"Time of Day","Process Name","PID","Operation","Path","Result","Detail"
"12:56:04.0262054","nwtoolset.exe","17432","Process Start","","SUCCESS","Parent PID: 14052, Command line: ""C:\Program Files (x86)\Steam\steamapps\common\Neverwinter Nights\bin\win32\nwtoolset.exe"", Current directory: C:\Program Files (x86)\Steam\steamapps\common\Neverwinter Nights\bin\win32\, Environment: 
;	=::=::\
;	=C:=C:\Program Files (x86)\Steam
;	ALLUSERSPROFILE=C:\ProgramData
;	APPDATA=C:\Users\giaco\AppData\Roaming
;	CommonProgramFiles=C:\Program Files (x86)\Common Files
;	CommonProgramFiles(x86)=C:\Program Files (x86)\Common Files
;	CommonProgramW6432=C:\Program Files\Common Files
;	COMMON_MYDOCS=C:\Users\Public\Documents
;	COMPUTERNAME=DESKTOP-AL8ASDB
;	ComSpec=C:\WINDOWS\system32\cmd.exe
;	FPS_BROWSER_APP_PROFILE_STRING=Internet Explorer
;	FPS_BROWSER_USER_PROFILE_STRING=Default
;	GIT_SSH=C:\Program Files\PuTTY\plink.exe
;	GOROOT=C:\Go\
;	HOMEDRIVE=C:
;	HOMEPATH=\Users\giaco
;	INSTALLDIR=C:\Program Files (x86)\Steam\steamapps\common\Neverwinter Nights
;	JD2_HOME=C:\Users\giaco\AppData\Local\JDownloader v2.0
;	LOCALAPPDATA=C:\Users\giaco\AppData\Local
;	LOCAL_APPDATA=C:\Users\giaco\AppData\Local
;	LOGONSERVER=\\DESKTOP-AL8ASDB
;	MOZ_PLUGIN_PATH=C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\
;	NUMBER_OF_PROCESSORS=8
;	OneDrive=C:\Users\giaco\OneDrive
;	OS=Windows_NT
;	Path=C:\Program Files (x86)\Steam;C:\Program Files (x86)\Windows Resource Kits\Tools\;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\ProgramData\ComposerSetup\bin;C:\Program Files (x86)\Skype\Phone\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Users\giaco\AppData\Local\nylas\bin;C:\Users\giaco\AppData\Roaming\Composer\vendor\bin;C:\Users\giaco\AppData\Local\atom\bin;C:\Program Files\Docker Toolbox;C:\Users\giaco\AppData\Local\Microsoft\WindowsApps;C:\adb;D:\web\PHP\7.1.0;C:\Program Files\Git\cmd;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Go\bin;C:\Program Files\PuTTY\;C:\Users\giaco\AppData\Roaming\Composer\vendor\bin;C:\Users\giaco\AppData\Local\atom\bin;C:\Users\giaco\AppData\Local\Microsoft\WindowsApps;C:\ninja;
;	PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
;	PHPBIN=D:\web\PHP\7.1.0 RC6\php.exe
;	PROCESSOR_ARCHITECTURE=x86
;	PROCESSOR_ARCHITEW6432=AMD64
;	PROCESSOR_IDENTIFIER=Intel64 Family 6 Model 42 Stepping 7, GenuineIntel
;	PROCESSOR_LEVEL=6
;	PROCESSOR_REVISION=2a07
;	ProgramData=C:\ProgramData
;	ProgramFiles=C:\Program Files (x86)
;	ProgramFiles(x86)=C:\Program Files (x86)
;	ProgramW6432=C:\Program Files
;	PSModulePath=C:\Program Files\WindowsPowerShell\Modules;C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules
;	PUBLIC=C:\Users\Public
;	ROOTDRIVE=C
;	SESSIONNAME=Console
;	STEAMID=76561197991063168
;	SteamPath=C:\Program Files (x86)\Steam
;	SteamUser=elegos87
;	STEAMVIDEOTOKEN=14052;32f5h290g53047gv5034nbvt923b;
;	SystemDrive=C:
;	SystemRoot=C:\WINDOWS
;	TEMP=C:\Users\giaco\AppData\Local\Temp
;	TMP=C:\Users\giaco\AppData\Local\Temp
;	USERDOMAIN=DESKTOP-AL8ASDB
;	USERDOMAIN_ROAMINGPROFILE=DESKTOP-AL8ASDB
;	USERNAME=giaco
;	USERPROFILE=C:\Users\giaco
;	USER_MYDOCS=C:\Users\giaco\Documents
;	ValvePlatformMutex=c:/program files (x86)/steam/steam.exe
;	VBOX_MSI_INSTALL_PATH=C:\Program Files\Oracle\VirtualBox\
;	windir=C:\WINDOWS
;	SteamGameId=704450
;	SteamAppId=704450
;	SteamAppUser=elegos87
;	SteamControllerAppId=704450
;	ENABLE_VK_LAYER_VALVE_steam_overlay_1=1
;	EnableConfiguratorSupport=0
;	SDL_GAMECONTROLLER_ALLOW_STEAM_VIRTUAL_GAMEPAD=1
;	SteamStreamingHardwareEncodingNVIDIA=1
;	SteamStreamingHardwareEncodingAMD=1
;	SteamStreamingHardwareEncodingIntel=1
;	MESA_GLSL_CACHE_DIR=C:\Program Files (x86)\Steam\steamapps\shadercache\704450
;	__GL_SHADER_DISK_CACHE_PATH=C:\Program Files (x86)\Steam\steamapps\shadercache\704450\nvidiav1
;	__GL_SHADER_DISK_CACHE_APP_NAME=steamapp_shader_cache
;	__GL_SHADER_DISK_CACHE_READ_ONLY_APP_NAME=steam_shader_cache
;	__GL_SHADER_DISK_CACHE_SKIP_CLEANUP=1"
"12:56:04.0262105","nwtoolset.exe","17432","Thread Create","","SUCCESS","Thread ID: 11216"
"12:56:04.0300507","nwtoolset.exe","17432","Load Image","C:\Program Files (x86)\Steam\steamapps\common\Neverwinter Nights\bin\win32\nwtoolset.exe","SUCCESS","Image Base: 0x400000, Image Size: 0x85c000"
"12:56:04.0301077","nwtoolset.exe","17432","Load Image","C:\Windows\System32\ntdll.dll","SUCCESS","Image Base: 0x7ffe088e0000, Image Size: 0x1e0000"
"12:56:04.0301685","nwtoolset.exe","17432","Load Image","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Image Base: 0x775d0000, Image Size: 0x18d000"
"12:56:04.0303510","nwtoolset.exe","17432","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Segment Heap","REPARSE","Desired Access: Query Value"
"12:56:04.0303664","nwtoolset.exe","17432","RegOpenKey","HKLM\System\CurrentControlSet\Control\Session Manager\Segment Heap","NAME NOT FOUND","Desired Access: Query Value"
"12:56:04.0304263","nwtoolset.exe","17432","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Control\Session Manager","REPARSE","Desired Access: Query Value, Enumerate Sub Keys"
"12:56:04.0304353","nwtoolset.exe","17432","RegOpenKey","HKLM\System\CurrentControlSet\Control\Session Manager","SUCCESS","Desired Access: Query Value, Enumerate Sub Keys"
"12:56:04.0304492","nwtoolset.exe","17432","RegQueryValue","HKLM\System\CurrentControlSet\Control\Session Manager\ResourcePolicies","NAME NOT FOUND","Length: 24"
"12:56:04.0304603","nwtoolset.exe","17432","RegCloseKey","HKLM\System\CurrentControlSet\Control\Session Manager","SUCCESS",""
"12:56:04.0308913","nwtoolset.exe","17432","CreateFile","C:\Windows","SUCCESS","Desired Access: Execute/Traverse, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.0316120","nwtoolset.exe","17432","Load Image","C:\Windows\System32\wow64.dll","SUCCESS","Image Base: 0x67640000, Image Size: 0x51000"
"12:56:04.0317409","nwtoolset.exe","17432","Load Image","C:\Windows\System32\wow64win.dll","SUCCESS","Image Base: 0x676b0000, Image Size: 0x76000"
"12:56:04.0321599","nwtoolset.exe","17432","CreateFile","C:\Windows\System32\wow64log.dll","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:56:04.0322924","nwtoolset.exe","17432","Load Image","C:\Windows\System32\kernel32.dll","SUCCESS","Image Base: 0xe0000, Image Size: 0xae000"
"12:56:04.0324047","nwtoolset.exe","17432","Load Image","C:\Windows\SysWOW64\kernel32.dll","SUCCESS","Image Base: 0x74c90000, Image Size: 0xd0000"
"12:56:04.0325041","nwtoolset.exe","17432","Load Image","C:\Windows\System32\user32.dll","SUCCESS","Image Base: 0x2e70000, Image Size: 0x18f000"
"12:56:04.0326333","nwtoolset.exe","17432","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.0326797","nwtoolset.exe","17432","QueryNameInformationFile","C:\Windows","SUCCESS","Name: \Windows"
"12:56:04.0326942","nwtoolset.exe","17432","CloseFile","C:\Windows","SUCCESS",""
"12:56:04.0327399","nwtoolset.exe","17432","RegOpenKey","HKLM\Software\Microsoft\Wow64\x86","SUCCESS","Desired Access: Read"
"12:56:04.0327890","nwtoolset.exe","17432","RegQueryValue","HKLM\SOFTWARE\Microsoft\Wow64\x86\nwtoolset.exe","NAME NOT FOUND","Length: 520"
"12:56:04.0328005","nwtoolset.exe","17432","RegQueryValue","HKLM\SOFTWARE\Microsoft\Wow64\x86\(Default)","SUCCESS","Type: REG_SZ, Length: 26, Data: wow64cpu.dll"
"12:56:04.0328125","nwtoolset.exe","17432","RegCloseKey","HKLM\SOFTWARE\Microsoft\Wow64\x86","SUCCESS",""
"12:56:04.0329005","nwtoolset.exe","17432","Load Image","C:\Windows\System32\wow64cpu.dll","SUCCESS","Image Base: 0x676a0000, Image Size: 0xa000"
"12:56:04.0331775","nwtoolset.exe","17432","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Segment Heap","REPARSE","Desired Access: Query Value"
"12:56:04.0331908","nwtoolset.exe","17432","RegOpenKey","HKLM\System\CurrentControlSet\Control\Session Manager\Segment Heap","NAME NOT FOUND","Desired Access: Query Value"
"12:56:04.0332471","nwtoolset.exe","17432","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Control\Session Manager","REPARSE","Desired Access: Query Value, Enumerate Sub Keys"
"12:56:04.0332558","nwtoolset.exe","17432","RegOpenKey","HKLM\System\CurrentControlSet\Control\Session Manager","SUCCESS","Desired Access: Query Value, Enumerate Sub Keys"
"12:56:04.0332691","nwtoolset.exe","17432","RegSetInfoKey","HKLM\System\CurrentControlSet\Control\Session Manager","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:56:04.0332769","nwtoolset.exe","17432","RegQueryValue","HKLM\System\CurrentControlSet\Control\Session Manager\ResourcePolicies","NAME NOT FOUND","Length: 24"
"12:56:04.0332872","nwtoolset.exe","17432","RegCloseKey","HKLM\System\CurrentControlSet\Control\Session Manager","SUCCESS",""
"12:56:04.0337606","nwtoolset.exe","17432","CreateFile","C:\Program Files (x86)\Steam\steamapps\common\Neverwinter Nights\bin\win32","SUCCESS","Desired Access: Execute/Traverse, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.0339100","nwtoolset.exe","17432","Load Image","C:\Windows\SysWOW64\kernel32.dll","SUCCESS","Image Base: 0x74c90000, Image Size: 0xd0000"
"12:56:04.0340772","nwtoolset.exe","17432","Load Image","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","Image Base: 0x75320000, Image Size: 0x1d7000"
"12:56:04.0346452","nwtoolset.exe","17432","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\3c74afb9-8d82-44e3-b52c-365dbf48382a","NAME NOT FOUND","Length: 524"
"12:56:04.0346873","nwtoolset.exe","17432","QueryNameInformationFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","Name: \Windows\SysWOW64\KernelBase.dll"
"12:56:04.0347271","nwtoolset.exe","17432","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\05f95efe-7f75-49c7-a994-60a55cc09571","NAME NOT FOUND","Length: 524"
"12:56:04.0347515","nwtoolset.exe","17432","QueryNameInformationFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","Name: \Windows\SysWOW64\KernelBase.dll"
"12:56:04.0347976","nwtoolset.exe","17432","RegOpenKey","HKLM\System\CurrentControlSet\Control\Terminal Server","REPARSE","Desired Access: Read"
"12:56:04.0348084","nwtoolset.exe","17432","RegOpenKey","HKLM\System\CurrentControlSet\Control\Terminal Server","SUCCESS","Desired Access: Read"
"12:56:04.0348214","nwtoolset.exe","17432","RegSetInfoKey","HKLM\System\CurrentControlSet\Control\Terminal Server","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:56:04.0348292","nwtoolset.exe","17432","RegQueryValue","HKLM\System\CurrentControlSet\Control\Terminal Server\TSAppCompat","NAME NOT FOUND","Length: 548"
"12:56:04.0348376","nwtoolset.exe","17432","RegQueryValue","HKLM\System\CurrentControlSet\Control\Terminal Server\TSUserEnabled","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:56:04.0348473","nwtoolset.exe","17432","RegCloseKey","HKLM\System\CurrentControlSet\Control\Terminal Server","SUCCESS",""
"12:56:04.0350704","nwtoolset.exe","17432","CreateFile","C:\Program Files\Bitdefender\Bitdefender 2017\atcuf\263284823411408631\atcuf32.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.0351207","nwtoolset.exe","17432","QueryBasicInformationFile","C:\Program Files\Bitdefender\Bitdefender 2017\atcuf\263284823411408631\atcuf32.dll","SUCCESS","CreationTime: 02/04/2018 12:06:35, LastAccessTime: 02/04/2018 12:54:12, LastWriteTime: 27/02/2018 23:39:28, ChangeTime: 28/02/2018 22:13:04, FileAttributes: A"
"12:56:04.0351313","nwtoolset.exe","17432","CloseFile","C:\Program Files\Bitdefender\Bitdefender 2017\atcuf\263284823411408631\atcuf32.dll","SUCCESS",""
"12:56:04.0352544","nwtoolset.exe","17432","CreateFile","C:\Program Files\Bitdefender\Bitdefender 2017\atcuf\263284823411408631\atcuf32.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.0352993","nwtoolset.exe","17432","CreateFileMapping","C:\Program Files\Bitdefender\Bitdefender 2017\atcuf\263284823411408631\atcuf32.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READ|PAGE_NOCACHE"
"12:56:04.0353367","nwtoolset.exe","17432","CreateFileMapping","C:\Program Files\Bitdefender\Bitdefender 2017\atcuf\263284823411408631\atcuf32.dll","SUCCESS","SyncType: SyncTypeOther"
"12:56:04.0354029","nwtoolset.exe","17432","Load Image","C:\Program Files\Bitdefender\Bitdefender 2017\atcuf\263284823411408631\atcuf32.dll","SUCCESS","Image Base: 0x6b730000, Image Size: 0x95000"
"12:56:04.0355388","nwtoolset.exe","17432","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Control\Nls\CustomLocale","REPARSE","Desired Access: Query Value"
"12:56:04.0355496","nwtoolset.exe","17432","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","Desired Access: Query Value"
"12:56:04.0355740","nwtoolset.exe","17432","RegSetInfoKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:56:04.0355836","nwtoolset.exe","17432","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale\EMPTY","NAME NOT FOUND","Length: 120"
"12:56:04.0356011","nwtoolset.exe","17432","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale\EMPTY","NAME NOT FOUND","Length: 120"
"12:56:04.0356571","nwtoolset.exe","17432","RegOpenKey","HKLM\System\CurrentControlSet\Control\NLS\Language","REPARSE","Desired Access: Read"
"12:56:04.0356671","nwtoolset.exe","17432","RegOpenKey","HKLM\System\CurrentControlSet\Control\NLS\Language","SUCCESS","Desired Access: Read"
"12:56:04.0356827","nwtoolset.exe","17432","RegSetInfoKey","HKLM\System\CurrentControlSet\Control\Nls\Language","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:56:04.0356908","nwtoolset.exe","17432","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\Language\InstallLanguageFallback","BUFFER OVERFLOW","Length: 16"
"12:56:04.0357068","nwtoolset.exe","17432","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\Language","SUCCESS",""
"12:56:04.0357198","nwtoolset.exe","17432","RegOpenKey","HKLM\System\CurrentControlSet\Control\MUI\UILanguages","REPARSE","Desired Access: Read"
"12:56:04.0357282","nwtoolset.exe","17432","RegOpenKey","HKLM\System\CurrentControlSet\Control\MUI\UILanguages","SUCCESS","Desired Access: Read"
"12:56:04.0357414","nwtoolset.exe","17432","RegSetInfoKey","HKLM\System\CurrentControlSet\Control\MUI\UILanguages","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:56:04.0357490","nwtoolset.exe","17432","RegEnumKey","HKLM\System\CurrentControlSet\Control\MUI\UILanguages","SUCCESS","Index: 0, Name: it-IT"
"12:56:04.0357613","nwtoolset.exe","17432","RegQueryKey","HKLM\System\CurrentControlSet\Control\MUI\UILanguages","SUCCESS","Query: HandleTags, HandleTags: 0x400"
"12:56:04.0357698","nwtoolset.exe","17432","RegOpenKey","HKLM\System\CurrentControlSet\Control\MUI\UILanguages\it-IT","SUCCESS","Desired Access: Read"
"12:56:04.0357860","nwtoolset.exe","17432","RegQueryValue","HKLM\System\CurrentControlSet\Control\MUI\UILanguages\it-IT\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: 146"
"12:56:04.0358068","nwtoolset.exe","17432","RegQueryValue","HKLM\System\CurrentControlSet\Control\MUI\UILanguages\it-IT\DefaultFallback","SUCCESS","Type: REG_SZ, Length: 12, Data: en-US"
"12:56:04.0358149","nwtoolset.exe","17432","RegQueryValue","HKLM\System\CurrentControlSet\Control\MUI\UILanguages\it-IT\en-US","SUCCESS","Type: REG_MULTI_SZ, Length: 4, Data: "
"12:56:04.0358267","nwtoolset.exe","17432","RegEnumValue","HKLM\System\CurrentControlSet\Control\MUI\UILanguages\it-IT","SUCCESS","Index: 0, Name: DefaultFallback, Type: REG_SZ, Length: 12, Data: en-US"
"12:56:04.0358339","nwtoolset.exe","17432","RegEnumValue","HKLM\System\CurrentControlSet\Control\MUI\UILanguages\it-IT","SUCCESS","Index: 1, Name: en-US, Type: REG_MULTI_SZ, Length: 4, Data: "
"12:56:04.0358411","nwtoolset.exe","17432","RegEnumValue","HKLM\System\CurrentControlSet\Control\MUI\UILanguages\it-IT","SUCCESS","Index: 2, Name: LCID, Type: REG_DWORD, Length: 4, Data: 1040"
"12:56:04.0358478","nwtoolset.exe","17432","RegEnumValue","HKLM\System\CurrentControlSet\Control\MUI\UILanguages\it-IT","SUCCESS","Index: 3, Name: Type, Type: REG_DWORD, Length: 4, Data: 146"
"12:56:04.0358544","nwtoolset.exe","17432","RegEnumValue","HKLM\System\CurrentControlSet\Control\MUI\UILanguages\it-IT","NO MORE ENTRIES","Index: 4, Length: 512"
"12:56:04.0358622","nwtoolset.exe","17432","RegQueryValue","HKLM\System\CurrentControlSet\Control\MUI\UILanguages\it-IT\AlternateCodePage","NAME NOT FOUND","Length: 12"
"12:56:04.0358709","nwtoolset.exe","17432","RegCloseKey","HKLM\System\CurrentControlSet\Control\MUI\UILanguages\it-IT","SUCCESS",""
"12:56:04.0358785","nwtoolset.exe","17432","RegEnumKey","HKLM\System\CurrentControlSet\Control\MUI\UILanguages","NO MORE ENTRIES","Index: 1, Length: 512"
"12:56:04.0358887","nwtoolset.exe","17432","RegCloseKey","HKLM\System\CurrentControlSet\Control\MUI\UILanguages","SUCCESS",""
"12:56:04.0359017","nwtoolset.exe","17432","RegOpenKey","HKLM\System\CurrentControlSet\Control\MUI\UILanguages\PendingDelete","REPARSE","Desired Access: Read"
"12:56:04.0359110","nwtoolset.exe","17432","RegOpenKey","HKLM\System\CurrentControlSet\Control\MUI\UILanguages\PendingDelete","NAME NOT FOUND","Desired Access: Read"
"12:56:04.0359339","nwtoolset.exe","17432","RegOpenKey","HKLM\Software\WOW6432Node\Policies\Microsoft\MUI\Settings","REPARSE","Desired Access: Read"
"12:56:04.0359589","nwtoolset.exe","17432","RegOpenKey","HKLM\SOFTWARE\Policies\Microsoft\MUI\Settings","NAME NOT FOUND","Desired Access: Read"
"12:56:04.0359890","nwtoolset.exe","17432","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:56:04.0360110","nwtoolset.exe","17432","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:56:04.0360185","nwtoolset.exe","17432","RegQueryKey","HKCU","SUCCESS","Query: Name"
"12:56:04.0360294","nwtoolset.exe","17432","RegOpenKey","HKCU\Control Panel\Desktop\MuiCached\MachineLanguageConfiguration","NAME NOT FOUND","Desired Access: Read"
"12:56:04.0360462","nwtoolset.exe","17432","RegOpenKey","HKLM\System\CurrentControlSet\Control\MUI\Settings\LanguageConfiguration","REPARSE","Desired Access: Read"
"12:56:04.0360544","nwtoolset.exe","17432","RegOpenKey","HKLM\System\CurrentControlSet\Control\MUI\Settings\LanguageConfiguration","SUCCESS","Desired Access: Read"
"12:56:04.0360715","nwtoolset.exe","17432","RegSetInfoKey","HKLM\System\CurrentControlSet\Control\MUI\Settings\LanguageConfiguration","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:56:04.0360797","nwtoolset.exe","17432","RegEnumValue","HKLM\System\CurrentControlSet\Control\MUI\Settings\LanguageConfiguration","NO MORE ENTRIES","Index: 0, Length: 512"
"12:56:04.0360887","nwtoolset.exe","17432","RegCloseKey","HKLM\System\CurrentControlSet\Control\MUI\Settings\LanguageConfiguration","SUCCESS",""
"12:56:04.0360965","nwtoolset.exe","17432","RegCloseKey","HKCU","SUCCESS",""
"12:56:04.0361089","nwtoolset.exe","17432","RegOpenKey","HKLM\Software\WOW6432Node\Policies\Microsoft\MUI\Settings","REPARSE","Desired Access: Read"
"12:56:04.0361245","nwtoolset.exe","17432","RegOpenKey","HKLM\SOFTWARE\Policies\Microsoft\MUI\Settings","NAME NOT FOUND","Desired Access: Read"
"12:56:04.0361447","nwtoolset.exe","17432","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:56:04.0361646","nwtoolset.exe","17432","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:56:04.0361721","nwtoolset.exe","17432","RegQueryKey","HKCU","SUCCESS","Query: Name"
"12:56:04.0361833","nwtoolset.exe","17432","RegOpenKey","HKCU\Software\Policies\Microsoft\Control Panel\Desktop","NAME NOT FOUND","Desired Access: Read"
"12:56:04.0361995","nwtoolset.exe","17432","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:56:04.0362248","nwtoolset.exe","17432","RegQueryKey","HKCU","SUCCESS","Query: Name"
"12:56:04.0362477","nwtoolset.exe","17432","RegOpenKey","HKCU\Control Panel\Desktop\LanguageConfiguration","SUCCESS","Desired Access: Read"
"12:56:04.0362805","nwtoolset.exe","17432","RegSetInfoKey","HKCU\Control Panel\Desktop\LanguageConfiguration","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:56:04.0362911","nwtoolset.exe","17432","RegEnumValue","HKCU\Control Panel\Desktop\LanguageConfiguration","NO MORE ENTRIES","Index: 0, Length: 512"
"12:56:04.0363040","nwtoolset.exe","17432","RegCloseKey","HKCU\Control Panel\Desktop\LanguageConfiguration","SUCCESS",""
"12:56:04.0363125","nwtoolset.exe","17432","RegCloseKey","HKCU","SUCCESS",""
"12:56:04.0363269","nwtoolset.exe","17432","RegOpenKey","HKLM\Software\WOW6432Node\Policies\Microsoft\MUI\Settings","REPARSE","Desired Access: Read"
"12:56:04.0363441","nwtoolset.exe","17432","RegOpenKey","HKLM\SOFTWARE\Policies\Microsoft\MUI\Settings","NAME NOT FOUND","Desired Access: Read"
"12:56:04.0363646","nwtoolset.exe","17432","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:56:04.0363878","nwtoolset.exe","17432","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:56:04.0364013","nwtoolset.exe","17432","RegQueryKey","HKCU","SUCCESS","Query: Name"
"12:56:04.0364146","nwtoolset.exe","17432","RegOpenKey","HKCU\Software\Policies\Microsoft\Control Panel\Desktop","NAME NOT FOUND","Desired Access: Read"
"12:56:04.0364296","nwtoolset.exe","17432","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:56:04.0364369","nwtoolset.exe","17432","RegQueryKey","HKCU","SUCCESS","Query: Name"
"12:56:04.0364468","nwtoolset.exe","17432","RegOpenKey","HKCU\Control Panel\Desktop","SUCCESS","Desired Access: Read"
"12:56:04.0364588","nwtoolset.exe","17432","RegSetInfoKey","HKCU\Control Panel\Desktop","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:56:04.0364664","nwtoolset.exe","17432","RegQueryValue","HKCU\Control Panel\Desktop\PreferredUILanguages","BUFFER OVERFLOW","Length: 12"
"12:56:04.0364760","nwtoolset.exe","17432","RegQueryValue","HKCU\Control Panel\Desktop\PreferredUILanguages","SUCCESS","Type: REG_MULTI_SZ, Length: 12, Data: it-IT"
"12:56:04.0364875","nwtoolset.exe","17432","RegCloseKey","HKCU\Control Panel\Desktop","SUCCESS",""
"12:56:04.0364947","nwtoolset.exe","17432","RegCloseKey","HKCU","SUCCESS",""
"12:56:04.0365070","nwtoolset.exe","17432","RegOpenKey","HKLM\Software\WOW6432Node\Policies\Microsoft\MUI\Settings","REPARSE","Desired Access: Read"
"12:56:04.0365221","nwtoolset.exe","17432","RegOpenKey","HKLM\SOFTWARE\Policies\Microsoft\MUI\Settings","NAME NOT FOUND","Desired Access: Read"
"12:56:04.0365417","nwtoolset.exe","17432","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:56:04.0365643","nwtoolset.exe","17432","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:56:04.0365715","nwtoolset.exe","17432","RegQueryKey","HKCU","SUCCESS","Query: Name"
"12:56:04.0365820","nwtoolset.exe","17432","RegOpenKey","HKCU\Control Panel\Desktop\MuiCached","SUCCESS","Desired Access: Read"
"12:56:04.0365959","nwtoolset.exe","17432","RegSetInfoKey","HKCU\Control Panel\Desktop\MuiCached","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:56:04.0366034","nwtoolset.exe","17432","RegQueryValue","HKCU\Control Panel\Desktop\MuiCached\MachinePreferredUILanguages","BUFFER OVERFLOW","Length: 12"
"12:56:04.0366115","nwtoolset.exe","17432","RegQueryValue","HKCU\Control Panel\Desktop\MuiCached\MachinePreferredUILanguages","SUCCESS","Type: REG_MULTI_SZ, Length: 12, Data: it-IT"
"12:56:04.0366212","nwtoolset.exe","17432","RegCloseKey","HKCU\Control Panel\Desktop\MuiCached","SUCCESS",""
"12:56:04.0366287","nwtoolset.exe","17432","RegCloseKey","HKCU","SUCCESS",""
"12:56:04.0367043","nwtoolset.exe","17432","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\SideBySide","NAME NOT FOUND","Desired Access: Read"
"12:56:04.0368329","nwtoolset.exe","17432","CreateFile","C:\Program Files\Bitdefender\Bitdefender 2017\atcuf\263284823411408631\atcuf32.dll","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.0368874","nwtoolset.exe","17432","QueryBasicInformationFile","C:\Program Files\Bitdefender\Bitdefender 2017\atcuf\263284823411408631\atcuf32.dll","SUCCESS","CreationTime: 02/04/2018 12:06:35, LastAccessTime: 02/04/2018 12:54:12, LastWriteTime: 27/02/2018 23:39:28, ChangeTime: 28/02/2018 22:13:04, FileAttributes: A"
"12:56:04.0369654","nwtoolset.exe","17432","CloseFile","C:\Program Files\Bitdefender\Bitdefender 2017\atcuf\263284823411408631\atcuf32.dll","SUCCESS",""
"12:56:04.0370573","nwtoolset.exe","17432","CloseFile","C:\Program Files\Bitdefender\Bitdefender 2017\atcuf\263284823411408631\atcuf32.dll","SUCCESS",""
"12:56:04.0378316","nwtoolset.exe","17432","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Control\Session Manager","REPARSE","Desired Access: Query Value, Enumerate Sub Keys"
"12:56:04.0378515","nwtoolset.exe","17432","RegOpenKey","HKLM\System\CurrentControlSet\Control\Session Manager","SUCCESS","Desired Access: Query Value, Enumerate Sub Keys"
"12:56:04.0378717","nwtoolset.exe","17432","RegSetInfoKey","HKLM\System\CurrentControlSet\Control\Session Manager","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:56:04.0378837","nwtoolset.exe","17432","RegQueryValue","HKLM\System\CurrentControlSet\Control\Session Manager\ResourcePolicies","NAME NOT FOUND","Length: 24"
"12:56:04.0379000","nwtoolset.exe","17432","RegCloseKey","HKLM\System\CurrentControlSet\Control\Session Manager","SUCCESS",""
"12:56:04.0385288","nwtoolset.exe","17432","RegOpenKey","HKLM\System\CurrentControlSet\Control\SafeBoot\Option","REPARSE","Desired Access: Query Value, Set Value"
"12:56:04.0385400","nwtoolset.exe","17432","RegOpenKey","HKLM\System\CurrentControlSet\Control\SafeBoot\Option","NAME NOT FOUND","Desired Access: Query Value, Set Value"
"12:56:04.0385580","nwtoolset.exe","17432","RegOpenKey","HKLM\System\CurrentControlSet\Control\Srp\GP\DLL","REPARSE","Desired Access: Read"
"12:56:04.0385695","nwtoolset.exe","17432","RegOpenKey","HKLM\System\CurrentControlSet\Control\Srp\GP\DLL","NAME NOT FOUND","Desired Access: Read"
"12:56:04.0385936","nwtoolset.exe","17432","RegOpenKey","HKLM\Software\WOW6432Node\Policies\Microsoft\Windows\Safer\CodeIdentifiers","REPARSE","Desired Access: Query Value"
"12:56:04.0386210","nwtoolset.exe","17432","RegOpenKey","HKLM\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers","SUCCESS","Desired Access: Query Value"
"12:56:04.0386454","nwtoolset.exe","17432","RegSetInfoKey","HKLM\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:56:04.0386610","nwtoolset.exe","17432","RegQueryValue","HKLM\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\TransparentEnabled","NAME NOT FOUND","Length: 80"
"12:56:04.0386767","nwtoolset.exe","17432","RegCloseKey","HKLM\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers","SUCCESS",""
"12:56:04.0386945","nwtoolset.exe","17432","RegOpenKey","HKCU\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers","NAME NOT FOUND","Desired Access: Query Value"
"12:56:04.0387195","nwtoolset.exe","17432","RegOpenKey","HKLM\System\CurrentControlSet\Control\FileSystem\","REPARSE","Desired Access: Read"
"12:56:04.0387279","nwtoolset.exe","17432","RegOpenKey","HKLM\System\CurrentControlSet\Control\FileSystem","SUCCESS","Desired Access: Read"
"12:56:04.0387399","nwtoolset.exe","17432","RegSetInfoKey","HKLM\System\CurrentControlSet\Control\FileSystem","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:56:04.0387475","nwtoolset.exe","17432","RegQueryValue","HKLM\System\CurrentControlSet\Control\FileSystem\LongPathsEnabled","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:56:04.0387616","nwtoolset.exe","17432","RegCloseKey","HKLM\System\CurrentControlSet\Control\FileSystem","SUCCESS",""
"12:56:04.0388863","nwtoolset.exe","17432","Load Image","C:\Windows\SysWOW64\shell32.dll","SUCCESS","Image Base: 0x75fc0000, Image Size: 0x1333000"
"12:56:04.0389221","nwtoolset.exe","17432","QueryNameInformationFile","C:\Windows\SysWOW64\shell32.dll","BUFFER OVERFLOW","Name: \Windo"
"12:56:04.0389429","nwtoolset.exe","17432","QueryNameInformationFile","C:\Windows\SysWOW64\shell32.dll","SUCCESS","Name: \Windows\SysWOW64\shell32.dll"
"12:56:04.0390899","nwtoolset.exe","17432","Load Image","C:\Windows\SysWOW64\msvcrt.dll","SUCCESS","Image Base: 0x75c00000, Image Size: 0xbd000"
"12:56:04.0391218","nwtoolset.exe","17432","QueryNameInformationFile","C:\Windows\SysWOW64\msvcrt.dll","BUFFER OVERFLOW","Name: \Windo"
"12:56:04.0391384","nwtoolset.exe","17432","QueryNameInformationFile","C:\Windows\SysWOW64\msvcrt.dll","SUCCESS","Name: \Windows\SysWOW64\msvcrt.dll"
"12:56:04.0393037","nwtoolset.exe","17432","Load Image","C:\Windows\SysWOW64\cfgmgr32.dll","SUCCESS","Image Base: 0x74060000, Image Size: 0x38000"
"12:56:04.0393293","nwtoolset.exe","17432","QueryNameInformationFile","C:\Windows\SysWOW64\cfgmgr32.dll","BUFFER OVERFLOW","Name: \Windo"
"12:56:04.0393468","nwtoolset.exe","17432","QueryNameInformationFile","C:\Windows\SysWOW64\cfgmgr32.dll","SUCCESS","Name: \Windows\SysWOW64\cfgmgr32.dll"
"12:56:04.0395055","nwtoolset.exe","17432","Load Image","C:\Windows\SysWOW64\ucrtbase.dll","SUCCESS","Image Base: 0x74570000, Image Size: 0x117000"
"12:56:04.0395293","nwtoolset.exe","17432","QueryNameInformationFile","C:\Windows\SysWOW64\ucrtbase.dll","BUFFER OVERFLOW","Name: \Windo"
"12:56:04.0395483","nwtoolset.exe","17432","QueryNameInformationFile","C:\Windows\SysWOW64\ucrtbase.dll","SUCCESS","Name: \Windows\SysWOW64\ucrtbase.dll"
"12:56:04.0397808","nwtoolset.exe","17432","Load Image","C:\Windows\SysWOW64\SHCore.dll","SUCCESS","Image Base: 0x740a0000, Image Size: 0x88000"
"12:56:04.0398145","nwtoolset.exe","17432","QueryNameInformationFile","C:\Windows\SysWOW64\SHCore.dll","BUFFER OVERFLOW","Name: \Windo"
"12:56:04.0398401","nwtoolset.exe","17432","QueryNameInformationFile","C:\Windows\SysWOW64\SHCore.dll","SUCCESS","Name: \Windows\SysWOW64\SHCore.dll"
"12:56:04.0400413","nwtoolset.exe","17432","Load Image","C:\Windows\SysWOW64\rpcrt4.dll","SUCCESS","Image Base: 0x74bc0000, Image Size: 0xbe000"
"12:56:04.0400708","nwtoolset.exe","17432","QueryNameInformationFile","C:\Windows\SysWOW64\rpcrt4.dll","BUFFER OVERFLOW","Name: \Windo"
"12:56:04.0400919","nwtoolset.exe","17432","QueryNameInformationFile","C:\Windows\SysWOW64\rpcrt4.dll","SUCCESS","Name: \Windows\SysWOW64\rpcrt4.dll"
"12:56:04.0402573","nwtoolset.exe","17432","Load Image","C:\Windows\SysWOW64\sspicli.dll","SUCCESS","Image Base: 0x73ff0000, Image Size: 0x20000"
"12:56:04.0402826","nwtoolset.exe","17432","QueryNameInformationFile","C:\Windows\SysWOW64\sspicli.dll","BUFFER OVERFLOW","Name: \Windo"
"12:56:04.0402988","nwtoolset.exe","17432","QueryNameInformationFile","C:\Windows\SysWOW64\sspicli.dll","SUCCESS","Name: \Windows\SysWOW64\sspicli.dll"
"12:56:04.0404136","nwtoolset.exe","17432","Load Image","C:\Windows\SysWOW64\cryptbase.dll","SUCCESS","Image Base: 0x73fe0000, Image Size: 0xa000"
"12:56:04.0404343","nwtoolset.exe","17432","QueryNameInformationFile","C:\Windows\SysWOW64\cryptbase.dll","BUFFER OVERFLOW","Name: \Windo"
"12:56:04.0404497","nwtoolset.exe","17432","QueryNameInformationFile","C:\Windows\SysWOW64\cryptbase.dll","SUCCESS","Name: \Windows\SysWOW64\cryptbase.dll"
"12:56:04.0405804","nwtoolset.exe","17432","Load Image","C:\Windows\SysWOW64\bcryptprimitives.dll","SUCCESS","Image Base: 0x75570000, Image Size: 0x57000"
"12:56:04.0406090","nwtoolset.exe","17432","QueryNameInformationFile","C:\Windows\SysWOW64\bcryptprimitives.dll","BUFFER OVERFLOW","Name: \Windo"
"12:56:04.0406298","nwtoolset.exe","17432","QueryNameInformationFile","C:\Windows\SysWOW64\bcryptprimitives.dll","SUCCESS","Name: \Windows\SysWOW64\bcryptprimitives.dll"
"12:56:04.0407129","nwtoolset.exe","17432","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Control\Session Manager","REPARSE","Desired Access: Query Value, Enumerate Sub Keys"
"12:56:04.0407274","nwtoolset.exe","17432","RegOpenKey","HKLM\System\CurrentControlSet\Control\Session Manager","SUCCESS","Desired Access: Query Value, Enumerate Sub Keys"
"12:56:04.0407470","nwtoolset.exe","17432","RegSetInfoKey","HKLM\System\CurrentControlSet\Control\Session Manager","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:56:04.0407557","nwtoolset.exe","17432","RegQueryValue","HKLM\System\CurrentControlSet\Control\Session Manager\ResourcePolicies","NAME NOT FOUND","Length: 24"
"12:56:04.0407708","nwtoolset.exe","17432","RegCloseKey","HKLM\System\CurrentControlSet\Control\Session Manager","SUCCESS",""
"12:56:04.0409069","nwtoolset.exe","17432","Load Image","C:\Windows\SysWOW64\sechost.dll","SUCCESS","Image Base: 0x746b0000, Image Size: 0x43000"
"12:56:04.0409409","nwtoolset.exe","17432","QueryNameInformationFile","C:\Windows\SysWOW64\sechost.dll","BUFFER OVERFLOW","Name: \Windo"
"12:56:04.0409653","nwtoolset.exe","17432","QueryNameInformationFile","C:\Windows\SysWOW64\sechost.dll","SUCCESS","Name: \Windows\SysWOW64\sechost.dll"
"12:56:04.0412063","nwtoolset.exe","17432","Load Image","C:\Windows\SysWOW64\combase.dll","SUCCESS","Image Base: 0x74830000, Image Size: 0x246000"
"12:56:04.0412370","nwtoolset.exe","17432","QueryNameInformationFile","C:\Windows\SysWOW64\combase.dll","BUFFER OVERFLOW","Name: \Windo"
"12:56:04.0412538","nwtoolset.exe","17432","QueryNameInformationFile","C:\Windows\SysWOW64\combase.dll","SUCCESS","Name: \Windows\SysWOW64\combase.dll"
"12:56:04.0414517","nwtoolset.exe","17432","Load Image","C:\Windows\SysWOW64\windows.storage.dll","SUCCESS","Image Base: 0x75630000, Image Size: 0x5c6000"
"12:56:04.0414848","nwtoolset.exe","17432","QueryNameInformationFile","C:\Windows\SysWOW64\windows.storage.dll","BUFFER OVERFLOW","Name: \Windo"
"12:56:04.0415023","nwtoolset.exe","17432","QueryNameInformationFile","C:\Windows\SysWOW64\windows.storage.dll","SUCCESS","Name: \Windows\SysWOW64\windows.storage.dll"
"12:56:04.0416640","nwtoolset.exe","17432","Load Image","C:\Windows\SysWOW64\advapi32.dll","SUCCESS","Image Base: 0x74750000, Image Size: 0x78000"
"12:56:04.0416990","nwtoolset.exe","17432","QueryNameInformationFile","C:\Windows\SysWOW64\advapi32.dll","BUFFER OVERFLOW","Name: \Windo"
"12:56:04.0417158","nwtoolset.exe","17432","QueryNameInformationFile","C:\Windows\SysWOW64\advapi32.dll","SUCCESS","Name: \Windows\SysWOW64\advapi32.dll"
"12:56:04.0419077","nwtoolset.exe","17432","Load Image","C:\Windows\SysWOW64\shlwapi.dll","SUCCESS","Image Base: 0x74700000, Image Size: 0x45000"
"12:56:04.0419366","nwtoolset.exe","17432","QueryNameInformationFile","C:\Windows\SysWOW64\shlwapi.dll","BUFFER OVERFLOW","Name: \Windo"
"12:56:04.0419538","nwtoolset.exe","17432","QueryNameInformationFile","C:\Windows\SysWOW64\shlwapi.dll","SUCCESS","Name: \Windows\SysWOW64\shlwapi.dll"
"12:56:04.0421167","nwtoolset.exe","17432","Load Image","C:\Windows\SysWOW64\gdi32.dll","SUCCESS","Image Base: 0x77370000, Image Size: 0x22000"
"12:56:04.0421522","nwtoolset.exe","17432","QueryNameInformationFile","C:\Windows\SysWOW64\gdi32.dll","BUFFER OVERFLOW","Name: \Windo"
"12:56:04.0421706","nwtoolset.exe","17432","QueryNameInformationFile","C:\Windows\SysWOW64\gdi32.dll","SUCCESS","Name: \Windows\SysWOW64\gdi32.dll"
"12:56:04.0423390","nwtoolset.exe","17432","Load Image","C:\Windows\SysWOW64\gdi32full.dll","SUCCESS","Image Base: 0x75cc0000, Image Size: 0x15e000"
"12:56:04.0423748","nwtoolset.exe","17432","QueryNameInformationFile","C:\Windows\SysWOW64\gdi32full.dll","BUFFER OVERFLOW","Name: \Windo"
"12:56:04.0423914","nwtoolset.exe","17432","QueryNameInformationFile","C:\Windows\SysWOW64\gdi32full.dll","SUCCESS","Name: \Windows\SysWOW64\gdi32full.dll"
"12:56:04.0425414","nwtoolset.exe","17432","Load Image","C:\Windows\SysWOW64\msvcp_win.dll","SUCCESS","Image Base: 0x74b30000, Image Size: 0x7c000"
"12:56:04.0425929","nwtoolset.exe","17432","QueryNameInformationFile","C:\Windows\SysWOW64\msvcp_win.dll","BUFFER OVERFLOW","Name: \Windo"
"12:56:04.0426173","nwtoolset.exe","17432","QueryNameInformationFile","C:\Windows\SysWOW64\msvcp_win.dll","SUCCESS","Name: \Windows\SysWOW64\msvcp_win.dll"
"12:56:04.0428311","nwtoolset.exe","17432","Load Image","C:\Windows\SysWOW64\user32.dll","SUCCESS","Image Base: 0x75e40000, Image Size: 0x175000"
"12:56:04.0429115","nwtoolset.exe","17432","QueryNameInformationFile","C:\Windows\SysWOW64\user32.dll","BUFFER OVERFLOW","Name: \Windo"
"12:56:04.0429486","nwtoolset.exe","17432","QueryNameInformationFile","C:\Windows\SysWOW64\user32.dll","SUCCESS","Name: \Windows\SysWOW64\user32.dll"
"12:56:04.0430976","nwtoolset.exe","17432","Load Image","C:\Windows\SysWOW64\win32u.dll","SUCCESS","Image Base: 0x74690000, Image Size: 0x16000"
"12:56:04.0431573","nwtoolset.exe","17432","QueryNameInformationFile","C:\Windows\SysWOW64\win32u.dll","BUFFER OVERFLOW","Name: \Windo"
"12:56:04.0431759","nwtoolset.exe","17432","QueryNameInformationFile","C:\Windows\SysWOW64\win32u.dll","SUCCESS","Name: \Windows\SysWOW64\win32u.dll"
"12:56:04.0433509","nwtoolset.exe","17432","Load Image","C:\Windows\SysWOW64\kernel.appcore.dll","SUCCESS","Image Base: 0x74560000, Image Size: 0xe000"
"12:56:04.0434030","nwtoolset.exe","17432","QueryNameInformationFile","C:\Windows\SysWOW64\kernel.appcore.dll","BUFFER OVERFLOW","Name: \Windo"
"12:56:04.0434196","nwtoolset.exe","17432","QueryNameInformationFile","C:\Windows\SysWOW64\kernel.appcore.dll","SUCCESS","Name: \Windows\SysWOW64\kernel.appcore.dll"
"12:56:04.0435888","nwtoolset.exe","17432","Load Image","C:\Windows\SysWOW64\powrprof.dll","SUCCESS","Image Base: 0x74a80000, Image Size: 0x45000"
"12:56:04.0436126","nwtoolset.exe","17432","QueryNameInformationFile","C:\Windows\SysWOW64\powrprof.dll","BUFFER OVERFLOW","Name: \Windo"
"12:56:04.0436289","nwtoolset.exe","17432","QueryNameInformationFile","C:\Windows\SysWOW64\powrprof.dll","SUCCESS","Name: \Windows\SysWOW64\powrprof.dll"
"12:56:04.0437732","nwtoolset.exe","17432","Load Image","C:\Windows\SysWOW64\profapi.dll","SUCCESS","Image Base: 0x77300000, Image Size: 0x14000"
"12:56:04.0437949","nwtoolset.exe","17432","QueryNameInformationFile","C:\Windows\SysWOW64\profapi.dll","BUFFER OVERFLOW","Name: \Windo"
"12:56:04.0438126","nwtoolset.exe","17432","QueryNameInformationFile","C:\Windows\SysWOW64\profapi.dll","SUCCESS","Name: \Windows\SysWOW64\profapi.dll"
"12:56:04.0439433","nwtoolset.exe","17432","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\SideBySide\AssemblyStorageRoots","NAME NOT FOUND","Desired Access: Enumerate Sub Keys"
"12:56:04.0441870","nwtoolset.exe","17432","CreateFile","C:\Program Files (x86)\Steam\steamapps\common\Neverwinter Nights\bin\win32\nwtoolset.exe.Local","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:56:04.0443397","nwtoolset.exe","17432","CreateFile","C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.16299.309_none_d02304ff5f3aa9de","SUCCESS","Desired Access: Execute/Traverse, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.0444854","nwtoolset.exe","17432","Load Image","C:\Windows\SysWOW64\comdlg32.dll","SUCCESS","Image Base: 0x774f0000, Image Size: 0xd4000"
"12:56:04.0445080","nwtoolset.exe","17432","QueryNameInformationFile","C:\Windows\SysWOW64\comdlg32.dll","BUFFER OVERFLOW","Name: \Windo"
"12:56:04.0445240","nwtoolset.exe","17432","QueryNameInformationFile","C:\Windows\SysWOW64\comdlg32.dll","SUCCESS","Name: \Windows\SysWOW64\comdlg32.dll"
"12:56:04.0447173","nwtoolset.exe","17432","Load Image","C:\Windows\SysWOW64\ole32.dll","SUCCESS","Image Base: 0x74df0000, Image Size: 0xf7000"
"12:56:04.0447658","nwtoolset.exe","17432","QueryNameInformationFile","C:\Windows\SysWOW64\ole32.dll","BUFFER OVERFLOW","Name: \Windo"
"12:56:04.0447984","nwtoolset.exe","17432","QueryNameInformationFile","C:\Windows\SysWOW64\ole32.dll","SUCCESS","Name: \Windows\SysWOW64\ole32.dll"
"12:56:04.0450812","nwtoolset.exe","17432","Load Image","C:\Windows\SysWOW64\oleaut32.dll","SUCCESS","Image Base: 0x75060000, Image Size: 0x93000"
"12:56:04.0451065","nwtoolset.exe","17432","QueryNameInformationFile","C:\Windows\SysWOW64\oleaut32.dll","BUFFER OVERFLOW","Name: \Windo"
"12:56:04.0452080","nwtoolset.exe","17432","QueryNameInformationFile","C:\Windows\SysWOW64\oleaut32.dll","SUCCESS","Name: \Windows\SysWOW64\oleaut32.dll"
"12:56:04.0465810","nwtoolset.exe","17432","RegOpenKey","HKLM\System\CurrentControlSet\Control\Session Manager","REPARSE","Desired Access: Query Value"
"12:56:04.0465967","nwtoolset.exe","17432","RegOpenKey","HKLM\System\CurrentControlSet\Control\Session Manager","SUCCESS","Desired Access: Query Value"
"12:56:04.0466120","nwtoolset.exe","17432","RegSetInfoKey","HKLM\System\CurrentControlSet\Control\Session Manager","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:56:04.0466208","nwtoolset.exe","17432","RegQueryValue","HKLM\System\CurrentControlSet\Control\Session Manager\SafeDllSearchMode","NAME NOT FOUND","Length: 16"
"12:56:04.0468846","nwtoolset.exe","17432","CreateFile","C:\Program Files (x86)\Steam\steamapps\common\Neverwinter Nights\bin\win32\openal32.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.0469430","nwtoolset.exe","17432","QueryBasicInformationFile","C:\Program Files (x86)\Steam\steamapps\common\Neverwinter Nights\bin\win32\openal32.dll","SUCCESS","CreationTime: 22/03/2018 20:17:39, LastAccessTime: 02/04/2018 12:51:38, LastWriteTime: 22/03/2018 20:17:39, ChangeTime: 22/03/2018 20:17:53, FileAttributes: A"
"12:56:04.0469557","nwtoolset.exe","17432","CloseFile","C:\Program Files (x86)\Steam\steamapps\common\Neverwinter Nights\bin\win32\openal32.dll","SUCCESS",""
"12:56:04.0470903","nwtoolset.exe","17432","CreateFile","C:\Program Files (x86)\Steam\steamapps\common\Neverwinter Nights\bin\win32\openal32.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.0471391","nwtoolset.exe","17432","CreateFileMapping","C:\Program Files (x86)\Steam\steamapps\common\Neverwinter Nights\bin\win32\openal32.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READ|PAGE_NOCACHE"
"12:56:04.0472451","nwtoolset.exe","17432","CreateFileMapping","C:\Program Files (x86)\Steam\steamapps\common\Neverwinter Nights\bin\win32\openal32.dll","SUCCESS","SyncType: SyncTypeOther"
"12:56:04.0473144","nwtoolset.exe","17432","Load Image","C:\Program Files (x86)\Steam\steamapps\common\Neverwinter Nights\bin\win32\openal32.dll","SUCCESS","Image Base: 0x6a3c0000, Image Size: 0xc2000"
"12:56:04.0473364","nwtoolset.exe","17432","QueryNameInformationFile","C:\Program Files (x86)\Steam\steamapps\common\Neverwinter Nights\bin\win32\openal32.dll","BUFFER OVERFLOW","Name: \Progr"
"12:56:04.0473550","nwtoolset.exe","17432","QueryNameInformationFile","C:\Program Files (x86)\Steam\steamapps\common\Neverwinter Nights\bin\win32\openal32.dll","SUCCESS","Name: \Program Files (x86)\Steam\steamapps\common\Neverwinter Nights\bin\win32\openal32.dll"
"12:56:04.0474294","nwtoolset.exe","17432","CloseFile","C:\Program Files (x86)\Steam\steamapps\common\Neverwinter Nights\bin\win32\openal32.dll","SUCCESS",""
"12:56:04.0476812","nwtoolset.exe","17432","CreateFile","C:\Program Files (x86)\Steam\steamapps\common\Neverwinter Nights\bin\win32\VERSION.DLL","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:56:04.0479107","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\version.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.0479568","nwtoolset.exe","17432","QueryBasicInformationFile","C:\Windows\SysWOW64\version.dll","SUCCESS","CreationTime: 29/09/2017 15:42:24, LastAccessTime: 02/04/2018 12:55:42, LastWriteTime: 29/09/2017 15:42:24, ChangeTime: 22/12/2017 23:57:23, FileAttributes: A"
"12:56:04.0479658","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\version.dll","SUCCESS",""
"12:56:04.0480833","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\version.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.0481375","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\version.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READ|PAGE_NOCACHE"
"12:56:04.0481712","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\version.dll","SUCCESS","SyncType: SyncTypeOther"
"12:56:04.0482688","nwtoolset.exe","17432","Load Image","C:\Windows\SysWOW64\version.dll","SUCCESS","Image Base: 0x73c90000, Image Size: 0x8000"
"12:56:04.0483010","nwtoolset.exe","17432","QueryNameInformationFile","C:\Windows\SysWOW64\version.dll","BUFFER OVERFLOW","Name: \Windo"
"12:56:04.0483263","nwtoolset.exe","17432","QueryNameInformationFile","C:\Windows\SysWOW64\version.dll","SUCCESS","Name: \Windows\SysWOW64\version.dll"
"12:56:04.0484360","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\version.dll","SUCCESS",""
"12:56:04.0487736","nwtoolset.exe","17432","CreateFile","C:\Program Files (x86)\Steam\steamapps\common\Neverwinter Nights\bin\win32\WINSPOOL.DRV","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:56:04.0490934","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\winspool.drv","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.0491488","nwtoolset.exe","17432","QueryBasicInformationFile","C:\Windows\SysWOW64\winspool.drv","SUCCESS","CreationTime: 29/09/2017 15:42:27, LastAccessTime: 02/04/2018 12:51:38, LastWriteTime: 29/09/2017 15:42:27, ChangeTime: 22/12/2017 23:12:30, FileAttributes: A"
"12:56:04.0491648","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\winspool.drv","SUCCESS",""
"12:56:04.0493386","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\winspool.drv","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.0494124","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\winspool.drv","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READ|PAGE_NOCACHE"
"12:56:04.0494515","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\winspool.drv","SUCCESS","SyncType: SyncTypeOther"
"12:56:04.0495563","nwtoolset.exe","17432","Load Image","C:\Windows\SysWOW64\winspool.drv","SUCCESS","Image Base: 0x73380000, Image Size: 0x6c000"
"12:56:04.0495949","nwtoolset.exe","17432","QueryNameInformationFile","C:\Windows\SysWOW64\winspool.drv","BUFFER OVERFLOW","Name: \Windo"
"12:56:04.0496271","nwtoolset.exe","17432","QueryNameInformationFile","C:\Windows\SysWOW64\winspool.drv","SUCCESS","Name: \Windows\SysWOW64\winspool.drv"
"12:56:04.0497626","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\winspool.drv","SUCCESS",""
"12:56:04.0501021","nwtoolset.exe","17432","CreateFile","C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.16299.309_none_d02304ff5f3aa9de\comctl32.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.0501382","nwtoolset.exe","17432","QueryBasicInformationFile","C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.16299.309_none_d02304ff5f3aa9de\comctl32.dll","SUCCESS","CreationTime: 13/03/2018 21:27:15, LastAccessTime: 02/04/2018 12:51:38, LastWriteTime: 01/03/2018 08:26:07, ChangeTime: 13/03/2018 21:29:18, FileAttributes: A"
"12:56:04.0501481","nwtoolset.exe","17432","CloseFile","C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.16299.309_none_d02304ff5f3aa9de\comctl32.dll","SUCCESS",""
"12:56:04.0502641","nwtoolset.exe","17432","CreateFile","C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.16299.309_none_d02304ff5f3aa9de\comctl32.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.0503132","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.16299.309_none_d02304ff5f3aa9de\comctl32.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READ|PAGE_NOCACHE"
"12:56:04.0503478","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.16299.309_none_d02304ff5f3aa9de\comctl32.dll","SUCCESS","SyncType: SyncTypeOther"
"12:56:04.0504945","nwtoolset.exe","17432","Load Image","C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.16299.309_none_d02304ff5f3aa9de\comctl32.dll","SUCCESS","Image Base: 0x73580000, Image Size: 0x8e000"
"12:56:04.0505237","nwtoolset.exe","17432","QueryNameInformationFile","C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.16299.309_none_d02304ff5f3aa9de\comctl32.dll","BUFFER OVERFLOW","Name: \Windo"
"12:56:04.0505427","nwtoolset.exe","17432","QueryNameInformationFile","C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.16299.309_none_d02304ff5f3aa9de\comctl32.dll","SUCCESS","Name: \Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.16299.309_none_d02304ff5f3aa9de\comctl32.dll"
"12:56:04.0506439","nwtoolset.exe","17432","CloseFile","C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.16299.309_none_d02304ff5f3aa9de\comctl32.dll","SUCCESS",""
"12:56:04.0508950","nwtoolset.exe","17432","CreateFile","C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.16299.309_none_d02304ff5f3aa9de\comctl32.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.0509327","nwtoolset.exe","17432","QueryBasicInformationFile","C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.16299.309_none_d02304ff5f3aa9de\comctl32.dll","SUCCESS","CreationTime: 13/03/2018 21:27:15, LastAccessTime: 02/04/2018 12:56:04, LastWriteTime: 01/03/2018 08:26:07, ChangeTime: 13/03/2018 21:29:18, FileAttributes: A"
"12:56:04.0509490","nwtoolset.exe","17432","CloseFile","C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.16299.309_none_d02304ff5f3aa9de\comctl32.dll","SUCCESS",""
"12:56:04.0512781","nwtoolset.exe","17432","CreateFile","C:\Program Files (x86)\Steam\steamapps\common\Neverwinter Nights\bin\win32\GLU32.DLL","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:56:04.0516230","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\glu32.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.0516679","nwtoolset.exe","17432","QueryBasicInformationFile","C:\Windows\SysWOW64\glu32.dll","SUCCESS","CreationTime: 29/09/2017 15:42:22, LastAccessTime: 02/04/2018 12:51:38, LastWriteTime: 29/09/2017 15:42:22, ChangeTime: 22/12/2017 23:57:16, FileAttributes: A"
"12:56:04.0516781","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\glu32.dll","SUCCESS",""
"12:56:04.0518079","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\glu32.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.0518597","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\glu32.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READ|PAGE_NOCACHE"
"12:56:04.0518925","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\glu32.dll","SUCCESS","SyncType: SyncTypeOther"
"12:56:04.0519868","nwtoolset.exe","17432","Load Image","C:\Windows\SysWOW64\glu32.dll","SUCCESS","Image Base: 0x5c3d0000, Image Size: 0x25000"
"12:56:04.0520112","nwtoolset.exe","17432","QueryNameInformationFile","C:\Windows\SysWOW64\glu32.dll","BUFFER OVERFLOW","Name: \Windo"
"12:56:04.0520281","nwtoolset.exe","17432","QueryNameInformationFile","C:\Windows\SysWOW64\glu32.dll","SUCCESS","Name: \Windows\SysWOW64\glu32.dll"
"12:56:04.0521025","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\glu32.dll","SUCCESS",""
"12:56:04.0523545","nwtoolset.exe","17432","CreateFile","C:\Program Files (x86)\Steam\steamapps\common\Neverwinter Nights\bin\win32\OPENGL32.DLL","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:56:04.0527575","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\opengl32.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.0528189","nwtoolset.exe","17432","QueryBasicInformationFile","C:\Windows\SysWOW64\opengl32.dll","SUCCESS","CreationTime: 29/09/2017 15:42:22, LastAccessTime: 02/04/2018 12:51:38, LastWriteTime: 29/09/2017 15:42:22, ChangeTime: 22/12/2017 23:57:21, FileAttributes: A"
"12:56:04.0528352","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\opengl32.dll","SUCCESS",""
"12:56:04.0530147","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\opengl32.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.0530894","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\opengl32.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READ|PAGE_NOCACHE"
"12:56:04.0531277","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\opengl32.dll","SUCCESS","SyncType: SyncTypeOther"
"12:56:04.0532225","nwtoolset.exe","17432","Load Image","C:\Windows\SysWOW64\opengl32.dll","SUCCESS","Image Base: 0x5d040000, Image Size: 0xdf000"
"12:56:04.0532481","nwtoolset.exe","17432","QueryNameInformationFile","C:\Windows\SysWOW64\opengl32.dll","BUFFER OVERFLOW","Name: \Windo"
"12:56:04.0532647","nwtoolset.exe","17432","QueryNameInformationFile","C:\Windows\SysWOW64\opengl32.dll","SUCCESS","Name: \Windows\SysWOW64\opengl32.dll"
"12:56:04.0533382","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\opengl32.dll","SUCCESS",""
"12:56:04.0536110","nwtoolset.exe","17432","CreateFile","C:\Program Files (x86)\Steam\steamapps\common\Neverwinter Nights\bin\win32\WINMM.DLL","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:56:04.0538342","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\winmm.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.0538731","nwtoolset.exe","17432","QueryBasicInformationFile","C:\Windows\SysWOW64\winmm.dll","SUCCESS","CreationTime: 29/09/2017 15:42:08, LastAccessTime: 02/04/2018 12:51:38, LastWriteTime: 29/09/2017 15:42:08, ChangeTime: 22/12/2017 23:57:24, FileAttributes: A"
"12:56:04.0538839","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\winmm.dll","SUCCESS",""
"12:56:04.0540258","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\winmm.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.0540794","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\winmm.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READ|PAGE_NOCACHE"
"12:56:04.0541173","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\winmm.dll","SUCCESS","SyncType: SyncTypeOther"
"12:56:04.0542104","nwtoolset.exe","17432","Load Image","C:\Windows\SysWOW64\winmm.dll","SUCCESS","Image Base: 0x73b70000, Image Size: 0x24000"
"12:56:04.0542351","nwtoolset.exe","17432","QueryNameInformationFile","C:\Windows\SysWOW64\winmm.dll","BUFFER OVERFLOW","Name: \Windo"
"12:56:04.0542516","nwtoolset.exe","17432","QueryNameInformationFile","C:\Windows\SysWOW64\winmm.dll","SUCCESS","Name: \Windows\SysWOW64\winmm.dll"
"12:56:04.0543872","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\winmm.dll","SUCCESS",""
"12:56:04.0548058","nwtoolset.exe","17432","CreateFile","C:\Program Files (x86)\Steam\steamapps\common\Neverwinter Nights\bin\win32\WINMM.DLL","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:56:04.0550413","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\winmm.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.0550766","nwtoolset.exe","17432","QueryBasicInformationFile","C:\Windows\SysWOW64\winmm.dll","SUCCESS","CreationTime: 29/09/2017 15:42:08, LastAccessTime: 02/04/2018 12:56:04, LastWriteTime: 29/09/2017 15:42:08, ChangeTime: 22/12/2017 23:57:24, FileAttributes: A"
"12:56:04.0550862","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\winmm.dll","SUCCESS",""
"12:56:04.0553467","nwtoolset.exe","17432","CreateFile","C:\Program Files (x86)\Steam\steamapps\common\Neverwinter Nights\bin\win32\IPHLPAPI.DLL","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:56:04.0557229","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\IPHLPAPI.DLL","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.0557789","nwtoolset.exe","17432","QueryBasicInformationFile","C:\Windows\SysWOW64\IPHLPAPI.DLL","SUCCESS","CreationTime: 29/09/2017 15:42:14, LastAccessTime: 02/04/2018 12:51:38, LastWriteTime: 29/09/2017 15:42:14, ChangeTime: 22/12/2017 23:57:17, FileAttributes: A"
"12:56:04.0557900","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\IPHLPAPI.DLL","SUCCESS",""
"12:56:04.0559689","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\IPHLPAPI.DLL","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.0560322","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\IPHLPAPI.DLL","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READ|PAGE_NOCACHE"
"12:56:04.0560569","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\IPHLPAPI.DLL","SUCCESS","SyncType: SyncTypeOther"
"12:56:04.0561355","nwtoolset.exe","17432","Load Image","C:\Windows\SysWOW64\IPHLPAPI.DLL","SUCCESS","Image Base: 0x73ae0000, Image Size: 0x30000"
"12:56:04.0561662","nwtoolset.exe","17432","QueryNameInformationFile","C:\Windows\SysWOW64\IPHLPAPI.DLL","BUFFER OVERFLOW","Name: \Windo"
"12:56:04.0561834","nwtoolset.exe","17432","QueryNameInformationFile","C:\Windows\SysWOW64\IPHLPAPI.DLL","SUCCESS","Name: \Windows\SysWOW64\IPHLPAPI.DLL"
"12:56:04.0562755","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\IPHLPAPI.DLL","SUCCESS",""
"12:56:04.0565345","nwtoolset.exe","17432","CreateFile","C:\Program Files (x86)\Steam\steamapps\common\Neverwinter Nights\bin\win32\bcrypt.dll","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:56:04.0567686","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\bcrypt.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.0568068","nwtoolset.exe","17432","QueryBasicInformationFile","C:\Windows\SysWOW64\bcrypt.dll","SUCCESS","CreationTime: 22/12/2017 23:38:25, LastAccessTime: 02/04/2018 12:55:42, LastWriteTime: 22/12/2017 23:38:25, ChangeTime: 13/03/2018 21:29:18, FileAttributes: A"
"12:56:04.0568173","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\bcrypt.dll","SUCCESS",""
"12:56:04.0569571","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\bcrypt.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.0570077","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\bcrypt.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READ|PAGE_NOCACHE"
"12:56:04.0570411","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\bcrypt.dll","SUCCESS","SyncType: SyncTypeOther"
"12:56:04.0571242","nwtoolset.exe","17432","Load Image","C:\Windows\SysWOW64\bcrypt.dll","SUCCESS","Image Base: 0x73eb0000, Image Size: 0x19000"
"12:56:04.0571501","nwtoolset.exe","17432","QueryNameInformationFile","C:\Windows\SysWOW64\bcrypt.dll","BUFFER OVERFLOW","Name: \Windo"
"12:56:04.0571679","nwtoolset.exe","17432","QueryNameInformationFile","C:\Windows\SysWOW64\bcrypt.dll","SUCCESS","Name: \Windows\SysWOW64\bcrypt.dll"
"12:56:04.0572426","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\bcrypt.dll","SUCCESS",""
"12:56:04.0576438","nwtoolset.exe","17432","CreateFile","C:\Program Files (x86)\Steam\steamapps\common\Neverwinter Nights\bin\win32\OPENGL32.dll","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:56:04.0579157","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\opengl32.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.0579654","nwtoolset.exe","17432","QueryBasicInformationFile","C:\Windows\SysWOW64\opengl32.dll","SUCCESS","CreationTime: 29/09/2017 15:42:22, LastAccessTime: 02/04/2018 12:56:04, LastWriteTime: 29/09/2017 15:42:22, ChangeTime: 22/12/2017 23:57:21, FileAttributes: A"
"12:56:04.0579811","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\opengl32.dll","SUCCESS",""
"12:56:04.0584392","nwtoolset.exe","17432","CreateFile","C:\Program Files (x86)\Steam\steamapps\common\Neverwinter Nights\bin\win32\WINMMBASE.dll","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:56:04.0587756","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\winmmbase.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.0588165","nwtoolset.exe","17432","QueryBasicInformationFile","C:\Windows\SysWOW64\winmmbase.dll","SUCCESS","CreationTime: 29/09/2017 15:42:08, LastAccessTime: 02/04/2018 12:51:38, LastWriteTime: 29/09/2017 15:42:08, ChangeTime: 22/12/2017 23:57:24, FileAttributes: A"
"12:56:04.0588310","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\winmmbase.dll","SUCCESS",""
"12:56:04.0590246","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\winmmbase.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.0590698","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\winmmbase.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READ|PAGE_NOCACHE"
"12:56:04.0591051","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\winmmbase.dll","SUCCESS","SyncType: SyncTypeOther"
"12:56:04.0592029","nwtoolset.exe","17432","Load Image","C:\Windows\SysWOW64\winmmbase.dll","SUCCESS","Image Base: 0x73690000, Image Size: 0x23000"
"12:56:04.0592310","nwtoolset.exe","17432","QueryNameInformationFile","C:\Windows\SysWOW64\winmmbase.dll","BUFFER OVERFLOW","Name: \Windo"
"12:56:04.0592478","nwtoolset.exe","17432","QueryNameInformationFile","C:\Windows\SysWOW64\winmmbase.dll","SUCCESS","Name: \Windows\SysWOW64\winmmbase.dll"
"12:56:04.0593535","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\winmmbase.dll","SUCCESS",""
"12:56:04.0596056","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\winmmbase.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.0596330","nwtoolset.exe","17432","QueryBasicInformationFile","C:\Windows\SysWOW64\winmmbase.dll","SUCCESS","CreationTime: 29/09/2017 15:42:08, LastAccessTime: 02/04/2018 12:56:04, LastWriteTime: 29/09/2017 15:42:08, ChangeTime: 22/12/2017 23:57:24, FileAttributes: A"
"12:56:04.0596445","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\winmmbase.dll","SUCCESS",""
"12:56:04.0598610","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\winmmbase.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.0598875","nwtoolset.exe","17432","QueryBasicInformationFile","C:\Windows\SysWOW64\winmmbase.dll","SUCCESS","CreationTime: 29/09/2017 15:42:08, LastAccessTime: 02/04/2018 12:56:04, LastWriteTime: 29/09/2017 15:42:08, ChangeTime: 22/12/2017 23:57:24, FileAttributes: A"
"12:56:04.0598966","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\winmmbase.dll","SUCCESS",""
"12:56:04.0602980","nwtoolset.exe","17432","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options","REPARSE","Desired Access: Query Value, Enumerate Sub Keys"
"12:56:04.0603381","nwtoolset.exe","17432","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options","SUCCESS","Desired Access: Query Value, Enumerate Sub Keys"
"12:56:04.0603546","nwtoolset.exe","17432","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:56:04.0603706","nwtoolset.exe","17432","RegQueryKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options","SUCCESS","Query: HandleTags, HandleTags: 0x400"
"12:56:04.0603808","nwtoolset.exe","17432","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DllNXOptions","NAME NOT FOUND","Desired Access: Query Value, Enumerate Sub Keys"
"12:56:04.0605585","nwtoolset.exe","17432","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\Sorting\Versions","REPARSE","Desired Access: Read"
"12:56:04.0605814","nwtoolset.exe","17432","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\Sorting\Versions","SUCCESS","Desired Access: Read"
"12:56:04.0606016","nwtoolset.exe","17432","RegSetInfoKey","HKLM\System\CurrentControlSet\Control\Nls\Sorting\Versions","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:56:04.0606118","nwtoolset.exe","17432","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\Sorting\Versions\(Default)","SUCCESS","Type: REG_SZ, Length: 18, Data: 0006020E"
"12:56:04.0609037","nwtoolset.exe","17432","RegOpenKey","HKLM\System\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy","REPARSE","Desired Access: Query Value"
"12:56:04.0609133","nwtoolset.exe","17432","RegOpenKey","HKLM\System\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy","SUCCESS","Desired Access: Query Value"
"12:56:04.0609266","nwtoolset.exe","17432","RegSetInfoKey","HKLM\System\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:56:04.0609347","nwtoolset.exe","17432","RegQueryValue","HKLM\System\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy\Enabled","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:56:04.0609717","nwtoolset.exe","17432","RegOpenKey","HKLM\System\CurrentControlSet\Control\Lsa","REPARSE","Desired Access: Query Value"
"12:56:04.0609937","nwtoolset.exe","17432","RegOpenKey","HKLM\System\CurrentControlSet\Control\Lsa","SUCCESS","Desired Access: Query Value"
