloseKey,HKLM\System\CurrentControlSet\Control\Session Manager,SUCCESS,
37:46.0,LocalServiceControl.exe,9196,RegOpenKey,HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Segment Heap,REPARSE,Desired Access: Query Value
37:46.0,LocalServiceControl.exe,9196,RegOpenKey,HKLM\System\CurrentControlSet\Control\Session Manager\Segment Heap,NAME NOT FOUND,Desired Access: Query Value
37:46.0,LocalServiceControl.exe,9196,RegOpenKey,HKLM\SYSTEM\CurrentControlSet\Control\Session Manager,REPARSE,"Desired Access: Query Value, Enumerate Sub Keys"
37:46.0,LocalServiceControl.exe,9196,RegOpenKey,HKLM\System\CurrentControlSet\Control\Session Manager,SUCCESS,"Desired Access: Query Value, Enumerate Sub Keys"
37:46.0,LocalServiceControl.exe,9196,RegSetInfoKey,HKLM\System\CurrentControlSet\Control\Session Manager,SUCCESS,"KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
37:46.0,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Control\Session Manager\ResourcePolicies,NAME NOT FOUND,Length: 24
37:46.0,LocalServiceControl.exe,9196,RegCloseKey,HKLM\System\CurrentControlSet\Control\Session Manager,SUCCESS,
37:46.0,LocalServiceControl.exe,9196,CreateFile,C:\Program Files (x86)\LocalServiceComponents,SUCCESS,"Desired Access: Execute/Traverse, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
37:46.0,LocalServiceControl.exe,9196,Load Image,C:\Windows\SysWOW64\kernel32.dll,SUCCESS,"Image Base: 0x750d0000, Image Size: 0xf0000"
37:46.0,LocalServiceControl.exe,9196,Load Image,C:\Windows\SysWOW64\KernelBase.dll,SUCCESS,"Image Base: 0x75c70000, Image Size: 0x214000"
37:46.0,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Control\WMI\Security\3c74afb9-8d82-44e3-b52c-365dbf48382a,NAME NOT FOUND,Length: 528
37:46.0,LocalServiceControl.exe,9196,QueryNameInformationFile,C:\Windows\SysWOW64\KernelBase.dll,SUCCESS,Name: \Windows\SysWOW64\KernelBase.dll
37:46.0,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Control\WMI\Security\05f95efe-7f75-49c7-a994-60a55cc09571,NAME NOT FOUND,Length: 528
37:46.0,LocalServiceControl.exe,9196,QueryNameInformationFile,C:\Windows\SysWOW64\KernelBase.dll,SUCCESS,Name: \Windows\SysWOW64\KernelBase.dll
37:46.0,LocalServiceControl.exe,9196,RegOpenKey,HKLM\System\CurrentControlSet\Control\SafeBoot\Option,REPARSE,"Desired Access: Query Value, Set Value"
37:46.0,LocalServiceControl.exe,9196,RegOpenKey,HKLM\System\CurrentControlSet\Control\SafeBoot\Option,NAME NOT FOUND,"Desired Access: Query Value, Set Value"
37:46.0,LocalServiceControl.exe,9196,RegOpenKey,HKLM\System\CurrentControlSet\Control\Srp\GP\DLL,REPARSE,Desired Access: Read
37:46.0,LocalServiceControl.exe,9196,RegOpenKey,HKLM\System\CurrentControlSet\Control\Srp\GP\DLL,NAME NOT FOUND,Desired Access: Read
37:46.0,LocalServiceControl.exe,9196,RegOpenKey,HKLM\Software\WOW6432Node\Policies\Microsoft\Windows\Safer\CodeIdentifiers,REPARSE,Desired Access: Query Value
37:46.0,LocalServiceControl.exe,9196,RegOpenKey,HKLM\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers,SUCCESS,Desired Access: Query Value
37:46.0,LocalServiceControl.exe,9196,RegSetInfoKey,HKLM\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers,SUCCESS,"KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
37:46.0,LocalServiceControl.exe,9196,RegQueryValue,HKLM\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\TransparentEnabled,SUCCESS,"Type: REG_DWORD, Length: 4, Data: 1"
37:46.0,LocalServiceControl.exe,9196,RegCloseKey,HKLM\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers,SUCCESS,
37:46.0,LocalServiceControl.exe,9196,RegOpenKey,HKCU\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers,NAME NOT FOUND,Desired Access: Query Value
37:46.0,LocalServiceControl.exe,9196,RegOpenKey,HKLM\System\CurrentControlSet\Control\FileSystem\,REPARSE,Desired Access: Read
37:46.0,LocalServiceControl.exe,9196,RegOpenKey,HKLM\System\CurrentControlSet\Control\FileSystem,SUCCESS,Desired Access: Read
37:46.0,LocalServiceControl.exe,9196,RegSetInfoKey,HKLM\System\CurrentControlSet\Control\FileSystem,SUCCESS,"KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
37:46.0,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Control\FileSystem\LongPathsEnabled,SUCCESS,"Type: REG_DWORD, Length: 4, Data: 0"
37:46.0,LocalServiceControl.exe,9196,RegCloseKey,HKLM\System\CurrentControlSet\Control\FileSystem,SUCCESS,
37:46.0,LocalServiceControl.exe,9196,QueryOpen,C:\Windows\SysWOW64\apphelp.dll,SUCCESS,"CreationTime: 10/14/2020 4:38:05 AM, LastAccessTime: 12/25/2020 12:37:36 PM, LastWriteTime: 10/14/2020 4:38:05 AM, ChangeTime: 12/9/2020 2:19:15 AM, AllocationSize: 638,976, EndOfFile: 638,464, FileAttributes: A"
37:46.0,LocalServiceControl.exe,9196,CreateFile,C:\Windows\SysWOW64\apphelp.dll,SUCCESS,"Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
37:46.0,LocalServiceControl.exe,9196,CreateFileMapping,C:\Windows\SysWOW64\apphelp.dll,FILE LOCKED WITH ONLY READERS,"SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READWRITE"
37:46.0,LocalServiceControl.exe,9196,RegOpenKey,HKLM\System\CurrentControlSet\Control\CI,REPARSE,Desired Access: Read
37:46.0,LocalServiceControl.exe,9196,RegOpenKey,HKLM\System\CurrentControlSet\Control\CI,SUCCESS,Desired Access: Read
37:46.0,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Control\CI\Disable26178932,NAME NOT FOUND,Length: 20
37:46.0,LocalServiceControl.exe,9196,RegCloseKey,HKLM\System\CurrentControlSet\Control\CI,SUCCESS,
37:46.0,LocalServiceControl.exe,9196,RegOpenKey,HKLM\System\CurrentControlSet\Control\CI,REPARSE,Desired Access: Query Value
37:46.0,LocalServiceControl.exe,9196,RegOpenKey,HKLM\System\CurrentControlSet\Control\CI,SUCCESS,Desired Access: Query Value
37:46.0,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Control\CI\Disable26178932,NAME NOT FOUND,Length: 80
37:46.0,LocalServiceControl.exe,9196,RegCloseKey,HKLM\System\CurrentControlSet\Control\CI,SUCCESS,
37:46.0,LocalServiceControl.exe,9196,CreateFileMapping,C:\Windows\SysWOW64\apphelp.dll,SUCCESS,SyncType: SyncTypeOther
37:46.0,LocalServiceControl.exe,9196,Load Image,C:\Windows\SysWOW64\apphelp.dll,SUCCESS,"Image Base: 0x74ec0000, Image Size: 0x9f000"
37:46.0,LocalServiceControl.exe,9196,CloseFile,C:\Windows\SysWOW64\apphelp.dll,SUCCESS,
37:46.0,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Control\WMI\Security\8ccca27d-f1d8-4dda-b5dd-339aee937731,NAME NOT FOUND,Length: 528
37:46.0,LocalServiceControl.exe,9196,QueryNameInformationFile,C:\Windows\SysWOW64\apphelp.dll,SUCCESS,Name: \Windows\SysWOW64\apphelp.dll
37:46.0,LocalServiceControl.exe,9196,RegOpenKey,HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\AppCompatFlags,SUCCESS,Desired Access: Query Value
37:46.0,LocalServiceControl.exe,9196,RegSetInfoKey,HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\AppCompatFlags,SUCCESS,"KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
37:46.0,LocalServiceControl.exe,9196,RegQueryValue,HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\LogFlags,NAME NOT FOUND,Length: 20
37:46.0,LocalServiceControl.exe,9196,RegCloseKey,HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\AppCompatFlags,SUCCESS,
37:46.0,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Control\WMI\Security\18608e62-a628-49d9-8c02-55972e097d24,NAME NOT FOUND,Length: 528
37:46.0,LocalServiceControl.exe,9196,QueryNameInformationFile,C:\Windows\SysWOW64\apphelp.dll,SUCCESS,Name: \Windows\SysWOW64\apphelp.dll
37:46.0,LocalServiceControl.exe,9196,RegOpenKey,HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\AppCompatFlags,SUCCESS,Desired Access: Query Value
37:46.0,LocalServiceControl.exe,9196,RegSetInfoKey,HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\AppCompatFlags,SUCCESS,"KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
37:46.0,LocalServiceControl.exe,9196,RegQueryValue,HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\ShowDebugInfo,NAME NOT FOUND,Length: 20
37:46.0,LocalServiceControl.exe,9196,RegCloseKey,HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\AppCompatFlags,SUCCESS,
37:46.0,LocalServiceControl.exe,9196,CreateFile,C:\Program Files (x86)\LocalServiceComponents\LocalServiceControl.exe,SUCCESS,"Desired Access: Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
37:46.0,LocalServiceControl.exe,9196,QuerySecurityFile,C:\Program Files (x86)\LocalServiceComponents\LocalServiceControl.exe,BUFFER OVERFLOW,Information: Owner
37:46.0,LocalServiceControl.exe,9196,QuerySecurityFile,C:\Program Files (x86)\LocalServiceComponents\LocalServiceControl.exe,SUCCESS,Information: Owner
37:46.0,LocalServiceControl.exe,9196,CloseFile,C:\Program Files (x86)\LocalServiceComponents\LocalServiceControl.exe,SUCCESS,
37:46.0,LocalServiceControl.exe,9196,CreateFile,C:\Windows\SysWOW64\ntdll.dll,SUCCESS,"Desired Access: Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
37:46.0,LocalServiceControl.exe,9196,QuerySecurityFile,C:\Windows\SysWOW64\ntdll.dll,BUFFER OVERFLOW,Information: Owner
37:46.0,LocalServiceControl.exe,9196,QuerySecurityFile,C:\Windows\SysWOW64\ntdll.dll,SUCCESS,Information: Owner
37:46.0,LocalServiceControl.exe,9196,CloseFile,C:\Windows\SysWOW64\ntdll.dll,SUCCESS,
37:46.0,LocalServiceControl.exe,9196,CreateFile,C:\Windows\SysWOW64\kernel32.dll,SUCCESS,"Desired Access: Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
37:46.0,LocalServiceControl.exe,9196,QuerySecurityFile,C:\Windows\SysWOW64\kernel32.dll,BUFFER OVERFLOW,Information: Owner
37:46.0,LocalServiceControl.exe,9196,QuerySecurityFile,C:\Windows\SysWOW64\kernel32.dll,SUCCESS,Information: Owner
37:46.0,LocalServiceControl.exe,9196,CloseFile,C:\Windows\SysWOW64\kernel32.dll,SUCCESS,
37:46.0,LocalServiceControl.exe,9196,CreateFile,C:\Windows\SysWOW64\KernelBase.dll,SUCCESS,"Desired Access: Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
37:46.0,LocalServiceControl.exe,9196,QuerySecurityFile,C:\Windows\SysWOW64\KernelBase.dll,BUFFER OVERFLOW,Information: Owner
37:46.0,LocalServiceControl.exe,9196,QuerySecurityFile,C:\Windows\SysWOW64\KernelBase.dll,SUCCESS,Information: Owner
37:46.0,LocalServiceControl.exe,9196,CloseFile,C:\Windows\SysWOW64\KernelBase.dll,SUCCESS,
37:46.0,LocalServiceControl.exe,9196,CreateFile,C:\Windows\apppatch\sysmain.sdb,SUCCESS,"Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
37:46.0,LocalServiceControl.exe,9196,QueryStandardInformationFile,C:\Windows\apppatch\sysmain.sdb,SUCCESS,"AllocationSize: 4,059,136, EndOfFile: 4,056,696, NumberOfLinks: 2, DeletePending: False, Directory: False"
37:46.0,LocalServiceControl.exe,9196,QueryStandardInformationFile,C:\Windows\apppatch\sysmain.sdb,SUCCESS,"AllocationSize: 4,059,136, EndOfFile: 4,056,696, NumberOfLinks: 2, DeletePending: False, Directory: False"
37:46.0,LocalServiceControl.exe,9196,CreateFileMapping,C:\Windows\apppatch\sysmain.sdb,FILE LOCKED WITH ONLY READERS,"SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READWRITE"
37:46.0,LocalServiceControl.exe,9196,QueryStandardInformationFile,C:\Windows\apppatch\sysmain.sdb,SUCCESS,"AllocationSize: 4,059,136, EndOfFile: 4,056,696, NumberOfLinks: 2, DeletePending: False, Directory: False"
37:46.0,LocalServiceControl.exe,9196,CreateFileMapping,C:\Windows\apppatch\sysmain.sdb,SUCCESS,SyncType: SyncTypeOther
37:46.0,LocalServiceControl.exe,9196,RegOpenKey,HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders,SUCCESS,Desired Access: Query Value
37:46.0,LocalServiceControl.exe,9196,RegSetInfoKey,HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders,SUCCESS,"KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
37:46.0,LocalServiceControl.exe,9196,RegQueryValue,HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cache,SUCCESS,"Type: REG_SZ, Length: 118, Data: C:\Users\GTAdmin\AppData\Local\Microsoft\Windows\INetCache"
37:46.0,LocalServiceControl.exe,9196,RegCloseKey,HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders,SUCCESS,
37:46.0,LocalServiceControl.exe,9196,RegOpenKey,HKLM\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers,SUCCESS,Desired Access: Read
37:46.0,LocalServiceControl.exe,9196,RegSetInfoKey,HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers,SUCCESS,"KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
37:46.0,LocalServiceControl.exe,9196,RegQueryValue,HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Program Files (x86)\LocalServiceComponents\LocalServiceControl.exe,NAME NOT FOUND,"Length: 1,024"
37:46.0,LocalServiceControl.exe,9196,RegCloseKey,HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers,SUCCESS,
37:46.0,LocalServiceControl.exe,9196,RegOpenKey,HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers,SUCCESS,Desired Access: Read
37:46.0,LocalServiceControl.exe,9196,RegSetInfoKey,HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers,SUCCESS,"KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
37:46.0,LocalServiceControl.exe,9196,RegQueryValue,HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Program Files (x86)\LocalServiceComponents\LocalServiceControl.exe,SUCCESS,"Type: REG_SZ, Length: 30, Data: ~ HIGHDPIAWARE"
37:46.0,LocalServiceControl.exe,9196,RegCloseKey,HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers,SUCCESS,
37:46.0,LocalServiceControl.exe,9196,CreateFile,C:\Program Files (x86)\LocalServiceComponents\LocalServiceControl.exe,SUCCESS,"Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, AllocationSize: n/a, OpenResult: Opened"
37:46.0,LocalServiceControl.exe,9196,RegOpenKey,HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders,SUCCESS,Desired Access: Query Value
37:46.0,LocalServiceControl.exe,9196,RegSetInfoKey,HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders,SUCCESS,"KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
37:46.0,LocalServiceControl.exe,9196,RegQueryValue,HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cache,SUCCESS,"Type: REG_SZ, Length: 118, Data: C:\Users\GTAdmin\AppData\Local\Microsoft\Windows\INetCache"
37:46.0,LocalServiceControl.exe,9196,RegCloseKey,HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders,SUCCESS,
37:46.0,LocalServiceControl.exe,9196,QuerySecurityFile,C:\Program Files (x86)\LocalServiceComponents\LocalServiceControl.exe,SUCCESS,"Information: Owner, Group, DACL, SACL, Label, Attribute, Process Trust Label, 0x100"
37:46.0,LocalServiceControl.exe,9196,CreateFile,C:\Windows\apppatch\sysmain.sdb,SUCCESS,"Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, AllocationSize: n/a, OpenResult: Opened"
37:46.0,LocalServiceControl.exe,9196,QueryBasicInformationFile,C:\Windows\apppatch\sysmain.sdb,SUCCESS,"CreationTime: 12/9/2020 2:18:08 AM, LastAccessTime: 12/25/2020 12:37:46 PM, LastWriteTime: 12/9/2020 2:18:08 AM, ChangeTime: 12/9/2020 2:41:25 AM, FileAttributes: A"
37:46.0,LocalServiceControl.exe,9196,CloseFile,C:\Windows\apppatch\sysmain.sdb,SUCCESS,
37:46.0,LocalServiceControl.exe,9196,QueryBasicInformationFile,C:\Program Files (x86)\LocalServiceComponents\LocalServiceControl.exe,SUCCESS,"CreationTime: 12/25/2020 2:07:46 AM, LastAccessTime: 12/25/2020 12:37:46 PM, LastWriteTime: 1/9/2020 10:18:32 AM, ChangeTime: 12/25/2020 12:03:59 PM, FileAttributes: A"
37:46.0,LocalServiceControl.exe,9196,CloseFile,C:\Program Files (x86)\LocalServiceComponents\LocalServiceControl.exe,SUCCESS,
37:46.0,LocalServiceControl.exe,9196,CreateFile,C:\Program Files (x86)\LocalServiceComponents\LocalServiceControl.exe,SUCCESS,"Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, AllocationSize: n/a, OpenResult: Opened"
37:46.0,LocalServiceControl.exe,9196,RegOpenKey,HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders,SUCCESS,Desired Access: Query Value
37:46.0,LocalServiceControl.exe,9196,RegSetInfoKey,HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders,SUCCESS,"KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
37:46.0,LocalServiceControl.exe,9196,RegQueryValue,HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cache,SUCCESS,"Type: REG_SZ, Length: 118, Data: C:\Users\GTAdmin\AppData\Local\Microsoft\Windows\INetCache"
37:46.0,LocalServiceControl.exe,9196,RegCloseKey,HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders,SUCCESS,
37:46.0,LocalServiceControl.exe,9196,QuerySecurityFile,C:\Program Files (x86)\LocalServiceComponents\LocalServiceControl.exe,SUCCESS,"Information: Owner, Group, DACL, SACL, Label, Attribute, Process Trust Label, 0x100"
37:46.0,LocalServiceControl.exe,9196,QueryBasicInformationFile,C:\Program Files (x86)\LocalServiceComponents\LocalServiceControl.exe,SUCCESS,"CreationTime: 12/25/2020 2:07:46 AM, LastAccessTime: 12/25/2020 12:37:46 PM, LastWriteTime: 1/9/2020 10:18:32 AM, ChangeTime: 12/25/2020 12:03:59 PM, FileAttributes: A"
37:46.0,LocalServiceControl.exe,9196,CloseFile,C:\Program Files (x86)\LocalServiceComponents\LocalServiceControl.exe,SUCCESS,
37:46.0,LocalServiceControl.exe,9196,CloseFile,C:\Windows\apppatch\sysmain.sdb,SUCCESS,
37:46.0,LocalServiceControl.exe,9196,Load Image,C:\Windows\SysWOW64\shell32.dll,SUCCESS,"Image Base: 0x75230000, Image Size: 0x5b3000"
37:46.0,LocalServiceControl.exe,9196,Load Image,C:\Windows\SysWOW64\msvcp_win.dll,SUCCESS,"Image Base: 0x765f0000, Image Size: 0x7b000"
37:46.0,LocalServiceControl.exe,9196,Load Image,C:\Windows\SysWOW64\ucrtbase.dll,SUCCESS,"Image Base: 0x761b0000, Image Size: 0x120000"
37:46.0,LocalServiceControl.exe,9196,Thread Create,,SUCCESS,Thread ID: 9656
37:46.0,LocalServiceControl.exe,9196,Thread Create,,SUCCESS,Thread ID: 9036
37:46.0,LocalServiceControl.exe,9196,Load Image,C:\Windows\SysWOW64\user32.dll,SUCCESS,"Image Base: 0x76e70000, Image Size: 0x196000"
37:46.0,LocalServiceControl.exe,9196,Load Image,C:\Windows\SysWOW64\win32u.dll,SUCCESS,"Image Base: 0x76e00000, Image Size: 0x18000"
37:46.0,LocalServiceControl.exe,9196,Load Image,C:\Windows\SysWOW64\gdi32.dll,SUCCESS,"Image Base: 0x76330000, Image Size: 0x23000"
37:46.0,LocalServiceControl.exe,9196,Load Image,C:\Windows\SysWOW64\gdi32full.dll,SUCCESS,"Image Base: 0x75b70000, Image Size: 0xdb000"
37:46.0,LocalServiceControl.exe,9196,RegOpenKey,HKLM\SYSTEM\CurrentControlSet\Control\Session Manager,REPARSE,"Desired Access: Query Value, Enumerate Sub Keys"
37:46.0,LocalServiceControl.exe,9196,RegOpenKey,HKLM\System\CurrentControlSet\Control\Session Manager,SUCCESS,"Desired Access: Query Value, Enumerate Sub Keys"
37:46.0,LocalServiceControl.exe,9196,RegSetInfoKey,HKLM\System\CurrentControlSet\Control\Session Manager,SUCCESS,"KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
37:46.0,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Control\Session Manager\ResourcePolicies,NAME NOT FOUND,Length: 24
37:46.0,LocalServiceControl.exe,9196,RegCloseKey,HKLM\System\CurrentControlSet\Control\Session Manager,SUCCESS,
37:46.0,LocalServiceControl.exe,9196,Thread Create,,SUCCESS,Thread ID: 9796
37:46.0,LocalServiceControl.exe,9196,RegOpenKey,HKLM\System\CurrentControlSet\Control\Session Manager,REPARSE,Desired Access: Query Value
37:46.0,LocalServiceControl.exe,9196,RegOpenKey,HKLM\System\CurrentControlSet\Control\Session Manager,SUCCESS,Desired Access: Query Value
37:46.0,LocalServiceControl.exe,9196,RegSetInfoKey,HKLM\System\CurrentControlSet\Control\Session Manager,SUCCESS,"KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
37:46.0,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Control\Session Manager\SafeDllSearchMode,NAME NOT FOUND,Length: 16
37:46.0,LocalServiceControl.exe,9196,QueryOpen,C:\Program Files (x86)\LocalServiceComponents\Qt5Widgets.dll,SUCCESS,"CreationTime: 12/25/2020 2:07:47 AM, LastAccessTime: 12/25/2020 12:29:01 PM, LastWriteTime: 12/13/2018 5:29:24 PM, ChangeTime: 12/25/2020 11:44:27 AM, AllocationSize: 4,460,544, EndOfFile: 4,459,008, FileAttributes: A"
37:46.0,LocalServiceControl.exe,9196,QueryOpen,C:\Program Files (x86)\LocalServiceComponents\video_control.dll,SUCCESS,"CreationTime: 12/25/2020 2:07:47 AM, LastAccessTime: 12/25/2020 12:29:01 PM, LastWriteTime: 1/9/2020 10:18:56 AM, ChangeTime: 12/25/2020 11:44:27 AM, AllocationSize: 868,352, EndOfFile: 868,352, FileAttributes: A"
37:46.0,LocalServiceControl.exe,9196,QueryOpen,C:\Program Files (x86)\LocalServiceComponents\Qt5Gui.dll,SUCCESS,"CreationTime: 12/25/2020 2:07:47 AM, LastAccessTime: 12/25/2020 12:29:01 PM, LastWriteTime: 12/13/2018 5:29:24 PM, ChangeTime: 12/25/2020 11:44:27 AM, AllocationSize: 5,013,504, EndOfFile: 5,013,504, FileAttributes: A"
37:46.0,LocalServiceControl.exe,9196,QueryOpen,C:\Program Files (x86)\LocalServiceComponents\Qt5Network.dll,SUCCESS,"CreationTime: 12/25/2020 2:07:47 AM, LastAccessTime: 12/25/2020 12:29:01 PM, LastWriteTime: 12/13/2018 5:29:24 PM, ChangeTime: 12/25/2020 11:44:27 AM, AllocationSize: 851,968, EndOfFile: 851,968, FileAttributes: A"
37:46.0,LocalServiceControl.exe,9196,CreateFile,C:\Program Files (x86)\LocalServiceComponents\Qt5Widgets.dll,SUCCESS,"Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
37:46.0,LocalServiceControl.exe,9196,CreateFileMapping,C:\Program Files (x86)\LocalServiceComponents\Qt5Widgets.dll,FILE LOCKED WITH ONLY READERS,"SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READWRITE"
37:46.0,LocalServiceControl.exe,9196,CreateFile,C:\Program Files (x86)\LocalServiceComponents\video_control.dll,SUCCESS,"Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
37:46.0,LocalServiceControl.exe,9196,CreateFile,C:\Program Files (x86)\LocalServiceComponents\Qt5Gui.dll,SUCCESS,"Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
37:46.0,LocalServiceControl.exe,9196,CreateFileMapping,C:\Program Files (x86)\LocalServiceComponents\video_control.dll,FILE LOCKED WITH ONLY READERS,"SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READWRITE"
37:46.0,LocalServiceControl.exe,9196,CreateFile,C:\Program Files (x86)\LocalServiceComponents\Qt5Network.dll,SUCCESS,"Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
37:46.0,LocalServiceControl.exe,9196,CreateFileMapping,C:\Program Files (x86)\LocalServiceComponents\Qt5Gui.dll,FILE LOCKED WITH ONLY READERS,"SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READWRITE"
37:46.0,LocalServiceControl.exe,9196,CreateFileMapping,C:\Program Files (x86)\LocalServiceComponents\Qt5Network.dll,FILE LOCKED WITH ONLY READERS,"SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READWRITE"
37:46.0,LocalServiceControl.exe,9196,RegOpenKey,HKLM\System\CurrentControlSet\Control\CI,REPARSE,Desired Access: Read
37:46.0,LocalServiceControl.exe,9196,RegOpenKey,HKLM\System\CurrentControlSet\Control\CI,SUCCESS,Desired Access: Read
37:46.0,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Control\CI\Disable26178932,NAME NOT FOUND,Length: 20
37:46.0,LocalServiceControl.exe,9196,RegCloseKey,HKLM\System\CurrentControlSet\Control\CI,SUCCESS,
37:46.0,LocalServiceControl.exe,9196,RegOpenKey,HKLM\System\CurrentControlSet\Control\CI,REPARSE,Desired Access: Query Value
37:46.0,LocalServiceControl.exe,9196,RegOpenKey,HKLM\System\CurrentControlSet\Control\CI,SUCCESS,Desired Access: Query Value
37:46.0,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Control\CI\Disable26178932,NAME NOT FOUND,Length: 80
37:46.0,LocalServiceControl.exe,9196,RegCloseKey,HKLM\System\CurrentControlSet\Control\CI,SUCCESS,
37:46.0,LocalServiceControl.exe,9196,CreateFileMapping,C:\Program Files (x86)\LocalServiceComponents\video_control.dll,SUCCESS,SyncType: SyncTypeOther
37:46.0,LocalServiceControl.exe,9196,RegOpenKey,HKLM\System\CurrentControlSet\Control\CI,REPARSE,Desired Access: Read
37:46.0,LocalServiceControl.exe,9196,RegOpenKey,HKLM\System\CurrentControlSet\Control\CI,SUCCESS,Desired Access: Read
37:46.0,LocalServiceControl.exe,9196,RegOpenKey,HKLM\System\CurrentControlSet\Control\CI,REPARSE,Desired Access: Read
37:46.0,LocalServiceControl.exe,9196,Load Image,C:\Program Files (x86)\LocalServiceComponents\video_control.dll,SUCCESS,"Image Base: 0x73aa0000, Image Size: 0xd8000"
37:46.0,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Control\CI\Disable26178932,NAME NOT FOUND,Length: 20
37:46.0,LocalServiceControl.exe,9196,RegCloseKey,HKLM\System\CurrentControlSet\Control\CI,SUCCESS,
37:46.0,LocalServiceControl.exe,9196,RegOpenKey,HKLM\System\CurrentControlSet\Control\CI,SUCCESS,Desired Access: Read
37:46.0,LocalServiceControl.exe,9196,RegOpenKey,HKLM\System\CurrentControlSet\Control\CI,REPARSE,Desired Access: Query Value
37:46.0,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Control\CI\Disable26178932,NAME NOT FOUND,Length: 20
37:46.0,LocalServiceControl.exe,9196,RegOpenKey,HKLM\System\CurrentControlSet\Control\CI,SUCCESS,Desired Access: Query Value
37:46.0,LocalServiceControl.exe,9196,RegCloseKey,HKLM\System\CurrentControlSet\Control\CI,SUCCESS,
37:46.0,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Control\CI\Disable26178932,NAME NOT FOUND,Length: 80
37:46.0,LocalServiceControl.exe,9196,RegOpenKey,HKLM\System\CurrentControlSet\Control\CI,REPARSE,Desired Access: Query Value
37:46.0,LocalServiceControl.exe,9196,RegCloseKey,HKLM\System\CurrentControlSet\Control\CI,SUCCESS,
37:46.0,LocalServiceControl.exe,9196,CreateFileMapping,C:\Program Files (x86)\LocalServiceComponents\Qt5Widgets.dll,SUCCESS,SyncType: SyncTypeOther
37:46.0,LocalServiceControl.exe,9196,RegOpenKey,HKLM\System\CurrentControlSet\Control\CI,SUCCESS,Desired Access: Query Value
37:46.0,LocalServiceControl.exe,9196,RegOpenKey,HKLM\SYSTEM\CurrentControlSet\Control\Nls\CustomLocale,REPARSE,Desired Access: Query Value
37:46.0,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Control\CI\Disable26178932,NAME NOT FOUND,Length: 80
37:46.0,LocalServiceControl.exe,9196,RegOpenKey,HKLM\System\CurrentControlSet\Control\Nls\CustomLocale,SUCCESS,Desired Access: Query Value
37:46.0,LocalServiceControl.exe,9196,RegOpenKey,HKLM\System\CurrentControlSet\Control\CI,REPARSE,Desired Access: Read
37:46.0,LocalServiceControl.exe,9196,RegSetInfoKey,HKLM\System\CurrentControlSet\Control\Nls\CustomLocale,SUCCESS,"KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
37:46.0,LocalServiceControl.exe,9196,RegCloseKey,HKLM\System\CurrentControlSet\Control\CI,SUCCESS,
37:46.0,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Control\Nls\CustomLocale\EMPTY,NAME NOT FOUND,Length: 120
37:46.0,LocalServiceControl.exe,9196,CreateFileMapping,C:\Program Files (x86)\LocalServiceComponents\Qt5Network.dll,SUCCESS,SyncType: SyncTypeOther
37:46.0,LocalServiceControl.exe,9196,RegOpenKey,HKLM\System\CurrentControlSet\Control\CI,SUCCESS,Desired Access: Read
37:46.0,LocalServiceControl.exe,9196,Load Image,C:\Program Files (x86)\LocalServiceComponents\Qt5Widgets.dll,SUCCESS,"Image Base: 0x73b80000, Image Size: 0x444000"
37:46.0,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Control\CI\Disable26178932,NAME NOT FOUND,Length: 20
37:46.0,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Control\Nls\CustomLocale\EMPTY,NAME NOT FOUND,Length: 120
37:46.0,LocalServiceControl.exe,9196,RegCloseKey,HKLM\System\CurrentControlSet\Control\CI,SUCCESS,
37:46.0,LocalServiceControl.exe,9196,RegOpenKey,HKLM\System\CurrentControlSet\Control\CI,REPARSE,Desired Access: Query Value
37:46.0,LocalServiceControl.exe,9196,RegOpenKey,HKLM\System\CurrentControlSet\Control\CI,SUCCESS,Desired Access: Query Value
37:46.0,LocalServiceControl.exe,9196,Load Image,C:\Program Files (x86)\LocalServiceComponents\Qt5Network.dll,SUCCESS,"Image Base: 0x734f0000, Image Size: 0xd6000"
37:46.0,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Control\CI\Disable26178932,NAME NOT FOUND,Length: 80
37:46.0,LocalServiceControl.exe,9196,RegCloseKey,HKLM\System\CurrentControlSet\Control\CI,SUCCESS,
37:46.0,LocalServiceControl.exe,9196,RegOpenKey,HKLM\System\CurrentControlSet\Control\NLS\Language,REPARSE,Desired Access: Read
37:46.0,LocalServiceControl.exe,9196,CreateFileMapping,C:\Program Files (x86)\LocalServiceComponents\Qt5Gui.dll,SUCCESS,SyncType: SyncTypeOther
37:46.0,LocalServiceControl.exe,9196,RegOpenKey,HKLM\System\CurrentControlSet\Control\NLS\Language,SUCCESS,Desired Access: Read
