Oldes · October 13, 2015 09:28
diff --git a/Filelog-camera-startup b/Filelog-camera-startup
 "Time of Day","Process Name","PID","Operation","Path","Result","Detail"
 "11:26:46.3075485 AM","view-test.exe","24980","Process Start","","SUCCESS","Parent PID: 25076, Command line: ""C:\dev\GIT\Red\view-test.exe"" , Current directory: c:\dev\GIT\Red\, Environment: 

 "11:26:46.3075545 AM","view-test.exe","24980","Thread Create","","SUCCESS","Thread ID: 8356"
 "11:26:46.3082616 AM","view-test.exe","24980","Load Image","C:\dev\GIT\Red\view-test.exe","SUCCESS","Image Base: 0x400000, Image Size: 0x7e000"
 "11:26:46.3083157 AM","view-test.exe","24980","Load Image","C:\Windows\System32\ntdll.dll","SUCCESS","Image Base: 0x77170000, Image Size: 0x1a9000"
 "11:26:46.3084198 AM","view-test.exe","24980","Load Image","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Image Base: 0x77350000, Image Size: 0x180000"
 "11:26:46.3085213 AM","view-test.exe","24980","CreateFile","C:\Windows\Prefetch\VIEW-TEST.EXE-AB20D2ED.pf","NAME NOT FOUND","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Attributes: n/a, ShareMode: None, AllocationSize: n/a"
 "11:26:46.3085811 AM","view-test.exe","24980","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options","SUCCESS","Desired Access: Query Value, Enumerate Sub Keys"
 "11:26:46.3086006 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\Image File Execution Options\DisableUserModeCallbackFilter","NAME NOT FOUND","Length: 1,024"
 "11:26:46.3086105 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Control\Session Manager","REPARSE","Desired Access: Read"
 "11:26:46.3086208 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Control\Session Manager","SUCCESS","Desired Access: Read"
 "11:26:46.3086293 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Control\SESSION MANAGER\CWDIllegalInDLLSearch","NAME NOT FOUND","Length: 1,024"
 "11:26:46.3086491 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Control\SESSION MANAGER","SUCCESS",""
 "11:26:46.3087839 AM","view-test.exe","24980","CreateFile","C:\Windows","SUCCESS","Desired Access: Execute/Traverse, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
 "11:26:46.3089113 AM","view-test.exe","24980","CreateFile","C:\Windows\System32\wow64.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
 "11:26:46.3089644 AM","view-test.exe","24980","QueryBasicInformationFile","C:\Windows\System32\wow64.dll","SUCCESS","CreationTime: 7/17/2015 10:03:20 AM, LastAccessTime: 7/17/2015 10:03:20 AM, LastWriteTime: 5/25/2015 8:19:27 PM, ChangeTime: 7/20/2015 9:22:24 AM, FileAttributes: A"
 "11:26:46.3089768 AM","view-test.exe","24980","CloseFile","C:\Windows\System32\wow64.dll","SUCCESS",""
 "11:26:46.3090295 AM","view-test.exe","24980","CreateFile","C:\Windows\System32\wow64.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
 "11:26:46.3090741 AM","view-test.exe","24980","CreateFileMapping","C:\Windows\System32\wow64.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: "
 "11:26:46.3091099 AM","view-test.exe","24980","CreateFileMapping","C:\Windows\System32\wow64.dll","SUCCESS","SyncType: SyncTypeOther"
 "11:26:46.3091700 AM","view-test.exe","24980","Load Image","C:\Windows\System32\wow64.dll","SUCCESS","Image Base: 0x74c60000, Image Size: 0x3f000"
 "11:26:46.3091870 AM","view-test.exe","24980","CloseFile","C:\Windows\System32\wow64.dll","SUCCESS",""
 "11:26:46.3092960 AM","view-test.exe","24980","CreateFile","C:\Windows\System32\wow64win.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
 "11:26:46.3093427 AM","view-test.exe","24980","QueryBasicInformationFile","C:\Windows\System32\wow64win.dll","SUCCESS","CreationTime: 7/17/2015 10:03:19 AM, LastAccessTime: 7/17/2015 10:03:19 AM, LastWriteTime: 5/25/2015 8:19:27 PM, ChangeTime: 7/20/2015 9:22:24 AM, FileAttributes: A"
 "11:26:46.3093604 AM","view-test.exe","24980","CloseFile","C:\Windows\System32\wow64win.dll","SUCCESS",""
 "11:26:46.3094287 AM","view-test.exe","24980","CreateFile","C:\Windows\System32\wow64win.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
 "11:26:46.3094836 AM","view-test.exe","24980","CreateFileMapping","C:\Windows\System32\wow64win.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: "
 "11:26:46.3095193 AM","view-test.exe","24980","CreateFileMapping","C:\Windows\System32\wow64win.dll","SUCCESS","SyncType: SyncTypeOther"
 "11:26:46.3095954 AM","view-test.exe","24980","Load Image","C:\Windows\System32\wow64win.dll","SUCCESS","Image Base: 0x74c00000, Image Size: 0x5c000"
 "11:26:46.3096089 AM","view-test.exe","24980","CloseFile","C:\Windows\System32\wow64win.dll","SUCCESS",""
 "11:26:46.3097267 AM","view-test.exe","24980","CreateFile","C:\Windows\System32\wow64cpu.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
 "11:26:46.3097770 AM","view-test.exe","24980","QueryBasicInformationFile","C:\Windows\System32\wow64cpu.dll","SUCCESS","CreationTime: 7/17/2015 10:03:19 AM, LastAccessTime: 7/17/2015 10:03:19 AM, LastWriteTime: 5/25/2015 8:19:27 PM, ChangeTime: 7/20/2015 9:22:24 AM, FileAttributes: A"
 "11:26:46.3097929 AM","view-test.exe","24980","CloseFile","C:\Windows\System32\wow64cpu.dll","SUCCESS",""
 "11:26:46.3098644 AM","view-test.exe","24980","CreateFile","C:\Windows\System32\wow64cpu.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
 "11:26:46.3099146 AM","view-test.exe","24980","CreateFileMapping","C:\Windows\System32\wow64cpu.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: "
 "11:26:46.3099486 AM","view-test.exe","24980","CreateFileMapping","C:\Windows\System32\wow64cpu.dll","SUCCESS","SyncType: SyncTypeOther"
 "11:26:46.3099964 AM","view-test.exe","24980","Load Image","C:\Windows\System32\wow64cpu.dll","SUCCESS","Image Base: 0x74bf0000, Image Size: 0x8000"
 "11:26:46.3100095 AM","view-test.exe","24980","CloseFile","C:\Windows\System32\wow64cpu.dll","SUCCESS",""
 "11:26:46.3100615 AM","view-test.exe","24980","RegOpenKey","HKLM\SOFTWARE\Microsoft\WOW64","NAME NOT FOUND","Desired Access: Query Value"
 "11:26:46.3101659 AM","view-test.exe","24980","CreateFile","C:\Windows\System32\wow64log.dll","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
 "11:26:46.3102413 AM","view-test.exe","24980","Load Image","C:\Windows\System32\kernel32.dll","SUCCESS","Image Base: 0x76f50000, Image Size: 0x11f000"
 "11:26:46.3103322 AM","view-test.exe","24980","Load Image","C:\Windows\SysWOW64\kernel32.dll","SUCCESS","Image Base: 0x74f40000, Image Size: 0x110000"
 "11:26:46.3104076 AM","view-test.exe","24980","Load Image","C:\Windows\System32\kernel32.dll","SUCCESS","Image Base: 0x76f50000, Image Size: 0x11f000"
 "11:26:46.3104646 AM","view-test.exe","24980","Load Image","C:\Windows\System32\user32.dll","SUCCESS","Image Base: 0x77070000, Image Size: 0xfa000"
 "11:26:46.3105219 AM","view-test.exe","24980","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
 "11:26:46.3105460 AM","view-test.exe","24980","QueryNameInformationFile","C:\Windows","SUCCESS","Name: \Windows"
 "11:26:46.3105584 AM","view-test.exe","24980","CloseFile","C:\Windows","SUCCESS",""
 "11:26:46.3106285 AM","view-test.exe","24980","RegOpenKey","HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options","SUCCESS","Desired Access: Query Value, Enumerate Sub Keys"
 "11:26:46.3106426 AM","view-test.exe","24980","RegSetInfoKey","HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\Image File Execution Options","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.3106522 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\Image File Execution Options\DisableUserModeCallbackFilter","NAME NOT FOUND","Length: 1,024"
 "11:26:46.3106631 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Control\Session Manager","REPARSE","Desired Access: Read"
 "11:26:46.3106769 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Control\Session Manager","SUCCESS","Desired Access: Read"
 "11:26:46.3106865 AM","view-test.exe","24980","RegSetInfoKey","HKLM\System\CurrentControlSet\Control\SESSION MANAGER","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.3106932 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Control\SESSION MANAGER\CWDIllegalInDLLSearch","NAME NOT FOUND","Length: 1,024"
 "11:26:46.3107056 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Control\SESSION MANAGER","SUCCESS",""
 "11:26:46.3108479 AM","view-test.exe","24980","CreateFile","C:\dev\GIT\Red","SUCCESS","Desired Access: Execute/Traverse, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
 "11:26:46.3109622 AM","view-test.exe","24980","Load Image","C:\Windows\SysWOW64\kernel32.dll","SUCCESS","Image Base: 0x74f40000, Image Size: 0x110000"
 "11:26:46.3110899 AM","view-test.exe","24980","Load Image","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","Image Base: 0x763b0000, Image Size: 0x47000"
 "11:26:46.3199845 AM","view-test.exe","24980","Process Profiling","","SUCCESS","User Time: 0.0000000 seconds, Kernel Time: 0.0000000 seconds, Private Bytes: 458,752, Working Set: 2,170,880"
 "11:26:46.3347311 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Control\Terminal Server","REPARSE","Desired Access: Read"
 "11:26:46.3347460 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Control\Terminal Server","SUCCESS","Desired Access: Read"
 "11:26:46.3347601 AM","view-test.exe","24980","RegSetInfoKey","HKLM\System\CurrentControlSet\Control\Terminal Server","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.3347683 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Control\Terminal Server\TSAppCompat","NAME NOT FOUND","Length: 548"
 "11:26:46.3347764 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Control\Terminal Server\TSUserEnabled","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
 "11:26:46.3347863 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Control\Terminal Server","SUCCESS",""
 "11:26:46.3348058 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Control\SafeBoot\Option","REPARSE","Desired Access: Query Value, Set Value"
 "11:26:46.3348146 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Control\SafeBoot\Option","NAME NOT FOUND","Desired Access: Query Value, Set Value"
 "11:26:46.3348242 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Control\Srp\GP\DLL","REPARSE","Desired Access: Read"
 "11:26:46.3348323 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Control\Srp\GP\DLL","NAME NOT FOUND","Desired Access: Read"
 "11:26:46.3348422 AM","view-test.exe","24980","RegOpenKey","HKLM\Software\Wow6432Node\Policies\Microsoft\Windows\Safer\CodeIdentifiers","REPARSE","Desired Access: Query Value"
 "11:26:46.3348652 AM","view-test.exe","24980","RegOpenKey","HKLM\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers","SUCCESS","Desired Access: Query Value"
 "11:26:46.3348766 AM","view-test.exe","24980","RegSetInfoKey","HKLM\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.3348826 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\TransparentEnabled","NAME NOT FOUND","Length: 80"
 "11:26:46.3348907 AM","view-test.exe","24980","RegCloseKey","HKLM\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers","SUCCESS",""
 "11:26:46.3349052 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers","NAME NOT FOUND","Desired Access: Query Value"
 "11:26:46.3350008 AM","view-test.exe","24980","Load Image","C:\Windows\SysWOW64\msvcrt.dll","SUCCESS","Image Base: 0x75450000, Image Size: 0xac000"
 "11:26:46.3352329 AM","view-test.exe","24980","Load Image","C:\Windows\SysWOW64\ole32.dll","SUCCESS","Image Base: 0x75250000, Image Size: 0x15c000"
 "11:26:46.3353419 AM","view-test.exe","24980","Load Image","C:\Windows\SysWOW64\gdi32.dll","SUCCESS","Image Base: 0x74d20000, Image Size: 0x90000"
 "11:26:46.3354474 AM","view-test.exe","24980","Load Image","C:\Windows\SysWOW64\user32.dll","SUCCESS","Image Base: 0x76ac0000, Image Size: 0x100000"
 "11:26:46.3356852 AM","view-test.exe","24980","Load Image","C:\Windows\SysWOW64\advapi32.dll","SUCCESS","Image Base: 0x76ea0000, Image Size: 0xa1000"
 "11:26:46.3359726 AM","view-test.exe","24980","CreateFile","C:\Windows\SysWOW64\sechost.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
 "11:26:46.3360441 AM","view-test.exe","24980","QueryBasicInformationFile","C:\Windows\SysWOW64\sechost.dll","SUCCESS","CreationTime: 7/17/2015 10:03:19 AM, LastAccessTime: 7/17/2015 10:03:19 AM, LastWriteTime: 5/25/2015 8:01:39 PM, ChangeTime: 7/20/2015 9:22:24 AM, FileAttributes: A"
 "11:26:46.3360547 AM","view-test.exe","24980","CloseFile","C:\Windows\SysWOW64\sechost.dll","SUCCESS",""
 "11:26:46.3361432 AM","view-test.exe","24980","CreateFile","C:\Windows\SysWOW64\sechost.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
 "11:26:46.3362557 AM","view-test.exe","24980","CreateFileMapping","C:\Windows\SysWOW64\sechost.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: "
 "11:26:46.3362950 AM","view-test.exe","24980","CreateFileMapping","C:\Windows\SysWOW64\sechost.dll","SUCCESS","SyncType: SyncTypeOther"
 "11:26:46.3364075 AM","view-test.exe","24980","Load Image","C:\Windows\SysWOW64\sechost.dll","SUCCESS","Image Base: 0x76670000, Image Size: 0x19000"
 "11:26:46.3364263 AM","view-test.exe","24980","CloseFile","C:\Windows\SysWOW64\sechost.dll","SUCCESS",""
 "11:26:46.3365601 AM","view-test.exe","24980","Load Image","C:\Windows\SysWOW64\rpcrt4.dll","SUCCESS","Image Base: 0x74e40000, Image Size: 0xf0000"
 "11:26:46.3368237 AM","view-test.exe","24980","Load Image","C:\Windows\SysWOW64\sspicli.dll","SUCCESS","Image Base: 0x74cc0000, Image Size: 0x60000"
 "11:26:46.3369787 AM","view-test.exe","24980","Load Image","C:\Windows\SysWOW64\cryptbase.dll","SUCCESS","Image Base: 0x74cb0000, Image Size: 0xc000"
 "11:26:46.3372204 AM","view-test.exe","24980","Load Image","C:\Windows\SysWOW64\lpk.dll","SUCCESS","Image Base: 0x769b0000, Image Size: 0xa000"
 "11:26:46.3373489 AM","view-test.exe","24980","Load Image","C:\Windows\SysWOW64\usp10.dll","SUCCESS","Image Base: 0x75050000, Image Size: 0x9d000"
 "11:26:46.3375765 AM","view-test.exe","24980","Load Image","C:\Windows\SysWOW64\oleaut32.dll","SUCCESS","Image Base: 0x76150000, Image Size: 0x8f000"
 "11:26:46.3376529 AM","view-test.exe","24980","RegOpenKey","HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\SideBySide\AssemblyStorageRoots","NAME NOT FOUND","Desired Access: Enumerate Sub Keys"
 "11:26:46.3377594 AM","view-test.exe","24980","CreateFile","C:\dev\GIT\Red\view-test.exe.Local","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
 "11:26:46.3379318 AM","view-test.exe","24980","CreateFile","C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18852_none_72d5ba7586659cb4","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
 "11:26:46.3379523 AM","view-test.exe","24980","QueryBasicInformationFile","C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18852_none_72d5ba7586659cb4","SUCCESS","CreationTime: 7/17/2015 10:06:55 AM, LastAccessTime: 7/17/2015 10:06:55 AM, LastWriteTime: 7/17/2015 10:06:55 AM, ChangeTime: 7/17/2015 10:06:55 AM, FileAttributes: D"
 "11:26:46.3379622 AM","view-test.exe","24980","CloseFile","C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18852_none_72d5ba7586659cb4","SUCCESS",""
 "11:26:46.3380348 AM","view-test.exe","24980","CreateFile","C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18852_none_72d5ba7586659cb4","SUCCESS","Desired Access: Execute/Traverse, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
 "11:26:46.3381229 AM","view-test.exe","24980","CreateFile","C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18852_none_72d5ba7586659cb4\GdiPlus.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
 "11:26:46.3381427 AM","view-test.exe","24980","QueryBasicInformationFile","C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18852_none_72d5ba7586659cb4\GdiPlus.dll","SUCCESS","CreationTime: 7/17/2015 10:03:02 AM, LastAccessTime: 7/17/2015 10:03:02 AM, LastWriteTime: 5/15/2015 7:58:41 PM, ChangeTime: 7/17/2015 10:06:55 AM, FileAttributes: A"
 "11:26:46.3381551 AM","view-test.exe","24980","CloseFile","C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18852_none_72d5ba7586659cb4\GdiPlus.dll","SUCCESS",""
 "11:26:46.3382085 AM","view-test.exe","24980","CreateFile","C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18852_none_72d5ba7586659cb4\GdiPlus.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
 "11:26:46.3382287 AM","view-test.exe","24980","CreateFileMapping","C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18852_none_72d5ba7586659cb4\GdiPlus.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: "
 "11:26:46.3382616 AM","view-test.exe","24980","CreateFileMapping","C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18852_none_72d5ba7586659cb4\GdiPlus.dll","SUCCESS","SyncType: SyncTypeOther"
 "11:26:46.3382956 AM","view-test.exe","24980","Load Image","C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18852_none_72d5ba7586659cb4\GdiPlus.dll","SUCCESS","Image Base: 0x70db0000, Image Size: 0x190000"
 "11:26:46.3383090 AM","view-test.exe","24980","CloseFile","C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18852_none_72d5ba7586659cb4\GdiPlus.dll","SUCCESS",""
 "11:26:46.3384934 AM","view-test.exe","24980","Load Image","C:\Windows\SysWOW64\comdlg32.dll","SUCCESS","Image Base: 0x769c0000, Image Size: 0x7b000"
 "11:26:46.3386141 AM","view-test.exe","24980","Load Image","C:\Windows\SysWOW64\shlwapi.dll","SUCCESS","Image Base: 0x76400000, Image Size: 0x57000"
 "11:26:46.3386990 AM","view-test.exe","24980","RegOpenKey","HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\SideBySide\AssemblyStorageRoots","NAME NOT FOUND","Desired Access: Enumerate Sub Keys"
 "11:26:46.3388027 AM","view-test.exe","24980","CreateFile","C:\dev\GIT\Red\view-test.exe.Local","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
 "11:26:46.3389542 AM","view-test.exe","24980","CreateFile","C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
 "11:26:46.3389747 AM","view-test.exe","24980","QueryBasicInformationFile","C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc","SUCCESS","CreationTime: 7/17/2015 10:07:45 AM, LastAccessTime: 7/17/2015 10:07:45 AM, LastWriteTime: 7/17/2015 10:07:45 AM, ChangeTime: 7/17/2015 10:07:45 AM, FileAttributes: D"
 "11:26:46.3389882 AM","view-test.exe","24980","CloseFile","C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc","SUCCESS",""
 "11:26:46.3390586 AM","view-test.exe","24980","CreateFile","C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc","SUCCESS","Desired Access: Execute/Traverse, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
 "11:26:46.3391485 AM","view-test.exe","24980","CreateFile","C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc\comctl32.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
 "11:26:46.3391676 AM","view-test.exe","24980","QueryBasicInformationFile","C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc\comctl32.dll","SUCCESS","CreationTime: 7/17/2015 10:02:54 AM, LastAccessTime: 7/17/2015 10:02:54 AM, LastWriteTime: 4/24/2015 7:56:58 PM, ChangeTime: 7/17/2015 10:07:45 AM, FileAttributes: A"
 "11:26:46.3391771 AM","view-test.exe","24980","CloseFile","C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc\comctl32.dll","SUCCESS",""
 "11:26:46.3392299 AM","view-test.exe","24980","CreateFile","C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc\comctl32.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
 "11:26:46.3392493 AM","view-test.exe","24980","CreateFileMapping","C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc\comctl32.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: "
 "11:26:46.3392879 AM","view-test.exe","24980","CreateFileMapping","C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc\comctl32.dll","SUCCESS","SyncType: SyncTypeOther"
 "11:26:46.3393212 AM","view-test.exe","24980","Load Image","C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc\comctl32.dll","SUCCESS","Image Base: 0x714f0000, Image Size: 0x84000"
 "11:26:46.3393346 AM","view-test.exe","24980","CloseFile","C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc\comctl32.dll","SUCCESS",""
 "11:26:46.3394829 AM","view-test.exe","24980","Load Image","C:\Windows\SysWOW64\shell32.dll","SUCCESS","Image Base: 0x75500000, Image Size: 0xc4b000"
 "11:26:46.3397713 AM","view-test.exe","24980","CreateFile","C:\dev\GIT\Red\MSIMG32.DLL","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
 "11:26:46.3398973 AM","view-test.exe","24980","CreateFile","C:\Windows\SysWOW64\msimg32.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
 "11:26:46.3399681 AM","view-test.exe","24980","QueryBasicInformationFile","C:\Windows\SysWOW64\msimg32.dll","SUCCESS","CreationTime: 7/14/2009 1:25:24 AM, LastAccessTime: 7/14/2009 1:25:24 AM, LastWriteTime: 7/14/2009 3:15:44 AM, ChangeTime: 12/5/2014 3:16:00 PM, FileAttributes: A"
 "11:26:46.3399780 AM","view-test.exe","24980","CloseFile","C:\Windows\SysWOW64\msimg32.dll","SUCCESS",""
 "11:26:46.3400562 AM","view-test.exe","24980","CreateFile","C:\Windows\SysWOW64\msimg32.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
 "11:26:46.3401213 AM","view-test.exe","24980","CreateFileMapping","C:\Windows\SysWOW64\msimg32.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: "
 "11:26:46.3401578 AM","view-test.exe","24980","CreateFileMapping","C:\Windows\SysWOW64\msimg32.dll","SUCCESS","SyncType: SyncTypeOther"
 "11:26:46.3402374 AM","view-test.exe","24980","Load Image","C:\Windows\SysWOW64\msimg32.dll","SUCCESS","Image Base: 0x71b60000, Image Size: 0x5000"
 "11:26:46.3402491 AM","view-test.exe","24980","CloseFile","C:\Windows\SysWOW64\msimg32.dll","SUCCESS",""
 "11:26:46.3404883 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\Sorting\Versions","REPARSE","Desired Access: Read"
 "11:26:46.3405004 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\Sorting\Versions","SUCCESS","Desired Access: Read"
 "11:26:46.3405120 AM","view-test.exe","24980","RegSetInfoKey","HKLM\System\CurrentControlSet\Control\Nls\Sorting\Versions","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.3405184 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\Sorting\Versions\(Default)","SUCCESS","Type: REG_SZ, Length: 36, Data: 00060101.00060101"
 "11:26:46.3405733 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Control\Terminal Server","REPARSE","Desired Access: Read"
 "11:26:46.3405814 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Control\Terminal Server","SUCCESS","Desired Access: Read"
 "11:26:46.3405899 AM","view-test.exe","24980","RegSetInfoKey","HKLM\System\CurrentControlSet\Control\Terminal Server","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.3405956 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Control\Terminal Server\TSAppCompat","NAME NOT FOUND","Length: 548"
 "11:26:46.3406026 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Control\Terminal Server\TSUserEnabled","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
 "11:26:46.3406122 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Control\Terminal Server","SUCCESS",""
 "11:26:46.3406267 AM","view-test.exe","24980","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: Read"
 "11:26:46.3406387 AM","view-test.exe","24980","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
 "11:26:46.3406494 AM","view-test.exe","24980","RegOpenKey","HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Diagnostics","NAME NOT FOUND","Desired Access: Read"
 "11:26:46.3408628 AM","view-test.exe","24980","CreateFile","C:\Windows\SysWOW64\imm32.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
 "11:26:46.3409417 AM","view-test.exe","24980","QueryBasicInformationFile","C:\Windows\SysWOW64\imm32.dll","SUCCESS","CreationTime: 11/21/2010 5:24:25 AM, LastAccessTime: 11/21/2010 5:24:25 AM, LastWriteTime: 11/21/2010 5:24:25 AM, ChangeTime: 12/5/2014 3:15:59 PM, FileAttributes: A"
 "11:26:46.3409527 AM","view-test.exe","24980","CloseFile","C:\Windows\SysWOW64\imm32.dll","SUCCESS",""
 "11:26:46.3410383 AM","view-test.exe","24980","CreateFile","C:\Windows\SysWOW64\imm32.dll","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
 "11:26:46.3411137 AM","view-test.exe","24980","CreateFileMapping","C:\Windows\SysWOW64\imm32.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: "
 "11:26:46.3411225 AM","view-test.exe","24980","QueryStandardInformationFile","C:\Windows\SysWOW64\imm32.dll","SUCCESS","AllocationSize: 122,880, EndOfFile: 119,808, NumberOfLinks: 2, DeletePending: False, Directory: False"
 "11:26:46.3411409 AM","view-test.exe","24980","CreateFileMapping","C:\Windows\SysWOW64\imm32.dll","SUCCESS","SyncType: SyncTypeOther"
 "11:26:46.3411664 AM","view-test.exe","24980","CloseFile","C:\Windows\SysWOW64\imm32.dll","SUCCESS",""
 "11:26:46.3411933 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Control\Session Manager","REPARSE","Desired Access: Query Value"
 "11:26:46.3412029 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Control\Session Manager","SUCCESS","Desired Access: Query Value"
 "11:26:46.3412117 AM","view-test.exe","24980","RegSetInfoKey","HKLM\System\CurrentControlSet\Control\SESSION MANAGER","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.3412177 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Control\SESSION MANAGER\SafeDllSearchMode","NAME NOT FOUND","Length: 16"
 "11:26:46.3413625 AM","view-test.exe","24980","CreateFile","C:\Windows\SysWOW64\imm32.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
 "11:26:46.3414258 AM","view-test.exe","24980","QueryBasicInformationFile","C:\Windows\SysWOW64\imm32.dll","SUCCESS","CreationTime: 11/21/2010 5:24:25 AM, LastAccessTime: 11/21/2010 5:24:25 AM, LastWriteTime: 11/21/2010 5:24:25 AM, ChangeTime: 12/5/2014 3:15:59 PM, FileAttributes: A"
 "11:26:46.3414357 AM","view-test.exe","24980","CloseFile","C:\Windows\SysWOW64\imm32.dll","SUCCESS",""
 "11:26:46.3415107 AM","view-test.exe","24980","CreateFile","C:\Windows\SysWOW64\imm32.dll","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
 "11:26:46.3415730 AM","view-test.exe","24980","CreateFileMapping","C:\Windows\SysWOW64\imm32.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: "
 "11:26:46.3415812 AM","view-test.exe","24980","QueryStandardInformationFile","C:\Windows\SysWOW64\imm32.dll","SUCCESS","AllocationSize: 122,880, EndOfFile: 119,808, NumberOfLinks: 2, DeletePending: False, Directory: False"
 "11:26:46.3415999 AM","view-test.exe","24980","CreateFileMapping","C:\Windows\SysWOW64\imm32.dll","SUCCESS","SyncType: SyncTypeOther"
 "11:26:46.3416240 AM","view-test.exe","24980","CloseFile","C:\Windows\SysWOW64\imm32.dll","SUCCESS",""
 "11:26:46.3417602 AM","view-test.exe","24980","CreateFile","C:\Windows\SysWOW64\imm32.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
 "11:26:46.3418275 AM","view-test.exe","24980","QueryBasicInformationFile","C:\Windows\SysWOW64\imm32.dll","SUCCESS","CreationTime: 11/21/2010 5:24:25 AM, LastAccessTime: 11/21/2010 5:24:25 AM, LastWriteTime: 11/21/2010 5:24:25 AM, ChangeTime: 12/5/2014 3:15:59 PM, FileAttributes: A"
 "11:26:46.3418370 AM","view-test.exe","24980","CloseFile","C:\Windows\SysWOW64\imm32.dll","SUCCESS",""
 "11:26:46.3419209 AM","view-test.exe","24980","CreateFile","C:\Windows\SysWOW64\imm32.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
 "11:26:46.3419924 AM","view-test.exe","24980","CreateFileMapping","C:\Windows\SysWOW64\imm32.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: "
 "11:26:46.3420250 AM","view-test.exe","24980","CreateFileMapping","C:\Windows\SysWOW64\imm32.dll","SUCCESS","SyncType: SyncTypeOther"
 "11:26:46.3421053 AM","view-test.exe","24980","Load Image","C:\Windows\SysWOW64\imm32.dll","SUCCESS","Image Base: 0x766b0000, Image Size: 0x60000"
 "11:26:46.3421177 AM","view-test.exe","24980","CloseFile","C:\Windows\SysWOW64\imm32.dll","SUCCESS",""
 "11:26:46.3422249 AM","view-test.exe","24980","Load Image","C:\Windows\SysWOW64\msctf.dll","SUCCESS","Image Base: 0x76dd0000, Image Size: 0xcc000"
 "11:26:46.3423339 AM","view-test.exe","24980","RegOpenKey","HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\GRE_Initialize","SUCCESS","Desired Access: Read"
 "11:26:46.3423477 AM","view-test.exe","24980","RegSetInfoKey","HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\GRE_Initialize","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.3423541 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\GRE_Initialize\DisableMetaFiles","NAME NOT FOUND","Length: 20"
 "11:26:46.3423626 AM","view-test.exe","24980","RegCloseKey","HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\GRE_Initialize","SUCCESS",""
 "11:26:46.3423955 AM","view-test.exe","24980","RegOpenKey","HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Compatibility32","SUCCESS","Desired Access: Read"
 "11:26:46.3424089 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Compatibility32\view-test","NAME NOT FOUND","Length: 172"
 "11:26:46.3424189 AM","view-test.exe","24980","RegCloseKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Compatibility32","SUCCESS",""
 "11:26:46.3424302 AM","view-test.exe","24980","RegOpenKey","HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\IME Compatibility","NAME NOT FOUND","Desired Access: Read"
 "11:26:46.3425063 AM","view-test.exe","24980","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Control\Nls\CustomLocale","REPARSE","Desired Access: Query Value"
 "11:26:46.3425187 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","Desired Access: Query Value"
 "11:26:46.3425321 AM","view-test.exe","24980","RegSetInfoKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.3425395 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale\EMPTY","NAME NOT FOUND","Length: 120"
 "11:26:46.3425502 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale\EMPTY","NAME NOT FOUND","Length: 120"
 "11:26:46.3425859 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Control\NLS\Language","REPARSE","Desired Access: Read"
 "11:26:46.3425951 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Control\NLS\Language","SUCCESS","Desired Access: Read"
 "11:26:46.3426050 AM","view-test.exe","24980","RegSetInfoKey","HKLM\System\CurrentControlSet\Control\Nls\Language","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.3426124 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\Language\InstallLanguageFallback","NAME NOT FOUND","Length: 16"
 "11:26:46.3426277 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\Language","SUCCESS",""
 "11:26:46.3426393 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Control\MUI\UILanguages","REPARSE","Desired Access: Read"
 "11:26:46.3426500 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Control\MUI\UILanguages","SUCCESS","Desired Access: Read"
 "11:26:46.3426616 AM","view-test.exe","24980","RegSetInfoKey","HKLM\System\CurrentControlSet\Control\MUI\UILanguages","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.3426719 AM","view-test.exe","24980","RegEnumKey","HKLM\System\CurrentControlSet\Control\MUI\UILanguages","SUCCESS","Index: 0, Name: en-US"
 "11:26:46.3426853 AM","view-test.exe","24980","RegQueryKey","HKLM\System\CurrentControlSet\Control\MUI\UILanguages","SUCCESS","Query: HandleTags, HandleTags: 0x400"
 "11:26:46.3426960 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Control\MUI\UILanguages\en-US","SUCCESS","Desired Access: Read"
 "11:26:46.3427048 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Control\MUI\UILanguages\en-US\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: 145"
 "11:26:46.3427175 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Control\MUI\UILanguages\en-US\AlternateCodePage","NAME NOT FOUND","Length: 12"
 "11:26:46.3427246 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Control\MUI\UILanguages\en-US","SUCCESS",""
 "11:26:46.3427313 AM","view-test.exe","24980","RegEnumKey","HKLM\System\CurrentControlSet\Control\MUI\UILanguages","NO MORE ENTRIES","Index: 1, Length: 512"
 "11:26:46.3427381 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Control\MUI\UILanguages","SUCCESS",""
 "11:26:46.3427473 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Control\MUI\UILanguages\PendingDelete","REPARSE","Desired Access: Read"
 "11:26:46.3427565 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Control\MUI\UILanguages\PendingDelete","NAME NOT FOUND","Desired Access: Read"
 "11:26:46.3427674 AM","view-test.exe","24980","RegOpenKey","HKLM\Software\Wow6432Node\Policies\Microsoft\MUI\Settings","REPARSE","Desired Access: Read"
 "11:26:46.3427848 AM","view-test.exe","24980","RegOpenKey","HKLM\SOFTWARE\Policies\Microsoft\MUI\Settings","NAME NOT FOUND","Desired Access: Read"
 "11:26:46.3428057 AM","view-test.exe","24980","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
 "11:26:46.3428173 AM","view-test.exe","24980","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
 "11:26:46.3428287 AM","view-test.exe","24980","RegOpenKey","HKCU\Control Panel\Desktop\MuiCached\MachineLanguageConfiguration","NAME NOT FOUND","Desired Access: Read"
 "11:26:46.3428403 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Control\MUI\Settings\LanguageConfiguration","REPARSE","Desired Access: Read"
 "11:26:46.3428492 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Control\MUI\Settings\LanguageConfiguration","NAME NOT FOUND","Desired Access: Read"
 "11:26:46.3428580 AM","view-test.exe","24980","RegCloseKey","HKCU","SUCCESS",""
 "11:26:46.3428672 AM","view-test.exe","24980","RegOpenKey","HKLM\Software\Wow6432Node\Policies\Microsoft\MUI\Settings","REPARSE","Desired Access: Read"
 "11:26:46.3428789 AM","view-test.exe","24980","RegOpenKey","HKLM\SOFTWARE\Policies\Microsoft\MUI\Settings","NAME NOT FOUND","Desired Access: Read"
 "11:26:46.3428931 AM","view-test.exe","24980","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
 "11:26:46.3429019 AM","view-test.exe","24980","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
 "11:26:46.3429118 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Policies\Microsoft\Control Panel\Desktop","NAME NOT FOUND","Desired Access: Read"
 "11:26:46.3429214 AM","view-test.exe","24980","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
 "11:26:46.3429309 AM","view-test.exe","24980","RegOpenKey","HKCU\Control Panel\Desktop\LanguageConfiguration","SUCCESS","Desired Access: Read"
 "11:26:46.3429412 AM","view-test.exe","24980","RegSetInfoKey","HKCU\Control Panel\Desktop\LanguageConfiguration","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.3429486 AM","view-test.exe","24980","RegEnumValue","HKCU\Control Panel\Desktop\LanguageConfiguration","NO MORE ENTRIES","Index: 0, Length: 512"
 "11:26:46.3429564 AM","view-test.exe","24980","RegCloseKey","HKCU\Control Panel\Desktop\LanguageConfiguration","SUCCESS",""
 "11:26:46.3429642 AM","view-test.exe","24980","RegCloseKey","HKCU","SUCCESS",""
 "11:26:46.3429734 AM","view-test.exe","24980","RegOpenKey","HKLM\Software\Wow6432Node\Policies\Microsoft\MUI\Settings","REPARSE","Desired Access: Read"
 "11:26:46.3429851 AM","view-test.exe","24980","RegOpenKey","HKLM\SOFTWARE\Policies\Microsoft\MUI\Settings","NAME NOT FOUND","Desired Access: Read"
 "11:26:46.3430000 AM","view-test.exe","24980","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
 "11:26:46.3430116 AM","view-test.exe","24980","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
 "11:26:46.3430219 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Policies\Microsoft\Control Panel\Desktop","NAME NOT FOUND","Desired Access: Read"
 "11:26:46.3430300 AM","view-test.exe","24980","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
 "11:26:46.3430392 AM","view-test.exe","24980","RegOpenKey","HKCU\Control Panel\Desktop","SUCCESS","Desired Access: Read"
 "11:26:46.3430467 AM","view-test.exe","24980","RegSetInfoKey","HKCU\Control Panel\Desktop","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.3430534 AM","view-test.exe","24980","RegQueryValue","HKCU\Control Panel\Desktop\PreferredUILanguages","NAME NOT FOUND","Length: 12"
 "11:26:46.3430633 AM","view-test.exe","24980","RegCloseKey","HKCU\Control Panel\Desktop","SUCCESS",""
 "11:26:46.3430700 AM","view-test.exe","24980","RegCloseKey","HKCU","SUCCESS",""
 "11:26:46.3430782 AM","view-test.exe","24980","RegOpenKey","HKLM\Software\Wow6432Node\Policies\Microsoft\MUI\Settings","REPARSE","Desired Access: Read"
 "11:26:46.3430895 AM","view-test.exe","24980","RegOpenKey","HKLM\SOFTWARE\Policies\Microsoft\MUI\Settings","NAME NOT FOUND","Desired Access: Read"
 "11:26:46.3431029 AM","view-test.exe","24980","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
 "11:26:46.3431114 AM","view-test.exe","24980","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
 "11:26:46.3431213 AM","view-test.exe","24980","RegOpenKey","HKCU\Control Panel\Desktop\MuiCached","SUCCESS","Desired Access: Read"
 "11:26:46.3431295 AM","view-test.exe","24980","RegSetInfoKey","HKCU\Control Panel\Desktop\MuiCached","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.3431359 AM","view-test.exe","24980","RegQueryValue","HKCU\Control Panel\Desktop\MuiCached\MachinePreferredUILanguages","BUFFER OVERFLOW","Length: 12"
 "11:26:46.3431426 AM","view-test.exe","24980","RegQueryValue","HKCU\Control Panel\Desktop\MuiCached\MachinePreferredUILanguages","SUCCESS","Type: REG_MULTI_SZ, Length: 12, Data: en-US"
 "11:26:46.3431532 AM","view-test.exe","24980","RegCloseKey","HKCU\Control Panel\Desktop\MuiCached","SUCCESS",""
 "11:26:46.3431599 AM","view-test.exe","24980","RegCloseKey","HKCU","SUCCESS",""
 "11:26:46.3432332 AM","view-test.exe","24980","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
 "11:26:46.3432466 AM","view-test.exe","24980","RegOpenKey","HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Windows","SUCCESS","Desired Access: Read"
 "11:26:46.3432576 AM","view-test.exe","24980","RegSetInfoKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Windows","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.3432650 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Windows\LoadAppInit_DLLs","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1"
 "11:26:46.3432760 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Windows\RequireSignedAppInit_DLLs","NAME NOT FOUND","Length: 144"
 "11:26:46.3432831 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs","SUCCESS","Type: REG_SZ, Length: 62, Data: C:\Windows\SysWOW64\nvinit.dll"
 "11:26:46.3434370 AM","view-test.exe","24980","CreateFile","C:\Windows\SysWOW64\nvinit.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
 "11:26:46.3434604 AM","view-test.exe","24980","QueryBasicInformationFile","C:\Windows\SysWOW64\nvinit.dll","SUCCESS","CreationTime: 12/5/2014 2:13:11 PM, LastAccessTime: 7/3/2015 4:29:36 PM, LastWriteTime: 6/17/2015 11:10:27 AM, ChangeTime: 7/3/2015 4:29:50 PM, FileAttributes: A"
 "11:26:46.3434717 AM","view-test.exe","24980","CloseFile","C:\Windows\SysWOW64\nvinit.dll","SUCCESS",""
 "11:26:46.3435563 AM","view-test.exe","24980","CreateFile","C:\Windows\SysWOW64\nvinit.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
 "11:26:46.3435775 AM","view-test.exe","24980","CreateFileMapping","C:\Windows\SysWOW64\nvinit.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: "
 "11:26:46.3436154 AM","view-test.exe","24980","CreateFileMapping","C:\Windows\SysWOW64\nvinit.dll","SUCCESS","SyncType: SyncTypeOther"
 "11:26:46.3436426 AM","view-test.exe","24980","Load Image","C:\Windows\SysWOW64\nvinit.dll","SUCCESS","Image Base: 0x74b50000, Image Size: 0x2b000"
 "11:26:46.3436571 AM","view-test.exe","24980","CloseFile","C:\Windows\SysWOW64\nvinit.dll","SUCCESS",""
 "11:26:46.3437615 AM","view-test.exe","24980","CreateFile","C:\dev\GIT\Red\VERSION.dll","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
 "11:26:46.3438826 AM","view-test.exe","24980","CreateFile","C:\Windows\SysWOW64\version.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
 "11:26:46.3439456 AM","view-test.exe","24980","QueryBasicInformationFile","C:\Windows\SysWOW64\version.dll","SUCCESS","CreationTime: 7/14/2009 1:41:45 AM, LastAccessTime: 7/14/2009 1:41:45 AM, LastWriteTime: 7/14/2009 3:16:17 AM, ChangeTime: 12/5/2014 3:16:10 PM, FileAttributes: A"
 "11:26:46.3439569 AM","view-test.exe","24980","CloseFile","C:\Windows\SysWOW64\version.dll","SUCCESS",""
 "11:26:46.3440401 AM","view-test.exe","24980","CreateFile","C:\Windows\SysWOW64\version.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
 "11:26:46.3441066 AM","view-test.exe","24980","CreateFileMapping","C:\Windows\SysWOW64\version.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: "
 "11:26:46.3441494 AM","view-test.exe","24980","CreateFileMapping","C:\Windows\SysWOW64\version.dll","SUCCESS","SyncType: SyncTypeOther"
 "11:26:46.3442382 AM","view-test.exe","24980","Load Image","C:\Windows\SysWOW64\version.dll","SUCCESS","Image Base: 0x74be0000, Image Size: 0x9000"
 "11:26:46.3442524 AM","view-test.exe","24980","CloseFile","C:\Windows\SysWOW64\version.dll","SUCCESS",""
 "11:26:46.3444718 AM","view-test.exe","24980","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
 "11:26:46.3444867 AM","view-test.exe","24980","RegOpenKey","HKLM\SOFTWARE\Wow6432Node\NVIDIA Corporation\Global\CoProcManager","SUCCESS","Desired Access: Query Value"
 "11:26:46.3445062 AM","view-test.exe","24980","RegSetInfoKey","HKLM\SOFTWARE\Wow6432Node\NVIDIA Corporation\Global\CoprocManager","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.3445154 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\Wow6432Node\NVIDIA Corporation\Global\CoprocManager\UMDLogging.Init","NAME NOT FOUND","Length: 144"
 "11:26:46.3445249 AM","view-test.exe","24980","RegCloseKey","HKLM\SOFTWARE\Wow6432Node\NVIDIA Corporation\Global\CoprocManager","SUCCESS",""
 "11:26:46.3446318 AM","view-test.exe","24980","RegOpenKey","HKLM\Hardware\DeviceMap\VIDEO","SUCCESS","Desired Access: Read, Maximum Allowed"
 "11:26:46.3446456 AM","view-test.exe","24980","RegQueryValue","HKLM\HARDWARE\DEVICEMAP\VIDEO\MaxObjectNumber","SUCCESS","Type: REG_DWORD, Length: 4, Data: 10"
 "11:26:46.3446583 AM","view-test.exe","24980","RegCloseKey","HKLM\HARDWARE\DEVICEMAP\VIDEO","SUCCESS",""
 "11:26:46.3446718 AM","view-test.exe","24980","RegOpenKey","HKLM\Hardware\DeviceMap\Video","SUCCESS","Desired Access: Read"
 "11:26:46.3446813 AM","view-test.exe","24980","RegQueryValue","HKLM\HARDWARE\DEVICEMAP\VIDEO\\Device\Video4","SUCCESS","Type: REG_SZ, Length: 202, Data: \Registry\Machine\System\CurrentControlSet\Control\Video\{BA86A327-71E2-426F-9F8A-30608887E2D4}\0000"
 "11:26:46.3446962 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\CONTROL\VIDEO\{BA86A327-71E2-426F-9F8A-30608887E2D4}\0000","REPARSE","Desired Access: Read"
 "11:26:46.3447089 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\CONTROL\VIDEO\{BA86A327-71E2-426F-9F8A-30608887E2D4}\0000","SUCCESS","Desired Access: Read"
 "11:26:46.3447227 AM","view-test.exe","24980","RegCloseKey","HKLM\HARDWARE\DEVICEMAP\VIDEO","SUCCESS",""
 "11:26:46.3447319 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Control\CLASS\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000\PruningMode","NAME NOT FOUND","Length: 52"
 "11:26:46.3447503 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Control\CLASS\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000","SUCCESS",""
 "11:26:46.3447634 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Enum\PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028&REV_06\3&11583659&0&10","SUCCESS","Desired Access: Read"
 "11:26:46.3447748 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Enum\PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028&REV_06\3&11583659&0&10\HardwareID","SUCCESS","Type: REG_MULTI_SZ, Length: 292, Data: PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028&REV_06, PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028, PCI\VEN_8086&DEV_0416&CC_030000, PCI\VEN_8086&DEV_0416&CC_0300"
 "11:26:46.3447861 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Enum\PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028&REV_06\3&11583659&0&10","SUCCESS",""
 "11:26:46.3447956 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Enum\PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028&REV_06\3&11583659&0&10","SUCCESS","Desired Access: Read"
 "11:26:46.3448041 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Enum\PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028&REV_06\3&11583659&0&10\HardwareID","SUCCESS","Type: REG_MULTI_SZ, Length: 292, Data: PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028&REV_06, PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028, PCI\VEN_8086&DEV_0416&CC_030000, PCI\VEN_8086&DEV_0416&CC_0300"
 "11:26:46.3448144 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Enum\PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028&REV_06\3&11583659&0&10","SUCCESS",""
 "11:26:46.3448243 AM","view-test.exe","24980","RegOpenKey","HKLM\Hardware\DeviceMap\Video","SUCCESS","Desired Access: Read"
 "11:26:46.3448328 AM","view-test.exe","24980","RegQueryValue","HKLM\HARDWARE\DEVICEMAP\VIDEO\\Device\Video4","SUCCESS","Type: REG_SZ, Length: 202, Data: \Registry\Machine\System\CurrentControlSet\Control\Video\{BA86A327-71E2-426F-9F8A-30608887E2D4}\0000"
 "11:26:46.3448434 AM","view-test.exe","24980","RegCloseKey","HKLM\HARDWARE\DEVICEMAP\VIDEO","SUCCESS",""
 "11:26:46.3448551 AM","view-test.exe","24980","RegOpenKey","HKLM\Hardware\DeviceMap\VIDEO","SUCCESS","Desired Access: Read, Maximum Allowed"
 "11:26:46.3448639 AM","view-test.exe","24980","RegQueryValue","HKLM\HARDWARE\DEVICEMAP\VIDEO\MaxObjectNumber","SUCCESS","Type: REG_DWORD, Length: 4, Data: 10"
 "11:26:46.3448742 AM","view-test.exe","24980","RegCloseKey","HKLM\HARDWARE\DEVICEMAP\VIDEO","SUCCESS",""
 "11:26:46.3448841 AM","view-test.exe","24980","RegOpenKey","HKLM\Hardware\DeviceMap\Video","SUCCESS","Desired Access: Read"
 "11:26:46.3448940 AM","view-test.exe","24980","RegQueryValue","HKLM\HARDWARE\DEVICEMAP\VIDEO\\Device\Video5","SUCCESS","Type: REG_SZ, Length: 202, Data: \Registry\Machine\System\CurrentControlSet\Control\Video\{BA86A327-71E2-426F-9F8A-30608887E2D4}\0001"
 "11:26:46.3449075 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\CONTROL\VIDEO\{BA86A327-71E2-426F-9F8A-30608887E2D4}\0001","REPARSE","Desired Access: Read"
 "11:26:46.3449177 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\CONTROL\VIDEO\{BA86A327-71E2-426F-9F8A-30608887E2D4}\0001","SUCCESS","Desired Access: Read"
 "11:26:46.3449284 AM","view-test.exe","24980","RegCloseKey","HKLM\HARDWARE\DEVICEMAP\VIDEO","SUCCESS",""
 "11:26:46.3449358 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Control\CLASS\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000\PruningMode","NAME NOT FOUND","Length: 52"
 "11:26:46.3449496 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Control\CLASS\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000","SUCCESS",""
 "11:26:46.3449598 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Enum\PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028&REV_06\3&11583659&0&10","SUCCESS","Desired Access: Read"
 "11:26:46.3449694 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Enum\PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028&REV_06\3&11583659&0&10\HardwareID","SUCCESS","Type: REG_MULTI_SZ, Length: 292, Data: PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028&REV_06, PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028, PCI\VEN_8086&DEV_0416&CC_030000, PCI\VEN_8086&DEV_0416&CC_0300"
 "11:26:46.3449804 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Enum\PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028&REV_06\3&11583659&0&10","SUCCESS",""
 "11:26:46.3449896 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Enum\PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028&REV_06\3&11583659&0&10","SUCCESS","Desired Access: Read"
 "11:26:46.3449977 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Enum\PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028&REV_06\3&11583659&0&10\HardwareID","SUCCESS","Type: REG_MULTI_SZ, Length: 292, Data: PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028&REV_06, PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028, PCI\VEN_8086&DEV_0416&CC_030000, PCI\VEN_8086&DEV_0416&CC_0300"
 "11:26:46.3450080 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Enum\PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028&REV_06\3&11583659&0&10","SUCCESS",""
 "11:26:46.3450168 AM","view-test.exe","24980","RegOpenKey","HKLM\Hardware\DeviceMap\Video","SUCCESS","Desired Access: Read"
 "11:26:46.3450253 AM","view-test.exe","24980","RegQueryValue","HKLM\HARDWARE\DEVICEMAP\VIDEO\\Device\Video5","SUCCESS","Type: REG_SZ, Length: 202, Data: \Registry\Machine\System\CurrentControlSet\Control\Video\{BA86A327-71E2-426F-9F8A-30608887E2D4}\0001"
 "11:26:46.3450363 AM","view-test.exe","24980","RegCloseKey","HKLM\HARDWARE\DEVICEMAP\VIDEO","SUCCESS",""
 "11:26:46.3450473 AM","view-test.exe","24980","RegOpenKey","HKLM\Hardware\DeviceMap\VIDEO","SUCCESS","Desired Access: Read, Maximum Allowed"
 "11:26:46.3450568 AM","view-test.exe","24980","RegQueryValue","HKLM\HARDWARE\DEVICEMAP\VIDEO\MaxObjectNumber","SUCCESS","Type: REG_DWORD, Length: 4, Data: 10"
 "11:26:46.3450696 AM","view-test.exe","24980","RegCloseKey","HKLM\HARDWARE\DEVICEMAP\VIDEO","SUCCESS",""
 "11:26:46.3450802 AM","view-test.exe","24980","RegOpenKey","HKLM\Hardware\DeviceMap\Video","SUCCESS","Desired Access: Read"
 "11:26:46.3450901 AM","view-test.exe","24980","RegQueryValue","HKLM\HARDWARE\DEVICEMAP\VIDEO\\Device\Video6","SUCCESS","Type: REG_SZ, Length: 202, Data: \Registry\Machine\System\CurrentControlSet\Control\Video\{BA86A327-71E2-426F-9F8A-30608887E2D4}\0002"
 "11:26:46.3451035 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\CONTROL\VIDEO\{BA86A327-71E2-426F-9F8A-30608887E2D4}\0002","REPARSE","Desired Access: Read"
 "11:26:46.3451138 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\CONTROL\VIDEO\{BA86A327-71E2-426F-9F8A-30608887E2D4}\0002","SUCCESS","Desired Access: Read"
 "11:26:46.3451251 AM","view-test.exe","24980","RegCloseKey","HKLM\HARDWARE\DEVICEMAP\VIDEO","SUCCESS",""
 "11:26:46.3451336 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Control\CLASS\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000\PruningMode","NAME NOT FOUND","Length: 52"
 "11:26:46.3451464 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Control\CLASS\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000","SUCCESS",""
 "11:26:46.3451548 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Enum\PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028&REV_06\3&11583659&0&10","SUCCESS","Desired Access: Read"
 "11:26:46.3451630 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Enum\PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028&REV_06\3&11583659&0&10\HardwareID","SUCCESS","Type: REG_MULTI_SZ, Length: 292, Data: PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028&REV_06, PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028, PCI\VEN_8086&DEV_0416&CC_030000, PCI\VEN_8086&DEV_0416&CC_0300"
 "11:26:46.3451733 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Enum\PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028&REV_06\3&11583659&0&10","SUCCESS",""
 "11:26:46.3451821 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Enum\PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028&REV_06\3&11583659&0&10","SUCCESS","Desired Access: Read"
 "11:26:46.3451902 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Enum\PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028&REV_06\3&11583659&0&10\HardwareID","SUCCESS","Type: REG_MULTI_SZ, Length: 292, Data: PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028&REV_06, PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028, PCI\VEN_8086&DEV_0416&CC_030000, PCI\VEN_8086&DEV_0416&CC_0300"
 "11:26:46.3452005 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Enum\PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028&REV_06\3&11583659&0&10","SUCCESS",""
 "11:26:46.3452093 AM","view-test.exe","24980","RegOpenKey","HKLM\Hardware\DeviceMap\Video","SUCCESS","Desired Access: Read"
 "11:26:46.3452178 AM","view-test.exe","24980","RegQueryValue","HKLM\HARDWARE\DEVICEMAP\VIDEO\\Device\Video6","SUCCESS","Type: REG_SZ, Length: 202, Data: \Registry\Machine\System\CurrentControlSet\Control\Video\{BA86A327-71E2-426F-9F8A-30608887E2D4}\0002"
 "11:26:46.3452281 AM","view-test.exe","24980","RegCloseKey","HKLM\HARDWARE\DEVICEMAP\VIDEO","SUCCESS",""
 "11:26:46.3452387 AM","view-test.exe","24980","RegOpenKey","HKLM\Hardware\DeviceMap\VIDEO","SUCCESS","Desired Access: Read, Maximum Allowed"
 "11:26:46.3452469 AM","view-test.exe","24980","RegQueryValue","HKLM\HARDWARE\DEVICEMAP\VIDEO\MaxObjectNumber","SUCCESS","Type: REG_DWORD, Length: 4, Data: 10"
 "11:26:46.3452578 AM","view-test.exe","24980","RegCloseKey","HKLM\HARDWARE\DEVICEMAP\VIDEO","SUCCESS",""
 "11:26:46.3452684 AM","view-test.exe","24980","RegOpenKey","HKLM\Hardware\DeviceMap\Video","SUCCESS","Desired Access: Read"
 "11:26:46.3452769 AM","view-test.exe","24980","RegQueryValue","HKLM\HARDWARE\DEVICEMAP\VIDEO\\Device\Video7","SUCCESS","Type: REG_SZ, Length: 202, Data: \Registry\Machine\System\CurrentControlSet\Control\Video\{47F3E9C5-EBBC-4BE9-832F-73DC6589F2B5}\0000"
 "11:26:46.3452918 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\CONTROL\VIDEO\{47F3E9C5-EBBC-4BE9-832F-73DC6589F2B5}\0000","REPARSE","Desired Access: Read"
 "11:26:46.3453017 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\CONTROL\VIDEO\{47F3E9C5-EBBC-4BE9-832F-73DC6589F2B5}\0000","SUCCESS","Desired Access: Read"
 "11:26:46.3453120 AM","view-test.exe","24980","RegCloseKey","HKLM\HARDWARE\DEVICEMAP\VIDEO","SUCCESS",""
 "11:26:46.3453194 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Control\CLASS\{4D36E968-E325-11CE-BFC1-08002BE10318}\0001\PruningMode","NAME NOT FOUND","Length: 52"
 "11:26:46.3453322 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Control\CLASS\{4D36E968-E325-11CE-BFC1-08002BE10318}\0001","SUCCESS",""
 "11:26:46.3453414 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Enum\PCI\VEN_10DE&DEV_11FC&SUBSYS_15CC1028&REV_A1\4&1c0e275d&0&0008","SUCCESS","Desired Access: Read"
 "11:26:46.3453516 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Enum\PCI\VEN_10DE&DEV_11FC&SUBSYS_15CC1028&REV_A1\4&1c0e275d&0&0008\HardwareID","SUCCESS","Type: REG_MULTI_SZ, Length: 292, Data: PCI\VEN_10DE&DEV_11FC&SUBSYS_15CC1028&REV_A1, PCI\VEN_10DE&DEV_11FC&SUBSYS_15CC1028, PCI\VEN_10DE&DEV_11FC&CC_030000, PCI\VEN_10DE&DEV_11FC&CC_0300"
 "11:26:46.3453626 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Enum\PCI\VEN_10DE&DEV_11FC&SUBSYS_15CC1028&REV_A1\4&1c0e275d&0&0008","SUCCESS",""
 "11:26:46.3453736 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Enum\PCI\VEN_10DE&DEV_11FC&SUBSYS_15CC1028&REV_A1\4&1c0e275d&0&0008","SUCCESS","Desired Access: Read"
 "11:26:46.3453824 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Enum\PCI\VEN_10DE&DEV_11FC&SUBSYS_15CC1028&REV_A1\4&1c0e275d&0&0008\HardwareID","SUCCESS","Type: REG_MULTI_SZ, Length: 292, Data: PCI\VEN_10DE&DEV_11FC&SUBSYS_15CC1028&REV_A1, PCI\VEN_10DE&DEV_11FC&SUBSYS_15CC1028, PCI\VEN_10DE&DEV_11FC&CC_030000, PCI\VEN_10DE&DEV_11FC&CC_0300"
 "11:26:46.3453937 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Enum\PCI\VEN_10DE&DEV_11FC&SUBSYS_15CC1028&REV_A1\4&1c0e275d&0&0008","SUCCESS",""
 "11:26:46.3454058 AM","view-test.exe","24980","RegOpenKey","HKLM\Hardware\DeviceMap\Video","SUCCESS","Desired Access: Read"
 "11:26:46.3454153 AM","view-test.exe","24980","RegQueryValue","HKLM\HARDWARE\DEVICEMAP\VIDEO\\Device\Video7","SUCCESS","Type: REG_SZ, Length: 202, Data: \Registry\Machine\System\CurrentControlSet\Control\Video\{47F3E9C5-EBBC-4BE9-832F-73DC6589F2B5}\0000"
 "11:26:46.3454266 AM","view-test.exe","24980","RegCloseKey","HKLM\HARDWARE\DEVICEMAP\VIDEO","SUCCESS",""
 "11:26:46.3454426 AM","view-test.exe","24980","RegOpenKey","HKLM\Hardware\DeviceMap\VIDEO","SUCCESS","Desired Access: Read, Maximum Allowed"
 "11:26:46.3454546 AM","view-test.exe","24980","RegQueryValue","HKLM\HARDWARE\DEVICEMAP\VIDEO\MaxObjectNumber","SUCCESS","Type: REG_DWORD, Length: 4, Data: 10"
 "11:26:46.3454666 AM","view-test.exe","24980","RegCloseKey","HKLM\HARDWARE\DEVICEMAP\VIDEO","SUCCESS",""
 "11:26:46.3454765 AM","view-test.exe","24980","RegOpenKey","HKLM\Hardware\DeviceMap\Video","SUCCESS","Desired Access: Read"
 "11:26:46.3454850 AM","view-test.exe","24980","RegQueryValue","HKLM\HARDWARE\DEVICEMAP\VIDEO\\Device\Video8","SUCCESS","Type: REG_SZ, Length: 202, Data: \Registry\Machine\System\CurrentControlSet\Control\Video\{47F3E9C5-EBBC-4BE9-832F-73DC6589F2B5}\0001"
 "11:26:46.3454978 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\CONTROL\VIDEO\{47F3E9C5-EBBC-4BE9-832F-73DC6589F2B5}\0001","REPARSE","Desired Access: Read"
 "11:26:46.3455077 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\CONTROL\VIDEO\{47F3E9C5-EBBC-4BE9-832F-73DC6589F2B5}\0001","SUCCESS","Desired Access: Read"
 "11:26:46.3455179 AM","view-test.exe","24980","RegCloseKey","HKLM\HARDWARE\DEVICEMAP\VIDEO","SUCCESS",""
 "11:26:46.3455254 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Control\CLASS\{4D36E968-E325-11CE-BFC1-08002BE10318}\0001\PruningMode","NAME NOT FOUND","Length: 52"
 "11:26:46.3455364 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Control\CLASS\{4D36E968-E325-11CE-BFC1-08002BE10318}\0001","SUCCESS",""
 "11:26:46.3455448 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Enum\PCI\VEN_10DE&DEV_11FC&SUBSYS_15CC1028&REV_A1\4&1c0e275d&0&0008","SUCCESS","Desired Access: Read"
 "11:26:46.3455540 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Enum\PCI\VEN_10DE&DEV_11FC&SUBSYS_15CC1028&REV_A1\4&1c0e275d&0&0008\HardwareID","SUCCESS","Type: REG_MULTI_SZ, Length: 292, Data: PCI\VEN_10DE&DEV_11FC&SUBSYS_15CC1028&REV_A1, PCI\VEN_10DE&DEV_11FC&SUBSYS_15CC1028, PCI\VEN_10DE&DEV_11FC&CC_030000, PCI\VEN_10DE&DEV_11FC&CC_0300"
 "11:26:46.3455647 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Enum\PCI\VEN_10DE&DEV_11FC&SUBSYS_15CC1028&REV_A1\4&1c0e275d&0&0008","SUCCESS",""
 "11:26:46.3455735 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Enum\PCI\VEN_10DE&DEV_11FC&SUBSYS_15CC1028&REV_A1\4&1c0e275d&0&0008","SUCCESS","Desired Access: Read"
 "11:26:46.3455813 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Enum\PCI\VEN_10DE&DEV_11FC&SUBSYS_15CC1028&REV_A1\4&1c0e275d&0&0008\HardwareID","SUCCESS","Type: REG_MULTI_SZ, Length: 292, Data: PCI\VEN_10DE&DEV_11FC&SUBSYS_15CC1028&REV_A1, PCI\VEN_10DE&DEV_11FC&SUBSYS_15CC1028, PCI\VEN_10DE&DEV_11FC&CC_030000, PCI\VEN_10DE&DEV_11FC&CC_0300"
 "11:26:46.3455916 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Enum\PCI\VEN_10DE&DEV_11FC&SUBSYS_15CC1028&REV_A1\4&1c0e275d&0&0008","SUCCESS",""
 "11:26:46.3456004 AM","view-test.exe","24980","RegOpenKey","HKLM\Hardware\DeviceMap\Video","SUCCESS","Desired Access: Read"
 "11:26:46.3456103 AM","view-test.exe","24980","RegQueryValue","HKLM\HARDWARE\DEVICEMAP\VIDEO\\Device\Video8","SUCCESS","Type: REG_SZ, Length: 202, Data: \Registry\Machine\System\CurrentControlSet\Control\Video\{47F3E9C5-EBBC-4BE9-832F-73DC6589F2B5}\0001"
 "11:26:46.3456209 AM","view-test.exe","24980","RegCloseKey","HKLM\HARDWARE\DEVICEMAP\VIDEO","SUCCESS",""
 "11:26:46.3456316 AM","view-test.exe","24980","RegOpenKey","HKLM\Hardware\DeviceMap\VIDEO","SUCCESS","Desired Access: Read, Maximum Allowed"
 "11:26:46.3456397 AM","view-test.exe","24980","RegQueryValue","HKLM\HARDWARE\DEVICEMAP\VIDEO\MaxObjectNumber","SUCCESS","Type: REG_DWORD, Length: 4, Data: 10"
 "11:26:46.3456500 AM","view-test.exe","24980","RegCloseKey","HKLM\HARDWARE\DEVICEMAP\VIDEO","SUCCESS",""
 "11:26:46.3456599 AM","view-test.exe","24980","RegOpenKey","HKLM\Hardware\DeviceMap\Video","SUCCESS","Desired Access: Read"
 "11:26:46.3456705 AM","view-test.exe","24980","RegQueryValue","HKLM\HARDWARE\DEVICEMAP\VIDEO\\Device\Video9","SUCCESS","Type: REG_SZ, Length: 202, Data: \Registry\Machine\System\CurrentControlSet\Control\Video\{47F3E9C5-EBBC-4BE9-832F-73DC6589F2B5}\0002"
 "11:26:46.3456846 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\CONTROL\VIDEO\{47F3E9C5-EBBC-4BE9-832F-73DC6589F2B5}\0002","REPARSE","Desired Access: Read"
 "11:26:46.3456942 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\CONTROL\VIDEO\{47F3E9C5-EBBC-4BE9-832F-73DC6589F2B5}\0002","SUCCESS","Desired Access: Read"
 "11:26:46.3457041 AM","view-test.exe","24980","RegCloseKey","HKLM\HARDWARE\DEVICEMAP\VIDEO","SUCCESS",""
 "11:26:46.3457129 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Control\CLASS\{4D36E968-E325-11CE-BFC1-08002BE10318}\0001\PruningMode","NAME NOT FOUND","Length: 52"
 "11:26:46.3457229 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Control\CLASS\{4D36E968-E325-11CE-BFC1-08002BE10318}\0001","SUCCESS",""
 "11:26:46.3457317 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Enum\PCI\VEN_10DE&DEV_11FC&SUBSYS_15CC1028&REV_A1\4&1c0e275d&0&0008","SUCCESS","Desired Access: Read"
 "11:26:46.3457406 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Enum\PCI\VEN_10DE&DEV_11FC&SUBSYS_15CC1028&REV_A1\4&1c0e275d&0&0008\HardwareID","SUCCESS","Type: REG_MULTI_SZ, Length: 292, Data: PCI\VEN_10DE&DEV_11FC&SUBSYS_15CC1028&REV_A1, PCI\VEN_10DE&DEV_11FC&SUBSYS_15CC1028, PCI\VEN_10DE&DEV_11FC&CC_030000, PCI\VEN_10DE&DEV_11FC&CC_0300"
 "11:26:46.3457529 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Enum\PCI\VEN_10DE&DEV_11FC&SUBSYS_15CC1028&REV_A1\4&1c0e275d&0&0008","SUCCESS",""
 "11:26:46.3457618 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Enum\PCI\VEN_10DE&DEV_11FC&SUBSYS_15CC1028&REV_A1\4&1c0e275d&0&0008","SUCCESS","Desired Access: Read"
 "11:26:46.3457699 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Enum\PCI\VEN_10DE&DEV_11FC&SUBSYS_15CC1028&REV_A1\4&1c0e275d&0&0008\HardwareID","SUCCESS","Type: REG_MULTI_SZ, Length: 292, Data: PCI\VEN_10DE&DEV_11FC&SUBSYS_15CC1028&REV_A1, PCI\VEN_10DE&DEV_11FC&SUBSYS_15CC1028, PCI\VEN_10DE&DEV_11FC&CC_030000, PCI\VEN_10DE&DEV_11FC&CC_0300"
 "11:26:46.3457798 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Enum\PCI\VEN_10DE&DEV_11FC&SUBSYS_15CC1028&REV_A1\4&1c0e275d&0&0008","SUCCESS",""
 "11:26:46.3457887 AM","view-test.exe","24980","RegOpenKey","HKLM\Hardware\DeviceMap\Video","SUCCESS","Desired Access: Read"
 "11:26:46.3457972 AM","view-test.exe","24980","RegQueryValue","HKLM\HARDWARE\DEVICEMAP\VIDEO\\Device\Video9","SUCCESS","Type: REG_SZ, Length: 202, Data: \Registry\Machine\System\CurrentControlSet\Control\Video\{47F3E9C5-EBBC-4BE9-832F-73DC6589F2B5}\0002"
 "11:26:46.3458089 AM","view-test.exe","24980","RegCloseKey","HKLM\HARDWARE\DEVICEMAP\VIDEO","SUCCESS",""
 "11:26:46.3458205 AM","view-test.exe","24980","RegOpenKey","HKLM\Hardware\DeviceMap\VIDEO","SUCCESS","Desired Access: Read, Maximum Allowed"
 "11:26:46.3458304 AM","view-test.exe","24980","RegQueryValue","HKLM\HARDWARE\DEVICEMAP\VIDEO\MaxObjectNumber","SUCCESS","Type: REG_DWORD, Length: 4, Data: 10"
 "11:26:46.3458421 AM","view-test.exe","24980","RegCloseKey","HKLM\HARDWARE\DEVICEMAP\VIDEO","SUCCESS",""
 "11:26:46.3458531 AM","view-test.exe","24980","RegOpenKey","HKLM\Hardware\DeviceMap\Video","SUCCESS","Desired Access: Read"
 "11:26:46.3458616 AM","view-test.exe","24980","RegQueryValue","HKLM\HARDWARE\DEVICEMAP\VIDEO\\Device\Video10","SUCCESS","Type: REG_SZ, Length: 202, Data: \Registry\Machine\System\CurrentControlSet\Control\Video\{47F3E9C5-EBBC-4BE9-832F-73DC6589F2B5}\0003"
 "11:26:46.3458750 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\CONTROL\VIDEO\{47F3E9C5-EBBC-4BE9-832F-73DC6589F2B5}\0003","REPARSE","Desired Access: Read"
 "11:26:46.3458849 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\CONTROL\VIDEO\{47F3E9C5-EBBC-4BE9-832F-73DC6589F2B5}\0003","SUCCESS","Desired Access: Read"
 "11:26:46.3458952 AM","view-test.exe","24980","RegCloseKey","HKLM\HARDWARE\DEVICEMAP\VIDEO","SUCCESS",""
 "11:26:46.3459023 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Control\CLASS\{4D36E968-E325-11CE-BFC1-08002BE10318}\0001\PruningMode","NAME NOT FOUND","Length: 52"
 "11:26:46.3459122 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Control\CLASS\{4D36E968-E325-11CE-BFC1-08002BE10318}\0001","SUCCESS",""
 "11:26:46.3459207 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Enum\PCI\VEN_10DE&DEV_11FC&SUBSYS_15CC1028&REV_A1\4&1c0e275d&0&0008","SUCCESS","Desired Access: Read"
 "11:26:46.3459288 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Enum\PCI\VEN_10DE&DEV_11FC&SUBSYS_15CC1028&REV_A1\4&1c0e275d&0&0008\HardwareID","SUCCESS","Type: REG_MULTI_SZ, Length: 292, Data: PCI\VEN_10DE&DEV_11FC&SUBSYS_15CC1028&REV_A1, PCI\VEN_10DE&DEV_11FC&SUBSYS_15CC1028, PCI\VEN_10DE&DEV_11FC&CC_030000, PCI\VEN_10DE&DEV_11FC&CC_0300"
 "11:26:46.3459391 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Enum\PCI\VEN_10DE&DEV_11FC&SUBSYS_15CC1028&REV_A1\4&1c0e275d&0&0008","SUCCESS",""
 "11:26:46.3459490 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Enum\PCI\VEN_10DE&DEV_11FC&SUBSYS_15CC1028&REV_A1\4&1c0e275d&0&0008","SUCCESS","Desired Access: Read"
 "11:26:46.3459571 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Enum\PCI\VEN_10DE&DEV_11FC&SUBSYS_15CC1028&REV_A1\4&1c0e275d&0&0008\HardwareID","SUCCESS","Type: REG_MULTI_SZ, Length: 292, Data: PCI\VEN_10DE&DEV_11FC&SUBSYS_15CC1028&REV_A1, PCI\VEN_10DE&DEV_11FC&SUBSYS_15CC1028, PCI\VEN_10DE&DEV_11FC&CC_030000, PCI\VEN_10DE&DEV_11FC&CC_0300"
 "11:26:46.3459674 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Enum\PCI\VEN_10DE&DEV_11FC&SUBSYS_15CC1028&REV_A1\4&1c0e275d&0&0008","SUCCESS",""
 "11:26:46.3459759 AM","view-test.exe","24980","RegOpenKey","HKLM\Hardware\DeviceMap\Video","SUCCESS","Desired Access: Read"
 "11:26:46.3459837 AM","view-test.exe","24980","RegQueryValue","HKLM\HARDWARE\DEVICEMAP\VIDEO\\Device\Video10","SUCCESS","Type: REG_SZ, Length: 202, Data: \Registry\Machine\System\CurrentControlSet\Control\Video\{47F3E9C5-EBBC-4BE9-832F-73DC6589F2B5}\0003"
 "11:26:46.3459943 AM","view-test.exe","24980","RegCloseKey","HKLM\HARDWARE\DEVICEMAP\VIDEO","SUCCESS",""
 "11:26:46.3460049 AM","view-test.exe","24980","RegOpenKey","HKLM\Hardware\DeviceMap\VIDEO","SUCCESS","Desired Access: Read, Maximum Allowed"
 "11:26:46.3460159 AM","view-test.exe","24980","RegQueryValue","HKLM\HARDWARE\DEVICEMAP\VIDEO\MaxObjectNumber","SUCCESS","Type: REG_DWORD, Length: 4, Data: 10"
 "11:26:46.3460261 AM","view-test.exe","24980","RegCloseKey","HKLM\HARDWARE\DEVICEMAP\VIDEO","SUCCESS",""
 "11:26:46.3460368 AM","view-test.exe","24980","RegOpenKey","HKLM\Hardware\DeviceMap\Video","SUCCESS","Desired Access: Read"
 "11:26:46.3460449 AM","view-test.exe","24980","RegQueryValue","HKLM\HARDWARE\DEVICEMAP\VIDEO\\Device\Video0","SUCCESS","Type: REG_SZ, Length: 202, Data: \Registry\Machine\System\CurrentControlSet\Control\Video\{DEB039CC-B704-4F53-B43E-9DD4432FA2E9}\0000"
 "11:26:46.3460573 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\CONTROL\VIDEO\{DEB039CC-B704-4F53-B43E-9DD4432FA2E9}\0000","REPARSE","Desired Access: Read"
 "11:26:46.3460676 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\CONTROL\VIDEO\{DEB039CC-B704-4F53-B43E-9DD4432FA2E9}\0000","SUCCESS","Desired Access: Read"
 "11:26:46.3460785 AM","view-test.exe","24980","RegCloseKey","HKLM\HARDWARE\DEVICEMAP\VIDEO","SUCCESS",""
 "11:26:46.3460860 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Control\VIDEO\{DEB039CC-B704-4F53-B43E-9DD4432FA2E9}\0000\PruningMode","NAME NOT FOUND","Length: 52"
 "11:26:46.3460941 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Control\VIDEO\{DEB039CC-B704-4F53-B43E-9DD4432FA2E9}\0000","SUCCESS",""
 "11:26:46.3461026 AM","view-test.exe","24980","RegOpenKey","HKLM\Hardware\DeviceMap\Video","SUCCESS","Desired Access: Read"
 "11:26:46.3461104 AM","view-test.exe","24980","RegQueryValue","HKLM\HARDWARE\DEVICEMAP\VIDEO\\Device\Video0","SUCCESS","Type: REG_SZ, Length: 202, Data: \Registry\Machine\System\CurrentControlSet\Control\Video\{DEB039CC-B704-4F53-B43E-9DD4432FA2E9}\0000"
 "11:26:46.3461213 AM","view-test.exe","24980","RegCloseKey","HKLM\HARDWARE\DEVICEMAP\VIDEO","SUCCESS",""
 "11:26:46.3461323 AM","view-test.exe","24980","RegOpenKey","HKLM\Hardware\DeviceMap\VIDEO","SUCCESS","Desired Access: Read, Maximum Allowed"
 "11:26:46.3461405 AM","view-test.exe","24980","RegQueryValue","HKLM\HARDWARE\DEVICEMAP\VIDEO\MaxObjectNumber","SUCCESS","Type: REG_DWORD, Length: 4, Data: 10"
 "11:26:46.3461507 AM","view-test.exe","24980","RegCloseKey","HKLM\HARDWARE\DEVICEMAP\VIDEO","SUCCESS",""
 "11:26:46.3461610 AM","view-test.exe","24980","RegOpenKey","HKLM\Hardware\DeviceMap\Video","SUCCESS","Desired Access: Read"
 "11:26:46.3461720 AM","view-test.exe","24980","RegQueryValue","HKLM\HARDWARE\DEVICEMAP\VIDEO\\Device\Video1","SUCCESS","Type: REG_SZ, Length: 202, Data: \Registry\Machine\System\CurrentControlSet\Control\Video\{42cf9257-1d96-4c9d-87f3-0d8e74595f78}\0000"
 "11:26:46.3461858 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\CONTROL\VIDEO\{42CF9257-1D96-4C9D-87F3-0D8E74595F78}\0000","REPARSE","Desired Access: Read"
 "11:26:46.3461971 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\CONTROL\VIDEO\{42CF9257-1D96-4C9D-87F3-0D8E74595F78}\0000","SUCCESS","Desired Access: Read"
 "11:26:46.3462091 AM","view-test.exe","24980","RegCloseKey","HKLM\HARDWARE\DEVICEMAP\VIDEO","SUCCESS",""
 "11:26:46.3462187 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Control\VIDEO\{42CF9257-1D96-4C9D-87F3-0D8E74595F78}\0000\PruningMode","NAME NOT FOUND","Length: 52"
 "11:26:46.3462279 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Control\VIDEO\{42CF9257-1D96-4C9D-87F3-0D8E74595F78}\0000","SUCCESS",""
 "11:26:46.3462381 AM","view-test.exe","24980","RegOpenKey","HKLM\Hardware\DeviceMap\Video","SUCCESS","Desired Access: Read"
 "11:26:46.3462466 AM","view-test.exe","24980","RegQueryValue","HKLM\HARDWARE\DEVICEMAP\VIDEO\\Device\Video1","SUCCESS","Type: REG_SZ, Length: 202, Data: \Registry\Machine\System\CurrentControlSet\Control\Video\{42cf9257-1d96-4c9d-87f3-0d8e74595f78}\0000"
 "11:26:46.3462569 AM","view-test.exe","24980","RegCloseKey","HKLM\HARDWARE\DEVICEMAP\VIDEO","SUCCESS",""
 "11:26:46.3462679 AM","view-test.exe","24980","RegOpenKey","HKLM\Hardware\DeviceMap\VIDEO","SUCCESS","Desired Access: Read, Maximum Allowed"
 "11:26:46.3462760 AM","view-test.exe","24980","RegQueryValue","HKLM\HARDWARE\DEVICEMAP\VIDEO\MaxObjectNumber","SUCCESS","Type: REG_DWORD, Length: 4, Data: 10"
 "11:26:46.3462863 AM","view-test.exe","24980","RegCloseKey","HKLM\HARDWARE\DEVICEMAP\VIDEO","SUCCESS",""
 "11:26:46.3462962 AM","view-test.exe","24980","RegOpenKey","HKLM\Hardware\DeviceMap\Video","SUCCESS","Desired Access: Read"
 "11:26:46.3463043 AM","view-test.exe","24980","RegQueryValue","HKLM\HARDWARE\DEVICEMAP\VIDEO\\Device\Video2","SUCCESS","Type: REG_SZ, Length: 202, Data: \Registry\Machine\System\CurrentControlSet\Control\Video\{b043b95c-5670-4f10-b934-8ed0c8eb59a8}\0000"
 "11:26:46.3463167 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\CONTROL\VIDEO\{B043B95C-5670-4F10-B934-8ED0C8EB59A8}\0000","REPARSE","Desired Access: Read"
 "11:26:46.3463263 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\CONTROL\VIDEO\{B043B95C-5670-4F10-B934-8ED0C8EB59A8}\0000","SUCCESS","Desired Access: Read"
 "11:26:46.3463365 AM","view-test.exe","24980","RegCloseKey","HKLM\HARDWARE\DEVICEMAP\VIDEO","SUCCESS",""
 "11:26:46.3463436 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Control\VIDEO\{B043B95C-5670-4F10-B934-8ED0C8EB59A8}\0000\PruningMode","NAME NOT FOUND","Length: 52"
 "11:26:46.3463521 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Control\VIDEO\{B043B95C-5670-4F10-B934-8ED0C8EB59A8}\0000","SUCCESS",""
 "11:26:46.3463606 AM","view-test.exe","24980","RegOpenKey","HKLM\Hardware\DeviceMap\Video","SUCCESS","Desired Access: Read"
 "11:26:46.3463839 AM","view-test.exe","24980","RegQueryValue","HKLM\HARDWARE\DEVICEMAP\VIDEO\\Device\Video2","SUCCESS","Type: REG_SZ, Length: 202, Data: \Registry\Machine\System\CurrentControlSet\Control\Video\{b043b95c-5670-4f10-b934-8ed0c8eb59a8}\0000"
 "11:26:46.3464080 AM","view-test.exe","24980","RegCloseKey","HKLM\HARDWARE\DEVICEMAP\VIDEO","SUCCESS",""
 "11:26:46.3464239 AM","view-test.exe","24980","RegOpenKey","HKLM\Hardware\DeviceMap\VIDEO","SUCCESS","Desired Access: Read, Maximum Allowed"
 "11:26:46.3464335 AM","view-test.exe","24980","RegQueryValue","HKLM\HARDWARE\DEVICEMAP\VIDEO\MaxObjectNumber","SUCCESS","Type: REG_DWORD, Length: 4, Data: 10"
 "11:26:46.3464437 AM","view-test.exe","24980","RegCloseKey","HKLM\HARDWARE\DEVICEMAP\VIDEO","SUCCESS",""
 "11:26:46.3465779 AM","view-test.exe","24980","CreateFile","C:\ProgramData\NVIDIA Corporation\Drs","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
 "11:26:46.3466019 AM","view-test.exe","24980","QueryBasicInformationFile","C:\ProgramData\NVIDIA Corporation\Drs","SUCCESS","CreationTime: 12/5/2014 2:13:29 PM, LastAccessTime: 12/5/2014 2:23:07 PM, LastWriteTime: 12/5/2014 2:23:07 PM, ChangeTime: 12/5/2014 2:23:07 PM, FileAttributes: DNCI"
 "11:26:46.3466129 AM","view-test.exe","24980","CloseFile","C:\ProgramData\NVIDIA Corporation\Drs","SUCCESS",""
 "11:26:46.3466720 AM","view-test.exe","24980","CreateFile","C:\ProgramData\NVIDIA Corporation\Drs\nvdrssel.bin","SUCCESS","Desired Access: Generic Read/Write, Disposition: OpenIf, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, Write, AllocationSize: 0, OpenResult: Opened"
 "11:26:46.3466975 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvdrssel.bin","SUCCESS","Offset: 0, Length: 1, Priority: Normal"
 "11:26:46.3467548 AM","view-test.exe","24980","CreateFile","C:\ProgramData\NVIDIA Corporation\Drs\nvdrsdb0.bin","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, AllocationSize: n/a, OpenResult: Opened"
 "11:26:46.3467785 AM","view-test.exe","24980","QueryStandardInformationFile","C:\ProgramData\NVIDIA Corporation\Drs\nvdrsdb0.bin","SUCCESS","AllocationSize: 1,593,344, EndOfFile: 1,592,928, NumberOfLinks: 1, DeletePending: False, Directory: False"
 "11:26:46.3467913 AM","view-test.exe","24980","CreateFileMapping","C:\ProgramData\NVIDIA Corporation\Drs\nvdrsdb0.bin","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: "
 "11:26:46.3468001 AM","view-test.exe","24980","QueryStandardInformationFile","C:\ProgramData\NVIDIA Corporation\Drs\nvdrsdb0.bin","SUCCESS","AllocationSize: 1,593,344, EndOfFile: 1,592,928, NumberOfLinks: 1, DeletePending: False, Directory: False"
 "11:26:46.3468203 AM","view-test.exe","24980","CreateFileMapping","C:\ProgramData\NVIDIA Corporation\Drs\nvdrsdb0.bin","SUCCESS","SyncType: SyncTypeOther"
 "11:26:46.3468833 AM","view-test.exe","24980","CloseFile","C:\ProgramData\NVIDIA Corporation\Drs\nvdrsdb0.bin","SUCCESS",""
 "11:26:46.3469095 AM","view-test.exe","24980","CloseFile","C:\ProgramData\NVIDIA Corporation\Drs\nvdrssel.bin","SUCCESS",""
 "11:26:46.3469300 AM","view-test.exe","24980","RegOpenKey","HKLM\Hardware\DeviceMap\VIDEO","SUCCESS","Desired Access: Read, Maximum Allowed"
 "11:26:46.3469417 AM","view-test.exe","24980","RegQueryValue","HKLM\HARDWARE\DEVICEMAP\VIDEO\MaxObjectNumber","SUCCESS","Type: REG_DWORD, Length: 4, Data: 10"
 "11:26:46.3469555 AM","view-test.exe","24980","RegCloseKey","HKLM\HARDWARE\DEVICEMAP\VIDEO","SUCCESS",""
 "11:26:46.3469696 AM","view-test.exe","24980","RegOpenKey","HKLM\Hardware\DeviceMap\Video","SUCCESS","Desired Access: Read"
 "11:26:46.3469788 AM","view-test.exe","24980","RegQueryValue","HKLM\HARDWARE\DEVICEMAP\VIDEO\\Device\Video4","SUCCESS","Type: REG_SZ, Length: 202, Data: \Registry\Machine\System\CurrentControlSet\Control\Video\{BA86A327-71E2-426F-9F8A-30608887E2D4}\0000"
 "11:26:46.3469926 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\CONTROL\VIDEO\{BA86A327-71E2-426F-9F8A-30608887E2D4}\0000","REPARSE","Desired Access: Read"
 "11:26:46.3470033 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\CONTROL\VIDEO\{BA86A327-71E2-426F-9F8A-30608887E2D4}\0000","SUCCESS","Desired Access: Read"
 "11:26:46.3470153 AM","view-test.exe","24980","RegCloseKey","HKLM\HARDWARE\DEVICEMAP\VIDEO","SUCCESS",""
 "11:26:46.3470238 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Control\CLASS\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000\PruningMode","NAME NOT FOUND","Length: 52"
 "11:26:46.3470383 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Control\CLASS\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000","SUCCESS",""
 "11:26:46.3470510 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Enum\PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028&REV_06\3&11583659&0&10","SUCCESS","Desired Access: Read"
 "11:26:46.3470606 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Enum\PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028&REV_06\3&11583659&0&10\HardwareID","SUCCESS","Type: REG_MULTI_SZ, Length: 292, Data: PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028&REV_06, PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028, PCI\VEN_8086&DEV_0416&CC_030000, PCI\VEN_8086&DEV_0416&CC_0300"
 "11:26:46.3470730 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Enum\PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028&REV_06\3&11583659&0&10","SUCCESS",""
 "11:26:46.3470836 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Enum\PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028&REV_06\3&11583659&0&10","SUCCESS","Desired Access: Read"
 "11:26:46.3470924 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Enum\PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028&REV_06\3&11583659&0&10\HardwareID","SUCCESS","Type: REG_MULTI_SZ, Length: 292, Data: PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028&REV_06, PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028, PCI\VEN_8086&DEV_0416&CC_030000, PCI\VEN_8086&DEV_0416&CC_0300"
 "11:26:46.3471027 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Enum\PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028&REV_06\3&11583659&0&10","SUCCESS",""
 "11:26:46.3471119 AM","view-test.exe","24980","RegOpenKey","HKLM\Hardware\DeviceMap\Video","SUCCESS","Desired Access: Read"
 "11:26:46.3471204 AM","view-test.exe","24980","RegQueryValue","HKLM\HARDWARE\DEVICEMAP\VIDEO\\Device\Video4","SUCCESS","Type: REG_SZ, Length: 202, Data: \Registry\Machine\System\CurrentControlSet\Control\Video\{BA86A327-71E2-426F-9F8A-30608887E2D4}\0000"
 "11:26:46.3471310 AM","view-test.exe","24980","RegCloseKey","HKLM\HARDWARE\DEVICEMAP\VIDEO","SUCCESS",""
 "11:26:46.3471459 AM","view-test.exe","24980","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
 "11:26:46.3471579 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Control\Video\{BA86A327-71E2-426F-9F8A-30608887E2D4}\0000","REPARSE","Desired Access: Query Value"
 "11:26:46.3471671 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Control\Video\{BA86A327-71E2-426F-9F8A-30608887E2D4}\0000","SUCCESS","Desired Access: Query Value"
 "11:26:46.3471777 AM","view-test.exe","24980","RegSetInfoKey","HKLM\System\CurrentControlSet\Control\CLASS\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.3471855 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Control\CLASS\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000\rmGpuId","NAME NOT FOUND","Length: 144"
 "11:26:46.3471979 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Control\CLASS\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000","SUCCESS",""
 "11:26:46.3472060 AM","view-test.exe","24980","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
 "11:26:46.3472160 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Control\Video\{BA86A327-71E2-426F-9F8A-30608887E2D4}\0000","REPARSE","Desired Access: Query Value"
 "11:26:46.3472245 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Control\Video\{BA86A327-71E2-426F-9F8A-30608887E2D4}\0000","SUCCESS","Desired Access: Query Value"
 "11:26:46.3472333 AM","view-test.exe","24980","RegSetInfoKey","HKLM\System\CurrentControlSet\Control\CLASS\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.3472400 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Control\CLASS\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000\rmGpuId","NAME NOT FOUND","Length: 144"
 "11:26:46.3472517 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Control\CLASS\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000","SUCCESS",""
 "11:26:46.3472595 AM","view-test.exe","24980","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
 "11:26:46.3472690 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Control\Video\{BA86A327-71E2-426F-9F8A-30608887E2D4}\0001","REPARSE","Desired Access: Query Value"
 "11:26:46.3472775 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Control\Video\{BA86A327-71E2-426F-9F8A-30608887E2D4}\0001","SUCCESS","Desired Access: Query Value"
 "11:26:46.3472867 AM","view-test.exe","24980","RegSetInfoKey","HKLM\System\CurrentControlSet\Control\CLASS\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.3472931 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Control\CLASS\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000\rmGpuId","NAME NOT FOUND","Length: 144"
 "11:26:46.3473055 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Control\CLASS\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000","SUCCESS",""
 "11:26:46.3473133 AM","view-test.exe","24980","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
 "11:26:46.3473228 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Control\Video\{BA86A327-71E2-426F-9F8A-30608887E2D4}\0002","REPARSE","Desired Access: Query Value"
 "11:26:46.3473310 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Control\Video\{BA86A327-71E2-426F-9F8A-30608887E2D4}\0002","SUCCESS","Desired Access: Query Value"
 "11:26:46.3473388 AM","view-test.exe","24980","RegSetInfoKey","HKLM\System\CurrentControlSet\Control\CLASS\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.3473451 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Control\CLASS\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000\rmGpuId","NAME NOT FOUND","Length: 144"
 "11:26:46.3473568 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Control\CLASS\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000","SUCCESS",""
 "11:26:46.3473674 AM","view-test.exe","24980","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
 "11:26:46.3473788 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Control\Video\{47F3E9C5-EBBC-4BE9-832F-73DC6589F2B5}\0000","REPARSE","Desired Access: Query Value"
 "11:26:46.3473872 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Control\Video\{47F3E9C5-EBBC-4BE9-832F-73DC6589F2B5}\0000","SUCCESS","Desired Access: Query Value"
 "11:26:46.3473950 AM","view-test.exe","24980","RegSetInfoKey","HKLM\System\CurrentControlSet\Control\CLASS\{4D36E968-E325-11CE-BFC1-08002BE10318}\0001","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.3474018 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Control\CLASS\{4D36E968-E325-11CE-BFC1-08002BE10318}\0001\rmGpuId","SUCCESS","Type: REG_DWORD, Length: 4, Data: 256"
 "11:26:46.3474120 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Control\CLASS\{4D36E968-E325-11CE-BFC1-08002BE10318}\0001","SUCCESS",""
 "11:26:46.3475564 AM","view-test.exe","24980","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
 "11:26:46.3475695 AM","view-test.exe","24980","RegOpenKey","HKLM\SOFTWARE\Wow6432Node\NVIDIA Corporation\Global\CoProcManager","SUCCESS","Desired Access: Query Value"
 "11:26:46.3475861 AM","view-test.exe","24980","RegSetInfoKey","HKLM\SOFTWARE\Wow6432Node\NVIDIA Corporation\Global\CoprocManager","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.3475932 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\Wow6432Node\NVIDIA Corporation\Global\CoprocManager\OptimusEnhancements","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1"
 "11:26:46.3476038 AM","view-test.exe","24980","RegCloseKey","HKLM\SOFTWARE\Wow6432Node\NVIDIA Corporation\Global\CoprocManager","SUCCESS",""
 "11:26:46.3476605 AM","view-test.exe","24980","CreateFile","C:\dev\GIT\Red","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
 "11:26:46.3476817 AM","view-test.exe","24980","QueryDirectory","C:\dev\GIT\Red\*","SUCCESS","Filter: *, 1: ."