"12:56:04.0610157","nwtoolset.exe","17432","RegSetInfoKey","HKLM\System\CurrentControlSet\Control\Lsa","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:56:04.0610284","nwtoolset.exe","17432","RegQueryValue","HKLM\System\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy","NAME NOT FOUND","Length: 20"
"12:56:04.0610428","nwtoolset.exe","17432","RegQueryValue","HKLM\System\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy\MDMEnabled","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:56:04.0610705","nwtoolset.exe","17432","RegCloseKey","HKLM\System\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy","SUCCESS",""
"12:56:04.0610892","nwtoolset.exe","17432","RegCloseKey","HKLM\System\CurrentControlSet\Control\Lsa","SUCCESS",""
"12:56:04.0611112","nwtoolset.exe","17432","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Policies\Microsoft\Cryptography\Configuration","REPARSE","Desired Access: Query Value"
"12:56:04.0611268","nwtoolset.exe","17432","RegOpenKey","HKLM\System\CurrentControlSet\Policies\Microsoft\Cryptography\Configuration","NAME NOT FOUND","Desired Access: Query Value"
"12:56:04.0612521","nwtoolset.exe","17432","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\a6d3c9ac-9128-522a-495a-1821191173c2","NAME NOT FOUND","Length: 524"
"12:56:04.0613118","nwtoolset.exe","17432","QueryNameInformationFile","C:\Windows\SysWOW64\sspicli.dll","SUCCESS","Name: \Windows\SysWOW64\sspicli.dll"
"12:56:04.0614660","nwtoolset.exe","17432","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: Read"
"12:56:04.0614946","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:56:04.0615060","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: Name"
"12:56:04.0615250","nwtoolset.exe","17432","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\OLE","REPARSE","Desired Access: Read"
"12:56:04.0615596","nwtoolset.exe","17432","RegOpenKey","HKLM\SOFTWARE\Microsoft\Ole","SUCCESS","Desired Access: Read"
"12:56:04.0615885","nwtoolset.exe","17432","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Ole","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:56:04.0616012","nwtoolset.exe","17432","RegQueryValue","HKLM\SOFTWARE\Microsoft\Ole\PageAllocatorUseSystemHeap","NAME NOT FOUND","Length: 144"
"12:56:04.0616301","nwtoolset.exe","17432","RegCloseKey","HKLM\SOFTWARE\Microsoft\Ole","SUCCESS",""
"12:56:04.0616494","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:56:04.0616617","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: Name"
"12:56:04.0616804","nwtoolset.exe","17432","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\OLE","REPARSE","Desired Access: Read"
"12:56:04.0617069","nwtoolset.exe","17432","RegOpenKey","HKLM\SOFTWARE\Microsoft\Ole","SUCCESS","Desired Access: Read"
"12:56:04.0617328","nwtoolset.exe","17432","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Ole","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:56:04.0617452","nwtoolset.exe","17432","RegQueryValue","HKLM\SOFTWARE\Microsoft\Ole\PageAllocatorSystemHeapIsPrivate","NAME NOT FOUND","Length: 144"
"12:56:04.0617665","nwtoolset.exe","17432","RegCloseKey","HKLM\SOFTWARE\Microsoft\Ole","SUCCESS",""
"12:56:04.0617852","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:56:04.0617964","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: Name"
"12:56:04.0618153","nwtoolset.exe","17432","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\OLE","REPARSE","Desired Access: Read"
"12:56:04.0618406","nwtoolset.exe","17432","RegOpenKey","HKLM\SOFTWARE\Microsoft\Ole","SUCCESS","Desired Access: Read"
"12:56:04.0618650","nwtoolset.exe","17432","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Ole","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:56:04.0618774","nwtoolset.exe","17432","RegQueryValue","HKLM\SOFTWARE\Microsoft\Ole\AggressiveMTATesting","NAME NOT FOUND","Length: 144"
"12:56:04.0618991","nwtoolset.exe","17432","RegCloseKey","HKLM\SOFTWARE\Microsoft\Ole","SUCCESS",""
"12:56:04.0619855","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:56:04.0619991","nwtoolset.exe","17432","RegOpenKey","HKLM","SUCCESS","Desired Access: Read"
"12:56:04.0620165","nwtoolset.exe","17432","RegSetInfoKey","HKLM","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:56:04.0620358","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x100"
"12:56:04.0620493","nwtoolset.exe","17432","RegOpenKey","HKLM\Software\Microsoft\Ole\FeatureDevelopmentProperties","NAME NOT FOUND","Desired Access: Read"
"12:56:04.0620903","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x100"
"12:56:04.0621042","nwtoolset.exe","17432","RegOpenKey","HKLM\Software\Microsoft\Ole\FeatureDevelopmentProperties","NAME NOT FOUND","Desired Access: Read"
"12:56:04.0621382","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x100"
"12:56:04.0621514","nwtoolset.exe","17432","RegOpenKey","HKLM\Software\Microsoft\Ole","SUCCESS","Desired Access: Read"
"12:56:04.0622301","nwtoolset.exe","17432","RegOpenKey","HKCU","SUCCESS","Desired Access: Read"
"12:56:04.0622430","nwtoolset.exe","17432","RegSetInfoKey","HKCU","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:56:04.0622532","nwtoolset.exe","17432","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x100"
"12:56:04.0622608","nwtoolset.exe","17432","RegOpenKey","HKCU\Software\Classes\Local Settings","REPARSE","Desired Access: Read"
"12:56:04.0622713","nwtoolset.exe","17432","RegOpenKey","HKCU\Software\Classes\Local Settings","SUCCESS","Desired Access: Read"
"12:56:04.0622879","nwtoolset.exe","17432","RegCloseKey","HKCU","SUCCESS",""
"12:56:04.0623005","nwtoolset.exe","17432","RegQueryKey","HKCU\Software\Classes\Local Settings","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:56:04.0623072","nwtoolset.exe","17432","RegQueryKey","HKCU\Software\Classes\Local Settings","SUCCESS","Query: Name"
"12:56:04.0623183","nwtoolset.exe","17432","RegOpenKey","HKCU\Software\Classes\Local Settings\Software\Microsoft\Ole\FeatureDevelopmentProperties","NAME NOT FOUND","Desired Access: Read"
"12:56:04.0623331","nwtoolset.exe","17432","RegQueryKey","HKCU\Software\Classes\Local Settings","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:56:04.0623394","nwtoolset.exe","17432","RegQueryKey","HKCU\Software\Classes\Local Settings","SUCCESS","Query: Name"
"12:56:04.0623493","nwtoolset.exe","17432","RegOpenKey","HKCU\Software\Classes\Local Settings\Software\Microsoft\Ole\FeatureDevelopmentProperties","NAME NOT FOUND","Desired Access: Read"
"12:56:04.0623632","nwtoolset.exe","17432","RegQueryKey","HKCU\Software\Classes\Local Settings","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:56:04.0623695","nwtoolset.exe","17432","RegQueryKey","HKCU\Software\Classes\Local Settings","SUCCESS","Query: Name"
"12:56:04.0623791","nwtoolset.exe","17432","RegOpenKey","HKCU\Software\Classes\Local Settings\Software\Microsoft\Ole","NAME NOT FOUND","Desired Access: Read"
"12:56:04.0623912","nwtoolset.exe","17432","RegQueryKey","HKCU\Software\Classes\Local Settings","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:56:04.0623975","nwtoolset.exe","17432","RegQueryKey","HKCU\Software\Classes\Local Settings","SUCCESS","Query: Name"
"12:56:04.0624068","nwtoolset.exe","17432","RegOpenKey","HKCU\Software\Classes\Local Settings\Software\Microsoft","SUCCESS","Desired Access: Read"
"12:56:04.0624186","nwtoolset.exe","17432","RegSetInfoKey","HKCU\Software\Classes\Local Settings\Software\Microsoft","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:56:04.0624990","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:56:04.0625053","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: Name"
"12:56:04.0625168","nwtoolset.exe","17432","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\OLE\Tracing","REPARSE","Desired Access: Read"
"12:56:04.0625333","nwtoolset.exe","17432","RegOpenKey","HKLM\SOFTWARE\Microsoft\Ole\Tracing","NAME NOT FOUND","Desired Access: Read"
"12:56:04.0625948","nwtoolset.exe","17432","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\1aff6089-e863-4d36-bdfd-3581f07440be","NAME NOT FOUND","Length: 524"
"12:56:04.0626294","nwtoolset.exe","17432","QueryNameInformationFile","C:\Windows\SysWOW64\combase.dll","SUCCESS","Name: \Windows\SysWOW64\combase.dll"
"12:56:04.0626779","nwtoolset.exe","17432","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\f0558438-f56a-5987-47da-040ca75aef05","NAME NOT FOUND","Length: 524"
"12:56:04.0627146","nwtoolset.exe","17432","QueryNameInformationFile","C:\Windows\SysWOW64\combase.dll","SUCCESS","Name: \Windows\SysWOW64\combase.dll"
"12:56:04.0630544","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.0631035","nwtoolset.exe","17432","QueryBasicInformationFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","CreationTime: 13/03/2018 21:27:31, LastAccessTime: 02/04/2018 12:12:51, LastWriteTime: 01/03/2018 08:48:05, ChangeTime: 14/03/2018 02:33:17, FileAttributes: A"
"12:56:04.0631188","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS",""
"12:56:04.0640266","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\imm32.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.0640684","nwtoolset.exe","17432","QueryBasicInformationFile","C:\Windows\SysWOW64\imm32.dll","SUCCESS","CreationTime: 29/09/2017 15:42:14, LastAccessTime: 02/04/2018 12:06:38, LastWriteTime: 29/09/2017 15:42:14, ChangeTime: 22/12/2017 23:57:17, FileAttributes: A"
"12:56:04.0640781","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\imm32.dll","SUCCESS",""
"12:56:04.0642027","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\imm32.dll","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.0642512","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\imm32.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READ|PAGE_NOCACHE"
"12:56:04.0642627","nwtoolset.exe","17432","QueryStandardInformationFile","C:\Windows\SysWOW64\imm32.dll","SUCCESS","AllocationSize: 143,360, EndOfFile: 143,152, NumberOfLinks: 2, DeletePending: False, Directory: False"
"12:56:04.0642789","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\imm32.dll","SUCCESS","SyncType: SyncTypeOther"
"12:56:04.0643383","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\imm32.dll","SUCCESS",""
"12:56:04.0644907","nwtoolset.exe","17432","Load Image","C:\Windows\SysWOW64\imm32.dll","SUCCESS","Image Base: 0x74030000, Image Size: 0x25000"
"12:56:04.0645169","nwtoolset.exe","17432","QueryNameInformationFile","C:\Windows\SysWOW64\imm32.dll","BUFFER OVERFLOW","Name: \Windo"
"12:56:04.0645331","nwtoolset.exe","17432","QueryNameInformationFile","C:\Windows\SysWOW64\imm32.dll","SUCCESS","Name: \Windows\SysWOW64\imm32.dll"
"12:56:04.0648765","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\imm32.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.0649120","nwtoolset.exe","17432","QueryBasicInformationFile","C:\Windows\SysWOW64\imm32.dll","SUCCESS","CreationTime: 29/09/2017 15:42:14, LastAccessTime: 02/04/2018 12:06:38, LastWriteTime: 29/09/2017 15:42:14, ChangeTime: 22/12/2017 23:57:17, FileAttributes: A"
"12:56:04.0649219","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\imm32.dll","SUCCESS",""
"12:56:04.0651647","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\imm32.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.0651984","nwtoolset.exe","17432","QueryBasicInformationFile","C:\Windows\SysWOW64\imm32.dll","SUCCESS","CreationTime: 29/09/2017 15:42:14, LastAccessTime: 02/04/2018 12:06:38, LastWriteTime: 29/09/2017 15:42:14, ChangeTime: 22/12/2017 23:57:17, FileAttributes: A"
"12:56:04.0652078","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\imm32.dll","SUCCESS",""
"12:56:04.0652668","nwtoolset.exe","17432","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\f25bcd2e-2690-55dc-3bc4-07b65b1b41c9","NAME NOT FOUND","Length: 524"
"12:56:04.0653020","nwtoolset.exe","17432","QueryNameInformationFile","C:\Windows\SysWOW64\user32.dll","SUCCESS","Name: \Windows\SysWOW64\user32.dll"
"12:56:04.0653261","nwtoolset.exe","17432","RegOpenKey","HKLM\Software\WOW6432Node\Policies\Microsoft\Windows\Display","REPARSE","Desired Access: Read"
"12:56:04.0653975","nwtoolset.exe","17432","RegOpenKey","HKLM\SOFTWARE\Policies\Microsoft\Windows\Display","NAME NOT FOUND","Desired Access: Read"
"12:56:04.0654333","nwtoolset.exe","17432","RegQueryKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options","SUCCESS","Query: HandleTags, HandleTags: 0x400"
"12:56:04.0654478","nwtoolset.exe","17432","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nwtoolset.exe","NAME NOT FOUND","Desired Access: Query Value, Enumerate Sub Keys"
"12:56:04.0654864","nwtoolset.exe","17432","RegOpenKey","HKLM\Software\WOW6432Node\Policies\Microsoft\Windows\Display","REPARSE","Desired Access: Read"
"12:56:04.0655059","nwtoolset.exe","17432","RegOpenKey","HKLM\SOFTWARE\Policies\Microsoft\Windows\Display","NAME NOT FOUND","Desired Access: Read"
"12:56:04.0655394","nwtoolset.exe","17432","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\GRE_Initialize","REPARSE","Desired Access: Read"
"12:56:04.0655731","nwtoolset.exe","17432","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize","SUCCESS","Desired Access: Read"
"12:56:04.0655863","nwtoolset.exe","17432","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:56:04.0655969","nwtoolset.exe","17432","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles","NAME NOT FOUND","Length: 20"
"12:56:04.0656116","nwtoolset.exe","17432","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize","SUCCESS",""
"12:56:04.0656475","nwtoolset.exe","17432","RegOpenKey","HKCU\Control Panel\Desktop","SUCCESS","Desired Access: Read"
"12:56:04.0656619","nwtoolset.exe","17432","RegQueryValue","HKCU\Control Panel\Desktop\EnablePerProcessSystemDPI","NAME NOT FOUND","Length: 520"
"12:56:04.0656752","nwtoolset.exe","17432","RegCloseKey","HKCU\Control Panel\Desktop","SUCCESS",""
"12:56:04.0657342","nwtoolset.exe","17432","RegOpenKey","HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Compatibility32","SUCCESS","Desired Access: Read"
"12:56:04.0657511","nwtoolset.exe","17432","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Compatibility32\nwtoolset","NAME NOT FOUND","Length: 172"
"12:56:04.0657658","nwtoolset.exe","17432","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Compatibility32","SUCCESS",""
"12:56:04.0657761","nwtoolset.exe","17432","RegOpenKey","HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\IME Compatibility","NAME NOT FOUND","Desired Access: Read"
"12:56:04.0663968","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:56:04.0664095","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: Name"
"12:56:04.0664257","nwtoolset.exe","17432","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Windows","SUCCESS","Desired Access: Read"
"12:56:04.0664453","nwtoolset.exe","17432","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Windows","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:56:04.0664576","nwtoolset.exe","17432","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Windows\LoadAppInit_DLLs","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:56:04.0664757","nwtoolset.exe","17432","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Windows","SUCCESS",""
"12:56:04.0665769","nwtoolset.exe","17432","RegQueryKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options","SUCCESS","Query: HandleTags, HandleTags: 0x400"
"12:56:04.0665911","nwtoolset.exe","17432","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nwtoolset.exe","NAME NOT FOUND","Desired Access: Query Value, Enumerate Sub Keys"
"12:56:04.0669729","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.0670157","nwtoolset.exe","17432","QueryBasicInformationFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","CreationTime: 13/03/2018 21:27:31, LastAccessTime: 02/04/2018 12:12:51, LastWriteTime: 01/03/2018 08:48:05, ChangeTime: 14/03/2018 02:33:17, FileAttributes: A"
"12:56:04.0670377","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS",""
"12:56:04.0674581","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.0674871","nwtoolset.exe","17432","QueryBasicInformationFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","CreationTime: 13/03/2018 21:27:31, LastAccessTime: 02/04/2018 12:12:51, LastWriteTime: 01/03/2018 08:48:05, ChangeTime: 14/03/2018 02:33:17, FileAttributes: A"
"12:56:04.0674961","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS",""
"12:56:04.0679286","nwtoolset.exe","17432","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\30336ed4-e327-447c-9de0-51b652c86108","NAME NOT FOUND","Length: 524"
"12:56:04.0679620","nwtoolset.exe","17432","QueryNameInformationFile","C:\Windows\SysWOW64\windows.storage.dll","SUCCESS","Name: \Windows\SysWOW64\windows.storage.dll"
"12:56:04.0680069","nwtoolset.exe","17432","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\b87cf16b-0bf8-4492-a510-d5f59626b033","NAME NOT FOUND","Length: 524"
"12:56:04.0680304","nwtoolset.exe","17432","QueryNameInformationFile","C:\Windows\SysWOW64\windows.storage.dll","SUCCESS","Name: \Windows\SysWOW64\windows.storage.dll"
"12:56:04.0680635","nwtoolset.exe","17432","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\a40b455c-253c-4311-ac6d-6e667edccefc","NAME NOT FOUND","Length: 524"
"12:56:04.0680864","nwtoolset.exe","17432","QueryNameInformationFile","C:\Windows\SysWOW64\windows.storage.dll","SUCCESS","Name: \Windows\SysWOW64\windows.storage.dll"
"12:56:04.0681141","nwtoolset.exe","17432","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\703fcc13-b66f-5868-ddd9-e2db7f381ffb","NAME NOT FOUND","Length: 524"
"12:56:04.0681403","nwtoolset.exe","17432","QueryNameInformationFile","C:\Windows\SysWOW64\windows.storage.dll","SUCCESS","Name: \Windows\SysWOW64\windows.storage.dll"
"12:56:04.0681813","nwtoolset.exe","17432","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\32980f26-c8f5-5767-6b26-635b3fa83c61","NAME NOT FOUND","Length: 524"
"12:56:04.0682069","nwtoolset.exe","17432","QueryNameInformationFile","C:\Windows\SysWOW64\windows.storage.dll","SUCCESS","Name: \Windows\SysWOW64\windows.storage.dll"
"12:56:04.0684361","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.0684632","nwtoolset.exe","17432","QueryBasicInformationFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","CreationTime: 13/03/2018 21:27:31, LastAccessTime: 02/04/2018 12:12:51, LastWriteTime: 01/03/2018 08:48:05, ChangeTime: 14/03/2018 02:33:17, FileAttributes: A"
"12:56:04.0684725","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS",""
"12:56:04.0687782","nwtoolset.exe","17432","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\30336ed4-e327-447c-9de0-51b652c86108","NAME NOT FOUND","Length: 524"
"12:56:04.0688110","nwtoolset.exe","17432","QueryNameInformationFile","C:\Windows\SysWOW64\shell32.dll","SUCCESS","Name: \Windows\SysWOW64\shell32.dll"
"12:56:04.0688438","nwtoolset.exe","17432","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\b87cf16b-0bf8-4492-a510-d5f59626b033","NAME NOT FOUND","Length: 524"
"12:56:04.0688676","nwtoolset.exe","17432","QueryNameInformationFile","C:\Windows\SysWOW64\shell32.dll","SUCCESS","Name: \Windows\SysWOW64\shell32.dll"
"12:56:04.0688963","nwtoolset.exe","17432","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\32980f26-c8f5-5767-6b26-635b3fa83c61","NAME NOT FOUND","Length: 524"
"12:56:04.0689185","nwtoolset.exe","17432","QueryNameInformationFile","C:\Windows\SysWOW64\shell32.dll","SUCCESS","Name: \Windows\SysWOW64\shell32.dll"
"12:56:04.0689487","nwtoolset.exe","17432","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\703fcc13-b66f-5868-ddd9-e2db7f381ffb","NAME NOT FOUND","Length: 524"
"12:56:04.0689709","nwtoolset.exe","17432","QueryNameInformationFile","C:\Windows\SysWOW64\shell32.dll","SUCCESS","Name: \Windows\SysWOW64\shell32.dll"
"12:56:04.0690197","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:56:04.0690285","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: Name"
"12:56:04.0690450","nwtoolset.exe","17432","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\OLE\Tracing","REPARSE","Desired Access: Read"
"12:56:04.0690706","nwtoolset.exe","17432","RegOpenKey","HKLM\SOFTWARE\Microsoft\Ole\Tracing","NAME NOT FOUND","Desired Access: Read"
"12:56:04.0691149","nwtoolset.exe","17432","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\1aff6089-e863-4d36-bdfd-3581f07440be","NAME NOT FOUND","Length: 524"
"12:56:04.0691387","nwtoolset.exe","17432","QueryNameInformationFile","C:\Windows\SysWOW64\ole32.dll","SUCCESS","Name: \Windows\SysWOW64\ole32.dll"
"12:56:04.0691655","nwtoolset.exe","17432","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\f0558438-f56a-5987-47da-040ca75aef05","NAME NOT FOUND","Length: 524"
"12:56:04.0691875","nwtoolset.exe","17432","QueryNameInformationFile","C:\Windows\SysWOW64\ole32.dll","SUCCESS","Name: \Windows\SysWOW64\ole32.dll"
"12:56:04.0694007","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\oleaut32.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.0694420","nwtoolset.exe","17432","QueryBasicInformationFile","C:\Windows\SysWOW64\oleaut32.dll","SUCCESS","CreationTime: 29/09/2017 15:42:14, LastAccessTime: 02/04/2018 12:06:37, LastWriteTime: 29/09/2017 15:42:14, ChangeTime: 22/12/2017 23:57:20, FileAttributes: A"
"12:56:04.0694519","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\oleaut32.dll","SUCCESS",""
"12:56:04.0697197","nwtoolset.exe","17432","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\f3a71a4b-6118-4257-8ccb-39a33ba059d4","NAME NOT FOUND","Length: 524"
"12:56:04.0697546","nwtoolset.exe","17432","QueryNameInformationFile","C:\Windows\SysWOW64\bcrypt.dll","SUCCESS","Name: \Windows\SysWOW64\bcrypt.dll"
"12:56:04.0700476","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.0700763","nwtoolset.exe","17432","QueryBasicInformationFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","CreationTime: 13/03/2018 21:27:31, LastAccessTime: 02/04/2018 12:12:51, LastWriteTime: 01/03/2018 08:48:05, ChangeTime: 14/03/2018 02:33:17, FileAttributes: A"
"12:56:04.0700853","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS",""
"12:56:04.0701645","nwtoolset.exe","17432","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\c69cb70a-3133-4cca-ab0e-046848effcda","NAME NOT FOUND","Length: 524"
"12:56:04.0701895","nwtoolset.exe","17432","QueryNameInformationFile","C:\Windows\SysWOW64\winspool.drv","SUCCESS","Name: \Windows\SysWOW64\winspool.drv"
"12:56:04.0704657","nwtoolset.exe","17432","RegOpenKey","HKCU","SUCCESS","Desired Access: Read"
"12:56:04.0705130","nwtoolset.exe","17432","RegCloseKey","HKCU","SUCCESS",""
"12:56:04.0707584","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.0707861","nwtoolset.exe","17432","QueryBasicInformationFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","CreationTime: 13/03/2018 21:27:31, LastAccessTime: 02/04/2018 12:12:51, LastWriteTime: 01/03/2018 08:48:05, ChangeTime: 14/03/2018 02:33:17, FileAttributes: A"
"12:56:04.0707976","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS",""
"12:56:04.0713927","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.0714207","nwtoolset.exe","17432","QueryBasicInformationFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","CreationTime: 13/03/2018 21:27:31, LastAccessTime: 02/04/2018 12:12:51, LastWriteTime: 01/03/2018 08:48:05, ChangeTime: 14/03/2018 02:33:17, FileAttributes: A"
"12:56:04.0714312","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS",""
"12:56:04.0716776","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\ole32.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.0717149","nwtoolset.exe","17432","QueryBasicInformationFile","C:\Windows\SysWOW64\ole32.dll","SUCCESS","CreationTime: 06/01/2018 03:39:57, LastAccessTime: 02/04/2018 12:06:37, LastWriteTime: 01/01/2018 13:42:32, ChangeTime: 13/03/2018 21:29:18, FileAttributes: A"
"12:56:04.0717243","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\ole32.dll","SUCCESS",""
"12:56:04.0718014","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:56:04.0718098","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: Name"
"12:56:04.0718231","nwtoolset.exe","17432","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\OLEAUT","NAME NOT FOUND","Desired Access: Query Value"
"12:56:04.0720703","nwtoolset.exe","17432","CreateFile","C:\Program Files (x86)\Steam\GameOverlayRenderer.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.0721026","nwtoolset.exe","17432","QueryBasicInformationFile","C:\Program Files (x86)\Steam\GameOverlayRenderer.dll","SUCCESS","CreationTime: 24/04/2016 02:22:56, LastAccessTime: 02/04/2018 12:56:04, LastWriteTime: 27/03/2018 00:33:08, ChangeTime: 27/03/2018 23:00:30, FileAttributes: A"
"12:56:04.0721116","nwtoolset.exe","17432","CloseFile","C:\Program Files (x86)\Steam\GameOverlayRenderer.dll","SUCCESS",""
"12:56:04.0722221","nwtoolset.exe","17432","CreateFile","C:\Program Files (x86)\Steam\GameOverlayRenderer.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.0722652","nwtoolset.exe","17432","CreateFileMapping","C:\Program Files (x86)\Steam\GameOverlayRenderer.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READ|PAGE_NOCACHE"
"12:56:04.0724420","nwtoolset.exe","17432","CreateFileMapping","C:\Program Files (x86)\Steam\GameOverlayRenderer.dll","SUCCESS","SyncType: SyncTypeOther"
"12:56:04.0725137","nwtoolset.exe","17432","Load Image","C:\Program Files (x86)\Steam\GameOverlayRenderer.dll","SUCCESS","Image Base: 0x6a270000, Image Size: 0x144000"
"12:56:04.0725341","nwtoolset.exe","17432","QueryNameInformationFile","C:\Program Files (x86)\Steam\GameOverlayRenderer.dll","BUFFER OVERFLOW","Name: \Progr"
"12:56:04.0725603","nwtoolset.exe","17432","QueryNameInformationFile","C:\Program Files (x86)\Steam\GameOverlayRenderer.dll","SUCCESS","Name: \Program Files (x86)\Steam\GameOverlayRenderer.dll"
"12:56:04.0726877","nwtoolset.exe","17432","Load Image","C:\Windows\SysWOW64\psapi.dll","SUCCESS","Image Base: 0x74020000, Image Size: 0x6000"
"12:56:04.0727109","nwtoolset.exe","17432","QueryNameInformationFile","C:\Windows\SysWOW64\psapi.dll","BUFFER OVERFLOW","Name: \Windo"
"12:56:04.0727266","nwtoolset.exe","17432","QueryNameInformationFile","C:\Windows\SysWOW64\psapi.dll","SUCCESS","Name: \Windows\SysWOW64\psapi.dll"
"12:56:04.0728693","nwtoolset.exe","17432","CloseFile","C:\Program Files (x86)\Steam\GameOverlayRenderer.dll","SUCCESS",""
"12:56:04.0733326","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.0734015","nwtoolset.exe","17432","QueryBasicInformationFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","CreationTime: 13/03/2018 21:27:31, LastAccessTime: 02/04/2018 12:12:51, LastWriteTime: 01/03/2018 08:48:05, ChangeTime: 14/03/2018 02:33:17, FileAttributes: A"
"12:56:04.0734115","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS",""
"12:56:04.0737705","nwtoolset.exe","17432","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:56:04.0738217","nwtoolset.exe","17432","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:56:04.0738301","nwtoolset.exe","17432","RegQueryKey","HKCU","SUCCESS","Query: Name"
"12:56:04.0738430","nwtoolset.exe","17432","RegOpenKey","HKCU\Software\Valve\Steam\ActiveProcess","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:56:04.0738777","nwtoolset.exe","17432","RegSetInfoKey","HKCU\Software\Valve\Steam\ActiveProcess","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:56:04.0738903","nwtoolset.exe","17432","RegQueryValue","HKCU\Software\Valve\Steam\ActiveProcess\pid","SUCCESS","Type: REG_DWORD, Length: 4, Data: 14052"
"12:56:04.0739081","nwtoolset.exe","17432","RegCloseKey","HKCU\Software\Valve\Steam\ActiveProcess","SUCCESS",""
"12:56:04.0742945","nwtoolset.exe","17432","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:56:04.0743020","nwtoolset.exe","17432","RegQueryKey","HKCU","SUCCESS","Query: Name"
"12:56:04.0743138","nwtoolset.exe","17432","RegOpenKey","HKCU\Software\Valve\Steam\ActiveProcess","SUCCESS","Desired Access: Read"
"12:56:04.0743270","nwtoolset.exe","17432","RegSetInfoKey","HKCU\Software\Valve\Steam\ActiveProcess","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:56:04.0743349","nwtoolset.exe","17432","RegQueryValue","HKCU\Software\Valve\Steam\ActiveProcess\SteamClientDll","SUCCESS","Type: REG_SZ, Length: 90, Data: C:\Program Files (x86)\Steam\steamclient.dll"
"12:56:04.0743508","nwtoolset.exe","17432","RegCloseKey","HKCU\Software\Valve\Steam\ActiveProcess","SUCCESS",""
"12:56:04.0745053","nwtoolset.exe","17432","CreateFile","C:\Program Files (x86)\Steam\GameOverlayRenderer.log","SUCCESS","Desired Access: Generic Write, Read Attributes, Disposition: OverwriteIf, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, Write, AllocationSize: 0, OpenResult: Overwritten"
"12:56:04.0747351","nwtoolset.exe","17432","WriteFile","C:\Program Files (x86)\Steam\GameOverlayRenderer.log","SUCCESS","Offset: 0, Length: 103, Priority: Normal"
"12:56:04.0748535","nwtoolset.exe","17432","WriteFile","C:\Program Files (x86)\Steam\GameOverlayRenderer.log","SUCCESS","Offset: 103, Length: 48"
"12:56:04.0862186","nwtoolset.exe","17432","WriteFile","C:\Program Files (x86)\Steam\GameOverlayRenderer.log","SUCCESS","Offset: 151, Length: 55"
"12:56:04.0868441","nwtoolset.exe","17432","WriteFile","C:\Program Files (x86)\Steam\GameOverlayRenderer.log","SUCCESS","Offset: 206, Length: 94"
"12:56:04.0873426","nwtoolset.exe","17432","WriteFile","C:\Program Files (x86)\Steam\GameOverlayRenderer.log","SUCCESS","Offset: 300, Length: 84"
"12:56:04.0873947","nwtoolset.exe","17432","WriteFile","C:\Program Files (x86)\Steam\GameOverlayRenderer.log","SUCCESS","Offset: 384, Length: 77"
"12:56:04.0874212","nwtoolset.exe","17432","WriteFile","C:\Program Files (x86)\Steam\GameOverlayRenderer.log","SUCCESS","Offset: 461, Length: 84"
"12:56:04.0874444","nwtoolset.exe","17432","WriteFile","C:\Program Files (x86)\Steam\GameOverlayRenderer.log","SUCCESS","Offset: 545, Length: 77"
"12:56:04.0874691","nwtoolset.exe","17432","WriteFile","C:\Program Files (x86)\Steam\GameOverlayRenderer.log","SUCCESS","Offset: 622, Length: 84"
"12:56:04.0874920","nwtoolset.exe","17432","WriteFile","C:\Program Files (x86)\Steam\GameOverlayRenderer.log","SUCCESS","Offset: 706, Length: 78"
"12:56:04.0879832","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\dxgi.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.0880329","nwtoolset.exe","17432","QueryBasicInformationFile","C:\Windows\SysWOW64\dxgi.dll","SUCCESS","CreationTime: 22/12/2017 23:38:41, LastAccessTime: 02/04/2018 12:55:38, LastWriteTime: 22/12/2017 23:38:41, ChangeTime: 13/03/2018 21:29:18, FileAttributes: A"
"12:56:04.0880437","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\dxgi.dll","SUCCESS",""
"12:56:04.0881654","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\dxgi.dll","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.0882344","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\dxgi.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READ|PAGE_NOCACHE"
"12:56:04.0882515","nwtoolset.exe","17432","QueryStandardInformationFile","C:\Windows\SysWOW64\dxgi.dll","SUCCESS","AllocationSize: 593,920, EndOfFile: 590,944, NumberOfLinks: 2, DeletePending: False, Directory: False"
"12:56:04.0882792","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\dxgi.dll","SUCCESS","SyncType: SyncTypeOther"
"12:56:04.0883822","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\dxgi.dll","SUCCESS",""
"12:56:04.0886696","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\dxgi.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.0887060","nwtoolset.exe","17432","QueryBasicInformationFile","C:\Windows\SysWOW64\dxgi.dll","SUCCESS","CreationTime: 22/12/2017 23:38:41, LastAccessTime: 02/04/2018 12:55:38, LastWriteTime: 22/12/2017 23:38:41, ChangeTime: 13/03/2018 21:29:18, FileAttributes: A"
"12:56:04.0887159","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\dxgi.dll","SUCCESS",""
"12:56:04.0888533","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\dxgi.dll","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.0889262","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\dxgi.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READ|PAGE_NOCACHE"
"12:56:04.0889439","nwtoolset.exe","17432","QueryStandardInformationFile","C:\Windows\SysWOW64\dxgi.dll","SUCCESS","AllocationSize: 593,920, EndOfFile: 590,944, NumberOfLinks: 2, DeletePending: False, Directory: False"
"12:56:04.0889716","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\dxgi.dll","SUCCESS","SyncType: SyncTypeOther"
"12:56:04.0890500","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\dxgi.dll","SUCCESS",""
"12:56:04.0893767","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\d3d9.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.0894327","nwtoolset.exe","17432","QueryBasicInformationFile","C:\Windows\SysWOW64\d3d9.dll","SUCCESS","CreationTime: 22/12/2017 23:38:45, LastAccessTime: 02/04/2018 12:35:55, LastWriteTime: 22/12/2017 23:38:45, ChangeTime: 13/03/2018 21:29:18, FileAttributes: A"
"12:56:04.0894553","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\d3d9.dll","SUCCESS",""
"12:56:04.0895963","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\d3d9.dll","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.0896448","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\d3d9.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READ|PAGE_NOCACHE"
"12:56:04.0896562","nwtoolset.exe","17432","QueryStandardInformationFile","C:\Windows\SysWOW64\d3d9.dll","SUCCESS","AllocationSize: 1,478,656, EndOfFile: 1,474,680, NumberOfLinks: 2, DeletePending: False, Directory: False"
"12:56:04.0896710","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\d3d9.dll","SUCCESS","SyncType: SyncTypeOther"
"12:56:04.0897375","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\d3d9.dll","SUCCESS",""
"12:56:04.0899468","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\d3d9.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.0899815","nwtoolset.exe","17432","QueryBasicInformationFile","C:\Windows\SysWOW64\d3d9.dll","SUCCESS","CreationTime: 22/12/2017 23:38:45, LastAccessTime: 02/04/2018 12:35:55, LastWriteTime: 22/12/2017 23:38:45, ChangeTime: 13/03/2018 21:29:18, FileAttributes: A"
"12:56:04.0899911","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\d3d9.dll","SUCCESS",""
"12:56:04.0901513","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\d3d9.dll","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.0902080","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\d3d9.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READ|PAGE_NOCACHE"
"12:56:04.0902206","nwtoolset.exe","17432","QueryStandardInformationFile","C:\Windows\SysWOW64\d3d9.dll","SUCCESS","AllocationSize: 1,478,656, EndOfFile: 1,474,680, NumberOfLinks: 2, DeletePending: False, Directory: False"
"12:56:04.0902357","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\d3d9.dll","SUCCESS","SyncType: SyncTypeOther"
"12:56:04.0902923","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\d3d9.dll","SUCCESS",""
"12:56:04.0905784","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\d3d8.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.0906652","nwtoolset.exe","17432","QueryBasicInformationFile","C:\Windows\SysWOW64\d3d8.dll","SUCCESS","CreationTime: 29/09/2017 15:42:14, LastAccessTime: 19/03/2018 00:32:50, LastWriteTime: 29/09/2017 15:42:14, ChangeTime: 22/12/2017 23:57:14, FileAttributes: A"
"12:56:04.0906796","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\d3d8.dll","SUCCESS",""
"12:56:04.0908224","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\d3d8.dll","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.0908775","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\d3d8.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READ|PAGE_NOCACHE"
"12:56:04.0908934","nwtoolset.exe","17432","QueryStandardInformationFile","C:\Windows\SysWOW64\d3d8.dll","SUCCESS","AllocationSize: 716,800, EndOfFile: 713,216, NumberOfLinks: 2, DeletePending: False, Directory: False"
"12:56:04.0909112","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\d3d8.dll","SUCCESS","SyncType: SyncTypeOther"
"12:56:04.0909998","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\d3d8.dll","SUCCESS",""
"12:56:04.0912232","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\d3d8.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.0912570","nwtoolset.exe","17432","QueryBasicInformationFile","C:\Windows\SysWOW64\d3d8.dll","SUCCESS","CreationTime: 29/09/2017 15:42:14, LastAccessTime: 19/03/2018 00:32:50, LastWriteTime: 29/09/2017 15:42:14, ChangeTime: 22/12/2017 23:57:14, FileAttributes: A"
"12:56:04.0912663","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\d3d8.dll","SUCCESS",""
"12:56:04.0913768","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\d3d8.dll","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.0914253","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\d3d8.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READ|PAGE_NOCACHE"
"12:56:04.0914374","nwtoolset.exe","17432","QueryStandardInformationFile","C:\Windows\SysWOW64\d3d8.dll","SUCCESS","AllocationSize: 716,800, EndOfFile: 713,216, NumberOfLinks: 2, DeletePending: False, Directory: False"
"12:56:04.0914615","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\d3d8.dll","SUCCESS","SyncType: SyncTypeOther"
"12:56:04.0915539","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\d3d8.dll","SUCCESS",""
"12:56:04.0918343","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\d3d.dll","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:56:04.0920972","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\d3d.dll","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:56:04.0924267","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\ddraw.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.0924867","nwtoolset.exe","17432","QueryBasicInformationFile","C:\Windows\SysWOW64\ddraw.dll","SUCCESS","CreationTime: 29/09/2017 15:42:14, LastAccessTime: 02/04/2018 12:11:32, LastWriteTime: 29/09/2017 15:42:14, ChangeTime: 22/12/2017 23:57:15, FileAttributes: A"
"12:56:04.0925059","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\ddraw.dll","SUCCESS",""
"12:56:04.0926912","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\ddraw.dll","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.0927803","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\ddraw.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READ|PAGE_NOCACHE"
"12:56:04.0928020","nwtoolset.exe","17432","QueryStandardInformationFile","C:\Windows\SysWOW64\ddraw.dll","SUCCESS","AllocationSize: 532,480, EndOfFile: 531,456, NumberOfLinks: 2, DeletePending: False, Directory: False"
"12:56:04.0928300","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\ddraw.dll","SUCCESS","SyncType: SyncTypeOther"
"12:56:04.0929170","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\ddraw.dll","SUCCESS",""
"12:56:04.0932525","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\ddraw.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.0933049","nwtoolset.exe","17432","QueryBasicInformationFile","C:\Windows\SysWOW64\ddraw.dll","SUCCESS","CreationTime: 29/09/2017 15:42:14, LastAccessTime: 02/04/2018 12:11:32, LastWriteTime: 29/09/2017 15:42:14, ChangeTime: 22/12/2017 23:57:15, FileAttributes: A"
"12:56:04.0933188","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\ddraw.dll","SUCCESS",""
"12:56:04.0934462","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\ddraw.dll","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.0934968","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\ddraw.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READ|PAGE_NOCACHE"
"12:56:04.0935143","nwtoolset.exe","17432","QueryStandardInformationFile","C:\Windows\SysWOW64\ddraw.dll","SUCCESS","AllocationSize: 532,480, EndOfFile: 531,456, NumberOfLinks: 2, DeletePending: False, Directory: False"
"12:56:04.0935332","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\ddraw.dll","SUCCESS","SyncType: SyncTypeOther"
"12:56:04.0935899","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\ddraw.dll","SUCCESS",""
"12:56:04.0938525","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\opengl32.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.0938955","nwtoolset.exe","17432","QueryBasicInformationFile","C:\Windows\SysWOW64\opengl32.dll","SUCCESS","CreationTime: 29/09/2017 15:42:22, LastAccessTime: 02/04/2018 12:56:04, LastWriteTime: 29/09/2017 15:42:22, ChangeTime: 22/12/2017 23:57:21, FileAttributes: A"
"12:56:04.0939055","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\opengl32.dll","SUCCESS",""
"12:56:04.0939802","nwtoolset.exe","17432","WriteFile","C:\Program Files (x86)\Steam\GameOverlayRenderer.log","SUCCESS","Offset: 784, Length: 71"
"12:56:04.0945605","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\dxgi.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.0946036","nwtoolset.exe","17432","QueryBasicInformationFile","C:\Windows\SysWOW64\dxgi.dll","SUCCESS","CreationTime: 22/12/2017 23:38:41, LastAccessTime: 02/04/2018 12:55:38, LastWriteTime: 22/12/2017 23:38:41, ChangeTime: 13/03/2018 21:29:18, FileAttributes: A"
"12:56:04.0946154","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\dxgi.dll","SUCCESS",""
"12:56:04.0947313","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\dxgi.dll","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.0947807","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\dxgi.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READ|PAGE_NOCACHE"
"12:56:04.0947927","nwtoolset.exe","17432","QueryStandardInformationFile","C:\Windows\SysWOW64\dxgi.dll","SUCCESS","AllocationSize: 593,920, EndOfFile: 590,944, NumberOfLinks: 2, DeletePending: False, Directory: False"
"12:56:04.0948078","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\dxgi.dll","SUCCESS","SyncType: SyncTypeOther"
"12:56:04.0948632","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\dxgi.dll","SUCCESS",""
"12:56:04.0951135","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\dxgi.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.0951493","nwtoolset.exe","17432","QueryBasicInformationFile","C:\Windows\SysWOW64\dxgi.dll","SUCCESS","CreationTime: 22/12/2017 23:38:41, LastAccessTime: 02/04/2018 12:55:38, LastWriteTime: 22/12/2017 23:38:41, ChangeTime: 13/03/2018 21:29:18, FileAttributes: A"
"12:56:04.0951596","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\dxgi.dll","SUCCESS",""
"12:56:04.0952749","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\dxgi.dll","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.0953252","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\dxgi.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READ|PAGE_NOCACHE"
"12:56:04.0953376","nwtoolset.exe","17432","QueryStandardInformationFile","C:\Windows\SysWOW64\dxgi.dll","SUCCESS","AllocationSize: 593,920, EndOfFile: 590,944, NumberOfLinks: 2, DeletePending: False, Directory: False"
"12:56:04.0953665","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\dxgi.dll","SUCCESS","SyncType: SyncTypeOther"
"12:56:04.0954279","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\dxgi.dll","SUCCESS",""
"12:56:04.0957580","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\d3d9.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.0958396","nwtoolset.exe","17432","QueryBasicInformationFile","C:\Windows\SysWOW64\d3d9.dll","SUCCESS","CreationTime: 22/12/2017 23:38:45, LastAccessTime: 02/04/2018 12:35:55, LastWriteTime: 22/12/2017 23:38:45, ChangeTime: 13/03/2018 21:29:18, FileAttributes: A"
"12:56:04.0958595","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\d3d9.dll","SUCCESS",""
"12:56:04.0960438","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\d3d9.dll","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.0961209","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\d3d9.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READ|PAGE_NOCACHE"
"12:56:04.0961381","nwtoolset.exe","17432","QueryStandardInformationFile","C:\Windows\SysWOW64\d3d9.dll","SUCCESS","AllocationSize: 1,478,656, EndOfFile: 1,474,680, NumberOfLinks: 2, DeletePending: False, Directory: False"
"12:56:04.0961667","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\d3d9.dll","SUCCESS","SyncType: SyncTypeOther"
"12:56:04.0962565","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\d3d9.dll","SUCCESS",""
"12:56:04.0965489","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\d3d9.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.0965980","nwtoolset.exe","17432","QueryBasicInformationFile","C:\Windows\SysWOW64\d3d9.dll","SUCCESS","CreationTime: 22/12/2017 23:38:45, LastAccessTime: 02/04/2018 12:35:55, LastWriteTime: 22/12/2017 23:38:45, ChangeTime: 13/03/2018 21:29:18, FileAttributes: A"
"12:56:04.0966088","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\d3d9.dll","SUCCESS",""
"12:56:04.0967260","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\d3d9.dll","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.0967850","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\d3d9.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READ|PAGE_NOCACHE"
"12:56:04.0968022","nwtoolset.exe","17432","QueryStandardInformationFile","C:\Windows\SysWOW64\d3d9.dll","SUCCESS","AllocationSize: 1,478,656, EndOfFile: 1,474,680, NumberOfLinks: 2, DeletePending: False, Directory: False"
"12:56:04.0968281","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\d3d9.dll","SUCCESS","SyncType: SyncTypeOther"
"12:56:04.0969076","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\d3d9.dll","SUCCESS",""
"12:56:04.0971814","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\d3d8.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.0972268","nwtoolset.exe","17432","QueryBasicInformationFile","C:\Windows\SysWOW64\d3d8.dll","SUCCESS","CreationTime: 29/09/2017 15:42:14, LastAccessTime: 19/03/2018 00:32:50, LastWriteTime: 29/09/2017 15:42:14, ChangeTime: 22/12/2017 23:57:14, FileAttributes: A"
"12:56:04.0972434","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\d3d8.dll","SUCCESS",""
"12:56:04.0973982","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\d3d8.dll","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.0974464","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\d3d8.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READ|PAGE_NOCACHE"
"12:56:04.0974663","nwtoolset.exe","17432","QueryStandardInformationFile","C:\Windows\SysWOW64\d3d8.dll","SUCCESS","AllocationSize: 716,800, EndOfFile: 713,216, NumberOfLinks: 2, DeletePending: False, Directory: False"
"12:56:04.0974849","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\d3d8.dll","SUCCESS","SyncType: SyncTypeOther"
"12:56:04.0975497","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\d3d8.dll","SUCCESS",""
"12:56:04.0978015","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\d3d8.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.0978349","nwtoolset.exe","17432","QueryBasicInformationFile","C:\Windows\SysWOW64\d3d8.dll","SUCCESS","CreationTime: 29/09/2017 15:42:14, LastAccessTime: 19/03/2018 00:32:50, LastWriteTime: 29/09/2017 15:42:14, ChangeTime: 22/12/2017 23:57:14, FileAttributes: A"
"12:56:04.0978446","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\d3d8.dll","SUCCESS",""
"12:56:04.0979536","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\d3d8.dll","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.0980012","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\d3d8.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READ|PAGE_NOCACHE"
"12:56:04.0980129","nwtoolset.exe","17432","QueryStandardInformationFile","C:\Windows\SysWOW64\d3d8.dll","SUCCESS","AllocationSize: 716,800, EndOfFile: 713,216, NumberOfLinks: 2, DeletePending: False, Directory: False"
"12:56:04.0980280","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\d3d8.dll","SUCCESS","SyncType: SyncTypeOther"
"12:56:04.0980855","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\d3d8.dll","SUCCESS",""
"12:56:04.0983294","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\d3d.dll","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:56:04.0985571","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\d3d.dll","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:56:04.0988029","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\ddraw.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.0988411","nwtoolset.exe","17432","QueryBasicInformationFile","C:\Windows\SysWOW64\ddraw.dll","SUCCESS","CreationTime: 29/09/2017 15:42:14, LastAccessTime: 02/04/2018 12:11:32, LastWriteTime: 29/09/2017 15:42:14, ChangeTime: 22/12/2017 23:57:15, FileAttributes: A"
"12:56:04.0988511","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\ddraw.dll","SUCCESS",""
"12:56:04.0989646","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\ddraw.dll","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.0990489","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\ddraw.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READ|PAGE_NOCACHE"
"12:56:04.0990673","nwtoolset.exe","17432","QueryStandardInformationFile","C:\Windows\SysWOW64\ddraw.dll","SUCCESS","AllocationSize: 532,480, EndOfFile: 531,456, NumberOfLinks: 2, DeletePending: False, Directory: False"
"12:56:04.0990920","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\ddraw.dll","SUCCESS","SyncType: SyncTypeOther"
"12:56:04.0991492","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\ddraw.dll","SUCCESS",""
"12:56:04.0993823","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\ddraw.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.0994173","nwtoolset.exe","17432","QueryBasicInformationFile","C:\Windows\SysWOW64\ddraw.dll","SUCCESS","CreationTime: 29/09/2017 15:42:14, LastAccessTime: 02/04/2018 12:11:32, LastWriteTime: 29/09/2017 15:42:14, ChangeTime: 22/12/2017 23:57:15, FileAttributes: A"
"12:56:04.0994266","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\ddraw.dll","SUCCESS",""
"12:56:04.0995369","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\ddraw.dll","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.0995983","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\ddraw.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READ|PAGE_NOCACHE"
"12:56:04.0996100","nwtoolset.exe","17432","QueryStandardInformationFile","C:\Windows\SysWOW64\ddraw.dll","SUCCESS","AllocationSize: 532,480, EndOfFile: 531,456, NumberOfLinks: 2, DeletePending: False, Directory: False"
"12:56:04.0996251","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\ddraw.dll","SUCCESS","SyncType: SyncTypeOther"
"12:56:04.0996748","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\ddraw.dll","SUCCESS",""
"12:56:04.0998898","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\opengl32.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.0999266","nwtoolset.exe","17432","QueryBasicInformationFile","C:\Windows\SysWOW64\opengl32.dll","SUCCESS","CreationTime: 29/09/2017 15:42:22, LastAccessTime: 02/04/2018 12:56:04, LastWriteTime: 29/09/2017 15:42:22, ChangeTime: 22/12/2017 23:57:21, FileAttributes: A"
"12:56:04.0999386","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\opengl32.dll","SUCCESS",""
"12:56:04.1001308","nwtoolset.exe","17432","CreateFile","C:\Program Files (x86)\Steam\steamapps\common\Neverwinter Nights\bin\win32\steamcompat.inf","NAME NOT FOUND","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, Write, AllocationSize: n/a"
"12:56:04.1002193","nwtoolset.exe","17432","WriteFile","C:\Program Files (x86)\Steam\GameOverlayRenderer.log","SUCCESS","Offset: 855, Length: 74"
"12:56:04.1006852","nwtoolset.exe","17432","WriteFile","C:\Program Files (x86)\Steam\GameOverlayRenderer.log","SUCCESS","Offset: 929, Length: 75"
"12:56:04.1007708","nwtoolset.exe","17432","WriteFile","C:\Program Files (x86)\Steam\GameOverlayRenderer.log","SUCCESS","Offset: 1,004, Length: 71"
"12:56:04.1008461","nwtoolset.exe","17432","WriteFile","C:\Program Files (x86)\Steam\GameOverlayRenderer.log","SUCCESS","Offset: 1,075, Length: 74"
"12:56:04.1009105","nwtoolset.exe","17432","WriteFile","C:\Program Files (x86)\Steam\GameOverlayRenderer.log","SUCCESS","Offset: 1,149, Length: 76"
"12:56:04.1009783","nwtoolset.exe","17432","WriteFile","C:\Program Files (x86)\Steam\GameOverlayRenderer.log","SUCCESS","Offset: 1,225, Length: 73"
"12:56:04.1010271","nwtoolset.exe","17432","WriteFile","C:\Program Files (x86)\Steam\GameOverlayRenderer.log","SUCCESS","Offset: 1,298, Length: 73"
"12:56:04.1010734","nwtoolset.exe","17432","WriteFile","C:\Program Files (x86)\Steam\GameOverlayRenderer.log","SUCCESS","Offset: 1,371, Length: 72"
"12:56:04.1011195","nwtoolset.exe","17432","WriteFile","C:\Program Files (x86)\Steam\GameOverlayRenderer.log","SUCCESS","Offset: 1,443, Length: 74"
"12:56:04.1011650","nwtoolset.exe","17432","WriteFile","C:\Program Files (x86)\Steam\GameOverlayRenderer.log","SUCCESS","Offset: 1,517, Length: 74"
"12:56:04.1012114","nwtoolset.exe","17432","WriteFile","C:\Program Files (x86)\Steam\GameOverlayRenderer.log","SUCCESS","Offset: 1,591, Length: 72"
"12:56:04.1012584","nwtoolset.exe","17432","WriteFile","C:\Program Files (x86)\Steam\GameOverlayRenderer.log","SUCCESS","Offset: 1,663, Length: 72"
"12:56:04.1013041","nwtoolset.exe","17432","WriteFile","C:\Program Files (x86)\Steam\GameOverlayRenderer.log","SUCCESS","Offset: 1,735, Length: 73"
"12:56:04.1013487","nwtoolset.exe","17432","WriteFile","C:\Program Files (x86)\Steam\GameOverlayRenderer.log","SUCCESS","Offset: 1,808, Length: 75"
"12:56:04.1013936","nwtoolset.exe","17432","WriteFile","C:\Program Files (x86)\Steam\GameOverlayRenderer.log","SUCCESS","Offset: 1,883, Length: 82"
"12:56:04.1014385","nwtoolset.exe","17432","WriteFile","C:\Program Files (x86)\Steam\GameOverlayRenderer.log","SUCCESS","Offset: 1,965, Length: 73"
"12:56:04.1014836","nwtoolset.exe","17432","WriteFile","C:\Program Files (x86)\Steam\GameOverlayRenderer.log","SUCCESS","Offset: 2,038, Length: 73"
"12:56:04.1015282","nwtoolset.exe","17432","WriteFile","C:\Program Files (x86)\Steam\GameOverlayRenderer.log","SUCCESS","Offset: 2,111, Length: 81"
"12:56:04.1015785","nwtoolset.exe","17432","WriteFile","C:\Program Files (x86)\Steam\GameOverlayRenderer.log","SUCCESS","Offset: 2,192, Length: 74"
"12:56:04.1016517","nwtoolset.exe","17432","WriteFile","C:\Program Files (x86)\Steam\GameOverlayRenderer.log","SUCCESS","Offset: 2,266, Length: 73"
"12:56:04.1016975","nwtoolset.exe","17432","WriteFile","C:\Program Files (x86)\Steam\GameOverlayRenderer.log","SUCCESS","Offset: 2,339, Length: 71"
"12:56:04.1017433","nwtoolset.exe","17432","WriteFile","C:\Program Files (x86)\Steam\GameOverlayRenderer.log","SUCCESS","Offset: 2,410, Length: 75"
"12:56:04.1017920","nwtoolset.exe","17432","WriteFile","C:\Program Files (x86)\Steam\GameOverlayRenderer.log","SUCCESS","Offset: 2,485, Length: 75"
"12:56:04.1018369","nwtoolset.exe","17432","WriteFile","C:\Program Files (x86)\Steam\GameOverlayRenderer.log","SUCCESS","Offset: 2,560, Length: 72"
"12:56:04.1018821","nwtoolset.exe","17432","WriteFile","C:\Program Files (x86)\Steam\GameOverlayRenderer.log","SUCCESS","Offset: 2,632, Length: 72"
"12:56:04.1019270","nwtoolset.exe","17432","WriteFile","C:\Program Files (x86)\Steam\GameOverlayRenderer.log","SUCCESS","Offset: 2,704, Length: 80"
"12:56:04.1019718","nwtoolset.exe","17432","WriteFile","C:\Program Files (x86)\Steam\GameOverlayRenderer.log","SUCCESS","Offset: 2,784, Length: 74"
"12:56:04.1020191","nwtoolset.exe","17432","WriteFile","C:\Program Files (x86)\Steam\GameOverlayRenderer.log","SUCCESS","Offset: 2,858, Length: 73"
"12:56:04.1020733","nwtoolset.exe","17432","WriteFile","C:\Program Files (x86)\Steam\GameOverlayRenderer.log","SUCCESS","Offset: 2,931, Length: 74"
"12:56:04.1021182","nwtoolset.exe","17432","WriteFile","C:\Program Files (x86)\Steam\GameOverlayRenderer.log","SUCCESS","Offset: 3,005, Length: 71"
"12:56:04.1021628","nwtoolset.exe","17432","WriteFile","C:\Program Files (x86)\Steam\GameOverlayRenderer.log","SUCCESS","Offset: 3,076, Length: 74"
"12:56:04.1022110","nwtoolset.exe","17432","WriteFile","C:\Program Files (x86)\Steam\GameOverlayRenderer.log","SUCCESS","Offset: 3,150, Length: 74"
"12:56:04.1022583","nwtoolset.exe","17432","WriteFile","C:\Program Files (x86)\Steam\GameOverlayRenderer.log","SUCCESS","Offset: 3,224, Length: 73"
"12:56:04.1023052","nwtoolset.exe","17432","WriteFile","C:\Program Files (x86)\Steam\GameOverlayRenderer.log","SUCCESS","Offset: 3,297, Length: 74"
"12:56:04.1023546","nwtoolset.exe","17432","WriteFile","C:\Program Files (x86)\Steam\GameOverlayRenderer.log","SUCCESS","Offset: 3,371, Length: 74"
"12:56:04.1024022","nwtoolset.exe","17432","WriteFile","C:\Program Files (x86)\Steam\GameOverlayRenderer.log","SUCCESS","Offset: 3,445, Length: 71"
"12:56:04.1024492","nwtoolset.exe","17432","WriteFile","C:\Program Files (x86)\Steam\GameOverlayRenderer.log","SUCCESS","Offset: 3,516, Length: 74"
"12:56:04.1025037","nwtoolset.exe","17432","WriteFile","C:\Program Files (x86)\Steam\GameOverlayRenderer.log","SUCCESS","Offset: 3,590, Length: 71"
"12:56:04.1025531","nwtoolset.exe","17432","WriteFile","C:\Program Files (x86)\Steam\GameOverlayRenderer.log","SUCCESS","Offset: 3,661, Length: 74"
"12:56:04.1026212","nwtoolset.exe","17432","WriteFile","C:\Program Files (x86)\Steam\GameOverlayRenderer.log","SUCCESS","Offset: 3,735, Length: 72"
"12:56:04.1026938","nwtoolset.exe","17432","WriteFile","C:\Program Files (x86)\Steam\GameOverlayRenderer.log","SUCCESS","Offset: 3,807, Length: 75"
"12:56:04.1027642","nwtoolset.exe","17432","WriteFile","C:\Program Files (x86)\Steam\GameOverlayRenderer.log","SUCCESS","Offset: 3,882, Length: 71"
"12:56:04.1028356","nwtoolset.exe","17432","WriteFile","C:\Program Files (x86)\Steam\GameOverlayRenderer.log","SUCCESS","Offset: 3,953, Length: 85"
"12:56:04.1029148","nwtoolset.exe","17432","WriteFile","C:\Program Files (x86)\Steam\GameOverlayRenderer.log","SUCCESS","Offset: 4,038, Length: 71, Priority: Normal"
"12:56:04.1030341","nwtoolset.exe","17432","WriteFile","C:\Program Files (x86)\Steam\GameOverlayRenderer.log","SUCCESS","Offset: 4,109, Length: 61"
"12:56:04.1035232","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\tzres.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.1035967","nwtoolset.exe","17432","QueryBasicInformationFile","C:\Windows\SysWOW64\tzres.dll","SUCCESS","CreationTime: 16/02/2018 01:18:59, LastAccessTime: 16/02/2018 01:20:46, LastWriteTime: 10/02/2018 06:44:27, ChangeTime: 13/03/2018 21:29:18, FileAttributes: A"
"12:56:04.1036286","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\tzres.dll","SUCCESS",""
"12:56:04.1038295","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\tzres.dll","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.1039000","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\tzres.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READ|PAGE_NOCACHE"
"12:56:04.1039283","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\tzres.dll","SUCCESS","SyncType: SyncTypeOther"
"12:56:04.1039837","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\tzres.dll","SUCCESS",""
"12:56:04.1042177","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\dxgi.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.1042566","nwtoolset.exe","17432","QueryBasicInformationFile","C:\Windows\SysWOW64\dxgi.dll","SUCCESS","CreationTime: 22/12/2017 23:38:41, LastAccessTime: 02/04/2018 12:55:38, LastWriteTime: 22/12/2017 23:38:41, ChangeTime: 13/03/2018 21:29:18, FileAttributes: A"
"12:56:04.1042674","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\dxgi.dll","SUCCESS",""
"12:56:04.1043957","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\dxgi.dll","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.1044448","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\dxgi.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READ|PAGE_NOCACHE"
"12:56:04.1044571","nwtoolset.exe","17432","QueryStandardInformationFile","C:\Windows\SysWOW64\dxgi.dll","SUCCESS","AllocationSize: 593,920, EndOfFile: 590,944, NumberOfLinks: 2, DeletePending: False, Directory: False"
"12:56:04.1044785","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\dxgi.dll","SUCCESS","SyncType: SyncTypeOther"
"12:56:04.1045330","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\dxgi.dll","SUCCESS",""
"12:56:04.1047836","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\dxgi.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.1048182","nwtoolset.exe","17432","QueryBasicInformationFile","C:\Windows\SysWOW64\dxgi.dll","SUCCESS","CreationTime: 22/12/2017 23:38:41, LastAccessTime: 02/04/2018 12:55:38, LastWriteTime: 22/12/2017 23:38:41, ChangeTime: 13/03/2018 21:29:18, FileAttributes: A"
"12:56:04.1048279","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\dxgi.dll","SUCCESS",""
"12:56:04.1050185","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\dxgi.dll","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.1050673","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\dxgi.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READ|PAGE_NOCACHE"
"12:56:04.1050851","nwtoolset.exe","17432","QueryStandardInformationFile","C:\Windows\SysWOW64\dxgi.dll","SUCCESS","AllocationSize: 593,920, EndOfFile: 590,944, NumberOfLinks: 2, DeletePending: False, Directory: False"
"12:56:04.1051098","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\dxgi.dll","SUCCESS","SyncType: SyncTypeOther"
"12:56:04.1051815","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\dxgi.dll","SUCCESS",""
"12:56:04.1054095","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\d3d9.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.1054604","nwtoolset.exe","17432","QueryBasicInformationFile","C:\Windows\SysWOW64\d3d9.dll","SUCCESS","CreationTime: 22/12/2017 23:38:45, LastAccessTime: 02/04/2018 12:35:55, LastWriteTime: 22/12/2017 23:38:45, ChangeTime: 13/03/2018 21:29:18, FileAttributes: A"
"12:56:04.1054751","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\d3d9.dll","SUCCESS",""
"12:56:04.1056944","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\d3d9.dll","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.1057715","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\d3d9.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READ|PAGE_NOCACHE"
"12:56:04.1057904","nwtoolset.exe","17432","QueryStandardInformationFile","C:\Windows\SysWOW64\d3d9.dll","SUCCESS","AllocationSize: 1,478,656, EndOfFile: 1,474,680, NumberOfLinks: 2, DeletePending: False, Directory: False"
"12:56:04.1058166","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\d3d9.dll","SUCCESS","SyncType: SyncTypeOther"
"12:56:04.1058971","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\d3d9.dll","SUCCESS",""
"12:56:04.1062076","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\d3d9.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.1062497","nwtoolset.exe","17432","QueryBasicInformationFile","C:\Windows\SysWOW64\d3d9.dll","SUCCESS","CreationTime: 22/12/2017 23:38:45, LastAccessTime: 02/04/2018 12:35:55, LastWriteTime: 22/12/2017 23:38:45, ChangeTime: 13/03/2018 21:29:18, FileAttributes: A"