37:46.0,LocalServiceControl.exe,9196,RegSetInfoKey,HKLM\System\CurrentControlSet\Control\Nls\Language,SUCCESS,"KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
37:46.0,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Control\Nls\Language\InstallLanguageFallback,NAME NOT FOUND,Length: 16
37:46.0,LocalServiceControl.exe,9196,Load Image,C:\Program Files (x86)\LocalServiceComponents\Qt5Gui.dll,SUCCESS,"Image Base: 0x735d0000, Image Size: 0x4ce000"
37:46.0,LocalServiceControl.exe,9196,RegCloseKey,HKLM\System\CurrentControlSet\Control\Nls\Language,SUCCESS,
37:46.0,LocalServiceControl.exe,9196,RegOpenKey,HKLM\OSDATA\System\CurrentControlSet\Control\MUI\UILanguages,NAME NOT FOUND,Desired Access: Read
37:46.0,LocalServiceControl.exe,9196,RegOpenKey,HKLM\System\CurrentControlSet\Control\MUI\UILanguages,REPARSE,Desired Access: Read
37:46.0,LocalServiceControl.exe,9196,RegOpenKey,HKLM\System\CurrentControlSet\Control\MUI\UILanguages,SUCCESS,Desired Access: Read
37:46.0,LocalServiceControl.exe,9196,RegSetInfoKey,HKLM\System\CurrentControlSet\Control\MUI\UILanguages,SUCCESS,"KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
37:46.0,LocalServiceControl.exe,9196,RegEnumKey,HKLM\System\CurrentControlSet\Control\MUI\UILanguages,SUCCESS,"Index: 0, Name: en-US"
37:46.0,LocalServiceControl.exe,9196,RegQueryKey,HKLM\System\CurrentControlSet\Control\MUI\UILanguages,SUCCESS,"Query: HandleTags, HandleTags: 0x400"
37:46.0,LocalServiceControl.exe,9196,RegOpenKey,HKLM\System\CurrentControlSet\Control\MUI\UILanguages\en-US,SUCCESS,Desired Access: Read
37:46.0,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Control\MUI\UILanguages\en-US\Type,SUCCESS,"Type: REG_DWORD, Length: 4, Data: 273"
37:46.0,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Control\MUI\UILanguages\en-US\AlternateCodePage,NAME NOT FOUND,Length: 12
37:46.0,LocalServiceControl.exe,9196,RegCloseKey,HKLM\System\CurrentControlSet\Control\MUI\UILanguages\en-US,SUCCESS,
37:46.0,LocalServiceControl.exe,9196,RegEnumKey,HKLM\System\CurrentControlSet\Control\MUI\UILanguages,NO MORE ENTRIES,"Index: 1, Length: 512"
37:46.0,LocalServiceControl.exe,9196,RegCloseKey,HKLM\System\CurrentControlSet\Control\MUI\UILanguages,SUCCESS,
37:46.0,LocalServiceControl.exe,9196,RegOpenKey,HKLM\System\CurrentControlSet\Control\MUI\UILanguages\PendingDelete,REPARSE,Desired Access: Read
37:46.0,LocalServiceControl.exe,9196,RegOpenKey,HKLM\System\CurrentControlSet\Control\MUI\UILanguages\PendingDelete,NAME NOT FOUND,Desired Access: Read
37:46.0,LocalServiceControl.exe,9196,RegOpenKey,HKLM\Software\WOW6432Node\Policies\Microsoft\MUI\Settings,REPARSE,Desired Access: Read
37:46.0,LocalServiceControl.exe,9196,RegOpenKey,HKLM\SOFTWARE\Policies\Microsoft\MUI\Settings,NAME NOT FOUND,Desired Access: Read
37:46.0,LocalServiceControl.exe,9196,RegOpenKey,HKCU,SUCCESS,"Desired Access: Maximum Allowed, Granted Access: All Access"
37:46.0,LocalServiceControl.exe,9196,RegQueryKey,HKCU,SUCCESS,"Query: HandleTags, HandleTags: 0x0"
37:46.0,LocalServiceControl.exe,9196,RegQueryKey,HKCU,SUCCESS,Query: Name
37:46.0,LocalServiceControl.exe,9196,RegOpenKey,HKCU\Control Panel\Desktop\MuiCached\MachineLanguageConfiguration,NAME NOT FOUND,Desired Access: Read
37:46.0,LocalServiceControl.exe,9196,RegOpenKey,HKLM\System\CurrentControlSet\Control\MUI\Settings\LanguageConfiguration,REPARSE,Desired Access: Read
37:46.0,LocalServiceControl.exe,9196,RegOpenKey,HKLM\System\CurrentControlSet\Control\MUI\Settings\LanguageConfiguration,SUCCESS,Desired Access: Read
37:46.0,LocalServiceControl.exe,9196,RegSetInfoKey,HKLM\System\CurrentControlSet\Control\MUI\Settings\LanguageConfiguration,SUCCESS,"KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
37:46.0,LocalServiceControl.exe,9196,RegEnumValue,HKLM\System\CurrentControlSet\Control\MUI\Settings\LanguageConfiguration,NO MORE ENTRIES,"Index: 0, Length: 512"
37:46.0,LocalServiceControl.exe,9196,RegCloseKey,HKLM\System\CurrentControlSet\Control\MUI\Settings\LanguageConfiguration,SUCCESS,
37:46.0,LocalServiceControl.exe,9196,RegCloseKey,HKCU,SUCCESS,
37:46.0,LocalServiceControl.exe,9196,RegOpenKey,HKLM\Software\WOW6432Node\Policies\Microsoft\MUI\Settings,REPARSE,Desired Access: Read
37:46.0,LocalServiceControl.exe,9196,RegOpenKey,HKLM\SOFTWARE\Policies\Microsoft\MUI\Settings,NAME NOT FOUND,Desired Access: Read
37:46.0,LocalServiceControl.exe,9196,RegOpenKey,HKCU,SUCCESS,"Desired Access: Maximum Allowed, Granted Access: All Access"
37:46.0,LocalServiceControl.exe,9196,RegQueryKey,HKCU,SUCCESS,"Query: HandleTags, HandleTags: 0x0"
37:46.0,LocalServiceControl.exe,9196,RegQueryKey,HKCU,SUCCESS,Query: Name
37:46.0,LocalServiceControl.exe,9196,RegOpenKey,HKCU\Software\Policies\Microsoft\Control Panel\Desktop,NAME NOT FOUND,Desired Access: Read
37:46.0,LocalServiceControl.exe,9196,RegQueryKey,HKCU,SUCCESS,"Query: HandleTags, HandleTags: 0x0"
37:46.0,LocalServiceControl.exe,9196,RegQueryKey,HKCU,SUCCESS,Query: Name
37:46.0,LocalServiceControl.exe,9196,RegOpenKey,HKCU\Control Panel\Desktop\LanguageConfiguration,SUCCESS,Desired Access: Read
37:46.0,LocalServiceControl.exe,9196,RegSetInfoKey,HKCU\Control Panel\Desktop\LanguageConfiguration,SUCCESS,"KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
37:46.0,LocalServiceControl.exe,9196,RegEnumValue,HKCU\Control Panel\Desktop\LanguageConfiguration,NO MORE ENTRIES,"Index: 0, Length: 512"
37:46.0,LocalServiceControl.exe,9196,RegCloseKey,HKCU\Control Panel\Desktop\LanguageConfiguration,SUCCESS,
37:46.0,LocalServiceControl.exe,9196,RegCloseKey,HKCU,SUCCESS,
37:46.0,LocalServiceControl.exe,9196,RegOpenKey,HKLM\Software\WOW6432Node\Policies\Microsoft\MUI\Settings,REPARSE,Desired Access: Read
37:46.0,LocalServiceControl.exe,9196,RegOpenKey,HKLM\SOFTWARE\Policies\Microsoft\MUI\Settings,NAME NOT FOUND,Desired Access: Read
37:46.0,LocalServiceControl.exe,9196,RegOpenKey,HKCU,SUCCESS,"Desired Access: Maximum Allowed, Granted Access: All Access"
37:46.0,LocalServiceControl.exe,9196,RegQueryKey,HKCU,SUCCESS,"Query: HandleTags, HandleTags: 0x0"
37:46.0,LocalServiceControl.exe,9196,RegQueryKey,HKCU,SUCCESS,Query: Name
37:46.0,LocalServiceControl.exe,9196,RegOpenKey,HKCU\Software\Policies\Microsoft\Control Panel\Desktop,NAME NOT FOUND,Desired Access: Read
37:46.0,LocalServiceControl.exe,9196,RegQueryKey,HKCU,SUCCESS,"Query: HandleTags, HandleTags: 0x0"
37:46.0,LocalServiceControl.exe,9196,RegQueryKey,HKCU,SUCCESS,Query: Name
37:46.0,LocalServiceControl.exe,9196,RegOpenKey,HKCU\Control Panel\Desktop,SUCCESS,Desired Access: Read
37:46.0,LocalServiceControl.exe,9196,RegSetInfoKey,HKCU\Control Panel\Desktop,SUCCESS,"KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
37:46.0,LocalServiceControl.exe,9196,RegQueryValue,HKCU\Control Panel\Desktop\PreferredUILanguages,NAME NOT FOUND,Length: 12
37:46.0,LocalServiceControl.exe,9196,RegCloseKey,HKCU\Control Panel\Desktop,SUCCESS,
37:46.0,LocalServiceControl.exe,9196,RegCloseKey,HKCU,SUCCESS,
37:46.0,LocalServiceControl.exe,9196,RegOpenKey,HKLM\Software\WOW6432Node\Policies\Microsoft\MUI\Settings,REPARSE,Desired Access: Read
37:46.0,LocalServiceControl.exe,9196,RegOpenKey,HKLM\SOFTWARE\Policies\Microsoft\MUI\Settings,NAME NOT FOUND,Desired Access: Read
37:46.0,LocalServiceControl.exe,9196,RegOpenKey,HKCU,SUCCESS,"Desired Access: Maximum Allowed, Granted Access: All Access"
37:46.0,LocalServiceControl.exe,9196,RegQueryKey,HKCU,SUCCESS,"Query: HandleTags, HandleTags: 0x0"
37:46.0,LocalServiceControl.exe,9196,RegQueryKey,HKCU,SUCCESS,Query: Name
37:46.0,LocalServiceControl.exe,9196,RegOpenKey,HKCU\Control Panel\Desktop\MuiCached,SUCCESS,Desired Access: Read
37:46.0,LocalServiceControl.exe,9196,RegSetInfoKey,HKCU\Control Panel\Desktop\MuiCached,SUCCESS,"KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
37:46.0,LocalServiceControl.exe,9196,RegQueryValue,HKCU\Control Panel\Desktop\MuiCached\MachinePreferredUILanguages,BUFFER OVERFLOW,Length: 12
37:46.0,LocalServiceControl.exe,9196,RegQueryValue,HKCU\Control Panel\Desktop\MuiCached\MachinePreferredUILanguages,SUCCESS,"Type: REG_MULTI_SZ, Length: 12, Data: en-US"
37:46.0,LocalServiceControl.exe,9196,RegCloseKey,HKCU\Control Panel\Desktop\MuiCached,SUCCESS,
37:46.0,LocalServiceControl.exe,9196,RegCloseKey,HKCU,SUCCESS,
37:46.0,LocalServiceControl.exe,9196,RegOpenKey,HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\SideBySide,SUCCESS,Desired Access: Read
37:46.0,LocalServiceControl.exe,9196,RegOpenKey,HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\SideBySide,SUCCESS,Desired Access: Read
37:46.0,LocalServiceControl.exe,9196,RegOpenKey,HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\SideBySide,SUCCESS,Desired Access: Read
37:46.0,LocalServiceControl.exe,9196,RegOpenKey,HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\SideBySide,SUCCESS,Desired Access: Read
37:46.0,LocalServiceControl.exe,9196,RegSetInfoKey,HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\SideBySide,SUCCESS,"KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
37:46.0,LocalServiceControl.exe,9196,RegSetInfoKey,HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\SideBySide,SUCCESS,"KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
37:46.0,LocalServiceControl.exe,9196,RegSetInfoKey,HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\SideBySide,SUCCESS,"KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
37:46.0,LocalServiceControl.exe,9196,RegQueryValue,HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest,NAME NOT FOUND,Length: 20
37:46.0,LocalServiceControl.exe,9196,RegSetInfoKey,HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\SideBySide,SUCCESS,"KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
37:46.0,LocalServiceControl.exe,9196,RegQueryValue,HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest,NAME NOT FOUND,Length: 20
37:46.0,LocalServiceControl.exe,9196,RegQueryValue,HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest,NAME NOT FOUND,Length: 20
37:46.0,LocalServiceControl.exe,9196,RegCloseKey,HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\SideBySide,SUCCESS,
37:46.0,LocalServiceControl.exe,9196,RegQueryValue,HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest,NAME NOT FOUND,Length: 20
37:46.0,LocalServiceControl.exe,9196,RegCloseKey,HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\SideBySide,SUCCESS,
37:46.0,LocalServiceControl.exe,9196,RegCloseKey,HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\SideBySide,SUCCESS,
37:46.0,LocalServiceControl.exe,9196,RegCloseKey,HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\SideBySide,SUCCESS,
37:46.0,LocalServiceControl.exe,9196,CreateFile,C:\Program Files (x86)\LocalServiceComponents\Qt5Gui.dll,SUCCESS,"Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
37:46.0,LocalServiceControl.exe,9196,CreateFile,C:\Program Files (x86)\LocalServiceComponents\Qt5Widgets.dll,SUCCESS,"Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
37:46.0,LocalServiceControl.exe,9196,CreateFile,C:\Program Files (x86)\LocalServiceComponents\Qt5Network.dll,SUCCESS,"Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
37:46.0,LocalServiceControl.exe,9196,CreateFile,C:\Program Files (x86)\LocalServiceComponents\video_control.dll,SUCCESS,"Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
37:46.0,LocalServiceControl.exe,9196,CloseFile,C:\Program Files (x86)\LocalServiceComponents\Qt5Gui.dll,SUCCESS,
37:46.0,LocalServiceControl.exe,9196,CloseFile,C:\Program Files (x86)\LocalServiceComponents\Qt5Widgets.dll,SUCCESS,
37:46.0,LocalServiceControl.exe,9196,Load Image,C:\Windows\SysWOW64\ole32.dll,SUCCESS,"Image Base: 0x75f30000, Image Size: 0xe3000"
37:46.0,LocalServiceControl.exe,9196,CloseFile,C:\Program Files (x86)\LocalServiceComponents\Qt5Widgets.dll,SUCCESS,
37:46.0,LocalServiceControl.exe,9196,CloseFile,C:\Program Files (x86)\LocalServiceComponents\Qt5Network.dll,SUCCESS,
37:46.0,LocalServiceControl.exe,9196,CloseFile,C:\Program Files (x86)\LocalServiceComponents\video_control.dll,SUCCESS,
37:46.0,LocalServiceControl.exe,9196,QueryOpen,C:\Program Files (x86)\LocalServiceComponents\Qt5Core.dll,SUCCESS,"CreationTime: 12/25/2020 2:07:47 AM, LastAccessTime: 12/25/2020 12:29:01 PM, LastWriteTime: 12/13/2018 5:29:24 PM, ChangeTime: 12/25/2020 11:44:26 AM, AllocationSize: 4,669,440, EndOfFile: 4,666,368, FileAttributes: A"
37:46.0,LocalServiceControl.exe,9196,Load Image,C:\Windows\SysWOW64\rpcrt4.dll,SUCCESS,"Image Base: 0x758b0000, Image Size: 0xc0000"
37:46.0,LocalServiceControl.exe,9196,Load Image,C:\Windows\SysWOW64\ws2_32.dll,SUCCESS,"Image Base: 0x77070000, Image Size: 0x63000"
37:46.0,LocalServiceControl.exe,9196,CloseFile,C:\Program Files (x86)\LocalServiceComponents\video_control.dll,SUCCESS,
37:46.0,LocalServiceControl.exe,9196,CreateFile,C:\Program Files (x86)\LocalServiceComponents\Qt5Core.dll,SUCCESS,"Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
37:46.0,LocalServiceControl.exe,9196,CreateFileMapping,C:\Program Files (x86)\LocalServiceComponents\Qt5Core.dll,FILE LOCKED WITH ONLY READERS,"SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READWRITE"
37:46.0,LocalServiceControl.exe,9196,Load Image,C:\Windows\SysWOW64\combase.dll,SUCCESS,"Image Base: 0x76360000, Image Size: 0x281000"
37:46.0,LocalServiceControl.exe,9196,QueryOpen,C:\Program Files (x86)\LocalServiceComponents\msvcp120.dll,SUCCESS,"CreationTime: 12/25/2020 2:07:47 AM, LastAccessTime: 12/25/2020 12:29:01 PM, LastWriteTime: 1/7/2019 1:33:02 PM, ChangeTime: 12/25/2020 11:44:26 AM, AllocationSize: 458,752, EndOfFile: 455,328, FileAttributes: A"
37:46.0,LocalServiceControl.exe,9196,Load Image,C:\Windows\SysWOW64\advapi32.dll,SUCCESS,"Image Base: 0x75eb0000, Image Size: 0x7a000"
37:46.0,LocalServiceControl.exe,9196,CreateFile,C:\Program Files (x86)\LocalServiceComponents\msvcp120.dll,SUCCESS,"Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
37:46.0,LocalServiceControl.exe,9196,CloseFile,C:\Program Files (x86)\LocalServiceComponents\Qt5Gui.dll,SUCCESS,
37:46.0,LocalServiceControl.exe,9196,CreateFileMapping,C:\Program Files (x86)\LocalServiceComponents\msvcp120.dll,FILE LOCKED WITH ONLY READERS,"SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READWRITE"
37:46.0,LocalServiceControl.exe,9196,Load Image,C:\Windows\SysWOW64\msvcrt.dll,SUCCESS,"Image Base: 0x757f0000, Image Size: 0xbf000"
37:46.0,LocalServiceControl.exe,9196,QueryOpen,C:\Program Files (x86)\LocalServiceComponents\msvcr120.dll,SUCCESS,"CreationTime: 12/25/2020 2:07:47 AM, LastAccessTime: 12/25/2020 12:29:01 PM, LastWriteTime: 1/7/2019 1:33:02 PM, ChangeTime: 12/25/2020 11:44:26 AM, AllocationSize: 974,848, EndOfFile: 970,912, FileAttributes: A"
37:46.0,LocalServiceControl.exe,9196,RegOpenKey,HKLM\System\CurrentControlSet\Control\CI,REPARSE,Desired Access: Read
37:46.0,LocalServiceControl.exe,9196,RegOpenKey,HKLM\System\CurrentControlSet\Control\CI,SUCCESS,Desired Access: Read
37:46.0,LocalServiceControl.exe,9196,Load Image,C:\Windows\SysWOW64\sechost.dll,SUCCESS,"Image Base: 0x76d80000, Image Size: 0x76000"
37:46.0,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Control\CI\Disable26178932,NAME NOT FOUND,Length: 20
37:46.0,LocalServiceControl.exe,9196,RegCloseKey,HKLM\System\CurrentControlSet\Control\CI,SUCCESS,
37:46.0,LocalServiceControl.exe,9196,CreateFile,C:\Program Files (x86)\LocalServiceComponents\msvcr120.dll,SUCCESS,"Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
37:46.0,LocalServiceControl.exe,9196,RegOpenKey,HKLM\System\CurrentControlSet\Control\CI,REPARSE,Desired Access: Query Value
37:46.0,LocalServiceControl.exe,9196,RegOpenKey,HKLM\System\CurrentControlSet\Control\CI,SUCCESS,Desired Access: Query Value
37:46.0,LocalServiceControl.exe,9196,CreateFileMapping,C:\Program Files (x86)\LocalServiceComponents\msvcr120.dll,FILE LOCKED WITH ONLY READERS,"SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READWRITE"
37:46.0,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Control\CI\Disable26178932,NAME NOT FOUND,Length: 80
37:46.0,LocalServiceControl.exe,9196,RegCloseKey,HKLM\System\CurrentControlSet\Control\CI,SUCCESS,
37:46.0,LocalServiceControl.exe,9196,CreateFileMapping,C:\Program Files (x86)\LocalServiceComponents\msvcp120.dll,SUCCESS,SyncType: SyncTypeOther
37:46.0,LocalServiceControl.exe,9196,Load Image,C:\Program Files (x86)\LocalServiceComponents\msvcp120.dll,SUCCESS,"Image Base: 0x72ff0000, Image Size: 0x71000"
37:46.0,LocalServiceControl.exe,9196,Load Image,C:\Windows\SysWOW64\crypt32.dll,SUCCESS,"Image Base: 0x75980000, Image Size: 0xff000"
37:46.0,LocalServiceControl.exe,9196,RegOpenKey,HKLM\System\CurrentControlSet\Control\CI,REPARSE,Desired Access: Read
37:46.0,LocalServiceControl.exe,9196,RegOpenKey,HKLM\System\CurrentControlSet\Control\CI,SUCCESS,Desired Access: Read
37:46.0,LocalServiceControl.exe,9196,RegOpenKey,HKLM\System\CurrentControlSet\Control\CI,REPARSE,Desired Access: Read
37:46.0,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Control\CI\Disable26178932,NAME NOT FOUND,Length: 20
37:46.0,LocalServiceControl.exe,9196,RegOpenKey,HKLM\System\CurrentControlSet\Control\CI,SUCCESS,Desired Access: Read
37:46.0,LocalServiceControl.exe,9196,RegCloseKey,HKLM\System\CurrentControlSet\Control\CI,SUCCESS,
37:46.0,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Control\CI\Disable26178932,NAME NOT FOUND,Length: 20
37:46.0,LocalServiceControl.exe,9196,CloseFile,C:\Program Files (x86)\LocalServiceComponents\msvcp120.dll,SUCCESS,
37:46.0,LocalServiceControl.exe,9196,RegCloseKey,HKLM\System\CurrentControlSet\Control\CI,SUCCESS,
37:46.0,LocalServiceControl.exe,9196,RegOpenKey,HKLM\System\CurrentControlSet\Control\CI,REPARSE,Desired Access: Query Value
37:46.0,LocalServiceControl.exe,9196,RegOpenKey,HKLM\System\CurrentControlSet\Control\CI,REPARSE,Desired Access: Query Value
37:46.0,LocalServiceControl.exe,9196,RegOpenKey,HKLM\System\CurrentControlSet\Control\CI,SUCCESS,Desired Access: Query Value
37:46.0,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Control\CI\Disable26178932,NAME NOT FOUND,Length: 80
37:46.0,LocalServiceControl.exe,9196,CloseFile,C:\Program Files (x86)\LocalServiceComponents\Qt5Network.dll,SUCCESS,
37:46.0,LocalServiceControl.exe,9196,RegOpenKey,HKLM\System\CurrentControlSet\Control\CI,SUCCESS,Desired Access: Query Value
37:46.0,LocalServiceControl.exe,9196,RegCloseKey,HKLM\System\CurrentControlSet\Control\CI,SUCCESS,
37:46.0,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Control\CI\Disable26178932,NAME NOT FOUND,Length: 80
37:46.0,LocalServiceControl.exe,9196,CreateFileMapping,C:\Program Files (x86)\LocalServiceComponents\msvcr120.dll,SUCCESS,SyncType: SyncTypeOther
37:46.0,LocalServiceControl.exe,9196,RegCloseKey,HKLM\System\CurrentControlSet\Control\CI,SUCCESS,
37:46.0,LocalServiceControl.exe,9196,CreateFileMapping,C:\Program Files (x86)\LocalServiceComponents\Qt5Core.dll,SUCCESS,SyncType: SyncTypeOther
37:46.0,LocalServiceControl.exe,9196,QueryOpen,C:\Program Files (x86)\LocalServiceComponents\Qt5Core.dll,SUCCESS,"CreationTime: 12/25/2020 2:07:47 AM, LastAccessTime: 12/25/2020 12:29:01 PM, LastWriteTime: 12/13/2018 5:29:24 PM, ChangeTime: 12/25/2020 11:44:26 AM, AllocationSize: 4,669,440, EndOfFile: 4,666,368, FileAttributes: A"
37:46.0,LocalServiceControl.exe,9196,Load Image,C:\Program Files (x86)\LocalServiceComponents\msvcr120.dll,SUCCESS,"Image Base: 0x72f00000, Image Size: 0xee000"
37:46.0,LocalServiceControl.exe,9196,Load Image,C:\Program Files (x86)\LocalServiceComponents\Qt5Core.dll,SUCCESS,"Image Base: 0x73070000, Image Size: 0x479000"
37:46.0,LocalServiceControl.exe,9196,QueryOpen,C:\Program Files (x86)\LocalServiceComponents\msvcp120.dll,SUCCESS,"CreationTime: 12/25/2020 2:07:47 AM, LastAccessTime: 12/25/2020 12:37:46 PM, LastWriteTime: 1/7/2019 1:33:02 PM, ChangeTime: 12/25/2020 11:44:26 AM, AllocationSize: 458,752, EndOfFile: 455,328, FileAttributes: A"
37:46.0,LocalServiceControl.exe,9196,CloseFile,C:\Program Files (x86)\LocalServiceComponents\msvcr120.dll,SUCCESS,
37:46.0,LocalServiceControl.exe,9196,RegOpenKey,HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\SideBySide,SUCCESS,Desired Access: Read
37:46.0,LocalServiceControl.exe,9196,CreateFile,C:\Program Files (x86)\LocalServiceComponents\Qt5Core.dll,SUCCESS,"Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
37:46.0,LocalServiceControl.exe,9196,RegSetInfoKey,HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\SideBySide,SUCCESS,"KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
37:46.0,LocalServiceControl.exe,9196,RegQueryValue,HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest,NAME NOT FOUND,Length: 20
37:46.0,LocalServiceControl.exe,9196,CreateFileMapping,C:\Program Files (x86)\LocalServiceComponents\Qt5Core.dll,FILE LOCKED WITH ONLY READERS,"SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READWRITE"
37:46.0,LocalServiceControl.exe,9196,QueryOpen,C:\Program Files (x86)\LocalServiceComponents\msvcr120.dll,SUCCESS,"CreationTime: 12/25/2020 2:07:47 AM, LastAccessTime: 12/25/2020 12:37:46 PM, LastWriteTime: 1/7/2019 1:33:02 PM, ChangeTime: 12/25/2020 11:44:26 AM, AllocationSize: 974,848, EndOfFile: 970,912, FileAttributes: A"
37:46.0,LocalServiceControl.exe,9196,RegCloseKey,HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\SideBySide,SUCCESS,
37:46.0,LocalServiceControl.exe,9196,RegOpenKey,HKLM\System\CurrentControlSet\Control\CI,REPARSE,Desired Access: Read
37:46.0,LocalServiceControl.exe,9196,RegOpenKey,HKLM\System\CurrentControlSet\Control\CI,SUCCESS,Desired Access: Read
37:46.0,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Control\CI\Disable26178932,NAME NOT FOUND,Length: 20
37:46.0,LocalServiceControl.exe,9196,RegCloseKey,HKLM\System\CurrentControlSet\Control\CI,SUCCESS,
37:46.0,LocalServiceControl.exe,9196,RegOpenKey,HKLM\System\CurrentControlSet\Control\CI,REPARSE,Desired Access: Query Value
37:46.0,LocalServiceControl.exe,9196,QueryOpen,C:\Program Files (x86)\LocalServiceComponents\NetStream.dll,SUCCESS,"CreationTime: 12/25/2020 2:07:47 AM, LastAccessTime: 12/25/2020 12:29:01 PM, LastWriteTime: 11/5/2019 7:56:14 PM, ChangeTime: 12/25/2020 11:44:26 AM, AllocationSize: 1,368,064, EndOfFile: 1,368,064, FileAttributes: A"
37:46.0,LocalServiceControl.exe,9196,RegOpenKey,HKLM\System\CurrentControlSet\Control\CI,SUCCESS,Desired Access: Query Value
37:46.0,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Control\CI\Disable26178932,NAME NOT FOUND,Length: 80
37:46.0,LocalServiceControl.exe,9196,RegCloseKey,HKLM\System\CurrentControlSet\Control\CI,SUCCESS,
37:46.0,LocalServiceControl.exe,9196,CreateFileMapping,C:\Program Files (x86)\LocalServiceComponents\Qt5Core.dll,SUCCESS,SyncType: SyncTypeOther
37:46.0,LocalServiceControl.exe,9196,QueryOpen,C:\Program Files (x86)\LocalServiceComponents\Qt5Core.dll,SUCCESS,"CreationTime: 12/25/2020 2:07:47 AM, LastAccessTime: 12/25/2020 12:29:01 PM, LastWriteTime: 12/13/2018 5:29:24 PM, ChangeTime: 12/25/2020 11:44:26 AM, AllocationSize: 4,669,440, EndOfFile: 4,666,368, FileAttributes: A"
37:46.0,LocalServiceControl.exe,9196,CreateFile,C:\Program Files (x86)\LocalServiceComponents\Qt5Core.dll,SUCCESS,"Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
37:46.0,LocalServiceControl.exe,9196,Load Image,C:\Program Files (x86)\LocalServiceComponents\Qt5Core.dll,SUCCESS,"Image Base: 0x1740000, Image Size: 0x479000"
37:46.0,LocalServiceControl.exe,9196,CreateFile,C:\Program Files (x86)\LocalServiceComponents\NetStream.dll,SUCCESS,"Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
37:46.0,LocalServiceControl.exe,9196,CloseFile,C:\Program Files (x86)\LocalServiceComponents\Qt5Core.dll,SUCCESS,
37:46.0,LocalServiceControl.exe,9196,CreateFileMapping,C:\Program Files (x86)\LocalServiceComponents\NetStream.dll,FILE LOCKED WITH ONLY READERS,"SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READWRITE"
37:46.0,LocalServiceControl.exe,9196,RegOpenKey,HKLM\System\CurrentControlSet\Control\CI,REPARSE,Desired Access: Read
37:46.0,LocalServiceControl.exe,9196,RegOpenKey,HKLM\System\CurrentControlSet\Control\CI,SUCCESS,Desired Access: Read
37:46.0,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Control\CI\Disable26178932,NAME NOT FOUND,Length: 20
37:46.0,LocalServiceControl.exe,9196,RegCloseKey,HKLM\System\CurrentControlSet\Control\CI,SUCCESS,
37:46.0,LocalServiceControl.exe,9196,QueryOpen,C:\Program Files (x86)\LocalServiceComponents\msvcp120.dll,SUCCESS,"CreationTime: 12/25/2020 2:07:47 AM, LastAccessTime: 12/25/2020 12:37:46 PM, LastWriteTime: 1/7/2019 1:33:02 PM, ChangeTime: 12/25/2020 11:44:26 AM, AllocationSize: 458,752, EndOfFile: 455,328, FileAttributes: A"
37:46.0,LocalServiceControl.exe,9196,RegOpenKey,HKLM\System\CurrentControlSet\Control\CI,REPARSE,Desired Access: Query Value
37:46.0,LocalServiceControl.exe,9196,RegOpenKey,HKLM\System\CurrentControlSet\Control\CI,SUCCESS,Desired Access: Query Value
37:46.0,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Control\CI\Disable26178932,NAME NOT FOUND,Length: 80
37:46.0,LocalServiceControl.exe,9196,RegCloseKey,HKLM\System\CurrentControlSet\Control\CI,SUCCESS,
37:46.0,LocalServiceControl.exe,9196,CreateFileMapping,C:\Program Files (x86)\LocalServiceComponents\NetStream.dll,SUCCESS,SyncType: SyncTypeOther
37:46.0,LocalServiceControl.exe,9196,Load Image,C:\Program Files (x86)\LocalServiceComponents\NetStream.dll,SUCCESS,"Image Base: 0x10000000, Image Size: 0x28c000"
37:46.0,LocalServiceControl.exe,9196,CloseFile,C:\Program Files (x86)\LocalServiceComponents\NetStream.dll,SUCCESS,
37:46.0,LocalServiceControl.exe,9196,QueryOpen,C:\Program Files (x86)\LocalServiceComponents\msvcr120.dll,SUCCESS,"CreationTime: 12/25/2020 2:07:47 AM, LastAccessTime: 12/25/2020 12:37:46 PM, LastWriteTime: 1/7/2019 1:33:02 PM, ChangeTime: 12/25/2020 11:44:26 AM, AllocationSize: 974,848, EndOfFile: 970,912, FileAttributes: A"
37:46.0,LocalServiceControl.exe,9196,QueryOpen,C:\Program Files (x86)\LocalServiceComponents\Qt5Core.dll,SUCCESS,"CreationTime: 12/25/2020 2:07:47 AM, LastAccessTime: 12/25/2020 12:37:46 PM, LastWriteTime: 12/13/2018 5:29:24 PM, ChangeTime: 12/25/2020 11:44:26 AM, AllocationSize: 4,669,440, EndOfFile: 4,666,368, FileAttributes: A"
37:46.0,LocalServiceControl.exe,9196,QueryOpen,C:\Program Files (x86)\LocalServiceComponents\DNSAPI.dll,NAME NOT FOUND,
37:46.0,LocalServiceControl.exe,9196,QueryOpen,C:\Program Files (x86)\LocalServiceComponents\IPHLPAPI.DLL,NAME NOT FOUND,
37:46.0,LocalServiceControl.exe,9196,QueryOpen,C:\Windows\SysWOW64\dnsapi.dll,SUCCESS,"CreationTime: 11/10/2020 11:26:07 PM, LastAccessTime: 12/25/2020 12:29:01 PM, LastWriteTime: 11/10/2020 11:26:07 PM, ChangeTime: 12/9/2020 2:19:15 AM, AllocationSize: 589,824, EndOfFile: 586,240, FileAttributes: A"
37:46.0,LocalServiceControl.exe,9196,QueryOpen,C:\Windows\SysWOW64\IPHLPAPI.DLL,SUCCESS,"CreationTime: 10/14/2020 4:38:05 AM, LastAccessTime: 12/25/2020 12:29:51 PM, LastWriteTime: 10/14/2020 4:38:05 AM, ChangeTime: 12/9/2020 2:19:15 AM, AllocationSize: 200,704, EndOfFile: 196,784, FileAttributes: A"
37:46.0,LocalServiceControl.exe,9196,QueryOpen,C:\Program Files (x86)\LocalServiceComponents\Qt5Core.dll,SUCCESS,"CreationTime: 12/25/2020 2:07:47 AM, LastAccessTime: 12/25/2020 12:37:46 PM, LastWriteTime: 12/13/2018 5:29:24 PM, ChangeTime: 12/25/2020 11:44:26 AM, AllocationSize: 4,669,440, EndOfFile: 4,666,368, FileAttributes: A"
37:46.0,LocalServiceControl.exe,9196,CreateFile,C:\Windows\SysWOW64\dnsapi.dll,SUCCESS,"Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
37:46.0,LocalServiceControl.exe,9196,QueryEAFile,C:\Windows\SysWOW64\dnsapi.dll,SUCCESS,
37:46.0,LocalServiceControl.exe,9196,CreateFile,C:\Windows\SysWOW64\IPHLPAPI.DLL,SUCCESS,"Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
37:46.0,LocalServiceControl.exe,9196,FileSystemControl,C:\Windows\SysWOW64\dnsapi.dll,INVALID DEVICE REQUEST,Control: FSCTL_GET_EXTERNAL_BACKING