 "11:26:46.3477022 AM","view-test.exe","24980","QueryDirectory","C:\dev\GIT\Red","SUCCESS","0: .., 1: .git, 2: .gitattributes, 3: .travis.yml, 4: boot.red, 5: bridges, 6: BSD-3-License.txt, 7: BSL-License.txt, 8: build, 9: compiler.r, 10: console-view.exe, 11: console.exe, 12: console_.exe, 13: console_color.exe, 14: crush, 15: crush.dll, 16: docs, 17: environment, 18: fmodex.dll, 19: gdi-test.exe, 20: lexer.r, 21: modules, 22: openal.exe, 23: pca.png, 24: pca2.png, 25: quick-test, 26: README.md, 27: red.r, 28: run-all.r, 29: runtime, 30: system, 31: test.exe, 32: tests, 33: try.exe, 34: upx.exe"
 "11:26:46.3477373 AM","view-test.exe","24980","QueryDirectory","C:\dev\GIT\Red","SUCCESS","0: usage.txt, 1: utils, 2: version.r, 3: vid.exe, 4: view-test.exe, 5: view-test2.exe, 6: zblunk_02.wav, 7: _crush.dll, 8: _loop_monkD_modleni_01.wav"
 "11:26:46.3477535 AM","view-test.exe","24980","QueryDirectory","C:\dev\GIT\Red","NO MORE FILES",""
 "11:26:46.3477988 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","REPARSE","Desired Access: Read"
 "11:26:46.3478094 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","Desired Access: Read"
 "11:26:46.3478194 AM","view-test.exe","24980","RegSetInfoKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.3478275 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale\en-US","NAME NOT FOUND","Length: 532"
 "11:26:46.3478363 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS",""
 "11:26:46.3478459 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","REPARSE","Desired Access: Read"
 "11:26:46.3478547 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","Desired Access: Read"
 "11:26:46.3478632 AM","view-test.exe","24980","RegSetInfoKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.3478696 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale\en-US","NAME NOT FOUND","Length: 532"
 "11:26:46.3478767 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS",""
 "11:26:46.3479687 AM","view-test.exe","24980","CreateFile","C:\Windows\Globalization\Sorting\SortDefault.nls","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, AllocationSize: n/a, OpenResult: Opened"
 "11:26:46.3479935 AM","view-test.exe","24980","CreateFileMapping","C:\Windows\Globalization\Sorting\SortDefault.nls","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: "
 "11:26:46.3480030 AM","view-test.exe","24980","QueryStandardInformationFile","C:\Windows\Globalization\Sorting\SortDefault.nls","SUCCESS","AllocationSize: 2,945,024, EndOfFile: 2,944,004, NumberOfLinks: 2, DeletePending: False, Directory: False"
 "11:26:46.3480243 AM","view-test.exe","24980","CreateFileMapping","C:\Windows\Globalization\Sorting\SortDefault.nls","SUCCESS","SyncType: SyncTypeOther"
 "11:26:46.3480455 AM","view-test.exe","24980","CloseFile","C:\Windows\Globalization\Sorting\SortDefault.nls","SUCCESS",""
 "11:26:46.3482005 AM","view-test.exe","24980","CreateFile","C:\Program Files (x86)\NVIDIA Corporation\coprocmanager\detoured.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
 "11:26:46.3482285 AM","view-test.exe","24980","QueryBasicInformationFile","C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll","SUCCESS","CreationTime: 12/5/2014 2:13:10 PM, LastAccessTime: 7/3/2015 4:29:36 PM, LastWriteTime: 6/17/2015 11:10:27 AM, ChangeTime: 7/3/2015 4:29:46 PM, FileAttributes: A"
 "11:26:46.3482401 AM","view-test.exe","24980","CloseFile","C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll","SUCCESS",""
 "11:26:46.3483120 AM","view-test.exe","24980","CreateFile","C:\Program Files (x86)\NVIDIA Corporation\coprocmanager\detoured.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
 "11:26:46.3483336 AM","view-test.exe","24980","CreateFileMapping","C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: "
 "11:26:46.3483718 AM","view-test.exe","24980","CreateFileMapping","C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll","SUCCESS","SyncType: SyncTypeOther"
 "11:26:46.3483997 AM","view-test.exe","24980","Load Image","C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll","SUCCESS","Image Base: 0xf000000, Image Size: 0x6000"
 "11:26:46.3484125 AM","view-test.exe","24980","CloseFile","C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll","SUCCESS",""
 "11:26:46.3485516 AM","view-test.exe","24980","CreateFile","C:\Program Files (x86)\NVIDIA Corporation\coprocmanager\nvd3d9wrap.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
 "11:26:46.3485728 AM","view-test.exe","24980","QueryBasicInformationFile","C:\Program Files (x86)\NVIDIA Corporation\coprocmanager\nvd3d9wrap.dll","SUCCESS","CreationTime: 12/5/2014 2:13:09 PM, LastAccessTime: 7/3/2015 4:29:36 PM, LastWriteTime: 6/17/2015 11:10:27 AM, ChangeTime: 7/3/2015 4:29:46 PM, FileAttributes: A"
 "11:26:46.3485845 AM","view-test.exe","24980","CloseFile","C:\Program Files (x86)\NVIDIA Corporation\coprocmanager\nvd3d9wrap.dll","SUCCESS",""
 "11:26:46.3486475 AM","view-test.exe","24980","CreateFile","C:\Program Files (x86)\NVIDIA Corporation\coprocmanager\nvd3d9wrap.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
 "11:26:46.3486673 AM","view-test.exe","24980","CreateFileMapping","C:\Program Files (x86)\NVIDIA Corporation\coprocmanager\nvd3d9wrap.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: "
 "11:26:46.3487066 AM","view-test.exe","24980","CreateFileMapping","C:\Program Files (x86)\NVIDIA Corporation\coprocmanager\nvd3d9wrap.dll","SUCCESS","SyncType: SyncTypeOther"
 "11:26:46.3487338 AM","view-test.exe","24980","Load Image","C:\Program Files (x86)\NVIDIA Corporation\coprocmanager\nvd3d9wrap.dll","SUCCESS","Image Base: 0x719f0000, Image Size: 0x29000"
 "11:26:46.3487505 AM","view-test.exe","24980","CloseFile","C:\Program Files (x86)\NVIDIA Corporation\coprocmanager\nvd3d9wrap.dll","SUCCESS",""
 "11:26:46.3488542 AM","view-test.exe","24980","Load Image","C:\Windows\SysWOW64\setupapi.dll","SUCCESS","Image Base: 0x76200000, Image Size: 0x19d000"
 "11:26:46.3489982 AM","view-test.exe","24980","Load Image","C:\Windows\SysWOW64\cfgmgr32.dll","SUCCESS","Image Base: 0x76a40000, Image Size: 0x27000"
 "11:26:46.3491592 AM","view-test.exe","24980","Load Image","C:\Windows\SysWOW64\devobj.dll","SUCCESS","Image Base: 0x76460000, Image Size: 0x12000"
 "11:26:46.3493015 AM","view-test.exe","24980","RegOpenKey","HKLM\Software\Wow6432Node\Microsoft\Windows\Windows Error Reporting\WMR","SUCCESS","Desired Access: Query Value"
 "11:26:46.3493160 AM","view-test.exe","24980","RegSetInfoKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\Windows Error Reporting\WMR","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.3493238 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\Windows Error Reporting\WMR\Disable","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1"
 "11:26:46.3493362 AM","view-test.exe","24980","RegCloseKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\Windows Error Reporting\WMR","SUCCESS",""
 "11:26:46.3493528 AM","view-test.exe","24980","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
 "11:26:46.3493659 AM","view-test.exe","24980","RegOpenKey","HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Setup","SUCCESS","Desired Access: Read"
 "11:26:46.3493783 AM","view-test.exe","24980","RegSetInfoKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\Setup","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.3493903 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\Setup\SourcePath","NAME NOT FOUND","Length: 144"
 "11:26:46.3493999 AM","view-test.exe","24980","RegCloseKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\Setup","SUCCESS",""
 "11:26:46.3494087 AM","view-test.exe","24980","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
 "11:26:46.3494211 AM","view-test.exe","24980","RegOpenKey","HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion","SUCCESS","Desired Access: Read"
 "11:26:46.3494303 AM","view-test.exe","24980","RegSetInfoKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.3494370 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\DevicePath","SUCCESS","Type: REG_EXPAND_SZ, Length: 34, Data: %SystemRoot%\inf"
 "11:26:46.3494522 AM","view-test.exe","24980","RegCloseKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion","SUCCESS",""
 "11:26:46.3496207 AM","view-test.exe","24980","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
 "11:26:46.3496349 AM","view-test.exe","24980","RegOpenKey","HKLM\SOFTWARE\Wow6432Node\NVIDIA Corporation\Global\CoProcManager","SUCCESS","Desired Access: Query Value"
 "11:26:46.3496540 AM","view-test.exe","24980","RegSetInfoKey","HKLM\SOFTWARE\Wow6432Node\NVIDIA Corporation\Global\CoprocManager","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.3496632 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\Wow6432Node\NVIDIA Corporation\Global\CoprocManager\UMDLogging.Wrap","NAME NOT FOUND","Length: 144"
 "11:26:46.3496745 AM","view-test.exe","24980","RegCloseKey","HKLM\SOFTWARE\Wow6432Node\NVIDIA Corporation\Global\CoprocManager","SUCCESS",""
 "11:26:46.3499877 AM","view-test.exe","24980","CreateFile","C:\Program Files (x86)\NVIDIA Corporation\coprocmanager\nvdxgiwrap.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
 "11:26:46.3500118 AM","view-test.exe","24980","QueryBasicInformationFile","C:\Program Files (x86)\NVIDIA Corporation\coprocmanager\nvdxgiwrap.dll","SUCCESS","CreationTime: 12/5/2014 2:13:11 PM, LastAccessTime: 7/3/2015 4:29:36 PM, LastWriteTime: 6/17/2015 11:10:27 AM, ChangeTime: 7/3/2015 4:29:46 PM, FileAttributes: A"
 "11:26:46.3500234 AM","view-test.exe","24980","CloseFile","C:\Program Files (x86)\NVIDIA Corporation\coprocmanager\nvdxgiwrap.dll","SUCCESS",""
 "11:26:46.3500942 AM","view-test.exe","24980","CreateFile","C:\Program Files (x86)\NVIDIA Corporation\coprocmanager\nvdxgiwrap.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
 "11:26:46.3501165 AM","view-test.exe","24980","CreateFileMapping","C:\Program Files (x86)\NVIDIA Corporation\coprocmanager\nvdxgiwrap.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: "
 "11:26:46.3501554 AM","view-test.exe","24980","CreateFileMapping","C:\Program Files (x86)\NVIDIA Corporation\coprocmanager\nvdxgiwrap.dll","SUCCESS","SyncType: SyncTypeOther"
 "11:26:46.3501845 AM","view-test.exe","24980","Load Image","C:\Program Files (x86)\NVIDIA Corporation\coprocmanager\nvdxgiwrap.dll","SUCCESS","Image Base: 0x718d0000, Image Size: 0x1e000"
 "11:26:46.3501986 AM","view-test.exe","24980","CloseFile","C:\Program Files (x86)\NVIDIA Corporation\coprocmanager\nvdxgiwrap.dll","SUCCESS",""
 "11:26:46.3504028 AM","view-test.exe","24980","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
 "11:26:46.3504195 AM","view-test.exe","24980","RegOpenKey","HKLM\SOFTWARE\Wow6432Node\NVIDIA Corporation\Global\CoProcManager","SUCCESS","Desired Access: Query Value"
 "11:26:46.3504403 AM","view-test.exe","24980","RegSetInfoKey","HKLM\SOFTWARE\Wow6432Node\NVIDIA Corporation\Global\CoprocManager","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.3504495 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\Wow6432Node\NVIDIA Corporation\Global\CoprocManager\UMDLogging.Wrap","NAME NOT FOUND","Length: 144"
 "11:26:46.3504587 AM","view-test.exe","24980","RegCloseKey","HKLM\SOFTWARE\Wow6432Node\NVIDIA Corporation\Global\CoprocManager","SUCCESS",""
 "11:26:46.3504796 AM","view-test.exe","24980","RegCloseKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Windows","SUCCESS",""
 "11:26:46.3505185 AM","view-test.exe","24980","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
 "11:26:46.3505302 AM","view-test.exe","24980","RegOpenKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\OLE","SUCCESS","Desired Access: Read"
 "11:26:46.3505461 AM","view-test.exe","24980","RegSetInfoKey","HKLM\SOFTWARE\MICROSOFT\Ole","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.3505532 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\MICROSOFT\Ole\PageAllocatorUseSystemHeap","NAME NOT FOUND","Length: 144"
 "11:26:46.3505603 AM","view-test.exe","24980","RegCloseKey","HKLM\SOFTWARE\MICROSOFT\Ole","SUCCESS",""
 "11:26:46.3505670 AM","view-test.exe","24980","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
 "11:26:46.3505798 AM","view-test.exe","24980","RegOpenKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\OLE","SUCCESS","Desired Access: Read"
 "11:26:46.3505914 AM","view-test.exe","24980","RegSetInfoKey","HKLM\SOFTWARE\MICROSOFT\Ole","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.3505982 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\MICROSOFT\Ole\PageAllocatorSystemHeapIsPrivate","NAME NOT FOUND","Length: 144"
 "11:26:46.3506098 AM","view-test.exe","24980","RegCloseKey","HKLM\SOFTWARE\MICROSOFT\Ole","SUCCESS",""
 "11:26:46.3506307 AM","view-test.exe","24980","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
 "11:26:46.3506421 AM","view-test.exe","24980","RegOpenKey","HKLM\Software\Wow6432Node\Microsoft\OLE\Tracing","REPARSE","Desired Access: Read"
 "11:26:46.3506559 AM","view-test.exe","24980","RegOpenKey","HKLM\SOFTWARE\MICROSOFT\Ole\Tracing","NAME NOT FOUND","Desired Access: Read"
 "11:26:46.3507135 AM","view-test.exe","24980","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
 "11:26:46.3507238 AM","view-test.exe","24980","RegOpenKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\OLEAUT","NAME NOT FOUND","Desired Access: Query Value"
 "11:26:46.3507436 AM","view-test.exe","24980","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
 "11:26:46.3507585 AM","view-test.exe","24980","RegOpenKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\OLEAUT","NAME NOT FOUND","Desired Access: Query Value"
 "11:26:46.3509429 AM","view-test.exe","24980","RegOpenKey","HKCU","SUCCESS","Desired Access: Read"
 "11:26:46.3509630 AM","view-test.exe","24980","RegCloseKey","HKCU","SUCCESS",""
 "11:26:46.3510770 AM","view-test.exe","24980","QueryNameInformationFile","C:\dev\GIT\Red\view-test.exe","SUCCESS","Name: \dev\GIT\Red\view-test.exe"
 "11:26:46.3513661 AM","view-test.exe","24980","CreateFile","C:\Windows\SysWOW64\uxtheme.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
 "11:26:46.3514401 AM","view-test.exe","24980","QueryBasicInformationFile","C:\Windows\SysWOW64\uxtheme.dll","SUCCESS","CreationTime: 7/14/2009 1:39:11 AM, LastAccessTime: 7/14/2009 1:39:11 AM, LastWriteTime: 7/14/2009 3:11:24 AM, ChangeTime: 12/5/2014 3:16:09 PM, FileAttributes: A"
 "11:26:46.3514539 AM","view-test.exe","24980","CloseFile","C:\Windows\SysWOW64\uxtheme.dll","SUCCESS",""
 "11:26:46.3515555 AM","view-test.exe","24980","CreateFile","C:\Windows\SysWOW64\uxtheme.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
 "11:26:46.3516500 AM","view-test.exe","24980","CreateFileMapping","C:\Windows\SysWOW64\uxtheme.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: "
 "11:26:46.3517027 AM","view-test.exe","24980","CreateFileMapping","C:\Windows\SysWOW64\uxtheme.dll","SUCCESS","SyncType: SyncTypeOther"
 "11:26:46.3518220 AM","view-test.exe","24980","Load Image","C:\Windows\SysWOW64\uxtheme.dll","SUCCESS","Image Base: 0x71ae0000, Image Size: 0x80000"
 "11:26:46.3518619 AM","view-test.exe","24980","CloseFile","C:\Windows\SysWOW64\uxtheme.dll","SUCCESS",""
 "11:26:46.3524540 AM","view-test.exe","24980","Thread Create","","SUCCESS","Thread ID: 31356"
 "11:26:46.3526331 AM","view-test.exe","24980","CreateFile","C:\Windows\SysWOW64\rpcss.dll","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
 "11:26:46.3527828 AM","view-test.exe","24980","CreateFile","C:\Windows\SysWOW64\rpcss.dll","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
 "11:26:46.3623211 AM","view-test.exe","24980","CreateFile","C:\Windows\SysWOW64\shell32.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
 "11:26:46.3623904 AM","view-test.exe","24980","QueryBasicInformationFile","C:\Windows\SysWOW64\shell32.dll","SUCCESS","CreationTime: 3/12/2015 10:47:17 AM, LastAccessTime: 3/12/2015 10:47:17 AM, LastWriteTime: 2/13/2015 7:26:18 AM, ChangeTime: 3/12/2015 10:51:55 AM, FileAttributes: A"
 "11:26:46.3624018 AM","view-test.exe","24980","CloseFile","C:\Windows\SysWOW64\shell32.dll","SUCCESS",""
 "11:26:46.3624775 AM","view-test.exe","24980","CreateFile","C:\Windows\SysWOW64\shell32.dll","SUCCESS","Desired Access: Generic Read/Execute, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
 "11:26:46.3625398 AM","view-test.exe","24980","CreateFileMapping","C:\Windows\SysWOW64\shell32.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: "
 "11:26:46.3625777 AM","view-test.exe","24980","CreateFileMapping","C:\Windows\SysWOW64\shell32.dll","SUCCESS","SyncType: SyncTypeOther"
 "11:26:46.3626679 AM","view-test.exe","24980","Load Image","C:\Windows\SysWOW64\shell32.dll","SUCCESS","Image Base: 0x2850000, Image Size: 0xc4b000"
 "11:26:46.3626884 AM","view-test.exe","24980","RegOpenKey","HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\SideBySide","SUCCESS","Desired Access: Read"
 "11:26:46.3627054 AM","view-test.exe","24980","RegSetInfoKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SideBySide","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.3627132 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest","NAME NOT FOUND","Length: 20"
 "11:26:46.3627228 AM","view-test.exe","24980","RegCloseKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SideBySide","SUCCESS",""
 "11:26:46.3627394 AM","view-test.exe","24980","QueryBasicInformationFile","C:\Windows\SysWOW64\shell32.dll","SUCCESS","CreationTime: 3/12/2015 10:47:17 AM, LastAccessTime: 3/12/2015 10:47:17 AM, LastWriteTime: 2/13/2015 7:26:18 AM, ChangeTime: 3/12/2015 10:51:55 AM, FileAttributes: A"
 "11:26:46.3627935 AM","view-test.exe","24980","CloseFile","C:\Windows\SysWOW64\shell32.dll","SUCCESS",""
 "11:26:46.3628378 AM","view-test.exe","24980","RegOpenKey","HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\SideBySide\AssemblyStorageRoots","NAME NOT FOUND","Desired Access: Enumerate Sub Keys"
 "11:26:46.3629386 AM","view-test.exe","24980","CreateFile","C:\dev\GIT\Red\view-test.exe.Local","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
 "11:26:46.3630915 AM","view-test.exe","24980","CreateFile","C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
 "11:26:46.3631149 AM","view-test.exe","24980","QueryBasicInformationFile","C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d","SUCCESS","CreationTime: 7/17/2015 10:07:45 AM, LastAccessTime: 7/17/2015 10:07:45 AM, LastWriteTime: 7/17/2015 10:07:45 AM, ChangeTime: 7/17/2015 10:07:45 AM, FileAttributes: D"
 "11:26:46.3631312 AM","view-test.exe","24980","CloseFile","C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d","SUCCESS",""
 "11:26:46.3632366 AM","view-test.exe","24980","CreateFile","C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d","SUCCESS","Desired Access: Execute/Traverse, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
 "11:26:46.3633251 AM","view-test.exe","24980","CreateFile","C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
 "11:26:46.3633438 AM","view-test.exe","24980","QueryBasicInformationFile","C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll","SUCCESS","CreationTime: 7/17/2015 10:02:55 AM, LastAccessTime: 7/17/2015 10:02:55 AM, LastWriteTime: 4/24/2015 7:54:13 PM, ChangeTime: 7/17/2015 10:07:45 AM, FileAttributes: A"
 "11:26:46.3633541 AM","view-test.exe","24980","CloseFile","C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll","SUCCESS",""
 "11:26:46.3634100 AM","view-test.exe","24980","CreateFile","C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
 "11:26:46.3634306 AM","view-test.exe","24980","CreateFileMapping","C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: "
 "11:26:46.3634688 AM","view-test.exe","24980","CreateFileMapping","C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll","SUCCESS","SyncType: SyncTypeOther"
 "11:26:46.3634957 AM","view-test.exe","24980","Load Image","C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll","SUCCESS","Image Base: 0x71dc0000, Image Size: 0x19e000"
 "11:26:46.3635091 AM","view-test.exe","24980","CloseFile","C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll","SUCCESS",""
 "11:26:46.3636967 AM","view-test.exe","24980","CreateFile","C:\Windows\WindowsShell.Manifest","SUCCESS","Desired Access: Generic Read/Execute, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
 "11:26:46.3637222 AM","view-test.exe","24980","CreateFileMapping","C:\Windows\WindowsShell.Manifest","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: "
 "11:26:46.3637303 AM","view-test.exe","24980","QueryStandardInformationFile","C:\Windows\WindowsShell.Manifest","SUCCESS","AllocationSize: 4,096, EndOfFile: 749, NumberOfLinks: 1, DeletePending: False, Directory: False"
 "11:26:46.3637473 AM","view-test.exe","24980","CreateFileMapping","C:\Windows\WindowsShell.Manifest","SUCCESS","SyncType: SyncTypeOther"
 "11:26:46.3637710 AM","view-test.exe","24980","RegOpenKey","HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\SideBySide","SUCCESS","Desired Access: Read"
 "11:26:46.3637830 AM","view-test.exe","24980","RegSetInfoKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SideBySide","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.3637891 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest","NAME NOT FOUND","Length: 20"
 "11:26:46.3637968 AM","view-test.exe","24980","RegCloseKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SideBySide","SUCCESS",""
 "11:26:46.3638053 AM","view-test.exe","24980","QueryStandardInformationFile","C:\Windows\WindowsShell.Manifest","SUCCESS","AllocationSize: 4,096, EndOfFile: 749, NumberOfLinks: 1, DeletePending: False, Directory: False"
 "11:26:46.3638145 AM","view-test.exe","24980","QueryBasicInformationFile","C:\Windows\WindowsShell.Manifest","SUCCESS","CreationTime: 7/14/2009 6:54:24 AM, LastAccessTime: 7/14/2009 6:54:24 AM, LastWriteTime: 7/14/2009 6:54:24 AM, ChangeTime: 12/5/2014 3:13:50 PM, FileAttributes: RHA"
 "11:26:46.3638563 AM","view-test.exe","24980","CloseFile","C:\Windows\WindowsShell.Manifest","SUCCESS",""
 "11:26:46.3654110 AM","view-test.exe","24980","CreateFile","C:\dev\GIT\Red\dwmapi.dll","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
 "11:26:46.3655989 AM","view-test.exe","24980","CreateFile","C:\Windows\SysWOW64\dwmapi.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
 "11:26:46.3656704 AM","view-test.exe","24980","QueryBasicInformationFile","C:\Windows\SysWOW64\dwmapi.dll","SUCCESS","CreationTime: 7/14/2009 1:24:17 AM, LastAccessTime: 7/14/2009 1:24:17 AM, LastWriteTime: 7/14/2009 3:15:13 AM, ChangeTime: 12/5/2014 3:15:57 PM, FileAttributes: A"
 "11:26:46.3656821 AM","view-test.exe","24980","CloseFile","C:\Windows\SysWOW64\dwmapi.dll","SUCCESS",""
 "11:26:46.3657882 AM","view-test.exe","24980","CreateFile","C:\Windows\SysWOW64\dwmapi.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
 "11:26:46.3658714 AM","view-test.exe","24980","CreateFileMapping","C:\Windows\SysWOW64\dwmapi.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: "
 "11:26:46.3659174 AM","view-test.exe","24980","CreateFileMapping","C:\Windows\SysWOW64\dwmapi.dll","SUCCESS","SyncType: SyncTypeOther"
 "11:26:46.3660268 AM","view-test.exe","24980","Load Image","C:\Windows\SysWOW64\dwmapi.dll","SUCCESS","Image Base: 0x71400000, Image Size: 0x13000"
 "11:26:46.3660540 AM","view-test.exe","24980","CloseFile","C:\Windows\SysWOW64\dwmapi.dll","SUCCESS",""
 "11:26:46.3684807 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\Locale","REPARSE","Desired Access: Read"
 "11:26:46.3685016 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\Locale","SUCCESS","Desired Access: Read"
 "11:26:46.3685207 AM","view-test.exe","24980","RegSetInfoKey","HKLM\System\CurrentControlSet\Control\Nls\Locale","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.3685352 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\Locale\Alternate Sorts","REPARSE","Desired Access: Read"
 "11:26:46.3685479 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\Locale\Alternate Sorts","SUCCESS","Desired Access: Read"
 "11:26:46.3685607 AM","view-test.exe","24980","RegSetInfoKey","HKLM\System\CurrentControlSet\Control\Nls\Locale\Alternate Sorts","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.3685745 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\Language Groups","REPARSE","Desired Access: Read"
 "11:26:46.3685883 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\Language Groups","SUCCESS","Desired Access: Read"
 "11:26:46.3686017 AM","view-test.exe","24980","RegSetInfoKey","HKLM\System\CurrentControlSet\Control\Nls\Language Groups","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.3686141 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\Locale\00000409","SUCCESS","Type: REG_SZ, Length: 4, Data: 1"
 "11:26:46.3686293 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\Language Groups\1","SUCCESS","Type: REG_SZ, Length: 4, Data: 1"
 "11:26:46.3687068 AM","view-test.exe","24980","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
 "11:26:46.3687203 AM","view-test.exe","24980","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink","SUCCESS","Desired Access: Query Value, Enumerate Sub Keys"
 "11:26:46.3687373 AM","view-test.exe","24980","RegSetInfoKey","HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\FontLink\SystemLink","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.3687489 AM","view-test.exe","24980","RegQueryKey","HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\FontLink\SystemLink","SUCCESS","Query: Cached, SubKeys: 0, Values: 40"
 "11:26:46.3688066 AM","view-test.exe","24980","RegEnumValue","HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\FontLink\SystemLink","BUFFER OVERFLOW","Index: 0, Length: 220"
 "11:26:46.3688286 AM","view-test.exe","24980","RegEnumValue","HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\FontLink\SystemLink","SUCCESS","Index: 0, Name: Lucida Sans Unicode, Type: REG_MULTI_SZ, Length: 164, Data: MSGOTHIC.TTC,MS UI Gothic, MINGLIU.TTC,PMingLiU, SIMSUN.TTC,SimSun, GULIM.TTC,Gulim"
 "11:26:46.3688682 AM","view-test.exe","24980","RegEnumValue","HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\FontLink\SystemLink","BUFFER OVERFLOW","Index: 1, Length: 220"
 "11:26:46.3688887 AM","view-test.exe","24980","RegEnumValue","HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\FontLink\SystemLink","SUCCESS","Index: 1, Name: Microsoft Sans Serif, Type: REG_MULTI_SZ, Length: 164, Data: MSGOTHIC.TTC,MS UI Gothic, MINGLIU.TTC,PMingLiU, SIMSUN.TTC,SimSun, GULIM.TTC,Gulim"
 "11:26:46.3689202 AM","view-test.exe","24980","RegEnumValue","HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\FontLink\SystemLink","SUCCESS","Index: 2, Name: Tahoma, Type: REG_MULTI_SZ, Length: 164, Data: MSGOTHIC.TTC,MS UI Gothic, MINGLIU.TTC,PMingLiU, SIMSUN.TTC,SimSun, GULIM.TTC,Gulim"
 "11:26:46.3689393 AM","view-test.exe","24980","RegEnumValue","HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\FontLink\SystemLink","BUFFER OVERFLOW","Index: 3, Length: 220"
 "11:26:46.3689503 AM","view-test.exe","24980","RegEnumValue","HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\FontLink\SystemLink","SUCCESS","Index: 3, Name: Segoe UI, Type: REG_MULTI_SZ, Length: 430, Data: TAHOMA.TTF, MEIRYO.TTC,Meiryo,128,85, MEIRYO.TTC,Meiryo, MSGOTHIC.TTC,MS UI Gothic, MSJH.TTF,128,96, MSJH.TTF, MSYH.TTF,128,96, MSYH.TTF, MALGUN.TTF,128,96, MALGUN.TTF, MINGLIU.TTC,PMingLiU, SIMSUN.TTC,SimSun, GULIM.TTC,Gulim"
 "11:26:46.3689666 AM","view-test.exe","24980","RegEnumValue","HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\FontLink\SystemLink","BUFFER OVERFLOW","Index: 4, Length: 220"
 "11:26:46.3689762 AM","view-test.exe","24980","RegEnumValue","HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\FontLink\SystemLink","SUCCESS","Index: 4, Name: MingLiU, Type: REG_MULTI_SZ, Length: 186, Data: MICROSS.TTF,40,48, MICROSS.TTF, SIMSUN.TTC,SimSun, MSMINCHO.TTC,MS Mincho, BATANG.TTC,BatangChe"
 "11:26:46.3689963 AM","view-test.exe","24980","RegEnumValue","HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\FontLink\SystemLink","BUFFER OVERFLOW","Index: 5, Length: 220"
 "11:26:46.3690055 AM","view-test.exe","24980","RegEnumValue","HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\FontLink\SystemLink","SUCCESS","Index: 5, Name: PMingLiU, Type: REG_MULTI_SZ, Length: 182, Data: MICROSS.TTF,40,48, MICROSS.TTF, SIMSUN.TTC,SimSun, MSMINCHO.TTC,MS PMincho, BATANG.TTC,Batang"
 "11:26:46.3690229 AM","view-test.exe","24980","RegEnumValue","HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\FontLink\SystemLink","BUFFER OVERFLOW","Index: 6, Length: 220"
 "11:26:46.3690324 AM","view-test.exe","24980","RegEnumValue","HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\FontLink\SystemLink","SUCCESS","Index: 6, Name: MingLiU_HKSCS, Type: REG_MULTI_SZ, Length: 226, Data: MICROSS.TTF,40,48, MICROSS.TTF, MINGLIU.TTC,MingLiU, SIMSUN.TTC,SimSun, MSMINCHO.TTC,MS Mincho, BATANG.TTC,BatangChe"
 "11:26:46.3690491 AM","view-test.exe","24980","RegEnumValue","HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\FontLink\SystemLink","BUFFER OVERFLOW","Index: 7, Length: 220"
 "11:26:46.3690583 AM","view-test.exe","24980","RegEnumValue","HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\FontLink\SystemLink","SUCCESS","Index: 7, Name: MingLiU-ExtB, Type: REG_MULTI_SZ, Length: 226, Data: MICROSS.TTF,40,48, MICROSS.TTF, MINGLIU.TTC,MingLiU, SIMSUN.TTC,SimSun, MSMINCHO.TTC,MS Mincho, BATANG.TTC,BatangChe"
 "11:26:46.3690749 AM","view-test.exe","24980","RegEnumValue","HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\FontLink\SystemLink","BUFFER OVERFLOW","Index: 8, Length: 220"
 "11:26:46.3690848 AM","view-test.exe","24980","RegEnumValue","HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\FontLink\SystemLink","SUCCESS","Index: 8, Name: PMingLiU-ExtB, Type: REG_MULTI_SZ, Length: 224, Data: MICROSS.TTF,40,48, MICROSS.TTF, MINGLIU.TTC,PMingLiU, SIMSUN.TTC,SimSun, MSMINCHO.TTC,MS PMincho, BATANG.TTC,Batang"
 "11:26:46.3691043 AM","view-test.exe","24980","RegEnumValue","HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\FontLink\SystemLink","BUFFER OVERFLOW","Index: 9, Length: 220"
 "11:26:46.3691163 AM","view-test.exe","24980","RegEnumValue","HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\FontLink\SystemLink","SUCCESS","Index: 9, Name: MingLiU_HKSCS-ExtB, Type: REG_MULTI_SZ, Length: 278, Data: MICROSS.TTF,40,48, MICROSS.TTF, MINGLIU.TTC,MingLiU_HKSCS, MINGLIU.TTC,MingLiU, SIMSUN.TTC,SimSun, MSMINCHO.TTC,MS Mincho, BATANG.TTC,BatangChe"
 "11:26:46.3691347 AM","view-test.exe","24980","RegEnumValue","HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\FontLink\SystemLink","BUFFER OVERFLOW","Index: 10, Length: 220"
 "11:26:46.3691471 AM","view-test.exe","24980","RegEnumValue","HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\FontLink\SystemLink","SUCCESS","Index: 10, Name: Microsoft JhengHei, Type: REG_MULTI_SZ, Length: 298, Data: SEGOEUI.TTF,114,78, SEGOEUI.TTF, MINGLIU.TTC,MingLiU, MSYH.TTF,128,96, MSYH.TTF, MEIRYO.TTC,Meiryo,128,85, MEIRYO.TTC,Meiryo, MALGUN.TTF,128,96, MALGUN.TTF"
 "11:26:46.3691690 AM","view-test.exe","24980","RegEnumValue","HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\FontLink\SystemLink","BUFFER OVERFLOW","Index: 11, Length: 220"
 "11:26:46.3691825 AM","view-test.exe","24980","RegEnumValue","HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\FontLink\SystemLink","SUCCESS","Index: 11, Name: Microsoft JhengHei Bold, Type: REG_MULTI_SZ, Length: 342, Data: SEGOEUIB.TTF,114,78, SEGOEUIB.TTF, MINGLIU.TTC,MingLiU, MSYHBD.TTF,128,96, MSYHBD.TTF, MEIRYOB.TTC,Meiryo Bold,128,85, MEIRYOB.TTC,Meiryo Bold, MALGUNBD.TTF,128,96, MALGUNBD.TTF"
 "11:26:46.3692034 AM","view-test.exe","24980","RegEnumValue","HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\FontLink\SystemLink","BUFFER OVERFLOW","Index: 12, Length: 220"
 "11:26:46.3692175 AM","view-test.exe","24980","RegEnumValue","HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\FontLink\SystemLink","SUCCESS","Index: 12, Name: SimSun, Type: REG_MULTI_SZ, Length: 192, Data: MICROSS.TTF,108,122, MICROSS.TTF, MINGLIU.TTC,PMingLiU, MSMINCHO.TTC,MS PMincho, BATANG.TTC,Batang"
 "11:26:46.3692405 AM","view-test.exe","24980","RegEnumValue","HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\FontLink\SystemLink","BUFFER OVERFLOW","Index: 13, Length: 220"
 "11:26:46.3692550 AM","view-test.exe","24980","RegEnumValue","HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\FontLink\SystemLink","SUCCESS","Index: 13, Name: SimSun-ExtB, Type: REG_MULTI_SZ, Length: 228, Data: MICROSS.TTF,108,122, MICROSS.TTF, SIMSUN.TTC,SimSun, MINGLIU.TTC,PMingLiU, MSMINCHO.TTC,MS PMincho, BATANG.TTC,Batang"
 "11:26:46.3692727 AM","view-test.exe","24980","RegEnumValue","HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\FontLink\SystemLink","SUCCESS","Index: 14, Name: NSimSun, Type: REG_MULTI_SZ, Length: 132, Data: MINGLIU.TTC,PMingLiU, MSMINCHO.TTC,MS Mincho, BATANG.TTC,BatangChe"
 "11:26:46.3692908 AM","view-test.exe","24980","RegEnumValue","HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\FontLink\SystemLink","BUFFER OVERFLOW","Index: 15, Length: 220"
 "11:26:46.3693035 AM","view-test.exe","24980","RegEnumValue","HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\FontLink\SystemLink","SUCCESS","Index: 15, Name: Microsoft YaHei, Type: REG_MULTI_SZ, Length: 294, Data: SEGOEUI.TTF,120,80, SEGOEUI.TTF, SIMSUN.TTC,SimSun, MSJH.TTF,128,96, MSJH.TTF, MEIRYO.TTC,Meiryo,128,85, MEIRYO.TTC,Meiryo, MALGUN.TTF,128,96, MALGUN.TTF"
 "11:26:46.3693212 AM","view-test.exe","24980","RegEnumValue","HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\FontLink\SystemLink","BUFFER OVERFLOW","Index: 16, Length: 220"
 "11:26:46.3693318 AM","view-test.exe","24980","RegEnumValue","HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\FontLink\SystemLink","SUCCESS","Index: 16, Name: Microsoft YaHei Bold, Type: REG_MULTI_SZ, Length: 338, Data: SEGOEUIB.TTF,120,80, SEGOEUIB.TTF, SIMSUN.TTC,SimSun, MSJHBD.TTF,128,96, MSJHBD.TTF, MEIRYOB.TTC,Meiryo Bold,128,85, MEIRYOB.TTC,Meiryo Bold, MALGUNBD.TTF,128,96, MALGUNBD.TTF"
 "11:26:46.3693485 AM","view-test.exe","24980","RegEnumValue","HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\FontLink\SystemLink","BUFFER OVERFLOW","Index: 17, Length: 220"
 "11:26:46.3693626 AM","view-test.exe","24980","RegEnumValue","HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\FontLink\SystemLink","SUCCESS","Index: 17, Name: Meiryo, Type: REG_MULTI_SZ, Length: 274, Data: SEGOEUI.TTF,133,83, SEGOEUI.TTF, MSGOTHIC.TTC,MS UI Gothic, MSJH.TTF,128,96, MSJH.TTF, MSYH.TTF,128,96, MSYH.TTF, MALGUN.TTF,128,96, MALGUN.TTF"
 "11:26:46.3693853 AM","view-test.exe","24980","RegEnumValue","HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\FontLink\SystemLink","BUFFER OVERFLOW","Index: 18, Length: 220"
 "11:26:46.3694030 AM","view-test.exe","24980","RegEnumValue","HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\FontLink\SystemLink","SUCCESS","Index: 18, Name: Meiryo Bold, Type: REG_MULTI_SZ, Length: 302, Data: SEGOEUIB.TTF,133,83, SEGOEUIB.TTF, MSGOTHIC.TTC,MS UI Gothic, MSJHBD.TTF,128,96, MSJHBD.TTF, MSYHBD.TTF,128,96, MSYHBD.TTF, MALGUNBD.TTF,128,96, MALGUNBD.TTF"
 "11:26:46.3694334 AM","view-test.exe","24980","RegEnumValue","HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\FontLink\SystemLink","BUFFER OVERFLOW","Index: 19, Length: 220"
 "11:26:46.3694514 AM","view-test.exe","24980","RegEnumValue","HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\FontLink\SystemLink","SUCCESS","Index: 19, Name: Meiryo UI, Type: REG_MULTI_SZ, Length: 274, Data: SEGOEUI.TTF,133,83, SEGOEUI.TTF, MSGOTHIC.TTC,MS UI Gothic, MSJH.TTF,128,96, MSJH.TTF, MSYH.TTF,128,96, MSYH.TTF, MALGUN.TTF,128,96, MALGUN.TTF"
 "11:26:46.3694790 AM","view-test.exe","24980","RegEnumValue","HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\FontLink\SystemLink","BUFFER OVERFLOW","Index: 20, Length: 220"
 "11:26:46.3694950 AM","view-test.exe","24980","RegEnumValue","HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\FontLink\SystemLink","SUCCESS","Index: 20, Name: Meiryo UI Bold, Type: REG_MULTI_SZ, Length: 302, Data: SEGOEUIB.TTF,133,83, SEGOEUIB.TTF, MSGOTHIC.TTC,MS UI Gothic, MSJHBD.TTF,128,96, MSJHBD.TTF, MSYHBD.TTF,128,96, MSYHBD.TTF, MALGUNBD.TTF,128,96, MALGUNBD.TTF"
 "11:26:46.3695116 AM","view-test.exe","24980","RegEnumValue","HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\FontLink\SystemLink","SUCCESS","Index: 21, Name: MS Gothic, Type: REG_MULTI_SZ, Length: 116, Data: MINGLIU.TTC,MingLiU, SIMSUN.TTC,SimSun, GULIM.TTC,GulimChe"
 "11:26:46.3695275 AM","view-test.exe","24980","RegEnumValue","HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\FontLink\SystemLink","SUCCESS","Index: 22, Name: MS PGothic, Type: REG_MULTI_SZ, Length: 112, Data: MINGLIU.TTC,PMingLiU, SIMSUN.TTC,SimSun, GULIM.TTC,Gulim"
 "11:26:46.3695431 AM","view-test.exe","24980","RegEnumValue","HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\FontLink\SystemLink","BUFFER OVERFLOW","Index: 23, Length: 220"
 "11:26:46.3695527 AM","view-test.exe","24980","RegEnumValue","HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\FontLink\SystemLink","SUCCESS","Index: 23, Name: MS UI Gothic, Type: REG_MULTI_SZ, Length: 176, Data: MICROSS.TTF,128,142, MICROSS.TTF, MINGLIU.TTC,PMingLiU, SIMSUN.TTC,SimSun, GULIM.TTC,Gulim"
 "11:26:46.3695682 AM","view-test.exe","24980","RegEnumValue","HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\FontLink\SystemLink","SUCCESS","Index: 24, Name: MS Mincho, Type: REG_MULTI_SZ, Length: 114, Data: MINGLIU.TTC,MingLiU, SIMSUN.TTC,SimSun, BATANG.TTC,Batang"
 "11:26:46.3695838 AM","view-test.exe","24980","RegEnumValue","HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\FontLink\SystemLink","SUCCESS","Index: 25, Name: MS PMincho, Type: REG_MULTI_SZ, Length: 116, Data: MINGLIU.TTC,PMingLiU, SIMSUN.TTC,SimSun, BATANG.TTC,Batang"
 "11:26:46.3695987 AM","view-test.exe","24980","RegEnumValue","HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\FontLink\SystemLink","SUCCESS","Index: 26, Name: Batang, Type: REG_MULTI_SZ, Length: 128, Data: MSMINCHO.TTC,MS PMincho, MINGLIU.TTC,PMingLiU, SIMSUN.TTC,SimSun"
 "11:26:46.3696149 AM","view-test.exe","24980","RegEnumValue","HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\FontLink\SystemLink","SUCCESS","Index: 27, Name: BatangChe, Type: REG_MULTI_SZ, Length: 124, Data: MSMINCHO.TTC,MS Mincho, MINGLIU.TTC,MingLiU, SIMSUN.TTC,SimSun"
 "11:26:46.3696305 AM","view-test.exe","24980","RegEnumValue","HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\FontLink\SystemLink","SUCCESS","Index: 28, Name: Dotum, Type: REG_MULTI_SZ, Length: 132, Data: MSGOTHIC.TTC,MS UI Gothic, MINGLIU.TTC,PMingLiU, SIMSUN.TTC,SimSun"
 "11:26:46.3696454 AM","view-test.exe","24980","RegEnumValue","HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\FontLink\SystemLink","SUCCESS","Index: 29, Name: DotumChe, Type: REG_MULTI_SZ, Length: 124, Data: MSGOTHIC.TTC,MS Gothic, MINGLIU.TTC,MingLiU, SIMSUN.TTC,SimSun"
 "11:26:46.3696602 AM","view-test.exe","24980","RegEnumValue","HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\FontLink\SystemLink","BUFFER OVERFLOW","Index: 30, Length: 220"
 "11:26:46.3696698 AM","view-test.exe","24980","RegEnumValue","HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\FontLink\SystemLink","SUCCESS","Index: 30, Name: Gulim, Type: REG_MULTI_SZ, Length: 196, Data: MICROSS.TTF,128,140, MICROSS.TTF, MSGOTHIC.TTC,MS UI Gothic, MINGLIU.TTC,PMingLiU, SIMSUN.TTC,SimSun"
 "11:26:46.3696864 AM","view-test.exe","24980","RegEnumValue","HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\FontLink\SystemLink","SUCCESS","Index: 31, Name: GulimChe, Type: REG_MULTI_SZ, Length: 124, Data: MSGOTHIC.TTC,MS Gothic, MINGLIU.TTC,MingLiU, SIMSUN.TTC,SimSun"
 "11:26:46.3697045 AM","view-test.exe","24980","RegEnumValue","HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\FontLink\SystemLink","SUCCESS","Index: 32, Name: Gungsuh, Type: REG_MULTI_SZ, Length: 128, Data: MSMINCHO.TTC,MS PMincho, MINGLIU.TTC,PMingLiU, SIMSUN.TTC,SimSun"
 "11:26:46.3697200 AM","view-test.exe","24980","RegEnumValue","HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\FontLink\SystemLink","SUCCESS","Index: 33, Name: GungsuhChe, Type: REG_MULTI_SZ, Length: 124, Data: MSMINCHO.TTC,MS Mincho, MINGLIU.TTC,MingLiU, SIMSUN.TTC,SimSun"
 "11:26:46.3697367 AM","view-test.exe","24980","RegEnumValue","HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\FontLink\SystemLink","BUFFER OVERFLOW","Index: 34, Length: 220"
 "11:26:46.3697466 AM","view-test.exe","24980","RegEnumValue","HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\FontLink\SystemLink","SUCCESS","Index: 34, Name: Malgun Gothic, Type: REG_MULTI_SZ, Length: 282, Data: SEGOEUI.TTF,130,81, SEGOEUI.TTF, GULIM.TTC,Gulim, MEIRYO.TTC,Meiryo,128,85, MEIRYO.TTC,Meiryo, MSJH.TTF,128,96, MSJH.TTF, MSYH.TTF,128,96, MSYH.TTF"
 "11:26:46.3697615 AM","view-test.exe","24980","RegEnumValue","HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\FontLink\SystemLink","BUFFER OVERFLOW","Index: 35, Length: 220"
 "11:26:46.3697710 AM","view-test.exe","24980","RegEnumValue","HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\FontLink\SystemLink","SUCCESS","Index: 35, Name: Malgun Gothic Bold, Type: REG_MULTI_SZ, Length: 326, Data: SEGOEUIB.TTF,130,81, SEGOEUIB.TTF, GULIM.TTC,Gulim, MEIRYOB.TTC,Meiryo Bold,128,85, MEIRYOB.TTC,Meiryo Bold, MSJHBD.TTF,128,96, MSJHBD.TTF, MSYHBD.TTF,128,96, MSYHBD.TTF"
 "11:26:46.3697862 AM","view-test.exe","24980","RegEnumValue","HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\FontLink\SystemLink","BUFFER OVERFLOW","Index: 36, Length: 220"
 "11:26:46.3697958 AM","view-test.exe","24980","RegEnumValue","HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\FontLink\SystemLink","SUCCESS","Index: 36, Name: MS PGothic MC, Type: REG_MULTI_SZ, Length: 216, Data: C:\Windows\ehome\WTVGOTHIC-S.ttc,Windows TV PGothic, MINGLIU.TTC,PMingLiU, SIMSUN.TTC,SimSun, GULIM.TTC,Gulim"
 "11:26:46.3698114 AM","view-test.exe","24980","RegEnumValue","HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\FontLink\SystemLink","BUFFER OVERFLOW","Index: 37, Length: 220"
 "11:26:46.3698202 AM","view-test.exe","24980","RegEnumValue","HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\FontLink\SystemLink","SUCCESS","Index: 37, Name: Segoe Media Center, Type: REG_MULTI_SZ, Length: 394, Data: tahoma.ttf, MEIRYO.TTC,Meiryo,128,85, MSJH.TTF,128,96, mingliub.ttc,PMingLiU-ExtB, MSYH.TTF,128,96, simsunb.ttf, C:\Windows\ehome\malgunmc.ttf,128,96, C:\Windows\ehome\WTVGOTHIC-S.ttc,Windows TV PGothic"
 "11:26:46.3698361 AM","view-test.exe","24980","RegEnumValue","HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\FontLink\SystemLink","BUFFER OVERFLOW","Index: 38, Length: 220"
 "11:26:46.3698457 AM","view-test.exe","24980","RegEnumValue","HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\FontLink\SystemLink","SUCCESS","Index: 38, Name: Segoe Media Center Semibold, Type: REG_MULTI_SZ, Length: 394, Data: tahoma.ttf, MEIRYO.TTC,Meiryo,128,85, MSJH.TTF,128,96, mingliub.ttc,PMingLiU-ExtB, MSYH.TTF,128,96, simsunb.ttf, C:\Windows\ehome\malgunmc.ttf,128,96, C:\Windows\ehome\WTVGOTHIC-S.ttc,Windows TV PGothic"
 "11:26:46.3698609 AM","view-test.exe","24980","RegEnumValue","HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\FontLink\SystemLink","BUFFER OVERFLOW","Index: 39, Length: 220"
 "11:26:46.3698705 AM","view-test.exe","24980","RegEnumValue","HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\FontLink\SystemLink","SUCCESS","Index: 39, Name: Segoe Media Center Light, Type: REG_MULTI_SZ, Length: 394, Data: tahoma.ttf, MEIRYO.TTC,Meiryo,128,85, MSJH.TTF,128,96, mingliub.ttc,PMingLiU-ExtB, MSYH.TTF,128,96, simsunb.ttf, C:\Windows\ehome\malgunmc.ttf,128,96, C:\Windows\ehome\WTVGOTHIC-S.ttc,Windows TV PGothic"
 "11:26:46.3698857 AM","view-test.exe","24980","RegEnumValue","HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\FontLink\SystemLink","NO MORE ENTRIES","Index: 40, Length: 220"
 "11:26:46.3698988 AM","view-test.exe","24980","RegCloseKey","HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\FontLink\SystemLink","SUCCESS",""
 "11:26:46.3699526 AM","view-test.exe","24980","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
 "11:26:46.3699678 AM","view-test.exe","24980","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0","SUCCESS","Desired Access: Query Value"
 "11:26:46.3699833 AM","view-test.exe","24980","RegSetInfoKey","HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\LanguagePack\DataStore_V1.0","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.3699950 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\LanguagePack\DataStore_V1.0\Disable","NAME NOT FOUND","Length: 144"
 "11:26:46.3700064 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\LanguagePack\DataStore_V1.0\DataFilePath","SUCCESS","Type: REG_SZ, Length: 66, Data: C:\Windows\Fonts\staticcache.dat"
 "11:26:46.3700205 AM","view-test.exe","24980","RegCloseKey","HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\LanguagePack\DataStore_V1.0","SUCCESS",""
 "11:26:46.3701122 AM","view-test.exe","24980","CreateFile","C:\Windows\Fonts\StaticCache.dat","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
 "11:26:46.3701426 AM","view-test.exe","24980","QueryStandardInformationFile","C:\Windows\Fonts\StaticCache.dat","SUCCESS","AllocationSize: 9,633,792, EndOfFile: 9,633,792, NumberOfLinks: 1, DeletePending: False, Directory: False"
 "11:26:46.3701582 AM","view-test.exe","24980","ReadFile","C:\Windows\Fonts\StaticCache.dat","SUCCESS","Offset: 0, Length: 60, Priority: Normal"
 "11:26:46.3701798 AM","view-test.exe","24980","CreateFileMapping","C:\Windows\Fonts\StaticCache.dat","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: "
 "11:26:46.3701918 AM","view-test.exe","24980","QueryStandardInformationFile","C:\Windows\Fonts\StaticCache.dat","SUCCESS","AllocationSize: 9,633,792, EndOfFile: 9,633,792, NumberOfLinks: 1, DeletePending: False, Directory: False"
 "11:26:46.3702183 AM","view-test.exe","24980","CreateFileMapping","C:\Windows\Fonts\StaticCache.dat","SUCCESS","SyncType: SyncTypeOther"
 "11:26:46.3705691 AM","view-test.exe","24980","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
 "11:26:46.3705875 AM","view-test.exe","24980","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback","SUCCESS","Desired Access: Query Value"
 "11:26:46.3706037 AM","view-test.exe","24980","RegSetInfoKey","HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\LanguagePack\SurrogateFallback","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.3706193 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\LanguagePack\SurrogateFallback\Plane1","NAME NOT FOUND","Length: 144"
 "11:26:46.3706299 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\LanguagePack\SurrogateFallback\Plane2","SUCCESS","Type: REG_SZ, Length: 24, Data: SimSun-ExtB"
 "11:26:46.3706427 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\LanguagePack\SurrogateFallback\Plane2","SUCCESS","Type: REG_SZ, Length: 24, Data: SimSun-ExtB"
 "11:26:46.3706547 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\LanguagePack\SurrogateFallback\Plane3","NAME NOT FOUND","Length: 144"
 "11:26:46.3706639 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\LanguagePack\SurrogateFallback\Plane4","NAME NOT FOUND","Length: 144"
 "11:26:46.3706735 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\LanguagePack\SurrogateFallback\Plane5","NAME NOT FOUND","Length: 144"
 "11:26:46.3706827 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\LanguagePack\SurrogateFallback\Plane6","NAME NOT FOUND","Length: 144"
 "11:26:46.3706919 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\LanguagePack\SurrogateFallback\Plane7","NAME NOT FOUND","Length: 144"
 "11:26:46.3707018 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\LanguagePack\SurrogateFallback\Plane8","NAME NOT FOUND","Length: 144"
 "11:26:46.3707113 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\LanguagePack\SurrogateFallback\Plane9","NAME NOT FOUND","Length: 144"
 "11:26:46.3707219 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\LanguagePack\SurrogateFallback\Plane10","NAME NOT FOUND","Length: 144"
 "11:26:46.3707322 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\LanguagePack\SurrogateFallback\Plane11","NAME NOT FOUND","Length: 144"
 "11:26:46.3707435 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\LanguagePack\SurrogateFallback\Plane12","NAME NOT FOUND","Length: 144"
 "11:26:46.3707531 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\LanguagePack\SurrogateFallback\Plane13","NAME NOT FOUND","Length: 144"
 "11:26:46.3707626 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\LanguagePack\SurrogateFallback\Plane14","NAME NOT FOUND","Length: 144"
 "11:26:46.3707722 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\LanguagePack\SurrogateFallback\Plane15","NAME NOT FOUND","Length: 144"
 "11:26:46.3707814 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\LanguagePack\SurrogateFallback\Plane16","NAME NOT FOUND","Length: 144"
 "11:26:46.3707927 AM","view-test.exe","24980","RegCloseKey","HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\LanguagePack\SurrogateFallback","SUCCESS",""
 "11:26:46.3708055 AM","view-test.exe","24980","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
 "11:26:46.3708182 AM","view-test.exe","24980","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback","SUCCESS","Desired Access: Query Value, Enumerate Sub Keys"
 "11:26:46.3708299 AM","view-test.exe","24980","RegSetInfoKey","HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\LanguagePack\SurrogateFallback","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.3708394 AM","view-test.exe","24980","RegQueryKey","HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\LanguagePack\SurrogateFallback","SUCCESS","Query: Cached, SubKeys: 4, Values: 1"
 "11:26:46.3708543 AM","view-test.exe","24980","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\LanguagePack\SurrogateFallback","SUCCESS","Index: 0, Name: MingLiU"
 "11:26:46.3708674 AM","view-test.exe","24980","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\LanguagePack\SurrogateFallback","SUCCESS","Index: 1, Name: MingLiU_HKSCS"
 "11:26:46.3708801 AM","view-test.exe","24980","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\LanguagePack\SurrogateFallback","SUCCESS","Index: 2, Name: PMingLiU"
 "11:26:46.3708922 AM","view-test.exe","24980","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\LanguagePack\SurrogateFallback","SUCCESS","Index: 3, Name: SimSun"
 "11:26:46.3709314 AM","view-test.exe","24980","RegQueryKey","HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\LanguagePack\SurrogateFallback","SUCCESS","Query: HandleTags, HandleTags: 0x100"
 "11:26:46.3709449 AM","view-test.exe","24980","RegOpenKey","HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\LanguagePack\SurrogateFallback\Segoe UI","NAME NOT FOUND","Desired Access: Query Value"
 "11:26:46.3709700 AM","view-test.exe","24980","RegCloseKey","HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\LanguagePack\SurrogateFallback","SUCCESS",""
 "11:26:46.3721145 AM","view-test.exe","24980","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
 "11:26:46.3721389 AM","view-test.exe","24980","RegOpenKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\CTF\Compatibility\view-test.exe","NAME NOT FOUND","Desired Access: Read"
 "11:26:46.3723166 AM","view-test.exe","24980","CreateFile","C:\Windows\SysWOW64\ole32.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
 "11:26:46.3723948 AM","view-test.exe","24980","QueryBasicInformationFile","C:\Windows\SysWOW64\ole32.dll","SUCCESS","CreationTime: 7/17/2015 10:03:11 AM, LastAccessTime: 7/17/2015 10:03:11 AM, LastWriteTime: 7/4/2015 7:48:36 PM, ChangeTime: 7/20/2015 9:22:24 AM, FileAttributes: A"
 "11:26:46.3724115 AM","view-test.exe","24980","CloseFile","C:\Windows\SysWOW64\ole32.dll","SUCCESS",""
 "11:26:46.3724985 AM","view-test.exe","24980","CreateFile","C:\Windows\SysWOW64\ole32.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
 "11:26:46.3725661 AM","view-test.exe","24980","CreateFileMapping","C:\Windows\SysWOW64\ole32.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: "
 "11:26:46.3726213 AM","view-test.exe","24980","CreateFileMapping","C:\Windows\SysWOW64\ole32.dll","SUCCESS","SyncType: SyncTypeOther"
 "11:26:46.3727324 AM","view-test.exe","24980","Load Image","C:\Windows\SysWOW64\ole32.dll","SUCCESS","Image Base: 0x3400000, Image Size: 0x15c000"
 "11:26:46.3727572 AM","view-test.exe","24980","CloseFile","C:\Windows\SysWOW64\ole32.dll","SUCCESS",""
 "11:26:46.3728301 AM","view-test.exe","24980","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
 "11:26:46.3728499 AM","view-test.exe","24980","RegOpenKey","HKLM\Software\Wow6432Node\Microsoft\CTF\TIP\{0000897b-83df-4b96-be07-0fb58b01c4a4}\LanguageProfile\0x00000000\{0001bea3-ed56-483d-a2e2-aeae25577436}","REPARSE","Desired Access: Read"
 "11:26:46.3728758 AM","view-test.exe","24980","RegOpenKey","HKLM\SOFTWARE\MICROSOFT\CTF\TIP\{0000897b-83df-4b96-be07-0fb58b01c4a4}\LanguageProfile\0x00000000\{0001bea3-ed56-483d-a2e2-aeae25577436}","SUCCESS","Desired Access: Read"
 "11:26:46.3728970 AM","view-test.exe","24980","RegSetInfoKey","HKLM\SOFTWARE\MICROSOFT\CTF\TIP\{0000897b-83df-4b96-be07-0fb58b01c4a4}\LanguageProfile\0x00000000\{0001bea3-ed56-483d-a2e2-aeae25577436}","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.3729083 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\MICROSOFT\CTF\TIP\{0000897b-83df-4b96-be07-0fb58b01c4a4}\LanguageProfile\0x00000000\{0001bea3-ed56-483d-a2e2-aeae25577436}\Enable","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1"
 "11:26:46.3729235 AM","view-test.exe","24980","RegCloseKey","HKLM\SOFTWARE\MICROSOFT\CTF\TIP\{0000897b-83df-4b96-be07-0fb58b01c4a4}\LanguageProfile\0x00000000\{0001bea3-ed56-483d-a2e2-aeae25577436}","SUCCESS",""
 "11:26:46.3731865 AM","view-test.exe","24980","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
 "11:26:46.3732052 AM","view-test.exe","24980","RegOpenKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\CTF\TIP\","SUCCESS","Desired Access: Read"
 "11:26:46.3732258 AM","view-test.exe","24980","RegSetInfoKey","HKLM\SOFTWARE\MICROSOFT\CTF\TIP","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.3732378 AM","view-test.exe","24980","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\CTF\TIP","SUCCESS","Index: 0, Name: {0000897b-83df-4b96-be07-0fb58b01c4a4}"
 "11:26:46.3732544 AM","view-test.exe","24980","RegQueryKey","HKLM\SOFTWARE\MICROSOFT\CTF\TIP","SUCCESS","Query: HandleTags, HandleTags: 0x400"
 "11:26:46.3732728 AM","view-test.exe","24980","RegOpenKey","HKLM\SOFTWARE\MICROSOFT\CTF\TIP\{0000897b-83df-4b96-be07-0fb58b01c4a4}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}","NAME NOT FOUND","Desired Access: Read"
 "11:26:46.3732923 AM","view-test.exe","24980","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\CTF\TIP","SUCCESS","Index: 1, Name: {03B5835F-F03C-411B-9CE2-AA23E1171E36}"
 "11:26:46.3733072 AM","view-test.exe","24980","RegQueryKey","HKLM\SOFTWARE\MICROSOFT\CTF\TIP","SUCCESS","Query: HandleTags, HandleTags: 0x400"
 "11:26:46.3733213 AM","view-test.exe","24980","RegOpenKey","HKLM\SOFTWARE\MICROSOFT\CTF\TIP\{03B5835F-F03C-411B-9CE2-AA23E1171E36}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}","NAME NOT FOUND","Desired Access: Read"
 "11:26:46.3733394 AM","view-test.exe","24980","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\CTF\TIP","SUCCESS","Index: 2, Name: {07EB03D6-B001-41DF-9192-BF9B841EE71F}"
 "11:26:46.3733528 AM","view-test.exe","24980","RegQueryKey","HKLM\SOFTWARE\MICROSOFT\CTF\TIP","SUCCESS","Query: HandleTags, HandleTags: 0x400"
 "11:26:46.3733649 AM","view-test.exe","24980","RegOpenKey","HKLM\SOFTWARE\MICROSOFT\CTF\TIP\{07EB03D6-B001-41DF-9192-BF9B841EE71F}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}","NAME NOT FOUND","Desired Access: Read"
 "11:26:46.3733801 AM","view-test.exe","24980","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\CTF\TIP","SUCCESS","Index: 3, Name: {3697C5FA-60DD-4B56-92D4-74A569205C16}"
 "11:26:46.3733928 AM","view-test.exe","24980","RegQueryKey","HKLM\SOFTWARE\MICROSOFT\CTF\TIP","SUCCESS","Query: HandleTags, HandleTags: 0x400"
 "11:26:46.3734045 AM","view-test.exe","24980","RegOpenKey","HKLM\SOFTWARE\MICROSOFT\CTF\TIP\{3697C5FA-60DD-4B56-92D4-74A569205C16}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}","SUCCESS","Desired Access: Read"
 "11:26:46.3734204 AM","view-test.exe","24980","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\CTF\TIP\{3697C5FA-60DD-4B56-92D4-74A569205C16}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}","SUCCESS","Index: 0, Name: {BCE90E01-6153-4AE5-B702-9D71D3A6A195}"
 "11:26:46.3734324 AM","view-test.exe","24980","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\CTF\TIP\{3697C5FA-60DD-4B56-92D4-74A569205C16}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}","NO MORE ENTRIES","Index: 1, Length: 288"
 "11:26:46.3734466 AM","view-test.exe","24980","RegCloseKey","HKLM\SOFTWARE\MICROSOFT\CTF\TIP\{3697C5FA-60DD-4B56-92D4-74A569205C16}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}","SUCCESS",""
 "11:26:46.3734586 AM","view-test.exe","24980","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\CTF\TIP","SUCCESS","Index: 4, Name: {531FDEBF-9B4C-4A43-A2AA-960E8FCDC732}"
 "11:26:46.3734728 AM","view-test.exe","24980","RegQueryKey","HKLM\SOFTWARE\MICROSOFT\CTF\TIP","SUCCESS","Query: HandleTags, HandleTags: 0x400"
 "11:26:46.3734855 AM","view-test.exe","24980","RegOpenKey","HKLM\SOFTWARE\MICROSOFT\CTF\TIP\{531FDEBF-9B4C-4A43-A2AA-960E8FCDC732}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}","NAME NOT FOUND","Desired Access: Read"
 "11:26:46.3735015 AM","view-test.exe","24980","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\CTF\TIP","SUCCESS","Index: 5, Name: {78CB5B0E-26ED-4FCC-854C-77E8F3D1AA80}"
 "11:26:46.3735174 AM","view-test.exe","24980","RegQueryKey","HKLM\SOFTWARE\MICROSOFT\CTF\TIP","SUCCESS","Query: HandleTags, HandleTags: 0x400"
 "11:26:46.3735326 AM","view-test.exe","24980","RegOpenKey","HKLM\SOFTWARE\MICROSOFT\CTF\TIP\{78CB5B0E-26ED-4FCC-854C-77E8F3D1AA80}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}","SUCCESS","Desired Access: Read"
 "11:26:46.3735492 AM","view-test.exe","24980","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\CTF\TIP\{78CB5B0E-26ED-4FCC-854C-77E8F3D1AA80}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}","SUCCESS","Index: 0, Name: {246ECB87-C2F2-4ABE-905B-C8B38ADD2C43}"
 "11:26:46.3735627 AM","view-test.exe","24980","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\CTF\TIP\{78CB5B0E-26ED-4FCC-854C-77E8F3D1AA80}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}","SUCCESS","Index: 1, Name: {34745C63-B2F0-4784-8B67-5E12C8701A31}"
 "11:26:46.3735744 AM","view-test.exe","24980","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\CTF\TIP\{78CB5B0E-26ED-4FCC-854C-77E8F3D1AA80}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}","SUCCESS","Index: 2, Name: {5130A009-5540-4FCF-97EB-AAD33FC0EE09}"
 "11:26:46.3735867 AM","view-test.exe","24980","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\CTF\TIP\{78CB5B0E-26ED-4FCC-854C-77E8F3D1AA80}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}","SUCCESS","Index: 3, Name: {7AE86BB7-262C-431E-9111-C974B6B7CAC3}"
 "11:26:46.3735991 AM","view-test.exe","24980","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\CTF\TIP\{78CB5B0E-26ED-4FCC-854C-77E8F3D1AA80}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}","SUCCESS","Index: 4, Name: {B5A73CD1-8355-426B-A161-259808F26B14}"
 "11:26:46.3736105 AM","view-test.exe","24980","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\CTF\TIP\{78CB5B0E-26ED-4FCC-854C-77E8F3D1AA80}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}","SUCCESS","Index: 5, Name: {C6DEBC0A-F2B2-4F17-930E-CA9FAFF4CD04}"
 "11:26:46.3736236 AM","view-test.exe","24980","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\CTF\TIP\{78CB5B0E-26ED-4FCC-854C-77E8F3D1AA80}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}","NO MORE ENTRIES","Index: 6, Length: 288"
 "11:26:46.3736342 AM","view-test.exe","24980","RegCloseKey","HKLM\SOFTWARE\MICROSOFT\CTF\TIP\{78CB5B0E-26ED-4FCC-854C-77E8F3D1AA80}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}","SUCCESS",""
 "11:26:46.3736434 AM","view-test.exe","24980","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\CTF\TIP","SUCCESS","Index: 6, Name: {81D4E9C9-1D3B-41BC-9E6C-4B40BF79E35E}"
 "11:26:46.3736568 AM","view-test.exe","24980","RegQueryKey","HKLM\SOFTWARE\MICROSOFT\CTF\TIP","SUCCESS","Query: HandleTags, HandleTags: 0x400"
 "11:26:46.3736703 AM","view-test.exe","24980","RegOpenKey","HKLM\SOFTWARE\MICROSOFT\CTF\TIP\{81D4E9C9-1D3B-41BC-9E6C-4B40BF79E35E}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}","NAME NOT FOUND","Desired Access: Read"
 "11:26:46.3736858 AM","view-test.exe","24980","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\CTF\TIP","SUCCESS","Index: 7, Name: {8613E14C-D0C0-4161-AC0F-1DD2563286BC}"
 "11:26:46.3736986 AM","view-test.exe","24980","RegQueryKey","HKLM\SOFTWARE\MICROSOFT\CTF\TIP","SUCCESS","Query: HandleTags, HandleTags: 0x400"
 "11:26:46.3737103 AM","view-test.exe","24980","RegOpenKey","HKLM\SOFTWARE\MICROSOFT\CTF\TIP\{8613E14C-D0C0-4161-AC0F-1DD2563286BC}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}","NAME NOT FOUND","Desired Access: Read"
 "11:26:46.3737258 AM","view-test.exe","24980","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\CTF\TIP","SUCCESS","Index: 8, Name: {A028AE76-01B1-46C2-99C4-ACD9858AE02F}"
 "11:26:46.3737552 AM","view-test.exe","24980","RegQueryKey","HKLM\SOFTWARE\MICROSOFT\CTF\TIP","SUCCESS","Query: HandleTags, HandleTags: 0x400"
 "11:26:46.3737733 AM","view-test.exe","24980","RegOpenKey","HKLM\SOFTWARE\MICROSOFT\CTF\TIP\{A028AE76-01B1-46C2-99C4-ACD9858AE02F}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}","NAME NOT FOUND","Desired Access: Read"
 "11:26:46.3737952 AM","view-test.exe","24980","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\CTF\TIP","SUCCESS","Index: 9, Name: {AE6BE008-07FB-400D-8BEB-337A64F7051F}"
 "11:26:46.3738115 AM","view-test.exe","24980","RegQueryKey","HKLM\SOFTWARE\MICROSOFT\CTF\TIP","SUCCESS","Query: HandleTags, HandleTags: 0x400"
 "11:26:46.3738249 AM","view-test.exe","24980","RegOpenKey","HKLM\SOFTWARE\MICROSOFT\CTF\TIP\{AE6BE008-07FB-400D-8BEB-337A64F7051F}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}","NAME NOT FOUND","Desired Access: Read"
 "11:26:46.3738423 AM","view-test.exe","24980","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\CTF\TIP","SUCCESS","Index: 10, Name: {C1EE01F2-B3B6-4A6A-9DDD-E988C088EC82}"
 "11:26:46.3738561 AM","view-test.exe","24980","RegQueryKey","HKLM\SOFTWARE\MICROSOFT\CTF\TIP","SUCCESS","Query: HandleTags, HandleTags: 0x400"
 "11:26:46.3738695 AM","view-test.exe","24980","RegOpenKey","HKLM\SOFTWARE\MICROSOFT\CTF\TIP\{C1EE01F2-B3B6-4A6A-9DDD-E988C088EC82}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}","NAME NOT FOUND","Desired Access: Read"
 "11:26:46.3738865 AM","view-test.exe","24980","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\CTF\TIP","SUCCESS","Index: 11, Name: {DCBD6FA8-032F-11D3-B5B1-00C04FC324A1}"
 "11:26:46.3739003 AM","view-test.exe","24980","RegQueryKey","HKLM\SOFTWARE\MICROSOFT\CTF\TIP","SUCCESS","Query: HandleTags, HandleTags: 0x400"
 "11:26:46.3739148 AM","view-test.exe","24980","RegOpenKey","HKLM\SOFTWARE\MICROSOFT\CTF\TIP\{DCBD6FA8-032F-11D3-B5B1-00C04FC324A1}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}","NAME NOT FOUND","Desired Access: Read"
 "11:26:46.3739307 AM","view-test.exe","24980","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\CTF\TIP","SUCCESS","Index: 12, Name: {E429B25A-E5D3-4D1F-9BE3-0C608477E3A1}"
 "11:26:46.3739452 AM","view-test.exe","24980","RegQueryKey","HKLM\SOFTWARE\MICROSOFT\CTF\TIP","SUCCESS","Query: HandleTags, HandleTags: 0x400"
 "11:26:46.3739580 AM","view-test.exe","24980","RegOpenKey","HKLM\SOFTWARE\MICROSOFT\CTF\TIP\{E429B25A-E5D3-4D1F-9BE3-0C608477E3A1}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}","NAME NOT FOUND","Desired Access: Read"
 "11:26:46.3739725 AM","view-test.exe","24980","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\CTF\TIP","SUCCESS","Index: 13, Name: {F25E9F57-2FC8-4EB3-A41A-CCE5F08541E6}"
 "11:26:46.3739852 AM","view-test.exe","24980","RegQueryKey","HKLM\SOFTWARE\MICROSOFT\CTF\TIP","SUCCESS","Query: HandleTags, HandleTags: 0x400"
 "11:26:46.3739969 AM","view-test.exe","24980","RegOpenKey","HKLM\SOFTWARE\MICROSOFT\CTF\TIP\{F25E9F57-2FC8-4EB3-A41A-CCE5F08541E6}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}","NAME NOT FOUND","Desired Access: Read"
 "11:26:46.3740111 AM","view-test.exe","24980","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\CTF\TIP","SUCCESS","Index: 14, Name: {F89E9E58-BD2F-4008-9AC2-0F816C09F4EE}"
 "11:26:46.3740238 AM","view-test.exe","24980","RegQueryKey","HKLM\SOFTWARE\MICROSOFT\CTF\TIP","SUCCESS","Query: HandleTags, HandleTags: 0x400"
 "11:26:46.3740358 AM","view-test.exe","24980","RegOpenKey","HKLM\SOFTWARE\MICROSOFT\CTF\TIP\{F89E9E58-BD2F-4008-9AC2-0F816C09F4EE}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}","NAME NOT FOUND","Desired Access: Read"
 "11:26:46.3740507 AM","view-test.exe","24980","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\CTF\TIP","NO MORE ENTRIES","Index: 15, Length: 288"
 "11:26:46.3740638 AM","view-test.exe","24980","RegCloseKey","HKLM\SOFTWARE\MICROSOFT\CTF\TIP","SUCCESS",""
 "11:26:46.3740896 AM","view-test.exe","24980","RegOpenKey","HKCU","SUCCESS","Desired Access: Read"
 "11:26:46.3741059 AM","view-test.exe","24980","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
 "11:26:46.3741211 AM","view-test.exe","24980","RegOpenKey","HKCU\Keyboard Layout\Toggle","SUCCESS","Desired Access: Read"
 "11:26:46.3741335 AM","view-test.exe","24980","RegSetInfoKey","HKCU\Keyboard Layout\Toggle","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.3741441 AM","view-test.exe","24980","RegCloseKey","HKCU","SUCCESS",""
 "11:26:46.3741548 AM","view-test.exe","24980","RegQueryValue","HKCU\Keyboard Layout\Toggle\Language Hotkey","NAME NOT FOUND","Length: 144"
 "11:26:46.3741643 AM","view-test.exe","24980","RegQueryValue","HKCU\Keyboard Layout\Toggle\Hotkey","NAME NOT FOUND","Length: 144"
 "11:26:46.3741739 AM","view-test.exe","24980","RegQueryValue","HKCU\Keyboard Layout\Toggle\Layout Hotkey","NAME NOT FOUND","Length: 144"
 "11:26:46.3741870 AM","view-test.exe","24980","RegCloseKey","HKCU\Keyboard Layout\Toggle","SUCCESS",""
 "11:26:46.3743459 AM","view-test.exe","24980","RegOpenKey","HKCU","SUCCESS","Desired Access: Read"
 "11:26:46.3743607 AM","view-test.exe","24980","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
 "11:26:46.3743795 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Microsoft\CTF\DirectSwitchHotkeys","SUCCESS","Desired Access: Read"
 "11:26:46.3743926 AM","view-test.exe","24980","RegSetInfoKey","HKCU\Software\Microsoft\CTF\DirectSwitchHotkeys","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.3744032 AM","view-test.exe","24980","RegCloseKey","HKCU","SUCCESS",""
 "11:26:46.3744135 AM","view-test.exe","24980","RegEnumKey","HKCU\Software\Microsoft\CTF\DirectSwitchHotkeys","NO MORE ENTRIES","Index: 0, Length: 288"
 "11:26:46.3744241 AM","view-test.exe","24980","RegCloseKey","HKCU\Software\Microsoft\CTF\DirectSwitchHotkeys","SUCCESS",""
 "11:26:46.3744747 AM","view-test.exe","24980","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
 "11:26:46.3744952 AM","view-test.exe","24980","RegOpenKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\CTF\","SUCCESS","Desired Access: Read"
 "11:26:46.3745193 AM","view-test.exe","24980","RegSetInfoKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\CTF","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.3745331 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\Wow6432Node\Microsoft\CTF\EnableAnchorContext","NAME NOT FOUND","Length: 144"
 "11:26:46.3745469 AM","view-test.exe","24980","RegCloseKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\CTF","SUCCESS",""
 "11:26:46.3746017 AM","view-test.exe","24980","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
 "11:26:46.3746180 AM","view-test.exe","24980","RegOpenKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\CTF\KnownClasses","NAME NOT FOUND","Desired Access: Read"
 "11:26:46.3761338 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","REPARSE","Desired Access: Read"
 "11:26:46.3761483 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","Desired Access: Read"
 "11:26:46.3761610 AM","view-test.exe","24980","RegSetInfoKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.3761692 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale\cs-CZ","NAME NOT FOUND","Length: 532"
 "11:26:46.3761791 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS",""
 "11:26:46.3761900 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","REPARSE","Desired Access: Read"
 "11:26:46.3762010 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","Desired Access: Read"
 "11:26:46.3762109 AM","view-test.exe","24980","RegSetInfoKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.3762176 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale\cs-CZ","NAME NOT FOUND","Length: 532"
 "11:26:46.3762247 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS",""
 "11:26:46.3766444 AM","view-test.exe","24980","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
 "11:26:46.3766597 AM","view-test.exe","24980","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback","SUCCESS","Desired Access: Query Value, Enumerate Sub Keys"
 "11:26:46.3766738 AM","view-test.exe","24980","RegSetInfoKey","HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\LanguagePack\SurrogateFallback","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.3766837 AM","view-test.exe","24980","RegQueryKey","HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\LanguagePack\SurrogateFallback","SUCCESS","Query: HandleTags, HandleTags: 0x100"
 "11:26:46.3766950 AM","view-test.exe","24980","RegOpenKey","HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\LanguagePack\SurrogateFallback\System","NAME NOT FOUND","Desired Access: Query Value"
 "11:26:46.3767124 AM","view-test.exe","24980","RegCloseKey","HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\LanguagePack\SurrogateFallback","SUCCESS",""
 "11:26:46.3772609 AM","view-test.exe","24980","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
 "11:26:46.3772751 AM","view-test.exe","24980","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback","SUCCESS","Desired Access: Query Value, Enumerate Sub Keys"
 "11:26:46.3772910 AM","view-test.exe","24980","RegSetInfoKey","HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\LanguagePack\SurrogateFallback","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.3773006 AM","view-test.exe","24980","RegQueryKey","HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\LanguagePack\SurrogateFallback","SUCCESS","Query: HandleTags, HandleTags: 0x100"
 "11:26:46.3773119 AM","view-test.exe","24980","RegOpenKey","HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\LanguagePack\SurrogateFallback\MS Shell Dlg","NAME NOT FOUND","Desired Access: Query Value"
 "11:26:46.3773296 AM","view-test.exe","24980","RegCloseKey","HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\LanguagePack\SurrogateFallback","SUCCESS",""
 "11:26:46.3847045 AM","view-test.exe","24980","CreateFile","C:\dev\GIT\Red\bridges\android\samples\eval\res\drawable-xxhdpi\ic_launcher.png","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, AllocationSize: n/a, OpenResult: Opened"
 "11:26:46.3847314 AM","view-test.exe","24980","QueryStandardInformationFile","C:\dev\GIT\Red\bridges\android\samples\eval\res\drawable-xxhdpi\ic_launcher.png","SUCCESS","AllocationSize: 20,480, EndOfFile: 17,761, NumberOfLinks: 1, DeletePending: False, Directory: False"
 "11:26:46.3847445 AM","view-test.exe","24980","CreateFileMapping","C:\dev\GIT\Red\bridges\android\samples\eval\res\drawable-xxhdpi\ic_launcher.png","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: "
 "11:26:46.3847519 AM","view-test.exe","24980","QueryStandardInformationFile","C:\dev\GIT\Red\bridges\android\samples\eval\res\drawable-xxhdpi\ic_launcher.png","SUCCESS","AllocationSize: 20,480, EndOfFile: 17,761, NumberOfLinks: 1, DeletePending: False, Directory: False"
 "11:26:46.3847685 AM","view-test.exe","24980","CreateFileMapping","C:\dev\GIT\Red\bridges\android\samples\eval\res\drawable-xxhdpi\ic_launcher.png","SUCCESS","SyncType: SyncTypeOther"
 "11:26:46.3847937 AM","view-test.exe","24980","CloseFile","C:\dev\GIT\Red\bridges\android\samples\eval\res\drawable-xxhdpi\ic_launcher.png","SUCCESS",""
 "11:26:46.3849512 AM","view-test.exe","24980","CreateFile","C:\dev\GIT\Red\bridges\android\samples\eval\res\drawable-xxhdpi\ic_launcher.png","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, AllocationSize: n/a, OpenResult: Opened"
 "11:26:46.3849720 AM","view-test.exe","24980","CreateFileMapping","C:\dev\GIT\Red\bridges\android\samples\eval\res\drawable-xxhdpi\ic_launcher.png","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: "
 "11:26:46.3849798 AM","view-test.exe","24980","QueryStandardInformationFile","C:\dev\GIT\Red\bridges\android\samples\eval\res\drawable-xxhdpi\ic_launcher.png","SUCCESS","AllocationSize: 20,480, EndOfFile: 17,761, NumberOfLinks: 1, DeletePending: False, Directory: False"
 "11:26:46.3849965 AM","view-test.exe","24980","CreateFileMapping","C:\dev\GIT\Red\bridges\android\samples\eval\res\drawable-xxhdpi\ic_launcher.png","SUCCESS","SyncType: SyncTypeOther"
 "11:26:46.3850184 AM","view-test.exe","24980","CloseFile","C:\dev\GIT\Red\bridges\android\samples\eval\res\drawable-xxhdpi\ic_launcher.png","SUCCESS",""
 "11:26:46.3851571 AM","view-test.exe","24980","CreateFile","C:\dev\GIT\Red\bridges\android\samples\eval\res\drawable-xxhdpi\ic_launcher.png","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, AllocationSize: n/a, OpenResult: Opened"
 "11:26:46.3851858 AM","view-test.exe","24980","QueryInformationVolume","C:\dev\GIT\Red\bridges\android\samples\eval\res\drawable-xxhdpi\ic_launcher.png","SUCCESS","VolumeCreationTime: 12/5/2014 3:13:30 PM, VolumeSerialNumber: F9AF-F090, SupportsObjects: True, VolumeLabel: OS"
 "11:26:46.3851975 AM","view-test.exe","24980","QueryAllInformationFile","C:\dev\GIT\Red\bridges\android\samples\eval\res\drawable-xxhdpi\ic_launcher.png","BUFFER OVERFLOW","CreationTime: 9/24/2015 2:22:20 PM, LastAccessTime: 9/24/2015 2:22:20 PM, LastWriteTime: 9/24/2015 2:22:20 PM, ChangeTime: 9/24/2015 2:22:20 PM, FileAttributes: A, AllocationSize: 20,480, EndOfFile: 17,761, NumberOfLinks: 1, DeletePending: False, Directory: False, IndexNumber: 0x13000000001003, EaSize: 0, Access: Generic Read, Position: 0, Mode: Synchronous IO Non-Alert, AlignmentRequirement: Word"
 "11:26:46.3852106 AM","view-test.exe","24980","ReadFile","C:\dev\GIT\Red\bridges\android\samples\eval\res\drawable-xxhdpi\ic_launcher.png","SUCCESS","Offset: 0, Length: 22, Priority: Normal"
 "11:26:46.3852297 AM","view-test.exe","24980","ReadFile","C:\dev\GIT\Red\bridges\android\samples\eval\res\drawable-xxhdpi\ic_launcher.png","SUCCESS","Offset: 0, Length: 18"
 "11:26:46.3852406 AM","view-test.exe","24980","CloseFile","C:\dev\GIT\Red\bridges\android\samples\eval\res\drawable-xxhdpi\ic_launcher.png","SUCCESS",""
 "11:26:46.3853840 AM","view-test.exe","24980","CreateFile","C:\dev\GIT\Red\bridges\android\samples\eval\res\drawable-xxhdpi\ic_launcher.png","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, AllocationSize: n/a, OpenResult: Opened"
 "11:26:46.3854059 AM","view-test.exe","24980","QueryStandardInformationFile","C:\dev\GIT\Red\bridges\android\samples\eval\res\drawable-xxhdpi\ic_launcher.png","SUCCESS","AllocationSize: 20,480, EndOfFile: 17,761, NumberOfLinks: 1, DeletePending: False, Directory: False"
 "11:26:46.3854165 AM","view-test.exe","24980","CreateFileMapping","C:\dev\GIT\Red\bridges\android\samples\eval\res\drawable-xxhdpi\ic_launcher.png","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: "
 "11:26:46.3854236 AM","view-test.exe","24980","QueryStandardInformationFile","C:\dev\GIT\Red\bridges\android\samples\eval\res\drawable-xxhdpi\ic_launcher.png","SUCCESS","AllocationSize: 20,480, EndOfFile: 17,761, NumberOfLinks: 1, DeletePending: False, Directory: False"
 "11:26:46.3854417 AM","view-test.exe","24980","CreateFileMapping","C:\dev\GIT\Red\bridges\android\samples\eval\res\drawable-xxhdpi\ic_launcher.png","SUCCESS","SyncType: SyncTypeOther"
 "11:26:46.3854767 AM","view-test.exe","24980","QueryBasicInformationFile","C:\dev\GIT\Red\bridges\android\samples\eval\res\drawable-xxhdpi\ic_launcher.png","SUCCESS","CreationTime: 9/24/2015 2:22:20 PM, LastAccessTime: 9/24/2015 2:22:20 PM, LastWriteTime: 9/24/2015 2:22:20 PM, ChangeTime: 9/24/2015 2:22:20 PM, FileAttributes: A"
 "11:26:46.3855786 AM","view-test.exe","24980","CreateFile","C:\dev\GIT\Red\WindowsCodecs.dll","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
 "11:26:46.3857064 AM","view-test.exe","24980","CreateFile","C:\Windows\SysWOW64\WindowsCodecs.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
 "11:26:46.3857290 AM","view-test.exe","24980","QueryBasicInformationFile","C:\Windows\SysWOW64\WindowsCodecs.dll","SUCCESS","CreationTime: 3/12/2015 10:47:23 AM, LastAccessTime: 3/12/2015 10:47:23 AM, LastWriteTime: 2/3/2015 5:12:42 AM, ChangeTime: 3/12/2015 10:51:55 AM, FileAttributes: A"
 "11:26:46.3857389 AM","view-test.exe","24980","CloseFile","C:\Windows\SysWOW64\WindowsCodecs.dll","SUCCESS",""
 "11:26:46.3858118 AM","view-test.exe","24980","CreateFile","C:\Windows\SysWOW64\WindowsCodecs.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
 "11:26:46.3858313 AM","view-test.exe","24980","CreateFileMapping","C:\Windows\SysWOW64\WindowsCodecs.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: "
 "11:26:46.3858656 AM","view-test.exe","24980","CreateFileMapping","C:\Windows\SysWOW64\WindowsCodecs.dll","SUCCESS","SyncType: SyncTypeOther"
 "11:26:46.3859530 AM","view-test.exe","24980","Load Image","C:\Windows\SysWOW64\WindowsCodecs.dll","SUCCESS","Image Base: 0x70020000, Image Size: 0x131000"
 "11:26:46.3859750 AM","view-test.exe","24980","CloseFile","C:\Windows\SysWOW64\WindowsCodecs.dll","SUCCESS",""
 "11:26:46.3861870 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Classes","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
 "11:26:46.3861997 AM","view-test.exe","24980","RegSetInfoKey","HKCU\Software\Classes","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.3862082 AM","view-test.exe","24980","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: Name"
 "11:26:46.3862227 AM","view-test.exe","24980","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x1"
 "11:26:46.3862376 AM","view-test.exe","24980","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x1"
 "11:26:46.3862521 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Classes\Wow6432Node\CLSID\{FAE3D380-FEA4-4623-8C75-C6B61110B681}\Instance","NAME NOT FOUND","Desired Access: Read"
 "11:26:46.3862659 AM","view-test.exe","24980","RegOpenKey","HKCR\Wow6432Node\CLSID\{FAE3D380-FEA4-4623-8C75-C6B61110B681}\Instance","SUCCESS","Desired Access: Read"
 "11:26:46.3862786 AM","view-test.exe","24980","RegSetInfoKey","HKCR\Wow6432Node\CLSID\{FAE3D380-FEA4-4623-8C75-C6B61110B681}\Instance","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.3862854 AM","view-test.exe","24980","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: Name"
 "11:26:46.3862939 AM","view-test.exe","24980","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x1"
 "11:26:46.3863013 AM","view-test.exe","24980","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x1"
 "11:26:46.3863112 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Classes\Wow6432Node\CLSID\{FAE3D380-FEA4-4623-8C75-C6B61110B681}\Instance\Disabled","NAME NOT FOUND","Desired Access: Read"
 "11:26:46.3863211 AM","view-test.exe","24980","RegOpenKey","HKCR\Wow6432Node\CLSID\{FAE3D380-FEA4-4623-8C75-C6B61110B681}\Instance\Disabled","NAME NOT FOUND","Desired Access: Read"
 "11:26:46.3863413 AM","view-test.exe","24980","RegCloseKey","HKCR\Wow6432Node\CLSID\{FAE3D380-FEA4-4623-8C75-C6B61110B681}\Instance","SUCCESS",""
 "11:26:46.3874564 AM","view-test.exe","24980","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
 "11:26:46.3874702 AM","view-test.exe","24980","RegOpenKey","HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS","Desired Access: Read"
 "11:26:46.3874833 AM","view-test.exe","24980","RegSetInfoKey","HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\FontSubstitutes","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.3874904 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\FontSubstitutes\MS Shell Dlg","SUCCESS","Type: REG_SZ, Length: 42, Data: Microsoft Sans Serif"
 "11:26:46.3875035 AM","view-test.exe","24980","RegCloseKey","HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\FontSubstitutes","SUCCESS",""
 "11:26:46.3892096 AM","view-test.exe","24980","RegOpenKey","HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\SideBySide","SUCCESS","Desired Access: Read"
 "11:26:46.3892330 AM","view-test.exe","24980","RegSetInfoKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SideBySide","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.3892578 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest","NAME NOT FOUND","Length: 20"
 "11:26:46.3892755 AM","view-test.exe","24980","RegCloseKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SideBySide","SUCCESS",""
 "11:26:46.3893657 AM","view-test.exe","24980","CreateFile","C:\Windows\SysWOW64\uxtheme.dll.Config","NAME NOT FOUND","Desired Access: Generic Read/Execute, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a"
 "11:26:46.3894758 AM","view-test.exe","24980","CreateFile","C:\Windows\SysWOW64\uxtheme.dll","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
 "11:26:46.3895572 AM","view-test.exe","24980","QueryBasicInformationFile","C:\Windows\SysWOW64\uxtheme.dll","SUCCESS","CreationTime: 7/14/2009 1:39:11 AM, LastAccessTime: 7/14/2009 1:39:11 AM, LastWriteTime: 7/14/2009 3:11:24 AM, ChangeTime: 12/5/2014 3:16:09 PM, FileAttributes: A"
 "11:26:46.3896219 AM","view-test.exe","24980","CloseFile","C:\Windows\SysWOW64\uxtheme.dll","SUCCESS",""
 "11:26:46.3896693 AM","view-test.exe","24980","RegOpenKey","HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\SideBySide\AssemblyStorageRoots","NAME NOT FOUND","Desired Access: Enumerate Sub Keys"
 "11:26:46.3897691 AM","view-test.exe","24980","CreateFile","C:\dev\GIT\Red\view-test.exe.Local","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
 "11:26:46.3899171 AM","view-test.exe","24980","CreateFile","C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
 "11:26:46.3899411 AM","view-test.exe","24980","QueryBasicInformationFile","C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d","SUCCESS","CreationTime: 7/17/2015 10:07:45 AM, LastAccessTime: 7/17/2015 10:07:45 AM, LastWriteTime: 7/17/2015 10:07:45 AM, ChangeTime: 7/17/2015 10:07:45 AM, FileAttributes: D"
 "11:26:46.3899571 AM","view-test.exe","24980","CloseFile","C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d","SUCCESS",""
 "11:26:46.3900717 AM","view-test.exe","24980","CreateFile","C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d","SUCCESS","Desired Access: Execute/Traverse, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
 "11:26:46.3901195 AM","view-test.exe","24980","CloseFile","C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d","SUCCESS",""
 "11:26:46.3917708 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Classes","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
 "11:26:46.3917857 AM","view-test.exe","24980","RegSetInfoKey","HKCU\Software\Classes","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.3918104 AM","view-test.exe","24980","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
 "11:26:46.3918218 AM","view-test.exe","24980","RegOpenKey","HKLM\Software\Microsoft\COM3","SUCCESS","Desired Access: Read"
 "11:26:46.3918405 AM","view-test.exe","24980","RegSetInfoKey","HKLM\SOFTWARE\MICROSOFT\COM3","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.3918472 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\MICROSOFT\COM3\Com+Enabled","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1"
 "11:26:46.3918575 AM","view-test.exe","24980","RegCloseKey","HKLM\SOFTWARE\MICROSOFT\COM3","SUCCESS",""
 "11:26:46.3919562 AM","view-test.exe","24980","Load Image","C:\Windows\SysWOW64\clbcatq.dll","SUCCESS","Image Base: 0x753b0000, Image Size: 0x83000"
 "11:26:46.3920985 AM","view-test.exe","24980","RegOpenKey","HKLM\Software\Microsoft\SQMClient\Windows\DisabledProcesses\","SUCCESS","Desired Access: Read"
 "11:26:46.3921130 AM","view-test.exe","24980","RegSetInfoKey","HKLM\SOFTWARE\MICROSOFT\SQMClient\Windows\DisabledProcesses","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.3921204 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\MICROSOFT\SQMClient\Windows\DisabledProcesses\B694BDBC","NAME NOT FOUND","Length: 24"
 "11:26:46.3921279 AM","view-test.exe","24980","RegCloseKey","HKLM\SOFTWARE\MICROSOFT\SQMClient\Windows\DisabledProcesses","SUCCESS",""
 "11:26:46.3921371 AM","view-test.exe","24980","RegOpenKey","HKLM\Software\Microsoft\SQMClient\Windows\DisabledSessions\","SUCCESS","Desired Access: Read"
 "11:26:46.3921452 AM","view-test.exe","24980","RegSetInfoKey","HKLM\SOFTWARE\MICROSOFT\SQMClient\Windows\DisabledSessions","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.3921527 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\MICROSOFT\SQMClient\Windows\DisabledSessions\MachineThrottling","NAME NOT FOUND","Length: 24"
 "11:26:46.3921679 AM","view-test.exe","24980","RegCloseKey","HKLM\SOFTWARE\MICROSOFT\SQMClient\Windows\DisabledSessions","SUCCESS",""
 "11:26:46.3921820 AM","view-test.exe","24980","RegOpenKey","HKLM\Software\Microsoft\SQMClient\Windows\DisabledSessions\","SUCCESS","Desired Access: Read"
 "11:26:46.3921930 AM","view-test.exe","24980","RegSetInfoKey","HKLM\SOFTWARE\MICROSOFT\SQMClient\Windows\DisabledSessions","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.3921990 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\MICROSOFT\SQMClient\Windows\DisabledSessions\GlobalSession","NAME NOT FOUND","Length: 24"
 "11:26:46.3922054 AM","view-test.exe","24980","RegCloseKey","HKLM\SOFTWARE\MICROSOFT\SQMClient\Windows\DisabledSessions","SUCCESS",""
 "11:26:46.3922963 AM","view-test.exe","24980","CreateFile","C:\Windows\Registration\R000000000005.clb","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, AllocationSize: n/a, OpenResult: Opened"
 "11:26:46.3923229 AM","view-test.exe","24980","QueryStandardInformationFile","C:\Windows\Registration\R000000000005.clb","SUCCESS","AllocationSize: 28,672, EndOfFile: 25,984, NumberOfLinks: 1, DeletePending: False, Directory: False"
 "11:26:46.3923370 AM","view-test.exe","24980","CreateFileMapping","C:\Windows\Registration\R000000000005.clb","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: "
 "11:26:46.3923452 AM","view-test.exe","24980","QueryStandardInformationFile","C:\Windows\Registration\R000000000005.clb","SUCCESS","AllocationSize: 28,672, EndOfFile: 25,984, NumberOfLinks: 1, DeletePending: False, Directory: False"
 "11:26:46.3923615 AM","view-test.exe","24980","CreateFileMapping","C:\Windows\Registration\R000000000005.clb","SUCCESS","SyncType: SyncTypeOther"
 "11:26:46.3924397 AM","view-test.exe","24980","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: Name"
 "11:26:46.3924499 AM","view-test.exe","24980","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x1"
 "11:26:46.3924588 AM","view-test.exe","24980","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x1"
 "11:26:46.3924715 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Classes\Wow6432Node\CLSID\{62BE5D10-60EB-11D0-BD3B-00A0C911CE86}","NAME NOT FOUND","Desired Access: Read"
 "11:26:46.3924846 AM","view-test.exe","24980","RegOpenKey","HKCR\Wow6432Node\CLSID\{62BE5D10-60EB-11D0-BD3B-00A0C911CE86}","SUCCESS","Desired Access: Read"
 "11:26:46.3924949 AM","view-test.exe","24980","RegSetInfoKey","HKCR\Wow6432Node\CLSID\{62BE5D10-60EB-11D0-BD3B-00A0C911CE86}","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.3925019 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{62BE5D10-60EB-11D0-BD3B-00A0C911CE86}","SUCCESS","Query: Name"
 "11:26:46.3925101 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{62BE5D10-60EB-11D0-BD3B-00A0C911CE86}","SUCCESS","Query: HandleTags, HandleTags: 0x401"
 "11:26:46.3925250 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Classes\Wow6432Node\CLSID\{62BE5D10-60EB-11D0-BD3B-00A0C911CE86}\TreatAs","NAME NOT FOUND","Desired Access: Query Value"
 "11:26:46.3925331 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{62BE5D10-60EB-11D0-BD3B-00A0C911CE86}","SUCCESS","Query: HandleTags, HandleTags: 0x401"
 "11:26:46.3925430 AM","view-test.exe","24980","RegOpenKey","HKCR\Wow6432Node\CLSID\{62BE5D10-60EB-11D0-BD3B-00A0C911CE86}\TreatAs","NAME NOT FOUND","Desired Access: Query Value"
 "11:26:46.3925586 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{62BE5D10-60EB-11D0-BD3B-00A0C911CE86}","BUFFER TOO SMALL","Query: Name, Length: 0"
 "11:26:46.3925678 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{62BE5D10-60EB-11D0-BD3B-00A0C911CE86}","SUCCESS","Query: Name"
 "11:26:46.3925763 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{62BE5D10-60EB-11D0-BD3B-00A0C911CE86}","SUCCESS","Query: Name"
 "11:26:46.3925841 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{62BE5D10-60EB-11D0-BD3B-00A0C911CE86}","SUCCESS","Query: HandleTags, HandleTags: 0x401"
 "11:26:46.3925968 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Classes\Wow6432Node\CLSID\{62BE5D10-60EB-11D0-BD3B-00A0C911CE86}\Progid","NAME NOT FOUND","Desired Access: Query Value"
 "11:26:46.3926056 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{62BE5D10-60EB-11D0-BD3B-00A0C911CE86}","SUCCESS","Query: HandleTags, HandleTags: 0x401"
 "11:26:46.3926131 AM","view-test.exe","24980","RegOpenKey","HKCR\Wow6432Node\CLSID\{62BE5D10-60EB-11D0-BD3B-00A0C911CE86}\Progid","NAME NOT FOUND","Desired Access: Query Value"
 "11:26:46.3926276 AM","view-test.exe","24980","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: Name"
 "11:26:46.3926361 AM","view-test.exe","24980","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x1"
 "11:26:46.3926435 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Classes\CLSID\{62BE5D10-60EB-11D0-BD3B-00A0C911CE86}","NAME NOT FOUND","Desired Access: Read"
 "11:26:46.3926513 AM","view-test.exe","24980","RegOpenKey","HKCR\CLSID\{62BE5D10-60EB-11D0-BD3B-00A0C911CE86}","SUCCESS","Desired Access: Read"
 "11:26:46.3926598 AM","view-test.exe","24980","RegSetInfoKey","HKCR\CLSID\{62BE5D10-60EB-11D0-BD3B-00A0C911CE86}","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.3926647 AM","view-test.exe","24980","RegQueryKey","HKCR\CLSID\{62BE5D10-60EB-11D0-BD3B-00A0C911CE86}","SUCCESS","Query: Name"
 "11:26:46.3926736 AM","view-test.exe","24980","RegQueryKey","HKCR\CLSID\{62BE5D10-60EB-11D0-BD3B-00A0C911CE86}","SUCCESS","Query: HandleTags, HandleTags: 0x100"
 "11:26:46.3926870 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Classes\CLSID\{62BE5D10-60EB-11D0-BD3B-00A0C911CE86}\Progid","NAME NOT FOUND","Desired Access: Query Value"
 "11:26:46.3926945 AM","view-test.exe","24980","RegQueryKey","HKCR\CLSID\{62BE5D10-60EB-11D0-BD3B-00A0C911CE86}","SUCCESS","Query: HandleTags, HandleTags: 0x100"
 "11:26:46.3927037 AM","view-test.exe","24980","RegOpenKey","HKCR\CLSID\{62BE5D10-60EB-11D0-BD3B-00A0C911CE86}\Progid","NAME NOT FOUND","Desired Access: Query Value"
 "11:26:46.3927164 AM","view-test.exe","24980","RegCloseKey","HKCR\CLSID\{62BE5D10-60EB-11D0-BD3B-00A0C911CE86}","SUCCESS",""
 "11:26:46.3927228 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{62BE5D10-60EB-11D0-BD3B-00A0C911CE86}","SUCCESS","Query: Name"
 "11:26:46.3927320 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{62BE5D10-60EB-11D0-BD3B-00A0C911CE86}","SUCCESS","Query: HandleTags, HandleTags: 0x401"
 "11:26:46.3927454 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Classes\Wow6432Node\CLSID\{62BE5D10-60EB-11D0-BD3B-00A0C911CE86}","NAME NOT FOUND","Desired Access: Maximum Allowed"
 "11:26:46.3927532 AM","view-test.exe","24980","RegQueryValue","HKCR\Wow6432Node\CLSID\{62BE5D10-60EB-11D0-BD3B-00A0C911CE86}\(Default)","SUCCESS","Type: REG_SZ, Length: 50, Data: System Device Enumerator"
 "11:26:46.3927631 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{62BE5D10-60EB-11D0-BD3B-00A0C911CE86}","SUCCESS","Query: Name"
 "11:26:46.3927709 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{62BE5D10-60EB-11D0-BD3B-00A0C911CE86}","SUCCESS","Query: HandleTags, HandleTags: 0x401"
 "11:26:46.3927851 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Classes\Wow6432Node\CLSID\{62BE5D10-60EB-11D0-BD3B-00A0C911CE86}","NAME NOT FOUND","Desired Access: Maximum Allowed"
 "11:26:46.3927918 AM","view-test.exe","24980","RegQueryValue","HKCR\Wow6432Node\CLSID\{62BE5D10-60EB-11D0-BD3B-00A0C911CE86}\(Default)","SUCCESS","Type: REG_SZ, Length: 50, Data: System Device Enumerator"
 "11:26:46.3928013 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{62BE5D10-60EB-11D0-BD3B-00A0C911CE86}","SUCCESS","Query: Name"
 "11:26:46.3928088 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{62BE5D10-60EB-11D0-BD3B-00A0C911CE86}","SUCCESS","Query: HandleTags, HandleTags: 0x401"
 "11:26:46.3928198 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Classes\Wow6432Node\CLSID\{62BE5D10-60EB-11D0-BD3B-00A0C911CE86}\InprocServer32","NAME NOT FOUND","Desired Access: Read"
 "11:26:46.3928275 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{62BE5D10-60EB-11D0-BD3B-00A0C911CE86}","SUCCESS","Query: HandleTags, HandleTags: 0x401"
 "11:26:46.3928350 AM","view-test.exe","24980","RegOpenKey","HKCR\Wow6432Node\CLSID\{62BE5D10-60EB-11D0-BD3B-00A0C911CE86}\InprocServer32","SUCCESS","Desired Access: Read"
 "11:26:46.3928435 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{62BE5D10-60EB-11D0-BD3B-00A0C911CE86}\InprocServer32","SUCCESS","Query: Name"
 "11:26:46.3928512 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{62BE5D10-60EB-11D0-BD3B-00A0C911CE86}\InprocServer32","SUCCESS","Query: HandleTags, HandleTags: 0x401"
 "11:26:46.3928622 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Classes\Wow6432Node\CLSID\{62BE5D10-60EB-11D0-BD3B-00A0C911CE86}\InprocServer32","NAME NOT FOUND","Desired Access: Maximum Allowed"
 "11:26:46.3928704 AM","view-test.exe","24980","RegQueryValue","HKCR\Wow6432Node\CLSID\{62BE5D10-60EB-11D0-BD3B-00A0C911CE86}\InprocServer32\InprocServer32","NAME NOT FOUND","Length: 144"
 "11:26:46.3928774 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{62BE5D10-60EB-11D0-BD3B-00A0C911CE86}\InprocServer32","SUCCESS","Query: Name"
 "11:26:46.3928859 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{62BE5D10-60EB-11D0-BD3B-00A0C911CE86}\InprocServer32","SUCCESS","Query: HandleTags, HandleTags: 0x401"
 "11:26:46.3928987 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Classes\Wow6432Node\CLSID\{62BE5D10-60EB-11D0-BD3B-00A0C911CE86}\InprocServer32","NAME NOT FOUND","Desired Access: Maximum Allowed"
 "11:26:46.3929054 AM","view-test.exe","24980","RegQueryValue","HKCR\Wow6432Node\CLSID\{62BE5D10-60EB-11D0-BD3B-00A0C911CE86}\InprocServer32\(Default)","SUCCESS","Type: REG_SZ, Length: 64, Data: C:\Windows\SysWOW64\devenum.dll"
 "11:26:46.3929132 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{62BE5D10-60EB-11D0-BD3B-00A0C911CE86}\InprocServer32","SUCCESS","Query: Name"
 "11:26:46.3929206 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{62BE5D10-60EB-11D0-BD3B-00A0C911CE86}\InprocServer32","SUCCESS","Query: HandleTags, HandleTags: 0x401"
 "11:26:46.3929323 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Classes\Wow6432Node\CLSID\{62BE5D10-60EB-11D0-BD3B-00A0C911CE86}\InprocServer32","NAME NOT FOUND","Desired Access: Maximum Allowed"
 "11:26:46.3929394 AM","view-test.exe","24980","RegQueryValue","HKCR\Wow6432Node\CLSID\{62BE5D10-60EB-11D0-BD3B-00A0C911CE86}\InprocServer32\(Default)","SUCCESS","Type: REG_SZ, Length: 64, Data: C:\Windows\SysWOW64\devenum.dll"
 "11:26:46.3929472 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{62BE5D10-60EB-11D0-BD3B-00A0C911CE86}\InprocServer32","SUCCESS","Query: Name"
 "11:26:46.3929546 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{62BE5D10-60EB-11D0-BD3B-00A0C911CE86}\InprocServer32","SUCCESS","Query: HandleTags, HandleTags: 0x401"
 "11:26:46.3929652 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Classes\Wow6432Node\CLSID\{62BE5D10-60EB-11D0-BD3B-00A0C911CE86}\InprocServer32","NAME NOT FOUND","Desired Access: Maximum Allowed"
 "11:26:46.3929719 AM","view-test.exe","24980","RegQueryValue","HKCR\Wow6432Node\CLSID\{62BE5D10-60EB-11D0-BD3B-00A0C911CE86}\InprocServer32\ThreadingModel","SUCCESS","Type: REG_SZ, Length: 10, Data: Both"
 "11:26:46.3929811 AM","view-test.exe","24980","RegCloseKey","HKCR\Wow6432Node\CLSID\{62BE5D10-60EB-11D0-BD3B-00A0C911CE86}\InprocServer32","SUCCESS",""
 "11:26:46.3929864 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{62BE5D10-60EB-11D0-BD3B-00A0C911CE86}","SUCCESS","Query: Name"
 "11:26:46.3929939 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{62BE5D10-60EB-11D0-BD3B-00A0C911CE86}","SUCCESS","Query: HandleTags, HandleTags: 0x401"
 "11:26:46.3930045 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Classes\Wow6432Node\CLSID\{62BE5D10-60EB-11D0-BD3B-00A0C911CE86}\InprocHandler32","NAME NOT FOUND","Desired Access: Query Value"
 "11:26:46.3930116 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{62BE5D10-60EB-11D0-BD3B-00A0C911CE86}","SUCCESS","Query: HandleTags, HandleTags: 0x401"
 "11:26:46.3930190 AM","view-test.exe","24980","RegOpenKey","HKCR\Wow6432Node\CLSID\{62BE5D10-60EB-11D0-BD3B-00A0C911CE86}\InprocHandler32","NAME NOT FOUND","Desired Access: Query Value"
 "11:26:46.3930303 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{62BE5D10-60EB-11D0-BD3B-00A0C911CE86}","SUCCESS","Query: Name"
 "11:26:46.3930388 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{62BE5D10-60EB-11D0-BD3B-00A0C911CE86}","SUCCESS","Query: HandleTags, HandleTags: 0x401"
 "11:26:46.3930498 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Classes\Wow6432Node\CLSID\{62BE5D10-60EB-11D0-BD3B-00A0C911CE86}\InprocHandler","NAME NOT FOUND","Desired Access: Query Value"
 "11:26:46.3930569 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{62BE5D10-60EB-11D0-BD3B-00A0C911CE86}","SUCCESS","Query: HandleTags, HandleTags: 0x401"
 "11:26:46.3930643 AM","view-test.exe","24980","RegOpenKey","HKCR\Wow6432Node\CLSID\{62BE5D10-60EB-11D0-BD3B-00A0C911CE86}\InprocHandler","NAME NOT FOUND","Desired Access: Query Value"
 "11:26:46.3930746 AM","view-test.exe","24980","RegCloseKey","HKCR\Wow6432Node\CLSID\{62BE5D10-60EB-11D0-BD3B-00A0C911CE86}","SUCCESS",""
 "11:26:46.3930831 AM","view-test.exe","24980","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
 "11:26:46.3930923 AM","view-test.exe","24980","RegOpenKey","HKLM\Software\Wow6432Node\Microsoft\OLE","SUCCESS","Desired Access: Read"
 "11:26:46.3931061 AM","view-test.exe","24980","RegSetInfoKey","HKLM\SOFTWARE\MICROSOFT\Ole","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.3931117 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\MICROSOFT\Ole\MaxSxSHashCount","NAME NOT FOUND","Length: 144"
 "11:26:46.3931184 AM","view-test.exe","24980","RegCloseKey","HKLM\SOFTWARE\MICROSOFT\Ole","SUCCESS",""
 "11:26:46.3931542 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Classes","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
 "11:26:46.3931630 AM","view-test.exe","24980","RegSetInfoKey","HKCU\Software\Classes","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.3931694 AM","view-test.exe","24980","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: Name"
 "11:26:46.3931772 AM","view-test.exe","24980","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x1"
 "11:26:46.3931846 AM","view-test.exe","24980","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x1"
 "11:26:46.3931938 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Classes\Wow6432Node\CLSID\{62BE5D10-60EB-11D0-BD3B-00A0C911CE86}","NAME NOT FOUND","Desired Access: Read"
 "11:26:46.3932027 AM","view-test.exe","24980","RegOpenKey","HKCR\Wow6432Node\CLSID\{62BE5D10-60EB-11D0-BD3B-00A0C911CE86}","SUCCESS","Desired Access: Read"
 "11:26:46.3932094 AM","view-test.exe","24980","RegSetInfoKey","HKCR\Wow6432Node\CLSID\{62BE5D10-60EB-11D0-BD3B-00A0C911CE86}","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.3932158 AM","view-test.exe","24980","RegCloseKey","HKCU\Software\Classes","SUCCESS",""
 "11:26:46.3932221 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{62BE5D10-60EB-11D0-BD3B-00A0C911CE86}","SUCCESS","Query: Name"
 "11:26:46.3932299 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{62BE5D10-60EB-11D0-BD3B-00A0C911CE86}","SUCCESS","Query: HandleTags, HandleTags: 0x401"
 "11:26:46.3932412 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Classes\Wow6432Node\CLSID\{62BE5D10-60EB-11D0-BD3B-00A0C911CE86}\TreatAs","NAME NOT FOUND","Desired Access: Read"
 "11:26:46.3932483 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{62BE5D10-60EB-11D0-BD3B-00A0C911CE86}","SUCCESS","Query: HandleTags, HandleTags: 0x401"
 "11:26:46.3932558 AM","view-test.exe","24980","RegOpenKey","HKCR\Wow6432Node\CLSID\{62BE5D10-60EB-11D0-BD3B-00A0C911CE86}\TreatAs","NAME NOT FOUND","Desired Access: Read"
 "11:26:46.3932664 AM","view-test.exe","24980","RegCloseKey","HKCR\Wow6432Node\CLSID\{62BE5D10-60EB-11D0-BD3B-00A0C911CE86}","SUCCESS",""
 "11:26:46.3934058 AM","view-test.exe","24980","CreateFile","C:\Windows\SysWOW64\devenum.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
 "11:26:46.3934720 AM","view-test.exe","24980","QueryBasicInformationFile","C:\Windows\SysWOW64\devenum.dll","SUCCESS","CreationTime: 7/14/2009 2:03:17 AM, LastAccessTime: 7/14/2009 2:03:17 AM, LastWriteTime: 7/14/2009 3:15:10 AM, ChangeTime: 12/5/2014 3:15:51 PM, FileAttributes: A"
 "11:26:46.3934826 AM","view-test.exe","24980","CloseFile","C:\Windows\SysWOW64\devenum.dll","SUCCESS",""
 "11:26:46.3935658 AM","view-test.exe","24980","CreateFile","C:\Windows\SysWOW64\devenum.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
 "11:26:46.3936415 AM","view-test.exe","24980","CreateFileMapping","C:\Windows\SysWOW64\devenum.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: "
 "11:26:46.3936787 AM","view-test.exe","24980","CreateFileMapping","C:\Windows\SysWOW64\devenum.dll","SUCCESS","SyncType: SyncTypeOther"
 "11:26:46.3937562 AM","view-test.exe","24980","Load Image","C:\Windows\SysWOW64\devenum.dll","SUCCESS","Image Base: 0x734e0000, Image Size: 0x14000"
 "11:26:46.3937693 AM","view-test.exe","24980","CloseFile","C:\Windows\SysWOW64\devenum.dll","SUCCESS",""
 "11:26:46.3939427 AM","view-test.exe","24980","CreateFile","C:\Windows\SysWOW64\winmm.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
 "11:26:46.3940074 AM","view-test.exe","24980","QueryBasicInformationFile","C:\Windows\SysWOW64\winmm.dll","SUCCESS","CreationTime: 11/21/2010 5:24:16 AM, LastAccessTime: 11/21/2010 5:24:16 AM, LastWriteTime: 11/21/2010 5:24:16 AM, ChangeTime: 12/5/2014 3:16:10 PM, FileAttributes: A"
 "11:26:46.3940173 AM","view-test.exe","24980","CloseFile","C:\Windows\SysWOW64\winmm.dll","SUCCESS",""
 "11:26:46.3940860 AM","view-test.exe","24980","CreateFile","C:\Windows\SysWOW64\winmm.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
 "11:26:46.3941486 AM","view-test.exe","24980","CreateFileMapping","C:\Windows\SysWOW64\winmm.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: "
 "11:26:46.3941851 AM","view-test.exe","24980","CreateFileMapping","C:\Windows\SysWOW64\winmm.dll","SUCCESS","SyncType: SyncTypeOther"
 "11:26:46.3942541 AM","view-test.exe","24980","Load Image","C:\Windows\SysWOW64\winmm.dll","SUCCESS","Image Base: 0x71160000, Image Size: 0x32000"
 "11:26:46.3942668 AM","view-test.exe","24980","CloseFile","C:\Windows\SysWOW64\winmm.dll","SUCCESS",""
 "11:26:46.3944095 AM","view-test.exe","24980","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
 "11:26:46.3944222 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Control\LSA\AccessProviders","REPARSE","Desired Access: Read"
 "11:26:46.3944357 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Control\LSA\AccessProviders","SUCCESS","Desired Access: Read"
 "11:26:46.3944470 AM","view-test.exe","24980","RegSetInfoKey","HKLM\System\CurrentControlSet\Control\Lsa\AccessProviders","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.3944544 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Control\Lsa\AccessProviders\MartaExtension","SUCCESS","Type: REG_SZ, Length: 24, Data: ntmarta.dll"
 "11:26:46.3944633 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Control\Lsa\AccessProviders\MartaExtension","SUCCESS","Type: REG_SZ, Length: 24, Data: ntmarta.dll"
 "11:26:46.3945602 AM","view-test.exe","24980","CreateFile","C:\dev\GIT\Red\ntmarta.dll","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
 "11:26:46.3947028 AM","view-test.exe","24980","CreateFile","C:\Windows\SysWOW64\ntmarta.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
 "11:26:46.3947733 AM","view-test.exe","24980","QueryBasicInformationFile","C:\Windows\SysWOW64\ntmarta.dll","SUCCESS","CreationTime: 7/14/2009 1:34:20 AM, LastAccessTime: 7/14/2009 1:34:20 AM, LastWriteTime: 7/14/2009 3:16:11 AM, ChangeTime: 12/5/2014 3:16:07 PM, FileAttributes: A"
 "11:26:46.3947835 AM","view-test.exe","24980","CloseFile","C:\Windows\SysWOW64\ntmarta.dll","SUCCESS",""
 "11:26:46.3948741 AM","view-test.exe","24980","CreateFile","C:\Windows\SysWOW64\ntmarta.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
 "11:26:46.3949463 AM","view-test.exe","24980","CreateFileMapping","C:\Windows\SysWOW64\ntmarta.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: "
 "11:26:46.3949842 AM","view-test.exe","24980","CreateFileMapping","C:\Windows\SysWOW64\ntmarta.dll","SUCCESS","SyncType: SyncTypeOther"
 "11:26:46.3950939 AM","view-test.exe","24980","Load Image","C:\Windows\SysWOW64\ntmarta.dll","SUCCESS","Image Base: 0x74b20000, Image Size: 0x21000"
 "11:26:46.3951134 AM","view-test.exe","24980","CloseFile","C:\Windows\SysWOW64\ntmarta.dll","SUCCESS",""
 "11:26:46.3952617 AM","view-test.exe","24980","Load Image","C:\Windows\SysWOW64\Wldap32.dll","SUCCESS","Image Base: 0x76d80000, Image Size: 0x45000"
 "11:26:46.3953328 AM","view-test.exe","24980","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
 "11:26:46.3953452 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Services\LDAP","REPARSE","Desired Access: Read"
 "11:26:46.3953554 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Services\LDAP","SUCCESS","Desired Access: Read"
 "11:26:46.3953650 AM","view-test.exe","24980","RegSetInfoKey","HKLM\System\CurrentControlSet\services\LDAP","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.3953738 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\services\LDAP\LdapClientIntegrity","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1"
 "11:26:46.3953838 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\services\LDAP","SUCCESS",""
 "11:26:46.3953915 AM","view-test.exe","24980","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
 "11:26:46.3954011 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Services\LDAP","REPARSE","Desired Access: Read"
 "11:26:46.3954082 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Services\LDAP","SUCCESS","Desired Access: Read"
 "11:26:46.3954156 AM","view-test.exe","24980","RegSetInfoKey","HKLM\System\CurrentControlSet\services\LDAP","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.3954213 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\services\LDAP\UseOldHostResolutionOrder","NAME NOT FOUND","Length: 144"
 "11:26:46.3954280 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\services\LDAP","SUCCESS",""
 "11:26:46.3954344 AM","view-test.exe","24980","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
 "11:26:46.3954443 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Services\LDAP","REPARSE","Desired Access: Read"
 "11:26:46.3954513 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Services\LDAP","SUCCESS","Desired Access: Read"
 "11:26:46.3954574 AM","view-test.exe","24980","RegSetInfoKey","HKLM\System\CurrentControlSet\services\LDAP","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.3954630 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\services\LDAP\UseHostnameAsAlias","NAME NOT FOUND","Length: 144"
 "11:26:46.3954690 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\services\LDAP","SUCCESS",""
 "11:26:46.3954882 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Control\Lsa\AccessProviders","SUCCESS",""
 "11:26:46.3955143 AM","view-test.exe","24980","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
 "11:26:46.3955250 AM","view-test.exe","24980","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
 "11:26:46.3955338 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Microsoft\ActiveMovie\devenum","SUCCESS","Desired Access: Read"
 "11:26:46.3955423 AM","view-test.exe","24980","RegSetInfoKey","HKCU\Software\Microsoft\ActiveMovie\devenum","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.3955476 AM","view-test.exe","24980","RegQueryValue","HKCU\Software\Microsoft\ActiveMovie\devenum\Version","SUCCESS","Type: REG_DWORD, Length: 4, Data: 7"
 "11:26:46.3955557 AM","view-test.exe","24980","RegCloseKey","HKCU\Software\Microsoft\ActiveMovie\devenum","SUCCESS",""
 "11:26:46.3955784 AM","view-test.exe","24980","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: Name"
 "11:26:46.3955883 AM","view-test.exe","24980","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x1"
 "11:26:46.3955964 AM","view-test.exe","24980","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x1"
 "11:26:46.3956064 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Classes\Wow6432Node\CLSID\{860BB310-5D01-11D0-BD3B-00A0C911CE86}","NAME NOT FOUND","Desired Access: Read"
 "11:26:46.3956170 AM","view-test.exe","24980","RegOpenKey","HKCR\Wow6432Node\CLSID\{860BB310-5D01-11D0-BD3B-00A0C911CE86}","SUCCESS","Desired Access: Read"
 "11:26:46.3956251 AM","view-test.exe","24980","RegSetInfoKey","HKCR\Wow6432Node\CLSID\{860BB310-5D01-11D0-BD3B-00A0C911CE86}","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.3956304 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{860BB310-5D01-11D0-BD3B-00A0C911CE86}","SUCCESS","Query: Name"
 "11:26:46.3956386 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{860BB310-5D01-11D0-BD3B-00A0C911CE86}","SUCCESS","Query: HandleTags, HandleTags: 0x401"
 "11:26:46.3956513 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Classes\Wow6432Node\CLSID\{860BB310-5D01-11D0-BD3B-00A0C911CE86}\TreatAs","NAME NOT FOUND","Desired Access: Query Value"