"12:56:04.1062606","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\d3d9.dll","SUCCESS",""
"12:56:04.1064157","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\d3d9.dll","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.1064750","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\d3d9.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READ|PAGE_NOCACHE"
"12:56:04.1065018","nwtoolset.exe","17432","QueryStandardInformationFile","C:\Windows\SysWOW64\d3d9.dll","SUCCESS","AllocationSize: 1,478,656, EndOfFile: 1,474,680, NumberOfLinks: 2, DeletePending: False, Directory: False"
"12:56:04.1065280","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\d3d9.dll","SUCCESS","SyncType: SyncTypeOther"
"12:56:04.1066042","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\d3d9.dll","SUCCESS",""
"12:56:04.1068834","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\d3d8.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.1069373","nwtoolset.exe","17432","QueryBasicInformationFile","C:\Windows\SysWOW64\d3d8.dll","SUCCESS","CreationTime: 29/09/2017 15:42:14, LastAccessTime: 19/03/2018 00:32:50, LastWriteTime: 29/09/2017 15:42:14, ChangeTime: 22/12/2017 23:57:14, FileAttributes: A"
"12:56:04.1069485","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\d3d8.dll","SUCCESS",""
"12:56:04.1070891","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\d3d8.dll","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.1071536","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\d3d8.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READ|PAGE_NOCACHE"
"12:56:04.1071716","nwtoolset.exe","17432","QueryStandardInformationFile","C:\Windows\SysWOW64\d3d8.dll","SUCCESS","AllocationSize: 716,800, EndOfFile: 713,216, NumberOfLinks: 2, DeletePending: False, Directory: False"
"12:56:04.1071924","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\d3d8.dll","SUCCESS","SyncType: SyncTypeOther"
"12:56:04.1072427","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\d3d8.dll","SUCCESS",""
"12:56:04.1074966","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\d3d8.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.1075297","nwtoolset.exe","17432","QueryBasicInformationFile","C:\Windows\SysWOW64\d3d8.dll","SUCCESS","CreationTime: 29/09/2017 15:42:14, LastAccessTime: 19/03/2018 00:32:50, LastWriteTime: 29/09/2017 15:42:14, ChangeTime: 22/12/2017 23:57:14, FileAttributes: A"
"12:56:04.1075388","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\d3d8.dll","SUCCESS",""
"12:56:04.1076589","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\d3d8.dll","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.1077101","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\d3d8.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READ|PAGE_NOCACHE"
"12:56:04.1077234","nwtoolset.exe","17432","QueryStandardInformationFile","C:\Windows\SysWOW64\d3d8.dll","SUCCESS","AllocationSize: 716,800, EndOfFile: 713,216, NumberOfLinks: 2, DeletePending: False, Directory: False"
"12:56:04.1077390","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\d3d8.dll","SUCCESS","SyncType: SyncTypeOther"
"12:56:04.1077857","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\d3d8.dll","SUCCESS",""
"12:56:04.1080854","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\d3d.dll","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:56:04.1083974","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\d3d.dll","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:56:04.1086278","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\ddraw.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.1086802","nwtoolset.exe","17432","QueryBasicInformationFile","C:\Windows\SysWOW64\ddraw.dll","SUCCESS","CreationTime: 29/09/2017 15:42:14, LastAccessTime: 02/04/2018 12:11:32, LastWriteTime: 29/09/2017 15:42:14, ChangeTime: 22/12/2017 23:57:15, FileAttributes: A"
"12:56:04.1086911","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\ddraw.dll","SUCCESS",""
"12:56:04.1088230","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\ddraw.dll","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.1088763","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\ddraw.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READ|PAGE_NOCACHE"
"12:56:04.1088886","nwtoolset.exe","17432","QueryStandardInformationFile","C:\Windows\SysWOW64\ddraw.dll","SUCCESS","AllocationSize: 532,480, EndOfFile: 531,456, NumberOfLinks: 2, DeletePending: False, Directory: False"
"12:56:04.1089076","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\ddraw.dll","SUCCESS","SyncType: SyncTypeOther"
"12:56:04.1089684","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\ddraw.dll","SUCCESS",""
"12:56:04.1092196","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\ddraw.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.1092660","nwtoolset.exe","17432","QueryBasicInformationFile","C:\Windows\SysWOW64\ddraw.dll","SUCCESS","CreationTime: 29/09/2017 15:42:14, LastAccessTime: 02/04/2018 12:11:32, LastWriteTime: 29/09/2017 15:42:14, ChangeTime: 22/12/2017 23:57:15, FileAttributes: A"
"12:56:04.1092811","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\ddraw.dll","SUCCESS",""
"12:56:04.1094518","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\ddraw.dll","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.1095208","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\ddraw.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READ|PAGE_NOCACHE"
"12:56:04.1095319","nwtoolset.exe","17432","QueryStandardInformationFile","C:\Windows\SysWOW64\ddraw.dll","SUCCESS","AllocationSize: 532,480, EndOfFile: 531,456, NumberOfLinks: 2, DeletePending: False, Directory: False"
"12:56:04.1095467","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\ddraw.dll","SUCCESS","SyncType: SyncTypeOther"
"12:56:04.1096024","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\ddraw.dll","SUCCESS",""
"12:56:04.1098180","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\opengl32.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.1098542","nwtoolset.exe","17432","QueryBasicInformationFile","C:\Windows\SysWOW64\opengl32.dll","SUCCESS","CreationTime: 29/09/2017 15:42:22, LastAccessTime: 02/04/2018 12:56:04, LastWriteTime: 29/09/2017 15:42:22, ChangeTime: 22/12/2017 23:57:21, FileAttributes: A"
"12:56:04.1098638","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\opengl32.dll","SUCCESS",""
"12:56:04.1100539","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\it-IT\tzres.dll.mui","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.1101099","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\it-IT\tzres.dll.mui","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READ|PAGE_NOCACHE"
"12:56:04.1101292","nwtoolset.exe","17432","QueryStandardInformationFile","C:\Windows\SysWOW64\it-IT\tzres.dll.mui","SUCCESS","AllocationSize: 45,056, EndOfFile: 41,984, NumberOfLinks: 4, DeletePending: False, Directory: False"
"12:56:04.1101460","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\System32\it-IT\tzres.dll.mui","SUCCESS","SyncType: SyncTypeOther"
"12:56:04.1102192","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\it-IT\tzres.dll.mui","SUCCESS",""
"12:56:04.1105029","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\tzres.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.1105409","nwtoolset.exe","17432","QueryBasicInformationFile","C:\Windows\SysWOW64\tzres.dll","SUCCESS","CreationTime: 16/02/2018 01:18:59, LastAccessTime: 16/02/2018 01:20:46, LastWriteTime: 10/02/2018 06:44:27, ChangeTime: 13/03/2018 21:29:18, FileAttributes: A"
"12:56:04.1105505","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\tzres.dll","SUCCESS",""
"12:56:04.1107162","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\tzres.dll","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.1107890","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\tzres.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READ|PAGE_NOCACHE"
"12:56:04.1108198","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\tzres.dll","SUCCESS","SyncType: SyncTypeOther"
"12:56:04.1108740","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\tzres.dll","SUCCESS",""
"12:56:04.1111887","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\dxgi.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.1112272","nwtoolset.exe","17432","QueryBasicInformationFile","C:\Windows\SysWOW64\dxgi.dll","SUCCESS","CreationTime: 22/12/2017 23:38:41, LastAccessTime: 02/04/2018 12:55:38, LastWriteTime: 22/12/2017 23:38:41, ChangeTime: 13/03/2018 21:29:18, FileAttributes: A"
"12:56:04.1112375","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\dxgi.dll","SUCCESS",""
"12:56:04.1113601","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\dxgi.dll","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.1114122","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\dxgi.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READ|PAGE_NOCACHE"
"12:56:04.1114254","nwtoolset.exe","17432","QueryStandardInformationFile","C:\Windows\SysWOW64\dxgi.dll","SUCCESS","AllocationSize: 593,920, EndOfFile: 590,944, NumberOfLinks: 2, DeletePending: False, Directory: False"
"12:56:04.1114417","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\dxgi.dll","SUCCESS","SyncType: SyncTypeOther"
"12:56:04.1114950","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\dxgi.dll","SUCCESS",""
"12:56:04.1117528","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\dxgi.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.1117880","nwtoolset.exe","17432","QueryBasicInformationFile","C:\Windows\SysWOW64\dxgi.dll","SUCCESS","CreationTime: 22/12/2017 23:38:41, LastAccessTime: 02/04/2018 12:55:38, LastWriteTime: 22/12/2017 23:38:41, ChangeTime: 13/03/2018 21:29:18, FileAttributes: A"
"12:56:04.1117971","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\dxgi.dll","SUCCESS",""
"12:56:04.1119124","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\dxgi.dll","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.1119612","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\dxgi.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READ|PAGE_NOCACHE"
"12:56:04.1119736","nwtoolset.exe","17432","QueryStandardInformationFile","C:\Windows\SysWOW64\dxgi.dll","SUCCESS","AllocationSize: 593,920, EndOfFile: 590,944, NumberOfLinks: 2, DeletePending: False, Directory: False"
"12:56:04.1119892","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\dxgi.dll","SUCCESS","SyncType: SyncTypeOther"
"12:56:04.1120398","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\dxgi.dll","SUCCESS",""
"12:56:04.1122979","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\d3d9.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.1123341","nwtoolset.exe","17432","QueryBasicInformationFile","C:\Windows\SysWOW64\d3d9.dll","SUCCESS","CreationTime: 22/12/2017 23:38:45, LastAccessTime: 02/04/2018 12:35:55, LastWriteTime: 22/12/2017 23:38:45, ChangeTime: 13/03/2018 21:29:18, FileAttributes: A"
"12:56:04.1123434","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\d3d9.dll","SUCCESS",""
"12:56:04.1125422","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\d3d9.dll","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.1126211","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\d3d9.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READ|PAGE_NOCACHE"
"12:56:04.1126404","nwtoolset.exe","17432","QueryStandardInformationFile","C:\Windows\SysWOW64\d3d9.dll","SUCCESS","AllocationSize: 1,478,656, EndOfFile: 1,474,680, NumberOfLinks: 2, DeletePending: False, Directory: False"
"12:56:04.1126681","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\d3d9.dll","SUCCESS","SyncType: SyncTypeOther"
"12:56:04.1127406","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\d3d9.dll","SUCCESS",""
"12:56:04.1130310","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\d3d9.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.1130771","nwtoolset.exe","17432","QueryBasicInformationFile","C:\Windows\SysWOW64\d3d9.dll","SUCCESS","CreationTime: 22/12/2017 23:38:45, LastAccessTime: 02/04/2018 12:35:55, LastWriteTime: 22/12/2017 23:38:45, ChangeTime: 13/03/2018 21:29:18, FileAttributes: A"
"12:56:04.1131060","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\d3d9.dll","SUCCESS",""
"12:56:04.1132674","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\d3d9.dll","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.1133400","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\d3d9.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READ|PAGE_NOCACHE"
"12:56:04.1133602","nwtoolset.exe","17432","QueryStandardInformationFile","C:\Windows\SysWOW64\d3d9.dll","SUCCESS","AllocationSize: 1,478,656, EndOfFile: 1,474,680, NumberOfLinks: 2, DeletePending: False, Directory: False"
"12:56:04.1133861","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\d3d9.dll","SUCCESS","SyncType: SyncTypeOther"
"12:56:04.1134586","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\d3d9.dll","SUCCESS",""
"12:56:04.1138038","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\d3d8.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.1138583","nwtoolset.exe","17432","QueryBasicInformationFile","C:\Windows\SysWOW64\d3d8.dll","SUCCESS","CreationTime: 29/09/2017 15:42:14, LastAccessTime: 19/03/2018 00:32:50, LastWriteTime: 29/09/2017 15:42:14, ChangeTime: 22/12/2017 23:57:14, FileAttributes: A"
"12:56:04.1138752","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\d3d8.dll","SUCCESS",""
"12:56:04.1140390","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\d3d8.dll","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.1141083","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\d3d8.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READ|PAGE_NOCACHE"
"12:56:04.1141257","nwtoolset.exe","17432","QueryStandardInformationFile","C:\Windows\SysWOW64\d3d8.dll","SUCCESS","AllocationSize: 716,800, EndOfFile: 713,216, NumberOfLinks: 2, DeletePending: False, Directory: False"
"12:56:04.1141483","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\d3d8.dll","SUCCESS","SyncType: SyncTypeOther"
"12:56:04.1141971","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\d3d8.dll","SUCCESS",""
"12:56:04.1144104","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\d3d8.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.1144438","nwtoolset.exe","17432","QueryBasicInformationFile","C:\Windows\SysWOW64\d3d8.dll","SUCCESS","CreationTime: 29/09/2017 15:42:14, LastAccessTime: 19/03/2018 00:32:50, LastWriteTime: 29/09/2017 15:42:14, ChangeTime: 22/12/2017 23:57:14, FileAttributes: A"
"12:56:04.1144531","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\d3d8.dll","SUCCESS",""
"12:56:04.1145606","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\d3d8.dll","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.1146146","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\d3d8.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READ|PAGE_NOCACHE"
"12:56:04.1146260","nwtoolset.exe","17432","QueryStandardInformationFile","C:\Windows\SysWOW64\d3d8.dll","SUCCESS","AllocationSize: 716,800, EndOfFile: 713,216, NumberOfLinks: 2, DeletePending: False, Directory: False"
"12:56:04.1146426","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\d3d8.dll","SUCCESS","SyncType: SyncTypeOther"
"12:56:04.1146908","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\d3d8.dll","SUCCESS",""
"12:56:04.1149103","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\d3d.dll","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:56:04.1151802","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\d3d.dll","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:56:04.1155678","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\ddraw.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.1156283","nwtoolset.exe","17432","QueryBasicInformationFile","C:\Windows\SysWOW64\ddraw.dll","SUCCESS","CreationTime: 29/09/2017 15:42:14, LastAccessTime: 02/04/2018 12:11:32, LastWriteTime: 29/09/2017 15:42:14, ChangeTime: 22/12/2017 23:57:15, FileAttributes: A"
"12:56:04.1156464","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\ddraw.dll","SUCCESS",""
"12:56:04.1158373","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\ddraw.dll","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.1159087","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\ddraw.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READ|PAGE_NOCACHE"
"12:56:04.1159217","nwtoolset.exe","17432","QueryStandardInformationFile","C:\Windows\SysWOW64\ddraw.dll","SUCCESS","AllocationSize: 532,480, EndOfFile: 531,456, NumberOfLinks: 2, DeletePending: False, Directory: False"
"12:56:04.1159485","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\ddraw.dll","SUCCESS","SyncType: SyncTypeOther"
"12:56:04.1160144","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\ddraw.dll","SUCCESS",""
"12:56:04.1163596","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\ddraw.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.1164168","nwtoolset.exe","17432","QueryBasicInformationFile","C:\Windows\SysWOW64\ddraw.dll","SUCCESS","CreationTime: 29/09/2017 15:42:14, LastAccessTime: 02/04/2018 12:11:32, LastWriteTime: 29/09/2017 15:42:14, ChangeTime: 22/12/2017 23:57:15, FileAttributes: A"
"12:56:04.1164327","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\ddraw.dll","SUCCESS",""
"12:56:04.1166300","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\ddraw.dll","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.1166839","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\ddraw.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READ|PAGE_NOCACHE"
"12:56:04.1166963","nwtoolset.exe","17432","QueryStandardInformationFile","C:\Windows\SysWOW64\ddraw.dll","SUCCESS","AllocationSize: 532,480, EndOfFile: 531,456, NumberOfLinks: 2, DeletePending: False, Directory: False"
"12:56:04.1167273","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\ddraw.dll","SUCCESS","SyncType: SyncTypeOther"
"12:56:04.1167836","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\ddraw.dll","SUCCESS",""
"12:56:04.1170101","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\opengl32.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.1170535","nwtoolset.exe","17432","QueryBasicInformationFile","C:\Windows\SysWOW64\opengl32.dll","SUCCESS","CreationTime: 29/09/2017 15:42:22, LastAccessTime: 02/04/2018 12:56:04, LastWriteTime: 29/09/2017 15:42:22, ChangeTime: 22/12/2017 23:57:21, FileAttributes: A"
"12:56:04.1170631","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\opengl32.dll","SUCCESS",""
"12:56:04.1172303","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\it-IT\tzres.dll.mui","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.1172769","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\it-IT\tzres.dll.mui","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READ|PAGE_NOCACHE"
"12:56:04.1172893","nwtoolset.exe","17432","QueryStandardInformationFile","C:\Windows\SysWOW64\it-IT\tzres.dll.mui","SUCCESS","AllocationSize: 45,056, EndOfFile: 41,984, NumberOfLinks: 4, DeletePending: False, Directory: False"
"12:56:04.1173378","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\System32\it-IT\tzres.dll.mui","SUCCESS","SyncType: SyncTypeOther"
"12:56:04.1174140","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\it-IT\tzres.dll.mui","SUCCESS",""
"12:56:04.1176016","nwtoolset.exe","17432","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:56:04.1176176","nwtoolset.exe","17432","RegQueryKey","HKCU","SUCCESS","Query: Name"
"12:56:04.1176317","nwtoolset.exe","17432","RegOpenKey","HKCU\Software\Borland\Locales","SUCCESS","Desired Access: Read, Delete, Write DAC, Write Owner"
"12:56:04.1176643","nwtoolset.exe","17432","RegSetInfoKey","HKCU\Software\Borland\Locales","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:56:04.1178811","nwtoolset.exe","17432","CreateFile","C:\Program Files (x86)\Steam\steamapps\common\Neverwinter Nights\bin\win32\nwtoolset.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.1179275","nwtoolset.exe","17432","QueryBasicInformationFile","C:\Program Files (x86)\Steam\steamapps\common\Neverwinter Nights\bin\win32\nwtoolset.exe","SUCCESS","CreationTime: 19/03/2018 00:32:41, LastAccessTime: 02/04/2018 12:56:04, LastWriteTime: 27/03/2018 21:23:25, ChangeTime: 27/03/2018 21:23:31, FileAttributes: A"
"12:56:04.1179380","nwtoolset.exe","17432","CloseFile","C:\Program Files (x86)\Steam\steamapps\common\Neverwinter Nights\bin\win32\nwtoolset.exe","SUCCESS",""
"12:56:04.1180618","nwtoolset.exe","17432","CreateFile","C:\Program Files (x86)","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.1181043","nwtoolset.exe","17432","QueryDirectory","C:\Program Files (x86)\Steam","SUCCESS","Filter: Steam, 1: Steam"
"12:56:04.1182058","nwtoolset.exe","17432","CloseFile","C:\Program Files (x86)","SUCCESS",""
"12:56:04.1183717","nwtoolset.exe","17432","CreateFile","C:\Program Files (x86)\Steam\steamapps","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.1184072","nwtoolset.exe","17432","QueryDirectory","C:\Program Files (x86)\Steam\steamapps\common","SUCCESS","Filter: common, 1: common"
"12:56:04.1184374","nwtoolset.exe","17432","CloseFile","C:\Program Files (x86)\Steam\steamapps","SUCCESS",""
"12:56:04.1185551","nwtoolset.exe","17432","CreateFile","C:\Program Files (x86)\Steam\steamapps\common\Neverwinter Nights","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.1186069","nwtoolset.exe","17432","QueryDirectory","C:\Program Files (x86)\Steam\steamapps\common\Neverwinter Nights\bin","SUCCESS","Filter: bin, 1: bin"
"12:56:04.1186452","nwtoolset.exe","17432","CloseFile","C:\Program Files (x86)\Steam\steamapps\common\Neverwinter Nights","SUCCESS",""
"12:56:04.1187804","nwtoolset.exe","17432","CreateFile","C:\Program Files (x86)\Steam\steamapps\common\Neverwinter Nights\bin","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.1188165","nwtoolset.exe","17432","QueryDirectory","C:\Program Files (x86)\Steam\steamapps\common\Neverwinter Nights\bin\win32","SUCCESS","Filter: win32, 1: win32"
"12:56:04.1188497","nwtoolset.exe","17432","CloseFile","C:\Program Files (x86)\Steam\steamapps\common\Neverwinter Nights\bin","SUCCESS",""
"12:56:04.1189036","nwtoolset.exe","17432","RegQueryValue","HKCU\Software\Borland\Locales\C:\Program Files (x86)\Steam\steamapps\common\Neverwinter Nights\bin\win32\nwtoolset.exe","NAME NOT FOUND","Length: 144"
"12:56:04.1189171","nwtoolset.exe","17432","RegQueryValue","HKCU\Software\Borland\Locales\(Default)","NAME NOT FOUND","Length: 144"
"12:56:04.1189325","nwtoolset.exe","17432","RegCloseKey","HKCU\Software\Borland\Locales","SUCCESS",""
"12:56:04.1189632","nwtoolset.exe","17432","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","REPARSE","Desired Access: Read"
"12:56:04.1189822","nwtoolset.exe","17432","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","Desired Access: Read"
"12:56:04.1190039","nwtoolset.exe","17432","RegSetInfoKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:56:04.1190241","nwtoolset.exe","17432","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale\it-IT","NAME NOT FOUND","Length: 532"
"12:56:04.1190481","nwtoolset.exe","17432","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS",""
"12:56:04.1190677","nwtoolset.exe","17432","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","REPARSE","Desired Access: Read"
"12:56:04.1190789","nwtoolset.exe","17432","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","Desired Access: Read"
"12:56:04.1191093","nwtoolset.exe","17432","RegSetInfoKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:56:04.1191195","nwtoolset.exe","17432","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale\it-IT","NAME NOT FOUND","Length: 532"
"12:56:04.1191400","nwtoolset.exe","17432","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS",""
"12:56:04.1193876","nwtoolset.exe","17432","CreateFile","C:\Program Files (x86)\Steam\steamapps\common\Neverwinter Nights\bin\win32\nwtoolset.ITA","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:56:04.1196315","nwtoolset.exe","17432","CreateFile","C:\Program Files (x86)\Steam\steamapps\common\Neverwinter Nights\bin\win32\nwtoolset.ITA.DLL","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:56:04.1198523","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\dxgi.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.1198908","nwtoolset.exe","17432","QueryBasicInformationFile","C:\Windows\SysWOW64\dxgi.dll","SUCCESS","CreationTime: 22/12/2017 23:38:41, LastAccessTime: 02/04/2018 12:55:38, LastWriteTime: 22/12/2017 23:38:41, ChangeTime: 13/03/2018 21:29:18, FileAttributes: A"
"12:56:04.1199008","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\dxgi.dll","SUCCESS",""
"12:56:04.1200339","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\dxgi.dll","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.1200839","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\dxgi.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READ|PAGE_NOCACHE"
"12:56:04.1200962","nwtoolset.exe","17432","QueryStandardInformationFile","C:\Windows\SysWOW64\dxgi.dll","SUCCESS","AllocationSize: 593,920, EndOfFile: 590,944, NumberOfLinks: 2, DeletePending: False, Directory: False"
"12:56:04.1201122","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\dxgi.dll","SUCCESS","SyncType: SyncTypeOther"
"12:56:04.1201670","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\dxgi.dll","SUCCESS",""
"12:56:04.1204055","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\dxgi.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.1204402","nwtoolset.exe","17432","QueryBasicInformationFile","C:\Windows\SysWOW64\dxgi.dll","SUCCESS","CreationTime: 22/12/2017 23:38:41, LastAccessTime: 02/04/2018 12:55:38, LastWriteTime: 22/12/2017 23:38:41, ChangeTime: 13/03/2018 21:29:18, FileAttributes: A"
"12:56:04.1204498","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\dxgi.dll","SUCCESS",""
"12:56:04.1205597","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\dxgi.dll","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.1206272","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\dxgi.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READ|PAGE_NOCACHE"
"12:56:04.1206414","nwtoolset.exe","17432","QueryStandardInformationFile","C:\Windows\SysWOW64\dxgi.dll","SUCCESS","AllocationSize: 593,920, EndOfFile: 590,944, NumberOfLinks: 2, DeletePending: False, Directory: False"
"12:56:04.1206570","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\dxgi.dll","SUCCESS","SyncType: SyncTypeOther"
"12:56:04.1207076","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\dxgi.dll","SUCCESS",""
"12:56:04.1209895","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\d3d9.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.1210431","nwtoolset.exe","17432","QueryBasicInformationFile","C:\Windows\SysWOW64\d3d9.dll","SUCCESS","CreationTime: 22/12/2017 23:38:45, LastAccessTime: 02/04/2018 12:35:55, LastWriteTime: 22/12/2017 23:38:45, ChangeTime: 13/03/2018 21:29:18, FileAttributes: A"
"12:56:04.1210597","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\d3d9.dll","SUCCESS",""
"12:56:04.1212401","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\d3d9.dll","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.1213070","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\d3d9.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READ|PAGE_NOCACHE"
"12:56:04.1213253","nwtoolset.exe","17432","QueryStandardInformationFile","C:\Windows\SysWOW64\d3d9.dll","SUCCESS","AllocationSize: 1,478,656, EndOfFile: 1,474,680, NumberOfLinks: 2, DeletePending: False, Directory: False"
"12:56:04.1213416","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\d3d9.dll","SUCCESS","SyncType: SyncTypeOther"
"12:56:04.1213988","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\d3d9.dll","SUCCESS",""
"12:56:04.1216193","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\d3d9.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.1216536","nwtoolset.exe","17432","QueryBasicInformationFile","C:\Windows\SysWOW64\d3d9.dll","SUCCESS","CreationTime: 22/12/2017 23:38:45, LastAccessTime: 02/04/2018 12:35:55, LastWriteTime: 22/12/2017 23:38:45, ChangeTime: 13/03/2018 21:29:18, FileAttributes: A"
"12:56:04.1216629","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\d3d9.dll","SUCCESS",""
"12:56:04.1217747","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\d3d9.dll","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.1218226","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\d3d9.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READ|PAGE_NOCACHE"
"12:56:04.1218343","nwtoolset.exe","17432","QueryStandardInformationFile","C:\Windows\SysWOW64\d3d9.dll","SUCCESS","AllocationSize: 1,478,656, EndOfFile: 1,474,680, NumberOfLinks: 2, DeletePending: False, Directory: False"
"12:56:04.1218491","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\d3d9.dll","SUCCESS","SyncType: SyncTypeOther"
"12:56:04.1219012","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\d3d9.dll","SUCCESS",""
"12:56:04.1221222","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\d3d8.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.1221858","nwtoolset.exe","17432","QueryBasicInformationFile","C:\Windows\SysWOW64\d3d8.dll","SUCCESS","CreationTime: 29/09/2017 15:42:14, LastAccessTime: 19/03/2018 00:32:50, LastWriteTime: 29/09/2017 15:42:14, ChangeTime: 22/12/2017 23:57:14, FileAttributes: A"
"12:56:04.1222027","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\d3d8.dll","SUCCESS",""
"12:56:04.1223713","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\d3d8.dll","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.1224391","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\d3d8.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READ|PAGE_NOCACHE"
"12:56:04.1224565","nwtoolset.exe","17432","QueryStandardInformationFile","C:\Windows\SysWOW64\d3d8.dll","SUCCESS","AllocationSize: 716,800, EndOfFile: 713,216, NumberOfLinks: 2, DeletePending: False, Directory: False"
"12:56:04.1224827","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\d3d8.dll","SUCCESS","SyncType: SyncTypeOther"
"12:56:04.1225577","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\d3d8.dll","SUCCESS",""
"12:56:04.1228791","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\d3d8.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.1229291","nwtoolset.exe","17432","QueryBasicInformationFile","C:\Windows\SysWOW64\d3d8.dll","SUCCESS","CreationTime: 29/09/2017 15:42:14, LastAccessTime: 19/03/2018 00:32:50, LastWriteTime: 29/09/2017 15:42:14, ChangeTime: 22/12/2017 23:57:14, FileAttributes: A"
"12:56:04.1229450","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\d3d8.dll","SUCCESS",""
"12:56:04.1231116","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\d3d8.dll","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.1231806","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\d3d8.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READ|PAGE_NOCACHE"
"12:56:04.1231986","nwtoolset.exe","17432","QueryStandardInformationFile","C:\Windows\SysWOW64\d3d8.dll","SUCCESS","AllocationSize: 716,800, EndOfFile: 713,216, NumberOfLinks: 2, DeletePending: False, Directory: False"
"12:56:04.1232215","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\d3d8.dll","SUCCESS","SyncType: SyncTypeOther"
"12:56:04.1232715","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\d3d8.dll","SUCCESS",""
"12:56:04.1235634","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\d3d.dll","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:56:04.1238856","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\d3d.dll","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:56:04.1241371","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\ddraw.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.1241832","nwtoolset.exe","17432","QueryBasicInformationFile","C:\Windows\SysWOW64\ddraw.dll","SUCCESS","CreationTime: 29/09/2017 15:42:14, LastAccessTime: 02/04/2018 12:11:32, LastWriteTime: 29/09/2017 15:42:14, ChangeTime: 22/12/2017 23:57:15, FileAttributes: A"
"12:56:04.1241985","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\ddraw.dll","SUCCESS",""
"12:56:04.1243332","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\ddraw.dll","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.1243829","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\ddraw.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READ|PAGE_NOCACHE"
"12:56:04.1243946","nwtoolset.exe","17432","QueryStandardInformationFile","C:\Windows\SysWOW64\ddraw.dll","SUCCESS","AllocationSize: 532,480, EndOfFile: 531,456, NumberOfLinks: 2, DeletePending: False, Directory: False"
"12:56:04.1244103","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\ddraw.dll","SUCCESS","SyncType: SyncTypeOther"
"12:56:04.1244648","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\ddraw.dll","SUCCESS",""
"12:56:04.1247557","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\ddraw.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.1248054","nwtoolset.exe","17432","QueryBasicInformationFile","C:\Windows\SysWOW64\ddraw.dll","SUCCESS","CreationTime: 29/09/2017 15:42:14, LastAccessTime: 02/04/2018 12:11:32, LastWriteTime: 29/09/2017 15:42:14, ChangeTime: 22/12/2017 23:57:15, FileAttributes: A"
"12:56:04.1248190","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\ddraw.dll","SUCCESS",""
"12:56:04.1250147","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\ddraw.dll","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.1250879","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\ddraw.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READ|PAGE_NOCACHE"
"12:56:04.1251066","nwtoolset.exe","17432","QueryStandardInformationFile","C:\Windows\SysWOW64\ddraw.dll","SUCCESS","AllocationSize: 532,480, EndOfFile: 531,456, NumberOfLinks: 2, DeletePending: False, Directory: False"
"12:56:04.1251319","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\ddraw.dll","SUCCESS","SyncType: SyncTypeOther"
"12:56:04.1252129","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\ddraw.dll","SUCCESS",""
"12:56:04.1256005","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\opengl32.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.1256737","nwtoolset.exe","17432","QueryBasicInformationFile","C:\Windows\SysWOW64\opengl32.dll","SUCCESS","CreationTime: 29/09/2017 15:42:22, LastAccessTime: 02/04/2018 12:56:04, LastWriteTime: 29/09/2017 15:42:22, ChangeTime: 22/12/2017 23:57:21, FileAttributes: A"
"12:56:04.1256912","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\opengl32.dll","SUCCESS",""
"12:56:04.1260706","nwtoolset.exe","17432","CreateFile","C:\Program Files (x86)\Steam\steamapps\common\Neverwinter Nights\bin\win32\nwtoolset.IT","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:56:04.1264227","nwtoolset.exe","17432","CreateFile","C:\Program Files (x86)\Steam\steamapps\common\Neverwinter Nights\bin\win32\nwtoolset.IT.DLL","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:56:04.1267456","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\dxgi.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.1268064","nwtoolset.exe","17432","QueryBasicInformationFile","C:\Windows\SysWOW64\dxgi.dll","SUCCESS","CreationTime: 22/12/2017 23:38:41, LastAccessTime: 02/04/2018 12:55:38, LastWriteTime: 22/12/2017 23:38:41, ChangeTime: 13/03/2018 21:29:18, FileAttributes: A"
"12:56:04.1268242","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\dxgi.dll","SUCCESS",""
"12:56:04.1269862","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\dxgi.dll","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.1270401","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\dxgi.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READ|PAGE_NOCACHE"
"12:56:04.1270531","nwtoolset.exe","17432","QueryStandardInformationFile","C:\Windows\SysWOW64\dxgi.dll","SUCCESS","AllocationSize: 593,920, EndOfFile: 590,944, NumberOfLinks: 2, DeletePending: False, Directory: False"
"12:56:04.1270699","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\dxgi.dll","SUCCESS","SyncType: SyncTypeOther"
"12:56:04.1271275","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\dxgi.dll","SUCCESS",""
"12:56:04.1274235","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\dxgi.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.1274615","nwtoolset.exe","17432","QueryBasicInformationFile","C:\Windows\SysWOW64\dxgi.dll","SUCCESS","CreationTime: 22/12/2017 23:38:41, LastAccessTime: 02/04/2018 12:55:38, LastWriteTime: 22/12/2017 23:38:41, ChangeTime: 13/03/2018 21:29:18, FileAttributes: A"
"12:56:04.1274729","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\dxgi.dll","SUCCESS",""
"12:56:04.1275991","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\dxgi.dll","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.1276518","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\dxgi.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READ|PAGE_NOCACHE"
"12:56:04.1276648","nwtoolset.exe","17432","QueryStandardInformationFile","C:\Windows\SysWOW64\dxgi.dll","SUCCESS","AllocationSize: 593,920, EndOfFile: 590,944, NumberOfLinks: 2, DeletePending: False, Directory: False"
"12:56:04.1276816","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\dxgi.dll","SUCCESS","SyncType: SyncTypeOther"
"12:56:04.1277358","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\dxgi.dll","SUCCESS",""
"12:56:04.1279518","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\d3d9.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.1279909","nwtoolset.exe","17432","QueryBasicInformationFile","C:\Windows\SysWOW64\d3d9.dll","SUCCESS","CreationTime: 22/12/2017 23:38:45, LastAccessTime: 02/04/2018 12:35:55, LastWriteTime: 22/12/2017 23:38:45, ChangeTime: 13/03/2018 21:29:18, FileAttributes: A"
"12:56:04.1280009","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\d3d9.dll","SUCCESS",""
"12:56:04.1281313","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\d3d9.dll","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.1281837","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\d3d9.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READ|PAGE_NOCACHE"
"12:56:04.1281960","nwtoolset.exe","17432","QueryStandardInformationFile","C:\Windows\SysWOW64\d3d9.dll","SUCCESS","AllocationSize: 1,478,656, EndOfFile: 1,474,680, NumberOfLinks: 2, DeletePending: False, Directory: False"
"12:56:04.1282114","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\d3d9.dll","SUCCESS","SyncType: SyncTypeOther"
"12:56:04.1282671","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\d3d9.dll","SUCCESS",""
"12:56:04.1284803","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\d3d9.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.1285138","nwtoolset.exe","17432","QueryBasicInformationFile","C:\Windows\SysWOW64\d3d9.dll","SUCCESS","CreationTime: 22/12/2017 23:38:45, LastAccessTime: 02/04/2018 12:35:55, LastWriteTime: 22/12/2017 23:38:45, ChangeTime: 13/03/2018 21:29:18, FileAttributes: A"
"12:56:04.1285237","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\d3d9.dll","SUCCESS",""
"12:56:04.1286945","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\d3d9.dll","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.1287707","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\d3d9.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READ|PAGE_NOCACHE"
"12:56:04.1287842","nwtoolset.exe","17432","QueryStandardInformationFile","C:\Windows\SysWOW64\d3d9.dll","SUCCESS","AllocationSize: 1,478,656, EndOfFile: 1,474,680, NumberOfLinks: 2, DeletePending: False, Directory: False"
"12:56:04.1288002","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\d3d9.dll","SUCCESS","SyncType: SyncTypeOther"
"12:56:04.1288574","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\d3d9.dll","SUCCESS",""
"12:56:04.1291851","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\d3d8.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.1292375","nwtoolset.exe","17432","QueryBasicInformationFile","C:\Windows\SysWOW64\d3d8.dll","SUCCESS","CreationTime: 29/09/2017 15:42:14, LastAccessTime: 19/03/2018 00:32:50, LastWriteTime: 29/09/2017 15:42:14, ChangeTime: 22/12/2017 23:57:14, FileAttributes: A"
"12:56:04.1292634","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\d3d8.dll","SUCCESS",""
"12:56:04.1294384","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\d3d8.dll","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.1295097","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\d3d8.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READ|PAGE_NOCACHE"
"12:56:04.1295275","nwtoolset.exe","17432","QueryStandardInformationFile","C:\Windows\SysWOW64\d3d8.dll","SUCCESS","AllocationSize: 716,800, EndOfFile: 713,216, NumberOfLinks: 2, DeletePending: False, Directory: False"
"12:56:04.1295534","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\d3d8.dll","SUCCESS","SyncType: SyncTypeOther"
"12:56:04.1296347","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\d3d8.dll","SUCCESS",""
"12:56:04.1299549","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\d3d8.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.1300043","nwtoolset.exe","17432","QueryBasicInformationFile","C:\Windows\SysWOW64\d3d8.dll","SUCCESS","CreationTime: 29/09/2017 15:42:14, LastAccessTime: 19/03/2018 00:32:50, LastWriteTime: 29/09/2017 15:42:14, ChangeTime: 22/12/2017 23:57:14, FileAttributes: A"
"12:56:04.1300251","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\d3d8.dll","SUCCESS",""
"12:56:04.1301401","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\d3d8.dll","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.1301880","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\d3d8.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READ|PAGE_NOCACHE"
"12:56:04.1301994","nwtoolset.exe","17432","QueryStandardInformationFile","C:\Windows\SysWOW64\d3d8.dll","SUCCESS","AllocationSize: 716,800, EndOfFile: 713,216, NumberOfLinks: 2, DeletePending: False, Directory: False"
"12:56:04.1302139","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\d3d8.dll","SUCCESS","SyncType: SyncTypeOther"
"12:56:04.1302618","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\d3d8.dll","SUCCESS",""
"12:56:04.1304714","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\d3d.dll","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:56:04.1307738","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\d3d.dll","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:56:04.1309960","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\ddraw.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.1310349","nwtoolset.exe","17432","QueryBasicInformationFile","C:\Windows\SysWOW64\ddraw.dll","SUCCESS","CreationTime: 29/09/2017 15:42:14, LastAccessTime: 02/04/2018 12:11:32, LastWriteTime: 29/09/2017 15:42:14, ChangeTime: 22/12/2017 23:57:15, FileAttributes: A"
"12:56:04.1310445","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\ddraw.dll","SUCCESS",""
"12:56:04.1311560","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\ddraw.dll","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.1312051","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\ddraw.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READ|PAGE_NOCACHE"
"12:56:04.1312168","nwtoolset.exe","17432","QueryStandardInformationFile","C:\Windows\SysWOW64\ddraw.dll","SUCCESS","AllocationSize: 532,480, EndOfFile: 531,456, NumberOfLinks: 2, DeletePending: False, Directory: False"
"12:56:04.1312328","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\ddraw.dll","SUCCESS","SyncType: SyncTypeOther"
"12:56:04.1312873","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\ddraw.dll","SUCCESS",""
"12:56:04.1315222","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\ddraw.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.1315632","nwtoolset.exe","17432","QueryBasicInformationFile","C:\Windows\SysWOW64\ddraw.dll","SUCCESS","CreationTime: 29/09/2017 15:42:14, LastAccessTime: 02/04/2018 12:11:32, LastWriteTime: 29/09/2017 15:42:14, ChangeTime: 22/12/2017 23:57:15, FileAttributes: A"
"12:56:04.1315800","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\ddraw.dll","SUCCESS",""
"12:56:04.1317131","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\ddraw.dll","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.1317674","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\ddraw.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READ|PAGE_NOCACHE"
"12:56:04.1317863","nwtoolset.exe","17432","QueryStandardInformationFile","C:\Windows\SysWOW64\ddraw.dll","SUCCESS","AllocationSize: 532,480, EndOfFile: 531,456, NumberOfLinks: 2, DeletePending: False, Directory: False"
"12:56:04.1318195","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\ddraw.dll","SUCCESS","SyncType: SyncTypeOther"
"12:56:04.1318960","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\ddraw.dll","SUCCESS",""
"12:56:04.1321878","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\opengl32.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.1322360","nwtoolset.exe","17432","QueryBasicInformationFile","C:\Windows\SysWOW64\opengl32.dll","SUCCESS","CreationTime: 29/09/2017 15:42:22, LastAccessTime: 02/04/2018 12:56:04, LastWriteTime: 29/09/2017 15:42:22, ChangeTime: 22/12/2017 23:57:21, FileAttributes: A"
"12:56:04.1322462","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\opengl32.dll","SUCCESS",""
"12:56:04.1330154","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\uxtheme.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.1330567","nwtoolset.exe","17432","QueryBasicInformationFile","C:\Windows\SysWOW64\uxtheme.dll","SUCCESS","CreationTime: 29/09/2017 15:42:25, LastAccessTime: 02/04/2018 12:55:42, LastWriteTime: 29/09/2017 15:42:25, ChangeTime: 22/12/2017 23:57:23, FileAttributes: A"
"12:56:04.1330681","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\uxtheme.dll","SUCCESS",""
"12:56:04.1331925","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\uxtheme.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.1332449","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\uxtheme.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READ"
"12:56:04.1332738","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\uxtheme.dll","SUCCESS","SyncType: SyncTypeOther"
"12:56:04.1333777","nwtoolset.exe","17432","Load Image","C:\Windows\SysWOW64\uxtheme.dll","SUCCESS","Image Base: 0x73f60000, Image Size: 0x79000"
"12:56:04.1334124","nwtoolset.exe","17432","QueryNameInformationFile","C:\Windows\SysWOW64\uxtheme.dll","BUFFER OVERFLOW","Name: \Windo"
"12:56:04.1334310","nwtoolset.exe","17432","QueryNameInformationFile","C:\Windows\SysWOW64\uxtheme.dll","SUCCESS","Name: \Windows\SysWOW64\uxtheme.dll"
"12:56:04.1336280","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\uxtheme.dll","SUCCESS",""
"12:56:04.1339063","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.1339485","nwtoolset.exe","17432","QueryBasicInformationFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","CreationTime: 13/03/2018 21:27:31, LastAccessTime: 02/04/2018 12:12:51, LastWriteTime: 01/03/2018 08:48:05, ChangeTime: 14/03/2018 02:33:17, FileAttributes: A"
"12:56:04.1339662","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS",""
"12:56:04.1343972","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\dxgi.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.1344376","nwtoolset.exe","17432","QueryBasicInformationFile","C:\Windows\SysWOW64\dxgi.dll","SUCCESS","CreationTime: 22/12/2017 23:38:41, LastAccessTime: 02/04/2018 12:55:38, LastWriteTime: 22/12/2017 23:38:41, ChangeTime: 13/03/2018 21:29:18, FileAttributes: A"
"12:56:04.1344499","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\dxgi.dll","SUCCESS",""
"12:56:04.1345879","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\dxgi.dll","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.1346547","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\dxgi.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READ"
"12:56:04.1346695","nwtoolset.exe","17432","QueryStandardInformationFile","C:\Windows\SysWOW64\dxgi.dll","SUCCESS","AllocationSize: 593,920, EndOfFile: 590,944, NumberOfLinks: 2, DeletePending: False, Directory: False"
"12:56:04.1346878","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\dxgi.dll","SUCCESS","SyncType: SyncTypeOther"
"12:56:04.1347457","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\dxgi.dll","SUCCESS",""
"12:56:04.1350107","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\dxgi.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.1350465","nwtoolset.exe","17432","QueryBasicInformationFile","C:\Windows\SysWOW64\dxgi.dll","SUCCESS","CreationTime: 22/12/2017 23:38:41, LastAccessTime: 02/04/2018 12:55:38, LastWriteTime: 22/12/2017 23:38:41, ChangeTime: 13/03/2018 21:29:18, FileAttributes: A"
"12:56:04.1350574","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\dxgi.dll","SUCCESS",""
"12:56:04.1351983","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\dxgi.dll","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.1352495","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\dxgi.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READ"
"12:56:04.1352628","nwtoolset.exe","17432","QueryStandardInformationFile","C:\Windows\SysWOW64\dxgi.dll","SUCCESS","AllocationSize: 593,920, EndOfFile: 590,944, NumberOfLinks: 2, DeletePending: False, Directory: False"
"12:56:04.1352815","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\dxgi.dll","SUCCESS","SyncType: SyncTypeOther"
"12:56:04.1353348","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\dxgi.dll","SUCCESS",""
"12:56:04.1355597","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\d3d9.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.1356064","nwtoolset.exe","17432","QueryBasicInformationFile","C:\Windows\SysWOW64\d3d9.dll","SUCCESS","CreationTime: 22/12/2017 23:38:45, LastAccessTime: 02/04/2018 12:35:55, LastWriteTime: 22/12/2017 23:38:45, ChangeTime: 13/03/2018 21:29:18, FileAttributes: A"
"12:56:04.1356173","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\d3d9.dll","SUCCESS",""
"12:56:04.1358218","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\d3d9.dll","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.1358977","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\d3d9.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READ"
"12:56:04.1359136","nwtoolset.exe","17432","QueryStandardInformationFile","C:\Windows\SysWOW64\d3d9.dll","SUCCESS","AllocationSize: 1,478,656, EndOfFile: 1,474,680, NumberOfLinks: 2, DeletePending: False, Directory: False"
"12:56:04.1359314","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\d3d9.dll","SUCCESS","SyncType: SyncTypeOther"
"12:56:04.1359904","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\d3d9.dll","SUCCESS",""
"12:56:04.1362976","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\d3d9.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.1363500","nwtoolset.exe","17432","QueryBasicInformationFile","C:\Windows\SysWOW64\d3d9.dll","SUCCESS","CreationTime: 22/12/2017 23:38:45, LastAccessTime: 02/04/2018 12:35:55, LastWriteTime: 22/12/2017 23:38:45, ChangeTime: 13/03/2018 21:29:18, FileAttributes: A"
"12:56:04.1363624","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\d3d9.dll","SUCCESS",""
"12:56:04.1364822","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\d3d9.dll","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.1365322","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\d3d9.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READ"
"12:56:04.1365587","nwtoolset.exe","17432","QueryStandardInformationFile","C:\Windows\SysWOW64\d3d9.dll","SUCCESS","AllocationSize: 1,478,656, EndOfFile: 1,474,680, NumberOfLinks: 2, DeletePending: False, Directory: False"
"12:56:04.1365849","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\d3d9.dll","SUCCESS","SyncType: SyncTypeOther"
"12:56:04.1366693","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\d3d9.dll","SUCCESS",""
"12:56:04.1369677","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\d3d8.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.1370250","nwtoolset.exe","17432","QueryBasicInformationFile","C:\Windows\SysWOW64\d3d8.dll","SUCCESS","CreationTime: 29/09/2017 15:42:14, LastAccessTime: 19/03/2018 00:32:50, LastWriteTime: 29/09/2017 15:42:14, ChangeTime: 22/12/2017 23:57:14, FileAttributes: A"
"12:56:04.1370445","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\d3d8.dll","SUCCESS",""
"12:56:04.1371891","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\d3d8.dll","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.1372451","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\d3d8.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READ"
"12:56:04.1372590","nwtoolset.exe","17432","QueryStandardInformationFile","C:\Windows\SysWOW64\d3d8.dll","SUCCESS","AllocationSize: 716,800, EndOfFile: 713,216, NumberOfLinks: 2, DeletePending: False, Directory: False"
"12:56:04.1372773","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\d3d8.dll","SUCCESS","SyncType: SyncTypeOther"
"12:56:04.1373328","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\d3d8.dll","SUCCESS",""
"12:56:04.1375592","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\d3d8.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.1375984","nwtoolset.exe","17432","QueryBasicInformationFile","C:\Windows\SysWOW64\d3d8.dll","SUCCESS","CreationTime: 29/09/2017 15:42:14, LastAccessTime: 19/03/2018 00:32:50, LastWriteTime: 29/09/2017 15:42:14, ChangeTime: 22/12/2017 23:57:14, FileAttributes: A"
"12:56:04.1376095","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\d3d8.dll","SUCCESS",""
"12:56:04.1377255","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\d3d8.dll","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.1377761","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\d3d8.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READ"
"12:56:04.1377890","nwtoolset.exe","17432","QueryStandardInformationFile","C:\Windows\SysWOW64\d3d8.dll","SUCCESS","AllocationSize: 716,800, EndOfFile: 713,216, NumberOfLinks: 2, DeletePending: False, Directory: False"
"12:56:04.1378122","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\d3d8.dll","SUCCESS","SyncType: SyncTypeOther"
"12:56:04.1378704","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\d3d8.dll","SUCCESS",""
"12:56:04.1380878","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\d3d.dll","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:56:04.1383004","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\d3d.dll","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:56:04.1385152","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\ddraw.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.1385531","nwtoolset.exe","17432","QueryBasicInformationFile","C:\Windows\SysWOW64\ddraw.dll","SUCCESS","CreationTime: 29/09/2017 15:42:14, LastAccessTime: 02/04/2018 12:11:32, LastWriteTime: 29/09/2017 15:42:14, ChangeTime: 22/12/2017 23:57:15, FileAttributes: A"
"12:56:04.1385685","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\ddraw.dll","SUCCESS",""
"12:56:04.1386841","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\ddraw.dll","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.1387374","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\ddraw.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READ"
"12:56:04.1387504","nwtoolset.exe","17432","QueryStandardInformationFile","C:\Windows\SysWOW64\ddraw.dll","SUCCESS","AllocationSize: 532,480, EndOfFile: 531,456, NumberOfLinks: 2, DeletePending: False, Directory: False"
"12:56:04.1387688","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\ddraw.dll","SUCCESS","SyncType: SyncTypeOther"
"12:56:04.1388257","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\ddraw.dll","SUCCESS",""
"12:56:04.1390489","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\ddraw.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.1390838","nwtoolset.exe","17432","QueryBasicInformationFile","C:\Windows\SysWOW64\ddraw.dll","SUCCESS","CreationTime: 29/09/2017 15:42:14, LastAccessTime: 02/04/2018 12:11:32, LastWriteTime: 29/09/2017 15:42:14, ChangeTime: 22/12/2017 23:57:15, FileAttributes: A"
"12:56:04.1390946","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\ddraw.dll","SUCCESS",""
"12:56:04.1392076","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\ddraw.dll","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.1392564","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\ddraw.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READ"
"12:56:04.1392690","nwtoolset.exe","17432","QueryStandardInformationFile","C:\Windows\SysWOW64\ddraw.dll","SUCCESS","AllocationSize: 532,480, EndOfFile: 531,456, NumberOfLinks: 2, DeletePending: False, Directory: False"
"12:56:04.1392859","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\ddraw.dll","SUCCESS","SyncType: SyncTypeOther"
"12:56:04.1393383","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\ddraw.dll","SUCCESS",""
"12:56:04.1396617","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\opengl32.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.1397193","nwtoolset.exe","17432","QueryBasicInformationFile","C:\Windows\SysWOW64\opengl32.dll","SUCCESS","CreationTime: 29/09/2017 15:42:22, LastAccessTime: 02/04/2018 12:56:04, LastWriteTime: 29/09/2017 15:42:22, ChangeTime: 22/12/2017 23:57:21, FileAttributes: A"
"12:56:04.1397385","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\opengl32.dll","SUCCESS",""
"12:56:04.1417218","nwtoolset.exe","17432","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Control\Session Manager","REPARSE","Desired Access: Query Value, Enumerate Sub Keys"
"12:56:04.1417404","nwtoolset.exe","17432","RegOpenKey","HKLM\System\CurrentControlSet\Control\Session Manager","SUCCESS","Desired Access: Query Value, Enumerate Sub Keys"
"12:56:04.1417621","nwtoolset.exe","17432","RegSetInfoKey","HKLM\System\CurrentControlSet\Control\Session Manager","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:56:04.1417745","nwtoolset.exe","17432","RegQueryValue","HKLM\System\CurrentControlSet\Control\Session Manager\ResourcePolicies","NAME NOT FOUND","Length: 24"
"12:56:04.1417923","nwtoolset.exe","17432","RegCloseKey","HKLM\System\CurrentControlSet\Control\Session Manager","SUCCESS",""
"12:56:04.1425551","nwtoolset.exe","17432","Load Image","C:\Windows\SysWOW64\msctf.dll","SUCCESS","Image Base: 0x773a0000, Image Size: 0x144000"
"12:56:04.1426009","nwtoolset.exe","17432","QueryNameInformationFile","C:\Windows\SysWOW64\msctf.dll","BUFFER OVERFLOW","Name: \Windo"
"12:56:04.1426331","nwtoolset.exe","17432","QueryNameInformationFile","C:\Windows\SysWOW64\msctf.dll","SUCCESS","Name: \Windows\SysWOW64\msctf.dll"
"12:56:04.1432572","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.1433126","nwtoolset.exe","17432","QueryBasicInformationFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","CreationTime: 13/03/2018 21:27:31, LastAccessTime: 02/04/2018 12:12:51, LastWriteTime: 01/03/2018 08:48:05, ChangeTime: 14/03/2018 02:33:17, FileAttributes: A"
"12:56:04.1433319","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS",""
"12:56:04.1454076","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\dwmapi.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.1454714","nwtoolset.exe","17432","QueryBasicInformationFile","C:\Windows\SysWOW64\dwmapi.dll","SUCCESS","CreationTime: 29/09/2017 15:42:16, LastAccessTime: 02/04/2018 12:51:38, LastWriteTime: 29/09/2017 15:42:16, ChangeTime: 22/12/2017 23:57:16, FileAttributes: A"
"12:56:04.1454919","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\dwmapi.dll","SUCCESS",""
"12:56:04.1457690","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\dwmapi.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.1458440","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\dwmapi.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READ"
"12:56:04.1458894","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\dwmapi.dll","SUCCESS","SyncType: SyncTypeOther"
"12:56:04.1460072","nwtoolset.exe","17432","Load Image","C:\Windows\SysWOW64\dwmapi.dll","SUCCESS","Image Base: 0x72b20000, Image Size: 0x23000"
"12:56:04.1460397","nwtoolset.exe","17432","QueryNameInformationFile","C:\Windows\SysWOW64\dwmapi.dll","BUFFER OVERFLOW","Name: \Windo"
"12:56:04.1460611","nwtoolset.exe","17432","QueryNameInformationFile","C:\Windows\SysWOW64\dwmapi.dll","SUCCESS","Name: \Windows\SysWOW64\dwmapi.dll"
"12:56:04.1461626","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\dwmapi.dll","SUCCESS",""
"12:56:04.1465833","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.1466303","nwtoolset.exe","17432","QueryBasicInformationFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","CreationTime: 13/03/2018 21:27:31, LastAccessTime: 02/04/2018 12:12:51, LastWriteTime: 01/03/2018 08:48:05, ChangeTime: 14/03/2018 02:33:17, FileAttributes: A"
"12:56:04.1466511","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS",""
"12:56:04.1474086","nwtoolset.exe","17432","CreateFile","C:\Program Files (x86)\Steam\steamapps\common\Neverwinter Nights\bin\win32\nwtoolset.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.1474582","nwtoolset.exe","17432","QueryBasicInformationFile","C:\Program Files (x86)\Steam\steamapps\common\Neverwinter Nights\bin\win32\nwtoolset.exe","SUCCESS","CreationTime: 19/03/2018 00:32:41, LastAccessTime: 02/04/2018 12:56:04, LastWriteTime: 27/03/2018 21:23:25, ChangeTime: 27/03/2018 21:23:31, FileAttributes: A"
"12:56:04.1474754","nwtoolset.exe","17432","CloseFile","C:\Program Files (x86)\Steam\steamapps\common\Neverwinter Nights\bin\win32\nwtoolset.exe","SUCCESS",""
"12:56:04.1482922","nwtoolset.exe","17432","CreateFile","C:\Program Files (x86)\Steam\steamapps\common\Neverwinter Nights\bin\win32\nwtoolset.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.1483268","nwtoolset.exe","17432","QueryBasicInformationFile","C:\Program Files (x86)\Steam\steamapps\common\Neverwinter Nights\bin\win32\nwtoolset.exe","SUCCESS","CreationTime: 19/03/2018 00:32:41, LastAccessTime: 02/04/2018 12:56:04, LastWriteTime: 27/03/2018 21:23:25, ChangeTime: 27/03/2018 21:23:31, FileAttributes: A"
"12:56:04.1483386","nwtoolset.exe","17432","CloseFile","C:\Program Files (x86)\Steam\steamapps\common\Neverwinter Nights\bin\win32\nwtoolset.exe","SUCCESS",""
"12:56:04.1489223","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\it-IT\user32.dll.mui","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.1490141","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\it-IT\user32.dll.mui","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READ"