37:46.0,LocalServiceControl.exe,9196,QueryOpen,C:\Program Files (x86)\LocalServiceComponents\msvcp120.dll,SUCCESS,"CreationTime: 12/25/2020 2:07:47 AM, LastAccessTime: 12/25/2020 12:37:46 PM, LastWriteTime: 1/7/2019 1:33:02 PM, ChangeTime: 12/25/2020 11:44:26 AM, AllocationSize: 458,752, EndOfFile: 455,328, FileAttributes: A"
37:46.0,LocalServiceControl.exe,9196,FileSystemControl,C:\Windows\SysWOW64\dnsapi.dll,SUCCESS,Control: FSCTL_QUERY_USN_JOURNAL
37:46.0,LocalServiceControl.exe,9196,CloseFile,C:\Program Files (x86)\LocalServiceComponents\Qt5Core.dll,SUCCESS,
37:46.0,LocalServiceControl.exe,9196,CreateFileMapping,C:\Windows\SysWOW64\IPHLPAPI.DLL,FILE LOCKED WITH ONLY READERS,"SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READWRITE"
37:46.0,LocalServiceControl.exe,9196,CreateFileMapping,C:\Windows\SysWOW64\dnsapi.dll,FILE LOCKED WITH ONLY READERS,"SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READWRITE"
37:46.0,LocalServiceControl.exe,9196,QueryOpen,C:\Program Files (x86)\LocalServiceComponents\msvcr120.dll,SUCCESS,"CreationTime: 12/25/2020 2:07:47 AM, LastAccessTime: 12/25/2020 12:37:46 PM, LastWriteTime: 1/7/2019 1:33:02 PM, ChangeTime: 12/25/2020 11:44:26 AM, AllocationSize: 974,848, EndOfFile: 970,912, FileAttributes: A"
37:46.0,LocalServiceControl.exe,9196,CloseFile,C:\Program Files (x86)\LocalServiceComponents\Qt5Core.dll,SUCCESS,
37:46.0,LocalServiceControl.exe,9196,RegOpenKey,HKLM\System\CurrentControlSet\Control\CI,REPARSE,Desired Access: Read
37:46.0,LocalServiceControl.exe,9196,RegOpenKey,HKLM\System\CurrentControlSet\Control\CI,SUCCESS,Desired Access: Read
37:46.0,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Control\CI\Disable26178932,NAME NOT FOUND,Length: 20
37:46.0,LocalServiceControl.exe,9196,RegCloseKey,HKLM\System\CurrentControlSet\Control\CI,SUCCESS,
37:46.0,LocalServiceControl.exe,9196,RegOpenKey,HKLM\System\CurrentControlSet\Control\CI,REPARSE,Desired Access: Query Value
37:46.0,LocalServiceControl.exe,9196,RegOpenKey,HKLM\System\CurrentControlSet\Control\CI,SUCCESS,Desired Access: Query Value
37:46.0,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Control\CI\Disable26178932,NAME NOT FOUND,Length: 80
37:46.0,LocalServiceControl.exe,9196,RegOpenKey,HKLM\System\CurrentControlSet\Control\CI,REPARSE,Desired Access: Read
37:46.0,LocalServiceControl.exe,9196,RegCloseKey,HKLM\System\CurrentControlSet\Control\CI,SUCCESS,
37:46.0,LocalServiceControl.exe,9196,CreateFileMapping,C:\Windows\SysWOW64\IPHLPAPI.DLL,SUCCESS,SyncType: SyncTypeOther
37:46.0,LocalServiceControl.exe,9196,RegOpenKey,HKLM\System\CurrentControlSet\Control\CI,SUCCESS,Desired Access: Read
37:46.0,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Control\CI\Disable26178932,NAME NOT FOUND,Length: 20
37:46.0,LocalServiceControl.exe,9196,RegCloseKey,HKLM\System\CurrentControlSet\Control\CI,SUCCESS,
37:46.0,LocalServiceControl.exe,9196,RegOpenKey,HKLM\System\CurrentControlSet\Control\CI,REPARSE,Desired Access: Query Value
37:46.0,LocalServiceControl.exe,9196,QueryOpen,C:\Program Files (x86)\LocalServiceComponents\msvcr120.dll,SUCCESS,"CreationTime: 12/25/2020 2:07:47 AM, LastAccessTime: 12/25/2020 12:37:46 PM, LastWriteTime: 1/7/2019 1:33:02 PM, ChangeTime: 12/25/2020 11:44:26 AM, AllocationSize: 974,848, EndOfFile: 970,912, FileAttributes: A"
37:46.0,LocalServiceControl.exe,9196,Load Image,C:\Windows\SysWOW64\IPHLPAPI.DLL,SUCCESS,"Image Base: 0x72ec0000, Image Size: 0x32000"
37:46.0,LocalServiceControl.exe,9196,RegOpenKey,HKLM\System\CurrentControlSet\Control\CI,SUCCESS,Desired Access: Query Value
37:46.0,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Control\CI\Disable26178932,NAME NOT FOUND,Length: 80
37:46.0,LocalServiceControl.exe,9196,RegCloseKey,HKLM\System\CurrentControlSet\Control\CI,SUCCESS,
37:46.0,LocalServiceControl.exe,9196,CreateFileMapping,C:\Windows\SysWOW64\dnsapi.dll,SUCCESS,SyncType: SyncTypeOther
37:46.0,LocalServiceControl.exe,9196,CloseFile,C:\Windows\SysWOW64\IPHLPAPI.DLL,SUCCESS,
37:46.0,LocalServiceControl.exe,9196,QueryOpen,C:\Program Files (x86)\LocalServiceComponents\msvcr120.dll,SUCCESS,"CreationTime: 12/25/2020 2:07:47 AM, LastAccessTime: 12/25/2020 12:37:46 PM, LastWriteTime: 1/7/2019 1:33:02 PM, ChangeTime: 12/25/2020 11:44:26 AM, AllocationSize: 974,848, EndOfFile: 970,912, FileAttributes: A"
37:46.0,LocalServiceControl.exe,9196,Load Image,C:\Windows\SysWOW64\dnsapi.dll,SUCCESS,"Image Base: 0x72e20000, Image Size: 0x92000"
37:46.0,LocalServiceControl.exe,9196,CloseFile,C:\Windows\SysWOW64\dnsapi.dll,SUCCESS,
37:46.0,LocalServiceControl.exe,9196,QueryOpen,C:\Program Files (x86)\LocalServiceComponents\MPR.dll,NAME NOT FOUND,
37:46.0,LocalServiceControl.exe,9196,QueryOpen,C:\Windows\SysWOW64\mpr.dll,SUCCESS,"CreationTime: 10/14/2020 4:38:07 AM, LastAccessTime: 12/25/2020 12:29:01 PM, LastWriteTime: 10/14/2020 4:38:07 AM, ChangeTime: 12/9/2020 2:19:15 AM, AllocationSize: 94,208, EndOfFile: 93,488, FileAttributes: A"
37:46.0,LocalServiceControl.exe,9196,CreateFile,C:\Windows\SysWOW64\mpr.dll,SUCCESS,"Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
37:46.0,LocalServiceControl.exe,9196,CreateFileMapping,C:\Windows\SysWOW64\mpr.dll,FILE LOCKED WITH ONLY READERS,"SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READWRITE"
37:46.0,LocalServiceControl.exe,9196,RegOpenKey,HKLM\System\CurrentControlSet\Control\CI,REPARSE,Desired Access: Read
37:46.0,LocalServiceControl.exe,9196,RegOpenKey,HKLM\System\CurrentControlSet\Control\CI,SUCCESS,Desired Access: Read
37:46.0,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Control\CI\Disable26178932,NAME NOT FOUND,Length: 20
37:46.0,LocalServiceControl.exe,9196,RegCloseKey,HKLM\System\CurrentControlSet\Control\CI,SUCCESS,
37:46.0,LocalServiceControl.exe,9196,RegOpenKey,HKLM\System\CurrentControlSet\Control\CI,REPARSE,Desired Access: Query Value
37:46.0,LocalServiceControl.exe,9196,RegOpenKey,HKLM\System\CurrentControlSet\Control\CI,SUCCESS,Desired Access: Query Value
37:46.0,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Control\CI\Disable26178932,NAME NOT FOUND,Length: 80
37:46.0,LocalServiceControl.exe,9196,RegCloseKey,HKLM\System\CurrentControlSet\Control\CI,SUCCESS,
37:46.0,LocalServiceControl.exe,9196,CreateFileMapping,C:\Windows\SysWOW64\mpr.dll,SUCCESS,SyncType: SyncTypeOther
37:46.0,LocalServiceControl.exe,9196,Load Image,C:\Windows\SysWOW64\mpr.dll,SUCCESS,"Image Base: 0x72e00000, Image Size: 0x19000"
37:46.0,LocalServiceControl.exe,9196,CloseFile,C:\Windows\SysWOW64\mpr.dll,SUCCESS,
37:46.0,LocalServiceControl.exe,9196,CreateFile,C:\Windows\SysWOW64\ucrtbase.dll,SUCCESS,"Desired Access: Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
37:46.0,LocalServiceControl.exe,9196,QuerySecurityFile,C:\Windows\SysWOW64\ucrtbase.dll,BUFFER OVERFLOW,Information: Owner
37:46.0,LocalServiceControl.exe,9196,QuerySecurityFile,C:\Windows\SysWOW64\ucrtbase.dll,SUCCESS,Information: Owner
37:46.0,LocalServiceControl.exe,9196,CloseFile,C:\Windows\SysWOW64\ucrtbase.dll,SUCCESS,
37:46.0,LocalServiceControl.exe,9196,CreateFile,C:\Windows\SysWOW64\msvcp_win.dll,SUCCESS,"Desired Access: Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
37:46.0,LocalServiceControl.exe,9196,QuerySecurityFile,C:\Windows\SysWOW64\msvcp_win.dll,BUFFER OVERFLOW,Information: Owner
37:46.0,LocalServiceControl.exe,9196,QuerySecurityFile,C:\Windows\SysWOW64\msvcp_win.dll,SUCCESS,Information: Owner
37:46.0,LocalServiceControl.exe,9196,CloseFile,C:\Windows\SysWOW64\msvcp_win.dll,SUCCESS,
37:46.0,LocalServiceControl.exe,9196,CreateFile,C:\Windows\SysWOW64\win32u.dll,SUCCESS,"Desired Access: Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
37:46.0,LocalServiceControl.exe,9196,QuerySecurityFile,C:\Windows\SysWOW64\win32u.dll,BUFFER OVERFLOW,Information: Owner
37:46.0,LocalServiceControl.exe,9196,QuerySecurityFile,C:\Windows\SysWOW64\win32u.dll,SUCCESS,Information: Owner
37:46.0,LocalServiceControl.exe,9196,CloseFile,C:\Windows\SysWOW64\win32u.dll,SUCCESS,
37:46.0,LocalServiceControl.exe,9196,CreateFile,C:\Windows\SysWOW64\gdi32full.dll,SUCCESS,"Desired Access: Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
37:46.0,LocalServiceControl.exe,9196,QuerySecurityFile,C:\Windows\SysWOW64\gdi32full.dll,BUFFER OVERFLOW,Information: Owner
37:46.0,LocalServiceControl.exe,9196,QuerySecurityFile,C:\Windows\SysWOW64\gdi32full.dll,SUCCESS,Information: Owner
37:46.0,LocalServiceControl.exe,9196,CloseFile,C:\Windows\SysWOW64\gdi32full.dll,SUCCESS,
37:46.0,LocalServiceControl.exe,9196,CreateFile,C:\Windows\SysWOW64\gdi32.dll,SUCCESS,"Desired Access: Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
37:46.0,LocalServiceControl.exe,9196,QuerySecurityFile,C:\Windows\SysWOW64\gdi32.dll,BUFFER OVERFLOW,Information: Owner
37:46.0,LocalServiceControl.exe,9196,QuerySecurityFile,C:\Windows\SysWOW64\gdi32.dll,SUCCESS,Information: Owner
37:46.0,LocalServiceControl.exe,9196,CloseFile,C:\Windows\SysWOW64\gdi32.dll,SUCCESS,
37:46.0,LocalServiceControl.exe,9196,CreateFile,C:\Windows\SysWOW64\user32.dll,SUCCESS,"Desired Access: Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
37:46.0,LocalServiceControl.exe,9196,QuerySecurityFile,C:\Windows\SysWOW64\user32.dll,BUFFER OVERFLOW,Information: Owner
37:46.0,LocalServiceControl.exe,9196,QuerySecurityFile,C:\Windows\SysWOW64\user32.dll,SUCCESS,Information: Owner
37:46.0,LocalServiceControl.exe,9196,CloseFile,C:\Windows\SysWOW64\user32.dll,SUCCESS,
37:46.0,LocalServiceControl.exe,9196,CreateFile,C:\Windows\SysWOW64\shell32.dll,SUCCESS,"Desired Access: Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
37:46.0,LocalServiceControl.exe,9196,QuerySecurityFile,C:\Windows\SysWOW64\shell32.dll,BUFFER OVERFLOW,Information: Owner
37:46.0,LocalServiceControl.exe,9196,QuerySecurityFile,C:\Windows\SysWOW64\shell32.dll,SUCCESS,Information: Owner
37:46.0,LocalServiceControl.exe,9196,CloseFile,C:\Windows\SysWOW64\shell32.dll,SUCCESS,
37:46.0,LocalServiceControl.exe,9196,CreateFile,C:\Windows\SysWOW64\rpcrt4.dll,SUCCESS,"Desired Access: Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
37:46.0,LocalServiceControl.exe,9196,QuerySecurityFile,C:\Windows\SysWOW64\rpcrt4.dll,BUFFER OVERFLOW,Information: Owner
37:46.0,LocalServiceControl.exe,9196,QuerySecurityFile,C:\Windows\SysWOW64\rpcrt4.dll,SUCCESS,Information: Owner
37:46.0,LocalServiceControl.exe,9196,CloseFile,C:\Windows\SysWOW64\rpcrt4.dll,SUCCESS,
37:46.0,LocalServiceControl.exe,9196,CreateFile,C:\Windows\SysWOW64\ws2_32.dll,SUCCESS,"Desired Access: Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
37:46.0,LocalServiceControl.exe,9196,QuerySecurityFile,C:\Windows\SysWOW64\ws2_32.dll,BUFFER OVERFLOW,Information: Owner
37:46.0,LocalServiceControl.exe,9196,QuerySecurityFile,C:\Windows\SysWOW64\ws2_32.dll,SUCCESS,Information: Owner
37:46.0,LocalServiceControl.exe,9196,CloseFile,C:\Windows\SysWOW64\ws2_32.dll,SUCCESS,
37:46.0,LocalServiceControl.exe,9196,CreateFile,C:\Windows\SysWOW64\msvcrt.dll,SUCCESS,"Desired Access: Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
37:46.0,LocalServiceControl.exe,9196,QuerySecurityFile,C:\Windows\SysWOW64\msvcrt.dll,BUFFER OVERFLOW,Information: Owner
37:46.0,LocalServiceControl.exe,9196,QuerySecurityFile,C:\Windows\SysWOW64\msvcrt.dll,SUCCESS,Information: Owner
37:46.0,LocalServiceControl.exe,9196,CloseFile,C:\Windows\SysWOW64\msvcrt.dll,SUCCESS,
37:46.0,LocalServiceControl.exe,9196,CreateFile,C:\Windows\SysWOW64\sechost.dll,SUCCESS,"Desired Access: Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
37:46.0,LocalServiceControl.exe,9196,QuerySecurityFile,C:\Windows\SysWOW64\sechost.dll,BUFFER OVERFLOW,Information: Owner
37:46.0,LocalServiceControl.exe,9196,QuerySecurityFile,C:\Windows\SysWOW64\sechost.dll,SUCCESS,Information: Owner
37:46.0,LocalServiceControl.exe,9196,CloseFile,C:\Windows\SysWOW64\sechost.dll,SUCCESS,
37:46.0,LocalServiceControl.exe,9196,CreateFile,C:\Windows\SysWOW64\advapi32.dll,SUCCESS,"Desired Access: Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
37:46.0,LocalServiceControl.exe,9196,QuerySecurityFile,C:\Windows\SysWOW64\advapi32.dll,BUFFER OVERFLOW,Information: Owner
37:46.0,LocalServiceControl.exe,9196,QuerySecurityFile,C:\Windows\SysWOW64\advapi32.dll,SUCCESS,Information: Owner
37:46.0,LocalServiceControl.exe,9196,CloseFile,C:\Windows\SysWOW64\advapi32.dll,SUCCESS,
37:46.0,LocalServiceControl.exe,9196,CreateFile,C:\Program Files (x86)\LocalServiceComponents\NetStream.dll,SUCCESS,"Desired Access: Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
37:46.0,LocalServiceControl.exe,9196,QuerySecurityFile,C:\Program Files (x86)\LocalServiceComponents\NetStream.dll,BUFFER OVERFLOW,Information: Owner
37:46.0,LocalServiceControl.exe,9196,QuerySecurityFile,C:\Program Files (x86)\LocalServiceComponents\NetStream.dll,SUCCESS,Information: Owner
37:46.0,LocalServiceControl.exe,9196,CloseFile,C:\Program Files (x86)\LocalServiceComponents\NetStream.dll,SUCCESS,
37:46.0,LocalServiceControl.exe,9196,CreateFile,C:\Windows\SysWOW64\combase.dll,SUCCESS,"Desired Access: Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
37:46.0,LocalServiceControl.exe,9196,QuerySecurityFile,C:\Windows\SysWOW64\combase.dll,BUFFER OVERFLOW,Information: Owner
37:46.0,LocalServiceControl.exe,9196,QuerySecurityFile,C:\Windows\SysWOW64\combase.dll,SUCCESS,Information: Owner
37:46.0,LocalServiceControl.exe,9196,CloseFile,C:\Windows\SysWOW64\combase.dll,SUCCESS,
37:46.0,LocalServiceControl.exe,9196,CreateFile,C:\Windows\SysWOW64\ole32.dll,SUCCESS,"Desired Access: Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
37:46.0,LocalServiceControl.exe,9196,QuerySecurityFile,C:\Windows\SysWOW64\ole32.dll,BUFFER OVERFLOW,Information: Owner
37:46.0,LocalServiceControl.exe,9196,QuerySecurityFile,C:\Windows\SysWOW64\ole32.dll,SUCCESS,Information: Owner
37:46.0,LocalServiceControl.exe,9196,CloseFile,C:\Windows\SysWOW64\ole32.dll,SUCCESS,
37:46.0,LocalServiceControl.exe,9196,CreateFile,C:\Windows\SysWOW64\mpr.dll,SUCCESS,"Desired Access: Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
37:46.0,LocalServiceControl.exe,9196,QuerySecurityFile,C:\Windows\SysWOW64\mpr.dll,BUFFER OVERFLOW,Information: Owner
37:46.0,LocalServiceControl.exe,9196,QuerySecurityFile,C:\Windows\SysWOW64\mpr.dll,SUCCESS,Information: Owner
37:46.0,LocalServiceControl.exe,9196,CloseFile,C:\Windows\SysWOW64\mpr.dll,SUCCESS,
37:46.0,LocalServiceControl.exe,9196,CreateFile,C:\Program Files (x86)\LocalServiceComponents\msvcr120.dll,SUCCESS,"Desired Access: Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
37:46.0,LocalServiceControl.exe,9196,QuerySecurityFile,C:\Program Files (x86)\LocalServiceComponents\msvcr120.dll,BUFFER OVERFLOW,Information: Owner
37:46.0,LocalServiceControl.exe,9196,QuerySecurityFile,C:\Program Files (x86)\LocalServiceComponents\msvcr120.dll,SUCCESS,Information: Owner
37:46.0,LocalServiceControl.exe,9196,CloseFile,C:\Program Files (x86)\LocalServiceComponents\msvcr120.dll,SUCCESS,
37:46.0,LocalServiceControl.exe,9196,CreateFile,C:\Program Files (x86)\LocalServiceComponents\msvcp120.dll,SUCCESS,"Desired Access: Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
37:46.0,LocalServiceControl.exe,9196,QuerySecurityFile,C:\Program Files (x86)\LocalServiceComponents\msvcp120.dll,BUFFER OVERFLOW,Information: Owner
37:46.0,LocalServiceControl.exe,9196,QuerySecurityFile,C:\Program Files (x86)\LocalServiceComponents\msvcp120.dll,SUCCESS,Information: Owner
37:46.0,LocalServiceControl.exe,9196,CloseFile,C:\Program Files (x86)\LocalServiceComponents\msvcp120.dll,SUCCESS,
37:46.0,LocalServiceControl.exe,9196,CreateFile,C:\Program Files (x86)\LocalServiceComponents\Qt5Core.dll,SUCCESS,"Desired Access: Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
37:46.0,LocalServiceControl.exe,9196,QuerySecurityFile,C:\Program Files (x86)\LocalServiceComponents\Qt5Core.dll,BUFFER OVERFLOW,Information: Owner
37:46.0,LocalServiceControl.exe,9196,QuerySecurityFile,C:\Program Files (x86)\LocalServiceComponents\Qt5Core.dll,SUCCESS,Information: Owner
37:46.0,LocalServiceControl.exe,9196,CloseFile,C:\Program Files (x86)\LocalServiceComponents\Qt5Core.dll,SUCCESS,
37:46.0,LocalServiceControl.exe,9196,CreateFile,C:\Program Files (x86)\LocalServiceComponents\Qt5Gui.dll,SUCCESS,"Desired Access: Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
37:46.0,LocalServiceControl.exe,9196,QuerySecurityFile,C:\Program Files (x86)\LocalServiceComponents\Qt5Gui.dll,BUFFER OVERFLOW,Information: Owner
37:46.0,LocalServiceControl.exe,9196,QuerySecurityFile,C:\Program Files (x86)\LocalServiceComponents\Qt5Gui.dll,SUCCESS,Information: Owner
37:46.0,LocalServiceControl.exe,9196,CloseFile,C:\Program Files (x86)\LocalServiceComponents\Qt5Gui.dll,SUCCESS,
37:46.0,LocalServiceControl.exe,9196,CreateFile,C:\Program Files (x86)\LocalServiceComponents\Qt5Widgets.dll,SUCCESS,"Desired Access: Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
37:46.0,LocalServiceControl.exe,9196,QuerySecurityFile,C:\Program Files (x86)\LocalServiceComponents\Qt5Widgets.dll,BUFFER OVERFLOW,Information: Owner
37:46.0,LocalServiceControl.exe,9196,QuerySecurityFile,C:\Program Files (x86)\LocalServiceComponents\Qt5Widgets.dll,SUCCESS,Information: Owner
37:46.0,LocalServiceControl.exe,9196,CloseFile,C:\Program Files (x86)\LocalServiceComponents\Qt5Widgets.dll,SUCCESS,
37:46.0,LocalServiceControl.exe,9196,CreateFile,C:\Program Files (x86)\LocalServiceComponents\video_control.dll,SUCCESS,"Desired Access: Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
37:46.0,LocalServiceControl.exe,9196,QuerySecurityFile,C:\Program Files (x86)\LocalServiceComponents\video_control.dll,BUFFER OVERFLOW,Information: Owner
37:46.0,LocalServiceControl.exe,9196,QuerySecurityFile,C:\Program Files (x86)\LocalServiceComponents\video_control.dll,SUCCESS,Information: Owner
37:46.0,LocalServiceControl.exe,9196,CloseFile,C:\Program Files (x86)\LocalServiceComponents\video_control.dll,SUCCESS,
37:46.0,LocalServiceControl.exe,9196,CreateFile,C:\Windows\SysWOW64\dnsapi.dll,SUCCESS,"Desired Access: Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
37:46.0,LocalServiceControl.exe,9196,QuerySecurityFile,C:\Windows\SysWOW64\dnsapi.dll,BUFFER OVERFLOW,Information: Owner
37:46.0,LocalServiceControl.exe,9196,QuerySecurityFile,C:\Windows\SysWOW64\dnsapi.dll,SUCCESS,Information: Owner
37:46.0,LocalServiceControl.exe,9196,CloseFile,C:\Windows\SysWOW64\dnsapi.dll,SUCCESS,
37:46.0,LocalServiceControl.exe,9196,CreateFile,C:\Windows\SysWOW64\IPHLPAPI.DLL,SUCCESS,"Desired Access: Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
37:46.0,LocalServiceControl.exe,9196,QuerySecurityFile,C:\Windows\SysWOW64\IPHLPAPI.DLL,BUFFER OVERFLOW,Information: Owner
37:46.0,LocalServiceControl.exe,9196,QuerySecurityFile,C:\Windows\SysWOW64\IPHLPAPI.DLL,SUCCESS,Information: Owner
37:46.0,LocalServiceControl.exe,9196,CloseFile,C:\Windows\SysWOW64\IPHLPAPI.DLL,SUCCESS,
37:46.0,LocalServiceControl.exe,9196,CreateFile,C:\Windows\SysWOW64\crypt32.dll,SUCCESS,"Desired Access: Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
37:46.0,LocalServiceControl.exe,9196,QuerySecurityFile,C:\Windows\SysWOW64\crypt32.dll,BUFFER OVERFLOW,Information: Owner
37:46.0,LocalServiceControl.exe,9196,QuerySecurityFile,C:\Windows\SysWOW64\crypt32.dll,SUCCESS,Information: Owner
37:46.0,LocalServiceControl.exe,9196,CloseFile,C:\Windows\SysWOW64\crypt32.dll,SUCCESS,
37:46.0,LocalServiceControl.exe,9196,CreateFile,C:\Program Files (x86)\LocalServiceComponents\Qt5Network.dll,SUCCESS,"Desired Access: Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
37:46.0,LocalServiceControl.exe,9196,QuerySecurityFile,C:\Program Files (x86)\LocalServiceComponents\Qt5Network.dll,BUFFER OVERFLOW,Information: Owner
37:46.0,LocalServiceControl.exe,9196,QuerySecurityFile,C:\Program Files (x86)\LocalServiceComponents\Qt5Network.dll,SUCCESS,Information: Owner
37:46.0,LocalServiceControl.exe,9196,CloseFile,C:\Program Files (x86)\LocalServiceComponents\Qt5Network.dll,SUCCESS,
37:46.0,LocalServiceControl.exe,9196,RegOpenKey,HKLM\System\CurrentControlSet\Control\Nls\Sorting\Versions,REPARSE,Desired Access: Read
37:46.0,LocalServiceControl.exe,9196,RegOpenKey,HKLM\System\CurrentControlSet\Control\Nls\Sorting\Versions,SUCCESS,Desired Access: Read
37:46.0,LocalServiceControl.exe,9196,RegSetInfoKey,HKLM\System\CurrentControlSet\Control\Nls\Sorting\Versions,SUCCESS,"KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
37:46.0,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Control\Nls\Sorting\Versions\(Default),SUCCESS,"Type: REG_SZ, Length: 18, Data: 00060305"
37:46.0,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Control\Nls\Sorting\Versions\000603xx,SUCCESS,"Type: REG_SZ, Length: 26, Data: kernel32.dll"
37:46.0,LocalServiceControl.exe,9196,QueryOpen,C:\Windows\SysWOW64\imm32.dll,SUCCESS,"CreationTime: 10/14/2020 4:38:07 AM, LastAccessTime: 12/25/2020 12:37:36 PM, LastWriteTime: 10/14/2020 4:38:07 AM, ChangeTime: 12/9/2020 2:19:15 AM, AllocationSize: 143,360, EndOfFile: 143,056, FileAttributes: A"
37:46.0,LocalServiceControl.exe,9196,CreateFile,C:\Windows\SysWOW64\imm32.dll,SUCCESS,"Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
37:46.0,LocalServiceControl.exe,9196,CreateFileMapping,C:\Windows\SysWOW64\imm32.dll,FILE LOCKED WITH ONLY READERS,"SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READWRITE"
37:46.0,LocalServiceControl.exe,9196,QueryStandardInformationFile,C:\Windows\SysWOW64\imm32.dll,SUCCESS,"AllocationSize: 143,360, EndOfFile: 143,056, NumberOfLinks: 2, DeletePending: False, Directory: False"
37:46.0,LocalServiceControl.exe,9196,CreateFileMapping,C:\Windows\SysWOW64\imm32.dll,SUCCESS,SyncType: SyncTypeOther
37:46.0,LocalServiceControl.exe,9196,CloseFile,C:\Windows\SysWOW64\imm32.dll,SUCCESS,
37:46.0,LocalServiceControl.exe,9196,Load Image,C:\Windows\SysWOW64\imm32.dll,SUCCESS,"Image Base: 0x75010000, Image Size: 0x25000"
37:46.0,LocalServiceControl.exe,9196,CreateFile,C:\Windows\SysWOW64\imm32.dll,SUCCESS,"Desired Access: Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
37:46.0,LocalServiceControl.exe,9196,QuerySecurityFile,C:\Windows\SysWOW64\imm32.dll,BUFFER OVERFLOW,Information: Owner
37:46.0,LocalServiceControl.exe,9196,QuerySecurityFile,C:\Windows\SysWOW64\imm32.dll,SUCCESS,Information: Owner
37:46.0,LocalServiceControl.exe,9196,CloseFile,C:\Windows\SysWOW64\imm32.dll,SUCCESS,
37:46.0,LocalServiceControl.exe,9196,RegOpenKey,HKLM\System\CurrentControlSet\Control\Error Message Instrument\,REPARSE,Desired Access: Read
37:46.0,LocalServiceControl.exe,9196,RegOpenKey,HKLM\System\CurrentControlSet\Control\Error Message Instrument,NAME NOT FOUND,Desired Access: Read
37:46.0,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Control\WMI\Security\f25bcd2e-2690-55dc-3bc4-07b65b1b41c9,NAME NOT FOUND,Length: 528
37:46.0,LocalServiceControl.exe,9196,QueryNameInformationFile,C:\Windows\SysWOW64\user32.dll,SUCCESS,Name: \Windows\SysWOW64\user32.dll
37:46.0,LocalServiceControl.exe,9196,RegOpenKey,HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options,REPARSE,"Desired Access: Query Value, Enumerate Sub Keys"
37:46.0,LocalServiceControl.exe,9196,RegOpenKey,HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options,SUCCESS,"Desired Access: Query Value, Enumerate Sub Keys"
37:46.0,LocalServiceControl.exe,9196,RegSetInfoKey,HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options,SUCCESS,"KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
37:46.0,LocalServiceControl.exe,9196,RegQueryKey,HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options,SUCCESS,"Query: HandleTags, HandleTags: 0x400"
37:46.0,LocalServiceControl.exe,9196,RegOpenKey,HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\LocalServiceControl.exe,NAME NOT FOUND,"Desired Access: Query Value, Enumerate Sub Keys"
37:46.0,LocalServiceControl.exe,9196,RegOpenKey,HKLM\Software\WOW6432Node\Policies\Microsoft\Windows\Display,REPARSE,Desired Access: Read
37:46.0,LocalServiceControl.exe,9196,RegOpenKey,HKLM\SOFTWARE\Policies\Microsoft\Windows\Display,NAME NOT FOUND,Desired Access: Read
37:46.0,LocalServiceControl.exe,9196,RegOpenKey,HKLM\Software\WOW6432Node\Policies\Microsoft\Windows\Display,REPARSE,Desired Access: Read
37:46.0,LocalServiceControl.exe,9196,RegOpenKey,HKLM\SOFTWARE\Policies\Microsoft\Windows\Display,NAME NOT FOUND,Desired Access: Read
37:46.0,LocalServiceControl.exe,9196,RegQueryKey,HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options,SUCCESS,"Query: HandleTags, HandleTags: 0x400"
37:46.0,LocalServiceControl.exe,9196,RegOpenKey,HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\LocalServiceControl.exe,NAME NOT FOUND,"Desired Access: Query Value, Enumerate Sub Keys"
37:46.0,LocalServiceControl.exe,9196,RegOpenKey,HKLM\Software\WOW6432Node\Policies\Microsoft\Windows\Display,REPARSE,Desired Access: Read
37:46.0,LocalServiceControl.exe,9196,RegOpenKey,HKLM\SOFTWARE\Policies\Microsoft\Windows\Display,NAME NOT FOUND,Desired Access: Read
37:46.0,LocalServiceControl.exe,9196,RegOpenKey,HKLM\Software\WOW6432Node\Policies\Microsoft\Windows\Display,REPARSE,Desired Access: Read
37:46.0,LocalServiceControl.exe,9196,RegOpenKey,HKLM\SOFTWARE\Policies\Microsoft\Windows\Display,NAME NOT FOUND,Desired Access: Read
37:46.0,LocalServiceControl.exe,9196,RegOpenKey,HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\GRE_Initialize,REPARSE,Desired Access: Read
37:46.0,LocalServiceControl.exe,9196,RegOpenKey,HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize,SUCCESS,Desired Access: Read
37:46.0,LocalServiceControl.exe,9196,RegSetInfoKey,HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize,SUCCESS,"KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
37:46.0,LocalServiceControl.exe,9196,RegQueryValue,HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles,NAME NOT FOUND,Length: 20
37:46.0,LocalServiceControl.exe,9196,RegCloseKey,HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize,SUCCESS,
37:46.0,LocalServiceControl.exe,9196,RegOpenKey,HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\LocalServiceControl.exe,NAME NOT FOUND,Desired Access: Read
37:46.0,LocalServiceControl.exe,9196,RegOpenKey,HKLM\Software\Policies\Microsoft\Windows\Control Panel\Desktop,NAME NOT FOUND,Desired Access: Read
37:46.0,LocalServiceControl.exe,9196,RegOpenKey,HKCU\Software\Policies\Microsoft\Windows\Control Panel\Desktop,NAME NOT FOUND,Desired Access: Read
37:46.0,LocalServiceControl.exe,9196,RegOpenKey,HKCU\Control Panel\Desktop,SUCCESS,Desired Access: Read
37:46.0,LocalServiceControl.exe,9196,RegQueryValue,HKCU\Control Panel\Desktop\EnablePerProcessSystemDPI,NAME NOT FOUND,Length: 20
37:46.0,LocalServiceControl.exe,9196,RegCloseKey,HKCU\Control Panel\Desktop,SUCCESS,
37:46.0,LocalServiceControl.exe,9196,RegOpenKey,HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Compatibility32,SUCCESS,Desired Access: Read
37:46.0,LocalServiceControl.exe,9196,RegQueryValue,HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Compatibility32\LocalServiceControl,NAME NOT FOUND,Length: 172
37:46.0,LocalServiceControl.exe,9196,RegCloseKey,HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Compatibility32,SUCCESS,
37:46.0,LocalServiceControl.exe,9196,RegOpenKey,HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\IME Compatibility,NAME NOT FOUND,Desired Access: Read
37:46.0,LocalServiceControl.exe,9196,CreateFile,C:\Program Files (x86)\SystemResources\LocalServiceControl.exe.mun,PATH NOT FOUND,"Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a"
37:46.0,LocalServiceControl.exe,9196,CreateFile,C:\Program Files (x86)\SystemResources\LocalServiceControl.exe.mun,PATH NOT FOUND,"Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a"
37:46.0,LocalServiceControl.exe,9196,QueryOpen,C:\Windows\SysWOW64\edgegdi.dll,NAME NOT FOUND,