 "11:26:46.3956594 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{860BB310-5D01-11D0-BD3B-00A0C911CE86}","SUCCESS","Query: HandleTags, HandleTags: 0x401"
 "11:26:46.3956672 AM","view-test.exe","24980","RegOpenKey","HKCR\Wow6432Node\CLSID\{860BB310-5D01-11D0-BD3B-00A0C911CE86}\TreatAs","NAME NOT FOUND","Desired Access: Query Value"
 "11:26:46.3956796 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{860BB310-5D01-11D0-BD3B-00A0C911CE86}","BUFFER TOO SMALL","Query: Name, Length: 0"
 "11:26:46.3956856 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{860BB310-5D01-11D0-BD3B-00A0C911CE86}","SUCCESS","Query: Name"
 "11:26:46.3956948 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{860BB310-5D01-11D0-BD3B-00A0C911CE86}","SUCCESS","Query: Name"
 "11:26:46.3957026 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{860BB310-5D01-11D0-BD3B-00A0C911CE86}","SUCCESS","Query: HandleTags, HandleTags: 0x401"
 "11:26:46.3957146 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Classes\Wow6432Node\CLSID\{860BB310-5D01-11D0-BD3B-00A0C911CE86}\Progid","NAME NOT FOUND","Desired Access: Query Value"
 "11:26:46.3957253 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{860BB310-5D01-11D0-BD3B-00A0C911CE86}","SUCCESS","Query: HandleTags, HandleTags: 0x401"
 "11:26:46.3957369 AM","view-test.exe","24980","RegOpenKey","HKCR\Wow6432Node\CLSID\{860BB310-5D01-11D0-BD3B-00A0C911CE86}\Progid","NAME NOT FOUND","Desired Access: Query Value"
 "11:26:46.3957486 AM","view-test.exe","24980","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: Name"
 "11:26:46.3957571 AM","view-test.exe","24980","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x1"
 "11:26:46.3957684 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Classes\CLSID\{860BB310-5D01-11D0-BD3B-00A0C911CE86}","NAME NOT FOUND","Desired Access: Read"
 "11:26:46.3957801 AM","view-test.exe","24980","RegOpenKey","HKCR\CLSID\{860BB310-5D01-11D0-BD3B-00A0C911CE86}","NAME NOT FOUND","Desired Access: Read"
 "11:26:46.3957946 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{860BB310-5D01-11D0-BD3B-00A0C911CE86}","SUCCESS","Query: Name"
 "11:26:46.3958031 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{860BB310-5D01-11D0-BD3B-00A0C911CE86}","SUCCESS","Query: HandleTags, HandleTags: 0x401"
 "11:26:46.3958169 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Classes\Wow6432Node\CLSID\{860BB310-5D01-11D0-BD3B-00A0C911CE86}","NAME NOT FOUND","Desired Access: Maximum Allowed"
 "11:26:46.3958244 AM","view-test.exe","24980","RegQueryValue","HKCR\Wow6432Node\CLSID\{860BB310-5D01-11D0-BD3B-00A0C911CE86}\(Default)","SUCCESS","Type: REG_SZ, Length: 52, Data: VFW Capture Class Manager"
 "11:26:46.3958332 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{860BB310-5D01-11D0-BD3B-00A0C911CE86}","SUCCESS","Query: Name"
 "11:26:46.3958406 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{860BB310-5D01-11D0-BD3B-00A0C911CE86}","SUCCESS","Query: HandleTags, HandleTags: 0x401"
 "11:26:46.3958520 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Classes\Wow6432Node\CLSID\{860BB310-5D01-11D0-BD3B-00A0C911CE86}","NAME NOT FOUND","Desired Access: Maximum Allowed"
 "11:26:46.3958583 AM","view-test.exe","24980","RegQueryValue","HKCR\Wow6432Node\CLSID\{860BB310-5D01-11D0-BD3B-00A0C911CE86}\(Default)","SUCCESS","Type: REG_SZ, Length: 52, Data: VFW Capture Class Manager"
 "11:26:46.3958672 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{860BB310-5D01-11D0-BD3B-00A0C911CE86}","SUCCESS","Query: Name"
 "11:26:46.3958771 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{860BB310-5D01-11D0-BD3B-00A0C911CE86}","SUCCESS","Query: HandleTags, HandleTags: 0x401"
 "11:26:46.3958884 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Classes\Wow6432Node\CLSID\{860BB310-5D01-11D0-BD3B-00A0C911CE86}\InprocServer32","NAME NOT FOUND","Desired Access: Read"
 "11:26:46.3958962 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{860BB310-5D01-11D0-BD3B-00A0C911CE86}","SUCCESS","Query: HandleTags, HandleTags: 0x401"
 "11:26:46.3959036 AM","view-test.exe","24980","RegOpenKey","HKCR\Wow6432Node\CLSID\{860BB310-5D01-11D0-BD3B-00A0C911CE86}\InprocServer32","SUCCESS","Desired Access: Read"
 "11:26:46.3959111 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{860BB310-5D01-11D0-BD3B-00A0C911CE86}\InprocServer32","SUCCESS","Query: Name"
 "11:26:46.3959185 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{860BB310-5D01-11D0-BD3B-00A0C911CE86}\InprocServer32","SUCCESS","Query: HandleTags, HandleTags: 0x401"
 "11:26:46.3959295 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Classes\Wow6432Node\CLSID\{860BB310-5D01-11D0-BD3B-00A0C911CE86}\InprocServer32","NAME NOT FOUND","Desired Access: Maximum Allowed"
 "11:26:46.3959365 AM","view-test.exe","24980","RegQueryValue","HKCR\Wow6432Node\CLSID\{860BB310-5D01-11D0-BD3B-00A0C911CE86}\InprocServer32\InprocServer32","NAME NOT FOUND","Length: 144"
 "11:26:46.3959422 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{860BB310-5D01-11D0-BD3B-00A0C911CE86}\InprocServer32","SUCCESS","Query: Name"
 "11:26:46.3959496 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{860BB310-5D01-11D0-BD3B-00A0C911CE86}\InprocServer32","SUCCESS","Query: HandleTags, HandleTags: 0x401"
 "11:26:46.3959603 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Classes\Wow6432Node\CLSID\{860BB310-5D01-11D0-BD3B-00A0C911CE86}\InprocServer32","NAME NOT FOUND","Desired Access: Maximum Allowed"
 "11:26:46.3959666 AM","view-test.exe","24980","RegQueryValue","HKCR\Wow6432Node\CLSID\{860BB310-5D01-11D0-BD3B-00A0C911CE86}\InprocServer32\(Default)","SUCCESS","Type: REG_SZ, Length: 64, Data: C:\Windows\SysWOW64\devenum.dll"
 "11:26:46.3959741 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{860BB310-5D01-11D0-BD3B-00A0C911CE86}\InprocServer32","SUCCESS","Query: Name"
 "11:26:46.3959811 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{860BB310-5D01-11D0-BD3B-00A0C911CE86}\InprocServer32","SUCCESS","Query: HandleTags, HandleTags: 0x401"
 "11:26:46.3959917 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Classes\Wow6432Node\CLSID\{860BB310-5D01-11D0-BD3B-00A0C911CE86}\InprocServer32","NAME NOT FOUND","Desired Access: Maximum Allowed"
 "11:26:46.3959981 AM","view-test.exe","24980","RegQueryValue","HKCR\Wow6432Node\CLSID\{860BB310-5D01-11D0-BD3B-00A0C911CE86}\InprocServer32\(Default)","SUCCESS","Type: REG_SZ, Length: 64, Data: C:\Windows\SysWOW64\devenum.dll"
 "11:26:46.3960056 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{860BB310-5D01-11D0-BD3B-00A0C911CE86}\InprocServer32","SUCCESS","Query: Name"
 "11:26:46.3960126 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{860BB310-5D01-11D0-BD3B-00A0C911CE86}\InprocServer32","SUCCESS","Query: HandleTags, HandleTags: 0x401"
 "11:26:46.3960236 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Classes\Wow6432Node\CLSID\{860BB310-5D01-11D0-BD3B-00A0C911CE86}\InprocServer32","NAME NOT FOUND","Desired Access: Maximum Allowed"
 "11:26:46.3960300 AM","view-test.exe","24980","RegQueryValue","HKCR\Wow6432Node\CLSID\{860BB310-5D01-11D0-BD3B-00A0C911CE86}\InprocServer32\ThreadingModel","SUCCESS","Type: REG_SZ, Length: 10, Data: Both"
 "11:26:46.3960392 AM","view-test.exe","24980","RegCloseKey","HKCR\Wow6432Node\CLSID\{860BB310-5D01-11D0-BD3B-00A0C911CE86}\InprocServer32","SUCCESS",""
 "11:26:46.3960448 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{860BB310-5D01-11D0-BD3B-00A0C911CE86}","SUCCESS","Query: Name"
 "11:26:46.3960519 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{860BB310-5D01-11D0-BD3B-00A0C911CE86}","SUCCESS","Query: HandleTags, HandleTags: 0x401"
 "11:26:46.3960625 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Classes\Wow6432Node\CLSID\{860BB310-5D01-11D0-BD3B-00A0C911CE86}\InprocHandler32","NAME NOT FOUND","Desired Access: Query Value"
 "11:26:46.3960703 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{860BB310-5D01-11D0-BD3B-00A0C911CE86}","SUCCESS","Query: HandleTags, HandleTags: 0x401"
 "11:26:46.3960777 AM","view-test.exe","24980","RegOpenKey","HKCR\Wow6432Node\CLSID\{860BB310-5D01-11D0-BD3B-00A0C911CE86}\InprocHandler32","NAME NOT FOUND","Desired Access: Query Value"
 "11:26:46.3960880 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{860BB310-5D01-11D0-BD3B-00A0C911CE86}","SUCCESS","Query: Name"
 "11:26:46.3960954 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{860BB310-5D01-11D0-BD3B-00A0C911CE86}","SUCCESS","Query: HandleTags, HandleTags: 0x401"
 "11:26:46.3961064 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Classes\Wow6432Node\CLSID\{860BB310-5D01-11D0-BD3B-00A0C911CE86}\InprocHandler","NAME NOT FOUND","Desired Access: Query Value"
 "11:26:46.3961135 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{860BB310-5D01-11D0-BD3B-00A0C911CE86}","SUCCESS","Query: HandleTags, HandleTags: 0x401"
 "11:26:46.3961213 AM","view-test.exe","24980","RegOpenKey","HKCR\Wow6432Node\CLSID\{860BB310-5D01-11D0-BD3B-00A0C911CE86}\InprocHandler","NAME NOT FOUND","Desired Access: Query Value"
 "11:26:46.3961322 AM","view-test.exe","24980","RegCloseKey","HKCR\Wow6432Node\CLSID\{860BB310-5D01-11D0-BD3B-00A0C911CE86}","SUCCESS",""
 "11:26:46.3961581 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Classes","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
 "11:26:46.3961655 AM","view-test.exe","24980","RegSetInfoKey","HKCU\Software\Classes","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.3961715 AM","view-test.exe","24980","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: Name"
 "11:26:46.3961793 AM","view-test.exe","24980","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x1"
 "11:26:46.3961867 AM","view-test.exe","24980","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x1"
 "11:26:46.3961959 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Classes\Wow6432Node\CLSID\{860BB310-5D01-11D0-BD3B-00A0C911CE86}","NAME NOT FOUND","Desired Access: Read"
 "11:26:46.3962059 AM","view-test.exe","24980","RegOpenKey","HKCR\Wow6432Node\CLSID\{860BB310-5D01-11D0-BD3B-00A0C911CE86}","SUCCESS","Desired Access: Read"
 "11:26:46.3962136 AM","view-test.exe","24980","RegSetInfoKey","HKCR\Wow6432Node\CLSID\{860BB310-5D01-11D0-BD3B-00A0C911CE86}","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.3962197 AM","view-test.exe","24980","RegCloseKey","HKCU\Software\Classes","SUCCESS",""
 "11:26:46.3962250 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{860BB310-5D01-11D0-BD3B-00A0C911CE86}","SUCCESS","Query: Name"
 "11:26:46.3962324 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{860BB310-5D01-11D0-BD3B-00A0C911CE86}","SUCCESS","Query: HandleTags, HandleTags: 0x401"
 "11:26:46.3962434 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Classes\Wow6432Node\CLSID\{860BB310-5D01-11D0-BD3B-00A0C911CE86}\TreatAs","NAME NOT FOUND","Desired Access: Read"
 "11:26:46.3962508 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{860BB310-5D01-11D0-BD3B-00A0C911CE86}","SUCCESS","Query: HandleTags, HandleTags: 0x401"
 "11:26:46.3962582 AM","view-test.exe","24980","RegOpenKey","HKCR\Wow6432Node\CLSID\{860BB310-5D01-11D0-BD3B-00A0C911CE86}\TreatAs","NAME NOT FOUND","Desired Access: Read"
 "11:26:46.3962689 AM","view-test.exe","24980","RegCloseKey","HKCR\Wow6432Node\CLSID\{860BB310-5D01-11D0-BD3B-00A0C911CE86}","SUCCESS",""
 "11:26:46.3962972 AM","view-test.exe","24980","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
 "11:26:46.3963074 AM","view-test.exe","24980","RegOpenKey","HKLM\System\Setup","SUCCESS","Desired Access: Read"
 "11:26:46.3963156 AM","view-test.exe","24980","RegSetInfoKey","HKLM\SYSTEM\Setup","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.3963223 AM","view-test.exe","24980","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
 "11:26:46.3963364 AM","view-test.exe","24980","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
 "11:26:46.3963849 AM","view-test.exe","24980","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
 "11:26:46.3963952 AM","view-test.exe","24980","RegOpenKey","HKLM\Software\Wow6432Node\Microsoft\Rpc","SUCCESS","Desired Access: Read"
 "11:26:46.3964090 AM","view-test.exe","24980","RegSetInfoKey","HKLM\SOFTWARE\MICROSOFT\Rpc","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.3964150 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\MICROSOFT\Rpc\MaxRpcSize","NAME NOT FOUND","Length: 144"
 "11:26:46.3964224 AM","view-test.exe","24980","RegCloseKey","HKLM\SOFTWARE\MICROSOFT\Rpc","SUCCESS",""
 "11:26:46.3964483 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Control\ComputerName\ActiveComputerName","REPARSE","Desired Access: Read"
 "11:26:46.3964603 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Control\ComputerName\ActiveComputerName","SUCCESS","Desired Access: Read"
 "11:26:46.3964688 AM","view-test.exe","24980","RegSetInfoKey","HKLM\System\CurrentControlSet\Control\ComputerName\ActiveComputerName","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.3964752 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Control\ComputerName\ActiveComputerName\ComputerName","SUCCESS","Type: REG_SZ, Length: 20, Data: OLDESDELL"
 "11:26:46.3964837 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Control\ComputerName\ActiveComputerName","SUCCESS",""
 "11:26:46.3964915 AM","view-test.exe","24980","RegOpenKey","HKLM\System\Setup","SUCCESS","Desired Access: Read"
 "11:26:46.3965014 AM","view-test.exe","24980","RegSetInfoKey","HKLM\SYSTEM\Setup","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.3965095 AM","view-test.exe","24980","RegQueryValue","HKLM\SYSTEM\Setup\OOBEInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
 "11:26:46.3965254 AM","view-test.exe","24980","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
 "11:26:46.3965336 AM","view-test.exe","24980","RegOpenKey","HKLM\System\Setup","SUCCESS","Desired Access: Read"
 "11:26:46.3965435 AM","view-test.exe","24980","RegSetInfoKey","HKLM\SYSTEM\Setup","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.3965488 AM","view-test.exe","24980","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
 "11:26:46.3965569 AM","view-test.exe","24980","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
 "11:26:46.3965647 AM","view-test.exe","24980","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
 "11:26:46.3965736 AM","view-test.exe","24980","RegOpenKey","HKLM\Software\Wow6432Node\Policies\Microsoft\Windows NT\Rpc","REPARSE","Desired Access: Read"
 "11:26:46.3965881 AM","view-test.exe","24980","RegOpenKey","HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Rpc","NAME NOT FOUND","Desired Access: Read"
 "11:26:46.3966068 AM","view-test.exe","24980","RegOpenKey","HKLM\Software\Policies\Microsoft\SQMClient\Windows","NAME NOT FOUND","Desired Access: Read"
 "11:26:46.3966182 AM","view-test.exe","24980","RegOpenKey","HKLM\Software\Microsoft\SQMClient\Windows","SUCCESS","Desired Access: Read"
 "11:26:46.3966263 AM","view-test.exe","24980","RegSetInfoKey","HKLM\SOFTWARE\MICROSOFT\SQMClient\Windows","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.3966316 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\MICROSOFT\SQMClient\Windows\CEIPEnable","NAME NOT FOUND","Length: 20"
 "11:26:46.3966390 AM","view-test.exe","24980","RegCloseKey","HKLM\SOFTWARE\MICROSOFT\SQMClient\Windows","SUCCESS",""
 "11:26:46.4025159 AM","view-test.exe","24980","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
 "11:26:46.4025346 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{65e8773d-8f56-11d0-a3b9-00a0c9223196}","REPARSE","Desired Access: Query Value"
 "11:26:46.4025474 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{65e8773d-8f56-11d0-a3b9-00a0c9223196}","SUCCESS","Desired Access: Query Value"
 "11:26:46.4025580 AM","view-test.exe","24980","RegSetInfoKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{65E8773D-8F56-11D0-A3B9-00A0C9223196}","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.4025658 AM","view-test.exe","24980","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{65E8773D-8F56-11D0-A3B9-00A0C9223196}","SUCCESS","Query: HandleTags, HandleTags: 0x400"
 "11:26:46.4025757 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{65E8773D-8F56-11D0-A3B9-00A0C9223196}\##?#usb#vid_0c45&pid_64d0&mi_00#7&c511da5&0&0000#{65e8773d-8f56-11d0-a3b9-00a0c9223196}\#global\Device Parameters","SUCCESS","Desired Access: Read"
 "11:26:46.4025863 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{65E8773D-8F56-11D0-A3B9-00A0C9223196}","SUCCESS",""
 "11:26:46.4025955 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Control\DeviceClasses\{65E8773D-8F56-11D0-A3B9-00A0C9223196}\##?#USB#VID_0C45&PID_64D0&MI_00#7&C511DA5&0&0000#{65e8773d-8f56-11d0-a3b9-00a0c9223196}\#GLOBAL\Device Parameters\InterfaceLink","NAME NOT FOUND","Length: 144"
 "11:26:46.4026029 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{65E8773D-8F56-11D0-A3B9-00A0C9223196}\##?#USB#VID_0C45&PID_64D0&MI_00#7&C511DA5&0&0000#{65e8773d-8f56-11d0-a3b9-00a0c9223196}\#GLOBAL\Device Parameters","SUCCESS",""
 "11:26:46.4030216 AM","view-test.exe","24980","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
 "11:26:46.4030343 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{65e8773d-8f56-11d0-a3b9-00a0c9223196}","REPARSE","Desired Access: Query Value"
 "11:26:46.4030446 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{65e8773d-8f56-11d0-a3b9-00a0c9223196}","SUCCESS","Desired Access: Query Value"
 "11:26:46.4030549 AM","view-test.exe","24980","RegSetInfoKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{65E8773D-8F56-11D0-A3B9-00A0C9223196}","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.4030623 AM","view-test.exe","24980","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{65E8773D-8F56-11D0-A3B9-00A0C9223196}","SUCCESS","Query: HandleTags, HandleTags: 0x400"
 "11:26:46.4030708 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{65E8773D-8F56-11D0-A3B9-00A0C9223196}\##?#usb#vid_0c45&pid_64d0&mi_00#7&c511da5&0&0000#{65e8773d-8f56-11d0-a3b9-00a0c9223196}\#global\Device Parameters","SUCCESS","Desired Access: Read"
 "11:26:46.4030800 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{65E8773D-8F56-11D0-A3B9-00A0C9223196}","SUCCESS",""
 "11:26:46.4032046 AM","view-test.exe","24980","Load Image","C:\Windows\SysWOW64\wintrust.dll","SUCCESS","Image Base: 0x76a80000, Image Size: 0x2f000"
 "11:26:46.4033383 AM","view-test.exe","24980","Load Image","C:\Windows\SysWOW64\crypt32.dll","SUCCESS","Image Base: 0x76be0000, Image Size: 0x121000"
 "11:26:46.4034983 AM","view-test.exe","24980","Load Image","C:\Windows\SysWOW64\msasn1.dll","SUCCESS","Image Base: 0x77320000, Image Size: 0xc000"
 "11:26:46.4036183 AM","view-test.exe","24980","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
 "11:26:46.4036314 AM","view-test.exe","24980","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Services\crypt32","REPARSE","Desired Access: Read"
 "11:26:46.4036423 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Services\crypt32","SUCCESS","Desired Access: Read"
 "11:26:46.4036519 AM","view-test.exe","24980","RegSetInfoKey","HKLM\System\CurrentControlSet\services\crypt32","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.4036593 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\services\crypt32\DebugHeapFlags","NAME NOT FOUND","Length: 144"
 "11:26:46.4036689 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\services\crypt32","SUCCESS",""
 "11:26:46.4037651 AM","view-test.exe","24980","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
 "11:26:46.4037782 AM","view-test.exe","24980","RegOpenKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\msasn1","NAME NOT FOUND","Desired Access: Read"
 "11:26:46.4038189 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Control\DeviceClasses\{65E8773D-8F56-11D0-A3B9-00A0C9223196}\##?#USB#VID_0C45&PID_64D0&MI_00#7&C511DA5&0&0000#{65e8773d-8f56-11d0-a3b9-00a0c9223196}\#GLOBAL\Device Parameters\FilterData","BUFFER OVERFLOW","Length: 144"
 "11:26:46.4038267 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Control\DeviceClasses\{65E8773D-8F56-11D0-A3B9-00A0C9223196}\##?#USB#VID_0C45&PID_64D0&MI_00#7&C511DA5&0&0000#{65e8773d-8f56-11d0-a3b9-00a0c9223196}\#GLOBAL\Device Parameters\FilterData","BUFFER OVERFLOW","Length: 144"
 "11:26:46.4038324 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Control\DeviceClasses\{65E8773D-8F56-11D0-A3B9-00A0C9223196}\##?#USB#VID_0C45&PID_64D0&MI_00#7&C511DA5&0&0000#{65e8773d-8f56-11d0-a3b9-00a0c9223196}\#GLOBAL\Device Parameters\FilterData","SUCCESS","Type: REG_BINARY, Length: 504, Data: 02 00 00 00 00 00 20 00 02 00 00 00 00 00 00 00"
 "11:26:46.4038483 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{65E8773D-8F56-11D0-A3B9-00A0C9223196}\##?#USB#VID_0C45&PID_64D0&MI_00#7&C511DA5&0&0000#{65e8773d-8f56-11d0-a3b9-00a0c9223196}\#GLOBAL\Device Parameters","SUCCESS",""
 "11:26:46.4038720 AM","view-test.exe","24980","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
 "11:26:46.4038823 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Microsoft\ActiveMovie\devenum\{860BB310-5D01-11D0-BD3B-00A0C911CE86}","NAME NOT FOUND","Desired Access: Read"
 "11:26:46.4038922 AM","view-test.exe","24980","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: Name"
 "11:26:46.4039021 AM","view-test.exe","24980","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x1"
 "11:26:46.4039099 AM","view-test.exe","24980","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x1"
 "11:26:46.4039191 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Classes\Wow6432Node\CLSID","SUCCESS","Desired Access: Read"
 "11:26:46.4039297 AM","view-test.exe","24980","RegQueryKey","HKCU\Software\Classes\Wow6432Node\CLSID","SUCCESS","Query: Name"
 "11:26:46.4039375 AM","view-test.exe","24980","RegQueryKey","HKCU\Software\Classes\Wow6432Node\CLSID","SUCCESS","Query: HandleTags, HandleTags: 0x0"
 "11:26:46.4039446 AM","view-test.exe","24980","RegQueryKey","HKCU\Software\Classes\Wow6432Node\CLSID","SUCCESS","Query: HandleTags, HandleTags: 0x0"
 "11:26:46.4039534 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Classes\Wow6432Node\CLSID\{860BB310-5D01-11D0-BD3B-00A0C911CE86}\Instance","NAME NOT FOUND","Desired Access: Read"
 "11:26:46.4039633 AM","view-test.exe","24980","RegOpenKey","HKCR\Wow6432Node\CLSID\{860BB310-5D01-11D0-BD3B-00A0C911CE86}\Instance","NAME NOT FOUND","Desired Access: Read"
 "11:26:46.4039800 AM","view-test.exe","24980","RegCloseKey","HKCU\Software\Classes\Wow6432Node\CLSID","SUCCESS",""
 "11:26:46.4040783 AM","view-test.exe","24980","CreateFile","C:\dev\GIT\Red\msdmo.dll","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
 "11:26:46.4042107 AM","view-test.exe","24980","CreateFile","C:\Windows\SysWOW64\msdmo.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
 "11:26:46.4042772 AM","view-test.exe","24980","QueryBasicInformationFile","C:\Windows\SysWOW64\msdmo.dll","SUCCESS","CreationTime: 11/21/2010 5:24:02 AM, LastAccessTime: 11/21/2010 5:24:02 AM, LastWriteTime: 11/21/2010 5:24:02 AM, ChangeTime: 12/5/2014 3:16:00 PM, FileAttributes: A"
 "11:26:46.4042875 AM","view-test.exe","24980","CloseFile","C:\Windows\SysWOW64\msdmo.dll","SUCCESS",""
 "11:26:46.4043608 AM","view-test.exe","24980","CreateFile","C:\Windows\SysWOW64\msdmo.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
 "11:26:46.4044259 AM","view-test.exe","24980","CreateFileMapping","C:\Windows\SysWOW64\msdmo.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: "
 "11:26:46.4044620 AM","view-test.exe","24980","CreateFileMapping","C:\Windows\SysWOW64\msdmo.dll","SUCCESS","SyncType: SyncTypeOther"
 "11:26:46.4045664 AM","view-test.exe","24980","Load Image","C:\Windows\SysWOW64\msdmo.dll","SUCCESS","Image Base: 0x73770000, Image Size: 0xb000"
 "11:26:46.4045823 AM","view-test.exe","24980","CloseFile","C:\Windows\SysWOW64\msdmo.dll","SUCCESS",""
 "11:26:46.4046386 AM","view-test.exe","24980","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: Name"
 "11:26:46.4046492 AM","view-test.exe","24980","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x1"
 "11:26:46.4046594 AM","view-test.exe","24980","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x1"
 "11:26:46.4046732 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Classes\Wow6432Node\DirectShow\MediaObjects","NAME NOT FOUND","Desired Access: Maximum Allowed"
 "11:26:46.4046856 AM","view-test.exe","24980","RegOpenKey","HKCR\Wow6432Node\DirectShow\MediaObjects","SUCCESS","Desired Access: Maximum Allowed, Granted Access: Read"
 "11:26:46.4046973 AM","view-test.exe","24980","RegSetInfoKey","HKCR\Wow6432Node\DirectShow\MediaObjects","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.4047093 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\DirectShow\MediaObjects","SUCCESS","Query: Name"
 "11:26:46.4047175 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\DirectShow\MediaObjects","SUCCESS","Query: HandleTags, HandleTags: 0x401"
 "11:26:46.4047334 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Classes\Wow6432Node\DirectShow\MediaObjects\Categories\860bb310-5d01-11d0-bd3b-00a0c911ce86","NAME NOT FOUND","Desired Access: Maximum Allowed"
 "11:26:46.4047423 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\DirectShow\MediaObjects","SUCCESS","Query: HandleTags, HandleTags: 0x401"
 "11:26:46.4047500 AM","view-test.exe","24980","RegOpenKey","HKCR\Wow6432Node\DirectShow\MediaObjects\Categories\860bb310-5d01-11d0-bd3b-00a0c911ce86","NAME NOT FOUND","Desired Access: Maximum Allowed"
 "11:26:46.4047670 AM","view-test.exe","24980","RegCloseKey","HKCR\Wow6432Node\DirectShow\MediaObjects","SUCCESS",""
 "11:26:46.4048728 AM","view-test.exe","24980","CreateFile","C:\dev\GIT\Red\avicap32.dll","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
 "11:26:46.4050197 AM","view-test.exe","24980","CreateFile","C:\Windows\SysWOW64\avicap32.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
 "11:26:46.4051057 AM","view-test.exe","24980","QueryBasicInformationFile","C:\Windows\SysWOW64\avicap32.dll","SUCCESS","CreationTime: 7/14/2009 2:03:36 AM, LastAccessTime: 7/14/2009 2:03:36 AM, LastWriteTime: 7/14/2009 3:14:57 AM, ChangeTime: 12/5/2014 3:15:50 PM, FileAttributes: A"
 "11:26:46.4051167 AM","view-test.exe","24980","CloseFile","C:\Windows\SysWOW64\avicap32.dll","SUCCESS",""
 "11:26:46.4051885 AM","view-test.exe","24980","CreateFile","C:\Windows\SysWOW64\avicap32.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
 "11:26:46.4052568 AM","view-test.exe","24980","CreateFileMapping","C:\Windows\SysWOW64\avicap32.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: "
 "11:26:46.4053145 AM","view-test.exe","24980","CreateFileMapping","C:\Windows\SysWOW64\avicap32.dll","SUCCESS","SyncType: SyncTypeOther"
 "11:26:46.4053931 AM","view-test.exe","24980","Load Image","C:\Windows\SysWOW64\avicap32.dll","SUCCESS","Image Base: 0x6fc70000, Image Size: 0x13000"
 "11:26:46.4054055 AM","view-test.exe","24980","CloseFile","C:\Windows\SysWOW64\avicap32.dll","SUCCESS",""
 "11:26:46.4055407 AM","view-test.exe","24980","CreateFile","C:\dev\GIT\Red\MSVFW32.dll","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
 "11:26:46.4056631 AM","view-test.exe","24980","CreateFile","C:\Windows\SysWOW64\msvfw32.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
 "11:26:46.4057275 AM","view-test.exe","24980","QueryBasicInformationFile","C:\Windows\SysWOW64\msvfw32.dll","SUCCESS","CreationTime: 11/21/2010 5:24:28 AM, LastAccessTime: 11/21/2010 5:24:28 AM, LastWriteTime: 11/21/2010 5:24:28 AM, ChangeTime: 12/5/2014 3:16:01 PM, FileAttributes: A"
 "11:26:46.4057392 AM","view-test.exe","24980","CloseFile","C:\Windows\SysWOW64\msvfw32.dll","SUCCESS",""
 "11:26:46.4058064 AM","view-test.exe","24980","CreateFile","C:\Windows\SysWOW64\msvfw32.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
 "11:26:46.4058790 AM","view-test.exe","24980","CreateFileMapping","C:\Windows\SysWOW64\msvfw32.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: "
 "11:26:46.4059452 AM","view-test.exe","24980","CreateFileMapping","C:\Windows\SysWOW64\msvfw32.dll","SUCCESS","SyncType: SyncTypeOther"
 "11:26:46.4060152 AM","view-test.exe","24980","Load Image","C:\Windows\SysWOW64\msvfw32.dll","SUCCESS","Image Base: 0x6f730000, Image Size: 0x21000"
 "11:26:46.4060276 AM","view-test.exe","24980","CloseFile","C:\Windows\SysWOW64\msvfw32.dll","SUCCESS",""
 "11:26:46.4061210 AM","view-test.exe","24980","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
 "11:26:46.4061345 AM","view-test.exe","24980","RegOpenKey","HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\VFW","NAME NOT FOUND","Desired Access: Query Value"
 "11:26:46.4061802 AM","view-test.exe","24980","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
 "11:26:46.4061908 AM","view-test.exe","24980","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Control\MediaResources\msvideo","REPARSE","Desired Access: Maximum Allowed"
 "11:26:46.4062003 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Control\MediaResources\msvideo","SUCCESS","Desired Access: Maximum Allowed, Granted Access: Read"
 "11:26:46.4062099 AM","view-test.exe","24980","RegSetInfoKey","HKLM\System\CurrentControlSet\Control\MediaResources\msvideo","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.4062170 AM","view-test.exe","24980","RegEnumKey","HKLM\System\CurrentControlSet\Control\MediaResources\msvideo","SUCCESS","Index: 0, Name: MSVideo.VFWWDM"
 "11:26:46.4062265 AM","view-test.exe","24980","RegQueryKey","HKLM\System\CurrentControlSet\Control\MediaResources\msvideo","SUCCESS","Query: HandleTags, HandleTags: 0x400"
 "11:26:46.4062343 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Control\MediaResources\msvideo\MSVideo.VFWWDM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: Read"
 "11:26:46.4062421 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Control\MediaResources\msvideo\MSVideo.VFWWDM\Active","NAME NOT FOUND","Length: 144"
 "11:26:46.4062477 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Control\MediaResources\msvideo\MSVideo.VFWWDM\Disabled","NAME NOT FOUND","Length: 144"
 "11:26:46.4062538 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Control\MediaResources\msvideo\MSVideo.VFWWDM\Description","SUCCESS","Type: REG_SZ, Length: 72, Data: Microsoft WDM Image Capture (Win32)"
 "11:26:46.4062637 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Control\MediaResources\msvideo\MSVideo.VFWWDM\DevNode","NAME NOT FOUND","Length: 144"
 "11:26:46.4062697 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Control\MediaResources\msvideo\MSVideo.VFWWDM\Driver","SUCCESS","Type: REG_SZ, Length: 26, Data: vfwwdm32.dll"
 "11:26:46.4062764 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Control\MediaResources\msvideo\MSVideo.VFWWDM\SOFTWAREKEY","NAME NOT FOUND","Length: 144"
 "11:26:46.4062831 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Control\MediaResources\msvideo\MSVideo.VFWWDM","SUCCESS",""
 "11:26:46.4062892 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Control\MediaResources\msvideo","SUCCESS",""
 "11:26:46.4062959 AM","view-test.exe","24980","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
 "11:26:46.4063047 AM","view-test.exe","24980","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Control\MediaResources\msvideo","REPARSE","Desired Access: Maximum Allowed"
 "11:26:46.4063125 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Control\MediaResources\msvideo","SUCCESS","Desired Access: Maximum Allowed, Granted Access: Read"
 "11:26:46.4063206 AM","view-test.exe","24980","RegSetInfoKey","HKLM\System\CurrentControlSet\Control\MediaResources\msvideo","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.4063260 AM","view-test.exe","24980","RegEnumKey","HKLM\System\CurrentControlSet\Control\MediaResources\msvideo","SUCCESS","Index: 0, Name: MSVideo.VFWWDM"
 "11:26:46.4063337 AM","view-test.exe","24980","RegEnumKey","HKLM\System\CurrentControlSet\Control\MediaResources\msvideo","NO MORE ENTRIES","Index: 1, Length: 288"
 "11:26:46.4063408 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Control\MediaResources\msvideo","SUCCESS",""
 "11:26:46.4063539 AM","view-test.exe","24980","RegOpenKey","HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32","SUCCESS","Desired Access: Read"
 "11:26:46.4063635 AM","view-test.exe","24980","RegSetInfoKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.4063797 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32\msvideo","NAME NOT FOUND","Length: 16"
 "11:26:46.4063914 AM","view-test.exe","24980","RegCloseKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32","SUCCESS",""
 "11:26:46.4064028 AM","view-test.exe","24980","RegOpenKey","HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32","SUCCESS","Desired Access: Read"
 "11:26:46.4064098 AM","view-test.exe","24980","RegSetInfoKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.4064148 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32\msvideo1","NAME NOT FOUND","Length: 16"
 "11:26:46.4064212 AM","view-test.exe","24980","RegCloseKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32","SUCCESS",""
 "11:26:46.4064293 AM","view-test.exe","24980","RegOpenKey","HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32","SUCCESS","Desired Access: Read"
 "11:26:46.4064360 AM","view-test.exe","24980","RegSetInfoKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.4064413 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32\msvideo2","NAME NOT FOUND","Length: 16"
 "11:26:46.4064477 AM","view-test.exe","24980","RegCloseKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32","SUCCESS",""
 "11:26:46.4064555 AM","view-test.exe","24980","RegOpenKey","HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32","SUCCESS","Desired Access: Read"
 "11:26:46.4064622 AM","view-test.exe","24980","RegSetInfoKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.4064679 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32\msvideo3","NAME NOT FOUND","Length: 16"
 "11:26:46.4064739 AM","view-test.exe","24980","RegCloseKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32","SUCCESS",""
 "11:26:46.4064813 AM","view-test.exe","24980","RegOpenKey","HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32","SUCCESS","Desired Access: Read"
 "11:26:46.4064877 AM","view-test.exe","24980","RegSetInfoKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.4064923 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32\msvideo4","NAME NOT FOUND","Length: 16"
 "11:26:46.4064987 AM","view-test.exe","24980","RegCloseKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32","SUCCESS",""
 "11:26:46.4065061 AM","view-test.exe","24980","RegOpenKey","HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32","SUCCESS","Desired Access: Read"
 "11:26:46.4065128 AM","view-test.exe","24980","RegSetInfoKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.4065185 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32\msvideo5","NAME NOT FOUND","Length: 16"
 "11:26:46.4065248 AM","view-test.exe","24980","RegCloseKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32","SUCCESS",""
 "11:26:46.4065323 AM","view-test.exe","24980","RegOpenKey","HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32","SUCCESS","Desired Access: Read"
 "11:26:46.4065387 AM","view-test.exe","24980","RegSetInfoKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.4065433 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32\msvideo6","NAME NOT FOUND","Length: 16"
 "11:26:46.4065493 AM","view-test.exe","24980","RegCloseKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32","SUCCESS",""
 "11:26:46.4065567 AM","view-test.exe","24980","RegOpenKey","HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32","SUCCESS","Desired Access: Read"
 "11:26:46.4065631 AM","view-test.exe","24980","RegSetInfoKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.4065694 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32\msvideo7","NAME NOT FOUND","Length: 16"
 "11:26:46.4065762 AM","view-test.exe","24980","RegCloseKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32","SUCCESS",""
 "11:26:46.4065847 AM","view-test.exe","24980","RegOpenKey","HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32","SUCCESS","Desired Access: Read"
 "11:26:46.4065914 AM","view-test.exe","24980","RegSetInfoKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.4065963 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32\msvideo8","NAME NOT FOUND","Length: 16"
 "11:26:46.4066024 AM","view-test.exe","24980","RegCloseKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32","SUCCESS",""
 "11:26:46.4066098 AM","view-test.exe","24980","RegOpenKey","HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32","SUCCESS","Desired Access: Read"
 "11:26:46.4066158 AM","view-test.exe","24980","RegSetInfoKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.4066208 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32\msvideo9","NAME NOT FOUND","Length: 16"
 "11:26:46.4066268 AM","view-test.exe","24980","RegCloseKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32","SUCCESS",""
 "11:26:46.4067262 AM","view-test.exe","24980","CreateFile","C:\dev\GIT\Red\vfwwdm32.dll","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
 "11:26:46.4068480 AM","view-test.exe","24980","CreateFile","C:\Windows\SysWOW64\vfwwdm32.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
 "11:26:46.4069226 AM","view-test.exe","24980","QueryBasicInformationFile","C:\Windows\SysWOW64\vfwwdm32.dll","SUCCESS","CreationTime: 11/21/2010 5:24:09 AM, LastAccessTime: 11/21/2010 5:24:09 AM, LastWriteTime: 11/21/2010 5:24:09 AM, ChangeTime: 12/5/2014 3:16:10 PM, FileAttributes: A"
 "11:26:46.4069329 AM","view-test.exe","24980","CloseFile","C:\Windows\SysWOW64\vfwwdm32.dll","SUCCESS",""
 "11:26:46.4070093 AM","view-test.exe","24980","CreateFile","C:\Windows\SysWOW64\vfwwdm32.dll","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
 "11:26:46.4070798 AM","view-test.exe","24980","CreateFileMapping","C:\Windows\SysWOW64\vfwwdm32.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: "
 "11:26:46.4071275 AM","view-test.exe","24980","CreateFileMapping","C:\Windows\SysWOW64\vfwwdm32.dll","SUCCESS","SyncType: SyncTypeOther"
 "11:26:46.4072146 AM","view-test.exe","24980","Load Image","C:\Windows\SysWOW64\vfwwdm32.dll","SUCCESS","Image Base: 0x6f9a0000, Image Size: 0x11000"
 "11:26:46.4072316 AM","view-test.exe","24980","CloseFile","C:\Windows\SysWOW64\vfwwdm32.dll","SUCCESS",""
 "11:26:46.4073664 AM","view-test.exe","24980","CreateFile","C:\dev\GIT\Red\vfwwdm32.dll","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
 "11:26:46.4075448 AM","view-test.exe","24980","CreateFile","C:\Windows\SysWOW64\vfwwdm32.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
 "11:26:46.4076230 AM","view-test.exe","24980","QueryBasicInformationFile","C:\Windows\SysWOW64\vfwwdm32.dll","SUCCESS","CreationTime: 11/21/2010 5:24:09 AM, LastAccessTime: 11/21/2010 5:24:09 AM, LastWriteTime: 11/21/2010 5:24:09 AM, ChangeTime: 12/5/2014 3:16:10 PM, FileAttributes: A"
 "11:26:46.4076372 AM","view-test.exe","24980","CloseFile","C:\Windows\SysWOW64\vfwwdm32.dll","SUCCESS",""
 "11:26:46.4077384 AM","view-test.exe","24980","CreateFile","C:\Windows\SysWOW64\vfwwdm32.dll","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
 "11:26:46.4078176 AM","view-test.exe","24980","CreateFileMapping","C:\Windows\SysWOW64\vfwwdm32.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: "
 "11:26:46.4078608 AM","view-test.exe","24980","CreateFileMapping","C:\Windows\SysWOW64\vfwwdm32.dll","SUCCESS","SyncType: SyncTypeOther"
 "11:26:46.4079330 AM","view-test.exe","24980","Load Image","C:\Windows\SysWOW64\vfwwdm32.dll","SUCCESS","Image Base: 0x6f9c0000, Image Size: 0x11000"
 "11:26:46.4079429 AM","view-test.exe","24980","CloseFile","C:\Windows\SysWOW64\vfwwdm32.dll","SUCCESS",""
 "11:26:46.4079928 AM","view-test.exe","24980","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
 "11:26:46.4080049 AM","view-test.exe","24980","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Control\MediaResources\msvideo","REPARSE","Desired Access: Maximum Allowed"
 "11:26:46.4080144 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Control\MediaResources\msvideo","SUCCESS","Desired Access: Maximum Allowed, Granted Access: Read"
 "11:26:46.4080233 AM","view-test.exe","24980","RegSetInfoKey","HKLM\System\CurrentControlSet\Control\MediaResources\msvideo","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.4080296 AM","view-test.exe","24980","RegEnumKey","HKLM\System\CurrentControlSet\Control\MediaResources\msvideo","SUCCESS","Index: 0, Name: MSVideo.VFWWDM"
 "11:26:46.4080388 AM","view-test.exe","24980","RegQueryKey","HKLM\System\CurrentControlSet\Control\MediaResources\msvideo","SUCCESS","Query: HandleTags, HandleTags: 0x400"
 "11:26:46.4080470 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Control\MediaResources\msvideo\MSVideo.VFWWDM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: Read"
 "11:26:46.4080540 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Control\MediaResources\msvideo\MSVideo.VFWWDM\Active","NAME NOT FOUND","Length: 144"
 "11:26:46.4080597 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Control\MediaResources\msvideo\MSVideo.VFWWDM\Disabled","NAME NOT FOUND","Length: 144"
 "11:26:46.4080650 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Control\MediaResources\msvideo\MSVideo.VFWWDM\Description","SUCCESS","Type: REG_SZ, Length: 72, Data: Microsoft WDM Image Capture (Win32)"
 "11:26:46.4080721 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Control\MediaResources\msvideo\MSVideo.VFWWDM\DevNode","NAME NOT FOUND","Length: 144"
 "11:26:46.4080781 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Control\MediaResources\msvideo\MSVideo.VFWWDM\Driver","SUCCESS","Type: REG_SZ, Length: 26, Data: vfwwdm32.dll"
 "11:26:46.4080852 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Control\MediaResources\msvideo\MSVideo.VFWWDM\SOFTWAREKEY","NAME NOT FOUND","Length: 144"
 "11:26:46.4080919 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Control\MediaResources\msvideo\MSVideo.VFWWDM","SUCCESS",""
 "11:26:46.4080976 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Control\MediaResources\msvideo","SUCCESS",""
 "11:26:46.4081039 AM","view-test.exe","24980","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
 "11:26:46.4081142 AM","view-test.exe","24980","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Control\MediaResources\msvideo","REPARSE","Desired Access: Maximum Allowed"
 "11:26:46.4081216 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Control\MediaResources\msvideo","SUCCESS","Desired Access: Maximum Allowed, Granted Access: Read"
 "11:26:46.4081284 AM","view-test.exe","24980","RegSetInfoKey","HKLM\System\CurrentControlSet\Control\MediaResources\msvideo","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.4081337 AM","view-test.exe","24980","RegEnumKey","HKLM\System\CurrentControlSet\Control\MediaResources\msvideo","SUCCESS","Index: 0, Name: MSVideo.VFWWDM"
 "11:26:46.4081411 AM","view-test.exe","24980","RegEnumKey","HKLM\System\CurrentControlSet\Control\MediaResources\msvideo","NO MORE ENTRIES","Index: 1, Length: 288"
 "11:26:46.4081489 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Control\MediaResources\msvideo","SUCCESS",""
 "11:26:46.4081599 AM","view-test.exe","24980","RegOpenKey","HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32","SUCCESS","Desired Access: Read"
 "11:26:46.4081680 AM","view-test.exe","24980","RegSetInfoKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.4081737 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32\msvideo","NAME NOT FOUND","Length: 16"
 "11:26:46.4081811 AM","view-test.exe","24980","RegCloseKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32","SUCCESS",""
 "11:26:46.4081896 AM","view-test.exe","24980","RegOpenKey","HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32","SUCCESS","Desired Access: Read"
 "11:26:46.4081977 AM","view-test.exe","24980","RegSetInfoKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.4082048 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32\msvideo1","NAME NOT FOUND","Length: 16"
 "11:26:46.4082129 AM","view-test.exe","24980","RegCloseKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32","SUCCESS",""
 "11:26:46.4082225 AM","view-test.exe","24980","RegOpenKey","HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32","SUCCESS","Desired Access: Read"
 "11:26:46.4082292 AM","view-test.exe","24980","RegSetInfoKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.4082356 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32\msvideo2","NAME NOT FOUND","Length: 16"
 "11:26:46.4082420 AM","view-test.exe","24980","RegCloseKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32","SUCCESS",""
 "11:26:46.4082508 AM","view-test.exe","24980","RegOpenKey","HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32","SUCCESS","Desired Access: Read"
 "11:26:46.4082572 AM","view-test.exe","24980","RegSetInfoKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.4082625 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32\msvideo3","NAME NOT FOUND","Length: 16"
 "11:26:46.4082685 AM","view-test.exe","24980","RegCloseKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32","SUCCESS",""
 "11:26:46.4082763 AM","view-test.exe","24980","RegOpenKey","HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32","SUCCESS","Desired Access: Read"
 "11:26:46.4082827 AM","view-test.exe","24980","RegSetInfoKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.4082876 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32\msvideo4","NAME NOT FOUND","Length: 16"
 "11:26:46.4082943 AM","view-test.exe","24980","RegCloseKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32","SUCCESS",""
 "11:26:46.4083018 AM","view-test.exe","24980","RegOpenKey","HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32","SUCCESS","Desired Access: Read"
 "11:26:46.4083081 AM","view-test.exe","24980","RegSetInfoKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.4083131 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32\msvideo5","NAME NOT FOUND","Length: 16"
 "11:26:46.4083191 AM","view-test.exe","24980","RegCloseKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32","SUCCESS",""
 "11:26:46.4083269 AM","view-test.exe","24980","RegOpenKey","HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32","SUCCESS","Desired Access: Read"
 "11:26:46.4083333 AM","view-test.exe","24980","RegSetInfoKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.4083386 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32\msvideo6","NAME NOT FOUND","Length: 16"
 "11:26:46.4083450 AM","view-test.exe","24980","RegCloseKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32","SUCCESS",""
 "11:26:46.4083534 AM","view-test.exe","24980","RegOpenKey","HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32","SUCCESS","Desired Access: Read"
 "11:26:46.4083595 AM","view-test.exe","24980","RegSetInfoKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.4083648 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32\msvideo7","NAME NOT FOUND","Length: 16"
 "11:26:46.4083772 AM","view-test.exe","24980","RegCloseKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32","SUCCESS",""
 "11:26:46.4083885 AM","view-test.exe","24980","RegOpenKey","HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32","SUCCESS","Desired Access: Read"
 "11:26:46.4083973 AM","view-test.exe","24980","RegSetInfoKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.4084041 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32\msvideo8","NAME NOT FOUND","Length: 16"
 "11:26:46.4084108 AM","view-test.exe","24980","RegCloseKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32","SUCCESS",""
 "11:26:46.4084207 AM","view-test.exe","24980","RegOpenKey","HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32","SUCCESS","Desired Access: Read"
 "11:26:46.4084274 AM","view-test.exe","24980","RegSetInfoKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.4084334 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32\msvideo9","NAME NOT FOUND","Length: 16"
 "11:26:46.4084416 AM","view-test.exe","24980","RegCloseKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32","SUCCESS",""
 "11:26:46.4084564 AM","view-test.exe","24980","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
 "11:26:46.4084656 AM","view-test.exe","24980","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Control\MediaResources\msvideo","REPARSE","Desired Access: Maximum Allowed"
 "11:26:46.4084731 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Control\MediaResources\msvideo","SUCCESS","Desired Access: Maximum Allowed, Granted Access: Read"
 "11:26:46.4084798 AM","view-test.exe","24980","RegSetInfoKey","HKLM\System\CurrentControlSet\Control\MediaResources\msvideo","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.4084851 AM","view-test.exe","24980","RegEnumKey","HKLM\System\CurrentControlSet\Control\MediaResources\msvideo","SUCCESS","Index: 0, Name: MSVideo.VFWWDM"
 "11:26:46.4084947 AM","view-test.exe","24980","RegQueryKey","HKLM\System\CurrentControlSet\Control\MediaResources\msvideo","SUCCESS","Query: HandleTags, HandleTags: 0x400"
 "11:26:46.4085021 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Control\MediaResources\msvideo\MSVideo.VFWWDM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: Read"
 "11:26:46.4085085 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Control\MediaResources\msvideo\MSVideo.VFWWDM\Active","NAME NOT FOUND","Length: 144"
 "11:26:46.4085138 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Control\MediaResources\msvideo\MSVideo.VFWWDM\Disabled","NAME NOT FOUND","Length: 144"
 "11:26:46.4085187 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Control\MediaResources\msvideo\MSVideo.VFWWDM\Description","SUCCESS","Type: REG_SZ, Length: 72, Data: Microsoft WDM Image Capture (Win32)"
 "11:26:46.4085258 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Control\MediaResources\msvideo\MSVideo.VFWWDM\DevNode","NAME NOT FOUND","Length: 144"
 "11:26:46.4085307 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Control\MediaResources\msvideo\MSVideo.VFWWDM\Driver","SUCCESS","Type: REG_SZ, Length: 26, Data: vfwwdm32.dll"
 "11:26:46.4085375 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Control\MediaResources\msvideo\MSVideo.VFWWDM\SOFTWAREKEY","NAME NOT FOUND","Length: 144"
 "11:26:46.4085431 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Control\MediaResources\msvideo\MSVideo.VFWWDM","SUCCESS",""
 "11:26:46.4085484 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Control\MediaResources\msvideo","SUCCESS",""
 "11:26:46.4085573 AM","view-test.exe","24980","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
 "11:26:46.4085658 AM","view-test.exe","24980","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Control\MediaResources\msvideo","REPARSE","Desired Access: Maximum Allowed"
 "11:26:46.4085750 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Control\MediaResources\msvideo","SUCCESS","Desired Access: Maximum Allowed, Granted Access: Read"
 "11:26:46.4085814 AM","view-test.exe","24980","RegSetInfoKey","HKLM\System\CurrentControlSet\Control\MediaResources\msvideo","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.4085867 AM","view-test.exe","24980","RegEnumKey","HKLM\System\CurrentControlSet\Control\MediaResources\msvideo","SUCCESS","Index: 0, Name: MSVideo.VFWWDM"
 "11:26:46.4085937 AM","view-test.exe","24980","RegEnumKey","HKLM\System\CurrentControlSet\Control\MediaResources\msvideo","NO MORE ENTRIES","Index: 1, Length: 288"
 "11:26:46.4085994 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Control\MediaResources\msvideo","SUCCESS",""
 "11:26:46.4086079 AM","view-test.exe","24980","RegOpenKey","HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32","SUCCESS","Desired Access: Read"
 "11:26:46.4086146 AM","view-test.exe","24980","RegSetInfoKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.4086217 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32\msvideo","NAME NOT FOUND","Length: 16"
 "11:26:46.4086316 AM","view-test.exe","24980","RegCloseKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32","SUCCESS",""
 "11:26:46.4086468 AM","view-test.exe","24980","RegOpenKey","HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32","SUCCESS","Desired Access: Read"
 "11:26:46.4086564 AM","view-test.exe","24980","RegSetInfoKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.4086613 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32\msvideo1","NAME NOT FOUND","Length: 16"
 "11:26:46.4086677 AM","view-test.exe","24980","RegCloseKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32","SUCCESS",""
 "11:26:46.4086766 AM","view-test.exe","24980","RegOpenKey","HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32","SUCCESS","Desired Access: Read"
 "11:26:46.4086829 AM","view-test.exe","24980","RegSetInfoKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.4086921 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32\msvideo2","NAME NOT FOUND","Length: 16"
 "11:26:46.4086985 AM","view-test.exe","24980","RegCloseKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32","SUCCESS",""
 "11:26:46.4087081 AM","view-test.exe","24980","RegOpenKey","HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32","SUCCESS","Desired Access: Read"
 "11:26:46.4087144 AM","view-test.exe","24980","RegSetInfoKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.4087204 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32\msvideo3","NAME NOT FOUND","Length: 16"
 "11:26:46.4087265 AM","view-test.exe","24980","RegCloseKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32","SUCCESS",""
 "11:26:46.4087342 AM","view-test.exe","24980","RegOpenKey","HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32","SUCCESS","Desired Access: Read"
 "11:26:46.4087403 AM","view-test.exe","24980","RegSetInfoKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.4087449 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32\msvideo4","NAME NOT FOUND","Length: 16"
 "11:26:46.4087509 AM","view-test.exe","24980","RegCloseKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32","SUCCESS",""
 "11:26:46.4087583 AM","view-test.exe","24980","RegOpenKey","HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32","SUCCESS","Desired Access: Read"
 "11:26:46.4087643 AM","view-test.exe","24980","RegSetInfoKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.4087693 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32\msvideo5","NAME NOT FOUND","Length: 16"
 "11:26:46.4087778 AM","view-test.exe","24980","RegCloseKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32","SUCCESS",""
 "11:26:46.4087891 AM","view-test.exe","24980","RegOpenKey","HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32","SUCCESS","Desired Access: Read"
 "11:26:46.4087965 AM","view-test.exe","24980","RegSetInfoKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.4088018 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32\msvideo6","NAME NOT FOUND","Length: 16"
 "11:26:46.4088089 AM","view-test.exe","24980","RegCloseKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32","SUCCESS",""
 "11:26:46.4088188 AM","view-test.exe","24980","RegOpenKey","HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32","SUCCESS","Desired Access: Read"
 "11:26:46.4088277 AM","view-test.exe","24980","RegSetInfoKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.4088333 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32\msvideo7","NAME NOT FOUND","Length: 16"
 "11:26:46.4088429 AM","view-test.exe","24980","RegCloseKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32","SUCCESS",""
 "11:26:46.4088524 AM","view-test.exe","24980","RegOpenKey","HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32","SUCCESS","Desired Access: Read"
 "11:26:46.4088602 AM","view-test.exe","24980","RegSetInfoKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.4088655 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32\msvideo8","NAME NOT FOUND","Length: 16"
 "11:26:46.4088723 AM","view-test.exe","24980","RegCloseKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32","SUCCESS",""
 "11:26:46.4088815 AM","view-test.exe","24980","RegOpenKey","HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32","SUCCESS","Desired Access: Read"
 "11:26:46.4088882 AM","view-test.exe","24980","RegSetInfoKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.4088935 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32\msvideo9","NAME NOT FOUND","Length: 16"
 "11:26:46.4088995 AM","view-test.exe","24980","RegCloseKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32","SUCCESS",""
 "11:26:46.4089140 AM","view-test.exe","24980","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
 "11:26:46.4089232 AM","view-test.exe","24980","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Control\MediaResources\msvideo","REPARSE","Desired Access: Maximum Allowed"
 "11:26:46.4089303 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Control\MediaResources\msvideo","SUCCESS","Desired Access: Maximum Allowed, Granted Access: Read"
 "11:26:46.4089370 AM","view-test.exe","24980","RegSetInfoKey","HKLM\System\CurrentControlSet\Control\MediaResources\msvideo","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.4089420 AM","view-test.exe","24980","RegEnumKey","HKLM\System\CurrentControlSet\Control\MediaResources\msvideo","SUCCESS","Index: 0, Name: MSVideo.VFWWDM"
 "11:26:46.4089501 AM","view-test.exe","24980","RegQueryKey","HKLM\System\CurrentControlSet\Control\MediaResources\msvideo","SUCCESS","Query: HandleTags, HandleTags: 0x400"
 "11:26:46.4089576 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Control\MediaResources\msvideo\MSVideo.VFWWDM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: Read"
 "11:26:46.4089636 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Control\MediaResources\msvideo\MSVideo.VFWWDM\Active","NAME NOT FOUND","Length: 144"
 "11:26:46.4089689 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Control\MediaResources\msvideo\MSVideo.VFWWDM\Disabled","NAME NOT FOUND","Length: 144"
 "11:26:46.4089738 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Control\MediaResources\msvideo\MSVideo.VFWWDM\Description","SUCCESS","Type: REG_SZ, Length: 72, Data: Microsoft WDM Image Capture (Win32)"
 "11:26:46.4089806 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Control\MediaResources\msvideo\MSVideo.VFWWDM\DevNode","NAME NOT FOUND","Length: 144"
 "11:26:46.4089855 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Control\MediaResources\msvideo\MSVideo.VFWWDM\Driver","SUCCESS","Type: REG_SZ, Length: 26, Data: vfwwdm32.dll"
 "11:26:46.4089922 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Control\MediaResources\msvideo\MSVideo.VFWWDM\SOFTWAREKEY","NAME NOT FOUND","Length: 144"
 "11:26:46.4089979 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Control\MediaResources\msvideo\MSVideo.VFWWDM","SUCCESS",""
 "11:26:46.4090032 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Control\MediaResources\msvideo","SUCCESS",""
 "11:26:46.4090089 AM","view-test.exe","24980","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
 "11:26:46.4090170 AM","view-test.exe","24980","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Control\MediaResources\msvideo","REPARSE","Desired Access: Maximum Allowed"
 "11:26:46.4090241 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Control\MediaResources\msvideo","SUCCESS","Desired Access: Maximum Allowed, Granted Access: Read"
 "11:26:46.4090301 AM","view-test.exe","24980","RegSetInfoKey","HKLM\System\CurrentControlSet\Control\MediaResources\msvideo","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.4090354 AM","view-test.exe","24980","RegEnumKey","HKLM\System\CurrentControlSet\Control\MediaResources\msvideo","SUCCESS","Index: 0, Name: MSVideo.VFWWDM"
 "11:26:46.4090421 AM","view-test.exe","24980","RegEnumKey","HKLM\System\CurrentControlSet\Control\MediaResources\msvideo","NO MORE ENTRIES","Index: 1, Length: 288"
 "11:26:46.4090474 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Control\MediaResources\msvideo","SUCCESS",""
 "11:26:46.4090552 AM","view-test.exe","24980","RegOpenKey","HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32","SUCCESS","Desired Access: Read"
 "11:26:46.4090620 AM","view-test.exe","24980","RegSetInfoKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.4090669 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32\msvideo","NAME NOT FOUND","Length: 16"
 "11:26:46.4090743 AM","view-test.exe","24980","RegCloseKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32","SUCCESS",""
 "11:26:46.4090821 AM","view-test.exe","24980","RegOpenKey","HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32","SUCCESS","Desired Access: Read"
 "11:26:46.4090881 AM","view-test.exe","24980","RegSetInfoKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.4090931 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32\msvideo1","NAME NOT FOUND","Length: 16"
 "11:26:46.4090991 AM","view-test.exe","24980","RegCloseKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32","SUCCESS",""
 "11:26:46.4091065 AM","view-test.exe","24980","RegOpenKey","HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32","SUCCESS","Desired Access: Read"
 "11:26:46.4091129 AM","view-test.exe","24980","RegSetInfoKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.4091175 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32\msvideo2","NAME NOT FOUND","Length: 16"
 "11:26:46.4091235 AM","view-test.exe","24980","RegCloseKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32","SUCCESS",""
 "11:26:46.4091324 AM","view-test.exe","24980","RegOpenKey","HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32","SUCCESS","Desired Access: Read"
 "11:26:46.4091387 AM","view-test.exe","24980","RegSetInfoKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.4091437 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32\msvideo3","NAME NOT FOUND","Length: 16"
 "11:26:46.4091501 AM","view-test.exe","24980","RegCloseKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32","SUCCESS",""
 "11:26:46.4091575 AM","view-test.exe","24980","RegOpenKey","HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32","SUCCESS","Desired Access: Read"
 "11:26:46.4091639 AM","view-test.exe","24980","RegSetInfoKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.4091685 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32\msvideo4","NAME NOT FOUND","Length: 16"
 "11:26:46.4091745 AM","view-test.exe","24980","RegCloseKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32","SUCCESS",""
 "11:26:46.4091819 AM","view-test.exe","24980","RegOpenKey","HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32","SUCCESS","Desired Access: Read"
 "11:26:46.4091879 AM","view-test.exe","24980","RegSetInfoKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.4091936 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32\msvideo5","NAME NOT FOUND","Length: 16"
 "11:26:46.4091996 AM","view-test.exe","24980","RegCloseKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32","SUCCESS",""
 "11:26:46.4092078 AM","view-test.exe","24980","RegOpenKey","HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32","SUCCESS","Desired Access: Read"
 "11:26:46.4092141 AM","view-test.exe","24980","RegSetInfoKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.4092194 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32\msvideo6","NAME NOT FOUND","Length: 16"
 "11:26:46.4092272 AM","view-test.exe","24980","RegCloseKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32","SUCCESS",""
 "11:26:46.4092357 AM","view-test.exe","24980","RegOpenKey","HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32","SUCCESS","Desired Access: Read"
 "11:26:46.4092417 AM","view-test.exe","24980","RegSetInfoKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.4092467 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32\msvideo7","NAME NOT FOUND","Length: 16"
 "11:26:46.4092527 AM","view-test.exe","24980","RegCloseKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32","SUCCESS",""
 "11:26:46.4092598 AM","view-test.exe","24980","RegOpenKey","HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32","SUCCESS","Desired Access: Read"
 "11:26:46.4092669 AM","view-test.exe","24980","RegSetInfoKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.4092715 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32\msvideo8","NAME NOT FOUND","Length: 16"
 "11:26:46.4092775 AM","view-test.exe","24980","RegCloseKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32","SUCCESS",""
 "11:26:46.4092863 AM","view-test.exe","24980","RegOpenKey","HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32","SUCCESS","Desired Access: Read"
 "11:26:46.4092927 AM","view-test.exe","24980","RegSetInfoKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.4092976 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32\msvideo9","NAME NOT FOUND","Length: 16"
 "11:26:46.4093033 AM","view-test.exe","24980","RegCloseKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32","SUCCESS",""
 "11:26:46.4093168 AM","view-test.exe","24980","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
 "11:26:46.4093249 AM","view-test.exe","24980","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Control\MediaResources\msvideo","REPARSE","Desired Access: Maximum Allowed"
 "11:26:46.4093316 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Control\MediaResources\msvideo","SUCCESS","Desired Access: Maximum Allowed, Granted Access: Read"
 "11:26:46.4093376 AM","view-test.exe","24980","RegSetInfoKey","HKLM\System\CurrentControlSet\Control\MediaResources\msvideo","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.4093429 AM","view-test.exe","24980","RegEnumKey","HKLM\System\CurrentControlSet\Control\MediaResources\msvideo","SUCCESS","Index: 0, Name: MSVideo.VFWWDM"
 "11:26:46.4093511 AM","view-test.exe","24980","RegQueryKey","HKLM\System\CurrentControlSet\Control\MediaResources\msvideo","SUCCESS","Query: HandleTags, HandleTags: 0x400"
 "11:26:46.4093599 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Control\MediaResources\msvideo\MSVideo.VFWWDM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: Read"
 "11:26:46.4093670 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Control\MediaResources\msvideo\MSVideo.VFWWDM\Active","NAME NOT FOUND","Length: 144"
 "11:26:46.4093737 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Control\MediaResources\msvideo\MSVideo.VFWWDM\Disabled","NAME NOT FOUND","Length: 144"
 "11:26:46.4093787 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Control\MediaResources\msvideo\MSVideo.VFWWDM\Description","SUCCESS","Type: REG_SZ, Length: 72, Data: Microsoft WDM Image Capture (Win32)"
 "11:26:46.4093861 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Control\MediaResources\msvideo\MSVideo.VFWWDM\DevNode","NAME NOT FOUND","Length: 144"
 "11:26:46.4093960 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Control\MediaResources\msvideo\MSVideo.VFWWDM\Driver","SUCCESS","Type: REG_SZ, Length: 26, Data: vfwwdm32.dll"
 "11:26:46.4094031 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Control\MediaResources\msvideo\MSVideo.VFWWDM\SOFTWAREKEY","NAME NOT FOUND","Length: 144"
 "11:26:46.4094098 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Control\MediaResources\msvideo\MSVideo.VFWWDM","SUCCESS",""
 "11:26:46.4094151 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Control\MediaResources\msvideo","SUCCESS",""
 "11:26:46.4094222 AM","view-test.exe","24980","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
 "11:26:46.4094307 AM","view-test.exe","24980","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Control\MediaResources\msvideo","REPARSE","Desired Access: Maximum Allowed"
 "11:26:46.4094378 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Control\MediaResources\msvideo","SUCCESS","Desired Access: Maximum Allowed, Granted Access: Read"
 "11:26:46.4094449 AM","view-test.exe","24980","RegSetInfoKey","HKLM\System\CurrentControlSet\Control\MediaResources\msvideo","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.4094505 AM","view-test.exe","24980","RegEnumKey","HKLM\System\CurrentControlSet\Control\MediaResources\msvideo","SUCCESS","Index: 0, Name: MSVideo.VFWWDM"
 "11:26:46.4094597 AM","view-test.exe","24980","RegEnumKey","HKLM\System\CurrentControlSet\Control\MediaResources\msvideo","NO MORE ENTRIES","Index: 1, Length: 288"
 "11:26:46.4094700 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Control\MediaResources\msvideo","SUCCESS",""
 "11:26:46.4094842 AM","view-test.exe","24980","RegOpenKey","HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32","SUCCESS","Desired Access: Read"
 "11:26:46.4094912 AM","view-test.exe","24980","RegSetInfoKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.4094965 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32\msvideo","NAME NOT FOUND","Length: 16"
 "11:26:46.4095026 AM","view-test.exe","24980","RegCloseKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32","SUCCESS",""
 "11:26:46.4095107 AM","view-test.exe","24980","RegOpenKey","HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32","SUCCESS","Desired Access: Read"
 "11:26:46.4095174 AM","view-test.exe","24980","RegSetInfoKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.4095224 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32\msvideo1","NAME NOT FOUND","Length: 16"
 "11:26:46.4095280 AM","view-test.exe","24980","RegCloseKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32","SUCCESS",""
 "11:26:46.4095355 AM","view-test.exe","24980","RegOpenKey","HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32","SUCCESS","Desired Access: Read"
 "11:26:46.4095415 AM","view-test.exe","24980","RegSetInfoKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.4095464 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32\msvideo2","NAME NOT FOUND","Length: 16"
 "11:26:46.4095525 AM","view-test.exe","24980","RegCloseKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32","SUCCESS",""
 "11:26:46.4095599 AM","view-test.exe","24980","RegOpenKey","HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32","SUCCESS","Desired Access: Read"
 "11:26:46.4095666 AM","view-test.exe","24980","RegSetInfoKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.4095716 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32\msvideo3","NAME NOT FOUND","Length: 16"
 "11:26:46.4095776 AM","view-test.exe","24980","RegCloseKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32","SUCCESS",""
 "11:26:46.4095850 AM","view-test.exe","24980","RegOpenKey","HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32","SUCCESS","Desired Access: Read"
 "11:26:46.4095914 AM","view-test.exe","24980","RegSetInfoKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.4095960 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32\msvideo4","NAME NOT FOUND","Length: 16"
 "11:26:46.4096020 AM","view-test.exe","24980","RegCloseKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32","SUCCESS",""
 "11:26:46.4096094 AM","view-test.exe","24980","RegOpenKey","HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32","SUCCESS","Desired Access: Read"
 "11:26:46.4096154 AM","view-test.exe","24980","RegSetInfoKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.4096254 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32\msvideo5","NAME NOT FOUND","Length: 16"
 "11:26:46.4096353 AM","view-test.exe","24980","RegCloseKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32","SUCCESS",""
 "11:26:46.4096441 AM","view-test.exe","24980","RegOpenKey","HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32","SUCCESS","Desired Access: Read"
 "11:26:46.4096508 AM","view-test.exe","24980","RegSetInfoKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.4096558 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32\msvideo6","NAME NOT FOUND","Length: 16"
 "11:26:46.4096618 AM","view-test.exe","24980","RegCloseKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32","SUCCESS",""
 "11:26:46.4096692 AM","view-test.exe","24980","RegOpenKey","HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32","SUCCESS","Desired Access: Read"
 "11:26:46.4096753 AM","view-test.exe","24980","RegSetInfoKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.4096802 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32\msvideo7","NAME NOT FOUND","Length: 16"
 "11:26:46.4096862 AM","view-test.exe","24980","RegCloseKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32","SUCCESS",""
 "11:26:46.4096933 AM","view-test.exe","24980","RegOpenKey","HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32","SUCCESS","Desired Access: Read"
 "11:26:46.4096997 AM","view-test.exe","24980","RegSetInfoKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.4097053 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32\msvideo8","NAME NOT FOUND","Length: 16"
 "11:26:46.4097114 AM","view-test.exe","24980","RegCloseKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32","SUCCESS",""
 "11:26:46.4097188 AM","view-test.exe","24980","RegOpenKey","HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32","SUCCESS","Desired Access: Read"
 "11:26:46.4097252 AM","view-test.exe","24980","RegSetInfoKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.4097298 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32\msvideo9","NAME NOT FOUND","Length: 16"
 "11:26:46.4097358 AM","view-test.exe","24980","RegCloseKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32","SUCCESS",""
 "11:26:46.4097492 AM","view-test.exe","24980","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
 "11:26:46.4097577 AM","view-test.exe","24980","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Control\MediaResources\msvideo","REPARSE","Desired Access: Maximum Allowed"
 "11:26:46.4097648 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Control\MediaResources\msvideo","SUCCESS","Desired Access: Maximum Allowed, Granted Access: Read"
 "11:26:46.4097719 AM","view-test.exe","24980","RegSetInfoKey","HKLM\System\CurrentControlSet\Control\MediaResources\msvideo","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.4097775 AM","view-test.exe","24980","RegEnumKey","HKLM\System\CurrentControlSet\Control\MediaResources\msvideo","SUCCESS","Index: 0, Name: MSVideo.VFWWDM"
 "11:26:46.4097857 AM","view-test.exe","24980","RegQueryKey","HKLM\System\CurrentControlSet\Control\MediaResources\msvideo","SUCCESS","Query: HandleTags, HandleTags: 0x400"
 "11:26:46.4097959 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Control\MediaResources\msvideo\MSVideo.VFWWDM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: Read"
 "11:26:46.4098044 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Control\MediaResources\msvideo\MSVideo.VFWWDM\Active","NAME NOT FOUND","Length: 144"
 "11:26:46.4098104 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Control\MediaResources\msvideo\MSVideo.VFWWDM\Disabled","NAME NOT FOUND","Length: 144"
 "11:26:46.4098154 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Control\MediaResources\msvideo\MSVideo.VFWWDM\Description","SUCCESS","Type: REG_SZ, Length: 72, Data: Microsoft WDM Image Capture (Win32)"
 "11:26:46.4098225 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Control\MediaResources\msvideo\MSVideo.VFWWDM\DevNode","NAME NOT FOUND","Length: 144"
 "11:26:46.4098278 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Control\MediaResources\msvideo\MSVideo.VFWWDM\Driver","SUCCESS","Type: REG_SZ, Length: 26, Data: vfwwdm32.dll"
 "11:26:46.4098349 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Control\MediaResources\msvideo\MSVideo.VFWWDM\SOFTWAREKEY","NAME NOT FOUND","Length: 144"
 "11:26:46.4098409 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Control\MediaResources\msvideo\MSVideo.VFWWDM","SUCCESS",""
 "11:26:46.4098465 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Control\MediaResources\msvideo","SUCCESS",""
 "11:26:46.4098526 AM","view-test.exe","24980","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
 "11:26:46.4098611 AM","view-test.exe","24980","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Control\MediaResources\msvideo","REPARSE","Desired Access: Maximum Allowed"
 "11:26:46.4098678 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Control\MediaResources\msvideo","SUCCESS","Desired Access: Maximum Allowed, Granted Access: Read"
 "11:26:46.4098738 AM","view-test.exe","24980","RegSetInfoKey","HKLM\System\CurrentControlSet\Control\MediaResources\msvideo","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.4098788 AM","view-test.exe","24980","RegEnumKey","HKLM\System\CurrentControlSet\Control\MediaResources\msvideo","SUCCESS","Index: 0, Name: MSVideo.VFWWDM"
 "11:26:46.4098855 AM","view-test.exe","24980","RegEnumKey","HKLM\System\CurrentControlSet\Control\MediaResources\msvideo","NO MORE ENTRIES","Index: 1, Length: 288"
 "11:26:46.4098911 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Control\MediaResources\msvideo","SUCCESS",""
 "11:26:46.4098989 AM","view-test.exe","24980","RegOpenKey","HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32","SUCCESS","Desired Access: Read"
 "11:26:46.4099056 AM","view-test.exe","24980","RegSetInfoKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.4099106 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32\msvideo","NAME NOT FOUND","Length: 16"
 "11:26:46.4099166 AM","view-test.exe","24980","RegCloseKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32","SUCCESS",""
 "11:26:46.4099244 AM","view-test.exe","24980","RegOpenKey","HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32","SUCCESS","Desired Access: Read"
 "11:26:46.4099304 AM","view-test.exe","24980","RegSetInfoKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.4099354 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32\msvideo1","NAME NOT FOUND","Length: 16"
 "11:26:46.4099414 AM","view-test.exe","24980","RegCloseKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32","SUCCESS",""
 "11:26:46.4099488 AM","view-test.exe","24980","RegOpenKey","HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32","SUCCESS","Desired Access: Read"
 "11:26:46.4099584 AM","view-test.exe","24980","RegSetInfoKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.4099662 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32\msvideo2","NAME NOT FOUND","Length: 16"
 "11:26:46.4099775 AM","view-test.exe","24980","RegCloseKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32","SUCCESS",""
 "11:26:46.4099878 AM","view-test.exe","24980","RegOpenKey","HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32","SUCCESS","Desired Access: Read"
 "11:26:46.4099959 AM","view-test.exe","24980","RegSetInfoKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.4100008 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32\msvideo3","NAME NOT FOUND","Length: 16"
 "11:26:46.4100072 AM","view-test.exe","24980","RegCloseKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32","SUCCESS",""
 "11:26:46.4100143 AM","view-test.exe","24980","RegOpenKey","HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32","SUCCESS","Desired Access: Read"
 "11:26:46.4100207 AM","view-test.exe","24980","RegSetInfoKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.4100253 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32\msvideo4","NAME NOT FOUND","Length: 16"
 "11:26:46.4100313 AM","view-test.exe","24980","RegCloseKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32","SUCCESS",""
 "11:26:46.4100387 AM","view-test.exe","24980","RegOpenKey","HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32","SUCCESS","Desired Access: Read"
 "11:26:46.4100447 AM","view-test.exe","24980","RegSetInfoKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.4100497 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32\msvideo5","NAME NOT FOUND","Length: 16"
 "11:26:46.4100557 AM","view-test.exe","24980","RegCloseKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32","SUCCESS",""
 "11:26:46.4100631 AM","view-test.exe","24980","RegOpenKey","HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32","SUCCESS","Desired Access: Read"
 "11:26:46.4100691 AM","view-test.exe","24980","RegSetInfoKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.4100748 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32\msvideo6","NAME NOT FOUND","Length: 16"
 "11:26:46.4100819 AM","view-test.exe","24980","RegCloseKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32","SUCCESS",""
 "11:26:46.4100893 AM","view-test.exe","24980","RegOpenKey","HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32","SUCCESS","Desired Access: Read"
 "11:26:46.4100953 AM","view-test.exe","24980","RegSetInfoKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.4101003 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32\msvideo7","NAME NOT FOUND","Length: 16"
 "11:26:46.4101063 AM","view-test.exe","24980","RegCloseKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32","SUCCESS",""
 "11:26:46.4101134 AM","view-test.exe","24980","RegOpenKey","HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32","SUCCESS","Desired Access: Read"
 "11:26:46.4101194 AM","view-test.exe","24980","RegSetInfoKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.4101244 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32\msvideo8","NAME NOT FOUND","Length: 16"
 "11:26:46.4101304 AM","view-test.exe","24980","RegCloseKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32","SUCCESS",""
 "11:26:46.4101378 AM","view-test.exe","24980","RegOpenKey","HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32","SUCCESS","Desired Access: Read"
 "11:26:46.4101463 AM","view-test.exe","24980","RegSetInfoKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.4101527 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32\msvideo9","NAME NOT FOUND","Length: 16"
 "11:26:46.4101608 AM","view-test.exe","24980","RegCloseKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32","SUCCESS",""
 "11:26:46.4101771 AM","view-test.exe","24980","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
 "11:26:46.4101856 AM","view-test.exe","24980","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Control\MediaResources\msvideo","REPARSE","Desired Access: Maximum Allowed"
 "11:26:46.4101927 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Control\MediaResources\msvideo","SUCCESS","Desired Access: Maximum Allowed, Granted Access: Read"
 "11:26:46.4101990 AM","view-test.exe","24980","RegSetInfoKey","HKLM\System\CurrentControlSet\Control\MediaResources\msvideo","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.4102040 AM","view-test.exe","24980","RegEnumKey","HKLM\System\CurrentControlSet\Control\MediaResources\msvideo","SUCCESS","Index: 0, Name: MSVideo.VFWWDM"
 "11:26:46.4102125 AM","view-test.exe","24980","RegQueryKey","HKLM\System\CurrentControlSet\Control\MediaResources\msvideo","SUCCESS","Query: HandleTags, HandleTags: 0x400"
 "11:26:46.4102203 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Control\MediaResources\msvideo\MSVideo.VFWWDM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: Read"
 "11:26:46.4102270 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Control\MediaResources\msvideo\MSVideo.VFWWDM\Active","NAME NOT FOUND","Length: 144"
 "11:26:46.4102341 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Control\MediaResources\msvideo\MSVideo.VFWWDM\Disabled","NAME NOT FOUND","Length: 144"
 "11:26:46.4102419 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Control\MediaResources\msvideo\MSVideo.VFWWDM\Description","SUCCESS","Type: REG_SZ, Length: 72, Data: Microsoft WDM Image Capture (Win32)"
 "11:26:46.4102511 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Control\MediaResources\msvideo\MSVideo.VFWWDM\DevNode","NAME NOT FOUND","Length: 144"
 "11:26:46.4102560 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Control\MediaResources\msvideo\MSVideo.VFWWDM\Driver","SUCCESS","Type: REG_SZ, Length: 26, Data: vfwwdm32.dll"
 "11:26:46.4102631 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Control\MediaResources\msvideo\MSVideo.VFWWDM\SOFTWAREKEY","NAME NOT FOUND","Length: 144"
 "11:26:46.4102687 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Control\MediaResources\msvideo\MSVideo.VFWWDM","SUCCESS",""
 "11:26:46.4102741 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Control\MediaResources\msvideo","SUCCESS",""
 "11:26:46.4102801 AM","view-test.exe","24980","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
 "11:26:46.4102882 AM","view-test.exe","24980","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Control\MediaResources\msvideo","REPARSE","Desired Access: Maximum Allowed"
 "11:26:46.4102949 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Control\MediaResources\msvideo","SUCCESS","Desired Access: Maximum Allowed, Granted Access: Read"
 "11:26:46.4103013 AM","view-test.exe","24980","RegSetInfoKey","HKLM\System\CurrentControlSet\Control\MediaResources\msvideo","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.4103077 AM","view-test.exe","24980","RegEnumKey","HKLM\System\CurrentControlSet\Control\MediaResources\msvideo","SUCCESS","Index: 0, Name: MSVideo.VFWWDM"
 "11:26:46.4103179 AM","view-test.exe","24980","RegEnumKey","HKLM\System\CurrentControlSet\Control\MediaResources\msvideo","NO MORE ENTRIES","Index: 1, Length: 288"
 "11:26:46.4103236 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Control\MediaResources\msvideo","SUCCESS",""
 "11:26:46.4103321 AM","view-test.exe","24980","RegOpenKey","HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32","SUCCESS","Desired Access: Read"
 "11:26:46.4103388 AM","view-test.exe","24980","RegSetInfoKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.4103448 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32\msvideo","NAME NOT FOUND","Length: 16"
 "11:26:46.4103523 AM","view-test.exe","24980","RegCloseKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32","SUCCESS",""
 "11:26:46.4103601 AM","view-test.exe","24980","RegOpenKey","HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32","SUCCESS","Desired Access: Read"
 "11:26:46.4103707 AM","view-test.exe","24980","RegSetInfoKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.4103767 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32\msvideo1","NAME NOT FOUND","Length: 16"
 "11:26:46.4103841 AM","view-test.exe","24980","RegCloseKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32","SUCCESS",""
 "11:26:46.4103940 AM","view-test.exe","24980","RegOpenKey","HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32","SUCCESS","Desired Access: Read"
 "11:26:46.4104011 AM","view-test.exe","24980","RegSetInfoKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.4104071 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32\msvideo2","NAME NOT FOUND","Length: 16"
 "11:26:46.4104135 AM","view-test.exe","24980","RegCloseKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32","SUCCESS",""
 "11:26:46.4104209 AM","view-test.exe","24980","RegOpenKey","HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32","SUCCESS","Desired Access: Read"
 "11:26:46.4104273 AM","view-test.exe","24980","RegSetInfoKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.4104330 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32\msvideo3","NAME NOT FOUND","Length: 16"
 "11:26:46.4104390 AM","view-test.exe","24980","RegCloseKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32","SUCCESS",""
 "11:26:46.4104468 AM","view-test.exe","24980","RegOpenKey","HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32","SUCCESS","Desired Access: Read"
 "11:26:46.4104531 AM","view-test.exe","24980","RegSetInfoKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.4104602 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32\msvideo4","NAME NOT FOUND","Length: 16"
 "11:26:46.4104662 AM","view-test.exe","24980","RegCloseKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32","SUCCESS",""
 "11:26:46.4104737 AM","view-test.exe","24980","RegOpenKey","HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32","SUCCESS","Desired Access: Read"
 "11:26:46.4104797 AM","view-test.exe","24980","RegSetInfoKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.4104846 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32\msvideo5","NAME NOT FOUND","Length: 16"
 "11:26:46.4104906 AM","view-test.exe","24980","RegCloseKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32","SUCCESS",""
 "11:26:46.4104981 AM","view-test.exe","24980","RegOpenKey","HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32","SUCCESS","Desired Access: Read"
 "11:26:46.4105041 AM","view-test.exe","24980","RegSetInfoKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.4105094 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32\msvideo6","NAME NOT FOUND","Length: 16"
 "11:26:46.4105158 AM","view-test.exe","24980","RegCloseKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32","SUCCESS",""
 "11:26:46.4105232 AM","view-test.exe","24980","RegOpenKey","HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32","SUCCESS","Desired Access: Read"
 "11:26:46.4105292 AM","view-test.exe","24980","RegSetInfoKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.4105342 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32\msvideo7","NAME NOT FOUND","Length: 16"
 "11:26:46.4105402 AM","view-test.exe","24980","RegCloseKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32","SUCCESS",""
 "11:26:46.4105483 AM","view-test.exe","24980","RegOpenKey","HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32","SUCCESS","Desired Access: Read"
 "11:26:46.4105547 AM","view-test.exe","24980","RegSetInfoKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.4105597 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32\msvideo8","NAME NOT FOUND","Length: 16"
 "11:26:46.4105657 AM","view-test.exe","24980","RegCloseKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32","SUCCESS",""
 "11:26:46.4105735 AM","view-test.exe","24980","RegOpenKey","HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32","SUCCESS","Desired Access: Read"
 "11:26:46.4105802 AM","view-test.exe","24980","RegSetInfoKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.4105858 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32\msvideo9","NAME NOT FOUND","Length: 16"
 "11:26:46.4105979 AM","view-test.exe","24980","RegCloseKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32","SUCCESS",""
 "11:26:46.4106209 AM","view-test.exe","24980","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
 "11:26:46.4106311 AM","view-test.exe","24980","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Control\MediaResources\msvideo","REPARSE","Desired Access: Maximum Allowed"
 "11:26:46.4106382 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Control\MediaResources\msvideo","SUCCESS","Desired Access: Maximum Allowed, Granted Access: Read"
 "11:26:46.4106449 AM","view-test.exe","24980","RegSetInfoKey","HKLM\System\CurrentControlSet\Control\MediaResources\msvideo","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.4106503 AM","view-test.exe","24980","RegEnumKey","HKLM\System\CurrentControlSet\Control\MediaResources\msvideo","SUCCESS","Index: 0, Name: MSVideo.VFWWDM"
 "11:26:46.4106584 AM","view-test.exe","24980","RegQueryKey","HKLM\System\CurrentControlSet\Control\MediaResources\msvideo","SUCCESS","Query: HandleTags, HandleTags: 0x400"
 "11:26:46.4106655 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Control\MediaResources\msvideo\MSVideo.VFWWDM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: Read"
 "11:26:46.4106722 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Control\MediaResources\msvideo\MSVideo.VFWWDM\Active","NAME NOT FOUND","Length: 144"
 "11:26:46.4106821 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Control\MediaResources\msvideo\MSVideo.VFWWDM\Disabled","NAME NOT FOUND","Length: 144"
 "11:26:46.4106917 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Control\MediaResources\msvideo\MSVideo.VFWWDM\Description","SUCCESS","Type: REG_SZ, Length: 72, Data: Microsoft WDM Image Capture (Win32)"
 "11:26:46.4106991 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Control\MediaResources\msvideo\MSVideo.VFWWDM\DevNode","NAME NOT FOUND","Length: 144"
 "11:26:46.4107055 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Control\MediaResources\msvideo\MSVideo.VFWWDM\Driver","SUCCESS","Type: REG_SZ, Length: 26, Data: vfwwdm32.dll"
 "11:26:46.4107132 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Control\MediaResources\msvideo\MSVideo.VFWWDM\SOFTWAREKEY","NAME NOT FOUND","Length: 144"
 "11:26:46.4107193 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Control\MediaResources\msvideo\MSVideo.VFWWDM","SUCCESS",""
 "11:26:46.4107246 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Control\MediaResources\msvideo","SUCCESS",""
 "11:26:46.4107309 AM","view-test.exe","24980","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
 "11:26:46.4107419 AM","view-test.exe","24980","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Control\MediaResources\msvideo","REPARSE","Desired Access: Maximum Allowed"
 "11:26:46.4107504 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Control\MediaResources\msvideo","SUCCESS","Desired Access: Maximum Allowed, Granted Access: Read"
 "11:26:46.4107596 AM","view-test.exe","24980","RegSetInfoKey","HKLM\System\CurrentControlSet\Control\MediaResources\msvideo","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.4107660 AM","view-test.exe","24980","RegEnumKey","HKLM\System\CurrentControlSet\Control\MediaResources\msvideo","SUCCESS","Index: 0, Name: MSVideo.VFWWDM"
 "11:26:46.4107731 AM","view-test.exe","24980","RegEnumKey","HKLM\System\CurrentControlSet\Control\MediaResources\msvideo","NO MORE ENTRIES","Index: 1, Length: 288"
 "11:26:46.4107801 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Control\MediaResources\msvideo","SUCCESS",""
 "11:26:46.4107925 AM","view-test.exe","24980","RegOpenKey","HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32","SUCCESS","Desired Access: Read"
 "11:26:46.4107999 AM","view-test.exe","24980","RegSetInfoKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.4108053 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32\msvideo","NAME NOT FOUND","Length: 16"
 "11:26:46.4108123 AM","view-test.exe","24980","RegCloseKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32","SUCCESS",""
 "11:26:46.4108208 AM","view-test.exe","24980","RegOpenKey","HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32","SUCCESS","Desired Access: Read"
 "11:26:46.4108268 AM","view-test.exe","24980","RegSetInfoKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.4108329 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32\msvideo1","NAME NOT FOUND","Length: 16"
 "11:26:46.4108406 AM","view-test.exe","24980","RegCloseKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32","SUCCESS",""
 "11:26:46.4108491 AM","view-test.exe","24980","RegOpenKey","HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32","SUCCESS","Desired Access: Read"
 "11:26:46.4108569 AM","view-test.exe","24980","RegSetInfoKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.4108633 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32\msvideo2","NAME NOT FOUND","Length: 16"
 "11:26:46.4108693 AM","view-test.exe","24980","RegCloseKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32","SUCCESS",""
 "11:26:46.4108771 AM","view-test.exe","24980","RegOpenKey","HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32","SUCCESS","Desired Access: Read"
 "11:26:46.4108835 AM","view-test.exe","24980","RegSetInfoKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.4108898 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32\msvideo3","NAME NOT FOUND","Length: 16"
 "11:26:46.4108962 AM","view-test.exe","24980","RegCloseKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32","SUCCESS",""
 "11:26:46.4109068 AM","view-test.exe","24980","RegOpenKey","HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32","SUCCESS","Desired Access: Read"
 "11:26:46.4109136 AM","view-test.exe","24980","RegSetInfoKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.4109196 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32\msvideo4","NAME NOT FOUND","Length: 16"
 "11:26:46.4109263 AM","view-test.exe","24980","RegCloseKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32","SUCCESS",""
 "11:26:46.4109337 AM","view-test.exe","24980","RegOpenKey","HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32","SUCCESS","Desired Access: Read"
 "11:26:46.4109397 AM","view-test.exe","24980","RegSetInfoKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.4109447 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32\msvideo5","NAME NOT FOUND","Length: 16"
 "11:26:46.4109507 AM","view-test.exe","24980","RegCloseKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32","SUCCESS",""
 "11:26:46.4109581 AM","view-test.exe","24980","RegOpenKey","HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32","SUCCESS","Desired Access: Read"
 "11:26:46.4109642 AM","view-test.exe","24980","RegSetInfoKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.4109688 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32\msvideo6","NAME NOT FOUND","Length: 16"
 "11:26:46.4109748 AM","view-test.exe","24980","RegCloseKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32","SUCCESS",""
 "11:26:46.4109822 AM","view-test.exe","24980","RegOpenKey","HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32","SUCCESS","Desired Access: Read"
 "11:26:46.4109882 AM","view-test.exe","24980","RegSetInfoKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.4109932 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32\msvideo7","NAME NOT FOUND","Length: 16"
 "11:26:46.4109992 AM","view-test.exe","24980","RegCloseKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32","SUCCESS",""
 "11:26:46.4110066 AM","view-test.exe","24980","RegOpenKey","HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32","SUCCESS","Desired Access: Read"
 "11:26:46.4110126 AM","view-test.exe","24980","RegSetInfoKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.4110172 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32\msvideo8","NAME NOT FOUND","Length: 16"
 "11:26:46.4110233 AM","view-test.exe","24980","RegCloseKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32","SUCCESS",""
 "11:26:46.4110307 AM","view-test.exe","24980","RegOpenKey","HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32","SUCCESS","Desired Access: Read"
 "11:26:46.4110371 AM","view-test.exe","24980","RegSetInfoKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.4110417 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32\msvideo9","NAME NOT FOUND","Length: 16"
 "11:26:46.4110491 AM","view-test.exe","24980","RegCloseKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32","SUCCESS",""
 "11:26:46.4110633 AM","view-test.exe","24980","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
 "11:26:46.4110717 AM","view-test.exe","24980","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Control\MediaResources\msvideo","REPARSE","Desired Access: Maximum Allowed"
 "11:26:46.4110788 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Control\MediaResources\msvideo","SUCCESS","Desired Access: Maximum Allowed, Granted Access: Read"
 "11:26:46.4110852 AM","view-test.exe","24980","RegSetInfoKey","HKLM\System\CurrentControlSet\Control\MediaResources\msvideo","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.4110901 AM","view-test.exe","24980","RegEnumKey","HKLM\System\CurrentControlSet\Control\MediaResources\msvideo","SUCCESS","Index: 0, Name: MSVideo.VFWWDM"
 "11:26:46.4110979 AM","view-test.exe","24980","RegQueryKey","HKLM\System\CurrentControlSet\Control\MediaResources\msvideo","SUCCESS","Query: HandleTags, HandleTags: 0x400"
 "11:26:46.4111050 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Control\MediaResources\msvideo\MSVideo.VFWWDM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: Read"
 "11:26:46.4111114 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Control\MediaResources\msvideo\MSVideo.VFWWDM\Active","NAME NOT FOUND","Length: 144"
 "11:26:46.4111163 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Control\MediaResources\msvideo\MSVideo.VFWWDM\Disabled","NAME NOT FOUND","Length: 144"
 "11:26:46.4111213 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Control\MediaResources\msvideo\MSVideo.VFWWDM\Description","SUCCESS","Type: REG_SZ, Length: 72, Data: Microsoft WDM Image Capture (Win32)"
 "11:26:46.4111301 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Control\MediaResources\msvideo\MSVideo.VFWWDM\DevNode","NAME NOT FOUND","Length: 144"
 "11:26:46.4111354 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Control\MediaResources\msvideo\MSVideo.VFWWDM\Driver","SUCCESS","Type: REG_SZ, Length: 26, Data: vfwwdm32.dll"
 "11:26:46.4111422 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Control\MediaResources\msvideo\MSVideo.VFWWDM\SOFTWAREKEY","NAME NOT FOUND","Length: 144"
 "11:26:46.4111478 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Control\MediaResources\msvideo\MSVideo.VFWWDM","SUCCESS",""
 "11:26:46.4111531 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Control\MediaResources\msvideo","SUCCESS",""
 "11:26:46.4111592 AM","view-test.exe","24980","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
 "11:26:46.4111669 AM","view-test.exe","24980","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Control\MediaResources\msvideo","REPARSE","Desired Access: Maximum Allowed"
 "11:26:46.4111737 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Control\MediaResources\msvideo","SUCCESS","Desired Access: Maximum Allowed, Granted Access: Read"
 "11:26:46.4111797 AM","view-test.exe","24980","RegSetInfoKey","HKLM\System\CurrentControlSet\Control\MediaResources\msvideo","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.4111846 AM","view-test.exe","24980","RegEnumKey","HKLM\System\CurrentControlSet\Control\MediaResources\msvideo","SUCCESS","Index: 0, Name: MSVideo.VFWWDM"
 "11:26:46.4111924 AM","view-test.exe","24980","RegEnumKey","HKLM\System\CurrentControlSet\Control\MediaResources\msvideo","NO MORE ENTRIES","Index: 1, Length: 288"
 "11:26:46.4112002 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Control\MediaResources\msvideo","SUCCESS",""
 "11:26:46.4112083 AM","view-test.exe","24980","RegOpenKey","HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32","SUCCESS","Desired Access: Read"
 "11:26:46.4112154 AM","view-test.exe","24980","RegSetInfoKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.4112204 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32\msvideo","NAME NOT FOUND","Length: 16"
 "11:26:46.4112268 AM","view-test.exe","24980","RegCloseKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32","SUCCESS",""
 "11:26:46.4112345 AM","view-test.exe","24980","RegOpenKey","HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32","SUCCESS","Desired Access: Read"
 "11:26:46.4112406 AM","view-test.exe","24980","RegSetInfoKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.4112455 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32\msvideo1","NAME NOT FOUND","Length: 16"
 "11:26:46.4112515 AM","view-test.exe","24980","RegCloseKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32","SUCCESS",""
 "11:26:46.4112593 AM","view-test.exe","24980","RegOpenKey","HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32","SUCCESS","Desired Access: Read"
 "11:26:46.4112717 AM","view-test.exe","24980","RegSetInfoKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.4112823 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32\msvideo2","NAME NOT FOUND","Length: 16"
 "11:26:46.4112936 AM","view-test.exe","24980","RegCloseKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32","SUCCESS",""
 "11:26:46.4113043 AM","view-test.exe","24980","RegOpenKey","HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32","SUCCESS","Desired Access: Read"
 "11:26:46.4113110 AM","view-test.exe","24980","RegSetInfoKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.4113159 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32\msvideo3","NAME NOT FOUND","Length: 16"
 "11:26:46.4113220 AM","view-test.exe","24980","RegCloseKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32","SUCCESS",""
 "11:26:46.4113294 AM","view-test.exe","24980","RegOpenKey","HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32","SUCCESS","Desired Access: Read"
 "11:26:46.4113358 AM","view-test.exe","24980","RegSetInfoKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.4113404 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32\msvideo4","NAME NOT FOUND","Length: 16"
 "11:26:46.4113464 AM","view-test.exe","24980","RegCloseKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32","SUCCESS",""
 "11:26:46.4113549 AM","view-test.exe","24980","RegOpenKey","HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32","SUCCESS","Desired Access: Read"
 "11:26:46.4113612 AM","view-test.exe","24980","RegSetInfoKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.4113669 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32\msvideo5","NAME NOT FOUND","Length: 16"
 "11:26:46.4113779 AM","view-test.exe","24980","RegCloseKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32","SUCCESS",""
 "11:26:46.4113906 AM","view-test.exe","24980","RegOpenKey","HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32","SUCCESS","Desired Access: Read"
 "11:26:46.4114019 AM","view-test.exe","24980","RegSetInfoKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.4114104 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32\msvideo6","NAME NOT FOUND","Length: 16"
 "11:26:46.4114221 AM","view-test.exe","24980","RegCloseKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32","SUCCESS",""
 "11:26:46.4114387 AM","view-test.exe","24980","RegOpenKey","HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32","SUCCESS","Desired Access: Read"
 "11:26:46.4114518 AM","view-test.exe","24980","RegSetInfoKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.4114621 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32\msvideo7","NAME NOT FOUND","Length: 16"
 "11:26:46.4114738 AM","view-test.exe","24980","RegCloseKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32","SUCCESS",""
 "11:26:46.4114908 AM","view-test.exe","24980","RegOpenKey","HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32","SUCCESS","Desired Access: Read"
 "11:26:46.4115035 AM","view-test.exe","24980","RegSetInfoKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.4115187 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32\msvideo8","NAME NOT FOUND","Length: 16"
 "11:26:46.4115311 AM","view-test.exe","24980","RegCloseKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32","SUCCESS",""
 "11:26:46.4115467 AM","view-test.exe","24980","RegOpenKey","HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32","SUCCESS","Desired Access: Read"
 "11:26:46.4115584 AM","view-test.exe","24980","RegSetInfoKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.4115661 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32\msvideo9","NAME NOT FOUND","Length: 16"
 "11:26:46.4115739 AM","view-test.exe","24980","RegCloseKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32","SUCCESS",""
 "11:26:46.4115913 AM","view-test.exe","24980","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
 "11:26:46.4116019 AM","view-test.exe","24980","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Control\MediaResources\msvideo","REPARSE","Desired Access: Maximum Allowed"
 "11:26:46.4116111 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Control\MediaResources\msvideo","SUCCESS","Desired Access: Maximum Allowed, Granted Access: Read"
 "11:26:46.4116203 AM","view-test.exe","24980","RegSetInfoKey","HKLM\System\CurrentControlSet\Control\MediaResources\msvideo","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.4116291 AM","view-test.exe","24980","RegEnumKey","HKLM\System\CurrentControlSet\Control\MediaResources\msvideo","SUCCESS","Index: 0, Name: MSVideo.VFWWDM"
 "11:26:46.4116390 AM","view-test.exe","24980","RegQueryKey","HKLM\System\CurrentControlSet\Control\MediaResources\msvideo","SUCCESS","Query: HandleTags, HandleTags: 0x400"
 "11:26:46.4116468 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Control\MediaResources\msvideo\MSVideo.VFWWDM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: Read"
 "11:26:46.4116543 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Control\MediaResources\msvideo\MSVideo.VFWWDM\Active","NAME NOT FOUND","Length: 144"
 "11:26:46.4116596 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Control\MediaResources\msvideo\MSVideo.VFWWDM\Disabled","NAME NOT FOUND","Length: 144"
 "11:26:46.4116649 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Control\MediaResources\msvideo\MSVideo.VFWWDM\Description","SUCCESS","Type: REG_SZ, Length: 72, Data: Microsoft WDM Image Capture (Win32)"
 "11:26:46.4116723 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Control\MediaResources\msvideo\MSVideo.VFWWDM\DevNode","NAME NOT FOUND","Length: 144"
 "11:26:46.4116773 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Control\MediaResources\msvideo\MSVideo.VFWWDM\Driver","SUCCESS","Type: REG_SZ, Length: 26, Data: vfwwdm32.dll"
 "11:26:46.4116840 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Control\MediaResources\msvideo\MSVideo.VFWWDM\SOFTWAREKEY","NAME NOT FOUND","Length: 144"
 "11:26:46.4116900 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Control\MediaResources\msvideo\MSVideo.VFWWDM","SUCCESS",""
 "11:26:46.4116978 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Control\MediaResources\msvideo","SUCCESS",""
 "11:26:46.4117045 AM","view-test.exe","24980","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
 "11:26:46.4117134 AM","view-test.exe","24980","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Control\MediaResources\msvideo","REPARSE","Desired Access: Maximum Allowed"
 "11:26:46.4117219 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Control\MediaResources\msvideo","SUCCESS","Desired Access: Maximum Allowed, Granted Access: Read"
 "11:26:46.4117286 AM","view-test.exe","24980","RegSetInfoKey","HKLM\System\CurrentControlSet\Control\MediaResources\msvideo","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.4117339 AM","view-test.exe","24980","RegEnumKey","HKLM\System\CurrentControlSet\Control\MediaResources\msvideo","SUCCESS","Index: 0, Name: MSVideo.VFWWDM"
 "11:26:46.4117410 AM","view-test.exe","24980","RegEnumKey","HKLM\System\CurrentControlSet\Control\MediaResources\msvideo","NO MORE ENTRIES","Index: 1, Length: 288"
 "11:26:46.4117466 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Control\MediaResources\msvideo","SUCCESS",""
 "11:26:46.4117562 AM","view-test.exe","24980","RegOpenKey","HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32","SUCCESS","Desired Access: Read"
 "11:26:46.4117640 AM","view-test.exe","24980","RegSetInfoKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.4117693 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32\msvideo","NAME NOT FOUND","Length: 16"