"12:56:04.1490518","nwtoolset.exe","17432","QueryStandardInformationFile","C:\Windows\SysWOW64\it-IT\user32.dll.mui","SUCCESS","AllocationSize: 20,480, EndOfFile: 18,944, NumberOfLinks: 4, DeletePending: False, Directory: False"
"12:56:04.1490885","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\System32\it-IT\user32.dll.mui","SUCCESS","SyncType: SyncTypeOther"
"12:56:04.1496385","nwtoolset.exe","17432","CreateFile","C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.16299.309_none_d02304ff5f3aa9de\comctl32.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.1496815","nwtoolset.exe","17432","QueryBasicInformationFile","C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.16299.309_none_d02304ff5f3aa9de\comctl32.dll","SUCCESS","CreationTime: 13/03/2018 21:27:15, LastAccessTime: 02/04/2018 12:56:04, LastWriteTime: 01/03/2018 08:26:07, ChangeTime: 13/03/2018 21:29:18, FileAttributes: A"
"12:56:04.1496981","nwtoolset.exe","17432","CloseFile","C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.16299.309_none_d02304ff5f3aa9de\comctl32.dll","SUCCESS",""
"12:56:04.1521237","nwtoolset.exe","17432","Thread Create","","SUCCESS","Thread ID: 5648"
"12:56:04.1521752","nwtoolset.exe","17432","Thread Create","","SUCCESS","Thread ID: 5540"
"12:56:04.1526345","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\rpcss.dll","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:56:04.1533799","nwtoolset.exe","17432","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\Sorting\Versions\000602xx","SUCCESS","Type: REG_SZ, Length: 26, Data: kernel32.dll"
"12:56:04.1536004","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\dxgi.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.1536411","nwtoolset.exe","17432","QueryBasicInformationFile","C:\Windows\SysWOW64\dxgi.dll","SUCCESS","CreationTime: 22/12/2017 23:38:41, LastAccessTime: 02/04/2018 12:55:38, LastWriteTime: 22/12/2017 23:38:41, ChangeTime: 13/03/2018 21:29:18, FileAttributes: A"
"12:56:04.1536525","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\dxgi.dll","SUCCESS",""
"12:56:04.1537661","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\dxgi.dll","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.1538209","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\dxgi.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READ|PAGE_NOCACHE"
"12:56:04.1538362","nwtoolset.exe","17432","QueryStandardInformationFile","C:\Windows\SysWOW64\dxgi.dll","SUCCESS","AllocationSize: 593,920, EndOfFile: 590,944, NumberOfLinks: 2, DeletePending: False, Directory: False"
"12:56:04.1538537","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\dxgi.dll","SUCCESS","SyncType: SyncTypeOther"
"12:56:04.1539100","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\dxgi.dll","SUCCESS",""
"12:56:04.1541202","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\dxgi.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.1541534","nwtoolset.exe","17432","QueryBasicInformationFile","C:\Windows\SysWOW64\dxgi.dll","SUCCESS","CreationTime: 22/12/2017 23:38:41, LastAccessTime: 02/04/2018 12:55:38, LastWriteTime: 22/12/2017 23:38:41, ChangeTime: 13/03/2018 21:29:18, FileAttributes: A"
"12:56:04.1541627","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\dxgi.dll","SUCCESS",""
"12:56:04.1542705","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\dxgi.dll","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.1543175","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\dxgi.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READ|PAGE_NOCACHE"
"12:56:04.1543292","nwtoolset.exe","17432","QueryStandardInformationFile","C:\Windows\SysWOW64\dxgi.dll","SUCCESS","AllocationSize: 593,920, EndOfFile: 590,944, NumberOfLinks: 2, DeletePending: False, Directory: False"
"12:56:04.1543437","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\dxgi.dll","SUCCESS","SyncType: SyncTypeOther"
"12:56:04.1544169","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\dxgi.dll","SUCCESS",""
"12:56:04.1546304","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\d3d9.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.1546675","nwtoolset.exe","17432","QueryBasicInformationFile","C:\Windows\SysWOW64\d3d9.dll","SUCCESS","CreationTime: 22/12/2017 23:38:45, LastAccessTime: 02/04/2018 12:35:55, LastWriteTime: 22/12/2017 23:38:45, ChangeTime: 13/03/2018 21:29:18, FileAttributes: A"
"12:56:04.1546771","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\d3d9.dll","SUCCESS",""
"12:56:04.1547958","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\d3d9.dll","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.1548476","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\d3d9.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READ|PAGE_NOCACHE"
"12:56:04.1548593","nwtoolset.exe","17432","QueryStandardInformationFile","C:\Windows\SysWOW64\d3d9.dll","SUCCESS","AllocationSize: 1,478,656, EndOfFile: 1,474,680, NumberOfLinks: 2, DeletePending: False, Directory: False"
"12:56:04.1548747","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\d3d9.dll","SUCCESS","SyncType: SyncTypeOther"
"12:56:04.1549277","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\d3d9.dll","SUCCESS",""
"12:56:04.1551274","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\d3d9.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.1551605","nwtoolset.exe","17432","QueryBasicInformationFile","C:\Windows\SysWOW64\d3d9.dll","SUCCESS","CreationTime: 22/12/2017 23:38:45, LastAccessTime: 02/04/2018 12:35:55, LastWriteTime: 22/12/2017 23:38:45, ChangeTime: 13/03/2018 21:29:18, FileAttributes: A"
"12:56:04.1551698","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\d3d9.dll","SUCCESS",""
"12:56:04.1552795","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\d3d9.dll","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.1553261","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\d3d9.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READ|PAGE_NOCACHE"
"12:56:04.1553385","nwtoolset.exe","17432","QueryStandardInformationFile","C:\Windows\SysWOW64\d3d9.dll","SUCCESS","AllocationSize: 1,478,656, EndOfFile: 1,474,680, NumberOfLinks: 2, DeletePending: False, Directory: False"
"12:56:04.1553957","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\d3d9.dll","SUCCESS","SyncType: SyncTypeOther"
"12:56:04.1554484","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\d3d9.dll","SUCCESS",""
"12:56:04.1556653","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\d3d8.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.1557005","nwtoolset.exe","17432","QueryBasicInformationFile","C:\Windows\SysWOW64\d3d8.dll","SUCCESS","CreationTime: 29/09/2017 15:42:14, LastAccessTime: 19/03/2018 00:32:50, LastWriteTime: 29/09/2017 15:42:14, ChangeTime: 22/12/2017 23:57:14, FileAttributes: A"
"12:56:04.1557101","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\d3d8.dll","SUCCESS",""
"12:56:04.1558234","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\d3d8.dll","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.1558713","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\d3d8.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READ|PAGE_NOCACHE"
"12:56:04.1558827","nwtoolset.exe","17432","QueryStandardInformationFile","C:\Windows\SysWOW64\d3d8.dll","SUCCESS","AllocationSize: 716,800, EndOfFile: 713,216, NumberOfLinks: 2, DeletePending: False, Directory: False"
"12:56:04.1559288","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\d3d8.dll","SUCCESS","SyncType: SyncTypeOther"
"12:56:04.1559860","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\d3d8.dll","SUCCESS",""
"12:56:04.1562013","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\d3d8.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.1562417","nwtoolset.exe","17432","QueryBasicInformationFile","C:\Windows\SysWOW64\d3d8.dll","SUCCESS","CreationTime: 29/09/2017 15:42:14, LastAccessTime: 19/03/2018 00:32:50, LastWriteTime: 29/09/2017 15:42:14, ChangeTime: 22/12/2017 23:57:14, FileAttributes: A"
"12:56:04.1562510","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\d3d8.dll","SUCCESS",""
"12:56:04.1563857","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\d3d8.dll","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.1564327","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\d3d8.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READ|PAGE_NOCACHE"
"12:56:04.1564441","nwtoolset.exe","17432","QueryStandardInformationFile","C:\Windows\SysWOW64\d3d8.dll","SUCCESS","AllocationSize: 716,800, EndOfFile: 713,216, NumberOfLinks: 2, DeletePending: False, Directory: False"
"12:56:04.1564589","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\d3d8.dll","SUCCESS","SyncType: SyncTypeOther"
"12:56:04.1565095","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\d3d8.dll","SUCCESS",""
"12:56:04.1567311","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\d3d.dll","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:56:04.1569751","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\d3d.dll","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:56:04.1572000","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\ddraw.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.1572687","nwtoolset.exe","17432","QueryBasicInformationFile","C:\Windows\SysWOW64\ddraw.dll","SUCCESS","CreationTime: 29/09/2017 15:42:14, LastAccessTime: 02/04/2018 12:11:32, LastWriteTime: 29/09/2017 15:42:14, ChangeTime: 22/12/2017 23:57:15, FileAttributes: A"
"12:56:04.1572841","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\ddraw.dll","SUCCESS",""
"12:56:04.1574374","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\ddraw.dll","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.1574904","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\ddraw.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READ|PAGE_NOCACHE"
"12:56:04.1575063","nwtoolset.exe","17432","QueryStandardInformationFile","C:\Windows\SysWOW64\ddraw.dll","SUCCESS","AllocationSize: 532,480, EndOfFile: 531,456, NumberOfLinks: 2, DeletePending: False, Directory: False"
"12:56:04.1575232","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\ddraw.dll","SUCCESS","SyncType: SyncTypeOther"
"12:56:04.1576054","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\ddraw.dll","SUCCESS",""
"12:56:04.1578428","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\ddraw.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.1578810","nwtoolset.exe","17432","QueryBasicInformationFile","C:\Windows\SysWOW64\ddraw.dll","SUCCESS","CreationTime: 29/09/2017 15:42:14, LastAccessTime: 02/04/2018 12:11:32, LastWriteTime: 29/09/2017 15:42:14, ChangeTime: 22/12/2017 23:57:15, FileAttributes: A"
"12:56:04.1578912","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\ddraw.dll","SUCCESS",""
"12:56:04.1580057","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\ddraw.dll","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.1580560","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\ddraw.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READ|PAGE_NOCACHE"
"12:56:04.1580735","nwtoolset.exe","17432","QueryStandardInformationFile","C:\Windows\SysWOW64\ddraw.dll","SUCCESS","AllocationSize: 532,480, EndOfFile: 531,456, NumberOfLinks: 2, DeletePending: False, Directory: False"
"12:56:04.1581033","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\ddraw.dll","SUCCESS","SyncType: SyncTypeOther"
"12:56:04.1581798","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\ddraw.dll","SUCCESS",""
"12:56:04.1584291","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\opengl32.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.1584701","nwtoolset.exe","17432","QueryBasicInformationFile","C:\Windows\SysWOW64\opengl32.dll","SUCCESS","CreationTime: 29/09/2017 15:42:22, LastAccessTime: 02/04/2018 12:56:04, LastWriteTime: 29/09/2017 15:42:22, ChangeTime: 22/12/2017 23:57:21, FileAttributes: A"
"12:56:04.1584812","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\opengl32.dll","SUCCESS",""
"12:56:04.1586957","nwtoolset.exe","17432","CreateFile","C:\Windows\Globalization\Sorting\SortDefault.nls","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.1587469","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\Globalization\Sorting\SortDefault.nls","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READ|PAGE_NOCACHE"
"12:56:04.1587595","nwtoolset.exe","17432","QueryStandardInformationFile","C:\Windows\Globalization\Sorting\SortDefault.nls","SUCCESS","AllocationSize: 3,371,008, EndOfFile: 3,368,788, NumberOfLinks: 2, DeletePending: False, Directory: False"
"12:56:04.1587758","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\Globalization\Sorting\SortDefault.nls","SUCCESS","SyncType: SyncTypeOther"
"12:56:04.1588125","nwtoolset.exe","17432","CloseFile","C:\Windows\Globalization\Sorting\SortDefault.nls","SUCCESS",""
"12:56:04.1588806","nwtoolset.exe","17432","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\Sorting\Ids","REPARSE","Desired Access: Read"
"12:56:04.1588920","nwtoolset.exe","17432","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\Sorting\Ids","SUCCESS","Desired Access: Read"
"12:56:04.1589098","nwtoolset.exe","17432","RegSetInfoKey","HKLM\System\CurrentControlSet\Control\Nls\Sorting\Ids","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:56:04.1589182","nwtoolset.exe","17432","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\Sorting\Ids\it-IT","NAME NOT FOUND","Length: 90"
"12:56:04.1589291","nwtoolset.exe","17432","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\Sorting\Ids\it","NAME NOT FOUND","Length: 90"
"12:56:04.1599943","nwtoolset.exe","17432","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\SideBySide","NAME NOT FOUND","Desired Access: Read"
"12:56:04.1602244","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\uxtheme.dll.Config","NAME NOT FOUND","Desired Access: Generic Read/Execute, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a"
"12:56:04.1604262","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\uxtheme.dll","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.1605118","nwtoolset.exe","17432","QueryBasicInformationFile","C:\Windows\SysWOW64\uxtheme.dll","SUCCESS","CreationTime: 29/09/2017 15:42:25, LastAccessTime: 02/04/2018 12:56:04, LastWriteTime: 29/09/2017 15:42:25, ChangeTime: 22/12/2017 23:57:23, FileAttributes: A"
"12:56:04.1606331","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\uxtheme.dll","SUCCESS",""
"12:56:04.1607154","nwtoolset.exe","17432","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\SideBySide\AssemblyStorageRoots","NAME NOT FOUND","Desired Access: Enumerate Sub Keys"
"12:56:04.1610256","nwtoolset.exe","17432","CreateFile","C:\Program Files (x86)\Steam\steamapps\common\Neverwinter Nights\bin\win32\nwtoolset.exe.Local","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:56:04.1612388","nwtoolset.exe","17432","CreateFile","C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.16299.309_none_5d7d0b9ba7da9417","SUCCESS","Desired Access: Execute/Traverse, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.1614056","nwtoolset.exe","17432","ReadFile","C:\$Directory","SUCCESS","Offset: 12,144,640, Length: 4,096, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O, Priority: Normal"
"12:56:04.1618601","nwtoolset.exe","17432","CreateFile","C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.16299.309_none_5d7d0b9ba7da9417\comctl32.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.1619086","nwtoolset.exe","17432","QueryBasicInformationFile","C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.16299.309_none_5d7d0b9ba7da9417\comctl32.dll","SUCCESS","CreationTime: 13/03/2018 21:27:17, LastAccessTime: 02/04/2018 12:55:42, LastWriteTime: 01/03/2018 08:35:04, ChangeTime: 13/03/2018 21:29:18, FileAttributes: A"
"12:56:04.1619231","nwtoolset.exe","17432","CloseFile","C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.16299.309_none_5d7d0b9ba7da9417\comctl32.dll","SUCCESS",""
"12:56:04.1620878","nwtoolset.exe","17432","CreateFile","C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.16299.309_none_5d7d0b9ba7da9417\comctl32.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.1621456","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.16299.309_none_5d7d0b9ba7da9417\comctl32.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READ"
"12:56:04.1621815","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.16299.309_none_5d7d0b9ba7da9417\comctl32.dll","SUCCESS","SyncType: SyncTypeOther"
"12:56:04.1622697","nwtoolset.exe","17432","Load Image","C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.16299.309_none_5d7d0b9ba7da9417\comctl32.dll","SUCCESS","Image Base: 0x6b7d0000, Image Size: 0x211000"
"12:56:04.1623110","nwtoolset.exe","17432","QueryNameInformationFile","C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.16299.309_none_5d7d0b9ba7da9417\comctl32.dll","BUFFER OVERFLOW","Name: \Windo"
"12:56:04.1623333","nwtoolset.exe","17432","QueryNameInformationFile","C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.16299.309_none_5d7d0b9ba7da9417\comctl32.dll","SUCCESS","Name: \Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.16299.309_none_5d7d0b9ba7da9417\comctl32.dll"
"12:56:04.1625594","nwtoolset.exe","17432","CloseFile","C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.16299.309_none_5d7d0b9ba7da9417\comctl32.dll","SUCCESS",""
"12:56:04.1628371","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.1628763","nwtoolset.exe","17432","QueryBasicInformationFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","CreationTime: 13/03/2018 21:27:31, LastAccessTime: 02/04/2018 12:12:51, LastWriteTime: 01/03/2018 08:48:05, ChangeTime: 14/03/2018 02:33:17, FileAttributes: A"
"12:56:04.1628892","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS",""
"12:56:04.1631136","nwtoolset.exe","17432","CreateFile","C:\Windows\WindowsShell.Manifest","SUCCESS","Desired Access: Generic Read/Execute, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.1631648","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\WindowsShell.Manifest","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READ"
"12:56:04.1631811","nwtoolset.exe","17432","QueryStandardInformationFile","C:\Windows\WindowsShell.Manifest","SUCCESS","AllocationSize: 4,096, EndOfFile: 670, NumberOfLinks: 4, DeletePending: False, Directory: False"
"12:56:04.1632025","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\WindowsShell.Manifest","SUCCESS","SyncType: SyncTypeOther"
"12:56:04.1632491","nwtoolset.exe","17432","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\SideBySide","NAME NOT FOUND","Desired Access: Read"
"12:56:04.1632871","nwtoolset.exe","17432","QueryStandardInformationFile","C:\Windows\WindowsShell.Manifest","SUCCESS","AllocationSize: 4,096, EndOfFile: 670, NumberOfLinks: 4, DeletePending: False, Directory: False"
"12:56:04.1633036","nwtoolset.exe","17432","QueryBasicInformationFile","C:\Windows\WindowsShell.Manifest","SUCCESS","CreationTime: 29/09/2017 15:41:58, LastAccessTime: 02/04/2018 12:55:44, LastWriteTime: 29/09/2017 15:41:58, ChangeTime: 20/03/2018 23:47:16, FileAttributes: RHA"
"12:56:04.1633856","nwtoolset.exe","17432","CloseFile","C:\Windows\WindowsShell.Manifest","SUCCESS",""
"12:56:04.1636705","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\dxgi.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.1637123","nwtoolset.exe","17432","QueryBasicInformationFile","C:\Windows\SysWOW64\dxgi.dll","SUCCESS","CreationTime: 22/12/2017 23:38:41, LastAccessTime: 02/04/2018 12:55:38, LastWriteTime: 22/12/2017 23:38:41, ChangeTime: 13/03/2018 21:29:18, FileAttributes: A"
"12:56:04.1637247","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\dxgi.dll","SUCCESS",""
"12:56:04.1638473","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\dxgi.dll","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.1639012","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\dxgi.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READ"
"12:56:04.1639159","nwtoolset.exe","17432","QueryStandardInformationFile","C:\Windows\SysWOW64\dxgi.dll","SUCCESS","AllocationSize: 593,920, EndOfFile: 590,944, NumberOfLinks: 2, DeletePending: False, Directory: False"
"12:56:04.1639361","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\dxgi.dll","SUCCESS","SyncType: SyncTypeOther"
"12:56:04.1640066","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\dxgi.dll","SUCCESS",""
"12:56:04.1642307","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\dxgi.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.1642752","nwtoolset.exe","17432","QueryBasicInformationFile","C:\Windows\SysWOW64\dxgi.dll","SUCCESS","CreationTime: 22/12/2017 23:38:41, LastAccessTime: 02/04/2018 12:55:38, LastWriteTime: 22/12/2017 23:38:41, ChangeTime: 13/03/2018 21:29:18, FileAttributes: A"
"12:56:04.1642873","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\dxgi.dll","SUCCESS",""
"12:56:04.1644096","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\dxgi.dll","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.1644912","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\dxgi.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READ"
"12:56:04.1645126","nwtoolset.exe","17432","QueryStandardInformationFile","C:\Windows\SysWOW64\dxgi.dll","SUCCESS","AllocationSize: 593,920, EndOfFile: 590,944, NumberOfLinks: 2, DeletePending: False, Directory: False"
"12:56:04.1645463","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\dxgi.dll","SUCCESS","SyncType: SyncTypeOther"
"12:56:04.1646207","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\dxgi.dll","SUCCESS",""
"12:56:04.1648454","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\d3d9.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.1649074","nwtoolset.exe","17432","QueryBasicInformationFile","C:\Windows\SysWOW64\d3d9.dll","SUCCESS","CreationTime: 22/12/2017 23:38:45, LastAccessTime: 02/04/2018 12:35:55, LastWriteTime: 22/12/2017 23:38:45, ChangeTime: 13/03/2018 21:29:18, FileAttributes: A"
"12:56:04.1649279","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\d3d9.dll","SUCCESS",""
"12:56:04.1651041","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\d3d9.dll","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.1651733","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\d3d9.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READ"
"12:56:04.1651941","nwtoolset.exe","17432","QueryStandardInformationFile","C:\Windows\SysWOW64\d3d9.dll","SUCCESS","AllocationSize: 1,478,656, EndOfFile: 1,474,680, NumberOfLinks: 2, DeletePending: False, Directory: False"
"12:56:04.1652233","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\d3d9.dll","SUCCESS","SyncType: SyncTypeOther"
"12:56:04.1652845","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\d3d9.dll","SUCCESS",""
"12:56:04.1655284","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\d3d9.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.1655718","nwtoolset.exe","17432","QueryBasicInformationFile","C:\Windows\SysWOW64\d3d9.dll","SUCCESS","CreationTime: 22/12/2017 23:38:45, LastAccessTime: 02/04/2018 12:35:55, LastWriteTime: 22/12/2017 23:38:45, ChangeTime: 13/03/2018 21:29:18, FileAttributes: A"
"12:56:04.1655847","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\d3d9.dll","SUCCESS",""
"12:56:04.1657130","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\d3d9.dll","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.1657664","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\d3d9.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READ"
"12:56:04.1657811","nwtoolset.exe","17432","QueryStandardInformationFile","C:\Windows\SysWOW64\d3d9.dll","SUCCESS","AllocationSize: 1,478,656, EndOfFile: 1,474,680, NumberOfLinks: 2, DeletePending: False, Directory: False"
"12:56:04.1658010","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\d3d9.dll","SUCCESS","SyncType: SyncTypeOther"
"12:56:04.1658621","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\d3d9.dll","SUCCESS",""
"12:56:04.1660823","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\d3d8.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.1661220","nwtoolset.exe","17432","QueryBasicInformationFile","C:\Windows\SysWOW64\d3d8.dll","SUCCESS","CreationTime: 29/09/2017 15:42:14, LastAccessTime: 19/03/2018 00:32:50, LastWriteTime: 29/09/2017 15:42:14, ChangeTime: 22/12/2017 23:57:14, FileAttributes: A"
"12:56:04.1661341","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\d3d8.dll","SUCCESS",""
"12:56:04.1662509","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\d3d8.dll","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.1663015","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\d3d8.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READ"
"12:56:04.1663163","nwtoolset.exe","17432","QueryStandardInformationFile","C:\Windows\SysWOW64\d3d8.dll","SUCCESS","AllocationSize: 716,800, EndOfFile: 713,216, NumberOfLinks: 2, DeletePending: False, Directory: False"
"12:56:04.1663374","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\d3d8.dll","SUCCESS","SyncType: SyncTypeOther"
"12:56:04.1664094","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\d3d8.dll","SUCCESS",""
"12:56:04.1666551","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\d3d8.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.1666931","nwtoolset.exe","17432","QueryBasicInformationFile","C:\Windows\SysWOW64\d3d8.dll","SUCCESS","CreationTime: 29/09/2017 15:42:14, LastAccessTime: 19/03/2018 00:32:50, LastWriteTime: 29/09/2017 15:42:14, ChangeTime: 22/12/2017 23:57:14, FileAttributes: A"
"12:56:04.1667048","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\d3d8.dll","SUCCESS",""
"12:56:04.1668232","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\d3d8.dll","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.1668738","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\d3d8.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READ"
"12:56:04.1668879","nwtoolset.exe","17432","QueryStandardInformationFile","C:\Windows\SysWOW64\d3d8.dll","SUCCESS","AllocationSize: 716,800, EndOfFile: 713,216, NumberOfLinks: 2, DeletePending: False, Directory: False"
"12:56:04.1669075","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\d3d8.dll","SUCCESS","SyncType: SyncTypeOther"
"12:56:04.1669641","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\d3d8.dll","SUCCESS",""
"12:56:04.1671987","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\d3d.dll","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:56:04.1674309","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\d3d.dll","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:56:04.1676472","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\ddraw.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.1676866","nwtoolset.exe","17432","QueryBasicInformationFile","C:\Windows\SysWOW64\ddraw.dll","SUCCESS","CreationTime: 29/09/2017 15:42:14, LastAccessTime: 02/04/2018 12:11:32, LastWriteTime: 29/09/2017 15:42:14, ChangeTime: 22/12/2017 23:57:15, FileAttributes: A"
"12:56:04.1676990","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\ddraw.dll","SUCCESS",""
"12:56:04.1678345","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\ddraw.dll","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.1678869","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\ddraw.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READ"
"12:56:04.1679014","nwtoolset.exe","17432","QueryStandardInformationFile","C:\Windows\SysWOW64\ddraw.dll","SUCCESS","AllocationSize: 532,480, EndOfFile: 531,456, NumberOfLinks: 2, DeletePending: False, Directory: False"
"12:56:04.1679231","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\ddraw.dll","SUCCESS","SyncType: SyncTypeOther"
"12:56:04.1680209","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\ddraw.dll","SUCCESS",""
"12:56:04.1682625","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\ddraw.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.1683016","nwtoolset.exe","17432","QueryBasicInformationFile","C:\Windows\SysWOW64\ddraw.dll","SUCCESS","CreationTime: 29/09/2017 15:42:14, LastAccessTime: 02/04/2018 12:11:32, LastWriteTime: 29/09/2017 15:42:14, ChangeTime: 22/12/2017 23:57:15, FileAttributes: A"
"12:56:04.1683140","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\ddraw.dll","SUCCESS",""
"12:56:04.1684366","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\ddraw.dll","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.1684977","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\ddraw.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READ"
"12:56:04.1685173","nwtoolset.exe","17432","QueryStandardInformationFile","C:\Windows\SysWOW64\ddraw.dll","SUCCESS","AllocationSize: 532,480, EndOfFile: 531,456, NumberOfLinks: 2, DeletePending: False, Directory: False"
"12:56:04.1685426","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\ddraw.dll","SUCCESS","SyncType: SyncTypeOther"
"12:56:04.1686088","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\ddraw.dll","SUCCESS",""
"12:56:04.1688353","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\opengl32.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.1688775","nwtoolset.exe","17432","QueryBasicInformationFile","C:\Windows\SysWOW64\opengl32.dll","SUCCESS","CreationTime: 29/09/2017 15:42:22, LastAccessTime: 02/04/2018 12:56:04, LastWriteTime: 29/09/2017 15:42:22, ChangeTime: 22/12/2017 23:57:21, FileAttributes: A"
"12:56:04.1688895","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\opengl32.dll","SUCCESS",""
"12:56:04.1704090","nwtoolset.exe","17432","CreateFile","C:\Program Files (x86)\Steam\steamapps\common\Neverwinter Nights\bin\win32\nwtoolset.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.1704478","nwtoolset.exe","17432","QueryBasicInformationFile","C:\Program Files (x86)\Steam\steamapps\common\Neverwinter Nights\bin\win32\nwtoolset.exe","SUCCESS","CreationTime: 19/03/2018 00:32:41, LastAccessTime: 02/04/2018 12:56:04, LastWriteTime: 27/03/2018 21:23:25, ChangeTime: 27/03/2018 21:23:31, FileAttributes: A"
"12:56:04.1704602","nwtoolset.exe","17432","CloseFile","C:\Program Files (x86)\Steam\steamapps\common\Neverwinter Nights\bin\win32\nwtoolset.exe","SUCCESS",""
"12:56:04.1722856","nwtoolset.exe","17432","CreateFile","C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.16299.309_none_d02304ff5f3aa9de\comctl32.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.1723181","nwtoolset.exe","17432","QueryBasicInformationFile","C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.16299.309_none_d02304ff5f3aa9de\comctl32.dll","SUCCESS","CreationTime: 13/03/2018 21:27:15, LastAccessTime: 02/04/2018 12:56:04, LastWriteTime: 01/03/2018 08:26:07, ChangeTime: 13/03/2018 21:29:18, FileAttributes: A"
"12:56:04.1723277","nwtoolset.exe","17432","CloseFile","C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.16299.309_none_d02304ff5f3aa9de\comctl32.dll","SUCCESS",""
"12:56:04.1727322","nwtoolset.exe","17432","RegOpenKey","HKCU","SUCCESS","Desired Access: Read"
"12:56:04.1727967","nwtoolset.exe","17432","RegCloseKey","HKCU","SUCCESS",""
"12:56:04.1729744","nwtoolset.exe","17432","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\Locale","REPARSE","Desired Access: Read"
"12:56:04.1729973","nwtoolset.exe","17432","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\Locale","SUCCESS","Desired Access: Read"
"12:56:04.1730250","nwtoolset.exe","17432","RegSetInfoKey","HKLM\System\CurrentControlSet\Control\Nls\Locale","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:56:04.1730466","nwtoolset.exe","17432","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\Locale\Alternate Sorts","REPARSE","Desired Access: Read"
"12:56:04.1730647","nwtoolset.exe","17432","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\Locale\Alternate Sorts","SUCCESS","Desired Access: Read"
"12:56:04.1730873","nwtoolset.exe","17432","RegSetInfoKey","HKLM\System\CurrentControlSet\Control\Nls\Locale\Alternate Sorts","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:56:04.1731084","nwtoolset.exe","17432","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\Language Groups","REPARSE","Desired Access: Read"
"12:56:04.1731256","nwtoolset.exe","17432","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\Language Groups","SUCCESS","Desired Access: Read"
"12:56:04.1731481","nwtoolset.exe","17432","RegSetInfoKey","HKLM\System\CurrentControlSet\Control\Nls\Language Groups","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:56:04.1731641","nwtoolset.exe","17432","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\Locale\00000410","SUCCESS","Type: REG_SZ, Length: 4, Data: 1"
"12:56:04.1731822","nwtoolset.exe","17432","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\Language Groups\1","SUCCESS","Type: REG_SZ, Length: 4, Data: 1"
"12:56:04.1734270","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:56:04.1734391","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: Name"
"12:56:04.1734565","nwtoolset.exe","17432","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","REPARSE","Desired Access: Read"
"12:56:04.1734879","nwtoolset.exe","17432","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS","Desired Access: Read"
"12:56:04.1735038","nwtoolset.exe","17432","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:56:04.1735141","nwtoolset.exe","17432","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\Segoe UI","NAME NOT FOUND","Length: 144"
"12:56:04.1735324","nwtoolset.exe","17432","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS",""
"12:56:04.1749498","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:56:04.1749853","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: Name"
"12:56:04.1750061","nwtoolset.exe","17432","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","REPARSE","Desired Access: Read"
"12:56:04.1750329","nwtoolset.exe","17432","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS","Desired Access: Read"
"12:56:04.1750534","nwtoolset.exe","17432","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:56:04.1750660","nwtoolset.exe","17432","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\Segoe UI","NAME NOT FOUND","Length: 144"
"12:56:04.1750865","nwtoolset.exe","17432","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS",""
"12:56:04.1751660","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:56:04.1751769","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: Name"
"12:56:04.1751928","nwtoolset.exe","17432","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","REPARSE","Desired Access: Read"
"12:56:04.1752079","nwtoolset.exe","17432","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS","Desired Access: Read"
"12:56:04.1752226","nwtoolset.exe","17432","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:56:04.1752335","nwtoolset.exe","17432","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\Segoe UI","NAME NOT FOUND","Length: 144"
"12:56:04.1752515","nwtoolset.exe","17432","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS",""
"12:56:04.1756964","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:56:04.1757048","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: Name"
"12:56:04.1757178","nwtoolset.exe","17432","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","REPARSE","Desired Access: Read"
"12:56:04.1757316","nwtoolset.exe","17432","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS","Desired Access: Read"
"12:56:04.1757440","nwtoolset.exe","17432","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:56:04.1757518","nwtoolset.exe","17432","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\MS Sans Serif","NAME NOT FOUND","Length: 144"
"12:56:04.1757675","nwtoolset.exe","17432","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS",""
"12:56:04.1761545","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:56:04.1761626","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: Name"
"12:56:04.1761752","nwtoolset.exe","17432","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","REPARSE","Desired Access: Read"
"12:56:04.1761873","nwtoolset.exe","17432","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS","Desired Access: Read"
"12:56:04.1761987","nwtoolset.exe","17432","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:56:04.1762066","nwtoolset.exe","17432","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\MS Sans Serif","NAME NOT FOUND","Length: 144"
"12:56:04.1762216","nwtoolset.exe","17432","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS",""
"12:56:04.1797086","nwtoolset.exe","17432","RegOpenKey","HKCU","SUCCESS","Desired Access: Read"
"12:56:04.1797550","nwtoolset.exe","17432","RegCloseKey","HKCU","SUCCESS",""
"12:56:04.1798881","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:56:04.1799005","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: Name"
"12:56:04.1799182","nwtoolset.exe","17432","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\CTF\Compatibility\nwtoolset.exe","NAME NOT FOUND","Desired Access: Read"
"12:56:04.1800821","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:56:04.1800908","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: Name"
"12:56:04.1801056","nwtoolset.exe","17432","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","REPARSE","Desired Access: Read"
"12:56:04.1801218","nwtoolset.exe","17432","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS","Desired Access: Read"
"12:56:04.1801378","nwtoolset.exe","17432","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:56:04.1801474","nwtoolset.exe","17432","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\MS Sans Serif","NAME NOT FOUND","Length: 144"
"12:56:04.1801646","nwtoolset.exe","17432","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS",""
"12:56:04.1808423","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:56:04.1808549","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: Name"
"12:56:04.1808721","nwtoolset.exe","17432","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","REPARSE","Desired Access: Read"
"12:56:04.1808877","nwtoolset.exe","17432","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS","Desired Access: Read"
"12:56:04.1809016","nwtoolset.exe","17432","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:56:04.1809106","nwtoolset.exe","17432","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\MS Sans Serif","NAME NOT FOUND","Length: 144"
"12:56:04.1809284","nwtoolset.exe","17432","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS",""
"12:56:04.1815609","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:56:04.1815780","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: Name"
"12:56:04.1815964","nwtoolset.exe","17432","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","REPARSE","Desired Access: Read"
"12:56:04.1816124","nwtoolset.exe","17432","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS","Desired Access: Read"
"12:56:04.1816271","nwtoolset.exe","17432","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:56:04.1816380","nwtoolset.exe","17432","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\Segoe UI","NAME NOT FOUND","Length: 144"
"12:56:04.1816566","nwtoolset.exe","17432","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS",""
"12:56:04.1835622","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:56:04.1836067","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: Name"
"12:56:04.1836429","nwtoolset.exe","17432","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","REPARSE","Desired Access: Read"
"12:56:04.1836841","nwtoolset.exe","17432","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS","Desired Access: Read"
"12:56:04.1837194","nwtoolset.exe","17432","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:56:04.1837453","nwtoolset.exe","17432","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\Segoe UI","NAME NOT FOUND","Length: 144"
"12:56:04.1837832","nwtoolset.exe","17432","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS",""
"12:56:04.1839486","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:56:04.1839721","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: Name"
"12:56:04.1839974","nwtoolset.exe","17432","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","REPARSE","Desired Access: Read"
"12:56:04.1840230","nwtoolset.exe","17432","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS","Desired Access: Read"
"12:56:04.1840486","nwtoolset.exe","17432","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:56:04.1840645","nwtoolset.exe","17432","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\Segoe UI","NAME NOT FOUND","Length: 144"
"12:56:04.1840998","nwtoolset.exe","17432","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS",""
"12:56:04.1843967","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:56:04.1844121","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: Name"
"12:56:04.1844377","nwtoolset.exe","17432","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","REPARSE","Desired Access: Read"
"12:56:04.1844569","nwtoolset.exe","17432","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS","Desired Access: Read"
"12:56:04.1844705","nwtoolset.exe","17432","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:56:04.1844786","nwtoolset.exe","17432","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\MS Sans Serif","NAME NOT FOUND","Length: 144"
"12:56:04.1844991","nwtoolset.exe","17432","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS",""
"12:56:04.1850189","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:56:04.1850295","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: Name"
"12:56:04.1850454","nwtoolset.exe","17432","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","REPARSE","Desired Access: Read"
"12:56:04.1850605","nwtoolset.exe","17432","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS","Desired Access: Read"
"12:56:04.1850765","nwtoolset.exe","17432","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:56:04.1850876","nwtoolset.exe","17432","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\MS Sans Serif","NAME NOT FOUND","Length: 144"
"12:56:04.1851063","nwtoolset.exe","17432","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS",""
"12:56:04.1879129","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:56:04.1879295","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: Name"
"12:56:04.1879485","nwtoolset.exe","17432","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","REPARSE","Desired Access: Read"
"12:56:04.1879683","nwtoolset.exe","17432","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS","Desired Access: Read"
"12:56:04.1879843","nwtoolset.exe","17432","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:56:04.1879951","nwtoolset.exe","17432","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\Segoe UI","NAME NOT FOUND","Length: 144"
"12:56:04.1880150","nwtoolset.exe","17432","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS",""
"12:56:04.1899925","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:56:04.1900133","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: Name"
"12:56:04.1900474","nwtoolset.exe","17432","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","REPARSE","Desired Access: Read"
"12:56:04.1900844","nwtoolset.exe","17432","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS","Desired Access: Read"
"12:56:04.1901136","nwtoolset.exe","17432","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:56:04.1901329","nwtoolset.exe","17432","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\Segoe UI","NAME NOT FOUND","Length: 144"
"12:56:04.1901660","nwtoolset.exe","17432","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS",""
"12:56:04.1902826","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:56:04.1903003","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: Name"
"12:56:04.1903262","nwtoolset.exe","17432","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","REPARSE","Desired Access: Read"
"12:56:04.1903500","nwtoolset.exe","17432","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS","Desired Access: Read"
"12:56:04.1903741","nwtoolset.exe","17432","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:56:04.1903928","nwtoolset.exe","17432","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\Segoe UI","NAME NOT FOUND","Length: 144"
"12:56:04.1904214","nwtoolset.exe","17432","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS",""
"12:56:04.1911530","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:56:04.1911719","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: Name"
"12:56:04.1911858","nwtoolset.exe","17432","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","REPARSE","Desired Access: Read"
"12:56:04.1911990","nwtoolset.exe","17432","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS","Desired Access: Read"
"12:56:04.1912111","nwtoolset.exe","17432","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:56:04.1912189","nwtoolset.exe","17432","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\MS Sans Serif","NAME NOT FOUND","Length: 144"
"12:56:04.1912340","nwtoolset.exe","17432","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS",""
"12:56:04.1916123","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:56:04.1916201","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: Name"
"12:56:04.1916330","nwtoolset.exe","17432","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","REPARSE","Desired Access: Read"
"12:56:04.1916451","nwtoolset.exe","17432","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS","Desired Access: Read"
"12:56:04.1916568","nwtoolset.exe","17432","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:56:04.1916650","nwtoolset.exe","17432","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\MS Sans Serif","NAME NOT FOUND","Length: 144"
"12:56:04.1916797","nwtoolset.exe","17432","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS",""
"12:56:04.1991464","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:56:04.1991606","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: Name"
"12:56:04.1991796","nwtoolset.exe","17432","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","REPARSE","Desired Access: Read"
"12:56:04.1992000","nwtoolset.exe","17432","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS","Desired Access: Read"
"12:56:04.1992166","nwtoolset.exe","17432","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:56:04.1992275","nwtoolset.exe","17432","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\Segoe UI","NAME NOT FOUND","Length: 144"
"12:56:04.1992485","nwtoolset.exe","17432","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS",""
"12:56:04.2006258","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:56:04.2006385","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: Name"
"12:56:04.2006571","nwtoolset.exe","17432","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","REPARSE","Desired Access: Read"
"12:56:04.2006749","nwtoolset.exe","17432","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS","Desired Access: Read"
"12:56:04.2006909","nwtoolset.exe","17432","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:56:04.2007020","nwtoolset.exe","17432","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\Segoe UI","NAME NOT FOUND","Length: 144"
"12:56:04.2007210","nwtoolset.exe","17432","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS",""
"12:56:04.2008186","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:56:04.2008342","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: Name"
"12:56:04.2008523","nwtoolset.exe","17432","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","REPARSE","Desired Access: Read"
"12:56:04.2008670","nwtoolset.exe","17432","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS","Desired Access: Read"
"12:56:04.2008827","nwtoolset.exe","17432","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:56:04.2008936","nwtoolset.exe","17432","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\Segoe UI","NAME NOT FOUND","Length: 144"
"12:56:04.2009113","nwtoolset.exe","17432","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS",""
"12:56:04.2010420","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:56:04.2010499","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: Name"
"12:56:04.2010640","nwtoolset.exe","17432","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","REPARSE","Desired Access: Read"
"12:56:04.2010770","nwtoolset.exe","17432","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS","Desired Access: Read"
"12:56:04.2010911","nwtoolset.exe","17432","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:56:04.2010993","nwtoolset.exe","17432","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\MS Sans Serif","NAME NOT FOUND","Length: 144"
"12:56:04.2011143","nwtoolset.exe","17432","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS",""
"12:56:04.2014854","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:56:04.2014932","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: Name"
"12:56:04.2015061","nwtoolset.exe","17432","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","REPARSE","Desired Access: Read"
"12:56:04.2015185","nwtoolset.exe","17432","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS","Desired Access: Read"
"12:56:04.2015299","nwtoolset.exe","17432","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:56:04.2015378","nwtoolset.exe","17432","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\MS Sans Serif","NAME NOT FOUND","Length: 144"
"12:56:04.2015558","nwtoolset.exe","17432","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS",""
"12:56:04.2063117","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:56:04.2063264","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: Name"
"12:56:04.2063460","nwtoolset.exe","17432","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","REPARSE","Desired Access: Read"
"12:56:04.2063671","nwtoolset.exe","17432","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS","Desired Access: Read"
"12:56:04.2063837","nwtoolset.exe","17432","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:56:04.2063951","nwtoolset.exe","17432","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\Segoe UI","NAME NOT FOUND","Length: 144"
"12:56:04.2064162","nwtoolset.exe","17432","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS",""
"12:56:04.2094331","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:56:04.2094529","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: Name"
"12:56:04.2094800","nwtoolset.exe","17432","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","REPARSE","Desired Access: Read"
"12:56:04.2095084","nwtoolset.exe","17432","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS","Desired Access: Read"
"12:56:04.2095379","nwtoolset.exe","17432","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:56:04.2095556","nwtoolset.exe","17432","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\Segoe UI","NAME NOT FOUND","Length: 144"
"12:56:04.2095903","nwtoolset.exe","17432","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS",""
"12:56:04.2097514","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:56:04.2097857","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: Name"
"12:56:04.2098119","nwtoolset.exe","17432","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","REPARSE","Desired Access: Read"
"12:56:04.2098348","nwtoolset.exe","17432","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS","Desired Access: Read"
"12:56:04.2098848","nwtoolset.exe","17432","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:56:04.2099140","nwtoolset.exe","17432","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\Segoe UI","NAME NOT FOUND","Length: 144"
"12:56:04.2099469","nwtoolset.exe","17432","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS",""
"12:56:04.2153310","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:56:04.2153400","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: Name"
"12:56:04.2153551","nwtoolset.exe","17432","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","REPARSE","Desired Access: Read"
"12:56:04.2153713","nwtoolset.exe","17432","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS","Desired Access: Read"
"12:56:04.2153849","nwtoolset.exe","17432","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:56:04.2153930","nwtoolset.exe","17432","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\MS Sans Serif","NAME NOT FOUND","Length: 144"
"12:56:04.2154111","nwtoolset.exe","17432","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS",""
"12:56:04.2159354","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:56:04.2159613","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: Name"
"12:56:04.2159938","nwtoolset.exe","17432","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","REPARSE","Desired Access: Read"
"12:56:04.2160206","nwtoolset.exe","17432","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS","Desired Access: Read"
"12:56:04.2160447","nwtoolset.exe","17432","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:56:04.2160589","nwtoolset.exe","17432","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\MS Sans Serif","NAME NOT FOUND","Length: 144"
"12:56:04.2160800","nwtoolset.exe","17432","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS",""
"12:56:04.2219975","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:56:04.2220110","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: Name"
"12:56:04.2220312","nwtoolset.exe","17432","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","REPARSE","Desired Access: Read"
"12:56:04.2220532","nwtoolset.exe","17432","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS","Desired Access: Read"
"12:56:04.2220703","nwtoolset.exe","17432","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:56:04.2220821","nwtoolset.exe","17432","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\Segoe UI","NAME NOT FOUND","Length: 144"
"12:56:04.2221035","nwtoolset.exe","17432","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS",""
"12:56:04.2241012","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:56:04.2241171","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: Name"
"12:56:04.2241451","nwtoolset.exe","17432","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","REPARSE","Desired Access: Read"
"12:56:04.2241647","nwtoolset.exe","17432","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS","Desired Access: Read"
"12:56:04.2241828","nwtoolset.exe","17432","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:56:04.2241963","nwtoolset.exe","17432","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\Segoe UI","NAME NOT FOUND","Length: 144"
"12:56:04.2242186","nwtoolset.exe","17432","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS",""
"12:56:04.2243117","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:56:04.2243252","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: Name"
"12:56:04.2243424","nwtoolset.exe","17432","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","REPARSE","Desired Access: Read"
"12:56:04.2243575","nwtoolset.exe","17432","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS","Desired Access: Read"
"12:56:04.2243728","nwtoolset.exe","17432","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:56:04.2243840","nwtoolset.exe","17432","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\Segoe UI","NAME NOT FOUND","Length: 144"
"12:56:04.2244041","nwtoolset.exe","17432","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS",""
"12:56:04.2246391","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:56:04.2246514","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: Name"
"12:56:04.2246725","nwtoolset.exe","17432","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","REPARSE","Desired Access: Read"
"12:56:04.2246924","nwtoolset.exe","17432","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS","Desired Access: Read"
"12:56:04.2247116","nwtoolset.exe","17432","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:56:04.2247237","nwtoolset.exe","17432","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\MS Sans Serif","NAME NOT FOUND","Length: 144"
"12:56:04.2247403","nwtoolset.exe","17432","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS",""
"12:56:04.2258167","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:56:04.2258311","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: Name"
"12:56:04.2258558","nwtoolset.exe","17432","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","REPARSE","Desired Access: Read"
"12:56:04.2258778","nwtoolset.exe","17432","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS","Desired Access: Read"
"12:56:04.2258977","nwtoolset.exe","17432","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:56:04.2259112","nwtoolset.exe","17432","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\MS Sans Serif","NAME NOT FOUND","Length: 144"
"12:56:04.2259350","nwtoolset.exe","17432","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS",""
"12:56:04.2320284","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\dxgi.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.2320796","nwtoolset.exe","17432","QueryBasicInformationFile","C:\Windows\SysWOW64\dxgi.dll","SUCCESS","CreationTime: 22/12/2017 23:38:41, LastAccessTime: 02/04/2018 12:55:38, LastWriteTime: 22/12/2017 23:38:41, ChangeTime: 13/03/2018 21:29:18, FileAttributes: A"
"12:56:04.2320907","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\dxgi.dll","SUCCESS",""
"12:56:04.2322193","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\dxgi.dll","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.2322711","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\dxgi.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READ|PAGE_NOCACHE"
"12:56:04.2322847","nwtoolset.exe","17432","QueryStandardInformationFile","C:\Windows\SysWOW64\dxgi.dll","SUCCESS","AllocationSize: 593,920, EndOfFile: 590,944, NumberOfLinks: 2, DeletePending: False, Directory: False"
"12:56:04.2323021","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\dxgi.dll","SUCCESS","SyncType: SyncTypeOther"
"12:56:04.2323639","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\dxgi.dll","SUCCESS",""
"12:56:04.2325831","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\dxgi.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.2326175","nwtoolset.exe","17432","QueryBasicInformationFile","C:\Windows\SysWOW64\dxgi.dll","SUCCESS","CreationTime: 22/12/2017 23:38:41, LastAccessTime: 02/04/2018 12:55:38, LastWriteTime: 22/12/2017 23:38:41, ChangeTime: 13/03/2018 21:29:18, FileAttributes: A"
"12:56:04.2326274","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\dxgi.dll","SUCCESS",""
"12:56:04.2327497","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\dxgi.dll","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.2328003","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\dxgi.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READ|PAGE_NOCACHE"
"12:56:04.2328123","nwtoolset.exe","17432","QueryStandardInformationFile","C:\Windows\SysWOW64\dxgi.dll","SUCCESS","AllocationSize: 593,920, EndOfFile: 590,944, NumberOfLinks: 2, DeletePending: False, Directory: False"
"12:56:04.2328277","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\dxgi.dll","SUCCESS","SyncType: SyncTypeOther"
"12:56:04.2328795","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\dxgi.dll","SUCCESS",""
"12:56:04.2331063","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\d3d9.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.2331439","nwtoolset.exe","17432","QueryBasicInformationFile","C:\Windows\SysWOW64\d3d9.dll","SUCCESS","CreationTime: 22/12/2017 23:38:45, LastAccessTime: 02/04/2018 12:35:55, LastWriteTime: 22/12/2017 23:38:45, ChangeTime: 13/03/2018 21:29:18, FileAttributes: A"
"12:56:04.2331542","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\d3d9.dll","SUCCESS",""
"12:56:04.2332743","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\d3d9.dll","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.2333249","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\d3d9.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READ|PAGE_NOCACHE"
"12:56:04.2333373","nwtoolset.exe","17432","QueryStandardInformationFile","C:\Windows\SysWOW64\d3d9.dll","SUCCESS","AllocationSize: 1,478,656, EndOfFile: 1,474,680, NumberOfLinks: 2, DeletePending: False, Directory: False"
"12:56:04.2333566","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\d3d9.dll","SUCCESS","SyncType: SyncTypeOther"
"12:56:04.2334111","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\d3d9.dll","SUCCESS",""
"12:56:04.2337126","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\d3d9.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.2337592","nwtoolset.exe","17432","QueryBasicInformationFile","C:\Windows\SysWOW64\d3d9.dll","SUCCESS","CreationTime: 22/12/2017 23:38:45, LastAccessTime: 02/04/2018 12:35:55, LastWriteTime: 22/12/2017 23:38:45, ChangeTime: 13/03/2018 21:29:18, FileAttributes: A"
"12:56:04.2337695","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\d3d9.dll","SUCCESS",""
"12:56:04.2338836","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\d3d9.dll","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.2339396","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\d3d9.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READ|PAGE_NOCACHE"
"12:56:04.2339517","nwtoolset.exe","17432","QueryStandardInformationFile","C:\Windows\SysWOW64\d3d9.dll","SUCCESS","AllocationSize: 1,478,656, EndOfFile: 1,474,680, NumberOfLinks: 2, DeletePending: False, Directory: False"
"12:56:04.2339800","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\d3d9.dll","SUCCESS","SyncType: SyncTypeOther"
"12:56:04.2340463","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\d3d9.dll","SUCCESS",""
"12:56:04.2342754","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\d3d8.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.2343173","nwtoolset.exe","17432","QueryBasicInformationFile","C:\Windows\SysWOW64\d3d8.dll","SUCCESS","CreationTime: 29/09/2017 15:42:14, LastAccessTime: 19/03/2018 00:32:50, LastWriteTime: 29/09/2017 15:42:14, ChangeTime: 22/12/2017 23:57:14, FileAttributes: A"
"12:56:04.2343285","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\d3d8.dll","SUCCESS",""
"12:56:04.2344426","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\d3d8.dll","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.2344935","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\d3d8.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READ|PAGE_NOCACHE"