37:46.0,LocalServiceControl.exe,9196,RegQueryKey,HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options,SUCCESS,"Query: HandleTags, HandleTags: 0x400"
37:46.0,LocalServiceControl.exe,9196,RegOpenKey,HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\LocalServiceControl.exe,NAME NOT FOUND,"Desired Access: Query Value, Enumerate Sub Keys"
37:46.0,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Control\WMI\Security\ca967c75-04bf-40b5-9a16-98b5f9332a92,NAME NOT FOUND,Length: 528
37:46.0,LocalServiceControl.exe,9196,QueryNameInformationFile,C:\Windows\SysWOW64\sechost.dll,SUCCESS,Name: \Windows\SysWOW64\sechost.dll
37:46.0,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Control\WMI\Security\b6fd710b-f783-4b1c-ab9c-c68099dcc0c7,NAME NOT FOUND,Length: 528
37:46.0,LocalServiceControl.exe,9196,QueryNameInformationFile,C:\Windows\SysWOW64\sechost.dll,SUCCESS,Name: \Windows\SysWOW64\sechost.dll
37:46.0,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Control\WMI\Security\c1376338-0984-48b8-b933-9c7d779fd84d,NAME NOT FOUND,Length: 528
37:46.0,LocalServiceControl.exe,9196,QueryNameInformationFile,C:\Windows\SysWOW64\advapi32.dll,SUCCESS,Name: \Windows\SysWOW64\advapi32.dll
37:46.0,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Control\WMI\Security\30336ed4-e327-447c-9de0-51b652c86108,NAME NOT FOUND,Length: 528
37:46.0,LocalServiceControl.exe,9196,QueryNameInformationFile,C:\Windows\SysWOW64\shell32.dll,SUCCESS,Name: \Windows\SysWOW64\shell32.dll
37:46.0,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Control\WMI\Security\32980f26-c8f5-5767-6b26-635b3fa83c61,NAME NOT FOUND,Length: 528
37:46.0,LocalServiceControl.exe,9196,QueryNameInformationFile,C:\Windows\SysWOW64\shell32.dll,SUCCESS,Name: \Windows\SysWOW64\shell32.dll
37:46.0,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Control\WMI\Security\703fcc13-b66f-5868-ddd9-e2db7f381ffb,NAME NOT FOUND,Length: 528
37:46.0,LocalServiceControl.exe,9196,QueryNameInformationFile,C:\Windows\SysWOW64\shell32.dll,SUCCESS,Name: \Windows\SysWOW64\shell32.dll
37:46.0,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Control\WMI\Security\d0f1a5c6-fc43-48ae-99bf-efb1c38be9d1,NAME NOT FOUND,Length: 528
37:46.0,LocalServiceControl.exe,9196,QueryNameInformationFile,C:\Windows\SysWOW64\ws2_32.dll,SUCCESS,Name: \Windows\SysWOW64\ws2_32.dll
37:46.0,LocalServiceControl.exe,9196,RegOpenKey,HKLM\SYSTEM\CurrentControlSet\Control\Session Manager,REPARSE,"Desired Access: Query Value, Enumerate Sub Keys"
37:46.0,LocalServiceControl.exe,9196,RegOpenKey,HKLM\System\CurrentControlSet\Control\Session Manager,SUCCESS,"Desired Access: Query Value, Enumerate Sub Keys"
37:46.0,LocalServiceControl.exe,9196,RegSetInfoKey,HKLM\System\CurrentControlSet\Control\Session Manager,SUCCESS,"KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
37:46.0,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Control\Session Manager\ResourcePolicies,NAME NOT FOUND,Length: 24
37:46.0,LocalServiceControl.exe,9196,RegCloseKey,HKLM\System\CurrentControlSet\Control\Session Manager,SUCCESS,
37:46.0,LocalServiceControl.exe,9196,QueryNameInformationFile,C:\Program Files (x86)\LocalServiceComponents\NetStream.dll,SUCCESS,Name: \Program Files (x86)\LocalServiceComponents\NetStream.dll
37:46.0,LocalServiceControl.exe,9196,RegOpenKey,HKLM,SUCCESS,"Desired Access: Maximum Allowed, Granted Access: All Access"
37:46.0,LocalServiceControl.exe,9196,RegQueryKey,HKLM,SUCCESS,"Query: HandleTags, HandleTags: 0x0"
37:46.0,LocalServiceControl.exe,9196,RegQueryKey,HKLM,SUCCESS,Query: Name
37:46.0,LocalServiceControl.exe,9196,RegOpenKey,HKLM\SOFTWARE\WOW6432Node\Microsoft\OLE,REPARSE,Desired Access: Read
37:46.0,LocalServiceControl.exe,9196,RegOpenKey,HKLM\SOFTWARE\Microsoft\Ole,SUCCESS,Desired Access: Read
37:46.0,LocalServiceControl.exe,9196,RegSetInfoKey,HKLM\SOFTWARE\Microsoft\Ole,SUCCESS,"KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
37:46.0,LocalServiceControl.exe,9196,RegQueryValue,HKLM\SOFTWARE\Microsoft\Ole\PageAllocatorUseSystemHeap,NAME NOT FOUND,Length: 20
37:46.0,LocalServiceControl.exe,9196,RegCloseKey,HKLM\SOFTWARE\Microsoft\Ole,SUCCESS,
37:46.0,LocalServiceControl.exe,9196,RegQueryKey,HKLM,SUCCESS,"Query: HandleTags, HandleTags: 0x0"
37:46.0,LocalServiceControl.exe,9196,RegQueryKey,HKLM,SUCCESS,Query: Name
37:46.0,LocalServiceControl.exe,9196,RegOpenKey,HKLM\SOFTWARE\WOW6432Node\Microsoft\OLE,REPARSE,Desired Access: Read
37:46.0,LocalServiceControl.exe,9196,RegOpenKey,HKLM\SOFTWARE\Microsoft\Ole,SUCCESS,Desired Access: Read
37:46.0,LocalServiceControl.exe,9196,RegSetInfoKey,HKLM\SOFTWARE\Microsoft\Ole,SUCCESS,"KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
37:46.0,LocalServiceControl.exe,9196,RegQueryValue,HKLM\SOFTWARE\Microsoft\Ole\PageAllocatorSystemHeapIsPrivate,NAME NOT FOUND,Length: 20
37:46.0,LocalServiceControl.exe,9196,RegCloseKey,HKLM\SOFTWARE\Microsoft\Ole,SUCCESS,
37:46.0,LocalServiceControl.exe,9196,RegQueryKey,HKLM,SUCCESS,"Query: HandleTags, HandleTags: 0x0"
37:46.0,LocalServiceControl.exe,9196,RegQueryKey,HKLM,SUCCESS,Query: Name
37:46.0,LocalServiceControl.exe,9196,RegOpenKey,HKLM\SOFTWARE\WOW6432Node\Microsoft\OLE,REPARSE,Desired Access: Read
37:46.0,LocalServiceControl.exe,9196,RegOpenKey,HKLM\SOFTWARE\Microsoft\Ole,SUCCESS,Desired Access: Read
37:46.0,LocalServiceControl.exe,9196,RegSetInfoKey,HKLM\SOFTWARE\Microsoft\Ole,SUCCESS,"KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
37:46.0,LocalServiceControl.exe,9196,RegQueryValue,HKLM\SOFTWARE\Microsoft\Ole\AggressiveMTATesting,NAME NOT FOUND,Length: 16
37:46.0,LocalServiceControl.exe,9196,RegCloseKey,HKLM\SOFTWARE\Microsoft\Ole,SUCCESS,
37:46.0,LocalServiceControl.exe,9196,RegQueryKey,HKLM,SUCCESS,"Query: HandleTags, HandleTags: 0x0"
37:46.0,LocalServiceControl.exe,9196,RegOpenKey,HKLM,SUCCESS,Desired Access: Read
37:46.0,LocalServiceControl.exe,9196,RegSetInfoKey,HKLM,SUCCESS,"KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
37:46.0,LocalServiceControl.exe,9196,RegQueryKey,HKLM,SUCCESS,"Query: HandleTags, HandleTags: 0x100"
37:46.0,LocalServiceControl.exe,9196,RegOpenKey,HKLM\Software\Microsoft\Ole\FeatureDevelopmentProperties,NAME NOT FOUND,Desired Access: Read
37:46.0,LocalServiceControl.exe,9196,RegOpenKey,HKLM\SOFTWARE\Microsoft\AppModel\Lookaside\Packages,NAME NOT FOUND,Desired Access: Read
37:46.0,LocalServiceControl.exe,9196,RegQueryKey,HKLM,SUCCESS,"Query: HandleTags, HandleTags: 0x100"
37:46.0,LocalServiceControl.exe,9196,RegOpenKey,HKLM\Software\Microsoft\Ole\FeatureDevelopmentProperties,NAME NOT FOUND,Desired Access: Read
37:46.0,LocalServiceControl.exe,9196,RegQueryKey,HKLM,SUCCESS,"Query: HandleTags, HandleTags: 0x100"
37:46.0,LocalServiceControl.exe,9196,RegOpenKey,HKLM\Software\Microsoft\Ole,SUCCESS,Desired Access: Read
37:46.0,LocalServiceControl.exe,9196,RegOpenKey,HKCU,SUCCESS,Desired Access: Read
37:46.0,LocalServiceControl.exe,9196,RegSetInfoKey,HKCU,SUCCESS,"KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
37:46.0,LocalServiceControl.exe,9196,RegQueryKey,HKCU,SUCCESS,"Query: HandleTags, HandleTags: 0x100"
37:46.0,LocalServiceControl.exe,9196,RegOpenKey,HKCU\Software\Classes\Local Settings,REPARSE,Desired Access: Read
37:46.0,LocalServiceControl.exe,9196,RegOpenKey,HKCU\Software\Classes\Local Settings,SUCCESS,Desired Access: Read
37:46.0,LocalServiceControl.exe,9196,RegCloseKey,HKCU,SUCCESS,
37:46.0,LocalServiceControl.exe,9196,RegQueryKey,HKCU\Software\Classes\Local Settings,SUCCESS,"Query: HandleTags, HandleTags: 0x0"
37:46.0,LocalServiceControl.exe,9196,RegQueryKey,HKCU\Software\Classes\Local Settings,SUCCESS,Query: Name
37:46.0,LocalServiceControl.exe,9196,RegOpenKey,HKCU\Software\Classes\Local Settings\Software\Microsoft\Ole\FeatureDevelopmentProperties,NAME NOT FOUND,Desired Access: Read
37:46.0,LocalServiceControl.exe,9196,RegQueryKey,HKCU\Software\Classes\Local Settings,SUCCESS,"Query: HandleTags, HandleTags: 0x0"
37:46.0,LocalServiceControl.exe,9196,RegQueryKey,HKCU\Software\Classes\Local Settings,SUCCESS,Query: Name
37:46.0,LocalServiceControl.exe,9196,RegOpenKey,HKCU\Software\Classes\Local Settings\Software\Microsoft\Ole\FeatureDevelopmentProperties,NAME NOT FOUND,Desired Access: Read
37:46.0,LocalServiceControl.exe,9196,RegQueryKey,HKCU\Software\Classes\Local Settings,SUCCESS,"Query: HandleTags, HandleTags: 0x0"
37:46.0,LocalServiceControl.exe,9196,RegQueryKey,HKCU\Software\Classes\Local Settings,SUCCESS,Query: Name
37:46.0,LocalServiceControl.exe,9196,RegOpenKey,HKCU\Software\Classes\Local Settings\Software\Microsoft\Ole,NAME NOT FOUND,Desired Access: Read
37:46.0,LocalServiceControl.exe,9196,RegQueryKey,HKCU\Software\Classes\Local Settings,SUCCESS,"Query: HandleTags, HandleTags: 0x0"
37:46.0,LocalServiceControl.exe,9196,RegQueryKey,HKCU\Software\Classes\Local Settings,SUCCESS,Query: Name
37:46.0,LocalServiceControl.exe,9196,RegOpenKey,HKCU\Software\Classes\Local Settings\Software\Microsoft,SUCCESS,Desired Access: Read
37:46.0,LocalServiceControl.exe,9196,RegSetInfoKey,HKCU\Software\Classes\Local Settings\Software\Microsoft,SUCCESS,"KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
37:46.0,LocalServiceControl.exe,9196,RegQueryKey,HKLM,SUCCESS,"Query: HandleTags, HandleTags: 0x0"
37:46.0,LocalServiceControl.exe,9196,RegQueryKey,HKLM,SUCCESS,Query: Name
37:46.0,LocalServiceControl.exe,9196,RegOpenKey,HKLM\Software\WOW6432Node\Microsoft\OLE\Tracing,REPARSE,Desired Access: Read
37:46.0,LocalServiceControl.exe,9196,RegOpenKey,HKLM\SOFTWARE\Microsoft\Ole\Tracing,NAME NOT FOUND,Desired Access: Read
37:46.0,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Control\WMI\Security\1aff6089-e863-4d36-bdfd-3581f07440be,NAME NOT FOUND,Length: 528
37:46.0,LocalServiceControl.exe,9196,QueryNameInformationFile,C:\Windows\SysWOW64\combase.dll,SUCCESS,Name: \Windows\SysWOW64\combase.dll
37:46.0,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Control\WMI\Security\f0558438-f56a-5987-47da-040ca75aef05,NAME NOT FOUND,Length: 528
37:46.0,LocalServiceControl.exe,9196,QueryNameInformationFile,C:\Windows\SysWOW64\combase.dll,SUCCESS,Name: \Windows\SysWOW64\combase.dll
37:46.0,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Control\WMI\Security\c7e09e2a-c663-5399-af79-2fccd321d19a,NAME NOT FOUND,Length: 528
37:46.0,LocalServiceControl.exe,9196,QueryNameInformationFile,C:\Windows\SysWOW64\combase.dll,SUCCESS,Name: \Windows\SysWOW64\combase.dll
37:46.0,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Control\WMI\Security\703fcc13-b66f-5868-ddd9-e2db7f381ffb,NAME NOT FOUND,Length: 528
37:46.0,LocalServiceControl.exe,9196,QueryNameInformationFile,C:\Windows\SysWOW64\combase.dll,SUCCESS,Name: \Windows\SysWOW64\combase.dll
37:46.0,LocalServiceControl.exe,9196,RegQueryKey,HKLM,SUCCESS,"Query: HandleTags, HandleTags: 0x0"
37:46.0,LocalServiceControl.exe,9196,RegQueryKey,HKLM,SUCCESS,Query: Name
37:46.0,LocalServiceControl.exe,9196,RegOpenKey,HKLM\Software\WOW6432Node\Microsoft\OLE\Tracing,REPARSE,Desired Access: Read
37:46.0,LocalServiceControl.exe,9196,RegOpenKey,HKLM\SOFTWARE\Microsoft\Ole\Tracing,NAME NOT FOUND,Desired Access: Read
37:46.0,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Control\WMI\Security\1aff6089-e863-4d36-bdfd-3581f07440be,NAME NOT FOUND,Length: 528
37:46.0,LocalServiceControl.exe,9196,QueryNameInformationFile,C:\Windows\SysWOW64\ole32.dll,SUCCESS,Name: \Windows\SysWOW64\ole32.dll
37:46.0,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Control\WMI\Security\f0558438-f56a-5987-47da-040ca75aef05,NAME NOT FOUND,Length: 528
37:46.0,LocalServiceControl.exe,9196,QueryNameInformationFile,C:\Windows\SysWOW64\ole32.dll,SUCCESS,Name: \Windows\SysWOW64\ole32.dll
37:46.0,LocalServiceControl.exe,9196,QueryOpen,C:\Windows\SysWOW64\oleaut32.dll,SUCCESS,"CreationTime: 10/14/2020 4:38:07 AM, LastAccessTime: 12/25/2020 12:37:37 PM, LastWriteTime: 10/14/2020 4:38:07 AM, ChangeTime: 12/9/2020 2:19:15 AM, AllocationSize: 610,304, EndOfFile: 606,880, FileAttributes: A"
37:46.0,LocalServiceControl.exe,9196,CreateFile,C:\Windows\SysWOW64\oleaut32.dll,SUCCESS,"Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
37:46.0,LocalServiceControl.exe,9196,CreateFileMapping,C:\Windows\SysWOW64\oleaut32.dll,FILE LOCKED WITH ONLY READERS,"SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READWRITE"
37:46.0,LocalServiceControl.exe,9196,QueryStandardInformationFile,C:\Windows\SysWOW64\oleaut32.dll,SUCCESS,"AllocationSize: 610,304, EndOfFile: 606,880, NumberOfLinks: 2, DeletePending: False, Directory: False"
37:46.0,LocalServiceControl.exe,9196,CreateFileMapping,C:\Windows\SysWOW64\oleaut32.dll,SUCCESS,SyncType: SyncTypeOther
37:46.0,LocalServiceControl.exe,9196,CloseFile,C:\Windows\SysWOW64\oleaut32.dll,SUCCESS,
37:46.0,LocalServiceControl.exe,9196,RegQueryKey,HKLM,SUCCESS,"Query: HandleTags, HandleTags: 0x0"
37:46.0,LocalServiceControl.exe,9196,RegQueryKey,HKLM,SUCCESS,Query: Name
37:46.0,LocalServiceControl.exe,9196,RegOpenKey,HKLM\system\CurrentControlSet\control\NetworkProvider\HwOrder,REPARSE,Desired Access: Read
37:46.0,LocalServiceControl.exe,9196,RegOpenKey,HKLM\System\CurrentControlSet\control\NetworkProvider\HwOrder,SUCCESS,Desired Access: Read
37:46.0,LocalServiceControl.exe,9196,RegSetInfoKey,HKLM\System\CurrentControlSet\Control\NetworkProvider\HwOrder,SUCCESS,"KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
37:46.0,LocalServiceControl.exe,9196,RegQueryKey,HKLM,SUCCESS,"Query: HandleTags, HandleTags: 0x0"
37:46.0,LocalServiceControl.exe,9196,RegQueryKey,HKLM,SUCCESS,Query: Name
37:46.0,LocalServiceControl.exe,9196,RegOpenKey,HKLM\system\CurrentControlSet\control\NetworkProvider\ProviderOrder,REPARSE,Desired Access: Read
37:46.0,LocalServiceControl.exe,9196,RegOpenKey,HKLM\System\CurrentControlSet\control\NetworkProvider\ProviderOrder,SUCCESS,Desired Access: Read
37:46.0,LocalServiceControl.exe,9196,RegSetInfoKey,HKLM\System\CurrentControlSet\Control\NetworkProvider\ProviderOrder,SUCCESS,"KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
37:46.0,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Control\WMI\Security\5eb60b36-6206-5538-e60a-0a7af8a1e59d,NAME NOT FOUND,Length: 528
37:46.0,LocalServiceControl.exe,9196,QueryNameInformationFile,C:\Windows\SysWOW64\mpr.dll,SUCCESS,Name: \Windows\SysWOW64\mpr.dll
37:46.0,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Control\WMI\Security\9ca335ed-c0a6-4b4d-b084-9c9b5143aff0,NAME NOT FOUND,Length: 528
37:46.0,LocalServiceControl.exe,9196,QueryNameInformationFile,C:\Windows\SysWOW64\dnsapi.dll,SUCCESS,Name: \Windows\SysWOW64\dnsapi.dll
37:46.0,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Control\WMI\Security\703fcc13-b66f-5868-ddd9-e2db7f381ffb,NAME NOT FOUND,Length: 528
37:46.0,LocalServiceControl.exe,9196,QueryNameInformationFile,C:\Windows\SysWOW64\dnsapi.dll,SUCCESS,Name: \Windows\SysWOW64\dnsapi.dll
37:46.0,LocalServiceControl.exe,9196,Load Image,C:\Windows\SysWOW64\nsi.dll,SUCCESS,"Image Base: 0x75b60000, Image Size: 0x7000"
37:46.0,LocalServiceControl.exe,9196,CreateFile,C:\Windows\SysWOW64\nsi.dll,SUCCESS,"Desired Access: Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
37:46.0,LocalServiceControl.exe,9196,QuerySecurityFile,C:\Windows\SysWOW64\nsi.dll,BUFFER OVERFLOW,Information: Owner
37:46.0,LocalServiceControl.exe,9196,QuerySecurityFile,C:\Windows\SysWOW64\nsi.dll,SUCCESS,Information: Owner
37:46.0,LocalServiceControl.exe,9196,CloseFile,C:\Windows\SysWOW64\nsi.dll,SUCCESS,
37:46.0,LocalServiceControl.exe,9196,RegOpenKey,HKLM\System\CurrentControlSet\Control\StateSeparation\RedirectionMap\Keys,REPARSE,Desired Access: Read
37:46.0,LocalServiceControl.exe,9196,RegOpenKey,HKLM\System\CurrentControlSet\Control\StateSeparation\RedirectionMap\Keys,NAME NOT FOUND,Desired Access: Read
37:46.0,LocalServiceControl.exe,9196,RegQueryKey,HKLM,SUCCESS,"Query: HandleTags, HandleTags: 0x0"
37:46.0,LocalServiceControl.exe,9196,RegQueryKey,HKLM,SUCCESS,Query: Name
37:46.0,LocalServiceControl.exe,9196,RegOpenKey,HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces,REPARSE,Desired Access: Read
37:46.0,LocalServiceControl.exe,9196,RegOpenKey,HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces,SUCCESS,Desired Access: Read
37:46.0,LocalServiceControl.exe,9196,RegSetInfoKey,HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces,SUCCESS,"KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
37:46.0,LocalServiceControl.exe,9196,RegQueryKey,HKLM,SUCCESS,"Query: HandleTags, HandleTags: 0x0"
37:46.0,LocalServiceControl.exe,9196,RegQueryKey,HKLM,SUCCESS,Query: Name
37:46.0,LocalServiceControl.exe,9196,RegOpenKey,HKLM\System\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces,REPARSE,Desired Access: Read
37:46.0,LocalServiceControl.exe,9196,RegOpenKey,HKLM\System\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces,SUCCESS,Desired Access: Read
37:46.0,LocalServiceControl.exe,9196,RegSetInfoKey,HKLM\System\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces,SUCCESS,"KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
37:46.0,LocalServiceControl.exe,9196,QueryNameInformationFile,C:\Program Files (x86)\LocalServiceComponents\LocalServiceControl.exe,SUCCESS,Name: \Program Files (x86)\LocalServiceComponents\LocalServiceControl.exe
37:46.1,LocalServiceControl.exe,9196,Load Image,C:\Windows\SysWOW64\SHCore.dll,SUCCESS,"Image Base: 0x75040000, Image Size: 0x88000"
37:46.1,LocalServiceControl.exe,9196,RegOpenKey,HKLM\System\CurrentControlSet\Control\Nls\CustomLocale,REPARSE,Desired Access: Read
37:46.1,LocalServiceControl.exe,9196,RegOpenKey,HKLM\System\CurrentControlSet\Control\Nls\CustomLocale,SUCCESS,Desired Access: Read
37:46.1,LocalServiceControl.exe,9196,RegSetInfoKey,HKLM\System\CurrentControlSet\Control\Nls\CustomLocale,SUCCESS,"KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Control\Nls\CustomLocale\en-US,NAME NOT FOUND,Length: 532
37:46.1,LocalServiceControl.exe,9196,RegCloseKey,HKLM\System\CurrentControlSet\Control\Nls\CustomLocale,SUCCESS,
37:46.1,LocalServiceControl.exe,9196,RegOpenKey,HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale,REPARSE,Desired Access: Read
37:46.1,LocalServiceControl.exe,9196,RegOpenKey,HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale,SUCCESS,Desired Access: Read
37:46.1,LocalServiceControl.exe,9196,RegSetInfoKey,HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale,SUCCESS,"KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale\en-US,NAME NOT FOUND,Length: 532
37:46.1,LocalServiceControl.exe,9196,RegCloseKey,HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale,SUCCESS,
37:46.1,LocalServiceControl.exe,9196,QueryOpen,C:\Program Files (x86)\LocalServiceComponents\qt.conf,NAME NOT FOUND,
37:46.1,LocalServiceControl.exe,9196,QueryOpen,C:\Program Files (x86)\LocalServiceComponents\CRYPTBASE.DLL,NAME NOT FOUND,
37:46.1,LocalServiceControl.exe,9196,QueryOpen,C:\Windows\SysWOW64\cryptbase.dll,SUCCESS,"CreationTime: 10/14/2020 4:37:56 AM, LastAccessTime: 12/25/2020 12:29:51 PM, LastWriteTime: 10/14/2020 4:37:56 AM, ChangeTime: 12/9/2020 2:19:15 AM, AllocationSize: 32,768, EndOfFile: 31,528, FileAttributes: A"
37:46.1,LocalServiceControl.exe,9196,CreateFile,C:\Windows\SysWOW64\cryptbase.dll,SUCCESS,"Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
37:46.1,LocalServiceControl.exe,9196,CreateFileMapping,C:\Windows\SysWOW64\cryptbase.dll,FILE LOCKED WITH ONLY READERS,"SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READWRITE"
37:46.1,LocalServiceControl.exe,9196,RegOpenKey,HKLM\System\CurrentControlSet\Control\CI,REPARSE,Desired Access: Read
37:46.1,LocalServiceControl.exe,9196,RegOpenKey,HKLM\System\CurrentControlSet\Control\CI,SUCCESS,Desired Access: Read
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Control\CI\Disable26178932,NAME NOT FOUND,Length: 20
37:46.1,LocalServiceControl.exe,9196,RegCloseKey,HKLM\System\CurrentControlSet\Control\CI,SUCCESS,
37:46.1,LocalServiceControl.exe,9196,RegOpenKey,HKLM\System\CurrentControlSet\Control\CI,REPARSE,Desired Access: Query Value
37:46.1,LocalServiceControl.exe,9196,RegOpenKey,HKLM\System\CurrentControlSet\Control\CI,SUCCESS,Desired Access: Query Value
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Control\CI\Disable26178932,NAME NOT FOUND,Length: 80
37:46.1,LocalServiceControl.exe,9196,RegCloseKey,HKLM\System\CurrentControlSet\Control\CI,SUCCESS,
37:46.1,LocalServiceControl.exe,9196,CreateFileMapping,C:\Windows\SysWOW64\cryptbase.dll,SUCCESS,SyncType: SyncTypeOther
37:46.1,LocalServiceControl.exe,9196,Load Image,C:\Windows\SysWOW64\cryptbase.dll,SUCCESS,"Image Base: 0x72df0000, Image Size: 0xa000"
37:46.1,LocalServiceControl.exe,9196,CloseFile,C:\Windows\SysWOW64\cryptbase.dll,SUCCESS,
37:46.1,LocalServiceControl.exe,9196,Load Image,C:\Windows\SysWOW64\bcryptprimitives.dll,SUCCESS,"Image Base: 0x77010000, Image Size: 0x5d000"
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Control\WMI\Security\f3a71a4b-6118-4257-8ccb-39a33ba059d4,NAME NOT FOUND,Length: 528
37:46.1,LocalServiceControl.exe,9196,QueryNameInformationFile,C:\Windows\SysWOW64\bcryptprimitives.dll,SUCCESS,Name: \Windows\SysWOW64\bcryptprimitives.dll
37:46.1,LocalServiceControl.exe,9196,RegOpenKey,HKLM\System\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy,REPARSE,Desired Access: Query Value
37:46.1,LocalServiceControl.exe,9196,RegOpenKey,HKLM\System\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy,SUCCESS,Desired Access: Query Value
37:46.1,LocalServiceControl.exe,9196,RegSetInfoKey,HKLM\System\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy,SUCCESS,"KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy\STE,NAME NOT FOUND,Length: 20
37:46.1,LocalServiceControl.exe,9196,RegCloseKey,HKLM\System\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy,SUCCESS,
37:46.1,LocalServiceControl.exe,9196,RegOpenKey,HKLM\System\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy,REPARSE,Desired Access: Query Value
37:46.1,LocalServiceControl.exe,9196,RegOpenKey,HKLM\System\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy,SUCCESS,Desired Access: Query Value
37:46.1,LocalServiceControl.exe,9196,RegSetInfoKey,HKLM\System\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy,SUCCESS,"KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy\Enabled,SUCCESS,"Type: REG_DWORD, Length: 4, Data: 0"
37:46.1,LocalServiceControl.exe,9196,RegOpenKey,HKLM\System\CurrentControlSet\Control\Lsa,REPARSE,Desired Access: Query Value
37:46.1,LocalServiceControl.exe,9196,RegOpenKey,HKLM\System\CurrentControlSet\Control\Lsa,SUCCESS,Desired Access: Query Value
37:46.1,LocalServiceControl.exe,9196,RegSetInfoKey,HKLM\System\CurrentControlSet\Control\Lsa,SUCCESS,"KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy,NAME NOT FOUND,Length: 20
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy\MDMEnabled,NAME NOT FOUND,Length: 20
37:46.1,LocalServiceControl.exe,9196,RegCloseKey,HKLM\System\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy,SUCCESS,
37:46.1,LocalServiceControl.exe,9196,RegCloseKey,HKLM\System\CurrentControlSet\Control\Lsa,SUCCESS,
37:46.1,LocalServiceControl.exe,9196,RegOpenKey,HKLM\SYSTEM\CurrentControlSet\Policies\Microsoft\Cryptography\Configuration,REPARSE,Desired Access: Query Value
37:46.1,LocalServiceControl.exe,9196,RegOpenKey,HKLM\System\CurrentControlSet\Policies\Microsoft\Cryptography\Configuration,NAME NOT FOUND,Desired Access: Query Value
37:46.1,LocalServiceControl.exe,9196,RegOpenKey,HKLM\Software\WOW6432Node\Microsoft\LanguageOverlay\OverlayPackages\en-US,REPARSE,Desired Access: Read
37:46.1,LocalServiceControl.exe,9196,RegOpenKey,HKLM\SOFTWARE\Microsoft\LanguageOverlay\OverlayPackages\en-US,NAME NOT FOUND,Desired Access: Read
37:46.1,LocalServiceControl.exe,9196,CreateFile,C:\Windows\SysWOW64\en-US\KERNELBASE.dll.mui,NAME NOT FOUND,"Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a"
37:46.1,LocalServiceControl.exe,9196,CreateFile,C:\Windows\System32\en-US\KernelBase.dll.mui,SUCCESS,"Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
37:46.1,LocalServiceControl.exe,9196,CreateFileMapping,C:\Windows\System32\en-US\KernelBase.dll.mui,FILE LOCKED WITH ONLY READERS,"SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READWRITE"
37:46.1,LocalServiceControl.exe,9196,QueryStandardInformationFile,C:\Windows\System32\en-US\KernelBase.dll.mui,SUCCESS,"AllocationSize: 1,306,624, EndOfFile: 1,306,624, NumberOfLinks: 2, DeletePending: False, Directory: False"
37:46.1,LocalServiceControl.exe,9196,CreateFileMapping,C:\Windows\System32\en-US\KernelBase.dll.mui,SUCCESS,SyncType: SyncTypeOther
37:46.1,LocalServiceControl.exe,9196,QueryOpen,C:\Windows\SysWOW64\windows.storage.dll,SUCCESS,"CreationTime: 12/9/2020 2:18:29 AM, LastAccessTime: 12/25/2020 12:37:37 PM, LastWriteTime: 12/9/2020 2:18:29 AM, ChangeTime: 12/9/2020 2:41:34 AM, AllocationSize: 6,369,280, EndOfFile: 6,368,912, FileAttributes: A"
37:46.1,LocalServiceControl.exe,9196,CreateFile,C:\Windows\SysWOW64\windows.storage.dll,SUCCESS,"Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
37:46.1,LocalServiceControl.exe,9196,CreateFileMapping,C:\Windows\SysWOW64\windows.storage.dll,FILE LOCKED WITH ONLY READERS,"SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READWRITE"
37:46.1,LocalServiceControl.exe,9196,RegOpenKey,HKLM\System\CurrentControlSet\Control\CI,REPARSE,Desired Access: Read
37:46.1,LocalServiceControl.exe,9196,RegOpenKey,HKLM\System\CurrentControlSet\Control\CI,SUCCESS,Desired Access: Read
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Control\CI\Disable26178932,NAME NOT FOUND,Length: 20
37:46.1,LocalServiceControl.exe,9196,RegCloseKey,HKLM\System\CurrentControlSet\Control\CI,SUCCESS,
37:46.1,LocalServiceControl.exe,9196,RegOpenKey,HKLM\System\CurrentControlSet\Control\CI,REPARSE,Desired Access: Query Value
37:46.1,LocalServiceControl.exe,9196,RegOpenKey,HKLM\System\CurrentControlSet\Control\CI,SUCCESS,Desired Access: Query Value
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Control\CI\Disable26178932,NAME NOT FOUND,Length: 80
37:46.1,LocalServiceControl.exe,9196,RegCloseKey,HKLM\System\CurrentControlSet\Control\CI,SUCCESS,
37:46.1,LocalServiceControl.exe,9196,CreateFileMapping,C:\Windows\SysWOW64\windows.storage.dll,SUCCESS,SyncType: SyncTypeOther
37:46.1,LocalServiceControl.exe,9196,Load Image,C:\Windows\SysWOW64\windows.storage.dll,SUCCESS,"Image Base: 0x74370000, Image Size: 0x60a000"
37:46.1,LocalServiceControl.exe,9196,CloseFile,C:\Windows\SysWOW64\windows.storage.dll,SUCCESS,
37:46.1,LocalServiceControl.exe,9196,QueryOpen,C:\Program Files (x86)\LocalServiceComponents\Wldp.dll,NAME NOT FOUND,
37:46.1,LocalServiceControl.exe,9196,QueryOpen,C:\Windows\SysWOW64\wldp.dll,SUCCESS,"CreationTime: 12/9/2020 2:18:31 AM, LastAccessTime: 12/25/2020 12:37:37 PM, LastWriteTime: 12/9/2020 2:18:31 AM, ChangeTime: 12/9/2020 2:41:35 AM, AllocationSize: 143,360, EndOfFile: 139,960, FileAttributes: A"
37:46.1,LocalServiceControl.exe,9196,CreateFile,C:\Windows\SysWOW64\wldp.dll,SUCCESS,"Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
37:46.1,LocalServiceControl.exe,9196,CreateFileMapping,C:\Windows\SysWOW64\wldp.dll,FILE LOCKED WITH ONLY READERS,"SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READWRITE"
37:46.1,LocalServiceControl.exe,9196,RegOpenKey,HKLM\System\CurrentControlSet\Control\CI,REPARSE,Desired Access: Read
37:46.1,LocalServiceControl.exe,9196,RegOpenKey,HKLM\System\CurrentControlSet\Control\CI,SUCCESS,Desired Access: Read
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Control\CI\Disable26178932,NAME NOT FOUND,Length: 20
37:46.1,LocalServiceControl.exe,9196,RegCloseKey,HKLM\System\CurrentControlSet\Control\CI,SUCCESS,
37:46.1,LocalServiceControl.exe,9196,RegOpenKey,HKLM\System\CurrentControlSet\Control\CI,REPARSE,Desired Access: Query Value
37:46.1,LocalServiceControl.exe,9196,RegOpenKey,HKLM\System\CurrentControlSet\Control\CI,SUCCESS,Desired Access: Query Value