 "11:26:46.4117795 AM","view-test.exe","24980","RegCloseKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32","SUCCESS",""
 "11:26:46.4117887 AM","view-test.exe","24980","RegOpenKey","HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32","SUCCESS","Desired Access: Read"
 "11:26:46.4117955 AM","view-test.exe","24980","RegSetInfoKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.4118004 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32\msvideo1","NAME NOT FOUND","Length: 16"
 "11:26:46.4118064 AM","view-test.exe","24980","RegCloseKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32","SUCCESS",""
 "11:26:46.4118146 AM","view-test.exe","24980","RegOpenKey","HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32","SUCCESS","Desired Access: Read"
 "11:26:46.4118206 AM","view-test.exe","24980","RegSetInfoKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.4118263 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32\msvideo2","NAME NOT FOUND","Length: 16"
 "11:26:46.4118326 AM","view-test.exe","24980","RegCloseKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32","SUCCESS",""
 "11:26:46.4118418 AM","view-test.exe","24980","RegOpenKey","HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32","SUCCESS","Desired Access: Read"
 "11:26:46.4118514 AM","view-test.exe","24980","RegSetInfoKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.4118567 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32\msvideo3","NAME NOT FOUND","Length: 16"
 "11:26:46.4118655 AM","view-test.exe","24980","RegCloseKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32","SUCCESS",""
 "11:26:46.4118751 AM","view-test.exe","24980","RegOpenKey","HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32","SUCCESS","Desired Access: Read"
 "11:26:46.4118825 AM","view-test.exe","24980","RegSetInfoKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.4118875 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32\msvideo4","NAME NOT FOUND","Length: 16"
 "11:26:46.4118942 AM","view-test.exe","24980","RegCloseKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32","SUCCESS",""
 "11:26:46.4119016 AM","view-test.exe","24980","RegOpenKey","HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32","SUCCESS","Desired Access: Read"
 "11:26:46.4119091 AM","view-test.exe","24980","RegSetInfoKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.4119140 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32\msvideo5","NAME NOT FOUND","Length: 16"
 "11:26:46.4119207 AM","view-test.exe","24980","RegCloseKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32","SUCCESS",""
 "11:26:46.4119282 AM","view-test.exe","24980","RegOpenKey","HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32","SUCCESS","Desired Access: Read"
 "11:26:46.4119342 AM","view-test.exe","24980","RegSetInfoKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.4119392 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32\msvideo6","NAME NOT FOUND","Length: 16"
 "11:26:46.4119448 AM","view-test.exe","24980","RegCloseKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32","SUCCESS",""
 "11:26:46.4119530 AM","view-test.exe","24980","RegOpenKey","HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32","SUCCESS","Desired Access: Read"
 "11:26:46.4119593 AM","view-test.exe","24980","RegSetInfoKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.4119643 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32\msvideo7","NAME NOT FOUND","Length: 16"
 "11:26:46.4119717 AM","view-test.exe","24980","RegCloseKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32","SUCCESS",""
 "11:26:46.4119795 AM","view-test.exe","24980","RegOpenKey","HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32","SUCCESS","Desired Access: Read"
 "11:26:46.4119859 AM","view-test.exe","24980","RegSetInfoKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.4119919 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32\msvideo8","NAME NOT FOUND","Length: 16"
 "11:26:46.4119979 AM","view-test.exe","24980","RegCloseKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32","SUCCESS",""
 "11:26:46.4120057 AM","view-test.exe","24980","RegOpenKey","HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32","SUCCESS","Desired Access: Read"
 "11:26:46.4120117 AM","view-test.exe","24980","RegSetInfoKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.4120181 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32\msvideo9","NAME NOT FOUND","Length: 16"
 "11:26:46.4120269 AM","view-test.exe","24980","RegCloseKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32","SUCCESS",""
 "11:26:46.4125075 AM","view-test.exe","24980","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
 "11:26:46.4125206 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{65e8773d-8f56-11d0-a3b9-00a0c9223196}","REPARSE","Desired Access: Query Value"
 "11:26:46.4125309 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{65e8773d-8f56-11d0-a3b9-00a0c9223196}","SUCCESS","Desired Access: Query Value"
 "11:26:46.4125404 AM","view-test.exe","24980","RegSetInfoKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{65E8773D-8F56-11D0-A3B9-00A0C9223196}","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.4125482 AM","view-test.exe","24980","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{65E8773D-8F56-11D0-A3B9-00A0C9223196}","SUCCESS","Query: HandleTags, HandleTags: 0x400"
 "11:26:46.4125571 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{65E8773D-8F56-11D0-A3B9-00A0C9223196}\##?#usb#vid_0c45&pid_64d0&mi_00#7&c511da5&0&0000#{65e8773d-8f56-11d0-a3b9-00a0c9223196}\#global\Device Parameters","SUCCESS","Desired Access: Read"
 "11:26:46.4125684 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{65E8773D-8F56-11D0-A3B9-00A0C9223196}","SUCCESS",""
 "11:26:46.4125861 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Control\DeviceClasses\{65E8773D-8F56-11D0-A3B9-00A0C9223196}\##?#USB#VID_0C45&PID_64D0&MI_00#7&C511DA5&0&0000#{65e8773d-8f56-11d0-a3b9-00a0c9223196}\#GLOBAL\Device Parameters\FriendlyName","SUCCESS","Type: REG_SZ, Length: 36, Data: Integrated Webcam"
 "11:26:46.4125974 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{65E8773D-8F56-11D0-A3B9-00A0C9223196}\##?#USB#VID_0C45&PID_64D0&MI_00#7&C511DA5&0&0000#{65e8773d-8f56-11d0-a3b9-00a0c9223196}\#GLOBAL\Device Parameters","SUCCESS",""
 "11:26:46.4126321 AM","view-test.exe","24980","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: Name"
 "11:26:46.4126409 AM","view-test.exe","24980","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x1"
 "11:26:46.4126487 AM","view-test.exe","24980","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x1"
 "11:26:46.4126597 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Classes\Wow6432Node\CLSID\{BF87B6E1-8C27-11D0-B3F0-00AA003761C5}","NAME NOT FOUND","Desired Access: Read"
 "11:26:46.4126707 AM","view-test.exe","24980","RegOpenKey","HKCR\Wow6432Node\CLSID\{BF87B6E1-8C27-11D0-B3F0-00AA003761C5}","SUCCESS","Desired Access: Read"
 "11:26:46.4126806 AM","view-test.exe","24980","RegSetInfoKey","HKCR\Wow6432Node\CLSID\{BF87B6E1-8C27-11D0-B3F0-00AA003761C5}","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.4126862 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{BF87B6E1-8C27-11D0-B3F0-00AA003761C5}","SUCCESS","Query: Name"
 "11:26:46.4126940 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{BF87B6E1-8C27-11D0-B3F0-00AA003761C5}","SUCCESS","Query: HandleTags, HandleTags: 0x401"
 "11:26:46.4127082 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Classes\Wow6432Node\CLSID\{BF87B6E1-8C27-11D0-B3F0-00AA003761C5}\TreatAs","NAME NOT FOUND","Desired Access: Query Value"
 "11:26:46.4127163 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{BF87B6E1-8C27-11D0-B3F0-00AA003761C5}","SUCCESS","Query: HandleTags, HandleTags: 0x401"
 "11:26:46.4127248 AM","view-test.exe","24980","RegOpenKey","HKCR\Wow6432Node\CLSID\{BF87B6E1-8C27-11D0-B3F0-00AA003761C5}\TreatAs","NAME NOT FOUND","Desired Access: Query Value"
 "11:26:46.4127393 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{BF87B6E1-8C27-11D0-B3F0-00AA003761C5}","BUFFER TOO SMALL","Query: Name, Length: 0"
 "11:26:46.4127446 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{BF87B6E1-8C27-11D0-B3F0-00AA003761C5}","SUCCESS","Query: Name"
 "11:26:46.4127524 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{BF87B6E1-8C27-11D0-B3F0-00AA003761C5}","SUCCESS","Query: Name"
 "11:26:46.4127595 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{BF87B6E1-8C27-11D0-B3F0-00AA003761C5}","SUCCESS","Query: HandleTags, HandleTags: 0x401"
 "11:26:46.4127712 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Classes\Wow6432Node\CLSID\{BF87B6E1-8C27-11D0-B3F0-00AA003761C5}\Progid","NAME NOT FOUND","Desired Access: Query Value"
 "11:26:46.4127790 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{BF87B6E1-8C27-11D0-B3F0-00AA003761C5}","SUCCESS","Query: HandleTags, HandleTags: 0x401"
 "11:26:46.4127910 AM","view-test.exe","24980","RegOpenKey","HKCR\Wow6432Node\CLSID\{BF87B6E1-8C27-11D0-B3F0-00AA003761C5}\Progid","NAME NOT FOUND","Desired Access: Query Value"
 "11:26:46.4128030 AM","view-test.exe","24980","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: Name"
 "11:26:46.4128115 AM","view-test.exe","24980","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x1"
 "11:26:46.4128189 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Classes\CLSID\{BF87B6E1-8C27-11D0-B3F0-00AA003761C5}","NAME NOT FOUND","Desired Access: Read"
 "11:26:46.4128264 AM","view-test.exe","24980","RegOpenKey","HKCR\CLSID\{BF87B6E1-8C27-11D0-B3F0-00AA003761C5}","SUCCESS","Desired Access: Read"
 "11:26:46.4128345 AM","view-test.exe","24980","RegSetInfoKey","HKCR\CLSID\{BF87B6E1-8C27-11D0-B3F0-00AA003761C5}","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.4128395 AM","view-test.exe","24980","RegQueryKey","HKCR\CLSID\{BF87B6E1-8C27-11D0-B3F0-00AA003761C5}","SUCCESS","Query: Name"
 "11:26:46.4128473 AM","view-test.exe","24980","RegQueryKey","HKCR\CLSID\{BF87B6E1-8C27-11D0-B3F0-00AA003761C5}","SUCCESS","Query: HandleTags, HandleTags: 0x100"
 "11:26:46.4128579 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Classes\CLSID\{BF87B6E1-8C27-11D0-B3F0-00AA003761C5}\Progid","NAME NOT FOUND","Desired Access: Query Value"
 "11:26:46.4128678 AM","view-test.exe","24980","RegQueryKey","HKCR\CLSID\{BF87B6E1-8C27-11D0-B3F0-00AA003761C5}","SUCCESS","Query: HandleTags, HandleTags: 0x100"
 "11:26:46.4128752 AM","view-test.exe","24980","RegOpenKey","HKCR\CLSID\{BF87B6E1-8C27-11D0-B3F0-00AA003761C5}\Progid","NAME NOT FOUND","Desired Access: Query Value"
 "11:26:46.4128865 AM","view-test.exe","24980","RegCloseKey","HKCR\CLSID\{BF87B6E1-8C27-11D0-B3F0-00AA003761C5}","SUCCESS",""
 "11:26:46.4128926 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{BF87B6E1-8C27-11D0-B3F0-00AA003761C5}","SUCCESS","Query: Name"
 "11:26:46.4129010 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{BF87B6E1-8C27-11D0-B3F0-00AA003761C5}","SUCCESS","Query: HandleTags, HandleTags: 0x401"
 "11:26:46.4129202 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Classes\Wow6432Node\CLSID\{BF87B6E1-8C27-11D0-B3F0-00AA003761C5}","NAME NOT FOUND","Desired Access: Maximum Allowed"
 "11:26:46.4129294 AM","view-test.exe","24980","RegQueryValue","HKCR\Wow6432Node\CLSID\{BF87B6E1-8C27-11D0-B3F0-00AA003761C5}\(Default)","SUCCESS","Type: REG_SZ, Length: 48, Data: Capture Graph Builder 2"
 "11:26:46.4129393 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{BF87B6E1-8C27-11D0-B3F0-00AA003761C5}","SUCCESS","Query: Name"
 "11:26:46.4129474 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{BF87B6E1-8C27-11D0-B3F0-00AA003761C5}","SUCCESS","Query: HandleTags, HandleTags: 0x401"
 "11:26:46.4129591 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Classes\Wow6432Node\CLSID\{BF87B6E1-8C27-11D0-B3F0-00AA003761C5}","NAME NOT FOUND","Desired Access: Maximum Allowed"
 "11:26:46.4129662 AM","view-test.exe","24980","RegQueryValue","HKCR\Wow6432Node\CLSID\{BF87B6E1-8C27-11D0-B3F0-00AA003761C5}\(Default)","SUCCESS","Type: REG_SZ, Length: 48, Data: Capture Graph Builder 2"
 "11:26:46.4129754 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{BF87B6E1-8C27-11D0-B3F0-00AA003761C5}","SUCCESS","Query: Name"
 "11:26:46.4129828 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{BF87B6E1-8C27-11D0-B3F0-00AA003761C5}","SUCCESS","Query: HandleTags, HandleTags: 0x401"
 "11:26:46.4129938 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Classes\Wow6432Node\CLSID\{BF87B6E1-8C27-11D0-B3F0-00AA003761C5}\InprocServer32","NAME NOT FOUND","Desired Access: Read"
 "11:26:46.4130012 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{BF87B6E1-8C27-11D0-B3F0-00AA003761C5}","SUCCESS","Query: HandleTags, HandleTags: 0x401"
 "11:26:46.4130086 AM","view-test.exe","24980","RegOpenKey","HKCR\Wow6432Node\CLSID\{BF87B6E1-8C27-11D0-B3F0-00AA003761C5}\InprocServer32","SUCCESS","Desired Access: Read"
 "11:26:46.4130161 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{BF87B6E1-8C27-11D0-B3F0-00AA003761C5}\InprocServer32","SUCCESS","Query: Name"
 "11:26:46.4130235 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{BF87B6E1-8C27-11D0-B3F0-00AA003761C5}\InprocServer32","SUCCESS","Query: HandleTags, HandleTags: 0x401"
 "11:26:46.4130341 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Classes\Wow6432Node\CLSID\{BF87B6E1-8C27-11D0-B3F0-00AA003761C5}\InprocServer32","NAME NOT FOUND","Desired Access: Maximum Allowed"
 "11:26:46.4130408 AM","view-test.exe","24980","RegQueryValue","HKCR\Wow6432Node\CLSID\{BF87B6E1-8C27-11D0-B3F0-00AA003761C5}\InprocServer32\InprocServer32","NAME NOT FOUND","Length: 144"
 "11:26:46.4130465 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{BF87B6E1-8C27-11D0-B3F0-00AA003761C5}\InprocServer32","SUCCESS","Query: Name"
 "11:26:46.4130536 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{BF87B6E1-8C27-11D0-B3F0-00AA003761C5}\InprocServer32","SUCCESS","Query: HandleTags, HandleTags: 0x401"
 "11:26:46.4130642 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Classes\Wow6432Node\CLSID\{BF87B6E1-8C27-11D0-B3F0-00AA003761C5}\InprocServer32","NAME NOT FOUND","Desired Access: Maximum Allowed"
 "11:26:46.4130706 AM","view-test.exe","24980","RegQueryValue","HKCR\Wow6432Node\CLSID\{BF87B6E1-8C27-11D0-B3F0-00AA003761C5}\InprocServer32\(Default)","SUCCESS","Type: REG_SZ, Length: 58, Data: C:\Windows\SysWOW64\qcap.dll"
 "11:26:46.4130780 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{BF87B6E1-8C27-11D0-B3F0-00AA003761C5}\InprocServer32","SUCCESS","Query: Name"
 "11:26:46.4130851 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{BF87B6E1-8C27-11D0-B3F0-00AA003761C5}\InprocServer32","SUCCESS","Query: HandleTags, HandleTags: 0x401"
 "11:26:46.4130953 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Classes\Wow6432Node\CLSID\{BF87B6E1-8C27-11D0-B3F0-00AA003761C5}\InprocServer32","NAME NOT FOUND","Desired Access: Maximum Allowed"
 "11:26:46.4131017 AM","view-test.exe","24980","RegQueryValue","HKCR\Wow6432Node\CLSID\{BF87B6E1-8C27-11D0-B3F0-00AA003761C5}\InprocServer32\(Default)","SUCCESS","Type: REG_SZ, Length: 58, Data: C:\Windows\SysWOW64\qcap.dll"
 "11:26:46.4131095 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{BF87B6E1-8C27-11D0-B3F0-00AA003761C5}\InprocServer32","SUCCESS","Query: Name"
 "11:26:46.4131166 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{BF87B6E1-8C27-11D0-B3F0-00AA003761C5}\InprocServer32","SUCCESS","Query: HandleTags, HandleTags: 0x401"
 "11:26:46.4131272 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Classes\Wow6432Node\CLSID\{BF87B6E1-8C27-11D0-B3F0-00AA003761C5}\InprocServer32","NAME NOT FOUND","Desired Access: Maximum Allowed"
 "11:26:46.4131332 AM","view-test.exe","24980","RegQueryValue","HKCR\Wow6432Node\CLSID\{BF87B6E1-8C27-11D0-B3F0-00AA003761C5}\InprocServer32\ThreadingModel","SUCCESS","Type: REG_SZ, Length: 10, Data: Both"
 "11:26:46.4131421 AM","view-test.exe","24980","RegCloseKey","HKCR\Wow6432Node\CLSID\{BF87B6E1-8C27-11D0-B3F0-00AA003761C5}\InprocServer32","SUCCESS",""
 "11:26:46.4131474 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{BF87B6E1-8C27-11D0-B3F0-00AA003761C5}","SUCCESS","Query: Name"
 "11:26:46.4131544 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{BF87B6E1-8C27-11D0-B3F0-00AA003761C5}","SUCCESS","Query: HandleTags, HandleTags: 0x401"
 "11:26:46.4131651 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Classes\Wow6432Node\CLSID\{BF87B6E1-8C27-11D0-B3F0-00AA003761C5}\InprocHandler32","NAME NOT FOUND","Desired Access: Query Value"
 "11:26:46.4131725 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{BF87B6E1-8C27-11D0-B3F0-00AA003761C5}","SUCCESS","Query: HandleTags, HandleTags: 0x401"
 "11:26:46.4131796 AM","view-test.exe","24980","RegOpenKey","HKCR\Wow6432Node\CLSID\{BF87B6E1-8C27-11D0-B3F0-00AA003761C5}\InprocHandler32","NAME NOT FOUND","Desired Access: Query Value"
 "11:26:46.4131898 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{BF87B6E1-8C27-11D0-B3F0-00AA003761C5}","SUCCESS","Query: Name"
 "11:26:46.4131973 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{BF87B6E1-8C27-11D0-B3F0-00AA003761C5}","SUCCESS","Query: HandleTags, HandleTags: 0x401"
 "11:26:46.4132079 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Classes\Wow6432Node\CLSID\{BF87B6E1-8C27-11D0-B3F0-00AA003761C5}\InprocHandler","NAME NOT FOUND","Desired Access: Query Value"
 "11:26:46.4132146 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{BF87B6E1-8C27-11D0-B3F0-00AA003761C5}","SUCCESS","Query: HandleTags, HandleTags: 0x401"
 "11:26:46.4132220 AM","view-test.exe","24980","RegOpenKey","HKCR\Wow6432Node\CLSID\{BF87B6E1-8C27-11D0-B3F0-00AA003761C5}\InprocHandler","NAME NOT FOUND","Desired Access: Query Value"
 "11:26:46.4132323 AM","view-test.exe","24980","RegCloseKey","HKCR\Wow6432Node\CLSID\{BF87B6E1-8C27-11D0-B3F0-00AA003761C5}","SUCCESS",""
 "11:26:46.4132617 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Classes","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
 "11:26:46.4132695 AM","view-test.exe","24980","RegSetInfoKey","HKCU\Software\Classes","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.4132751 AM","view-test.exe","24980","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: Name"
 "11:26:46.4132829 AM","view-test.exe","24980","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x1"
 "11:26:46.4132903 AM","view-test.exe","24980","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x1"
 "11:26:46.4132992 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Classes\Wow6432Node\CLSID\{BF87B6E1-8C27-11D0-B3F0-00AA003761C5}","NAME NOT FOUND","Desired Access: Read"
 "11:26:46.4133080 AM","view-test.exe","24980","RegOpenKey","HKCR\Wow6432Node\CLSID\{BF87B6E1-8C27-11D0-B3F0-00AA003761C5}","SUCCESS","Desired Access: Read"
 "11:26:46.4133151 AM","view-test.exe","24980","RegSetInfoKey","HKCR\Wow6432Node\CLSID\{BF87B6E1-8C27-11D0-B3F0-00AA003761C5}","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.4133211 AM","view-test.exe","24980","RegCloseKey","HKCU\Software\Classes","SUCCESS",""
 "11:26:46.4133261 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{BF87B6E1-8C27-11D0-B3F0-00AA003761C5}","SUCCESS","Query: Name"
 "11:26:46.4133335 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{BF87B6E1-8C27-11D0-B3F0-00AA003761C5}","SUCCESS","Query: HandleTags, HandleTags: 0x401"
 "11:26:46.4133445 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Classes\Wow6432Node\CLSID\{BF87B6E1-8C27-11D0-B3F0-00AA003761C5}\TreatAs","NAME NOT FOUND","Desired Access: Read"
 "11:26:46.4133516 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{BF87B6E1-8C27-11D0-B3F0-00AA003761C5}","SUCCESS","Query: HandleTags, HandleTags: 0x401"
 "11:26:46.4133590 AM","view-test.exe","24980","RegOpenKey","HKCR\Wow6432Node\CLSID\{BF87B6E1-8C27-11D0-B3F0-00AA003761C5}\TreatAs","NAME NOT FOUND","Desired Access: Read"
 "11:26:46.4133710 AM","view-test.exe","24980","RegCloseKey","HKCR\Wow6432Node\CLSID\{BF87B6E1-8C27-11D0-B3F0-00AA003761C5}","SUCCESS",""
 "11:26:46.4135020 AM","view-test.exe","24980","CreateFile","C:\Windows\SysWOW64\qcap.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
 "11:26:46.4135639 AM","view-test.exe","24980","QueryBasicInformationFile","C:\Windows\SysWOW64\qcap.dll","SUCCESS","CreationTime: 11/21/2010 5:24:08 AM, LastAccessTime: 11/21/2010 5:24:08 AM, LastWriteTime: 11/21/2010 5:24:08 AM, ChangeTime: 12/5/2014 3:16:07 PM, FileAttributes: A"
 "11:26:46.4135745 AM","view-test.exe","24980","CloseFile","C:\Windows\SysWOW64\qcap.dll","SUCCESS",""
 "11:26:46.4136396 AM","view-test.exe","24980","CreateFile","C:\Windows\SysWOW64\qcap.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
 "11:26:46.4136973 AM","view-test.exe","24980","CreateFileMapping","C:\Windows\SysWOW64\qcap.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: "
 "11:26:46.4137787 AM","view-test.exe","24980","CreateFileMapping","C:\Windows\SysWOW64\qcap.dll","SUCCESS","SyncType: SyncTypeOther"
 "11:26:46.4138615 AM","view-test.exe","24980","Load Image","C:\Windows\SysWOW64\qcap.dll","SUCCESS","Image Base: 0x6f9a0000, Image Size: 0x32000"
 "11:26:46.4138746 AM","view-test.exe","24980","CloseFile","C:\Windows\SysWOW64\qcap.dll","SUCCESS",""
 "11:26:46.4140402 AM","view-test.exe","24980","CreateFile","C:\Windows\SysWOW64\msvfw32.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
 "11:26:46.4140972 AM","view-test.exe","24980","QueryBasicInformationFile","C:\Windows\SysWOW64\msvfw32.dll","SUCCESS","CreationTime: 11/21/2010 5:24:28 AM, LastAccessTime: 11/21/2010 5:24:28 AM, LastWriteTime: 11/21/2010 5:24:28 AM, ChangeTime: 12/5/2014 3:16:01 PM, FileAttributes: A"
 "11:26:46.4141071 AM","view-test.exe","24980","CloseFile","C:\Windows\SysWOW64\msvfw32.dll","SUCCESS",""
 "11:26:46.4141701 AM","view-test.exe","24980","CreateFile","C:\Windows\SysWOW64\msvfw32.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
 "11:26:46.4142271 AM","view-test.exe","24980","CreateFileMapping","C:\Windows\SysWOW64\msvfw32.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: "
 "11:26:46.4142848 AM","view-test.exe","24980","CreateFileMapping","C:\Windows\SysWOW64\msvfw32.dll","SUCCESS","SyncType: SyncTypeOther"
 "11:26:46.4143503 AM","view-test.exe","24980","Load Image","C:\Windows\SysWOW64\msvfw32.dll","SUCCESS","Image Base: 0x6f700000, Image Size: 0x21000"
 "11:26:46.4143623 AM","view-test.exe","24980","CloseFile","C:\Windows\SysWOW64\msvfw32.dll","SUCCESS",""
 "11:26:46.4144554 AM","view-test.exe","24980","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
 "11:26:46.4144681 AM","view-test.exe","24980","RegOpenKey","HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\VFW","NAME NOT FOUND","Desired Access: Query Value"
 "11:26:46.4145187 AM","view-test.exe","24980","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: Name"
 "11:26:46.4145283 AM","view-test.exe","24980","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x1"
 "11:26:46.4145361 AM","view-test.exe","24980","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x1"
 "11:26:46.4145467 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Classes\Wow6432Node\CLSID\{E436EBB3-524F-11CE-9F53-0020AF0BA770}","NAME NOT FOUND","Desired Access: Read"
 "11:26:46.4145573 AM","view-test.exe","24980","RegOpenKey","HKCR\Wow6432Node\CLSID\{E436EBB3-524F-11CE-9F53-0020AF0BA770}","SUCCESS","Desired Access: Read"
 "11:26:46.4145665 AM","view-test.exe","24980","RegSetInfoKey","HKCR\Wow6432Node\CLSID\{E436EBB3-524F-11CE-9F53-0020AF0BA770}","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.4145718 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{E436EBB3-524F-11CE-9F53-0020AF0BA770}","SUCCESS","Query: Name"
 "11:26:46.4145796 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{E436EBB3-524F-11CE-9F53-0020AF0BA770}","SUCCESS","Query: HandleTags, HandleTags: 0x401"
 "11:26:46.4145930 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Classes\Wow6432Node\CLSID\{E436EBB3-524F-11CE-9F53-0020AF0BA770}\TreatAs","NAME NOT FOUND","Desired Access: Query Value"
 "11:26:46.4146008 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{E436EBB3-524F-11CE-9F53-0020AF0BA770}","SUCCESS","Query: HandleTags, HandleTags: 0x401"
 "11:26:46.4146086 AM","view-test.exe","24980","RegOpenKey","HKCR\Wow6432Node\CLSID\{E436EBB3-524F-11CE-9F53-0020AF0BA770}\TreatAs","NAME NOT FOUND","Desired Access: Query Value"
 "11:26:46.4146196 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{E436EBB3-524F-11CE-9F53-0020AF0BA770}","BUFFER TOO SMALL","Query: Name, Length: 0"
 "11:26:46.4146245 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{E436EBB3-524F-11CE-9F53-0020AF0BA770}","SUCCESS","Query: Name"
 "11:26:46.4146323 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{E436EBB3-524F-11CE-9F53-0020AF0BA770}","SUCCESS","Query: Name"
 "11:26:46.4146394 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{E436EBB3-524F-11CE-9F53-0020AF0BA770}","SUCCESS","Query: HandleTags, HandleTags: 0x401"
 "11:26:46.4146514 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Classes\Wow6432Node\CLSID\{E436EBB3-524F-11CE-9F53-0020AF0BA770}\Progid","NAME NOT FOUND","Desired Access: Query Value"
 "11:26:46.4146589 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{E436EBB3-524F-11CE-9F53-0020AF0BA770}","SUCCESS","Query: HandleTags, HandleTags: 0x401"
 "11:26:46.4146663 AM","view-test.exe","24980","RegOpenKey","HKCR\Wow6432Node\CLSID\{E436EBB3-524F-11CE-9F53-0020AF0BA770}\Progid","NAME NOT FOUND","Desired Access: Query Value"
 "11:26:46.4146762 AM","view-test.exe","24980","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: Name"
 "11:26:46.4146843 AM","view-test.exe","24980","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x1"
 "11:26:46.4146918 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Classes\CLSID\{E436EBB3-524F-11CE-9F53-0020AF0BA770}","NAME NOT FOUND","Desired Access: Read"
 "11:26:46.4146992 AM","view-test.exe","24980","RegOpenKey","HKCR\CLSID\{E436EBB3-524F-11CE-9F53-0020AF0BA770}","SUCCESS","Desired Access: Read"
 "11:26:46.4147070 AM","view-test.exe","24980","RegSetInfoKey","HKCR\CLSID\{E436EBB3-524F-11CE-9F53-0020AF0BA770}","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.4147123 AM","view-test.exe","24980","RegQueryKey","HKCR\CLSID\{E436EBB3-524F-11CE-9F53-0020AF0BA770}","SUCCESS","Query: Name"
 "11:26:46.4147197 AM","view-test.exe","24980","RegQueryKey","HKCR\CLSID\{E436EBB3-524F-11CE-9F53-0020AF0BA770}","SUCCESS","Query: HandleTags, HandleTags: 0x100"
 "11:26:46.4147304 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Classes\CLSID\{E436EBB3-524F-11CE-9F53-0020AF0BA770}\Progid","NAME NOT FOUND","Desired Access: Query Value"
 "11:26:46.4147374 AM","view-test.exe","24980","RegQueryKey","HKCR\CLSID\{E436EBB3-524F-11CE-9F53-0020AF0BA770}","SUCCESS","Query: HandleTags, HandleTags: 0x100"
 "11:26:46.4147445 AM","view-test.exe","24980","RegOpenKey","HKCR\CLSID\{E436EBB3-524F-11CE-9F53-0020AF0BA770}\Progid","NAME NOT FOUND","Desired Access: Query Value"
 "11:26:46.4147551 AM","view-test.exe","24980","RegCloseKey","HKCR\CLSID\{E436EBB3-524F-11CE-9F53-0020AF0BA770}","SUCCESS",""
 "11:26:46.4147608 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{E436EBB3-524F-11CE-9F53-0020AF0BA770}","SUCCESS","Query: Name"
 "11:26:46.4147682 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{E436EBB3-524F-11CE-9F53-0020AF0BA770}","SUCCESS","Query: HandleTags, HandleTags: 0x401"
 "11:26:46.4147795 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Classes\Wow6432Node\CLSID\{E436EBB3-524F-11CE-9F53-0020AF0BA770}","NAME NOT FOUND","Desired Access: Maximum Allowed"
 "11:26:46.4147870 AM","view-test.exe","24980","RegQueryValue","HKCR\Wow6432Node\CLSID\{E436EBB3-524F-11CE-9F53-0020AF0BA770}\(Default)","SUCCESS","Type: REG_SZ, Length: 26, Data: Filter Graph"
 "11:26:46.4147958 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{E436EBB3-524F-11CE-9F53-0020AF0BA770}","SUCCESS","Query: Name"
 "11:26:46.4148033 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{E436EBB3-524F-11CE-9F53-0020AF0BA770}","SUCCESS","Query: HandleTags, HandleTags: 0x401"
 "11:26:46.4148139 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Classes\Wow6432Node\CLSID\{E436EBB3-524F-11CE-9F53-0020AF0BA770}","NAME NOT FOUND","Desired Access: Maximum Allowed"
 "11:26:46.4148206 AM","view-test.exe","24980","RegQueryValue","HKCR\Wow6432Node\CLSID\{E436EBB3-524F-11CE-9F53-0020AF0BA770}\(Default)","SUCCESS","Type: REG_SZ, Length: 26, Data: Filter Graph"
 "11:26:46.4148287 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{E436EBB3-524F-11CE-9F53-0020AF0BA770}","SUCCESS","Query: Name"
 "11:26:46.4148358 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{E436EBB3-524F-11CE-9F53-0020AF0BA770}","SUCCESS","Query: HandleTags, HandleTags: 0x401"
 "11:26:46.4148468 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Classes\Wow6432Node\CLSID\{E436EBB3-524F-11CE-9F53-0020AF0BA770}\InprocServer32","NAME NOT FOUND","Desired Access: Read"
 "11:26:46.4148539 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{E436EBB3-524F-11CE-9F53-0020AF0BA770}","SUCCESS","Query: HandleTags, HandleTags: 0x401"
 "11:26:46.4148613 AM","view-test.exe","24980","RegOpenKey","HKCR\Wow6432Node\CLSID\{E436EBB3-524F-11CE-9F53-0020AF0BA770}\InprocServer32","SUCCESS","Desired Access: Read"
 "11:26:46.4148684 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{E436EBB3-524F-11CE-9F53-0020AF0BA770}\InprocServer32","SUCCESS","Query: Name"
 "11:26:46.4148762 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{E436EBB3-524F-11CE-9F53-0020AF0BA770}\InprocServer32","SUCCESS","Query: HandleTags, HandleTags: 0x401"
 "11:26:46.4148864 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Classes\Wow6432Node\CLSID\{E436EBB3-524F-11CE-9F53-0020AF0BA770}\InprocServer32","NAME NOT FOUND","Desired Access: Maximum Allowed"
 "11:26:46.4148931 AM","view-test.exe","24980","RegQueryValue","HKCR\Wow6432Node\CLSID\{E436EBB3-524F-11CE-9F53-0020AF0BA770}\InprocServer32\InprocServer32","NAME NOT FOUND","Length: 144"
 "11:26:46.4148988 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{E436EBB3-524F-11CE-9F53-0020AF0BA770}\InprocServer32","SUCCESS","Query: Name"
 "11:26:46.4149059 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{E436EBB3-524F-11CE-9F53-0020AF0BA770}\InprocServer32","SUCCESS","Query: HandleTags, HandleTags: 0x401"
 "11:26:46.4149162 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Classes\Wow6432Node\CLSID\{E436EBB3-524F-11CE-9F53-0020AF0BA770}\InprocServer32","NAME NOT FOUND","Desired Access: Maximum Allowed"
 "11:26:46.4149229 AM","view-test.exe","24980","RegQueryValue","HKCR\Wow6432Node\CLSID\{E436EBB3-524F-11CE-9F53-0020AF0BA770}\InprocServer32\(Default)","SUCCESS","Type: REG_SZ, Length: 62, Data: C:\Windows\SysWOW64\quartz.dll"
 "11:26:46.4149303 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{E436EBB3-524F-11CE-9F53-0020AF0BA770}\InprocServer32","SUCCESS","Query: Name"
 "11:26:46.4149374 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{E436EBB3-524F-11CE-9F53-0020AF0BA770}\InprocServer32","SUCCESS","Query: HandleTags, HandleTags: 0x401"
 "11:26:46.4149476 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Classes\Wow6432Node\CLSID\{E436EBB3-524F-11CE-9F53-0020AF0BA770}\InprocServer32","NAME NOT FOUND","Desired Access: Maximum Allowed"
 "11:26:46.4149540 AM","view-test.exe","24980","RegQueryValue","HKCR\Wow6432Node\CLSID\{E436EBB3-524F-11CE-9F53-0020AF0BA770}\InprocServer32\(Default)","SUCCESS","Type: REG_SZ, Length: 62, Data: C:\Windows\SysWOW64\quartz.dll"
 "11:26:46.4149614 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{E436EBB3-524F-11CE-9F53-0020AF0BA770}\InprocServer32","SUCCESS","Query: Name"
 "11:26:46.4149685 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{E436EBB3-524F-11CE-9F53-0020AF0BA770}\InprocServer32","SUCCESS","Query: HandleTags, HandleTags: 0x401"
 "11:26:46.4149791 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Classes\Wow6432Node\CLSID\{E436EBB3-524F-11CE-9F53-0020AF0BA770}\InprocServer32","NAME NOT FOUND","Desired Access: Maximum Allowed"
 "11:26:46.4149852 AM","view-test.exe","24980","RegQueryValue","HKCR\Wow6432Node\CLSID\{E436EBB3-524F-11CE-9F53-0020AF0BA770}\InprocServer32\ThreadingModel","SUCCESS","Type: REG_SZ, Length: 10, Data: Both"
 "11:26:46.4149940 AM","view-test.exe","24980","RegCloseKey","HKCR\Wow6432Node\CLSID\{E436EBB3-524F-11CE-9F53-0020AF0BA770}\InprocServer32","SUCCESS",""
 "11:26:46.4149990 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{E436EBB3-524F-11CE-9F53-0020AF0BA770}","SUCCESS","Query: Name"
 "11:26:46.4150064 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{E436EBB3-524F-11CE-9F53-0020AF0BA770}","SUCCESS","Query: HandleTags, HandleTags: 0x401"
 "11:26:46.4150167 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Classes\Wow6432Node\CLSID\{E436EBB3-524F-11CE-9F53-0020AF0BA770}\InprocHandler32","NAME NOT FOUND","Desired Access: Query Value"
 "11:26:46.4150241 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{E436EBB3-524F-11CE-9F53-0020AF0BA770}","SUCCESS","Query: HandleTags, HandleTags: 0x401"
 "11:26:46.4150312 AM","view-test.exe","24980","RegOpenKey","HKCR\Wow6432Node\CLSID\{E436EBB3-524F-11CE-9F53-0020AF0BA770}\InprocHandler32","NAME NOT FOUND","Desired Access: Query Value"
 "11:26:46.4150414 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{E436EBB3-524F-11CE-9F53-0020AF0BA770}","SUCCESS","Query: Name"
 "11:26:46.4150485 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{E436EBB3-524F-11CE-9F53-0020AF0BA770}","SUCCESS","Query: HandleTags, HandleTags: 0x401"
 "11:26:46.4150591 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Classes\Wow6432Node\CLSID\{E436EBB3-524F-11CE-9F53-0020AF0BA770}\InprocHandler","NAME NOT FOUND","Desired Access: Query Value"
 "11:26:46.4150662 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{E436EBB3-524F-11CE-9F53-0020AF0BA770}","SUCCESS","Query: HandleTags, HandleTags: 0x401"
 "11:26:46.4150736 AM","view-test.exe","24980","RegOpenKey","HKCR\Wow6432Node\CLSID\{E436EBB3-524F-11CE-9F53-0020AF0BA770}\InprocHandler","NAME NOT FOUND","Desired Access: Query Value"
 "11:26:46.4150839 AM","view-test.exe","24980","RegCloseKey","HKCR\Wow6432Node\CLSID\{E436EBB3-524F-11CE-9F53-0020AF0BA770}","SUCCESS",""
 "11:26:46.4151083 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Classes","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
 "11:26:46.4151161 AM","view-test.exe","24980","RegSetInfoKey","HKCU\Software\Classes","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.4151218 AM","view-test.exe","24980","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: Name"
 "11:26:46.4151296 AM","view-test.exe","24980","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x1"
 "11:26:46.4151370 AM","view-test.exe","24980","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x1"
 "11:26:46.4151458 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Classes\Wow6432Node\CLSID\{E436EBB3-524F-11CE-9F53-0020AF0BA770}","NAME NOT FOUND","Desired Access: Read"
 "11:26:46.4151547 AM","view-test.exe","24980","RegOpenKey","HKCR\Wow6432Node\CLSID\{E436EBB3-524F-11CE-9F53-0020AF0BA770}","SUCCESS","Desired Access: Read"
 "11:26:46.4151618 AM","view-test.exe","24980","RegSetInfoKey","HKCR\Wow6432Node\CLSID\{E436EBB3-524F-11CE-9F53-0020AF0BA770}","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.4151678 AM","view-test.exe","24980","RegCloseKey","HKCU\Software\Classes","SUCCESS",""
 "11:26:46.4151731 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{E436EBB3-524F-11CE-9F53-0020AF0BA770}","SUCCESS","Query: Name"
 "11:26:46.4151805 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{E436EBB3-524F-11CE-9F53-0020AF0BA770}","SUCCESS","Query: HandleTags, HandleTags: 0x401"
 "11:26:46.4151911 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Classes\Wow6432Node\CLSID\{E436EBB3-524F-11CE-9F53-0020AF0BA770}\TreatAs","NAME NOT FOUND","Desired Access: Read"
 "11:26:46.4151986 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{E436EBB3-524F-11CE-9F53-0020AF0BA770}","SUCCESS","Query: HandleTags, HandleTags: 0x401"
 "11:26:46.4152056 AM","view-test.exe","24980","RegOpenKey","HKCR\Wow6432Node\CLSID\{E436EBB3-524F-11CE-9F53-0020AF0BA770}\TreatAs","NAME NOT FOUND","Desired Access: Read"
 "11:26:46.4152159 AM","view-test.exe","24980","RegCloseKey","HKCR\Wow6432Node\CLSID\{E436EBB3-524F-11CE-9F53-0020AF0BA770}","SUCCESS",""
 "11:26:46.4153447 AM","view-test.exe","24980","CreateFile","C:\Windows\SysWOW64\quartz.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
 "11:26:46.4154081 AM","view-test.exe","24980","QueryBasicInformationFile","C:\Windows\SysWOW64\quartz.dll","SUCCESS","CreationTime: 3/12/2015 10:47:28 AM, LastAccessTime: 3/12/2015 10:47:28 AM, LastWriteTime: 2/3/2015 5:12:29 AM, ChangeTime: 3/12/2015 10:51:55 AM, FileAttributes: A"
 "11:26:46.4154183 AM","view-test.exe","24980","CloseFile","C:\Windows\SysWOW64\quartz.dll","SUCCESS",""
 "11:26:46.4154824 AM","view-test.exe","24980","CreateFile","C:\Windows\SysWOW64\quartz.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
 "11:26:46.4155401 AM","view-test.exe","24980","CreateFileMapping","C:\Windows\SysWOW64\quartz.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: "
 "11:26:46.4158384 AM","view-test.exe","24980","CreateFileMapping","C:\Windows\SysWOW64\quartz.dll","SUCCESS","SyncType: SyncTypeOther"
 "11:26:46.4159110 AM","view-test.exe","24980","Load Image","C:\Windows\SysWOW64\quartz.dll","SUCCESS","Image Base: 0x6f580000, Image Size: 0x177000"
 "11:26:46.4159244 AM","view-test.exe","24980","CloseFile","C:\Windows\SysWOW64\quartz.dll","SUCCESS",""
 "11:26:46.4160302 AM","view-test.exe","24980","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
 "11:26:46.4160437 AM","view-test.exe","24980","RegCreateKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Cryptography\RNG","SUCCESS","Desired Access: Query Value"
 "11:26:46.4160607 AM","view-test.exe","24980","RegSetInfoKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Cryptography\RNG","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.4160681 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\Wow6432Node\Microsoft\Cryptography\RNG\Seed","NAME NOT FOUND","Length: 144"
 "11:26:46.4160759 AM","view-test.exe","24980","RegCloseKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Cryptography\RNG","SUCCESS",""
 "11:26:46.4161031 AM","view-test.exe","24980","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
 "11:26:46.4161141 AM","view-test.exe","24980","RegOpenKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\DirectX","SUCCESS","Desired Access: Query Value"
 "11:26:46.4161272 AM","view-test.exe","24980","RegSetInfoKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\DirectX","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.4161336 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\Wow6432Node\Microsoft\DirectX\GlitchInstrumentation","NAME NOT FOUND","Length: 144"
 "11:26:46.4161421 AM","view-test.exe","24980","RegCloseKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\DirectX","SUCCESS",""
 "11:26:46.4161502 AM","view-test.exe","24980","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
 "11:26:46.4161594 AM","view-test.exe","24980","RegOpenKey","HKLM\SOFTWARE\Wow6432Node\Debug\quartz.dll","NAME NOT FOUND","Desired Access: Query Value"
 "11:26:46.4161845 AM","view-test.exe","24980","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: Name"
 "11:26:46.4161930 AM","view-test.exe","24980","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x1"
 "11:26:46.4162005 AM","view-test.exe","24980","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x1"
 "11:26:46.4162104 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Classes\Wow6432Node\CLSID\{79376820-07D0-11CF-A24D-0020AFD79767}","NAME NOT FOUND","Desired Access: Maximum Allowed"
 "11:26:46.4162203 AM","view-test.exe","24980","RegOpenKey","HKCR\Wow6432Node\CLSID\{79376820-07D0-11CF-A24D-0020AFD79767}","SUCCESS","Desired Access: Maximum Allowed, Granted Access: Read"
 "11:26:46.4162288 AM","view-test.exe","24980","RegSetInfoKey","HKCR\Wow6432Node\CLSID\{79376820-07D0-11CF-A24D-0020AFD79767}","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.4162351 AM","view-test.exe","24980","RegCloseKey","HKCR\Wow6432Node\CLSID\{79376820-07D0-11CF-A24D-0020AFD79767}","SUCCESS",""
 "11:26:46.4162422 AM","view-test.exe","24980","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
 "11:26:46.4162511 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Microsoft\Multimedia\ActiveMovie Filters\MPEG Decoder","NAME NOT FOUND","Desired Access: Query Value"
 "11:26:46.4162596 AM","view-test.exe","24980","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
 "11:26:46.4162677 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Microsoft\Multimedia\ActiveMovie Filters\MPEG Decoder","NAME NOT FOUND","Desired Access: Query Value"
 "11:26:46.4163130 AM","view-test.exe","24980","Thread Create","","SUCCESS","Thread ID: 35556"
 "11:26:46.4164924 AM","view-test.exe","24980","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: Name"
 "11:26:46.4165034 AM","view-test.exe","24980","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x1"
 "11:26:46.4165119 AM","view-test.exe","24980","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x1"
 "11:26:46.4165250 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Classes\Wow6432Node\CLSID\{CDA42200-BD88-11D0-BD4E-00A0C911CE86}","NAME NOT FOUND","Desired Access: Read"
 "11:26:46.4165370 AM","view-test.exe","24980","RegOpenKey","HKCR\Wow6432Node\CLSID\{CDA42200-BD88-11D0-BD4E-00A0C911CE86}","SUCCESS","Desired Access: Read"
 "11:26:46.4165469 AM","view-test.exe","24980","RegSetInfoKey","HKCR\Wow6432Node\CLSID\{CDA42200-BD88-11D0-BD4E-00A0C911CE86}","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.4165526 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{CDA42200-BD88-11D0-BD4E-00A0C911CE86}","SUCCESS","Query: Name"
 "11:26:46.4165604 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{CDA42200-BD88-11D0-BD4E-00A0C911CE86}","SUCCESS","Query: HandleTags, HandleTags: 0x401"
 "11:26:46.4165745 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Classes\Wow6432Node\CLSID\{CDA42200-BD88-11D0-BD4E-00A0C911CE86}\TreatAs","NAME NOT FOUND","Desired Access: Query Value"
 "11:26:46.4165823 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{CDA42200-BD88-11D0-BD4E-00A0C911CE86}","SUCCESS","Query: HandleTags, HandleTags: 0x401"
 "11:26:46.4165901 AM","view-test.exe","24980","RegOpenKey","HKCR\Wow6432Node\CLSID\{CDA42200-BD88-11D0-BD4E-00A0C911CE86}\TreatAs","NAME NOT FOUND","Desired Access: Query Value"
 "11:26:46.4166025 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{CDA42200-BD88-11D0-BD4E-00A0C911CE86}","BUFFER TOO SMALL","Query: Name, Length: 0"
 "11:26:46.4166078 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{CDA42200-BD88-11D0-BD4E-00A0C911CE86}","SUCCESS","Query: Name"
 "11:26:46.4166152 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{CDA42200-BD88-11D0-BD4E-00A0C911CE86}","SUCCESS","Query: Name"
 "11:26:46.4166223 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{CDA42200-BD88-11D0-BD4E-00A0C911CE86}","SUCCESS","Query: HandleTags, HandleTags: 0x401"
 "11:26:46.4166340 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Classes\Wow6432Node\CLSID\{CDA42200-BD88-11D0-BD4E-00A0C911CE86}\Progid","NAME NOT FOUND","Desired Access: Query Value"
 "11:26:46.4166414 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{CDA42200-BD88-11D0-BD4E-00A0C911CE86}","SUCCESS","Query: HandleTags, HandleTags: 0x401"
 "11:26:46.4166488 AM","view-test.exe","24980","RegOpenKey","HKCR\Wow6432Node\CLSID\{CDA42200-BD88-11D0-BD4E-00A0C911CE86}\Progid","NAME NOT FOUND","Desired Access: Query Value"
 "11:26:46.4166587 AM","view-test.exe","24980","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: Name"
 "11:26:46.4166669 AM","view-test.exe","24980","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x1"
 "11:26:46.4166743 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Classes\CLSID\{CDA42200-BD88-11D0-BD4E-00A0C911CE86}","NAME NOT FOUND","Desired Access: Read"
 "11:26:46.4166814 AM","view-test.exe","24980","RegOpenKey","HKCR\CLSID\{CDA42200-BD88-11D0-BD4E-00A0C911CE86}","SUCCESS","Desired Access: Read"
 "11:26:46.4166899 AM","view-test.exe","24980","RegSetInfoKey","HKCR\CLSID\{CDA42200-BD88-11D0-BD4E-00A0C911CE86}","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.4166948 AM","view-test.exe","24980","RegQueryKey","HKCR\CLSID\{CDA42200-BD88-11D0-BD4E-00A0C911CE86}","SUCCESS","Query: Name"
 "11:26:46.4167023 AM","view-test.exe","24980","RegQueryKey","HKCR\CLSID\{CDA42200-BD88-11D0-BD4E-00A0C911CE86}","SUCCESS","Query: HandleTags, HandleTags: 0x100"
 "11:26:46.4167125 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Classes\CLSID\{CDA42200-BD88-11D0-BD4E-00A0C911CE86}\Progid","NAME NOT FOUND","Desired Access: Query Value"
 "11:26:46.4167196 AM","view-test.exe","24980","RegQueryKey","HKCR\CLSID\{CDA42200-BD88-11D0-BD4E-00A0C911CE86}","SUCCESS","Query: HandleTags, HandleTags: 0x100"
 "11:26:46.4167271 AM","view-test.exe","24980","RegOpenKey","HKCR\CLSID\{CDA42200-BD88-11D0-BD4E-00A0C911CE86}\Progid","NAME NOT FOUND","Desired Access: Query Value"
 "11:26:46.4167380 AM","view-test.exe","24980","RegCloseKey","HKCR\CLSID\{CDA42200-BD88-11D0-BD4E-00A0C911CE86}","SUCCESS",""
 "11:26:46.4167437 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{CDA42200-BD88-11D0-BD4E-00A0C911CE86}","SUCCESS","Query: Name"
 "11:26:46.4167508 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{CDA42200-BD88-11D0-BD4E-00A0C911CE86}","SUCCESS","Query: HandleTags, HandleTags: 0x401"
 "11:26:46.4167621 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Classes\Wow6432Node\CLSID\{CDA42200-BD88-11D0-BD4E-00A0C911CE86}","NAME NOT FOUND","Desired Access: Maximum Allowed"
 "11:26:46.4167692 AM","view-test.exe","24980","RegQueryValue","HKCR\Wow6432Node\CLSID\{CDA42200-BD88-11D0-BD4E-00A0C911CE86}\(Default)","SUCCESS","Type: REG_SZ, Length: 30, Data: Filter Mapper2"
 "11:26:46.4167777 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{CDA42200-BD88-11D0-BD4E-00A0C911CE86}","SUCCESS","Query: Name"
 "11:26:46.4167844 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{CDA42200-BD88-11D0-BD4E-00A0C911CE86}","SUCCESS","Query: HandleTags, HandleTags: 0x401"
 "11:26:46.4167950 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Classes\Wow6432Node\CLSID\{CDA42200-BD88-11D0-BD4E-00A0C911CE86}","NAME NOT FOUND","Desired Access: Maximum Allowed"
 "11:26:46.4168014 AM","view-test.exe","24980","RegQueryValue","HKCR\Wow6432Node\CLSID\{CDA42200-BD88-11D0-BD4E-00A0C911CE86}\(Default)","SUCCESS","Type: REG_SZ, Length: 30, Data: Filter Mapper2"
 "11:26:46.4168092 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{CDA42200-BD88-11D0-BD4E-00A0C911CE86}","SUCCESS","Query: Name"
 "11:26:46.4168162 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{CDA42200-BD88-11D0-BD4E-00A0C911CE86}","SUCCESS","Query: HandleTags, HandleTags: 0x401"
 "11:26:46.4168272 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Classes\Wow6432Node\CLSID\{CDA42200-BD88-11D0-BD4E-00A0C911CE86}\InprocServer32","NAME NOT FOUND","Desired Access: Read"
 "11:26:46.4168346 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{CDA42200-BD88-11D0-BD4E-00A0C911CE86}","SUCCESS","Query: HandleTags, HandleTags: 0x401"
 "11:26:46.4168421 AM","view-test.exe","24980","RegOpenKey","HKCR\Wow6432Node\CLSID\{CDA42200-BD88-11D0-BD4E-00A0C911CE86}\InprocServer32","SUCCESS","Desired Access: Read"
 "11:26:46.4168495 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{CDA42200-BD88-11D0-BD4E-00A0C911CE86}\InprocServer32","SUCCESS","Query: Name"
 "11:26:46.4168569 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{CDA42200-BD88-11D0-BD4E-00A0C911CE86}\InprocServer32","SUCCESS","Query: HandleTags, HandleTags: 0x401"
 "11:26:46.4168676 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Classes\Wow6432Node\CLSID\{CDA42200-BD88-11D0-BD4E-00A0C911CE86}\InprocServer32","NAME NOT FOUND","Desired Access: Maximum Allowed"
 "11:26:46.4168743 AM","view-test.exe","24980","RegQueryValue","HKCR\Wow6432Node\CLSID\{CDA42200-BD88-11D0-BD4E-00A0C911CE86}\InprocServer32\InprocServer32","NAME NOT FOUND","Length: 144"
 "11:26:46.4168803 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{CDA42200-BD88-11D0-BD4E-00A0C911CE86}\InprocServer32","SUCCESS","Query: Name"
 "11:26:46.4168874 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{CDA42200-BD88-11D0-BD4E-00A0C911CE86}\InprocServer32","SUCCESS","Query: HandleTags, HandleTags: 0x401"
 "11:26:46.4168976 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Classes\Wow6432Node\CLSID\{CDA42200-BD88-11D0-BD4E-00A0C911CE86}\InprocServer32","NAME NOT FOUND","Desired Access: Maximum Allowed"
 "11:26:46.4169040 AM","view-test.exe","24980","RegQueryValue","HKCR\Wow6432Node\CLSID\{CDA42200-BD88-11D0-BD4E-00A0C911CE86}\InprocServer32\(Default)","SUCCESS","Type: REG_SZ, Length: 62, Data: C:\Windows\SysWOW64\quartz.dll"
 "11:26:46.4169114 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{CDA42200-BD88-11D0-BD4E-00A0C911CE86}\InprocServer32","SUCCESS","Query: Name"
 "11:26:46.4169182 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{CDA42200-BD88-11D0-BD4E-00A0C911CE86}\InprocServer32","SUCCESS","Query: HandleTags, HandleTags: 0x401"
 "11:26:46.4169284 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Classes\Wow6432Node\CLSID\{CDA42200-BD88-11D0-BD4E-00A0C911CE86}\InprocServer32","NAME NOT FOUND","Desired Access: Maximum Allowed"
 "11:26:46.4169344 AM","view-test.exe","24980","RegQueryValue","HKCR\Wow6432Node\CLSID\{CDA42200-BD88-11D0-BD4E-00A0C911CE86}\InprocServer32\(Default)","SUCCESS","Type: REG_SZ, Length: 62, Data: C:\Windows\SysWOW64\quartz.dll"
 "11:26:46.4169422 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{CDA42200-BD88-11D0-BD4E-00A0C911CE86}\InprocServer32","SUCCESS","Query: Name"
 "11:26:46.4169489 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{CDA42200-BD88-11D0-BD4E-00A0C911CE86}\InprocServer32","SUCCESS","Query: HandleTags, HandleTags: 0x401"
 "11:26:46.4169592 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Classes\Wow6432Node\CLSID\{CDA42200-BD88-11D0-BD4E-00A0C911CE86}\InprocServer32","NAME NOT FOUND","Desired Access: Maximum Allowed"
 "11:26:46.4169656 AM","view-test.exe","24980","RegQueryValue","HKCR\Wow6432Node\CLSID\{CDA42200-BD88-11D0-BD4E-00A0C911CE86}\InprocServer32\ThreadingModel","SUCCESS","Type: REG_SZ, Length: 10, Data: Both"
 "11:26:46.4169744 AM","view-test.exe","24980","RegCloseKey","HKCR\Wow6432Node\CLSID\{CDA42200-BD88-11D0-BD4E-00A0C911CE86}\InprocServer32","SUCCESS",""
 "11:26:46.4169794 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{CDA42200-BD88-11D0-BD4E-00A0C911CE86}","SUCCESS","Query: Name"
 "11:26:46.4169865 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{CDA42200-BD88-11D0-BD4E-00A0C911CE86}","SUCCESS","Query: HandleTags, HandleTags: 0x401"
 "11:26:46.4169971 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Classes\Wow6432Node\CLSID\{CDA42200-BD88-11D0-BD4E-00A0C911CE86}\InprocHandler32","NAME NOT FOUND","Desired Access: Query Value"
 "11:26:46.4170042 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{CDA42200-BD88-11D0-BD4E-00A0C911CE86}","SUCCESS","Query: HandleTags, HandleTags: 0x401"
 "11:26:46.4170112 AM","view-test.exe","24980","RegOpenKey","HKCR\Wow6432Node\CLSID\{CDA42200-BD88-11D0-BD4E-00A0C911CE86}\InprocHandler32","NAME NOT FOUND","Desired Access: Query Value"
 "11:26:46.4170211 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{CDA42200-BD88-11D0-BD4E-00A0C911CE86}","SUCCESS","Query: Name"
 "11:26:46.4170279 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{CDA42200-BD88-11D0-BD4E-00A0C911CE86}","SUCCESS","Query: HandleTags, HandleTags: 0x401"
 "11:26:46.4170385 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Classes\Wow6432Node\CLSID\{CDA42200-BD88-11D0-BD4E-00A0C911CE86}\InprocHandler","NAME NOT FOUND","Desired Access: Query Value"
 "11:26:46.4170452 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{CDA42200-BD88-11D0-BD4E-00A0C911CE86}","SUCCESS","Query: HandleTags, HandleTags: 0x401"
 "11:26:46.4170523 AM","view-test.exe","24980","RegOpenKey","HKCR\Wow6432Node\CLSID\{CDA42200-BD88-11D0-BD4E-00A0C911CE86}\InprocHandler","NAME NOT FOUND","Desired Access: Query Value"
 "11:26:46.4170633 AM","view-test.exe","24980","RegCloseKey","HKCR\Wow6432Node\CLSID\{CDA42200-BD88-11D0-BD4E-00A0C911CE86}","SUCCESS",""
 "11:26:46.4171022 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Classes","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
 "11:26:46.4171096 AM","view-test.exe","24980","RegSetInfoKey","HKCU\Software\Classes","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.4171156 AM","view-test.exe","24980","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: Name"
 "11:26:46.4171234 AM","view-test.exe","24980","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x1"
 "11:26:46.4171305 AM","view-test.exe","24980","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x1"
 "11:26:46.4171393 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Classes\Wow6432Node\CLSID\{CDA42200-BD88-11D0-BD4E-00A0C911CE86}","NAME NOT FOUND","Desired Access: Read"
 "11:26:46.4171482 AM","view-test.exe","24980","RegOpenKey","HKCR\Wow6432Node\CLSID\{CDA42200-BD88-11D0-BD4E-00A0C911CE86}","SUCCESS","Desired Access: Read"
 "11:26:46.4171549 AM","view-test.exe","24980","RegSetInfoKey","HKCR\Wow6432Node\CLSID\{CDA42200-BD88-11D0-BD4E-00A0C911CE86}","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.4171609 AM","view-test.exe","24980","RegCloseKey","HKCU\Software\Classes","SUCCESS",""
 "11:26:46.4171659 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{CDA42200-BD88-11D0-BD4E-00A0C911CE86}","SUCCESS","Query: Name"
 "11:26:46.4171730 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{CDA42200-BD88-11D0-BD4E-00A0C911CE86}","SUCCESS","Query: HandleTags, HandleTags: 0x401"
 "11:26:46.4171839 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Classes\Wow6432Node\CLSID\{CDA42200-BD88-11D0-BD4E-00A0C911CE86}\TreatAs","NAME NOT FOUND","Desired Access: Read"
 "11:26:46.4171907 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{CDA42200-BD88-11D0-BD4E-00A0C911CE86}","SUCCESS","Query: HandleTags, HandleTags: 0x401"
 "11:26:46.4171977 AM","view-test.exe","24980","RegOpenKey","HKCR\Wow6432Node\CLSID\{CDA42200-BD88-11D0-BD4E-00A0C911CE86}\TreatAs","NAME NOT FOUND","Desired Access: Read"
 "11:26:46.4172084 AM","view-test.exe","24980","RegCloseKey","HKCR\Wow6432Node\CLSID\{CDA42200-BD88-11D0-BD4E-00A0C911CE86}","SUCCESS",""
 "11:26:46.4172236 AM","view-test.exe","24980","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
 "11:26:46.4172321 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Microsoft\DirectShow\PushClock","NAME NOT FOUND","Desired Access: Read"
 "11:26:46.4191523 AM","view-test.exe","24980","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
 "11:26:46.4191675 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{65e8773d-8f56-11d0-a3b9-00a0c9223196}","REPARSE","Desired Access: Query Value"
 "11:26:46.4191803 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{65e8773d-8f56-11d0-a3b9-00a0c9223196}","SUCCESS","Desired Access: Query Value"
 "11:26:46.4191902 AM","view-test.exe","24980","RegSetInfoKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{65E8773D-8F56-11D0-A3B9-00A0C9223196}","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.4191976 AM","view-test.exe","24980","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{65E8773D-8F56-11D0-A3B9-00A0C9223196}","SUCCESS","Query: HandleTags, HandleTags: 0x400"
 "11:26:46.4192058 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{65E8773D-8F56-11D0-A3B9-00A0C9223196}\##?#usb#vid_0c45&pid_64d0&mi_00#7&c511da5&0&0000#{65e8773d-8f56-11d0-a3b9-00a0c9223196}\#global\Device Parameters","SUCCESS","Desired Access: Read"
 "11:26:46.4192164 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{65E8773D-8F56-11D0-A3B9-00A0C9223196}","SUCCESS",""
 "11:26:46.4192348 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Control\DeviceClasses\{65E8773D-8F56-11D0-A3B9-00A0C9223196}\##?#USB#VID_0C45&PID_64D0&MI_00#7&C511DA5&0&0000#{65e8773d-8f56-11d0-a3b9-00a0c9223196}\#GLOBAL\Device Parameters\CLSID","SUCCESS","Type: REG_SZ, Length: 78, Data: {17CCA71B-ECD7-11D0-B908-00A0C9223196}"
 "11:26:46.4192461 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{65E8773D-8F56-11D0-A3B9-00A0C9223196}\##?#USB#VID_0C45&PID_64D0&MI_00#7&C511DA5&0&0000#{65e8773d-8f56-11d0-a3b9-00a0c9223196}\#GLOBAL\Device Parameters","SUCCESS",""
 "11:26:46.4192684 AM","view-test.exe","24980","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: Name"
 "11:26:46.4192772 AM","view-test.exe","24980","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x1"
 "11:26:46.4192850 AM","view-test.exe","24980","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x1"
 "11:26:46.4192953 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Classes\Wow6432Node\CLSID\{17CCA71B-ECD7-11D0-B908-00A0C9223196}","NAME NOT FOUND","Desired Access: Read"
 "11:26:46.4193059 AM","view-test.exe","24980","RegOpenKey","HKCR\Wow6432Node\CLSID\{17CCA71B-ECD7-11D0-B908-00A0C9223196}","SUCCESS","Desired Access: Read"
 "11:26:46.4193155 AM","view-test.exe","24980","RegSetInfoKey","HKCR\Wow6432Node\CLSID\{17CCA71B-ECD7-11D0-B908-00A0C9223196}","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.4193208 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{17CCA71B-ECD7-11D0-B908-00A0C9223196}","SUCCESS","Query: Name"
 "11:26:46.4193289 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{17CCA71B-ECD7-11D0-B908-00A0C9223196}","SUCCESS","Query: HandleTags, HandleTags: 0x401"
 "11:26:46.4193427 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Classes\Wow6432Node\CLSID\{17CCA71B-ECD7-11D0-B908-00A0C9223196}\TreatAs","NAME NOT FOUND","Desired Access: Query Value"
 "11:26:46.4193505 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{17CCA71B-ECD7-11D0-B908-00A0C9223196}","SUCCESS","Query: HandleTags, HandleTags: 0x401"
 "11:26:46.4193583 AM","view-test.exe","24980","RegOpenKey","HKCR\Wow6432Node\CLSID\{17CCA71B-ECD7-11D0-B908-00A0C9223196}\TreatAs","NAME NOT FOUND","Desired Access: Query Value"
 "11:26:46.4193724 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{17CCA71B-ECD7-11D0-B908-00A0C9223196}","BUFFER TOO SMALL","Query: Name, Length: 0"
 "11:26:46.4193778 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{17CCA71B-ECD7-11D0-B908-00A0C9223196}","SUCCESS","Query: Name"
 "11:26:46.4193855 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{17CCA71B-ECD7-11D0-B908-00A0C9223196}","SUCCESS","Query: Name"
 "11:26:46.4193926 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{17CCA71B-ECD7-11D0-B908-00A0C9223196}","SUCCESS","Query: HandleTags, HandleTags: 0x401"
 "11:26:46.4194043 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Classes\Wow6432Node\CLSID\{17CCA71B-ECD7-11D0-B908-00A0C9223196}\Progid","NAME NOT FOUND","Desired Access: Query Value"
 "11:26:46.4194121 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{17CCA71B-ECD7-11D0-B908-00A0C9223196}","SUCCESS","Query: HandleTags, HandleTags: 0x401"
 "11:26:46.4194195 AM","view-test.exe","24980","RegOpenKey","HKCR\Wow6432Node\CLSID\{17CCA71B-ECD7-11D0-B908-00A0C9223196}\Progid","NAME NOT FOUND","Desired Access: Query Value"
 "11:26:46.4194301 AM","view-test.exe","24980","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: Name"
 "11:26:46.4194386 AM","view-test.exe","24980","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x1"
 "11:26:46.4194457 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Classes\CLSID\{17CCA71B-ECD7-11D0-B908-00A0C9223196}","NAME NOT FOUND","Desired Access: Read"
 "11:26:46.4194535 AM","view-test.exe","24980","RegOpenKey","HKCR\CLSID\{17CCA71B-ECD7-11D0-B908-00A0C9223196}","SUCCESS","Desired Access: Read"
 "11:26:46.4194613 AM","view-test.exe","24980","RegSetInfoKey","HKCR\CLSID\{17CCA71B-ECD7-11D0-B908-00A0C9223196}","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.4194662 AM","view-test.exe","24980","RegQueryKey","HKCR\CLSID\{17CCA71B-ECD7-11D0-B908-00A0C9223196}","SUCCESS","Query: Name"
 "11:26:46.4194740 AM","view-test.exe","24980","RegQueryKey","HKCR\CLSID\{17CCA71B-ECD7-11D0-B908-00A0C9223196}","SUCCESS","Query: HandleTags, HandleTags: 0x100"
 "11:26:46.4194846 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Classes\CLSID\{17CCA71B-ECD7-11D0-B908-00A0C9223196}\Progid","NAME NOT FOUND","Desired Access: Query Value"
 "11:26:46.4194917 AM","view-test.exe","24980","RegQueryKey","HKCR\CLSID\{17CCA71B-ECD7-11D0-B908-00A0C9223196}","SUCCESS","Query: HandleTags, HandleTags: 0x100"
 "11:26:46.4194991 AM","view-test.exe","24980","RegOpenKey","HKCR\CLSID\{17CCA71B-ECD7-11D0-B908-00A0C9223196}\Progid","NAME NOT FOUND","Desired Access: Query Value"
 "11:26:46.4195108 AM","view-test.exe","24980","RegCloseKey","HKCR\CLSID\{17CCA71B-ECD7-11D0-B908-00A0C9223196}","SUCCESS",""
 "11:26:46.4195165 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{17CCA71B-ECD7-11D0-B908-00A0C9223196}","SUCCESS","Query: Name"
 "11:26:46.4195239 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{17CCA71B-ECD7-11D0-B908-00A0C9223196}","SUCCESS","Query: HandleTags, HandleTags: 0x401"
 "11:26:46.4195352 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Classes\Wow6432Node\CLSID\{17CCA71B-ECD7-11D0-B908-00A0C9223196}","NAME NOT FOUND","Desired Access: Maximum Allowed"
 "11:26:46.4195427 AM","view-test.exe","24980","RegQueryValue","HKCR\Wow6432Node\CLSID\{17CCA71B-ECD7-11D0-B908-00A0C9223196}\(Default)","SUCCESS","Type: REG_SZ, Length: 50, Data: Generic WDM Filter Proxy"
 "11:26:46.4195508 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{17CCA71B-ECD7-11D0-B908-00A0C9223196}","SUCCESS","Query: Name"
 "11:26:46.4195579 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{17CCA71B-ECD7-11D0-B908-00A0C9223196}","SUCCESS","Query: HandleTags, HandleTags: 0x401"
 "11:26:46.4195689 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Classes\Wow6432Node\CLSID\{17CCA71B-ECD7-11D0-B908-00A0C9223196}","NAME NOT FOUND","Desired Access: Maximum Allowed"
 "11:26:46.4195752 AM","view-test.exe","24980","RegQueryValue","HKCR\Wow6432Node\CLSID\{17CCA71B-ECD7-11D0-B908-00A0C9223196}\(Default)","SUCCESS","Type: REG_SZ, Length: 50, Data: Generic WDM Filter Proxy"
 "11:26:46.4195834 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{17CCA71B-ECD7-11D0-B908-00A0C9223196}","SUCCESS","Query: Name"
 "11:26:46.4195904 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{17CCA71B-ECD7-11D0-B908-00A0C9223196}","SUCCESS","Query: HandleTags, HandleTags: 0x401"
 "11:26:46.4196014 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Classes\Wow6432Node\CLSID\{17CCA71B-ECD7-11D0-B908-00A0C9223196}\InprocServer32","NAME NOT FOUND","Desired Access: Read"
 "11:26:46.4196092 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{17CCA71B-ECD7-11D0-B908-00A0C9223196}","SUCCESS","Query: HandleTags, HandleTags: 0x401"
 "11:26:46.4196177 AM","view-test.exe","24980","RegOpenKey","HKCR\Wow6432Node\CLSID\{17CCA71B-ECD7-11D0-B908-00A0C9223196}\InprocServer32","SUCCESS","Desired Access: Read"
 "11:26:46.4196248 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{17CCA71B-ECD7-11D0-B908-00A0C9223196}\InprocServer32","SUCCESS","Query: Name"
 "11:26:46.4196326 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{17CCA71B-ECD7-11D0-B908-00A0C9223196}\InprocServer32","SUCCESS","Query: HandleTags, HandleTags: 0x401"
 "11:26:46.4196453 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Classes\Wow6432Node\CLSID\{17CCA71B-ECD7-11D0-B908-00A0C9223196}\InprocServer32","NAME NOT FOUND","Desired Access: Maximum Allowed"
 "11:26:46.4196538 AM","view-test.exe","24980","RegQueryValue","HKCR\Wow6432Node\CLSID\{17CCA71B-ECD7-11D0-B908-00A0C9223196}\InprocServer32\InprocServer32","NAME NOT FOUND","Length: 144"
 "11:26:46.4196602 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{17CCA71B-ECD7-11D0-B908-00A0C9223196}\InprocServer32","SUCCESS","Query: Name"
 "11:26:46.4196676 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{17CCA71B-ECD7-11D0-B908-00A0C9223196}\InprocServer32","SUCCESS","Query: HandleTags, HandleTags: 0x401"
 "11:26:46.4196786 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Classes\Wow6432Node\CLSID\{17CCA71B-ECD7-11D0-B908-00A0C9223196}\InprocServer32","NAME NOT FOUND","Desired Access: Maximum Allowed"
 "11:26:46.4196849 AM","view-test.exe","24980","RegQueryValue","HKCR\Wow6432Node\CLSID\{17CCA71B-ECD7-11D0-B908-00A0C9223196}\InprocServer32\(Default)","SUCCESS","Type: REG_SZ, Length: 62, Data: C:\Windows\SysWOW64\ksproxy.ax"
 "11:26:46.4196924 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{17CCA71B-ECD7-11D0-B908-00A0C9223196}\InprocServer32","SUCCESS","Query: Name"
 "11:26:46.4196995 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{17CCA71B-ECD7-11D0-B908-00A0C9223196}\InprocServer32","SUCCESS","Query: HandleTags, HandleTags: 0x401"
 "11:26:46.4197097 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Classes\Wow6432Node\CLSID\{17CCA71B-ECD7-11D0-B908-00A0C9223196}\InprocServer32","NAME NOT FOUND","Desired Access: Maximum Allowed"
 "11:26:46.4197161 AM","view-test.exe","24980","RegQueryValue","HKCR\Wow6432Node\CLSID\{17CCA71B-ECD7-11D0-B908-00A0C9223196}\InprocServer32\(Default)","SUCCESS","Type: REG_SZ, Length: 62, Data: C:\Windows\SysWOW64\ksproxy.ax"
 "11:26:46.4197235 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{17CCA71B-ECD7-11D0-B908-00A0C9223196}\InprocServer32","SUCCESS","Query: Name"
 "11:26:46.4197309 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{17CCA71B-ECD7-11D0-B908-00A0C9223196}\InprocServer32","SUCCESS","Query: HandleTags, HandleTags: 0x401"
 "11:26:46.4197412 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Classes\Wow6432Node\CLSID\{17CCA71B-ECD7-11D0-B908-00A0C9223196}\InprocServer32","NAME NOT FOUND","Desired Access: Maximum Allowed"
 "11:26:46.4197476 AM","view-test.exe","24980","RegQueryValue","HKCR\Wow6432Node\CLSID\{17CCA71B-ECD7-11D0-B908-00A0C9223196}\InprocServer32\ThreadingModel","SUCCESS","Type: REG_SZ, Length: 10, Data: Both"
 "11:26:46.4197568 AM","view-test.exe","24980","RegCloseKey","HKCR\Wow6432Node\CLSID\{17CCA71B-ECD7-11D0-B908-00A0C9223196}\InprocServer32","SUCCESS",""
 "11:26:46.4197621 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{17CCA71B-ECD7-11D0-B908-00A0C9223196}","SUCCESS","Query: Name"
 "11:26:46.4197695 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{17CCA71B-ECD7-11D0-B908-00A0C9223196}","SUCCESS","Query: HandleTags, HandleTags: 0x401"
 "11:26:46.4197798 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Classes\Wow6432Node\CLSID\{17CCA71B-ECD7-11D0-B908-00A0C9223196}\InprocHandler32","NAME NOT FOUND","Desired Access: Query Value"
 "11:26:46.4197872 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{17CCA71B-ECD7-11D0-B908-00A0C9223196}","SUCCESS","Query: HandleTags, HandleTags: 0x401"
 "11:26:46.4197943 AM","view-test.exe","24980","RegOpenKey","HKCR\Wow6432Node\CLSID\{17CCA71B-ECD7-11D0-B908-00A0C9223196}\InprocHandler32","NAME NOT FOUND","Desired Access: Query Value"
 "11:26:46.4198053 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{17CCA71B-ECD7-11D0-B908-00A0C9223196}","SUCCESS","Query: Name"
 "11:26:46.4198123 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{17CCA71B-ECD7-11D0-B908-00A0C9223196}","SUCCESS","Query: HandleTags, HandleTags: 0x401"
 "11:26:46.4198230 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Classes\Wow6432Node\CLSID\{17CCA71B-ECD7-11D0-B908-00A0C9223196}\InprocHandler","NAME NOT FOUND","Desired Access: Query Value"
 "11:26:46.4198300 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{17CCA71B-ECD7-11D0-B908-00A0C9223196}","SUCCESS","Query: HandleTags, HandleTags: 0x401"
 "11:26:46.4198375 AM","view-test.exe","24980","RegOpenKey","HKCR\Wow6432Node\CLSID\{17CCA71B-ECD7-11D0-B908-00A0C9223196}\InprocHandler","NAME NOT FOUND","Desired Access: Query Value"
 "11:26:46.4198477 AM","view-test.exe","24980","RegCloseKey","HKCR\Wow6432Node\CLSID\{17CCA71B-ECD7-11D0-B908-00A0C9223196}","SUCCESS",""
 "11:26:46.4198732 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Classes","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
 "11:26:46.4198810 AM","view-test.exe","24980","RegSetInfoKey","HKCU\Software\Classes","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.4198870 AM","view-test.exe","24980","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: Name"
 "11:26:46.4198952 AM","view-test.exe","24980","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x1"
 "11:26:46.4199022 AM","view-test.exe","24980","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x1"
 "11:26:46.4199114 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Classes\Wow6432Node\CLSID\{17CCA71B-ECD7-11D0-B908-00A0C9223196}","NAME NOT FOUND","Desired Access: Read"
 "11:26:46.4199199 AM","view-test.exe","24980","RegOpenKey","HKCR\Wow6432Node\CLSID\{17CCA71B-ECD7-11D0-B908-00A0C9223196}","SUCCESS","Desired Access: Read"
 "11:26:46.4199277 AM","view-test.exe","24980","RegSetInfoKey","HKCR\Wow6432Node\CLSID\{17CCA71B-ECD7-11D0-B908-00A0C9223196}","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.4199334 AM","view-test.exe","24980","RegCloseKey","HKCU\Software\Classes","SUCCESS",""
 "11:26:46.4199387 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{17CCA71B-ECD7-11D0-B908-00A0C9223196}","SUCCESS","Query: Name"
 "11:26:46.4199461 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{17CCA71B-ECD7-11D0-B908-00A0C9223196}","SUCCESS","Query: HandleTags, HandleTags: 0x401"
 "11:26:46.4199571 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Classes\Wow6432Node\CLSID\{17CCA71B-ECD7-11D0-B908-00A0C9223196}\TreatAs","NAME NOT FOUND","Desired Access: Read"
 "11:26:46.4199642 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{17CCA71B-ECD7-11D0-B908-00A0C9223196}","SUCCESS","Query: HandleTags, HandleTags: 0x401"
 "11:26:46.4199716 AM","view-test.exe","24980","RegOpenKey","HKCR\Wow6432Node\CLSID\{17CCA71B-ECD7-11D0-B908-00A0C9223196}\TreatAs","NAME NOT FOUND","Desired Access: Read"
 "11:26:46.4199826 AM","view-test.exe","24980","RegCloseKey","HKCR\Wow6432Node\CLSID\{17CCA71B-ECD7-11D0-B908-00A0C9223196}","SUCCESS",""
 "11:26:46.4201365 AM","view-test.exe","24980","CreateFile","C:\Windows\SysWOW64\ksproxy.ax","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
 "11:26:46.4202020 AM","view-test.exe","24980","QueryBasicInformationFile","C:\Windows\SysWOW64\ksproxy.ax","SUCCESS","CreationTime: 11/21/2010 5:24:32 AM, LastAccessTime: 11/21/2010 5:24:32 AM, LastWriteTime: 11/21/2010 5:24:32 AM, ChangeTime: 12/5/2014 3:15:59 PM, FileAttributes: A"
 "11:26:46.4202130 AM","view-test.exe","24980","CloseFile","C:\Windows\SysWOW64\ksproxy.ax","SUCCESS",""
 "11:26:46.4202841 AM","view-test.exe","24980","CreateFile","C:\Windows\SysWOW64\ksproxy.ax","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
 "11:26:46.4203439 AM","view-test.exe","24980","CreateFileMapping","C:\Windows\SysWOW64\ksproxy.ax","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: "
 "11:26:46.4203811 AM","view-test.exe","24980","CreateFileMapping","C:\Windows\SysWOW64\ksproxy.ax","SUCCESS","SyncType: SyncTypeOther"
 "11:26:46.4204710 AM","view-test.exe","24980","Load Image","C:\Windows\SysWOW64\ksproxy.ax","SUCCESS","Image Base: 0x72d90000, Image Size: 0x33000"
 "11:26:46.4204851 AM","view-test.exe","24980","CloseFile","C:\Windows\SysWOW64\ksproxy.ax","SUCCESS",""
 "11:26:46.4206582 AM","view-test.exe","24980","CreateFile","C:\Windows\SysWOW64\ksuser.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
 "11:26:46.4207162 AM","view-test.exe","24980","QueryBasicInformationFile","C:\Windows\SysWOW64\ksuser.dll","SUCCESS","CreationTime: 7/14/2009 2:03:16 AM, LastAccessTime: 7/14/2009 2:03:16 AM, LastWriteTime: 7/14/2009 3:15:35 AM, ChangeTime: 12/5/2014 3:15:59 PM, FileAttributes: A"
 "11:26:46.4207261 AM","view-test.exe","24980","CloseFile","C:\Windows\SysWOW64\ksuser.dll","SUCCESS",""
 "11:26:46.4207891 AM","view-test.exe","24980","CreateFile","C:\Windows\SysWOW64\ksuser.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
 "11:26:46.4208468 AM","view-test.exe","24980","CreateFileMapping","C:\Windows\SysWOW64\ksuser.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: "
 "11:26:46.4208801 AM","view-test.exe","24980","CreateFileMapping","C:\Windows\SysWOW64\ksuser.dll","SUCCESS","SyncType: SyncTypeOther"
 "11:26:46.4209455 AM","view-test.exe","24980","Load Image","C:\Windows\SysWOW64\ksuser.dll","SUCCESS","Image Base: 0x734d0000, Image Size: 0x4000"
 "11:26:46.4209572 AM","view-test.exe","24980","CloseFile","C:\Windows\SysWOW64\ksuser.dll","SUCCESS",""
 "11:26:46.4210970 AM","view-test.exe","24980","CreateFile","C:\Windows\SysWOW64\d3d9.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
 "11:26:46.4211547 AM","view-test.exe","24980","QueryBasicInformationFile","C:\Windows\SysWOW64\d3d9.dll","SUCCESS","CreationTime: 11/21/2010 5:24:23 AM, LastAccessTime: 11/21/2010 5:24:23 AM, LastWriteTime: 11/21/2010 5:24:23 AM, ChangeTime: 12/5/2014 3:15:50 PM, FileAttributes: A"
 "11:26:46.4211642 AM","view-test.exe","24980","CloseFile","C:\Windows\SysWOW64\d3d9.dll","SUCCESS",""
 "11:26:46.4212272 AM","view-test.exe","24980","CreateFile","C:\Windows\SysWOW64\d3d9.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
 "11:26:46.4212839 AM","view-test.exe","24980","CreateFileMapping","C:\Windows\SysWOW64\d3d9.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: "
 "11:26:46.4213185 AM","view-test.exe","24980","CreateFileMapping","C:\Windows\SysWOW64\d3d9.dll","SUCCESS","SyncType: SyncTypeOther"
 "11:26:46.4213833 AM","view-test.exe","24980","Load Image","C:\Windows\SysWOW64\d3d9.dll","SUCCESS","Image Base: 0x711a0000, Image Size: 0x1c3000"
 "11:26:46.4213960 AM","view-test.exe","24980","CloseFile","C:\Windows\SysWOW64\d3d9.dll","SUCCESS",""
 "11:26:46.4215553 AM","view-test.exe","24980","CreateFile","C:\Windows\SysWOW64\d3d8thk.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
 "11:26:46.4216126 AM","view-test.exe","24980","QueryBasicInformationFile","C:\Windows\SysWOW64\d3d8thk.dll","SUCCESS","CreationTime: 7/14/2009 1:27:46 AM, LastAccessTime: 7/14/2009 1:27:46 AM, LastWriteTime: 7/14/2009 3:15:08 AM, ChangeTime: 12/5/2014 3:15:50 PM, FileAttributes: A"
 "11:26:46.4216282 AM","view-test.exe","24980","CloseFile","C:\Windows\SysWOW64\d3d8thk.dll","SUCCESS",""
 "11:26:46.4217153 AM","view-test.exe","24980","CreateFile","C:\Windows\SysWOW64\d3d8thk.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
 "11:26:46.4217744 AM","view-test.exe","24980","CreateFileMapping","C:\Windows\SysWOW64\d3d8thk.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: "
 "11:26:46.4218076 AM","view-test.exe","24980","CreateFileMapping","C:\Windows\SysWOW64\d3d8thk.dll","SUCCESS","SyncType: SyncTypeOther"
 "11:26:46.4218830 AM","view-test.exe","24980","Load Image","C:\Windows\SysWOW64\d3d8thk.dll","SUCCESS","Image Base: 0x71430000, Image Size: 0x6000"
 "11:26:46.4218954 AM","view-test.exe","24980","CloseFile","C:\Windows\SysWOW64\d3d8thk.dll","SUCCESS",""
 "11:26:46.4220154 AM","view-test.exe","24980","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
 "11:26:46.4220288 AM","view-test.exe","24980","RegOpenKey","HKLM\Software\Wow6432Node\Microsoft\Direct3D","REPARSE","Desired Access: Query Value"
 "11:26:46.4220444 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Direct3D","SUCCESS","Desired Access: Query Value"
 "11:26:46.4220550 AM","view-test.exe","24980","RegSetInfoKey","HKCU\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Direct3D","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.4220624 AM","view-test.exe","24980","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
 "11:26:46.4220720 AM","view-test.exe","24980","RegOpenKey","HKLM\Software\Wow6432Node\Microsoft\Direct3D\Drivers","SUCCESS","Desired Access: Query Value"
 "11:26:46.4220844 AM","view-test.exe","24980","RegSetInfoKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Direct3D\Drivers","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.4220911 AM","view-test.exe","24980","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
 "11:26:46.4221003 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Microsoft\Direct3D","SUCCESS","Desired Access: Query Value"
 "11:26:46.4221081 AM","view-test.exe","24980","RegSetInfoKey","HKCU\Software\Microsoft\Direct3D","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.4221141 AM","view-test.exe","24980","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
 "11:26:46.4221222 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Control\GraphicsDrivers\Scheduler","REPARSE","Desired Access: Query Value"
 "11:26:46.4221314 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Control\GraphicsDrivers\Scheduler","SUCCESS","Desired Access: Query Value"
 "11:26:46.4221403 AM","view-test.exe","24980","RegSetInfoKey","HKLM\System\CurrentControlSet\Control\GraphicsDrivers\Scheduler","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.4221930 AM","view-test.exe","24980","CreateFile","C:\dev\GIT\Red\view-test.exe","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
 "11:26:46.4222164 AM","view-test.exe","24980","QueryStandardInformationFile","C:\dev\GIT\Red\view-test.exe","SUCCESS","AllocationSize: 507,904, EndOfFile: 505,856, NumberOfLinks: 1, DeletePending: False, Directory: False"
 "11:26:46.4222284 AM","view-test.exe","24980","CloseFile","C:\dev\GIT\Red\view-test.exe","SUCCESS",""
 "11:26:46.4222493 AM","view-test.exe","24980","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
 "11:26:46.4222599 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Microsoft\Direct3D","SUCCESS","Desired Access: Read"
 "11:26:46.4222677 AM","view-test.exe","24980","RegSetInfoKey","HKCU\Software\Microsoft\Direct3D","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.4222744 AM","view-test.exe","24980","RegEnumKey","HKCU\Software\Microsoft\Direct3D","SUCCESS","Index: 0, Name: MostRecentApplication"
 "11:26:46.4222829 AM","view-test.exe","24980","RegEnumKey","HKCU\Software\Microsoft\Direct3D","NO MORE ENTRIES","Index: 1, Length: 288"
 "11:26:46.4222900 AM","view-test.exe","24980","RegCloseKey","HKCU\Software\Microsoft\Direct3D","SUCCESS",""
 "11:26:46.4222964 AM","view-test.exe","24980","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
 "11:26:46.4223056 AM","view-test.exe","24980","RegOpenKey","HKLM\Software\Wow6432Node\Microsoft\Direct3D","REPARSE","Desired Access: Read"
 "11:26:46.4223180 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Direct3D","SUCCESS","Desired Access: Read"
 "11:26:46.4223261 AM","view-test.exe","24980","RegSetInfoKey","HKCU\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Direct3D","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.4223314 AM","view-test.exe","24980","RegEnumKey","HKCU\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Direct3D","SUCCESS","Index: 0, Name: Drivers"
 "11:26:46.4223463 AM","view-test.exe","24980","RegCloseKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Direct3D","SUCCESS",""
 "11:26:46.4223544 AM","view-test.exe","24980","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
 "11:26:46.4223636 AM","view-test.exe","24980","RegOpenKey","HKLM\Software\Wow6432Node\Microsoft\Direct3D\Drivers","SUCCESS","Desired Access: Read"
 "11:26:46.4223760 AM","view-test.exe","24980","RegSetInfoKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Direct3D\Drivers","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.4223820 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\Wow6432Node\Microsoft\Direct3D\Drivers\Size","NAME NOT FOUND","Length: 144"
 "11:26:46.4223877 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\Wow6432Node\Microsoft\Direct3D\Drivers\Name","NAME NOT FOUND","Length: 144"
 "11:26:46.4223940 AM","view-test.exe","24980","RegCloseKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Direct3D\Drivers","SUCCESS",""
 "11:26:46.4223993 AM","view-test.exe","24980","RegEnumKey","HKCU\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Direct3D","SUCCESS","Index: 1, Name: DX6TextureEnumInclusionList"
 "11:26:46.4224103 AM","view-test.exe","24980","RegCloseKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Direct3D","SUCCESS",""
 "11:26:46.4224181 AM","view-test.exe","24980","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
 "11:26:46.4224273 AM","view-test.exe","24980","RegOpenKey","HKLM\Software\Wow6432Node\Microsoft\Direct3D\DX6TextureEnumInclusionList","SUCCESS","Desired Access: Read"
 "11:26:46.4224393 AM","view-test.exe","24980","RegSetInfoKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Direct3D\DX6TextureEnumInclusionList","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.4224450 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\Wow6432Node\Microsoft\Direct3D\DX6TextureEnumInclusionList\Size","NAME NOT FOUND","Length: 144"
 "11:26:46.4224503 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\Wow6432Node\Microsoft\Direct3D\DX6TextureEnumInclusionList\Name","NAME NOT FOUND","Length: 144"
 "11:26:46.4224560 AM","view-test.exe","24980","RegCloseKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Direct3D\DX6TextureEnumInclusionList","SUCCESS",""
 "11:26:46.4224616 AM","view-test.exe","24980","RegEnumKey","HKCU\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Direct3D","SUCCESS","Index: 2, Name: MostRecentApplication"
 "11:26:46.4224719 AM","view-test.exe","24980","RegCloseKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Direct3D","SUCCESS",""
 "11:26:46.4224776 AM","view-test.exe","24980","RegEnumKey","HKCU\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Direct3D","NO MORE ENTRIES","Index: 3, Length: 288"
 "11:26:46.4224850 AM","view-test.exe","24980","RegCloseKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Direct3D","SUCCESS",""
 "11:26:46.4224910 AM","view-test.exe","24980","RegCloseKey","HKCU\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Direct3D","SUCCESS",""
 "11:26:46.4224974 AM","view-test.exe","24980","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
 "11:26:46.4225066 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Microsoft\Direct3D\Drivers","NAME NOT FOUND","Desired Access: Read"
 "11:26:46.4225140 AM","view-test.exe","24980","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
 "11:26:46.4225229 AM","view-test.exe","24980","RegOpenKey","HKLM\Software\Wow6432Node\Microsoft\Direct3D\Drivers","SUCCESS","Desired Access: Read"
 "11:26:46.4225328 AM","view-test.exe","24980","RegSetInfoKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Direct3D\Drivers","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.4225381 AM","view-test.exe","24980","RegEnumKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Direct3D\Drivers","SUCCESS","Index: 0, Name: Direct3D HAL"
 "11:26:46.4225476 AM","view-test.exe","24980","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
 "11:26:46.4225565 AM","view-test.exe","24980","RegOpenKey","HKLM\Software\Wow6432Node\Microsoft\Direct3D\Drivers\Direct3D HAL","SUCCESS","Desired Access: Read"
 "11:26:46.4225674 AM","view-test.exe","24980","RegSetInfoKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Direct3D\Drivers\Direct3D HAL","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.4225731 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\Wow6432Node\Microsoft\Direct3D\Drivers\Direct3D HAL\Size","NAME NOT FOUND","Length: 144"
 "11:26:46.4225795 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\Wow6432Node\Microsoft\Direct3D\Drivers\Direct3D HAL\Name","NAME NOT FOUND","Length: 144"
 "11:26:46.4225859 AM","view-test.exe","24980","RegCloseKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Direct3D\Drivers\Direct3D HAL","SUCCESS",""
 "11:26:46.4225912 AM","view-test.exe","24980","RegEnumKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Direct3D\Drivers","SUCCESS","Index: 1, Name: Ramp Emulation"
 "11:26:46.4226004 AM","view-test.exe","24980","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
 "11:26:46.4226092 AM","view-test.exe","24980","RegOpenKey","HKLM\Software\Wow6432Node\Microsoft\Direct3D\Drivers\Ramp Emulation","SUCCESS","Desired Access: Read"
 "11:26:46.4226202 AM","view-test.exe","24980","RegSetInfoKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Direct3D\Drivers\Ramp Emulation","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.4226258 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\Wow6432Node\Microsoft\Direct3D\Drivers\Ramp Emulation\Size","NAME NOT FOUND","Length: 144"
 "11:26:46.4226315 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\Wow6432Node\Microsoft\Direct3D\Drivers\Ramp Emulation\Name","NAME NOT FOUND","Length: 144"
 "11:26:46.4226375 AM","view-test.exe","24980","RegCloseKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Direct3D\Drivers\Ramp Emulation","SUCCESS",""
 "11:26:46.4226428 AM","view-test.exe","24980","RegEnumKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Direct3D\Drivers","SUCCESS","Index: 2, Name: RGB Emulation"
 "11:26:46.4226517 AM","view-test.exe","24980","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
 "11:26:46.4226602 AM","view-test.exe","24980","RegOpenKey","HKLM\Software\Wow6432Node\Microsoft\Direct3D\Drivers\RGB Emulation","SUCCESS","Desired Access: Read"
 "11:26:46.4226708 AM","view-test.exe","24980","RegSetInfoKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Direct3D\Drivers\RGB Emulation","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.4226765 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\Wow6432Node\Microsoft\Direct3D\Drivers\RGB Emulation\Size","NAME NOT FOUND","Length: 144"
 "11:26:46.4226821 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\Wow6432Node\Microsoft\Direct3D\Drivers\RGB Emulation\Name","NAME NOT FOUND","Length: 144"
 "11:26:46.4226881 AM","view-test.exe","24980","RegCloseKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Direct3D\Drivers\RGB Emulation","SUCCESS",""
 "11:26:46.4226934 AM","view-test.exe","24980","RegEnumKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Direct3D\Drivers","NO MORE ENTRIES","Index: 3, Length: 288"
 "11:26:46.4226991 AM","view-test.exe","24980","RegCloseKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Direct3D\Drivers","SUCCESS",""
 "11:26:46.4227055 AM","view-test.exe","24980","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
 "11:26:46.4227140 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Microsoft\Direct3D","SUCCESS","Desired Access: Read"
 "11:26:46.4227214 AM","view-test.exe","24980","RegSetInfoKey","HKCU\Software\Microsoft\Direct3D","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.4227263 AM","view-test.exe","24980","RegEnumKey","HKCU\Software\Microsoft\Direct3D","SUCCESS","Index: 0, Name: MostRecentApplication"
 "11:26:46.4227370 AM","view-test.exe","24980","RegEnumKey","HKCU\Software\Microsoft\Direct3D","NO MORE ENTRIES","Index: 1, Length: 288"
 "11:26:46.4227426 AM","view-test.exe","24980","RegCloseKey","HKCU\Software\Microsoft\Direct3D","SUCCESS",""
 "11:26:46.4227501 AM","view-test.exe","24980","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
 "11:26:46.4227603 AM","view-test.exe","24980","RegOpenKey","HKLM\Software\Wow6432Node\Microsoft\Direct3D","REPARSE","Desired Access: Read"
 "11:26:46.4227709 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Direct3D","SUCCESS","Desired Access: Read"
 "11:26:46.4227787 AM","view-test.exe","24980","RegSetInfoKey","HKCU\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Direct3D","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.4227844 AM","view-test.exe","24980","RegEnumKey","HKCU\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Direct3D","SUCCESS","Index: 0, Name: Drivers"
 "11:26:46.4227954 AM","view-test.exe","24980","RegCloseKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Direct3D","SUCCESS",""
 "11:26:46.4228028 AM","view-test.exe","24980","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
 "11:26:46.4228113 AM","view-test.exe","24980","RegOpenKey","HKLM\Software\Wow6432Node\Microsoft\Direct3D\Drivers","SUCCESS","Desired Access: Read"
 "11:26:46.4228212 AM","view-test.exe","24980","RegSetInfoKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Direct3D\Drivers","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.4228265 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\Wow6432Node\Microsoft\Direct3D\Drivers\Size","NAME NOT FOUND","Length: 144"
 "11:26:46.4228318 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\Wow6432Node\Microsoft\Direct3D\Drivers\Name","NAME NOT FOUND","Length: 144"
 "11:26:46.4228375 AM","view-test.exe","24980","RegCloseKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Direct3D\Drivers","SUCCESS",""
 "11:26:46.4228428 AM","view-test.exe","24980","RegEnumKey","HKCU\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Direct3D","SUCCESS","Index: 1, Name: DX6TextureEnumInclusionList"
 "11:26:46.4228527 AM","view-test.exe","24980","RegCloseKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Direct3D","SUCCESS",""
 "11:26:46.4228601 AM","view-test.exe","24980","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
 "11:26:46.4228690 AM","view-test.exe","24980","RegOpenKey","HKLM\Software\Wow6432Node\Microsoft\Direct3D\DX6TextureEnumInclusionList","SUCCESS","Desired Access: Read"
 "11:26:46.4228792 AM","view-test.exe","24980","RegSetInfoKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Direct3D\DX6TextureEnumInclusionList","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.4228845 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\Wow6432Node\Microsoft\Direct3D\DX6TextureEnumInclusionList\Size","NAME NOT FOUND","Length: 144"
 "11:26:46.4228899 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\Wow6432Node\Microsoft\Direct3D\DX6TextureEnumInclusionList\Name","NAME NOT FOUND","Length: 144"
 "11:26:46.4228955 AM","view-test.exe","24980","RegCloseKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Direct3D\DX6TextureEnumInclusionList","SUCCESS",""
 "11:26:46.4229008 AM","view-test.exe","24980","RegEnumKey","HKCU\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Direct3D","SUCCESS","Index: 2, Name: MostRecentApplication"
 "11:26:46.4229107 AM","view-test.exe","24980","RegCloseKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Direct3D","SUCCESS",""
 "11:26:46.4229160 AM","view-test.exe","24980","RegEnumKey","HKCU\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Direct3D","NO MORE ENTRIES","Index: 3, Length: 288"
 "11:26:46.4229235 AM","view-test.exe","24980","RegCloseKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Direct3D","SUCCESS",""
 "11:26:46.4229295 AM","view-test.exe","24980","RegCloseKey","HKCU\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Direct3D","SUCCESS",""
 "11:26:46.4229359 AM","view-test.exe","24980","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
 "11:26:46.4229447 AM","view-test.exe","24980","RegOpenKey","HKCU\System\CurrentControlSet\Control\GraphicsDrivers\Scheduler","NAME NOT FOUND","Desired Access: Read"
 "11:26:46.4229536 AM","view-test.exe","24980","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
 "11:26:46.4229617 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Control\GraphicsDrivers\Scheduler","REPARSE","Desired Access: Read"
 "11:26:46.4229698 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Control\GraphicsDrivers\Scheduler","SUCCESS","Desired Access: Read"
 "11:26:46.4229776 AM","view-test.exe","24980","RegSetInfoKey","HKLM\System\CurrentControlSet\Control\GraphicsDrivers\Scheduler","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.4229829 AM","view-test.exe","24980","RegEnumKey","HKLM\System\CurrentControlSet\Control\GraphicsDrivers\Scheduler","NO MORE ENTRIES","Index: 0, Length: 288"
 "11:26:46.4229889 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Control\GraphicsDrivers\Scheduler","SUCCESS",""
 "11:26:46.4230088 AM","view-test.exe","24980","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
 "11:26:46.4230190 AM","view-test.exe","24980","RegCreateKey","HKCU\Software\Microsoft\Direct3D\MostRecentApplication","SUCCESS","Desired Access: Set Value"
 "11:26:46.4230268 AM","view-test.exe","24980","RegSetInfoKey","HKCU\Software\Microsoft\Direct3D\MostRecentApplication","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.4230346 AM","view-test.exe","24980","RegQueryKey","HKCU\Software\Microsoft\Direct3D\MostRecentApplication","SUCCESS","Query: HandleTags, HandleTags: 0x400"
 "11:26:46.4230434 AM","view-test.exe","24980","RegSetValue","HKCU\Software\Microsoft\Direct3D\MostRecentApplication\Name","SUCCESS","Type: REG_SZ, Length: 28, Data: view-test.exe"
 "11:26:46.4230519 AM","view-test.exe","24980","RegCloseKey","HKCU\Software\Microsoft\Direct3D\MostRecentApplication","SUCCESS",""
 "11:26:46.4230594 AM","view-test.exe","24980","RegOpenKey","HKLM\Software\Policies\Microsoft\SQMClient\Windows","NAME NOT FOUND","Desired Access: Read"
 "11:26:46.4230735 AM","view-test.exe","24980","RegOpenKey","HKLM\Software\Microsoft\SQMClient\Windows","SUCCESS","Desired Access: Read"
 "11:26:46.4230820 AM","view-test.exe","24980","RegSetInfoKey","HKLM\SOFTWARE\MICROSOFT\SQMClient\Windows","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.4230873 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\MICROSOFT\SQMClient\Windows\CEIPEnable","NAME NOT FOUND","Length: 20"
 "11:26:46.4230948 AM","view-test.exe","24980","RegCloseKey","HKLM\SOFTWARE\MICROSOFT\SQMClient\Windows","SUCCESS",""
 "11:26:46.4235159 AM","view-test.exe","24980","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
 "11:26:46.4235265 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{65e8773d-8f56-11d0-a3b9-00a0c9223196}","REPARSE","Desired Access: Query Value"
 "11:26:46.4235350 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{65e8773d-8f56-11d0-a3b9-00a0c9223196}","SUCCESS","Desired Access: Query Value"
 "11:26:46.4235428 AM","view-test.exe","24980","RegSetInfoKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{65E8773D-8F56-11D0-A3B9-00A0C9223196}","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.4235495 AM","view-test.exe","24980","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{65E8773D-8F56-11D0-A3B9-00A0C9223196}","SUCCESS","Query: HandleTags, HandleTags: 0x400"
 "11:26:46.4235566 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{65E8773D-8F56-11D0-A3B9-00A0C9223196}\##?#usb#vid_0c45&pid_64d0&mi_00#7&c511da5&0&0000#{65e8773d-8f56-11d0-a3b9-00a0c9223196}\#global\Device Parameters","SUCCESS","Desired Access: Read"
 "11:26:46.4235651 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{65E8773D-8F56-11D0-A3B9-00A0C9223196}","SUCCESS",""
 "11:26:46.4235725 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Control\DeviceClasses\{65E8773D-8F56-11D0-A3B9-00A0C9223196}\##?#USB#VID_0C45&PID_64D0&MI_00#7&C511DA5&0&0000#{65e8773d-8f56-11d0-a3b9-00a0c9223196}\#GLOBAL\Device Parameters\InterfaceLink","NAME NOT FOUND","Length: 144"
 "11:26:46.4236153 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Control\DeviceClasses\{65E8773D-8F56-11D0-A3B9-00A0C9223196}\##?#USB#VID_0C45&PID_64D0&MI_00#7&C511DA5&0&0000#{65e8773d-8f56-11d0-a3b9-00a0c9223196}\#GLOBAL\Device Parameters\FilterData","BUFFER OVERFLOW","Length: 144"
 "11:26:46.4236284 AM","view-test.exe","24980","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{65E8773D-8F56-11D0-A3B9-00A0C9223196}\##?#USB#VID_0C45&PID_64D0&MI_00#7&C511DA5&0&0000#{65e8773d-8f56-11d0-a3b9-00a0c9223196}\#GLOBAL\Device Parameters","SUCCESS","Query: HandleTags, HandleTags: 0x400"
 "11:26:46.4236366 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{65E8773D-8F56-11D0-A3B9-00A0C9223196}\##?#USB#VID_0C45&PID_64D0&MI_00#7&C511DA5&0&0000#{65e8773d-8f56-11d0-a3b9-00a0c9223196}\#GLOBAL\Device Parameters\Interfaces","NAME NOT FOUND","Desired Access: Read"
 "11:26:46.4236575 AM","view-test.exe","24980","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
 "11:26:46.4236660 AM","view-test.exe","24980","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Control\MediaInterfaces","REPARSE","Desired Access: Read"
 "11:26:46.4236741 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Control\MediaInterfaces","SUCCESS","Desired Access: Read"
 "11:26:46.4236826 AM","view-test.exe","24980","RegSetInfoKey","HKLM\System\CurrentControlSet\Control\MediaInterfaces","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.4236890 AM","view-test.exe","24980","RegQueryKey","HKLM\System\CurrentControlSet\Control\MediaInterfaces","SUCCESS","Query: HandleTags, HandleTags: 0x400"
 "11:26:46.4236971 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Control\MediaInterfaces\{DFF229E5-F70F-11D0-B917-00A0C9223196}","NAME NOT FOUND","Desired Access: Read"
 "11:26:46.4237074 AM","view-test.exe","24980","RegQueryKey","HKLM\System\CurrentControlSet\Control\MediaInterfaces","SUCCESS","Query: HandleTags, HandleTags: 0x400"
 "11:26:46.4237197 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Control\MediaInterfaces\{DFF229E6-F70F-11D0-B917-00A0C9223196}","NAME NOT FOUND","Desired Access: Read"
 "11:26:46.4237304 AM","view-test.exe","24980","RegQueryKey","HKLM\System\CurrentControlSet\Control\MediaInterfaces","SUCCESS","Query: HandleTags, HandleTags: 0x400"
 "11:26:46.4237381 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Control\MediaInterfaces\{941C7AC0-C559-11D0-8A2B-00A0C9255AC1}","NAME NOT FOUND","Desired Access: Read"
 "11:26:46.4237445 AM","view-test.exe","24980","RegQueryKey","HKLM\System\CurrentControlSet\Control\MediaInterfaces","SUCCESS","Query: HandleTags, HandleTags: 0x400"
 "11:26:46.4237516 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Control\MediaInterfaces\{941C7AC0-C559-11D0-8A2B-00A0C9255AC1}","NAME NOT FOUND","Desired Access: Read"
 "11:26:46.4237573 AM","view-test.exe","24980","RegQueryKey","HKLM\System\CurrentControlSet\Control\MediaInterfaces","SUCCESS","Query: HandleTags, HandleTags: 0x400"
 "11:26:46.4237643 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Control\MediaInterfaces\{DFF229E1-F70F-11D0-B917-00A0C9223196}","NAME NOT FOUND","Desired Access: Read"
 "11:26:46.4237711 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Control\MediaInterfaces","SUCCESS",""
 "11:26:46.4237941 AM","view-test.exe","24980","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
 "11:26:46.4238033 AM","view-test.exe","24980","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Control\MediaInterfaces","REPARSE","Desired Access: Read"
 "11:26:46.4238107 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Control\MediaInterfaces","SUCCESS","Desired Access: Read"
 "11:26:46.4238213 AM","view-test.exe","24980","RegSetInfoKey","HKLM\System\CurrentControlSet\Control\MediaInterfaces","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.4238316 AM","view-test.exe","24980","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{65E8773D-8F56-11D0-A3B9-00A0C9223196}\##?#USB#VID_0C45&PID_64D0&MI_00#7&C511DA5&0&0000#{65e8773d-8f56-11d0-a3b9-00a0c9223196}\#GLOBAL\Device Parameters","SUCCESS","Query: HandleTags, HandleTags: 0x400"
 "11:26:46.4238429 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{65E8773D-8F56-11D0-A3B9-00A0C9223196}\##?#USB#VID_0C45&PID_64D0&MI_00#7&C511DA5&0&0000#{65e8773d-8f56-11d0-a3b9-00a0c9223196}\#GLOBAL\Device Parameters\SetAliases","NAME NOT FOUND","Desired Access: Read"
 "11:26:46.4238493 AM","view-test.exe","24980","RegQueryKey","HKLM\System\CurrentControlSet\Control\MediaInterfaces","SUCCESS","Query: HandleTags, HandleTags: 0x400"
 "11:26:46.4238567 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Control\MediaInterfaces\{DB47DE20-F628-11D1-BA41-00A0C90D2B05}","NAME NOT FOUND","Desired Access: Read"
 "11:26:46.4238634 AM","view-test.exe","24980","RegQueryKey","HKLM\System\CurrentControlSet\Control\MediaInterfaces","SUCCESS","Query: HandleTags, HandleTags: 0x400"
 "11:26:46.4238705 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Control\MediaInterfaces\{A60D8368-5324-4893-B020-C431A50BCBE3}","NAME NOT FOUND","Desired Access: Read"
 "11:26:46.4238765 AM","view-test.exe","24980","RegQueryKey","HKLM\System\CurrentControlSet\Control\MediaInterfaces","SUCCESS","Query: HandleTags, HandleTags: 0x400"
 "11:26:46.4238836 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Control\MediaInterfaces\{1464EDA5-6A8F-11D1-9AA7-00A0C9223196}","NAME NOT FOUND","Desired Access: Read"
 "11:26:46.4238900 AM","view-test.exe","24980","RegQueryKey","HKLM\System\CurrentControlSet\Control\MediaInterfaces","SUCCESS","Query: HandleTags, HandleTags: 0x400"
 "11:26:46.4238970 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Control\MediaInterfaces\{720D4AC0-7533-11D0-A5D6-28DB04C10000}","SUCCESS","Desired Access: Read"
 "11:26:46.4239045 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Control\MediaInterfaces\{720D4AC0-7533-11D0-A5D6-28DB04C10000}\iid","SUCCESS","Type: REG_BINARY, Length: 16, Data: C0 4A 0D 72 33 75 D0 11 A5 D6 28 DB 04 C1 00 00"
 "11:26:46.4239133 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Control\MediaInterfaces\{720D4AC0-7533-11D0-A5D6-28DB04C10000}","SUCCESS",""
 "11:26:46.4239335 AM","view-test.exe","24980","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: Name"
 "11:26:46.4239416 AM","view-test.exe","24980","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x1"
 "11:26:46.4239491 AM","view-test.exe","24980","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x1"
 "11:26:46.4239586 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Classes\Wow6432Node\CLSID\{720D4AC0-7533-11D0-A5D6-28DB04C10000}","NAME NOT FOUND","Desired Access: Read"
 "11:26:46.4239692 AM","view-test.exe","24980","RegOpenKey","HKCR\Wow6432Node\CLSID\{720D4AC0-7533-11D0-A5D6-28DB04C10000}","SUCCESS","Desired Access: Read"
 "11:26:46.4239777 AM","view-test.exe","24980","RegSetInfoKey","HKCR\Wow6432Node\CLSID\{720D4AC0-7533-11D0-A5D6-28DB04C10000}","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.4239830 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{720D4AC0-7533-11D0-A5D6-28DB04C10000}","SUCCESS","Query: Name"
 "11:26:46.4239905 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{720D4AC0-7533-11D0-A5D6-28DB04C10000}","SUCCESS","Query: HandleTags, HandleTags: 0x401"
 "11:26:46.4240036 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Classes\Wow6432Node\CLSID\{720D4AC0-7533-11D0-A5D6-28DB04C10000}\TreatAs","NAME NOT FOUND","Desired Access: Query Value"
 "11:26:46.4240114 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{720D4AC0-7533-11D0-A5D6-28DB04C10000}","SUCCESS","Query: HandleTags, HandleTags: 0x401"
 "11:26:46.4240188 AM","view-test.exe","24980","RegOpenKey","HKCR\Wow6432Node\CLSID\{720D4AC0-7533-11D0-A5D6-28DB04C10000}\TreatAs","NAME NOT FOUND","Desired Access: Query Value"
 "11:26:46.4240305 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{720D4AC0-7533-11D0-A5D6-28DB04C10000}","BUFFER TOO SMALL","Query: Name, Length: 0"
 "11:26:46.4240358 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{720D4AC0-7533-11D0-A5D6-28DB04C10000}","SUCCESS","Query: Name"
 "11:26:46.4240436 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{720D4AC0-7533-11D0-A5D6-28DB04C10000}","SUCCESS","Query: Name"
 "11:26:46.4240506 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{720D4AC0-7533-11D0-A5D6-28DB04C10000}","SUCCESS","Query: HandleTags, HandleTags: 0x401"
 "11:26:46.4240623 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Classes\Wow6432Node\CLSID\{720D4AC0-7533-11D0-A5D6-28DB04C10000}\Progid","NAME NOT FOUND","Desired Access: Query Value"
 "11:26:46.4240701 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{720D4AC0-7533-11D0-A5D6-28DB04C10000}","SUCCESS","Query: HandleTags, HandleTags: 0x401"
 "11:26:46.4240775 AM","view-test.exe","24980","RegOpenKey","HKCR\Wow6432Node\CLSID\{720D4AC0-7533-11D0-A5D6-28DB04C10000}\Progid","NAME NOT FOUND","Desired Access: Query Value"
 "11:26:46.4240874 AM","view-test.exe","24980","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: Name"
 "11:26:46.4240956 AM","view-test.exe","24980","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x1"
 "11:26:46.4241030 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Classes\CLSID\{720D4AC0-7533-11D0-A5D6-28DB04C10000}","NAME NOT FOUND","Desired Access: Read"
 "11:26:46.4241104 AM","view-test.exe","24980","RegOpenKey","HKCR\CLSID\{720D4AC0-7533-11D0-A5D6-28DB04C10000}","SUCCESS","Desired Access: Read"
 "11:26:46.4241179 AM","view-test.exe","24980","RegSetInfoKey","HKCR\CLSID\{720D4AC0-7533-11D0-A5D6-28DB04C10000}","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.4241232 AM","view-test.exe","24980","RegQueryKey","HKCR\CLSID\{720D4AC0-7533-11D0-A5D6-28DB04C10000}","SUCCESS","Query: Name"
 "11:26:46.4241306 AM","view-test.exe","24980","RegQueryKey","HKCR\CLSID\{720D4AC0-7533-11D0-A5D6-28DB04C10000}","SUCCESS","Query: HandleTags, HandleTags: 0x100"
 "11:26:46.4241409 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Classes\CLSID\{720D4AC0-7533-11D0-A5D6-28DB04C10000}\Progid","NAME NOT FOUND","Desired Access: Query Value"
 "11:26:46.4241480 AM","view-test.exe","24980","RegQueryKey","HKCR\CLSID\{720D4AC0-7533-11D0-A5D6-28DB04C10000}","SUCCESS","Query: HandleTags, HandleTags: 0x100"
 "11:26:46.4241554 AM","view-test.exe","24980","RegOpenKey","HKCR\CLSID\{720D4AC0-7533-11D0-A5D6-28DB04C10000}\Progid","NAME NOT FOUND","Desired Access: Query Value"
 "11:26:46.4241657 AM","view-test.exe","24980","RegCloseKey","HKCR\CLSID\{720D4AC0-7533-11D0-A5D6-28DB04C10000}","SUCCESS",""
 "11:26:46.4241713 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{720D4AC0-7533-11D0-A5D6-28DB04C10000}","SUCCESS","Query: Name"
 "11:26:46.4241788 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{720D4AC0-7533-11D0-A5D6-28DB04C10000}","SUCCESS","Query: HandleTags, HandleTags: 0x401"
 "11:26:46.4241901 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Classes\Wow6432Node\CLSID\{720D4AC0-7533-11D0-A5D6-28DB04C10000}","NAME NOT FOUND","Desired Access: Maximum Allowed"
 "11:26:46.4241972 AM","view-test.exe","24980","RegQueryValue","HKCR\Wow6432Node\CLSID\{720D4AC0-7533-11D0-A5D6-28DB04C10000}\(Default)","SUCCESS","Type: REG_SZ, Length: 42, Data: KsTopologyInfo Class"
 "11:26:46.4242060 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{720D4AC0-7533-11D0-A5D6-28DB04C10000}","SUCCESS","Query: Name"
 "11:26:46.4242131 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{720D4AC0-7533-11D0-A5D6-28DB04C10000}","SUCCESS","Query: HandleTags, HandleTags: 0x401"
 "11:26:46.4242237 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Classes\Wow6432Node\CLSID\{720D4AC0-7533-11D0-A5D6-28DB04C10000}","NAME NOT FOUND","Desired Access: Maximum Allowed"
 "11:26:46.4242304 AM","view-test.exe","24980","RegQueryValue","HKCR\Wow6432Node\CLSID\{720D4AC0-7533-11D0-A5D6-28DB04C10000}\(Default)","SUCCESS","Type: REG_SZ, Length: 42, Data: KsTopologyInfo Class"
 "11:26:46.4242389 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{720D4AC0-7533-11D0-A5D6-28DB04C10000}","SUCCESS","Query: Name"
 "11:26:46.4242460 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{720D4AC0-7533-11D0-A5D6-28DB04C10000}","SUCCESS","Query: HandleTags, HandleTags: 0x401"
 "11:26:46.4242566 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Classes\Wow6432Node\CLSID\{720D4AC0-7533-11D0-A5D6-28DB04C10000}\InprocServer32","NAME NOT FOUND","Desired Access: Read"
 "11:26:46.4242640 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{720D4AC0-7533-11D0-A5D6-28DB04C10000}","SUCCESS","Query: HandleTags, HandleTags: 0x401"
 "11:26:46.4242711 AM","view-test.exe","24980","RegOpenKey","HKCR\Wow6432Node\CLSID\{720D4AC0-7533-11D0-A5D6-28DB04C10000}\InprocServer32","SUCCESS","Desired Access: Read"
 "11:26:46.4242786 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{720D4AC0-7533-11D0-A5D6-28DB04C10000}\InprocServer32","SUCCESS","Query: Name"
 "11:26:46.4242863 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{720D4AC0-7533-11D0-A5D6-28DB04C10000}\InprocServer32","SUCCESS","Query: HandleTags, HandleTags: 0x401"
 "11:26:46.4242966 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Classes\Wow6432Node\CLSID\{720D4AC0-7533-11D0-A5D6-28DB04C10000}\InprocServer32","NAME NOT FOUND","Desired Access: Maximum Allowed"
 "11:26:46.4243033 AM","view-test.exe","24980","RegQueryValue","HKCR\Wow6432Node\CLSID\{720D4AC0-7533-11D0-A5D6-28DB04C10000}\InprocServer32\InprocServer32","NAME NOT FOUND","Length: 144"
 "11:26:46.4243093 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{720D4AC0-7533-11D0-A5D6-28DB04C10000}\InprocServer32","SUCCESS","Query: Name"
 "11:26:46.4243168 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{720D4AC0-7533-11D0-A5D6-28DB04C10000}\InprocServer32","SUCCESS","Query: HandleTags, HandleTags: 0x401"
 "11:26:46.4243270 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Classes\Wow6432Node\CLSID\{720D4AC0-7533-11D0-A5D6-28DB04C10000}\InprocServer32","NAME NOT FOUND","Desired Access: Maximum Allowed"
 "11:26:46.4243338 AM","view-test.exe","24980","RegQueryValue","HKCR\Wow6432Node\CLSID\{720D4AC0-7533-11D0-A5D6-28DB04C10000}\InprocServer32\(Default)","SUCCESS","Type: REG_SZ, Length: 60, Data: C:\Windows\SysWOW64\vidcap.ax"
 "11:26:46.4243430 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{720D4AC0-7533-11D0-A5D6-28DB04C10000}\InprocServer32","SUCCESS","Query: Name"
 "11:26:46.4243518 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{720D4AC0-7533-11D0-A5D6-28DB04C10000}\InprocServer32","SUCCESS","Query: HandleTags, HandleTags: 0x401"
 "11:26:46.4243638 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Classes\Wow6432Node\CLSID\{720D4AC0-7533-11D0-A5D6-28DB04C10000}\InprocServer32","NAME NOT FOUND","Desired Access: Maximum Allowed"
 "11:26:46.4243713 AM","view-test.exe","24980","RegQueryValue","HKCR\Wow6432Node\CLSID\{720D4AC0-7533-11D0-A5D6-28DB04C10000}\InprocServer32\(Default)","SUCCESS","Type: REG_SZ, Length: 60, Data: C:\Windows\SysWOW64\vidcap.ax"
 "11:26:46.4243791 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{720D4AC0-7533-11D0-A5D6-28DB04C10000}\InprocServer32","SUCCESS","Query: Name"
 "11:26:46.4243861 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{720D4AC0-7533-11D0-A5D6-28DB04C10000}\InprocServer32","SUCCESS","Query: HandleTags, HandleTags: 0x401"
 "11:26:46.4243968 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Classes\Wow6432Node\CLSID\{720D4AC0-7533-11D0-A5D6-28DB04C10000}\InprocServer32","NAME NOT FOUND","Desired Access: Maximum Allowed"
 "11:26:46.4244028 AM","view-test.exe","24980","RegQueryValue","HKCR\Wow6432Node\CLSID\{720D4AC0-7533-11D0-A5D6-28DB04C10000}\InprocServer32\ThreadingModel","SUCCESS","Type: REG_SZ, Length: 10, Data: Both"
 "11:26:46.4244116 AM","view-test.exe","24980","RegCloseKey","HKCR\Wow6432Node\CLSID\{720D4AC0-7533-11D0-A5D6-28DB04C10000}\InprocServer32","SUCCESS",""
 "11:26:46.4244169 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{720D4AC0-7533-11D0-A5D6-28DB04C10000}","SUCCESS","Query: Name"
 "11:26:46.4244240 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{720D4AC0-7533-11D0-A5D6-28DB04C10000}","SUCCESS","Query: HandleTags, HandleTags: 0x401"