"12:56:04.2345061","nwtoolset.exe","17432","QueryStandardInformationFile","C:\Windows\SysWOW64\d3d8.dll","SUCCESS","AllocationSize: 716,800, EndOfFile: 713,216, NumberOfLinks: 2, DeletePending: False, Directory: False"
"12:56:04.2345218","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\d3d8.dll","SUCCESS","SyncType: SyncTypeOther"
"12:56:04.2345739","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\d3d8.dll","SUCCESS",""
"12:56:04.2347820","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\d3d8.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.2348148","nwtoolset.exe","17432","QueryBasicInformationFile","C:\Windows\SysWOW64\d3d8.dll","SUCCESS","CreationTime: 29/09/2017 15:42:14, LastAccessTime: 19/03/2018 00:32:50, LastWriteTime: 29/09/2017 15:42:14, ChangeTime: 22/12/2017 23:57:14, FileAttributes: A"
"12:56:04.2348245","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\d3d8.dll","SUCCESS",""
"12:56:04.2349293","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\d3d8.dll","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.2349844","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\d3d8.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READ|PAGE_NOCACHE"
"12:56:04.2349968","nwtoolset.exe","17432","QueryStandardInformationFile","C:\Windows\SysWOW64\d3d8.dll","SUCCESS","AllocationSize: 716,800, EndOfFile: 713,216, NumberOfLinks: 2, DeletePending: False, Directory: False"
"12:56:04.2350118","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\d3d8.dll","SUCCESS","SyncType: SyncTypeOther"
"12:56:04.2350645","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\d3d8.dll","SUCCESS",""
"12:56:04.2352594","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\d3d.dll","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:56:04.2354889","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\d3d.dll","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:56:04.2357825","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\ddraw.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.2358575","nwtoolset.exe","17432","QueryBasicInformationFile","C:\Windows\SysWOW64\ddraw.dll","SUCCESS","CreationTime: 29/09/2017 15:42:14, LastAccessTime: 02/04/2018 12:11:32, LastWriteTime: 29/09/2017 15:42:14, ChangeTime: 22/12/2017 23:57:15, FileAttributes: A"
"12:56:04.2358771","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\ddraw.dll","SUCCESS",""
"12:56:04.2360277","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\ddraw.dll","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.2360888","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\ddraw.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READ|PAGE_NOCACHE"
"12:56:04.2361030","nwtoolset.exe","17432","QueryStandardInformationFile","C:\Windows\SysWOW64\ddraw.dll","SUCCESS","AllocationSize: 532,480, EndOfFile: 531,456, NumberOfLinks: 2, DeletePending: False, Directory: False"
"12:56:04.2361213","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\ddraw.dll","SUCCESS","SyncType: SyncTypeOther"
"12:56:04.2361786","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\ddraw.dll","SUCCESS",""
"12:56:04.2363861","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\ddraw.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.2364231","nwtoolset.exe","17432","QueryBasicInformationFile","C:\Windows\SysWOW64\ddraw.dll","SUCCESS","CreationTime: 29/09/2017 15:42:14, LastAccessTime: 02/04/2018 12:11:32, LastWriteTime: 29/09/2017 15:42:14, ChangeTime: 22/12/2017 23:57:15, FileAttributes: A"
"12:56:04.2364361","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\ddraw.dll","SUCCESS",""
"12:56:04.2365538","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\ddraw.dll","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.2366089","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\ddraw.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READ|PAGE_NOCACHE"
"12:56:04.2366210","nwtoolset.exe","17432","QueryStandardInformationFile","C:\Windows\SysWOW64\ddraw.dll","SUCCESS","AllocationSize: 532,480, EndOfFile: 531,456, NumberOfLinks: 2, DeletePending: False, Directory: False"
"12:56:04.2366448","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\ddraw.dll","SUCCESS","SyncType: SyncTypeOther"
"12:56:04.2367113","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\ddraw.dll","SUCCESS",""
"12:56:04.2369249","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\opengl32.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.2369619","nwtoolset.exe","17432","QueryBasicInformationFile","C:\Windows\SysWOW64\opengl32.dll","SUCCESS","CreationTime: 29/09/2017 15:42:22, LastAccessTime: 02/04/2018 12:56:04, LastWriteTime: 29/09/2017 15:42:22, ChangeTime: 22/12/2017 23:57:21, FileAttributes: A"
"12:56:04.2369722","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\opengl32.dll","SUCCESS",""
"12:56:04.2416184","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:56:04.2416389","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: Name"
"12:56:04.2416636","nwtoolset.exe","17432","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","REPARSE","Desired Access: Read"
"12:56:04.2416889","nwtoolset.exe","17432","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS","Desired Access: Read"
"12:56:04.2417069","nwtoolset.exe","17432","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:56:04.2417190","nwtoolset.exe","17432","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\Segoe UI","NAME NOT FOUND","Length: 144"
"12:56:04.2417398","nwtoolset.exe","17432","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS",""
"12:56:04.2439380","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:56:04.2439528","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: Name"
"12:56:04.2439748","nwtoolset.exe","17432","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","REPARSE","Desired Access: Read"
"12:56:04.2440121","nwtoolset.exe","17432","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS","Desired Access: Read"
"12:56:04.2440434","nwtoolset.exe","17432","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:56:04.2440654","nwtoolset.exe","17432","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\Segoe UI","NAME NOT FOUND","Length: 144"
"12:56:04.2441010","nwtoolset.exe","17432","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS",""
"12:56:04.2465519","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:56:04.2465637","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: Name"
"12:56:04.2465838","nwtoolset.exe","17432","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","REPARSE","Desired Access: Read"
"12:56:04.2466010","nwtoolset.exe","17432","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS","Desired Access: Read"
"12:56:04.2466161","nwtoolset.exe","17432","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:56:04.2466266","nwtoolset.exe","17432","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\Segoe UI","NAME NOT FOUND","Length: 144"
"12:56:04.2466456","nwtoolset.exe","17432","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS",""
"12:56:04.2470386","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:56:04.2470525","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: Name"
"12:56:04.2470739","nwtoolset.exe","17432","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","REPARSE","Desired Access: Read"
"12:56:04.2470955","nwtoolset.exe","17432","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS","Desired Access: Read"
"12:56:04.2471160","nwtoolset.exe","17432","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:56:04.2471308","nwtoolset.exe","17432","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\MS Sans Serif","NAME NOT FOUND","Length: 144"
"12:56:04.2471534","nwtoolset.exe","17432","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS",""
"12:56:04.2481222","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:56:04.2481343","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: Name"
"12:56:04.2481497","nwtoolset.exe","17432","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","REPARSE","Desired Access: Read"
"12:56:04.2481647","nwtoolset.exe","17432","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS","Desired Access: Read"
"12:56:04.2481783","nwtoolset.exe","17432","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:56:04.2481876","nwtoolset.exe","17432","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\MS Sans Serif","NAME NOT FOUND","Length: 144"
"12:56:04.2482126","nwtoolset.exe","17432","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS",""
"12:56:04.2542397","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:56:04.2542671","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: Name"
"12:56:04.2543005","nwtoolset.exe","17432","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","REPARSE","Desired Access: Read"
"12:56:04.2543225","nwtoolset.exe","17432","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS","Desired Access: Read"
"12:56:04.2543403","nwtoolset.exe","17432","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:56:04.2543758","nwtoolset.exe","17432","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\Segoe UI","NAME NOT FOUND","Length: 144"
"12:56:04.2543981","nwtoolset.exe","17432","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS",""
"12:56:04.2569033","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:56:04.2569187","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: Name"
"12:56:04.2569400","nwtoolset.exe","17432","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","REPARSE","Desired Access: Read"
"12:56:04.2569605","nwtoolset.exe","17432","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS","Desired Access: Read"
"12:56:04.2569786","nwtoolset.exe","17432","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:56:04.2569918","nwtoolset.exe","17432","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\Segoe UI","NAME NOT FOUND","Length: 144"
"12:56:04.2570132","nwtoolset.exe","17432","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS",""
"12:56:04.2571165","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:56:04.2571331","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: Name"
"12:56:04.2571575","nwtoolset.exe","17432","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","REPARSE","Desired Access: Read"
"12:56:04.2571804","nwtoolset.exe","17432","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS","Desired Access: Read"
"12:56:04.2571990","nwtoolset.exe","17432","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:56:04.2572102","nwtoolset.exe","17432","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\Segoe UI","NAME NOT FOUND","Length: 144"
"12:56:04.2572292","nwtoolset.exe","17432","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS",""
"12:56:04.2574349","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:56:04.2574439","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: Name"
"12:56:04.2574671","nwtoolset.exe","17432","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","REPARSE","Desired Access: Read"
"12:56:04.2574906","nwtoolset.exe","17432","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS","Desired Access: Read"
"12:56:04.2575195","nwtoolset.exe","17432","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:56:04.2575349","nwtoolset.exe","17432","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\MS Sans Serif","NAME NOT FOUND","Length: 144"
"12:56:04.2575605","nwtoolset.exe","17432","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS",""
"12:56:04.2589085","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:56:04.2589173","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: Name"
"12:56:04.2589323","nwtoolset.exe","17432","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","REPARSE","Desired Access: Read"
"12:56:04.2589474","nwtoolset.exe","17432","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS","Desired Access: Read"
"12:56:04.2589603","nwtoolset.exe","17432","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:56:04.2589688","nwtoolset.exe","17432","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\MS Sans Serif","NAME NOT FOUND","Length: 144"
"12:56:04.2589865","nwtoolset.exe","17432","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS",""
"12:56:04.2640201","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:56:04.2640390","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: Name"
"12:56:04.2640670","nwtoolset.exe","17432","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","REPARSE","Desired Access: Read"
"12:56:04.2640953","nwtoolset.exe","17432","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS","Desired Access: Read"
"12:56:04.2641414","nwtoolset.exe","17432","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:56:04.2641616","nwtoolset.exe","17432","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\Segoe UI","NAME NOT FOUND","Length: 144"
"12:56:04.2641971","nwtoolset.exe","17432","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS",""
"12:56:04.2665602","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:56:04.2665824","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: Name"
"12:56:04.2666120","nwtoolset.exe","17432","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","REPARSE","Desired Access: Read"
"12:56:04.2666394","nwtoolset.exe","17432","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS","Desired Access: Read"
"12:56:04.2666583","nwtoolset.exe","17432","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:56:04.2666707","nwtoolset.exe","17432","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\Segoe UI","NAME NOT FOUND","Length: 144"
"12:56:04.2666918","nwtoolset.exe","17432","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS",""
"12:56:04.2668156","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:56:04.2668261","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: Name"
"12:56:04.2668424","nwtoolset.exe","17432","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","REPARSE","Desired Access: Read"
"12:56:04.2668571","nwtoolset.exe","17432","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS","Desired Access: Read"
"12:56:04.2668734","nwtoolset.exe","17432","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:56:04.2668839","nwtoolset.exe","17432","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\Segoe UI","NAME NOT FOUND","Length: 144"
"12:56:04.2669020","nwtoolset.exe","17432","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS",""
"12:56:04.2680215","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:56:04.2680302","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: Name"
"12:56:04.2680437","nwtoolset.exe","17432","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","REPARSE","Desired Access: Read"
"12:56:04.2680618","nwtoolset.exe","17432","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS","Desired Access: Read"
"12:56:04.2680814","nwtoolset.exe","17432","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:56:04.2680934","nwtoolset.exe","17432","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\MS Sans Serif","NAME NOT FOUND","Length: 144"
"12:56:04.2681157","nwtoolset.exe","17432","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS",""
"12:56:04.2690009","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:56:04.2690099","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: Name"
"12:56:04.2690244","nwtoolset.exe","17432","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","REPARSE","Desired Access: Read"
"12:56:04.2690388","nwtoolset.exe","17432","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS","Desired Access: Read"
"12:56:04.2690515","nwtoolset.exe","17432","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:56:04.2690596","nwtoolset.exe","17432","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\MS Sans Serif","NAME NOT FOUND","Length: 144"
"12:56:04.2690768","nwtoolset.exe","17432","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS",""
"12:56:04.2731676","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:56:04.2731815","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: Name"
"12:56:04.2732014","nwtoolset.exe","17432","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","REPARSE","Desired Access: Read"
"12:56:04.2732215","nwtoolset.exe","17432","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS","Desired Access: Read"
"12:56:04.2732387","nwtoolset.exe","17432","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:56:04.2732508","nwtoolset.exe","17432","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\Segoe UI","NAME NOT FOUND","Length: 144"
"12:56:04.2732712","nwtoolset.exe","17432","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS",""
"12:56:04.2768838","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:56:04.2769010","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: Name"
"12:56:04.2769263","nwtoolset.exe","17432","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","REPARSE","Desired Access: Read"
"12:56:04.2769546","nwtoolset.exe","17432","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS","Desired Access: Read"
"12:56:04.2769802","nwtoolset.exe","17432","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:56:04.2769992","nwtoolset.exe","17432","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\Segoe UI","NAME NOT FOUND","Length: 144"
"12:56:04.2770278","nwtoolset.exe","17432","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS",""
"12:56:04.2771681","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:56:04.2771862","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: Name"
"12:56:04.2772064","nwtoolset.exe","17432","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","REPARSE","Desired Access: Read"
"12:56:04.2772263","nwtoolset.exe","17432","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS","Desired Access: Read"
"12:56:04.2772431","nwtoolset.exe","17432","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:56:04.2772543","nwtoolset.exe","17432","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\Segoe UI","NAME NOT FOUND","Length: 144"
"12:56:04.2772729","nwtoolset.exe","17432","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS",""
"12:56:04.2774503","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:56:04.2774630","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: Name"
"12:56:04.2774838","nwtoolset.exe","17432","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","REPARSE","Desired Access: Read"
"12:56:04.2774973","nwtoolset.exe","17432","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS","Desired Access: Read"
"12:56:04.2775106","nwtoolset.exe","17432","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:56:04.2775193","nwtoolset.exe","17432","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\MS Sans Serif","NAME NOT FOUND","Length: 144"
"12:56:04.2775446","nwtoolset.exe","17432","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS",""
"12:56:04.2789318","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:56:04.2789448","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: Name"
"12:56:04.2789649","nwtoolset.exe","17432","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","REPARSE","Desired Access: Read"
"12:56:04.2789857","nwtoolset.exe","17432","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS","Desired Access: Read"
"12:56:04.2790062","nwtoolset.exe","17432","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:56:04.2790195","nwtoolset.exe","17432","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\MS Sans Serif","NAME NOT FOUND","Length: 144"
"12:56:04.2790444","nwtoolset.exe","17432","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS",""
"12:56:04.2841957","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:56:04.2842090","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: Name"
"12:56:04.2842295","nwtoolset.exe","17432","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","REPARSE","Desired Access: Read"
"12:56:04.2842518","nwtoolset.exe","17432","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS","Desired Access: Read"
"12:56:04.2842689","nwtoolset.exe","17432","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:56:04.2842804","nwtoolset.exe","17432","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\Segoe UI","NAME NOT FOUND","Length: 144"
"12:56:04.2843033","nwtoolset.exe","17432","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS",""
"12:56:04.2864943","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:56:04.2865082","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: Name"
"12:56:04.2865295","nwtoolset.exe","17432","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","REPARSE","Desired Access: Read"
"12:56:04.2865524","nwtoolset.exe","17432","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS","Desired Access: Read"
"12:56:04.2865699","nwtoolset.exe","17432","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:56:04.2865816","nwtoolset.exe","17432","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\Segoe UI","NAME NOT FOUND","Length: 144"
"12:56:04.2866078","nwtoolset.exe","17432","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS",""
"12:56:04.2876809","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:56:04.2876918","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: Name"
"12:56:04.2877083","nwtoolset.exe","17432","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","REPARSE","Desired Access: Read"
"12:56:04.2877234","nwtoolset.exe","17432","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS","Desired Access: Read"
"12:56:04.2877382","nwtoolset.exe","17432","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:56:04.2877496","nwtoolset.exe","17432","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\Segoe UI","NAME NOT FOUND","Length: 144"
"12:56:04.2877677","nwtoolset.exe","17432","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS",""
"12:56:04.2881134","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:56:04.2881216","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: Name"
"12:56:04.2881357","nwtoolset.exe","17432","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","REPARSE","Desired Access: Read"
"12:56:04.2881487","nwtoolset.exe","17432","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS","Desired Access: Read"
"12:56:04.2881604","nwtoolset.exe","17432","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:56:04.2881752","nwtoolset.exe","17432","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\MS Sans Serif","NAME NOT FOUND","Length: 144"
"12:56:04.2882020","nwtoolset.exe","17432","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS",""
"12:56:04.2890061","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:56:04.2890163","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: Name"
"12:56:04.2890419","nwtoolset.exe","17432","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","REPARSE","Desired Access: Read"
"12:56:04.2890645","nwtoolset.exe","17432","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS","Desired Access: Read"
"12:56:04.2890859","nwtoolset.exe","17432","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:56:04.2891034","nwtoolset.exe","17432","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\MS Sans Serif","NAME NOT FOUND","Length: 144"
"12:56:04.2891305","nwtoolset.exe","17432","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS",""
"12:56:04.3019762","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:56:04.3019909","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: Name"
"12:56:04.3020141","nwtoolset.exe","17432","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","REPARSE","Desired Access: Read"
"12:56:04.3020446","nwtoolset.exe","17432","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS","Desired Access: Read"
"12:56:04.3020680","nwtoolset.exe","17432","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:56:04.3020825","nwtoolset.exe","17432","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\MS Sans Serif","NAME NOT FOUND","Length: 144"
"12:56:04.3021096","nwtoolset.exe","17432","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS",""
"12:56:04.3062243","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:56:04.3062366","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: Name"
"12:56:04.3062562","nwtoolset.exe","17432","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","REPARSE","Desired Access: Read"
"12:56:04.3062848","nwtoolset.exe","17432","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS","Desired Access: Read"
"12:56:04.3063032","nwtoolset.exe","17432","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:56:04.3063146","nwtoolset.exe","17432","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\Segoe UI","NAME NOT FOUND","Length: 144"
"12:56:04.3063363","nwtoolset.exe","17432","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS",""
"12:56:04.3081885","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:56:04.3082009","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: Name"
"12:56:04.3082201","nwtoolset.exe","17432","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","REPARSE","Desired Access: Read"
"12:56:04.3082379","nwtoolset.exe","17432","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS","Desired Access: Read"
"12:56:04.3082539","nwtoolset.exe","17432","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:56:04.3082653","nwtoolset.exe","17432","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\Segoe UI","NAME NOT FOUND","Length: 144"
"12:56:04.3082852","nwtoolset.exe","17432","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS",""
"12:56:04.3087885","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:56:04.3087990","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: Name"
"12:56:04.3088153","nwtoolset.exe","17432","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","REPARSE","Desired Access: Read"
"12:56:04.3088297","nwtoolset.exe","17432","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS","Desired Access: Read"
"12:56:04.3088439","nwtoolset.exe","17432","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:56:04.3088544","nwtoolset.exe","17432","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\Segoe UI","NAME NOT FOUND","Length: 144"
"12:56:04.3088722","nwtoolset.exe","17432","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS",""
"12:56:04.3090225","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:56:04.3090306","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: Name"
"12:56:04.3090438","nwtoolset.exe","17432","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","REPARSE","Desired Access: Read"
"12:56:04.3090559","nwtoolset.exe","17432","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS","Desired Access: Read"
"12:56:04.3090673","nwtoolset.exe","17432","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:56:04.3090755","nwtoolset.exe","17432","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\MS Sans Serif","NAME NOT FOUND","Length: 144"
"12:56:04.3090963","nwtoolset.exe","17432","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS",""
"12:56:04.3099242","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:56:04.3099389","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: Name"
"12:56:04.3099784","nwtoolset.exe","17432","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","REPARSE","Desired Access: Read"
"12:56:04.3100070","nwtoolset.exe","17432","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS","Desired Access: Read"
"12:56:04.3100314","nwtoolset.exe","17432","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:56:04.3100459","nwtoolset.exe","17432","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\MS Sans Serif","NAME NOT FOUND","Length: 144"
"12:56:04.3100748","nwtoolset.exe","17432","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS",""
"12:56:04.3128411","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:56:04.3128534","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: Name"
"12:56:04.3128736","nwtoolset.exe","17432","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","REPARSE","Desired Access: Read"
"12:56:04.3128974","nwtoolset.exe","17432","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS","Desired Access: Read"
"12:56:04.3129142","nwtoolset.exe","17432","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:56:04.3129251","nwtoolset.exe","17432","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\Segoe UI","NAME NOT FOUND","Length: 144"
"12:56:04.3129477","nwtoolset.exe","17432","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS",""
"12:56:04.3143966","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:56:04.3144102","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: Name"
"12:56:04.3144298","nwtoolset.exe","17432","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","REPARSE","Desired Access: Read"
"12:56:04.3144499","nwtoolset.exe","17432","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS","Desired Access: Read"
"12:56:04.3144671","nwtoolset.exe","17432","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:56:04.3144794","nwtoolset.exe","17432","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\Segoe UI","NAME NOT FOUND","Length: 144"
"12:56:04.3145011","nwtoolset.exe","17432","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS",""
"12:56:04.3145885","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:56:04.3146014","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: Name"
"12:56:04.3146231","nwtoolset.exe","17432","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","REPARSE","Desired Access: Read"
"12:56:04.3146382","nwtoolset.exe","17432","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS","Desired Access: Read"
"12:56:04.3146526","nwtoolset.exe","17432","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:56:04.3146632","nwtoolset.exe","17432","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\Segoe UI","NAME NOT FOUND","Length: 144"
"12:56:04.3146855","nwtoolset.exe","17432","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS",""
"12:56:04.3148631","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:56:04.3148719","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: Name"
"12:56:04.3148866","nwtoolset.exe","17432","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","REPARSE","Desired Access: Read"
"12:56:04.3149014","nwtoolset.exe","17432","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS","Desired Access: Read"
"12:56:04.3149143","nwtoolset.exe","17432","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:56:04.3149222","nwtoolset.exe","17432","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\MS Sans Serif","NAME NOT FOUND","Length: 144"
"12:56:04.3149384","nwtoolset.exe","17432","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS",""
"12:56:04.3154025","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:56:04.3154113","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: Name"
"12:56:04.3154254","nwtoolset.exe","17432","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","REPARSE","Desired Access: Read"
"12:56:04.3154384","nwtoolset.exe","17432","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS","Desired Access: Read"
"12:56:04.3154604","nwtoolset.exe","17432","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:56:04.3154736","nwtoolset.exe","17432","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\MS Sans Serif","NAME NOT FOUND","Length: 144"
"12:56:04.3154986","nwtoolset.exe","17432","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS",""
"12:56:04.3178168","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:56:04.3178297","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: Name"
"12:56:04.3178487","nwtoolset.exe","17432","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","REPARSE","Desired Access: Read"
"12:56:04.3178686","nwtoolset.exe","17432","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS","Desired Access: Read"
"12:56:04.3178851","nwtoolset.exe","17432","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:56:04.3178966","nwtoolset.exe","17432","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\Segoe UI","NAME NOT FOUND","Length: 144"
"12:56:04.3179174","nwtoolset.exe","17432","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS",""
"12:56:04.3190998","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:56:04.3191136","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: Name"
"12:56:04.3191332","nwtoolset.exe","17432","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","REPARSE","Desired Access: Read"
"12:56:04.3191516","nwtoolset.exe","17432","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS","Desired Access: Read"
"12:56:04.3191684","nwtoolset.exe","17432","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:56:04.3191811","nwtoolset.exe","17432","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\Segoe UI","NAME NOT FOUND","Length: 144"
"12:56:04.3192040","nwtoolset.exe","17432","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS",""
"12:56:04.3192919","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:56:04.3193025","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: Name"
"12:56:04.3193272","nwtoolset.exe","17432","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","REPARSE","Desired Access: Read"
"12:56:04.3193497","nwtoolset.exe","17432","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS","Desired Access: Read"
"12:56:04.3193720","nwtoolset.exe","17432","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:56:04.3193886","nwtoolset.exe","17432","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\Segoe UI","NAME NOT FOUND","Length: 144"
"12:56:04.3194163","nwtoolset.exe","17432","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS",""
"12:56:04.3195404","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:56:04.3195488","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: Name"
"12:56:04.3195624","nwtoolset.exe","17432","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","REPARSE","Desired Access: Read"
"12:56:04.3195883","nwtoolset.exe","17432","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS","Desired Access: Read"
"12:56:04.3196085","nwtoolset.exe","17432","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:56:04.3196181","nwtoolset.exe","17432","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\MS Sans Serif","NAME NOT FOUND","Length: 144"
"12:56:04.3196425","nwtoolset.exe","17432","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS",""
"12:56:04.3200433","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:56:04.3200515","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: Name"
"12:56:04.3200647","nwtoolset.exe","17432","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","REPARSE","Desired Access: Read"
"12:56:04.3200780","nwtoolset.exe","17432","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS","Desired Access: Read"
"12:56:04.3200897","nwtoolset.exe","17432","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:56:04.3200991","nwtoolset.exe","17432","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\MS Sans Serif","NAME NOT FOUND","Length: 144"
"12:56:04.3201156","nwtoolset.exe","17432","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS",""
"12:56:04.3222609","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:56:04.3222735","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: Name"
"12:56:04.3222916","nwtoolset.exe","17432","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","REPARSE","Desired Access: Read"
"12:56:04.3223124","nwtoolset.exe","17432","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS","Desired Access: Read"
"12:56:04.3223284","nwtoolset.exe","17432","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:56:04.3223392","nwtoolset.exe","17432","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\Segoe UI","NAME NOT FOUND","Length: 144"
"12:56:04.3223597","nwtoolset.exe","17432","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS",""
"12:56:04.3236836","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:56:04.3236978","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: Name"
"12:56:04.3237177","nwtoolset.exe","17432","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","REPARSE","Desired Access: Read"
"12:56:04.3237382","nwtoolset.exe","17432","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS","Desired Access: Read"
"12:56:04.3237553","nwtoolset.exe","17432","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:56:04.3237677","nwtoolset.exe","17432","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\Segoe UI","NAME NOT FOUND","Length: 144"
"12:56:04.3237885","nwtoolset.exe","17432","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS",""
"12:56:04.3238737","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:56:04.3238842","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: Name"
"12:56:04.3239002","nwtoolset.exe","17432","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","REPARSE","Desired Access: Read"
"12:56:04.3239149","nwtoolset.exe","17432","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS","Desired Access: Read"
"12:56:04.3239291","nwtoolset.exe","17432","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:56:04.3239390","nwtoolset.exe","17432","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\Segoe UI","NAME NOT FOUND","Length: 144"
"12:56:04.3239559","nwtoolset.exe","17432","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS",""
"12:56:04.3244884","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:56:04.3244965","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: Name"
"12:56:04.3245116","nwtoolset.exe","17432","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","REPARSE","Desired Access: Read"
"12:56:04.3245254","nwtoolset.exe","17432","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS","Desired Access: Read"
"12:56:04.3245378","nwtoolset.exe","17432","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:56:04.3245456","nwtoolset.exe","17432","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\MS Sans Serif","NAME NOT FOUND","Length: 144"
"12:56:04.3245613","nwtoolset.exe","17432","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS",""
"12:56:04.3251121","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:56:04.3251311","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: Name"
"12:56:04.3251480","nwtoolset.exe","17432","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","REPARSE","Desired Access: Read"
"12:56:04.3251705","nwtoolset.exe","17432","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS","Desired Access: Read"
"12:56:04.3251919","nwtoolset.exe","17432","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:56:04.3252052","nwtoolset.exe","17432","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\MS Sans Serif","NAME NOT FOUND","Length: 144"
"12:56:04.3252290","nwtoolset.exe","17432","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS",""
"12:56:04.3311082","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:56:04.3311218","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: Name"
"12:56:04.3311428","nwtoolset.exe","17432","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","REPARSE","Desired Access: Read"
"12:56:04.3311702","nwtoolset.exe","17432","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS","Desired Access: Read"
"12:56:04.3311889","nwtoolset.exe","17432","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:56:04.3312004","nwtoolset.exe","17432","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\Segoe UI","NAME NOT FOUND","Length: 144"
"12:56:04.3312245","nwtoolset.exe","17432","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS",""
"12:56:04.3333035","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:56:04.3333161","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: Name"
"12:56:04.3333348","nwtoolset.exe","17432","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","REPARSE","Desired Access: Read"
"12:56:04.3333544","nwtoolset.exe","17432","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS","Desired Access: Read"
"12:56:04.3333703","nwtoolset.exe","17432","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:56:04.3333815","nwtoolset.exe","17432","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\Segoe UI","NAME NOT FOUND","Length: 144"
"12:56:04.3334019","nwtoolset.exe","17432","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS",""
"12:56:04.3334923","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:56:04.3335065","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: Name"
"12:56:04.3335290","nwtoolset.exe","17432","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","REPARSE","Desired Access: Read"
"12:56:04.3335519","nwtoolset.exe","17432","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS","Desired Access: Read"
"12:56:04.3335700","nwtoolset.exe","17432","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:56:04.3335805","nwtoolset.exe","17432","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\Segoe UI","NAME NOT FOUND","Length: 144"
"12:56:04.3335977","nwtoolset.exe","17432","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS",""
"12:56:04.3338775","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:56:04.3338862","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: Name"
"12:56:04.3339007","nwtoolset.exe","17432","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","REPARSE","Desired Access: Read"
"12:56:04.3339142","nwtoolset.exe","17432","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS","Desired Access: Read"
"12:56:04.3339266","nwtoolset.exe","17432","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:56:04.3339347","nwtoolset.exe","17432","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\MS Sans Serif","NAME NOT FOUND","Length: 144"
"12:56:04.3339516","nwtoolset.exe","17432","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS",""
"12:56:04.3344193","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:56:04.3344290","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: Name"
"12:56:04.3344449","nwtoolset.exe","17432","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","REPARSE","Desired Access: Read"
"12:56:04.3344591","nwtoolset.exe","17432","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS","Desired Access: Read"
"12:56:04.3344723","nwtoolset.exe","17432","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:56:04.3344808","nwtoolset.exe","17432","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\MS Sans Serif","NAME NOT FOUND","Length: 144"
"12:56:04.3344973","nwtoolset.exe","17432","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS",""
"12:56:04.3381099","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:56:04.3381232","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: Name"
"12:56:04.3381424","nwtoolset.exe","17432","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","REPARSE","Desired Access: Read"
"12:56:04.3381641","nwtoolset.exe","17432","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS","Desired Access: Read"
"12:56:04.3381813","nwtoolset.exe","17432","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:56:04.3381924","nwtoolset.exe","17432","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\Segoe UI","NAME NOT FOUND","Length: 144"
"12:56:04.3382129","nwtoolset.exe","17432","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS",""
"12:56:04.3392553","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:56:04.3392673","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: Name"
"12:56:04.3392848","nwtoolset.exe","17432","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","REPARSE","Desired Access: Read"
"12:56:04.3393011","nwtoolset.exe","17432","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS","Desired Access: Read"
"12:56:04.3393158","nwtoolset.exe","17432","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:56:04.3393267","nwtoolset.exe","17432","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\Segoe UI","NAME NOT FOUND","Length: 144"
"12:56:04.3393450","nwtoolset.exe","17432","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS",""
"12:56:04.3394269","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:56:04.3394402","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: Name"
"12:56:04.3394631","nwtoolset.exe","17432","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","REPARSE","Desired Access: Read"
"12:56:04.3394845","nwtoolset.exe","17432","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS","Desired Access: Read"
"12:56:04.3395056","nwtoolset.exe","17432","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:56:04.3395212","nwtoolset.exe","17432","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\Segoe UI","NAME NOT FOUND","Length: 144"
"12:56:04.3395426","nwtoolset.exe","17432","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS",""
"12:56:04.3396595","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:56:04.3396670","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: Name"
"12:56:04.3396796","nwtoolset.exe","17432","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","REPARSE","Desired Access: Read"
"12:56:04.3396914","nwtoolset.exe","17432","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS","Desired Access: Read"
"12:56:04.3397025","nwtoolset.exe","17432","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:56:04.3397101","nwtoolset.exe","17432","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\MS Sans Serif","NAME NOT FOUND","Length: 144"
"12:56:04.3397245","nwtoolset.exe","17432","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS",""
"12:56:04.3400910","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:56:04.3401013","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: Name"
"12:56:04.3401160","nwtoolset.exe","17432","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","REPARSE","Desired Access: Read"
"12:56:04.3401419","nwtoolset.exe","17432","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS","Desired Access: Read"
"12:56:04.3401567","nwtoolset.exe","17432","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:56:04.3401660","nwtoolset.exe","17432","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\MS Sans Serif","NAME NOT FOUND","Length: 144"
"12:56:04.3401829","nwtoolset.exe","17432","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS",""
"12:56:04.3421029","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:56:04.3421158","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: Name"
"12:56:04.3421342","nwtoolset.exe","17432","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","REPARSE","Desired Access: Read"
"12:56:04.3421571","nwtoolset.exe","17432","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS","Desired Access: Read"
"12:56:04.3421746","nwtoolset.exe","17432","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:56:04.3421863","nwtoolset.exe","17432","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\Segoe UI","NAME NOT FOUND","Length: 144"
"12:56:04.3422053","nwtoolset.exe","17432","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS",""
"12:56:04.3435121","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:56:04.3435332","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: Name"
"12:56:04.3435639","nwtoolset.exe","17432","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","REPARSE","Desired Access: Read"
"12:56:04.3435937","nwtoolset.exe","17432","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS","Desired Access: Read"
"12:56:04.3436395","nwtoolset.exe","17432","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:56:04.3436594","nwtoolset.exe","17432","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\Segoe UI","NAME NOT FOUND","Length: 144"
"12:56:04.3436922","nwtoolset.exe","17432","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS",""
"12:56:04.3438003","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:56:04.3438199","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: Name"
"12:56:04.3438470","nwtoolset.exe","17432","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","REPARSE","Desired Access: Read"
"12:56:04.3438726","nwtoolset.exe","17432","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS","Desired Access: Read"
"12:56:04.3438979","nwtoolset.exe","17432","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:56:04.3439166","nwtoolset.exe","17432","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\Segoe UI","NAME NOT FOUND","Length: 144"
"12:56:04.3439458","nwtoolset.exe","17432","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS",""
"12:56:04.3441346","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:56:04.3441518","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: Name"
"12:56:04.3441798","nwtoolset.exe","17432","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","REPARSE","Desired Access: Read"
"12:56:04.3442000","nwtoolset.exe","17432","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS","Desired Access: Read"
"12:56:04.3442150","nwtoolset.exe","17432","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:56:04.3442247","nwtoolset.exe","17432","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\MS Sans Serif","NAME NOT FOUND","Length: 144"
"12:56:04.3442418","nwtoolset.exe","17432","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS",""
"12:56:04.3446029","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:56:04.3446117","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: Name"
"12:56:04.3446267","nwtoolset.exe","17432","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","REPARSE","Desired Access: Read"
"12:56:04.3446403","nwtoolset.exe","17432","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS","Desired Access: Read"
"12:56:04.3446526","nwtoolset.exe","17432","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:56:04.3446614","nwtoolset.exe","17432","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\MS Sans Serif","NAME NOT FOUND","Length: 144"
"12:56:04.3446782","nwtoolset.exe","17432","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS",""
"12:56:04.3466341","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:56:04.3466672","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: Name"
"12:56:04.3466937","nwtoolset.exe","17432","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","REPARSE","Desired Access: Read"
"12:56:04.3467115","nwtoolset.exe","17432","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS","Desired Access: Read"
"12:56:04.3467371","nwtoolset.exe","17432","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:56:04.3467512","nwtoolset.exe","17432","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\Segoe UI","NAME NOT FOUND","Length: 144"
"12:56:04.3467717","nwtoolset.exe","17432","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS",""
"12:56:04.3479574","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:56:04.3479701","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: Name"
"12:56:04.3479884","nwtoolset.exe","17432","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","REPARSE","Desired Access: Read"
"12:56:04.3480056","nwtoolset.exe","17432","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS","Desired Access: Read"
"12:56:04.3480216","nwtoolset.exe","17432","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:56:04.3480351","nwtoolset.exe","17432","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\Segoe UI","NAME NOT FOUND","Length: 144"
"12:56:04.3480556","nwtoolset.exe","17432","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS",""
"12:56:04.3481231","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:56:04.3481339","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: Name"
"12:56:04.3481502","nwtoolset.exe","17432","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","REPARSE","Desired Access: Read"
"12:56:04.3481646","nwtoolset.exe","17432","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS","Desired Access: Read"
"12:56:04.3481794","nwtoolset.exe","17432","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:56:04.3481899","nwtoolset.exe","17432","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\Segoe UI","NAME NOT FOUND","Length: 144"
"12:56:04.3482077","nwtoolset.exe","17432","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS",""
"12:56:04.3483255","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:56:04.3483342","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: Name"
"12:56:04.3483474","nwtoolset.exe","17432","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","REPARSE","Desired Access: Read"
"12:56:04.3483607","nwtoolset.exe","17432","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS","Desired Access: Read"
"12:56:04.3483727","nwtoolset.exe","17432","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:56:04.3483833","nwtoolset.exe","17432","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\MS Sans Serif","NAME NOT FOUND","Length: 144"
"12:56:04.3484020","nwtoolset.exe","17432","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS",""
"12:56:04.3487655","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:56:04.3487742","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: Name"
"12:56:04.3487890","nwtoolset.exe","17432","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","REPARSE","Desired Access: Read"
"12:56:04.3488016","nwtoolset.exe","17432","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS","Desired Access: Read"
"12:56:04.3488140","nwtoolset.exe","17432","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:56:04.3488224","nwtoolset.exe","17432","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\MS Sans Serif","NAME NOT FOUND","Length: 144"
"12:56:04.3488384","nwtoolset.exe","17432","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS",""
"12:56:04.3510005","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:56:04.3510119","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: Name"
"12:56:04.3510294","nwtoolset.exe","17432","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","REPARSE","Desired Access: Read"
"12:56:04.3510457","nwtoolset.exe","17432","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS","Desired Access: Read"
"12:56:04.3510607","nwtoolset.exe","17432","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:56:04.3510794","nwtoolset.exe","17432","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\Segoe UI","NAME NOT FOUND","Length: 144"
"12:56:04.3511062","nwtoolset.exe","17432","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS",""
"12:56:04.3523431","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:56:04.3523576","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: Name"
"12:56:04.3523847","nwtoolset.exe","17432","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","REPARSE","Desired Access: Read"
"12:56:04.3524022","nwtoolset.exe","17432","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS","Desired Access: Read"
"12:56:04.3524205","nwtoolset.exe","17432","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:56:04.3524320","nwtoolset.exe","17432","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\Segoe UI","NAME NOT FOUND","Length: 144"
"12:56:04.3524506","nwtoolset.exe","17432","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS",""
"12:56:04.3525226","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:56:04.3525335","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: Name"
"12:56:04.3525491","nwtoolset.exe","17432","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","REPARSE","Desired Access: Read"
"12:56:04.3525639","nwtoolset.exe","17432","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS","Desired Access: Read"
"12:56:04.3525789","nwtoolset.exe","17432","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:56:04.3525895","nwtoolset.exe","17432","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\Segoe UI","NAME NOT FOUND","Length: 144"
"12:56:04.3526136","nwtoolset.exe","17432","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS",""
"12:56:04.3527241","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:56:04.3527319","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: Name"
"12:56:04.3527458","nwtoolset.exe","17432","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","REPARSE","Desired Access: Read"
"12:56:04.3527657","nwtoolset.exe","17432","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS","Desired Access: Read"
"12:56:04.3527789","nwtoolset.exe","17432","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:56:04.3527874","nwtoolset.exe","17432","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\MS Sans Serif","NAME NOT FOUND","Length: 144"
"12:56:04.3528045","nwtoolset.exe","17432","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS",""
"12:56:04.3531045","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:56:04.3531147","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: Name"
"12:56:04.3531283","nwtoolset.exe","17432","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","REPARSE","Desired Access: Read"
"12:56:04.3531403","nwtoolset.exe","17432","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS","Desired Access: Read"
"12:56:04.3531521","nwtoolset.exe","17432","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:56:04.3531614","nwtoolset.exe","17432","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\MS Sans Serif","NAME NOT FOUND","Length: 144"
"12:56:04.3531762","nwtoolset.exe","17432","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS",""
"12:56:04.3574474","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:56:04.3574604","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: Name"
"12:56:04.3574794","nwtoolset.exe","17432","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","REPARSE","Desired Access: Read"
"12:56:04.3574977","nwtoolset.exe","17432","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS","Desired Access: Read"
"12:56:04.3575140","nwtoolset.exe","17432","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:56:04.3575254","nwtoolset.exe","17432","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\Segoe UI","NAME NOT FOUND","Length: 144"
"12:56:04.3575453","nwtoolset.exe","17432","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS",""
"12:56:04.3585904","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:56:04.3586115","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: Name"
"12:56:04.3586316","nwtoolset.exe","17432","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","REPARSE","Desired Access: Read"
"12:56:04.3586482","nwtoolset.exe","17432","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS","Desired Access: Read"
"12:56:04.3586645","nwtoolset.exe","17432","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:56:04.3586759","nwtoolset.exe","17432","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\Segoe UI","NAME NOT FOUND","Length: 144"
"12:56:04.3586949","nwtoolset.exe","17432","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS",""
"12:56:04.3587672","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:56:04.3587780","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: Name"
"12:56:04.3587934","nwtoolset.exe","17432","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","REPARSE","Desired Access: Read"
"12:56:04.3588081","nwtoolset.exe","17432","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS","Desired Access: Read"
"12:56:04.3588223","nwtoolset.exe","17432","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:56:04.3588325","nwtoolset.exe","17432","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\Segoe UI","NAME NOT FOUND","Length: 144"
"12:56:04.3588497","nwtoolset.exe","17432","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS",""
"12:56:04.3589623","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:56:04.3589699","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: Name"
"12:56:04.3589828","nwtoolset.exe","17432","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","REPARSE","Desired Access: Read"
"12:56:04.3589952","nwtoolset.exe","17432","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS","Desired Access: Read"
"12:56:04.3590069","nwtoolset.exe","17432","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:56:04.3590147","nwtoolset.exe","17432","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\MS Sans Serif","NAME NOT FOUND","Length: 144"
"12:56:04.3590292","nwtoolset.exe","17432","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS",""
"12:56:04.3594719","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:56:04.3594798","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: Name"
"12:56:04.3594933","nwtoolset.exe","17432","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","REPARSE","Desired Access: Read"
"12:56:04.3595063","nwtoolset.exe","17432","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS","Desired Access: Read"
"12:56:04.3595183","nwtoolset.exe","17432","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:56:04.3595261","nwtoolset.exe","17432","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\MS Sans Serif","NAME NOT FOUND","Length: 144"
"12:56:04.3595457","nwtoolset.exe","17432","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS",""
"12:56:04.3879480","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:56:04.3879739","nwtoolset.exe","17432","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink","SUCCESS","Desired Access: Query Value, Enumerate Sub Keys"
"12:56:04.3880052","nwtoolset.exe","17432","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:56:04.3880233","nwtoolset.exe","17432","RegQueryKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink","SUCCESS","Query: Cached, SubKeys: 0, Values: 67"
"12:56:04.3880492","nwtoolset.exe","17432","RegEnumValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink","BUFFER OVERFLOW","Index: 0, Length: 220"
"12:56:04.3880627","nwtoolset.exe","17432","RegEnumValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink","SUCCESS","Index: 0, Name: Lucida Sans Unicode, Type: REG_MULTI_SZ, Length: 440, Data: MSGOTHIC.TTC,MS UI Gothic, MINGLIU.TTC,PMingLiU, SIMSUN.TTC,SimSun, GULIM.TTC,Gulim, YUGOTHM.TTC,Yu Gothic UI, MSJH.TTC,Microsoft JhengHei UI, MSYH.TTC,Microsoft YaHei UI, MALGUN.TTF,Malgun Gothic, SEGUISYM.TTF,Segoe UI Symbol"
"12:56:04.3881118","nwtoolset.exe","17432","RegEnumValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink","BUFFER OVERFLOW","Index: 1, Length: 220"
"12:56:04.3881293","nwtoolset.exe","17432","RegEnumValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink","SUCCESS","Index: 1, Name: Microsoft Sans Serif, Type: REG_MULTI_SZ, Length: 440, Data: MSGOTHIC.TTC,MS UI Gothic, YUGOTHM.TTC,Yu Gothic UI, MINGLIU.TTC,PMingLiU, SIMSUN.TTC,SimSun, GULIM.TTC,Gulim, MSJH.TTC,Microsoft JhengHei UI, MSYH.TTC,Microsoft YaHei UI, MALGUN.TTF,Malgun Gothic, SEGUISYM.TTF,Segoe UI Symbol"
"12:56:04.3881651","nwtoolset.exe","17432","RegEnumValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink","BUFFER OVERFLOW","Index: 2, Length: 220"