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Control\CI\Disable26178932,NAME NOT FOUND,Length: 80
37:46.1,LocalServiceControl.exe,9196,RegCloseKey,HKLM\System\CurrentControlSet\Control\CI,SUCCESS,
37:46.1,LocalServiceControl.exe,9196,CreateFileMapping,C:\Windows\SysWOW64\wldp.dll,SUCCESS,SyncType: SyncTypeOther
37:46.1,LocalServiceControl.exe,9196,Load Image,C:\Windows\SysWOW64\wldp.dll,SUCCESS,"Image Base: 0x74340000, Image Size: 0x24000"
37:46.1,LocalServiceControl.exe,9196,CloseFile,C:\Windows\SysWOW64\wldp.dll,SUCCESS,
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Control\WMI\Security\9a2edb8f-5883-499f-aced-6e4b69d43ddf,NAME NOT FOUND,Length: 528
37:46.1,LocalServiceControl.exe,9196,QueryNameInformationFile,C:\Windows\SysWOW64\wldp.dll,SUCCESS,Name: \Windows\SysWOW64\wldp.dll
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Control\WMI\Security\30336ed4-e327-447c-9de0-51b652c86108,NAME NOT FOUND,Length: 528
37:46.1,LocalServiceControl.exe,9196,QueryNameInformationFile,C:\Windows\SysWOW64\windows.storage.dll,SUCCESS,Name: \Windows\SysWOW64\windows.storage.dll
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Control\WMI\Security\a40b455c-253c-4311-ac6d-6e667edccefc,NAME NOT FOUND,Length: 528
37:46.1,LocalServiceControl.exe,9196,QueryNameInformationFile,C:\Windows\SysWOW64\windows.storage.dll,SUCCESS,Name: \Windows\SysWOW64\windows.storage.dll
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Control\WMI\Security\703fcc13-b66f-5868-ddd9-e2db7f381ffb,NAME NOT FOUND,Length: 528
37:46.1,LocalServiceControl.exe,9196,QueryNameInformationFile,C:\Windows\SysWOW64\windows.storage.dll,SUCCESS,Name: \Windows\SysWOW64\windows.storage.dll
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Control\WMI\Security\32980f26-c8f5-5767-6b26-635b3fa83c61,NAME NOT FOUND,Length: 528
37:46.1,LocalServiceControl.exe,9196,QueryNameInformationFile,C:\Windows\SysWOW64\windows.storage.dll,SUCCESS,Name: \Windows\SysWOW64\windows.storage.dll
37:46.1,LocalServiceControl.exe,9196,RegQueryKey,HKLM,SUCCESS,"Query: HandleTags, HandleTags: 0x0"
37:46.1,LocalServiceControl.exe,9196,RegQueryKey,HKLM,SUCCESS,Query: Name
37:46.1,LocalServiceControl.exe,9196,RegOpenKey,HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions,SUCCESS,Desired Access: Read
37:46.1,LocalServiceControl.exe,9196,RegSetInfoKey,HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions,SUCCESS,"KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
37:46.1,LocalServiceControl.exe,9196,RegQueryKey,HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions,SUCCESS,"Query: HandleTags, HandleTags: 0x400"
37:46.1,LocalServiceControl.exe,9196,RegOpenKey,HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091},SUCCESS,Desired Access: Read
37:46.1,LocalServiceControl.exe,9196,RegCloseKey,HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions,SUCCESS,
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\Category,SUCCESS,"Type: REG_DWORD, Length: 4, Data: 4"
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\Name,SUCCESS,"Type: REG_SZ, Length: 28, Data: Local AppData"
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\ParentFolder,NAME NOT FOUND,Length: 90
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\Description,NAME NOT FOUND,Length: 144
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\RelativePath,SUCCESS,"Type: REG_SZ, Length: 28, Data: AppData\Local"
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\ParsingName,NAME NOT FOUND,Length: 144
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\InfoTip,NAME NOT FOUND,Length: 144
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\LocalizedName,NAME NOT FOUND,Length: 144
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\Icon,NAME NOT FOUND,Length: 144
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\Security,NAME NOT FOUND,Length: 144
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\StreamResource,NAME NOT FOUND,Length: 144
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\StreamResourceType,NAME NOT FOUND,Length: 144
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\LocalRedirectOnly,SUCCESS,"Type: REG_DWORD, Length: 4, Data: 1"
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\Roamable,NAME NOT FOUND,Length: 16
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\PreCreate,NAME NOT FOUND,Length: 16
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\Stream,NAME NOT FOUND,Length: 16
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\PublishExpandedPath,SUCCESS,"Type: REG_DWORD, Length: 4, Data: 1"
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\DefinitionFlags,NAME NOT FOUND,Length: 16
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\Attributes,NAME NOT FOUND,Length: 16
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\FolderTypeID,NAME NOT FOUND,Length: 90
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\InitFolderHandler,NAME NOT FOUND,Length: 90
37:46.1,LocalServiceControl.exe,9196,Load Image,C:\Windows\SysWOW64\shlwapi.dll,SUCCESS,"Image Base: 0x76e20000, Image Size: 0x45000"
37:46.1,LocalServiceControl.exe,9196,RegQueryKey,HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091},SUCCESS,"Query: HandleTags, HandleTags: 0x400"
37:46.1,LocalServiceControl.exe,9196,RegOpenKey,HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\PropertyBag,NAME NOT FOUND,Desired Access: Read
37:46.1,LocalServiceControl.exe,9196,RegCloseKey,HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091},SUCCESS,
37:46.1,LocalServiceControl.exe,9196,RegOpenKey,HKCU,SUCCESS,"Desired Access: Maximum Allowed, Granted Access: All Access"
37:46.1,LocalServiceControl.exe,9196,RegQueryKey,HKCU,SUCCESS,"Query: HandleTags, HandleTags: 0x0"
37:46.1,LocalServiceControl.exe,9196,RegQueryKey,HKCU,SUCCESS,Query: Name
37:46.1,LocalServiceControl.exe,9196,RegOpenKey,HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer,SUCCESS,Desired Access: Query Value
37:46.1,LocalServiceControl.exe,9196,RegSetInfoKey,HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer,SUCCESS,"KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
37:46.1,LocalServiceControl.exe,9196,RegQueryKey,HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer,SUCCESS,"Query: HandleTags, HandleTags: 0x400"
37:46.1,LocalServiceControl.exe,9196,RegOpenKey,HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\7,SUCCESS,Desired Access: Query Value
37:46.1,LocalServiceControl.exe,9196,RegQueryKey,HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\7,SUCCESS,"Query: HandleTags, HandleTags: 0x400"
37:46.1,LocalServiceControl.exe,9196,RegOpenKey,HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\7\KnownFolders,NAME NOT FOUND,Desired Access: Query Value
37:46.1,LocalServiceControl.exe,9196,RegCloseKey,HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\7,SUCCESS,
37:46.1,LocalServiceControl.exe,9196,RegOpenKey,HKCU,SUCCESS,Desired Access: Read
37:46.1,LocalServiceControl.exe,9196,RegQueryKey,HKCU,SUCCESS,"Query: HandleTags, HandleTags: 0x0"
37:46.1,LocalServiceControl.exe,9196,RegQueryKey,HKCU,SUCCESS,Query: Name
37:46.1,LocalServiceControl.exe,9196,RegOpenKey,HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders,SUCCESS,Desired Access: Read
37:46.1,LocalServiceControl.exe,9196,RegSetInfoKey,HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders,SUCCESS,"KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
37:46.1,LocalServiceControl.exe,9196,RegCloseKey,HKCU,SUCCESS,
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Local AppData,SUCCESS,"Type: REG_EXPAND_SZ, Length: 56, Data: %USERPROFILE%\AppData\Local"
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Control\Nls\Sorting\Versions\000603xx,SUCCESS,"Type: REG_SZ, Length: 26, Data: kernel32.dll"
37:46.1,LocalServiceControl.exe,9196,CreateFile,C:\Windows\Globalization\Sorting\SortDefault.nls,SUCCESS,"Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, AllocationSize: n/a, OpenResult: Opened"
37:46.1,LocalServiceControl.exe,9196,CreateFileMapping,C:\Windows\Globalization\Sorting\SortDefault.nls,FILE LOCKED WITH ONLY READERS,"SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READWRITE"
37:46.1,LocalServiceControl.exe,9196,QueryStandardInformationFile,C:\Windows\Globalization\Sorting\SortDefault.nls,SUCCESS,"AllocationSize: 3,375,104, EndOfFile: 3,371,404, NumberOfLinks: 2, DeletePending: False, Directory: False"
37:46.1,LocalServiceControl.exe,9196,CreateFileMapping,C:\Windows\Globalization\Sorting\SortDefault.nls,SUCCESS,SyncType: SyncTypeOther
37:46.1,LocalServiceControl.exe,9196,CloseFile,C:\Windows\Globalization\Sorting\SortDefault.nls,SUCCESS,
37:46.1,LocalServiceControl.exe,9196,RegOpenKey,HKLM\System\CurrentControlSet\Control\Nls\Sorting\Ids,REPARSE,Desired Access: Read
37:46.1,LocalServiceControl.exe,9196,RegOpenKey,HKLM\System\CurrentControlSet\Control\Nls\Sorting\Ids,SUCCESS,Desired Access: Read
37:46.1,LocalServiceControl.exe,9196,RegSetInfoKey,HKLM\System\CurrentControlSet\Control\Nls\Sorting\Ids,SUCCESS,"KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Control\Nls\Sorting\Ids\en-US,NAME NOT FOUND,Length: 90
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Control\Nls\Sorting\Ids\en,NAME NOT FOUND,Length: 90
37:46.1,LocalServiceControl.exe,9196,RegCloseKey,HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders,SUCCESS,
37:46.1,LocalServiceControl.exe,9196,QueryOpen,C:\Users\GTAdmin\AppData\Local,SUCCESS,"CreationTime: 8/26/2020 5:54:32 PM, LastAccessTime: 12/25/2020 12:37:36 PM, LastWriteTime: 12/25/2020 12:10:58 PM, ChangeTime: 12/25/2020 12:10:58 PM, AllocationSize: 4,096, EndOfFile: 4,096, FileAttributes: D"
37:46.1,LocalServiceControl.exe,9196,RegQueryKey,HKLM,SUCCESS,"Query: HandleTags, HandleTags: 0x0"
37:46.1,LocalServiceControl.exe,9196,RegQueryKey,HKLM,SUCCESS,Query: Name
37:46.1,LocalServiceControl.exe,9196,RegOpenKey,HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\KnownFolderSettings,NAME NOT FOUND,Desired Access: Query Value
37:46.1,LocalServiceControl.exe,9196,RegQueryKey,HKLM,SUCCESS,"Query: HandleTags, HandleTags: 0x0"
37:46.1,LocalServiceControl.exe,9196,RegQueryKey,HKLM,SUCCESS,Query: Name
37:46.1,LocalServiceControl.exe,9196,RegOpenKey,HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\KnownFolderSettings,NAME NOT FOUND,Desired Access: Query Value
37:46.1,LocalServiceControl.exe,9196,RegQueryKey,HKLM,SUCCESS,"Query: HandleTags, HandleTags: 0x0"
37:46.1,LocalServiceControl.exe,9196,RegQueryKey,HKLM,SUCCESS,Query: Name
37:46.1,LocalServiceControl.exe,9196,RegOpenKey,HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions,SUCCESS,Desired Access: Read
37:46.1,LocalServiceControl.exe,9196,RegSetInfoKey,HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions,SUCCESS,"KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
37:46.1,LocalServiceControl.exe,9196,RegQueryKey,HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions,SUCCESS,"Query: HandleTags, HandleTags: 0x400"
37:46.1,LocalServiceControl.exe,9196,RegOpenKey,HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97},SUCCESS,Desired Access: Read
37:46.1,LocalServiceControl.exe,9196,RegCloseKey,HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions,SUCCESS,
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\Category,SUCCESS,"Type: REG_DWORD, Length: 4, Data: 2"
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\Name,SUCCESS,"Type: REG_SZ, Length: 30, Data: Common AppData"
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\ParentFolder,NAME NOT FOUND,Length: 90
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\Description,NAME NOT FOUND,Length: 144
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\RelativePath,NAME NOT FOUND,Length: 144
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\ParsingName,NAME NOT FOUND,Length: 144
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\InfoTip,NAME NOT FOUND,Length: 144
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\LocalizedName,NAME NOT FOUND,Length: 144
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\Icon,NAME NOT FOUND,Length: 144
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\Security,NAME NOT FOUND,Length: 144
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\StreamResource,NAME NOT FOUND,Length: 144
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\StreamResourceType,NAME NOT FOUND,Length: 144
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\LocalRedirectOnly,NAME NOT FOUND,Length: 16
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\Roamable,NAME NOT FOUND,Length: 16
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\PreCreate,NAME NOT FOUND,Length: 16
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\Stream,NAME NOT FOUND,Length: 16
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\PublishExpandedPath,NAME NOT FOUND,Length: 16
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\DefinitionFlags,NAME NOT FOUND,Length: 16
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\Attributes,NAME NOT FOUND,Length: 16
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\FolderTypeID,NAME NOT FOUND,Length: 90
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\InitFolderHandler,NAME NOT FOUND,Length: 90
37:46.1,LocalServiceControl.exe,9196,RegQueryKey,HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97},SUCCESS,"Query: HandleTags, HandleTags: 0x400"
37:46.1,LocalServiceControl.exe,9196,RegOpenKey,HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\PropertyBag,NAME NOT FOUND,Desired Access: Read
37:46.1,LocalServiceControl.exe,9196,RegCloseKey,HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97},SUCCESS,
37:46.1,LocalServiceControl.exe,9196,QueryOpen,C:\Program Files (x86)\LocalServiceComponents\profapi.dll,NAME NOT FOUND,
37:46.1,LocalServiceControl.exe,9196,QueryOpen,C:\Windows\SysWOW64\profapi.dll,SUCCESS,"CreationTime: 10/14/2020 4:37:56 AM, LastAccessTime: 12/25/2020 12:37:37 PM, LastWriteTime: 10/14/2020 4:37:56 AM, ChangeTime: 12/9/2020 2:19:15 AM, AllocationSize: 110,592, EndOfFile: 110,008, FileAttributes: A"
37:46.1,LocalServiceControl.exe,9196,CreateFile,C:\Windows\SysWOW64\profapi.dll,SUCCESS,"Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
37:46.1,LocalServiceControl.exe,9196,CreateFileMapping,C:\Windows\SysWOW64\profapi.dll,FILE LOCKED WITH ONLY READERS,"SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READWRITE"
37:46.1,LocalServiceControl.exe,9196,RegOpenKey,HKLM\System\CurrentControlSet\Control\CI,REPARSE,Desired Access: Read
37:46.1,LocalServiceControl.exe,9196,RegOpenKey,HKLM\System\CurrentControlSet\Control\CI,SUCCESS,Desired Access: Read
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Control\CI\Disable26178932,NAME NOT FOUND,Length: 20
37:46.1,LocalServiceControl.exe,9196,RegCloseKey,HKLM\System\CurrentControlSet\Control\CI,SUCCESS,
37:46.1,LocalServiceControl.exe,9196,RegOpenKey,HKLM\System\CurrentControlSet\Control\CI,REPARSE,Desired Access: Query Value
37:46.1,LocalServiceControl.exe,9196,RegOpenKey,HKLM\System\CurrentControlSet\Control\CI,SUCCESS,Desired Access: Query Value
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Control\CI\Disable26178932,NAME NOT FOUND,Length: 80
37:46.1,LocalServiceControl.exe,9196,RegCloseKey,HKLM\System\CurrentControlSet\Control\CI,SUCCESS,
37:46.1,LocalServiceControl.exe,9196,CreateFileMapping,C:\Windows\SysWOW64\profapi.dll,SUCCESS,SyncType: SyncTypeOther
37:46.1,LocalServiceControl.exe,9196,Load Image,C:\Windows\SysWOW64\profapi.dll,SUCCESS,"Image Base: 0x73ff0000, Image Size: 0x1d000"
37:46.1,LocalServiceControl.exe,9196,CloseFile,C:\Windows\SysWOW64\profapi.dll,SUCCESS,
37:46.1,LocalServiceControl.exe,9196,RegQueryKey,HKLM,SUCCESS,"Query: HandleTags, HandleTags: 0x0"
37:46.1,LocalServiceControl.exe,9196,RegQueryKey,HKLM,SUCCESS,Query: Name
37:46.1,LocalServiceControl.exe,9196,RegOpenKey,HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\ProfileList,REPARSE,Desired Access: Read
37:46.1,LocalServiceControl.exe,9196,RegOpenKey,HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList,SUCCESS,Desired Access: Read
37:46.1,LocalServiceControl.exe,9196,RegSetInfoKey,HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList,SUCCESS,"KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\ProgramData,BUFFER OVERFLOW,Length: 12
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\ProgramData,SUCCESS,"Type: REG_EXPAND_SZ, Length: 52, Data: %SystemDrive%\ProgramData"
37:46.1,LocalServiceControl.exe,9196,RegCloseKey,HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList,SUCCESS,
37:46.1,LocalServiceControl.exe,9196,QueryOpen,C:\ProgramData,SUCCESS,"CreationTime: 12/7/2019 1:14:52 AM, LastAccessTime: 12/25/2020 12:30:03 PM, LastWriteTime: 12/25/2020 2:37:46 AM, ChangeTime: 12/25/2020 2:37:46 AM, AllocationSize: 4,096, EndOfFile: 4,096, FileAttributes: HDNCI"
37:46.1,LocalServiceControl.exe,9196,QueryOpen,C:\Users\GTAdmin\AppData\Local\QtProject\qtlogging.ini,PATH NOT FOUND,
37:46.1,LocalServiceControl.exe,9196,QueryOpen,C:\ProgramData\QtProject\qtlogging.ini,PATH NOT FOUND,
37:46.1,LocalServiceControl.exe,9196,QueryOpen,C:\Program Files (x86)\LocalServiceComponents\QtProject\qtlogging.ini,PATH NOT FOUND,
37:46.1,LocalServiceControl.exe,9196,QueryOpen,C:\Program Files (x86)\LocalServiceComponents\data\QtProject\qtlogging.ini,PATH NOT FOUND,
37:46.1,LocalServiceControl.exe,9196,QueryOpen,C:\Program Files (x86)\LocalServiceComponents\qt.conf,NAME NOT FOUND,
37:46.1,LocalServiceControl.exe,9196,QueryOpen,C:\Program Files (x86)\LocalServiceComponents,SUCCESS,"CreationTime: 12/25/2020 2:07:46 AM, LastAccessTime: 12/25/2020 12:37:46 PM, LastWriteTime: 12/25/2020 12:04:19 PM, ChangeTime: 12/25/2020 12:04:19 PM, AllocationSize: 8,192, EndOfFile: 8,192, FileAttributes: D"
37:46.1,LocalServiceControl.exe,9196,QueryOpen,C:\Program Files (x86),SUCCESS,"CreationTime: 12/7/2019 1:14:52 AM, LastAccessTime: 12/25/2020 12:37:46 PM, LastWriteTime: 12/25/2020 2:07:46 AM, ChangeTime: 12/25/2020 2:07:46 AM, AllocationSize: 4,096, EndOfFile: 4,096, FileAttributes: RD"
37:46.1,LocalServiceControl.exe,9196,QueryOpen,C:\Program Files (x86)\LocalServiceComponents,SUCCESS,"CreationTime: 12/25/2020 2:07:46 AM, LastAccessTime: 12/25/2020 12:37:46 PM, LastWriteTime: 12/25/2020 12:04:19 PM, ChangeTime: 12/25/2020 12:04:19 PM, AllocationSize: 8,192, EndOfFile: 8,192, FileAttributes: D"
37:46.1,LocalServiceControl.exe,9196,QueryOpen,C:\Program Files (x86)\LocalServiceComponents,SUCCESS,"CreationTime: 12/25/2020 2:07:46 AM, LastAccessTime: 12/25/2020 12:37:46 PM, LastWriteTime: 12/25/2020 12:04:19 PM, ChangeTime: 12/25/2020 12:04:19 PM, AllocationSize: 8,192, EndOfFile: 8,192, FileAttributes: D"
37:46.1,LocalServiceControl.exe,9196,QueryOpen,C:\Program Files (x86)\LocalServiceComponents\platforms,SUCCESS,"CreationTime: 12/25/2020 2:07:47 AM, LastAccessTime: 12/25/2020 12:37:46 PM, LastWriteTime: 12/25/2020 11:44:27 AM, ChangeTime: 12/25/2020 11:44:27 AM, AllocationSize: 0, EndOfFile: 0, FileAttributes: D"
37:46.1,LocalServiceControl.exe,9196,QueryOpen,C:\Program Files (x86)\LocalServiceComponents\platforms,SUCCESS,"CreationTime: 12/25/2020 2:07:47 AM, LastAccessTime: 12/25/2020 12:37:46 PM, LastWriteTime: 12/25/2020 11:44:27 AM, ChangeTime: 12/25/2020 11:44:27 AM, AllocationSize: 0, EndOfFile: 0, FileAttributes: D"
37:46.1,LocalServiceControl.exe,9196,CreateFile,C:\Program Files (x86)\LocalServiceComponents\platforms,SUCCESS,"Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
37:46.1,LocalServiceControl.exe,9196,QueryDirectory,C:\Program Files (x86)\LocalServiceComponents\platforms\*,SUCCESS,"Filter: *, 1: ., FileInformationClass: FileFullDirectoryInformation"
37:46.1,LocalServiceControl.exe,9196,QueryDirectory,C:\Program Files (x86)\LocalServiceComponents\platforms,SUCCESS,"0: .., 1: qwindows.dll, FileInformationClass: FileFullDirectoryInformation"
37:46.1,LocalServiceControl.exe,9196,QueryDirectory,C:\Program Files (x86)\LocalServiceComponents\platforms,NO MORE FILES,
37:46.1,LocalServiceControl.exe,9196,CloseFile,C:\Program Files (x86)\LocalServiceComponents\platforms,SUCCESS,
37:46.1,LocalServiceControl.exe,9196,QueryOpen,C:\Program Files (x86)\LocalServiceComponents\platforms\qwindows.dll,SUCCESS,"CreationTime: 12/25/2020 2:07:47 AM, LastAccessTime: 12/25/2020 12:29:01 PM, LastWriteTime: 12/13/2018 5:29:24 PM, ChangeTime: 12/25/2020 11:44:27 AM, AllocationSize: 1,024,000, EndOfFile: 1,020,928, FileAttributes: A"
37:46.1,LocalServiceControl.exe,9196,QueryOpen,C:\Program Files (x86),SUCCESS,"CreationTime: 12/7/2019 1:14:52 AM, LastAccessTime: 12/25/2020 12:37:46 PM, LastWriteTime: 12/25/2020 2:07:46 AM, ChangeTime: 12/25/2020 2:07:46 AM, AllocationSize: 4,096, EndOfFile: 4,096, FileAttributes: RD"
37:46.1,LocalServiceControl.exe,9196,QueryOpen,C:\Program Files (x86)\LocalServiceComponents,SUCCESS,"CreationTime: 12/25/2020 2:07:46 AM, LastAccessTime: 12/25/2020 12:37:46 PM, LastWriteTime: 12/25/2020 12:04:19 PM, ChangeTime: 12/25/2020 12:04:19 PM, AllocationSize: 8,192, EndOfFile: 8,192, FileAttributes: D"
37:46.1,LocalServiceControl.exe,9196,QueryOpen,C:\Program Files (x86)\LocalServiceComponents\platforms,SUCCESS,"CreationTime: 12/25/2020 2:07:47 AM, LastAccessTime: 12/25/2020 12:37:46 PM, LastWriteTime: 12/25/2020 11:44:27 AM, ChangeTime: 12/25/2020 11:44:27 AM, AllocationSize: 0, EndOfFile: 0, FileAttributes: D"
37:46.1,LocalServiceControl.exe,9196,QueryOpen,C:\Program Files (x86)\LocalServiceComponents\platforms\qwindows.dll,SUCCESS,"CreationTime: 12/25/2020 2:07:47 AM, LastAccessTime: 12/25/2020 12:29:01 PM, LastWriteTime: 12/13/2018 5:29:24 PM, ChangeTime: 12/25/2020 11:44:27 AM, AllocationSize: 1,024,000, EndOfFile: 1,020,928, FileAttributes: A"
37:46.1,LocalServiceControl.exe,9196,CreateFile,C:\Program Files (x86)\LocalServiceComponents\platforms\qwindows.dll,SUCCESS,"Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
37:46.1,LocalServiceControl.exe,9196,QueryInformationVolume,C:\Program Files (x86)\LocalServiceComponents\platforms\qwindows.dll,SUCCESS,"VolumeCreationTime: 6/25/2018 1:55:04 PM, VolumeSerialNumber: 662D-6BC2, SupportsObjects: True, VolumeLabel: "
37:46.1,LocalServiceControl.exe,9196,QueryAllInformationFile,C:\Program Files (x86)\LocalServiceComponents\platforms\qwindows.dll,BUFFER OVERFLOW,"CreationTime: 12/25/2020 2:07:47 AM, LastAccessTime: 12/25/2020 12:29:01 PM, LastWriteTime: 12/13/2018 5:29:24 PM, ChangeTime: 12/25/2020 11:44:27 AM, FileAttributes: A, AllocationSize: 1,024,000, EndOfFile: 1,020,928, NumberOfLinks: 1, DeletePending: False, Directory: False, IndexNumber: 0x151000000001a31, EaSize: 0, Access: Generic Read, Position: 0, Mode: Synchronous IO Non-Alert, AlignmentRequirement: Word"
37:46.1,LocalServiceControl.exe,9196,CreateFileMapping,C:\Program Files (x86)\LocalServiceComponents\platforms\qwindows.dll,FILE LOCKED WITH ONLY READERS,"SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READWRITE"
37:46.1,LocalServiceControl.exe,9196,QueryStandardInformationFile,C:\Program Files (x86)\LocalServiceComponents\platforms\qwindows.dll,SUCCESS,"AllocationSize: 1,024,000, EndOfFile: 1,020,928, NumberOfLinks: 1, DeletePending: False, Directory: False"
37:46.1,LocalServiceControl.exe,9196,CreateFileMapping,C:\Program Files (x86)\LocalServiceComponents\platforms\qwindows.dll,SUCCESS,SyncType: SyncTypeOther
37:46.1,LocalServiceControl.exe,9196,CloseFile,C:\Program Files (x86)\LocalServiceComponents\platforms\qwindows.dll,SUCCESS,
37:46.1,LocalServiceControl.exe,9196,QueryOpen,C:\Program Files (x86)\LocalServiceComponents\platforms\qwindows.dll,SUCCESS,"CreationTime: 12/25/2020 2:07:47 AM, LastAccessTime: 12/25/2020 12:37:46 PM, LastWriteTime: 12/13/2018 5:29:24 PM, ChangeTime: 12/25/2020 11:44:27 AM, AllocationSize: 1,024,000, EndOfFile: 1,020,928, FileAttributes: A"
37:46.1,LocalServiceControl.exe,9196,CreateFile,C:\Program Files (x86)\LocalServiceComponents\platforms\qwindows.dll,SUCCESS,"Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
37:46.1,LocalServiceControl.exe,9196,CreateFileMapping,C:\Program Files (x86)\LocalServiceComponents\platforms\qwindows.dll,FILE LOCKED WITH ONLY READERS,"SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READWRITE"
37:46.1,LocalServiceControl.exe,9196,RegOpenKey,HKLM\System\CurrentControlSet\Control\CI,REPARSE,Desired Access: Read
37:46.1,LocalServiceControl.exe,9196,RegOpenKey,HKLM\System\CurrentControlSet\Control\CI,SUCCESS,Desired Access: Read
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Control\CI\Disable26178932,NAME NOT FOUND,Length: 20
37:46.1,LocalServiceControl.exe,9196,RegCloseKey,HKLM\System\CurrentControlSet\Control\CI,SUCCESS,
37:46.1,LocalServiceControl.exe,9196,RegOpenKey,HKLM\System\CurrentControlSet\Control\CI,REPARSE,Desired Access: Query Value
37:46.1,LocalServiceControl.exe,9196,RegOpenKey,HKLM\System\CurrentControlSet\Control\CI,SUCCESS,Desired Access: Query Value
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Control\CI\Disable26178932,NAME NOT FOUND,Length: 80
37:46.1,LocalServiceControl.exe,9196,RegCloseKey,HKLM\System\CurrentControlSet\Control\CI,SUCCESS,
37:46.1,LocalServiceControl.exe,9196,CreateFileMapping,C:\Program Files (x86)\LocalServiceComponents\platforms\qwindows.dll,SUCCESS,SyncType: SyncTypeOther
37:46.1,LocalServiceControl.exe,9196,Load Image,C:\Program Files (x86)\LocalServiceComponents\platforms\qwindows.dll,SUCCESS,"Image Base: 0x72cf0000, Image Size: 0xff000"
37:46.1,LocalServiceControl.exe,9196,Load Image,C:\Windows\SysWOW64\oleaut32.dll,SUCCESS,"Image Base: 0x76c20000, Image Size: 0x96000"
37:46.1,LocalServiceControl.exe,9196,QueryOpen,C:\Program Files (x86)\LocalServiceComponents\WINMM.dll,NAME NOT FOUND,
37:46.1,LocalServiceControl.exe,9196,CloseFile,C:\Program Files (x86)\LocalServiceComponents\platforms\qwindows.dll,SUCCESS,
37:46.1,LocalServiceControl.exe,9196,QueryOpen,C:\Windows\SysWOW64\winmm.dll,SUCCESS,"CreationTime: 10/14/2020 4:37:56 AM, LastAccessTime: 12/25/2020 12:29:01 PM, LastWriteTime: 10/14/2020 4:37:56 AM, ChangeTime: 12/9/2020 2:19:15 AM, AllocationSize: 151,552, EndOfFile: 149,272, FileAttributes: A"
37:46.1,LocalServiceControl.exe,9196,CreateFile,C:\Windows\SysWOW64\winmm.dll,SUCCESS,"Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
37:46.1,LocalServiceControl.exe,9196,CreateFileMapping,C:\Windows\SysWOW64\winmm.dll,FILE LOCKED WITH ONLY READERS,"SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READWRITE"
37:46.1,LocalServiceControl.exe,9196,RegOpenKey,HKLM\System\CurrentControlSet\Control\CI,REPARSE,Desired Access: Read
37:46.1,LocalServiceControl.exe,9196,RegOpenKey,HKLM\System\CurrentControlSet\Control\CI,SUCCESS,Desired Access: Read
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Control\CI\Disable26178932,NAME NOT FOUND,Length: 20
37:46.1,LocalServiceControl.exe,9196,RegCloseKey,HKLM\System\CurrentControlSet\Control\CI,SUCCESS,
37:46.1,LocalServiceControl.exe,9196,RegOpenKey,HKLM\System\CurrentControlSet\Control\CI,REPARSE,Desired Access: Query Value
37:46.1,LocalServiceControl.exe,9196,RegOpenKey,HKLM\System\CurrentControlSet\Control\CI,SUCCESS,Desired Access: Query Value
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Control\CI\Disable26178932,NAME NOT FOUND,Length: 80
37:46.1,LocalServiceControl.exe,9196,RegCloseKey,HKLM\System\CurrentControlSet\Control\CI,SUCCESS,
37:46.1,LocalServiceControl.exe,9196,CreateFileMapping,C:\Windows\SysWOW64\winmm.dll,SUCCESS,SyncType: SyncTypeOther
37:46.1,LocalServiceControl.exe,9196,Load Image,C:\Windows\SysWOW64\winmm.dll,SUCCESS,"Image Base: 0x72cc0000, Image Size: 0x28000"
37:46.1,LocalServiceControl.exe,9196,CloseFile,C:\Windows\SysWOW64\winmm.dll,SUCCESS,
37:46.1,LocalServiceControl.exe,9196,RegQueryKey,HKLM,SUCCESS,"Query: HandleTags, HandleTags: 0x0"