 "11:26:46.4244385 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Classes\Wow6432Node\CLSID\{720D4AC0-7533-11D0-A5D6-28DB04C10000}\InprocHandler32","NAME NOT FOUND","Desired Access: Query Value"
 "11:26:46.4244523 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{720D4AC0-7533-11D0-A5D6-28DB04C10000}","SUCCESS","Query: HandleTags, HandleTags: 0x401"
 "11:26:46.4244665 AM","view-test.exe","24980","RegOpenKey","HKCR\Wow6432Node\CLSID\{720D4AC0-7533-11D0-A5D6-28DB04C10000}\InprocHandler32","NAME NOT FOUND","Desired Access: Query Value"
 "11:26:46.4244849 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{720D4AC0-7533-11D0-A5D6-28DB04C10000}","SUCCESS","Query: Name"
 "11:26:46.4245001 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{720D4AC0-7533-11D0-A5D6-28DB04C10000}","SUCCESS","Query: HandleTags, HandleTags: 0x401"
 "11:26:46.4245312 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Classes\Wow6432Node\CLSID\{720D4AC0-7533-11D0-A5D6-28DB04C10000}\InprocHandler","NAME NOT FOUND","Desired Access: Query Value"
 "11:26:46.4245539 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{720D4AC0-7533-11D0-A5D6-28DB04C10000}","SUCCESS","Query: HandleTags, HandleTags: 0x401"
 "11:26:46.4245787 AM","view-test.exe","24980","RegOpenKey","HKCR\Wow6432Node\CLSID\{720D4AC0-7533-11D0-A5D6-28DB04C10000}\InprocHandler","NAME NOT FOUND","Desired Access: Query Value"
 "11:26:46.4246066 AM","view-test.exe","24980","RegCloseKey","HKCR\Wow6432Node\CLSID\{720D4AC0-7533-11D0-A5D6-28DB04C10000}","SUCCESS",""
 "11:26:46.4246544 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Classes","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
 "11:26:46.4246671 AM","view-test.exe","24980","RegSetInfoKey","HKCU\Software\Classes","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.4246767 AM","view-test.exe","24980","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: Name"
 "11:26:46.4246894 AM","view-test.exe","24980","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x1"
 "11:26:46.4247004 AM","view-test.exe","24980","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x1"
 "11:26:46.4247177 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Classes\Wow6432Node\CLSID\{720D4AC0-7533-11D0-A5D6-28DB04C10000}","NAME NOT FOUND","Desired Access: Read"
 "11:26:46.4247354 AM","view-test.exe","24980","RegOpenKey","HKCR\Wow6432Node\CLSID\{720D4AC0-7533-11D0-A5D6-28DB04C10000}","SUCCESS","Desired Access: Read"
 "11:26:46.4247496 AM","view-test.exe","24980","RegSetInfoKey","HKCR\Wow6432Node\CLSID\{720D4AC0-7533-11D0-A5D6-28DB04C10000}","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.4247602 AM","view-test.exe","24980","RegCloseKey","HKCU\Software\Classes","SUCCESS",""
 "11:26:46.4247694 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{720D4AC0-7533-11D0-A5D6-28DB04C10000}","SUCCESS","Query: Name"
 "11:26:46.4247825 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{720D4AC0-7533-11D0-A5D6-28DB04C10000}","SUCCESS","Query: HandleTags, HandleTags: 0x401"
 "11:26:46.4248052 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Classes\Wow6432Node\CLSID\{720D4AC0-7533-11D0-A5D6-28DB04C10000}\TreatAs","NAME NOT FOUND","Desired Access: Read"
 "11:26:46.4248197 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{720D4AC0-7533-11D0-A5D6-28DB04C10000}","SUCCESS","Query: HandleTags, HandleTags: 0x401"
 "11:26:46.4248345 AM","view-test.exe","24980","RegOpenKey","HKCR\Wow6432Node\CLSID\{720D4AC0-7533-11D0-A5D6-28DB04C10000}\TreatAs","NAME NOT FOUND","Desired Access: Read"
 "11:26:46.4248540 AM","view-test.exe","24980","RegCloseKey","HKCR\Wow6432Node\CLSID\{720D4AC0-7533-11D0-A5D6-28DB04C10000}","SUCCESS",""
 "11:26:46.4251109 AM","view-test.exe","24980","CreateFile","C:\Windows\SysWOW64\vidcap.ax","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
 "11:26:46.4252072 AM","view-test.exe","24980","QueryBasicInformationFile","C:\Windows\SysWOW64\vidcap.ax","SUCCESS","CreationTime: 7/14/2009 1:51:18 AM, LastAccessTime: 7/14/2009 1:51:18 AM, LastWriteTime: 7/14/2009 3:14:11 AM, ChangeTime: 12/5/2014 3:16:10 PM, FileAttributes: A"
 "11:26:46.4252192 AM","view-test.exe","24980","CloseFile","C:\Windows\SysWOW64\vidcap.ax","SUCCESS",""
 "11:26:46.4253187 AM","view-test.exe","24980","CreateFile","C:\Windows\SysWOW64\vidcap.ax","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
 "11:26:46.4253905 AM","view-test.exe","24980","CreateFileMapping","C:\Windows\SysWOW64\vidcap.ax","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: "
 "11:26:46.4254273 AM","view-test.exe","24980","CreateFileMapping","C:\Windows\SysWOW64\vidcap.ax","SUCCESS","SyncType: SyncTypeOther"
 "11:26:46.4255197 AM","view-test.exe","24980","Load Image","C:\Windows\SysWOW64\vidcap.ax","SUCCESS","Image Base: 0x73750000, Image Size: 0x9000"
 "11:26:46.4255420 AM","view-test.exe","24980","CloseFile","C:\Windows\SysWOW64\vidcap.ax","SUCCESS",""
 "11:26:46.4256276 AM","view-test.exe","24980","RegQueryKey","HKLM\System\CurrentControlSet\Control\MediaInterfaces","SUCCESS","Query: HandleTags, HandleTags: 0x400"
 "11:26:46.4256386 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Control\MediaInterfaces\{8C134960-51AD-11CF-878A-94F801C10000}","NAME NOT FOUND","Desired Access: Read"
 "11:26:46.4256481 AM","view-test.exe","24980","RegQueryKey","HKLM\System\CurrentControlSet\Control\MediaInterfaces","SUCCESS","Query: HandleTags, HandleTags: 0x400"
 "11:26:46.4256563 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Control\MediaInterfaces\{B03A874B-D32B-4213-AC38-25A718E4454F}","NAME NOT FOUND","Desired Access: Read"
 "11:26:46.4256630 AM","view-test.exe","24980","RegQueryKey","HKLM\System\CurrentControlSet\Control\MediaInterfaces","SUCCESS","Query: HandleTags, HandleTags: 0x400"
 "11:26:46.4256719 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Control\MediaInterfaces\{DB47DE20-F628-11D1-BA41-00A0C90D2B05}","NAME NOT FOUND","Desired Access: Read"
 "11:26:46.4256793 AM","view-test.exe","24980","RegQueryKey","HKLM\System\CurrentControlSet\Control\MediaInterfaces","SUCCESS","Query: HandleTags, HandleTags: 0x400"
 "11:26:46.4256867 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Control\MediaInterfaces\{C6E13360-30AC-11D0-A18C-00A0C9118956}","SUCCESS","Desired Access: Read"
 "11:26:46.4256970 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Control\MediaInterfaces\{C6E13360-30AC-11D0-A18C-00A0C9118956}\iid","SUCCESS","Type: REG_BINARY, Length: 16, Data: 60 33 E1 C6 AC 30 D0 11 A1 8C 00 A0 C9 11 89 56"
 "11:26:46.4257079 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Control\MediaInterfaces\{C6E13360-30AC-11D0-A18C-00A0C9118956}","SUCCESS",""
 "11:26:46.4257288 AM","view-test.exe","24980","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: Name"
 "11:26:46.4257377 AM","view-test.exe","24980","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x1"
 "11:26:46.4257455 AM","view-test.exe","24980","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x1"
 "11:26:46.4257564 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Classes\Wow6432Node\CLSID\{C6E13360-30AC-11D0-A18C-00A0C9118956}","NAME NOT FOUND","Desired Access: Read"
 "11:26:46.4257667 AM","view-test.exe","24980","RegOpenKey","HKCR\Wow6432Node\CLSID\{C6E13360-30AC-11D0-A18C-00A0C9118956}","SUCCESS","Desired Access: Read"
 "11:26:46.4257763 AM","view-test.exe","24980","RegSetInfoKey","HKCR\Wow6432Node\CLSID\{C6E13360-30AC-11D0-A18C-00A0C9118956}","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.4257816 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{C6E13360-30AC-11D0-A18C-00A0C9118956}","SUCCESS","Query: Name"
 "11:26:46.4257893 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{C6E13360-30AC-11D0-A18C-00A0C9118956}","SUCCESS","Query: HandleTags, HandleTags: 0x401"
 "11:26:46.4258031 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Classes\Wow6432Node\CLSID\{C6E13360-30AC-11D0-A18C-00A0C9118956}\TreatAs","NAME NOT FOUND","Desired Access: Query Value"
 "11:26:46.4258120 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{C6E13360-30AC-11D0-A18C-00A0C9118956}","SUCCESS","Query: HandleTags, HandleTags: 0x401"
 "11:26:46.4258198 AM","view-test.exe","24980","RegOpenKey","HKCR\Wow6432Node\CLSID\{C6E13360-30AC-11D0-A18C-00A0C9118956}\TreatAs","NAME NOT FOUND","Desired Access: Query Value"
 "11:26:46.4258318 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{C6E13360-30AC-11D0-A18C-00A0C9118956}","BUFFER TOO SMALL","Query: Name, Length: 0"
 "11:26:46.4258371 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{C6E13360-30AC-11D0-A18C-00A0C9118956}","SUCCESS","Query: Name"
 "11:26:46.4258449 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{C6E13360-30AC-11D0-A18C-00A0C9118956}","SUCCESS","Query: Name"
 "11:26:46.4258520 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{C6E13360-30AC-11D0-A18C-00A0C9118956}","SUCCESS","Query: HandleTags, HandleTags: 0x401"
 "11:26:46.4258647 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Classes\Wow6432Node\CLSID\{C6E13360-30AC-11D0-A18C-00A0C9118956}\Progid","NAME NOT FOUND","Desired Access: Query Value"
 "11:26:46.4258725 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{C6E13360-30AC-11D0-A18C-00A0C9118956}","SUCCESS","Query: HandleTags, HandleTags: 0x401"
 "11:26:46.4258835 AM","view-test.exe","24980","RegOpenKey","HKCR\Wow6432Node\CLSID\{C6E13360-30AC-11D0-A18C-00A0C9118956}\Progid","NAME NOT FOUND","Desired Access: Query Value"
 "11:26:46.4258948 AM","view-test.exe","24980","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: Name"
 "11:26:46.4259033 AM","view-test.exe","24980","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x1"
 "11:26:46.4259107 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Classes\CLSID\{C6E13360-30AC-11D0-A18C-00A0C9118956}","NAME NOT FOUND","Desired Access: Read"
 "11:26:46.4259185 AM","view-test.exe","24980","RegOpenKey","HKCR\CLSID\{C6E13360-30AC-11D0-A18C-00A0C9118956}","SUCCESS","Desired Access: Read"
 "11:26:46.4259263 AM","view-test.exe","24980","RegSetInfoKey","HKCR\CLSID\{C6E13360-30AC-11D0-A18C-00A0C9118956}","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.4259323 AM","view-test.exe","24980","RegQueryKey","HKCR\CLSID\{C6E13360-30AC-11D0-A18C-00A0C9118956}","SUCCESS","Query: Name"
 "11:26:46.4259426 AM","view-test.exe","24980","RegQueryKey","HKCR\CLSID\{C6E13360-30AC-11D0-A18C-00A0C9118956}","SUCCESS","Query: HandleTags, HandleTags: 0x100"
 "11:26:46.4259543 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Classes\CLSID\{C6E13360-30AC-11D0-A18C-00A0C9118956}\Progid","NAME NOT FOUND","Desired Access: Query Value"
 "11:26:46.4259624 AM","view-test.exe","24980","RegQueryKey","HKCR\CLSID\{C6E13360-30AC-11D0-A18C-00A0C9118956}","SUCCESS","Query: HandleTags, HandleTags: 0x100"
 "11:26:46.4259698 AM","view-test.exe","24980","RegOpenKey","HKCR\CLSID\{C6E13360-30AC-11D0-A18C-00A0C9118956}\Progid","NAME NOT FOUND","Desired Access: Query Value"
 "11:26:46.4259815 AM","view-test.exe","24980","RegCloseKey","HKCR\CLSID\{C6E13360-30AC-11D0-A18C-00A0C9118956}","SUCCESS",""
 "11:26:46.4259872 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{C6E13360-30AC-11D0-A18C-00A0C9118956}","SUCCESS","Query: Name"
 "11:26:46.4259946 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{C6E13360-30AC-11D0-A18C-00A0C9118956}","SUCCESS","Query: HandleTags, HandleTags: 0x401"
 "11:26:46.4260066 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Classes\Wow6432Node\CLSID\{C6E13360-30AC-11D0-A18C-00A0C9118956}","NAME NOT FOUND","Desired Access: Maximum Allowed"
 "11:26:46.4260144 AM","view-test.exe","24980","RegQueryValue","HKCR\Wow6432Node\CLSID\{C6E13360-30AC-11D0-A18C-00A0C9118956}\(Default)","SUCCESS","Type: REG_SZ, Length: 32, Data: IAMVideoProcAmp"
 "11:26:46.4260240 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{C6E13360-30AC-11D0-A18C-00A0C9118956}","SUCCESS","Query: Name"
 "11:26:46.4260311 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{C6E13360-30AC-11D0-A18C-00A0C9118956}","SUCCESS","Query: HandleTags, HandleTags: 0x401"
 "11:26:46.4260449 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Classes\Wow6432Node\CLSID\{C6E13360-30AC-11D0-A18C-00A0C9118956}","NAME NOT FOUND","Desired Access: Maximum Allowed"
 "11:26:46.4260516 AM","view-test.exe","24980","RegQueryValue","HKCR\Wow6432Node\CLSID\{C6E13360-30AC-11D0-A18C-00A0C9118956}\(Default)","SUCCESS","Type: REG_SZ, Length: 32, Data: IAMVideoProcAmp"
 "11:26:46.4260604 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{C6E13360-30AC-11D0-A18C-00A0C9118956}","SUCCESS","Query: Name"
 "11:26:46.4260679 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{C6E13360-30AC-11D0-A18C-00A0C9118956}","SUCCESS","Query: HandleTags, HandleTags: 0x401"
 "11:26:46.4260795 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Classes\Wow6432Node\CLSID\{C6E13360-30AC-11D0-A18C-00A0C9118956}\InprocServer32","NAME NOT FOUND","Desired Access: Read"
 "11:26:46.4260873 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{C6E13360-30AC-11D0-A18C-00A0C9118956}","SUCCESS","Query: HandleTags, HandleTags: 0x401"
 "11:26:46.4260951 AM","view-test.exe","24980","RegOpenKey","HKCR\Wow6432Node\CLSID\{C6E13360-30AC-11D0-A18C-00A0C9118956}\InprocServer32","SUCCESS","Desired Access: Read"
 "11:26:46.4261036 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{C6E13360-30AC-11D0-A18C-00A0C9118956}\InprocServer32","SUCCESS","Query: Name"
 "11:26:46.4261132 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{C6E13360-30AC-11D0-A18C-00A0C9118956}\InprocServer32","SUCCESS","Query: HandleTags, HandleTags: 0x401"
 "11:26:46.4261259 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Classes\Wow6432Node\CLSID\{C6E13360-30AC-11D0-A18C-00A0C9118956}\InprocServer32","NAME NOT FOUND","Desired Access: Maximum Allowed"
 "11:26:46.4261337 AM","view-test.exe","24980","RegQueryValue","HKCR\Wow6432Node\CLSID\{C6E13360-30AC-11D0-A18C-00A0C9118956}\InprocServer32\InprocServer32","NAME NOT FOUND","Length: 144"
 "11:26:46.4261397 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{C6E13360-30AC-11D0-A18C-00A0C9118956}\InprocServer32","SUCCESS","Query: Name"
 "11:26:46.4261478 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{C6E13360-30AC-11D0-A18C-00A0C9118956}\InprocServer32","SUCCESS","Query: HandleTags, HandleTags: 0x401"
 "11:26:46.4261592 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Classes\Wow6432Node\CLSID\{C6E13360-30AC-11D0-A18C-00A0C9118956}\InprocServer32","NAME NOT FOUND","Desired Access: Maximum Allowed"
 "11:26:46.4261662 AM","view-test.exe","24980","RegQueryValue","HKCR\Wow6432Node\CLSID\{C6E13360-30AC-11D0-A18C-00A0C9118956}\InprocServer32\(Default)","SUCCESS","Type: REG_SZ, Length: 64, Data: C:\Windows\SysWOW64\kswdmcap.ax"
 "11:26:46.4261737 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{C6E13360-30AC-11D0-A18C-00A0C9118956}\InprocServer32","SUCCESS","Query: Name"
 "11:26:46.4261811 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{C6E13360-30AC-11D0-A18C-00A0C9118956}\InprocServer32","SUCCESS","Query: HandleTags, HandleTags: 0x401"
 "11:26:46.4261917 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Classes\Wow6432Node\CLSID\{C6E13360-30AC-11D0-A18C-00A0C9118956}\InprocServer32","NAME NOT FOUND","Desired Access: Maximum Allowed"
 "11:26:46.4261981 AM","view-test.exe","24980","RegQueryValue","HKCR\Wow6432Node\CLSID\{C6E13360-30AC-11D0-A18C-00A0C9118956}\InprocServer32\(Default)","SUCCESS","Type: REG_SZ, Length: 64, Data: C:\Windows\SysWOW64\kswdmcap.ax"
 "11:26:46.4262055 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{C6E13360-30AC-11D0-A18C-00A0C9118956}\InprocServer32","SUCCESS","Query: Name"
 "11:26:46.4262130 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{C6E13360-30AC-11D0-A18C-00A0C9118956}\InprocServer32","SUCCESS","Query: HandleTags, HandleTags: 0x401"
 "11:26:46.4262232 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Classes\Wow6432Node\CLSID\{C6E13360-30AC-11D0-A18C-00A0C9118956}\InprocServer32","NAME NOT FOUND","Desired Access: Maximum Allowed"
 "11:26:46.4262296 AM","view-test.exe","24980","RegQueryValue","HKCR\Wow6432Node\CLSID\{C6E13360-30AC-11D0-A18C-00A0C9118956}\InprocServer32\ThreadingModel","SUCCESS","Type: REG_SZ, Length: 10, Data: Both"
 "11:26:46.4262384 AM","view-test.exe","24980","RegCloseKey","HKCR\Wow6432Node\CLSID\{C6E13360-30AC-11D0-A18C-00A0C9118956}\InprocServer32","SUCCESS",""
 "11:26:46.4262438 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{C6E13360-30AC-11D0-A18C-00A0C9118956}","SUCCESS","Query: Name"
 "11:26:46.4262515 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{C6E13360-30AC-11D0-A18C-00A0C9118956}","SUCCESS","Query: HandleTags, HandleTags: 0x401"
 "11:26:46.4262625 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Classes\Wow6432Node\CLSID\{C6E13360-30AC-11D0-A18C-00A0C9118956}\InprocHandler32","NAME NOT FOUND","Desired Access: Query Value"
 "11:26:46.4262699 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{C6E13360-30AC-11D0-A18C-00A0C9118956}","SUCCESS","Query: HandleTags, HandleTags: 0x401"
 "11:26:46.4262788 AM","view-test.exe","24980","RegOpenKey","HKCR\Wow6432Node\CLSID\{C6E13360-30AC-11D0-A18C-00A0C9118956}\InprocHandler32","NAME NOT FOUND","Desired Access: Query Value"
 "11:26:46.4262922 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{C6E13360-30AC-11D0-A18C-00A0C9118956}","SUCCESS","Query: Name"
 "11:26:46.4263018 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{C6E13360-30AC-11D0-A18C-00A0C9118956}","SUCCESS","Query: HandleTags, HandleTags: 0x401"
 "11:26:46.4263135 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Classes\Wow6432Node\CLSID\{C6E13360-30AC-11D0-A18C-00A0C9118956}\InprocHandler","NAME NOT FOUND","Desired Access: Query Value"
 "11:26:46.4263205 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{C6E13360-30AC-11D0-A18C-00A0C9118956}","SUCCESS","Query: HandleTags, HandleTags: 0x401"
 "11:26:46.4263280 AM","view-test.exe","24980","RegOpenKey","HKCR\Wow6432Node\CLSID\{C6E13360-30AC-11D0-A18C-00A0C9118956}\InprocHandler","NAME NOT FOUND","Desired Access: Query Value"
 "11:26:46.4263390 AM","view-test.exe","24980","RegCloseKey","HKCR\Wow6432Node\CLSID\{C6E13360-30AC-11D0-A18C-00A0C9118956}","SUCCESS",""
 "11:26:46.4263637 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Classes","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
 "11:26:46.4263765 AM","view-test.exe","24980","RegSetInfoKey","HKCU\Software\Classes","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.4263874 AM","view-test.exe","24980","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: Name"
 "11:26:46.4264023 AM","view-test.exe","24980","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x1"
 "11:26:46.4264101 AM","view-test.exe","24980","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x1"
 "11:26:46.4264200 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Classes\Wow6432Node\CLSID\{C6E13360-30AC-11D0-A18C-00A0C9118956}","NAME NOT FOUND","Desired Access: Read"
 "11:26:46.4264288 AM","view-test.exe","24980","RegOpenKey","HKCR\Wow6432Node\CLSID\{C6E13360-30AC-11D0-A18C-00A0C9118956}","SUCCESS","Desired Access: Read"
 "11:26:46.4264366 AM","view-test.exe","24980","RegSetInfoKey","HKCR\Wow6432Node\CLSID\{C6E13360-30AC-11D0-A18C-00A0C9118956}","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.4264426 AM","view-test.exe","24980","RegCloseKey","HKCU\Software\Classes","SUCCESS",""
 "11:26:46.4264480 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{C6E13360-30AC-11D0-A18C-00A0C9118956}","SUCCESS","Query: Name"
 "11:26:46.4264554 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{C6E13360-30AC-11D0-A18C-00A0C9118956}","SUCCESS","Query: HandleTags, HandleTags: 0x401"
 "11:26:46.4264685 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Classes\Wow6432Node\CLSID\{C6E13360-30AC-11D0-A18C-00A0C9118956}\TreatAs","NAME NOT FOUND","Desired Access: Read"
 "11:26:46.4264766 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{C6E13360-30AC-11D0-A18C-00A0C9118956}","SUCCESS","Query: HandleTags, HandleTags: 0x401"
 "11:26:46.4264837 AM","view-test.exe","24980","RegOpenKey","HKCR\Wow6432Node\CLSID\{C6E13360-30AC-11D0-A18C-00A0C9118956}\TreatAs","NAME NOT FOUND","Desired Access: Read"
 "11:26:46.4264947 AM","view-test.exe","24980","RegCloseKey","HKCR\Wow6432Node\CLSID\{C6E13360-30AC-11D0-A18C-00A0C9118956}","SUCCESS",""
 "11:26:46.4266401 AM","view-test.exe","24980","CreateFile","C:\Windows\SysWOW64\Kswdmcap.ax","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
 "11:26:46.4267063 AM","view-test.exe","24980","QueryBasicInformationFile","C:\Windows\SysWOW64\Kswdmcap.ax","SUCCESS","CreationTime: 11/21/2010 5:24:15 AM, LastAccessTime: 11/21/2010 5:24:15 AM, LastWriteTime: 11/21/2010 5:24:15 AM, ChangeTime: 12/5/2014 3:15:59 PM, FileAttributes: A"
 "11:26:46.4267169 AM","view-test.exe","24980","CloseFile","C:\Windows\SysWOW64\Kswdmcap.ax","SUCCESS",""
 "11:26:46.4267866 AM","view-test.exe","24980","CreateFile","C:\Windows\SysWOW64\Kswdmcap.ax","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
 "11:26:46.4268472 AM","view-test.exe","24980","CreateFileMapping","C:\Windows\SysWOW64\Kswdmcap.ax","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: "
 "11:26:46.4268825 AM","view-test.exe","24980","CreateFileMapping","C:\Windows\SysWOW64\Kswdmcap.ax","SUCCESS","SyncType: SyncTypeOther"
 "11:26:46.4269685 AM","view-test.exe","24980","Load Image","C:\Windows\SysWOW64\Kswdmcap.ax","SUCCESS","Image Base: 0x72d30000, Image Size: 0x1d000"
 "11:26:46.4269905 AM","view-test.exe","24980","CloseFile","C:\Windows\SysWOW64\Kswdmcap.ax","SUCCESS",""
 "11:26:46.4271604 AM","view-test.exe","24980","CreateFile","C:\Windows\SysWOW64\mfc42.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
 "11:26:46.4272216 AM","view-test.exe","24980","QueryBasicInformationFile","C:\Windows\SysWOW64\mfc42.dll","SUCCESS","CreationTime: 12/5/2014 3:50:16 PM, LastAccessTime: 12/5/2014 3:50:16 PM, LastWriteTime: 12/5/2014 3:50:16 PM, ChangeTime: 12/5/2014 3:52:15 PM, FileAttributes: A"
 "11:26:46.4272318 AM","view-test.exe","24980","CloseFile","C:\Windows\SysWOW64\mfc42.dll","SUCCESS",""
 "11:26:46.4272977 AM","view-test.exe","24980","CreateFile","C:\Windows\SysWOW64\mfc42.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
 "11:26:46.4273561 AM","view-test.exe","24980","CreateFileMapping","C:\Windows\SysWOW64\mfc42.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: "
 "11:26:46.4273932 AM","view-test.exe","24980","CreateFileMapping","C:\Windows\SysWOW64\mfc42.dll","SUCCESS","SyncType: SyncTypeOther"
 "11:26:46.4274764 AM","view-test.exe","24980","Load Image","C:\Windows\SysWOW64\mfc42.dll","SUCCESS","Image Base: 0x6b980000, Image Size: 0x11c000"
 "11:26:46.4274891 AM","view-test.exe","24980","CloseFile","C:\Windows\SysWOW64\mfc42.dll","SUCCESS",""
 "11:26:46.4277181 AM","view-test.exe","24980","CreateFile","C:\Windows\SysWOW64\odbc32.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
 "11:26:46.4277818 AM","view-test.exe","24980","QueryBasicInformationFile","C:\Windows\SysWOW64\odbc32.dll","SUCCESS","CreationTime: 11/21/2010 5:24:01 AM, LastAccessTime: 11/21/2010 5:24:01 AM, LastWriteTime: 11/21/2010 5:24:01 AM, ChangeTime: 12/5/2014 3:16:07 PM, FileAttributes: A"
 "11:26:46.4277949 AM","view-test.exe","24980","CloseFile","C:\Windows\SysWOW64\odbc32.dll","SUCCESS",""
 "11:26:46.4278667 AM","view-test.exe","24980","CreateFile","C:\Windows\SysWOW64\odbc32.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
 "11:26:46.4279357 AM","view-test.exe","24980","CreateFileMapping","C:\Windows\SysWOW64\odbc32.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: "
 "11:26:46.4279821 AM","view-test.exe","24980","CreateFileMapping","C:\Windows\SysWOW64\odbc32.dll","SUCCESS","SyncType: SyncTypeOther"
 "11:26:46.4280508 AM","view-test.exe","24980","Load Image","C:\Windows\SysWOW64\odbc32.dll","SUCCESS","Image Base: 0x72be0000, Image Size: 0x8c000"
 "11:26:46.4280646 AM","view-test.exe","24980","CloseFile","C:\Windows\SysWOW64\odbc32.dll","SUCCESS",""
 "11:26:46.4281764 AM","view-test.exe","24980","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
 "11:26:46.4281898 AM","view-test.exe","24980","RegOpenKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\BidInterface\Loader","NAME NOT FOUND","Desired Access: Read"
 "11:26:46.4284248 AM","view-test.exe","24980","CreateFile","C:\Windows\SysWOW64\odbcint.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
 "11:26:46.4285013 AM","view-test.exe","24980","QueryBasicInformationFile","C:\Windows\SysWOW64\odbcint.dll","SUCCESS","CreationTime: 7/14/2009 2:11:56 AM, LastAccessTime: 7/14/2009 2:11:56 AM, LastWriteTime: 7/14/2009 3:09:14 AM, ChangeTime: 12/5/2014 3:16:07 PM, FileAttributes: A"
 "11:26:46.4285122 AM","view-test.exe","24980","CloseFile","C:\Windows\SysWOW64\odbcint.dll","SUCCESS",""
 "11:26:46.4285791 AM","view-test.exe","24980","CreateFile","C:\Windows\SysWOW64\odbcint.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
 "11:26:46.4286379 AM","view-test.exe","24980","CreateFileMapping","C:\Windows\SysWOW64\odbcint.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: "
 "11:26:46.4286846 AM","view-test.exe","24980","CreateFileMapping","C:\Windows\SysWOW64\odbcint.dll","SUCCESS","SyncType: SyncTypeOther"
 "11:26:46.4287844 AM","view-test.exe","24980","Load Image","C:\Windows\SysWOW64\odbcint.dll","SUCCESS","Image Base: 0x72cf0000, Image Size: 0x38000"
 "11:26:46.4288039 AM","view-test.exe","24980","CloseFile","C:\Windows\SysWOW64\odbcint.dll","SUCCESS",""
 "11:26:46.4288899 AM","view-test.exe","24980","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
 "11:26:46.4289090 AM","view-test.exe","24980","RegOpenKey","HKCU\SOFTWARE\ODBC\ODBC.INI\ODBC","NAME NOT FOUND","Desired Access: Read"
 "11:26:46.4289274 AM","view-test.exe","24980","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
 "11:26:46.4289454 AM","view-test.exe","24980","RegOpenKey","HKLM\SOFTWARE\Wow6432Node\ODBC\ODBC.INI\ODBC","NAME NOT FOUND","Desired Access: Read"
 "11:26:46.4289695 AM","view-test.exe","24980","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
 "11:26:46.4289851 AM","view-test.exe","24980","RegOpenKey","HKCU\SOFTWARE\ODBC\ODBC.INI\ODBC","NAME NOT FOUND","Desired Access: Read"
 "11:26:46.4290003 AM","view-test.exe","24980","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
 "11:26:46.4290166 AM","view-test.exe","24980","RegOpenKey","HKLM\SOFTWARE\Wow6432Node\ODBC\ODBC.INI\ODBC","NAME NOT FOUND","Desired Access: Read"
 "11:26:46.4293450 AM","view-test.exe","24980","CreateFile","C:\Windows\SysWOW64\MFC42LOC.DLL","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
 "11:26:46.4295704 AM","view-test.exe","24980","CreateFile","C:\Windows\SysWOW64\MFC42LOC.DLL.DLL","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
 "11:26:46.4297077 AM","view-test.exe","24980","CreateFile","C:\Windows\System32\MFC42LOC.DLL","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
 "11:26:46.4298454 AM","view-test.exe","24980","CreateFile","C:\Windows\System32\MFC42LOC.DLL.DLL","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
 "11:26:46.4299696 AM","view-test.exe","24980","RegQueryKey","HKLM\System\CurrentControlSet\Control\MediaInterfaces","SUCCESS","Query: HandleTags, HandleTags: 0x400"
 "11:26:46.4299873 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Control\MediaInterfaces\{C6E13370-30AC-11D0-A18C-00A0C9118956}","SUCCESS","Desired Access: Read"
 "11:26:46.4300046 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Control\MediaInterfaces\{C6E13370-30AC-11D0-A18C-00A0C9118956}\iid","SUCCESS","Type: REG_BINARY, Length: 16, Data: 70 33 E1 C6 AC 30 D0 11 A1 8C 00 A0 C9 11 89 56"
 "11:26:46.4300213 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Control\MediaInterfaces\{C6E13370-30AC-11D0-A18C-00A0C9118956}","SUCCESS",""
 "11:26:46.4300514 AM","view-test.exe","24980","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: Name"
 "11:26:46.4300655 AM","view-test.exe","24980","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x1"
 "11:26:46.4300790 AM","view-test.exe","24980","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x1"
 "11:26:46.4300984 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Classes\Wow6432Node\CLSID\{C6E13370-30AC-11D0-A18C-00A0C9118956}","NAME NOT FOUND","Desired Access: Read"
 "11:26:46.4301154 AM","view-test.exe","24980","RegOpenKey","HKCR\Wow6432Node\CLSID\{C6E13370-30AC-11D0-A18C-00A0C9118956}","SUCCESS","Desired Access: Read"
 "11:26:46.4301292 AM","view-test.exe","24980","RegSetInfoKey","HKCR\Wow6432Node\CLSID\{C6E13370-30AC-11D0-A18C-00A0C9118956}","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.4301388 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{C6E13370-30AC-11D0-A18C-00A0C9118956}","SUCCESS","Query: Name"
 "11:26:46.4301533 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{C6E13370-30AC-11D0-A18C-00A0C9118956}","SUCCESS","Query: HandleTags, HandleTags: 0x401"
 "11:26:46.4301749 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Classes\Wow6432Node\CLSID\{C6E13370-30AC-11D0-A18C-00A0C9118956}\TreatAs","NAME NOT FOUND","Desired Access: Query Value"
 "11:26:46.4301873 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{C6E13370-30AC-11D0-A18C-00A0C9118956}","SUCCESS","Query: HandleTags, HandleTags: 0x401"
 "11:26:46.4301982 AM","view-test.exe","24980","RegOpenKey","HKCR\Wow6432Node\CLSID\{C6E13370-30AC-11D0-A18C-00A0C9118956}\TreatAs","NAME NOT FOUND","Desired Access: Query Value"
 "11:26:46.4302152 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{C6E13370-30AC-11D0-A18C-00A0C9118956}","BUFFER TOO SMALL","Query: Name, Length: 0"
 "11:26:46.4302237 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{C6E13370-30AC-11D0-A18C-00A0C9118956}","SUCCESS","Query: Name"
 "11:26:46.4302361 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{C6E13370-30AC-11D0-A18C-00A0C9118956}","SUCCESS","Query: Name"
 "11:26:46.4302471 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{C6E13370-30AC-11D0-A18C-00A0C9118956}","SUCCESS","Query: HandleTags, HandleTags: 0x401"
 "11:26:46.4302665 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Classes\Wow6432Node\CLSID\{C6E13370-30AC-11D0-A18C-00A0C9118956}\Progid","NAME NOT FOUND","Desired Access: Query Value"
 "11:26:46.4302807 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{C6E13370-30AC-11D0-A18C-00A0C9118956}","SUCCESS","Query: HandleTags, HandleTags: 0x401"
 "11:26:46.4302931 AM","view-test.exe","24980","RegOpenKey","HKCR\Wow6432Node\CLSID\{C6E13370-30AC-11D0-A18C-00A0C9118956}\Progid","NAME NOT FOUND","Desired Access: Query Value"
 "11:26:46.4303125 AM","view-test.exe","24980","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: Name"
 "11:26:46.4303451 AM","view-test.exe","24980","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x1"
 "11:26:46.4303600 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Classes\CLSID\{C6E13370-30AC-11D0-A18C-00A0C9118956}","NAME NOT FOUND","Desired Access: Read"
 "11:26:46.4303716 AM","view-test.exe","24980","RegOpenKey","HKCR\CLSID\{C6E13370-30AC-11D0-A18C-00A0C9118956}","SUCCESS","Desired Access: Read"
 "11:26:46.4303812 AM","view-test.exe","24980","RegSetInfoKey","HKCR\CLSID\{C6E13370-30AC-11D0-A18C-00A0C9118956}","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.4303876 AM","view-test.exe","24980","RegQueryKey","HKCR\CLSID\{C6E13370-30AC-11D0-A18C-00A0C9118956}","SUCCESS","Query: Name"
 "11:26:46.4303957 AM","view-test.exe","24980","RegQueryKey","HKCR\CLSID\{C6E13370-30AC-11D0-A18C-00A0C9118956}","SUCCESS","Query: HandleTags, HandleTags: 0x100"
 "11:26:46.4304137 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Classes\CLSID\{C6E13370-30AC-11D0-A18C-00A0C9118956}\Progid","NAME NOT FOUND","Desired Access: Query Value"
 "11:26:46.4304261 AM","view-test.exe","24980","RegQueryKey","HKCR\CLSID\{C6E13370-30AC-11D0-A18C-00A0C9118956}","SUCCESS","Query: HandleTags, HandleTags: 0x100"
 "11:26:46.4304396 AM","view-test.exe","24980","RegOpenKey","HKCR\CLSID\{C6E13370-30AC-11D0-A18C-00A0C9118956}\Progid","NAME NOT FOUND","Desired Access: Query Value"
 "11:26:46.4304583 AM","view-test.exe","24980","RegCloseKey","HKCR\CLSID\{C6E13370-30AC-11D0-A18C-00A0C9118956}","SUCCESS",""
 "11:26:46.4304686 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{C6E13370-30AC-11D0-A18C-00A0C9118956}","SUCCESS","Query: Name"
 "11:26:46.4304813 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{C6E13370-30AC-11D0-A18C-00A0C9118956}","SUCCESS","Query: HandleTags, HandleTags: 0x401"
 "11:26:46.4305022 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Classes\Wow6432Node\CLSID\{C6E13370-30AC-11D0-A18C-00A0C9118956}","NAME NOT FOUND","Desired Access: Maximum Allowed"
 "11:26:46.4305143 AM","view-test.exe","24980","RegQueryValue","HKCR\Wow6432Node\CLSID\{C6E13370-30AC-11D0-A18C-00A0C9118956}\(Default)","SUCCESS","Type: REG_SZ, Length: 34, Data: IAMCameraControl"
 "11:26:46.4305263 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{C6E13370-30AC-11D0-A18C-00A0C9118956}","SUCCESS","Query: Name"
 "11:26:46.4305355 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{C6E13370-30AC-11D0-A18C-00A0C9118956}","SUCCESS","Query: HandleTags, HandleTags: 0x401"
 "11:26:46.4305493 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Classes\Wow6432Node\CLSID\{C6E13370-30AC-11D0-A18C-00A0C9118956}","NAME NOT FOUND","Desired Access: Maximum Allowed"
 "11:26:46.4305564 AM","view-test.exe","24980","RegQueryValue","HKCR\Wow6432Node\CLSID\{C6E13370-30AC-11D0-A18C-00A0C9118956}\(Default)","SUCCESS","Type: REG_SZ, Length: 34, Data: IAMCameraControl"
 "11:26:46.4305656 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{C6E13370-30AC-11D0-A18C-00A0C9118956}","SUCCESS","Query: Name"
 "11:26:46.4305730 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{C6E13370-30AC-11D0-A18C-00A0C9118956}","SUCCESS","Query: HandleTags, HandleTags: 0x401"
 "11:26:46.4305843 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Classes\Wow6432Node\CLSID\{C6E13370-30AC-11D0-A18C-00A0C9118956}\InprocServer32","NAME NOT FOUND","Desired Access: Read"
 "11:26:46.4305928 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{C6E13370-30AC-11D0-A18C-00A0C9118956}","SUCCESS","Query: HandleTags, HandleTags: 0x401"
 "11:26:46.4306006 AM","view-test.exe","24980","RegOpenKey","HKCR\Wow6432Node\CLSID\{C6E13370-30AC-11D0-A18C-00A0C9118956}\InprocServer32","SUCCESS","Desired Access: Read"
 "11:26:46.4306087 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{C6E13370-30AC-11D0-A18C-00A0C9118956}\InprocServer32","SUCCESS","Query: Name"
 "11:26:46.4306176 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{C6E13370-30AC-11D0-A18C-00A0C9118956}\InprocServer32","SUCCESS","Query: HandleTags, HandleTags: 0x401"
 "11:26:46.4306286 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Classes\Wow6432Node\CLSID\{C6E13370-30AC-11D0-A18C-00A0C9118956}\InprocServer32","NAME NOT FOUND","Desired Access: Maximum Allowed"
 "11:26:46.4306353 AM","view-test.exe","24980","RegQueryValue","HKCR\Wow6432Node\CLSID\{C6E13370-30AC-11D0-A18C-00A0C9118956}\InprocServer32\InprocServer32","NAME NOT FOUND","Length: 144"
 "11:26:46.4306409 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{C6E13370-30AC-11D0-A18C-00A0C9118956}\InprocServer32","SUCCESS","Query: Name"
 "11:26:46.4306484 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{C6E13370-30AC-11D0-A18C-00A0C9118956}\InprocServer32","SUCCESS","Query: HandleTags, HandleTags: 0x401"
 "11:26:46.4306590 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Classes\Wow6432Node\CLSID\{C6E13370-30AC-11D0-A18C-00A0C9118956}\InprocServer32","NAME NOT FOUND","Desired Access: Maximum Allowed"
 "11:26:46.4306678 AM","view-test.exe","24980","RegQueryValue","HKCR\Wow6432Node\CLSID\{C6E13370-30AC-11D0-A18C-00A0C9118956}\InprocServer32\(Default)","SUCCESS","Type: REG_SZ, Length: 64, Data: C:\Windows\SysWOW64\kswdmcap.ax"
 "11:26:46.4306802 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{C6E13370-30AC-11D0-A18C-00A0C9118956}\InprocServer32","SUCCESS","Query: Name"
 "11:26:46.4306901 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{C6E13370-30AC-11D0-A18C-00A0C9118956}\InprocServer32","SUCCESS","Query: HandleTags, HandleTags: 0x401"
 "11:26:46.4307018 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Classes\Wow6432Node\CLSID\{C6E13370-30AC-11D0-A18C-00A0C9118956}\InprocServer32","NAME NOT FOUND","Desired Access: Maximum Allowed"
 "11:26:46.4307085 AM","view-test.exe","24980","RegQueryValue","HKCR\Wow6432Node\CLSID\{C6E13370-30AC-11D0-A18C-00A0C9118956}\InprocServer32\(Default)","SUCCESS","Type: REG_SZ, Length: 64, Data: C:\Windows\SysWOW64\kswdmcap.ax"
 "11:26:46.4307163 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{C6E13370-30AC-11D0-A18C-00A0C9118956}\InprocServer32","SUCCESS","Query: Name"
 "11:26:46.4307238 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{C6E13370-30AC-11D0-A18C-00A0C9118956}\InprocServer32","SUCCESS","Query: HandleTags, HandleTags: 0x401"
 "11:26:46.4307351 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Classes\Wow6432Node\CLSID\{C6E13370-30AC-11D0-A18C-00A0C9118956}\InprocServer32","NAME NOT FOUND","Desired Access: Maximum Allowed"
 "11:26:46.4307422 AM","view-test.exe","24980","RegQueryValue","HKCR\Wow6432Node\CLSID\{C6E13370-30AC-11D0-A18C-00A0C9118956}\InprocServer32\ThreadingModel","SUCCESS","Type: REG_SZ, Length: 10, Data: Both"
 "11:26:46.4307517 AM","view-test.exe","24980","RegCloseKey","HKCR\Wow6432Node\CLSID\{C6E13370-30AC-11D0-A18C-00A0C9118956}\InprocServer32","SUCCESS",""
 "11:26:46.4307577 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{C6E13370-30AC-11D0-A18C-00A0C9118956}","SUCCESS","Query: Name"
 "11:26:46.4307652 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{C6E13370-30AC-11D0-A18C-00A0C9118956}","SUCCESS","Query: HandleTags, HandleTags: 0x401"
 "11:26:46.4307772 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Classes\Wow6432Node\CLSID\{C6E13370-30AC-11D0-A18C-00A0C9118956}\InprocHandler32","NAME NOT FOUND","Desired Access: Query Value"
 "11:26:46.4307850 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{C6E13370-30AC-11D0-A18C-00A0C9118956}","SUCCESS","Query: HandleTags, HandleTags: 0x401"
 "11:26:46.4307938 AM","view-test.exe","24980","RegOpenKey","HKCR\Wow6432Node\CLSID\{C6E13370-30AC-11D0-A18C-00A0C9118956}\InprocHandler32","NAME NOT FOUND","Desired Access: Query Value"
 "11:26:46.4308062 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{C6E13370-30AC-11D0-A18C-00A0C9118956}","SUCCESS","Query: Name"
 "11:26:46.4308140 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{C6E13370-30AC-11D0-A18C-00A0C9118956}","SUCCESS","Query: HandleTags, HandleTags: 0x401"
 "11:26:46.4308250 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Classes\Wow6432Node\CLSID\{C6E13370-30AC-11D0-A18C-00A0C9118956}\InprocHandler","NAME NOT FOUND","Desired Access: Query Value"
 "11:26:46.4308321 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{C6E13370-30AC-11D0-A18C-00A0C9118956}","SUCCESS","Query: HandleTags, HandleTags: 0x401"
 "11:26:46.4308395 AM","view-test.exe","24980","RegOpenKey","HKCR\Wow6432Node\CLSID\{C6E13370-30AC-11D0-A18C-00A0C9118956}\InprocHandler","NAME NOT FOUND","Desired Access: Query Value"
 "11:26:46.4308505 AM","view-test.exe","24980","RegCloseKey","HKCR\Wow6432Node\CLSID\{C6E13370-30AC-11D0-A18C-00A0C9118956}","SUCCESS",""
 "11:26:46.4308791 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Classes","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
 "11:26:46.4308873 AM","view-test.exe","24980","RegSetInfoKey","HKCU\Software\Classes","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.4308933 AM","view-test.exe","24980","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: Name"
 "11:26:46.4309014 AM","view-test.exe","24980","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x1"
 "11:26:46.4309085 AM","view-test.exe","24980","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x1"
 "11:26:46.4309177 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Classes\Wow6432Node\CLSID\{C6E13370-30AC-11D0-A18C-00A0C9118956}","NAME NOT FOUND","Desired Access: Read"
 "11:26:46.4309280 AM","view-test.exe","24980","RegOpenKey","HKCR\Wow6432Node\CLSID\{C6E13370-30AC-11D0-A18C-00A0C9118956}","SUCCESS","Desired Access: Read"
 "11:26:46.4309354 AM","view-test.exe","24980","RegSetInfoKey","HKCR\Wow6432Node\CLSID\{C6E13370-30AC-11D0-A18C-00A0C9118956}","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.4309485 AM","view-test.exe","24980","RegCloseKey","HKCU\Software\Classes","SUCCESS",""
 "11:26:46.4309549 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{C6E13370-30AC-11D0-A18C-00A0C9118956}","SUCCESS","Query: Name"
 "11:26:46.4309644 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{C6E13370-30AC-11D0-A18C-00A0C9118956}","SUCCESS","Query: HandleTags, HandleTags: 0x401"
 "11:26:46.4309793 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Classes\Wow6432Node\CLSID\{C6E13370-30AC-11D0-A18C-00A0C9118956}\TreatAs","NAME NOT FOUND","Desired Access: Read"
 "11:26:46.4309881 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{C6E13370-30AC-11D0-A18C-00A0C9118956}","SUCCESS","Query: HandleTags, HandleTags: 0x401"
 "11:26:46.4310058 AM","view-test.exe","24980","RegOpenKey","HKCR\Wow6432Node\CLSID\{C6E13370-30AC-11D0-A18C-00A0C9118956}\TreatAs","NAME NOT FOUND","Desired Access: Read"
 "11:26:46.4310189 AM","view-test.exe","24980","RegCloseKey","HKCR\Wow6432Node\CLSID\{C6E13370-30AC-11D0-A18C-00A0C9118956}","SUCCESS",""
 "11:26:46.4310377 AM","view-test.exe","24980","RegQueryKey","HKLM\System\CurrentControlSet\Control\MediaInterfaces","SUCCESS","Query: HandleTags, HandleTags: 0x400"
 "11:26:46.4310458 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Control\MediaInterfaces\{C6E13344-30AC-11D0-A18C-00A0C9118956}","SUCCESS","Desired Access: Read"
 "11:26:46.4310607 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Control\MediaInterfaces\{C6E13344-30AC-11D0-A18C-00A0C9118956}\iid","SUCCESS","Type: REG_BINARY, Length: 16, Data: 44 33 E1 C6 AC 30 D0 11 A1 8C 00 A0 C9 11 89 56"
 "11:26:46.4310727 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Control\MediaInterfaces\{C6E13344-30AC-11D0-A18C-00A0C9118956}","SUCCESS",""
 "11:26:46.4310946 AM","view-test.exe","24980","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: Name"
 "11:26:46.4311031 AM","view-test.exe","24980","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x1"
 "11:26:46.4311109 AM","view-test.exe","24980","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x1"
 "11:26:46.4311212 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Classes\Wow6432Node\CLSID\{C6E13344-30AC-11D0-A18C-00A0C9118956}","NAME NOT FOUND","Desired Access: Read"
 "11:26:46.4311414 AM","view-test.exe","24980","RegOpenKey","HKCR\Wow6432Node\CLSID\{C6E13344-30AC-11D0-A18C-00A0C9118956}","SUCCESS","Desired Access: Read"
 "11:26:46.4311537 AM","view-test.exe","24980","RegSetInfoKey","HKCR\Wow6432Node\CLSID\{C6E13344-30AC-11D0-A18C-00A0C9118956}","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.4311630 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{C6E13344-30AC-11D0-A18C-00A0C9118956}","SUCCESS","Query: Name"
 "11:26:46.4311760 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{C6E13344-30AC-11D0-A18C-00A0C9118956}","SUCCESS","Query: HandleTags, HandleTags: 0x401"
 "11:26:46.4311898 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Classes\Wow6432Node\CLSID\{C6E13344-30AC-11D0-A18C-00A0C9118956}\TreatAs","NAME NOT FOUND","Desired Access: Query Value"
 "11:26:46.4311980 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{C6E13344-30AC-11D0-A18C-00A0C9118956}","SUCCESS","Query: HandleTags, HandleTags: 0x401"
 "11:26:46.4312061 AM","view-test.exe","24980","RegOpenKey","HKCR\Wow6432Node\CLSID\{C6E13344-30AC-11D0-A18C-00A0C9118956}\TreatAs","NAME NOT FOUND","Desired Access: Query Value"
 "11:26:46.4312178 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{C6E13344-30AC-11D0-A18C-00A0C9118956}","BUFFER TOO SMALL","Query: Name, Length: 0"
 "11:26:46.4312231 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{C6E13344-30AC-11D0-A18C-00A0C9118956}","SUCCESS","Query: Name"
 "11:26:46.4312309 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{C6E13344-30AC-11D0-A18C-00A0C9118956}","SUCCESS","Query: Name"
 "11:26:46.4312380 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{C6E13344-30AC-11D0-A18C-00A0C9118956}","SUCCESS","Query: HandleTags, HandleTags: 0x401"
 "11:26:46.4312493 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Classes\Wow6432Node\CLSID\{C6E13344-30AC-11D0-A18C-00A0C9118956}\Progid","NAME NOT FOUND","Desired Access: Query Value"
 "11:26:46.4312567 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{C6E13344-30AC-11D0-A18C-00A0C9118956}","SUCCESS","Query: HandleTags, HandleTags: 0x401"
 "11:26:46.4312638 AM","view-test.exe","24980","RegOpenKey","HKCR\Wow6432Node\CLSID\{C6E13344-30AC-11D0-A18C-00A0C9118956}\Progid","NAME NOT FOUND","Desired Access: Query Value"
 "11:26:46.4312737 AM","view-test.exe","24980","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: Name"
 "11:26:46.4312819 AM","view-test.exe","24980","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x1"
 "11:26:46.4312893 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Classes\CLSID\{C6E13344-30AC-11D0-A18C-00A0C9118956}","NAME NOT FOUND","Desired Access: Read"
 "11:26:46.4312971 AM","view-test.exe","24980","RegOpenKey","HKCR\CLSID\{C6E13344-30AC-11D0-A18C-00A0C9118956}","SUCCESS","Desired Access: Read"
 "11:26:46.4313045 AM","view-test.exe","24980","RegSetInfoKey","HKCR\CLSID\{C6E13344-30AC-11D0-A18C-00A0C9118956}","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.4313098 AM","view-test.exe","24980","RegQueryKey","HKCR\CLSID\{C6E13344-30AC-11D0-A18C-00A0C9118956}","SUCCESS","Query: Name"
 "11:26:46.4313173 AM","view-test.exe","24980","RegQueryKey","HKCR\CLSID\{C6E13344-30AC-11D0-A18C-00A0C9118956}","SUCCESS","Query: HandleTags, HandleTags: 0x100"
 "11:26:46.4313275 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Classes\CLSID\{C6E13344-30AC-11D0-A18C-00A0C9118956}\Progid","NAME NOT FOUND","Desired Access: Query Value"
 "11:26:46.4313346 AM","view-test.exe","24980","RegQueryKey","HKCR\CLSID\{C6E13344-30AC-11D0-A18C-00A0C9118956}","SUCCESS","Query: HandleTags, HandleTags: 0x100"
 "11:26:46.4313427 AM","view-test.exe","24980","RegOpenKey","HKCR\CLSID\{C6E13344-30AC-11D0-A18C-00A0C9118956}\Progid","NAME NOT FOUND","Desired Access: Query Value"
 "11:26:46.4313526 AM","view-test.exe","24980","RegCloseKey","HKCR\CLSID\{C6E13344-30AC-11D0-A18C-00A0C9118956}","SUCCESS",""
 "11:26:46.4313583 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{C6E13344-30AC-11D0-A18C-00A0C9118956}","SUCCESS","Query: Name"
 "11:26:46.4313703 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{C6E13344-30AC-11D0-A18C-00A0C9118956}","SUCCESS","Query: HandleTags, HandleTags: 0x401"
 "11:26:46.4313820 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Classes\Wow6432Node\CLSID\{C6E13344-30AC-11D0-A18C-00A0C9118956}","NAME NOT FOUND","Desired Access: Maximum Allowed"
 "11:26:46.4313898 AM","view-test.exe","24980","RegQueryValue","HKCR\Wow6432Node\CLSID\{C6E13344-30AC-11D0-A18C-00A0C9118956}\(Default)","SUCCESS","Type: REG_SZ, Length: 34, Data: IAMDroppedFrames"
 "11:26:46.4313986 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{C6E13344-30AC-11D0-A18C-00A0C9118956}","SUCCESS","Query: Name"
 "11:26:46.4314061 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{C6E13344-30AC-11D0-A18C-00A0C9118956}","SUCCESS","Query: HandleTags, HandleTags: 0x401"
 "11:26:46.4314167 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Classes\Wow6432Node\CLSID\{C6E13344-30AC-11D0-A18C-00A0C9118956}","NAME NOT FOUND","Desired Access: Maximum Allowed"
 "11:26:46.4314234 AM","view-test.exe","24980","RegQueryValue","HKCR\Wow6432Node\CLSID\{C6E13344-30AC-11D0-A18C-00A0C9118956}\(Default)","SUCCESS","Type: REG_SZ, Length: 34, Data: IAMDroppedFrames"
 "11:26:46.4314319 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{C6E13344-30AC-11D0-A18C-00A0C9118956}","SUCCESS","Query: Name"
 "11:26:46.4314390 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{C6E13344-30AC-11D0-A18C-00A0C9118956}","SUCCESS","Query: HandleTags, HandleTags: 0x401"
 "11:26:46.4314503 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Classes\Wow6432Node\CLSID\{C6E13344-30AC-11D0-A18C-00A0C9118956}\InprocServer32","NAME NOT FOUND","Desired Access: Read"
 "11:26:46.4314595 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{C6E13344-30AC-11D0-A18C-00A0C9118956}","SUCCESS","Query: HandleTags, HandleTags: 0x401"
 "11:26:46.4314670 AM","view-test.exe","24980","RegOpenKey","HKCR\Wow6432Node\CLSID\{C6E13344-30AC-11D0-A18C-00A0C9118956}\InprocServer32","SUCCESS","Desired Access: Read"
 "11:26:46.4314747 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{C6E13344-30AC-11D0-A18C-00A0C9118956}\InprocServer32","SUCCESS","Query: Name"
 "11:26:46.4314825 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{C6E13344-30AC-11D0-A18C-00A0C9118956}\InprocServer32","SUCCESS","Query: HandleTags, HandleTags: 0x401"
 "11:26:46.4314931 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Classes\Wow6432Node\CLSID\{C6E13344-30AC-11D0-A18C-00A0C9118956}\InprocServer32","NAME NOT FOUND","Desired Access: Maximum Allowed"
 "11:26:46.4315009 AM","view-test.exe","24980","RegQueryValue","HKCR\Wow6432Node\CLSID\{C6E13344-30AC-11D0-A18C-00A0C9118956}\InprocServer32\InprocServer32","NAME NOT FOUND","Length: 144"
 "11:26:46.4315094 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{C6E13344-30AC-11D0-A18C-00A0C9118956}\InprocServer32","SUCCESS","Query: Name"
 "11:26:46.4315193 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{C6E13344-30AC-11D0-A18C-00A0C9118956}\InprocServer32","SUCCESS","Query: HandleTags, HandleTags: 0x401"
 "11:26:46.4315314 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Classes\Wow6432Node\CLSID\{C6E13344-30AC-11D0-A18C-00A0C9118956}\InprocServer32","NAME NOT FOUND","Desired Access: Maximum Allowed"
 "11:26:46.4315445 AM","view-test.exe","24980","RegQueryValue","HKCR\Wow6432Node\CLSID\{C6E13344-30AC-11D0-A18C-00A0C9118956}\InprocServer32\(Default)","SUCCESS","Type: REG_SZ, Length: 64, Data: C:\Windows\SysWOW64\kswdmcap.ax"
 "11:26:46.4315547 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{C6E13344-30AC-11D0-A18C-00A0C9118956}\InprocServer32","SUCCESS","Query: Name"
 "11:26:46.4315621 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{C6E13344-30AC-11D0-A18C-00A0C9118956}\InprocServer32","SUCCESS","Query: HandleTags, HandleTags: 0x401"
 "11:26:46.4315738 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Classes\Wow6432Node\CLSID\{C6E13344-30AC-11D0-A18C-00A0C9118956}\InprocServer32","NAME NOT FOUND","Desired Access: Maximum Allowed"
 "11:26:46.4315813 AM","view-test.exe","24980","RegQueryValue","HKCR\Wow6432Node\CLSID\{C6E13344-30AC-11D0-A18C-00A0C9118956}\InprocServer32\(Default)","SUCCESS","Type: REG_SZ, Length: 64, Data: C:\Windows\SysWOW64\kswdmcap.ax"
 "11:26:46.4315898 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{C6E13344-30AC-11D0-A18C-00A0C9118956}\InprocServer32","SUCCESS","Query: Name"
 "11:26:46.4315975 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{C6E13344-30AC-11D0-A18C-00A0C9118956}\InprocServer32","SUCCESS","Query: HandleTags, HandleTags: 0x401"
 "11:26:46.4316085 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Classes\Wow6432Node\CLSID\{C6E13344-30AC-11D0-A18C-00A0C9118956}\InprocServer32","NAME NOT FOUND","Desired Access: Maximum Allowed"
 "11:26:46.4316152 AM","view-test.exe","24980","RegQueryValue","HKCR\Wow6432Node\CLSID\{C6E13344-30AC-11D0-A18C-00A0C9118956}\InprocServer32\ThreadingModel","SUCCESS","Type: REG_SZ, Length: 10, Data: Both"
 "11:26:46.4316241 AM","view-test.exe","24980","RegCloseKey","HKCR\Wow6432Node\CLSID\{C6E13344-30AC-11D0-A18C-00A0C9118956}\InprocServer32","SUCCESS",""
 "11:26:46.4316297 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{C6E13344-30AC-11D0-A18C-00A0C9118956}","SUCCESS","Query: Name"
 "11:26:46.4316372 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{C6E13344-30AC-11D0-A18C-00A0C9118956}","SUCCESS","Query: HandleTags, HandleTags: 0x401"
 "11:26:46.4316481 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Classes\Wow6432Node\CLSID\{C6E13344-30AC-11D0-A18C-00A0C9118956}\InprocHandler32","NAME NOT FOUND","Desired Access: Query Value"
 "11:26:46.4316559 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{C6E13344-30AC-11D0-A18C-00A0C9118956}","SUCCESS","Query: HandleTags, HandleTags: 0x401"
 "11:26:46.4316634 AM","view-test.exe","24980","RegOpenKey","HKCR\Wow6432Node\CLSID\{C6E13344-30AC-11D0-A18C-00A0C9118956}\InprocHandler32","NAME NOT FOUND","Desired Access: Query Value"
 "11:26:46.4316736 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{C6E13344-30AC-11D0-A18C-00A0C9118956}","SUCCESS","Query: Name"
 "11:26:46.4316811 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{C6E13344-30AC-11D0-A18C-00A0C9118956}","SUCCESS","Query: HandleTags, HandleTags: 0x401"
 "11:26:46.4316917 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Classes\Wow6432Node\CLSID\{C6E13344-30AC-11D0-A18C-00A0C9118956}\InprocHandler","NAME NOT FOUND","Desired Access: Query Value"
 "11:26:46.4316988 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{C6E13344-30AC-11D0-A18C-00A0C9118956}","SUCCESS","Query: HandleTags, HandleTags: 0x401"
 "11:26:46.4317062 AM","view-test.exe","24980","RegOpenKey","HKCR\Wow6432Node\CLSID\{C6E13344-30AC-11D0-A18C-00A0C9118956}\InprocHandler","NAME NOT FOUND","Desired Access: Query Value"
 "11:26:46.4317161 AM","view-test.exe","24980","RegCloseKey","HKCR\Wow6432Node\CLSID\{C6E13344-30AC-11D0-A18C-00A0C9118956}","SUCCESS",""
 "11:26:46.4317412 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Classes","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
 "11:26:46.4317490 AM","view-test.exe","24980","RegSetInfoKey","HKCU\Software\Classes","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.4317550 AM","view-test.exe","24980","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: Name"
 "11:26:46.4317628 AM","view-test.exe","24980","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x1"
 "11:26:46.4317717 AM","view-test.exe","24980","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x1"
 "11:26:46.4317809 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Classes\Wow6432Node\CLSID\{C6E13344-30AC-11D0-A18C-00A0C9118956}","NAME NOT FOUND","Desired Access: Read"
 "11:26:46.4317929 AM","view-test.exe","24980","RegOpenKey","HKCR\Wow6432Node\CLSID\{C6E13344-30AC-11D0-A18C-00A0C9118956}","SUCCESS","Desired Access: Read"
 "11:26:46.4318000 AM","view-test.exe","24980","RegSetInfoKey","HKCR\Wow6432Node\CLSID\{C6E13344-30AC-11D0-A18C-00A0C9118956}","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.4318063 AM","view-test.exe","24980","RegCloseKey","HKCU\Software\Classes","SUCCESS",""
 "11:26:46.4318116 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{C6E13344-30AC-11D0-A18C-00A0C9118956}","SUCCESS","Query: Name"
 "11:26:46.4318191 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{C6E13344-30AC-11D0-A18C-00A0C9118956}","SUCCESS","Query: HandleTags, HandleTags: 0x401"
 "11:26:46.4318311 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Classes\Wow6432Node\CLSID\{C6E13344-30AC-11D0-A18C-00A0C9118956}\TreatAs","NAME NOT FOUND","Desired Access: Read"
 "11:26:46.4318431 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{C6E13344-30AC-11D0-A18C-00A0C9118956}","SUCCESS","Query: HandleTags, HandleTags: 0x401"
 "11:26:46.4318516 AM","view-test.exe","24980","RegOpenKey","HKCR\Wow6432Node\CLSID\{C6E13344-30AC-11D0-A18C-00A0C9118956}\TreatAs","NAME NOT FOUND","Desired Access: Read"
 "11:26:46.4318633 AM","view-test.exe","24980","RegCloseKey","HKCR\Wow6432Node\CLSID\{C6E13344-30AC-11D0-A18C-00A0C9118956}","SUCCESS",""
 "11:26:46.4318800 AM","view-test.exe","24980","RegQueryKey","HKLM\System\CurrentControlSet\Control\MediaInterfaces","SUCCESS","Query: HandleTags, HandleTags: 0x400"
 "11:26:46.4318874 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Control\MediaInterfaces\{6A2E0670-28E4-11D0-A18C-00A0C9118956}","SUCCESS","Desired Access: Read"
 "11:26:46.4318962 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Control\MediaInterfaces\{6A2E0670-28E4-11D0-A18C-00A0C9118956}\iid","SUCCESS","Type: REG_BINARY, Length: 16, Data: 70 06 2E 6A E4 28 D0 11 A1 8C 00 A0 C9 11 89 56"
 "11:26:46.4319047 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Control\MediaInterfaces\{6A2E0670-28E4-11D0-A18C-00A0C9118956}","SUCCESS",""
 "11:26:46.4319235 AM","view-test.exe","24980","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: Name"
 "11:26:46.4319313 AM","view-test.exe","24980","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x1"
 "11:26:46.4319383 AM","view-test.exe","24980","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x1"
 "11:26:46.4319479 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Classes\Wow6432Node\CLSID\{6A2E0670-28E4-11D0-A18C-00A0C9118956}","NAME NOT FOUND","Desired Access: Read"
 "11:26:46.4319575 AM","view-test.exe","24980","RegOpenKey","HKCR\Wow6432Node\CLSID\{6A2E0670-28E4-11D0-A18C-00A0C9118956}","SUCCESS","Desired Access: Read"
 "11:26:46.4319659 AM","view-test.exe","24980","RegSetInfoKey","HKCR\Wow6432Node\CLSID\{6A2E0670-28E4-11D0-A18C-00A0C9118956}","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.4319709 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{6A2E0670-28E4-11D0-A18C-00A0C9118956}","SUCCESS","Query: Name"
 "11:26:46.4319787 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{6A2E0670-28E4-11D0-A18C-00A0C9118956}","SUCCESS","Query: HandleTags, HandleTags: 0x401"
 "11:26:46.4319904 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Classes\Wow6432Node\CLSID\{6A2E0670-28E4-11D0-A18C-00A0C9118956}\TreatAs","NAME NOT FOUND","Desired Access: Query Value"
 "11:26:46.4319982 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{6A2E0670-28E4-11D0-A18C-00A0C9118956}","SUCCESS","Query: HandleTags, HandleTags: 0x401"
 "11:26:46.4320084 AM","view-test.exe","24980","RegOpenKey","HKCR\Wow6432Node\CLSID\{6A2E0670-28E4-11D0-A18C-00A0C9118956}\TreatAs","NAME NOT FOUND","Desired Access: Query Value"
 "11:26:46.4320190 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{6A2E0670-28E4-11D0-A18C-00A0C9118956}","BUFFER TOO SMALL","Query: Name, Length: 0"
 "11:26:46.4320247 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{6A2E0670-28E4-11D0-A18C-00A0C9118956}","SUCCESS","Query: Name"
 "11:26:46.4320328 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{6A2E0670-28E4-11D0-A18C-00A0C9118956}","SUCCESS","Query: Name"
 "11:26:46.4320403 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{6A2E0670-28E4-11D0-A18C-00A0C9118956}","SUCCESS","Query: HandleTags, HandleTags: 0x401"
 "11:26:46.4320519 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Classes\Wow6432Node\CLSID\{6A2E0670-28E4-11D0-A18C-00A0C9118956}\Progid","NAME NOT FOUND","Desired Access: Query Value"
 "11:26:46.4320590 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{6A2E0670-28E4-11D0-A18C-00A0C9118956}","SUCCESS","Query: HandleTags, HandleTags: 0x401"
 "11:26:46.4320665 AM","view-test.exe","24980","RegOpenKey","HKCR\Wow6432Node\CLSID\{6A2E0670-28E4-11D0-A18C-00A0C9118956}\Progid","NAME NOT FOUND","Desired Access: Query Value"
 "11:26:46.4320764 AM","view-test.exe","24980","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: Name"
 "11:26:46.4320845 AM","view-test.exe","24980","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x1"
 "11:26:46.4320916 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Classes\CLSID\{6A2E0670-28E4-11D0-A18C-00A0C9118956}","NAME NOT FOUND","Desired Access: Read"
 "11:26:46.4320987 AM","view-test.exe","24980","RegOpenKey","HKCR\CLSID\{6A2E0670-28E4-11D0-A18C-00A0C9118956}","SUCCESS","Desired Access: Read"
 "11:26:46.4321061 AM","view-test.exe","24980","RegSetInfoKey","HKCR\CLSID\{6A2E0670-28E4-11D0-A18C-00A0C9118956}","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.4321110 AM","view-test.exe","24980","RegQueryKey","HKCR\CLSID\{6A2E0670-28E4-11D0-A18C-00A0C9118956}","SUCCESS","Query: Name"
 "11:26:46.4321181 AM","view-test.exe","24980","RegQueryKey","HKCR\CLSID\{6A2E0670-28E4-11D0-A18C-00A0C9118956}","SUCCESS","Query: HandleTags, HandleTags: 0x100"
 "11:26:46.4321284 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Classes\CLSID\{6A2E0670-28E4-11D0-A18C-00A0C9118956}\Progid","NAME NOT FOUND","Desired Access: Query Value"
 "11:26:46.4321355 AM","view-test.exe","24980","RegQueryKey","HKCR\CLSID\{6A2E0670-28E4-11D0-A18C-00A0C9118956}","SUCCESS","Query: HandleTags, HandleTags: 0x100"
 "11:26:46.4321429 AM","view-test.exe","24980","RegOpenKey","HKCR\CLSID\{6A2E0670-28E4-11D0-A18C-00A0C9118956}\Progid","NAME NOT FOUND","Desired Access: Query Value"
 "11:26:46.4321528 AM","view-test.exe","24980","RegCloseKey","HKCR\CLSID\{6A2E0670-28E4-11D0-A18C-00A0C9118956}","SUCCESS",""
 "11:26:46.4321581 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{6A2E0670-28E4-11D0-A18C-00A0C9118956}","SUCCESS","Query: Name"
 "11:26:46.4321655 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{6A2E0670-28E4-11D0-A18C-00A0C9118956}","SUCCESS","Query: HandleTags, HandleTags: 0x401"
 "11:26:46.4321765 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Classes\Wow6432Node\CLSID\{6A2E0670-28E4-11D0-A18C-00A0C9118956}","NAME NOT FOUND","Desired Access: Maximum Allowed"
 "11:26:46.4321836 AM","view-test.exe","24980","RegQueryValue","HKCR\Wow6432Node\CLSID\{6A2E0670-28E4-11D0-A18C-00A0C9118956}\(Default)","SUCCESS","Type: REG_SZ, Length: 32, Data: IAMVideoControl"
 "11:26:46.4321917 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{6A2E0670-28E4-11D0-A18C-00A0C9118956}","SUCCESS","Query: Name"
 "11:26:46.4321999 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{6A2E0670-28E4-11D0-A18C-00A0C9118956}","SUCCESS","Query: HandleTags, HandleTags: 0x401"
 "11:26:46.4322116 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Classes\Wow6432Node\CLSID\{6A2E0670-28E4-11D0-A18C-00A0C9118956}","NAME NOT FOUND","Desired Access: Maximum Allowed"
 "11:26:46.4322186 AM","view-test.exe","24980","RegQueryValue","HKCR\Wow6432Node\CLSID\{6A2E0670-28E4-11D0-A18C-00A0C9118956}\(Default)","SUCCESS","Type: REG_SZ, Length: 32, Data: IAMVideoControl"
 "11:26:46.4322268 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{6A2E0670-28E4-11D0-A18C-00A0C9118956}","SUCCESS","Query: Name"
 "11:26:46.4322342 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{6A2E0670-28E4-11D0-A18C-00A0C9118956}","SUCCESS","Query: HandleTags, HandleTags: 0x401"
 "11:26:46.4322448 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Classes\Wow6432Node\CLSID\{6A2E0670-28E4-11D0-A18C-00A0C9118956}\InprocServer32","NAME NOT FOUND","Desired Access: Read"
 "11:26:46.4322519 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{6A2E0670-28E4-11D0-A18C-00A0C9118956}","SUCCESS","Query: HandleTags, HandleTags: 0x401"
 "11:26:46.4322604 AM","view-test.exe","24980","RegOpenKey","HKCR\Wow6432Node\CLSID\{6A2E0670-28E4-11D0-A18C-00A0C9118956}\InprocServer32","SUCCESS","Desired Access: Read"
 "11:26:46.4322675 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{6A2E0670-28E4-11D0-A18C-00A0C9118956}\InprocServer32","SUCCESS","Query: Name"
 "11:26:46.4322753 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{6A2E0670-28E4-11D0-A18C-00A0C9118956}\InprocServer32","SUCCESS","Query: HandleTags, HandleTags: 0x401"
 "11:26:46.4322866 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Classes\Wow6432Node\CLSID\{6A2E0670-28E4-11D0-A18C-00A0C9118956}\InprocServer32","NAME NOT FOUND","Desired Access: Maximum Allowed"
 "11:26:46.4322933 AM","view-test.exe","24980","RegQueryValue","HKCR\Wow6432Node\CLSID\{6A2E0670-28E4-11D0-A18C-00A0C9118956}\InprocServer32\InprocServer32","NAME NOT FOUND","Length: 144"
 "11:26:46.4322990 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{6A2E0670-28E4-11D0-A18C-00A0C9118956}\InprocServer32","SUCCESS","Query: Name"
 "11:26:46.4323064 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{6A2E0670-28E4-11D0-A18C-00A0C9118956}\InprocServer32","SUCCESS","Query: HandleTags, HandleTags: 0x401"
 "11:26:46.4323177 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Classes\Wow6432Node\CLSID\{6A2E0670-28E4-11D0-A18C-00A0C9118956}\InprocServer32","NAME NOT FOUND","Desired Access: Maximum Allowed"
 "11:26:46.4323248 AM","view-test.exe","24980","RegQueryValue","HKCR\Wow6432Node\CLSID\{6A2E0670-28E4-11D0-A18C-00A0C9118956}\InprocServer32\(Default)","SUCCESS","Type: REG_SZ, Length: 64, Data: C:\Windows\SysWOW64\kswdmcap.ax"
 "11:26:46.4323336 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{6A2E0670-28E4-11D0-A18C-00A0C9118956}\InprocServer32","SUCCESS","Query: Name"
 "11:26:46.4323414 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{6A2E0670-28E4-11D0-A18C-00A0C9118956}\InprocServer32","SUCCESS","Query: HandleTags, HandleTags: 0x401"
 "11:26:46.4323531 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Classes\Wow6432Node\CLSID\{6A2E0670-28E4-11D0-A18C-00A0C9118956}\InprocServer32","NAME NOT FOUND","Desired Access: Maximum Allowed"
 "11:26:46.4323620 AM","view-test.exe","24980","RegQueryValue","HKCR\Wow6432Node\CLSID\{6A2E0670-28E4-11D0-A18C-00A0C9118956}\InprocServer32\(Default)","SUCCESS","Type: REG_SZ, Length: 64, Data: C:\Windows\SysWOW64\kswdmcap.ax"
 "11:26:46.4323733 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{6A2E0670-28E4-11D0-A18C-00A0C9118956}\InprocServer32","SUCCESS","Query: Name"
 "11:26:46.4323818 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{6A2E0670-28E4-11D0-A18C-00A0C9118956}\InprocServer32","SUCCESS","Query: HandleTags, HandleTags: 0x401"
 "11:26:46.4323931 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Classes\Wow6432Node\CLSID\{6A2E0670-28E4-11D0-A18C-00A0C9118956}\InprocServer32","NAME NOT FOUND","Desired Access: Maximum Allowed"
 "11:26:46.4323995 AM","view-test.exe","24980","RegQueryValue","HKCR\Wow6432Node\CLSID\{6A2E0670-28E4-11D0-A18C-00A0C9118956}\InprocServer32\ThreadingModel","SUCCESS","Type: REG_SZ, Length: 10, Data: Both"
 "11:26:46.4324094 AM","view-test.exe","24980","RegCloseKey","HKCR\Wow6432Node\CLSID\{6A2E0670-28E4-11D0-A18C-00A0C9118956}\InprocServer32","SUCCESS",""
 "11:26:46.4324147 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{6A2E0670-28E4-11D0-A18C-00A0C9118956}","SUCCESS","Query: Name"
 "11:26:46.4324221 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{6A2E0670-28E4-11D0-A18C-00A0C9118956}","SUCCESS","Query: HandleTags, HandleTags: 0x401"
 "11:26:46.4324327 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Classes\Wow6432Node\CLSID\{6A2E0670-28E4-11D0-A18C-00A0C9118956}\InprocHandler32","NAME NOT FOUND","Desired Access: Query Value"
 "11:26:46.4324398 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{6A2E0670-28E4-11D0-A18C-00A0C9118956}","SUCCESS","Query: HandleTags, HandleTags: 0x401"
 "11:26:46.4324483 AM","view-test.exe","24980","RegOpenKey","HKCR\Wow6432Node\CLSID\{6A2E0670-28E4-11D0-A18C-00A0C9118956}\InprocHandler32","NAME NOT FOUND","Desired Access: Query Value"
 "11:26:46.4324579 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{6A2E0670-28E4-11D0-A18C-00A0C9118956}","SUCCESS","Query: Name"
 "11:26:46.4324653 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{6A2E0670-28E4-11D0-A18C-00A0C9118956}","SUCCESS","Query: HandleTags, HandleTags: 0x401"
 "11:26:46.4324763 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Classes\Wow6432Node\CLSID\{6A2E0670-28E4-11D0-A18C-00A0C9118956}\InprocHandler","NAME NOT FOUND","Desired Access: Query Value"
 "11:26:46.4324841 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{6A2E0670-28E4-11D0-A18C-00A0C9118956}","SUCCESS","Query: HandleTags, HandleTags: 0x401"
 "11:26:46.4324943 AM","view-test.exe","24980","RegOpenKey","HKCR\Wow6432Node\CLSID\{6A2E0670-28E4-11D0-A18C-00A0C9118956}\InprocHandler","NAME NOT FOUND","Desired Access: Query Value"
 "11:26:46.4325120 AM","view-test.exe","24980","RegCloseKey","HKCR\Wow6432Node\CLSID\{6A2E0670-28E4-11D0-A18C-00A0C9118956}","SUCCESS",""
 "11:26:46.4325378 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Classes","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
 "11:26:46.4325467 AM","view-test.exe","24980","RegSetInfoKey","HKCU\Software\Classes","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.4325531 AM","view-test.exe","24980","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: Name"
 "11:26:46.4325623 AM","view-test.exe","24980","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x1"
 "11:26:46.4325729 AM","view-test.exe","24980","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x1"
 "11:26:46.4325824 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Classes\Wow6432Node\CLSID\{6A2E0670-28E4-11D0-A18C-00A0C9118956}","NAME NOT FOUND","Desired Access: Read"
 "11:26:46.4325927 AM","view-test.exe","24980","RegOpenKey","HKCR\Wow6432Node\CLSID\{6A2E0670-28E4-11D0-A18C-00A0C9118956}","SUCCESS","Desired Access: Read"
 "11:26:46.4326005 AM","view-test.exe","24980","RegSetInfoKey","HKCR\Wow6432Node\CLSID\{6A2E0670-28E4-11D0-A18C-00A0C9118956}","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.4326065 AM","view-test.exe","24980","RegCloseKey","HKCU\Software\Classes","SUCCESS",""
 "11:26:46.4326115 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{6A2E0670-28E4-11D0-A18C-00A0C9118956}","SUCCESS","Query: Name"
 "11:26:46.4326189 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{6A2E0670-28E4-11D0-A18C-00A0C9118956}","SUCCESS","Query: HandleTags, HandleTags: 0x401"
 "11:26:46.4326302 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Classes\Wow6432Node\CLSID\{6A2E0670-28E4-11D0-A18C-00A0C9118956}\TreatAs","NAME NOT FOUND","Desired Access: Read"
 "11:26:46.4326373 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{6A2E0670-28E4-11D0-A18C-00A0C9118956}","SUCCESS","Query: HandleTags, HandleTags: 0x401"
 "11:26:46.4326444 AM","view-test.exe","24980","RegOpenKey","HKCR\Wow6432Node\CLSID\{6A2E0670-28E4-11D0-A18C-00A0C9118956}\TreatAs","NAME NOT FOUND","Desired Access: Read"
 "11:26:46.4326546 AM","view-test.exe","24980","RegCloseKey","HKCR\Wow6432Node\CLSID\{6A2E0670-28E4-11D0-A18C-00A0C9118956}","SUCCESS",""
 "11:26:46.4326670 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Control\MediaInterfaces","SUCCESS",""
 "11:26:46.4327049 AM","view-test.exe","24980","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Control\MediaCategories\{3ebc7959-3310-493b-aa81-c7e132d56f71}","REPARSE","Desired Access: Read"
 "11:26:46.4327183 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Control\MediaCategories\{3ebc7959-3310-493b-aa81-c7e132d56f71}","NAME NOT FOUND","Desired Access: Read"
 "11:26:46.4327403 AM","view-test.exe","24980","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Control\MediaCategories\{dff229e6-f70f-11d0-b917-00a0c9223196}","REPARSE","Desired Access: Read"
 "11:26:46.4327523 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Control\MediaCategories\{dff229e6-f70f-11d0-b917-00a0c9223196}","SUCCESS","Desired Access: Read"
 "11:26:46.4327636 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Control\MediaCategories\{DFF229E6-F70F-11D0-B917-00A0C9223196}\Name","BUFFER OVERFLOW","Length: 16"
 "11:26:46.4327750 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Control\MediaCategories\{DFF229E6-F70F-11D0-B917-00A0C9223196}","SUCCESS",""
 "11:26:46.4327902 AM","view-test.exe","24980","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Control\MediaCategories\{dff229e6-f70f-11d0-b917-00a0c9223196}","REPARSE","Desired Access: Read"
 "11:26:46.4327990 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Control\MediaCategories\{dff229e6-f70f-11d0-b917-00a0c9223196}","SUCCESS","Desired Access: Read"
 "11:26:46.4328093 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Control\MediaCategories\{DFF229E6-F70F-11D0-B917-00A0C9223196}\Name","BUFFER OVERFLOW","Length: 16"
 "11:26:46.4328171 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Control\MediaCategories\{DFF229E6-F70F-11D0-B917-00A0C9223196}\Name","SUCCESS","Type: REG_SZ, Length: 44, Data: Video Camera Terminal"
 "11:26:46.4328280 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Control\MediaCategories\{DFF229E6-F70F-11D0-B917-00A0C9223196}","SUCCESS",""
 "11:26:46.4328482 AM","view-test.exe","24980","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{65E8773D-8F56-11D0-A3B9-00A0C9223196}\##?#USB#VID_0C45&PID_64D0&MI_00#7&C511DA5&0&0000#{65e8773d-8f56-11d0-a3b9-00a0c9223196}\#GLOBAL\Device Parameters","SUCCESS","Query: HandleTags, HandleTags: 0x400"
 "11:26:46.4328687 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{65E8773D-8F56-11D0-A3B9-00A0C9223196}\##?#USB#VID_0C45&PID_64D0&MI_00#7&C511DA5&0&0000#{65e8773d-8f56-11d0-a3b9-00a0c9223196}\#GLOBAL\Device Parameters\PinFactory\1\Interfaces","NAME NOT FOUND","Desired Access: Read"
 "11:26:46.4329077 AM","view-test.exe","24980","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Control\MediaCategories\{fb6c4281-0353-11d1-905f-0000c0cc16ba}","REPARSE","Desired Access: Read"
 "11:26:46.4329247 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Control\MediaCategories\{fb6c4281-0353-11d1-905f-0000c0cc16ba}","SUCCESS","Desired Access: Read"
 "11:26:46.4329381 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Control\MediaCategories\{FB6C4281-0353-11d1-905F-0000C0CC16BA}\Name","BUFFER OVERFLOW","Length: 16"
 "11:26:46.4329555 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Control\MediaCategories\{FB6C4281-0353-11d1-905F-0000C0CC16BA}","SUCCESS",""
 "11:26:46.4329781 AM","view-test.exe","24980","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Control\MediaCategories\{fb6c4281-0353-11d1-905f-0000c0cc16ba}","REPARSE","Desired Access: Read"
 "11:26:46.4329976 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Control\MediaCategories\{fb6c4281-0353-11d1-905f-0000c0cc16ba}","SUCCESS","Desired Access: Read"
 "11:26:46.4330131 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Control\MediaCategories\{FB6C4281-0353-11d1-905F-0000C0CC16BA}\Name","BUFFER OVERFLOW","Length: 16"
 "11:26:46.4330223 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Control\MediaCategories\{FB6C4281-0353-11d1-905F-0000C0CC16BA}\Name","SUCCESS","Type: REG_SZ, Length: 16, Data: Capture"
 "11:26:46.4330361 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Control\MediaCategories\{FB6C4281-0353-11d1-905F-0000C0CC16BA}","SUCCESS",""
 "11:26:46.4330464 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Control\DeviceClasses\{65E8773D-8F56-11D0-A3B9-00A0C9223196}\##?#USB#VID_0C45&PID_64D0&MI_00#7&C511DA5&0&0000#{65e8773d-8f56-11d0-a3b9-00a0c9223196}\#GLOBAL\Device Parameters\CustomVidProcHandler","NAME NOT FOUND","Length: 144"
 "11:26:46.4330666 AM","view-test.exe","24980","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{65E8773D-8F56-11D0-A3B9-00A0C9223196}\##?#USB#VID_0C45&PID_64D0&MI_00#7&C511DA5&0&0000#{65e8773d-8f56-11d0-a3b9-00a0c9223196}\#GLOBAL\Device Parameters","SUCCESS","Query: HandleTags, HandleTags: 0x400"
 "11:26:46.4330772 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{65E8773D-8F56-11D0-A3B9-00A0C9223196}\##?#USB#VID_0C45&PID_64D0&MI_00#7&C511DA5&0&0000#{65e8773d-8f56-11d0-a3b9-00a0c9223196}\#GLOBAL\Device Parameters\PinFactory\0\Interfaces","NAME NOT FOUND","Desired Access: Read"
 "11:26:46.4331133 AM","view-test.exe","24980","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: Name"
 "11:26:46.4331225 AM","view-test.exe","24980","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x1"
 "11:26:46.4331303 AM","view-test.exe","24980","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x1"
 "11:26:46.4331412 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Classes\Wow6432Node\Interface\{97EBAACB-95BD-11D0-A3EA-00A0C9223196}\Distributor","NAME NOT FOUND","Desired Access: Read"
 "11:26:46.4331529 AM","view-test.exe","24980","RegOpenKey","HKCR\Wow6432Node\Interface\{97EBAACB-95BD-11D0-A3EA-00A0C9223196}\Distributor","SUCCESS","Desired Access: Read"
 "11:26:46.4331635 AM","view-test.exe","24980","RegSetInfoKey","HKCR\Wow6432Node\Interface\{97EBAACB-95BD-11D0-A3EA-00A0C9223196}\Distributor","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.4331699 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\Interface\{97EBAACB-95BD-11D0-A3EA-00A0C9223196}\Distributor","SUCCESS","Query: Name"
 "11:26:46.4331784 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\Interface\{97EBAACB-95BD-11D0-A3EA-00A0C9223196}\Distributor","SUCCESS","Query: HandleTags, HandleTags: 0x401"
 "11:26:46.4331922 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Classes\Wow6432Node\Interface\{97EBAACB-95BD-11D0-A3EA-00A0C9223196}\Distributor","NAME NOT FOUND","Desired Access: Maximum Allowed"
 "11:26:46.4332003 AM","view-test.exe","24980","RegQueryValue","HKCR\Wow6432Node\Interface\{97EBAACB-95BD-11D0-A3EA-00A0C9223196}\Distributor\(Default)","SUCCESS","Type: REG_SZ, Length: 78, Data: {E05592E4-C0B5-11D0-A439-00A0C9223196}"
 "11:26:46.4332092 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\Interface\{97EBAACB-95BD-11D0-A3EA-00A0C9223196}\Distributor","SUCCESS","Query: Name"
 "11:26:46.4332166 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\Interface\{97EBAACB-95BD-11D0-A3EA-00A0C9223196}\Distributor","SUCCESS","Query: HandleTags, HandleTags: 0x401"
 "11:26:46.4332283 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Classes\Wow6432Node\Interface\{97EBAACB-95BD-11D0-A3EA-00A0C9223196}\Distributor","NAME NOT FOUND","Desired Access: Maximum Allowed"
 "11:26:46.4332350 AM","view-test.exe","24980","RegQueryValue","HKCR\Wow6432Node\Interface\{97EBAACB-95BD-11D0-A3EA-00A0C9223196}\Distributor\(Default)","SUCCESS","Type: REG_SZ, Length: 78, Data: {E05592E4-C0B5-11D0-A439-00A0C9223196}"
 "11:26:46.4332439 AM","view-test.exe","24980","RegCloseKey","HKCR\Wow6432Node\Interface\{97EBAACB-95BD-11D0-A3EA-00A0C9223196}\Distributor","SUCCESS",""
 "11:26:46.4332648 AM","view-test.exe","24980","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: Name"
 "11:26:46.4332729 AM","view-test.exe","24980","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x1"
 "11:26:46.4332803 AM","view-test.exe","24980","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x1"
 "11:26:46.4332906 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Classes\Wow6432Node\CLSID\{E05592E4-C0B5-11D0-A439-00A0C9223196}","NAME NOT FOUND","Desired Access: Read"
 "11:26:46.4333001 AM","view-test.exe","24980","RegOpenKey","HKCR\Wow6432Node\CLSID\{E05592E4-C0B5-11D0-A439-00A0C9223196}","SUCCESS","Desired Access: Read"
 "11:26:46.4333086 AM","view-test.exe","24980","RegSetInfoKey","HKCR\Wow6432Node\CLSID\{E05592E4-C0B5-11D0-A439-00A0C9223196}","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.4333139 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{E05592E4-C0B5-11D0-A439-00A0C9223196}","SUCCESS","Query: Name"
 "11:26:46.4333224 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{E05592E4-C0B5-11D0-A439-00A0C9223196}","SUCCESS","Query: HandleTags, HandleTags: 0x401"
 "11:26:46.4333341 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Classes\Wow6432Node\CLSID\{E05592E4-C0B5-11D0-A439-00A0C9223196}\TreatAs","NAME NOT FOUND","Desired Access: Query Value"
 "11:26:46.4333430 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{E05592E4-C0B5-11D0-A439-00A0C9223196}","SUCCESS","Query: HandleTags, HandleTags: 0x401"
 "11:26:46.4333504 AM","view-test.exe","24980","RegOpenKey","HKCR\Wow6432Node\CLSID\{E05592E4-C0B5-11D0-A439-00A0C9223196}\TreatAs","NAME NOT FOUND","Desired Access: Query Value"
 "11:26:46.4333635 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{E05592E4-C0B5-11D0-A439-00A0C9223196}","BUFFER TOO SMALL","Query: Name, Length: 0"
 "11:26:46.4333688 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{E05592E4-C0B5-11D0-A439-00A0C9223196}","SUCCESS","Query: Name"
 "11:26:46.4333773 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{E05592E4-C0B5-11D0-A439-00A0C9223196}","SUCCESS","Query: Name"
 "11:26:46.4333847 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{E05592E4-C0B5-11D0-A439-00A0C9223196}","SUCCESS","Query: HandleTags, HandleTags: 0x401"
 "11:26:46.4333961 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Classes\Wow6432Node\CLSID\{E05592E4-C0B5-11D0-A439-00A0C9223196}\Progid","NAME NOT FOUND","Desired Access: Query Value"
 "11:26:46.4334035 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{E05592E4-C0B5-11D0-A439-00A0C9223196}","SUCCESS","Query: HandleTags, HandleTags: 0x401"
 "11:26:46.4334109 AM","view-test.exe","24980","RegOpenKey","HKCR\Wow6432Node\CLSID\{E05592E4-C0B5-11D0-A439-00A0C9223196}\Progid","NAME NOT FOUND","Desired Access: Query Value"
 "11:26:46.4334219 AM","view-test.exe","24980","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: Name"
 "11:26:46.4334304 AM","view-test.exe","24980","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x1"
 "11:26:46.4334378 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Classes\CLSID\{E05592E4-C0B5-11D0-A439-00A0C9223196}","NAME NOT FOUND","Desired Access: Read"
 "11:26:46.4334449 AM","view-test.exe","24980","RegOpenKey","HKCR\CLSID\{E05592E4-C0B5-11D0-A439-00A0C9223196}","SUCCESS","Desired Access: Read"
 "11:26:46.4334523 AM","view-test.exe","24980","RegSetInfoKey","HKCR\CLSID\{E05592E4-C0B5-11D0-A439-00A0C9223196}","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.4334573 AM","view-test.exe","24980","RegQueryKey","HKCR\CLSID\{E05592E4-C0B5-11D0-A439-00A0C9223196}","SUCCESS","Query: Name"
 "11:26:46.4334651 AM","view-test.exe","24980","RegQueryKey","HKCR\CLSID\{E05592E4-C0B5-11D0-A439-00A0C9223196}","SUCCESS","Query: HandleTags, HandleTags: 0x100"
 "11:26:46.4334753 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Classes\CLSID\{E05592E4-C0B5-11D0-A439-00A0C9223196}\Progid","NAME NOT FOUND","Desired Access: Query Value"
 "11:26:46.4334824 AM","view-test.exe","24980","RegQueryKey","HKCR\CLSID\{E05592E4-C0B5-11D0-A439-00A0C9223196}","SUCCESS","Query: HandleTags, HandleTags: 0x100"
 "11:26:46.4334898 AM","view-test.exe","24980","RegOpenKey","HKCR\CLSID\{E05592E4-C0B5-11D0-A439-00A0C9223196}\Progid","NAME NOT FOUND","Desired Access: Query Value"
 "11:26:46.4335012 AM","view-test.exe","24980","RegCloseKey","HKCR\CLSID\{E05592E4-C0B5-11D0-A439-00A0C9223196}","SUCCESS",""
 "11:26:46.4335068 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{E05592E4-C0B5-11D0-A439-00A0C9223196}","SUCCESS","Query: Name"
 "11:26:46.4335143 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{E05592E4-C0B5-11D0-A439-00A0C9223196}","SUCCESS","Query: HandleTags, HandleTags: 0x401"
 "11:26:46.4335252 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Classes\Wow6432Node\CLSID\{E05592E4-C0B5-11D0-A439-00A0C9223196}","NAME NOT FOUND","Desired Access: Maximum Allowed"
 "11:26:46.4335323 AM","view-test.exe","24980","RegQueryValue","HKCR\Wow6432Node\CLSID\{E05592E4-C0B5-11D0-A439-00A0C9223196}\(Default)","SUCCESS","Type: REG_SZ, Length: 82, Data: Plug In Distributor: IKsQualityForwarder"
 "11:26:46.4335404 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{E05592E4-C0B5-11D0-A439-00A0C9223196}","SUCCESS","Query: Name"
 "11:26:46.4335479 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{E05592E4-C0B5-11D0-A439-00A0C9223196}","SUCCESS","Query: HandleTags, HandleTags: 0x401"
 "11:26:46.4335585 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Classes\Wow6432Node\CLSID\{E05592E4-C0B5-11D0-A439-00A0C9223196}","NAME NOT FOUND","Desired Access: Maximum Allowed"
 "11:26:46.4335649 AM","view-test.exe","24980","RegQueryValue","HKCR\Wow6432Node\CLSID\{E05592E4-C0B5-11D0-A439-00A0C9223196}\(Default)","SUCCESS","Type: REG_SZ, Length: 82, Data: Plug In Distributor: IKsQualityForwarder"
 "11:26:46.4335730 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{E05592E4-C0B5-11D0-A439-00A0C9223196}","SUCCESS","Query: Name"
 "11:26:46.4335811 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{E05592E4-C0B5-11D0-A439-00A0C9223196}","SUCCESS","Query: HandleTags, HandleTags: 0x401"
 "11:26:46.4335921 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Classes\Wow6432Node\CLSID\{E05592E4-C0B5-11D0-A439-00A0C9223196}\InprocServer32","NAME NOT FOUND","Desired Access: Read"
 "11:26:46.4335992 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{E05592E4-C0B5-11D0-A439-00A0C9223196}","SUCCESS","Query: HandleTags, HandleTags: 0x401"
 "11:26:46.4336066 AM","view-test.exe","24980","RegOpenKey","HKCR\Wow6432Node\CLSID\{E05592E4-C0B5-11D0-A439-00A0C9223196}\InprocServer32","SUCCESS","Desired Access: Read"
 "11:26:46.4336137 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{E05592E4-C0B5-11D0-A439-00A0C9223196}\InprocServer32","SUCCESS","Query: Name"
 "11:26:46.4336211 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{E05592E4-C0B5-11D0-A439-00A0C9223196}\InprocServer32","SUCCESS","Query: HandleTags, HandleTags: 0x401"
 "11:26:46.4336321 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Classes\Wow6432Node\CLSID\{E05592E4-C0B5-11D0-A439-00A0C9223196}\InprocServer32","NAME NOT FOUND","Desired Access: Maximum Allowed"
 "11:26:46.4336399 AM","view-test.exe","24980","RegQueryValue","HKCR\Wow6432Node\CLSID\{E05592E4-C0B5-11D0-A439-00A0C9223196}\InprocServer32\InprocServer32","NAME NOT FOUND","Length: 144"
 "11:26:46.4336463 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{E05592E4-C0B5-11D0-A439-00A0C9223196}\InprocServer32","SUCCESS","Query: Name"
 "11:26:46.4336537 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{E05592E4-C0B5-11D0-A439-00A0C9223196}\InprocServer32","SUCCESS","Query: HandleTags, HandleTags: 0x401"
 "11:26:46.4336643 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Classes\Wow6432Node\CLSID\{E05592E4-C0B5-11D0-A439-00A0C9223196}\InprocServer32","NAME NOT FOUND","Desired Access: Maximum Allowed"
 "11:26:46.4336721 AM","view-test.exe","24980","RegQueryValue","HKCR\Wow6432Node\CLSID\{E05592E4-C0B5-11D0-A439-00A0C9223196}\InprocServer32\(Default)","SUCCESS","Type: REG_SZ, Length: 62, Data: C:\Windows\SysWOW64\ksproxy.ax"
 "11:26:46.4336802 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{E05592E4-C0B5-11D0-A439-00A0C9223196}\InprocServer32","SUCCESS","Query: Name"
 "11:26:46.4336887 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{E05592E4-C0B5-11D0-A439-00A0C9223196}\InprocServer32","SUCCESS","Query: HandleTags, HandleTags: 0x401"
 "11:26:46.4337004 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Classes\Wow6432Node\CLSID\{E05592E4-C0B5-11D0-A439-00A0C9223196}\InprocServer32","NAME NOT FOUND","Desired Access: Maximum Allowed"
 "11:26:46.4337068 AM","view-test.exe","24980","RegQueryValue","HKCR\Wow6432Node\CLSID\{E05592E4-C0B5-11D0-A439-00A0C9223196}\InprocServer32\(Default)","SUCCESS","Type: REG_SZ, Length: 62, Data: C:\Windows\SysWOW64\ksproxy.ax"
 "11:26:46.4337142 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{E05592E4-C0B5-11D0-A439-00A0C9223196}\InprocServer32","SUCCESS","Query: Name"
 "11:26:46.4337216 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{E05592E4-C0B5-11D0-A439-00A0C9223196}\InprocServer32","SUCCESS","Query: HandleTags, HandleTags: 0x401"
 "11:26:46.4337323 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Classes\Wow6432Node\CLSID\{E05592E4-C0B5-11D0-A439-00A0C9223196}\InprocServer32","NAME NOT FOUND","Desired Access: Maximum Allowed"
 "11:26:46.4337386 AM","view-test.exe","24980","RegQueryValue","HKCR\Wow6432Node\CLSID\{E05592E4-C0B5-11D0-A439-00A0C9223196}\InprocServer32\ThreadingModel","SUCCESS","Type: REG_SZ, Length: 10, Data: Both"
 "11:26:46.4337475 AM","view-test.exe","24980","RegCloseKey","HKCR\Wow6432Node\CLSID\{E05592E4-C0B5-11D0-A439-00A0C9223196}\InprocServer32","SUCCESS",""
 "11:26:46.4337538 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{E05592E4-C0B5-11D0-A439-00A0C9223196}","SUCCESS","Query: Name"
 "11:26:46.4337620 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{E05592E4-C0B5-11D0-A439-00A0C9223196}","SUCCESS","Query: HandleTags, HandleTags: 0x401"
 "11:26:46.4337726 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Classes\Wow6432Node\CLSID\{E05592E4-C0B5-11D0-A439-00A0C9223196}\InprocHandler32","NAME NOT FOUND","Desired Access: Query Value"
 "11:26:46.4337804 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{E05592E4-C0B5-11D0-A439-00A0C9223196}","SUCCESS","Query: HandleTags, HandleTags: 0x401"
 "11:26:46.4337882 AM","view-test.exe","24980","RegOpenKey","HKCR\Wow6432Node\CLSID\{E05592E4-C0B5-11D0-A439-00A0C9223196}\InprocHandler32","NAME NOT FOUND","Desired Access: Query Value"
 "11:26:46.4337995 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{E05592E4-C0B5-11D0-A439-00A0C9223196}","SUCCESS","Query: Name"
 "11:26:46.4338076 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{E05592E4-C0B5-11D0-A439-00A0C9223196}","SUCCESS","Query: HandleTags, HandleTags: 0x401"
 "11:26:46.4338197 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Classes\Wow6432Node\CLSID\{E05592E4-C0B5-11D0-A439-00A0C9223196}\InprocHandler","NAME NOT FOUND","Desired Access: Query Value"
 "11:26:46.4338275 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{E05592E4-C0B5-11D0-A439-00A0C9223196}","SUCCESS","Query: HandleTags, HandleTags: 0x401"
 "11:26:46.4338349 AM","view-test.exe","24980","RegOpenKey","HKCR\Wow6432Node\CLSID\{E05592E4-C0B5-11D0-A439-00A0C9223196}\InprocHandler","NAME NOT FOUND","Desired Access: Query Value"
 "11:26:46.4338459 AM","view-test.exe","24980","RegCloseKey","HKCR\Wow6432Node\CLSID\{E05592E4-C0B5-11D0-A439-00A0C9223196}","SUCCESS",""
 "11:26:46.4338731 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Classes","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
 "11:26:46.4338809 AM","view-test.exe","24980","RegSetInfoKey","HKCU\Software\Classes","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.4338873 AM","view-test.exe","24980","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: Name"
 "11:26:46.4338951 AM","view-test.exe","24980","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x1"
 "11:26:46.4339025 AM","view-test.exe","24980","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x1"
 "11:26:46.4339117 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Classes\Wow6432Node\CLSID\{E05592E4-C0B5-11D0-A439-00A0C9223196}","NAME NOT FOUND","Desired Access: Read"
 "11:26:46.4339202 AM","view-test.exe","24980","RegOpenKey","HKCR\Wow6432Node\CLSID\{E05592E4-C0B5-11D0-A439-00A0C9223196}","SUCCESS","Desired Access: Read"
 "11:26:46.4339273 AM","view-test.exe","24980","RegSetInfoKey","HKCR\Wow6432Node\CLSID\{E05592E4-C0B5-11D0-A439-00A0C9223196}","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.4339333 AM","view-test.exe","24980","RegCloseKey","HKCU\Software\Classes","SUCCESS",""
 "11:26:46.4339389 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{E05592E4-C0B5-11D0-A439-00A0C9223196}","SUCCESS","Query: Name"
 "11:26:46.4339464 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{E05592E4-C0B5-11D0-A439-00A0C9223196}","SUCCESS","Query: HandleTags, HandleTags: 0x401"
 "11:26:46.4339573 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Classes\Wow6432Node\CLSID\{E05592E4-C0B5-11D0-A439-00A0C9223196}\TreatAs","NAME NOT FOUND","Desired Access: Read"
 "11:26:46.4339648 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{E05592E4-C0B5-11D0-A439-00A0C9223196}","SUCCESS","Query: HandleTags, HandleTags: 0x401"
 "11:26:46.4339722 AM","view-test.exe","24980","RegOpenKey","HKCR\Wow6432Node\CLSID\{E05592E4-C0B5-11D0-A439-00A0C9223196}\TreatAs","NAME NOT FOUND","Desired Access: Read"
 "11:26:46.4339828 AM","view-test.exe","24980","RegCloseKey","HKCR\Wow6432Node\CLSID\{E05592E4-C0B5-11D0-A439-00A0C9223196}","SUCCESS",""
 "11:26:46.4349444 AM","view-test.exe","24980","Thread Create","","SUCCESS","Thread ID: 7884"
 "11:26:46.4350962 AM","view-test.exe","24980","Thread Exit","","SUCCESS","Thread ID: 7884, User Time: 0.0000000, Kernel Time: 0.0000000"
 "11:26:46.4351602 AM","view-test.exe","24980","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: Name"
 "11:26:46.4351719 AM","view-test.exe","24980","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x1"
 "11:26:46.4351914 AM","view-test.exe","24980","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x1"
 "11:26:46.4352052 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Classes\Wow6432Node\CLSID\{B87BEB7B-8D29-423F-AE4D-6582C10175AC}","NAME NOT FOUND","Desired Access: Read"
 "11:26:46.4352176 AM","view-test.exe","24980","RegOpenKey","HKCR\Wow6432Node\CLSID\{B87BEB7B-8D29-423F-AE4D-6582C10175AC}","SUCCESS","Desired Access: Read"
 "11:26:46.4352289 AM","view-test.exe","24980","RegSetInfoKey","HKCR\Wow6432Node\CLSID\{B87BEB7B-8D29-423F-AE4D-6582C10175AC}","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.4352346 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{B87BEB7B-8D29-423F-AE4D-6582C10175AC}","SUCCESS","Query: Name"
 "11:26:46.4352431 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{B87BEB7B-8D29-423F-AE4D-6582C10175AC}","SUCCESS","Query: HandleTags, HandleTags: 0x401"
 "11:26:46.4352579 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Classes\Wow6432Node\CLSID\{B87BEB7B-8D29-423F-AE4D-6582C10175AC}\TreatAs","NAME NOT FOUND","Desired Access: Query Value"
 "11:26:46.4352664 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{B87BEB7B-8D29-423F-AE4D-6582C10175AC}","SUCCESS","Query: HandleTags, HandleTags: 0x401"
 "11:26:46.4352738 AM","view-test.exe","24980","RegOpenKey","HKCR\Wow6432Node\CLSID\{B87BEB7B-8D29-423F-AE4D-6582C10175AC}\TreatAs","NAME NOT FOUND","Desired Access: Query Value"
 "11:26:46.4352912 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{B87BEB7B-8D29-423F-AE4D-6582C10175AC}","BUFFER TOO SMALL","Query: Name, Length: 0"
 "11:26:46.4352972 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{B87BEB7B-8D29-423F-AE4D-6582C10175AC}","SUCCESS","Query: Name"
 "11:26:46.4353057 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{B87BEB7B-8D29-423F-AE4D-6582C10175AC}","SUCCESS","Query: Name"
 "11:26:46.4353131 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{B87BEB7B-8D29-423F-AE4D-6582C10175AC}","SUCCESS","Query: HandleTags, HandleTags: 0x401"
 "11:26:46.4353255 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Classes\Wow6432Node\CLSID\{B87BEB7B-8D29-423F-AE4D-6582C10175AC}\Progid","NAME NOT FOUND","Desired Access: Query Value"
 "11:26:46.4353337 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{B87BEB7B-8D29-423F-AE4D-6582C10175AC}","SUCCESS","Query: HandleTags, HandleTags: 0x401"
 "11:26:46.4353411 AM","view-test.exe","24980","RegOpenKey","HKCR\Wow6432Node\CLSID\{B87BEB7B-8D29-423F-AE4D-6582C10175AC}\Progid","NAME NOT FOUND","Desired Access: Query Value"
 "11:26:46.4353528 AM","view-test.exe","24980","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: Name"
 "11:26:46.4353630 AM","view-test.exe","24980","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x1"
 "11:26:46.4353708 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Classes\CLSID\{B87BEB7B-8D29-423F-AE4D-6582C10175AC}","NAME NOT FOUND","Desired Access: Read"
 "11:26:46.4353790 AM","view-test.exe","24980","RegOpenKey","HKCR\CLSID\{B87BEB7B-8D29-423F-AE4D-6582C10175AC}","SUCCESS","Desired Access: Read"
 "11:26:46.4353874 AM","view-test.exe","24980","RegSetInfoKey","HKCR\CLSID\{B87BEB7B-8D29-423F-AE4D-6582C10175AC}","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.4353935 AM","view-test.exe","24980","RegQueryKey","HKCR\CLSID\{B87BEB7B-8D29-423F-AE4D-6582C10175AC}","SUCCESS","Query: Name"
 "11:26:46.4354016 AM","view-test.exe","24980","RegQueryKey","HKCR\CLSID\{B87BEB7B-8D29-423F-AE4D-6582C10175AC}","SUCCESS","Query: HandleTags, HandleTags: 0x100"
 "11:26:46.4354122 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Classes\CLSID\{B87BEB7B-8D29-423F-AE4D-6582C10175AC}\Progid","NAME NOT FOUND","Desired Access: Query Value"
 "11:26:46.4354196 AM","view-test.exe","24980","RegQueryKey","HKCR\CLSID\{B87BEB7B-8D29-423F-AE4D-6582C10175AC}","SUCCESS","Query: HandleTags, HandleTags: 0x100"
 "11:26:46.4354271 AM","view-test.exe","24980","RegOpenKey","HKCR\CLSID\{B87BEB7B-8D29-423F-AE4D-6582C10175AC}\Progid","NAME NOT FOUND","Desired Access: Query Value"
 "11:26:46.4354388 AM","view-test.exe","24980","RegCloseKey","HKCR\CLSID\{B87BEB7B-8D29-423F-AE4D-6582C10175AC}","SUCCESS",""
 "11:26:46.4354448 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{B87BEB7B-8D29-423F-AE4D-6582C10175AC}","SUCCESS","Query: Name"
 "11:26:46.4354526 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{B87BEB7B-8D29-423F-AE4D-6582C10175AC}","SUCCESS","Query: HandleTags, HandleTags: 0x401"
 "11:26:46.4354642 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Classes\Wow6432Node\CLSID\{B87BEB7B-8D29-423F-AE4D-6582C10175AC}","NAME NOT FOUND","Desired Access: Maximum Allowed"
 "11:26:46.4354717 AM","view-test.exe","24980","RegQueryValue","HKCR\Wow6432Node\CLSID\{B87BEB7B-8D29-423F-AE4D-6582C10175AC}\(Default)","SUCCESS","Type: REG_SZ, Length: 44, Data: Video Mixing Renderer"
 "11:26:46.4354805 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{B87BEB7B-8D29-423F-AE4D-6582C10175AC}","SUCCESS","Query: Name"
 "11:26:46.4354883 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{B87BEB7B-8D29-423F-AE4D-6582C10175AC}","SUCCESS","Query: HandleTags, HandleTags: 0x401"
 "11:26:46.4354996 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Classes\Wow6432Node\CLSID\{B87BEB7B-8D29-423F-AE4D-6582C10175AC}","NAME NOT FOUND","Desired Access: Maximum Allowed"
 "11:26:46.4355060 AM","view-test.exe","24980","RegQueryValue","HKCR\Wow6432Node\CLSID\{B87BEB7B-8D29-423F-AE4D-6582C10175AC}\(Default)","SUCCESS","Type: REG_SZ, Length: 44, Data: Video Mixing Renderer"
 "11:26:46.4355159 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{B87BEB7B-8D29-423F-AE4D-6582C10175AC}","SUCCESS","Query: Name"
 "11:26:46.4355237 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{B87BEB7B-8D29-423F-AE4D-6582C10175AC}","SUCCESS","Query: HandleTags, HandleTags: 0x401"
 "11:26:46.4355343 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Classes\Wow6432Node\CLSID\{B87BEB7B-8D29-423F-AE4D-6582C10175AC}\InprocServer32","NAME NOT FOUND","Desired Access: Read"
 "11:26:46.4355417 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{B87BEB7B-8D29-423F-AE4D-6582C10175AC}","SUCCESS","Query: HandleTags, HandleTags: 0x401"
 "11:26:46.4355502 AM","view-test.exe","24980","RegOpenKey","HKCR\Wow6432Node\CLSID\{B87BEB7B-8D29-423F-AE4D-6582C10175AC}\InprocServer32","SUCCESS","Desired Access: Read"
 "11:26:46.4355584 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{B87BEB7B-8D29-423F-AE4D-6582C10175AC}\InprocServer32","SUCCESS","Query: Name"
 "11:26:46.4355662 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{B87BEB7B-8D29-423F-AE4D-6582C10175AC}\InprocServer32","SUCCESS","Query: HandleTags, HandleTags: 0x401"
 "11:26:46.4355778 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Classes\Wow6432Node\CLSID\{B87BEB7B-8D29-423F-AE4D-6582C10175AC}\InprocServer32","NAME NOT FOUND","Desired Access: Maximum Allowed"
 "11:26:46.4355856 AM","view-test.exe","24980","RegQueryValue","HKCR\Wow6432Node\CLSID\{B87BEB7B-8D29-423F-AE4D-6582C10175AC}\InprocServer32\InprocServer32","NAME NOT FOUND","Length: 144"
 "11:26:46.4355924 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{B87BEB7B-8D29-423F-AE4D-6582C10175AC}\InprocServer32","SUCCESS","Query: Name"
 "11:26:46.4356001 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{B87BEB7B-8D29-423F-AE4D-6582C10175AC}\InprocServer32","SUCCESS","Query: HandleTags, HandleTags: 0x401"
 "11:26:46.4356108 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Classes\Wow6432Node\CLSID\{B87BEB7B-8D29-423F-AE4D-6582C10175AC}\InprocServer32","NAME NOT FOUND","Desired Access: Maximum Allowed"
 "11:26:46.4356175 AM","view-test.exe","24980","RegQueryValue","HKCR\Wow6432Node\CLSID\{B87BEB7B-8D29-423F-AE4D-6582C10175AC}\InprocServer32\(Default)","SUCCESS","Type: REG_SZ, Length: 62, Data: C:\Windows\SysWOW64\quartz.dll"
 "11:26:46.4356249 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{B87BEB7B-8D29-423F-AE4D-6582C10175AC}\InprocServer32","SUCCESS","Query: Name"
 "11:26:46.4356320 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{B87BEB7B-8D29-423F-AE4D-6582C10175AC}\InprocServer32","SUCCESS","Query: HandleTags, HandleTags: 0x401"
 "11:26:46.4356430 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Classes\Wow6432Node\CLSID\{B87BEB7B-8D29-423F-AE4D-6582C10175AC}\InprocServer32","NAME NOT FOUND","Desired Access: Maximum Allowed"
 "11:26:46.4356525 AM","view-test.exe","24980","RegQueryValue","HKCR\Wow6432Node\CLSID\{B87BEB7B-8D29-423F-AE4D-6582C10175AC}\InprocServer32\(Default)","SUCCESS","Type: REG_SZ, Length: 62, Data: C:\Windows\SysWOW64\quartz.dll"
 "11:26:46.4356610 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{B87BEB7B-8D29-423F-AE4D-6582C10175AC}\InprocServer32","SUCCESS","Query: Name"
 "11:26:46.4356688 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{B87BEB7B-8D29-423F-AE4D-6582C10175AC}\InprocServer32","SUCCESS","Query: HandleTags, HandleTags: 0x401"
 "11:26:46.4356808 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Classes\Wow6432Node\CLSID\{B87BEB7B-8D29-423F-AE4D-6582C10175AC}\InprocServer32","NAME NOT FOUND","Desired Access: Maximum Allowed"
 "11:26:46.4356879 AM","view-test.exe","24980","RegQueryValue","HKCR\Wow6432Node\CLSID\{B87BEB7B-8D29-423F-AE4D-6582C10175AC}\InprocServer32\ThreadingModel","SUCCESS","Type: REG_SZ, Length: 10, Data: Both"
 "11:26:46.4356971 AM","view-test.exe","24980","RegCloseKey","HKCR\Wow6432Node\CLSID\{B87BEB7B-8D29-423F-AE4D-6582C10175AC}\InprocServer32","SUCCESS",""
 "11:26:46.4357035 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{B87BEB7B-8D29-423F-AE4D-6582C10175AC}","SUCCESS","Query: Name"
 "11:26:46.4357120 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{B87BEB7B-8D29-423F-AE4D-6582C10175AC}","SUCCESS","Query: HandleTags, HandleTags: 0x401"
 "11:26:46.4357233 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Classes\Wow6432Node\CLSID\{B87BEB7B-8D29-423F-AE4D-6582C10175AC}\InprocHandler32","NAME NOT FOUND","Desired Access: Query Value"
 "11:26:46.4357332 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{B87BEB7B-8D29-423F-AE4D-6582C10175AC}","SUCCESS","Query: HandleTags, HandleTags: 0x401"
 "11:26:46.4357410 AM","view-test.exe","24980","RegOpenKey","HKCR\Wow6432Node\CLSID\{B87BEB7B-8D29-423F-AE4D-6582C10175AC}\InprocHandler32","NAME NOT FOUND","Desired Access: Query Value"
 "11:26:46.4357520 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{B87BEB7B-8D29-423F-AE4D-6582C10175AC}","SUCCESS","Query: Name"
 "11:26:46.4357597 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{B87BEB7B-8D29-423F-AE4D-6582C10175AC}","SUCCESS","Query: HandleTags, HandleTags: 0x401"
 "11:26:46.4357721 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Classes\Wow6432Node\CLSID\{B87BEB7B-8D29-423F-AE4D-6582C10175AC}\InprocHandler","NAME NOT FOUND","Desired Access: Query Value"
 "11:26:46.4357796 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{B87BEB7B-8D29-423F-AE4D-6582C10175AC}","SUCCESS","Query: HandleTags, HandleTags: 0x401"
 "11:26:46.4357870 AM","view-test.exe","24980","RegOpenKey","HKCR\Wow6432Node\CLSID\{B87BEB7B-8D29-423F-AE4D-6582C10175AC}\InprocHandler","NAME NOT FOUND","Desired Access: Query Value"
 "11:26:46.4357973 AM","view-test.exe","24980","RegCloseKey","HKCR\Wow6432Node\CLSID\{B87BEB7B-8D29-423F-AE4D-6582C10175AC}","SUCCESS",""
 "11:26:46.4358242 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Classes","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
 "11:26:46.4358323 AM","view-test.exe","24980","RegSetInfoKey","HKCU\Software\Classes","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.4358387 AM","view-test.exe","24980","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: Name"
 "11:26:46.4358468 AM","view-test.exe","24980","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x1"
 "11:26:46.4358557 AM","view-test.exe","24980","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x1"
 "11:26:46.4358656 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Classes\Wow6432Node\CLSID\{B87BEB7B-8D29-423F-AE4D-6582C10175AC}","NAME NOT FOUND","Desired Access: Read"
 "11:26:46.4358744 AM","view-test.exe","24980","RegOpenKey","HKCR\Wow6432Node\CLSID\{B87BEB7B-8D29-423F-AE4D-6582C10175AC}","SUCCESS","Desired Access: Read"
 "11:26:46.4358822 AM","view-test.exe","24980","RegSetInfoKey","HKCR\Wow6432Node\CLSID\{B87BEB7B-8D29-423F-AE4D-6582C10175AC}","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.4358886 AM","view-test.exe","24980","RegCloseKey","HKCU\Software\Classes","SUCCESS",""
 "11:26:46.4358939 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{B87BEB7B-8D29-423F-AE4D-6582C10175AC}","SUCCESS","Query: Name"
 "11:26:46.4359013 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{B87BEB7B-8D29-423F-AE4D-6582C10175AC}","SUCCESS","Query: HandleTags, HandleTags: 0x401"
 "11:26:46.4359126 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Classes\Wow6432Node\CLSID\{B87BEB7B-8D29-423F-AE4D-6582C10175AC}\TreatAs","NAME NOT FOUND","Desired Access: Read"
 "11:26:46.4359201 AM","view-test.exe","24980","RegQueryKey","HKCR\Wow6432Node\CLSID\{B87BEB7B-8D29-423F-AE4D-6582C10175AC}","SUCCESS","Query: HandleTags, HandleTags: 0x401"
 "11:26:46.4359278 AM","view-test.exe","24980","RegOpenKey","HKCR\Wow6432Node\CLSID\{B87BEB7B-8D29-423F-AE4D-6582C10175AC}\TreatAs","NAME NOT FOUND","Desired Access: Read"
 "11:26:46.4359385 AM","view-test.exe","24980","RegCloseKey","HKCR\Wow6432Node\CLSID\{B87BEB7B-8D29-423F-AE4D-6582C10175AC}","SUCCESS",""
 "11:26:46.4360662 AM","view-test.exe","24980","CreateFile","C:\dev\GIT\Red\DDRAW.dll","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
 "11:26:46.4362226 AM","view-test.exe","24980","CreateFile","C:\Windows\SysWOW64\ddraw.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
 "11:26:46.4363058 AM","view-test.exe","24980","QueryBasicInformationFile","C:\Windows\SysWOW64\ddraw.dll","SUCCESS","CreationTime: 7/14/2009 1:27:58 AM, LastAccessTime: 7/14/2009 1:27:58 AM, LastWriteTime: 7/14/2009 3:15:10 AM, ChangeTime: 12/5/2014 3:15:51 PM, FileAttributes: A"
 "11:26:46.4363178 AM","view-test.exe","24980","CloseFile","C:\Windows\SysWOW64\ddraw.dll","SUCCESS",""
 "11:26:46.4364081 AM","view-test.exe","24980","CreateFile","C:\Windows\SysWOW64\ddraw.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
 "11:26:46.4364799 AM","view-test.exe","24980","CreateFileMapping","C:\Windows\SysWOW64\ddraw.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: "
 "11:26:46.4366491 AM","view-test.exe","24980","CreateFileMapping","C:\Windows\SysWOW64\ddraw.dll","SUCCESS","SyncType: SyncTypeOther"
 "11:26:46.4367266 AM","view-test.exe","24980","Load Image","C:\Windows\SysWOW64\ddraw.dll","SUCCESS","Image Base: 0x6f490000, Image Size: 0xe7000"
 "11:26:46.4367411 AM","view-test.exe","24980","CloseFile","C:\Windows\SysWOW64\ddraw.dll","SUCCESS",""
 "11:26:46.4368710 AM","view-test.exe","24980","CreateFile","C:\dev\GIT\Red\DCIMAN32.dll","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
 "11:26:46.4370125 AM","view-test.exe","24980","CreateFile","C:\Windows\SysWOW64\dciman32.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
 "11:26:46.4370812 AM","view-test.exe","24980","QueryBasicInformationFile","C:\Windows\SysWOW64\dciman32.dll","SUCCESS","CreationTime: 8/6/2015 10:09:09 AM, LastAccessTime: 8/6/2015 10:09:09 AM, LastWriteTime: 7/15/2015 4:55:35 AM, ChangeTime: 8/6/2015 3:50:14 PM, FileAttributes: A"
 "11:26:46.4370915 AM","view-test.exe","24980","CloseFile","C:\Windows\SysWOW64\dciman32.dll","SUCCESS",""
 "11:26:46.4371789 AM","view-test.exe","24980","CreateFile","C:\Windows\SysWOW64\dciman32.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
 "11:26:46.4372387 AM","view-test.exe","24980","CreateFileMapping","C:\Windows\SysWOW64\dciman32.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: "
 "11:26:46.4372783 AM","view-test.exe","24980","CreateFileMapping","C:\Windows\SysWOW64\dciman32.dll","SUCCESS","SyncType: SyncTypeOther"
 "11:26:46.4373587 AM","view-test.exe","24980","Load Image","C:\Windows\SysWOW64\dciman32.dll","SUCCESS","Image Base: 0x6fc80000, Image Size: 0x6000"
 "11:26:46.4373753 AM","view-test.exe","24980","CloseFile","C:\Windows\SysWOW64\dciman32.dll","SUCCESS",""
 "11:26:46.4374716 AM","view-test.exe","24980","RegOpenKey","HKLM\Software\Policies\Microsoft\SQMClient\Windows","NAME NOT FOUND","Desired Access: Read"
 "11:26:46.4374914 AM","view-test.exe","24980","RegOpenKey","HKLM\Software\Microsoft\SQMClient\Windows","SUCCESS","Desired Access: Read"
 "11:26:46.4375020 AM","view-test.exe","24980","RegSetInfoKey","HKLM\SOFTWARE\MICROSOFT\SQMClient\Windows","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.4375087 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\MICROSOFT\SQMClient\Windows\CEIPEnable","NAME NOT FOUND","Length: 20"
 "11:26:46.4375172 AM","view-test.exe","24980","RegCloseKey","HKLM\SOFTWARE\MICROSOFT\SQMClient\Windows","SUCCESS",""
 "11:26:46.4375363 AM","view-test.exe","24980","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
 "11:26:46.4375491 AM","view-test.exe","24980","RegOpenKey","HKLM\Software\Wow6432Node\Microsoft\DirectDraw","SUCCESS","Desired Access: Maximum Allowed, Granted Access: Read"
 "11:26:46.4375632 AM","view-test.exe","24980","RegSetInfoKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\DirectDraw","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.4375699 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\EnumerateAttachedSecondaries","NAME NOT FOUND","Length: 144"
 "11:26:46.4375767 AM","view-test.exe","24980","RegCloseKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\DirectDraw","SUCCESS",""
 "11:26:46.4376563 AM","view-test.exe","24980","CreateFile","C:\Windows\win.ini","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
 "11:26:46.4376828 AM","view-test.exe","24980","LockFile","C:\Windows\win.ini","SUCCESS","Exclusive: False, Offset: 0, Length: 4,294,967,295, Fail Immediately: False"
 "11:26:46.4376931 AM","view-test.exe","24980","QueryStandardInformationFile","C:\Windows\win.ini","SUCCESS","AllocationSize: 440, EndOfFile: 435, NumberOfLinks: 1, DeletePending: False, Directory: False"
 "11:26:46.4377065 AM","view-test.exe","24980","ReadFile","C:\Windows\win.ini","SUCCESS","Offset: 0, Length: 435, Priority: Normal"
 "11:26:46.4377395 AM","view-test.exe","24980","UnlockFileSingle","C:\Windows\win.ini","SUCCESS","Offset: 0, Length: 4,294,967,295"
 "11:26:46.4377494 AM","view-test.exe","24980","CloseFile","C:\Windows\win.ini","SUCCESS",""
 "11:26:46.4378201 AM","view-test.exe","24980","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
 "11:26:46.4378329 AM","view-test.exe","24980","RegOpenKey","HKLM\Software\Wow6432Node\Microsoft\DirectDraw\Compatibility","SUCCESS","Desired Access: Maximum Allowed, Granted Access: Read"
 "11:26:46.4378495 AM","view-test.exe","24980","RegSetInfoKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\Compatibility","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.4378580 AM","view-test.exe","24980","RegEnumKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\Compatibility","SUCCESS","Index: 0, Name: Bug!"