"12:56:04.3881787","nwtoolset.exe","17432","RegEnumValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink","SUCCESS","Index: 2, Name: Tahoma, Type: REG_MULTI_SZ, Length: 440, Data: MSGOTHIC.TTC,MS UI Gothic, MINGLIU.TTC,PMingLiU, SIMSUN.TTC,SimSun, GULIM.TTC,Gulim, YUGOTHM.TTC,Yu Gothic UI, MSJH.TTC,Microsoft JhengHei UI, MSYH.TTC,Microsoft YaHei UI, MALGUN.TTF,Malgun Gothic, SEGUISYM.TTF,Segoe UI Symbol"
"12:56:04.3882127","nwtoolset.exe","17432","RegEnumValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink","BUFFER OVERFLOW","Index: 3, Length: 220"
"12:56:04.3882269","nwtoolset.exe","17432","RegEnumValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink","SUCCESS","Index: 3, Name: Segoe UI, Type: REG_MULTI_SZ, Length: 848, Data: TAHOMA.TTF,Tahoma, MEIRYO.TTC,Meiryo UI,128,96, MEIRYO.TTC,Meiryo UI, MSGOTHIC.TTC,MS UI Gothic, MSJH.TTC,Microsoft JhengHei UI,128,96, MSJH.TTC,Microsoft JhengHei UI, MSYH.TTC,Microsoft YaHei UI,128,96, MSYH.TTC,Microsoft YaHei UI, MALGUN.TTF,Malgun Gothic,128,96, MALGUN.TTF,Malgun Gothic, MINGLIU.TTC,PMingLiU, SIMSUN.TTC,SimSun, GULIM.TTC,Gulim, YUGOTHM.TTC,Yu Gothic UI,128,96, YUGOTHM.TTC,Yu Gothic UI, SEGUISYM.TTF,Segoe UI Symbol"
"12:56:04.3883043","nwtoolset.exe","17432","RegEnumValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink","BUFFER OVERFLOW","Index: 4, Length: 220"
"12:56:04.3883326","nwtoolset.exe","17432","RegEnumValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink","SUCCESS","Index: 4, Name: Segoe UI Bold, Type: REG_MULTI_SZ, Length: 778, Data: MEIRYOB.TTC,Meiryo UI Bold,128,96, MEIRYOB.TTC,Meiryo UI Bold, MSJHBD.TTC,Microsoft JhengHei UI Bold,128,96, MSJHBD.TTC,Microsoft JhengHei UI Bold, MSYHBD.TTC,Microsoft YaHei UI Bold,128,96, MSYHBD.TTC,Microsoft YaHei UI Bold, MALGUNBD.TTF,Malgun Gothic Bold,128,96, MALGUNBD.TTF,Malgun Gothic Bold, YUGOTHB.TTC,Yu Gothic UI Bold,128,96, YUGOTHB.TTC,Yu Gothic UI Bold, SEGUISYM.TTF,Segoe UI Symbol"
"12:56:04.3883922","nwtoolset.exe","17432","RegEnumValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink","BUFFER OVERFLOW","Index: 5, Length: 220"
"12:56:04.3884157","nwtoolset.exe","17432","RegEnumValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink","SUCCESS","Index: 5, Name: Segoe UI Light, Type: REG_MULTI_SZ, Length: 778, Data: MEIRYO.TTC,Meiryo UI,128,96, MEIRYO.TTC,Meiryo UI, MSJHL.TTC,Microsoft JhengHei UI Light,128,96, MSJHL.TTC,Microsoft JhengHei UI Light, MSYHL.TTC,Microsoft YaHei UI Light,128,96, MSYHL.TTC,Microsoft YaHei UI Light, MALGUNSL.TTF,Malgun Gothic Semilight,128,96, MALGUNSL.TTF,Malgun Gothic Semilight, YUGOTHL.TTC,Yu Gothic UI Light,128,96, YUGOTHL.TTC,Yu Gothic UI Light, SEGUISYM.TTF,Segoe UI Symbol"
"12:56:04.3884756","nwtoolset.exe","17432","RegEnumValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink","BUFFER OVERFLOW","Index: 6, Length: 220"
"12:56:04.3884982","nwtoolset.exe","17432","RegEnumValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink","SUCCESS","Index: 6, Name: Segoe UI Semilight, Type: REG_MULTI_SZ, Length: 738, Data: MEIRYO.TTC,Meiryo UI,128,96, MEIRYO.TTC,Meiryo UI, MSJH.TTC,Microsoft JhengHei UI,128,96, MSJH.TTC,Microsoft JhengHei UI, MSYH.TTC,Microsoft YaHei UI,128,96, MSYH.TTC,Microsoft YaHei UI, MALGUNSL.TTF,Malgun Gothic Semilight,128,96, MALGUNSL.TTF,Malgun Gothic Semilight, YUGOTHR.TTC,Yu Gothic UI Semilight,128,96, YUGOTHR.TTC,Yu Gothic UI Semilight, SEGUISYM.TTF,Segoe UI Symbol"
"12:56:04.3885386","nwtoolset.exe","17432","RegEnumValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink","BUFFER OVERFLOW","Index: 7, Length: 220"
"12:56:04.3885518","nwtoolset.exe","17432","RegEnumValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink","SUCCESS","Index: 7, Name: Segoe UI Semibold, Type: REG_MULTI_SZ, Length: 686, Data: MEIRYO.TTC,Meiryo UI,128,96, MEIRYO.TTC,Meiryo UI, MSJH.TTC,Microsoft Jhenghei UI,128,96, MSJH.TTC,Microsoft Jhenghei UI, MSYH.TTC,Microsoft Yahei UI,128,96, MSYH.TTC,Microsoft Yahei UI, MALGUN.TTF,Malgun Gothic,128,96, MALGUN.TTF,Malgun Gothic, YUGOTHB.TTC,Yu Gothic UI Semibold,128,96, YUGOTHB.TTC,Yu Gothic UI Semibold, SEGUISYM.TTF,Segoe UI Symbol"
"12:56:04.3885862","nwtoolset.exe","17432","RegEnumValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink","BUFFER OVERFLOW","Index: 8, Length: 220"
"12:56:04.3885994","nwtoolset.exe","17432","RegEnumValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink","SUCCESS","Index: 8, Name: Ebrima, Type: REG_MULTI_SZ, Length: 748, Data: SEGOEUI.TTF,Segoe UI,110,82, SEGOEUI.TTF,Segoe UI, MEIRYO.TTC,Meiryo UI,120,96, MEIRYO.TTC,Meiryo UI, MSJH.TTC,Microsoft JhengHei UI,120,96, MSJH.TTC,Microsoft JhengHei UI, MSYH.TTC,Microsoft YaHei UI,128,96, MSYH.TTC,Microsoft YaHei UI, MALGUN.TTF,Malgun Gothic,118,96, MALGUN.TTF,Malgun Gothic, YUGOTHM.TTC,Yu Gothic UI,128,96, YUGOTHM.TTC,Yu Gothic UI, SEGUISYM.TTF,Segoe UI Symbol"
"12:56:04.3886359","nwtoolset.exe","17432","RegEnumValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink","BUFFER OVERFLOW","Index: 9, Length: 220"
"12:56:04.3886482","nwtoolset.exe","17432","RegEnumValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink","SUCCESS","Index: 9, Name: Ebrima Bold, Type: REG_MULTI_SZ, Length: 900, Data: SEGOEUIB.TTF,Segoe UI Bold,110,82, SEGOEUIB.TTF,Segoe UI Bold, MEIRYOB.TTC,Meiryo UI Bold,120,96, MEIRYOB.TTC,Meiryo UI Bold, MSJHBD.TTC,Microsoft JhengHei UI Bold,120,96, MSJHBD.TTC,Microsoft JhengHei UI Bold, MSYHBD.TTC,Microsoft YaHei UI Bold,128,96, MSYHBD.TTC,Microsoft YaHei UI Bold, MALGUNBD.TTF,Malgun Gothic Bold,118,96, MALGUNBD.TTF,Malgun Gothic Bold, YUGOTHB.TTC,Yu Gothic UI Bold,128,96, YUGOTHB.TTC,Yu Gothic UI Bold, SEGUISYM.TTF,Segoe UI Symbol"
"12:56:04.3886847","nwtoolset.exe","17432","RegEnumValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink","BUFFER OVERFLOW","Index: 10, Length: 220"
"12:56:04.3886970","nwtoolset.exe","17432","RegEnumValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink","SUCCESS","Index: 10, Name: Gadugi, Type: REG_MULTI_SZ, Length: 748, Data: SEGOEUI.TTF,Segoe UI,110,82, SEGOEUI.TTF,Segoe UI, MEIRYO.TTC,Meiryo UI,120,96, MEIRYO.TTC,Meiryo UI, MSJH.TTC,Microsoft JhengHei UI,120,96, MSJH.TTC,Microsoft JhengHei UI, MSYH.TTC,Microsoft YaHei UI,128,96, MSYH.TTC,Microsoft YaHei UI, MALGUN.TTF,Malgun Gothic,118,96, MALGUN.TTF,Malgun Gothic, YUGOTHM.TTC,Yu Gothic UI,128,96, YUGOTHM.TTC,Yu Gothic UI, SEGUISYM.TTF,Segoe UI Symbol"
"12:56:04.3887292","nwtoolset.exe","17432","RegEnumValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink","BUFFER OVERFLOW","Index: 11, Length: 220"
"12:56:04.3887443","nwtoolset.exe","17432","RegEnumValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink","SUCCESS","Index: 11, Name: Gadugi Bold, Type: REG_MULTI_SZ, Length: 900, Data: SEGOEUIB.TTF,Segoe UI Bold,110,82, SEGOEUIB.TTF,Segoe UI Bold, MEIRYOB.TTC,Meiryo UI Bold,120,96, MEIRYOB.TTC,Meiryo UI Bold, MSJHBD.TTC,Microsoft JhengHei UI Bold,120,96, MSJHBD.TTC,Microsoft JhengHei UI Bold, MSYHBD.TTC,Microsoft YaHei UI Bold,128,96, MSYHBD.TTC,Microsoft YaHei UI Bold, MALGUNBD.TTF,Malgun Gothic Bold,118,96, MALGUNBD.TTF,Malgun Gothic Bold, YUGOTHB.TTC,Yu Gothic UI Bold,128,96, YUGOTHB.TTC,Yu Gothic UI Bold, SEGUISYM.TTF,Segoe UI Symbol"
"12:56:04.3887937","nwtoolset.exe","17432","RegEnumValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink","BUFFER OVERFLOW","Index: 12, Length: 220"
"12:56:04.3888145","nwtoolset.exe","17432","RegEnumValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink","SUCCESS","Index: 12, Name: Khmer UI, Type: REG_MULTI_SZ, Length: 748, Data: SEGOEUI.TTF,Segoe UI,110,82, SEGOEUI.TTF,Segoe UI, MEIRYO.TTC,Meiryo UI,120,96, MEIRYO.TTC,Meiryo UI, MSJH.TTC,Microsoft JhengHei UI,120,96, MSJH.TTC,Microsoft JhengHei UI, MSYH.TTC,Microsoft YaHei UI,128,96, MSYH.TTC,Microsoft YaHei UI, MALGUN.TTF,Malgun Gothic,118,96, MALGUN.TTF,Malgun Gothic, YUGOTHM.TTC,Yu Gothic UI,128,96, YUGOTHM.TTC,Yu Gothic UI, SEGUISYM.TTF,Segoe UI Symbol"
"12:56:04.3888630","nwtoolset.exe","17432","RegEnumValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink","BUFFER OVERFLOW","Index: 13, Length: 220"
"12:56:04.3888816","nwtoolset.exe","17432","RegEnumValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink","SUCCESS","Index: 13, Name: Khmer UI Bold, Type: REG_MULTI_SZ, Length: 900, Data: SEGOEUIB.TTF,Segoe UI Bold,110,82, SEGOEUIB.TTF,Segoe UI Bold, MEIRYOB.TTC,Meiryo UI Bold,120,96, MEIRYOB.TTC,Meiryo UI Bold, MSJHBD.TTC,Microsoft JhengHei UI Bold,120,96, MSJHBD.TTC,Microsoft JhengHei UI Bold, MSYHBD.TTC,Microsoft YaHei UI Bold,128,96, MSYHBD.TTC,Microsoft YaHei UI Bold, MALGUNBD.TTF,Malgun Gothic Bold,118,96, MALGUNBD.TTF,Malgun Gothic Bold, YUGOTHB.TTC,Yu Gothic UI Bold,128,96, YUGOTHB.TTC,Yu Gothic UI Bold, SEGUISYM.TTF,Segoe UI Symbol"
"12:56:04.3889187","nwtoolset.exe","17432","RegEnumValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink","BUFFER OVERFLOW","Index: 14, Length: 220"
"12:56:04.3889349","nwtoolset.exe","17432","RegEnumValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink","SUCCESS","Index: 14, Name: Lao UI, Type: REG_MULTI_SZ, Length: 748, Data: SEGOEUI.TTF,Segoe UI,110,82, SEGOEUI.TTF,Segoe UI, MEIRYO.TTC,Meiryo UI,120,96, MEIRYO.TTC,Meiryo UI, MSJH.TTC,Microsoft JhengHei UI,120,96, MSJH.TTC,Microsoft JhengHei UI, MSYH.TTC,Microsoft YaHei UI,128,96, MSYH.TTC,Microsoft YaHei UI, MALGUN.TTF,Malgun Gothic,118,96, MALGUN.TTF,Malgun Gothic, YUGOTHM.TTC,Yu Gothic UI,128,96, YUGOTHM.TTC,Yu Gothic UI, SEGUISYM.TTF,Segoe UI Symbol"
"12:56:04.3889696","nwtoolset.exe","17432","RegEnumValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink","BUFFER OVERFLOW","Index: 15, Length: 220"
"12:56:04.3889849","nwtoolset.exe","17432","RegEnumValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink","SUCCESS","Index: 15, Name: Lao UI Bold, Type: REG_MULTI_SZ, Length: 900, Data: SEGOEUIB.TTF,Segoe UI Bold,110,82, SEGOEUIB.TTF,Segoe UI Bold, MEIRYOB.TTC,Meiryo UI Bold,120,96, MEIRYOB.TTC,Meiryo UI Bold, MSJHBD.TTC,Microsoft JhengHei UI Bold,120,96, MSJHBD.TTC,Microsoft JhengHei UI Bold, MSYHBD.TTC,Microsoft YaHei UI Bold,128,96, MSYHBD.TTC,Microsoft YaHei UI Bold, MALGUNBD.TTF,Malgun Gothic Bold,118,96, MALGUNBD.TTF,Malgun Gothic Bold, YUGOTHB.TTC,Yu Gothic UI Bold,128,96, YUGOTHB.TTC,Yu Gothic UI Bold, SEGUISYM.TTF,Segoe UI Symbol"
"12:56:04.3890166","nwtoolset.exe","17432","RegEnumValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink","BUFFER OVERFLOW","Index: 16, Length: 220"
"12:56:04.3890289","nwtoolset.exe","17432","RegEnumValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink","SUCCESS","Index: 16, Name: Leelawadee, Type: REG_MULTI_SZ, Length: 748, Data: SEGOEUI.TTF,Segoe UI,110,82, SEGOEUI.TTF,Segoe UI, MEIRYO.TTC,Meiryo UI,120,96, MEIRYO.TTC,Meiryo UI, MSJH.TTC,Microsoft JhengHei UI,120,96, MSJH.TTC,Microsoft JhengHei UI, MSYH.TTC,Microsoft YaHei UI,128,96, MSYH.TTC,Microsoft YaHei UI, MALGUN.TTF,Malgun Gothic,118,96, MALGUN.TTF,Malgun Gothic, YUGOTHM.TTC,Yu Gothic UI,128,96, YUGOTHM.TTC,Yu Gothic UI, SEGUISYM.TTF,Segoe UI Symbol"
"12:56:04.3890590","nwtoolset.exe","17432","RegEnumValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink","BUFFER OVERFLOW","Index: 17, Length: 220"
"12:56:04.3890711","nwtoolset.exe","17432","RegEnumValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink","SUCCESS","Index: 17, Name: Leelawadee Bold, Type: REG_MULTI_SZ, Length: 900, Data: SEGOEUIB.TTF,Segoe UI Bold,110,82, SEGOEUIB.TTF,Segoe UI Bold, MEIRYOB.TTC,Meiryo UI Bold,120,96, MEIRYOB.TTC,Meiryo UI Bold, MSJHBD.TTC,Microsoft JhengHei UI Bold,120,96, MSJHBD.TTC,Microsoft JhengHei UI Bold, MSYHBD.TTC,Microsoft YaHei UI Bold,128,96, MSYHBD.TTC,Microsoft YaHei UI Bold, MALGUNBD.TTF,Malgun Gothic Bold,118,96, MALGUNBD.TTF,Malgun Gothic Bold, YUGOTHB.TTC,Yu Gothic UI Bold,128,96, YUGOTHB.TTC,Yu Gothic UI Bold, SEGUISYM.TTF,Segoe UI Symbol"
"12:56:04.3891012","nwtoolset.exe","17432","RegEnumValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink","BUFFER OVERFLOW","Index: 18, Length: 220"
"12:56:04.3891159","nwtoolset.exe","17432","RegEnumValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink","SUCCESS","Index: 18, Name: Leelawadee UI, Type: REG_MULTI_SZ, Length: 748, Data: SEGOEUI.TTF,Segoe UI,110,82, SEGOEUI.TTF,Segoe UI, MEIRYO.TTC,Meiryo UI,120,96, MEIRYO.TTC,Meiryo UI, MSJH.TTC,Microsoft JhengHei UI,120,96, MSJH.TTC,Microsoft JhengHei UI, MSYH.TTC,Microsoft YaHei UI,128,96, MSYH.TTC,Microsoft YaHei UI, MALGUN.TTF,Malgun Gothic,118,96, MALGUN.TTF,Malgun Gothic, YUGOTHM.TTC,Yu Gothic UI,128,96, YUGOTHM.TTC,Yu Gothic UI, SEGUISYM.TTF,Segoe UI Symbol"
"12:56:04.3891500","nwtoolset.exe","17432","RegEnumValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink","BUFFER OVERFLOW","Index: 19, Length: 220"
"12:56:04.3891620","nwtoolset.exe","17432","RegEnumValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink","SUCCESS","Index: 19, Name: Leelawadee UI Bold, Type: REG_MULTI_SZ, Length: 900, Data: SEGOEUIB.TTF,Segoe UI Bold,110,82, SEGOEUIB.TTF,Segoe UI Bold, MEIRYOB.TTC,Meiryo UI Bold,120,96, MEIRYOB.TTC,Meiryo UI Bold, MSJHBD.TTC,Microsoft JhengHei UI Bold,120,96, MSJHBD.TTC,Microsoft JhengHei UI Bold, MSYHBD.TTC,Microsoft YaHei UI Bold,128,96, MSYHBD.TTC,Microsoft YaHei UI Bold, MALGUNBD.TTF,Malgun Gothic Bold,118,96, MALGUNBD.TTF,Malgun Gothic Bold, YUGOTHB.TTC,Yu Gothic UI Bold,128,96, YUGOTHB.TTC,Yu Gothic UI Bold, SEGUISYM.TTF,Segoe UI Symbol"
"12:56:04.3891921","nwtoolset.exe","17432","RegEnumValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink","BUFFER OVERFLOW","Index: 20, Length: 220"
"12:56:04.3892141","nwtoolset.exe","17432","RegEnumValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink","SUCCESS","Index: 20, Name: Nirmala UI, Type: REG_MULTI_SZ, Length: 748, Data: SEGOEUI.TTF,Segoe UI,110,82, SEGOEUI.TTF,Segoe UI, MEIRYO.TTC,Meiryo UI,120,96, MEIRYO.TTC,Meiryo UI, MSJH.TTC,Microsoft JhengHei UI,120,96, MSJH.TTC,Microsoft JhengHei UI, MSYH.TTC,Microsoft YaHei UI,128,96, MSYH.TTC,Microsoft YaHei UI, MALGUN.TTF,Malgun Gothic,118,96, MALGUN.TTF,Malgun Gothic, YUGOTHM.TTC,Yu Gothic UI,128,96, YUGOTHM.TTC,Yu Gothic UI, SEGUISYM.TTF,Segoe UI Symbol"
"12:56:04.3892551","nwtoolset.exe","17432","RegEnumValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink","BUFFER OVERFLOW","Index: 21, Length: 220"
"12:56:04.3892689","nwtoolset.exe","17432","RegEnumValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink","SUCCESS","Index: 21, Name: Nirmala UI Bold, Type: REG_MULTI_SZ, Length: 900, Data: SEGOEUIB.TTF,Segoe UI Bold,110,82, SEGOEUIB.TTF,Segoe UI Bold, MEIRYOB.TTC,Meiryo UI Bold,120,96, MEIRYOB.TTC,Meiryo UI Bold, MSJHBD.TTC,Microsoft JhengHei UI Bold,120,96, MSJHBD.TTC,Microsoft JhengHei UI Bold, MSYHBD.TTC,Microsoft YaHei UI Bold,128,96, MSYHBD.TTC,Microsoft YaHei UI Bold, MALGUNBD.TTF,Malgun Gothic Bold,118,96, MALGUNBD.TTF,Malgun Gothic Bold, YUGOTHB.TTC,Yu Gothic UI Bold,128,96, YUGOTHB.TTC,Yu Gothic UI Bold, SEGUISYM.TTF,Segoe UI Symbol"
"12:56:04.3893015","nwtoolset.exe","17432","RegEnumValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink","BUFFER OVERFLOW","Index: 22, Length: 220"
"12:56:04.3893135","nwtoolset.exe","17432","RegEnumValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink","SUCCESS","Index: 22, Name: Nirmala UI Semilight, Type: REG_MULTI_SZ, Length: 738, Data: MEIRYO.TTC,Meiryo UI,128,96, MEIRYO.TTC,Meiryo UI, MSJH.TTC,Microsoft JhengHei UI,128,96, MSJH.TTC,Microsoft JhengHei UI, MSYH.TTC,Microsoft YaHei UI,128,96, MSYH.TTC,Microsoft YaHei UI, MALGUNSL.TTF,Malgun Gothic Semilight,128,96, MALGUNSL.TTF,Malgun Gothic Semilight, YUGOTHR.TTC,Yu Gothic UI Semilight,128,96, YUGOTHR.TTC,Yu Gothic UI Semilight, SEGUISYM.TTF,Segoe UI Symbol"
"12:56:04.3893469","nwtoolset.exe","17432","RegEnumValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink","BUFFER OVERFLOW","Index: 23, Length: 220"
"12:56:04.3893629","nwtoolset.exe","17432","RegEnumValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink","SUCCESS","Index: 23, Name: MingLiU, Type: REG_MULTI_SZ, Length: 546, Data: MICROSS.TTF,Microsoft Sans Serif,40,48, MICROSS.TTF,Microsoft Sans Serif, SIMSUN.TTC,SimSun, MSMINCHO.TTC,MS Mincho, BATANG.TTC,BatangChe, MSJH.TTC,Microsoft JhengHei UI, MSYH.TTC,Microsoft YaHei UI, YUGOTHM.TTC,Yu Gothic UI, MALGUN.TTF,Malgun Gothic, SEGUISYM.TTF,Segoe UI Symbol"
"12:56:04.3894051","nwtoolset.exe","17432","RegEnumValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink","BUFFER OVERFLOW","Index: 24, Length: 220"
"12:56:04.3894174","nwtoolset.exe","17432","RegEnumValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink","SUCCESS","Index: 24, Name: PMingLiU, Type: REG_MULTI_SZ, Length: 542, Data: MICROSS.TTF,Microsoft Sans Serif,40,48, MICROSS.TTF,Microsoft Sans Serif, SIMSUN.TTC,SimSun, MSMINCHO.TTC,MS PMincho, BATANG.TTC,Batang, MSJH.TTC,Microsoft JhengHei UI, MSYH.TTC,Microsoft YaHei UI, YUGOTHM.TTC,Yu Gothic UI, MALGUN.TTF,Malgun Gothic, SEGUISYM.TTF,Segoe UI Symbol"
"12:56:04.3894469","nwtoolset.exe","17432","RegEnumValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink","BUFFER OVERFLOW","Index: 25, Length: 220"
"12:56:04.3894587","nwtoolset.exe","17432","RegEnumValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink","SUCCESS","Index: 25, Name: MingLiU_HKSCS, Type: REG_MULTI_SZ, Length: 586, Data: MICROSS.TTF,Microsoft Sans Serif,40,48, MICROSS.TTF,Microsoft Sans Serif, MINGLIU.TTC,MingLiU, SIMSUN.TTC,SimSun, MSMINCHO.TTC,MS Mincho, BATANG.TTC,BatangChe, MSJH.TTC,Microsoft JhengHei UI, MSYH.TTC,Microsoft YaHei UI, YUGOTHM.TTC,Yu Gothic UI, MALGUN.TTF,Malgun Gothic, SEGUISYM.TTF,Segoe UI Symbol"
"12:56:04.3894867","nwtoolset.exe","17432","RegEnumValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink","BUFFER OVERFLOW","Index: 26, Length: 220"
"12:56:04.3894984","nwtoolset.exe","17432","RegEnumValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink","SUCCESS","Index: 26, Name: MingLiU-ExtB, Type: REG_MULTI_SZ, Length: 586, Data: MICROSS.TTF,Microsoft Sans Serif,40,48, MICROSS.TTF,Microsoft Sans Serif, MINGLIU.TTC,MingLiU, SIMSUN.TTC,SimSun, MSMINCHO.TTC,MS Mincho, BATANG.TTC,BatangChe, MSJH.TTC,Microsoft JhengHei UI, MSYH.TTC,Microsoft YaHei UI, YUGOTHM.TTC,Yu Gothic UI, MALGUN.TTF,Malgun Gothic, SEGUISYM.TTF,Segoe UI Symbol"
"12:56:04.3895295","nwtoolset.exe","17432","RegEnumValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink","BUFFER OVERFLOW","Index: 27, Length: 220"
"12:56:04.3895409","nwtoolset.exe","17432","RegEnumValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink","SUCCESS","Index: 27, Name: PMingLiU-ExtB, Type: REG_MULTI_SZ, Length: 584, Data: MICROSS.TTF,Microsoft Sans Serif,40,48, MICROSS.TTF,Microsoft Sans Serif, MINGLIU.TTC,PMingLiU, SIMSUN.TTC,SimSun, MSMINCHO.TTC,MS PMincho, BATANG.TTC,Batang, MSJH.TTC,Microsoft JhengHei UI, MSYH.TTC,Microsoft YaHei UI, YUGOTHM.TTC,Yu Gothic UI, MALGUN.TTF,Malgun Gothic, SEGUISYM.TTF,Segoe UI Symbol"
"12:56:04.3895707","nwtoolset.exe","17432","RegEnumValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink","BUFFER OVERFLOW","Index: 28, Length: 220"
"12:56:04.3895822","nwtoolset.exe","17432","RegEnumValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink","SUCCESS","Index: 28, Name: MingLiU_HKSCS-ExtB, Type: REG_MULTI_SZ, Length: 638, Data: MICROSS.TTF,Microsoft Sans Serif,40,48, MICROSS.TTF,Microsoft Sans Serif, MINGLIU.TTC,MingLiU_HKSCS, MINGLIU.TTC,MingLiU, SIMSUN.TTC,SimSun, MSMINCHO.TTC,MS Mincho, BATANG.TTC,BatangChe, MSJH.TTC,Microsoft JhengHei UI, MSYH.TTC,Microsoft YaHei UI, YUGOTHM.TTC,Yu Gothic UI, MALGUN.TTF,Malgun Gothic, SEGUISYM.TTF,Segoe UI Symbol"
"12:56:04.3896204","nwtoolset.exe","17432","RegEnumValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink","BUFFER OVERFLOW","Index: 29, Length: 220"
"12:56:04.3896328","nwtoolset.exe","17432","RegEnumValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink","SUCCESS","Index: 29, Name: Microsoft JhengHei, Type: REG_MULTI_SZ, Length: 626, Data: SEGOEUI.TTF,Segoe UI,114,78, SEGOEUI.TTF,Segoe UI, MINGLIU.TTC,MingLiU, MSYH.TTC,Microsoft YaHei,128,96, MSYH.TTC,Microsoft YaHei, MEIRYO.TTC,Meiryo,128,85, MEIRYO.TTC,Meiryo, MALGUN.TTF,Malgun Gothic,128,96, MALGUN.TTF,Malgun Gothic, YUGOTHM.TTC,Yu Gothic UI,128,96, YUGOTHM.TTC,Yu Gothic UI, SEGUISYM.TTF,Segoe UI Symbol"
"12:56:04.3896635","nwtoolset.exe","17432","RegEnumValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink","BUFFER OVERFLOW","Index: 30, Length: 220"
"12:56:04.3896815","nwtoolset.exe","17432","RegEnumValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink","SUCCESS","Index: 30, Name: Microsoft JhengHei Bold, Type: REG_MULTI_SZ, Length: 750, Data: SEGOEUIB.TTF,Segoe UI Bold,114,78, SEGOEUIB.TTF,Segoe UI Bold, MINGLIU.TTC,MingLiU, MSYHBD.TTC,Microsoft YaHei Bold,128,96, MSYHBD.TTC,Microsoft YaHei Bold, MEIRYOB.TTC,Meiryo Bold,128,85, MEIRYOB.TTC,Meiryo Bold, MALGUNBD.TTF,Malgun Gothic Bold,128,96, MALGUNBD.TTF,Malgun Gothic Bold, YUGOTHB.TTC,Yu Gothic UI Bold,128,96, YUGOTHB.TTC,Yu Gothic UI Bold, SEGUISYM.TTF,Segoe UI Symbol"
"12:56:04.3897114","nwtoolset.exe","17432","RegEnumValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink","BUFFER OVERFLOW","Index: 31, Length: 220"
"12:56:04.3897237","nwtoolset.exe","17432","RegEnumValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink","SUCCESS","Index: 31, Name: Microsoft JhengHei UI, Type: REG_MULTI_SZ, Length: 524, Data: SEGOEUI.TTF,Segoe UI,114,78, SEGOEUI.TTF,Segoe UI, MINGLIU.TTC,MingLiU, MSYH.TTC,Microsoft YaHei UI, MEIRYO.TTC,Meiryo UI, MALGUN.TTF,Malgun Gothic,128,96, MALGUN.TTF,Malgun Gothic, YUGOTHM.TTC,Yu Gothic UI,128,96, YUGOTHM.TTC,Yu Gothic UI, SEGUISYM.TTF,Segoe UI Symbol"
"12:56:04.3897544","nwtoolset.exe","17432","RegEnumValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink","BUFFER OVERFLOW","Index: 32, Length: 220"
"12:56:04.3897665","nwtoolset.exe","17432","RegEnumValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink","SUCCESS","Index: 32, Name: Microsoft JhengHei UI Bold, Type: REG_MULTI_SZ, Length: 622, Data: SEGOEUIB.TTF,Segoe UI Bold,114,78, SEGOEUIB.TTF,Segoe UI Bold, MINGLIU.TTC,MingLiU, MSYHBD.TTC,Microsoft YaHei UI Bold, MEIRYOB.TTC,Meiryo UI Bold, MALGUNBD.TTF,Malgun Gothic Bold,128,96, MALGUNBD.TTF,Malgun Gothic Bold, YUGOTHB.TTC,Yu Gothic UI Bold,128,96, YUGOTHB.TTC,Yu Gothic UI Bold, SEGUISYM.TTF,Segoe UI Symbol"
"12:56:04.3897948","nwtoolset.exe","17432","RegEnumValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink","BUFFER OVERFLOW","Index: 33, Length: 220"
"12:56:04.3898071","nwtoolset.exe","17432","RegEnumValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink","SUCCESS","Index: 33, Name: Microsoft JhengHei UI Light, Type: REG_MULTI_SZ, Length: 638, Data: SEGOEUIL.TTF,Segoe UI Light,114,78, SEGOEUIL.TTF,Segoe UI Light, MINGLIU.TTC,MingLiU, MSYHL.TTC,Microsoft YaHei UI Light, MEIRYO.TTC,Meiryo UI, MALGUNSL.TTF,Malgun Gothic Semilight,128,96, MALGUNSL.TTF,Malgun Gothic Semilight, YUGOTHL.TTC,Yu Gothic UI Light,128,96, YUGOTHL.TTC,Yu Gothic UI Light, SEGUISYM.TTF,Segoe UI Symbol"
"12:56:04.3898439","nwtoolset.exe","17432","RegEnumValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink","BUFFER OVERFLOW","Index: 34, Length: 220"
"12:56:04.3898562","nwtoolset.exe","17432","RegEnumValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink","SUCCESS","Index: 34, Name: SimSun, Type: REG_MULTI_SZ, Length: 552, Data: MICROSS.TTF,Microsoft Sans Serif,108,122, MICROSS.TTF,Microsoft Sans Serif, MINGLIU.TTC,PMingLiU, MSMINCHO.TTC,MS PMincho, BATANG.TTC,Batang, MSYH.TTC,Microsoft YaHei UI, MSJH.TTC,Microsoft JhengHei UI, YUGOTHM.TTC,Yu Gothic UI, MALGUN.TTF,Malgun Gothic, SEGUISYM.TTF,Segoe UI Symbol"
"12:56:04.3898860","nwtoolset.exe","17432","RegEnumValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink","BUFFER OVERFLOW","Index: 35, Length: 220"
"12:56:04.3898981","nwtoolset.exe","17432","RegEnumValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink","SUCCESS","Index: 35, Name: SimSun-ExtB, Type: REG_MULTI_SZ, Length: 588, Data: MICROSS.TTF,Microsoft Sans Serif,108,122, MICROSS.TTF,Microsoft Sans Serif, SIMSUN.TTC,SimSun, MINGLIU.TTC,PMingLiU, MSMINCHO.TTC,MS PMincho, BATANG.TTC,Batang, MSYH.TTC,Microsoft YaHei UI, MSJH.TTC,Microsoft JhengHei UI, YUGOTHM.TTC,Yu Gothic UI, MALGUN.TTF,Malgun Gothic, SEGUISYM.TTF,Segoe UI Symbol"
"12:56:04.3899294","nwtoolset.exe","17432","RegEnumValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink","BUFFER OVERFLOW","Index: 36, Length: 220"
"12:56:04.3899412","nwtoolset.exe","17432","RegEnumValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink","SUCCESS","Index: 36, Name: NSimSun, Type: REG_MULTI_SZ, Length: 408, Data: MINGLIU.TTC,PMingLiU, MSMINCHO.TTC,MS Mincho, BATANG.TTC,BatangChe, MSYH.TTC,Microsoft YaHei UI, MSJH.TTC,Microsoft JhengHei UI, YUGOTHM.TTC,Yu Gothic UI, MALGUN.TTF,Malgun Gothic, SEGUISYM.TTF,Segoe UI Symbol"
"12:56:04.3899716","nwtoolset.exe","17432","RegEnumValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink","BUFFER OVERFLOW","Index: 37, Length: 220"
"12:56:04.3899833","nwtoolset.exe","17432","RegEnumValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink","SUCCESS","Index: 37, Name: Microsoft YaHei, Type: REG_MULTI_SZ, Length: 634, Data: SEGOEUI.TTF,Segoe UI,120,80, SEGOEUI.TTF,Segoe UI, SIMSUN.TTC,SimSun, MSJH.TTC,Microsoft JhengHei,128,96, MSJH.TTC,Microsoft JhengHei, MEIRYO.TTC,Meiryo,128,85, MEIRYO.TTC,Meiryo, MALGUN.TTF,Malgun Gothic,128,96, MALGUN.TTF,Malgun Gothic, YUGOTHM.TTC,Yu Gothic UI,128,96, YUGOTHM.TTC,Yu Gothic UI, SEGUISYM.TTF,Segoe UI Symbol"
"12:56:04.3900134","nwtoolset.exe","17432","RegEnumValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink","BUFFER OVERFLOW","Index: 38, Length: 220"
"12:56:04.3900252","nwtoolset.exe","17432","RegEnumValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink","SUCCESS","Index: 38, Name: Microsoft YaHei Bold, Type: REG_MULTI_SZ, Length: 758, Data: SEGOEUIB.TTF,Segoe UI Bold,120,80, SEGOEUIB.TTF,Segoe UI Bold, SIMSUN.TTC,SimSun, MSJHBD.TTC,Microsoft Jhenghei Bold,128,96, MSJHBD.TTC,Microsoft Jhenghei Bold, MEIRYOB.TTC,Meiryo Bold,128,85, MEIRYOB.TTC,Meiryo Bold, MALGUNBD.TTF,Malgun Gothic Bold,128,96, MALGUNBD.TTF,Malgun Gothic Bold, YUGOTHB.TTC,Yu Gothic UI Bold,128,96, YUGOTHB.TTC,Yu Gothic UI Bold, SEGUISYM.TTF,Segoe UI Symbol"
"12:56:04.3900538","nwtoolset.exe","17432","RegEnumValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink","BUFFER OVERFLOW","Index: 39, Length: 220"
"12:56:04.3900655","nwtoolset.exe","17432","RegEnumValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink","SUCCESS","Index: 39, Name: Microsoft YaHei UI, Type: REG_MULTI_SZ, Length: 526, Data: SEGOEUI.TTF,Segoe UI,120,80, SEGOEUI.TTF,Segoe UI, SIMSUN.TTC,SimSun, MSJH.TTC,Microsoft Jhenghei UI, MEIRYO.TTC,Meiryo UI, MALGUN.TTF,Malgun Gothic,128,96, MALGUN.TTF,Malgun Gothic, YUGOTHM.TTC,Yu Gothic UI,128,96, YUGOTHM.TTC,Yu Gothic UI, SEGUISYM.TTF,Segoe UI Symbol"
"12:56:04.3900954","nwtoolset.exe","17432","RegEnumValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink","BUFFER OVERFLOW","Index: 40, Length: 220"
"12:56:04.3901140","nwtoolset.exe","17432","RegEnumValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink","SUCCESS","Index: 40, Name: Microsoft YaHei UI Bold, Type: REG_MULTI_SZ, Length: 624, Data: SEGOEUIB.TTF,Segoe UI Bold,120,80, SEGOEUIB.TTF,Segoe UI Bold, SIMSUN.TTC,SimSun, MSJHBD.TTC,Microsoft Jhenghei UI Bold, MEIRYOB.TTC,Meiryo UI Bold, MALGUNBD.TTF,Malgun Gothic Bold,128,96, MALGUNBD.TTF,Malgun Gothic Bold, YUGOTHB.TTC,Yu Gothic UI Bold,128,96, YUGOTHB.TTC,Yu Gothic UI Bold, SEGUISYM.TTF,Segoe UI Symbol"
"12:56:04.3901438","nwtoolset.exe","17432","RegEnumValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink","BUFFER OVERFLOW","Index: 41, Length: 220"
"12:56:04.3901562","nwtoolset.exe","17432","RegEnumValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink","SUCCESS","Index: 41, Name: Microsoft YaHei UI Light, Type: REG_MULTI_SZ, Length: 640, Data: SEGOEUIL.TTF,Segoe UI Light,120,80, SEGOEUIL.TTF,Segoe UI Light, SIMSUN.TTC,SimSun, MSJHL.TTC,Microsoft Jhenghei UI Light, MEIRYO.TTC,Meiryo UI, MALGUNSL.TTF,Malgun Gothic Semilight,128,96, MALGUNSL.TTF,Malgun Gothic Semilight, YUGOTHL.TTC,Yu Gothic UI Light,128,96, YUGOTHL.TTC,Yu Gothic UI Light, SEGUISYM.TTF,Segoe UI Symbol"
"12:56:04.3901917","nwtoolset.exe","17432","RegEnumValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink","BUFFER OVERFLOW","Index: 42, Length: 220"
"12:56:04.3902047","nwtoolset.exe","17432","RegEnumValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink","SUCCESS","Index: 42, Name: Yu Gothic UI, Type: REG_MULTI_SZ, Length: 258, Data: SEGOEUI.TTF,Segoe UI, MSJH.TTC,Microsoft JhengHei, MSYH.TTC,Microsoft YaHei, MALGUN.TTF,Malgun Gothic, SEGUISYM.TTF,Segoe UI Symbol"
"12:56:04.3902348","nwtoolset.exe","17432","RegEnumValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink","BUFFER OVERFLOW","Index: 43, Length: 220"
"12:56:04.3902465","nwtoolset.exe","17432","RegEnumValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink","SUCCESS","Index: 43, Name: Yu Gothic UI Bold, Type: REG_MULTI_SZ, Length: 318, Data: SEGOEUIB.TTF,Segoe UI Bold, MSJHBD.TTC,Microsoft Jhenghei UI Bold, MSYHBD.TTC,Microsoft YaHei Bold, MALGUNBD.TTF,Malgun Gothic Bold, SEGUISYM.TTF,Segoe UI Symbol"
"12:56:04.3902764","nwtoolset.exe","17432","RegEnumValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink","BUFFER OVERFLOW","Index: 44, Length: 220"
"12:56:04.3902881","nwtoolset.exe","17432","RegEnumValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink","SUCCESS","Index: 44, Name: Yu Gothic UI Light, Type: REG_MULTI_SZ, Length: 330, Data: SEGOEUIL.TTF,Segoe UI Light, MSJHL.TTC,Microsoft Jhenghei UI Light, MSYHL.TTC,Microsoft YaHei Light, MALGUNSL.TTF,Malgun Gothic Semilight, SEGUISYM.TTF,Segoe UI Symbol"
"12:56:04.3903212","nwtoolset.exe","17432","RegEnumValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink","BUFFER OVERFLOW","Index: 45, Length: 220"
"12:56:04.3903342","nwtoolset.exe","17432","RegEnumValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink","SUCCESS","Index: 45, Name: Yu Gothic UI Semilight, Type: REG_MULTI_SZ, Length: 312, Data: SEGOEUISL.TTF,Segoe UI Semilight, MSJH.TTC,Microsoft Jhenghei UI, MSYH.TTC,Microsoft YaHei, MALGUNSL.TTF,Malgun Gothic Semilight, SEGUISYM.TTF,Segoe UI Symbol"
"12:56:04.3903703","nwtoolset.exe","17432","RegEnumValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink","BUFFER OVERFLOW","Index: 46, Length: 220"
"12:56:04.3903875","nwtoolset.exe","17432","RegEnumValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink","SUCCESS","Index: 46, Name: Yu Gothic UI Semibold, Type: REG_MULTI_SZ, Length: 282, Data: SEGUISB.TTF,Segoe UI Semibold, MSJH.TTC,Microsoft Jhenghei UI, MSYH.TTC,Microsoft YaHei, MALGUN.TTF,Malgun Gothic, SEGUISYM.TTF,Segoe UI Symbol"
"12:56:04.3904206","nwtoolset.exe","17432","RegEnumValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink","BUFFER OVERFLOW","Index: 47, Length: 220"
"12:56:04.3904327","nwtoolset.exe","17432","RegEnumValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink","SUCCESS","Index: 47, Name: Meiryo, Type: REG_MULTI_SZ, Length: 678, Data: SEGOEUI.TTF,Segoe UI,133,83, SEGOEUI.TTF,Segoe UI, YUGOTHM.TTC,Yu Gothic UI,128,96, YUGOTHM.TTC,Yu Gothic UI, MSGOTHIC.TTC,MS UI Gothic, MSJH.TTC,Microsoft Jhenghei,128,96, MSJH.TTC,Microsoft JhengHei, MSYH.TTC,Microsoft YaHei,128,96, MSYH.TTC,Microsoft YaHei, MALGUN.TTF,Malgun Gothic,128,96, MALGUN.TTF,Malgun Gothic, SEGUISYM.TTF,Segoe UI Symbol"
"12:56:04.3904610","nwtoolset.exe","17432","RegEnumValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink","BUFFER OVERFLOW","Index: 48, Length: 220"
"12:56:04.3904736","nwtoolset.exe","17432","RegEnumValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink","SUCCESS","Index: 48, Name: Meiryo Bold, Type: REG_MULTI_SZ, Length: 806, Data: SEGOEUIB.TTF,Segoe UI Bold,133,83, SEGOEUIB.TTF,Segoe UI Bold, YUGOTHB.TTC,Yu Gothic UI Bold,128,96, YUGOTHB.TTC,Yu Gothic UI Bold, MSGOTHIC.TTC,MS UI Gothic, MSJHBD.TTC,Microsoft Jhenghei Bold,128,96, MSJHBD.TTC,Microsoft Jhenghei Bold, MSYHBD.TTC,Microsoft YaHei Bold,128,96, MSYHBD.TTC,Microsoft YaHei Bold, MALGUNBD.TTF,Malgun Gothic Bold,128,96, MALGUNBD.TTF,Malgun Gothic Bold, SEGUISYM.TTF,Segoe UI Symbol"
"12:56:04.3905013","nwtoolset.exe","17432","RegEnumValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink","BUFFER OVERFLOW","Index: 49, Length: 220"
"12:56:04.3905257","nwtoolset.exe","17432","RegEnumValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink","SUCCESS","Index: 49, Name: Meiryo UI, Type: REG_MULTI_SZ, Length: 702, Data: SEGOEUI.TTF,Segoe UI,133,83, SEGOEUI.TTF,Segoe UI, YUGOTHM.TTC,Yu Gothic UI,128,96, YUGOTHM.TTC,Yu Gothic UI, MSGOTHIC.TTC,MS UI Gothic, MSJH.TTC,Microsoft Jhenghei UI,128,96, MSJH.TTC,Microsoft Jhenghei UI, MSYH.TTC,Microsoft YaHei UI,128,96, MSYH.TTC,Microsoft YaHei UI, MALGUN.TTF,Malgun Gothic,128,96, MALGUN.TTF,Malgun Gothic, SEGUISYM.TTF,Segoe UI Symbol"
"12:56:04.3905559","nwtoolset.exe","17432","RegEnumValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink","BUFFER OVERFLOW","Index: 50, Length: 220"
"12:56:04.3905679","nwtoolset.exe","17432","RegEnumValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink","SUCCESS","Index: 50, Name: Meiryo UI Bold, Type: REG_MULTI_SZ, Length: 830, Data: SEGOEUIB.TTF,Segoe UI Bold,133,83, SEGOEUIB.TTF,Segoe UI Bold, YUGOTHB.TTC,Yu Gothic UI Bold,128,96, YUGOTHB.TTC,Yu Gothic UI Bold, MSGOTHIC.TTC,MS UI Gothic, MSJHBD.TTC,Microsoft Jhenghei UI Bold,128,96, MSJHBD.TTC,Microsoft Jhenghei UI Bold, MSYHBD.TTC,Microsoft YaHei UI Bold,128,96, MSYHBD.TTC,Microsoft YaHei UI Bold, MALGUNBD.TTF,Malgun Gothic Bold,128,96, MALGUNBD.TTF,Malgun Gothic Bold, SEGUISYM.TTF,Segoe UI Symbol"
"12:56:04.3905959","nwtoolset.exe","17432","RegEnumValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink","BUFFER OVERFLOW","Index: 51, Length: 220"
"12:56:04.3906275","nwtoolset.exe","17432","RegEnumValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink","SUCCESS","Index: 51, Name: MS Gothic, Type: REG_MULTI_SZ, Length: 392, Data: MINGLIU.TTC,MingLiU, SIMSUN.TTC,SimSun, GULIM.TTC,GulimChe, YUGOTHM.TTC,Yu Gothic UI, MSJH.TTC,Microsoft JhengHei UI, MSYH.TTC,Microsoft YaHei UI, MALGUN.TTF,Malgun Gothic, SEGUISYM.TTF,Segoe UI Symbol"
"12:56:04.3906616","nwtoolset.exe","17432","RegEnumValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink","BUFFER OVERFLOW","Index: 52, Length: 220"
"12:56:04.3906736","nwtoolset.exe","17432","RegEnumValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink","SUCCESS","Index: 52, Name: MS PGothic, Type: REG_MULTI_SZ, Length: 388, Data: MINGLIU.TTC,PMingLiU, SIMSUN.TTC,SimSun, GULIM.TTC,Gulim, YUGOTHM.TTC,Yu Gothic UI, MSJH.TTC,Microsoft JhengHei UI, MSYH.TTC,Microsoft YaHei UI, MALGUN.TTF,Malgun Gothic, SEGUISYM.TTF,Segoe UI Symbol"
"12:56:04.3907140","nwtoolset.exe","17432","RegEnumValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink","BUFFER OVERFLOW","Index: 53, Length: 220"
"12:56:04.3907263","nwtoolset.exe","17432","RegEnumValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink","SUCCESS","Index: 53, Name: MS UI Gothic, Type: REG_MULTI_SZ, Length: 536, Data: MICROSS.TTF,Microsoft Sans Serif,128,142, MICROSS.TTF,Microsoft Sans Serif, MINGLIU.TTC,PMingLiU, SIMSUN.TTC,SimSun, GULIM.TTC,Gulim, YUGOTHM.TTC,Yu Gothic UI, MSJH.TTC,Microsoft JhengHei UI, MSYH.TTC,Microsoft YaHei UI, MALGUN.TTF,Malgun Gothic, SEGUISYM.TTF,Segoe UI Symbol"
"12:56:04.3907579","nwtoolset.exe","17432","RegEnumValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink","BUFFER OVERFLOW","Index: 54, Length: 220"
"12:56:04.3907700","nwtoolset.exe","17432","RegEnumValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink","SUCCESS","Index: 54, Name: MS Mincho, Type: REG_MULTI_SZ, Length: 390, Data: MINGLIU.TTC,MingLiU, SIMSUN.TTC,SimSun, BATANG.TTC,Batang, YUGOTHM.TTC,Yu Gothic UI, MSJH.TTC,Microsoft JhengHei UI, MSYH.TTC,Microsoft YaHei UI, MALGUN.TTF,Malgun Gothic, SEGUISYM.TTF,Segoe UI Symbol"
"12:56:04.3907980","nwtoolset.exe","17432","RegEnumValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink","BUFFER OVERFLOW","Index: 55, Length: 220"
"12:56:04.3908146","nwtoolset.exe","17432","RegEnumValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink","SUCCESS","Index: 55, Name: MS PMincho, Type: REG_MULTI_SZ, Length: 392, Data: MINGLIU.TTC,PMingLiU, SIMSUN.TTC,SimSun, BATANG.TTC,Batang, YUGOTHM.TTC,Yu Gothic UI, MSJH.TTC,Microsoft JhengHei UI, MSYH.TTC,Microsoft YaHei UI, MALGUN.TTF,Malgun Gothic, SEGUISYM.TTF,Segoe UI Symbol"
"12:56:04.3908438","nwtoolset.exe","17432","RegEnumValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink","BUFFER OVERFLOW","Index: 56, Length: 220"
"12:56:04.3908555","nwtoolset.exe","17432","RegEnumValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink","SUCCESS","Index: 56, Name: Batang, Type: REG_MULTI_SZ, Length: 404, Data: MSMINCHO.TTC,MS PMincho, MINGLIU.TTC,PMingLiU, SIMSUN.TTC,SimSun, MALGUN.TTF,Malgun Gothic, YUGOTHM.TTC,Yu Gothic UI, MSJH.TTC,Microsoft JhengHei UI, MSYH.TTC,Microsoft YaHei UI, SEGUISYM.TTF,Segoe UI Symbol"
"12:56:04.3908835","nwtoolset.exe","17432","RegEnumValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink","BUFFER OVERFLOW","Index: 57, Length: 220"
"12:56:04.3908956","nwtoolset.exe","17432","RegEnumValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink","SUCCESS","Index: 57, Name: BatangChe, Type: REG_MULTI_SZ, Length: 400, Data: MSMINCHO.TTC,MS Mincho, MINGLIU.TTC,MingLiU, SIMSUN.TTC,SimSun, MALGUN.TTF,Malgun Gothic, YUGOTHM.TTC,Yu Gothic UI, MSJH.TTC,Microsoft JhengHei UI, MSYH.TTC,Microsoft YaHei UI, SEGUISYM.TTF,Segoe UI Symbol"
"12:56:04.3909236","nwtoolset.exe","17432","RegEnumValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink","BUFFER OVERFLOW","Index: 58, Length: 220"
"12:56:04.3909353","nwtoolset.exe","17432","RegEnumValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink","SUCCESS","Index: 58, Name: Dotum, Type: REG_MULTI_SZ, Length: 408, Data: MSGOTHIC.TTC,MS UI Gothic, MINGLIU.TTC,PMingLiU, SIMSUN.TTC,SimSun, MALGUN.TTF,Malgun Gothic, YUGOTHM.TTC,Yu Gothic UI, MSJH.TTC,Microsoft JhengHei UI, MSYH.TTC,Microsoft YaHei UI, SEGUISYM.TTF,Segoe UI Symbol"
"12:56:04.3909630","nwtoolset.exe","17432","RegEnumValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink","BUFFER OVERFLOW","Index: 59, Length: 220"
"12:56:04.3909754","nwtoolset.exe","17432","RegEnumValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink","SUCCESS","Index: 59, Name: DotumChe, Type: REG_MULTI_SZ, Length: 400, Data: MSGOTHIC.TTC,MS Gothic, MINGLIU.TTC,MingLiU, SIMSUN.TTC,SimSun, MALGUN.TTF,Malgun Gothic, YUGOTHM.TTC,Yu Gothic UI, MSJH.TTC,Microsoft JhengHei UI, MSYH.TTC,Microsoft YaHei UI, SEGUISYM.TTF,Segoe UI Symbol"
"12:56:04.3910031","nwtoolset.exe","17432","RegEnumValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink","BUFFER OVERFLOW","Index: 60, Length: 220"
"12:56:04.3910148","nwtoolset.exe","17432","RegEnumValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink","SUCCESS","Index: 60, Name: Gulim, Type: REG_MULTI_SZ, Length: 556, Data: MICROSS.TTF,Microsoft Sans Serif,128,140, MICROSS.TTF,Microsoft Sans Serif, MSGOTHIC.TTC,MS UI Gothic, MINGLIU.TTC,PMingLiU, SIMSUN.TTC,SimSun, MALGUN.TTF,Malgun Gothic, YUGOTHM.TTC,Yu Gothic UI, MSJH.TTC,Microsoft JhengHei UI, MSYH.TTC,Microsoft YaHei UI, SEGUISYM.TTF,Segoe UI Symbol"
"12:56:04.3910429","nwtoolset.exe","17432","RegEnumValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink","BUFFER OVERFLOW","Index: 61, Length: 220"
"12:56:04.3910546","nwtoolset.exe","17432","RegEnumValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink","SUCCESS","Index: 61, Name: GulimChe, Type: REG_MULTI_SZ, Length: 400, Data: MSGOTHIC.TTC,MS Gothic, MINGLIU.TTC,MingLiU, SIMSUN.TTC,SimSun, MALGUN.TTF,Malgun Gothic, YUGOTHM.TTC,Yu Gothic UI, MSJH.TTC,Microsoft JhengHei UI, MSYH.TTC,Microsoft YaHei UI, SEGUISYM.TTF,Segoe UI Symbol"
"12:56:04.3910829","nwtoolset.exe","17432","RegEnumValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink","BUFFER OVERFLOW","Index: 62, Length: 220"
"12:56:04.3910947","nwtoolset.exe","17432","RegEnumValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink","SUCCESS","Index: 62, Name: Gungsuh, Type: REG_MULTI_SZ, Length: 404, Data: MSMINCHO.TTC,MS PMincho, MINGLIU.TTC,PMingLiU, SIMSUN.TTC,SimSun, MALGUN.TTF,Malgun Gothic, YUGOTHM.TTC,Yu Gothic UI, MSJH.TTC,Microsoft JhengHei UI, MSYH.TTC,Microsoft YaHei UI, SEGUISYM.TTF,Segoe UI Symbol"
"12:56:04.3911344","nwtoolset.exe","17432","RegEnumValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink","BUFFER OVERFLOW","Index: 63, Length: 220"
"12:56:04.3911468","nwtoolset.exe","17432","RegEnumValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink","SUCCESS","Index: 63, Name: GungsuhChe, Type: REG_MULTI_SZ, Length: 400, Data: MSMINCHO.TTC,MS Mincho, MINGLIU.TTC,MingLiU, SIMSUN.TTC,SimSun, MALGUN.TTF,Malgun Gothic, YUGOTHM.TTC,Yu Gothic UI, MSJH.TTC,Microsoft JhengHei UI, MSYH.TTC,Microsoft YaHei UI, SEGUISYM.TTF,Segoe UI Symbol"
"12:56:04.3911751","nwtoolset.exe","17432","RegEnumValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink","BUFFER OVERFLOW","Index: 64, Length: 220"
"12:56:04.3911901","nwtoolset.exe","17432","RegEnumValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink","SUCCESS","Index: 64, Name: Malgun Gothic, Type: REG_MULTI_SZ, Length: 666, Data: SEGOEUI.TTF,Segoe UI,130,81, SEGOEUI.TTF,Segoe UI, GULIM.TTC,Gulim, MEIRYO.TTC,Meiryo UI,128,96, MEIRYO.TTC,Meiryo UI, MSJH.TTC,Microsoft Jhenghei UI,128,96, MSJH.TTC,Microsoft Jhenghei UI, MSYH.TTC,Microsoft YaHei UI,128,96, MSYH.TTC,Microsoft YaHei UI, YUGOTHM.TTC,Yu Gothic UI,128,96, YUGOTHM.TTC,Yu Gothic UI, SEGUISYM.TTF,Segoe UI Symbol"
"12:56:04.3912233","nwtoolset.exe","17432","RegEnumValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink","BUFFER OVERFLOW","Index: 65, Length: 220"
"12:56:04.3912359","nwtoolset.exe","17432","RegEnumValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink","SUCCESS","Index: 65, Name: Malgun Gothic Bold, Type: REG_MULTI_SZ, Length: 790, Data: SEGOEUIB.TTF,Segoe UI Bold,130,81, SEGOEUIB.TTF,Segoe UI Bold, GULIM.TTC,Gulim, MEIRYOB.TTC,Meiryo UI Bold,128,96, MEIRYOB.TTC,Meiryo UI Bold, MSJHBD.TTC,Microsoft Jhenghei UI Bold,128,96, MSJHBD.TTC,Microsoft Jhenghei UI Bold, MSYHBD.TTC,Microsoft YaHei UI Bold,128,96, MSYHBD.TTC,Microsoft YaHei UI Bold, YUGOTHB.TTC,Yu Gothic UI Bold,128,96, YUGOTHB.TTC,Yu Gothic UI Bold, SEGUISYM.TTF,Segoe UI Symbol"
"12:56:04.3912660","nwtoolset.exe","17432","RegEnumValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink","BUFFER OVERFLOW","Index: 66, Length: 220"
"12:56:04.3912781","nwtoolset.exe","17432","RegEnumValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink","SUCCESS","Index: 66, Name: Malgun Gothic Semilight, Type: REG_MULTI_SZ, Length: 754, Data: SEGOEUISL.TTF,Segoe UI Semilight,130,81, SEGOEUISL.TTF,Segoe UI Semilight, GULIM.TTC,Gulim, MEIRYO.TTC,Meiryo UI,128,96, MEIRYO.TTC,Meiryo UI, MSJH.TTC,Microsoft Jhenghei UI,128,96, MSJH.TTC,Microsoft Jhenghei UI, MSYH.TTC,Microsoft YaHei UI,128,96, MSYH.TTC,Microsoft YaHei UI, YUGOTHR.TTC,Yu Gothic UI Semilight,128,96, YUGOTHR.TTC,Yu Gothic UI Semilight, SEGUISYM.TTF,Segoe UI Symbol"
"12:56:04.3913088","nwtoolset.exe","17432","RegEnumValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink","NO MORE ENTRIES","Index: 67, Length: 220"
"12:56:04.3913317","nwtoolset.exe","17432","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink","SUCCESS",""
"12:56:04.3914437","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:56:04.3914630","nwtoolset.exe","17432","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0","SUCCESS","Desired Access: Query Value"
"12:56:04.3914862","nwtoolset.exe","17432","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:56:04.3914979","nwtoolset.exe","17432","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\Disable","NAME NOT FOUND","Length: 144"
"12:56:04.3915094","nwtoolset.exe","17432","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\DataFilePath","SUCCESS","Type: REG_SZ, Length: 66, Data: C:\Windows\Fonts\staticcache.dat"
"12:56:04.3915274","nwtoolset.exe","17432","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0","SUCCESS",""
"12:56:04.3916597","nwtoolset.exe","17432","CreateFile","C:\Windows\Fonts\StaticCache.dat","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.3917196","nwtoolset.exe","17432","QueryStandardInformationFile","C:\Windows\Fonts\StaticCache.dat","SUCCESS","AllocationSize: 18,612,224, EndOfFile: 18,612,224, NumberOfLinks: 2, DeletePending: False, Directory: False"
"12:56:04.3917368","nwtoolset.exe","17432","ReadFile","C:\Windows\Fonts\StaticCache.dat","SUCCESS","Offset: 0, Length: 60, Priority: Normal"
"12:56:04.3917922","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\Fonts\StaticCache.dat","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READ"
"12:56:04.3918081","nwtoolset.exe","17432","QueryStandardInformationFile","C:\Windows\Fonts\StaticCache.dat","SUCCESS","AllocationSize: 18,612,224, EndOfFile: 18,612,224, NumberOfLinks: 2, DeletePending: False, Directory: False"
"12:56:04.3918304","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\Fonts\StaticCache.dat","SUCCESS","SyncType: SyncTypeOther"
"12:56:04.3930734","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:56:04.3931002","nwtoolset.exe","17432","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback","SUCCESS","Desired Access: Query Value"
"12:56:04.3931258","nwtoolset.exe","17432","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:56:04.3931544","nwtoolset.exe","17432","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane1","NAME NOT FOUND","Length: 144"
"12:56:04.3931694","nwtoolset.exe","17432","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane2","SUCCESS","Type: REG_SZ, Length: 24, Data: SimSun-ExtB"
"12:56:04.3931821","nwtoolset.exe","17432","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane2","SUCCESS","Type: REG_SZ, Length: 24, Data: SimSun-ExtB"
"12:56:04.3931950","nwtoolset.exe","17432","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane3","NAME NOT FOUND","Length: 144"
"12:56:04.3932104","nwtoolset.exe","17432","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane4","NAME NOT FOUND","Length: 144"
"12:56:04.3932225","nwtoolset.exe","17432","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane5","NAME NOT FOUND","Length: 144"
"12:56:04.3932342","nwtoolset.exe","17432","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane6","NAME NOT FOUND","Length: 144"
"12:56:04.3932462","nwtoolset.exe","17432","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane7","NAME NOT FOUND","Length: 144"
"12:56:04.3932580","nwtoolset.exe","17432","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane8","NAME NOT FOUND","Length: 144"
"12:56:04.3932694","nwtoolset.exe","17432","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane9","NAME NOT FOUND","Length: 144"
"12:56:04.3932812","nwtoolset.exe","17432","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane10","NAME NOT FOUND","Length: 144"
"12:56:04.3932926","nwtoolset.exe","17432","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane11","NAME NOT FOUND","Length: 144"
"12:56:04.3933041","nwtoolset.exe","17432","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane12","NAME NOT FOUND","Length: 144"
"12:56:04.3933158","nwtoolset.exe","17432","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane13","NAME NOT FOUND","Length: 144"
"12:56:04.3933273","nwtoolset.exe","17432","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane14","NAME NOT FOUND","Length: 144"
"12:56:04.3933387","nwtoolset.exe","17432","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane15","NAME NOT FOUND","Length: 144"
"12:56:04.3933505","nwtoolset.exe","17432","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane16","NAME NOT FOUND","Length: 144"
"12:56:04.3933694","nwtoolset.exe","17432","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback","SUCCESS",""
"12:56:04.3933902","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:56:04.3934029","nwtoolset.exe","17432","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback","SUCCESS","Desired Access: Query Value, Enumerate Sub Keys"
"12:56:04.3934318","nwtoolset.exe","17432","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:56:04.3934441","nwtoolset.exe","17432","RegQueryKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback","SUCCESS","Query: Cached, SubKeys: 4, Values: 1"
"12:56:04.3934586","nwtoolset.exe","17432","RegEnumKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback","SUCCESS","Index: 0, Name: MingLiU"
"12:56:04.3934700","nwtoolset.exe","17432","RegEnumKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback","SUCCESS","Index: 1, Name: MingLiU_HKSCS"
"12:56:04.3934809","nwtoolset.exe","17432","RegEnumKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback","SUCCESS","Index: 2, Name: PMingLiU"
"12:56:04.3935010","nwtoolset.exe","17432","RegEnumKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback","SUCCESS","Index: 3, Name: SimSun"
"12:56:04.3936251","nwtoolset.exe","17432","RegQueryKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback","SUCCESS","Query: HandleTags, HandleTags: 0x100"
"12:56:04.3936498","nwtoolset.exe","17432","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Segoe UI","NAME NOT FOUND","Desired Access: Query Value"
"12:56:04.3936893","nwtoolset.exe","17432","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback","SUCCESS",""
"12:56:04.4065883","nwtoolset.exe","17432","RegOpenKey","HKCU","SUCCESS","Desired Access: Read"
"12:56:04.4066545","nwtoolset.exe","17432","RegCloseKey","HKCU","SUCCESS",""
"12:56:04.4068521","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:56:04.4068675","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: Name"
"12:56:04.4068910","nwtoolset.exe","17432","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","REPARSE","Desired Access: Read"
"12:56:04.4069157","nwtoolset.exe","17432","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS","Desired Access: Read"
"12:56:04.4069316","nwtoolset.exe","17432","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:56:04.4069434","nwtoolset.exe","17432","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\MS Sans Serif","NAME NOT FOUND","Length: 144"
"12:56:04.4069617","nwtoolset.exe","17432","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS",""
"12:56:04.4075867","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:56:04.4075972","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: Name"
"12:56:04.4076228","nwtoolset.exe","17432","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","REPARSE","Desired Access: Read"
"12:56:04.4076376","nwtoolset.exe","17432","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS","Desired Access: Read"
"12:56:04.4076502","nwtoolset.exe","17432","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:56:04.4076590","nwtoolset.exe","17432","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\MS Sans Serif","NAME NOT FOUND","Length: 144"
"12:56:04.4076749","nwtoolset.exe","17432","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS",""
"12:56:04.4087417","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:56:04.4087510","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: Name"
"12:56:04.4087670","nwtoolset.exe","17432","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","REPARSE","Desired Access: Read"
"12:56:04.4087847","nwtoolset.exe","17432","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS","Desired Access: Read"
"12:56:04.4087980","nwtoolset.exe","17432","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:56:04.4088064","nwtoolset.exe","17432","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\MS Sans Serif","NAME NOT FOUND","Length: 144"
"12:56:04.4088254","nwtoolset.exe","17432","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS",""
"12:56:04.4108613","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:56:04.4108779","nwtoolset.exe","17432","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback","SUCCESS","Desired Access: Query Value, Enumerate Sub Keys"
"12:56:04.4109095","nwtoolset.exe","17432","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:56:04.4109222","nwtoolset.exe","17432","RegQueryKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback","SUCCESS","Query: HandleTags, HandleTags: 0x100"
"12:56:04.4109312","nwtoolset.exe","17432","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\MS Sans Serif","NAME NOT FOUND","Desired Access: Query Value"
"12:56:04.4109713","nwtoolset.exe","17432","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback","SUCCESS",""
"12:56:04.4112438","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:56:04.4112526","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: Name"
"12:56:04.4112700","nwtoolset.exe","17432","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions","SUCCESS","Desired Access: Read"
"12:56:04.4112938","nwtoolset.exe","17432","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:56:04.4113282","nwtoolset.exe","17432","RegQueryKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions","SUCCESS","Query: HandleTags, HandleTags: 0x400"
"12:56:04.4113378","nwtoolset.exe","17432","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}","SUCCESS","Desired Access: Read"
"12:56:04.4113595","nwtoolset.exe","17432","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions","SUCCESS",""
"12:56:04.4113703","nwtoolset.exe","17432","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\Category","SUCCESS","Type: REG_DWORD, Length: 4, Data: 4"
"12:56:04.4113800","nwtoolset.exe","17432","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\Name","SUCCESS","Type: REG_SZ, Length: 18, Data: Personal"
"12:56:04.4113902","nwtoolset.exe","17432","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\ParentFolder","NAME NOT FOUND","Length: 144"
"12:56:04.4113983","nwtoolset.exe","17432","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\Description","NAME NOT FOUND","Length: 144"
"12:56:04.4114059","nwtoolset.exe","17432","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\RelativePath","SUCCESS","Type: REG_SZ, Length: 20, Data: Documents"
"12:56:04.4114143","nwtoolset.exe","17432","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\ParsingName","BUFFER OVERFLOW","Length: 144"
"12:56:04.4114227","nwtoolset.exe","17432","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\ParsingName","SUCCESS","Type: REG_SZ, Length: 176, Data: shell:::{20D04FE0-3AEA-1069-A2D8-08002B30309D}\::{A8CDFF1C-4878-43be-B5FD-F8091C1C60D0}"
"12:56:04.4114321","nwtoolset.exe","17432","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\InfoTip","NAME NOT FOUND","Length: 144"
"12:56:04.4114393","nwtoolset.exe","17432","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\LocalizedName","SUCCESS","Type: REG_EXPAND_SZ, Length: 100, Data: @%SystemRoot%\system32\windows.storage.dll,-21770"
"12:56:04.4114694","nwtoolset.exe","17432","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\Icon","SUCCESS","Type: REG_EXPAND_SZ, Length: 80, Data: %SystemRoot%\system32\imageres.dll,-112"
"12:56:04.4114812","nwtoolset.exe","17432","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\Security","NAME NOT FOUND","Length: 144"
"12:56:04.4114896","nwtoolset.exe","17432","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\StreamResource","NAME NOT FOUND","Length: 144"
"12:56:04.4114974","nwtoolset.exe","17432","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\StreamResourceType","NAME NOT FOUND","Length: 144"
"12:56:04.4115050","nwtoolset.exe","17432","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\LocalRedirectOnly","NAME NOT FOUND","Length: 144"
"12:56:04.4115128","nwtoolset.exe","17432","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\Roamable","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1"
"12:56:04.4115212","nwtoolset.exe","17432","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\PreCreate","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1"
"12:56:04.4115315","nwtoolset.exe","17432","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\Stream","NAME NOT FOUND","Length: 144"
"12:56:04.4115390","nwtoolset.exe","17432","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\PublishExpandedPath","NAME NOT FOUND","Length: 144"
"12:56:04.4115465","nwtoolset.exe","17432","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\DefinitionFlags","NAME NOT FOUND","Length: 144"
"12:56:04.4115534","nwtoolset.exe","17432","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\Attributes","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1"
"12:56:04.4115610","nwtoolset.exe","17432","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\FolderTypeID","NAME NOT FOUND","Length: 144"
"12:56:04.4115682","nwtoolset.exe","17432","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\InitFolderHandler","NAME NOT FOUND","Length: 144"
"12:56:04.4115929","nwtoolset.exe","17432","RegQueryKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}","SUCCESS","Query: HandleTags, HandleTags: 0x400"
"12:56:04.4116034","nwtoolset.exe","17432","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\PropertyBag","SUCCESS","Desired Access: Read"
"12:56:04.4116405","nwtoolset.exe","17432","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}","SUCCESS",""
"12:56:04.4116715","nwtoolset.exe","17432","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:56:04.4116793","nwtoolset.exe","17432","RegQueryKey","HKCU","SUCCESS","Query: Name"
"12:56:04.4116923","nwtoolset.exe","17432","RegOpenKey","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer","SUCCESS","Desired Access: Query Value"
"12:56:04.4117095","nwtoolset.exe","17432","RegSetInfoKey","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:56:04.4117215","nwtoolset.exe","17432","RegQueryKey","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer","SUCCESS","Query: HandleTags, HandleTags: 0x400"
"12:56:04.4117299","nwtoolset.exe","17432","RegOpenKey","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1","SUCCESS","Desired Access: Query Value"
"12:56:04.4117483","nwtoolset.exe","17432","RegQueryKey","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1","SUCCESS","Query: HandleTags, HandleTags: 0x400"
"12:56:04.4117564","nwtoolset.exe","17432","RegOpenKey","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\KnownFolders","NAME NOT FOUND","Desired Access: Query Value"
"12:56:04.4117742","nwtoolset.exe","17432","RegCloseKey","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1","SUCCESS",""
"12:56:04.4117914","nwtoolset.exe","17432","RegOpenKey","HKCU","SUCCESS","Desired Access: Read"
"12:56:04.4118076","nwtoolset.exe","17432","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:56:04.4118146","nwtoolset.exe","17432","RegQueryKey","HKCU","SUCCESS","Query: Name"
"12:56:04.4118254","nwtoolset.exe","17432","RegOpenKey","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders","SUCCESS","Desired Access: Read"
"12:56:04.4118408","nwtoolset.exe","17432","RegSetInfoKey","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:56:04.4118531","nwtoolset.exe","17432","RegCloseKey","HKCU","SUCCESS",""
"12:56:04.4118721","nwtoolset.exe","17432","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Personal","SUCCESS","Type: REG_EXPAND_SZ, Length: 48, Data: %USERPROFILE%\Documents"
"12:56:04.4119170","nwtoolset.exe","17432","RegCloseKey","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders","SUCCESS",""
"12:56:04.4119531","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:56:04.4119603","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: Name"
"12:56:04.4119730","nwtoolset.exe","17432","RegOpenKey","HKLM\Software\WOW6432Node\Policies\Microsoft\Windows\Explorer","REPARSE","Desired Access: Query Value"
"12:56:04.4119944","nwtoolset.exe","17432","RegOpenKey","HKLM\SOFTWARE\Policies\Microsoft\Windows\Explorer","NAME NOT FOUND","Desired Access: Query Value"
"12:56:04.4120170","nwtoolset.exe","17432","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:56:04.4120242","nwtoolset.exe","17432","RegQueryKey","HKCU","SUCCESS","Query: Name"
"12:56:04.4120353","nwtoolset.exe","17432","RegOpenKey","HKCU\Software\Policies\Microsoft\Windows\Explorer","NAME NOT FOUND","Desired Access: Query Value"
"12:56:04.4122118","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:56:04.4122196","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: Name"
"12:56:04.4122323","nwtoolset.exe","17432","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions","SUCCESS","Desired Access: Read"
"12:56:04.4122483","nwtoolset.exe","17432","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:56:04.4122597","nwtoolset.exe","17432","RegQueryKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions","SUCCESS","Query: HandleTags, HandleTags: 0x400"
"12:56:04.4122678","nwtoolset.exe","17432","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}","SUCCESS","Desired Access: Read"
"12:56:04.4122913","nwtoolset.exe","17432","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions","SUCCESS",""
"12:56:04.4123010","nwtoolset.exe","17432","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\Category","SUCCESS","Type: REG_DWORD, Length: 4, Data: 2"
"12:56:04.4123094","nwtoolset.exe","17432","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\Name","SUCCESS","Type: REG_SZ, Length: 16, Data: Profile"
"12:56:04.4123187","nwtoolset.exe","17432","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\ParentFolder","NAME NOT FOUND","Length: 144"
"12:56:04.4123269","nwtoolset.exe","17432","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\Description","NAME NOT FOUND","Length: 144"
"12:56:04.4123371","nwtoolset.exe","17432","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\RelativePath","NAME NOT FOUND","Length: 144"
"12:56:04.4123443","nwtoolset.exe","17432","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\ParsingName","NAME NOT FOUND","Length: 144"
"12:56:04.4123516","nwtoolset.exe","17432","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\InfoTip","NAME NOT FOUND","Length: 144"
"12:56:04.4123585","nwtoolset.exe","17432","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\LocalizedName","NAME NOT FOUND","Length: 144"
"12:56:04.4123657","nwtoolset.exe","17432","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\Icon","NAME NOT FOUND","Length: 144"
"12:56:04.4123726","nwtoolset.exe","17432","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\Security","NAME NOT FOUND","Length: 144"
"12:56:04.4123802","nwtoolset.exe","17432","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\StreamResource","NAME NOT FOUND","Length: 144"
"12:56:04.4123946","nwtoolset.exe","17432","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\StreamResourceType","NAME NOT FOUND","Length: 144"
"12:56:04.4124019","nwtoolset.exe","17432","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\LocalRedirectOnly","NAME NOT FOUND","Length: 144"