37:46.1,LocalServiceControl.exe,9196,RegQueryKey,HKLM,SUCCESS,Query: Name
37:46.1,LocalServiceControl.exe,9196,RegOpenKey,HKLM\SOFTWARE\WOW6432Node\Microsoft\OLEAUT,NAME NOT FOUND,Desired Access: Query Value
37:46.1,LocalServiceControl.exe,9196,QueryOpen,C:\Windows\SysWOW64\rpcss.dll,NAME NOT FOUND,
37:46.1,LocalServiceControl.exe,9196,QueryOpen,C:\Windows\SysWOW64\kernel.appcore.dll,SUCCESS,"CreationTime: 10/14/2020 4:38:03 AM, LastAccessTime: 12/25/2020 12:37:36 PM, LastWriteTime: 10/14/2020 4:38:03 AM, ChangeTime: 12/9/2020 2:19:15 AM, AllocationSize: 53,248, EndOfFile: 52,672, FileAttributes: A"
37:46.1,LocalServiceControl.exe,9196,CreateFile,C:\Windows\SysWOW64\kernel.appcore.dll,SUCCESS,"Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
37:46.1,LocalServiceControl.exe,9196,CreateFileMapping,C:\Windows\SysWOW64\kernel.appcore.dll,FILE LOCKED WITH ONLY READERS,"SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READWRITE"
37:46.1,LocalServiceControl.exe,9196,RegOpenKey,HKLM\System\CurrentControlSet\Control\CI,REPARSE,Desired Access: Read
37:46.1,LocalServiceControl.exe,9196,RegOpenKey,HKLM\System\CurrentControlSet\Control\CI,SUCCESS,Desired Access: Read
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Control\CI\Disable26178932,NAME NOT FOUND,Length: 20
37:46.1,LocalServiceControl.exe,9196,RegCloseKey,HKLM\System\CurrentControlSet\Control\CI,SUCCESS,
37:46.1,LocalServiceControl.exe,9196,RegOpenKey,HKLM\System\CurrentControlSet\Control\CI,REPARSE,Desired Access: Query Value
37:46.1,LocalServiceControl.exe,9196,RegOpenKey,HKLM\System\CurrentControlSet\Control\CI,SUCCESS,Desired Access: Query Value
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Control\CI\Disable26178932,NAME NOT FOUND,Length: 80
37:46.1,LocalServiceControl.exe,9196,RegCloseKey,HKLM\System\CurrentControlSet\Control\CI,SUCCESS,
37:46.1,LocalServiceControl.exe,9196,CreateFileMapping,C:\Windows\SysWOW64\kernel.appcore.dll,SUCCESS,SyncType: SyncTypeOther
37:46.1,LocalServiceControl.exe,9196,Load Image,C:\Windows\SysWOW64\kernel.appcore.dll,SUCCESS,"Image Base: 0x74eb0000, Image Size: 0xf000"
37:46.1,LocalServiceControl.exe,9196,CloseFile,C:\Windows\SysWOW64\kernel.appcore.dll,SUCCESS,
37:46.1,LocalServiceControl.exe,9196,QueryOpen,C:\Windows\SysWOW64\uxtheme.dll,SUCCESS,"CreationTime: 11/10/2020 11:26:05 PM, LastAccessTime: 12/25/2020 12:37:36 PM, LastWriteTime: 11/10/2020 11:26:05 PM, ChangeTime: 12/9/2020 2:19:15 AM, AllocationSize: 454,656, EndOfFile: 453,632, FileAttributes: A"
37:46.1,LocalServiceControl.exe,9196,CreateFile,C:\Windows\SysWOW64\uxtheme.dll,SUCCESS,"Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
37:46.1,LocalServiceControl.exe,9196,CreateFileMapping,C:\Windows\SysWOW64\uxtheme.dll,FILE LOCKED WITH ONLY READERS,"SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_WRITECOPY"
37:46.1,LocalServiceControl.exe,9196,RegOpenKey,HKLM\System\CurrentControlSet\Control\CI,REPARSE,Desired Access: Read
37:46.1,LocalServiceControl.exe,9196,RegOpenKey,HKLM\System\CurrentControlSet\Control\CI,SUCCESS,Desired Access: Read
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Control\CI\Disable26178932,NAME NOT FOUND,Length: 20
37:46.1,LocalServiceControl.exe,9196,RegCloseKey,HKLM\System\CurrentControlSet\Control\CI,SUCCESS,
37:46.1,LocalServiceControl.exe,9196,RegOpenKey,HKLM\System\CurrentControlSet\Control\CI,REPARSE,Desired Access: Query Value
37:46.1,LocalServiceControl.exe,9196,RegOpenKey,HKLM\System\CurrentControlSet\Control\CI,SUCCESS,Desired Access: Query Value
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Control\CI\Disable26178932,NAME NOT FOUND,Length: 80
37:46.1,LocalServiceControl.exe,9196,RegCloseKey,HKLM\System\CurrentControlSet\Control\CI,SUCCESS,
37:46.1,LocalServiceControl.exe,9196,CreateFileMapping,C:\Windows\SysWOW64\uxtheme.dll,SUCCESS,SyncType: SyncTypeOther
37:46.1,LocalServiceControl.exe,9196,Load Image,C:\Windows\SysWOW64\uxtheme.dll,SUCCESS,"Image Base: 0x74e30000, Image Size: 0x74000"
37:46.1,LocalServiceControl.exe,9196,CloseFile,C:\Windows\SysWOW64\uxtheme.dll,SUCCESS,
37:46.1,LocalServiceControl.exe,9196,RegOpenKey,HKCU,SUCCESS,Desired Access: Read
37:46.1,LocalServiceControl.exe,9196,RegQueryKey,HKCU,SUCCESS,"Query: HandleTags, HandleTags: 0x0"
37:46.1,LocalServiceControl.exe,9196,RegQueryKey,HKCU,SUCCESS,Query: Name
37:46.1,LocalServiceControl.exe,9196,RegOpenKey,HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Themes\Personalize,SUCCESS,Desired Access: Query Value
37:46.1,LocalServiceControl.exe,9196,RegSetInfoKey,HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Themes\Personalize,SUCCESS,"KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Themes\Personalize\AppsUseLightTheme,SUCCESS,"Type: REG_DWORD, Length: 4, Data: 1"
37:46.1,LocalServiceControl.exe,9196,RegCloseKey,HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Themes\Personalize,SUCCESS,
37:46.1,LocalServiceControl.exe,9196,RegCloseKey,HKCU,SUCCESS,
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Control\WMI\Security\673cf800-208a-5327-3f4b-2be44a66627a,NAME NOT FOUND,Length: 528
37:46.1,LocalServiceControl.exe,9196,QueryNameInformationFile,C:\Windows\SysWOW64\uxtheme.dll,SUCCESS,Name: \Windows\SysWOW64\uxtheme.dll
37:46.1,LocalServiceControl.exe,9196,QueryOpen,C:\Windows\SysWOW64\wintab32.dll,NAME NOT FOUND,
37:46.1,LocalServiceControl.exe,9196,RegOpenKey,HKLM\Software\WOW6432Node\Microsoft\Windows\Tablet PC\,SUCCESS,Desired Access: Read
37:46.1,LocalServiceControl.exe,9196,RegSetInfoKey,HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\Tablet PC,SUCCESS,"KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\Tablet PC\IsTabletPC,SUCCESS,"Type: REG_DWORD, Length: 4, Data: 0"
37:46.1,LocalServiceControl.exe,9196,RegCloseKey,HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\Tablet PC,SUCCESS,
37:46.1,LocalServiceControl.exe,9196,QueryOpen,C:\Program Files (x86)\LocalServiceComponents\platformthemes,NAME NOT FOUND,
37:46.1,LocalServiceControl.exe,9196,RegOpenKey,HKLM\SYSTEM\CurrentControlSet\Control\Session Manager,REPARSE,"Desired Access: Query Value, Enumerate Sub Keys"
37:46.1,LocalServiceControl.exe,9196,RegOpenKey,HKLM\System\CurrentControlSet\Control\Session Manager,SUCCESS,"Desired Access: Query Value, Enumerate Sub Keys"
37:46.1,LocalServiceControl.exe,9196,RegSetInfoKey,HKLM\System\CurrentControlSet\Control\Session Manager,SUCCESS,"KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Control\Session Manager\ResourcePolicies,NAME NOT FOUND,Length: 24
37:46.1,LocalServiceControl.exe,9196,RegCloseKey,HKLM\System\CurrentControlSet\Control\Session Manager,SUCCESS,
37:46.1,LocalServiceControl.exe,9196,QueryOpen,C:\Program Files (x86)\LocalServiceComponents\styles,NAME NOT FOUND,
37:46.1,LocalServiceControl.exe,9196,CreateFile,C:\Program Files (x86)\LocalServiceComponents\LocalServiceConfig.json,SUCCESS,"Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
37:46.1,LocalServiceControl.exe,9196,QueryInformationVolume,C:\Program Files (x86)\LocalServiceComponents\LocalServiceConfig.json,SUCCESS,"VolumeCreationTime: 6/25/2018 1:55:04 PM, VolumeSerialNumber: 662D-6BC2, SupportsObjects: True, VolumeLabel: "
37:46.1,LocalServiceControl.exe,9196,QueryAllInformationFile,C:\Program Files (x86)\LocalServiceComponents\LocalServiceConfig.json,BUFFER OVERFLOW,"CreationTime: 12/25/2020 2:07:46 AM, LastAccessTime: 12/25/2020 12:08:51 PM, LastWriteTime: 11/21/2019 7:59:20 PM, ChangeTime: 12/25/2020 11:44:26 AM, FileAttributes: A, AllocationSize: 184, EndOfFile: 179, NumberOfLinks: 1, DeletePending: False, Directory: False, IndexNumber: 0x14000000001a11, EaSize: 0, Access: Generic Read, Position: 0, Mode: Synchronous IO Non-Alert, AlignmentRequirement: Word"
37:46.1,LocalServiceControl.exe,9196,ReadFile,C:\Program Files (x86)\LocalServiceComponents\LocalServiceConfig.json,SUCCESS,"Offset: 0, Length: 179, Priority: Normal"
37:46.1,LocalServiceControl.exe,9196,ReadFile,C:\Program Files (x86)\LocalServiceComponents\LocalServiceConfig.json,END OF FILE,"Offset: 179, Length: 16,205"
37:46.1,LocalServiceControl.exe,9196,CloseFile,C:\Program Files (x86)\LocalServiceComponents\LocalServiceConfig.json,SUCCESS,
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Control\WMI\Security\f7b697a3-4db5-4d3b-be71-c4d284e6592f,NAME NOT FOUND,Length: 528
37:46.1,LocalServiceControl.exe,9196,QueryOpen,C:\Windows\SysWOW64\winmm.dll,SUCCESS,"CreationTime: 10/14/2020 4:37:56 AM, LastAccessTime: 12/25/2020 12:37:46 PM, LastWriteTime: 10/14/2020 4:37:56 AM, ChangeTime: 12/9/2020 2:19:15 AM, AllocationSize: 151,552, EndOfFile: 149,272, FileAttributes: A"
37:46.1,LocalServiceControl.exe,9196,Thread Create,,SUCCESS,Thread ID: 7548
37:46.1,LocalServiceControl.exe,9196,RegQueryKey,HKLM,SUCCESS,"Query: HandleTags, HandleTags: 0x0"
37:46.1,LocalServiceControl.exe,9196,RegQueryKey,HKLM,SUCCESS,Query: Name
37:46.1,LocalServiceControl.exe,9196,RegOpenKey,HKLM\System\CurrentControlSet\Services\WinSock2\Parameters,REPARSE,Desired Access: All Access
37:46.1,LocalServiceControl.exe,9196,RegOpenKey,HKLM\System\CurrentControlSet\Services\WinSock2\Parameters,SUCCESS,Desired Access: All Access
37:46.1,LocalServiceControl.exe,9196,RegSetInfoKey,HKLM\System\CurrentControlSet\Services\WinSock2\Parameters,SUCCESS,"KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\WinSock_Registry_Version,BUFFER OVERFLOW,Length: 16
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\WinSock_Registry_Version,SUCCESS,"Type: REG_SZ, Length: 8, Data: 2.0"
37:46.1,LocalServiceControl.exe,9196,RegQueryKey,HKLM\System\CurrentControlSet\Services\WinSock2\Parameters,SUCCESS,"Query: HandleTags, HandleTags: 0x400"
37:46.1,LocalServiceControl.exe,9196,RegOpenKey,HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\AppId_Catalog,SUCCESS,Desired Access: Read
37:46.1,LocalServiceControl.exe,9196,RegQueryKey,HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\AppId_Catalog,SUCCESS,"Query: HandleTags, HandleTags: 0x400"
37:46.1,LocalServiceControl.exe,9196,RegOpenKey,HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\AppId_Catalog\1C207CC6,NAME NOT FOUND,Desired Access: Read
37:46.1,LocalServiceControl.exe,9196,RegCloseKey,HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\AppId_Catalog,SUCCESS,
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Callout,BUFFER OVERFLOW,Length: 12
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Callout,SUCCESS,"Type: REG_EXPAND_SZ, Length: 70, Data: %SystemRoot%\System32\fwpuclnt.dll"
37:46.1,LocalServiceControl.exe,9196,RegQueryKey,HKLM\System\CurrentControlSet\Services\WinSock2\Parameters,SUCCESS,"Query: HandleTags, HandleTags: 0x400"
37:46.1,LocalServiceControl.exe,9196,RegOpenKey,HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9,SUCCESS,"Desired Access: Maximum Allowed, Granted Access: All Access"
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Serial_Access_Num,SUCCESS,"Type: REG_DWORD, Length: 4, Data: 7"
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Serial_Access_Num,SUCCESS,"Type: REG_DWORD, Length: 4, Data: 7"
37:46.1,LocalServiceControl.exe,9196,RegQueryKey,HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9,SUCCESS,"Query: HandleTags, HandleTags: 0x400"
37:46.1,LocalServiceControl.exe,9196,RegOpenKey,HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\00000007,NAME NOT FOUND,Desired Access: Read
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Next_Catalog_Entry_ID,SUCCESS,"Type: REG_DWORD, Length: 4, Data: 1015"
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Num_Catalog_Entries,SUCCESS,"Type: REG_DWORD, Length: 4, Data: 14"
37:46.1,LocalServiceControl.exe,9196,RegQueryKey,HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9,SUCCESS,"Query: HandleTags, HandleTags: 0x400"
37:46.1,LocalServiceControl.exe,9196,RegOpenKey,HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries,SUCCESS,"Desired Access: Maximum Allowed, Granted Access: All Access"
37:46.1,LocalServiceControl.exe,9196,RegQueryKey,HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries,SUCCESS,"Query: HandleTags, HandleTags: 0x400"
37:46.1,LocalServiceControl.exe,9196,RegOpenKey,HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001,SUCCESS,Desired Access: Read
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001\PackedCatalogItem,BUFFER OVERFLOW,Length: 144
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001\PackedCatalogItem,SUCCESS,"Type: REG_BINARY, Length: 888, Data: 25 53 79 73 74 65 6D 52 6F 6F 74 25 5C 73 79 73"
37:46.1,LocalServiceControl.exe,9196,RegCloseKey,HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001,SUCCESS,
37:46.1,LocalServiceControl.exe,9196,RegQueryKey,HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries,SUCCESS,"Query: HandleTags, HandleTags: 0x400"
37:46.1,LocalServiceControl.exe,9196,RegOpenKey,HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000002,SUCCESS,Desired Access: Read
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000002\PackedCatalogItem,BUFFER OVERFLOW,Length: 144
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000002\PackedCatalogItem,SUCCESS,"Type: REG_BINARY, Length: 888, Data: 25 53 79 73 74 65 6D 52 6F 6F 74 25 5C 73 79 73"
37:46.1,LocalServiceControl.exe,9196,RegCloseKey,HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000002,SUCCESS,
37:46.1,LocalServiceControl.exe,9196,RegQueryKey,HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries,SUCCESS,"Query: HandleTags, HandleTags: 0x400"
37:46.1,LocalServiceControl.exe,9196,RegOpenKey,HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000003,SUCCESS,Desired Access: Read
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000003\PackedCatalogItem,BUFFER OVERFLOW,Length: 144
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000003\PackedCatalogItem,SUCCESS,"Type: REG_BINARY, Length: 888, Data: 25 53 79 73 74 65 6D 52 6F 6F 74 25 5C 73 79 73"
37:46.1,LocalServiceControl.exe,9196,RegCloseKey,HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000003,SUCCESS,
37:46.1,LocalServiceControl.exe,9196,RegQueryKey,HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries,SUCCESS,"Query: HandleTags, HandleTags: 0x400"
37:46.1,LocalServiceControl.exe,9196,RegOpenKey,HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000004,SUCCESS,Desired Access: Read
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000004\PackedCatalogItem,BUFFER OVERFLOW,Length: 144
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000004\PackedCatalogItem,SUCCESS,"Type: REG_BINARY, Length: 888, Data: 25 53 79 73 74 65 6D 52 6F 6F 74 25 5C 73 79 73"
37:46.1,LocalServiceControl.exe,9196,RegCloseKey,HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000004,SUCCESS,
37:46.1,LocalServiceControl.exe,9196,RegQueryKey,HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries,SUCCESS,"Query: HandleTags, HandleTags: 0x400"
37:46.1,LocalServiceControl.exe,9196,RegOpenKey,HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000005,SUCCESS,Desired Access: Read
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000005\PackedCatalogItem,BUFFER OVERFLOW,Length: 144
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000005\PackedCatalogItem,SUCCESS,"Type: REG_BINARY, Length: 888, Data: 25 53 79 73 74 65 6D 52 6F 6F 74 25 5C 73 79 73"
37:46.1,LocalServiceControl.exe,9196,RegCloseKey,HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000005,SUCCESS,
37:46.1,LocalServiceControl.exe,9196,RegQueryKey,HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries,SUCCESS,"Query: HandleTags, HandleTags: 0x400"
37:46.1,LocalServiceControl.exe,9196,RegOpenKey,HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000006,SUCCESS,Desired Access: Read
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000006\PackedCatalogItem,BUFFER OVERFLOW,Length: 144
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000006\PackedCatalogItem,SUCCESS,"Type: REG_BINARY, Length: 888, Data: 25 53 79 73 74 65 6D 52 6F 6F 74 25 5C 73 79 73"
37:46.1,LocalServiceControl.exe,9196,RegCloseKey,HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000006,SUCCESS,
37:46.1,LocalServiceControl.exe,9196,RegQueryKey,HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries,SUCCESS,"Query: HandleTags, HandleTags: 0x400"
37:46.1,LocalServiceControl.exe,9196,RegOpenKey,HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000007,SUCCESS,Desired Access: Read
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000007\PackedCatalogItem,BUFFER OVERFLOW,Length: 144
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000007\PackedCatalogItem,SUCCESS,"Type: REG_BINARY, Length: 888, Data: 25 53 79 73 74 65 6D 52 6F 6F 74 25 5C 73 79 73"
37:46.1,LocalServiceControl.exe,9196,RegCloseKey,HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000007,SUCCESS,
37:46.1,LocalServiceControl.exe,9196,RegQueryKey,HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries,SUCCESS,"Query: HandleTags, HandleTags: 0x400"
37:46.1,LocalServiceControl.exe,9196,RegOpenKey,HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000008,SUCCESS,Desired Access: Read
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000008\PackedCatalogItem,BUFFER OVERFLOW,Length: 144
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000008\PackedCatalogItem,SUCCESS,"Type: REG_BINARY, Length: 888, Data: 25 53 79 73 74 65 6D 52 6F 6F 74 25 5C 73 79 73"
37:46.1,LocalServiceControl.exe,9196,RegCloseKey,HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000008,SUCCESS,
37:46.1,LocalServiceControl.exe,9196,RegQueryKey,HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries,SUCCESS,"Query: HandleTags, HandleTags: 0x400"
37:46.1,LocalServiceControl.exe,9196,RegOpenKey,HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000009,SUCCESS,Desired Access: Read
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000009\PackedCatalogItem,BUFFER OVERFLOW,Length: 144
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000009\PackedCatalogItem,SUCCESS,"Type: REG_BINARY, Length: 888, Data: 25 53 79 73 74 65 6D 52 6F 6F 74 25 5C 73 79 73"
37:46.1,LocalServiceControl.exe,9196,RegCloseKey,HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000009,SUCCESS,
37:46.1,LocalServiceControl.exe,9196,RegQueryKey,HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries,SUCCESS,"Query: HandleTags, HandleTags: 0x400"
37:46.1,LocalServiceControl.exe,9196,RegOpenKey,HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000010,SUCCESS,Desired Access: Read
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000010\PackedCatalogItem,BUFFER OVERFLOW,Length: 144
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000010\PackedCatalogItem,SUCCESS,"Type: REG_BINARY, Length: 888, Data: 25 53 79 73 74 65 6D 52 6F 6F 74 25 5C 73 79 73"
37:46.1,LocalServiceControl.exe,9196,RegCloseKey,HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000010,SUCCESS,
37:46.1,LocalServiceControl.exe,9196,RegQueryKey,HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries,SUCCESS,"Query: HandleTags, HandleTags: 0x400"
37:46.1,LocalServiceControl.exe,9196,RegOpenKey,HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000011,SUCCESS,Desired Access: Read
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000011\PackedCatalogItem,BUFFER OVERFLOW,Length: 144
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000011\PackedCatalogItem,SUCCESS,"Type: REG_BINARY, Length: 888, Data: 25 53 79 73 74 65 6D 52 6F 6F 74 25 5C 73 79 73"
37:46.1,LocalServiceControl.exe,9196,RegCloseKey,HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000011,SUCCESS,
37:46.1,LocalServiceControl.exe,9196,RegQueryKey,HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries,SUCCESS,"Query: HandleTags, HandleTags: 0x400"
37:46.1,LocalServiceControl.exe,9196,RegOpenKey,HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000012,SUCCESS,Desired Access: Read
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000012\PackedCatalogItem,BUFFER OVERFLOW,Length: 144
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000012\PackedCatalogItem,SUCCESS,"Type: REG_BINARY, Length: 888, Data: 25 53 79 73 74 65 6D 52 6F 6F 74 25 5C 73 79 73"
37:46.1,LocalServiceControl.exe,9196,RegCloseKey,HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000012,SUCCESS,
37:46.1,LocalServiceControl.exe,9196,RegQueryKey,HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries,SUCCESS,"Query: HandleTags, HandleTags: 0x400"
37:46.1,LocalServiceControl.exe,9196,RegOpenKey,HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000013,SUCCESS,Desired Access: Read
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000013\PackedCatalogItem,BUFFER OVERFLOW,Length: 144
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000013\PackedCatalogItem,SUCCESS,"Type: REG_BINARY, Length: 888, Data: 25 53 79 73 74 65 6D 52 6F 6F 74 25 5C 73 79 73"
37:46.1,LocalServiceControl.exe,9196,RegCloseKey,HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000013,SUCCESS,
37:46.1,LocalServiceControl.exe,9196,RegQueryKey,HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries,SUCCESS,"Query: HandleTags, HandleTags: 0x400"
37:46.1,LocalServiceControl.exe,9196,RegOpenKey,HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000014,SUCCESS,Desired Access: Read
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000014\PackedCatalogItem,BUFFER OVERFLOW,Length: 144
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000014\PackedCatalogItem,SUCCESS,"Type: REG_BINARY, Length: 888, Data: 25 53 79 73 74 65 6D 52 6F 6F 74 25 5C 73 79 73"
37:46.1,LocalServiceControl.exe,9196,RegCloseKey,HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000014,SUCCESS,
37:46.1,LocalServiceControl.exe,9196,RegCloseKey,HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries,SUCCESS,
37:46.1,LocalServiceControl.exe,9196,RegQueryKey,HKLM\System\CurrentControlSet\Services\WinSock2\Parameters,SUCCESS,"Query: HandleTags, HandleTags: 0x400"
37:46.1,LocalServiceControl.exe,9196,RegOpenKey,HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5,SUCCESS,"Desired Access: Maximum Allowed, Granted Access: All Access"
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Serial_Access_Num,SUCCESS,"Type: REG_DWORD, Length: 4, Data: 22"
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Serial_Access_Num,SUCCESS,"Type: REG_DWORD, Length: 4, Data: 22"
37:46.1,LocalServiceControl.exe,9196,RegQueryKey,HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5,SUCCESS,"Query: HandleTags, HandleTags: 0x400"
37:46.1,LocalServiceControl.exe,9196,RegOpenKey,HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\00000016,NAME NOT FOUND,Desired Access: Read
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Num_Catalog_Entries,SUCCESS,"Type: REG_DWORD, Length: 4, Data: 7"
37:46.1,LocalServiceControl.exe,9196,RegQueryKey,HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5,SUCCESS,"Query: HandleTags, HandleTags: 0x400"
37:46.1,LocalServiceControl.exe,9196,RegOpenKey,HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries,SUCCESS,"Desired Access: Maximum Allowed, Granted Access: All Access"
37:46.1,LocalServiceControl.exe,9196,RegQueryKey,HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries,SUCCESS,"Query: HandleTags, HandleTags: 0x400"
37:46.1,LocalServiceControl.exe,9196,RegOpenKey,HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001,SUCCESS,Desired Access: Read
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001\LibraryPath,SUCCESS,"Type: REG_SZ, Length: 68, Data: %SystemRoot%\system32\napinsp.dll"
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001\LibraryPath,SUCCESS,"Type: REG_SZ, Length: 68, Data: %SystemRoot%\system32\napinsp.dll"
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001\DisplayString,BUFFER OVERFLOW,Length: 12
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001\DisplayString,SUCCESS,"Type: REG_SZ, Length: 82, Data: @%SystemRoot%\system32\napinsp.dll,-1000"
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001\DisplayString,SUCCESS,"Type: REG_SZ, Length: 82, Data: @%SystemRoot%\system32\napinsp.dll,-1000"
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001\DisplayString,SUCCESS,"Type: REG_SZ, Length: 82, Data: @%SystemRoot%\system32\napinsp.dll,-1000"
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001\ProviderId,SUCCESS,"Type: REG_BINARY, Length: 16, Data: A2 CB 4A 96 BC B2 EB 40 8C 6A A6 DB 40 16 1C AE"
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001\AddressFamily,NAME NOT FOUND,Length: 16
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001\SupportedNameSpace,SUCCESS,"Type: REG_DWORD, Length: 4, Data: 37"
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001\Enabled,SUCCESS,"Type: REG_DWORD, Length: 4, Data: 1"
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001\Version,SUCCESS,"Type: REG_DWORD, Length: 4, Data: 0"
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001\StoresServiceClassInfo,SUCCESS,"Type: REG_DWORD, Length: 4, Data: 0"
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001\ProviderInfo,SUCCESS,"Type: REG_BINARY, Length: 0"
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001\ProviderInfo,SUCCESS,"Type: REG_BINARY, Length: 0"
37:46.1,LocalServiceControl.exe,9196,RegCloseKey,HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001,SUCCESS,
37:46.1,LocalServiceControl.exe,9196,RegQueryKey,HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries,SUCCESS,"Query: HandleTags, HandleTags: 0x400"
37:46.1,LocalServiceControl.exe,9196,RegOpenKey,HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002,SUCCESS,Desired Access: Read
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002\LibraryPath,SUCCESS,"Type: REG_SZ, Length: 68, Data: %SystemRoot%\system32\pnrpnsp.dll"
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002\LibraryPath,SUCCESS,"Type: REG_SZ, Length: 68, Data: %SystemRoot%\system32\pnrpnsp.dll"
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002\DisplayString,BUFFER OVERFLOW,Length: 12
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002\DisplayString,SUCCESS,"Type: REG_SZ, Length: 82, Data: @%SystemRoot%\system32\pnrpnsp.dll,-1000"
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002\DisplayString,SUCCESS,"Type: REG_SZ, Length: 82, Data: @%SystemRoot%\system32\pnrpnsp.dll,-1000"
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002\DisplayString,SUCCESS,"Type: REG_SZ, Length: 82, Data: @%SystemRoot%\system32\pnrpnsp.dll,-1000"
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002\ProviderId,SUCCESS,"Type: REG_BINARY, Length: 16, Data: CE 89 FE 03 6D 76 76 49 B9 C1 BB 9B C4 2C 7B 4D"
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002\AddressFamily,NAME NOT FOUND,Length: 16
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002\SupportedNameSpace,SUCCESS,"Type: REG_DWORD, Length: 4, Data: 39"
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002\Enabled,SUCCESS,"Type: REG_DWORD, Length: 4, Data: 1"
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002\Version,SUCCESS,"Type: REG_DWORD, Length: 4, Data: 0"
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002\StoresServiceClassInfo,SUCCESS,"Type: REG_DWORD, Length: 4, Data: 0"
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002\ProviderInfo,SUCCESS,"Type: REG_BINARY, Length: 0"
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002\ProviderInfo,SUCCESS,"Type: REG_BINARY, Length: 0"
37:46.1,LocalServiceControl.exe,9196,RegCloseKey,HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002,SUCCESS,
37:46.1,LocalServiceControl.exe,9196,RegQueryKey,HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries,SUCCESS,"Query: HandleTags, HandleTags: 0x400"
37:46.1,LocalServiceControl.exe,9196,RegOpenKey,HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003,SUCCESS,Desired Access: Read
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003\LibraryPath,SUCCESS,"Type: REG_SZ, Length: 68, Data: %SystemRoot%\system32\pnrpnsp.dll"