 "11:26:46.4378690 AM","view-test.exe","24980","RegQueryKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\Compatibility","SUCCESS","Query: HandleTags, HandleTags: 0x400"
 "11:26:46.4378768 AM","view-test.exe","24980","RegOpenKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\Compatibility\Bug!","SUCCESS","Desired Access: Maximum Allowed, Granted Access: Read"
 "11:26:46.4378895 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\Compatibility\Bug!\Name","SUCCESS","Type: REG_SZ, Length: 18, Data: BUG!.EXE"
 "11:26:46.4378984 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\Compatibility\Bug!\Name","SUCCESS","Type: REG_SZ, Length: 18, Data: BUG!.EXE"
 "11:26:46.4379061 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\Compatibility\Bug!\Flags","SUCCESS","Type: REG_BINARY, Length: 4, Data: 01 00 00 00"
 "11:26:46.4379136 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\Compatibility\Bug!\ID","SUCCESS","Type: REG_BINARY, Length: 4, Data: 3D 62 09 32"
 "11:26:46.4379224 AM","view-test.exe","24980","RegCloseKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\Compatibility\Bug!","SUCCESS",""
 "11:26:46.4379284 AM","view-test.exe","24980","RegEnumKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\Compatibility","SUCCESS","Index: 1, Name: DemolitionDerby2"
 "11:26:46.4379376 AM","view-test.exe","24980","RegQueryKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\Compatibility","SUCCESS","Query: HandleTags, HandleTags: 0x400"
 "11:26:46.4379454 AM","view-test.exe","24980","RegOpenKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\Compatibility\DemolitionDerby2","SUCCESS","Desired Access: Maximum Allowed, Granted Access: Read"
 "11:26:46.4379568 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\Compatibility\DemolitionDerby2\Name","SUCCESS","Type: REG_SZ, Length: 16, Data: DD2.EXE"
 "11:26:46.4379649 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\Compatibility\DemolitionDerby2\Name","SUCCESS","Type: REG_SZ, Length: 16, Data: DD2.EXE"
 "11:26:46.4379737 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\Compatibility\DemolitionDerby2\Flags","SUCCESS","Type: REG_BINARY, Length: 4, Data: 01 00 00 00"
 "11:26:46.4379812 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\Compatibility\DemolitionDerby2\ID","SUCCESS","Type: REG_BINARY, Length: 4, Data: 44 83 88 32"
 "11:26:46.4379893 AM","view-test.exe","24980","RegCloseKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\Compatibility\DemolitionDerby2","SUCCESS",""
 "11:26:46.4379950 AM","view-test.exe","24980","RegEnumKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\Compatibility","SUCCESS","Index: 2, Name: Diablo"
 "11:26:46.4380035 AM","view-test.exe","24980","RegQueryKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\Compatibility","SUCCESS","Query: HandleTags, HandleTags: 0x400"
 "11:26:46.4380109 AM","view-test.exe","24980","RegOpenKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\Compatibility\Diablo","SUCCESS","Desired Access: Maximum Allowed, Granted Access: Read"
 "11:26:46.4380212 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\Compatibility\Diablo\Name","SUCCESS","Type: REG_SZ, Length: 22, Data: diablo.exe"
 "11:26:46.4380297 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\Compatibility\Diablo\Name","SUCCESS","Type: REG_SZ, Length: 22, Data: diablo.exe"
 "11:26:46.4380371 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\Compatibility\Diablo\Flags","SUCCESS","Type: REG_BINARY, Length: 4, Data: 00 08 00 00"
 "11:26:46.4380445 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\Compatibility\Diablo\ID","SUCCESS","Type: REG_BINARY, Length: 4, Data: AB 92 C3 32"
 "11:26:46.4380523 AM","view-test.exe","24980","RegCloseKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\Compatibility\Diablo","SUCCESS",""
 "11:26:46.4380580 AM","view-test.exe","24980","RegEnumKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\Compatibility","SUCCESS","Index: 3, Name: MortalKombat3"
 "11:26:46.4380665 AM","view-test.exe","24980","RegQueryKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\Compatibility","SUCCESS","Query: HandleTags, HandleTags: 0x400"
 "11:26:46.4380739 AM","view-test.exe","24980","RegOpenKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\Compatibility\MortalKombat3","SUCCESS","Desired Access: Maximum Allowed, Granted Access: Read"
 "11:26:46.4380845 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\Compatibility\MortalKombat3\Name","SUCCESS","Type: REG_SZ, Length: 18, Data: MK3W.EXE"
 "11:26:46.4380923 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\Compatibility\MortalKombat3\Name","SUCCESS","Type: REG_SZ, Length: 18, Data: MK3W.EXE"
 "11:26:46.4381004 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\Compatibility\MortalKombat3\Flags","SUCCESS","Type: REG_BINARY, Length: 4, Data: 01 00 00 00"
 "11:26:46.4381111 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\Compatibility\MortalKombat3\ID","SUCCESS","Type: REG_BINARY, Length: 4, Data: FC 6D E7 31"
 "11:26:46.4381195 AM","view-test.exe","24980","RegCloseKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\Compatibility\MortalKombat3","SUCCESS",""
 "11:26:46.4381252 AM","view-test.exe","24980","RegEnumKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\Compatibility","SUCCESS","Index: 4, Name: MsGolf98"
 "11:26:46.4381341 AM","view-test.exe","24980","RegQueryKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\Compatibility","SUCCESS","Query: HandleTags, HandleTags: 0x400"
 "11:26:46.4381418 AM","view-test.exe","24980","RegOpenKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\Compatibility\MsGolf98","SUCCESS","Desired Access: Maximum Allowed, Granted Access: Read"
 "11:26:46.4381532 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\Compatibility\MsGolf98\Name","SUCCESS","Type: REG_SZ, Length: 18, Data: game.exe"
 "11:26:46.4381610 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\Compatibility\MsGolf98\Name","SUCCESS","Type: REG_SZ, Length: 18, Data: game.exe"
 "11:26:46.4381684 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\Compatibility\MsGolf98\Flags","SUCCESS","Type: REG_BINARY, Length: 4, Data: 20 00 00 00"
 "11:26:46.4381755 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\Compatibility\MsGolf98\ID","SUCCESS","Type: REG_BINARY, Length: 4, Data: 0D EA 1A 35"
 "11:26:46.4381829 AM","view-test.exe","24980","RegCloseKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\Compatibility\MsGolf98","SUCCESS",""
 "11:26:46.4381886 AM","view-test.exe","24980","RegEnumKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\Compatibility","SUCCESS","Index: 5, Name: NHLPowerPlay"
 "11:26:46.4381967 AM","view-test.exe","24980","RegQueryKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\Compatibility","SUCCESS","Query: HandleTags, HandleTags: 0x400"
 "11:26:46.4382038 AM","view-test.exe","24980","RegOpenKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\Compatibility\NHLPowerPlay","SUCCESS","Desired Access: Maximum Allowed, Granted Access: Read"
 "11:26:46.4382140 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\Compatibility\NHLPowerPlay\Name","SUCCESS","Type: REG_SZ, Length: 18, Data: PP96.EXE"
 "11:26:46.4382211 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\Compatibility\NHLPowerPlay\Name","SUCCESS","Type: REG_SZ, Length: 18, Data: PP96.EXE"
 "11:26:46.4382282 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\Compatibility\NHLPowerPlay\Flags","SUCCESS","Type: REG_BINARY, Length: 4, Data: 01 00 00 00"
 "11:26:46.4382367 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\Compatibility\NHLPowerPlay\ID","SUCCESS","Type: REG_BINARY, Length: 4, Data: FF 3F BF 31"
 "11:26:46.4382445 AM","view-test.exe","24980","RegCloseKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\Compatibility\NHLPowerPlay","SUCCESS",""
 "11:26:46.4382498 AM","view-test.exe","24980","RegEnumKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\Compatibility","SUCCESS","Index: 6, Name: NortonSystemInfo"
 "11:26:46.4382579 AM","view-test.exe","24980","RegQueryKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\Compatibility","SUCCESS","Query: HandleTags, HandleTags: 0x400"
 "11:26:46.4382654 AM","view-test.exe","24980","RegOpenKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\Compatibility\NortonSystemInfo","SUCCESS","Desired Access: Maximum Allowed, Granted Access: Read"
 "11:26:46.4382756 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\Compatibility\NortonSystemInfo\Name","SUCCESS","Type: REG_SZ, Length: 18, Data: SI32.EXE"
 "11:26:46.4382830 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\Compatibility\NortonSystemInfo\Name","SUCCESS","Type: REG_SZ, Length: 18, Data: SI32.EXE"
 "11:26:46.4382905 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\Compatibility\NortonSystemInfo\Flags","SUCCESS","Type: REG_BINARY, Length: 4, Data: 04 00 00 00"
 "11:26:46.4382976 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\Compatibility\NortonSystemInfo\ID","SUCCESS","Type: REG_BINARY, Length: 4, Data: 29 EA 63 32"
 "11:26:46.4383053 AM","view-test.exe","24980","RegCloseKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\Compatibility\NortonSystemInfo","SUCCESS",""
 "11:26:46.4383107 AM","view-test.exe","24980","RegEnumKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\Compatibility","SUCCESS","Index: 7, Name: Rogue Squadron"
 "11:26:46.4383188 AM","view-test.exe","24980","RegQueryKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\Compatibility","SUCCESS","Query: HandleTags, HandleTags: 0x400"
 "11:26:46.4383262 AM","view-test.exe","24980","RegOpenKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\Compatibility\Rogue Squadron","SUCCESS","Desired Access: Maximum Allowed, Granted Access: Read"
 "11:26:46.4383365 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\Compatibility\Rogue Squadron\Name","SUCCESS","Type: REG_SZ, Length: 38, Data: ROGUE SQUADRON.EXE"
 "11:26:46.4383439 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\Compatibility\Rogue Squadron\Name","SUCCESS","Type: REG_SZ, Length: 38, Data: ROGUE SQUADRON.EXE"
 "11:26:46.4383563 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\Compatibility\Rogue Squadron\Flags","SUCCESS","Type: REG_BINARY, Length: 4, Data: 40 00 00 00"
 "11:26:46.4383648 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\Compatibility\Rogue Squadron\ID","SUCCESS","Type: REG_BINARY, Length: 4, Data: D1 D7 4C 36"
 "11:26:46.4383729 AM","view-test.exe","24980","RegCloseKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\Compatibility\Rogue Squadron","SUCCESS",""
 "11:26:46.4383786 AM","view-test.exe","24980","RegEnumKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\Compatibility","SUCCESS","Index: 8, Name: Savage"
 "11:26:46.4383874 AM","view-test.exe","24980","RegQueryKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\Compatibility","SUCCESS","Query: HandleTags, HandleTags: 0x400"
 "11:26:46.4383949 AM","view-test.exe","24980","RegOpenKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\Compatibility\Savage","SUCCESS","Desired Access: Maximum Allowed, Granted Access: Read"
 "11:26:46.4384069 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\Compatibility\Savage\Name","SUCCESS","Type: REG_SZ, Length: 26, Data: SAVAGE32.EXE"
 "11:26:46.4384193 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\Compatibility\Savage\Name","SUCCESS","Type: REG_SZ, Length: 26, Data: SAVAGE32.EXE"
 "11:26:46.4384310 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\Compatibility\Savage\Flags","SUCCESS","Type: REG_BINARY, Length: 4, Data: 01 00 00 00"
 "11:26:46.4384430 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\Compatibility\Savage\ID","SUCCESS","Type: REG_BINARY, Length: 4, Data: 00 87 65 31"
 "11:26:46.4384511 AM","view-test.exe","24980","RegCloseKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\Compatibility\Savage","SUCCESS",""
 "11:26:46.4384568 AM","view-test.exe","24980","RegEnumKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\Compatibility","SUCCESS","Index: 9, Name: ScorchedPlanet"
 "11:26:46.4384653 AM","view-test.exe","24980","RegQueryKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\Compatibility","SUCCESS","Query: HandleTags, HandleTags: 0x400"
 "11:26:46.4384731 AM","view-test.exe","24980","RegOpenKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\Compatibility\ScorchedPlanet","SUCCESS","Desired Access: Maximum Allowed, Granted Access: Read"
 "11:26:46.4384841 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\Compatibility\ScorchedPlanet\Name","SUCCESS","Type: REG_SZ, Length: 26, Data: SPLANETW.EXE"
 "11:26:46.4384936 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\Compatibility\ScorchedPlanet\Name","SUCCESS","Type: REG_SZ, Length: 26, Data: SPLANETW.EXE"
 "11:26:46.4385028 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\Compatibility\ScorchedPlanet\Flags","SUCCESS","Type: REG_BINARY, Length: 4, Data: 02 00 00 00"
 "11:26:46.4385131 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\Compatibility\ScorchedPlanet\ID","SUCCESS","Type: REG_BINARY, Length: 4, Data: 69 04 4C 32"
 "11:26:46.4385216 AM","view-test.exe","24980","RegCloseKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\Compatibility\ScorchedPlanet","SUCCESS",""
 "11:26:46.4385279 AM","view-test.exe","24980","RegEnumKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\Compatibility","SUCCESS","Index: 10, Name: SilentThunder"
 "11:26:46.4385421 AM","view-test.exe","24980","RegQueryKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\Compatibility","SUCCESS","Query: HandleTags, HandleTags: 0x400"
 "11:26:46.4385566 AM","view-test.exe","24980","RegOpenKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\Compatibility\SilentThunder","SUCCESS","Desired Access: Maximum Allowed, Granted Access: Read"
 "11:26:46.4385750 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\Compatibility\SilentThunder\Name","SUCCESS","Type: REG_SZ, Length: 22, Data: A10SIM.EXE"
 "11:26:46.4385849 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\Compatibility\SilentThunder\Name","SUCCESS","Type: REG_SZ, Length: 22, Data: A10SIM.EXE"
 "11:26:46.4385973 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\Compatibility\SilentThunder\Flags","SUCCESS","Type: REG_BINARY, Length: 4, Data: 01 00 00 00"
 "11:26:46.4386083 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\Compatibility\SilentThunder\ID","SUCCESS","Type: REG_BINARY, Length: 4, Data: 5D 20 35 56"
 "11:26:46.4386193 AM","view-test.exe","24980","RegCloseKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\Compatibility\SilentThunder","SUCCESS",""
 "11:26:46.4386253 AM","view-test.exe","24980","RegEnumKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\Compatibility","SUCCESS","Index: 11, Name: StarCraft100"
 "11:26:46.4386366 AM","view-test.exe","24980","RegQueryKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\Compatibility","SUCCESS","Query: HandleTags, HandleTags: 0x400"
 "11:26:46.4386461 AM","view-test.exe","24980","RegOpenKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\Compatibility\StarCraft100","SUCCESS","Desired Access: Maximum Allowed, Granted Access: Read"
 "11:26:46.4386592 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\Compatibility\StarCraft100\Name","SUCCESS","Type: REG_SZ, Length: 28, Data: Starcraft.EXE"
 "11:26:46.4386670 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\Compatibility\StarCraft100\Name","SUCCESS","Type: REG_SZ, Length: 28, Data: Starcraft.EXE"
 "11:26:46.4386755 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\Compatibility\StarCraft100\Flags","SUCCESS","Type: REG_BINARY, Length: 4, Data: 00 08 00 00"
 "11:26:46.4386830 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\Compatibility\StarCraft100\ID","SUCCESS","Type: REG_BINARY, Length: 4, Data: 19 F1 1A 35"
 "11:26:46.4386911 AM","view-test.exe","24980","RegCloseKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\Compatibility\StarCraft100","SUCCESS",""
 "11:26:46.4386964 AM","view-test.exe","24980","RegEnumKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\Compatibility","SUCCESS","Index: 12, Name: StarCraft115"
 "11:26:46.4387045 AM","view-test.exe","24980","RegQueryKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\Compatibility","SUCCESS","Query: HandleTags, HandleTags: 0x400"
 "11:26:46.4387120 AM","view-test.exe","24980","RegOpenKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\Compatibility\StarCraft115","SUCCESS","Desired Access: Maximum Allowed, Granted Access: Read"
 "11:26:46.4387222 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\Compatibility\StarCraft115\Name","SUCCESS","Type: REG_SZ, Length: 28, Data: Starcraft.EXE"
 "11:26:46.4387293 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\Compatibility\StarCraft115\Name","SUCCESS","Type: REG_SZ, Length: 28, Data: Starcraft.EXE"
 "11:26:46.4387399 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\Compatibility\StarCraft115\Flags","SUCCESS","Type: REG_BINARY, Length: 4, Data: 00 08 00 00"
 "11:26:46.4387474 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\Compatibility\StarCraft115\ID","SUCCESS","Type: REG_BINARY, Length: 4, Data: FD 63 D3 46"
 "11:26:46.4387559 AM","view-test.exe","24980","RegCloseKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\Compatibility\StarCraft115","SUCCESS",""
 "11:26:46.4387615 AM","view-test.exe","24980","RegEnumKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\Compatibility","SUCCESS","Index: 13, Name: StarCraftDemo"
 "11:26:46.4387704 AM","view-test.exe","24980","RegQueryKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\Compatibility","SUCCESS","Query: HandleTags, HandleTags: 0x400"
 "11:26:46.4387782 AM","view-test.exe","24980","RegOpenKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\Compatibility\StarCraftDemo","SUCCESS","Desired Access: Maximum Allowed, Granted Access: Read"
 "11:26:46.4387884 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\Compatibility\StarCraftDemo\Name","SUCCESS","Type: REG_SZ, Length: 28, Data: Starcraft.EXE"
 "11:26:46.4387962 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\Compatibility\StarCraftDemo\Name","SUCCESS","Type: REG_SZ, Length: 28, Data: Starcraft.EXE"
 "11:26:46.4388040 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\Compatibility\StarCraftDemo\Flags","SUCCESS","Type: REG_BINARY, Length: 4, Data: 00 08 00 00"
 "11:26:46.4388114 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\Compatibility\StarCraftDemo\ID","SUCCESS","Type: REG_BINARY, Length: 4, Data: 6B 56 91 35"
 "11:26:46.4388206 AM","view-test.exe","24980","RegCloseKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\Compatibility\StarCraftDemo","SUCCESS",""
 "11:26:46.4388273 AM","view-test.exe","24980","RegEnumKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\Compatibility","SUCCESS","Index: 14, Name: Terracide"
 "11:26:46.4388362 AM","view-test.exe","24980","RegQueryKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\Compatibility","SUCCESS","Query: HandleTags, HandleTags: 0x400"
 "11:26:46.4388440 AM","view-test.exe","24980","RegOpenKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\Compatibility\Terracide","SUCCESS","Desired Access: Maximum Allowed, Granted Access: Read"
 "11:26:46.4388549 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\Compatibility\Terracide\Name","SUCCESS","Type: REG_SZ, Length: 24, Data: TERAWIN.EXE"
 "11:26:46.4388641 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\Compatibility\Terracide\Name","SUCCESS","Type: REG_SZ, Length: 24, Data: TERAWIN.EXE"
 "11:26:46.4388719 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\Compatibility\Terracide\Flags","SUCCESS","Type: REG_BINARY, Length: 4, Data: 04 00 00 00"
 "11:26:46.4388790 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\Compatibility\Terracide\ID","SUCCESS","Type: REG_BINARY, Length: 4, Data: 66 CB 95 33"
 "11:26:46.4388886 AM","view-test.exe","24980","RegCloseKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\Compatibility\Terracide","SUCCESS",""
 "11:26:46.4388939 AM","view-test.exe","24980","RegEnumKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\Compatibility","SUCCESS","Index: 15, Name: ThirdDimension"
 "11:26:46.4389020 AM","view-test.exe","24980","RegQueryKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\Compatibility","SUCCESS","Query: HandleTags, HandleTags: 0x400"
 "11:26:46.4389094 AM","view-test.exe","24980","RegOpenKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\Compatibility\ThirdDimension","SUCCESS","Desired Access: Maximum Allowed, Granted Access: Read"
 "11:26:46.4389197 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\Compatibility\ThirdDimension\Name","SUCCESS","Type: REG_SZ, Length: 18, Data: t3rd.EXE"
 "11:26:46.4389271 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\Compatibility\ThirdDimension\Name","SUCCESS","Type: REG_SZ, Length: 18, Data: t3rd.EXE"
 "11:26:46.4389346 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\Compatibility\ThirdDimension\Flags","SUCCESS","Type: REG_BINARY, Length: 4, Data: 04 00 00 00"
 "11:26:46.4389417 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\Compatibility\ThirdDimension\ID","SUCCESS","Type: REG_BINARY, Length: 4, Data: BF 81 7F 32"
 "11:26:46.4389491 AM","view-test.exe","24980","RegCloseKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\Compatibility\ThirdDimension","SUCCESS",""
 "11:26:46.4389544 AM","view-test.exe","24980","RegEnumKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\Compatibility","SUCCESS","Index: 16, Name: ZiffDavisQualityBenchmark"
 "11:26:46.4389629 AM","view-test.exe","24980","RegQueryKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\Compatibility","SUCCESS","Query: HandleTags, HandleTags: 0x400"
 "11:26:46.4389703 AM","view-test.exe","24980","RegOpenKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\Compatibility\ZiffDavisQualityBenchmark","SUCCESS","Desired Access: Maximum Allowed, Granted Access: Read"
 "11:26:46.4389813 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\Compatibility\ZiffDavisQualityBenchmark\Name","SUCCESS","Type: REG_SZ, Length: 26, Data: BEND3DIM.EXE"
 "11:26:46.4389884 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\Compatibility\ZiffDavisQualityBenchmark\Name","SUCCESS","Type: REG_SZ, Length: 26, Data: BEND3DIM.EXE"
 "11:26:46.4389954 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\Compatibility\ZiffDavisQualityBenchmark\Flags","SUCCESS","Type: REG_BINARY, Length: 4, Data: 04 00 00 00"
 "11:26:46.4390025 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\Compatibility\ZiffDavisQualityBenchmark\ID","SUCCESS","Type: REG_BINARY, Length: 4, Data: 6D 5B 4D 33"
 "11:26:46.4390103 AM","view-test.exe","24980","RegCloseKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\Compatibility\ZiffDavisQualityBenchmark","SUCCESS",""
 "11:26:46.4390156 AM","view-test.exe","24980","RegEnumKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\Compatibility","SUCCESS","Index: 17, Name: ZiffDavisWinMarkBenchmark"
 "11:26:46.4390234 AM","view-test.exe","24980","RegQueryKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\Compatibility","SUCCESS","Query: HandleTags, HandleTags: 0x400"
 "11:26:46.4390308 AM","view-test.exe","24980","RegOpenKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\Compatibility\ZiffDavisWinMarkBenchmark","SUCCESS","Desired Access: Maximum Allowed, Granted Access: Read"
 "11:26:46.4390407 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\Compatibility\ZiffDavisWinMarkBenchmark\Name","SUCCESS","Type: REG_SZ, Length: 20, Data: WBD3D.EXE"
 "11:26:46.4390482 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\Compatibility\ZiffDavisWinMarkBenchmark\Name","SUCCESS","Type: REG_SZ, Length: 20, Data: WBD3D.EXE"
 "11:26:46.4390553 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\Compatibility\ZiffDavisWinMarkBenchmark\Flags","SUCCESS","Type: REG_BINARY, Length: 4, Data: 04 00 00 00"
 "11:26:46.4390623 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\Compatibility\ZiffDavisWinMarkBenchmark\ID","SUCCESS","Type: REG_BINARY, Length: 4, Data: 46 FC 4B 33"
 "11:26:46.4390722 AM","view-test.exe","24980","RegCloseKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\Compatibility\ZiffDavisWinMarkBenchmark","SUCCESS",""
 "11:26:46.4390779 AM","view-test.exe","24980","RegEnumKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\Compatibility","NO MORE ENTRIES","Index: 18, Length: 288"
 "11:26:46.4391030 AM","view-test.exe","24980","RegCloseKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\Compatibility","SUCCESS",""
 "11:26:46.4391098 AM","view-test.exe","24980","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
 "11:26:46.4391197 AM","view-test.exe","24980","RegOpenKey","HKLM\Software\Wow6432Node\Microsoft\DirectDraw\GammaCalibrator","NAME NOT FOUND","Desired Access: Maximum Allowed"
 "11:26:46.4391926 AM","view-test.exe","24980","CreateFile","C:\dev\GIT\Red\view-test.exe","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, AllocationSize: n/a, OpenResult: Opened"
 "11:26:46.4392184 AM","view-test.exe","24980","ReadFile","C:\dev\GIT\Red\view-test.exe","SUCCESS","Offset: 0, Length: 64, Priority: Normal"
 "11:26:46.4392471 AM","view-test.exe","24980","ReadFile","C:\dev\GIT\Red\view-test.exe","SUCCESS","Offset: 128, Length: 248, Priority: Normal"
 "11:26:46.4392591 AM","view-test.exe","24980","CloseFile","C:\dev\GIT\Red\view-test.exe","SUCCESS",""
 "11:26:46.4392718 AM","view-test.exe","24980","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
 "11:26:46.4392839 AM","view-test.exe","24980","RegCreateKey","HKLM\Software\Wow6432Node\Microsoft\DirectDraw\MostRecentApplication","REPARSE","Desired Access: Maximum Allowed"
 "11:26:46.4392977 AM","view-test.exe","24980","RegCreateKey","HKCU\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\MostRecentApplication","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
 "11:26:46.4393090 AM","view-test.exe","24980","RegSetInfoKey","HKCU\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\MostRecentApplication","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.4393164 AM","view-test.exe","24980","RegQueryKey","HKCU\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\MostRecentApplication","SUCCESS","Query: HandleTags, HandleTags: 0x0"
 "11:26:46.4393338 AM","view-test.exe","24980","RegCloseKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\MostRecentApplication","SUCCESS",""
 "11:26:46.4393416 AM","view-test.exe","24980","RegSetValue","HKCU\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\MostRecentApplication\Name","SUCCESS","Type: REG_SZ, Length: 28, Data: view-test.exe"
 "11:26:46.4393543 AM","view-test.exe","24980","RegSetValue","HKCU\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\MostRecentApplication\ID","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1444735421"
 "11:26:46.4393614 AM","view-test.exe","24980","RegCloseKey","HKCU\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\MostRecentApplication","SUCCESS",""
 "11:26:46.4393716 AM","view-test.exe","24980","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
 "11:26:46.4393819 AM","view-test.exe","24980","RegOpenKey","HKLM\Software\Wow6432Node\Microsoft\DirectDraw","SUCCESS","Desired Access: Maximum Allowed, Granted Access: Read"
 "11:26:46.4393932 AM","view-test.exe","24980","RegSetInfoKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\DirectDraw","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.4393992 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\ModeXOnly","NAME NOT FOUND","Length: 144"
 "11:26:46.4394070 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\EmulationOnly","NAME NOT FOUND","Length: 144"
 "11:26:46.4394134 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\ShowFrameRate","NAME NOT FOUND","Length: 144"
 "11:26:46.4394187 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\EnablePrintScreen","NAME NOT FOUND","Length: 144"
 "11:26:46.4394261 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\ForceAGPSupport","NAME NOT FOUND","Length: 144"
 "11:26:46.4394357 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\DisableAGPSupport","NAME NOT FOUND","Length: 144"
 "11:26:46.4394414 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\DisableMMX","NAME NOT FOUND","Length: 144"
 "11:26:46.4394499 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\DisableDDSCAPSInDDSD","NAME NOT FOUND","Length: 144"
 "11:26:46.4394552 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\DisableWiderSurfaces","NAME NOT FOUND","Length: 144"
 "11:26:46.4394629 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\UseNonLocalVidMem","NAME NOT FOUND","Length: 144"
 "11:26:46.4394686 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\ForceRefreshRate","NAME NOT FOUND","Length: 144"
 "11:26:46.4394753 AM","view-test.exe","24980","RegCloseKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\DirectDraw","SUCCESS",""
 "11:26:46.4394817 AM","view-test.exe","24980","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
 "11:26:46.4394927 AM","view-test.exe","24980","RegOpenKey","HKLM\Software\Wow6432Node\Microsoft\Direct3D","REPARSE","Desired Access: Maximum Allowed"
 "11:26:46.4395047 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Direct3D","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
 "11:26:46.4395136 AM","view-test.exe","24980","RegSetInfoKey","HKCU\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Direct3D","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.4395189 AM","view-test.exe","24980","RegQueryValue","HKCU\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Direct3D\FlipNoVsync","NAME NOT FOUND","Length: 144"
 "11:26:46.4395284 AM","view-test.exe","24980","RegCloseKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Direct3D","SUCCESS",""
 "11:26:46.4395344 AM","view-test.exe","24980","RegCloseKey","HKCU\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Direct3D","SUCCESS",""
 "11:26:46.4396229 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Enum\ACPI\PNP0A08\0","SUCCESS","Desired Access: Read"
 "11:26:46.4396381 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Enum\ACPI\PNP0A08\0\UINumber","NAME NOT FOUND","Length: 360"
 "11:26:46.4396512 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Enum\ACPI\PNP0A08\0","SUCCESS",""
 "11:26:46.4407543 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Enum\PCI\VEN_8086&DEV_0C01&SUBSYS_05CC1028&REV_06\3&11583659&0&08","SUCCESS","Desired Access: Read"
 "11:26:46.4407720 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Enum\PCI\VEN_8086&DEV_0C01&SUBSYS_05CC1028&REV_06\3&11583659&0&08\UINumber","NAME NOT FOUND","Length: 360"
 "11:26:46.4407872 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Enum\PCI\VEN_8086&DEV_0C01&SUBSYS_05CC1028&REV_06\3&11583659&0&08","SUCCESS",""
 "11:26:46.4408509 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Enum\ACPI\PNP0A08\0","SUCCESS","Desired Access: Read"
 "11:26:46.4408630 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Enum\ACPI\PNP0A08\0\UINumber","NAME NOT FOUND","Length: 360"
 "11:26:46.4408747 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Enum\ACPI\PNP0A08\0","SUCCESS",""
 "11:26:46.4409921 AM","view-test.exe","24980","CreateFile","C:\dev\GIT\Red\nvumdshim.dll","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
 "11:26:46.4411291 AM","view-test.exe","24980","CreateFile","C:\Windows\SysWOW64\nvumdshim.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
 "11:26:46.4411525 AM","view-test.exe","24980","QueryBasicInformationFile","C:\Windows\SysWOW64\nvumdshim.dll","SUCCESS","CreationTime: 12/5/2014 2:13:11 PM, LastAccessTime: 7/3/2015 4:29:36 PM, LastWriteTime: 6/17/2015 11:10:27 AM, ChangeTime: 7/3/2015 4:29:51 PM, FileAttributes: A"
 "11:26:46.4411631 AM","view-test.exe","24980","CloseFile","C:\Windows\SysWOW64\nvumdshim.dll","SUCCESS",""
 "11:26:46.4412427 AM","view-test.exe","24980","CreateFile","C:\Windows\SysWOW64\nvumdshim.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
 "11:26:46.4412632 AM","view-test.exe","24980","CreateFileMapping","C:\Windows\SysWOW64\nvumdshim.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: "
 "11:26:46.4413022 AM","view-test.exe","24980","CreateFileMapping","C:\Windows\SysWOW64\nvumdshim.dll","SUCCESS","SyncType: SyncTypeOther"
 "11:26:46.4413298 AM","view-test.exe","24980","Load Image","C:\Windows\SysWOW64\nvumdshim.dll","SUCCESS","Image Base: 0x6b890000, Image Size: 0xeb000"
 "11:26:46.4413425 AM","view-test.exe","24980","CloseFile","C:\Windows\SysWOW64\nvumdshim.dll","SUCCESS",""
 "11:26:46.4416479 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Enum\ACPI\PNP0A08\0","SUCCESS","Desired Access: Read"
 "11:26:46.4416646 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Enum\ACPI\PNP0A08\0\UINumber","NAME NOT FOUND","Length: 360"
 "11:26:46.4416791 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Enum\ACPI\PNP0A08\0","SUCCESS",""
 "11:26:46.4417343 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Control\GraphicsDrivers\Scheduler","REPARSE","Desired Access: Read, Maximum Allowed"
 "11:26:46.4417474 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Control\GraphicsDrivers\Scheduler","SUCCESS","Desired Access: Read, Maximum Allowed"
 "11:26:46.4417590 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Control\GraphicsDrivers\Scheduler\FlipOverrideMode","NAME NOT FOUND","Length: 134"
 "11:26:46.4417682 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Control\GraphicsDrivers\Scheduler","SUCCESS",""
 "11:26:46.4418121 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Enum\ACPI\PNP0A08\0","SUCCESS","Desired Access: Read"
 "11:26:46.4418249 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Enum\ACPI\PNP0A08\0\UINumber","NAME NOT FOUND","Length: 360"
 "11:26:46.4418401 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Enum\ACPI\PNP0A08\0","SUCCESS",""
 "11:26:46.4418949 AM","view-test.exe","24980","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
 "11:26:46.4419080 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Control\Video\{BA86A327-71E2-426F-9F8A-30608887E2D4}\0000","REPARSE","Desired Access: Query Value"
 "11:26:46.4419201 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Control\Video\{BA86A327-71E2-426F-9F8A-30608887E2D4}\0000","SUCCESS","Desired Access: Query Value"
 "11:26:46.4419317 AM","view-test.exe","24980","RegSetInfoKey","HKLM\System\CurrentControlSet\Control\CLASS\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.4419402 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Control\CLASS\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000\UserModeDriverNameWowNOSHIM","NAME NOT FOUND","Length: 144"
 "11:26:46.4419540 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Control\CLASS\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000\UserModeDriverNameWow","SUCCESS","Type: REG_MULTI_SZ, Length: 96, Data: igdumdim32.dll, igd10iumd32.dll, igd10iumd32.dll"
 "11:26:46.4419632 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Control\CLASS\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000\UserModeDriverNameWow","SUCCESS","Type: REG_MULTI_SZ, Length: 96, Data: igdumdim32.dll, igd10iumd32.dll, igd10iumd32.dll"
 "11:26:46.4419742 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Control\CLASS\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000","SUCCESS",""
 "11:26:46.4419838 AM","view-test.exe","24980","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
 "11:26:46.4419933 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Control\Video\{BA86A327-71E2-426F-9F8A-30608887E2D4}\0000","REPARSE","Desired Access: Query Value"
 "11:26:46.4420011 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Control\Video\{BA86A327-71E2-426F-9F8A-30608887E2D4}\0000","SUCCESS","Desired Access: Query Value"
 "11:26:46.4420085 AM","view-test.exe","24980","RegSetInfoKey","HKLM\System\CurrentControlSet\Control\CLASS\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.4420160 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Control\CLASS\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000\rmGpuId","NAME NOT FOUND","Length: 144"
 "11:26:46.4420284 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Control\CLASS\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000","SUCCESS",""
 "11:26:46.4420354 AM","view-test.exe","24980","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
 "11:26:46.4420446 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Control\Video\{BA86A327-71E2-426F-9F8A-30608887E2D4}\0000","REPARSE","Desired Access: Query Value"
 "11:26:46.4420521 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Control\Video\{BA86A327-71E2-426F-9F8A-30608887E2D4}\0000","SUCCESS","Desired Access: Query Value"
 "11:26:46.4420584 AM","view-test.exe","24980","RegSetInfoKey","HKLM\System\CurrentControlSet\Control\CLASS\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.4420648 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Control\CLASS\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000\rmGpuId","NAME NOT FOUND","Length: 144"
 "11:26:46.4420761 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Control\CLASS\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000","SUCCESS",""
 "11:26:46.4420825 AM","view-test.exe","24980","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
 "11:26:46.4420924 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Control\Video\{BA86A327-71E2-426F-9F8A-30608887E2D4}\0001","REPARSE","Desired Access: Query Value"
 "11:26:46.4421002 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Control\Video\{BA86A327-71E2-426F-9F8A-30608887E2D4}\0001","SUCCESS","Desired Access: Query Value"
 "11:26:46.4421069 AM","view-test.exe","24980","RegSetInfoKey","HKLM\System\CurrentControlSet\Control\CLASS\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.4421129 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Control\CLASS\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000\rmGpuId","NAME NOT FOUND","Length: 144"
 "11:26:46.4421239 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Control\CLASS\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000","SUCCESS",""
 "11:26:46.4421303 AM","view-test.exe","24980","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
 "11:26:46.4421384 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Control\Video\{BA86A327-71E2-426F-9F8A-30608887E2D4}\0002","REPARSE","Desired Access: Query Value"
 "11:26:46.4421469 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Control\Video\{BA86A327-71E2-426F-9F8A-30608887E2D4}\0002","SUCCESS","Desired Access: Query Value"
 "11:26:46.4421540 AM","view-test.exe","24980","RegSetInfoKey","HKLM\System\CurrentControlSet\Control\CLASS\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.4421604 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Control\CLASS\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000\rmGpuId","NAME NOT FOUND","Length: 144"
 "11:26:46.4421713 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Control\CLASS\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000","SUCCESS",""
 "11:26:46.4421781 AM","view-test.exe","24980","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
 "11:26:46.4421866 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Control\Video\{47F3E9C5-EBBC-4BE9-832F-73DC6589F2B5}\0000","REPARSE","Desired Access: Query Value"
 "11:26:46.4421943 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Control\Video\{47F3E9C5-EBBC-4BE9-832F-73DC6589F2B5}\0000","SUCCESS","Desired Access: Query Value"
 "11:26:46.4422021 AM","view-test.exe","24980","RegSetInfoKey","HKLM\System\CurrentControlSet\Control\CLASS\{4D36E968-E325-11CE-BFC1-08002BE10318}\0001","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.4422089 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Control\CLASS\{4D36E968-E325-11CE-BFC1-08002BE10318}\0001\rmGpuId","SUCCESS","Type: REG_DWORD, Length: 4, Data: 256"
 "11:26:46.4422202 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Control\CLASS\{4D36E968-E325-11CE-BFC1-08002BE10318}\0001","SUCCESS",""
 "11:26:46.4422276 AM","view-test.exe","24980","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
 "11:26:46.4422365 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Control\Video\{47F3E9C5-EBBC-4BE9-832F-73DC6589F2B5}\0000","REPARSE","Desired Access: Query Value"
 "11:26:46.4422467 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Control\Video\{47F3E9C5-EBBC-4BE9-832F-73DC6589F2B5}\0000","SUCCESS","Desired Access: Query Value"
 "11:26:46.4422595 AM","view-test.exe","24980","RegSetInfoKey","HKLM\System\CurrentControlSet\Control\CLASS\{4D36E968-E325-11CE-BFC1-08002BE10318}\0001","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.4422701 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Control\CLASS\{4D36E968-E325-11CE-BFC1-08002BE10318}\0001\UserModeDriverNameWowNOSHIM","NAME NOT FOUND","Length: 144"
 "11:26:46.4422814 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Control\CLASS\{4D36E968-E325-11CE-BFC1-08002BE10318}\0001\UserModeDriverNameWow","SUCCESS","Type: REG_MULTI_SZ, Length: 78, Data: nvd3dum.dll, nvwgf2um.dll, nvwgf2um.dll"
 "11:26:46.4422906 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Control\CLASS\{4D36E968-E325-11CE-BFC1-08002BE10318}\0001\UserModeDriverNameWow","SUCCESS","Type: REG_MULTI_SZ, Length: 78, Data: nvd3dum.dll, nvwgf2um.dll, nvwgf2um.dll"
 "11:26:46.4423012 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Control\CLASS\{4D36E968-E325-11CE-BFC1-08002BE10318}\0001","SUCCESS",""
 "11:26:46.4424686 AM","view-test.exe","24980","CreateFile","C:\Windows\SysWOW64\igdumdim32.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
 "11:26:46.4424909 AM","view-test.exe","24980","QueryBasicInformationFile","C:\Windows\SysWOW64\igdumdim32.dll","SUCCESS","CreationTime: 12/5/2014 3:31:46 PM, LastAccessTime: 12/5/2014 3:31:46 PM, LastWriteTime: 1/23/2014 12:48:26 AM, ChangeTime: 12/5/2014 2:08:59 PM, FileAttributes: A"
 "11:26:46.4425015 AM","view-test.exe","24980","CloseFile","C:\Windows\SysWOW64\igdumdim32.dll","SUCCESS",""
 "11:26:46.4425988 AM","view-test.exe","24980","CreateFile","C:\Windows\SysWOW64\igdumdim32.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
 "11:26:46.4426201 AM","view-test.exe","24980","CreateFileMapping","C:\Windows\SysWOW64\igdumdim32.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: "
 "11:26:46.4426664 AM","view-test.exe","24980","CreateFileMapping","C:\Windows\SysWOW64\igdumdim32.dll","SUCCESS","SyncType: SyncTypeOther"
 "11:26:46.4427061 AM","view-test.exe","24980","Load Image","C:\Windows\SysWOW64\igdumdim32.dll","SUCCESS","Image Base: 0x6a6b0000, Image Size: 0x11d3000"
 "11:26:46.4427220 AM","view-test.exe","24980","CloseFile","C:\Windows\SysWOW64\igdumdim32.dll","SUCCESS",""
 "11:26:46.4428735 AM","view-test.exe","24980","CreateFile","C:\dev\GIT\Red\igdusc32.dll","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
 "11:26:46.4430048 AM","view-test.exe","24980","CreateFile","C:\Windows\SysWOW64\igdusc32.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
 "11:26:46.4430246 AM","view-test.exe","24980","QueryBasicInformationFile","C:\Windows\SysWOW64\igdusc32.dll","SUCCESS","CreationTime: 12/5/2014 3:31:47 PM, LastAccessTime: 12/5/2014 3:31:47 PM, LastWriteTime: 1/23/2014 12:34:26 AM, ChangeTime: 12/5/2014 2:08:57 PM, FileAttributes: A"
 "11:26:46.4430345 AM","view-test.exe","24980","CloseFile","C:\Windows\SysWOW64\igdusc32.dll","SUCCESS",""
 "11:26:46.4431134 AM","view-test.exe","24980","CreateFile","C:\Windows\SysWOW64\igdusc32.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
 "11:26:46.4431329 AM","view-test.exe","24980","CreateFileMapping","C:\Windows\SysWOW64\igdusc32.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: "
 "11:26:46.4431676 AM","view-test.exe","24980","CreateFileMapping","C:\Windows\SysWOW64\igdusc32.dll","SUCCESS","SyncType: SyncTypeOther"
 "11:26:46.4431969 AM","view-test.exe","24980","Load Image","C:\Windows\SysWOW64\igdusc32.dll","SUCCESS","Image Base: 0x6a340000, Image Size: 0x36b000"
 "11:26:46.4432100 AM","view-test.exe","24980","CloseFile","C:\Windows\SysWOW64\igdusc32.dll","SUCCESS",""
 "11:26:46.4436779 AM","view-test.exe","24980","RegOpenKey","HKLM\Hardware\DeviceMap\VIDEO","SUCCESS","Desired Access: Read, Maximum Allowed"
 "11:26:46.4436920 AM","view-test.exe","24980","RegQueryValue","HKLM\HARDWARE\DEVICEMAP\VIDEO\MaxObjectNumber","SUCCESS","Type: REG_DWORD, Length: 4, Data: 10"
 "11:26:46.4437048 AM","view-test.exe","24980","RegCloseKey","HKLM\HARDWARE\DEVICEMAP\VIDEO","SUCCESS",""
 "11:26:46.4437189 AM","view-test.exe","24980","RegOpenKey","HKLM\Hardware\DeviceMap\Video","SUCCESS","Desired Access: Read"
 "11:26:46.4437310 AM","view-test.exe","24980","RegQueryValue","HKLM\HARDWARE\DEVICEMAP\VIDEO\\Device\Video4","SUCCESS","Type: REG_SZ, Length: 202, Data: \Registry\Machine\System\CurrentControlSet\Control\Video\{BA86A327-71E2-426F-9F8A-30608887E2D4}\0000"
 "11:26:46.4437476 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\CONTROL\VIDEO\{BA86A327-71E2-426F-9F8A-30608887E2D4}\0000","REPARSE","Desired Access: Read"
 "11:26:46.4437582 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\CONTROL\VIDEO\{BA86A327-71E2-426F-9F8A-30608887E2D4}\0000","SUCCESS","Desired Access: Read"
 "11:26:46.4437699 AM","view-test.exe","24980","RegCloseKey","HKLM\HARDWARE\DEVICEMAP\VIDEO","SUCCESS",""
 "11:26:46.4437773 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Control\CLASS\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000\PruningMode","NAME NOT FOUND","Length: 52"
 "11:26:46.4437897 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Control\CLASS\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000","SUCCESS",""
 "11:26:46.4437989 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Enum\PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028&REV_06\3&11583659&0&10","SUCCESS","Desired Access: Read"
 "11:26:46.4438085 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Enum\PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028&REV_06\3&11583659&0&10\HardwareID","SUCCESS","Type: REG_MULTI_SZ, Length: 292, Data: PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028&REV_06, PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028, PCI\VEN_8086&DEV_0416&CC_030000, PCI\VEN_8086&DEV_0416&CC_0300"
 "11:26:46.4438191 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Enum\PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028&REV_06\3&11583659&0&10","SUCCESS",""
 "11:26:46.4438272 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Enum\PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028&REV_06\3&11583659&0&10","SUCCESS","Desired Access: Read"
 "11:26:46.4438347 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Enum\PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028&REV_06\3&11583659&0&10\HardwareID","SUCCESS","Type: REG_MULTI_SZ, Length: 292, Data: PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028&REV_06, PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028, PCI\VEN_8086&DEV_0416&CC_030000, PCI\VEN_8086&DEV_0416&CC_0300"
 "11:26:46.4438449 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Enum\PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028&REV_06\3&11583659&0&10","SUCCESS",""
 "11:26:46.4438541 AM","view-test.exe","24980","RegOpenKey","HKLM\Hardware\DeviceMap\Video","SUCCESS","Desired Access: Read"
 "11:26:46.4438619 AM","view-test.exe","24980","RegQueryValue","HKLM\HARDWARE\DEVICEMAP\VIDEO\\Device\Video4","SUCCESS","Type: REG_SZ, Length: 202, Data: \Registry\Machine\System\CurrentControlSet\Control\Video\{BA86A327-71E2-426F-9F8A-30608887E2D4}\0000"
 "11:26:46.4438715 AM","view-test.exe","24980","RegCloseKey","HKLM\HARDWARE\DEVICEMAP\VIDEO","SUCCESS",""
 "11:26:46.4440771 AM","view-test.exe","24980","CreateFile","C:\Windows\SysWOW64\gdi32.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
 "11:26:46.4441404 AM","view-test.exe","24980","QueryBasicInformationFile","C:\Windows\SysWOW64\gdi32.dll","SUCCESS","CreationTime: 7/17/2015 10:02:47 AM, LastAccessTime: 7/17/2015 10:02:47 AM, LastWriteTime: 6/17/2015 7:37:03 PM, ChangeTime: 7/20/2015 9:22:24 AM, FileAttributes: A"
 "11:26:46.4441518 AM","view-test.exe","24980","CloseFile","C:\Windows\SysWOW64\gdi32.dll","SUCCESS",""
 "11:26:46.4442186 AM","view-test.exe","24980","CreateFile","C:\Windows\SysWOW64\gdi32.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
 "11:26:46.4442770 AM","view-test.exe","24980","CreateFileMapping","C:\Windows\SysWOW64\gdi32.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: "
 "11:26:46.4443131 AM","view-test.exe","24980","CreateFileMapping","C:\Windows\SysWOW64\gdi32.dll","SUCCESS","SyncType: SyncTypeOther"
 "11:26:46.4443998 AM","view-test.exe","24980","Load Image","C:\Windows\SysWOW64\gdi32.dll","SUCCESS","Image Base: 0x3e60000, Image Size: 0x90000"
 "11:26:46.4444143 AM","view-test.exe","24980","CloseFile","C:\Windows\SysWOW64\gdi32.dll","SUCCESS",""
 "11:26:46.4446040 AM","view-test.exe","24980","CreateFile","C:\Windows\SysWOW64\nvd3dum.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
 "11:26:46.4446278 AM","view-test.exe","24980","QueryBasicInformationFile","C:\Windows\SysWOW64\nvd3dum.dll","SUCCESS","CreationTime: 12/5/2014 2:13:09 PM, LastAccessTime: 7/3/2015 4:29:36 PM, LastWriteTime: 6/17/2015 11:10:27 AM, ChangeTime: 7/3/2015 4:29:50 PM, FileAttributes: A"
 "11:26:46.4446380 AM","view-test.exe","24980","CloseFile","C:\Windows\SysWOW64\nvd3dum.dll","SUCCESS",""
 "11:26:46.4447127 AM","view-test.exe","24980","CreateFile","C:\Windows\SysWOW64\nvd3dum.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
 "11:26:46.4447325 AM","view-test.exe","24980","CreateFileMapping","C:\Windows\SysWOW64\nvd3dum.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: "
 "11:26:46.4447686 AM","view-test.exe","24980","CreateFileMapping","C:\Windows\SysWOW64\nvd3dum.dll","SUCCESS","SyncType: SyncTypeOther"
 "11:26:46.4448097 AM","view-test.exe","24980","Load Image","C:\Windows\SysWOW64\nvd3dum.dll","SUCCESS","Image Base: 0x69700000, Image Size: 0xc3e000"
 "11:26:46.4448295 AM","view-test.exe","24980","CloseFile","C:\Windows\SysWOW64\nvd3dum.dll","SUCCESS",""
 "11:26:46.4450273 AM","view-test.exe","24980","Load Image","C:\Windows\SysWOW64\psapi.dll","SUCCESS","Image Base: 0x76a70000, Image Size: 0x5000"
 "11:26:46.4452772 AM","view-test.exe","24980","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
 "11:26:46.4453009 AM","view-test.exe","24980","RegOpenKey","HKLM\SOFTWARE\Wow6432Node\NVIDIA Corporation\Global\Stereo3D","SUCCESS","Desired Access: Query Value"
 "11:26:46.4453285 AM","view-test.exe","24980","RegSetInfoKey","HKLM\SOFTWARE\Wow6432Node\NVIDIA Corporation\Global\Stereo3D","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.4453391 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\Wow6432Node\NVIDIA Corporation\Global\Stereo3D\DrsEnable","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1"
 "11:26:46.4453578 AM","view-test.exe","24980","RegCloseKey","HKLM\SOFTWARE\Wow6432Node\NVIDIA Corporation\Global\Stereo3D","SUCCESS",""
 "11:26:46.4464680 AM","view-test.exe","24980","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
 "11:26:46.4464804 AM","view-test.exe","24980","RegOpenKey","HKLM\SOFTWARE\NVIDIA Corporation\Global\NVTweak","SUCCESS","Desired Access: Read"
 "11:26:46.4464988 AM","view-test.exe","24980","RegSetInfoKey","HKLM\SOFTWARE\NVIDIA Corporation\Global\NVTweak","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.4465052 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\NVIDIA Corporation\Global\NVTweak\DisableSaveAppTimestamp","NAME NOT FOUND","Length: 144"
 "11:26:46.4465147 AM","view-test.exe","24980","RegCloseKey","HKLM\SOFTWARE\NVIDIA Corporation\Global\NVTweak","SUCCESS",""
 "11:26:46.4465448 AM","view-test.exe","24980","Thread Create","","SUCCESS","Thread ID: 33204"
 "11:26:46.4465901 AM","view-test.exe","24980","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
 "11:26:46.4466029 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Control\Video\{47F3E9C5-EBBC-4BE9-832F-73DC6589F2B5}\0000","REPARSE","Desired Access: Query Value"
 "11:26:46.4466135 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Control\Video\{47F3E9C5-EBBC-4BE9-832F-73DC6589F2B5}\0000","SUCCESS","Desired Access: Query Value"
 "11:26:46.4466234 AM","view-test.exe","24980","RegSetInfoKey","HKLM\System\CurrentControlSet\Control\CLASS\{4D36E968-E325-11CE-BFC1-08002BE10318}\0001","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.4466315 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Control\CLASS\{4D36E968-E325-11CE-BFC1-08002BE10318}\0001\D3DOGL_30008600","NAME NOT FOUND","Length: 144"
 "11:26:46.4466425 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Control\CLASS\{4D36E968-E325-11CE-BFC1-08002BE10318}\0001","SUCCESS",""
 "11:26:46.4466740 AM","view-test.exe","24980","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
 "11:26:46.4466867 AM","view-test.exe","24980","RegOpenKey","HKLM\SOFTWARE\Wow6432Node\Intel\EventTrace","NAME NOT FOUND","Desired Access: Query Value"
 "11:26:46.4467416 AM","view-test.exe","24980","CreateFile","C:\ProgramData\NVIDIA Corporation\Drs","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
 "11:26:46.4467434 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Enum\ACPI\PNP0A08\0","SUCCESS","Desired Access: Read"
 "11:26:46.4467589 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Enum\ACPI\PNP0A08\0\UINumber","NAME NOT FOUND","Length: 360"
 "11:26:46.4467664 AM","view-test.exe","24980","QueryBasicInformationFile","C:\ProgramData\NVIDIA Corporation\Drs","SUCCESS","CreationTime: 12/5/2014 2:13:29 PM, LastAccessTime: 12/5/2014 2:23:07 PM, LastWriteTime: 12/5/2014 2:23:07 PM, ChangeTime: 12/5/2014 2:23:07 PM, FileAttributes: DNCI"
 "11:26:46.4467724 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Enum\ACPI\PNP0A08\0","SUCCESS",""
 "11:26:46.4467770 AM","view-test.exe","24980","CloseFile","C:\ProgramData\NVIDIA Corporation\Drs","SUCCESS",""
 "11:26:46.4468131 AM","view-test.exe","24980","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
 "11:26:46.4468244 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Intel\Display\igfxcui\3D","SUCCESS","Desired Access: Read"
 "11:26:46.4468350 AM","view-test.exe","24980","RegSetInfoKey","HKCU\Software\Intel\Display\igfxcui\3D","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.4468364 AM","view-test.exe","24980","CreateFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Desired Access: Generic Read/Write, Disposition: OpenIf, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: None, AllocationSize: 0, OpenResult: Opened"
 "11:26:46.4468414 AM","view-test.exe","24980","RegQueryValue","HKCU\Software\Intel\Display\igfxcui\3D\default","SUCCESS","Type: REG_BINARY, Length: 24, Data: 01 00 00 00 01 00 00 00 01 00 00 00 00 00 00 00"
 "11:26:46.4468509 AM","view-test.exe","24980","RegCloseKey","HKCU\Software\Intel\Display\igfxcui\3D","SUCCESS",""
 "11:26:46.4468640 AM","view-test.exe","24980","QueryStandardInformationFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","AllocationSize: 16,384, EndOfFile: 12,738, NumberOfLinks: 1, DeletePending: False, Directory: False"
 "11:26:46.4468686 AM","view-test.exe","24980","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
 "11:26:46.4468747 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 0, Length: 2, Priority: Normal"
 "11:26:46.4468782 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Control\CLASS\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000","SUCCESS","Desired Access: Read"
 "11:26:46.4468874 AM","view-test.exe","24980","RegSetInfoKey","HKLM\System\CurrentControlSet\Control\CLASS\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:46.4468920 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 2, Length: 4"
 "11:26:46.4468941 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Control\CLASS\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000\@view-test.exe","NAME NOT FOUND","Length: 144"
 "11:26:46.4469016 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 6, Length: 64"
 "11:26:46.4469069 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Control\CLASS\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000","SUCCESS",""
 "11:26:46.4469100 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 70, Length: 8"
 "11:26:46.4469171 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 78, Length: 4"
 "11:26:46.4469242 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 82, Length: 108"
 "11:26:46.4469320 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 190, Length: 8"
 "11:26:46.4469391 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 198, Length: 4"
 "11:26:46.4469469 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 202, Length: 120"
 "11:26:46.4469561 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 322, Length: 8"
 "11:26:46.4469670 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 330, Length: 4"
 "11:26:46.4469745 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 334, Length: 120"
 "11:26:46.4469819 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 454, Length: 8"
 "11:26:46.4469890 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 462, Length: 4"
 "11:26:46.4469960 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 466, Length: 150"
 "11:26:46.4470035 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 616, Length: 8"
 "11:26:46.4470102 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 624, Length: 4"
 "11:26:46.4470180 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 628, Length: 146"
 "11:26:46.4470254 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 774, Length: 8"
 "11:26:46.4470346 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 782, Length: 4"
 "11:26:46.4470452 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 786, Length: 86"
 "11:26:46.4470551 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 872, Length: 8"
 "11:26:46.4470622 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 880, Length: 4"
 "11:26:46.4470704 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 884, Length: 90"
 "11:26:46.4470774 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 974, Length: 8"
 "11:26:46.4470866 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 982, Length: 4"
 "11:26:46.4470937 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 986, Length: 120"
 "11:26:46.4471054 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 1,106, Length: 8"
 "11:26:46.4471146 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 1,114, Length: 4"
 "11:26:46.4471242 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 1,118, Length: 52"
 "11:26:46.4471319 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 1,170, Length: 8"
 "11:26:46.4471415 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 1,178, Length: 4"
 "11:26:46.4471532 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 1,182, Length: 64"
 "11:26:46.4471613 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 1,246, Length: 8"
 "11:26:46.4471702 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 1,254, Length: 4"
 "11:26:46.4471840 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 1,258, Length: 86"
 "11:26:46.4471921 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 1,344, Length: 8"
 "11:26:46.4472013 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 1,352, Length: 4"
 "11:26:46.4472094 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 1,356, Length: 62"
 "11:26:46.4472194 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 1,418, Length: 8"
 "11:26:46.4472268 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 1,426, Length: 4"
 "11:26:46.4472342 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 1,430, Length: 118"
 "11:26:46.4472445 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 1,548, Length: 8"
 "11:26:46.4472618 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 1,556, Length: 4"
 "11:26:46.4472728 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 1,560, Length: 150"
 "11:26:46.4472834 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 1,710, Length: 8"
 "11:26:46.4472926 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 1,718, Length: 4"
 "11:26:46.4473018 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 1,722, Length: 78"
 "11:26:46.4473142 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 1,800, Length: 8"
 "11:26:46.4473230 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 1,808, Length: 4"
 "11:26:46.4473326 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 1,812, Length: 64"
 "11:26:46.4473411 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 1,876, Length: 8"
 "11:26:46.4473496 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 1,884, Length: 4"
 "11:26:46.4473616 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 1,888, Length: 114"
 "11:26:46.4473729 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 2,002, Length: 8"
 "11:26:46.4473853 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 2,010, Length: 4"
 "11:26:46.4474030 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 2,014, Length: 118"
 "11:26:46.4474172 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 2,132, Length: 8"
 "11:26:46.4474278 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 2,140, Length: 4"
 "11:26:46.4474384 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 2,144, Length: 112"
 "11:26:46.4474473 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 2,256, Length: 8"
 "11:26:46.4474547 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 2,264, Length: 4"
 "11:26:46.4474657 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 2,268, Length: 140"
 "11:26:46.4474735 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 2,408, Length: 8"
 "11:26:46.4474819 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 2,416, Length: 4"
 "11:26:46.4474897 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 2,420, Length: 62"
 "11:26:46.4474996 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 2,482, Length: 8"
 "11:26:46.4475085 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 2,490, Length: 4"
 "11:26:46.4475191 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 2,494, Length: 150"
 "11:26:46.4475269 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 2,644, Length: 8"
 "11:26:46.4475347 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 2,652, Length: 4"
 "11:26:46.4475446 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 2,656, Length: 150"
 "11:26:46.4475531 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 2,806, Length: 8"
 "11:26:46.4475605 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 2,814, Length: 4"
 "11:26:46.4475690 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 2,818, Length: 146"
 "11:26:46.4475786 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 2,964, Length: 8"
 "11:26:46.4475874 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 2,972, Length: 4"
 "11:26:46.4475955 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 2,976, Length: 64"
 "11:26:46.4476037 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 3,040, Length: 8"
 "11:26:46.4476111 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 3,048, Length: 4"
 "11:26:46.4476207 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 3,052, Length: 80"
 "11:26:46.4476288 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 3,132, Length: 8"
 "11:26:46.4476373 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 3,140, Length: 4"
 "11:26:46.4476447 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 3,144, Length: 122"
 "11:26:46.4476532 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 3,266, Length: 8"
 "11:26:46.4476607 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 3,274, Length: 4"
 "11:26:46.4476685 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 3,278, Length: 122"
 "11:26:46.4476766 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 3,400, Length: 8"
 "11:26:46.4476869 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 3,408, Length: 4"
 "11:26:46.4476946 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 3,412, Length: 76"
 "11:26:46.4477028 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 3,488, Length: 8"
 "11:26:46.4477138 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 3,496, Length: 4"
 "11:26:46.4477212 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 3,500, Length: 82"
 "11:26:46.4477297 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 3,582, Length: 8"
 "11:26:46.4477371 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 3,590, Length: 4"
 "11:26:46.4477442 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 3,594, Length: 66"
 "11:26:46.4477513 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 3,660, Length: 8"
 "11:26:46.4477594 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 3,668, Length: 4"
 "11:26:46.4477665 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 3,672, Length: 148"
 "11:26:46.4477760 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 3,820, Length: 8"
 "11:26:46.4477842 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 3,828, Length: 4"
 "11:26:46.4477920 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 3,832, Length: 58"
 "11:26:46.4478005 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 3,890, Length: 8"
 "11:26:46.4478086 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 3,898, Length: 4"
 "11:26:46.4478167 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 3,902, Length: 70"
 "11:26:46.4478245 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 3,972, Length: 8"
 "11:26:46.4478330 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 3,980, Length: 4"
 "11:26:46.4478422 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 3,984, Length: 124"
 "11:26:46.4478511 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 4,108, Length: 8"
 "11:26:46.4478592 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 4,116, Length: 4"
 "11:26:46.4478695 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 4,120, Length: 52"
 "11:26:46.4478776 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 4,172, Length: 8"
 "11:26:46.4478857 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 4,180, Length: 4"
 "11:26:46.4478946 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 4,184, Length: 134"
 "11:26:46.4479041 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 4,318, Length: 8"
 "11:26:46.4479141 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 4,326, Length: 4"
 "11:26:46.4479222 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 4,330, Length: 128"
 "11:26:46.4479300 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 4,458, Length: 8"
 "11:26:46.4479371 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 4,466, Length: 4"
 "11:26:46.4479441 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 4,470, Length: 90"
 "11:26:46.4479512 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 4,560, Length: 8"
 "11:26:46.4479594 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 4,568, Length: 4"
 "11:26:46.4479664 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 4,572, Length: 78"
 "11:26:46.4479739 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 4,650, Length: 8"
 "11:26:46.4479817 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 4,658, Length: 4"
 "11:26:46.4479898 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 4,662, Length: 122"
 "11:26:46.4480050 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 4,784, Length: 8"
 "11:26:46.4480178 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 4,792, Length: 4"
 "11:26:46.4480259 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 4,796, Length: 192"
 "11:26:46.4480337 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 4,988, Length: 8"
 "11:26:46.4480408 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 4,996, Length: 4"
 "11:26:46.4480482 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 5,000, Length: 146"
 "11:26:46.4480556 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 5,146, Length: 8"
 "11:26:46.4480730 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 5,154, Length: 4"
 "11:26:46.4480846 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 5,158, Length: 90"
 "11:26:46.4480931 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 5,248, Length: 8"
 "11:26:46.4481009 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 5,256, Length: 4"
 "11:26:46.4481094 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 5,260, Length: 90"
 "11:26:46.4481168 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 5,350, Length: 8"
 "11:26:46.4481246 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 5,358, Length: 4"
 "11:26:46.4481335 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 5,362, Length: 90"
 "11:26:46.4481409 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 5,452, Length: 8"
 "11:26:46.4481512 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 5,460, Length: 4"
 "11:26:46.4481618 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 5,464, Length: 118"
 "11:26:46.4481721 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 5,582, Length: 8"
 "11:26:46.4481802 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 5,590, Length: 4"
 "11:26:46.4481883 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 5,594, Length: 90"
 "11:26:46.4481961 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 5,684, Length: 8"
 "11:26:46.4482032 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 5,692, Length: 4"
 "11:26:46.4482103 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 5,696, Length: 90"
 "11:26:46.4482209 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 5,786, Length: 8"
 "11:26:46.4482336 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 5,794, Length: 4"
 "11:26:46.4482425 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 5,798, Length: 90"
 "11:26:46.4482496 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 5,888, Length: 8"
 "11:26:46.4482573 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 5,896, Length: 4"
 "11:26:46.4482644 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 5,900, Length: 164"
 "11:26:46.4482722 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 6,064, Length: 8"
 "11:26:46.4482803 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 6,072, Length: 4"
 "11:26:46.4482895 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 6,076, Length: 90"
 "11:26:46.4482984 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 6,166, Length: 8"
 "11:26:46.4483069 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 6,174, Length: 4"
 "11:26:46.4483150 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Enum\PCI\VEN_8086&DEV_0C01&SUBSYS_05CC1028&REV_06\3&11583659&0&08","SUCCESS","Desired Access: Read"
 "11:26:46.4483157 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 6,178, Length: 46"
 "11:26:46.4483249 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 6,224, Length: 8"
 "11:26:46.4483341 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 6,232, Length: 4"
 "11:26:46.4483356 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Enum\PCI\VEN_8086&DEV_0C01&SUBSYS_05CC1028&REV_06\3&11583659&0&08\UINumber","NAME NOT FOUND","Length: 360"
 "11:26:46.4483437 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 6,236, Length: 102"
 "11:26:46.4483522 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Enum\PCI\VEN_8086&DEV_0C01&SUBSYS_05CC1028&REV_06\3&11583659&0&08","SUCCESS",""
 "11:26:46.4483554 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 6,338, Length: 8"
 "11:26:46.4483632 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 6,346, Length: 4"
 "11:26:46.4483724 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 6,350, Length: 126"
 "11:26:46.4483816 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 6,476, Length: 8"
 "11:26:46.4483936 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 6,484, Length: 4"
 "11:26:46.4484053 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 6,488, Length: 126"
 "11:26:46.4484177 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 6,614, Length: 8"
 "11:26:46.4484304 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 6,622, Length: 4"
 "11:26:46.4484421 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 6,626, Length: 126"
 "11:26:46.4484541 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 6,752, Length: 8"
 "11:26:46.4484651 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 6,760, Length: 4"
 "11:26:46.4484775 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 6,764, Length: 120"
 "11:26:46.4484899 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 6,884, Length: 8"
 "11:26:46.4485019 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 6,892, Length: 4"
 "11:26:46.4485143 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 6,896, Length: 184"
 "11:26:46.4485274 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 7,080, Length: 8"
 "11:26:46.4485394 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 7,088, Length: 4"
 "11:26:46.4485504 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 7,092, Length: 120"
 "11:26:46.4485610 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 7,212, Length: 8"
 "11:26:46.4485716 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 7,220, Length: 4"
 "11:26:46.4485836 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 7,224, Length: 126"
 "11:26:46.4485996 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 7,350, Length: 8"
 "11:26:46.4486098 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 7,358, Length: 4"
 "11:26:46.4486176 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 7,362, Length: 52"
 "11:26:46.4486261 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 7,414, Length: 8"
 "11:26:46.4486339 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 7,422, Length: 4"
 "11:26:46.4486413 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 7,426, Length: 84"
 "11:26:46.4486488 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 7,510, Length: 8"
 "11:26:46.4486562 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 7,518, Length: 4"
 "11:26:46.4486636 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 7,522, Length: 114"
 "11:26:46.4486710 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 7,636, Length: 8"
 "11:26:46.4486781 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 7,644, Length: 4"
 "11:26:46.4486852 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 7,648, Length: 176"
 "11:26:46.4486919 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 7,824, Length: 8"
 "11:26:46.4486990 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 7,832, Length: 4"
 "11:26:46.4487057 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 7,836, Length: 66"
 "11:26:46.4487128 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 7,902, Length: 8"
 "11:26:46.4487195 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 7,910, Length: 4"
 "11:26:46.4487266 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 7,914, Length: 114"
 "11:26:46.4487344 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 8,028, Length: 8"
 "11:26:46.4487450 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 8,036, Length: 4"
 "11:26:46.4487521 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 8,040, Length: 114"
 "11:26:46.4487592 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 8,154, Length: 8"
 "11:26:46.4487659 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 8,162, Length: 4"
 "11:26:46.4487730 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 8,166, Length: 118"
 "11:26:46.4487811 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 8,284, Length: 8"
 "11:26:46.4487882 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 8,292, Length: 4"
 "11:26:46.4487956 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 8,296, Length: 106"
 "11:26:46.4488080 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 8,402, Length: 8"
 "11:26:46.4488218 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 8,410, Length: 4"
 "11:26:46.4488363 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 8,414, Length: 130"
 "11:26:46.4488537 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 8,544, Length: 8"
 "11:26:46.4488657 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 8,552, Length: 4"
 "11:26:46.4488777 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 8,556, Length: 114"
 "11:26:46.4488855 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 8,670, Length: 8"
 "11:26:46.4488926 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 8,678, Length: 4"
 "11:26:46.4488997 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 8,682, Length: 130"
 "11:26:46.4489075 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 8,812, Length: 8"
 "11:26:46.4489145 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 8,820, Length: 4"
 "11:26:46.4489269 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 8,824, Length: 134"
 "11:26:46.4489351 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 8,958, Length: 8"
 "11:26:46.4489428 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 8,966, Length: 4"
 "11:26:46.4489499 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 8,970, Length: 130"
 "11:26:46.4489574 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 9,100, Length: 8"
 "11:26:46.4489658 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 9,108, Length: 4"
 "11:26:46.4489754 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 9,112, Length: 118"
 "11:26:46.4489835 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 9,230, Length: 8"
 "11:26:46.4489927 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 9,238, Length: 4"
 "11:26:46.4490037 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 9,242, Length: 130"
 "11:26:46.4490119 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 9,372, Length: 8"
 "11:26:46.4490193 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 9,380, Length: 4"
 "11:26:46.4490264 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 9,384, Length: 100"
 "11:26:46.4490334 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 9,484, Length: 8"
 "11:26:46.4490405 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 9,492, Length: 4"
 "11:26:46.4490480 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 9,496, Length: 106"
 "11:26:46.4490561 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 9,602, Length: 8"
 "11:26:46.4490639 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 9,610, Length: 4"
 "11:26:46.4490713 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 9,614, Length: 130"
 "11:26:46.4490791 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 9,744, Length: 8"
 "11:26:46.4490911 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 9,752, Length: 4"
 "11:26:46.4491014 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 9,756, Length: 130"
 "11:26:46.4491092 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 9,886, Length: 8"
 "11:26:46.4491173 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 9,894, Length: 4"
 "11:26:46.4491244 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 9,898, Length: 122"
 "11:26:46.4491332 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 10,020, Length: 8"
 "11:26:46.4491442 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 10,028, Length: 4"
 "11:26:46.4491520 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 10,032, Length: 130"
 "11:26:46.4491594 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 10,162, Length: 8"
 "11:26:46.4491669 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 10,170, Length: 4"
 "11:26:46.4491743 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 10,174, Length: 80"
 "11:26:46.4491838 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 10,254, Length: 8"
 "11:26:46.4491916 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 10,262, Length: 4"
 "11:26:46.4492005 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 10,266, Length: 52"
 "11:26:46.4492076 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 10,318, Length: 8"
 "11:26:46.4492146 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 10,326, Length: 4"
 "11:26:46.4492217 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 10,330, Length: 118"
 "11:26:46.4492291 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 10,448, Length: 8"
 "11:26:46.4492366 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 10,456, Length: 4"
 "11:26:46.4492437 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 10,460, Length: 60"
 "11:26:46.4492511 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 10,520, Length: 8"
 "11:26:46.4492582 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 10,528, Length: 4"
 "11:26:46.4492656 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 10,532, Length: 128"
 "11:26:46.4492727 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 10,660, Length: 8"
 "11:26:46.4492798 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 10,668, Length: 4"
 "11:26:46.4492875 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 10,672, Length: 142"
 "11:26:46.4492953 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 10,814, Length: 8"
 "11:26:46.4493035 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 10,822, Length: 4"
 "11:26:46.4493113 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 10,826, Length: 58"
 "11:26:46.4493325 AM","view-test.exe","24980","WriteFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS","Offset: 10,884, Length: 8, Priority: Normal"
 "11:26:46.4493689 AM","view-test.exe","24980","CloseFile","C:\ProgramData\NVIDIA Corporation\Drs\nvAppTimestamps","SUCCESS",""
 "11:26:46.4494786 AM","view-test.exe","24980","Thread Exit","","SUCCESS","Thread ID: 33204, User Time: 0.0000000, Kernel Time: 0.0000000"
 "11:26:47.2326432 AM","view-test.exe","24980","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
 "11:26:47.2326627 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Control\CLASS\{4D36E968-E325-11CE-BFC1-08002BE10318}\0001","SUCCESS","Desired Access: Read"
 "11:26:47.2326949 AM","view-test.exe","24980","RegSetInfoKey","HKLM\System\CurrentControlSet\Control\CLASS\{4D36E968-E325-11CE-BFC1-08002BE10318}\0001","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:47.2329026 AM","view-test.exe","24980","CreateFile","C:\ProgramData\NVIDIA Corporation\Drs","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
 "11:26:47.2329310 AM","view-test.exe","24980","QueryBasicInformationFile","C:\ProgramData\NVIDIA Corporation\Drs","SUCCESS","CreationTime: 12/5/2014 2:13:29 PM, LastAccessTime: 12/5/2014 2:23:07 PM, LastWriteTime: 12/5/2014 2:23:07 PM, ChangeTime: 12/5/2014 2:23:07 PM, FileAttributes: DNCI"
 "11:26:47.2329416 AM","view-test.exe","24980","CloseFile","C:\ProgramData\NVIDIA Corporation\Drs","SUCCESS",""
 "11:26:47.2330081 AM","view-test.exe","24980","CreateFile","C:\ProgramData\NVIDIA Corporation\Drs\nvdrssel.bin","SUCCESS","Desired Access: Generic Read/Write, Disposition: OpenIf, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, Write, AllocationSize: 0, OpenResult: Opened"
 "11:26:47.2330364 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvdrssel.bin","SUCCESS","Offset: 0, Length: 1, Priority: Normal"
 "11:26:47.2330920 AM","view-test.exe","24980","CreateFile","C:\ProgramData\NVIDIA Corporation\Drs\nvdrsdb0.bin","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, AllocationSize: n/a, OpenResult: Opened"
 "11:26:47.2331160 AM","view-test.exe","24980","QueryStandardInformationFile","C:\ProgramData\NVIDIA Corporation\Drs\nvdrsdb0.bin","SUCCESS","AllocationSize: 1,593,344, EndOfFile: 1,592,928, NumberOfLinks: 1, DeletePending: False, Directory: False"
 "11:26:47.2331291 AM","view-test.exe","24980","CreateFileMapping","C:\ProgramData\NVIDIA Corporation\Drs\nvdrsdb0.bin","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: "
 "11:26:47.2331369 AM","view-test.exe","24980","QueryStandardInformationFile","C:\ProgramData\NVIDIA Corporation\Drs\nvdrsdb0.bin","SUCCESS","AllocationSize: 1,593,344, EndOfFile: 1,592,928, NumberOfLinks: 1, DeletePending: False, Directory: False"
 "11:26:47.2331560 AM","view-test.exe","24980","CreateFileMapping","C:\ProgramData\NVIDIA Corporation\Drs\nvdrsdb0.bin","SUCCESS","SyncType: SyncTypeOther"
 "11:26:47.2332137 AM","view-test.exe","24980","CloseFile","C:\ProgramData\NVIDIA Corporation\Drs\nvdrsdb0.bin","SUCCESS",""
 "11:26:47.2332343 AM","view-test.exe","24980","CloseFile","C:\ProgramData\NVIDIA Corporation\Drs\nvdrssel.bin","SUCCESS",""
 "11:26:47.2333765 AM","view-test.exe","24980","CreateFile","C:\ProgramData\NVIDIA Corporation\Drs","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
 "11:26:47.2333949 AM","view-test.exe","24980","QueryBasicInformationFile","C:\ProgramData\NVIDIA Corporation\Drs","SUCCESS","CreationTime: 12/5/2014 2:13:29 PM, LastAccessTime: 12/5/2014 2:23:07 PM, LastWriteTime: 12/5/2014 2:23:07 PM, ChangeTime: 12/5/2014 2:23:07 PM, FileAttributes: DNCI"
 "11:26:47.2334045 AM","view-test.exe","24980","CloseFile","C:\ProgramData\NVIDIA Corporation\Drs","SUCCESS",""
 "11:26:47.2334615 AM","view-test.exe","24980","CreateFile","C:\ProgramData\NVIDIA Corporation\Drs\nvdrssel.bin","SUCCESS","Desired Access: Generic Read/Write, Disposition: OpenIf, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, Write, AllocationSize: 0, OpenResult: Opened"
 "11:26:47.2334841 AM","view-test.exe","24980","ReadFile","C:\ProgramData\NVIDIA Corporation\Drs\nvdrssel.bin","SUCCESS","Offset: 0, Length: 1, Priority: Normal"
 "11:26:47.2335308 AM","view-test.exe","24980","CreateFile","C:\ProgramData\NVIDIA Corporation\Drs\nvdrsdb0.bin","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, AllocationSize: n/a, OpenResult: Opened"
 "11:26:47.2335510 AM","view-test.exe","24980","QueryStandardInformationFile","C:\ProgramData\NVIDIA Corporation\Drs\nvdrsdb0.bin","SUCCESS","AllocationSize: 1,593,344, EndOfFile: 1,592,928, NumberOfLinks: 1, DeletePending: False, Directory: False"
 "11:26:47.2335616 AM","view-test.exe","24980","CreateFileMapping","C:\ProgramData\NVIDIA Corporation\Drs\nvdrsdb0.bin","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: "
 "11:26:47.2335697 AM","view-test.exe","24980","QueryStandardInformationFile","C:\ProgramData\NVIDIA Corporation\Drs\nvdrsdb0.bin","SUCCESS","AllocationSize: 1,593,344, EndOfFile: 1,592,928, NumberOfLinks: 1, DeletePending: False, Directory: False"
 "11:26:47.2335864 AM","view-test.exe","24980","CreateFileMapping","C:\ProgramData\NVIDIA Corporation\Drs\nvdrsdb0.bin","SUCCESS","SyncType: SyncTypeOther"
 "11:26:47.2336317 AM","view-test.exe","24980","CloseFile","C:\ProgramData\NVIDIA Corporation\Drs\nvdrsdb0.bin","SUCCESS",""
 "11:26:47.2336533 AM","view-test.exe","24980","CloseFile","C:\ProgramData\NVIDIA Corporation\Drs\nvdrssel.bin","SUCCESS",""
 "11:26:47.2337690 AM","view-test.exe","24980","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
 "11:26:47.2337831 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Control\CLASS\{4D36E968-E325-11CE-BFC1-08002BE10318}\0001","SUCCESS","Desired Access: Read"
 "11:26:47.2337966 AM","view-test.exe","24980","RegSetInfoKey","HKLM\System\CurrentControlSet\Control\CLASS\{4D36E968-E325-11CE-BFC1-08002BE10318}\0001","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:47.2338058 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Control\CLASS\{4D36E968-E325-11CE-BFC1-08002BE10318}\0001\VideoControl","NAME NOT FOUND","Length: 144"
 "11:26:47.2338178 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Control\CLASS\{4D36E968-E325-11CE-BFC1-08002BE10318}\0001\VideoControl2","NAME NOT FOUND","Length: 144"
 "11:26:47.2338270 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Control\CLASS\{4D36E968-E325-11CE-BFC1-08002BE10318}\0001\VPucodeCtrl","NAME NOT FOUND","Length: 144"
 "11:26:47.2338348 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Control\CLASS\{4D36E968-E325-11CE-BFC1-08002BE10318}\0001\DecodeCtl","NAME NOT FOUND","Length: 144"
 "11:26:47.2338423 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Control\CLASS\{4D36E968-E325-11CE-BFC1-08002BE10318}\0001\EncodeCtl","NAME NOT FOUND","Length: 144"
 "11:26:47.2338504 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Control\CLASS\{4D36E968-E325-11CE-BFC1-08002BE10318}\0001\VideoControl3","NAME NOT FOUND","Length: 144"
 "11:26:47.2338589 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Control\CLASS\{4D36E968-E325-11CE-BFC1-08002BE10318}\0001","SUCCESS",""
 "11:26:47.2338762 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Control\CLASS\{4D36E968-E325-11CE-BFC1-08002BE10318}\0001\OverlaySetBuffers","NAME NOT FOUND","Length: 144"
 "11:26:47.2338851 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Control\CLASS\{4D36E968-E325-11CE-BFC1-08002BE10318}\0001\OverlayMode3","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
 "11:26:47.2338946 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Control\CLASS\{4D36E968-E325-11CE-BFC1-08002BE10318}\0001\OverlaySyncMethod","NAME NOT FOUND","Length: 144"
 "11:26:47.2339017 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Control\CLASS\{4D36E968-E325-11CE-BFC1-08002BE10318}\0001\OverlayBuffers","NAME NOT FOUND","Length: 144"
 "11:26:47.2339382 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\3cd7929b-e34a-42a0-a667-7527c71e38dd","NAME NOT FOUND","Length: 524"
 "11:26:47.2341105 AM","view-test.exe","24980","CreateFile","C:\Windows\SysWOW64\nvspcap.dll","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
 "11:26:47.2342457 AM","view-test.exe","24980","CreateFile","C:\Windows\SysWOW64\nvspcap.dll","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
 "11:26:47.2343897 AM","view-test.exe","24980","CreateFile","C:\Windows\SysWOW64\shell32.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
 "11:26:47.2344510 AM","view-test.exe","24980","QueryBasicInformationFile","C:\Windows\SysWOW64\shell32.dll","SUCCESS","CreationTime: 3/12/2015 10:47:17 AM, LastAccessTime: 3/12/2015 10:47:17 AM, LastWriteTime: 2/13/2015 7:26:18 AM, ChangeTime: 3/12/2015 10:51:55 AM, FileAttributes: A"
 "11:26:47.2344612 AM","view-test.exe","24980","CloseFile","C:\Windows\SysWOW64\shell32.dll","SUCCESS",""
 "11:26:47.2345320 AM","view-test.exe","24980","CreateFile","C:\Windows\SysWOW64\shell32.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
 "11:26:47.2345936 AM","view-test.exe","24980","CreateFileMapping","C:\Windows\SysWOW64\shell32.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: "
 "11:26:47.2346336 AM","view-test.exe","24980","CreateFileMapping","C:\Windows\SysWOW64\shell32.dll","SUCCESS","SyncType: SyncTypeOther"
 "11:26:47.2347553 AM","view-test.exe","24980","Load Image","C:\Windows\SysWOW64\shell32.dll","SUCCESS","Image Base: 0x4060000, Image Size: 0xc4b000"
 "11:26:47.2347808 AM","view-test.exe","24980","CloseFile","C:\Windows\SysWOW64\shell32.dll","SUCCESS",""
 "11:26:47.2348371 AM","view-test.exe","24980","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
 "11:26:47.2348530 AM","view-test.exe","24980","RegOpenKey","HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions","SUCCESS","Desired Access: Read"
 "11:26:47.2348671 AM","view-test.exe","24980","RegSetInfoKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:47.2348848 AM","view-test.exe","24980","RegQueryKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions","SUCCESS","Query: HandleTags, HandleTags: 0x400"
 "11:26:47.2348940 AM","view-test.exe","24980","RegOpenKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F38BF404-1D43-42F2-9305-67DE0B28FC23}","SUCCESS","Desired Access: Read"
 "11:26:47.2349039 AM","view-test.exe","24980","RegCloseKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions","SUCCESS",""
 "11:26:47.2349121 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\Category","SUCCESS","Type: REG_DWORD, Length: 4, Data: 2"
 "11:26:47.2349213 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\Name","SUCCESS","Type: REG_SZ, Length: 16, Data: Windows"
 "11:26:47.2349308 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\ParentFolder","NAME NOT FOUND","Length: 144"
 "11:26:47.2349379 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\Description","NAME NOT FOUND","Length: 144"
 "11:26:47.2349436 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\RelativePath","NAME NOT FOUND","Length: 144"
 "11:26:47.2349492 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\ParsingName","NAME NOT FOUND","Length: 144"
 "11:26:47.2349546 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\InfoTip","NAME NOT FOUND","Length: 144"
 "11:26:47.2349599 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\LocalizedName","NAME NOT FOUND","Length: 144"
 "11:26:47.2349652 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\Icon","NAME NOT FOUND","Length: 144"
 "11:26:47.2349705 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\Security","NAME NOT FOUND","Length: 144"
 "11:26:47.2349765 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\StreamResource","NAME NOT FOUND","Length: 144"
 "11:26:47.2349822 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\StreamResourceType","NAME NOT FOUND","Length: 144"
 "11:26:47.2349878 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\LocalRedirectOnly","NAME NOT FOUND","Length: 144"
 "11:26:47.2349945 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\Roamable","NAME NOT FOUND","Length: 144"
 "11:26:47.2350002 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\PreCreate","NAME NOT FOUND","Length: 144"
 "11:26:47.2350059 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\Stream","NAME NOT FOUND","Length: 144"
 "11:26:47.2350122 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\PublishExpandedPath","NAME NOT FOUND","Length: 144"
 "11:26:47.2350186 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\Attributes","NAME NOT FOUND","Length: 144"
 "11:26:47.2350243 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\FolderTypeID","NAME NOT FOUND","Length: 144"
 "11:26:47.2350296 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\InitFolderHandler","NAME NOT FOUND","Length: 144"
 "11:26:47.2350406 AM","view-test.exe","24980","RegQueryKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F38BF404-1D43-42F2-9305-67DE0B28FC23}","SUCCESS","Query: HandleTags, HandleTags: 0x400"
 "11:26:47.2350494 AM","view-test.exe","24980","RegOpenKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\PropertyBag","SUCCESS","Desired Access: Read"
 "11:26:47.2350607 AM","view-test.exe","24980","RegCloseKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F38BF404-1D43-42F2-9305-67DE0B28FC23}","SUCCESS",""
 "11:26:47.2351722 AM","view-test.exe","24980","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
 "11:26:47.2352048 AM","view-test.exe","24980","QueryBasicInformationFile","C:\Windows","SUCCESS","CreationTime: 7/14/2009 5:20:08 AM, LastAccessTime: 10/12/2015 4:11:47 PM, LastWriteTime: 10/12/2015 4:11:47 PM, ChangeTime: 10/12/2015 4:11:47 PM, FileAttributes: D"
 "11:26:47.2352164 AM","view-test.exe","24980","CloseFile","C:\Windows","SUCCESS",""
 "11:26:47.2352402 AM","view-test.exe","24980","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
 "11:26:47.2352550 AM","view-test.exe","24980","RegOpenKey","HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\KnownFolderSettings","NAME NOT FOUND","Desired Access: Query Value"
 "11:26:47.2352766 AM","view-test.exe","24980","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
 "11:26:47.2352862 AM","view-test.exe","24980","RegOpenKey","HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\KnownFolderSettings","NAME NOT FOUND","Desired Access: Query Value"
 "11:26:47.2354737 AM","view-test.exe","24980","CreateFile","C:\Windows\SysWOW64\nvspcap.dll","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
 "11:26:47.2355240 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Enum\ACPI\PNP0A08\0","SUCCESS","Desired Access: Read"
 "11:26:47.2355399 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Enum\ACPI\PNP0A08\0\UINumber","NAME NOT FOUND","Length: 360"
 "11:26:47.2355537 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Enum\ACPI\PNP0A08\0","SUCCESS",""
 "11:26:47.2355955 AM","view-test.exe","24980","RegOpenKey","HKLM\Hardware\DeviceMap\VIDEO","SUCCESS","Desired Access: Read, Maximum Allowed"
 "11:26:47.2356075 AM","view-test.exe","24980","RegQueryValue","HKLM\HARDWARE\DEVICEMAP\VIDEO\MaxObjectNumber","SUCCESS","Type: REG_DWORD, Length: 4, Data: 10"
 "11:26:47.2356188 AM","view-test.exe","24980","RegCloseKey","HKLM\HARDWARE\DEVICEMAP\VIDEO","SUCCESS",""
 "11:26:47.2356316 AM","view-test.exe","24980","RegOpenKey","HKLM\Hardware\DeviceMap\Video","SUCCESS","Desired Access: Read"
 "11:26:47.2356401 AM","view-test.exe","24980","RegQueryValue","HKLM\HARDWARE\DEVICEMAP\VIDEO\\Device\Video4","SUCCESS","Type: REG_SZ, Length: 202, Data: \Registry\Machine\System\CurrentControlSet\Control\Video\{BA86A327-71E2-426F-9F8A-30608887E2D4}\0000"