"12:56:04.4124091","nwtoolset.exe","17432","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\Roamable","NAME NOT FOUND","Length: 144"
"12:56:04.4124166","nwtoolset.exe","17432","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\PreCreate","NAME NOT FOUND","Length: 144"
"12:56:04.4124235","nwtoolset.exe","17432","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\Stream","NAME NOT FOUND","Length: 144"
"12:56:04.4124308","nwtoolset.exe","17432","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\PublishExpandedPath","NAME NOT FOUND","Length: 144"
"12:56:04.4124377","nwtoolset.exe","17432","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\DefinitionFlags","NAME NOT FOUND","Length: 144"
"12:56:04.4124446","nwtoolset.exe","17432","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\Attributes","NAME NOT FOUND","Length: 144"
"12:56:04.4124519","nwtoolset.exe","17432","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\FolderTypeID","NAME NOT FOUND","Length: 144"
"12:56:04.4124588","nwtoolset.exe","17432","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\InitFolderHandler","NAME NOT FOUND","Length: 144"
"12:56:04.4124723","nwtoolset.exe","17432","RegQueryKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}","SUCCESS","Query: HandleTags, HandleTags: 0x400"
"12:56:04.4124808","nwtoolset.exe","17432","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\PropertyBag","NAME NOT FOUND","Desired Access: Read"
"12:56:04.4125097","nwtoolset.exe","17432","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}","SUCCESS",""
"12:56:04.4125546","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:56:04.4125621","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: Name"
"12:56:04.4125750","nwtoolset.exe","17432","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1662289942-932661628-3393754344-1001","REPARSE","Desired Access: Read"
"12:56:04.4126027","nwtoolset.exe","17432","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1662289942-932661628-3393754344-1001","SUCCESS","Desired Access: Read"
"12:56:04.4126298","nwtoolset.exe","17432","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1662289942-932661628-3393754344-1001","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:56:04.4126425","nwtoolset.exe","17432","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1662289942-932661628-3393754344-1001\ProfileImagePath","SUCCESS","Type: REG_EXPAND_SZ, Length: 30, Data: C:\Users\giaco"
"12:56:04.4126545","nwtoolset.exe","17432","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1662289942-932661628-3393754344-1001\ProfileImagePath","SUCCESS","Type: REG_EXPAND_SZ, Length: 30, Data: C:\Users\giaco"
"12:56:04.4126708","nwtoolset.exe","17432","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1662289942-932661628-3393754344-1001","SUCCESS",""
"12:56:04.4128154","nwtoolset.exe","17432","CreateFile","C:\Users\giaco","NAME COLLISION","Desired Access: Read Data/List Directory, Synchronize, Disposition: Create, Options: Directory, Synchronous IO Non-Alert, Open Reparse Point, Attributes: N, ShareMode: Read, Write, AllocationSize: 0"
"12:56:04.4130346","nwtoolset.exe","17432","CreateFile","C:\Users\giaco","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.4130605","nwtoolset.exe","17432","QueryBasicInformationFile","C:\Users\giaco","SUCCESS","CreationTime: 23/12/2017 01:13:47, LastAccessTime: 02/04/2018 12:56:04, LastWriteTime: 05/03/2018 23:53:03, ChangeTime: 05/03/2018 23:53:03, FileAttributes: D"
"12:56:04.4130699","nwtoolset.exe","17432","CloseFile","C:\Users\giaco","SUCCESS",""
"12:56:04.4131009","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:56:04.4131087","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: Name"
"12:56:04.4131229","nwtoolset.exe","17432","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\KnownFolderSettings","NAME NOT FOUND","Desired Access: Query Value"
"12:56:04.4131521","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:56:04.4131590","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: Name"
"12:56:04.4131711","nwtoolset.exe","17432","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\KnownFolderSettings","NAME NOT FOUND","Desired Access: Query Value"
"12:56:04.4132852","nwtoolset.exe","17432","CreateFile","C:\Users\giaco\Documents","NAME COLLISION","Desired Access: Read Data/List Directory, Synchronize, Disposition: Create, Options: Directory, Synchronous IO Non-Alert, Open Reparse Point, Attributes: N, ShareMode: Read, Write, AllocationSize: 0"
"12:56:04.4134876","nwtoolset.exe","17432","CreateFile","C:\Users\giaco\Documents","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.4135168","nwtoolset.exe","17432","QueryBasicInformationFile","C:\Users\giaco\Documents","SUCCESS","CreationTime: 24/04/2016 02:12:15, LastAccessTime: 02/04/2018 12:53:49, LastWriteTime: 02/04/2018 12:51:41, ChangeTime: 02/04/2018 12:51:41, FileAttributes: RD"
"12:56:04.4135270","nwtoolset.exe","17432","CloseFile","C:\Users\giaco\Documents","SUCCESS",""
"12:56:04.4137680","nwtoolset.exe","17432","CreateFile","C:\Users\giaco\Documents\Neverwinter Nights","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.4138014","nwtoolset.exe","17432","QueryBasicInformationFile","C:\Users\giaco\Documents\Neverwinter Nights","SUCCESS","CreationTime: 02/04/2018 03:23:32, LastAccessTime: 02/04/2018 12:55:44, LastWriteTime: 02/04/2018 03:23:32, ChangeTime: 02/04/2018 03:23:32, FileAttributes: D"
"12:56:04.4138108","nwtoolset.exe","17432","CloseFile","C:\Users\giaco\Documents\Neverwinter Nights","SUCCESS",""
"12:56:04.4140107","nwtoolset.exe","17432","CreateFile","C:\Users\giaco\Documents\Neverwinter Nights\nwn.ini","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:56:04.4142246","nwtoolset.exe","17432","CreateFile","C:\Users\giaco\Documents\Neverwinter Nights.0","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:56:04.4143682","nwtoolset.exe","17432","CreateFile","C:\Users\giaco\Documents\Neverwinter Nights.0","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Create, Options: Directory, Synchronous IO Non-Alert, Open Reparse Point, Attributes: N, ShareMode: Read, Write, AllocationSize: 0, OpenResult: Created"
"12:56:04.4145568","nwtoolset.exe","17432","CloseFile","C:\Users\giaco\Documents\Neverwinter Nights.0","SUCCESS",""
"12:56:04.4147031","nwtoolset.exe","17432","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:56:04.4147122","nwtoolset.exe","17432","RegQueryKey","HKCU","SUCCESS","Query: Name"
"12:56:04.4147263","nwtoolset.exe","17432","RegOpenKey","HKCU\Software\Microsoft\Windows\CurrentVersion\App Paths\nwtoolset.exe","NAME NOT FOUND","Desired Access: Read"
"12:56:04.4147492","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:56:04.4147561","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: Name"
"12:56:04.4147691","nwtoolset.exe","17432","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\App Paths\nwtoolset.exe","REPARSE","Desired Access: Read"
"12:56:04.4147920","nwtoolset.exe","17432","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\nwtoolset.exe","NAME NOT FOUND","Desired Access: Read"
"12:56:04.4152901","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:56:04.4153013","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: Name"
"12:56:04.4153190","nwtoolset.exe","17432","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\Explorer","REPARSE","Desired Access: Query Value"
"12:56:04.4153392","nwtoolset.exe","17432","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer","SUCCESS","Desired Access: Query Value"
"12:56:04.4153540","nwtoolset.exe","17432","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:56:04.4153660","nwtoolset.exe","17432","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoPropertiesMyComputer","NAME NOT FOUND","Length: 144"
"12:56:04.4153826","nwtoolset.exe","17432","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer","SUCCESS",""
"12:56:04.4154058","nwtoolset.exe","17432","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:56:04.4154253","nwtoolset.exe","17432","RegQueryKey","HKCU","SUCCESS","Query: Name"
"12:56:04.4154479","nwtoolset.exe","17432","RegOpenKey","HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer","SUCCESS","Desired Access: Query Value"
"12:56:04.4154738","nwtoolset.exe","17432","RegSetInfoKey","HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:56:04.4154874","nwtoolset.exe","17432","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoPropertiesMyComputer","NAME NOT FOUND","Length: 144"
"12:56:04.4155097","nwtoolset.exe","17432","RegCloseKey","HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer","SUCCESS",""
"12:56:04.4155323","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:56:04.4155437","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: Name"
"12:56:04.4155642","nwtoolset.exe","17432","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\Explorer","REPARSE","Desired Access: Query Value"
"12:56:04.4155928","nwtoolset.exe","17432","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer","SUCCESS","Desired Access: Query Value"
"12:56:04.4156067","nwtoolset.exe","17432","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:56:04.4156154","nwtoolset.exe","17432","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoPropertiesRecycleBin","NAME NOT FOUND","Length: 144"
"12:56:04.4156359","nwtoolset.exe","17432","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer","SUCCESS",""
"12:56:04.4156488","nwtoolset.exe","17432","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:56:04.4156563","nwtoolset.exe","17432","RegQueryKey","HKCU","SUCCESS","Query: Name"
"12:56:04.4156687","nwtoolset.exe","17432","RegOpenKey","HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer","SUCCESS","Desired Access: Query Value"
"12:56:04.4156823","nwtoolset.exe","17432","RegSetInfoKey","HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:56:04.4156898","nwtoolset.exe","17432","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoPropertiesRecycleBin","NAME NOT FOUND","Length: 144"
"12:56:04.4157024","nwtoolset.exe","17432","RegCloseKey","HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer","SUCCESS",""
"12:56:04.4157250","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:56:04.4157319","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: Name"
"12:56:04.4157443","nwtoolset.exe","17432","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\Explorer","REPARSE","Desired Access: Query Value"
"12:56:04.4157621","nwtoolset.exe","17432","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer","SUCCESS","Desired Access: Query Value"
"12:56:04.4157735","nwtoolset.exe","17432","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:56:04.4157810","nwtoolset.exe","17432","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoControlPanel","NAME NOT FOUND","Length: 144"
"12:56:04.4157949","nwtoolset.exe","17432","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer","SUCCESS",""
"12:56:04.4158063","nwtoolset.exe","17432","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:56:04.4158184","nwtoolset.exe","17432","RegQueryKey","HKCU","SUCCESS","Query: Name"
"12:56:04.4158304","nwtoolset.exe","17432","RegOpenKey","HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer","SUCCESS","Desired Access: Query Value"
"12:56:04.4158434","nwtoolset.exe","17432","RegSetInfoKey","HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:56:04.4158509","nwtoolset.exe","17432","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoControlPanel","NAME NOT FOUND","Length: 144"
"12:56:04.4158642","nwtoolset.exe","17432","RegCloseKey","HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer","SUCCESS",""
"12:56:04.4158774","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:56:04.4158855","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: Name"
"12:56:04.4158982","nwtoolset.exe","17432","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\Explorer","REPARSE","Desired Access: Query Value"
"12:56:04.4159151","nwtoolset.exe","17432","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer","SUCCESS","Desired Access: Query Value"
"12:56:04.4159262","nwtoolset.exe","17432","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:56:04.4159337","nwtoolset.exe","17432","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetFolders","NAME NOT FOUND","Length: 144"
"12:56:04.4159467","nwtoolset.exe","17432","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer","SUCCESS",""
"12:56:04.4159578","nwtoolset.exe","17432","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:56:04.4159651","nwtoolset.exe","17432","RegQueryKey","HKCU","SUCCESS","Query: Name"
"12:56:04.4159762","nwtoolset.exe","17432","RegOpenKey","HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer","SUCCESS","Desired Access: Query Value"
"12:56:04.4159882","nwtoolset.exe","17432","RegSetInfoKey","HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:56:04.4159955","nwtoolset.exe","17432","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetFolders","NAME NOT FOUND","Length: 144"
"12:56:04.4160072","nwtoolset.exe","17432","RegCloseKey","HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer","SUCCESS",""
"12:56:04.4160196","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:56:04.4160262","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: Name"
"12:56:04.4160379","nwtoolset.exe","17432","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\Explorer","REPARSE","Desired Access: Query Value"
"12:56:04.4160539","nwtoolset.exe","17432","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer","SUCCESS","Desired Access: Query Value"
"12:56:04.4160647","nwtoolset.exe","17432","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:56:04.4160723","nwtoolset.exe","17432","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoInternetIcon","NAME NOT FOUND","Length: 144"
"12:56:04.4160852","nwtoolset.exe","17432","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer","SUCCESS",""
"12:56:04.4160964","nwtoolset.exe","17432","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:56:04.4161036","nwtoolset.exe","17432","RegQueryKey","HKCU","SUCCESS","Query: Name"
"12:56:04.4161144","nwtoolset.exe","17432","RegOpenKey","HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer","SUCCESS","Desired Access: Query Value"
"12:56:04.4161268","nwtoolset.exe","17432","RegSetInfoKey","HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:56:04.4161500","nwtoolset.exe","17432","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoInternetIcon","NAME NOT FOUND","Length: 144"
"12:56:04.4161696","nwtoolset.exe","17432","RegCloseKey","HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer","SUCCESS",""
"12:56:04.4161906","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:56:04.4161982","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: Name"
"12:56:04.4162198","nwtoolset.exe","17432","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellCompatibility\Applications\nwtoolset.exe","NAME NOT FOUND","Desired Access: Query Value, Enumerate Sub Keys"
"12:56:04.4162846","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:56:04.4163039","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: Name"
"12:56:04.4163283","nwtoolset.exe","17432","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace","SUCCESS","Desired Access: Query Value"
"12:56:04.4163566","nwtoolset.exe","17432","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:56:04.4163747","nwtoolset.exe","17432","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\ValidateRegItems","NAME NOT FOUND","Length: 144"
"12:56:04.4163975","nwtoolset.exe","17432","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace","SUCCESS",""
"12:56:04.4164364","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:56:04.4164511","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: Name"
"12:56:04.4164710","nwtoolset.exe","17432","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace","SUCCESS","Desired Access: Query Value"
"12:56:04.4164948","nwtoolset.exe","17432","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:56:04.4165075","nwtoolset.exe","17432","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\MonitorRegistry","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1"
"12:56:04.4165292","nwtoolset.exe","17432","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace","SUCCESS",""
"12:56:04.4166141","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:56:04.4166364","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: Name"
"12:56:04.4166581","nwtoolset.exe","17432","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\Explorer","REPARSE","Desired Access: Query Value"
"12:56:04.4166879","nwtoolset.exe","17432","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer","SUCCESS","Desired Access: Query Value"
"12:56:04.4167117","nwtoolset.exe","17432","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:56:04.4167204","nwtoolset.exe","17432","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoCommonGroups","NAME NOT FOUND","Length: 144"
"12:56:04.4167358","nwtoolset.exe","17432","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer","SUCCESS",""
"12:56:04.4167490","nwtoolset.exe","17432","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:56:04.4167571","nwtoolset.exe","17432","RegQueryKey","HKCU","SUCCESS","Query: Name"
"12:56:04.4167695","nwtoolset.exe","17432","RegOpenKey","HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer","SUCCESS","Desired Access: Query Value"
"12:56:04.4167839","nwtoolset.exe","17432","RegSetInfoKey","HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:56:04.4167912","nwtoolset.exe","17432","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoCommonGroups","NAME NOT FOUND","Length: 144"
"12:56:04.4168071","nwtoolset.exe","17432","RegCloseKey","HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer","SUCCESS",""
"12:56:04.4169342","nwtoolset.exe","17432","RegOpenKey","HKCU\Software\Classes","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:56:04.4169698","nwtoolset.exe","17432","RegSetInfoKey","HKCU\Software\Classes","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:56:04.4169912","nwtoolset.exe","17432","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: Name"
"12:56:04.4170071","nwtoolset.exe","17432","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x1"
"12:56:04.4170237","nwtoolset.exe","17432","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x1"
"12:56:04.4170345","nwtoolset.exe","17432","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: Name"
"12:56:04.4170559","nwtoolset.exe","17432","RegOpenKey","HKCU\Software\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder","NAME NOT FOUND","Desired Access: Query Value"
"12:56:04.4170863","nwtoolset.exe","17432","RegOpenKey","HKCR\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder","SUCCESS","Desired Access: Query Value"
"12:56:04.4171288","nwtoolset.exe","17432","RegSetInfoKey","HKCR\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:56:04.4171432","nwtoolset.exe","17432","RegQueryKey","HKCR\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder","SUCCESS","Query: Name"
"12:56:04.4171607","nwtoolset.exe","17432","RegQueryKey","HKCR\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder","SUCCESS","Query: HandleTags, HandleTags: 0x401"
"12:56:04.4171869","nwtoolset.exe","17432","RegOpenKey","HKCU\Software\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder","NAME NOT FOUND","Desired Access: Maximum Allowed"
"12:56:04.4172077","nwtoolset.exe","17432","RegQueryValue","HKCR\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\Attributes","NAME NOT FOUND","Length: 144"
"12:56:04.4172213","nwtoolset.exe","17432","RegQueryKey","HKCR\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder","SUCCESS","Query: Name"
"12:56:04.4172390","nwtoolset.exe","17432","RegQueryKey","HKCR\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder","SUCCESS","Query: HandleTags, HandleTags: 0x401"
"12:56:04.4172628","nwtoolset.exe","17432","RegOpenKey","HKCU\Software\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder","NAME NOT FOUND","Desired Access: Maximum Allowed"
"12:56:04.4172833","nwtoolset.exe","17432","RegQueryValue","HKCR\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\CallForAttributes","NAME NOT FOUND","Length: 144"
"12:56:04.4172959","nwtoolset.exe","17432","RegQueryKey","HKCR\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder","SUCCESS","Query: Name"
"12:56:04.4173119","nwtoolset.exe","17432","RegQueryKey","HKCR\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder","SUCCESS","Query: HandleTags, HandleTags: 0x401"
"12:56:04.4173351","nwtoolset.exe","17432","RegOpenKey","HKCU\Software\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder","NAME NOT FOUND","Desired Access: Maximum Allowed"
"12:56:04.4173529","nwtoolset.exe","17432","RegQueryValue","HKCR\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\RestrictedAttributes","NAME NOT FOUND","Length: 144"
"12:56:04.4173613","nwtoolset.exe","17432","RegQueryKey","HKCR\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder","SUCCESS","Query: Name"
"12:56:04.4173718","nwtoolset.exe","17432","RegQueryKey","HKCR\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder","SUCCESS","Query: HandleTags, HandleTags: 0x401"
"12:56:04.4173869","nwtoolset.exe","17432","RegOpenKey","HKCU\Software\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder","NAME NOT FOUND","Desired Access: Maximum Allowed"
"12:56:04.4173992","nwtoolset.exe","17432","RegQueryValue","HKCR\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\FolderValueFlags","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1581568"
"12:56:04.4174152","nwtoolset.exe","17432","RegCloseKey","HKCR\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder","SUCCESS",""
"12:56:04.4174459","nwtoolset.exe","17432","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:56:04.4174532","nwtoolset.exe","17432","RegQueryKey","HKCU","SUCCESS","Query: Name"
"12:56:04.4174649","nwtoolset.exe","17432","RegOpenKey","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder","NAME NOT FOUND","Desired Access: Query Value"
"12:56:04.4174842","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:56:04.4174908","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: Name"
"12:56:04.4175032","nwtoolset.exe","17432","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder","NAME NOT FOUND","Desired Access: Query Value"
"12:56:04.4175300","nwtoolset.exe","17432","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:56:04.4175372","nwtoolset.exe","17432","RegQueryKey","HKCU","SUCCESS","Query: Name"
"12:56:04.4175477","nwtoolset.exe","17432","RegOpenKey","HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\NonEnum","NAME NOT FOUND","Desired Access: Query Value"
"12:56:04.4175625","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:56:04.4175691","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: Name"
"12:56:04.4175803","nwtoolset.exe","17432","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\NonEnum","REPARSE","Desired Access: Query Value"
"12:56:04.4175959","nwtoolset.exe","17432","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\NonEnum","SUCCESS","Desired Access: Query Value"
"12:56:04.4176101","nwtoolset.exe","17432","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\NonEnum","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:56:04.4176215","nwtoolset.exe","17432","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\NonEnum\{20D04FE0-3AEA-1069-A2D8-08002B30309D}","NAME NOT FOUND","Length: 144"
"12:56:04.4176360","nwtoolset.exe","17432","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\NonEnum","SUCCESS",""
"12:56:04.4176875","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:56:04.4176944","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: Name"
"12:56:04.4177070","nwtoolset.exe","17432","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace","SUCCESS","Desired Access: Query Value"
"12:56:04.4177227","nwtoolset.exe","17432","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:56:04.4177305","nwtoolset.exe","17432","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\ValidateRegItems","NAME NOT FOUND","Length: 144"
"12:56:04.4177438","nwtoolset.exe","17432","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace","SUCCESS",""
"12:56:04.4177549","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:56:04.4177616","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: Name"
"12:56:04.4177730","nwtoolset.exe","17432","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace","SUCCESS","Desired Access: Query Value"
"12:56:04.4177866","nwtoolset.exe","17432","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:56:04.4177944","nwtoolset.exe","17432","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\MonitorRegistry","NAME NOT FOUND","Length: 144"
"12:56:04.4178070","nwtoolset.exe","17432","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace","SUCCESS",""
"12:56:04.4178408","nwtoolset.exe","17432","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: Name"
"12:56:04.4178507","nwtoolset.exe","17432","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x1"
"12:56:04.4178609","nwtoolset.exe","17432","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x1"
"12:56:04.4178679","nwtoolset.exe","17432","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: Name"
"12:56:04.4178787","nwtoolset.exe","17432","RegOpenKey","HKCU\Software\Classes\Drive\shellex\FolderExtensions","NAME NOT FOUND","Desired Access: Enumerate Sub Keys"
"12:56:04.4178932","nwtoolset.exe","17432","RegOpenKey","HKCR\Drive\shellex\FolderExtensions","SUCCESS","Desired Access: Enumerate Sub Keys"
"12:56:04.4179079","nwtoolset.exe","17432","RegSetInfoKey","HKCR\Drive\shellex\FolderExtensions","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:56:04.4179191","nwtoolset.exe","17432","RegQueryKey","HKCR\Drive\shellex\FolderExtensions","SUCCESS","Query: Name"
"12:56:04.4179281","nwtoolset.exe","17432","RegQueryKey","HKCR\Drive\shellex\FolderExtensions","SUCCESS","Query: HandleTags, HandleTags: 0x401"
"12:56:04.4179426","nwtoolset.exe","17432","RegOpenKey","HKCU\Software\Classes\Drive\shellex\FolderExtensions","NAME NOT FOUND","Desired Access: Maximum Allowed"
"12:56:04.4179763","nwtoolset.exe","17432","RegEnumKey","HKCR\Drive\shellex\FolderExtensions","SUCCESS","Index: 0, Name: {fbeb8a05-beee-4442-804e-409d6c4515e9}"
"12:56:04.4179938","nwtoolset.exe","17432","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: Name"
"12:56:04.4180130","nwtoolset.exe","17432","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x1"
"12:56:04.4180320","nwtoolset.exe","17432","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x1"
"12:56:04.4180450","nwtoolset.exe","17432","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: Name"
"12:56:04.4180654","nwtoolset.exe","17432","RegOpenKey","HKCU\Software\Classes\Drive\shellex\FolderExtensions\{fbeb8a05-beee-4442-804e-409d6c4515e9}","NAME NOT FOUND","Desired Access: Query Value"
"12:56:04.4180944","nwtoolset.exe","17432","RegOpenKey","HKCR\Drive\shellex\FolderExtensions\{fbeb8a05-beee-4442-804e-409d6c4515e9}","SUCCESS","Desired Access: Query Value"
"12:56:04.4181194","nwtoolset.exe","17432","RegSetInfoKey","HKCR\Drive\shellex\FolderExtensions\{fbeb8a05-beee-4442-804e-409d6c4515e9}","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:56:04.4181344","nwtoolset.exe","17432","RegQueryKey","HKCR\Drive\shellex\FolderExtensions\{fbeb8a05-beee-4442-804e-409d6c4515e9}","SUCCESS","Query: Name"
"12:56:04.4181528","nwtoolset.exe","17432","RegQueryKey","HKCR\Drive\shellex\FolderExtensions\{fbeb8a05-beee-4442-804e-409d6c4515e9}","SUCCESS","Query: HandleTags, HandleTags: 0x401"
"12:56:04.4181790","nwtoolset.exe","17432","RegOpenKey","HKCU\Software\Classes\Drive\shellex\FolderExtensions\{fbeb8a05-beee-4442-804e-409d6c4515e9}","NAME NOT FOUND","Desired Access: Maximum Allowed"
"12:56:04.4181989","nwtoolset.exe","17432","RegQueryValue","HKCR\Drive\shellex\FolderExtensions\{fbeb8a05-beee-4442-804e-409d6c4515e9}\DriveMask","SUCCESS","Type: REG_DWORD, Length: 4, Data: 32"
"12:56:04.4182221","nwtoolset.exe","17432","RegCloseKey","HKCR\Drive\shellex\FolderExtensions\{fbeb8a05-beee-4442-804e-409d6c4515e9}","SUCCESS",""
"12:56:04.4182344","nwtoolset.exe","17432","RegEnumKey","HKCR\Drive\shellex\FolderExtensions","NO MORE ENTRIES","Index: 1, Length: 288"
"12:56:04.4182480","nwtoolset.exe","17432","RegCloseKey","HKCR\Drive\shellex\FolderExtensions","SUCCESS",""
"12:56:04.4187039","nwtoolset.exe","17432","CreateFile","C:\Users\giaco\Documents\Neverwinter Nights.0\modules","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Create, Options: Directory, Synchronous IO Non-Alert, Open Reparse Point, Attributes: N, ShareMode: Read, Write, AllocationSize: 0, OpenResult: Created"
"12:56:04.4189410","nwtoolset.exe","17432","CloseFile","C:\Users\giaco\Documents\Neverwinter Nights.0\modules","SUCCESS",""
"12:56:04.4195493","nwtoolset.exe","17432","CreateFile","C:\Users\giaco\Documents\Neverwinter Nights.0\override","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Create, Options: Directory, Synchronous IO Non-Alert, Open Reparse Point, Attributes: N, ShareMode: Read, Write, AllocationSize: 0, OpenResult: Created"
"12:56:04.4197532","nwtoolset.exe","17432","CloseFile","C:\Users\giaco\Documents\Neverwinter Nights.0\override","SUCCESS",""
"12:56:04.4202252","nwtoolset.exe","17432","CreateFile","C:\Users\giaco\Documents\Neverwinter Nights.0\hak","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Create, Options: Directory, Synchronous IO Non-Alert, Open Reparse Point, Attributes: N, ShareMode: Read, Write, AllocationSize: 0, OpenResult: Created"
"12:56:04.4203965","nwtoolset.exe","17432","CloseFile","C:\Users\giaco\Documents\Neverwinter Nights.0\hak","SUCCESS",""
"12:56:04.4209332","nwtoolset.exe","17432","CreateFile","C:\Users\giaco\Documents\Neverwinter Nights.0\localvault","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Create, Options: Directory, Synchronous IO Non-Alert, Open Reparse Point, Attributes: N, ShareMode: Read, Write, AllocationSize: 0, OpenResult: Created"
"12:56:04.4210597","nwtoolset.exe","17432","CloseFile","C:\Users\giaco\Documents\Neverwinter Nights.0\localvault","SUCCESS",""
"12:56:04.4215536","nwtoolset.exe","17432","CreateFile","C:\Users\giaco\Documents\Neverwinter Nights.0\dmvault","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Create, Options: Directory, Synchronous IO Non-Alert, Open Reparse Point, Attributes: N, ShareMode: Read, Write, AllocationSize: 0, OpenResult: Created"
"12:56:04.4224180","nwtoolset.exe","17432","CloseFile","C:\Users\giaco\Documents\Neverwinter Nights.0\dmvault","SUCCESS",""
"12:56:04.4229098","nwtoolset.exe","17432","CreateFile","C:\Users\giaco\Documents\Neverwinter Nights.0\servervault","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Create, Options: Directory, Synchronous IO Non-Alert, Open Reparse Point, Attributes: N, ShareMode: Read, Write, AllocationSize: 0, OpenResult: Created"
"12:56:04.4230625","nwtoolset.exe","17432","CloseFile","C:\Users\giaco\Documents\Neverwinter Nights.0\servervault","SUCCESS",""
"12:56:04.4235736","nwtoolset.exe","17432","CreateFile","C:\Users\giaco\Documents\Neverwinter Nights.0\database","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Create, Options: Directory, Synchronous IO Non-Alert, Open Reparse Point, Attributes: N, ShareMode: Read, Write, AllocationSize: 0, OpenResult: Created"
"12:56:04.4237010","nwtoolset.exe","17432","CloseFile","C:\Users\giaco\Documents\Neverwinter Nights.0\database","SUCCESS",""
"12:56:04.4242175","nwtoolset.exe","17432","CreateFile","C:\Users\giaco\Documents\Neverwinter Nights.0\portraits","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Create, Options: Directory, Synchronous IO Non-Alert, Open Reparse Point, Attributes: N, ShareMode: Read, Write, AllocationSize: 0, OpenResult: Created"
"12:56:04.4243711","nwtoolset.exe","17432","CloseFile","C:\Users\giaco\Documents\Neverwinter Nights.0\portraits","SUCCESS",""
"12:56:04.4249241","nwtoolset.exe","17432","CreateFile","C:\Users\giaco\Documents\Neverwinter Nights.0\ambient","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Create, Options: Directory, Synchronous IO Non-Alert, Open Reparse Point, Attributes: N, ShareMode: Read, Write, AllocationSize: 0, OpenResult: Created"
"12:56:04.4251000","nwtoolset.exe","17432","CloseFile","C:\Users\giaco\Documents\Neverwinter Nights.0\ambient","SUCCESS",""
"12:56:04.4257029","nwtoolset.exe","17432","CreateFile","C:\Users\giaco\Documents\Neverwinter Nights.0\movies","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Create, Options: Directory, Synchronous IO Non-Alert, Open Reparse Point, Attributes: N, ShareMode: Read, Write, AllocationSize: 0, OpenResult: Created"
"12:56:04.4258770","nwtoolset.exe","17432","CloseFile","C:\Users\giaco\Documents\Neverwinter Nights.0\movies","SUCCESS",""
"12:56:04.4264992","nwtoolset.exe","17432","CreateFile","C:\Users\giaco\Documents\Neverwinter Nights.0\music","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Create, Options: Directory, Synchronous IO Non-Alert, Open Reparse Point, Attributes: N, ShareMode: Read, Write, AllocationSize: 0, OpenResult: Created"
"12:56:04.4266769","nwtoolset.exe","17432","CloseFile","C:\Users\giaco\Documents\Neverwinter Nights.0\music","SUCCESS",""
"12:56:04.4271886","nwtoolset.exe","17432","CreateFile","C:\Users\giaco\Documents\Neverwinter Nights.0\tlk","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Create, Options: Directory, Synchronous IO Non-Alert, Open Reparse Point, Attributes: N, ShareMode: Read, Write, AllocationSize: 0, OpenResult: Created"
"12:56:04.4273359","nwtoolset.exe","17432","CloseFile","C:\Users\giaco\Documents\Neverwinter Nights.0\tlk","SUCCESS",""
"12:56:04.4277877","nwtoolset.exe","17432","CreateFile","C:\Users\giaco\Documents\Neverwinter Nights.0\nwn.ini","ACCESS DENIED","Desired Access: Generic Read/Write, Disposition: OverwriteIf, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, Write, AllocationSize: 0"
"12:56:04.4344496","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:56:04.4344680","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: Name"
"12:56:04.4344975","nwtoolset.exe","17432","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\CTF\Compatibility\nwtoolset.exe","NAME NOT FOUND","Desired Access: Read"
"12:56:04.4365853","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\TextInputFramework.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.4366548","nwtoolset.exe","17432","QueryBasicInformationFile","C:\Windows\SysWOW64\TextInputFramework.dll","SUCCESS","CreationTime: 29/09/2017 15:42:10, LastAccessTime: 02/04/2018 12:51:38, LastWriteTime: 29/09/2017 15:42:10, ChangeTime: 20/03/2018 23:40:01, FileAttributes: A"
"12:56:04.4366759","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\TextInputFramework.dll","SUCCESS",""
"12:56:04.4368895","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\TextInputFramework.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.4369629","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\TextInputFramework.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READ"
"12:56:04.4370184","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\TextInputFramework.dll","SUCCESS","SyncType: SyncTypeOther"
"12:56:04.4371605","nwtoolset.exe","17432","Load Image","C:\Windows\SysWOW64\TextInputFramework.dll","SUCCESS","Image Base: 0x5f360000, Image Size: 0x77000"
"12:56:04.4372042","nwtoolset.exe","17432","QueryNameInformationFile","C:\Windows\SysWOW64\TextInputFramework.dll","BUFFER OVERFLOW","Name: \Windo"
"12:56:04.4372355","nwtoolset.exe","17432","QueryNameInformationFile","C:\Windows\SysWOW64\TextInputFramework.dll","SUCCESS","Name: \Windows\SysWOW64\TextInputFramework.dll"
"12:56:04.4374090","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\TextInputFramework.dll","SUCCESS",""
"12:56:04.4377855","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\CoreUIComponents.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.4378448","nwtoolset.exe","17432","QueryBasicInformationFile","C:\Windows\SysWOW64\CoreUIComponents.dll","SUCCESS","CreationTime: 29/09/2017 15:42:10, LastAccessTime: 02/04/2018 12:51:38, LastWriteTime: 29/09/2017 15:42:10, ChangeTime: 22/12/2017 23:57:14, FileAttributes: A"
"12:56:04.4378674","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\CoreUIComponents.dll","SUCCESS",""
"12:56:04.4380969","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\CoreUIComponents.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.4382125","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\CoreUIComponents.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READ"
"12:56:04.4382833","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\CoreUIComponents.dll","SUCCESS","SyncType: SyncTypeOther"
"12:56:04.4385577","nwtoolset.exe","17432","Load Image","C:\Windows\SysWOW64\CoreUIComponents.dll","SUCCESS","Image Base: 0x67b00000, Image Size: 0x234000"
"12:56:04.4386423","nwtoolset.exe","17432","QueryNameInformationFile","C:\Windows\SysWOW64\CoreUIComponents.dll","BUFFER OVERFLOW","Name: \Windo"
"12:56:04.4386863","nwtoolset.exe","17432","QueryNameInformationFile","C:\Windows\SysWOW64\CoreUIComponents.dll","SUCCESS","Name: \Windows\SysWOW64\CoreUIComponents.dll"
"12:56:04.4389649","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\CoreUIComponents.dll","SUCCESS",""
"12:56:04.4394793","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\CoreMessaging.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.4395696","nwtoolset.exe","17432","QueryBasicInformationFile","C:\Windows\SysWOW64\CoreMessaging.dll","SUCCESS","CreationTime: 06/01/2018 03:39:57, LastAccessTime: 02/04/2018 12:51:38, LastWriteTime: 01/01/2018 14:03:36, ChangeTime: 13/03/2018 21:29:17, FileAttributes: A"
"12:56:04.4395898","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\CoreMessaging.dll","SUCCESS",""
"12:56:04.4398145","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\CoreMessaging.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.4398849","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\CoreMessaging.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READ"
"12:56:04.4399304","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\CoreMessaging.dll","SUCCESS","SyncType: SyncTypeOther"
"12:56:04.4400659","nwtoolset.exe","17432","Load Image","C:\Windows\SysWOW64\CoreMessaging.dll","SUCCESS","Image Base: 0x67d40000, Image Size: 0x8c000"
"12:56:04.4401027","nwtoolset.exe","17432","QueryNameInformationFile","C:\Windows\SysWOW64\CoreMessaging.dll","BUFFER OVERFLOW","Name: \Windo"
"12:56:04.4401316","nwtoolset.exe","17432","QueryNameInformationFile","C:\Windows\SysWOW64\CoreMessaging.dll","SUCCESS","Name: \Windows\SysWOW64\CoreMessaging.dll"
"12:56:04.4402976","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\CoreMessaging.dll","SUCCESS",""
"12:56:04.4406578","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\ntmarta.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.4407306","nwtoolset.exe","17432","QueryBasicInformationFile","C:\Windows\SysWOW64\ntmarta.dll","SUCCESS","CreationTime: 29/09/2017 15:42:14, LastAccessTime: 02/04/2018 12:55:42, LastWriteTime: 29/09/2017 15:42:14, ChangeTime: 22/12/2017 23:57:20, FileAttributes: A"
"12:56:04.4407514","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\ntmarta.dll","SUCCESS",""
"12:56:04.4409418","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\ntmarta.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.4410210","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\ntmarta.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READ"
"12:56:04.4410643","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\ntmarta.dll","SUCCESS","SyncType: SyncTypeOther"
"12:56:04.4411917","nwtoolset.exe","17432","Load Image","C:\Windows\SysWOW64\ntmarta.dll","SUCCESS","Image Base: 0x73e80000, Image Size: 0x28000"
"12:56:04.4412288","nwtoolset.exe","17432","QueryNameInformationFile","C:\Windows\SysWOW64\ntmarta.dll","BUFFER OVERFLOW","Name: \Windo"
"12:56:04.4412637","nwtoolset.exe","17432","QueryNameInformationFile","C:\Windows\SysWOW64\ntmarta.dll","SUCCESS","Name: \Windows\SysWOW64\ntmarta.dll"
"12:56:04.4414378","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\ntmarta.dll","SUCCESS",""
"12:56:04.4417920","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\CoreMessaging.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.4418438","nwtoolset.exe","17432","QueryBasicInformationFile","C:\Windows\SysWOW64\CoreMessaging.dll","SUCCESS","CreationTime: 06/01/2018 03:39:57, LastAccessTime: 02/04/2018 12:56:04, LastWriteTime: 01/01/2018 14:03:36, ChangeTime: 13/03/2018 21:29:17, FileAttributes: A"
"12:56:04.4418616","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\CoreMessaging.dll","SUCCESS",""
"12:56:04.4422196","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\WinTypes.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.4422886","nwtoolset.exe","17432","QueryBasicInformationFile","C:\Windows\SysWOW64\WinTypes.dll","SUCCESS","CreationTime: 29/09/2017 15:42:14, LastAccessTime: 02/04/2018 12:51:38, LastWriteTime: 29/09/2017 15:42:14, ChangeTime: 22/12/2017 23:57:24, FileAttributes: A"
"12:56:04.4423172","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\WinTypes.dll","SUCCESS",""
"12:56:04.4425552","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\WinTypes.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.4426446","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\WinTypes.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READ"
"12:56:04.4426916","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\WinTypes.dll","SUCCESS","SyncType: SyncTypeOther"
"12:56:04.4428359","nwtoolset.exe","17432","Load Image","C:\Windows\SysWOW64\WinTypes.dll","SUCCESS","Image Base: 0x6ab60000, Image Size: 0xcb000"
"12:56:04.4428828","nwtoolset.exe","17432","QueryNameInformationFile","C:\Windows\SysWOW64\WinTypes.dll","BUFFER OVERFLOW","Name: \Windo"
"12:56:04.4429078","nwtoolset.exe","17432","QueryNameInformationFile","C:\Windows\SysWOW64\WinTypes.dll","SUCCESS","Name: \Windows\SysWOW64\WinTypes.dll"
"12:56:04.4430708","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\WinTypes.dll","SUCCESS",""
"12:56:04.4434231","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\WinTypes.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.4434861","nwtoolset.exe","17432","QueryBasicInformationFile","C:\Windows\SysWOW64\WinTypes.dll","SUCCESS","CreationTime: 29/09/2017 15:42:14, LastAccessTime: 02/04/2018 12:56:04, LastWriteTime: 29/09/2017 15:42:14, ChangeTime: 22/12/2017 23:57:24, FileAttributes: A"
"12:56:04.4435063","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\WinTypes.dll","SUCCESS",""
"12:56:04.4438839","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\WinTypes.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.4439397","nwtoolset.exe","17432","QueryBasicInformationFile","C:\Windows\SysWOW64\WinTypes.dll","SUCCESS","CreationTime: 29/09/2017 15:42:14, LastAccessTime: 02/04/2018 12:56:04, LastWriteTime: 29/09/2017 15:42:14, ChangeTime: 22/12/2017 23:57:24, FileAttributes: A"
"12:56:04.4439589","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\WinTypes.dll","SUCCESS",""
"12:56:04.4445351","nwtoolset.exe","17432","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Control\Session Manager","REPARSE","Desired Access: Query Value, Enumerate Sub Keys"
"12:56:04.4445595","nwtoolset.exe","17432","RegOpenKey","HKLM\System\CurrentControlSet\Control\Session Manager","SUCCESS","Desired Access: Query Value, Enumerate Sub Keys"
"12:56:04.4446019","nwtoolset.exe","17432","RegSetInfoKey","HKLM\System\CurrentControlSet\Control\Session Manager","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:56:04.4446257","nwtoolset.exe","17432","RegQueryValue","HKLM\System\CurrentControlSet\Control\Session Manager\ResourcePolicies","NAME NOT FOUND","Length: 24"
"12:56:04.4446486","nwtoolset.exe","17432","RegCloseKey","HKLM\System\CurrentControlSet\Control\Session Manager","SUCCESS",""
"12:56:04.4450094","nwtoolset.exe","17432","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\4e7add1a-6945-435a-82b6-612688ba9f57","NAME NOT FOUND","Length: 524"
"12:56:04.4450594","nwtoolset.exe","17432","QueryNameInformationFile","C:\Windows\SysWOW64\WinTypes.dll","SUCCESS","Name: \Windows\SysWOW64\WinTypes.dll"
"12:56:04.4454479","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.4455274","nwtoolset.exe","17432","QueryBasicInformationFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","CreationTime: 13/03/2018 21:27:31, LastAccessTime: 02/04/2018 12:12:51, LastWriteTime: 01/03/2018 08:48:05, ChangeTime: 14/03/2018 02:33:17, FileAttributes: A"
"12:56:04.4455473","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS",""
"12:56:04.4457482","nwtoolset.exe","17432","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\3720dda7-caea-4af3-a138-375aafc3f1d6","NAME NOT FOUND","Length: 524"
"12:56:04.4458039","nwtoolset.exe","17432","QueryNameInformationFile","C:\Windows\SysWOW64\CoreUIComponents.dll","SUCCESS","Name: \Windows\SysWOW64\CoreUIComponents.dll"
"12:56:04.4461699","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.4462144","nwtoolset.exe","17432","QueryBasicInformationFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","CreationTime: 13/03/2018 21:27:31, LastAccessTime: 02/04/2018 12:12:51, LastWriteTime: 01/03/2018 08:48:05, ChangeTime: 14/03/2018 02:33:17, FileAttributes: A"
"12:56:04.4462337","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS",""
"12:56:04.4463521","nwtoolset.exe","17432","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\ebadf775-48aa-4bf3-8f8e-ec68d113c98e","NAME NOT FOUND","Length: 524"
"12:56:04.4464000","nwtoolset.exe","17432","QueryNameInformationFile","C:\Windows\SysWOW64\TextInputFramework.dll","SUCCESS","Name: \Windows\SysWOW64\TextInputFramework.dll"
"12:56:04.4468499","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:56:04.4468671","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: Name"
"12:56:04.4468912","nwtoolset.exe","17432","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\CTF\","SUCCESS","Desired Access: Read"
"12:56:04.4469409","nwtoolset.exe","17432","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\CTF","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:56:04.4469689","nwtoolset.exe","17432","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\CTF\EnableAnchorContext","NAME NOT FOUND","Length: 144"
"12:56:04.4470065","nwtoolset.exe","17432","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\CTF","SUCCESS",""
"12:56:04.4490355","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\dxgi.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.4491069","nwtoolset.exe","17432","QueryBasicInformationFile","C:\Windows\SysWOW64\dxgi.dll","SUCCESS","CreationTime: 22/12/2017 23:38:41, LastAccessTime: 02/04/2018 12:55:38, LastWriteTime: 22/12/2017 23:38:41, ChangeTime: 13/03/2018 21:29:18, FileAttributes: A"
"12:56:04.4491295","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\dxgi.dll","SUCCESS",""
"12:56:04.4493497","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\dxgi.dll","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.4494349","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\dxgi.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READ"
"12:56:04.4494608","nwtoolset.exe","17432","QueryStandardInformationFile","C:\Windows\SysWOW64\dxgi.dll","SUCCESS","AllocationSize: 593,920, EndOfFile: 590,944, NumberOfLinks: 2, DeletePending: False, Directory: False"
"12:56:04.4495014","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\dxgi.dll","SUCCESS","SyncType: SyncTypeOther"
"12:56:04.4496069","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\dxgi.dll","SUCCESS",""
"12:56:04.4500059","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\dxgi.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.4500631","nwtoolset.exe","17432","QueryBasicInformationFile","C:\Windows\SysWOW64\dxgi.dll","SUCCESS","CreationTime: 22/12/2017 23:38:41, LastAccessTime: 02/04/2018 12:55:38, LastWriteTime: 22/12/2017 23:38:41, ChangeTime: 13/03/2018 21:29:18, FileAttributes: A"
"12:56:04.4500866","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\dxgi.dll","SUCCESS",""
"12:56:04.4503020","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\dxgi.dll","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.4503824","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\dxgi.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READ"
"12:56:04.4504056","nwtoolset.exe","17432","QueryStandardInformationFile","C:\Windows\SysWOW64\dxgi.dll","SUCCESS","AllocationSize: 593,920, EndOfFile: 590,944, NumberOfLinks: 2, DeletePending: False, Directory: False"
"12:56:04.4505050","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\dxgi.dll","SUCCESS","SyncType: SyncTypeOther"
"12:56:04.4506426","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\dxgi.dll","SUCCESS",""
"12:56:04.4509995","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\d3d9.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.4510639","nwtoolset.exe","17432","QueryBasicInformationFile","C:\Windows\SysWOW64\d3d9.dll","SUCCESS","CreationTime: 22/12/2017 23:38:45, LastAccessTime: 02/04/2018 12:35:55, LastWriteTime: 22/12/2017 23:38:45, ChangeTime: 13/03/2018 21:29:18, FileAttributes: A"
"12:56:04.4510844","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\d3d9.dll","SUCCESS",""
"12:56:04.4512787","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\d3d9.dll","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.4513579","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\d3d9.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READ"
"12:56:04.4513811","nwtoolset.exe","17432","QueryStandardInformationFile","C:\Windows\SysWOW64\d3d9.dll","SUCCESS","AllocationSize: 1,478,656, EndOfFile: 1,474,680, NumberOfLinks: 2, DeletePending: False, Directory: False"
"12:56:04.4514386","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\d3d9.dll","SUCCESS","SyncType: SyncTypeOther"
"12:56:04.4515428","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\d3d9.dll","SUCCESS",""
"12:56:04.4519274","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\d3d9.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.4520175","nwtoolset.exe","17432","QueryBasicInformationFile","C:\Windows\SysWOW64\d3d9.dll","SUCCESS","CreationTime: 22/12/2017 23:38:45, LastAccessTime: 02/04/2018 12:35:55, LastWriteTime: 22/12/2017 23:38:45, ChangeTime: 13/03/2018 21:29:18, FileAttributes: A"
"12:56:04.4520470","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\d3d9.dll","SUCCESS",""
"12:56:04.4522723","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\d3d9.dll","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.4523897","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\d3d9.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READ"
"12:56:04.4524192","nwtoolset.exe","17432","QueryStandardInformationFile","C:\Windows\SysWOW64\d3d9.dll","SUCCESS","AllocationSize: 1,478,656, EndOfFile: 1,474,680, NumberOfLinks: 2, DeletePending: False, Directory: False"
"12:56:04.4524653","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\d3d9.dll","SUCCESS","SyncType: SyncTypeOther"
"12:56:04.4525798","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\d3d9.dll","SUCCESS",""
"12:56:04.4529553","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\d3d8.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.4530270","nwtoolset.exe","17432","QueryBasicInformationFile","C:\Windows\SysWOW64\d3d8.dll","SUCCESS","CreationTime: 29/09/2017 15:42:14, LastAccessTime: 19/03/2018 00:32:50, LastWriteTime: 29/09/2017 15:42:14, ChangeTime: 22/12/2017 23:57:14, FileAttributes: A"
"12:56:04.4530487","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\d3d8.dll","SUCCESS",""
"12:56:04.4532454","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\d3d8.dll","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.4533273","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\d3d8.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READ"
"12:56:04.4533502","nwtoolset.exe","17432","QueryStandardInformationFile","C:\Windows\SysWOW64\d3d8.dll","SUCCESS","AllocationSize: 716,800, EndOfFile: 713,216, NumberOfLinks: 2, DeletePending: False, Directory: False"
"12:56:04.4533842","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\d3d8.dll","SUCCESS","SyncType: SyncTypeOther"
"12:56:04.4534770","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\d3d8.dll","SUCCESS",""
"12:56:04.4539823","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\d3d8.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.4540492","nwtoolset.exe","17432","QueryBasicInformationFile","C:\Windows\SysWOW64\d3d8.dll","SUCCESS","CreationTime: 29/09/2017 15:42:14, LastAccessTime: 19/03/2018 00:32:50, LastWriteTime: 29/09/2017 15:42:14, ChangeTime: 22/12/2017 23:57:14, FileAttributes: A"
"12:56:04.4540706","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\d3d8.dll","SUCCESS",""
"12:56:04.4542877","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\d3d8.dll","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.4544528","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\d3d8.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READ"
"12:56:04.4544850","nwtoolset.exe","17432","QueryStandardInformationFile","C:\Windows\SysWOW64\d3d8.dll","SUCCESS","AllocationSize: 716,800, EndOfFile: 713,216, NumberOfLinks: 2, DeletePending: False, Directory: False"
"12:56:04.4545654","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\d3d8.dll","SUCCESS","SyncType: SyncTypeOther"
"12:56:04.4547118","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\d3d8.dll","SUCCESS",""
"12:56:04.4551096","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\d3d.dll","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:56:04.4555587","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\d3d.dll","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:56:04.4559366","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\ddraw.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.4560014","nwtoolset.exe","17432","QueryBasicInformationFile","C:\Windows\SysWOW64\ddraw.dll","SUCCESS","CreationTime: 29/09/2017 15:42:14, LastAccessTime: 02/04/2018 12:11:32, LastWriteTime: 29/09/2017 15:42:14, ChangeTime: 22/12/2017 23:57:15, FileAttributes: A"
"12:56:04.4560318","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\ddraw.dll","SUCCESS",""
"12:56:04.4562571","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\ddraw.dll","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.4563697","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\ddraw.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READ"
"12:56:04.4563996","nwtoolset.exe","17432","QueryStandardInformationFile","C:\Windows\SysWOW64\ddraw.dll","SUCCESS","AllocationSize: 532,480, EndOfFile: 531,456, NumberOfLinks: 2, DeletePending: False, Directory: False"
"12:56:04.4564411","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\ddraw.dll","SUCCESS","SyncType: SyncTypeOther"
"12:56:04.4565279","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\ddraw.dll","SUCCESS",""
"12:56:04.4568920","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\ddraw.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.4569709","nwtoolset.exe","17432","QueryBasicInformationFile","C:\Windows\SysWOW64\ddraw.dll","SUCCESS","CreationTime: 29/09/2017 15:42:14, LastAccessTime: 02/04/2018 12:11:32, LastWriteTime: 29/09/2017 15:42:14, ChangeTime: 22/12/2017 23:57:15, FileAttributes: A"
"12:56:04.4569944","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\ddraw.dll","SUCCESS",""
"12:56:04.4572013","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\ddraw.dll","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.4572844","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\ddraw.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READ"
"12:56:04.4573067","nwtoolset.exe","17432","QueryStandardInformationFile","C:\Windows\SysWOW64\ddraw.dll","SUCCESS","AllocationSize: 532,480, EndOfFile: 531,456, NumberOfLinks: 2, DeletePending: False, Directory: False"
"12:56:04.4573919","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\ddraw.dll","SUCCESS","SyncType: SyncTypeOther"
"12:56:04.4574865","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\ddraw.dll","SUCCESS",""
"12:56:04.4578584","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\opengl32.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:04.4579241","nwtoolset.exe","17432","QueryBasicInformationFile","C:\Windows\SysWOW64\opengl32.dll","SUCCESS","CreationTime: 29/09/2017 15:42:22, LastAccessTime: 02/04/2018 12:56:04, LastWriteTime: 29/09/2017 15:42:22, ChangeTime: 22/12/2017 23:57:21, FileAttributes: A"
"12:56:04.4579503","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\opengl32.dll","SUCCESS",""
"12:56:05.6967604","nwtoolset.exe","17432","RegOpenKey","HKCU","SUCCESS","Desired Access: Read"
"12:56:05.6968019","nwtoolset.exe","17432","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:56:05.6968131","nwtoolset.exe","17432","RegQueryKey","HKCU","SUCCESS","Query: Name"
"12:56:05.6968278","nwtoolset.exe","17432","RegOpenKey","HKCU\Software\Microsoft\CTF\DirectSwitchHotkeys","SUCCESS","Desired Access: Read"
"12:56:05.6968486","nwtoolset.exe","17432","RegSetInfoKey","HKCU\Software\Microsoft\CTF\DirectSwitchHotkeys","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:56:05.6968718","nwtoolset.exe","17432","RegCloseKey","HKCU","SUCCESS",""
"12:56:05.6968854","nwtoolset.exe","17432","RegEnumKey","HKCU\Software\Microsoft\CTF\DirectSwitchHotkeys","NO MORE ENTRIES","Index: 0, Length: 288"
"12:56:05.6968992","nwtoolset.exe","17432","RegCloseKey","HKCU\Software\Microsoft\CTF\DirectSwitchHotkeys","SUCCESS",""
"12:56:05.6971838","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\dxgi.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:05.6972450","nwtoolset.exe","17432","QueryBasicInformationFile","C:\Windows\SysWOW64\dxgi.dll","SUCCESS","CreationTime: 22/12/2017 23:38:41, LastAccessTime: 02/04/2018 12:55:38, LastWriteTime: 22/12/2017 23:38:41, ChangeTime: 13/03/2018 21:29:18, FileAttributes: A"
"12:56:05.6972585","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\dxgi.dll","SUCCESS",""
"12:56:05.6973844","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\dxgi.dll","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:05.6974380","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\dxgi.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READ"
"12:56:05.6974540","nwtoolset.exe","17432","QueryStandardInformationFile","C:\Windows\SysWOW64\dxgi.dll","SUCCESS","AllocationSize: 593,920, EndOfFile: 590,944, NumberOfLinks: 2, DeletePending: False, Directory: False"
"12:56:05.6974736","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\dxgi.dll","SUCCESS","SyncType: SyncTypeOther"
"12:56:05.6975350","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\dxgi.dll","SUCCESS",""
"12:56:05.6977525","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\dxgi.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:05.6977877","nwtoolset.exe","17432","QueryBasicInformationFile","C:\Windows\SysWOW64\dxgi.dll","SUCCESS","CreationTime: 22/12/2017 23:38:41, LastAccessTime: 02/04/2018 12:55:38, LastWriteTime: 22/12/2017 23:38:41, ChangeTime: 13/03/2018 21:29:18, FileAttributes: A"
"12:56:05.6977988","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\dxgi.dll","SUCCESS",""
"12:56:05.6979235","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\dxgi.dll","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:05.6979726","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\dxgi.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READ"
"12:56:05.6979853","nwtoolset.exe","17432","QueryStandardInformationFile","C:\Windows\SysWOW64\dxgi.dll","SUCCESS","AllocationSize: 593,920, EndOfFile: 590,944, NumberOfLinks: 2, DeletePending: False, Directory: False"
"12:56:05.6980069","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\dxgi.dll","SUCCESS","SyncType: SyncTypeOther"
"12:56:05.6980581","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\dxgi.dll","SUCCESS",""
"12:56:05.6982711","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\d3d9.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:05.6983090","nwtoolset.exe","17432","QueryBasicInformationFile","C:\Windows\SysWOW64\d3d9.dll","SUCCESS","CreationTime: 22/12/2017 23:38:45, LastAccessTime: 02/04/2018 12:35:55, LastWriteTime: 22/12/2017 23:38:45, ChangeTime: 13/03/2018 21:29:18, FileAttributes: A"
"12:56:05.6983202","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\d3d9.dll","SUCCESS",""
"12:56:05.6984376","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\d3d9.dll","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:05.6984864","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\d3d9.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READ"
"12:56:05.6985024","nwtoolset.exe","17432","QueryStandardInformationFile","C:\Windows\SysWOW64\d3d9.dll","SUCCESS","AllocationSize: 1,478,656, EndOfFile: 1,474,680, NumberOfLinks: 2, DeletePending: False, Directory: False"
"12:56:05.6985201","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\d3d9.dll","SUCCESS","SyncType: SyncTypeOther"
"12:56:05.6985810","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\d3d9.dll","SUCCESS",""
"12:56:05.6987945","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\d3d9.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:05.6988289","nwtoolset.exe","17432","QueryBasicInformationFile","C:\Windows\SysWOW64\d3d9.dll","SUCCESS","CreationTime: 22/12/2017 23:38:45, LastAccessTime: 02/04/2018 12:35:55, LastWriteTime: 22/12/2017 23:38:45, ChangeTime: 13/03/2018 21:29:18, FileAttributes: A"
"12:56:05.6988397","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\d3d9.dll","SUCCESS",""
"12:56:05.6989478","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\d3d9.dll","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:05.6989954","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\d3d9.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READ"
"12:56:05.6990077","nwtoolset.exe","17432","QueryStandardInformationFile","C:\Windows\SysWOW64\d3d9.dll","SUCCESS","AllocationSize: 1,478,656, EndOfFile: 1,474,680, NumberOfLinks: 2, DeletePending: False, Directory: False"
"12:56:05.6990252","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\d3d9.dll","SUCCESS","SyncType: SyncTypeOther"
"12:56:05.6990806","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\d3d9.dll","SUCCESS",""