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003\LibraryPath,SUCCESS,"Type: REG_SZ, Length: 68, Data: %SystemRoot%\system32\pnrpnsp.dll"
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003\DisplayString,BUFFER OVERFLOW,Length: 12
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003\DisplayString,SUCCESS,"Type: REG_SZ, Length: 82, Data: @%SystemRoot%\system32\pnrpnsp.dll,-1001"
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003\DisplayString,SUCCESS,"Type: REG_SZ, Length: 82, Data: @%SystemRoot%\system32\pnrpnsp.dll,-1001"
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003\DisplayString,SUCCESS,"Type: REG_SZ, Length: 82, Data: @%SystemRoot%\system32\pnrpnsp.dll,-1001"
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003\ProviderId,SUCCESS,"Type: REG_BINARY, Length: 16, Data: CD 89 FE 03 6D 76 76 49 B9 C1 BB 9B C4 2C 7B 4D"
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003\AddressFamily,NAME NOT FOUND,Length: 16
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003\SupportedNameSpace,SUCCESS,"Type: REG_DWORD, Length: 4, Data: 38"
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003\Enabled,SUCCESS,"Type: REG_DWORD, Length: 4, Data: 1"
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003\Version,SUCCESS,"Type: REG_DWORD, Length: 4, Data: 0"
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003\StoresServiceClassInfo,SUCCESS,"Type: REG_DWORD, Length: 4, Data: 0"
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003\ProviderInfo,SUCCESS,"Type: REG_BINARY, Length: 0"
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003\ProviderInfo,SUCCESS,"Type: REG_BINARY, Length: 0"
37:46.1,LocalServiceControl.exe,9196,RegCloseKey,HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003,SUCCESS,
37:46.1,LocalServiceControl.exe,9196,RegQueryKey,HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries,SUCCESS,"Query: HandleTags, HandleTags: 0x400"
37:46.1,LocalServiceControl.exe,9196,RegOpenKey,HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000004,SUCCESS,Desired Access: Read
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000004\LibraryPath,SUCCESS,"Type: REG_SZ, Length: 66, Data: %SystemRoot%\system32\wshbth.dll"
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000004\LibraryPath,SUCCESS,"Type: REG_SZ, Length: 66, Data: %SystemRoot%\system32\wshbth.dll"
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000004\DisplayString,BUFFER OVERFLOW,Length: 12
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000004\DisplayString,SUCCESS,"Type: REG_SZ, Length: 40, Data: Bluetooth Namespace"
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000004\DisplayString,SUCCESS,"Type: REG_SZ, Length: 40, Data: Bluetooth Namespace"
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000004\DisplayString,SUCCESS,"Type: REG_SZ, Length: 40, Data: Bluetooth Namespace"
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000004\ProviderId,SUCCESS,"Type: REG_BINARY, Length: 16, Data: E0 63 AA 06 60 7D FF 41 AF B2 3E E6 D2 D9 39 2D"
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000004\AddressFamily,NAME NOT FOUND,Length: 16
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000004\SupportedNameSpace,SUCCESS,"Type: REG_DWORD, Length: 4, Data: 16"
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000004\Enabled,SUCCESS,"Type: REG_DWORD, Length: 4, Data: 1"
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000004\Version,SUCCESS,"Type: REG_DWORD, Length: 4, Data: 0"
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000004\StoresServiceClassInfo,SUCCESS,"Type: REG_DWORD, Length: 4, Data: 0"
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000004\ProviderInfo,SUCCESS,"Type: REG_BINARY, Length: 0"
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000004\ProviderInfo,SUCCESS,"Type: REG_BINARY, Length: 0"
37:46.1,LocalServiceControl.exe,9196,RegCloseKey,HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000004,SUCCESS,
37:46.1,LocalServiceControl.exe,9196,RegQueryKey,HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries,SUCCESS,"Query: HandleTags, HandleTags: 0x400"
37:46.1,LocalServiceControl.exe,9196,RegOpenKey,HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000005,SUCCESS,Desired Access: Read
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000005\LibraryPath,SUCCESS,"Type: REG_SZ, Length: 66, Data: %SystemRoot%\system32\NLAapi.dll"
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000005\LibraryPath,SUCCESS,"Type: REG_SZ, Length: 66, Data: %SystemRoot%\system32\NLAapi.dll"
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000005\DisplayString,BUFFER OVERFLOW,Length: 12
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000005\DisplayString,SUCCESS,"Type: REG_SZ, Length: 80, Data: @%SystemRoot%\system32\nlasvc.dll,-1000"
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000005\DisplayString,SUCCESS,"Type: REG_SZ, Length: 80, Data: @%SystemRoot%\system32\nlasvc.dll,-1000"
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000005\DisplayString,SUCCESS,"Type: REG_SZ, Length: 80, Data: @%SystemRoot%\system32\nlasvc.dll,-1000"
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000005\ProviderId,SUCCESS,"Type: REG_BINARY, Length: 16, Data: 3A 24 42 66 A8 3B A6 4A BA A5 2E 0B D7 1F DD 83"
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000005\AddressFamily,NAME NOT FOUND,Length: 16
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000005\SupportedNameSpace,SUCCESS,"Type: REG_DWORD, Length: 4, Data: 15"
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000005\Enabled,SUCCESS,"Type: REG_DWORD, Length: 4, Data: 1"
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000005\Version,SUCCESS,"Type: REG_DWORD, Length: 4, Data: 0"
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000005\StoresServiceClassInfo,SUCCESS,"Type: REG_DWORD, Length: 4, Data: 0"
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000005\ProviderInfo,SUCCESS,"Type: REG_BINARY, Length: 0"
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000005\ProviderInfo,SUCCESS,"Type: REG_BINARY, Length: 0"
37:46.1,LocalServiceControl.exe,9196,RegCloseKey,HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000005,SUCCESS,
37:46.1,LocalServiceControl.exe,9196,RegQueryKey,HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries,SUCCESS,"Query: HandleTags, HandleTags: 0x400"
37:46.1,LocalServiceControl.exe,9196,RegOpenKey,HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000006,SUCCESS,Desired Access: Read
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000006\LibraryPath,SUCCESS,"Type: REG_SZ, Length: 68, Data: %SystemRoot%\System32\mswsock.dll"
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000006\LibraryPath,SUCCESS,"Type: REG_SZ, Length: 68, Data: %SystemRoot%\System32\mswsock.dll"
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000006\DisplayString,BUFFER OVERFLOW,Length: 12
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000006\DisplayString,SUCCESS,"Type: REG_SZ, Length: 86, Data: @%SystemRoot%\system32\wshtcpip.dll,-60103"
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000006\DisplayString,SUCCESS,"Type: REG_SZ, Length: 86, Data: @%SystemRoot%\system32\wshtcpip.dll,-60103"
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000006\DisplayString,SUCCESS,"Type: REG_SZ, Length: 86, Data: @%SystemRoot%\system32\wshtcpip.dll,-60103"
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000006\ProviderId,SUCCESS,"Type: REG_BINARY, Length: 16, Data: 40 9D 05 22 9E 7E CF 11 AE 5A 00 AA 00 A7 11 2B"
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000006\AddressFamily,NAME NOT FOUND,Length: 16
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000006\SupportedNameSpace,SUCCESS,"Type: REG_DWORD, Length: 4, Data: 12"
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000006\Enabled,SUCCESS,"Type: REG_DWORD, Length: 4, Data: 1"
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000006\Version,SUCCESS,"Type: REG_DWORD, Length: 4, Data: 0"
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000006\StoresServiceClassInfo,SUCCESS,"Type: REG_DWORD, Length: 4, Data: 0"
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000006\ProviderInfo,SUCCESS,"Type: REG_BINARY, Length: 0"
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000006\ProviderInfo,SUCCESS,"Type: REG_BINARY, Length: 0"
37:46.1,LocalServiceControl.exe,9196,RegCloseKey,HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000006,SUCCESS,
37:46.1,LocalServiceControl.exe,9196,RegQueryKey,HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries,SUCCESS,"Query: HandleTags, HandleTags: 0x400"
37:46.1,LocalServiceControl.exe,9196,RegOpenKey,HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000007,SUCCESS,Desired Access: Read
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000007\LibraryPath,SUCCESS,"Type: REG_SZ, Length: 66, Data: %SystemRoot%\System32\winrnr.dll"
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000007\LibraryPath,SUCCESS,"Type: REG_SZ, Length: 66, Data: %SystemRoot%\System32\winrnr.dll"
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000007\DisplayString,BUFFER OVERFLOW,Length: 12
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000007\DisplayString,SUCCESS,"Type: REG_SZ, Length: 80, Data: @%SystemRoot%\System32\winrnr.dll,-1000"
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000007\DisplayString,SUCCESS,"Type: REG_SZ, Length: 80, Data: @%SystemRoot%\System32\winrnr.dll,-1000"
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000007\DisplayString,SUCCESS,"Type: REG_SZ, Length: 80, Data: @%SystemRoot%\System32\winrnr.dll,-1000"
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000007\ProviderId,SUCCESS,"Type: REG_BINARY, Length: 16, Data: EE 37 26 3B 80 E5 CF 11 A5 55 00 C0 4F D8 D4 AC"
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000007\AddressFamily,NAME NOT FOUND,Length: 16
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000007\SupportedNameSpace,SUCCESS,"Type: REG_DWORD, Length: 4, Data: 32"
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000007\Enabled,SUCCESS,"Type: REG_DWORD, Length: 4, Data: 1"
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000007\Version,SUCCESS,"Type: REG_DWORD, Length: 4, Data: 0"
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000007\StoresServiceClassInfo,SUCCESS,"Type: REG_DWORD, Length: 4, Data: 0"
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000007\ProviderInfo,SUCCESS,"Type: REG_BINARY, Length: 0"
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000007\ProviderInfo,SUCCESS,"Type: REG_BINARY, Length: 0"
37:46.1,LocalServiceControl.exe,9196,RegCloseKey,HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000007,SUCCESS,
37:46.1,LocalServiceControl.exe,9196,RegCloseKey,HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries,SUCCESS,
37:46.1,LocalServiceControl.exe,9196,RegCloseKey,HKLM\System\CurrentControlSet\Services\WinSock2\Parameters,SUCCESS,
37:46.1,LocalServiceControl.exe,9196,RegQueryKey,HKLM,SUCCESS,"Query: HandleTags, HandleTags: 0x0"
37:46.1,LocalServiceControl.exe,9196,RegQueryKey,HKLM,SUCCESS,Query: Name
37:46.1,LocalServiceControl.exe,9196,RegOpenKey,HKLM\System\CurrentControlSet\Services\Winsock2\Parameters,REPARSE,Desired Access: Query Value
37:46.1,LocalServiceControl.exe,9196,RegOpenKey,HKLM\System\CurrentControlSet\Services\Winsock2\Parameters,SUCCESS,Desired Access: Query Value
37:46.1,LocalServiceControl.exe,9196,RegSetInfoKey,HKLM\System\CurrentControlSet\Services\WinSock2\Parameters,SUCCESS,"KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Ws2_32NumHandleBuckets,NAME NOT FOUND,Length: 16
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Ws2_32SpinCount,NAME NOT FOUND,Length: 16
37:46.1,LocalServiceControl.exe,9196,RegCloseKey,HKLM\System\CurrentControlSet\Services\WinSock2\Parameters,SUCCESS,
37:46.1,LocalServiceControl.exe,9196,QueryOpen,C:\Windows\SysWOW64\NapiNSP.dll,SUCCESS,"CreationTime: 10/14/2020 4:37:59 AM, LastAccessTime: 12/25/2020 12:03:49 PM, LastWriteTime: 10/14/2020 4:37:59 AM, ChangeTime: 12/9/2020 2:19:15 AM, AllocationSize: 57,344, EndOfFile: 54,784, FileAttributes: A"
37:46.1,LocalServiceControl.exe,9196,CreateFile,C:\Windows\SysWOW64\NapiNSP.dll,SUCCESS,"Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
37:46.1,LocalServiceControl.exe,9196,CreateFileMapping,C:\Windows\SysWOW64\NapiNSP.dll,FILE LOCKED WITH ONLY READERS,"SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READWRITE"
37:46.1,LocalServiceControl.exe,9196,RegOpenKey,HKLM\System\CurrentControlSet\Control\CI,REPARSE,Desired Access: Read
37:46.1,LocalServiceControl.exe,9196,RegOpenKey,HKLM\System\CurrentControlSet\Control\CI,SUCCESS,Desired Access: Read
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Control\CI\Disable26178932,NAME NOT FOUND,Length: 20
37:46.1,LocalServiceControl.exe,9196,RegCloseKey,HKLM\System\CurrentControlSet\Control\CI,SUCCESS,
37:46.1,LocalServiceControl.exe,9196,RegOpenKey,HKLM\System\CurrentControlSet\Control\CI,REPARSE,Desired Access: Query Value
37:46.1,LocalServiceControl.exe,9196,RegOpenKey,HKLM\System\CurrentControlSet\Control\CI,SUCCESS,Desired Access: Query Value
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Control\CI\Disable26178932,NAME NOT FOUND,Length: 80
37:46.1,LocalServiceControl.exe,9196,RegCloseKey,HKLM\System\CurrentControlSet\Control\CI,SUCCESS,
37:46.1,LocalServiceControl.exe,9196,CreateFileMapping,C:\Windows\SysWOW64\NapiNSP.dll,SUCCESS,SyncType: SyncTypeOther
37:46.1,LocalServiceControl.exe,9196,Load Image,C:\Windows\SysWOW64\NapiNSP.dll,SUCCESS,"Image Base: 0x72ca0000, Image Size: 0x11000"
37:46.1,LocalServiceControl.exe,9196,CloseFile,C:\Windows\SysWOW64\NapiNSP.dll,SUCCESS,
37:46.1,LocalServiceControl.exe,9196,RegQueryKey,HKLM,SUCCESS,"Query: HandleTags, HandleTags: 0x0"
37:46.1,LocalServiceControl.exe,9196,RegQueryKey,HKLM,SUCCESS,Query: Name
37:46.1,LocalServiceControl.exe,9196,RegOpenKey,HKLM\Software\WOW6432Node\Microsoft\Rpc,REPARSE,Desired Access: Read
37:46.1,LocalServiceControl.exe,9196,RegOpenKey,HKLM\SOFTWARE\Microsoft\Rpc,SUCCESS,Desired Access: Read
37:46.1,LocalServiceControl.exe,9196,RegSetInfoKey,HKLM\SOFTWARE\Microsoft\Rpc,SUCCESS,"KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKLM\SOFTWARE\Microsoft\Rpc\MaxRpcSize,NAME NOT FOUND,Length: 16
37:46.1,LocalServiceControl.exe,9196,RegCloseKey,HKLM\SOFTWARE\Microsoft\Rpc,SUCCESS,
37:46.1,LocalServiceControl.exe,9196,RegOpenKey,HKLM\System\CurrentControlSet\Services\CCG,REPARSE,Desired Access: Read
37:46.1,LocalServiceControl.exe,9196,RegOpenKey,HKLM\System\CurrentControlSet\Services\CCG,NAME NOT FOUND,Desired Access: Read
37:46.1,LocalServiceControl.exe,9196,RegOpenKey,HKLM\System\CurrentControlSet\Services\CCG,REPARSE,Desired Access: Read
37:46.1,LocalServiceControl.exe,9196,RegOpenKey,HKLM\System\CurrentControlSet\Services\CCG,NAME NOT FOUND,Desired Access: Read
37:46.1,LocalServiceControl.exe,9196,RegOpenKey,HKLM\System\CurrentControlSet\Control\ComputerName\ActiveComputerName,REPARSE,Desired Access: Read
37:46.1,LocalServiceControl.exe,9196,RegOpenKey,HKLM\System\CurrentControlSet\Control\ComputerName\ActiveComputerName,SUCCESS,Desired Access: Read
37:46.1,LocalServiceControl.exe,9196,RegSetInfoKey,HKLM\System\CurrentControlSet\Control\ComputerName\ActiveComputerName,SUCCESS,"KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Control\ComputerName\ActiveComputerName\ComputerName,SUCCESS,"Type: REG_SZ, Length: 16, Data: BOBHOME"
37:46.1,LocalServiceControl.exe,9196,RegCloseKey,HKLM\System\CurrentControlSet\Control\ComputerName\ActiveComputerName,SUCCESS,
37:46.1,LocalServiceControl.exe,9196,RegOpenKey,HKLM\System\Setup,SUCCESS,Desired Access: Read
37:46.1,LocalServiceControl.exe,9196,RegSetInfoKey,HKLM\SYSTEM\Setup,SUCCESS,"KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKLM\SYSTEM\Setup\OOBEInProgress,SUCCESS,"Type: REG_DWORD, Length: 4, Data: 0"
37:46.1,LocalServiceControl.exe,9196,RegCloseKey,HKLM\SYSTEM\Setup,SUCCESS,
37:46.1,LocalServiceControl.exe,9196,RegOpenKey,HKLM\System\Setup,SUCCESS,Desired Access: Read
37:46.1,LocalServiceControl.exe,9196,RegSetInfoKey,HKLM\SYSTEM\Setup,SUCCESS,"KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKLM\SYSTEM\Setup\SystemSetupInProgress,SUCCESS,"Type: REG_DWORD, Length: 4, Data: 0"
37:46.1,LocalServiceControl.exe,9196,RegCloseKey,HKLM\SYSTEM\Setup,SUCCESS,
37:46.1,LocalServiceControl.exe,9196,RegQueryKey,HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options,SUCCESS,"Query: HandleTags, HandleTags: 0x400"
37:46.1,LocalServiceControl.exe,9196,RegOpenKey,HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\LocalServiceControl.exe,NAME NOT FOUND,"Desired Access: Query Value, Enumerate Sub Keys"
37:46.1,LocalServiceControl.exe,9196,RegQueryKey,HKLM,SUCCESS,"Query: HandleTags, HandleTags: 0x0"
37:46.1,LocalServiceControl.exe,9196,RegQueryKey,HKLM,SUCCESS,Query: Name
37:46.1,LocalServiceControl.exe,9196,RegOpenKey,HKLM\Software\WOW6432Node\Policies\Microsoft\Windows NT\Rpc,REPARSE,Desired Access: Read
37:46.1,LocalServiceControl.exe,9196,RegOpenKey,HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Rpc,NAME NOT FOUND,Desired Access: Read
37:46.1,LocalServiceControl.exe,9196,RegQueryKey,HKLM,SUCCESS,"Query: HandleTags, HandleTags: 0x0"
37:46.1,LocalServiceControl.exe,9196,RegQueryKey,HKLM,SUCCESS,Query: Name
37:46.1,LocalServiceControl.exe,9196,RegOpenKey,HKLM\Software\WOW6432Node\Microsoft\Rpc,REPARSE,Desired Access: Query Value
37:46.1,LocalServiceControl.exe,9196,RegOpenKey,HKLM\SOFTWARE\Microsoft\Rpc,SUCCESS,Desired Access: Query Value
37:46.1,LocalServiceControl.exe,9196,RegSetInfoKey,HKLM\SOFTWARE\Microsoft\Rpc,SUCCESS,"KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKLM\SOFTWARE\Microsoft\Rpc\IdleTimerWindow,NAME NOT FOUND,Length: 16
37:46.1,LocalServiceControl.exe,9196,RegCloseKey,HKLM\SOFTWARE\Microsoft\Rpc,SUCCESS,
37:46.1,LocalServiceControl.exe,9196,QueryOpen,C:\Windows\SysWOW64\pnrpnsp.dll,SUCCESS,"CreationTime: 10/14/2020 4:38:21 AM, LastAccessTime: 12/25/2020 12:03:49 PM, LastWriteTime: 10/14/2020 4:38:21 AM, ChangeTime: 12/9/2020 2:19:11 AM, AllocationSize: 73,728, EndOfFile: 70,656, FileAttributes: A"
37:46.1,LocalServiceControl.exe,9196,CreateFile,C:\Windows\SysWOW64\pnrpnsp.dll,SUCCESS,"Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
37:46.1,LocalServiceControl.exe,9196,CreateFileMapping,C:\Windows\SysWOW64\pnrpnsp.dll,FILE LOCKED WITH ONLY READERS,"SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READWRITE"
37:46.1,LocalServiceControl.exe,9196,RegOpenKey,HKLM\System\CurrentControlSet\Control\CI,REPARSE,Desired Access: Read
37:46.1,LocalServiceControl.exe,9196,RegOpenKey,HKLM\System\CurrentControlSet\Control\CI,SUCCESS,Desired Access: Read
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Control\CI\Disable26178932,NAME NOT FOUND,Length: 20
37:46.1,LocalServiceControl.exe,9196,RegCloseKey,HKLM\System\CurrentControlSet\Control\CI,SUCCESS,
37:46.1,LocalServiceControl.exe,9196,RegOpenKey,HKLM\System\CurrentControlSet\Control\CI,REPARSE,Desired Access: Query Value
37:46.1,LocalServiceControl.exe,9196,RegOpenKey,HKLM\System\CurrentControlSet\Control\CI,SUCCESS,Desired Access: Query Value
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Control\CI\Disable26178932,NAME NOT FOUND,Length: 80
37:46.1,LocalServiceControl.exe,9196,RegCloseKey,HKLM\System\CurrentControlSet\Control\CI,SUCCESS,
37:46.1,LocalServiceControl.exe,9196,CreateFileMapping,C:\Windows\SysWOW64\pnrpnsp.dll,SUCCESS,SyncType: SyncTypeOther
37:46.1,LocalServiceControl.exe,9196,Load Image,C:\Windows\SysWOW64\pnrpnsp.dll,SUCCESS,"Image Base: 0x72c80000, Image Size: 0x16000"
37:46.1,LocalServiceControl.exe,9196,CloseFile,C:\Windows\SysWOW64\pnrpnsp.dll,SUCCESS,
37:46.1,LocalServiceControl.exe,9196,QueryOpen,C:\Windows\SysWOW64\wshbth.dll,SUCCESS,"CreationTime: 10/14/2020 4:38:04 AM, LastAccessTime: 12/25/2020 12:03:49 PM, LastWriteTime: 10/14/2020 4:38:04 AM, ChangeTime: 12/9/2020 2:19:15 AM, AllocationSize: 53,248, EndOfFile: 50,688, FileAttributes: A"
37:46.1,LocalServiceControl.exe,9196,CreateFile,C:\Windows\SysWOW64\wshbth.dll,SUCCESS,"Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
37:46.1,LocalServiceControl.exe,9196,CreateFileMapping,C:\Windows\SysWOW64\wshbth.dll,FILE LOCKED WITH ONLY READERS,"SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READWRITE"
37:46.1,LocalServiceControl.exe,9196,RegOpenKey,HKLM\System\CurrentControlSet\Control\CI,REPARSE,Desired Access: Read
37:46.1,LocalServiceControl.exe,9196,RegOpenKey,HKLM\System\CurrentControlSet\Control\CI,SUCCESS,Desired Access: Read
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Control\CI\Disable26178932,NAME NOT FOUND,Length: 20
37:46.1,LocalServiceControl.exe,9196,RegCloseKey,HKLM\System\CurrentControlSet\Control\CI,SUCCESS,
37:46.1,LocalServiceControl.exe,9196,RegOpenKey,HKLM\System\CurrentControlSet\Control\CI,REPARSE,Desired Access: Query Value
37:46.1,LocalServiceControl.exe,9196,RegOpenKey,HKLM\System\CurrentControlSet\Control\CI,SUCCESS,Desired Access: Query Value
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Control\CI\Disable26178932,NAME NOT FOUND,Length: 80
37:46.1,LocalServiceControl.exe,9196,RegCloseKey,HKLM\System\CurrentControlSet\Control\CI,SUCCESS,
37:46.1,LocalServiceControl.exe,9196,CreateFileMapping,C:\Windows\SysWOW64\wshbth.dll,SUCCESS,SyncType: SyncTypeOther
37:46.1,LocalServiceControl.exe,9196,Load Image,C:\Windows\SysWOW64\wshbth.dll,SUCCESS,"Image Base: 0x72c70000, Image Size: 0x10000"
37:46.1,LocalServiceControl.exe,9196,CloseFile,C:\Windows\SysWOW64\wshbth.dll,SUCCESS,
37:46.1,LocalServiceControl.exe,9196,QueryOpen,C:\Windows\SysWOW64\nlaapi.dll,SUCCESS,"CreationTime: 10/14/2020 4:38:08 AM, LastAccessTime: 12/25/2020 12:03:49 PM, LastWriteTime: 10/14/2020 4:38:08 AM, ChangeTime: 12/9/2020 2:19:15 AM, AllocationSize: 73,728, EndOfFile: 71,168, FileAttributes: A"
37:46.1,LocalServiceControl.exe,9196,CreateFile,C:\Windows\SysWOW64\nlaapi.dll,SUCCESS,"Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
37:46.1,LocalServiceControl.exe,9196,CreateFileMapping,C:\Windows\SysWOW64\nlaapi.dll,FILE LOCKED WITH ONLY READERS,"SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READWRITE"
37:46.1,LocalServiceControl.exe,9196,RegOpenKey,HKLM\System\CurrentControlSet\Control\CI,REPARSE,Desired Access: Read
37:46.1,LocalServiceControl.exe,9196,RegOpenKey,HKLM\System\CurrentControlSet\Control\CI,SUCCESS,Desired Access: Read
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Control\CI\Disable26178932,NAME NOT FOUND,Length: 20
37:46.1,LocalServiceControl.exe,9196,RegCloseKey,HKLM\System\CurrentControlSet\Control\CI,SUCCESS,
37:46.1,LocalServiceControl.exe,9196,RegOpenKey,HKLM\System\CurrentControlSet\Control\CI,REPARSE,Desired Access: Query Value
37:46.1,LocalServiceControl.exe,9196,RegOpenKey,HKLM\System\CurrentControlSet\Control\CI,SUCCESS,Desired Access: Query Value
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Control\CI\Disable26178932,NAME NOT FOUND,Length: 80
37:46.1,LocalServiceControl.exe,9196,RegCloseKey,HKLM\System\CurrentControlSet\Control\CI,SUCCESS,
37:46.1,LocalServiceControl.exe,9196,CreateFileMapping,C:\Windows\SysWOW64\nlaapi.dll,SUCCESS,SyncType: SyncTypeOther
37:46.1,LocalServiceControl.exe,9196,Load Image,C:\Windows\SysWOW64\nlaapi.dll,SUCCESS,"Image Base: 0x72c50000, Image Size: 0x16000"
37:46.1,LocalServiceControl.exe,9196,CloseFile,C:\Windows\SysWOW64\nlaapi.dll,SUCCESS,
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Control\WMI\Security\6ff5771a-f64e-473f-a2e8-4654c218ff3a,NAME NOT FOUND,Length: 528
37:46.1,LocalServiceControl.exe,9196,QueryNameInformationFile,C:\Windows\SysWOW64\nlaapi.dll,SUCCESS,Name: \Windows\SysWOW64\nlaapi.dll
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Control\WMI\Security\703fcc13-b66f-5868-ddd9-e2db7f381ffb,NAME NOT FOUND,Length: 528
37:46.1,LocalServiceControl.exe,9196,QueryNameInformationFile,C:\Windows\SysWOW64\nlaapi.dll,SUCCESS,Name: \Windows\SysWOW64\nlaapi.dll
37:46.1,LocalServiceControl.exe,9196,QueryOpen,C:\Windows\SysWOW64\mswsock.dll,SUCCESS,"CreationTime: 10/14/2020 4:38:05 AM, LastAccessTime: 12/25/2020 12:03:49 PM, LastWriteTime: 10/14/2020 4:38:05 AM, ChangeTime: 12/9/2020 2:19:15 AM, AllocationSize: 327,680, EndOfFile: 324,416, FileAttributes: A"
37:46.1,LocalServiceControl.exe,9196,CreateFile,C:\Windows\SysWOW64\mswsock.dll,SUCCESS,"Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
37:46.1,LocalServiceControl.exe,9196,CreateFileMapping,C:\Windows\SysWOW64\mswsock.dll,FILE LOCKED WITH ONLY READERS,"SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READWRITE"
37:46.1,LocalServiceControl.exe,9196,RegOpenKey,HKLM\System\CurrentControlSet\Control\CI,REPARSE,Desired Access: Read
37:46.1,LocalServiceControl.exe,9196,RegOpenKey,HKLM\System\CurrentControlSet\Control\CI,SUCCESS,Desired Access: Read
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Control\CI\Disable26178932,NAME NOT FOUND,Length: 20
37:46.1,LocalServiceControl.exe,9196,RegCloseKey,HKLM\System\CurrentControlSet\Control\CI,SUCCESS,
37:46.1,LocalServiceControl.exe,9196,RegOpenKey,HKLM\System\CurrentControlSet\Control\CI,REPARSE,Desired Access: Query Value
37:46.1,LocalServiceControl.exe,9196,RegOpenKey,HKLM\System\CurrentControlSet\Control\CI,SUCCESS,Desired Access: Query Value
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Control\CI\Disable26178932,NAME NOT FOUND,Length: 80
37:46.1,LocalServiceControl.exe,9196,RegCloseKey,HKLM\System\CurrentControlSet\Control\CI,SUCCESS,
37:46.1,LocalServiceControl.exe,9196,CreateFileMapping,C:\Windows\SysWOW64\mswsock.dll,SUCCESS,SyncType: SyncTypeOther
37:46.1,LocalServiceControl.exe,9196,Load Image,C:\Windows\SysWOW64\mswsock.dll,SUCCESS,"Image Base: 0x72bf0000, Image Size: 0x52000"
37:46.1,LocalServiceControl.exe,9196,CloseFile,C:\Windows\SysWOW64\mswsock.dll,SUCCESS,
37:46.1,LocalServiceControl.exe,9196,RegQueryKey,HKLM,SUCCESS,"Query: HandleTags, HandleTags: 0x0"
37:46.1,LocalServiceControl.exe,9196,RegQueryKey,HKLM,SUCCESS,Query: Name
37:46.1,LocalServiceControl.exe,9196,RegOpenKey,HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters,REPARSE,Desired Access: Read
37:46.1,LocalServiceControl.exe,9196,RegOpenKey,HKLM\System\CurrentControlSet\Services\WinSock2\Parameters,SUCCESS,Desired Access: Read
37:46.1,LocalServiceControl.exe,9196,RegSetInfoKey,HKLM\System\CurrentControlSet\Services\WinSock2\Parameters,SUCCESS,"KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\DisableSockPollConnFailureReturn,NAME NOT FOUND,Length: 16
37:46.1,LocalServiceControl.exe,9196,RegCloseKey,HKLM\System\CurrentControlSet\Services\WinSock2\Parameters,SUCCESS,
37:46.1,LocalServiceControl.exe,9196,RegQueryKey,HKLM,SUCCESS,"Query: HandleTags, HandleTags: 0x0"
37:46.1,LocalServiceControl.exe,9196,RegQueryKey,HKLM,SUCCESS,Query: Name
37:46.1,LocalServiceControl.exe,9196,RegCreateKey,HKLM\System\CurrentControlSet\Services\Tcpip\Parameters,REPARSE,Desired Access: Read
37:46.1,LocalServiceControl.exe,9196,RegCreateKey,HKLM\System\CurrentControlSet\Services\Tcpip\Parameters,SUCCESS,"Desired Access: Read, Disposition: REG_OPENED_EXISTING_KEY"
37:46.1,LocalServiceControl.exe,9196,RegSetInfoKey,HKLM\System\CurrentControlSet\Services\Tcpip\Parameters,SUCCESS,"KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
37:46.1,LocalServiceControl.exe,9196,RegQueryKey,HKLM,SUCCESS,"Query: HandleTags, HandleTags: 0x0"
37:46.1,LocalServiceControl.exe,9196,RegQueryKey,HKLM,SUCCESS,Query: Name
37:46.1,LocalServiceControl.exe,9196,RegOpenKey,HKLM\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters,REPARSE,Desired Access: Read
37:46.1,LocalServiceControl.exe,9196,RegOpenKey,HKLM\System\CurrentControlSet\Services\Dnscache\Parameters,SUCCESS,Desired Access: Read