 "11:26:47.2356535 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\CONTROL\VIDEO\{BA86A327-71E2-426F-9F8A-30608887E2D4}\0000","REPARSE","Desired Access: Read"
 "11:26:47.2356659 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\CONTROL\VIDEO\{BA86A327-71E2-426F-9F8A-30608887E2D4}\0000","SUCCESS","Desired Access: Read"
 "11:26:47.2356772 AM","view-test.exe","24980","RegCloseKey","HKLM\HARDWARE\DEVICEMAP\VIDEO","SUCCESS",""
 "11:26:47.2356839 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Control\CLASS\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000\PruningMode","NAME NOT FOUND","Length: 52"
 "11:26:47.2356988 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Control\CLASS\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000","SUCCESS",""
 "11:26:47.2357080 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Enum\PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028&REV_06\3&11583659&0&10","SUCCESS","Desired Access: Read"
 "11:26:47.2357186 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Enum\PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028&REV_06\3&11583659&0&10\HardwareID","SUCCESS","Type: REG_MULTI_SZ, Length: 292, Data: PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028&REV_06, PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028, PCI\VEN_8086&DEV_0416&CC_030000, PCI\VEN_8086&DEV_0416&CC_0300"
 "11:26:47.2357292 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Enum\PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028&REV_06\3&11583659&0&10","SUCCESS",""
 "11:26:47.2357391 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Enum\PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028&REV_06\3&11583659&0&10","SUCCESS","Desired Access: Read"
 "11:26:47.2357476 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Enum\PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028&REV_06\3&11583659&0&10\HardwareID","SUCCESS","Type: REG_MULTI_SZ, Length: 292, Data: PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028&REV_06, PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028, PCI\VEN_8086&DEV_0416&CC_030000, PCI\VEN_8086&DEV_0416&CC_0300"
 "11:26:47.2357576 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Enum\PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028&REV_06\3&11583659&0&10","SUCCESS",""
 "11:26:47.2357657 AM","view-test.exe","24980","RegOpenKey","HKLM\Hardware\DeviceMap\Video","SUCCESS","Desired Access: Read"
 "11:26:47.2357728 AM","view-test.exe","24980","RegQueryValue","HKLM\HARDWARE\DEVICEMAP\VIDEO\\Device\Video4","SUCCESS","Type: REG_SZ, Length: 202, Data: \Registry\Machine\System\CurrentControlSet\Control\Video\{BA86A327-71E2-426F-9F8A-30608887E2D4}\0000"
 "11:26:47.2357823 AM","view-test.exe","24980","RegCloseKey","HKLM\HARDWARE\DEVICEMAP\VIDEO","SUCCESS",""
 "11:26:47.2357961 AM","view-test.exe","24980","RegOpenKey","HKLM\Hardware\DeviceMap\VIDEO","SUCCESS","Desired Access: Read, Maximum Allowed"
 "11:26:47.2358036 AM","view-test.exe","24980","RegQueryValue","HKLM\HARDWARE\DEVICEMAP\VIDEO\MaxObjectNumber","SUCCESS","Type: REG_DWORD, Length: 4, Data: 10"
 "11:26:47.2358138 AM","view-test.exe","24980","RegCloseKey","HKLM\HARDWARE\DEVICEMAP\VIDEO","SUCCESS",""
 "11:26:47.2358237 AM","view-test.exe","24980","RegOpenKey","HKLM\Hardware\DeviceMap\Video","SUCCESS","Desired Access: Read"
 "11:26:47.2358354 AM","view-test.exe","24980","RegQueryValue","HKLM\HARDWARE\DEVICEMAP\VIDEO\\Device\Video5","SUCCESS","Type: REG_SZ, Length: 202, Data: \Registry\Machine\System\CurrentControlSet\Control\Video\{BA86A327-71E2-426F-9F8A-30608887E2D4}\0001"
 "11:26:47.2358478 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\CONTROL\VIDEO\{BA86A327-71E2-426F-9F8A-30608887E2D4}\0001","REPARSE","Desired Access: Read"
 "11:26:47.2358570 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\CONTROL\VIDEO\{BA86A327-71E2-426F-9F8A-30608887E2D4}\0001","SUCCESS","Desired Access: Read"
 "11:26:47.2358662 AM","view-test.exe","24980","RegCloseKey","HKLM\HARDWARE\DEVICEMAP\VIDEO","SUCCESS",""
 "11:26:47.2358736 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Control\CLASS\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000\PruningMode","NAME NOT FOUND","Length: 52"
 "11:26:47.2358874 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Control\CLASS\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000","SUCCESS",""
 "11:26:47.2358956 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Enum\PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028&REV_06\3&11583659&0&10","SUCCESS","Desired Access: Read"
 "11:26:47.2359037 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Enum\PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028&REV_06\3&11583659&0&10\HardwareID","SUCCESS","Type: REG_MULTI_SZ, Length: 292, Data: PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028&REV_06, PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028, PCI\VEN_8086&DEV_0416&CC_030000, PCI\VEN_8086&DEV_0416&CC_0300"
 "11:26:47.2359133 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Enum\PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028&REV_06\3&11583659&0&10","SUCCESS",""
 "11:26:47.2359214 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Enum\PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028&REV_06\3&11583659&0&10","SUCCESS","Desired Access: Read"
 "11:26:47.2359288 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Enum\PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028&REV_06\3&11583659&0&10\HardwareID","SUCCESS","Type: REG_MULTI_SZ, Length: 292, Data: PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028&REV_06, PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028, PCI\VEN_8086&DEV_0416&CC_030000, PCI\VEN_8086&DEV_0416&CC_0300"
 "11:26:47.2359384 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Enum\PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028&REV_06\3&11583659&0&10","SUCCESS",""
 "11:26:47.2359465 AM","view-test.exe","24980","RegOpenKey","HKLM\Hardware\DeviceMap\Video","SUCCESS","Desired Access: Read"
 "11:26:47.2359547 AM","view-test.exe","24980","RegQueryValue","HKLM\HARDWARE\DEVICEMAP\VIDEO\\Device\Video5","SUCCESS","Type: REG_SZ, Length: 202, Data: \Registry\Machine\System\CurrentControlSet\Control\Video\{BA86A327-71E2-426F-9F8A-30608887E2D4}\0001"
 "11:26:47.2359649 AM","view-test.exe","24980","RegCloseKey","HKLM\HARDWARE\DEVICEMAP\VIDEO","SUCCESS",""
 "11:26:47.2359759 AM","view-test.exe","24980","RegOpenKey","HKLM\Hardware\DeviceMap\VIDEO","SUCCESS","Desired Access: Read, Maximum Allowed"
 "11:26:47.2359830 AM","view-test.exe","24980","RegQueryValue","HKLM\HARDWARE\DEVICEMAP\VIDEO\MaxObjectNumber","SUCCESS","Type: REG_DWORD, Length: 4, Data: 10"
 "11:26:47.2359922 AM","view-test.exe","24980","RegCloseKey","HKLM\HARDWARE\DEVICEMAP\VIDEO","SUCCESS",""
 "11:26:47.2360007 AM","view-test.exe","24980","RegOpenKey","HKLM\Hardware\DeviceMap\Video","SUCCESS","Desired Access: Read"
 "11:26:47.2360081 AM","view-test.exe","24980","RegQueryValue","HKLM\HARDWARE\DEVICEMAP\VIDEO\\Device\Video6","SUCCESS","Type: REG_SZ, Length: 202, Data: \Registry\Machine\System\CurrentControlSet\Control\Video\{BA86A327-71E2-426F-9F8A-30608887E2D4}\0002"
 "11:26:47.2360201 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\CONTROL\VIDEO\{BA86A327-71E2-426F-9F8A-30608887E2D4}\0002","REPARSE","Desired Access: Read"
 "11:26:47.2360286 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\CONTROL\VIDEO\{BA86A327-71E2-426F-9F8A-30608887E2D4}\0002","SUCCESS","Desired Access: Read"
 "11:26:47.2360375 AM","view-test.exe","24980","RegCloseKey","HKLM\HARDWARE\DEVICEMAP\VIDEO","SUCCESS",""
 "11:26:47.2360435 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Control\CLASS\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000\PruningMode","NAME NOT FOUND","Length: 52"
 "11:26:47.2360552 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Control\CLASS\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000","SUCCESS",""
 "11:26:47.2360630 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Enum\PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028&REV_06\3&11583659&0&10","SUCCESS","Desired Access: Read"
 "11:26:47.2360700 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Enum\PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028&REV_06\3&11583659&0&10\HardwareID","SUCCESS","Type: REG_MULTI_SZ, Length: 292, Data: PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028&REV_06, PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028, PCI\VEN_8086&DEV_0416&CC_030000, PCI\VEN_8086&DEV_0416&CC_0300"
 "11:26:47.2360810 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Enum\PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028&REV_06\3&11583659&0&10","SUCCESS",""
 "11:26:47.2360884 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Enum\PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028&REV_06\3&11583659&0&10","SUCCESS","Desired Access: Read"
 "11:26:47.2360955 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Enum\PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028&REV_06\3&11583659&0&10\HardwareID","SUCCESS","Type: REG_MULTI_SZ, Length: 292, Data: PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028&REV_06, PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028, PCI\VEN_8086&DEV_0416&CC_030000, PCI\VEN_8086&DEV_0416&CC_0300"
 "11:26:47.2361044 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Enum\PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028&REV_06\3&11583659&0&10","SUCCESS",""
 "11:26:47.2361122 AM","view-test.exe","24980","RegOpenKey","HKLM\Hardware\DeviceMap\Video","SUCCESS","Desired Access: Read"
 "11:26:47.2361192 AM","view-test.exe","24980","RegQueryValue","HKLM\HARDWARE\DEVICEMAP\VIDEO\\Device\Video6","SUCCESS","Type: REG_SZ, Length: 202, Data: \Registry\Machine\System\CurrentControlSet\Control\Video\{BA86A327-71E2-426F-9F8A-30608887E2D4}\0002"
 "11:26:47.2361281 AM","view-test.exe","24980","RegCloseKey","HKLM\HARDWARE\DEVICEMAP\VIDEO","SUCCESS",""
 "11:26:47.2361383 AM","view-test.exe","24980","RegOpenKey","HKLM\Hardware\DeviceMap\VIDEO","SUCCESS","Desired Access: Read, Maximum Allowed"
 "11:26:47.2361458 AM","view-test.exe","24980","RegQueryValue","HKLM\HARDWARE\DEVICEMAP\VIDEO\MaxObjectNumber","SUCCESS","Type: REG_DWORD, Length: 4, Data: 10"
 "11:26:47.2361546 AM","view-test.exe","24980","RegCloseKey","HKLM\HARDWARE\DEVICEMAP\VIDEO","SUCCESS",""
 "11:26:47.2361631 AM","view-test.exe","24980","RegOpenKey","HKLM\Hardware\DeviceMap\Video","SUCCESS","Desired Access: Read"
 "11:26:47.2361702 AM","view-test.exe","24980","RegQueryValue","HKLM\HARDWARE\DEVICEMAP\VIDEO\\Device\Video7","SUCCESS","Type: REG_SZ, Length: 202, Data: \Registry\Machine\System\CurrentControlSet\Control\Video\{47F3E9C5-EBBC-4BE9-832F-73DC6589F2B5}\0000"
 "11:26:47.2361819 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\CONTROL\VIDEO\{47F3E9C5-EBBC-4BE9-832F-73DC6589F2B5}\0000","REPARSE","Desired Access: Read"
 "11:26:47.2361900 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\CONTROL\VIDEO\{47F3E9C5-EBBC-4BE9-832F-73DC6589F2B5}\0000","SUCCESS","Desired Access: Read"
 "11:26:47.2361992 AM","view-test.exe","24980","RegCloseKey","HKLM\HARDWARE\DEVICEMAP\VIDEO","SUCCESS",""
 "11:26:47.2362056 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Control\CLASS\{4D36E968-E325-11CE-BFC1-08002BE10318}\0001\PruningMode","NAME NOT FOUND","Length: 52"
 "11:26:47.2362148 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Control\CLASS\{4D36E968-E325-11CE-BFC1-08002BE10318}\0001","SUCCESS",""
 "11:26:47.2362226 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Enum\PCI\VEN_10DE&DEV_11FC&SUBSYS_15CC1028&REV_A1\4&1c0e275d&0&0008","SUCCESS","Desired Access: Read"
 "11:26:47.2362314 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Enum\PCI\VEN_10DE&DEV_11FC&SUBSYS_15CC1028&REV_A1\4&1c0e275d&0&0008\HardwareID","SUCCESS","Type: REG_MULTI_SZ, Length: 292, Data: PCI\VEN_10DE&DEV_11FC&SUBSYS_15CC1028&REV_A1, PCI\VEN_10DE&DEV_11FC&SUBSYS_15CC1028, PCI\VEN_10DE&DEV_11FC&CC_030000, PCI\VEN_10DE&DEV_11FC&CC_0300"
 "11:26:47.2362410 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Enum\PCI\VEN_10DE&DEV_11FC&SUBSYS_15CC1028&REV_A1\4&1c0e275d&0&0008","SUCCESS",""
 "11:26:47.2362484 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Enum\PCI\VEN_10DE&DEV_11FC&SUBSYS_15CC1028&REV_A1\4&1c0e275d&0&0008","SUCCESS","Desired Access: Read"
 "11:26:47.2362555 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Enum\PCI\VEN_10DE&DEV_11FC&SUBSYS_15CC1028&REV_A1\4&1c0e275d&0&0008\HardwareID","SUCCESS","Type: REG_MULTI_SZ, Length: 292, Data: PCI\VEN_10DE&DEV_11FC&SUBSYS_15CC1028&REV_A1, PCI\VEN_10DE&DEV_11FC&SUBSYS_15CC1028, PCI\VEN_10DE&DEV_11FC&CC_030000, PCI\VEN_10DE&DEV_11FC&CC_0300"
 "11:26:47.2362643 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Enum\PCI\VEN_10DE&DEV_11FC&SUBSYS_15CC1028&REV_A1\4&1c0e275d&0&0008","SUCCESS",""
 "11:26:47.2362721 AM","view-test.exe","24980","RegOpenKey","HKLM\Hardware\DeviceMap\Video","SUCCESS","Desired Access: Read"
 "11:26:47.2362792 AM","view-test.exe","24980","RegQueryValue","HKLM\HARDWARE\DEVICEMAP\VIDEO\\Device\Video7","SUCCESS","Type: REG_SZ, Length: 202, Data: \Registry\Machine\System\CurrentControlSet\Control\Video\{47F3E9C5-EBBC-4BE9-832F-73DC6589F2B5}\0000"
 "11:26:47.2362884 AM","view-test.exe","24980","RegCloseKey","HKLM\HARDWARE\DEVICEMAP\VIDEO","SUCCESS",""
 "11:26:47.2421985 AM","view-test.exe","24980","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
 "11:26:47.2422105 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Intel\Display\DXVA","NAME NOT FOUND","Desired Access: Read"
 "11:26:47.2426013 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Control\GraphicsDrivers\Scheduler","REPARSE","Desired Access: Read, Maximum Allowed"
 "11:26:47.2426165 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Control\GraphicsDrivers\Scheduler","SUCCESS","Desired Access: Read, Maximum Allowed"
 "11:26:47.2426303 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Control\GraphicsDrivers\Scheduler\FlipOverrideMode","NAME NOT FOUND","Length: 134"
 "11:26:47.2426409 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Control\GraphicsDrivers\Scheduler","SUCCESS",""
 "11:26:47.2437896 AM","view-test.exe","24980","CreateFile","C:\Windows\SysWOW64\user32.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
 "11:26:47.2438601 AM","view-test.exe","24980","QueryBasicInformationFile","C:\Windows\SysWOW64\user32.dll","SUCCESS","CreationTime: 11/21/2010 5:24:20 AM, LastAccessTime: 11/21/2010 5:24:20 AM, LastWriteTime: 11/21/2010 5:24:20 AM, ChangeTime: 12/5/2014 3:16:09 PM, FileAttributes: A"
 "11:26:47.2438710 AM","view-test.exe","24980","CloseFile","C:\Windows\SysWOW64\user32.dll","SUCCESS",""
 "11:26:47.2439408 AM","view-test.exe","24980","CreateFile","C:\Windows\SysWOW64\user32.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
 "11:26:47.2440045 AM","view-test.exe","24980","CreateFileMapping","C:\Windows\SysWOW64\user32.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: "
 "11:26:47.2440416 AM","view-test.exe","24980","CreateFileMapping","C:\Windows\SysWOW64\user32.dll","SUCCESS","SyncType: SyncTypeOther"
 "11:26:47.2441630 AM","view-test.exe","24980","Load Image","C:\Windows\SysWOW64\user32.dll","SUCCESS","Image Base: 0x5360000, Image Size: 0x100000"
 "11:26:47.2441867 AM","view-test.exe","24980","CloseFile","C:\Windows\SysWOW64\user32.dll","SUCCESS",""
 "11:26:47.2473948 AM","view-test.exe","24980","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
 "11:26:47.2474139 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Control\CLASS\{4D36E968-E325-11CE-BFC1-08002BE10318}\0001","SUCCESS","Desired Access: Read"
 "11:26:47.2474288 AM","view-test.exe","24980","RegSetInfoKey","HKLM\System\CurrentControlSet\Control\CLASS\{4D36E968-E325-11CE-BFC1-08002BE10318}\0001","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:47.2474380 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Control\CLASS\{4D36E968-E325-11CE-BFC1-08002BE10318}\0001\VideoControl","NAME NOT FOUND","Length: 144"
 "11:26:47.2474493 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Control\CLASS\{4D36E968-E325-11CE-BFC1-08002BE10318}\0001\VideoControl2","NAME NOT FOUND","Length: 144"
 "11:26:47.2474614 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Control\CLASS\{4D36E968-E325-11CE-BFC1-08002BE10318}\0001\VPucodeCtrl","NAME NOT FOUND","Length: 144"
 "11:26:47.2474720 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Control\CLASS\{4D36E968-E325-11CE-BFC1-08002BE10318}\0001\DecodeCtl","NAME NOT FOUND","Length: 144"
 "11:26:47.2474815 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Control\CLASS\{4D36E968-E325-11CE-BFC1-08002BE10318}\0001\EncodeCtl","NAME NOT FOUND","Length: 144"
 "11:26:47.2474907 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Control\CLASS\{4D36E968-E325-11CE-BFC1-08002BE10318}\0001\VideoControl3","NAME NOT FOUND","Length: 144"
 "11:26:47.2475017 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Control\CLASS\{4D36E968-E325-11CE-BFC1-08002BE10318}\0001","SUCCESS",""
 "11:26:47.2475300 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\499f4e0b-f0df-42bd-85d1-9a08ac3120e0","NAME NOT FOUND","Length: 524"
 "11:26:47.2477561 AM","view-test.exe","24980","CreateFile","C:\Windows\SysWOW64\powrprof.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
 "11:26:47.2478319 AM","view-test.exe","24980","QueryBasicInformationFile","C:\Windows\SysWOW64\powrprof.dll","SUCCESS","CreationTime: 7/14/2009 1:16:37 AM, LastAccessTime: 7/14/2009 1:16:37 AM, LastWriteTime: 7/14/2009 3:16:12 AM, ChangeTime: 12/5/2014 3:16:07 PM, FileAttributes: A"
 "11:26:47.2478439 AM","view-test.exe","24980","CloseFile","C:\Windows\SysWOW64\powrprof.dll","SUCCESS",""
 "11:26:47.2479320 AM","view-test.exe","24980","CreateFile","C:\Windows\SysWOW64\powrprof.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
 "11:26:47.2479982 AM","view-test.exe","24980","CreateFileMapping","C:\Windows\SysWOW64\powrprof.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: "
 "11:26:47.2480336 AM","view-test.exe","24980","CreateFileMapping","C:\Windows\SysWOW64\powrprof.dll","SUCCESS","SyncType: SyncTypeOther"
 "11:26:47.2481469 AM","view-test.exe","24980","Load Image","C:\Windows\SysWOW64\powrprof.dll","SUCCESS","Image Base: 0x73360000, Image Size: 0x25000"
 "11:26:47.2481656 AM","view-test.exe","24980","CloseFile","C:\Windows\SysWOW64\powrprof.dll","SUCCESS",""
 "11:26:47.2490861 AM","view-test.exe","24980","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
 "11:26:47.2491024 AM","view-test.exe","24980","RegOpenKey","HKLM\SOFTWARE\Wow6432Node\NVIDIA Corporation\Global\Stereo3D","SUCCESS","Desired Access: Read"
 "11:26:47.2491279 AM","view-test.exe","24980","RegSetInfoKey","HKLM\SOFTWARE\Wow6432Node\NVIDIA Corporation\Global\Stereo3D","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:47.2491364 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\Wow6432Node\NVIDIA Corporation\Global\Stereo3D\EnableWindowedMode","SUCCESS","Type: REG_DWORD, Length: 4, Data: 5"
 "11:26:47.2491505 AM","view-test.exe","24980","RegCloseKey","HKLM\SOFTWARE\Wow6432Node\NVIDIA Corporation\Global\Stereo3D","SUCCESS",""
 "11:26:47.2493080 AM","view-test.exe","24980","CreateFile","C:\Windows\SysWOW64\nvspcap.dll","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
 "11:26:47.2494396 AM","view-test.exe","24980","CreateFile","C:\Windows\SysWOW64\nvspcap.dll","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
 "11:26:47.2496070 AM","view-test.exe","24980","CreateFile","C:\Windows\SysWOW64\nvspcap.dll","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
 "11:26:47.2497528 AM","view-test.exe","24980","CreateFile","C:\Windows\SysWOW64\nvspcap.dll","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
 "11:26:47.2497790 AM","view-test.exe","24980","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
 "11:26:47.2497904 AM","view-test.exe","24980","RegOpenKey","HKLM\SOFTWARE\NVIDIA Corporation\Global\EHEX","NAME NOT FOUND","Desired Access: Read"
 "11:26:47.2498095 AM","view-test.exe","24980","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
 "11:26:47.2498208 AM","view-test.exe","24980","RegOpenKey","HKLM\SOFTWARE\Wow6432Node\NVIDIA Corporation\Global\EHEX","NAME NOT FOUND","Desired Access: Read"
 "11:26:47.2516809 AM","view-test.exe","24980","Thread Create","","SUCCESS","Thread ID: 29556"
 "11:26:47.2517474 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Enum\ACPI\PNP0A08\0","SUCCESS","Desired Access: Read"
 "11:26:47.2517641 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Enum\ACPI\PNP0A08\0\UINumber","NAME NOT FOUND","Length: 360"
 "11:26:47.2517803 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Enum\ACPI\PNP0A08\0","SUCCESS",""
 "11:26:47.2518366 AM","view-test.exe","24980","RegOpenKey","HKLM\Hardware\DeviceMap\VIDEO","SUCCESS","Desired Access: Read, Maximum Allowed"
 "11:26:47.2518493 AM","view-test.exe","24980","RegQueryValue","HKLM\HARDWARE\DEVICEMAP\VIDEO\MaxObjectNumber","SUCCESS","Type: REG_DWORD, Length: 4, Data: 10"
 "11:26:47.2518624 AM","view-test.exe","24980","RegCloseKey","HKLM\HARDWARE\DEVICEMAP\VIDEO","SUCCESS",""
 "11:26:47.2518769 AM","view-test.exe","24980","RegOpenKey","HKLM\Hardware\DeviceMap\Video","SUCCESS","Desired Access: Read"
 "11:26:47.2518858 AM","view-test.exe","24980","RegQueryValue","HKLM\HARDWARE\DEVICEMAP\VIDEO\\Device\Video4","SUCCESS","Type: REG_SZ, Length: 202, Data: \Registry\Machine\System\CurrentControlSet\Control\Video\{BA86A327-71E2-426F-9F8A-30608887E2D4}\0000"
 "11:26:47.2519003 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\CONTROL\VIDEO\{BA86A327-71E2-426F-9F8A-30608887E2D4}\0000","REPARSE","Desired Access: Read"
 "11:26:47.2519120 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\CONTROL\VIDEO\{BA86A327-71E2-426F-9F8A-30608887E2D4}\0000","SUCCESS","Desired Access: Read"
 "11:26:47.2519233 AM","view-test.exe","24980","RegCloseKey","HKLM\HARDWARE\DEVICEMAP\VIDEO","SUCCESS",""
 "11:26:47.2519368 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Control\CLASS\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000\PruningMode","NAME NOT FOUND","Length: 52"
 "11:26:47.2519530 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Control\CLASS\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000","SUCCESS",""
 "11:26:47.2519615 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Enum\PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028&REV_06\3&11583659&0&10","SUCCESS","Desired Access: Read"
 "11:26:47.2519711 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Enum\PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028&REV_06\3&11583659&0&10\HardwareID","SUCCESS","Type: REG_MULTI_SZ, Length: 292, Data: PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028&REV_06, PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028, PCI\VEN_8086&DEV_0416&CC_030000, PCI\VEN_8086&DEV_0416&CC_0300"
 "11:26:47.2519810 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Enum\PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028&REV_06\3&11583659&0&10","SUCCESS",""
 "11:26:47.2519898 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Enum\PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028&REV_06\3&11583659&0&10","SUCCESS","Desired Access: Read"
 "11:26:47.2519976 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Enum\PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028&REV_06\3&11583659&0&10\HardwareID","SUCCESS","Type: REG_MULTI_SZ, Length: 292, Data: PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028&REV_06, PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028, PCI\VEN_8086&DEV_0416&CC_030000, PCI\VEN_8086&DEV_0416&CC_0300"
 "11:26:47.2520068 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Enum\PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028&REV_06\3&11583659&0&10","SUCCESS",""
 "11:26:47.2520150 AM","view-test.exe","24980","RegOpenKey","HKLM\Hardware\DeviceMap\Video","SUCCESS","Desired Access: Read"
 "11:26:47.2520224 AM","view-test.exe","24980","RegQueryValue","HKLM\HARDWARE\DEVICEMAP\VIDEO\\Device\Video4","SUCCESS","Type: REG_SZ, Length: 202, Data: \Registry\Machine\System\CurrentControlSet\Control\Video\{BA86A327-71E2-426F-9F8A-30608887E2D4}\0000"
 "11:26:47.2520316 AM","view-test.exe","24980","RegCloseKey","HKLM\HARDWARE\DEVICEMAP\VIDEO","SUCCESS",""
 "11:26:47.2520454 AM","view-test.exe","24980","RegOpenKey","HKLM\Hardware\DeviceMap\VIDEO","SUCCESS","Desired Access: Read, Maximum Allowed"
 "11:26:47.2520532 AM","view-test.exe","24980","RegQueryValue","HKLM\HARDWARE\DEVICEMAP\VIDEO\MaxObjectNumber","SUCCESS","Type: REG_DWORD, Length: 4, Data: 10"
 "11:26:47.2520624 AM","view-test.exe","24980","RegCloseKey","HKLM\HARDWARE\DEVICEMAP\VIDEO","SUCCESS",""
 "11:26:47.2520709 AM","view-test.exe","24980","RegOpenKey","HKLM\Hardware\DeviceMap\Video","SUCCESS","Desired Access: Read"
 "11:26:47.2520783 AM","view-test.exe","24980","RegQueryValue","HKLM\HARDWARE\DEVICEMAP\VIDEO\\Device\Video5","SUCCESS","Type: REG_SZ, Length: 202, Data: \Registry\Machine\System\CurrentControlSet\Control\Video\{BA86A327-71E2-426F-9F8A-30608887E2D4}\0001"
 "11:26:47.2520914 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\CONTROL\VIDEO\{BA86A327-71E2-426F-9F8A-30608887E2D4}\0001","REPARSE","Desired Access: Read"
 "11:26:47.2521006 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\CONTROL\VIDEO\{BA86A327-71E2-426F-9F8A-30608887E2D4}\0001","SUCCESS","Desired Access: Read"
 "11:26:47.2521119 AM","view-test.exe","24980","RegCloseKey","HKLM\HARDWARE\DEVICEMAP\VIDEO","SUCCESS",""
 "11:26:47.2521187 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Control\CLASS\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000\PruningMode","NAME NOT FOUND","Length: 52"
 "11:26:47.2521307 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Control\CLASS\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000","SUCCESS",""
 "11:26:47.2521381 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Enum\PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028&REV_06\3&11583659&0&10","SUCCESS","Desired Access: Read"
 "11:26:47.2521456 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Enum\PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028&REV_06\3&11583659&0&10\HardwareID","SUCCESS","Type: REG_MULTI_SZ, Length: 292, Data: PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028&REV_06, PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028, PCI\VEN_8086&DEV_0416&CC_030000, PCI\VEN_8086&DEV_0416&CC_0300"
 "11:26:47.2521548 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Enum\PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028&REV_06\3&11583659&0&10","SUCCESS",""
 "11:26:47.2521625 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Enum\PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028&REV_06\3&11583659&0&10","SUCCESS","Desired Access: Read"
 "11:26:47.2521717 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Enum\PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028&REV_06\3&11583659&0&10\HardwareID","SUCCESS","Type: REG_MULTI_SZ, Length: 292, Data: PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028&REV_06, PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028, PCI\VEN_8086&DEV_0416&CC_030000, PCI\VEN_8086&DEV_0416&CC_0300"
 "11:26:47.2521809 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Enum\PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028&REV_06\3&11583659&0&10","SUCCESS",""
 "11:26:47.2521887 AM","view-test.exe","24980","RegOpenKey","HKLM\Hardware\DeviceMap\Video","SUCCESS","Desired Access: Read"
 "11:26:47.2521958 AM","view-test.exe","24980","RegQueryValue","HKLM\HARDWARE\DEVICEMAP\VIDEO\\Device\Video5","SUCCESS","Type: REG_SZ, Length: 202, Data: \Registry\Machine\System\CurrentControlSet\Control\Video\{BA86A327-71E2-426F-9F8A-30608887E2D4}\0001"
 "11:26:47.2522047 AM","view-test.exe","24980","RegCloseKey","HKLM\HARDWARE\DEVICEMAP\VIDEO","SUCCESS",""
 "11:26:47.2522156 AM","view-test.exe","24980","RegOpenKey","HKLM\Hardware\DeviceMap\VIDEO","SUCCESS","Desired Access: Read, Maximum Allowed"
 "11:26:47.2522241 AM","view-test.exe","24980","RegQueryValue","HKLM\HARDWARE\DEVICEMAP\VIDEO\MaxObjectNumber","SUCCESS","Type: REG_DWORD, Length: 4, Data: 10"
 "11:26:47.2522354 AM","view-test.exe","24980","RegCloseKey","HKLM\HARDWARE\DEVICEMAP\VIDEO","SUCCESS",""
 "11:26:47.2522454 AM","view-test.exe","24980","RegOpenKey","HKLM\Hardware\DeviceMap\Video","SUCCESS","Desired Access: Read"
 "11:26:47.2522528 AM","view-test.exe","24980","RegQueryValue","HKLM\HARDWARE\DEVICEMAP\VIDEO\\Device\Video6","SUCCESS","Type: REG_SZ, Length: 202, Data: \Registry\Machine\System\CurrentControlSet\Control\Video\{BA86A327-71E2-426F-9F8A-30608887E2D4}\0002"
 "11:26:47.2522666 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\CONTROL\VIDEO\{BA86A327-71E2-426F-9F8A-30608887E2D4}\0002","REPARSE","Desired Access: Read"
 "11:26:47.2522765 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\CONTROL\VIDEO\{BA86A327-71E2-426F-9F8A-30608887E2D4}\0002","SUCCESS","Desired Access: Read"
 "11:26:47.2522857 AM","view-test.exe","24980","RegCloseKey","HKLM\HARDWARE\DEVICEMAP\VIDEO","SUCCESS",""
 "11:26:47.2522924 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Control\CLASS\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000\PruningMode","NAME NOT FOUND","Length: 52"
 "11:26:47.2523052 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Control\CLASS\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000","SUCCESS",""
 "11:26:47.2523126 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Enum\PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028&REV_06\3&11583659&0&10","SUCCESS","Desired Access: Read"
 "11:26:47.2523197 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Enum\PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028&REV_06\3&11583659&0&10\HardwareID","SUCCESS","Type: REG_MULTI_SZ, Length: 292, Data: PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028&REV_06, PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028, PCI\VEN_8086&DEV_0416&CC_030000, PCI\VEN_8086&DEV_0416&CC_0300"
 "11:26:47.2523289 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Enum\PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028&REV_06\3&11583659&0&10","SUCCESS",""
 "11:26:47.2523363 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Enum\PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028&REV_06\3&11583659&0&10","SUCCESS","Desired Access: Read"
 "11:26:47.2523434 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Enum\PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028&REV_06\3&11583659&0&10\HardwareID","SUCCESS","Type: REG_MULTI_SZ, Length: 292, Data: PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028&REV_06, PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028, PCI\VEN_8086&DEV_0416&CC_030000, PCI\VEN_8086&DEV_0416&CC_0300"
 "11:26:47.2523522 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Enum\PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028&REV_06\3&11583659&0&10","SUCCESS",""
 "11:26:47.2523597 AM","view-test.exe","24980","RegOpenKey","HKLM\Hardware\DeviceMap\Video","SUCCESS","Desired Access: Read"
 "11:26:47.2523667 AM","view-test.exe","24980","RegQueryValue","HKLM\HARDWARE\DEVICEMAP\VIDEO\\Device\Video6","SUCCESS","Type: REG_SZ, Length: 202, Data: \Registry\Machine\System\CurrentControlSet\Control\Video\{BA86A327-71E2-426F-9F8A-30608887E2D4}\0002"
 "11:26:47.2523770 AM","view-test.exe","24980","RegCloseKey","HKLM\HARDWARE\DEVICEMAP\VIDEO","SUCCESS",""
 "11:26:47.2523873 AM","view-test.exe","24980","RegOpenKey","HKLM\Hardware\DeviceMap\VIDEO","SUCCESS","Desired Access: Read, Maximum Allowed"
 "11:26:47.2523947 AM","view-test.exe","24980","RegQueryValue","HKLM\HARDWARE\DEVICEMAP\VIDEO\MaxObjectNumber","SUCCESS","Type: REG_DWORD, Length: 4, Data: 10"
 "11:26:47.2524036 AM","view-test.exe","24980","RegCloseKey","HKLM\HARDWARE\DEVICEMAP\VIDEO","SUCCESS",""
 "11:26:47.2524120 AM","view-test.exe","24980","RegOpenKey","HKLM\Hardware\DeviceMap\Video","SUCCESS","Desired Access: Read"
 "11:26:47.2524188 AM","view-test.exe","24980","RegQueryValue","HKLM\HARDWARE\DEVICEMAP\VIDEO\\Device\Video7","SUCCESS","Type: REG_SZ, Length: 202, Data: \Registry\Machine\System\CurrentControlSet\Control\Video\{47F3E9C5-EBBC-4BE9-832F-73DC6589F2B5}\0000"
 "11:26:47.2524308 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\CONTROL\VIDEO\{47F3E9C5-EBBC-4BE9-832F-73DC6589F2B5}\0000","REPARSE","Desired Access: Read"
 "11:26:47.2524396 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\CONTROL\VIDEO\{47F3E9C5-EBBC-4BE9-832F-73DC6589F2B5}\0000","SUCCESS","Desired Access: Read"
 "11:26:47.2524489 AM","view-test.exe","24980","RegCloseKey","HKLM\HARDWARE\DEVICEMAP\VIDEO","SUCCESS",""
 "11:26:47.2524549 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Control\CLASS\{4D36E968-E325-11CE-BFC1-08002BE10318}\0001\PruningMode","NAME NOT FOUND","Length: 52"
 "11:26:47.2524644 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Control\CLASS\{4D36E968-E325-11CE-BFC1-08002BE10318}\0001","SUCCESS",""
 "11:26:47.2524719 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Enum\PCI\VEN_10DE&DEV_11FC&SUBSYS_15CC1028&REV_A1\4&1c0e275d&0&0008","SUCCESS","Desired Access: Read"
 "11:26:47.2524814 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Enum\PCI\VEN_10DE&DEV_11FC&SUBSYS_15CC1028&REV_A1\4&1c0e275d&0&0008\HardwareID","SUCCESS","Type: REG_MULTI_SZ, Length: 292, Data: PCI\VEN_10DE&DEV_11FC&SUBSYS_15CC1028&REV_A1, PCI\VEN_10DE&DEV_11FC&SUBSYS_15CC1028, PCI\VEN_10DE&DEV_11FC&CC_030000, PCI\VEN_10DE&DEV_11FC&CC_0300"
 "11:26:47.2524910 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Enum\PCI\VEN_10DE&DEV_11FC&SUBSYS_15CC1028&REV_A1\4&1c0e275d&0&0008","SUCCESS",""
 "11:26:47.2524998 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Enum\PCI\VEN_10DE&DEV_11FC&SUBSYS_15CC1028&REV_A1\4&1c0e275d&0&0008","SUCCESS","Desired Access: Read"
 "11:26:47.2525069 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Enum\PCI\VEN_10DE&DEV_11FC&SUBSYS_15CC1028&REV_A1\4&1c0e275d&0&0008\HardwareID","SUCCESS","Type: REG_MULTI_SZ, Length: 292, Data: PCI\VEN_10DE&DEV_11FC&SUBSYS_15CC1028&REV_A1, PCI\VEN_10DE&DEV_11FC&SUBSYS_15CC1028, PCI\VEN_10DE&DEV_11FC&CC_030000, PCI\VEN_10DE&DEV_11FC&CC_0300"
 "11:26:47.2525161 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Enum\PCI\VEN_10DE&DEV_11FC&SUBSYS_15CC1028&REV_A1\4&1c0e275d&0&0008","SUCCESS",""
 "11:26:47.2525235 AM","view-test.exe","24980","RegOpenKey","HKLM\Hardware\DeviceMap\Video","SUCCESS","Desired Access: Read"
 "11:26:47.2525306 AM","view-test.exe","24980","RegQueryValue","HKLM\HARDWARE\DEVICEMAP\VIDEO\\Device\Video7","SUCCESS","Type: REG_SZ, Length: 202, Data: \Registry\Machine\System\CurrentControlSet\Control\Video\{47F3E9C5-EBBC-4BE9-832F-73DC6589F2B5}\0000"
 "11:26:47.2525398 AM","view-test.exe","24980","RegCloseKey","HKLM\HARDWARE\DEVICEMAP\VIDEO","SUCCESS",""
 "11:26:47.2536677 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Enum\ACPI\PNP0A08\0","SUCCESS","Desired Access: Read"
 "11:26:47.2536833 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Enum\ACPI\PNP0A08\0\UINumber","NAME NOT FOUND","Length: 360"
 "11:26:47.2536988 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Enum\ACPI\PNP0A08\0","SUCCESS",""
 "11:26:47.2537370 AM","view-test.exe","24980","RegOpenKey","HKLM\Hardware\DeviceMap\VIDEO","SUCCESS","Desired Access: Read, Maximum Allowed"
 "11:26:47.2537470 AM","view-test.exe","24980","RegQueryValue","HKLM\HARDWARE\DEVICEMAP\VIDEO\MaxObjectNumber","SUCCESS","Type: REG_DWORD, Length: 4, Data: 10"
 "11:26:47.2537593 AM","view-test.exe","24980","RegCloseKey","HKLM\HARDWARE\DEVICEMAP\VIDEO","SUCCESS",""
 "11:26:47.2537717 AM","view-test.exe","24980","RegOpenKey","HKLM\Hardware\DeviceMap\Video","SUCCESS","Desired Access: Read"
 "11:26:47.2537816 AM","view-test.exe","24980","RegQueryValue","HKLM\HARDWARE\DEVICEMAP\VIDEO\\Device\Video4","SUCCESS","Type: REG_SZ, Length: 202, Data: \Registry\Machine\System\CurrentControlSet\Control\Video\{BA86A327-71E2-426F-9F8A-30608887E2D4}\0000"
 "11:26:47.2537951 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\CONTROL\VIDEO\{BA86A327-71E2-426F-9F8A-30608887E2D4}\0000","REPARSE","Desired Access: Read"
 "11:26:47.2538053 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\CONTROL\VIDEO\{BA86A327-71E2-426F-9F8A-30608887E2D4}\0000","SUCCESS","Desired Access: Read"
 "11:26:47.2538160 AM","view-test.exe","24980","RegCloseKey","HKLM\HARDWARE\DEVICEMAP\VIDEO","SUCCESS",""
 "11:26:47.2538234 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Control\CLASS\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000\PruningMode","NAME NOT FOUND","Length: 52"
 "11:26:47.2538368 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Control\CLASS\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000","SUCCESS",""
 "11:26:47.2538450 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Enum\PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028&REV_06\3&11583659&0&10","SUCCESS","Desired Access: Read"
 "11:26:47.2538531 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Enum\PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028&REV_06\3&11583659&0&10\HardwareID","SUCCESS","Type: REG_MULTI_SZ, Length: 292, Data: PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028&REV_06, PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028, PCI\VEN_8086&DEV_0416&CC_030000, PCI\VEN_8086&DEV_0416&CC_0300"
 "11:26:47.2538627 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Enum\PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028&REV_06\3&11583659&0&10","SUCCESS",""
 "11:26:47.2538705 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Enum\PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028&REV_06\3&11583659&0&10","SUCCESS","Desired Access: Read"
 "11:26:47.2538779 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Enum\PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028&REV_06\3&11583659&0&10\HardwareID","SUCCESS","Type: REG_MULTI_SZ, Length: 292, Data: PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028&REV_06, PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028, PCI\VEN_8086&DEV_0416&CC_030000, PCI\VEN_8086&DEV_0416&CC_0300"
 "11:26:47.2538871 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Enum\PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028&REV_06\3&11583659&0&10","SUCCESS",""
 "11:26:47.2538952 AM","view-test.exe","24980","RegOpenKey","HKLM\Hardware\DeviceMap\Video","SUCCESS","Desired Access: Read"
 "11:26:47.2539027 AM","view-test.exe","24980","RegQueryValue","HKLM\HARDWARE\DEVICEMAP\VIDEO\\Device\Video4","SUCCESS","Type: REG_SZ, Length: 202, Data: \Registry\Machine\System\CurrentControlSet\Control\Video\{BA86A327-71E2-426F-9F8A-30608887E2D4}\0000"
 "11:26:47.2539122 AM","view-test.exe","24980","RegCloseKey","HKLM\HARDWARE\DEVICEMAP\VIDEO","SUCCESS",""
 "11:26:47.2539239 AM","view-test.exe","24980","RegOpenKey","HKLM\Hardware\DeviceMap\VIDEO","SUCCESS","Desired Access: Read, Maximum Allowed"
 "11:26:47.2539313 AM","view-test.exe","24980","RegQueryValue","HKLM\HARDWARE\DEVICEMAP\VIDEO\MaxObjectNumber","SUCCESS","Type: REG_DWORD, Length: 4, Data: 10"
 "11:26:47.2539409 AM","view-test.exe","24980","RegCloseKey","HKLM\HARDWARE\DEVICEMAP\VIDEO","SUCCESS",""
 "11:26:47.2539504 AM","view-test.exe","24980","RegOpenKey","HKLM\Hardware\DeviceMap\Video","SUCCESS","Desired Access: Read"
 "11:26:47.2539579 AM","view-test.exe","24980","RegQueryValue","HKLM\HARDWARE\DEVICEMAP\VIDEO\\Device\Video5","SUCCESS","Type: REG_SZ, Length: 202, Data: \Registry\Machine\System\CurrentControlSet\Control\Video\{BA86A327-71E2-426F-9F8A-30608887E2D4}\0001"
 "11:26:47.2539696 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\CONTROL\VIDEO\{BA86A327-71E2-426F-9F8A-30608887E2D4}\0001","REPARSE","Desired Access: Read"
 "11:26:47.2539780 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\CONTROL\VIDEO\{BA86A327-71E2-426F-9F8A-30608887E2D4}\0001","SUCCESS","Desired Access: Read"
 "11:26:47.2539883 AM","view-test.exe","24980","RegCloseKey","HKLM\HARDWARE\DEVICEMAP\VIDEO","SUCCESS",""
 "11:26:47.2539950 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Control\CLASS\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000\PruningMode","NAME NOT FOUND","Length: 52"
 "11:26:47.2540067 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Control\CLASS\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000","SUCCESS",""
 "11:26:47.2540149 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Enum\PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028&REV_06\3&11583659&0&10","SUCCESS","Desired Access: Read"
 "11:26:47.2540223 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Enum\PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028&REV_06\3&11583659&0&10\HardwareID","SUCCESS","Type: REG_MULTI_SZ, Length: 292, Data: PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028&REV_06, PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028, PCI\VEN_8086&DEV_0416&CC_030000, PCI\VEN_8086&DEV_0416&CC_0300"
 "11:26:47.2540315 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Enum\PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028&REV_06\3&11583659&0&10","SUCCESS",""
 "11:26:47.2540418 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Enum\PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028&REV_06\3&11583659&0&10","SUCCESS","Desired Access: Read"
 "11:26:47.2540488 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Enum\PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028&REV_06\3&11583659&0&10\HardwareID","SUCCESS","Type: REG_MULTI_SZ, Length: 292, Data: PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028&REV_06, PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028, PCI\VEN_8086&DEV_0416&CC_030000, PCI\VEN_8086&DEV_0416&CC_0300"
 "11:26:47.2540580 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Enum\PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028&REV_06\3&11583659&0&10","SUCCESS",""
 "11:26:47.2540672 AM","view-test.exe","24980","RegOpenKey","HKLM\Hardware\DeviceMap\Video","SUCCESS","Desired Access: Read"
 "11:26:47.2540750 AM","view-test.exe","24980","RegQueryValue","HKLM\HARDWARE\DEVICEMAP\VIDEO\\Device\Video5","SUCCESS","Type: REG_SZ, Length: 202, Data: \Registry\Machine\System\CurrentControlSet\Control\Video\{BA86A327-71E2-426F-9F8A-30608887E2D4}\0001"
 "11:26:47.2540842 AM","view-test.exe","24980","RegCloseKey","HKLM\HARDWARE\DEVICEMAP\VIDEO","SUCCESS",""
 "11:26:47.2540945 AM","view-test.exe","24980","RegOpenKey","HKLM\Hardware\DeviceMap\VIDEO","SUCCESS","Desired Access: Read, Maximum Allowed"
 "11:26:47.2541019 AM","view-test.exe","24980","RegQueryValue","HKLM\HARDWARE\DEVICEMAP\VIDEO\MaxObjectNumber","SUCCESS","Type: REG_DWORD, Length: 4, Data: 10"
 "11:26:47.2541111 AM","view-test.exe","24980","RegCloseKey","HKLM\HARDWARE\DEVICEMAP\VIDEO","SUCCESS",""
 "11:26:47.2541210 AM","view-test.exe","24980","RegOpenKey","HKLM\Hardware\DeviceMap\Video","SUCCESS","Desired Access: Read"
 "11:26:47.2541292 AM","view-test.exe","24980","RegQueryValue","HKLM\HARDWARE\DEVICEMAP\VIDEO\\Device\Video6","SUCCESS","Type: REG_SZ, Length: 202, Data: \Registry\Machine\System\CurrentControlSet\Control\Video\{BA86A327-71E2-426F-9F8A-30608887E2D4}\0002"
 "11:26:47.2541423 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\CONTROL\VIDEO\{BA86A327-71E2-426F-9F8A-30608887E2D4}\0002","REPARSE","Desired Access: Read"
 "11:26:47.2541532 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\CONTROL\VIDEO\{BA86A327-71E2-426F-9F8A-30608887E2D4}\0002","SUCCESS","Desired Access: Read"
 "11:26:47.2541631 AM","view-test.exe","24980","RegCloseKey","HKLM\HARDWARE\DEVICEMAP\VIDEO","SUCCESS",""
 "11:26:47.2541695 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Control\CLASS\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000\PruningMode","NAME NOT FOUND","Length: 52"
 "11:26:47.2541819 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Control\CLASS\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000","SUCCESS",""
 "11:26:47.2541911 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Enum\PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028&REV_06\3&11583659&0&10","SUCCESS","Desired Access: Read"
 "11:26:47.2541982 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Enum\PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028&REV_06\3&11583659&0&10\HardwareID","SUCCESS","Type: REG_MULTI_SZ, Length: 292, Data: PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028&REV_06, PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028, PCI\VEN_8086&DEV_0416&CC_030000, PCI\VEN_8086&DEV_0416&CC_0300"
 "11:26:47.2542074 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Enum\PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028&REV_06\3&11583659&0&10","SUCCESS",""
 "11:26:47.2542152 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Enum\PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028&REV_06\3&11583659&0&10","SUCCESS","Desired Access: Read"
 "11:26:47.2542219 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Enum\PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028&REV_06\3&11583659&0&10\HardwareID","SUCCESS","Type: REG_MULTI_SZ, Length: 292, Data: PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028&REV_06, PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028, PCI\VEN_8086&DEV_0416&CC_030000, PCI\VEN_8086&DEV_0416&CC_0300"
 "11:26:47.2542307 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Enum\PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028&REV_06\3&11583659&0&10","SUCCESS",""
 "11:26:47.2542389 AM","view-test.exe","24980","RegOpenKey","HKLM\Hardware\DeviceMap\Video","SUCCESS","Desired Access: Read"
 "11:26:47.2542460 AM","view-test.exe","24980","RegQueryValue","HKLM\HARDWARE\DEVICEMAP\VIDEO\\Device\Video6","SUCCESS","Type: REG_SZ, Length: 202, Data: \Registry\Machine\System\CurrentControlSet\Control\Video\{BA86A327-71E2-426F-9F8A-30608887E2D4}\0002"
 "11:26:47.2542552 AM","view-test.exe","24980","RegCloseKey","HKLM\HARDWARE\DEVICEMAP\VIDEO","SUCCESS",""
 "11:26:47.2542675 AM","view-test.exe","24980","RegOpenKey","HKLM\Hardware\DeviceMap\VIDEO","SUCCESS","Desired Access: Read, Maximum Allowed"
 "11:26:47.2542796 AM","view-test.exe","24980","RegQueryValue","HKLM\HARDWARE\DEVICEMAP\VIDEO\MaxObjectNumber","SUCCESS","Type: REG_DWORD, Length: 4, Data: 10"
 "11:26:47.2542891 AM","view-test.exe","24980","RegCloseKey","HKLM\HARDWARE\DEVICEMAP\VIDEO","SUCCESS",""
 "11:26:47.2542976 AM","view-test.exe","24980","RegOpenKey","HKLM\Hardware\DeviceMap\Video","SUCCESS","Desired Access: Read"
 "11:26:47.2543047 AM","view-test.exe","24980","RegQueryValue","HKLM\HARDWARE\DEVICEMAP\VIDEO\\Device\Video7","SUCCESS","Type: REG_SZ, Length: 202, Data: \Registry\Machine\System\CurrentControlSet\Control\Video\{47F3E9C5-EBBC-4BE9-832F-73DC6589F2B5}\0000"
 "11:26:47.2543164 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\CONTROL\VIDEO\{47F3E9C5-EBBC-4BE9-832F-73DC6589F2B5}\0000","REPARSE","Desired Access: Read"
 "11:26:47.2543256 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\CONTROL\VIDEO\{47F3E9C5-EBBC-4BE9-832F-73DC6589F2B5}\0000","SUCCESS","Desired Access: Read"
 "11:26:47.2543344 AM","view-test.exe","24980","RegCloseKey","HKLM\HARDWARE\DEVICEMAP\VIDEO","SUCCESS",""
 "11:26:47.2543408 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Control\CLASS\{4D36E968-E325-11CE-BFC1-08002BE10318}\0001\PruningMode","NAME NOT FOUND","Length: 52"
 "11:26:47.2543500 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Control\CLASS\{4D36E968-E325-11CE-BFC1-08002BE10318}\0001","SUCCESS",""
 "11:26:47.2543578 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Enum\PCI\VEN_10DE&DEV_11FC&SUBSYS_15CC1028&REV_A1\4&1c0e275d&0&0008","SUCCESS","Desired Access: Read"
 "11:26:47.2543659 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Enum\PCI\VEN_10DE&DEV_11FC&SUBSYS_15CC1028&REV_A1\4&1c0e275d&0&0008\HardwareID","SUCCESS","Type: REG_MULTI_SZ, Length: 292, Data: PCI\VEN_10DE&DEV_11FC&SUBSYS_15CC1028&REV_A1, PCI\VEN_10DE&DEV_11FC&SUBSYS_15CC1028, PCI\VEN_10DE&DEV_11FC&CC_030000, PCI\VEN_10DE&DEV_11FC&CC_0300"
 "11:26:47.2543762 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Enum\PCI\VEN_10DE&DEV_11FC&SUBSYS_15CC1028&REV_A1\4&1c0e275d&0&0008","SUCCESS",""
 "11:26:47.2543847 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Enum\PCI\VEN_10DE&DEV_11FC&SUBSYS_15CC1028&REV_A1\4&1c0e275d&0&0008","SUCCESS","Desired Access: Read"
 "11:26:47.2543928 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Enum\PCI\VEN_10DE&DEV_11FC&SUBSYS_15CC1028&REV_A1\4&1c0e275d&0&0008\HardwareID","SUCCESS","Type: REG_MULTI_SZ, Length: 292, Data: PCI\VEN_10DE&DEV_11FC&SUBSYS_15CC1028&REV_A1, PCI\VEN_10DE&DEV_11FC&SUBSYS_15CC1028, PCI\VEN_10DE&DEV_11FC&CC_030000, PCI\VEN_10DE&DEV_11FC&CC_0300"
 "11:26:47.2544020 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Enum\PCI\VEN_10DE&DEV_11FC&SUBSYS_15CC1028&REV_A1\4&1c0e275d&0&0008","SUCCESS",""
 "11:26:47.2544095 AM","view-test.exe","24980","RegOpenKey","HKLM\Hardware\DeviceMap\Video","SUCCESS","Desired Access: Read"
 "11:26:47.2544165 AM","view-test.exe","24980","RegQueryValue","HKLM\HARDWARE\DEVICEMAP\VIDEO\\Device\Video7","SUCCESS","Type: REG_SZ, Length: 202, Data: \Registry\Machine\System\CurrentControlSet\Control\Video\{47F3E9C5-EBBC-4BE9-832F-73DC6589F2B5}\0000"
 "11:26:47.2544257 AM","view-test.exe","24980","RegCloseKey","HKLM\HARDWARE\DEVICEMAP\VIDEO","SUCCESS",""
 "11:26:47.2554701 AM","view-test.exe","24980","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
 "11:26:47.2554846 AM","view-test.exe","24980","RegOpenKey","HKLM\Software\Wow6432Node\Microsoft\Direct3D","REPARSE","Desired Access: Query Value"
 "11:26:47.2555044 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Direct3D","SUCCESS","Desired Access: Query Value"
 "11:26:47.2555164 AM","view-test.exe","24980","RegSetInfoKey","HKCU\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Direct3D","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:47.2555239 AM","view-test.exe","24980","RegQueryValue","HKCU\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Direct3D\MinimumLocalVidMem","NAME NOT FOUND","Length: 144"
 "11:26:47.2555370 AM","view-test.exe","24980","RegCloseKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Direct3D","SUCCESS",""
 "11:26:47.2555444 AM","view-test.exe","24980","RegCloseKey","HKCU\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Direct3D","SUCCESS",""
 "11:26:47.2555894 AM","view-test.exe","24980","RegOpenKey","HKLM\Hardware\DeviceMap\VIDEO","SUCCESS","Desired Access: Read, Maximum Allowed"
 "11:26:47.2555989 AM","view-test.exe","24980","RegQueryValue","HKLM\HARDWARE\DEVICEMAP\VIDEO\MaxObjectNumber","SUCCESS","Type: REG_DWORD, Length: 4, Data: 10"
 "11:26:47.2556095 AM","view-test.exe","24980","RegCloseKey","HKLM\HARDWARE\DEVICEMAP\VIDEO","SUCCESS",""
 "11:26:47.2556198 AM","view-test.exe","24980","RegOpenKey","HKLM\Hardware\DeviceMap\Video","SUCCESS","Desired Access: Read"
 "11:26:47.2556283 AM","view-test.exe","24980","RegQueryValue","HKLM\HARDWARE\DEVICEMAP\VIDEO\\Device\Video4","SUCCESS","Type: REG_SZ, Length: 202, Data: \Registry\Machine\System\CurrentControlSet\Control\Video\{BA86A327-71E2-426F-9F8A-30608887E2D4}\0000"
 "11:26:47.2556417 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\CONTROL\VIDEO\{BA86A327-71E2-426F-9F8A-30608887E2D4}\0000","REPARSE","Desired Access: Read"
 "11:26:47.2556527 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\CONTROL\VIDEO\{BA86A327-71E2-426F-9F8A-30608887E2D4}\0000","SUCCESS","Desired Access: Read"
 "11:26:47.2556640 AM","view-test.exe","24980","RegCloseKey","HKLM\HARDWARE\DEVICEMAP\VIDEO","SUCCESS",""
 "11:26:47.2556715 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Control\CLASS\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000\PruningMode","NAME NOT FOUND","Length: 52"
 "11:26:47.2556863 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Control\CLASS\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000","SUCCESS",""
 "11:26:47.2556969 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Enum\PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028&REV_06\3&11583659&0&10","SUCCESS","Desired Access: Read"
 "11:26:47.2557051 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Enum\PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028&REV_06\3&11583659&0&10\HardwareID","SUCCESS","Type: REG_MULTI_SZ, Length: 292, Data: PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028&REV_06, PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028, PCI\VEN_8086&DEV_0416&CC_030000, PCI\VEN_8086&DEV_0416&CC_0300"
 "11:26:47.2557146 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Enum\PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028&REV_06\3&11583659&0&10","SUCCESS",""
 "11:26:47.2557228 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Enum\PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028&REV_06\3&11583659&0&10","SUCCESS","Desired Access: Read"
 "11:26:47.2557298 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Enum\PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028&REV_06\3&11583659&0&10\HardwareID","SUCCESS","Type: REG_MULTI_SZ, Length: 292, Data: PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028&REV_06, PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028, PCI\VEN_8086&DEV_0416&CC_030000, PCI\VEN_8086&DEV_0416&CC_0300"
 "11:26:47.2557387 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Enum\PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028&REV_06\3&11583659&0&10","SUCCESS",""
 "11:26:47.2557468 AM","view-test.exe","24980","RegOpenKey","HKLM\Hardware\DeviceMap\Video","SUCCESS","Desired Access: Read"
 "11:26:47.2557543 AM","view-test.exe","24980","RegQueryValue","HKLM\HARDWARE\DEVICEMAP\VIDEO\\Device\Video4","SUCCESS","Type: REG_SZ, Length: 202, Data: \Registry\Machine\System\CurrentControlSet\Control\Video\{BA86A327-71E2-426F-9F8A-30608887E2D4}\0000"
 "11:26:47.2557635 AM","view-test.exe","24980","RegCloseKey","HKLM\HARDWARE\DEVICEMAP\VIDEO","SUCCESS",""
 "11:26:47.2557751 AM","view-test.exe","24980","RegOpenKey","HKLM\Hardware\DeviceMap\VIDEO","SUCCESS","Desired Access: Read, Maximum Allowed"
 "11:26:47.2557836 AM","view-test.exe","24980","RegQueryValue","HKLM\HARDWARE\DEVICEMAP\VIDEO\MaxObjectNumber","SUCCESS","Type: REG_DWORD, Length: 4, Data: 10"
 "11:26:47.2557939 AM","view-test.exe","24980","RegCloseKey","HKLM\HARDWARE\DEVICEMAP\VIDEO","SUCCESS",""
 "11:26:47.2558024 AM","view-test.exe","24980","RegOpenKey","HKLM\Hardware\DeviceMap\Video","SUCCESS","Desired Access: Read"
 "11:26:47.2558098 AM","view-test.exe","24980","RegQueryValue","HKLM\HARDWARE\DEVICEMAP\VIDEO\\Device\Video5","SUCCESS","Type: REG_SZ, Length: 202, Data: \Registry\Machine\System\CurrentControlSet\Control\Video\{BA86A327-71E2-426F-9F8A-30608887E2D4}\0001"
 "11:26:47.2558215 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\CONTROL\VIDEO\{BA86A327-71E2-426F-9F8A-30608887E2D4}\0001","REPARSE","Desired Access: Read"
 "11:26:47.2558304 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\CONTROL\VIDEO\{BA86A327-71E2-426F-9F8A-30608887E2D4}\0001","SUCCESS","Desired Access: Read"
 "11:26:47.2558396 AM","view-test.exe","24980","RegCloseKey","HKLM\HARDWARE\DEVICEMAP\VIDEO","SUCCESS",""
 "11:26:47.2558456 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Control\CLASS\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000\PruningMode","NAME NOT FOUND","Length: 52"
 "11:26:47.2558569 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Control\CLASS\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000","SUCCESS",""
 "11:26:47.2558647 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Enum\PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028&REV_06\3&11583659&0&10","SUCCESS","Desired Access: Read"
 "11:26:47.2558721 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Enum\PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028&REV_06\3&11583659&0&10\HardwareID","SUCCESS","Type: REG_MULTI_SZ, Length: 292, Data: PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028&REV_06, PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028, PCI\VEN_8086&DEV_0416&CC_030000, PCI\VEN_8086&DEV_0416&CC_0300"
 "11:26:47.2558813 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Enum\PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028&REV_06\3&11583659&0&10","SUCCESS",""
 "11:26:47.2558891 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Enum\PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028&REV_06\3&11583659&0&10","SUCCESS","Desired Access: Read"
 "11:26:47.2558980 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Enum\PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028&REV_06\3&11583659&0&10\HardwareID","SUCCESS","Type: REG_MULTI_SZ, Length: 292, Data: PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028&REV_06, PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028, PCI\VEN_8086&DEV_0416&CC_030000, PCI\VEN_8086&DEV_0416&CC_0300"
 "11:26:47.2559086 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Enum\PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028&REV_06\3&11583659&0&10","SUCCESS",""
 "11:26:47.2559164 AM","view-test.exe","24980","RegOpenKey","HKLM\Hardware\DeviceMap\Video","SUCCESS","Desired Access: Read"
 "11:26:47.2559234 AM","view-test.exe","24980","RegQueryValue","HKLM\HARDWARE\DEVICEMAP\VIDEO\\Device\Video5","SUCCESS","Type: REG_SZ, Length: 202, Data: \Registry\Machine\System\CurrentControlSet\Control\Video\{BA86A327-71E2-426F-9F8A-30608887E2D4}\0001"
 "11:26:47.2559326 AM","view-test.exe","24980","RegCloseKey","HKLM\HARDWARE\DEVICEMAP\VIDEO","SUCCESS",""
 "11:26:47.2559429 AM","view-test.exe","24980","RegOpenKey","HKLM\Hardware\DeviceMap\VIDEO","SUCCESS","Desired Access: Read, Maximum Allowed"
 "11:26:47.2559503 AM","view-test.exe","24980","RegQueryValue","HKLM\HARDWARE\DEVICEMAP\VIDEO\MaxObjectNumber","SUCCESS","Type: REG_DWORD, Length: 4, Data: 10"
 "11:26:47.2559599 AM","view-test.exe","24980","RegCloseKey","HKLM\HARDWARE\DEVICEMAP\VIDEO","SUCCESS",""
 "11:26:47.2559684 AM","view-test.exe","24980","RegOpenKey","HKLM\Hardware\DeviceMap\Video","SUCCESS","Desired Access: Read"
 "11:26:47.2559755 AM","view-test.exe","24980","RegQueryValue","HKLM\HARDWARE\DEVICEMAP\VIDEO\\Device\Video6","SUCCESS","Type: REG_SZ, Length: 202, Data: \Registry\Machine\System\CurrentControlSet\Control\Video\{BA86A327-71E2-426F-9F8A-30608887E2D4}\0002"
 "11:26:47.2559871 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\CONTROL\VIDEO\{BA86A327-71E2-426F-9F8A-30608887E2D4}\0002","REPARSE","Desired Access: Read"
 "11:26:47.2559953 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\CONTROL\VIDEO\{BA86A327-71E2-426F-9F8A-30608887E2D4}\0002","SUCCESS","Desired Access: Read"
 "11:26:47.2560038 AM","view-test.exe","24980","RegCloseKey","HKLM\HARDWARE\DEVICEMAP\VIDEO","SUCCESS",""
 "11:26:47.2560101 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Control\CLASS\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000\PruningMode","NAME NOT FOUND","Length: 52"
 "11:26:47.2560215 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Control\CLASS\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000","SUCCESS",""
 "11:26:47.2560292 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Enum\PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028&REV_06\3&11583659&0&10","SUCCESS","Desired Access: Read"
 "11:26:47.2560374 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Enum\PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028&REV_06\3&11583659&0&10\HardwareID","SUCCESS","Type: REG_MULTI_SZ, Length: 292, Data: PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028&REV_06, PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028, PCI\VEN_8086&DEV_0416&CC_030000, PCI\VEN_8086&DEV_0416&CC_0300"
 "11:26:47.2560469 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Enum\PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028&REV_06\3&11583659&0&10","SUCCESS",""
 "11:26:47.2560547 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Enum\PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028&REV_06\3&11583659&0&10","SUCCESS","Desired Access: Read"
 "11:26:47.2560618 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Enum\PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028&REV_06\3&11583659&0&10\HardwareID","SUCCESS","Type: REG_MULTI_SZ, Length: 292, Data: PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028&REV_06, PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028, PCI\VEN_8086&DEV_0416&CC_030000, PCI\VEN_8086&DEV_0416&CC_0300"
 "11:26:47.2560724 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Enum\PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028&REV_06\3&11583659&0&10","SUCCESS",""
 "11:26:47.2560820 AM","view-test.exe","24980","RegOpenKey","HKLM\Hardware\DeviceMap\Video","SUCCESS","Desired Access: Read"
 "11:26:47.2560891 AM","view-test.exe","24980","RegQueryValue","HKLM\HARDWARE\DEVICEMAP\VIDEO\\Device\Video6","SUCCESS","Type: REG_SZ, Length: 202, Data: \Registry\Machine\System\CurrentControlSet\Control\Video\{BA86A327-71E2-426F-9F8A-30608887E2D4}\0002"
 "11:26:47.2560983 AM","view-test.exe","24980","RegCloseKey","HKLM\HARDWARE\DEVICEMAP\VIDEO","SUCCESS",""
 "11:26:47.2561082 AM","view-test.exe","24980","RegOpenKey","HKLM\Hardware\DeviceMap\VIDEO","SUCCESS","Desired Access: Read, Maximum Allowed"
 "11:26:47.2561156 AM","view-test.exe","24980","RegQueryValue","HKLM\HARDWARE\DEVICEMAP\VIDEO\MaxObjectNumber","SUCCESS","Type: REG_DWORD, Length: 4, Data: 10"
 "11:26:47.2561244 AM","view-test.exe","24980","RegCloseKey","HKLM\HARDWARE\DEVICEMAP\VIDEO","SUCCESS",""
 "11:26:47.2561329 AM","view-test.exe","24980","RegOpenKey","HKLM\Hardware\DeviceMap\Video","SUCCESS","Desired Access: Read"
 "11:26:47.2561397 AM","view-test.exe","24980","RegQueryValue","HKLM\HARDWARE\DEVICEMAP\VIDEO\\Device\Video7","SUCCESS","Type: REG_SZ, Length: 202, Data: \Registry\Machine\System\CurrentControlSet\Control\Video\{47F3E9C5-EBBC-4BE9-832F-73DC6589F2B5}\0000"
 "11:26:47.2561528 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\CONTROL\VIDEO\{47F3E9C5-EBBC-4BE9-832F-73DC6589F2B5}\0000","REPARSE","Desired Access: Read"
 "11:26:47.2561620 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\CONTROL\VIDEO\{47F3E9C5-EBBC-4BE9-832F-73DC6589F2B5}\0000","SUCCESS","Desired Access: Read"
 "11:26:47.2561705 AM","view-test.exe","24980","RegCloseKey","HKLM\HARDWARE\DEVICEMAP\VIDEO","SUCCESS",""
 "11:26:47.2561765 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Control\CLASS\{4D36E968-E325-11CE-BFC1-08002BE10318}\0001\PruningMode","NAME NOT FOUND","Length: 52"
 "11:26:47.2561860 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Control\CLASS\{4D36E968-E325-11CE-BFC1-08002BE10318}\0001","SUCCESS",""
 "11:26:47.2561935 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Enum\PCI\VEN_10DE&DEV_11FC&SUBSYS_15CC1028&REV_A1\4&1c0e275d&0&0008","SUCCESS","Desired Access: Read"
 "11:26:47.2562058 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Enum\PCI\VEN_10DE&DEV_11FC&SUBSYS_15CC1028&REV_A1\4&1c0e275d&0&0008\HardwareID","SUCCESS","Type: REG_MULTI_SZ, Length: 292, Data: PCI\VEN_10DE&DEV_11FC&SUBSYS_15CC1028&REV_A1, PCI\VEN_10DE&DEV_11FC&SUBSYS_15CC1028, PCI\VEN_10DE&DEV_11FC&CC_030000, PCI\VEN_10DE&DEV_11FC&CC_0300"
 "11:26:47.2562158 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Enum\PCI\VEN_10DE&DEV_11FC&SUBSYS_15CC1028&REV_A1\4&1c0e275d&0&0008","SUCCESS",""
 "11:26:47.2562235 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Enum\PCI\VEN_10DE&DEV_11FC&SUBSYS_15CC1028&REV_A1\4&1c0e275d&0&0008","SUCCESS","Desired Access: Read"
 "11:26:47.2562306 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Enum\PCI\VEN_10DE&DEV_11FC&SUBSYS_15CC1028&REV_A1\4&1c0e275d&0&0008\HardwareID","SUCCESS","Type: REG_MULTI_SZ, Length: 292, Data: PCI\VEN_10DE&DEV_11FC&SUBSYS_15CC1028&REV_A1, PCI\VEN_10DE&DEV_11FC&SUBSYS_15CC1028, PCI\VEN_10DE&DEV_11FC&CC_030000, PCI\VEN_10DE&DEV_11FC&CC_0300"
 "11:26:47.2562395 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Enum\PCI\VEN_10DE&DEV_11FC&SUBSYS_15CC1028&REV_A1\4&1c0e275d&0&0008","SUCCESS",""
 "11:26:47.2562472 AM","view-test.exe","24980","RegOpenKey","HKLM\Hardware\DeviceMap\Video","SUCCESS","Desired Access: Read"
 "11:26:47.2562557 AM","view-test.exe","24980","RegQueryValue","HKLM\HARDWARE\DEVICEMAP\VIDEO\\Device\Video7","SUCCESS","Type: REG_SZ, Length: 202, Data: \Registry\Machine\System\CurrentControlSet\Control\Video\{47F3E9C5-EBBC-4BE9-832F-73DC6589F2B5}\0000"
 "11:26:47.2562657 AM","view-test.exe","24980","RegCloseKey","HKLM\HARDWARE\DEVICEMAP\VIDEO","SUCCESS",""
 "11:26:47.2562759 AM","view-test.exe","24980","RegOpenKey","HKLM\Hardware\DeviceMap\VIDEO","SUCCESS","Desired Access: Read, Maximum Allowed"
 "11:26:47.2562833 AM","view-test.exe","24980","RegQueryValue","HKLM\HARDWARE\DEVICEMAP\VIDEO\MaxObjectNumber","SUCCESS","Type: REG_DWORD, Length: 4, Data: 10"
 "11:26:47.2562925 AM","view-test.exe","24980","RegCloseKey","HKLM\HARDWARE\DEVICEMAP\VIDEO","SUCCESS",""
 "11:26:47.2563003 AM","view-test.exe","24980","RegOpenKey","HKLM\Hardware\DeviceMap\Video","SUCCESS","Desired Access: Read"
 "11:26:47.2563074 AM","view-test.exe","24980","RegQueryValue","HKLM\HARDWARE\DEVICEMAP\VIDEO\\Device\Video8","SUCCESS","Type: REG_SZ, Length: 202, Data: \Registry\Machine\System\CurrentControlSet\Control\Video\{47F3E9C5-EBBC-4BE9-832F-73DC6589F2B5}\0001"
 "11:26:47.2563194 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\CONTROL\VIDEO\{47F3E9C5-EBBC-4BE9-832F-73DC6589F2B5}\0001","REPARSE","Desired Access: Read"
 "11:26:47.2563276 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\CONTROL\VIDEO\{47F3E9C5-EBBC-4BE9-832F-73DC6589F2B5}\0001","SUCCESS","Desired Access: Read"
 "11:26:47.2563371 AM","view-test.exe","24980","RegCloseKey","HKLM\HARDWARE\DEVICEMAP\VIDEO","SUCCESS",""
 "11:26:47.2563435 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Control\CLASS\{4D36E968-E325-11CE-BFC1-08002BE10318}\0001\PruningMode","NAME NOT FOUND","Length: 52"
 "11:26:47.2563520 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Control\CLASS\{4D36E968-E325-11CE-BFC1-08002BE10318}\0001","SUCCESS",""
 "11:26:47.2563598 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Enum\PCI\VEN_10DE&DEV_11FC&SUBSYS_15CC1028&REV_A1\4&1c0e275d&0&0008","SUCCESS","Desired Access: Read"
 "11:26:47.2563669 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Enum\PCI\VEN_10DE&DEV_11FC&SUBSYS_15CC1028&REV_A1\4&1c0e275d&0&0008\HardwareID","SUCCESS","Type: REG_MULTI_SZ, Length: 292, Data: PCI\VEN_10DE&DEV_11FC&SUBSYS_15CC1028&REV_A1, PCI\VEN_10DE&DEV_11FC&SUBSYS_15CC1028, PCI\VEN_10DE&DEV_11FC&CC_030000, PCI\VEN_10DE&DEV_11FC&CC_0300"
 "11:26:47.2563757 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Enum\PCI\VEN_10DE&DEV_11FC&SUBSYS_15CC1028&REV_A1\4&1c0e275d&0&0008","SUCCESS",""
 "11:26:47.2563846 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Enum\PCI\VEN_10DE&DEV_11FC&SUBSYS_15CC1028&REV_A1\4&1c0e275d&0&0008","SUCCESS","Desired Access: Read"
 "11:26:47.2563941 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Enum\PCI\VEN_10DE&DEV_11FC&SUBSYS_15CC1028&REV_A1\4&1c0e275d&0&0008\HardwareID","SUCCESS","Type: REG_MULTI_SZ, Length: 292, Data: PCI\VEN_10DE&DEV_11FC&SUBSYS_15CC1028&REV_A1, PCI\VEN_10DE&DEV_11FC&SUBSYS_15CC1028, PCI\VEN_10DE&DEV_11FC&CC_030000, PCI\VEN_10DE&DEV_11FC&CC_0300"
 "11:26:47.2564037 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Enum\PCI\VEN_10DE&DEV_11FC&SUBSYS_15CC1028&REV_A1\4&1c0e275d&0&0008","SUCCESS",""
 "11:26:47.2564118 AM","view-test.exe","24980","RegOpenKey","HKLM\Hardware\DeviceMap\Video","SUCCESS","Desired Access: Read"
 "11:26:47.2564203 AM","view-test.exe","24980","RegQueryValue","HKLM\HARDWARE\DEVICEMAP\VIDEO\\Device\Video8","SUCCESS","Type: REG_SZ, Length: 202, Data: \Registry\Machine\System\CurrentControlSet\Control\Video\{47F3E9C5-EBBC-4BE9-832F-73DC6589F2B5}\0001"
 "11:26:47.2564309 AM","view-test.exe","24980","RegCloseKey","HKLM\HARDWARE\DEVICEMAP\VIDEO","SUCCESS",""
 "11:26:47.2564430 AM","view-test.exe","24980","RegOpenKey","HKLM\Hardware\DeviceMap\VIDEO","SUCCESS","Desired Access: Read, Maximum Allowed"
 "11:26:47.2564504 AM","view-test.exe","24980","RegQueryValue","HKLM\HARDWARE\DEVICEMAP\VIDEO\MaxObjectNumber","SUCCESS","Type: REG_DWORD, Length: 4, Data: 10"
 "11:26:47.2564599 AM","view-test.exe","24980","RegCloseKey","HKLM\HARDWARE\DEVICEMAP\VIDEO","SUCCESS",""
 "11:26:47.2564681 AM","view-test.exe","24980","RegOpenKey","HKLM\Hardware\DeviceMap\Video","SUCCESS","Desired Access: Read"
 "11:26:47.2564752 AM","view-test.exe","24980","RegQueryValue","HKLM\HARDWARE\DEVICEMAP\VIDEO\\Device\Video9","SUCCESS","Type: REG_SZ, Length: 202, Data: \Registry\Machine\System\CurrentControlSet\Control\Video\{47F3E9C5-EBBC-4BE9-832F-73DC6589F2B5}\0002"
 "11:26:47.2564868 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\CONTROL\VIDEO\{47F3E9C5-EBBC-4BE9-832F-73DC6589F2B5}\0002","REPARSE","Desired Access: Read"
 "11:26:47.2564950 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\CONTROL\VIDEO\{47F3E9C5-EBBC-4BE9-832F-73DC6589F2B5}\0002","SUCCESS","Desired Access: Read"
 "11:26:47.2565035 AM","view-test.exe","24980","RegCloseKey","HKLM\HARDWARE\DEVICEMAP\VIDEO","SUCCESS",""
 "11:26:47.2565095 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Control\CLASS\{4D36E968-E325-11CE-BFC1-08002BE10318}\0001\PruningMode","NAME NOT FOUND","Length: 52"
 "11:26:47.2565180 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Control\CLASS\{4D36E968-E325-11CE-BFC1-08002BE10318}\0001","SUCCESS",""
 "11:26:47.2565254 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Enum\PCI\VEN_10DE&DEV_11FC&SUBSYS_15CC1028&REV_A1\4&1c0e275d&0&0008","SUCCESS","Desired Access: Read"
 "11:26:47.2565325 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Enum\PCI\VEN_10DE&DEV_11FC&SUBSYS_15CC1028&REV_A1\4&1c0e275d&0&0008\HardwareID","SUCCESS","Type: REG_MULTI_SZ, Length: 292, Data: PCI\VEN_10DE&DEV_11FC&SUBSYS_15CC1028&REV_A1, PCI\VEN_10DE&DEV_11FC&SUBSYS_15CC1028, PCI\VEN_10DE&DEV_11FC&CC_030000, PCI\VEN_10DE&DEV_11FC&CC_0300"
 "11:26:47.2565428 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Enum\PCI\VEN_10DE&DEV_11FC&SUBSYS_15CC1028&REV_A1\4&1c0e275d&0&0008","SUCCESS",""
 "11:26:47.2565505 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Enum\PCI\VEN_10DE&DEV_11FC&SUBSYS_15CC1028&REV_A1\4&1c0e275d&0&0008","SUCCESS","Desired Access: Read"
 "11:26:47.2565573 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Enum\PCI\VEN_10DE&DEV_11FC&SUBSYS_15CC1028&REV_A1\4&1c0e275d&0&0008\HardwareID","SUCCESS","Type: REG_MULTI_SZ, Length: 292, Data: PCI\VEN_10DE&DEV_11FC&SUBSYS_15CC1028&REV_A1, PCI\VEN_10DE&DEV_11FC&SUBSYS_15CC1028, PCI\VEN_10DE&DEV_11FC&CC_030000, PCI\VEN_10DE&DEV_11FC&CC_0300"
 "11:26:47.2565665 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Enum\PCI\VEN_10DE&DEV_11FC&SUBSYS_15CC1028&REV_A1\4&1c0e275d&0&0008","SUCCESS",""
 "11:26:47.2565739 AM","view-test.exe","24980","RegOpenKey","HKLM\Hardware\DeviceMap\Video","SUCCESS","Desired Access: Read"
 "11:26:47.2565810 AM","view-test.exe","24980","RegQueryValue","HKLM\HARDWARE\DEVICEMAP\VIDEO\\Device\Video9","SUCCESS","Type: REG_SZ, Length: 202, Data: \Registry\Machine\System\CurrentControlSet\Control\Video\{47F3E9C5-EBBC-4BE9-832F-73DC6589F2B5}\0002"
 "11:26:47.2565909 AM","view-test.exe","24980","RegCloseKey","HKLM\HARDWARE\DEVICEMAP\VIDEO","SUCCESS",""
 "11:26:47.2566004 AM","view-test.exe","24980","RegOpenKey","HKLM\Hardware\DeviceMap\VIDEO","SUCCESS","Desired Access: Read, Maximum Allowed"
 "11:26:47.2566075 AM","view-test.exe","24980","RegQueryValue","HKLM\HARDWARE\DEVICEMAP\VIDEO\MaxObjectNumber","SUCCESS","Type: REG_DWORD, Length: 4, Data: 10"
 "11:26:47.2566167 AM","view-test.exe","24980","RegCloseKey","HKLM\HARDWARE\DEVICEMAP\VIDEO","SUCCESS",""
 "11:26:47.2566252 AM","view-test.exe","24980","RegOpenKey","HKLM\Hardware\DeviceMap\Video","SUCCESS","Desired Access: Read"
 "11:26:47.2566319 AM","view-test.exe","24980","RegQueryValue","HKLM\HARDWARE\DEVICEMAP\VIDEO\\Device\Video10","SUCCESS","Type: REG_SZ, Length: 202, Data: \Registry\Machine\System\CurrentControlSet\Control\Video\{47F3E9C5-EBBC-4BE9-832F-73DC6589F2B5}\0003"
 "11:26:47.2566447 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\CONTROL\VIDEO\{47F3E9C5-EBBC-4BE9-832F-73DC6589F2B5}\0003","REPARSE","Desired Access: Read"
 "11:26:47.2566546 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\CONTROL\VIDEO\{47F3E9C5-EBBC-4BE9-832F-73DC6589F2B5}\0003","SUCCESS","Desired Access: Read"
 "11:26:47.2566659 AM","view-test.exe","24980","RegCloseKey","HKLM\HARDWARE\DEVICEMAP\VIDEO","SUCCESS",""
 "11:26:47.2566723 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Control\CLASS\{4D36E968-E325-11CE-BFC1-08002BE10318}\0001\PruningMode","NAME NOT FOUND","Length: 52"
 "11:26:47.2566808 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Control\CLASS\{4D36E968-E325-11CE-BFC1-08002BE10318}\0001","SUCCESS",""
 "11:26:47.2566882 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Enum\PCI\VEN_10DE&DEV_11FC&SUBSYS_15CC1028&REV_A1\4&1c0e275d&0&0008","SUCCESS","Desired Access: Read"
 "11:26:47.2566956 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Enum\PCI\VEN_10DE&DEV_11FC&SUBSYS_15CC1028&REV_A1\4&1c0e275d&0&0008\HardwareID","SUCCESS","Type: REG_MULTI_SZ, Length: 292, Data: PCI\VEN_10DE&DEV_11FC&SUBSYS_15CC1028&REV_A1, PCI\VEN_10DE&DEV_11FC&SUBSYS_15CC1028, PCI\VEN_10DE&DEV_11FC&CC_030000, PCI\VEN_10DE&DEV_11FC&CC_0300"
 "11:26:47.2567045 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Enum\PCI\VEN_10DE&DEV_11FC&SUBSYS_15CC1028&REV_A1\4&1c0e275d&0&0008","SUCCESS",""
 "11:26:47.2567119 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Enum\PCI\VEN_10DE&DEV_11FC&SUBSYS_15CC1028&REV_A1\4&1c0e275d&0&0008","SUCCESS","Desired Access: Read"
 "11:26:47.2567208 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Enum\PCI\VEN_10DE&DEV_11FC&SUBSYS_15CC1028&REV_A1\4&1c0e275d&0&0008\HardwareID","SUCCESS","Type: REG_MULTI_SZ, Length: 292, Data: PCI\VEN_10DE&DEV_11FC&SUBSYS_15CC1028&REV_A1, PCI\VEN_10DE&DEV_11FC&SUBSYS_15CC1028, PCI\VEN_10DE&DEV_11FC&CC_030000, PCI\VEN_10DE&DEV_11FC&CC_0300"
 "11:26:47.2567300 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Enum\PCI\VEN_10DE&DEV_11FC&SUBSYS_15CC1028&REV_A1\4&1c0e275d&0&0008","SUCCESS",""
 "11:26:47.2567378 AM","view-test.exe","24980","RegOpenKey","HKLM\Hardware\DeviceMap\Video","SUCCESS","Desired Access: Read"
 "11:26:47.2567445 AM","view-test.exe","24980","RegQueryValue","HKLM\HARDWARE\DEVICEMAP\VIDEO\\Device\Video10","SUCCESS","Type: REG_SZ, Length: 202, Data: \Registry\Machine\System\CurrentControlSet\Control\Video\{47F3E9C5-EBBC-4BE9-832F-73DC6589F2B5}\0003"
 "11:26:47.2567540 AM","view-test.exe","24980","RegCloseKey","HKLM\HARDWARE\DEVICEMAP\VIDEO","SUCCESS",""
 "11:26:47.2567636 AM","view-test.exe","24980","RegOpenKey","HKLM\Hardware\DeviceMap\VIDEO","SUCCESS","Desired Access: Read, Maximum Allowed"
 "11:26:47.2567731 AM","view-test.exe","24980","RegQueryValue","HKLM\HARDWARE\DEVICEMAP\VIDEO\MaxObjectNumber","SUCCESS","Type: REG_DWORD, Length: 4, Data: 10"
 "11:26:47.2567838 AM","view-test.exe","24980","RegCloseKey","HKLM\HARDWARE\DEVICEMAP\VIDEO","SUCCESS",""
 "11:26:47.2567940 AM","view-test.exe","24980","RegOpenKey","HKLM\Hardware\DeviceMap\Video","SUCCESS","Desired Access: Read"
 "11:26:47.2568018 AM","view-test.exe","24980","RegQueryValue","HKLM\HARDWARE\DEVICEMAP\VIDEO\\Device\Video0","SUCCESS","Type: REG_SZ, Length: 202, Data: \Registry\Machine\System\CurrentControlSet\Control\Video\{DEB039CC-B704-4F53-B43E-9DD4432FA2E9}\0000"
 "11:26:47.2568184 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\CONTROL\VIDEO\{DEB039CC-B704-4F53-B43E-9DD4432FA2E9}\0000","REPARSE","Desired Access: Read"
 "11:26:47.2568291 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\CONTROL\VIDEO\{DEB039CC-B704-4F53-B43E-9DD4432FA2E9}\0000","SUCCESS","Desired Access: Read"
 "11:26:47.2568400 AM","view-test.exe","24980","RegCloseKey","HKLM\HARDWARE\DEVICEMAP\VIDEO","SUCCESS",""
 "11:26:47.2568468 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Control\VIDEO\{DEB039CC-B704-4F53-B43E-9DD4432FA2E9}\0000\PruningMode","NAME NOT FOUND","Length: 52"
 "11:26:47.2568542 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Control\VIDEO\{DEB039CC-B704-4F53-B43E-9DD4432FA2E9}\0000","SUCCESS",""
 "11:26:47.2568616 AM","view-test.exe","24980","RegOpenKey","HKLM\Hardware\DeviceMap\Video","SUCCESS","Desired Access: Read"
 "11:26:47.2568683 AM","view-test.exe","24980","RegQueryValue","HKLM\HARDWARE\DEVICEMAP\VIDEO\\Device\Video0","SUCCESS","Type: REG_SZ, Length: 202, Data: \Registry\Machine\System\CurrentControlSet\Control\Video\{DEB039CC-B704-4F53-B43E-9DD4432FA2E9}\0000"
 "11:26:47.2568772 AM","view-test.exe","24980","RegCloseKey","HKLM\HARDWARE\DEVICEMAP\VIDEO","SUCCESS",""
 "11:26:47.2568875 AM","view-test.exe","24980","RegOpenKey","HKLM\Hardware\DeviceMap\VIDEO","SUCCESS","Desired Access: Read, Maximum Allowed"
 "11:26:47.2568945 AM","view-test.exe","24980","RegQueryValue","HKLM\HARDWARE\DEVICEMAP\VIDEO\MaxObjectNumber","SUCCESS","Type: REG_DWORD, Length: 4, Data: 10"
 "11:26:47.2569034 AM","view-test.exe","24980","RegCloseKey","HKLM\HARDWARE\DEVICEMAP\VIDEO","SUCCESS",""
 "11:26:47.2569126 AM","view-test.exe","24980","RegOpenKey","HKLM\Hardware\DeviceMap\Video","SUCCESS","Desired Access: Read"
 "11:26:47.2569197 AM","view-test.exe","24980","RegQueryValue","HKLM\HARDWARE\DEVICEMAP\VIDEO\\Device\Video1","SUCCESS","Type: REG_SZ, Length: 202, Data: \Registry\Machine\System\CurrentControlSet\Control\Video\{42cf9257-1d96-4c9d-87f3-0d8e74595f78}\0000"
 "11:26:47.2569313 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\CONTROL\VIDEO\{42CF9257-1D96-4C9D-87F3-0D8E74595F78}\0000","REPARSE","Desired Access: Read"
 "11:26:47.2569395 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\CONTROL\VIDEO\{42CF9257-1D96-4C9D-87F3-0D8E74595F78}\0000","SUCCESS","Desired Access: Read"
 "11:26:47.2569483 AM","view-test.exe","24980","RegCloseKey","HKLM\HARDWARE\DEVICEMAP\VIDEO","SUCCESS",""
 "11:26:47.2569543 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Control\VIDEO\{42CF9257-1D96-4C9D-87F3-0D8E74595F78}\0000\PruningMode","NAME NOT FOUND","Length: 52"
 "11:26:47.2569614 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Control\VIDEO\{42CF9257-1D96-4C9D-87F3-0D8E74595F78}\0000","SUCCESS",""
 "11:26:47.2569699 AM","view-test.exe","24980","RegOpenKey","HKLM\Hardware\DeviceMap\Video","SUCCESS","Desired Access: Read"
 "11:26:47.2569770 AM","view-test.exe","24980","RegQueryValue","HKLM\HARDWARE\DEVICEMAP\VIDEO\\Device\Video1","SUCCESS","Type: REG_SZ, Length: 202, Data: \Registry\Machine\System\CurrentControlSet\Control\Video\{42cf9257-1d96-4c9d-87f3-0d8e74595f78}\0000"
 "11:26:47.2569862 AM","view-test.exe","24980","RegCloseKey","HKLM\HARDWARE\DEVICEMAP\VIDEO","SUCCESS",""
 "11:26:47.2569961 AM","view-test.exe","24980","RegOpenKey","HKLM\Hardware\DeviceMap\VIDEO","SUCCESS","Desired Access: Read, Maximum Allowed"
 "11:26:47.2570032 AM","view-test.exe","24980","RegQueryValue","HKLM\HARDWARE\DEVICEMAP\VIDEO\MaxObjectNumber","SUCCESS","Type: REG_DWORD, Length: 4, Data: 10"
 "11:26:47.2570120 AM","view-test.exe","24980","RegCloseKey","HKLM\HARDWARE\DEVICEMAP\VIDEO","SUCCESS",""
 "11:26:47.2570209 AM","view-test.exe","24980","RegOpenKey","HKLM\Hardware\DeviceMap\Video","SUCCESS","Desired Access: Read"
 "11:26:47.2570280 AM","view-test.exe","24980","RegQueryValue","HKLM\HARDWARE\DEVICEMAP\VIDEO\\Device\Video2","SUCCESS","Type: REG_SZ, Length: 202, Data: \Registry\Machine\System\CurrentControlSet\Control\Video\{b043b95c-5670-4f10-b934-8ed0c8eb59a8}\0000"
 "11:26:47.2570407 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\CONTROL\VIDEO\{B043B95C-5670-4F10-B934-8ED0C8EB59A8}\0000","REPARSE","Desired Access: Read"
 "11:26:47.2570502 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\CONTROL\VIDEO\{B043B95C-5670-4F10-B934-8ED0C8EB59A8}\0000","SUCCESS","Desired Access: Read"
 "11:26:47.2570594 AM","view-test.exe","24980","RegCloseKey","HKLM\HARDWARE\DEVICEMAP\VIDEO","SUCCESS",""
 "11:26:47.2570658 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Control\VIDEO\{B043B95C-5670-4F10-B934-8ED0C8EB59A8}\0000\PruningMode","NAME NOT FOUND","Length: 52"
 "11:26:47.2570729 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Control\VIDEO\{B043B95C-5670-4F10-B934-8ED0C8EB59A8}\0000","SUCCESS",""
 "11:26:47.2570800 AM","view-test.exe","24980","RegOpenKey","HKLM\Hardware\DeviceMap\Video","SUCCESS","Desired Access: Read"
 "11:26:47.2570867 AM","view-test.exe","24980","RegQueryValue","HKLM\HARDWARE\DEVICEMAP\VIDEO\\Device\Video2","SUCCESS","Type: REG_SZ, Length: 202, Data: \Registry\Machine\System\CurrentControlSet\Control\Video\{b043b95c-5670-4f10-b934-8ed0c8eb59a8}\0000"
 "11:26:47.2570955 AM","view-test.exe","24980","RegCloseKey","HKLM\HARDWARE\DEVICEMAP\VIDEO","SUCCESS",""
 "11:26:47.2571055 AM","view-test.exe","24980","RegOpenKey","HKLM\Hardware\DeviceMap\VIDEO","SUCCESS","Desired Access: Read, Maximum Allowed"
 "11:26:47.2571125 AM","view-test.exe","24980","RegQueryValue","HKLM\HARDWARE\DEVICEMAP\VIDEO\MaxObjectNumber","SUCCESS","Type: REG_DWORD, Length: 4, Data: 10"
 "11:26:47.2571217 AM","view-test.exe","24980","RegCloseKey","HKLM\HARDWARE\DEVICEMAP\VIDEO","SUCCESS",""
 "11:26:47.2571578 AM","view-test.exe","24980","RegOpenKey","HKLM\Hardware\DeviceMap\VIDEO","SUCCESS","Desired Access: Read, Maximum Allowed"
 "11:26:47.2571663 AM","view-test.exe","24980","RegQueryValue","HKLM\HARDWARE\DEVICEMAP\VIDEO\MaxObjectNumber","SUCCESS","Type: REG_DWORD, Length: 4, Data: 10"
 "11:26:47.2571777 AM","view-test.exe","24980","RegCloseKey","HKLM\HARDWARE\DEVICEMAP\VIDEO","SUCCESS",""
 "11:26:47.2571879 AM","view-test.exe","24980","RegOpenKey","HKLM\Hardware\DeviceMap\Video","SUCCESS","Desired Access: Read"
 "11:26:47.2571961 AM","view-test.exe","24980","RegQueryValue","HKLM\HARDWARE\DEVICEMAP\VIDEO\\Device\Video4","SUCCESS","Type: REG_SZ, Length: 202, Data: \Registry\Machine\System\CurrentControlSet\Control\Video\{BA86A327-71E2-426F-9F8A-30608887E2D4}\0000"
 "11:26:47.2572095 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\CONTROL\VIDEO\{BA86A327-71E2-426F-9F8A-30608887E2D4}\0000","REPARSE","Desired Access: Read"
 "11:26:47.2572187 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\CONTROL\VIDEO\{BA86A327-71E2-426F-9F8A-30608887E2D4}\0000","SUCCESS","Desired Access: Read"
 "11:26:47.2572276 AM","view-test.exe","24980","RegCloseKey","HKLM\HARDWARE\DEVICEMAP\VIDEO","SUCCESS",""
 "11:26:47.2572339 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Control\CLASS\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000\PruningMode","NAME NOT FOUND","Length: 52"
 "11:26:47.2572452 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Control\CLASS\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000","SUCCESS",""
 "11:26:47.2572530 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Enum\PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028&REV_06\3&11583659&0&10","SUCCESS","Desired Access: Read"
 "11:26:47.2572605 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Enum\PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028&REV_06\3&11583659&0&10\HardwareID","SUCCESS","Type: REG_MULTI_SZ, Length: 292, Data: PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028&REV_06, PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028, PCI\VEN_8086&DEV_0416&CC_030000, PCI\VEN_8086&DEV_0416&CC_0300"
 "11:26:47.2572697 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Enum\PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028&REV_06\3&11583659&0&10","SUCCESS",""
 "11:26:47.2572775 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Enum\PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028&REV_06\3&11583659&0&10","SUCCESS","Desired Access: Read"
 "11:26:47.2572845 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Enum\PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028&REV_06\3&11583659&0&10\HardwareID","SUCCESS","Type: REG_MULTI_SZ, Length: 292, Data: PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028&REV_06, PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028, PCI\VEN_8086&DEV_0416&CC_030000, PCI\VEN_8086&DEV_0416&CC_0300"
 "11:26:47.2572937 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Enum\PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028&REV_06\3&11583659&0&10","SUCCESS",""
 "11:26:47.2573012 AM","view-test.exe","24980","RegOpenKey","HKLM\Hardware\DeviceMap\Video","SUCCESS","Desired Access: Read"
 "11:26:47.2573082 AM","view-test.exe","24980","RegQueryValue","HKLM\HARDWARE\DEVICEMAP\VIDEO\\Device\Video4","SUCCESS","Type: REG_SZ, Length: 202, Data: \Registry\Machine\System\CurrentControlSet\Control\Video\{BA86A327-71E2-426F-9F8A-30608887E2D4}\0000"
 "11:26:47.2573185 AM","view-test.exe","24980","RegCloseKey","HKLM\HARDWARE\DEVICEMAP\VIDEO","SUCCESS",""
 "11:26:47.2573288 AM","view-test.exe","24980","RegOpenKey","HKLM\Hardware\DeviceMap\VIDEO","SUCCESS","Desired Access: Read, Maximum Allowed"
 "11:26:47.2573358 AM","view-test.exe","24980","RegQueryValue","HKLM\HARDWARE\DEVICEMAP\VIDEO\MaxObjectNumber","SUCCESS","Type: REG_DWORD, Length: 4, Data: 10"
 "11:26:47.2573450 AM","view-test.exe","24980","RegCloseKey","HKLM\HARDWARE\DEVICEMAP\VIDEO","SUCCESS",""
 "11:26:47.2573532 AM","view-test.exe","24980","RegOpenKey","HKLM\Hardware\DeviceMap\Video","SUCCESS","Desired Access: Read"
 "11:26:47.2573610 AM","view-test.exe","24980","RegQueryValue","HKLM\HARDWARE\DEVICEMAP\VIDEO\\Device\Video5","SUCCESS","Type: REG_SZ, Length: 202, Data: \Registry\Machine\System\CurrentControlSet\Control\Video\{BA86A327-71E2-426F-9F8A-30608887E2D4}\0001"
 "11:26:47.2573762 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\CONTROL\VIDEO\{BA86A327-71E2-426F-9F8A-30608887E2D4}\0001","REPARSE","Desired Access: Read"
 "11:26:47.2573854 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\CONTROL\VIDEO\{BA86A327-71E2-426F-9F8A-30608887E2D4}\0001","SUCCESS","Desired Access: Read"
 "11:26:47.2573942 AM","view-test.exe","24980","RegCloseKey","HKLM\HARDWARE\DEVICEMAP\VIDEO","SUCCESS",""
 "11:26:47.2574017 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Control\CLASS\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000\PruningMode","NAME NOT FOUND","Length: 52"
 "11:26:47.2574137 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Control\CLASS\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000","SUCCESS",""
 "11:26:47.2574218 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Enum\PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028&REV_06\3&11583659&0&10","SUCCESS","Desired Access: Read"
 "11:26:47.2574300 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Enum\PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028&REV_06\3&11583659&0&10\HardwareID","SUCCESS","Type: REG_MULTI_SZ, Length: 292, Data: PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028&REV_06, PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028, PCI\VEN_8086&DEV_0416&CC_030000, PCI\VEN_8086&DEV_0416&CC_0300"
 "11:26:47.2574406 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Enum\PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028&REV_06\3&11583659&0&10","SUCCESS",""
 "11:26:47.2574494 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Enum\PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028&REV_06\3&11583659&0&10","SUCCESS","Desired Access: Read"
 "11:26:47.2574565 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Enum\PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028&REV_06\3&11583659&0&10\HardwareID","SUCCESS","Type: REG_MULTI_SZ, Length: 292, Data: PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028&REV_06, PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028, PCI\VEN_8086&DEV_0416&CC_030000, PCI\VEN_8086&DEV_0416&CC_0300"
 "11:26:47.2574657 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Enum\PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028&REV_06\3&11583659&0&10","SUCCESS",""
 "11:26:47.2574732 AM","view-test.exe","24980","RegOpenKey","HKLM\Hardware\DeviceMap\Video","SUCCESS","Desired Access: Read"
 "11:26:47.2574802 AM","view-test.exe","24980","RegQueryValue","HKLM\HARDWARE\DEVICEMAP\VIDEO\\Device\Video5","SUCCESS","Type: REG_SZ, Length: 202, Data: \Registry\Machine\System\CurrentControlSet\Control\Video\{BA86A327-71E2-426F-9F8A-30608887E2D4}\0001"
 "11:26:47.2574905 AM","view-test.exe","24980","RegCloseKey","HKLM\HARDWARE\DEVICEMAP\VIDEO","SUCCESS",""
 "11:26:47.2575008 AM","view-test.exe","24980","RegOpenKey","HKLM\Hardware\DeviceMap\VIDEO","SUCCESS","Desired Access: Read, Maximum Allowed"
 "11:26:47.2575078 AM","view-test.exe","24980","RegQueryValue","HKLM\HARDWARE\DEVICEMAP\VIDEO\MaxObjectNumber","SUCCESS","Type: REG_DWORD, Length: 4, Data: 10"
 "11:26:47.2575192 AM","view-test.exe","24980","RegCloseKey","HKLM\HARDWARE\DEVICEMAP\VIDEO","SUCCESS",""
 "11:26:47.2575273 AM","view-test.exe","24980","RegOpenKey","HKLM\Hardware\DeviceMap\Video","SUCCESS","Desired Access: Read"
 "11:26:47.2575344 AM","view-test.exe","24980","RegQueryValue","HKLM\HARDWARE\DEVICEMAP\VIDEO\\Device\Video6","SUCCESS","Type: REG_SZ, Length: 202, Data: \Registry\Machine\System\CurrentControlSet\Control\Video\{BA86A327-71E2-426F-9F8A-30608887E2D4}\0002"
 "11:26:47.2575471 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\CONTROL\VIDEO\{BA86A327-71E2-426F-9F8A-30608887E2D4}\0002","REPARSE","Desired Access: Read"
 "11:26:47.2575556 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\CONTROL\VIDEO\{BA86A327-71E2-426F-9F8A-30608887E2D4}\0002","SUCCESS","Desired Access: Read"
 "11:26:47.2575645 AM","view-test.exe","24980","RegCloseKey","HKLM\HARDWARE\DEVICEMAP\VIDEO","SUCCESS",""
 "11:26:47.2575708 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Control\CLASS\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000\PruningMode","NAME NOT FOUND","Length: 52"
 "11:26:47.2575846 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Control\CLASS\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000","SUCCESS",""
 "11:26:47.2575935 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Enum\PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028&REV_06\3&11583659&0&10","SUCCESS","Desired Access: Read"
 "11:26:47.2576013 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Enum\PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028&REV_06\3&11583659&0&10\HardwareID","SUCCESS","Type: REG_MULTI_SZ, Length: 292, Data: PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028&REV_06, PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028, PCI\VEN_8086&DEV_0416&CC_030000, PCI\VEN_8086&DEV_0416&CC_0300"
 "11:26:47.2576108 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Enum\PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028&REV_06\3&11583659&0&10","SUCCESS",""
 "11:26:47.2576200 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Enum\PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028&REV_06\3&11583659&0&10","SUCCESS","Desired Access: Read"
 "11:26:47.2576275 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Enum\PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028&REV_06\3&11583659&0&10\HardwareID","SUCCESS","Type: REG_MULTI_SZ, Length: 292, Data: PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028&REV_06, PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028, PCI\VEN_8086&DEV_0416&CC_030000, PCI\VEN_8086&DEV_0416&CC_0300"
 "11:26:47.2576363 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Enum\PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028&REV_06\3&11583659&0&10","SUCCESS",""
 "11:26:47.2576437 AM","view-test.exe","24980","RegOpenKey","HKLM\Hardware\DeviceMap\Video","SUCCESS","Desired Access: Read"
 "11:26:47.2576508 AM","view-test.exe","24980","RegQueryValue","HKLM\HARDWARE\DEVICEMAP\VIDEO\\Device\Video6","SUCCESS","Type: REG_SZ, Length: 202, Data: \Registry\Machine\System\CurrentControlSet\Control\Video\{BA86A327-71E2-426F-9F8A-30608887E2D4}\0002"
 "11:26:47.2576600 AM","view-test.exe","24980","RegCloseKey","HKLM\HARDWARE\DEVICEMAP\VIDEO","SUCCESS",""
 "11:26:47.2576699 AM","view-test.exe","24980","RegOpenKey","HKLM\Hardware\DeviceMap\VIDEO","SUCCESS","Desired Access: Read, Maximum Allowed"
 "11:26:47.2576770 AM","view-test.exe","24980","RegQueryValue","HKLM\HARDWARE\DEVICEMAP\VIDEO\MaxObjectNumber","SUCCESS","Type: REG_DWORD, Length: 4, Data: 10"
 "11:26:47.2576876 AM","view-test.exe","24980","RegCloseKey","HKLM\HARDWARE\DEVICEMAP\VIDEO","SUCCESS",""
 "11:26:47.2576958 AM","view-test.exe","24980","RegOpenKey","HKLM\Hardware\DeviceMap\Video","SUCCESS","Desired Access: Read"
 "11:26:47.2577028 AM","view-test.exe","24980","RegQueryValue","HKLM\HARDWARE\DEVICEMAP\VIDEO\\Device\Video7","SUCCESS","Type: REG_SZ, Length: 202, Data: \Registry\Machine\System\CurrentControlSet\Control\Video\{47F3E9C5-EBBC-4BE9-832F-73DC6589F2B5}\0000"
 "11:26:47.2577142 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\CONTROL\VIDEO\{47F3E9C5-EBBC-4BE9-832F-73DC6589F2B5}\0000","REPARSE","Desired Access: Read"
 "11:26:47.2577223 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\CONTROL\VIDEO\{47F3E9C5-EBBC-4BE9-832F-73DC6589F2B5}\0000","SUCCESS","Desired Access: Read"
 "11:26:47.2577308 AM","view-test.exe","24980","RegCloseKey","HKLM\HARDWARE\DEVICEMAP\VIDEO","SUCCESS",""
 "11:26:47.2577372 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Control\CLASS\{4D36E968-E325-11CE-BFC1-08002BE10318}\0001\PruningMode","NAME NOT FOUND","Length: 52"
 "11:26:47.2577460 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Control\CLASS\{4D36E968-E325-11CE-BFC1-08002BE10318}\0001","SUCCESS",""
 "11:26:47.2577538 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Enum\PCI\VEN_10DE&DEV_11FC&SUBSYS_15CC1028&REV_A1\4&1c0e275d&0&0008","SUCCESS","Desired Access: Read"
 "11:26:47.2577612 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Enum\PCI\VEN_10DE&DEV_11FC&SUBSYS_15CC1028&REV_A1\4&1c0e275d&0&0008\HardwareID","SUCCESS","Type: REG_MULTI_SZ, Length: 292, Data: PCI\VEN_10DE&DEV_11FC&SUBSYS_15CC1028&REV_A1, PCI\VEN_10DE&DEV_11FC&SUBSYS_15CC1028, PCI\VEN_10DE&DEV_11FC&CC_030000, PCI\VEN_10DE&DEV_11FC&CC_0300"
 "11:26:47.2577704 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Enum\PCI\VEN_10DE&DEV_11FC&SUBSYS_15CC1028&REV_A1\4&1c0e275d&0&0008","SUCCESS",""
 "11:26:47.2577779 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Enum\PCI\VEN_10DE&DEV_11FC&SUBSYS_15CC1028&REV_A1\4&1c0e275d&0&0008","SUCCESS","Desired Access: Read"
 "11:26:47.2577871 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Enum\PCI\VEN_10DE&DEV_11FC&SUBSYS_15CC1028&REV_A1\4&1c0e275d&0&0008\HardwareID","SUCCESS","Type: REG_MULTI_SZ, Length: 292, Data: PCI\VEN_10DE&DEV_11FC&SUBSYS_15CC1028&REV_A1, PCI\VEN_10DE&DEV_11FC&SUBSYS_15CC1028, PCI\VEN_10DE&DEV_11FC&CC_030000, PCI\VEN_10DE&DEV_11FC&CC_0300"
 "11:26:47.2577973 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Enum\PCI\VEN_10DE&DEV_11FC&SUBSYS_15CC1028&REV_A1\4&1c0e275d&0&0008","SUCCESS",""
 "11:26:47.2578055 AM","view-test.exe","24980","RegOpenKey","HKLM\Hardware\DeviceMap\Video","SUCCESS","Desired Access: Read"
 "11:26:47.2578125 AM","view-test.exe","24980","RegQueryValue","HKLM\HARDWARE\DEVICEMAP\VIDEO\\Device\Video7","SUCCESS","Type: REG_SZ, Length: 202, Data: \Registry\Machine\System\CurrentControlSet\Control\Video\{47F3E9C5-EBBC-4BE9-832F-73DC6589F2B5}\0000"
 "11:26:47.2578221 AM","view-test.exe","24980","RegCloseKey","HKLM\HARDWARE\DEVICEMAP\VIDEO","SUCCESS",""
 "11:26:47.2578324 AM","view-test.exe","24980","RegOpenKey","HKLM\Hardware\DeviceMap\VIDEO","SUCCESS","Desired Access: Read, Maximum Allowed"
 "11:26:47.2578394 AM","view-test.exe","24980","RegQueryValue","HKLM\HARDWARE\DEVICEMAP\VIDEO\MaxObjectNumber","SUCCESS","Type: REG_DWORD, Length: 4, Data: 10"
 "11:26:47.2578483 AM","view-test.exe","24980","RegCloseKey","HKLM\HARDWARE\DEVICEMAP\VIDEO","SUCCESS",""
 "11:26:47.2578564 AM","view-test.exe","24980","RegOpenKey","HKLM\Hardware\DeviceMap\Video","SUCCESS","Desired Access: Read"
 "11:26:47.2578649 AM","view-test.exe","24980","RegQueryValue","HKLM\HARDWARE\DEVICEMAP\VIDEO\\Device\Video8","SUCCESS","Type: REG_SZ, Length: 202, Data: \Registry\Machine\System\CurrentControlSet\Control\Video\{47F3E9C5-EBBC-4BE9-832F-73DC6589F2B5}\0001"
 "11:26:47.2578766 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\CONTROL\VIDEO\{47F3E9C5-EBBC-4BE9-832F-73DC6589F2B5}\0001","REPARSE","Desired Access: Read"
 "11:26:47.2578844 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\CONTROL\VIDEO\{47F3E9C5-EBBC-4BE9-832F-73DC6589F2B5}\0001","SUCCESS","Desired Access: Read"
 "11:26:47.2578932 AM","view-test.exe","24980","RegCloseKey","HKLM\HARDWARE\DEVICEMAP\VIDEO","SUCCESS",""
 "11:26:47.2578993 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Control\CLASS\{4D36E968-E325-11CE-BFC1-08002BE10318}\0001\PruningMode","NAME NOT FOUND","Length: 52"
 "11:26:47.2579077 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Control\CLASS\{4D36E968-E325-11CE-BFC1-08002BE10318}\0001","SUCCESS",""
 "11:26:47.2579169 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Enum\PCI\VEN_10DE&DEV_11FC&SUBSYS_15CC1028&REV_A1\4&1c0e275d&0&0008","SUCCESS","Desired Access: Read"
 "11:26:47.2579247 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Enum\PCI\VEN_10DE&DEV_11FC&SUBSYS_15CC1028&REV_A1\4&1c0e275d&0&0008\HardwareID","SUCCESS","Type: REG_MULTI_SZ, Length: 292, Data: PCI\VEN_10DE&DEV_11FC&SUBSYS_15CC1028&REV_A1, PCI\VEN_10DE&DEV_11FC&SUBSYS_15CC1028, PCI\VEN_10DE&DEV_11FC&CC_030000, PCI\VEN_10DE&DEV_11FC&CC_0300"
 "11:26:47.2579346 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Enum\PCI\VEN_10DE&DEV_11FC&SUBSYS_15CC1028&REV_A1\4&1c0e275d&0&0008","SUCCESS",""
 "11:26:47.2579428 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Enum\PCI\VEN_10DE&DEV_11FC&SUBSYS_15CC1028&REV_A1\4&1c0e275d&0&0008","SUCCESS","Desired Access: Read"
 "11:26:47.2579502 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Enum\PCI\VEN_10DE&DEV_11FC&SUBSYS_15CC1028&REV_A1\4&1c0e275d&0&0008\HardwareID","SUCCESS","Type: REG_MULTI_SZ, Length: 292, Data: PCI\VEN_10DE&DEV_11FC&SUBSYS_15CC1028&REV_A1, PCI\VEN_10DE&DEV_11FC&SUBSYS_15CC1028, PCI\VEN_10DE&DEV_11FC&CC_030000, PCI\VEN_10DE&DEV_11FC&CC_0300"
 "11:26:47.2579605 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Enum\PCI\VEN_10DE&DEV_11FC&SUBSYS_15CC1028&REV_A1\4&1c0e275d&0&0008","SUCCESS",""
 "11:26:47.2579683 AM","view-test.exe","24980","RegOpenKey","HKLM\Hardware\DeviceMap\Video","SUCCESS","Desired Access: Read"
 "11:26:47.2579760 AM","view-test.exe","24980","RegQueryValue","HKLM\HARDWARE\DEVICEMAP\VIDEO\\Device\Video8","SUCCESS","Type: REG_SZ, Length: 202, Data: \Registry\Machine\System\CurrentControlSet\Control\Video\{47F3E9C5-EBBC-4BE9-832F-73DC6589F2B5}\0001"
 "11:26:47.2579877 AM","view-test.exe","24980","RegCloseKey","HKLM\HARDWARE\DEVICEMAP\VIDEO","SUCCESS",""
 "11:26:47.2579973 AM","view-test.exe","24980","RegOpenKey","HKLM\Hardware\DeviceMap\VIDEO","SUCCESS","Desired Access: Read, Maximum Allowed"
 "11:26:47.2580044 AM","view-test.exe","24980","RegQueryValue","HKLM\HARDWARE\DEVICEMAP\VIDEO\MaxObjectNumber","SUCCESS","Type: REG_DWORD, Length: 4, Data: 10"
 "11:26:47.2580136 AM","view-test.exe","24980","RegCloseKey","HKLM\HARDWARE\DEVICEMAP\VIDEO","SUCCESS",""
 "11:26:47.2580217 AM","view-test.exe","24980","RegOpenKey","HKLM\Hardware\DeviceMap\Video","SUCCESS","Desired Access: Read"
 "11:26:47.2580295 AM","view-test.exe","24980","RegQueryValue","HKLM\HARDWARE\DEVICEMAP\VIDEO\\Device\Video9","SUCCESS","Type: REG_SZ, Length: 202, Data: \Registry\Machine\System\CurrentControlSet\Control\Video\{47F3E9C5-EBBC-4BE9-832F-73DC6589F2B5}\0002"
 "11:26:47.2580412 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\CONTROL\VIDEO\{47F3E9C5-EBBC-4BE9-832F-73DC6589F2B5}\0002","REPARSE","Desired Access: Read"
 "11:26:47.2580490 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\CONTROL\VIDEO\{47F3E9C5-EBBC-4BE9-832F-73DC6589F2B5}\0002","SUCCESS","Desired Access: Read"
 "11:26:47.2580574 AM","view-test.exe","24980","RegCloseKey","HKLM\HARDWARE\DEVICEMAP\VIDEO","SUCCESS",""
 "11:26:47.2580635 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Control\CLASS\{4D36E968-E325-11CE-BFC1-08002BE10318}\0001\PruningMode","NAME NOT FOUND","Length: 52"
 "11:26:47.2580723 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Control\CLASS\{4D36E968-E325-11CE-BFC1-08002BE10318}\0001","SUCCESS",""
 "11:26:47.2580797 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Enum\PCI\VEN_10DE&DEV_11FC&SUBSYS_15CC1028&REV_A1\4&1c0e275d&0&0008","SUCCESS","Desired Access: Read"
 "11:26:47.2580872 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Enum\PCI\VEN_10DE&DEV_11FC&SUBSYS_15CC1028&REV_A1\4&1c0e275d&0&0008\HardwareID","SUCCESS","Type: REG_MULTI_SZ, Length: 292, Data: PCI\VEN_10DE&DEV_11FC&SUBSYS_15CC1028&REV_A1, PCI\VEN_10DE&DEV_11FC&SUBSYS_15CC1028, PCI\VEN_10DE&DEV_11FC&CC_030000, PCI\VEN_10DE&DEV_11FC&CC_0300"
 "11:26:47.2580960 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Enum\PCI\VEN_10DE&DEV_11FC&SUBSYS_15CC1028&REV_A1\4&1c0e275d&0&0008","SUCCESS",""
 "11:26:47.2581035 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Enum\PCI\VEN_10DE&DEV_11FC&SUBSYS_15CC1028&REV_A1\4&1c0e275d&0&0008","SUCCESS","Desired Access: Read"
 "11:26:47.2581105 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Enum\PCI\VEN_10DE&DEV_11FC&SUBSYS_15CC1028&REV_A1\4&1c0e275d&0&0008\HardwareID","SUCCESS","Type: REG_MULTI_SZ, Length: 292, Data: PCI\VEN_10DE&DEV_11FC&SUBSYS_15CC1028&REV_A1, PCI\VEN_10DE&DEV_11FC&SUBSYS_15CC1028, PCI\VEN_10DE&DEV_11FC&CC_030000, PCI\VEN_10DE&DEV_11FC&CC_0300"
 "11:26:47.2581197 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Enum\PCI\VEN_10DE&DEV_11FC&SUBSYS_15CC1028&REV_A1\4&1c0e275d&0&0008","SUCCESS",""
 "11:26:47.2581272 AM","view-test.exe","24980","RegOpenKey","HKLM\Hardware\DeviceMap\Video","SUCCESS","Desired Access: Read"
 "11:26:47.2581339 AM","view-test.exe","24980","RegQueryValue","HKLM\HARDWARE\DEVICEMAP\VIDEO\\Device\Video9","SUCCESS","Type: REG_SZ, Length: 202, Data: \Registry\Machine\System\CurrentControlSet\Control\Video\{47F3E9C5-EBBC-4BE9-832F-73DC6589F2B5}\0002"
 "11:26:47.2581434 AM","view-test.exe","24980","RegCloseKey","HKLM\HARDWARE\DEVICEMAP\VIDEO","SUCCESS",""
 "11:26:47.2581530 AM","view-test.exe","24980","RegOpenKey","HKLM\Hardware\DeviceMap\VIDEO","SUCCESS","Desired Access: Read, Maximum Allowed"
 "11:26:47.2581601 AM","view-test.exe","24980","RegQueryValue","HKLM\HARDWARE\DEVICEMAP\VIDEO\MaxObjectNumber","SUCCESS","Type: REG_DWORD, Length: 4, Data: 10"
 "11:26:47.2581696 AM","view-test.exe","24980","RegCloseKey","HKLM\HARDWARE\DEVICEMAP\VIDEO","SUCCESS",""
 "11:26:47.2581824 AM","view-test.exe","24980","RegOpenKey","HKLM\Hardware\DeviceMap\Video","SUCCESS","Desired Access: Read"
 "11:26:47.2581905 AM","view-test.exe","24980","RegQueryValue","HKLM\HARDWARE\DEVICEMAP\VIDEO\\Device\Video10","SUCCESS","Type: REG_SZ, Length: 202, Data: \Registry\Machine\System\CurrentControlSet\Control\Video\{47F3E9C5-EBBC-4BE9-832F-73DC6589F2B5}\0003"
 "11:26:47.2582025 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\CONTROL\VIDEO\{47F3E9C5-EBBC-4BE9-832F-73DC6589F2B5}\0003","REPARSE","Desired Access: Read"
 "11:26:47.2582107 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\CONTROL\VIDEO\{47F3E9C5-EBBC-4BE9-832F-73DC6589F2B5}\0003","SUCCESS","Desired Access: Read"
 "11:26:47.2582195 AM","view-test.exe","24980","RegCloseKey","HKLM\HARDWARE\DEVICEMAP\VIDEO","SUCCESS",""
 "11:26:47.2582252 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Control\CLASS\{4D36E968-E325-11CE-BFC1-08002BE10318}\0001\PruningMode","NAME NOT FOUND","Length: 52"
 "11:26:47.2582340 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Control\CLASS\{4D36E968-E325-11CE-BFC1-08002BE10318}\0001","SUCCESS",""
 "11:26:47.2582447 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Enum\PCI\VEN_10DE&DEV_11FC&SUBSYS_15CC1028&REV_A1\4&1c0e275d&0&0008","SUCCESS","Desired Access: Read"
 "11:26:47.2582524 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Enum\PCI\VEN_10DE&DEV_11FC&SUBSYS_15CC1028&REV_A1\4&1c0e275d&0&0008\HardwareID","SUCCESS","Type: REG_MULTI_SZ, Length: 292, Data: PCI\VEN_10DE&DEV_11FC&SUBSYS_15CC1028&REV_A1, PCI\VEN_10DE&DEV_11FC&SUBSYS_15CC1028, PCI\VEN_10DE&DEV_11FC&CC_030000, PCI\VEN_10DE&DEV_11FC&CC_0300"
 "11:26:47.2582616 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Enum\PCI\VEN_10DE&DEV_11FC&SUBSYS_15CC1028&REV_A1\4&1c0e275d&0&0008","SUCCESS",""
 "11:26:47.2582687 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Enum\PCI\VEN_10DE&DEV_11FC&SUBSYS_15CC1028&REV_A1\4&1c0e275d&0&0008","SUCCESS","Desired Access: Read"
 "11:26:47.2582758 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Enum\PCI\VEN_10DE&DEV_11FC&SUBSYS_15CC1028&REV_A1\4&1c0e275d&0&0008\HardwareID","SUCCESS","Type: REG_MULTI_SZ, Length: 292, Data: PCI\VEN_10DE&DEV_11FC&SUBSYS_15CC1028&REV_A1, PCI\VEN_10DE&DEV_11FC&SUBSYS_15CC1028, PCI\VEN_10DE&DEV_11FC&CC_030000, PCI\VEN_10DE&DEV_11FC&CC_0300"
 "11:26:47.2582846 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Enum\PCI\VEN_10DE&DEV_11FC&SUBSYS_15CC1028&REV_A1\4&1c0e275d&0&0008","SUCCESS",""
 "11:26:47.2582921 AM","view-test.exe","24980","RegOpenKey","HKLM\Hardware\DeviceMap\Video","SUCCESS","Desired Access: Read"
 "11:26:47.2582995 AM","view-test.exe","24980","RegQueryValue","HKLM\HARDWARE\DEVICEMAP\VIDEO\\Device\Video10","SUCCESS","Type: REG_SZ, Length: 202, Data: \Registry\Machine\System\CurrentControlSet\Control\Video\{47F3E9C5-EBBC-4BE9-832F-73DC6589F2B5}\0003"
 "11:26:47.2583094 AM","view-test.exe","24980","RegCloseKey","HKLM\HARDWARE\DEVICEMAP\VIDEO","SUCCESS",""
 "11:26:47.2583200 AM","view-test.exe","24980","RegOpenKey","HKLM\Hardware\DeviceMap\VIDEO","SUCCESS","Desired Access: Read, Maximum Allowed"
 "11:26:47.2583282 AM","view-test.exe","24980","RegQueryValue","HKLM\HARDWARE\DEVICEMAP\VIDEO\MaxObjectNumber","SUCCESS","Type: REG_DWORD, Length: 4, Data: 10"
 "11:26:47.2583377 AM","view-test.exe","24980","RegCloseKey","HKLM\HARDWARE\DEVICEMAP\VIDEO","SUCCESS",""
 "11:26:47.2583466 AM","view-test.exe","24980","RegOpenKey","HKLM\Hardware\DeviceMap\Video","SUCCESS","Desired Access: Read"
 "11:26:47.2583547 AM","view-test.exe","24980","RegQueryValue","HKLM\HARDWARE\DEVICEMAP\VIDEO\\Device\Video0","SUCCESS","Type: REG_SZ, Length: 202, Data: \Registry\Machine\System\CurrentControlSet\Control\Video\{DEB039CC-B704-4F53-B43E-9DD4432FA2E9}\0000"
 "11:26:47.2583685 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\CONTROL\VIDEO\{DEB039CC-B704-4F53-B43E-9DD4432FA2E9}\0000","REPARSE","Desired Access: Read"
 "11:26:47.2583774 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\CONTROL\VIDEO\{DEB039CC-B704-4F53-B43E-9DD4432FA2E9}\0000","SUCCESS","Desired Access: Read"
 "11:26:47.2583855 AM","view-test.exe","24980","RegCloseKey","HKLM\HARDWARE\DEVICEMAP\VIDEO","SUCCESS",""
 "11:26:47.2583919 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Control\VIDEO\{DEB039CC-B704-4F53-B43E-9DD4432FA2E9}\0000\PruningMode","NAME NOT FOUND","Length: 52"
 "11:26:47.2583986 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Control\VIDEO\{DEB039CC-B704-4F53-B43E-9DD4432FA2E9}\0000","SUCCESS",""
 "11:26:47.2584057 AM","view-test.exe","24980","RegOpenKey","HKLM\Hardware\DeviceMap\Video","SUCCESS","Desired Access: Read"
 "11:26:47.2584124 AM","view-test.exe","24980","RegQueryValue","HKLM\HARDWARE\DEVICEMAP\VIDEO\\Device\Video0","SUCCESS","Type: REG_SZ, Length: 202, Data: \Registry\Machine\System\CurrentControlSet\Control\Video\{DEB039CC-B704-4F53-B43E-9DD4432FA2E9}\0000"
 "11:26:47.2584216 AM","view-test.exe","24980","RegCloseKey","HKLM\HARDWARE\DEVICEMAP\VIDEO","SUCCESS",""
 "11:26:47.2584322 AM","view-test.exe","24980","RegOpenKey","HKLM\Hardware\DeviceMap\VIDEO","SUCCESS","Desired Access: Read, Maximum Allowed"
 "11:26:47.2584404 AM","view-test.exe","24980","RegQueryValue","HKLM\HARDWARE\DEVICEMAP\VIDEO\MaxObjectNumber","SUCCESS","Type: REG_DWORD, Length: 4, Data: 10"
 "11:26:47.2584496 AM","view-test.exe","24980","RegCloseKey","HKLM\HARDWARE\DEVICEMAP\VIDEO","SUCCESS",""
 "11:26:47.2584584 AM","view-test.exe","24980","RegOpenKey","HKLM\Hardware\DeviceMap\Video","SUCCESS","Desired Access: Read"
 "11:26:47.2584655 AM","view-test.exe","24980","RegQueryValue","HKLM\HARDWARE\DEVICEMAP\VIDEO\\Device\Video1","SUCCESS","Type: REG_SZ, Length: 202, Data: \Registry\Machine\System\CurrentControlSet\Control\Video\{42cf9257-1d96-4c9d-87f3-0d8e74595f78}\0000"
 "11:26:47.2584765 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\CONTROL\VIDEO\{42CF9257-1D96-4C9D-87F3-0D8E74595F78}\0000","REPARSE","Desired Access: Read"
 "11:26:47.2584846 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\CONTROL\VIDEO\{42CF9257-1D96-4C9D-87F3-0D8E74595F78}\0000","SUCCESS","Desired Access: Read"
 "11:26:47.2584934 AM","view-test.exe","24980","RegCloseKey","HKLM\HARDWARE\DEVICEMAP\VIDEO","SUCCESS",""
 "11:26:47.2584995 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Control\VIDEO\{42CF9257-1D96-4C9D-87F3-0D8E74595F78}\0000\PruningMode","NAME NOT FOUND","Length: 52"
 "11:26:47.2585065 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Control\VIDEO\{42CF9257-1D96-4C9D-87F3-0D8E74595F78}\0000","SUCCESS",""
 "11:26:47.2585136 AM","view-test.exe","24980","RegOpenKey","HKLM\Hardware\DeviceMap\Video","SUCCESS","Desired Access: Read"
 "11:26:47.2585203 AM","view-test.exe","24980","RegQueryValue","HKLM\HARDWARE\DEVICEMAP\VIDEO\\Device\Video1","SUCCESS","Type: REG_SZ, Length: 202, Data: \Registry\Machine\System\CurrentControlSet\Control\Video\{42cf9257-1d96-4c9d-87f3-0d8e74595f78}\0000"
 "11:26:47.2585292 AM","view-test.exe","24980","RegCloseKey","HKLM\HARDWARE\DEVICEMAP\VIDEO","SUCCESS",""
 "11:26:47.2585402 AM","view-test.exe","24980","RegOpenKey","HKLM\Hardware\DeviceMap\VIDEO","SUCCESS","Desired Access: Read, Maximum Allowed"
 "11:26:47.2585557 AM","view-test.exe","24980","RegQueryValue","HKLM\HARDWARE\DEVICEMAP\VIDEO\MaxObjectNumber","SUCCESS","Type: REG_DWORD, Length: 4, Data: 10"
 "11:26:47.2585660 AM","view-test.exe","24980","RegCloseKey","HKLM\HARDWARE\DEVICEMAP\VIDEO","SUCCESS",""
 "11:26:47.2585748 AM","view-test.exe","24980","RegOpenKey","HKLM\Hardware\DeviceMap\Video","SUCCESS","Desired Access: Read"
 "11:26:47.2585819 AM","view-test.exe","24980","RegQueryValue","HKLM\HARDWARE\DEVICEMAP\VIDEO\\Device\Video2","SUCCESS","Type: REG_SZ, Length: 202, Data: \Registry\Machine\System\CurrentControlSet\Control\Video\{b043b95c-5670-4f10-b934-8ed0c8eb59a8}\0000"
 "11:26:47.2585932 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\CONTROL\VIDEO\{B043B95C-5670-4F10-B934-8ED0C8EB59A8}\0000","REPARSE","Desired Access: Read"
 "11:26:47.2586014 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\CONTROL\VIDEO\{B043B95C-5670-4F10-B934-8ED0C8EB59A8}\0000","SUCCESS","Desired Access: Read"
 "11:26:47.2586102 AM","view-test.exe","24980","RegCloseKey","HKLM\HARDWARE\DEVICEMAP\VIDEO","SUCCESS",""
 "11:26:47.2586180 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Control\VIDEO\{B043B95C-5670-4F10-B934-8ED0C8EB59A8}\0000\PruningMode","NAME NOT FOUND","Length: 52"
 "11:26:47.2586247 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Control\VIDEO\{B043B95C-5670-4F10-B934-8ED0C8EB59A8}\0000","SUCCESS",""
 "11:26:47.2586357 AM","view-test.exe","24980","RegOpenKey","HKLM\Hardware\DeviceMap\Video","SUCCESS","Desired Access: Read"
 "11:26:47.2586428 AM","view-test.exe","24980","RegQueryValue","HKLM\HARDWARE\DEVICEMAP\VIDEO\\Device\Video2","SUCCESS","Type: REG_SZ, Length: 202, Data: \Registry\Machine\System\CurrentControlSet\Control\Video\{b043b95c-5670-4f10-b934-8ed0c8eb59a8}\0000"
 "11:26:47.2586516 AM","view-test.exe","24980","RegCloseKey","HKLM\HARDWARE\DEVICEMAP\VIDEO","SUCCESS",""
 "11:26:47.2586619 AM","view-test.exe","24980","RegOpenKey","HKLM\Hardware\DeviceMap\VIDEO","SUCCESS","Desired Access: Read, Maximum Allowed"
 "11:26:47.2586704 AM","view-test.exe","24980","RegQueryValue","HKLM\HARDWARE\DEVICEMAP\VIDEO\MaxObjectNumber","SUCCESS","Type: REG_DWORD, Length: 4, Data: 10"
 "11:26:47.2586824 AM","view-test.exe","24980","RegCloseKey","HKLM\HARDWARE\DEVICEMAP\VIDEO","SUCCESS",""
 "11:26:47.2587468 AM","view-test.exe","24980","RegOpenKey","HKLM\Hardware\DeviceMap\VIDEO","SUCCESS","Desired Access: Read, Maximum Allowed"
 "11:26:47.2587546 AM","view-test.exe","24980","RegQueryValue","HKLM\HARDWARE\DEVICEMAP\VIDEO\MaxObjectNumber","SUCCESS","Type: REG_DWORD, Length: 4, Data: 10"
 "11:26:47.2587642 AM","view-test.exe","24980","RegCloseKey","HKLM\HARDWARE\DEVICEMAP\VIDEO","SUCCESS",""
 "11:26:47.2587727 AM","view-test.exe","24980","RegOpenKey","HKLM\Hardware\DeviceMap\Video","SUCCESS","Desired Access: Read"
 "11:26:47.2587798 AM","view-test.exe","24980","RegQueryValue","HKLM\HARDWARE\DEVICEMAP\VIDEO\\Device\Video4","SUCCESS","Type: REG_SZ, Length: 202, Data: \Registry\Machine\System\CurrentControlSet\Control\Video\{BA86A327-71E2-426F-9F8A-30608887E2D4}\0000"
 "11:26:47.2587914 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\CONTROL\VIDEO\{BA86A327-71E2-426F-9F8A-30608887E2D4}\0000","REPARSE","Desired Access: Read"
 "11:26:47.2587999 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\CONTROL\VIDEO\{BA86A327-71E2-426F-9F8A-30608887E2D4}\0000","SUCCESS","Desired Access: Read"
 "11:26:47.2588084 AM","view-test.exe","24980","RegCloseKey","HKLM\HARDWARE\DEVICEMAP\VIDEO","SUCCESS",""
 "11:26:47.2588144 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Control\CLASS\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000\PruningMode","NAME NOT FOUND","Length: 52"
 "11:26:47.2588275 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Control\CLASS\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000","SUCCESS",""
 "11:26:47.2588353 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Enum\PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028&REV_06\3&11583659&0&10","SUCCESS","Desired Access: Read"
 "11:26:47.2588427 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Enum\PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028&REV_06\3&11583659&0&10\HardwareID","SUCCESS","Type: REG_MULTI_SZ, Length: 292, Data: PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028&REV_06, PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028, PCI\VEN_8086&DEV_0416&CC_030000, PCI\VEN_8086&DEV_0416&CC_0300"
 "11:26:47.2588519 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Enum\PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028&REV_06\3&11583659&0&10","SUCCESS",""
 "11:26:47.2588597 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Enum\PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028&REV_06\3&11583659&0&10","SUCCESS","Desired Access: Read"
 "11:26:47.2588668 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Enum\PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028&REV_06\3&11583659&0&10\HardwareID","SUCCESS","Type: REG_MULTI_SZ, Length: 292, Data: PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028&REV_06, PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028, PCI\VEN_8086&DEV_0416&CC_030000, PCI\VEN_8086&DEV_0416&CC_0300"
 "11:26:47.2588771 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Enum\PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028&REV_06\3&11583659&0&10","SUCCESS",""
 "11:26:47.2588849 AM","view-test.exe","24980","RegOpenKey","HKLM\Hardware\DeviceMap\Video","SUCCESS","Desired Access: Read"
 "11:26:47.2588926 AM","view-test.exe","24980","RegQueryValue","HKLM\HARDWARE\DEVICEMAP\VIDEO\\Device\Video4","SUCCESS","Type: REG_SZ, Length: 202, Data: \Registry\Machine\System\CurrentControlSet\Control\Video\{BA86A327-71E2-426F-9F8A-30608887E2D4}\0000"
 "11:26:47.2589057 AM","view-test.exe","24980","RegCloseKey","HKLM\HARDWARE\DEVICEMAP\VIDEO","SUCCESS",""
 "11:26:47.2589160 AM","view-test.exe","24980","RegOpenKey","HKLM\Hardware\DeviceMap\VIDEO","SUCCESS","Desired Access: Read, Maximum Allowed"
 "11:26:47.2589234 AM","view-test.exe","24980","RegQueryValue","HKLM\HARDWARE\DEVICEMAP\VIDEO\MaxObjectNumber","SUCCESS","Type: REG_DWORD, Length: 4, Data: 10"
 "11:26:47.2589326 AM","view-test.exe","24980","RegCloseKey","HKLM\HARDWARE\DEVICEMAP\VIDEO","SUCCESS",""
 "11:26:47.2589408 AM","view-test.exe","24980","RegOpenKey","HKLM\Hardware\DeviceMap\Video","SUCCESS","Desired Access: Read"
 "11:26:47.2589475 AM","view-test.exe","24980","RegQueryValue","HKLM\HARDWARE\DEVICEMAP\VIDEO\\Device\Video5","SUCCESS","Type: REG_SZ, Length: 202, Data: \Registry\Machine\System\CurrentControlSet\Control\Video\{BA86A327-71E2-426F-9F8A-30608887E2D4}\0001"
 "11:26:47.2589588 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\CONTROL\VIDEO\{BA86A327-71E2-426F-9F8A-30608887E2D4}\0001","REPARSE","Desired Access: Read"
 "11:26:47.2589691 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\CONTROL\VIDEO\{BA86A327-71E2-426F-9F8A-30608887E2D4}\0001","SUCCESS","Desired Access: Read"
 "11:26:47.2589779 AM","view-test.exe","24980","RegCloseKey","HKLM\HARDWARE\DEVICEMAP\VIDEO","SUCCESS",""
 "11:26:47.2589850 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Control\CLASS\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000\PruningMode","NAME NOT FOUND","Length: 52"
 "11:26:47.2589970 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Control\CLASS\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000","SUCCESS",""
 "11:26:47.2590059 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Enum\PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028&REV_06\3&11583659&0&10","SUCCESS","Desired Access: Read"
 "11:26:47.2590144 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Enum\PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028&REV_06\3&11583659&0&10\HardwareID","SUCCESS","Type: REG_MULTI_SZ, Length: 292, Data: PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028&REV_06, PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028, PCI\VEN_8086&DEV_0416&CC_030000, PCI\VEN_8086&DEV_0416&CC_0300"
 "11:26:47.2590239 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Enum\PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028&REV_06\3&11583659&0&10","SUCCESS",""
 "11:26:47.2590317 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Enum\PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028&REV_06\3&11583659&0&10","SUCCESS","Desired Access: Read"
 "11:26:47.2590395 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Enum\PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028&REV_06\3&11583659&0&10\HardwareID","SUCCESS","Type: REG_MULTI_SZ, Length: 292, Data: PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028&REV_06, PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028, PCI\VEN_8086&DEV_0416&CC_030000, PCI\VEN_8086&DEV_0416&CC_0300"
 "11:26:47.2590491 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Enum\PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028&REV_06\3&11583659&0&10","SUCCESS",""
 "11:26:47.2590572 AM","view-test.exe","24980","RegOpenKey","HKLM\Hardware\DeviceMap\Video","SUCCESS","Desired Access: Read"
 "11:26:47.2590639 AM","view-test.exe","24980","RegQueryValue","HKLM\HARDWARE\DEVICEMAP\VIDEO\\Device\Video5","SUCCESS","Type: REG_SZ, Length: 202, Data: \Registry\Machine\System\CurrentControlSet\Control\Video\{BA86A327-71E2-426F-9F8A-30608887E2D4}\0001"
 "11:26:47.2590731 AM","view-test.exe","24980","RegCloseKey","HKLM\HARDWARE\DEVICEMAP\VIDEO","SUCCESS",""
 "11:26:47.2590823 AM","view-test.exe","24980","RegOpenKey","HKLM\Hardware\DeviceMap\VIDEO","SUCCESS","Desired Access: Read, Maximum Allowed"
 "11:26:47.2590894 AM","view-test.exe","24980","RegQueryValue","HKLM\HARDWARE\DEVICEMAP\VIDEO\MaxObjectNumber","SUCCESS","Type: REG_DWORD, Length: 4, Data: 10"
 "11:26:47.2590983 AM","view-test.exe","24980","RegCloseKey","HKLM\HARDWARE\DEVICEMAP\VIDEO","SUCCESS",""
 "11:26:47.2591064 AM","view-test.exe","24980","RegOpenKey","HKLM\Hardware\DeviceMap\Video","SUCCESS","Desired Access: Read"
 "11:26:47.2591135 AM","view-test.exe","24980","RegQueryValue","HKLM\HARDWARE\DEVICEMAP\VIDEO\\Device\Video6","SUCCESS","Type: REG_SZ, Length: 202, Data: \Registry\Machine\System\CurrentControlSet\Control\Video\{BA86A327-71E2-426F-9F8A-30608887E2D4}\0002"
 "11:26:47.2591259 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\CONTROL\VIDEO\{BA86A327-71E2-426F-9F8A-30608887E2D4}\0002","REPARSE","Desired Access: Read"
 "11:26:47.2591340 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\CONTROL\VIDEO\{BA86A327-71E2-426F-9F8A-30608887E2D4}\0002","SUCCESS","Desired Access: Read"
 "11:26:47.2591425 AM","view-test.exe","24980","RegCloseKey","HKLM\HARDWARE\DEVICEMAP\VIDEO","SUCCESS",""
 "11:26:47.2591482 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Control\CLASS\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000\PruningMode","NAME NOT FOUND","Length: 52"
 "11:26:47.2591595 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Control\CLASS\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000","SUCCESS",""
 "11:26:47.2591673 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Enum\PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028&REV_06\3&11583659&0&10","SUCCESS","Desired Access: Read"
 "11:26:47.2591747 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Enum\PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028&REV_06\3&11583659&0&10\HardwareID","SUCCESS","Type: REG_MULTI_SZ, Length: 292, Data: PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028&REV_06, PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028, PCI\VEN_8086&DEV_0416&CC_030000, PCI\VEN_8086&DEV_0416&CC_0300"
 "11:26:47.2591850 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Enum\PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028&REV_06\3&11583659&0&10","SUCCESS",""
 "11:26:47.2591924 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Enum\PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028&REV_06\3&11583659&0&10","SUCCESS","Desired Access: Read"
 "11:26:47.2591998 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Enum\PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028&REV_06\3&11583659&0&10\HardwareID","SUCCESS","Type: REG_MULTI_SZ, Length: 292, Data: PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028&REV_06, PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028, PCI\VEN_8086&DEV_0416&CC_030000, PCI\VEN_8086&DEV_0416&CC_0300"
 "11:26:47.2592112 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Enum\PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028&REV_06\3&11583659&0&10","SUCCESS",""
 "11:26:47.2592189 AM","view-test.exe","24980","RegOpenKey","HKLM\Hardware\DeviceMap\Video","SUCCESS","Desired Access: Read"
 "11:26:47.2592257 AM","view-test.exe","24980","RegQueryValue","HKLM\HARDWARE\DEVICEMAP\VIDEO\\Device\Video6","SUCCESS","Type: REG_SZ, Length: 202, Data: \Registry\Machine\System\CurrentControlSet\Control\Video\{BA86A327-71E2-426F-9F8A-30608887E2D4}\0002"
 "11:26:47.2592349 AM","view-test.exe","24980","RegCloseKey","HKLM\HARDWARE\DEVICEMAP\VIDEO","SUCCESS",""
 "11:26:47.2592441 AM","view-test.exe","24980","RegOpenKey","HKLM\Hardware\DeviceMap\VIDEO","SUCCESS","Desired Access: Read, Maximum Allowed"
 "11:26:47.2592511 AM","view-test.exe","24980","RegQueryValue","HKLM\HARDWARE\DEVICEMAP\VIDEO\MaxObjectNumber","SUCCESS","Type: REG_DWORD, Length: 4, Data: 10"
 "11:26:47.2592603 AM","view-test.exe","24980","RegCloseKey","HKLM\HARDWARE\DEVICEMAP\VIDEO","SUCCESS",""
 "11:26:47.2592685 AM","view-test.exe","24980","RegOpenKey","HKLM\Hardware\DeviceMap\Video","SUCCESS","Desired Access: Read"
 "11:26:47.2592756 AM","view-test.exe","24980","RegQueryValue","HKLM\HARDWARE\DEVICEMAP\VIDEO\\Device\Video7","SUCCESS","Type: REG_SZ, Length: 202, Data: \Registry\Machine\System\CurrentControlSet\Control\Video\{47F3E9C5-EBBC-4BE9-832F-73DC6589F2B5}\0000"
 "11:26:47.2592883 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\CONTROL\VIDEO\{47F3E9C5-EBBC-4BE9-832F-73DC6589F2B5}\0000","REPARSE","Desired Access: Read"
 "11:26:47.2592975 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\CONTROL\VIDEO\{47F3E9C5-EBBC-4BE9-832F-73DC6589F2B5}\0000","SUCCESS","Desired Access: Read"
 "11:26:47.2593078 AM","view-test.exe","24980","RegCloseKey","HKLM\HARDWARE\DEVICEMAP\VIDEO","SUCCESS",""
 "11:26:47.2593145 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Control\CLASS\{4D36E968-E325-11CE-BFC1-08002BE10318}\0001\PruningMode","NAME NOT FOUND","Length: 52"
 "11:26:47.2593248 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Control\CLASS\{4D36E968-E325-11CE-BFC1-08002BE10318}\0001","SUCCESS",""
 "11:26:47.2593325 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Enum\PCI\VEN_10DE&DEV_11FC&SUBSYS_15CC1028&REV_A1\4&1c0e275d&0&0008","SUCCESS","Desired Access: Read"
 "11:26:47.2593414 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Enum\PCI\VEN_10DE&DEV_11FC&SUBSYS_15CC1028&REV_A1\4&1c0e275d&0&0008\HardwareID","SUCCESS","Type: REG_MULTI_SZ, Length: 292, Data: PCI\VEN_10DE&DEV_11FC&SUBSYS_15CC1028&REV_A1, PCI\VEN_10DE&DEV_11FC&SUBSYS_15CC1028, PCI\VEN_10DE&DEV_11FC&CC_030000, PCI\VEN_10DE&DEV_11FC&CC_0300"
 "11:26:47.2593524 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Enum\PCI\VEN_10DE&DEV_11FC&SUBSYS_15CC1028&REV_A1\4&1c0e275d&0&0008","SUCCESS",""
 "11:26:47.2593609 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Enum\PCI\VEN_10DE&DEV_11FC&SUBSYS_15CC1028&REV_A1\4&1c0e275d&0&0008","SUCCESS","Desired Access: Read"
 "11:26:47.2593842 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Enum\PCI\VEN_10DE&DEV_11FC&SUBSYS_15CC1028&REV_A1\4&1c0e275d&0&0008\HardwareID","SUCCESS","Type: REG_MULTI_SZ, Length: 292, Data: PCI\VEN_10DE&DEV_11FC&SUBSYS_15CC1028&REV_A1, PCI\VEN_10DE&DEV_11FC&SUBSYS_15CC1028, PCI\VEN_10DE&DEV_11FC&CC_030000, PCI\VEN_10DE&DEV_11FC&CC_0300"
 "11:26:47.2593934 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Enum\PCI\VEN_10DE&DEV_11FC&SUBSYS_15CC1028&REV_A1\4&1c0e275d&0&0008","SUCCESS",""
 "11:26:47.2594012 AM","view-test.exe","24980","RegOpenKey","HKLM\Hardware\DeviceMap\Video","SUCCESS","Desired Access: Read"
 "11:26:47.2594083 AM","view-test.exe","24980","RegQueryValue","HKLM\HARDWARE\DEVICEMAP\VIDEO\\Device\Video7","SUCCESS","Type: REG_SZ, Length: 202, Data: \Registry\Machine\System\CurrentControlSet\Control\Video\{47F3E9C5-EBBC-4BE9-832F-73DC6589F2B5}\0000"
 "11:26:47.2594175 AM","view-test.exe","24980","RegCloseKey","HKLM\HARDWARE\DEVICEMAP\VIDEO","SUCCESS",""
 "11:26:47.2594805 AM","view-test.exe","24980","RegOpenKey","HKLM\Hardware\DeviceMap\VIDEO","SUCCESS","Desired Access: Read, Maximum Allowed"
 "11:26:47.2594929 AM","view-test.exe","24980","RegQueryValue","HKLM\HARDWARE\DEVICEMAP\VIDEO\MaxObjectNumber","SUCCESS","Type: REG_DWORD, Length: 4, Data: 10"
 "11:26:47.2595052 AM","view-test.exe","24980","RegCloseKey","HKLM\HARDWARE\DEVICEMAP\VIDEO","SUCCESS",""
 "11:26:47.2595162 AM","view-test.exe","24980","RegOpenKey","HKLM\Hardware\DeviceMap\Video","SUCCESS","Desired Access: Read"
 "11:26:47.2595247 AM","view-test.exe","24980","RegQueryValue","HKLM\HARDWARE\DEVICEMAP\VIDEO\\Device\Video8","SUCCESS","Type: REG_SZ, Length: 202, Data: \Registry\Machine\System\CurrentControlSet\Control\Video\{47F3E9C5-EBBC-4BE9-832F-73DC6589F2B5}\0001"
 "11:26:47.2595378 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\CONTROL\VIDEO\{47F3E9C5-EBBC-4BE9-832F-73DC6589F2B5}\0001","REPARSE","Desired Access: Read"
 "11:26:47.2595474 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\CONTROL\VIDEO\{47F3E9C5-EBBC-4BE9-832F-73DC6589F2B5}\0001","SUCCESS","Desired Access: Read"
 "11:26:47.2595587 AM","view-test.exe","24980","RegCloseKey","HKLM\HARDWARE\DEVICEMAP\VIDEO","SUCCESS",""
 "11:26:47.2595658 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Control\CLASS\{4D36E968-E325-11CE-BFC1-08002BE10318}\0001\PruningMode","NAME NOT FOUND","Length: 52"
 "11:26:47.2595750 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Control\CLASS\{4D36E968-E325-11CE-BFC1-08002BE10318}\0001","SUCCESS",""
 "11:26:47.2595852 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Enum\PCI\VEN_10DE&DEV_11FC&SUBSYS_15CC1028&REV_A1\4&1c0e275d&0&0008","SUCCESS","Desired Access: Read"
 "11:26:47.2595930 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Enum\PCI\VEN_10DE&DEV_11FC&SUBSYS_15CC1028&REV_A1\4&1c0e275d&0&0008\HardwareID","SUCCESS","Type: REG_MULTI_SZ, Length: 292, Data: PCI\VEN_10DE&DEV_11FC&SUBSYS_15CC1028&REV_A1, PCI\VEN_10DE&DEV_11FC&SUBSYS_15CC1028, PCI\VEN_10DE&DEV_11FC&CC_030000, PCI\VEN_10DE&DEV_11FC&CC_0300"
 "11:26:47.2596026 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Enum\PCI\VEN_10DE&DEV_11FC&SUBSYS_15CC1028&REV_A1\4&1c0e275d&0&0008","SUCCESS",""
 "11:26:47.2596107 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Enum\PCI\VEN_10DE&DEV_11FC&SUBSYS_15CC1028&REV_A1\4&1c0e275d&0&0008","SUCCESS","Desired Access: Read"
 "11:26:47.2596178 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Enum\PCI\VEN_10DE&DEV_11FC&SUBSYS_15CC1028&REV_A1\4&1c0e275d&0&0008\HardwareID","SUCCESS","Type: REG_MULTI_SZ, Length: 292, Data: PCI\VEN_10DE&DEV_11FC&SUBSYS_15CC1028&REV_A1, PCI\VEN_10DE&DEV_11FC&SUBSYS_15CC1028, PCI\VEN_10DE&DEV_11FC&CC_030000, PCI\VEN_10DE&DEV_11FC&CC_0300"
 "11:26:47.2596266 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Enum\PCI\VEN_10DE&DEV_11FC&SUBSYS_15CC1028&REV_A1\4&1c0e275d&0&0008","SUCCESS",""
 "11:26:47.2596351 AM","view-test.exe","24980","RegOpenKey","HKLM\Hardware\DeviceMap\Video","SUCCESS","Desired Access: Read"
 "11:26:47.2596426 AM","view-test.exe","24980","RegQueryValue","HKLM\HARDWARE\DEVICEMAP\VIDEO\\Device\Video8","SUCCESS","Type: REG_SZ, Length: 202, Data: \Registry\Machine\System\CurrentControlSet\Control\Video\{47F3E9C5-EBBC-4BE9-832F-73DC6589F2B5}\0001"
 "11:26:47.2596521 AM","view-test.exe","24980","RegCloseKey","HKLM\HARDWARE\DEVICEMAP\VIDEO","SUCCESS",""
 "11:26:47.2597165 AM","view-test.exe","24980","RegOpenKey","HKLM\Hardware\DeviceMap\VIDEO","SUCCESS","Desired Access: Read, Maximum Allowed"
 "11:26:47.2597289 AM","view-test.exe","24980","RegQueryValue","HKLM\HARDWARE\DEVICEMAP\VIDEO\MaxObjectNumber","SUCCESS","Type: REG_DWORD, Length: 4, Data: 10"
 "11:26:47.2597434 AM","view-test.exe","24980","RegCloseKey","HKLM\HARDWARE\DEVICEMAP\VIDEO","SUCCESS",""
 "11:26:47.2597544 AM","view-test.exe","24980","RegOpenKey","HKLM\Hardware\DeviceMap\Video","SUCCESS","Desired Access: Read"
 "11:26:47.2597625 AM","view-test.exe","24980","RegQueryValue","HKLM\HARDWARE\DEVICEMAP\VIDEO\\Device\Video9","SUCCESS","Type: REG_SZ, Length: 202, Data: \Registry\Machine\System\CurrentControlSet\Control\Video\{47F3E9C5-EBBC-4BE9-832F-73DC6589F2B5}\0002"
 "11:26:47.2597767 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\CONTROL\VIDEO\{47F3E9C5-EBBC-4BE9-832F-73DC6589F2B5}\0002","REPARSE","Desired Access: Read"
 "11:26:47.2597862 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\CONTROL\VIDEO\{47F3E9C5-EBBC-4BE9-832F-73DC6589F2B5}\0002","SUCCESS","Desired Access: Read"
 "11:26:47.2597962 AM","view-test.exe","24980","RegCloseKey","HKLM\HARDWARE\DEVICEMAP\VIDEO","SUCCESS",""
 "11:26:47.2598025 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Control\CLASS\{4D36E968-E325-11CE-BFC1-08002BE10318}\0001\PruningMode","NAME NOT FOUND","Length: 52"
 "11:26:47.2598121 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Control\CLASS\{4D36E968-E325-11CE-BFC1-08002BE10318}\0001","SUCCESS",""
 "11:26:47.2598209 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Enum\PCI\VEN_10DE&DEV_11FC&SUBSYS_15CC1028&REV_A1\4&1c0e275d&0&0008","SUCCESS","Desired Access: Read"
 "11:26:47.2598337 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Enum\PCI\VEN_10DE&DEV_11FC&SUBSYS_15CC1028&REV_A1\4&1c0e275d&0&0008\HardwareID","SUCCESS","Type: REG_MULTI_SZ, Length: 292, Data: PCI\VEN_10DE&DEV_11FC&SUBSYS_15CC1028&REV_A1, PCI\VEN_10DE&DEV_11FC&SUBSYS_15CC1028, PCI\VEN_10DE&DEV_11FC&CC_030000, PCI\VEN_10DE&DEV_11FC&CC_0300"
 "11:26:47.2598450 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Enum\PCI\VEN_10DE&DEV_11FC&SUBSYS_15CC1028&REV_A1\4&1c0e275d&0&0008","SUCCESS",""
 "11:26:47.2598556 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Enum\PCI\VEN_10DE&DEV_11FC&SUBSYS_15CC1028&REV_A1\4&1c0e275d&0&0008","SUCCESS","Desired Access: Read"
 "11:26:47.2598630 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Enum\PCI\VEN_10DE&DEV_11FC&SUBSYS_15CC1028&REV_A1\4&1c0e275d&0&0008\HardwareID","SUCCESS","Type: REG_MULTI_SZ, Length: 292, Data: PCI\VEN_10DE&DEV_11FC&SUBSYS_15CC1028&REV_A1, PCI\VEN_10DE&DEV_11FC&SUBSYS_15CC1028, PCI\VEN_10DE&DEV_11FC&CC_030000, PCI\VEN_10DE&DEV_11FC&CC_0300"
 "11:26:47.2598722 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Enum\PCI\VEN_10DE&DEV_11FC&SUBSYS_15CC1028&REV_A1\4&1c0e275d&0&0008","SUCCESS",""
 "11:26:47.2598804 AM","view-test.exe","24980","RegOpenKey","HKLM\Hardware\DeviceMap\Video","SUCCESS","Desired Access: Read"
 "11:26:47.2598882 AM","view-test.exe","24980","RegQueryValue","HKLM\HARDWARE\DEVICEMAP\VIDEO\\Device\Video9","SUCCESS","Type: REG_SZ, Length: 202, Data: \Registry\Machine\System\CurrentControlSet\Control\Video\{47F3E9C5-EBBC-4BE9-832F-73DC6589F2B5}\0002"
 "11:26:47.2598974 AM","view-test.exe","24980","RegCloseKey","HKLM\HARDWARE\DEVICEMAP\VIDEO","SUCCESS",""
 "11:26:47.2599699 AM","view-test.exe","24980","RegOpenKey","HKLM\Hardware\DeviceMap\VIDEO","SUCCESS","Desired Access: Read, Maximum Allowed"
 "11:26:47.2599837 AM","view-test.exe","24980","RegQueryValue","HKLM\HARDWARE\DEVICEMAP\VIDEO\MaxObjectNumber","SUCCESS","Type: REG_DWORD, Length: 4, Data: 10"
 "11:26:47.2599961 AM","view-test.exe","24980","RegCloseKey","HKLM\HARDWARE\DEVICEMAP\VIDEO","SUCCESS",""
 "11:26:47.2600071 AM","view-test.exe","24980","RegOpenKey","HKLM\Hardware\DeviceMap\Video","SUCCESS","Desired Access: Read"
 "11:26:47.2600149 AM","view-test.exe","24980","RegQueryValue","HKLM\HARDWARE\DEVICEMAP\VIDEO\\Device\Video10","SUCCESS","Type: REG_SZ, Length: 202, Data: \Registry\Machine\System\CurrentControlSet\Control\Video\{47F3E9C5-EBBC-4BE9-832F-73DC6589F2B5}\0003"
 "11:26:47.2600280 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\CONTROL\VIDEO\{47F3E9C5-EBBC-4BE9-832F-73DC6589F2B5}\0003","REPARSE","Desired Access: Read"
 "11:26:47.2600375 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\CONTROL\VIDEO\{47F3E9C5-EBBC-4BE9-832F-73DC6589F2B5}\0003","SUCCESS","Desired Access: Read"
 "11:26:47.2600474 AM","view-test.exe","24980","RegCloseKey","HKLM\HARDWARE\DEVICEMAP\VIDEO","SUCCESS",""
 "11:26:47.2600538 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Control\CLASS\{4D36E968-E325-11CE-BFC1-08002BE10318}\0001\PruningMode","NAME NOT FOUND","Length: 52"
 "11:26:47.2600641 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Control\CLASS\{4D36E968-E325-11CE-BFC1-08002BE10318}\0001","SUCCESS",""
 "11:26:47.2600729 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Enum\PCI\VEN_10DE&DEV_11FC&SUBSYS_15CC1028&REV_A1\4&1c0e275d&0&0008","SUCCESS","Desired Access: Read"
 "11:26:47.2600814 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Enum\PCI\VEN_10DE&DEV_11FC&SUBSYS_15CC1028&REV_A1\4&1c0e275d&0&0008\HardwareID","SUCCESS","Type: REG_MULTI_SZ, Length: 292, Data: PCI\VEN_10DE&DEV_11FC&SUBSYS_15CC1028&REV_A1, PCI\VEN_10DE&DEV_11FC&SUBSYS_15CC1028, PCI\VEN_10DE&DEV_11FC&CC_030000, PCI\VEN_10DE&DEV_11FC&CC_0300"
 "11:26:47.2600909 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Enum\PCI\VEN_10DE&DEV_11FC&SUBSYS_15CC1028&REV_A1\4&1c0e275d&0&0008","SUCCESS",""
 "11:26:47.2600991 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Enum\PCI\VEN_10DE&DEV_11FC&SUBSYS_15CC1028&REV_A1\4&1c0e275d&0&0008","SUCCESS","Desired Access: Read"
 "11:26:47.2601062 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Enum\PCI\VEN_10DE&DEV_11FC&SUBSYS_15CC1028&REV_A1\4&1c0e275d&0&0008\HardwareID","SUCCESS","Type: REG_MULTI_SZ, Length: 292, Data: PCI\VEN_10DE&DEV_11FC&SUBSYS_15CC1028&REV_A1, PCI\VEN_10DE&DEV_11FC&SUBSYS_15CC1028, PCI\VEN_10DE&DEV_11FC&CC_030000, PCI\VEN_10DE&DEV_11FC&CC_0300"
 "11:26:47.2601168 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Enum\PCI\VEN_10DE&DEV_11FC&SUBSYS_15CC1028&REV_A1\4&1c0e275d&0&0008","SUCCESS",""
 "11:26:47.2601288 AM","view-test.exe","24980","RegOpenKey","HKLM\Hardware\DeviceMap\Video","SUCCESS","Desired Access: Read"
 "11:26:47.2601370 AM","view-test.exe","24980","RegQueryValue","HKLM\HARDWARE\DEVICEMAP\VIDEO\\Device\Video10","SUCCESS","Type: REG_SZ, Length: 202, Data: \Registry\Machine\System\CurrentControlSet\Control\Video\{47F3E9C5-EBBC-4BE9-832F-73DC6589F2B5}\0003"
 "11:26:47.2601465 AM","view-test.exe","24980","RegCloseKey","HKLM\HARDWARE\DEVICEMAP\VIDEO","SUCCESS",""
 "11:26:47.2601982 AM","view-test.exe","24980","RegOpenKey","HKLM\Hardware\DeviceMap\VIDEO","SUCCESS","Desired Access: Read, Maximum Allowed"
 "11:26:47.2602106 AM","view-test.exe","24980","RegQueryValue","HKLM\HARDWARE\DEVICEMAP\VIDEO\MaxObjectNumber","SUCCESS","Type: REG_DWORD, Length: 4, Data: 10"
 "11:26:47.2602226 AM","view-test.exe","24980","RegCloseKey","HKLM\HARDWARE\DEVICEMAP\VIDEO","SUCCESS",""
 "11:26:47.2602350 AM","view-test.exe","24980","RegOpenKey","HKLM\Hardware\DeviceMap\Video","SUCCESS","Desired Access: Read"
 "11:26:47.2602438 AM","view-test.exe","24980","RegQueryValue","HKLM\HARDWARE\DEVICEMAP\VIDEO\\Device\Video0","SUCCESS","Type: REG_SZ, Length: 202, Data: \Registry\Machine\System\CurrentControlSet\Control\Video\{DEB039CC-B704-4F53-B43E-9DD4432FA2E9}\0000"
 "11:26:47.2602576 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\CONTROL\VIDEO\{DEB039CC-B704-4F53-B43E-9DD4432FA2E9}\0000","REPARSE","Desired Access: Read"
 "11:26:47.2602672 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\CONTROL\VIDEO\{DEB039CC-B704-4F53-B43E-9DD4432FA2E9}\0000","SUCCESS","Desired Access: Read"
 "11:26:47.2602767 AM","view-test.exe","24980","RegCloseKey","HKLM\HARDWARE\DEVICEMAP\VIDEO","SUCCESS",""
 "11:26:47.2602835 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Control\VIDEO\{DEB039CC-B704-4F53-B43E-9DD4432FA2E9}\0000\PruningMode","NAME NOT FOUND","Length: 52"
 "11:26:47.2602905 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Control\VIDEO\{DEB039CC-B704-4F53-B43E-9DD4432FA2E9}\0000","SUCCESS",""
 "11:26:47.2602987 AM","view-test.exe","24980","RegOpenKey","HKLM\Hardware\DeviceMap\Video","SUCCESS","Desired Access: Read"
 "11:26:47.2603065 AM","view-test.exe","24980","RegQueryValue","HKLM\HARDWARE\DEVICEMAP\VIDEO\\Device\Video0","SUCCESS","Type: REG_SZ, Length: 202, Data: \Registry\Machine\System\CurrentControlSet\Control\Video\{DEB039CC-B704-4F53-B43E-9DD4432FA2E9}\0000"
 "11:26:47.2603160 AM","view-test.exe","24980","RegCloseKey","HKLM\HARDWARE\DEVICEMAP\VIDEO","SUCCESS",""
 "11:26:47.2603404 AM","view-test.exe","24980","RegOpenKey","HKLM\Hardware\DeviceMap\VIDEO","SUCCESS","Desired Access: Read, Maximum Allowed"
 "11:26:47.2603525 AM","view-test.exe","24980","RegQueryValue","HKLM\HARDWARE\DEVICEMAP\VIDEO\MaxObjectNumber","SUCCESS","Type: REG_DWORD, Length: 4, Data: 10"
 "11:26:47.2603645 AM","view-test.exe","24980","RegCloseKey","HKLM\HARDWARE\DEVICEMAP\VIDEO","SUCCESS",""
 "11:26:47.2603765 AM","view-test.exe","24980","RegOpenKey","HKLM\Hardware\DeviceMap\Video","SUCCESS","Desired Access: Read"
 "11:26:47.2603847 AM","view-test.exe","24980","RegQueryValue","HKLM\HARDWARE\DEVICEMAP\VIDEO\\Device\Video1","SUCCESS","Type: REG_SZ, Length: 202, Data: \Registry\Machine\System\CurrentControlSet\Control\Video\{42cf9257-1d96-4c9d-87f3-0d8e74595f78}\0000"
 "11:26:47.2603978 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\CONTROL\VIDEO\{42CF9257-1D96-4C9D-87F3-0D8E74595F78}\0000","REPARSE","Desired Access: Read"
 "11:26:47.2604077 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\CONTROL\VIDEO\{42CF9257-1D96-4C9D-87F3-0D8E74595F78}\0000","SUCCESS","Desired Access: Read"
 "11:26:47.2604176 AM","view-test.exe","24980","RegCloseKey","HKLM\HARDWARE\DEVICEMAP\VIDEO","SUCCESS",""
 "11:26:47.2604240 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Control\VIDEO\{42CF9257-1D96-4C9D-87F3-0D8E74595F78}\0000\PruningMode","NAME NOT FOUND","Length: 52"
 "11:26:47.2604314 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Control\VIDEO\{42CF9257-1D96-4C9D-87F3-0D8E74595F78}\0000","SUCCESS",""
 "11:26:47.2604392 AM","view-test.exe","24980","RegOpenKey","HKLM\Hardware\DeviceMap\Video","SUCCESS","Desired Access: Read"
 "11:26:47.2604477 AM","view-test.exe","24980","RegQueryValue","HKLM\HARDWARE\DEVICEMAP\VIDEO\\Device\Video1","SUCCESS","Type: REG_SZ, Length: 202, Data: \Registry\Machine\System\CurrentControlSet\Control\Video\{42cf9257-1d96-4c9d-87f3-0d8e74595f78}\0000"
 "11:26:47.2604583 AM","view-test.exe","24980","RegCloseKey","HKLM\HARDWARE\DEVICEMAP\VIDEO","SUCCESS",""
 "11:26:47.2605634 AM","view-test.exe","24980","RegOpenKey","HKLM\Hardware\DeviceMap\VIDEO","SUCCESS","Desired Access: Read, Maximum Allowed"
 "11:26:47.2605712 AM","view-test.exe","24980","RegQueryValue","HKLM\HARDWARE\DEVICEMAP\VIDEO\MaxObjectNumber","SUCCESS","Type: REG_DWORD, Length: 4, Data: 10"
 "11:26:47.2605804 AM","view-test.exe","24980","RegCloseKey","HKLM\HARDWARE\DEVICEMAP\VIDEO","SUCCESS",""
 "11:26:47.2605896 AM","view-test.exe","24980","RegOpenKey","HKLM\Hardware\DeviceMap\Video","SUCCESS","Desired Access: Read"
 "11:26:47.2605967 AM","view-test.exe","24980","RegQueryValue","HKLM\HARDWARE\DEVICEMAP\VIDEO\\Device\Video2","SUCCESS","Type: REG_SZ, Length: 202, Data: \Registry\Machine\System\CurrentControlSet\Control\Video\{b043b95c-5670-4f10-b934-8ed0c8eb59a8}\0000"
 "11:26:47.2606083 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\CONTROL\VIDEO\{B043B95C-5670-4F10-B934-8ED0C8EB59A8}\0000","REPARSE","Desired Access: Read"
 "11:26:47.2606183 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\CONTROL\VIDEO\{B043B95C-5670-4F10-B934-8ED0C8EB59A8}\0000","SUCCESS","Desired Access: Read"
 "11:26:47.2606275 AM","view-test.exe","24980","RegCloseKey","HKLM\HARDWARE\DEVICEMAP\VIDEO","SUCCESS",""
 "11:26:47.2606342 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Control\VIDEO\{B043B95C-5670-4F10-B934-8ED0C8EB59A8}\0000\PruningMode","NAME NOT FOUND","Length: 52"
 "11:26:47.2606413 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Control\VIDEO\{B043B95C-5670-4F10-B934-8ED0C8EB59A8}\0000","SUCCESS",""
 "11:26:47.2606487 AM","view-test.exe","24980","RegOpenKey","HKLM\Hardware\DeviceMap\Video","SUCCESS","Desired Access: Read"
 "11:26:47.2606554 AM","view-test.exe","24980","RegQueryValue","HKLM\HARDWARE\DEVICEMAP\VIDEO\\Device\Video2","SUCCESS","Type: REG_SZ, Length: 202, Data: \Registry\Machine\System\CurrentControlSet\Control\Video\{b043b95c-5670-4f10-b934-8ed0c8eb59a8}\0000"
 "11:26:47.2606646 AM","view-test.exe","24980","RegCloseKey","HKLM\HARDWARE\DEVICEMAP\VIDEO","SUCCESS",""
 "11:26:47.2607074 AM","view-test.exe","24980","RegOpenKey","HKLM\Hardware\DeviceMap\VIDEO","SUCCESS","Desired Access: Read, Maximum Allowed"
 "11:26:47.2607149 AM","view-test.exe","24980","RegQueryValue","HKLM\HARDWARE\DEVICEMAP\VIDEO\MaxObjectNumber","SUCCESS","Type: REG_DWORD, Length: 4, Data: 10"
 "11:26:47.2607244 AM","view-test.exe","24980","RegCloseKey","HKLM\HARDWARE\DEVICEMAP\VIDEO","SUCCESS",""
 "11:26:47.2609817 AM","view-test.exe","24980","RegOpenKey","HKLM\Hardware\DeviceMap\VIDEO","SUCCESS","Desired Access: Read, Maximum Allowed"
 "11:26:47.2609948 AM","view-test.exe","24980","RegQueryValue","HKLM\HARDWARE\DEVICEMAP\VIDEO\MaxObjectNumber","SUCCESS","Type: REG_DWORD, Length: 4, Data: 10"
 "11:26:47.2610068 AM","view-test.exe","24980","RegCloseKey","HKLM\HARDWARE\DEVICEMAP\VIDEO","SUCCESS",""
 "11:26:47.2610182 AM","view-test.exe","24980","RegOpenKey","HKLM\Hardware\DeviceMap\Video","SUCCESS","Desired Access: Read"
 "11:26:47.2610263 AM","view-test.exe","24980","RegQueryValue","HKLM\HARDWARE\DEVICEMAP\VIDEO\\Device\Video4","SUCCESS","Type: REG_SZ, Length: 202, Data: \Registry\Machine\System\CurrentControlSet\Control\Video\{BA86A327-71E2-426F-9F8A-30608887E2D4}\0000"
 "11:26:47.2610394 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\CONTROL\VIDEO\{BA86A327-71E2-426F-9F8A-30608887E2D4}\0000","REPARSE","Desired Access: Read"
 "11:26:47.2610500 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\CONTROL\VIDEO\{BA86A327-71E2-426F-9F8A-30608887E2D4}\0000","SUCCESS","Desired Access: Read"
 "11:26:47.2610599 AM","view-test.exe","24980","RegCloseKey","HKLM\HARDWARE\DEVICEMAP\VIDEO","SUCCESS",""
 "11:26:47.2610663 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Control\CLASS\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000\PruningMode","NAME NOT FOUND","Length: 52"
 "11:26:47.2610783 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Control\CLASS\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000","SUCCESS",""
 "11:26:47.2610868 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Enum\PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028&REV_06\3&11583659&0&10","SUCCESS","Desired Access: Read"
 "11:26:47.2610946 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Enum\PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028&REV_06\3&11583659&0&10\HardwareID","SUCCESS","Type: REG_MULTI_SZ, Length: 292, Data: PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028&REV_06, PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028, PCI\VEN_8086&DEV_0416&CC_030000, PCI\VEN_8086&DEV_0416&CC_0300"
 "11:26:47.2611066 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Enum\PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028&REV_06\3&11583659&0&10","SUCCESS",""
 "11:26:47.2611158 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Enum\PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028&REV_06\3&11583659&0&10","SUCCESS","Desired Access: Read"
 "11:26:47.2611233 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Enum\PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028&REV_06\3&11583659&0&10\HardwareID","SUCCESS","Type: REG_MULTI_SZ, Length: 292, Data: PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028&REV_06, PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028, PCI\VEN_8086&DEV_0416&CC_030000, PCI\VEN_8086&DEV_0416&CC_0300"
 "11:26:47.2611328 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Enum\PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028&REV_06\3&11583659&0&10","SUCCESS",""
 "11:26:47.2611413 AM","view-test.exe","24980","RegOpenKey","HKLM\Hardware\DeviceMap\Video","SUCCESS","Desired Access: Read"
 "11:26:47.2611491 AM","view-test.exe","24980","RegQueryValue","HKLM\HARDWARE\DEVICEMAP\VIDEO\\Device\Video4","SUCCESS","Type: REG_SZ, Length: 202, Data: \Registry\Machine\System\CurrentControlSet\Control\Video\{BA86A327-71E2-426F-9F8A-30608887E2D4}\0000"
 "11:26:47.2611587 AM","view-test.exe","24980","RegCloseKey","HKLM\HARDWARE\DEVICEMAP\VIDEO","SUCCESS",""
 "11:26:47.2611845 AM","view-test.exe","24980","RegOpenKey","HKLM\Hardware\DeviceMap\VIDEO","SUCCESS","Desired Access: Read, Maximum Allowed"
 "11:26:47.2611926 AM","view-test.exe","24980","RegQueryValue","HKLM\HARDWARE\DEVICEMAP\VIDEO\MaxObjectNumber","SUCCESS","Type: REG_DWORD, Length: 4, Data: 10"
 "11:26:47.2612018 AM","view-test.exe","24980","RegCloseKey","HKLM\HARDWARE\DEVICEMAP\VIDEO","SUCCESS",""
 "11:26:47.2612107 AM","view-test.exe","24980","RegOpenKey","HKLM\Hardware\DeviceMap\Video","SUCCESS","Desired Access: Read"
 "11:26:47.2612178 AM","view-test.exe","24980","RegQueryValue","HKLM\HARDWARE\DEVICEMAP\VIDEO\\Device\Video5","SUCCESS","Type: REG_SZ, Length: 202, Data: \Registry\Machine\System\CurrentControlSet\Control\Video\{BA86A327-71E2-426F-9F8A-30608887E2D4}\0001"
 "11:26:47.2612294 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\CONTROL\VIDEO\{BA86A327-71E2-426F-9F8A-30608887E2D4}\0001","REPARSE","Desired Access: Read"
 "11:26:47.2612383 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\CONTROL\VIDEO\{BA86A327-71E2-426F-9F8A-30608887E2D4}\0001","SUCCESS","Desired Access: Read"
 "11:26:47.2612471 AM","view-test.exe","24980","RegCloseKey","HKLM\HARDWARE\DEVICEMAP\VIDEO","SUCCESS",""
 "11:26:47.2612560 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Control\CLASS\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000\PruningMode","NAME NOT FOUND","Length: 52"
 "11:26:47.2612677 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Control\CLASS\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000","SUCCESS",""
 "11:26:47.2612754 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Enum\PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028&REV_06\3&11583659&0&10","SUCCESS","Desired Access: Read"
 "11:26:47.2612832 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Enum\PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028&REV_06\3&11583659&0&10\HardwareID","SUCCESS","Type: REG_MULTI_SZ, Length: 292, Data: PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028&REV_06, PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028, PCI\VEN_8086&DEV_0416&CC_030000, PCI\VEN_8086&DEV_0416&CC_0300"
 "11:26:47.2612924 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Enum\PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028&REV_06\3&11583659&0&10","SUCCESS",""
 "11:26:47.2612999 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Enum\PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028&REV_06\3&11583659&0&10","SUCCESS","Desired Access: Read"
 "11:26:47.2613073 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Enum\PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028&REV_06\3&11583659&0&10\HardwareID","SUCCESS","Type: REG_MULTI_SZ, Length: 292, Data: PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028&REV_06, PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028, PCI\VEN_8086&DEV_0416&CC_030000, PCI\VEN_8086&DEV_0416&CC_0300"
 "11:26:47.2613161 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Enum\PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028&REV_06\3&11583659&0&10","SUCCESS",""
 "11:26:47.2613236 AM","view-test.exe","24980","RegOpenKey","HKLM\Hardware\DeviceMap\Video","SUCCESS","Desired Access: Read"
 "11:26:47.2613307 AM","view-test.exe","24980","RegQueryValue","HKLM\HARDWARE\DEVICEMAP\VIDEO\\Device\Video5","SUCCESS","Type: REG_SZ, Length: 202, Data: \Registry\Machine\System\CurrentControlSet\Control\Video\{BA86A327-71E2-426F-9F8A-30608887E2D4}\0001"
 "11:26:47.2613399 AM","view-test.exe","24980","RegCloseKey","HKLM\HARDWARE\DEVICEMAP\VIDEO","SUCCESS",""
 "11:26:47.2614924 AM","view-test.exe","24980","CreateFile","C:\dev\GIT\Red\D3DIM700.DLL","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
 "11:26:47.2616244 AM","view-test.exe","24980","CreateFile","C:\Windows\SysWOW64\d3dim700.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
 "11:26:47.2616998 AM","view-test.exe","24980","QueryBasicInformationFile","C:\Windows\SysWOW64\d3dim700.dll","SUCCESS","CreationTime: 7/14/2009 1:28:07 AM, LastAccessTime: 7/14/2009 1:28:07 AM, LastWriteTime: 7/14/2009 3:15:08 AM, ChangeTime: 12/5/2014 3:15:50 PM, FileAttributes: A"
 "11:26:47.2617104 AM","view-test.exe","24980","CloseFile","C:\Windows\SysWOW64\d3dim700.dll","SUCCESS",""
 "11:26:47.2617971 AM","view-test.exe","24980","CreateFile","C:\Windows\SysWOW64\d3dim700.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
 "11:26:47.2618693 AM","view-test.exe","24980","CreateFileMapping","C:\Windows\SysWOW64\d3dim700.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: "
 "11:26:47.2619917 AM","view-test.exe","24980","CreateFileMapping","C:\Windows\SysWOW64\d3dim700.dll","SUCCESS","SyncType: SyncTypeOther"
 "11:26:47.2620852 AM","view-test.exe","24980","Load Image","C:\Windows\SysWOW64\d3dim700.dll","SUCCESS","Image Base: 0x6f3c0000, Image Size: 0xcc000"
 "11:26:47.2621029 AM","view-test.exe","24980","CloseFile","C:\Windows\SysWOW64\d3dim700.dll","SUCCESS",""
 "11:26:47.2621676 AM","view-test.exe","24980","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
 "11:26:47.2621818 AM","view-test.exe","24980","RegOpenKey","HKLM\Software\Wow6432Node\Microsoft\Direct3D","REPARSE","Desired Access: Maximum Allowed"
 "11:26:47.2621995 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Direct3D","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
 "11:26:47.2622108 AM","view-test.exe","24980","RegSetInfoKey","HKCU\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Direct3D","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:47.2622175 AM","view-test.exe","24980","RegQueryValue","HKCU\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Direct3D\DisableMMX","NAME NOT FOUND","Length: 144"
 "11:26:47.2622299 AM","view-test.exe","24980","RegCloseKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Direct3D","SUCCESS",""
 "11:26:47.2622370 AM","view-test.exe","24980","RegCloseKey","HKCU\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Direct3D","SUCCESS",""
 "11:26:47.2622465 AM","view-test.exe","24980","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
 "11:26:47.2622568 AM","view-test.exe","24980","RegOpenKey","HKLM\Software\Wow6432Node\Microsoft\Direct3D","REPARSE","Desired Access: Maximum Allowed"
 "11:26:47.2622678 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Direct3D","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
 "11:26:47.2622763 AM","view-test.exe","24980","RegSetInfoKey","HKCU\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Direct3D","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:47.2622826 AM","view-test.exe","24980","RegQueryValue","HKCU\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Direct3D\DisableX3D","NAME NOT FOUND","Length: 144"
 "11:26:47.2622911 AM","view-test.exe","24980","RegCloseKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Direct3D","SUCCESS",""
 "11:26:47.2622975 AM","view-test.exe","24980","RegCloseKey","HKCU\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Direct3D","SUCCESS",""
 "11:26:47.2623049 AM","view-test.exe","24980","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
 "11:26:47.2623141 AM","view-test.exe","24980","RegOpenKey","HKLM\Software\Wow6432Node\Microsoft\Direct3D","REPARSE","Desired Access: Maximum Allowed"
 "11:26:47.2623244 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Direct3D","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
 "11:26:47.2623329 AM","view-test.exe","24980","RegSetInfoKey","HKCU\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Direct3D","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:47.2623403 AM","view-test.exe","24980","RegQueryValue","HKCU\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Direct3D\DisableMMX","NAME NOT FOUND","Length: 144"
 "11:26:47.2623499 AM","view-test.exe","24980","RegCloseKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Direct3D","SUCCESS",""
 "11:26:47.2623563 AM","view-test.exe","24980","RegCloseKey","HKCU\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Direct3D","SUCCESS",""
 "11:26:47.2623630 AM","view-test.exe","24980","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
 "11:26:47.2623722 AM","view-test.exe","24980","RegOpenKey","HKLM\Software\Wow6432Node\Microsoft\Direct3D","REPARSE","Desired Access: Maximum Allowed"
 "11:26:47.2623821 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Direct3D","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
 "11:26:47.2623888 AM","view-test.exe","24980","RegSetInfoKey","HKCU\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Direct3D","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:47.2623945 AM","view-test.exe","24980","RegQueryValue","HKCU\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Direct3D\FewVertices","NAME NOT FOUND","Length: 144"
 "11:26:47.2624026 AM","view-test.exe","24980","RegCloseKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Direct3D","SUCCESS",""
 "11:26:47.2624086 AM","view-test.exe","24980","RegCloseKey","HKCU\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Direct3D","SUCCESS",""
 "11:26:47.2624185 AM","view-test.exe","24980","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
 "11:26:47.2624288 AM","view-test.exe","24980","RegCreateKey","HKLM\Software\Wow6432Node\Microsoft\Direct3D\MostRecentApplication","REPARSE","Desired Access: Maximum Allowed"
 "11:26:47.2624412 AM","view-test.exe","24980","RegCreateKey","HKCU\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Direct3D\MostRecentApplication","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
 "11:26:47.2624497 AM","view-test.exe","24980","RegSetInfoKey","HKCU\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Direct3D\MostRecentApplication","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:47.2624568 AM","view-test.exe","24980","RegQueryKey","HKCU\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Direct3D\MostRecentApplication","SUCCESS","Query: HandleTags, HandleTags: 0x0"
 "11:26:47.2624681 AM","view-test.exe","24980","RegCloseKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Direct3D\MostRecentApplication","SUCCESS",""
 "11:26:47.2624776 AM","view-test.exe","24980","RegSetValue","HKCU\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Direct3D\MostRecentApplication\Name","SUCCESS","Type: REG_SZ, Length: 28, Data: view-test.exe"
 "11:26:47.2624865 AM","view-test.exe","24980","RegCloseKey","HKCU\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Direct3D\MostRecentApplication","SUCCESS",""
 "11:26:47.2625106 AM","view-test.exe","24980","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
 "11:26:47.2625205 AM","view-test.exe","24980","RegOpenKey","HKLM\Software\Wow6432Node\Microsoft\Direct3D","REPARSE","Desired Access: Maximum Allowed"
 "11:26:47.2625314 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Direct3D","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
 "11:26:47.2625389 AM","view-test.exe","24980","RegSetInfoKey","HKCU\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Direct3D","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:47.2625456 AM","view-test.exe","24980","RegQueryValue","HKCU\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Direct3D\DisableVidMemVBs","NAME NOT FOUND","Length: 144"
 "11:26:47.2625548 AM","view-test.exe","24980","RegCloseKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Direct3D","SUCCESS",""
 "11:26:47.2625612 AM","view-test.exe","24980","RegCloseKey","HKCU\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Direct3D","SUCCESS",""
 "11:26:47.2625714 AM","view-test.exe","24980","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
 "11:26:47.2625803 AM","view-test.exe","24980","RegOpenKey","HKLM\Software\Wow6432Node\Microsoft\Direct3D\Drivers","SUCCESS","Desired Access: Read"
 "11:26:47.2625920 AM","view-test.exe","24980","RegSetInfoKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Direct3D\Drivers","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:47.2625973 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\Wow6432Node\Microsoft\Direct3D\Drivers\SoftwareOnly","NAME NOT FOUND","Length: 144"
 "11:26:47.2626029 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\Wow6432Node\Microsoft\Direct3D\Drivers\EnumReference","NAME NOT FOUND","Length: 144"
 "11:26:47.2626079 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\Wow6432Node\Microsoft\Direct3D\Drivers\EnumNullDevice","NAME NOT FOUND","Length: 144"
 "11:26:47.2626139 AM","view-test.exe","24980","RegCloseKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Direct3D\Drivers","SUCCESS",""
 "11:26:47.2626217 AM","view-test.exe","24980","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
 "11:26:47.2626309 AM","view-test.exe","24980","RegOpenKey","HKLM\Software\Wow6432Node\Microsoft\Direct3D\Drivers","SUCCESS","Desired Access: Read"
 "11:26:47.2626404 AM","view-test.exe","24980","RegSetInfoKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Direct3D\Drivers","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:47.2626472 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\Wow6432Node\Microsoft\Direct3D\Drivers\ForceRgbRasterizer","NAME NOT FOUND","Length: 144"
 "11:26:47.2626532 AM","view-test.exe","24980","RegCloseKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Direct3D\Drivers","SUCCESS",""
 "11:26:47.2627310 AM","view-test.exe","24980","Thread Exit","","SUCCESS","Thread ID: 29556, User Time: 0.0000000, Kernel Time: 0.0000000"
 "11:26:47.2655803 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Control\CLASS\{4D36E968-E325-11CE-BFC1-08002BE10318}\0001","SUCCESS",""
 "11:26:47.2659837 AM","view-test.exe","24980","RegOpenKey","HKLM\Hardware\DeviceMap\VIDEO","SUCCESS","Desired Access: Read, Maximum Allowed"
 "11:26:47.2659968 AM","view-test.exe","24980","RegQueryValue","HKLM\HARDWARE\DEVICEMAP\VIDEO\MaxObjectNumber","SUCCESS","Type: REG_DWORD, Length: 4, Data: 10"
 "11:26:47.2660092 AM","view-test.exe","24980","RegCloseKey","HKLM\HARDWARE\DEVICEMAP\VIDEO","SUCCESS",""
 "11:26:47.2660205 AM","view-test.exe","24980","RegOpenKey","HKLM\Hardware\DeviceMap\Video","SUCCESS","Desired Access: Read"
 "11:26:47.2660290 AM","view-test.exe","24980","RegQueryValue","HKLM\HARDWARE\DEVICEMAP\VIDEO\\Device\Video4","SUCCESS","Type: REG_SZ, Length: 202, Data: \Registry\Machine\System\CurrentControlSet\Control\Video\{BA86A327-71E2-426F-9F8A-30608887E2D4}\0000"
 "11:26:47.2660435 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\CONTROL\VIDEO\{BA86A327-71E2-426F-9F8A-30608887E2D4}\0000","REPARSE","Desired Access: Read"
 "11:26:47.2660545 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\CONTROL\VIDEO\{BA86A327-71E2-426F-9F8A-30608887E2D4}\0000","SUCCESS","Desired Access: Read"
 "11:26:47.2660662 AM","view-test.exe","24980","RegCloseKey","HKLM\HARDWARE\DEVICEMAP\VIDEO","SUCCESS",""
 "11:26:47.2660736 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Control\CLASS\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000\PruningMode","NAME NOT FOUND","Length: 52"
 "11:26:47.2660856 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Control\CLASS\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000","SUCCESS",""
 "11:26:47.2660948 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Enum\PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028&REV_06\3&11583659&0&10","SUCCESS","Desired Access: Read"
 "11:26:47.2661030 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Enum\PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028&REV_06\3&11583659&0&10\HardwareID","SUCCESS","Type: REG_MULTI_SZ, Length: 292, Data: PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028&REV_06, PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028, PCI\VEN_8086&DEV_0416&CC_030000, PCI\VEN_8086&DEV_0416&CC_0300"
 "11:26:47.2661125 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Enum\PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028&REV_06\3&11583659&0&10","SUCCESS",""
 "11:26:47.2661235 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Enum\PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028&REV_06\3&11583659&0&10","SUCCESS","Desired Access: Read"
 "11:26:47.2661309 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Enum\PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028&REV_06\3&11583659&0&10\HardwareID","SUCCESS","Type: REG_MULTI_SZ, Length: 292, Data: PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028&REV_06, PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028, PCI\VEN_8086&DEV_0416&CC_030000, PCI\VEN_8086&DEV_0416&CC_0300"
 "11:26:47.2661401 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Enum\PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028&REV_06\3&11583659&0&10","SUCCESS",""
 "11:26:47.2661483 AM","view-test.exe","24980","RegOpenKey","HKLM\Hardware\DeviceMap\Video","SUCCESS","Desired Access: Read"
 "11:26:47.2661557 AM","view-test.exe","24980","RegQueryValue","HKLM\HARDWARE\DEVICEMAP\VIDEO\\Device\Video4","SUCCESS","Type: REG_SZ, Length: 202, Data: \Registry\Machine\System\CurrentControlSet\Control\Video\{BA86A327-71E2-426F-9F8A-30608887E2D4}\0000"
 "11:26:47.2661649 AM","view-test.exe","24980","RegCloseKey","HKLM\HARDWARE\DEVICEMAP\VIDEO","SUCCESS",""
 "11:26:47.2661791 AM","view-test.exe","24980","RegOpenKey","HKLM\Hardware\DeviceMap\VIDEO","SUCCESS","Desired Access: Read, Maximum Allowed"
 "11:26:47.2661879 AM","view-test.exe","24980","RegQueryValue","HKLM\HARDWARE\DEVICEMAP\VIDEO\MaxObjectNumber","SUCCESS","Type: REG_DWORD, Length: 4, Data: 10"
 "11:26:47.2661985 AM","view-test.exe","24980","RegCloseKey","HKLM\HARDWARE\DEVICEMAP\VIDEO","SUCCESS",""
 "11:26:47.2662092 AM","view-test.exe","24980","RegOpenKey","HKLM\Hardware\DeviceMap\Video","SUCCESS","Desired Access: Read"
 "11:26:47.2662180 AM","view-test.exe","24980","RegQueryValue","HKLM\HARDWARE\DEVICEMAP\VIDEO\\Device\Video5","SUCCESS","Type: REG_SZ, Length: 202, Data: \Registry\Machine\System\CurrentControlSet\Control\Video\{BA86A327-71E2-426F-9F8A-30608887E2D4}\0001"
 "11:26:47.2662304 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\CONTROL\VIDEO\{BA86A327-71E2-426F-9F8A-30608887E2D4}\0001","REPARSE","Desired Access: Read"
 "11:26:47.2662407 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\CONTROL\VIDEO\{BA86A327-71E2-426F-9F8A-30608887E2D4}\0001","SUCCESS","Desired Access: Read"
 "11:26:47.2662513 AM","view-test.exe","24980","RegCloseKey","HKLM\HARDWARE\DEVICEMAP\VIDEO","SUCCESS",""
 "11:26:47.2662605 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Control\CLASS\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000\PruningMode","NAME NOT FOUND","Length: 52"
 "11:26:47.2662718 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Control\CLASS\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000","SUCCESS",""
 "11:26:47.2662796 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Enum\PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028&REV_06\3&11583659&0&10","SUCCESS","Desired Access: Read"
 "11:26:47.2662877 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Enum\PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028&REV_06\3&11583659&0&10\HardwareID","SUCCESS","Type: REG_MULTI_SZ, Length: 292, Data: PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028&REV_06, PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028, PCI\VEN_8086&DEV_0416&CC_030000, PCI\VEN_8086&DEV_0416&CC_0300"
 "11:26:47.2662973 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Enum\PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028&REV_06\3&11583659&0&10","SUCCESS",""
 "11:26:47.2663047 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Enum\PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028&REV_06\3&11583659&0&10","SUCCESS","Desired Access: Read"
 "11:26:47.2663118 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Enum\PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028&REV_06\3&11583659&0&10\HardwareID","SUCCESS","Type: REG_MULTI_SZ, Length: 292, Data: PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028&REV_06, PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028, PCI\VEN_8086&DEV_0416&CC_030000, PCI\VEN_8086&DEV_0416&CC_0300"
 "11:26:47.2663210 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Enum\PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028&REV_06\3&11583659&0&10","SUCCESS",""
 "11:26:47.2663288 AM","view-test.exe","24980","RegOpenKey","HKLM\Hardware\DeviceMap\Video","SUCCESS","Desired Access: Read"
 "11:26:47.2663376 AM","view-test.exe","24980","RegQueryValue","HKLM\HARDWARE\DEVICEMAP\VIDEO\\Device\Video5","SUCCESS","Type: REG_SZ, Length: 202, Data: \Registry\Machine\System\CurrentControlSet\Control\Video\{BA86A327-71E2-426F-9F8A-30608887E2D4}\0001"
 "11:26:47.2663475 AM","view-test.exe","24980","RegCloseKey","HKLM\HARDWARE\DEVICEMAP\VIDEO","SUCCESS",""
 "11:26:47.2663603 AM","view-test.exe","24980","RegOpenKey","HKLM\Hardware\DeviceMap\VIDEO","SUCCESS","Desired Access: Read, Maximum Allowed"
 "11:26:47.2663677 AM","view-test.exe","24980","RegQueryValue","HKLM\HARDWARE\DEVICEMAP\VIDEO\MaxObjectNumber","SUCCESS","Type: REG_DWORD, Length: 4, Data: 10"
 "11:26:47.2663787 AM","view-test.exe","24980","RegCloseKey","HKLM\HARDWARE\DEVICEMAP\VIDEO","SUCCESS",""
 "11:26:47.2663904 AM","view-test.exe","24980","RegOpenKey","HKLM\Hardware\DeviceMap\Video","SUCCESS","Desired Access: Read"
 "11:26:47.2664003 AM","view-test.exe","24980","RegQueryValue","HKLM\HARDWARE\DEVICEMAP\VIDEO\\Device\Video4","SUCCESS","Type: REG_SZ, Length: 202, Data: \Registry\Machine\System\CurrentControlSet\Control\Video\{BA86A327-71E2-426F-9F8A-30608887E2D4}\0000"
 "11:26:47.2664162 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\CONTROL\VIDEO\{BA86A327-71E2-426F-9F8A-30608887E2D4}\0000","REPARSE","Desired Access: Read"
 "11:26:47.2664250 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\CONTROL\VIDEO\{BA86A327-71E2-426F-9F8A-30608887E2D4}\0000","SUCCESS","Desired Access: Read"
 "11:26:47.2664339 AM","view-test.exe","24980","RegCloseKey","HKLM\HARDWARE\DEVICEMAP\VIDEO","SUCCESS",""
 "11:26:47.2664399 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Control\CLASS\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000\PruningMode","NAME NOT FOUND","Length: 52"
 "11:26:47.2664523 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Control\CLASS\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000","SUCCESS",""
 "11:26:47.2664604 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Enum\PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028&REV_06\3&11583659&0&10","SUCCESS","Desired Access: Read"
 "11:26:47.2664693 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Enum\PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028&REV_06\3&11583659&0&10\HardwareID","SUCCESS","Type: REG_MULTI_SZ, Length: 292, Data: PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028&REV_06, PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028, PCI\VEN_8086&DEV_0416&CC_030000, PCI\VEN_8086&DEV_0416&CC_0300"
 "11:26:47.2664795 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Enum\PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028&REV_06\3&11583659&0&10","SUCCESS",""
 "11:26:47.2664870 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Enum\PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028&REV_06\3&11583659&0&10","SUCCESS","Desired Access: Read"
 "11:26:47.2664940 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Enum\PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028&REV_06\3&11583659&0&10\HardwareID","SUCCESS","Type: REG_MULTI_SZ, Length: 292, Data: PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028&REV_06, PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028, PCI\VEN_8086&DEV_0416&CC_030000, PCI\VEN_8086&DEV_0416&CC_0300"
 "11:26:47.2665029 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Enum\PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028&REV_06\3&11583659&0&10","SUCCESS",""
 "11:26:47.2665107 AM","view-test.exe","24980","RegOpenKey","HKLM\Hardware\DeviceMap\Video","SUCCESS","Desired Access: Read"
 "11:26:47.2665178 AM","view-test.exe","24980","RegQueryValue","HKLM\HARDWARE\DEVICEMAP\VIDEO\\Device\Video4","SUCCESS","Type: REG_SZ, Length: 202, Data: \Registry\Machine\System\CurrentControlSet\Control\Video\{BA86A327-71E2-426F-9F8A-30608887E2D4}\0000"
 "11:26:47.2665270 AM","view-test.exe","24980","RegCloseKey","HKLM\HARDWARE\DEVICEMAP\VIDEO","SUCCESS",""
 "11:26:47.2666122 AM","view-test.exe","24980","CreateFile","C:\Windows\win.ini","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
 "11:26:47.2666409 AM","view-test.exe","24980","LockFile","C:\Windows\win.ini","SUCCESS","Exclusive: False, Offset: 0, Length: 4,294,967,295, Fail Immediately: False"
 "11:26:47.2666515 AM","view-test.exe","24980","QueryStandardInformationFile","C:\Windows\win.ini","SUCCESS","AllocationSize: 440, EndOfFile: 435, NumberOfLinks: 1, DeletePending: False, Directory: False"
 "11:26:47.2666657 AM","view-test.exe","24980","ReadFile","C:\Windows\win.ini","SUCCESS","Offset: 0, Length: 435, Priority: Normal"
 "11:26:47.2666887 AM","view-test.exe","24980","UnlockFileSingle","C:\Windows\win.ini","SUCCESS","Offset: 0, Length: 4,294,967,295"
 "11:26:47.2666982 AM","view-test.exe","24980","CloseFile","C:\Windows\win.ini","SUCCESS",""
 "11:26:47.2667885 AM","view-test.exe","24980","CreateFile","C:\dev\GIT\Red\view-test.exe","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, AllocationSize: n/a, OpenResult: Opened"
 "11:26:47.2668108 AM","view-test.exe","24980","ReadFile","C:\dev\GIT\Red\view-test.exe","SUCCESS","Offset: 0, Length: 64, Priority: Normal"
 "11:26:47.2668363 AM","view-test.exe","24980","ReadFile","C:\dev\GIT\Red\view-test.exe","SUCCESS","Offset: 128, Length: 248, Priority: Normal"
 "11:26:47.2668479 AM","view-test.exe","24980","CloseFile","C:\dev\GIT\Red\view-test.exe","SUCCESS",""
 "11:26:47.2668614 AM","view-test.exe","24980","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
 "11:26:47.2668745 AM","view-test.exe","24980","RegCreateKey","HKLM\Software\Wow6432Node\Microsoft\DirectDraw\MostRecentApplication","REPARSE","Desired Access: Maximum Allowed"
 "11:26:47.2668922 AM","view-test.exe","24980","RegCreateKey","HKCU\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\MostRecentApplication","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
 "11:26:47.2669035 AM","view-test.exe","24980","RegSetInfoKey","HKCU\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\MostRecentApplication","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:47.2669109 AM","view-test.exe","24980","RegQueryKey","HKCU\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\MostRecentApplication","SUCCESS","Query: HandleTags, HandleTags: 0x0"
 "11:26:47.2669244 AM","view-test.exe","24980","RegCloseKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\MostRecentApplication","SUCCESS",""
 "11:26:47.2669318 AM","view-test.exe","24980","RegSetValue","HKCU\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\MostRecentApplication\Name","SUCCESS","Type: REG_SZ, Length: 28, Data: view-test.exe"
 "11:26:47.2669407 AM","view-test.exe","24980","RegSetValue","HKCU\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\MostRecentApplication\ID","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1444735421"
 "11:26:47.2669485 AM","view-test.exe","24980","RegCloseKey","HKCU\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\MostRecentApplication","SUCCESS",""
 "11:26:47.2669559 AM","view-test.exe","24980","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
 "11:26:47.2669661 AM","view-test.exe","24980","RegOpenKey","HKLM\Software\Wow6432Node\Microsoft\DirectDraw","SUCCESS","Desired Access: Maximum Allowed, Granted Access: Read"
 "11:26:47.2669789 AM","view-test.exe","24980","RegSetInfoKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\DirectDraw","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:47.2669849 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\ModeXOnly","NAME NOT FOUND","Length: 144"
 "11:26:47.2669909 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\EmulationOnly","NAME NOT FOUND","Length: 144"
 "11:26:47.2669966 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\ShowFrameRate","NAME NOT FOUND","Length: 144"
 "11:26:47.2670022 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\EnablePrintScreen","NAME NOT FOUND","Length: 144"
 "11:26:47.2670083 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\ForceAGPSupport","NAME NOT FOUND","Length: 144"
 "11:26:47.2670136 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\DisableAGPSupport","NAME NOT FOUND","Length: 144"
 "11:26:47.2670196 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\DisableMMX","NAME NOT FOUND","Length: 144"
 "11:26:47.2670249 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\DisableDDSCAPSInDDSD","NAME NOT FOUND","Length: 144"
 "11:26:47.2670302 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\DisableWiderSurfaces","NAME NOT FOUND","Length: 144"
 "11:26:47.2670362 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\UseNonLocalVidMem","NAME NOT FOUND","Length: 144"
 "11:26:47.2670415 AM","view-test.exe","24980","RegQueryValue","HKLM\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\ForceRefreshRate","NAME NOT FOUND","Length: 144"
 "11:26:47.2670490 AM","view-test.exe","24980","RegCloseKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\DirectDraw","SUCCESS",""
 "11:26:47.2670599 AM","view-test.exe","24980","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
 "11:26:47.2670702 AM","view-test.exe","24980","RegOpenKey","HKLM\Software\Wow6432Node\Microsoft\Direct3D","REPARSE","Desired Access: Maximum Allowed"
 "11:26:47.2670819 AM","view-test.exe","24980","RegOpenKey","HKCU\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Direct3D","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
 "11:26:47.2670904 AM","view-test.exe","24980","RegSetInfoKey","HKCU\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Direct3D","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:47.2670960 AM","view-test.exe","24980","RegQueryValue","HKCU\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Direct3D\FlipNoVsync","NAME NOT FOUND","Length: 144"
 "11:26:47.2671049 AM","view-test.exe","24980","RegCloseKey","HKLM\SOFTWARE\Wow6432Node\Microsoft\Direct3D","SUCCESS",""
 "11:26:47.2671112 AM","view-test.exe","24980","RegCloseKey","HKCU\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Direct3D","SUCCESS",""
 "11:26:47.2671265 AM","view-test.exe","24980","RegOpenKey","HKLM\Hardware\DeviceMap\VIDEO","SUCCESS","Desired Access: Read, Maximum Allowed"
 "11:26:47.2671350 AM","view-test.exe","24980","RegQueryValue","HKLM\HARDWARE\DEVICEMAP\VIDEO\MaxObjectNumber","SUCCESS","Type: REG_DWORD, Length: 4, Data: 10"
 "11:26:47.2671452 AM","view-test.exe","24980","RegCloseKey","HKLM\HARDWARE\DEVICEMAP\VIDEO","SUCCESS",""
 "11:26:47.2671604 AM","view-test.exe","24980","RegOpenKey","HKLM\Hardware\DeviceMap\Video","SUCCESS","Desired Access: Read"
 "11:26:47.2671686 AM","view-test.exe","24980","RegQueryValue","HKLM\HARDWARE\DEVICEMAP\VIDEO\\Device\Video4","SUCCESS","Type: REG_SZ, Length: 202, Data: \Registry\Machine\System\CurrentControlSet\Control\Video\{BA86A327-71E2-426F-9F8A-30608887E2D4}\0000"
 "11:26:47.2671841 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\CONTROL\VIDEO\{BA86A327-71E2-426F-9F8A-30608887E2D4}\0000","REPARSE","Desired Access: Read"
 "11:26:47.2671955 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\CONTROL\VIDEO\{BA86A327-71E2-426F-9F8A-30608887E2D4}\0000","SUCCESS","Desired Access: Read"
 "11:26:47.2672061 AM","view-test.exe","24980","RegCloseKey","HKLM\HARDWARE\DEVICEMAP\VIDEO","SUCCESS",""
 "11:26:47.2672132 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Control\CLASS\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000\PruningMode","NAME NOT FOUND","Length: 52"
 "11:26:47.2672270 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Control\CLASS\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000","SUCCESS",""
 "11:26:47.2672369 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Enum\PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028&REV_06\3&11583659&0&10","SUCCESS","Desired Access: Read"
 "11:26:47.2672447 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Enum\PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028&REV_06\3&11583659&0&10\HardwareID","SUCCESS","Type: REG_MULTI_SZ, Length: 292, Data: PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028&REV_06, PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028, PCI\VEN_8086&DEV_0416&CC_030000, PCI\VEN_8086&DEV_0416&CC_0300"
 "11:26:47.2672546 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Enum\PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028&REV_06\3&11583659&0&10","SUCCESS",""
 "11:26:47.2672624 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Enum\PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028&REV_06\3&11583659&0&10","SUCCESS","Desired Access: Read"
 "11:26:47.2672694 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Enum\PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028&REV_06\3&11583659&0&10\HardwareID","SUCCESS","Type: REG_MULTI_SZ, Length: 292, Data: PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028&REV_06, PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028, PCI\VEN_8086&DEV_0416&CC_030000, PCI\VEN_8086&DEV_0416&CC_0300"
 "11:26:47.2672786 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Enum\PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028&REV_06\3&11583659&0&10","SUCCESS",""
 "11:26:47.2672868 AM","view-test.exe","24980","RegOpenKey","HKLM\Hardware\DeviceMap\Video","SUCCESS","Desired Access: Read"
 "11:26:47.2672942 AM","view-test.exe","24980","RegQueryValue","HKLM\HARDWARE\DEVICEMAP\VIDEO\\Device\Video4","SUCCESS","Type: REG_SZ, Length: 202, Data: \Registry\Machine\System\CurrentControlSet\Control\Video\{BA86A327-71E2-426F-9F8A-30608887E2D4}\0000"
 "11:26:47.2673034 AM","view-test.exe","24980","RegCloseKey","HKLM\HARDWARE\DEVICEMAP\VIDEO","SUCCESS",""
 "11:26:47.2673215 AM","view-test.exe","24980","RegOpenKey","HKLM\Hardware\DeviceMap\VIDEO","SUCCESS","Desired Access: Read, Maximum Allowed"
 "11:26:47.2673289 AM","view-test.exe","24980","RegQueryValue","HKLM\HARDWARE\DEVICEMAP\VIDEO\MaxObjectNumber","SUCCESS","Type: REG_DWORD, Length: 4, Data: 10"
 "11:26:47.2673384 AM","view-test.exe","24980","RegCloseKey","HKLM\HARDWARE\DEVICEMAP\VIDEO","SUCCESS",""
 "11:26:47.2673466 AM","view-test.exe","24980","RegOpenKey","HKLM\Hardware\DeviceMap\Video","SUCCESS","Desired Access: Read"
 "11:26:47.2673537 AM","view-test.exe","24980","RegQueryValue","HKLM\HARDWARE\DEVICEMAP\VIDEO\\Device\Video4","SUCCESS","Type: REG_SZ, Length: 202, Data: \Registry\Machine\System\CurrentControlSet\Control\Video\{BA86A327-71E2-426F-9F8A-30608887E2D4}\0000"
 "11:26:47.2673664 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\CONTROL\VIDEO\{BA86A327-71E2-426F-9F8A-30608887E2D4}\0000","REPARSE","Desired Access: Read"
 "11:26:47.2673749 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\CONTROL\VIDEO\{BA86A327-71E2-426F-9F8A-30608887E2D4}\0000","SUCCESS","Desired Access: Read"
 "11:26:47.2673837 AM","view-test.exe","24980","RegCloseKey","HKLM\HARDWARE\DEVICEMAP\VIDEO","SUCCESS",""
 "11:26:47.2673898 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Control\CLASS\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000\PruningMode","NAME NOT FOUND","Length: 52"
 "11:26:47.2674011 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Control\CLASS\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000","SUCCESS",""
 "11:26:47.2674089 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Enum\PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028&REV_06\3&11583659&0&10","SUCCESS","Desired Access: Read"
 "11:26:47.2674170 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Enum\PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028&REV_06\3&11583659&0&10\HardwareID","SUCCESS","Type: REG_MULTI_SZ, Length: 292, Data: PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028&REV_06, PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028, PCI\VEN_8086&DEV_0416&CC_030000, PCI\VEN_8086&DEV_0416&CC_0300"
 "11:26:47.2674290 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Enum\PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028&REV_06\3&11583659&0&10","SUCCESS",""
 "11:26:47.2674382 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Enum\PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028&REV_06\3&11583659&0&10","SUCCESS","Desired Access: Read"
 "11:26:47.2674457 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Enum\PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028&REV_06\3&11583659&0&10\HardwareID","SUCCESS","Type: REG_MULTI_SZ, Length: 292, Data: PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028&REV_06, PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028, PCI\VEN_8086&DEV_0416&CC_030000, PCI\VEN_8086&DEV_0416&CC_0300"
 "11:26:47.2674545 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Enum\PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028&REV_06\3&11583659&0&10","SUCCESS",""
 "11:26:47.2674623 AM","view-test.exe","24980","RegOpenKey","HKLM\Hardware\DeviceMap\Video","SUCCESS","Desired Access: Read"
 "11:26:47.2674694 AM","view-test.exe","24980","RegQueryValue","HKLM\HARDWARE\DEVICEMAP\VIDEO\\Device\Video4","SUCCESS","Type: REG_SZ, Length: 202, Data: \Registry\Machine\System\CurrentControlSet\Control\Video\{BA86A327-71E2-426F-9F8A-30608887E2D4}\0000"
 "11:26:47.2674786 AM","view-test.exe","24980","RegCloseKey","HKLM\HARDWARE\DEVICEMAP\VIDEO","SUCCESS",""
 "11:26:47.2675303 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Enum\ACPI\PNP0A08\0","SUCCESS","Desired Access: Read"
 "11:26:47.2675434 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Enum\ACPI\PNP0A08\0\UINumber","NAME NOT FOUND","Length: 360"
 "11:26:47.2675575 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Enum\ACPI\PNP0A08\0","SUCCESS",""
 "11:26:47.2676010 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Enum\ACPI\PNP0A08\0","SUCCESS","Desired Access: Read"
 "11:26:47.2676120 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Enum\ACPI\PNP0A08\0\UINumber","NAME NOT FOUND","Length: 360"
 "11:26:47.2676226 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Enum\ACPI\PNP0A08\0","SUCCESS",""
 "11:26:47.2676591 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Enum\ACPI\PNP0A08\0","SUCCESS","Desired Access: Read"
 "11:26:47.2676690 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Enum\ACPI\PNP0A08\0\UINumber","NAME NOT FOUND","Length: 360"
 "11:26:47.2676793 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Enum\ACPI\PNP0A08\0","SUCCESS",""
 "11:26:47.2677171 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Control\GraphicsDrivers\Scheduler","REPARSE","Desired Access: Read, Maximum Allowed"
 "11:26:47.2677295 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Control\GraphicsDrivers\Scheduler","SUCCESS","Desired Access: Read, Maximum Allowed"
 "11:26:47.2677405 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Control\GraphicsDrivers\Scheduler\FlipOverrideMode","NAME NOT FOUND","Length: 134"
 "11:26:47.2677497 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Control\GraphicsDrivers\Scheduler","SUCCESS",""
 "11:26:47.2677854 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Enum\ACPI\PNP0A08\0","SUCCESS","Desired Access: Read"
 "11:26:47.2677957 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Enum\ACPI\PNP0A08\0\UINumber","NAME NOT FOUND","Length: 360"
 "11:26:47.2678059 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Enum\ACPI\PNP0A08\0","SUCCESS",""
 "11:26:47.2678428 AM","view-test.exe","24980","RegOpenKey","HKLM\Hardware\DeviceMap\VIDEO","SUCCESS","Desired Access: Read, Maximum Allowed"
 "11:26:47.2678512 AM","view-test.exe","24980","RegQueryValue","HKLM\HARDWARE\DEVICEMAP\VIDEO\MaxObjectNumber","SUCCESS","Type: REG_DWORD, Length: 4, Data: 10"
 "11:26:47.2678612 AM","view-test.exe","24980","RegCloseKey","HKLM\HARDWARE\DEVICEMAP\VIDEO","SUCCESS",""
 "11:26:47.2678707 AM","view-test.exe","24980","RegOpenKey","HKLM\Hardware\DeviceMap\Video","SUCCESS","Desired Access: Read"
 "11:26:47.2678785 AM","view-test.exe","24980","RegQueryValue","HKLM\HARDWARE\DEVICEMAP\VIDEO\\Device\Video4","SUCCESS","Type: REG_SZ, Length: 202, Data: \Registry\Machine\System\CurrentControlSet\Control\Video\{BA86A327-71E2-426F-9F8A-30608887E2D4}\0000"
 "11:26:47.2678919 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\CONTROL\VIDEO\{BA86A327-71E2-426F-9F8A-30608887E2D4}\0000","REPARSE","Desired Access: Read"
 "11:26:47.2679008 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\CONTROL\VIDEO\{BA86A327-71E2-426F-9F8A-30608887E2D4}\0000","SUCCESS","Desired Access: Read"
 "11:26:47.2679100 AM","view-test.exe","24980","RegCloseKey","HKLM\HARDWARE\DEVICEMAP\VIDEO","SUCCESS",""
 "11:26:47.2679164 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Control\CLASS\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000\PruningMode","NAME NOT FOUND","Length: 52"
 "11:26:47.2679277 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Control\CLASS\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000","SUCCESS",""
 "11:26:47.2679355 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Enum\PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028&REV_06\3&11583659&0&10","SUCCESS","Desired Access: Read"
 "11:26:47.2679429 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Enum\PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028&REV_06\3&11583659&0&10\HardwareID","SUCCESS","Type: REG_MULTI_SZ, Length: 292, Data: PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028&REV_06, PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028, PCI\VEN_8086&DEV_0416&CC_030000, PCI\VEN_8086&DEV_0416&CC_0300"
 "11:26:47.2679525 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Enum\PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028&REV_06\3&11583659&0&10","SUCCESS",""
 "11:26:47.2679624 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Enum\PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028&REV_06\3&11583659&0&10","SUCCESS","Desired Access: Read"
 "11:26:47.2679702 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Enum\PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028&REV_06\3&11583659&0&10\HardwareID","SUCCESS","Type: REG_MULTI_SZ, Length: 292, Data: PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028&REV_06, PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028, PCI\VEN_8086&DEV_0416&CC_030000, PCI\VEN_8086&DEV_0416&CC_0300"
 "11:26:47.2679829 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Enum\PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028&REV_06\3&11583659&0&10","SUCCESS",""
 "11:26:47.2679921 AM","view-test.exe","24980","RegOpenKey","HKLM\Hardware\DeviceMap\Video","SUCCESS","Desired Access: Read"
 "11:26:47.2680002 AM","view-test.exe","24980","RegQueryValue","HKLM\HARDWARE\DEVICEMAP\VIDEO\\Device\Video4","SUCCESS","Type: REG_SZ, Length: 202, Data: \Registry\Machine\System\CurrentControlSet\Control\Video\{BA86A327-71E2-426F-9F8A-30608887E2D4}\0000"
 "11:26:47.2680098 AM","view-test.exe","24980","RegCloseKey","HKLM\HARDWARE\DEVICEMAP\VIDEO","SUCCESS",""
 "11:26:47.2680268 AM","view-test.exe","24980","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
 "11:26:47.2680402 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Control\Video\{BA86A327-71E2-426F-9F8A-30608887E2D4}\0000","REPARSE","Desired Access: Query Value"
 "11:26:47.2680491 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Control\Video\{BA86A327-71E2-426F-9F8A-30608887E2D4}\0000","SUCCESS","Desired Access: Query Value"
 "11:26:47.2680576 AM","view-test.exe","24980","RegSetInfoKey","HKLM\System\CurrentControlSet\Control\CLASS\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:47.2680661 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Control\CLASS\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000\UserModeDriverNameWowNOSHIM","NAME NOT FOUND","Length: 144"
 "11:26:47.2680767 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Control\CLASS\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000\UserModeDriverNameWow","SUCCESS","Type: REG_MULTI_SZ, Length: 96, Data: igdumdim32.dll, igd10iumd32.dll, igd10iumd32.dll"
 "11:26:47.2680841 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Control\CLASS\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000\UserModeDriverNameWow","SUCCESS","Type: REG_MULTI_SZ, Length: 96, Data: igdumdim32.dll, igd10iumd32.dll, igd10iumd32.dll"
 "11:26:47.2680930 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Control\CLASS\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000","SUCCESS",""
 "11:26:47.2681011 AM","view-test.exe","24980","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
 "11:26:47.2681107 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Control\Video\{BA86A327-71E2-426F-9F8A-30608887E2D4}\0000","REPARSE","Desired Access: Query Value"
 "11:26:47.2681184 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Control\Video\{BA86A327-71E2-426F-9F8A-30608887E2D4}\0000","SUCCESS","Desired Access: Query Value"
 "11:26:47.2681255 AM","view-test.exe","24980","RegSetInfoKey","HKLM\System\CurrentControlSet\Control\CLASS\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
 "11:26:47.2681312 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Control\CLASS\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000\rmGpuId","NAME NOT FOUND","Length: 144"
 "11:26:47.2681418 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Control\CLASS\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000","SUCCESS",""
 "11:26:47.2681514 AM","view-test.exe","24980","RegOpenKey","HKLM\Hardware\DeviceMap\VIDEO","SUCCESS","Desired Access: Read, Maximum Allowed"
 "11:26:47.2681591 AM","view-test.exe","24980","RegQueryValue","HKLM\HARDWARE\DEVICEMAP\VIDEO\MaxObjectNumber","SUCCESS","Type: REG_DWORD, Length: 4, Data: 10"
 "11:26:47.2681687 AM","view-test.exe","24980","RegCloseKey","HKLM\HARDWARE\DEVICEMAP\VIDEO","SUCCESS",""
 "11:26:47.2681775 AM","view-test.exe","24980","RegOpenKey","HKLM\Hardware\DeviceMap\Video","SUCCESS","Desired Access: Read"
 "11:26:47.2681850 AM","view-test.exe","24980","RegQueryValue","HKLM\HARDWARE\DEVICEMAP\VIDEO\\Device\Video4","SUCCESS","Type: REG_SZ, Length: 202, Data: \Registry\Machine\System\CurrentControlSet\Control\Video\{BA86A327-71E2-426F-9F8A-30608887E2D4}\0000"
 "11:26:47.2681967 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\CONTROL\VIDEO\{BA86A327-71E2-426F-9F8A-30608887E2D4}\0000","REPARSE","Desired Access: Read"
 "11:26:47.2682048 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\CONTROL\VIDEO\{BA86A327-71E2-426F-9F8A-30608887E2D4}\0000","SUCCESS","Desired Access: Read"
 "11:26:47.2682136 AM","view-test.exe","24980","RegCloseKey","HKLM\HARDWARE\DEVICEMAP\VIDEO","SUCCESS",""
 "11:26:47.2682197 AM","view-test.exe","24980","RegQueryValue","HKLM\System\CurrentControlSet\Control\CLASS\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000\PruningMode","NAME NOT FOUND","Length: 52"
 "11:26:47.2682310 AM","view-test.exe","24980","RegCloseKey","HKLM\System\CurrentControlSet\Control\CLASS\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000","SUCCESS",""
 "11:26:47.2682391 AM","view-test.exe","24980","RegOpenKey","HKLM\System\CurrentControlSet\Enum\PCI\VEN_8086&DEV_0416&SUBSYS_05CC1028&REV_