37:46.1,LocalServiceControl.exe,9196,RegSetInfoKey,HKLM\System\CurrentControlSet\Services\Dnscache\Parameters,SUCCESS,"KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
37:46.1,LocalServiceControl.exe,9196,RegQueryKey,HKLM,SUCCESS,"Query: HandleTags, HandleTags: 0x0"
37:46.1,LocalServiceControl.exe,9196,RegQueryKey,HKLM,SUCCESS,Query: Name
37:46.1,LocalServiceControl.exe,9196,RegOpenKey,HKLM\Software\WOW6432Node\Policies\Microsoft\Windows NT\DnsClient,REPARSE,Desired Access: Read
37:46.1,LocalServiceControl.exe,9196,RegOpenKey,HKLM\SOFTWARE\Policies\Microsoft\Windows NT\DnsClient,NAME NOT FOUND,Desired Access: Read
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Hostname,BUFFER OVERFLOW,Length: 12
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Hostname,SUCCESS,"Type: REG_SZ, Length: 16, Data: BobHome"
37:46.1,LocalServiceControl.exe,9196,RegCloseKey,HKLM\System\CurrentControlSet\Services\Tcpip\Parameters,SUCCESS,
37:46.1,LocalServiceControl.exe,9196,RegCloseKey,HKLM\System\CurrentControlSet\Services\Dnscache\Parameters,SUCCESS,
37:46.1,LocalServiceControl.exe,9196,RegQueryKey,HKLM,SUCCESS,"Query: HandleTags, HandleTags: 0x0"
37:46.1,LocalServiceControl.exe,9196,RegQueryKey,HKLM,SUCCESS,Query: Name
37:46.1,LocalServiceControl.exe,9196,RegCreateKey,HKLM\System\CurrentControlSet\Services\Tcpip\Parameters,REPARSE,Desired Access: Read
37:46.1,LocalServiceControl.exe,9196,RegCreateKey,HKLM\System\CurrentControlSet\Services\Tcpip\Parameters,SUCCESS,"Desired Access: Read, Disposition: REG_OPENED_EXISTING_KEY"
37:46.1,LocalServiceControl.exe,9196,RegSetInfoKey,HKLM\System\CurrentControlSet\Services\Tcpip\Parameters,SUCCESS,"KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
37:46.1,LocalServiceControl.exe,9196,RegQueryKey,HKLM,SUCCESS,"Query: HandleTags, HandleTags: 0x0"
37:46.1,LocalServiceControl.exe,9196,RegQueryKey,HKLM,SUCCESS,Query: Name
37:46.1,LocalServiceControl.exe,9196,RegOpenKey,HKLM\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters,REPARSE,Desired Access: Read
37:46.1,LocalServiceControl.exe,9196,RegOpenKey,HKLM\System\CurrentControlSet\Services\Dnscache\Parameters,SUCCESS,Desired Access: Read
37:46.1,LocalServiceControl.exe,9196,RegSetInfoKey,HKLM\System\CurrentControlSet\Services\Dnscache\Parameters,SUCCESS,"KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
37:46.1,LocalServiceControl.exe,9196,RegQueryKey,HKLM,SUCCESS,"Query: HandleTags, HandleTags: 0x0"
37:46.1,LocalServiceControl.exe,9196,RegQueryKey,HKLM,SUCCESS,Query: Name
37:46.1,LocalServiceControl.exe,9196,RegOpenKey,HKLM\Software\WOW6432Node\Policies\Microsoft\Windows NT\DnsClient,REPARSE,Desired Access: Read
37:46.1,LocalServiceControl.exe,9196,RegOpenKey,HKLM\SOFTWARE\Policies\Microsoft\Windows NT\DnsClient,NAME NOT FOUND,Desired Access: Read
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Hostname,BUFFER OVERFLOW,Length: 12
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Hostname,SUCCESS,"Type: REG_SZ, Length: 16, Data: BobHome"
37:46.1,LocalServiceControl.exe,9196,RegCloseKey,HKLM\System\CurrentControlSet\Services\Tcpip\Parameters,SUCCESS,
37:46.1,LocalServiceControl.exe,9196,RegCloseKey,HKLM\System\CurrentControlSet\Services\Dnscache\Parameters,SUCCESS,
37:46.1,LocalServiceControl.exe,9196,RegQueryKey,HKLM,SUCCESS,"Query: HandleTags, HandleTags: 0x0"
37:46.1,LocalServiceControl.exe,9196,RegQueryKey,HKLM,SUCCESS,Query: Name
37:46.1,LocalServiceControl.exe,9196,RegCreateKey,HKLM\System\CurrentControlSet\Services\Tcpip\Parameters,REPARSE,Desired Access: Read
37:46.1,LocalServiceControl.exe,9196,RegCreateKey,HKLM\System\CurrentControlSet\Services\Tcpip\Parameters,SUCCESS,"Desired Access: Read, Disposition: REG_OPENED_EXISTING_KEY"
37:46.1,LocalServiceControl.exe,9196,RegSetInfoKey,HKLM\System\CurrentControlSet\Services\Tcpip\Parameters,SUCCESS,"KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
37:46.1,LocalServiceControl.exe,9196,RegQueryKey,HKLM,SUCCESS,"Query: HandleTags, HandleTags: 0x0"
37:46.1,LocalServiceControl.exe,9196,RegQueryKey,HKLM,SUCCESS,Query: Name
37:46.1,LocalServiceControl.exe,9196,RegOpenKey,HKLM\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters,REPARSE,Desired Access: Read
37:46.1,LocalServiceControl.exe,9196,RegOpenKey,HKLM\System\CurrentControlSet\Services\Dnscache\Parameters,SUCCESS,Desired Access: Read
37:46.1,LocalServiceControl.exe,9196,RegSetInfoKey,HKLM\System\CurrentControlSet\Services\Dnscache\Parameters,SUCCESS,"KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
37:46.1,LocalServiceControl.exe,9196,RegQueryKey,HKLM,SUCCESS,"Query: HandleTags, HandleTags: 0x0"
37:46.1,LocalServiceControl.exe,9196,RegQueryKey,HKLM,SUCCESS,Query: Name
37:46.1,LocalServiceControl.exe,9196,RegOpenKey,HKLM\Software\WOW6432Node\Policies\Microsoft\Windows NT\DnsClient,REPARSE,Desired Access: Read
37:46.1,LocalServiceControl.exe,9196,RegOpenKey,HKLM\SOFTWARE\Policies\Microsoft\Windows NT\DnsClient,NAME NOT FOUND,Desired Access: Read
37:46.1,LocalServiceControl.exe,9196,RegQueryKey,HKLM,SUCCESS,"Query: HandleTags, HandleTags: 0x0"
37:46.1,LocalServiceControl.exe,9196,RegQueryKey,HKLM,SUCCESS,Query: Name
37:46.1,LocalServiceControl.exe,9196,RegOpenKey,HKLM\Software\WOW6432Node\Policies\Microsoft\System\DNSClient,REPARSE,Desired Access: Query Value
37:46.1,LocalServiceControl.exe,9196,RegOpenKey,HKLM\SOFTWARE\Policies\Microsoft\System\DNSClient,NAME NOT FOUND,Desired Access: Query Value
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Domain,BUFFER OVERFLOW,Length: 12
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Domain,SUCCESS,"Type: REG_SZ, Length: 28, Data: grovtec.local"
37:46.1,LocalServiceControl.exe,9196,RegCloseKey,HKLM\System\CurrentControlSet\Services\Tcpip\Parameters,SUCCESS,
37:46.1,LocalServiceControl.exe,9196,RegCloseKey,HKLM\System\CurrentControlSet\Services\Dnscache\Parameters,SUCCESS,
37:46.1,LocalServiceControl.exe,9196,QueryOpen,C:\Windows\SysWOW64\winrnr.dll,SUCCESS,"CreationTime: 10/14/2020 4:38:08 AM, LastAccessTime: 12/25/2020 12:03:49 PM, LastWriteTime: 10/14/2020 4:38:08 AM, ChangeTime: 12/9/2020 2:19:15 AM, AllocationSize: 36,864, EndOfFile: 34,304, FileAttributes: A"
37:46.1,LocalServiceControl.exe,9196,CreateFile,C:\Windows\SysWOW64\winrnr.dll,SUCCESS,"Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
37:46.1,LocalServiceControl.exe,9196,CreateFileMapping,C:\Windows\SysWOW64\winrnr.dll,FILE LOCKED WITH ONLY READERS,"SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READWRITE"
37:46.1,LocalServiceControl.exe,9196,RegOpenKey,HKLM\System\CurrentControlSet\Control\CI,REPARSE,Desired Access: Read
37:46.1,LocalServiceControl.exe,9196,RegOpenKey,HKLM\System\CurrentControlSet\Control\CI,SUCCESS,Desired Access: Read
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Control\CI\Disable26178932,NAME NOT FOUND,Length: 20
37:46.1,LocalServiceControl.exe,9196,RegCloseKey,HKLM\System\CurrentControlSet\Control\CI,SUCCESS,
37:46.1,LocalServiceControl.exe,9196,RegOpenKey,HKLM\System\CurrentControlSet\Control\CI,REPARSE,Desired Access: Query Value
37:46.1,LocalServiceControl.exe,9196,RegOpenKey,HKLM\System\CurrentControlSet\Control\CI,SUCCESS,Desired Access: Query Value
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Control\CI\Disable26178932,NAME NOT FOUND,Length: 80
37:46.1,LocalServiceControl.exe,9196,RegCloseKey,HKLM\System\CurrentControlSet\Control\CI,SUCCESS,
37:46.1,LocalServiceControl.exe,9196,CreateFileMapping,C:\Windows\SysWOW64\winrnr.dll,SUCCESS,SyncType: SyncTypeOther
37:46.1,LocalServiceControl.exe,9196,Load Image,C:\Windows\SysWOW64\winrnr.dll,SUCCESS,"Image Base: 0x72be0000, Image Size: 0xe000"
37:46.1,LocalServiceControl.exe,9196,CloseFile,C:\Windows\SysWOW64\winrnr.dll,SUCCESS,
37:46.1,LocalServiceControl.exe,9196,RegQueryKey,HKLM,SUCCESS,"Query: HandleTags, HandleTags: 0x0"
37:46.1,LocalServiceControl.exe,9196,RegQueryKey,HKLM,SUCCESS,Query: Name
37:46.1,LocalServiceControl.exe,9196,RegCreateKey,HKLM\System\CurrentControlSet\Services\Tcpip\Parameters,REPARSE,Desired Access: Read
37:46.1,LocalServiceControl.exe,9196,RegCreateKey,HKLM\System\CurrentControlSet\Services\Tcpip\Parameters,SUCCESS,"Desired Access: Read, Disposition: REG_OPENED_EXISTING_KEY"
37:46.1,LocalServiceControl.exe,9196,RegSetInfoKey,HKLM\System\CurrentControlSet\Services\Tcpip\Parameters,SUCCESS,"KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
37:46.1,LocalServiceControl.exe,9196,RegQueryKey,HKLM,SUCCESS,"Query: HandleTags, HandleTags: 0x0"
37:46.1,LocalServiceControl.exe,9196,RegQueryKey,HKLM,SUCCESS,Query: Name
37:46.1,LocalServiceControl.exe,9196,RegOpenKey,HKLM\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters,REPARSE,Desired Access: Read
37:46.1,LocalServiceControl.exe,9196,RegOpenKey,HKLM\System\CurrentControlSet\Services\Dnscache\Parameters,SUCCESS,Desired Access: Read
37:46.1,LocalServiceControl.exe,9196,RegSetInfoKey,HKLM\System\CurrentControlSet\Services\Dnscache\Parameters,SUCCESS,"KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
37:46.1,LocalServiceControl.exe,9196,RegQueryKey,HKLM,SUCCESS,"Query: HandleTags, HandleTags: 0x0"
37:46.1,LocalServiceControl.exe,9196,RegQueryKey,HKLM,SUCCESS,Query: Name
37:46.1,LocalServiceControl.exe,9196,RegOpenKey,HKLM\Software\WOW6432Node\Policies\Microsoft\Windows NT\DnsClient,REPARSE,Desired Access: Read
37:46.1,LocalServiceControl.exe,9196,RegOpenKey,HKLM\SOFTWARE\Policies\Microsoft\Windows NT\DnsClient,NAME NOT FOUND,Desired Access: Read
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Hostname,BUFFER OVERFLOW,Length: 12
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Hostname,SUCCESS,"Type: REG_SZ, Length: 16, Data: BobHome"
37:46.1,LocalServiceControl.exe,9196,RegCloseKey,HKLM\System\CurrentControlSet\Services\Tcpip\Parameters,SUCCESS,
37:46.1,LocalServiceControl.exe,9196,RegCloseKey,HKLM\System\CurrentControlSet\Services\Dnscache\Parameters,SUCCESS,
37:46.1,LocalServiceControl.exe,9196,RegQueryKey,HKLM,SUCCESS,"Query: HandleTags, HandleTags: 0x0"
37:46.1,LocalServiceControl.exe,9196,RegQueryKey,HKLM,SUCCESS,Query: Name
37:46.1,LocalServiceControl.exe,9196,RegOpenKey,HKLM\SYSTEM\CurrentControlSet\Services\Winsock\Parameters,REPARSE,Desired Access: Read
37:46.1,LocalServiceControl.exe,9196,RegOpenKey,HKLM\System\CurrentControlSet\Services\Winsock\Parameters,SUCCESS,Desired Access: Read
37:46.1,LocalServiceControl.exe,9196,RegSetInfoKey,HKLM\System\CurrentControlSet\Services\Winsock\Parameters,SUCCESS,"KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Services\Winsock\Parameters\Transports,BUFFER OVERFLOW,Length: 12
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Services\Winsock\Parameters\Transports,SUCCESS,"Type: REG_MULTI_SZ, Length: 82, Data: Tcpip, Tcpip6, afunix, Psched, vmbus, RFCOMM"
37:46.1,LocalServiceControl.exe,9196,RegCloseKey,HKLM\System\CurrentControlSet\Services\Winsock\Parameters,SUCCESS,
37:46.1,LocalServiceControl.exe,9196,RegQueryKey,HKLM,SUCCESS,"Query: HandleTags, HandleTags: 0x0"
37:46.1,LocalServiceControl.exe,9196,RegQueryKey,HKLM,SUCCESS,Query: Name
37:46.1,LocalServiceControl.exe,9196,RegOpenKey,HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock,REPARSE,Desired Access: Read
37:46.1,LocalServiceControl.exe,9196,RegOpenKey,HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock,SUCCESS,Desired Access: Read
37:46.1,LocalServiceControl.exe,9196,RegSetInfoKey,HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock,SUCCESS,"KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock\Mapping,BUFFER OVERFLOW,Length: 12
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock\Mapping,SUCCESS,"Type: REG_BINARY, Length: 104, Data: 08 00 00 00 03 00 00 00 02 00 00 00 01 00 00 00"
37:46.1,LocalServiceControl.exe,9196,RegCloseKey,HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock,SUCCESS,
37:46.1,LocalServiceControl.exe,9196,RegQueryKey,HKLM,SUCCESS,"Query: HandleTags, HandleTags: 0x0"
37:46.1,LocalServiceControl.exe,9196,RegQueryKey,HKLM,SUCCESS,Query: Name
37:46.1,LocalServiceControl.exe,9196,RegOpenKey,HKLM\SYSTEM\CurrentControlSet\Services\Winsock\Setup Migration\Providers,REPARSE,Desired Access: Read
37:46.1,LocalServiceControl.exe,9196,RegOpenKey,HKLM\System\CurrentControlSet\Services\Winsock\Setup Migration\Providers,SUCCESS,Desired Access: Read
37:46.1,LocalServiceControl.exe,9196,RegSetInfoKey,HKLM\System\CurrentControlSet\Services\Winsock\Setup Migration\Providers,SUCCESS,"KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
37:46.1,LocalServiceControl.exe,9196,RegQueryKey,HKLM\System\CurrentControlSet\Services\Winsock\Setup Migration\Providers,SUCCESS,"Query: HandleTags, HandleTags: 0x400"
37:46.1,LocalServiceControl.exe,9196,RegOpenKey,HKLM\System\CurrentControlSet\Services\Winsock\Setup Migration\Providers\Tcpip,SUCCESS,Desired Access: Read
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Services\Winsock\Setup Migration\Providers\Tcpip\WinSock 2.0 Provider ID,SUCCESS,"Type: REG_BINARY, Length: 16, Data: A0 1A 0F E7 8B AB CF 11 8C A3 00 80 5F 48 A1 92"
37:46.1,LocalServiceControl.exe,9196,RegCloseKey,HKLM\System\CurrentControlSet\Services\Winsock\Setup Migration\Providers\Tcpip,SUCCESS,
37:46.1,LocalServiceControl.exe,9196,RegCloseKey,HKLM\System\CurrentControlSet\Services\Winsock\Setup Migration\Providers,SUCCESS,
37:46.1,LocalServiceControl.exe,9196,RegQueryKey,HKLM,SUCCESS,"Query: HandleTags, HandleTags: 0x0"
37:46.1,LocalServiceControl.exe,9196,RegQueryKey,HKLM,SUCCESS,Query: Name
37:46.1,LocalServiceControl.exe,9196,RegOpenKey,HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock,REPARSE,Desired Access: Read
37:46.1,LocalServiceControl.exe,9196,RegOpenKey,HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock,SUCCESS,Desired Access: Read
37:46.1,LocalServiceControl.exe,9196,RegSetInfoKey,HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock,SUCCESS,"KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock\MinSockaddrLength,SUCCESS,"Type: REG_DWORD, Length: 4, Data: 16"
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock\MaxSockaddrLength,SUCCESS,"Type: REG_DWORD, Length: 4, Data: 16"
37:46.1,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock\UseDelayedAcceptance,SUCCESS,"Type: REG_DWORD, Length: 4, Data: 0"
37:46.1,LocalServiceControl.exe,9196,RegCloseKey,HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock,SUCCESS,
37:46.1,LocalServiceControl.exe,9196,Thread Create,,SUCCESS,Thread ID: 7692
37:46.2,LocalServiceControl.exe,9196,TCP Disconnect,BobHome.grovtec.local:50624 -> BobHome.grovtec.local:33686,SUCCESS,"Length: 0, seqnum: 0, connid: 0"
37:46.2,LocalServiceControl.exe,9196,RegQueryKey,HKLM,SUCCESS,"Query: HandleTags, HandleTags: 0x0"
37:46.2,LocalServiceControl.exe,9196,RegQueryKey,HKLM,SUCCESS,Query: Name
37:46.2,LocalServiceControl.exe,9196,RegCreateKey,HKLM\System\CurrentControlSet\Services\Tcpip\Parameters,REPARSE,Desired Access: Read
37:46.2,LocalServiceControl.exe,9196,RegCreateKey,HKLM\System\CurrentControlSet\Services\Tcpip\Parameters,SUCCESS,"Desired Access: Read, Disposition: REG_OPENED_EXISTING_KEY"
37:46.2,LocalServiceControl.exe,9196,RegSetInfoKey,HKLM\System\CurrentControlSet\Services\Tcpip\Parameters,SUCCESS,"KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
37:46.2,LocalServiceControl.exe,9196,RegQueryKey,HKLM,SUCCESS,"Query: HandleTags, HandleTags: 0x0"
37:46.2,LocalServiceControl.exe,9196,RegQueryKey,HKLM,SUCCESS,Query: Name
37:46.2,LocalServiceControl.exe,9196,RegOpenKey,HKLM\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters,REPARSE,Desired Access: Read
37:46.2,LocalServiceControl.exe,9196,RegOpenKey,HKLM\System\CurrentControlSet\Services\Dnscache\Parameters,SUCCESS,Desired Access: Read
37:46.2,LocalServiceControl.exe,9196,RegSetInfoKey,HKLM\System\CurrentControlSet\Services\Dnscache\Parameters,SUCCESS,"KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
37:46.2,LocalServiceControl.exe,9196,RegQueryKey,HKLM,SUCCESS,"Query: HandleTags, HandleTags: 0x0"
37:46.2,LocalServiceControl.exe,9196,RegQueryKey,HKLM,SUCCESS,Query: Name
37:46.2,LocalServiceControl.exe,9196,RegOpenKey,HKLM\Software\WOW6432Node\Policies\Microsoft\Windows NT\DnsClient,REPARSE,Desired Access: Read
37:46.2,LocalServiceControl.exe,9196,RegOpenKey,HKLM\SOFTWARE\Policies\Microsoft\Windows NT\DnsClient,NAME NOT FOUND,Desired Access: Read
37:46.2,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Hostname,BUFFER OVERFLOW,Length: 12
37:46.2,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Hostname,SUCCESS,"Type: REG_SZ, Length: 16, Data: BobHome"
37:46.2,LocalServiceControl.exe,9196,RegCloseKey,HKLM\System\CurrentControlSet\Services\Tcpip\Parameters,SUCCESS,
37:46.2,LocalServiceControl.exe,9196,RegCloseKey,HKLM\System\CurrentControlSet\Services\Dnscache\Parameters,SUCCESS,
37:46.2,LocalServiceControl.exe,9196,TCP Disconnect,BobHome.grovtec.local:50625 -> BobHome.grovtec.local:33686,SUCCESS,"Length: 0, seqnum: 0, connid: 0"
37:46.2,LocalServiceControl.exe,9196,RegQueryKey,HKLM,SUCCESS,"Query: HandleTags, HandleTags: 0x0"
37:46.2,LocalServiceControl.exe,9196,RegQueryKey,HKLM,SUCCESS,Query: Name
37:46.2,LocalServiceControl.exe,9196,RegCreateKey,HKLM\System\CurrentControlSet\Services\Tcpip\Parameters,REPARSE,Desired Access: Read
37:46.2,LocalServiceControl.exe,9196,RegCreateKey,HKLM\System\CurrentControlSet\Services\Tcpip\Parameters,SUCCESS,"Desired Access: Read, Disposition: REG_OPENED_EXISTING_KEY"
37:46.2,LocalServiceControl.exe,9196,RegSetInfoKey,HKLM\System\CurrentControlSet\Services\Tcpip\Parameters,SUCCESS,"KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
37:46.2,LocalServiceControl.exe,9196,RegQueryKey,HKLM,SUCCESS,"Query: HandleTags, HandleTags: 0x0"
37:46.2,LocalServiceControl.exe,9196,RegQueryKey,HKLM,SUCCESS,Query: Name
37:46.2,LocalServiceControl.exe,9196,RegOpenKey,HKLM\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters,REPARSE,Desired Access: Read
37:46.2,LocalServiceControl.exe,9196,RegOpenKey,HKLM\System\CurrentControlSet\Services\Dnscache\Parameters,SUCCESS,Desired Access: Read
37:46.2,LocalServiceControl.exe,9196,RegSetInfoKey,HKLM\System\CurrentControlSet\Services\Dnscache\Parameters,SUCCESS,"KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
37:46.2,LocalServiceControl.exe,9196,RegQueryKey,HKLM,SUCCESS,"Query: HandleTags, HandleTags: 0x0"
37:46.2,LocalServiceControl.exe,9196,RegQueryKey,HKLM,SUCCESS,Query: Name
37:46.2,LocalServiceControl.exe,9196,RegOpenKey,HKLM\Software\WOW6432Node\Policies\Microsoft\Windows NT\DnsClient,REPARSE,Desired Access: Read
37:46.2,LocalServiceControl.exe,9196,RegOpenKey,HKLM\SOFTWARE\Policies\Microsoft\Windows NT\DnsClient,NAME NOT FOUND,Desired Access: Read
37:46.2,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Hostname,BUFFER OVERFLOW,Length: 12
37:46.2,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Hostname,SUCCESS,"Type: REG_SZ, Length: 16, Data: BobHome"
37:46.2,LocalServiceControl.exe,9196,RegCloseKey,HKLM\System\CurrentControlSet\Services\Tcpip\Parameters,SUCCESS,
37:46.2,LocalServiceControl.exe,9196,RegCloseKey,HKLM\System\CurrentControlSet\Services\Dnscache\Parameters,SUCCESS,
37:46.2,LocalServiceControl.exe,9196,RegQueryKey,HKLM,SUCCESS,"Query: HandleTags, HandleTags: 0x0"
37:46.2,LocalServiceControl.exe,9196,RegQueryKey,HKLM,SUCCESS,Query: Name
37:46.2,LocalServiceControl.exe,9196,RegCreateKey,HKLM\System\CurrentControlSet\Services\Tcpip\Parameters,REPARSE,Desired Access: Read
37:46.2,LocalServiceControl.exe,9196,RegCreateKey,HKLM\System\CurrentControlSet\Services\Tcpip\Parameters,SUCCESS,"Desired Access: Read, Disposition: REG_OPENED_EXISTING_KEY"
37:46.2,LocalServiceControl.exe,9196,RegSetInfoKey,HKLM\System\CurrentControlSet\Services\Tcpip\Parameters,SUCCESS,"KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
37:46.2,LocalServiceControl.exe,9196,RegQueryKey,HKLM,SUCCESS,"Query: HandleTags, HandleTags: 0x0"
37:46.2,LocalServiceControl.exe,9196,RegQueryKey,HKLM,SUCCESS,Query: Name
37:46.2,LocalServiceControl.exe,9196,RegOpenKey,HKLM\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters,REPARSE,Desired Access: Read
37:46.2,LocalServiceControl.exe,9196,RegOpenKey,HKLM\System\CurrentControlSet\Services\Dnscache\Parameters,SUCCESS,Desired Access: Read
37:46.2,LocalServiceControl.exe,9196,RegSetInfoKey,HKLM\System\CurrentControlSet\Services\Dnscache\Parameters,SUCCESS,"KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
37:46.2,LocalServiceControl.exe,9196,RegQueryKey,HKLM,SUCCESS,"Query: HandleTags, HandleTags: 0x0"
37:46.2,LocalServiceControl.exe,9196,RegQueryKey,HKLM,SUCCESS,Query: Name
37:46.2,LocalServiceControl.exe,9196,RegOpenKey,HKLM\Software\WOW6432Node\Policies\Microsoft\Windows NT\DnsClient,REPARSE,Desired Access: Read
37:46.2,LocalServiceControl.exe,9196,RegOpenKey,HKLM\SOFTWARE\Policies\Microsoft\Windows NT\DnsClient,NAME NOT FOUND,Desired Access: Read
37:46.2,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Hostname,BUFFER OVERFLOW,Length: 12
37:46.2,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Hostname,SUCCESS,"Type: REG_SZ, Length: 16, Data: BobHome"
37:46.2,LocalServiceControl.exe,9196,RegCloseKey,HKLM\System\CurrentControlSet\Services\Tcpip\Parameters,SUCCESS,
37:46.2,LocalServiceControl.exe,9196,RegCloseKey,HKLM\System\CurrentControlSet\Services\Dnscache\Parameters,SUCCESS,
37:46.2,LocalServiceControl.exe,9196,RegQueryKey,HKLM,SUCCESS,"Query: HandleTags, HandleTags: 0x0"
37:46.2,LocalServiceControl.exe,9196,RegQueryKey,HKLM,SUCCESS,Query: Name
37:46.2,LocalServiceControl.exe,9196,RegOpenKey,HKLM\SYSTEM\CurrentControlSet\Services\Winsock\Parameters,REPARSE,Desired Access: Read
37:46.2,LocalServiceControl.exe,9196,RegOpenKey,HKLM\System\CurrentControlSet\Services\Winsock\Parameters,SUCCESS,Desired Access: Read
37:46.2,LocalServiceControl.exe,9196,RegSetInfoKey,HKLM\System\CurrentControlSet\Services\Winsock\Parameters,SUCCESS,"KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
37:46.2,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Services\Winsock\Parameters\Transports,BUFFER OVERFLOW,Length: 12
37:46.2,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Services\Winsock\Parameters\Transports,SUCCESS,"Type: REG_MULTI_SZ, Length: 82, Data: Tcpip, Tcpip6, afunix, Psched, vmbus, RFCOMM"
37:46.2,LocalServiceControl.exe,9196,RegCloseKey,HKLM\System\CurrentControlSet\Services\Winsock\Parameters,SUCCESS,
37:46.2,LocalServiceControl.exe,9196,RegQueryKey,HKLM,SUCCESS,"Query: HandleTags, HandleTags: 0x0"
37:46.2,LocalServiceControl.exe,9196,RegQueryKey,HKLM,SUCCESS,Query: Name
37:46.2,LocalServiceControl.exe,9196,RegOpenKey,HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock,REPARSE,Desired Access: Read
37:46.2,LocalServiceControl.exe,9196,RegOpenKey,HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock,SUCCESS,Desired Access: Read
37:46.2,LocalServiceControl.exe,9196,RegSetInfoKey,HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock,SUCCESS,"KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
37:46.2,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock\Mapping,BUFFER OVERFLOW,Length: 12
37:46.2,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock\Mapping,SUCCESS,"Type: REG_BINARY, Length: 104, Data: 08 00 00 00 03 00 00 00 02 00 00 00 01 00 00 00"
37:46.2,LocalServiceControl.exe,9196,RegCloseKey,HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock,SUCCESS,
37:46.2,LocalServiceControl.exe,9196,RegQueryKey,HKLM,SUCCESS,"Query: HandleTags, HandleTags: 0x0"
37:46.2,LocalServiceControl.exe,9196,RegQueryKey,HKLM,SUCCESS,Query: Name
37:46.2,LocalServiceControl.exe,9196,RegOpenKey,HKLM\System\CurrentControlSet\Services\Tcpip6\Parameters\Winsock,REPARSE,Desired Access: Read
37:46.2,LocalServiceControl.exe,9196,RegOpenKey,HKLM\System\CurrentControlSet\Services\Tcpip6\Parameters\Winsock,SUCCESS,Desired Access: Read
37:46.2,LocalServiceControl.exe,9196,RegSetInfoKey,HKLM\System\CurrentControlSet\Services\Tcpip6\Parameters\Winsock,SUCCESS,"KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
37:46.2,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Services\Tcpip6\Parameters\Winsock\Mapping,BUFFER OVERFLOW,Length: 12
37:46.2,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Services\Tcpip6\Parameters\Winsock\Mapping,SUCCESS,"Type: REG_BINARY, Length: 104, Data: 08 00 00 00 03 00 00 00 17 00 00 00 01 00 00 00"
37:46.2,LocalServiceControl.exe,9196,RegCloseKey,HKLM\System\CurrentControlSet\Services\Tcpip6\Parameters\Winsock,SUCCESS,
37:46.2,LocalServiceControl.exe,9196,RegQueryKey,HKLM,SUCCESS,"Query: HandleTags, HandleTags: 0x0"
37:46.2,LocalServiceControl.exe,9196,RegQueryKey,HKLM,SUCCESS,Query: Name
37:46.2,LocalServiceControl.exe,9196,RegOpenKey,HKLM\SYSTEM\CurrentControlSet\Services\Winsock\Setup Migration\Providers,REPARSE,Desired Access: Read
37:46.2,LocalServiceControl.exe,9196,RegOpenKey,HKLM\System\CurrentControlSet\Services\Winsock\Setup Migration\Providers,SUCCESS,Desired Access: Read
37:46.2,LocalServiceControl.exe,9196,RegSetInfoKey,HKLM\System\CurrentControlSet\Services\Winsock\Setup Migration\Providers,SUCCESS,"KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
37:46.2,LocalServiceControl.exe,9196,RegQueryKey,HKLM\System\CurrentControlSet\Services\Winsock\Setup Migration\Providers,SUCCESS,"Query: HandleTags, HandleTags: 0x400"
37:46.2,LocalServiceControl.exe,9196,RegOpenKey,HKLM\System\CurrentControlSet\Services\Winsock\Setup Migration\Providers\Tcpip6,SUCCESS,Desired Access: Read
37:46.2,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Services\Winsock\Setup Migration\Providers\Tcpip6\WinSock 2.0 Provider ID,SUCCESS,"Type: REG_BINARY, Length: 16, Data: C0 B0 EA F9 D4 26 D0 11 BB BF 00 AA 00 6C 34 E4"
37:46.2,LocalServiceControl.exe,9196,RegCloseKey,HKLM\System\CurrentControlSet\Services\Winsock\Setup Migration\Providers\Tcpip6,SUCCESS,
37:46.2,LocalServiceControl.exe,9196,RegCloseKey,HKLM\System\CurrentControlSet\Services\Winsock\Setup Migration\Providers,SUCCESS,
37:46.2,LocalServiceControl.exe,9196,RegQueryKey,HKLM,SUCCESS,"Query: HandleTags, HandleTags: 0x0"
37:46.2,LocalServiceControl.exe,9196,RegQueryKey,HKLM,SUCCESS,Query: Name
37:46.2,LocalServiceControl.exe,9196,RegOpenKey,HKLM\System\CurrentControlSet\Services\Tcpip6\Parameters\Winsock,REPARSE,Desired Access: Read
37:46.2,LocalServiceControl.exe,9196,RegOpenKey,HKLM\System\CurrentControlSet\Services\Tcpip6\Parameters\Winsock,SUCCESS,Desired Access: Read
37:46.2,LocalServiceControl.exe,9196,RegSetInfoKey,HKLM\System\CurrentControlSet\Services\Tcpip6\Parameters\Winsock,SUCCESS,"KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
37:46.2,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Services\Tcpip6\Parameters\Winsock\MinSockaddrLength,SUCCESS,"Type: REG_DWORD, Length: 4, Data: 28"
37:46.2,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Services\Tcpip6\Parameters\Winsock\MaxSockaddrLength,SUCCESS,"Type: REG_DWORD, Length: 4, Data: 28"
37:46.2,LocalServiceControl.exe,9196,RegQueryValue,HKLM\System\CurrentControlSet\Services\Tcpip6\Parameters\Winsock\UseDelayedAcceptance,SUCCESS,"Type: REG_DWORD, Length: 4, Data: 0"
37:46.2,LocalServiceControl.exe,9196,RegCloseKey,HKLM\System\CurrentControlSet\Services\Tcpip6\Parameters\Winsock,SUCCESS,
37:46.2,LocalServiceControl.exe,9196,QueryOpen,C:\Program Files (x86)\LocalServiceComponents\accessiblebridge,NAME NOT FOUND,
38:16.0,LocalServiceControl.exe,9196,Thread Exit,,SUCCESS,"Thread ID: 9036, User Time: 0.0000000, Kernel Time: 0.0000000"
38:16.0,LocalServiceControl.exe,9196,Thread Exit,,SUCCESS,"Thread ID: 9796, User Time: 0.0000000, Kernel Time: 0.0000000"
38:16.0,LocalServiceControl.exe,9196,Thread Exit,,SUCCESS,"Thread ID: 9656, User Time: 0.0000000, Kernel Time: 0.0000000"
38:16.1,LocalServiceControl.exe,9196,Thread Create,,SUCCESS,Thread ID: 8596
38:16.1,LocalServiceControl.exe,9196,Thread Create,,SUCCESS,Thread ID: 9720