"12:56:05.6992918","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\d3d8.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:05.6993282","nwtoolset.exe","17432","QueryBasicInformationFile","C:\Windows\SysWOW64\d3d8.dll","SUCCESS","CreationTime: 29/09/2017 15:42:14, LastAccessTime: 19/03/2018 00:32:50, LastWriteTime: 29/09/2017 15:42:14, ChangeTime: 22/12/2017 23:57:14, FileAttributes: A"
"12:56:05.6993393","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\d3d8.dll","SUCCESS",""
"12:56:05.6994586","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\d3d8.dll","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:05.6995065","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\d3d8.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READ"
"12:56:05.6995191","nwtoolset.exe","17432","QueryStandardInformationFile","C:\Windows\SysWOW64\d3d8.dll","SUCCESS","AllocationSize: 716,800, EndOfFile: 713,216, NumberOfLinks: 2, DeletePending: False, Directory: False"
"12:56:05.6995366","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\d3d8.dll","SUCCESS","SyncType: SyncTypeOther"
"12:56:05.6995887","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\d3d8.dll","SUCCESS",""
"12:56:05.6997998","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\d3d8.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:05.6998342","nwtoolset.exe","17432","QueryBasicInformationFile","C:\Windows\SysWOW64\d3d8.dll","SUCCESS","CreationTime: 29/09/2017 15:42:14, LastAccessTime: 19/03/2018 00:32:50, LastWriteTime: 29/09/2017 15:42:14, ChangeTime: 22/12/2017 23:57:14, FileAttributes: A"
"12:56:05.6998447","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\d3d8.dll","SUCCESS",""
"12:56:05.6999522","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\d3d8.dll","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:05.6999995","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\d3d8.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READ"
"12:56:05.7000122","nwtoolset.exe","17432","QueryStandardInformationFile","C:\Windows\SysWOW64\d3d8.dll","SUCCESS","AllocationSize: 716,800, EndOfFile: 713,216, NumberOfLinks: 2, DeletePending: False, Directory: False"
"12:56:05.7000290","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\d3d8.dll","SUCCESS","SyncType: SyncTypeOther"
"12:56:05.7000793","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\d3d8.dll","SUCCESS",""
"12:56:05.7002895","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\d3d.dll","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:56:05.7004983","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\d3d.dll","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:56:05.7007142","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\ddraw.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:05.7007519","nwtoolset.exe","17432","QueryBasicInformationFile","C:\Windows\SysWOW64\ddraw.dll","SUCCESS","CreationTime: 29/09/2017 15:42:14, LastAccessTime: 02/04/2018 12:11:32, LastWriteTime: 29/09/2017 15:42:14, ChangeTime: 22/12/2017 23:57:15, FileAttributes: A"
"12:56:05.7007630","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\ddraw.dll","SUCCESS",""
"12:56:05.7008714","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\ddraw.dll","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:05.7009196","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\ddraw.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READ"
"12:56:05.7009326","nwtoolset.exe","17432","QueryStandardInformationFile","C:\Windows\SysWOW64\ddraw.dll","SUCCESS","AllocationSize: 532,480, EndOfFile: 531,456, NumberOfLinks: 2, DeletePending: False, Directory: False"
"12:56:05.7009509","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\ddraw.dll","SUCCESS","SyncType: SyncTypeOther"
"12:56:05.7010036","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\ddraw.dll","SUCCESS",""
"12:56:05.7012036","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\ddraw.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:05.7012385","nwtoolset.exe","17432","QueryBasicInformationFile","C:\Windows\SysWOW64\ddraw.dll","SUCCESS","CreationTime: 29/09/2017 15:42:14, LastAccessTime: 02/04/2018 12:11:32, LastWriteTime: 29/09/2017 15:42:14, ChangeTime: 22/12/2017 23:57:15, FileAttributes: A"
"12:56:05.7012491","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\ddraw.dll","SUCCESS",""
"12:56:05.7013599","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\ddraw.dll","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:05.7014075","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\ddraw.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READ"
"12:56:05.7014199","nwtoolset.exe","17432","QueryStandardInformationFile","C:\Windows\SysWOW64\ddraw.dll","SUCCESS","AllocationSize: 532,480, EndOfFile: 531,456, NumberOfLinks: 2, DeletePending: False, Directory: False"
"12:56:05.7014373","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\ddraw.dll","SUCCESS","SyncType: SyncTypeOther"
"12:56:05.7014882","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\ddraw.dll","SUCCESS",""
"12:56:05.7016900","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\opengl32.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:05.7017307","nwtoolset.exe","17432","QueryBasicInformationFile","C:\Windows\SysWOW64\opengl32.dll","SUCCESS","CreationTime: 29/09/2017 15:42:22, LastAccessTime: 02/04/2018 12:56:04, LastWriteTime: 29/09/2017 15:42:22, ChangeTime: 22/12/2017 23:57:21, FileAttributes: A"
"12:56:05.7017415","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\opengl32.dll","SUCCESS",""
"12:56:05.7022183","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\dxgi.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:05.7022541","nwtoolset.exe","17432","QueryBasicInformationFile","C:\Windows\SysWOW64\dxgi.dll","SUCCESS","CreationTime: 22/12/2017 23:38:41, LastAccessTime: 02/04/2018 12:55:38, LastWriteTime: 22/12/2017 23:38:41, ChangeTime: 13/03/2018 21:29:18, FileAttributes: A"
"12:56:05.7022650","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\dxgi.dll","SUCCESS",""
"12:56:05.7023740","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\dxgi.dll","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:05.7024222","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\dxgi.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READ"
"12:56:05.7024354","nwtoolset.exe","17432","QueryStandardInformationFile","C:\Windows\SysWOW64\dxgi.dll","SUCCESS","AllocationSize: 593,920, EndOfFile: 590,944, NumberOfLinks: 2, DeletePending: False, Directory: False"
"12:56:05.7024532","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\dxgi.dll","SUCCESS","SyncType: SyncTypeOther"
"12:56:05.7025074","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\dxgi.dll","SUCCESS",""
"12:56:05.7027101","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\dxgi.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:05.7027444","nwtoolset.exe","17432","QueryBasicInformationFile","C:\Windows\SysWOW64\dxgi.dll","SUCCESS","CreationTime: 22/12/2017 23:38:41, LastAccessTime: 02/04/2018 12:55:38, LastWriteTime: 22/12/2017 23:38:41, ChangeTime: 13/03/2018 21:29:18, FileAttributes: A"
"12:56:05.7027553","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\dxgi.dll","SUCCESS",""
"12:56:05.7028628","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\dxgi.dll","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:05.7029107","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\dxgi.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READ"
"12:56:05.7029236","nwtoolset.exe","17432","QueryStandardInformationFile","C:\Windows\SysWOW64\dxgi.dll","SUCCESS","AllocationSize: 593,920, EndOfFile: 590,944, NumberOfLinks: 2, DeletePending: False, Directory: False"
"12:56:05.7029408","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\dxgi.dll","SUCCESS","SyncType: SyncTypeOther"
"12:56:05.7029917","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\dxgi.dll","SUCCESS",""
"12:56:05.7031911","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\d3d9.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:05.7032296","nwtoolset.exe","17432","QueryBasicInformationFile","C:\Windows\SysWOW64\d3d9.dll","SUCCESS","CreationTime: 22/12/2017 23:38:45, LastAccessTime: 02/04/2018 12:35:55, LastWriteTime: 22/12/2017 23:38:45, ChangeTime: 13/03/2018 21:29:18, FileAttributes: A"
"12:56:05.7032402","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\d3d9.dll","SUCCESS",""
"12:56:05.7033507","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\d3d9.dll","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:05.7034013","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\d3d9.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READ"
"12:56:05.7034142","nwtoolset.exe","17432","QueryStandardInformationFile","C:\Windows\SysWOW64\d3d9.dll","SUCCESS","AllocationSize: 1,478,656, EndOfFile: 1,474,680, NumberOfLinks: 2, DeletePending: False, Directory: False"
"12:56:05.7034314","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\d3d9.dll","SUCCESS","SyncType: SyncTypeOther"
"12:56:05.7034919","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\d3d9.dll","SUCCESS",""
"12:56:05.7036949","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\d3d9.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:05.7037326","nwtoolset.exe","17432","QueryBasicInformationFile","C:\Windows\SysWOW64\d3d9.dll","SUCCESS","CreationTime: 22/12/2017 23:38:45, LastAccessTime: 02/04/2018 12:35:55, LastWriteTime: 22/12/2017 23:38:45, ChangeTime: 13/03/2018 21:29:18, FileAttributes: A"
"12:56:05.7037431","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\d3d9.dll","SUCCESS",""
"12:56:05.7038500","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\d3d9.dll","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:05.7039003","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\d3d9.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READ"
"12:56:05.7039133","nwtoolset.exe","17432","QueryStandardInformationFile","C:\Windows\SysWOW64\d3d9.dll","SUCCESS","AllocationSize: 1,478,656, EndOfFile: 1,474,680, NumberOfLinks: 2, DeletePending: False, Directory: False"
"12:56:05.7039307","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\d3d9.dll","SUCCESS","SyncType: SyncTypeOther"
"12:56:05.7039868","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\d3d9.dll","SUCCESS",""
"12:56:05.7041858","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\d3d8.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:05.7042235","nwtoolset.exe","17432","QueryBasicInformationFile","C:\Windows\SysWOW64\d3d8.dll","SUCCESS","CreationTime: 29/09/2017 15:42:14, LastAccessTime: 19/03/2018 00:32:50, LastWriteTime: 29/09/2017 15:42:14, ChangeTime: 22/12/2017 23:57:14, FileAttributes: A"
"12:56:05.7042343","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\d3d8.dll","SUCCESS",""
"12:56:05.7043409","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\d3d8.dll","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:05.7043882","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\d3d8.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READ"
"12:56:05.7044012","nwtoolset.exe","17432","QueryStandardInformationFile","C:\Windows\SysWOW64\d3d8.dll","SUCCESS","AllocationSize: 716,800, EndOfFile: 713,216, NumberOfLinks: 2, DeletePending: False, Directory: False"
"12:56:05.7044187","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\d3d8.dll","SUCCESS","SyncType: SyncTypeOther"
"12:56:05.7044695","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\d3d8.dll","SUCCESS",""
"12:56:05.7046662","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\d3d8.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:05.7047030","nwtoolset.exe","17432","QueryBasicInformationFile","C:\Windows\SysWOW64\d3d8.dll","SUCCESS","CreationTime: 29/09/2017 15:42:14, LastAccessTime: 19/03/2018 00:32:50, LastWriteTime: 29/09/2017 15:42:14, ChangeTime: 22/12/2017 23:57:14, FileAttributes: A"
"12:56:05.7047144","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\d3d8.dll","SUCCESS",""
"12:56:05.7048225","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\d3d8.dll","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:05.7048704","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\d3d8.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READ"
"12:56:05.7048831","nwtoolset.exe","17432","QueryStandardInformationFile","C:\Windows\SysWOW64\d3d8.dll","SUCCESS","AllocationSize: 716,800, EndOfFile: 713,216, NumberOfLinks: 2, DeletePending: False, Directory: False"
"12:56:05.7049005","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\d3d8.dll","SUCCESS","SyncType: SyncTypeOther"
"12:56:05.7049511","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\d3d8.dll","SUCCESS",""
"12:56:05.7051484","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\d3d.dll","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:56:05.7053469","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\d3d.dll","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:56:05.7055520","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\ddraw.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:05.7055884","nwtoolset.exe","17432","QueryBasicInformationFile","C:\Windows\SysWOW64\ddraw.dll","SUCCESS","CreationTime: 29/09/2017 15:42:14, LastAccessTime: 02/04/2018 12:11:32, LastWriteTime: 29/09/2017 15:42:14, ChangeTime: 22/12/2017 23:57:15, FileAttributes: A"
"12:56:05.7055993","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\ddraw.dll","SUCCESS",""
"12:56:05.7057119","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\ddraw.dll","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:05.7057610","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\ddraw.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READ"
"12:56:05.7057742","nwtoolset.exe","17432","QueryStandardInformationFile","C:\Windows\SysWOW64\ddraw.dll","SUCCESS","AllocationSize: 532,480, EndOfFile: 531,456, NumberOfLinks: 2, DeletePending: False, Directory: False"
"12:56:05.7057923","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\ddraw.dll","SUCCESS","SyncType: SyncTypeOther"
"12:56:05.7058453","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\ddraw.dll","SUCCESS",""
"12:56:05.7060459","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\ddraw.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:05.7060793","nwtoolset.exe","17432","QueryBasicInformationFile","C:\Windows\SysWOW64\ddraw.dll","SUCCESS","CreationTime: 29/09/2017 15:42:14, LastAccessTime: 02/04/2018 12:11:32, LastWriteTime: 29/09/2017 15:42:14, ChangeTime: 22/12/2017 23:57:15, FileAttributes: A"
"12:56:05.7060902","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\ddraw.dll","SUCCESS",""
"12:56:05.7062085","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\ddraw.dll","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:05.7062567","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\ddraw.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READ"
"12:56:05.7062727","nwtoolset.exe","17432","QueryStandardInformationFile","C:\Windows\SysWOW64\ddraw.dll","SUCCESS","AllocationSize: 532,480, EndOfFile: 531,456, NumberOfLinks: 2, DeletePending: False, Directory: False"
"12:56:05.7062908","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\ddraw.dll","SUCCESS","SyncType: SyncTypeOther"
"12:56:05.7063410","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\ddraw.dll","SUCCESS",""
"12:56:05.7065413","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\opengl32.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:05.7065775","nwtoolset.exe","17432","QueryBasicInformationFile","C:\Windows\SysWOW64\opengl32.dll","SUCCESS","CreationTime: 29/09/2017 15:42:22, LastAccessTime: 02/04/2018 12:56:04, LastWriteTime: 29/09/2017 15:42:22, ChangeTime: 22/12/2017 23:57:21, FileAttributes: A"
"12:56:05.7065880","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\opengl32.dll","SUCCESS",""
"12:56:05.7066690","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:56:05.7066799","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: Name"
"12:56:05.7066973","nwtoolset.exe","17432","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Rpc","REPARSE","Desired Access: Read"
"12:56:05.7067470","nwtoolset.exe","17432","RegOpenKey","HKLM\SOFTWARE\Microsoft\Rpc","SUCCESS","Desired Access: Read"
"12:56:05.7067681","nwtoolset.exe","17432","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Rpc","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:56:05.7067808","nwtoolset.exe","17432","RegQueryValue","HKLM\SOFTWARE\Microsoft\Rpc\MaxRpcSize","NAME NOT FOUND","Length: 144"
"12:56:05.7068058","nwtoolset.exe","17432","RegCloseKey","HKLM\SOFTWARE\Microsoft\Rpc","SUCCESS",""
"12:56:05.7068720","nwtoolset.exe","17432","RegOpenKey","HKLM\System\CurrentControlSet\Control\ComputerName\ActiveComputerName","REPARSE","Desired Access: Read"
"12:56:05.7068925","nwtoolset.exe","17432","RegOpenKey","HKLM\System\CurrentControlSet\Control\ComputerName\ActiveComputerName","SUCCESS","Desired Access: Read"
"12:56:05.7069163","nwtoolset.exe","17432","RegSetInfoKey","HKLM\System\CurrentControlSet\Control\ComputerName\ActiveComputerName","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:56:05.7069310","nwtoolset.exe","17432","RegQueryValue","HKLM\System\CurrentControlSet\Control\ComputerName\ActiveComputerName\ComputerName","SUCCESS","Type: REG_SZ, Length: 32, Data: DESKTOP-AL8ASDB"
"12:56:05.7069573","nwtoolset.exe","17432","RegCloseKey","HKLM\System\CurrentControlSet\Control\ComputerName\ActiveComputerName","SUCCESS",""
"12:56:05.7069801","nwtoolset.exe","17432","RegOpenKey","HKLM\System\Setup","SUCCESS","Desired Access: Read"
"12:56:05.7070018","nwtoolset.exe","17432","RegSetInfoKey","HKLM\SYSTEM\Setup","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:56:05.7070169","nwtoolset.exe","17432","RegQueryValue","HKLM\SYSTEM\Setup\OOBEInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:56:05.7070422","nwtoolset.exe","17432","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:56:05.7070594","nwtoolset.exe","17432","RegOpenKey","HKLM\System\Setup","SUCCESS","Desired Access: Read"
"12:56:05.7070726","nwtoolset.exe","17432","RegSetInfoKey","HKLM\SYSTEM\Setup","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:56:05.7070810","nwtoolset.exe","17432","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:56:05.7070958","nwtoolset.exe","17432","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:56:05.7071142","nwtoolset.exe","17432","RegQueryKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options","SUCCESS","Query: HandleTags, HandleTags: 0x400"
"12:56:05.7071247","nwtoolset.exe","17432","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nwtoolset.exe","NAME NOT FOUND","Desired Access: Query Value, Enumerate Sub Keys"
"12:56:05.7072702","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:56:05.7072894","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: Name"
"12:56:05.7073126","nwtoolset.exe","17432","RegOpenKey","HKLM\Software\WOW6432Node\Policies\Microsoft\Windows NT\Rpc","REPARSE","Desired Access: Read"
"12:56:05.7073437","nwtoolset.exe","17432","RegOpenKey","HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Rpc","NAME NOT FOUND","Desired Access: Read"
"12:56:05.7074283","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:56:05.7074388","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: Name"
"12:56:05.7074527","nwtoolset.exe","17432","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Rpc","REPARSE","Desired Access: Query Value"
"12:56:05.7074714","nwtoolset.exe","17432","RegOpenKey","HKLM\SOFTWARE\Microsoft\Rpc","SUCCESS","Desired Access: Query Value"
"12:56:05.7074879","nwtoolset.exe","17432","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Rpc","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:56:05.7074970","nwtoolset.exe","17432","RegQueryValue","HKLM\SOFTWARE\Microsoft\Rpc\IdleTimerWindow","NAME NOT FOUND","Length: 144"
"12:56:05.7075123","nwtoolset.exe","17432","RegCloseKey","HKLM\SOFTWARE\Microsoft\Rpc","SUCCESS",""
"12:56:05.7083189","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\user32.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:05.7083683","nwtoolset.exe","17432","QueryBasicInformationFile","C:\Windows\SysWOW64\user32.dll","SUCCESS","CreationTime: 22/12/2017 23:38:41, LastAccessTime: 02/04/2018 12:06:37, LastWriteTime: 22/12/2017 23:38:41, ChangeTime: 13/03/2018 21:29:18, FileAttributes: A"
"12:56:05.7083809","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\user32.dll","SUCCESS",""
"12:56:05.7086179","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\dxgi.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:05.7086556","nwtoolset.exe","17432","QueryBasicInformationFile","C:\Windows\SysWOW64\dxgi.dll","SUCCESS","CreationTime: 22/12/2017 23:38:41, LastAccessTime: 02/04/2018 12:55:38, LastWriteTime: 22/12/2017 23:38:41, ChangeTime: 13/03/2018 21:29:18, FileAttributes: A"
"12:56:05.7086670","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\dxgi.dll","SUCCESS",""
"12:56:05.7087860","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\dxgi.dll","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:05.7088381","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\dxgi.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READ"
"12:56:05.7088519","nwtoolset.exe","17432","QueryStandardInformationFile","C:\Windows\SysWOW64\dxgi.dll","SUCCESS","AllocationSize: 593,920, EndOfFile: 590,944, NumberOfLinks: 2, DeletePending: False, Directory: False"
"12:56:05.7088712","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\dxgi.dll","SUCCESS","SyncType: SyncTypeOther"
"12:56:05.7089287","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\dxgi.dll","SUCCESS",""
"12:56:05.7091628","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\dxgi.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:05.7091983","nwtoolset.exe","17432","QueryBasicInformationFile","C:\Windows\SysWOW64\dxgi.dll","SUCCESS","CreationTime: 22/12/2017 23:38:41, LastAccessTime: 02/04/2018 12:55:38, LastWriteTime: 22/12/2017 23:38:41, ChangeTime: 13/03/2018 21:29:18, FileAttributes: A"
"12:56:05.7092124","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\dxgi.dll","SUCCESS",""
"12:56:05.7093350","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\dxgi.dll","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:05.7093850","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\dxgi.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READ"
"12:56:05.7093983","nwtoolset.exe","17432","QueryStandardInformationFile","C:\Windows\SysWOW64\dxgi.dll","SUCCESS","AllocationSize: 593,920, EndOfFile: 590,944, NumberOfLinks: 2, DeletePending: False, Directory: False"
"12:56:05.7094160","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\dxgi.dll","SUCCESS","SyncType: SyncTypeOther"
"12:56:05.7094690","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\dxgi.dll","SUCCESS",""
"12:56:05.7096811","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\d3d9.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:05.7097211","nwtoolset.exe","17432","QueryBasicInformationFile","C:\Windows\SysWOW64\d3d9.dll","SUCCESS","CreationTime: 22/12/2017 23:38:45, LastAccessTime: 02/04/2018 12:35:55, LastWriteTime: 22/12/2017 23:38:45, ChangeTime: 13/03/2018 21:29:18, FileAttributes: A"
"12:56:05.7097320","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\d3d9.dll","SUCCESS",""
"12:56:05.7098449","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\d3d9.dll","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:05.7098952","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\d3d9.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READ"
"12:56:05.7099082","nwtoolset.exe","17432","QueryStandardInformationFile","C:\Windows\SysWOW64\d3d9.dll","SUCCESS","AllocationSize: 1,478,656, EndOfFile: 1,474,680, NumberOfLinks: 2, DeletePending: False, Directory: False"
"12:56:05.7099262","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\d3d9.dll","SUCCESS","SyncType: SyncTypeOther"
"12:56:05.7099862","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\d3d9.dll","SUCCESS",""
"12:56:05.7102169","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\d3d9.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:05.7102515","nwtoolset.exe","17432","QueryBasicInformationFile","C:\Windows\SysWOW64\d3d9.dll","SUCCESS","CreationTime: 22/12/2017 23:38:45, LastAccessTime: 02/04/2018 12:35:55, LastWriteTime: 22/12/2017 23:38:45, ChangeTime: 13/03/2018 21:29:18, FileAttributes: A"
"12:56:05.7102623","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\d3d9.dll","SUCCESS",""
"12:56:05.7103837","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\d3d9.dll","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:05.7104328","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\d3d9.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READ"
"12:56:05.7104461","nwtoolset.exe","17432","QueryStandardInformationFile","C:\Windows\SysWOW64\d3d9.dll","SUCCESS","AllocationSize: 1,478,656, EndOfFile: 1,474,680, NumberOfLinks: 2, DeletePending: False, Directory: False"
"12:56:05.7104635","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\d3d9.dll","SUCCESS","SyncType: SyncTypeOther"
"12:56:05.7105217","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\d3d9.dll","SUCCESS",""
"12:56:05.7107454","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\d3d8.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:05.7107828","nwtoolset.exe","17432","QueryBasicInformationFile","C:\Windows\SysWOW64\d3d8.dll","SUCCESS","CreationTime: 29/09/2017 15:42:14, LastAccessTime: 19/03/2018 00:32:50, LastWriteTime: 29/09/2017 15:42:14, ChangeTime: 22/12/2017 23:57:14, FileAttributes: A"
"12:56:05.7107939","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\d3d8.dll","SUCCESS",""
"12:56:05.7109072","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\d3d8.dll","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:05.7109599","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\d3d8.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READ"
"12:56:05.7109734","nwtoolset.exe","17432","QueryStandardInformationFile","C:\Windows\SysWOW64\d3d8.dll","SUCCESS","AllocationSize: 716,800, EndOfFile: 713,216, NumberOfLinks: 2, DeletePending: False, Directory: False"
"12:56:05.7109915","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\d3d8.dll","SUCCESS","SyncType: SyncTypeOther"
"12:56:05.7110490","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\d3d8.dll","SUCCESS",""
"12:56:05.7112613","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\d3d8.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:05.7112966","nwtoolset.exe","17432","QueryBasicInformationFile","C:\Windows\SysWOW64\d3d8.dll","SUCCESS","CreationTime: 29/09/2017 15:42:14, LastAccessTime: 19/03/2018 00:32:50, LastWriteTime: 29/09/2017 15:42:14, ChangeTime: 22/12/2017 23:57:14, FileAttributes: A"
"12:56:05.7113074","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\d3d8.dll","SUCCESS",""
"12:56:05.7114198","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\d3d8.dll","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:05.7114691","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\d3d8.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READ"
"12:56:05.7114818","nwtoolset.exe","17432","QueryStandardInformationFile","C:\Windows\SysWOW64\d3d8.dll","SUCCESS","AllocationSize: 716,800, EndOfFile: 713,216, NumberOfLinks: 2, DeletePending: False, Directory: False"
"12:56:05.7114993","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\d3d8.dll","SUCCESS","SyncType: SyncTypeOther"
"12:56:05.7115520","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\d3d8.dll","SUCCESS",""
"12:56:05.7117637","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\d3d.dll","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:56:05.7119691","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\d3d.dll","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:56:05.7121733","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\ddraw.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:05.7122140","nwtoolset.exe","17432","QueryBasicInformationFile","C:\Windows\SysWOW64\ddraw.dll","SUCCESS","CreationTime: 29/09/2017 15:42:14, LastAccessTime: 02/04/2018 12:11:32, LastWriteTime: 29/09/2017 15:42:14, ChangeTime: 22/12/2017 23:57:15, FileAttributes: A"
"12:56:05.7122260","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\ddraw.dll","SUCCESS",""
"12:56:05.7123401","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\ddraw.dll","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:05.7123904","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\ddraw.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READ"
"12:56:05.7124034","nwtoolset.exe","17432","QueryStandardInformationFile","C:\Windows\SysWOW64\ddraw.dll","SUCCESS","AllocationSize: 532,480, EndOfFile: 531,456, NumberOfLinks: 2, DeletePending: False, Directory: False"
"12:56:05.7124215","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\ddraw.dll","SUCCESS","SyncType: SyncTypeOther"
"12:56:05.7124760","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\ddraw.dll","SUCCESS",""
"12:56:05.7126844","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\ddraw.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:05.7127223","nwtoolset.exe","17432","QueryBasicInformationFile","C:\Windows\SysWOW64\ddraw.dll","SUCCESS","CreationTime: 29/09/2017 15:42:14, LastAccessTime: 02/04/2018 12:11:32, LastWriteTime: 29/09/2017 15:42:14, ChangeTime: 22/12/2017 23:57:15, FileAttributes: A"
"12:56:05.7127332","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\ddraw.dll","SUCCESS",""
"12:56:05.7128470","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\ddraw.dll","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:05.7128967","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\ddraw.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READ"
"12:56:05.7129097","nwtoolset.exe","17432","QueryStandardInformationFile","C:\Windows\SysWOW64\ddraw.dll","SUCCESS","AllocationSize: 532,480, EndOfFile: 531,456, NumberOfLinks: 2, DeletePending: False, Directory: False"
"12:56:05.7129271","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\ddraw.dll","SUCCESS","SyncType: SyncTypeOther"
"12:56:05.7129795","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\ddraw.dll","SUCCESS",""
"12:56:05.7131892","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\opengl32.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:05.7132298","nwtoolset.exe","17432","QueryBasicInformationFile","C:\Windows\SysWOW64\opengl32.dll","SUCCESS","CreationTime: 29/09/2017 15:42:22, LastAccessTime: 02/04/2018 12:56:04, LastWriteTime: 29/09/2017 15:42:22, ChangeTime: 22/12/2017 23:57:21, FileAttributes: A"
"12:56:05.7132407","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\opengl32.dll","SUCCESS",""
"12:56:05.7138472","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\dxgi.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:05.7138858","nwtoolset.exe","17432","QueryBasicInformationFile","C:\Windows\SysWOW64\dxgi.dll","SUCCESS","CreationTime: 22/12/2017 23:38:41, LastAccessTime: 02/04/2018 12:55:38, LastWriteTime: 22/12/2017 23:38:41, ChangeTime: 13/03/2018 21:29:18, FileAttributes: A"
"12:56:05.7138966","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\dxgi.dll","SUCCESS",""
"12:56:05.7140132","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\dxgi.dll","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:05.7140641","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\dxgi.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READ"
"12:56:05.7140776","nwtoolset.exe","17432","QueryStandardInformationFile","C:\Windows\SysWOW64\dxgi.dll","SUCCESS","AllocationSize: 593,920, EndOfFile: 590,944, NumberOfLinks: 2, DeletePending: False, Directory: False"
"12:56:05.7140960","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\dxgi.dll","SUCCESS","SyncType: SyncTypeOther"
"12:56:05.7141514","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\dxgi.dll","SUCCESS",""
"12:56:05.7143667","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\dxgi.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:05.7144014","nwtoolset.exe","17432","QueryBasicInformationFile","C:\Windows\SysWOW64\dxgi.dll","SUCCESS","CreationTime: 22/12/2017 23:38:41, LastAccessTime: 02/04/2018 12:55:38, LastWriteTime: 22/12/2017 23:38:41, ChangeTime: 13/03/2018 21:29:18, FileAttributes: A"
"12:56:05.7144119","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\dxgi.dll","SUCCESS",""
"12:56:05.7145243","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\dxgi.dll","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:05.7145734","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\dxgi.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READ"
"12:56:05.7145863","nwtoolset.exe","17432","QueryStandardInformationFile","C:\Windows\SysWOW64\dxgi.dll","SUCCESS","AllocationSize: 593,920, EndOfFile: 590,944, NumberOfLinks: 2, DeletePending: False, Directory: False"
"12:56:05.7146038","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\dxgi.dll","SUCCESS","SyncType: SyncTypeOther"
"12:56:05.7146559","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\dxgi.dll","SUCCESS",""
"12:56:05.7148727","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\d3d9.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:05.7149092","nwtoolset.exe","17432","QueryBasicInformationFile","C:\Windows\SysWOW64\d3d9.dll","SUCCESS","CreationTime: 22/12/2017 23:38:45, LastAccessTime: 02/04/2018 12:35:55, LastWriteTime: 22/12/2017 23:38:45, ChangeTime: 13/03/2018 21:29:18, FileAttributes: A"
"12:56:05.7149212","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\d3d9.dll","SUCCESS",""
"12:56:05.7150390","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\d3d9.dll","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:05.7150890","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\d3d9.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READ"
"12:56:05.7151019","nwtoolset.exe","17432","QueryStandardInformationFile","C:\Windows\SysWOW64\d3d9.dll","SUCCESS","AllocationSize: 1,478,656, EndOfFile: 1,474,680, NumberOfLinks: 2, DeletePending: False, Directory: False"
"12:56:05.7151206","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\d3d9.dll","SUCCESS","SyncType: SyncTypeOther"
"12:56:05.7151805","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\d3d9.dll","SUCCESS",""
"12:56:05.7154004","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\d3d9.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:05.7154359","nwtoolset.exe","17432","QueryBasicInformationFile","C:\Windows\SysWOW64\d3d9.dll","SUCCESS","CreationTime: 22/12/2017 23:38:45, LastAccessTime: 02/04/2018 12:35:55, LastWriteTime: 22/12/2017 23:38:45, ChangeTime: 13/03/2018 21:29:18, FileAttributes: A"
"12:56:05.7154465","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\d3d9.dll","SUCCESS",""
"12:56:05.7155799","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\d3d9.dll","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:05.7156552","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\d3d9.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READ"
"12:56:05.7156775","nwtoolset.exe","17432","QueryStandardInformationFile","C:\Windows\SysWOW64\d3d9.dll","SUCCESS","AllocationSize: 1,478,656, EndOfFile: 1,474,680, NumberOfLinks: 2, DeletePending: False, Directory: False"
"12:56:05.7157178","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\d3d9.dll","SUCCESS","SyncType: SyncTypeOther"
"12:56:05.7158169","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\d3d9.dll","SUCCESS",""
"12:56:05.7161506","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\d3d8.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:05.7162039","nwtoolset.exe","17432","QueryBasicInformationFile","C:\Windows\SysWOW64\d3d8.dll","SUCCESS","CreationTime: 29/09/2017 15:42:14, LastAccessTime: 19/03/2018 00:32:50, LastWriteTime: 29/09/2017 15:42:14, ChangeTime: 22/12/2017 23:57:14, FileAttributes: A"
"12:56:05.7162199","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\d3d8.dll","SUCCESS",""
"12:56:05.7163530","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\d3d8.dll","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:05.7164051","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\d3d8.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READ"
"12:56:05.7164193","nwtoolset.exe","17432","QueryStandardInformationFile","C:\Windows\SysWOW64\d3d8.dll","SUCCESS","AllocationSize: 716,800, EndOfFile: 713,216, NumberOfLinks: 2, DeletePending: False, Directory: False"
"12:56:05.7164382","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\d3d8.dll","SUCCESS","SyncType: SyncTypeOther"
"12:56:05.7164924","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\d3d8.dll","SUCCESS",""
"12:56:05.7167174","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\d3d8.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:05.7167533","nwtoolset.exe","17432","QueryBasicInformationFile","C:\Windows\SysWOW64\d3d8.dll","SUCCESS","CreationTime: 29/09/2017 15:42:14, LastAccessTime: 19/03/2018 00:32:50, LastWriteTime: 29/09/2017 15:42:14, ChangeTime: 22/12/2017 23:57:14, FileAttributes: A"
"12:56:05.7167647","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\d3d8.dll","SUCCESS",""
"12:56:05.7168794","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\d3d8.dll","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:05.7169291","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\d3d8.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READ"
"12:56:05.7169442","nwtoolset.exe","17432","QueryStandardInformationFile","C:\Windows\SysWOW64\d3d8.dll","SUCCESS","AllocationSize: 716,800, EndOfFile: 713,216, NumberOfLinks: 2, DeletePending: False, Directory: False"
"12:56:05.7169623","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\d3d8.dll","SUCCESS","SyncType: SyncTypeOther"
"12:56:05.7170159","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\d3d8.dll","SUCCESS",""
"12:56:05.7172427","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\d3d.dll","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:56:05.7174604","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\d3d.dll","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:56:05.7176947","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\ddraw.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:05.7177489","nwtoolset.exe","17432","QueryBasicInformationFile","C:\Windows\SysWOW64\ddraw.dll","SUCCESS","CreationTime: 29/09/2017 15:42:14, LastAccessTime: 02/04/2018 12:11:32, LastWriteTime: 29/09/2017 15:42:14, ChangeTime: 22/12/2017 23:57:15, FileAttributes: A"
"12:56:05.7177628","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\ddraw.dll","SUCCESS",""
"12:56:05.7178881","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\ddraw.dll","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:05.7179411","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\ddraw.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READ"
"12:56:05.7179555","nwtoolset.exe","17432","QueryStandardInformationFile","C:\Windows\SysWOW64\ddraw.dll","SUCCESS","AllocationSize: 532,480, EndOfFile: 531,456, NumberOfLinks: 2, DeletePending: False, Directory: False"
"12:56:05.7179751","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\ddraw.dll","SUCCESS","SyncType: SyncTypeOther"
"12:56:05.7180336","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\ddraw.dll","SUCCESS",""
"12:56:05.7182540","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\ddraw.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:05.7182908","nwtoolset.exe","17432","QueryBasicInformationFile","C:\Windows\SysWOW64\ddraw.dll","SUCCESS","CreationTime: 29/09/2017 15:42:14, LastAccessTime: 02/04/2018 12:11:32, LastWriteTime: 29/09/2017 15:42:14, ChangeTime: 22/12/2017 23:57:15, FileAttributes: A"
"12:56:05.7183022","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\ddraw.dll","SUCCESS",""
"12:56:05.7184236","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\ddraw.dll","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:05.7184739","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\ddraw.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READ"
"12:56:05.7184871","nwtoolset.exe","17432","QueryStandardInformationFile","C:\Windows\SysWOW64\ddraw.dll","SUCCESS","AllocationSize: 532,480, EndOfFile: 531,456, NumberOfLinks: 2, DeletePending: False, Directory: False"
"12:56:05.7185052","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\ddraw.dll","SUCCESS","SyncType: SyncTypeOther"
"12:56:05.7185582","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\ddraw.dll","SUCCESS",""
"12:56:05.7187723","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\opengl32.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:05.7188094","nwtoolset.exe","17432","QueryBasicInformationFile","C:\Windows\SysWOW64\opengl32.dll","SUCCESS","CreationTime: 29/09/2017 15:42:22, LastAccessTime: 02/04/2018 12:56:04, LastWriteTime: 29/09/2017 15:42:22, ChangeTime: 22/12/2017 23:57:21, FileAttributes: A"
"12:56:05.7188202","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\opengl32.dll","SUCCESS",""
"12:56:05.7191584","nwtoolset.exe","17432","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\OEM","SUCCESS","Desired Access: Read"
"12:56:05.7191943","nwtoolset.exe","17432","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\OEM","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:56:05.7192090","nwtoolset.exe","17432","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\OEM\DeviceForm","NAME NOT FOUND","Length: 20"
"12:56:05.7192271","nwtoolset.exe","17432","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\OEM","SUCCESS",""
"12:56:05.7194819","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\dxgi.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:05.7195217","nwtoolset.exe","17432","QueryBasicInformationFile","C:\Windows\SysWOW64\dxgi.dll","SUCCESS","CreationTime: 22/12/2017 23:38:41, LastAccessTime: 02/04/2018 12:55:38, LastWriteTime: 22/12/2017 23:38:41, ChangeTime: 13/03/2018 21:29:18, FileAttributes: A"
"12:56:05.7195337","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\dxgi.dll","SUCCESS",""
"12:56:05.7196542","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\dxgi.dll","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:05.7197096","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\dxgi.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READ"
"12:56:05.7197237","nwtoolset.exe","17432","QueryStandardInformationFile","C:\Windows\SysWOW64\dxgi.dll","SUCCESS","AllocationSize: 593,920, EndOfFile: 590,944, NumberOfLinks: 2, DeletePending: False, Directory: False"
"12:56:05.7197424","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\dxgi.dll","SUCCESS","SyncType: SyncTypeOther"
"12:56:05.7198033","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\dxgi.dll","SUCCESS",""
"12:56:05.7200370","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\dxgi.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:05.7200764","nwtoolset.exe","17432","QueryBasicInformationFile","C:\Windows\SysWOW64\dxgi.dll","SUCCESS","CreationTime: 22/12/2017 23:38:41, LastAccessTime: 02/04/2018 12:55:38, LastWriteTime: 22/12/2017 23:38:41, ChangeTime: 13/03/2018 21:29:18, FileAttributes: A"
"12:56:05.7200906","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\dxgi.dll","SUCCESS",""
"12:56:05.7202110","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\dxgi.dll","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:05.7202662","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\dxgi.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READ"
"12:56:05.7202800","nwtoolset.exe","17432","QueryStandardInformationFile","C:\Windows\SysWOW64\dxgi.dll","SUCCESS","AllocationSize: 593,920, EndOfFile: 590,944, NumberOfLinks: 2, DeletePending: False, Directory: False"
"12:56:05.7202990","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\dxgi.dll","SUCCESS","SyncType: SyncTypeOther"
"12:56:05.7203550","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\dxgi.dll","SUCCESS",""
"12:56:05.7205631","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\d3d9.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:05.7206002","nwtoolset.exe","17432","QueryBasicInformationFile","C:\Windows\SysWOW64\d3d9.dll","SUCCESS","CreationTime: 22/12/2017 23:38:45, LastAccessTime: 02/04/2018 12:35:55, LastWriteTime: 22/12/2017 23:38:45, ChangeTime: 13/03/2018 21:29:18, FileAttributes: A"
"12:56:05.7206110","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\d3d9.dll","SUCCESS",""
"12:56:05.7207264","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\d3d9.dll","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:05.7207760","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\d3d9.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READ"
"12:56:05.7207887","nwtoolset.exe","17432","QueryStandardInformationFile","C:\Windows\SysWOW64\d3d9.dll","SUCCESS","AllocationSize: 1,478,656, EndOfFile: 1,474,680, NumberOfLinks: 2, DeletePending: False, Directory: False"
"12:56:05.7208065","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\d3d9.dll","SUCCESS","SyncType: SyncTypeOther"
"12:56:05.7208664","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\d3d9.dll","SUCCESS",""
"12:56:05.7210700","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\d3d9.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:05.7211052","nwtoolset.exe","17432","QueryBasicInformationFile","C:\Windows\SysWOW64\d3d9.dll","SUCCESS","CreationTime: 22/12/2017 23:38:45, LastAccessTime: 02/04/2018 12:35:55, LastWriteTime: 22/12/2017 23:38:45, ChangeTime: 13/03/2018 21:29:18, FileAttributes: A"
"12:56:05.7211161","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\d3d9.dll","SUCCESS",""
"12:56:05.7212293","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\d3d9.dll","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:05.7212796","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\d3d9.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READ"
"12:56:05.7212923","nwtoolset.exe","17432","QueryStandardInformationFile","C:\Windows\SysWOW64\d3d9.dll","SUCCESS","AllocationSize: 1,478,656, EndOfFile: 1,474,680, NumberOfLinks: 2, DeletePending: False, Directory: False"
"12:56:05.7213112","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\d3d9.dll","SUCCESS","SyncType: SyncTypeOther"
"12:56:05.7213679","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\d3d9.dll","SUCCESS",""
"12:56:05.7215751","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\d3d8.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:05.7216115","nwtoolset.exe","17432","QueryBasicInformationFile","C:\Windows\SysWOW64\d3d8.dll","SUCCESS","CreationTime: 29/09/2017 15:42:14, LastAccessTime: 19/03/2018 00:32:50, LastWriteTime: 29/09/2017 15:42:14, ChangeTime: 22/12/2017 23:57:14, FileAttributes: A"
"12:56:05.7216226","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\d3d8.dll","SUCCESS",""
"12:56:05.7217380","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\d3d8.dll","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:05.7217931","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\d3d8.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READ"
"12:56:05.7218061","nwtoolset.exe","17432","QueryStandardInformationFile","C:\Windows\SysWOW64\d3d8.dll","SUCCESS","AllocationSize: 716,800, EndOfFile: 713,216, NumberOfLinks: 2, DeletePending: False, Directory: False"
"12:56:05.7218238","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\d3d8.dll","SUCCESS","SyncType: SyncTypeOther"
"12:56:05.7218756","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\d3d8.dll","SUCCESS",""
"12:56:05.7220910","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\d3d8.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:05.7221271","nwtoolset.exe","17432","QueryBasicInformationFile","C:\Windows\SysWOW64\d3d8.dll","SUCCESS","CreationTime: 29/09/2017 15:42:14, LastAccessTime: 19/03/2018 00:32:50, LastWriteTime: 29/09/2017 15:42:14, ChangeTime: 22/12/2017 23:57:14, FileAttributes: A"
"12:56:05.7221380","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\d3d8.dll","SUCCESS",""
"12:56:05.7222569","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\d3d8.dll","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:05.7223144","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\d3d8.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READ"
"12:56:05.7223274","nwtoolset.exe","17432","QueryStandardInformationFile","C:\Windows\SysWOW64\d3d8.dll","SUCCESS","AllocationSize: 716,800, EndOfFile: 713,216, NumberOfLinks: 2, DeletePending: False, Directory: False"
"12:56:05.7223446","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\d3d8.dll","SUCCESS","SyncType: SyncTypeOther"
"12:56:05.7223952","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\d3d8.dll","SUCCESS",""
"12:56:05.7226024","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\d3d.dll","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:56:05.7228042","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\d3d.dll","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:56:05.7230117","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\ddraw.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:05.7230475","nwtoolset.exe","17432","QueryBasicInformationFile","C:\Windows\SysWOW64\ddraw.dll","SUCCESS","CreationTime: 29/09/2017 15:42:14, LastAccessTime: 02/04/2018 12:11:32, LastWriteTime: 29/09/2017 15:42:14, ChangeTime: 22/12/2017 23:57:15, FileAttributes: A"
"12:56:05.7230586","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\ddraw.dll","SUCCESS",""
"12:56:05.7231734","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\ddraw.dll","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:05.7232261","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\ddraw.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READ"
"12:56:05.7232391","nwtoolset.exe","17432","QueryStandardInformationFile","C:\Windows\SysWOW64\ddraw.dll","SUCCESS","AllocationSize: 532,480, EndOfFile: 531,456, NumberOfLinks: 2, DeletePending: False, Directory: False"
"12:56:05.7232589","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\ddraw.dll","SUCCESS","SyncType: SyncTypeOther"
"12:56:05.7233113","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\ddraw.dll","SUCCESS",""
"12:56:05.7235270","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\ddraw.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:05.7235616","nwtoolset.exe","17432","QueryBasicInformationFile","C:\Windows\SysWOW64\ddraw.dll","SUCCESS","CreationTime: 29/09/2017 15:42:14, LastAccessTime: 02/04/2018 12:11:32, LastWriteTime: 29/09/2017 15:42:14, ChangeTime: 22/12/2017 23:57:15, FileAttributes: A"
"12:56:05.7235728","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\ddraw.dll","SUCCESS",""
"12:56:05.7236851","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\ddraw.dll","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:05.7237372","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\ddraw.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READ"
"12:56:05.7237501","nwtoolset.exe","17432","QueryStandardInformationFile","C:\Windows\SysWOW64\ddraw.dll","SUCCESS","AllocationSize: 532,480, EndOfFile: 531,456, NumberOfLinks: 2, DeletePending: False, Directory: False"
"12:56:05.7237685","nwtoolset.exe","17432","CreateFileMapping","C:\Windows\SysWOW64\ddraw.dll","SUCCESS","SyncType: SyncTypeOther"
"12:56:05.7238188","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\ddraw.dll","SUCCESS",""
"12:56:05.7240194","nwtoolset.exe","17432","CreateFile","C:\Windows\SysWOW64\opengl32.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:56:05.7240549","nwtoolset.exe","17432","QueryBasicInformationFile","C:\Windows\SysWOW64\opengl32.dll","SUCCESS","CreationTime: 29/09/2017 15:42:22, LastAccessTime: 02/04/2018 12:56:04, LastWriteTime: 29/09/2017 15:42:22, ChangeTime: 22/12/2017 23:57:21, FileAttributes: A"
"12:56:05.7240691","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\opengl32.dll","SUCCESS",""
"12:56:05.7242983","nwtoolset.exe","17432","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\OEM","SUCCESS","Desired Access: Read"
"12:56:05.7243188","nwtoolset.exe","17432","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\OEM","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:56:05.7243296","nwtoolset.exe","17432","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\OEM\DeviceForm","NAME NOT FOUND","Length: 20"
"12:56:05.7243462","nwtoolset.exe","17432","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\OEM","SUCCESS",""
"12:56:05.7247067","nwtoolset.exe","17432","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\OEM","SUCCESS","Desired Access: Read"
"12:56:05.7247317","nwtoolset.exe","17432","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\OEM","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:56:05.7247476","nwtoolset.exe","17432","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\OEM\DeviceForm","NAME NOT FOUND","Length: 20"
"12:56:05.7247729","nwtoolset.exe","17432","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\OEM","SUCCESS",""
"12:56:05.7248271","nwtoolset.exe","17432","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\OEM","SUCCESS","Desired Access: Read"
"12:56:05.7248440","nwtoolset.exe","17432","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\OEM","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:56:05.7248536","nwtoolset.exe","17432","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\OEM\DeviceForm","NAME NOT FOUND","Length: 20"
"12:56:05.7248693","nwtoolset.exe","17432","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\OEM","SUCCESS",""
"12:56:05.7249283","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:56:05.7249383","nwtoolset.exe","17432","RegQueryKey","HKLM","SUCCESS","Query: Name"
"12:56:05.7249533","nwtoolset.exe","17432","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Input","REPARSE","Desired Access: Read"
"12:56:05.7249901","nwtoolset.exe","17432","RegOpenKey","HKLM\SOFTWARE\Microsoft\Input","SUCCESS","Desired Access: Read"
"12:56:05.7250094","nwtoolset.exe","17432","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Input","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:56:05.7250190","nwtoolset.exe","17432","RegQueryValue","HKLM\SOFTWARE\Microsoft\Input\ResyncResetTime","NAME NOT FOUND","Length: 144"
"12:56:05.7250286","nwtoolset.exe","17432","RegQueryValue","HKLM\SOFTWARE\Microsoft\Input\MaxResyncAttempts","NAME NOT FOUND","Length: 144"
"12:56:05.7250455","nwtoolset.exe","17432","RegCloseKey","HKLM\SOFTWARE\Microsoft\Input","SUCCESS",""
"12:56:06.7766942","nwtoolset.exe","17432","Thread Exit","","SUCCESS","Thread ID: 5540, User Time: 0.0000000, Kernel Time: 0.0000000"
"12:56:06.7767213","nwtoolset.exe","17432","Thread Exit","","SUCCESS","Thread ID: 5648, User Time: 0.0000000, Kernel Time: 0.0000000"
"12:56:06.7792614","nwtoolset.exe","17432","WriteFile","C:\Program Files (x86)\Steam\GameOverlayRenderer.log","SUCCESS","Offset: 4,170, Length: 66"
"12:56:06.7799800","nwtoolset.exe","17432","CloseFile","C:\Program Files (x86)\Steam\GameOverlayRenderer.log","SUCCESS",""
"12:56:06.8355603","nwtoolset.exe","17432","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\GRE_Initialize","REPARSE","Desired Access: Read"
"12:56:06.8355859","nwtoolset.exe","17432","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize","SUCCESS","Desired Access: Read"
"12:56:06.8356022","nwtoolset.exe","17432","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:56:06.8356112","nwtoolset.exe","17432","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles","NAME NOT FOUND","Length: 20"
"12:56:06.8356263","nwtoolset.exe","17432","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize","SUCCESS",""
"12:56:06.8357031","nwtoolset.exe","17432","CloseFile","C:\Windows\Fonts\StaticCache.dat","SUCCESS",""
"12:56:06.8359154","nwtoolset.exe","17432","RegCloseKey","HKCU\Software\Classes\Local Settings\Software\Microsoft","SUCCESS",""
"12:56:06.8359362","nwtoolset.exe","17432","RegCloseKey","HKCU\Software\Classes\Local Settings","SUCCESS",""
"12:56:06.8359594","nwtoolset.exe","17432","RegCloseKey","HKLM\SOFTWARE\Microsoft\Ole","SUCCESS",""
"12:56:06.8359717","nwtoolset.exe","17432","RegCloseKey","HKLM","SUCCESS",""
"12:56:06.8361847","nwtoolset.exe","17432","Thread Exit","","SUCCESS","Thread ID: 11216, User Time: 0.0625000, Kernel Time: 0.4062500"
"12:56:06.8384218","nwtoolset.exe","17432","QueryNameInformationFile","C:\Program Files (x86)\Steam\steamapps\common\Neverwinter Nights\bin\win32\nwtoolset.exe","SUCCESS","Name: \Program Files (x86)\Steam\steamapps\common\Neverwinter Nights\bin\win32\nwtoolset.exe"
"12:56:06.8384456","nwtoolset.exe","17432","QueryNameInformationFile","C:\Windows\SysWOW64\glu32.dll","SUCCESS","Name: \Windows\SysWOW64\glu32.dll"
"12:56:06.8384642","nwtoolset.exe","17432","QueryNameInformationFile","C:\Windows\SysWOW64\opengl32.dll","SUCCESS","Name: \Windows\SysWOW64\opengl32.dll"
"12:56:06.8384850","nwtoolset.exe","17432","QueryNameInformationFile","C:\Windows\SysWOW64\TextInputFramework.dll","SUCCESS","Name: \Windows\SysWOW64\TextInputFramework.dll"
"12:56:06.8385019","nwtoolset.exe","17432","QueryNameInformationFile","C:\Windows\System32\wow64.dll","SUCCESS","Name: \Windows\System32\wow64.dll"
"12:56:06.8385182","nwtoolset.exe","17432","QueryNameInformationFile","C:\Windows\System32\wow64cpu.dll","SUCCESS","Name: \Windows\System32\wow64cpu.dll"
"12:56:06.8385410","nwtoolset.exe","17432","QueryNameInformationFile","C:\Windows\System32\wow64win.dll","SUCCESS","Name: \Windows\System32\wow64win.dll"
"12:56:06.8385627","nwtoolset.exe","17432","QueryNameInformationFile","C:\Windows\SysWOW64\CoreUIComponents.dll","SUCCESS","Name: \Windows\SysWOW64\CoreUIComponents.dll"
"12:56:06.8385760","nwtoolset.exe","17432","QueryNameInformationFile","C:\Windows\SysWOW64\CoreMessaging.dll","SUCCESS","Name: \Windows\SysWOW64\CoreMessaging.dll"
"12:56:06.8385916","nwtoolset.exe","17432","QueryNameInformationFile","C:\Program Files (x86)\Steam\GameOverlayRenderer.dll","SUCCESS","Name: \Program Files (x86)\Steam\GameOverlayRenderer.dll"
"12:56:06.8386106","nwtoolset.exe","17432","QueryNameInformationFile","C:\Program Files (x86)\Steam\steamapps\common\Neverwinter Nights\bin\win32\openal32.dll","SUCCESS","Name: \Program Files (x86)\Steam\steamapps\common\Neverwinter Nights\bin\win32\openal32.dll"
"12:56:06.8386317","nwtoolset.exe","17432","QueryNameInformationFile","C:\Windows\SysWOW64\WinTypes.dll","SUCCESS","Name: \Windows\SysWOW64\WinTypes.dll"
"12:56:06.8386486","nwtoolset.exe","17432","QueryNameInformationFile","C:\Program Files\Bitdefender\Bitdefender 2017\atcuf\263284823411408631\atcuf32.dll","SUCCESS","Name: \Program Files\Bitdefender\Bitdefender 2017\atcuf\263284823411408631\atcuf32.dll"
"12:56:06.8386727","nwtoolset.exe","17432","QueryNameInformationFile","C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.16299.309_none_5d7d0b9ba7da9417\comctl32.dll","SUCCESS","Name: \Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.16299.309_none_5d7d0b9ba7da9417\comctl32.dll"
"12:56:06.8386904","nwtoolset.exe","17432","QueryNameInformationFile","C:\Windows\SysWOW64\dwmapi.dll","SUCCESS","Name: \Windows\SysWOW64\dwmapi.dll"
"12:56:06.8387016","nwtoolset.exe","17432","QueryNameInformationFile","C:\Windows\SysWOW64\winspool.drv","SUCCESS","Name: \Windows\SysWOW64\winspool.drv"
"12:56:06.8387178","nwtoolset.exe","17432","QueryNameInformationFile","C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.16299.309_none_d02304ff5f3aa9de\comctl32.dll","SUCCESS","Name: \Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.16299.309_none_d02304ff5f3aa9de\comctl32.dll"
"12:56:06.8387317","nwtoolset.exe","17432","QueryNameInformationFile","C:\Windows\SysWOW64\winmmbase.dll","SUCCESS","Name: \Windows\SysWOW64\winmmbase.dll"
"12:56:06.8387470","nwtoolset.exe","17432","QueryNameInformationFile","C:\Windows\SysWOW64\IPHLPAPI.DLL","SUCCESS","Name: \Windows\SysWOW64\IPHLPAPI.DLL"
"12:56:06.8387570","nwtoolset.exe","17432","QueryNameInformationFile","C:\Windows\SysWOW64\winmm.dll","SUCCESS","Name: \Windows\SysWOW64\winmm.dll"
"12:56:06.8387666","nwtoolset.exe","17432","QueryNameInformationFile","C:\Windows\SysWOW64\version.dll","SUCCESS","Name: \Windows\SysWOW64\version.dll"
"12:56:06.8387763","nwtoolset.exe","17432","QueryNameInformationFile","C:\Windows\SysWOW64\ntmarta.dll","SUCCESS","Name: \Windows\SysWOW64\ntmarta.dll"
"12:56:06.8387898","nwtoolset.exe","17432","QueryNameInformationFile","C:\Windows\SysWOW64\bcrypt.dll","SUCCESS","Name: \Windows\SysWOW64\bcrypt.dll"
"12:56:06.8388010","nwtoolset.exe","17432","QueryNameInformationFile","C:\Windows\SysWOW64\uxtheme.dll","SUCCESS","Name: \Windows\SysWOW64\uxtheme.dll"
"12:56:06.8388106","nwtoolset.exe","17432","QueryNameInformationFile","C:\Windows\SysWOW64\cryptbase.dll","SUCCESS","Name: \Windows\SysWOW64\cryptbase.dll"
"12:56:06.8388196","nwtoolset.exe","17432","QueryNameInformationFile","C:\Windows\SysWOW64\sspicli.dll","SUCCESS","Name: \Windows\SysWOW64\sspicli.dll"
"12:56:06.8388329","nwtoolset.exe","17432","QueryNameInformationFile","C:\Windows\SysWOW64\psapi.dll","SUCCESS","Name: \Windows\SysWOW64\psapi.dll"
"12:56:06.8388488","nwtoolset.exe","17432","QueryNameInformationFile","C:\Windows\SysWOW64\imm32.dll","SUCCESS","Name: \Windows\SysWOW64\imm32.dll"
"12:56:06.8388582","nwtoolset.exe","17432","QueryNameInformationFile","C:\Windows\SysWOW64\cfgmgr32.dll","SUCCESS","Name: \Windows\SysWOW64\cfgmgr32.dll"
"12:56:06.8388678","nwtoolset.exe","17432","QueryNameInformationFile","C:\Windows\SysWOW64\SHCore.dll","SUCCESS","Name: \Windows\SysWOW64\SHCore.dll"
"12:56:06.8388769","nwtoolset.exe","17432","QueryNameInformationFile","C:\Windows\SysWOW64\kernel.appcore.dll","SUCCESS","Name: \Windows\SysWOW64\kernel.appcore.dll"
"12:56:06.8388859","nwtoolset.exe","17432","QueryNameInformationFile","C:\Windows\SysWOW64\ucrtbase.dll","SUCCESS","Name: \Windows\SysWOW64\ucrtbase.dll"
"12:56:06.8388952","nwtoolset.exe","17432","QueryNameInformationFile","C:\Windows\SysWOW64\win32u.dll","SUCCESS","Name: \Windows\SysWOW64\win32u.dll"
"12:56:06.8389184","nwtoolset.exe","17432","QueryNameInformationFile","C:\Windows\SysWOW64\sechost.dll","SUCCESS","Name: \Windows\SysWOW64\sechost.dll"
"12:56:06.8389371","nwtoolset.exe","17432","QueryNameInformationFile","C:\Windows\SysWOW64\shlwapi.dll","SUCCESS","Name: \Windows\SysWOW64\shlwapi.dll"
"12:56:06.8389552","nwtoolset.exe","17432","QueryNameInformationFile","C:\Windows\SysWOW64\advapi32.dll","SUCCESS","Name: \Windows\SysWOW64\advapi32.dll"
"12:56:06.8389774","nwtoolset.exe","17432","QueryNameInformationFile","C:\Windows\SysWOW64\combase.dll","SUCCESS","Name: \Windows\SysWOW64\combase.dll"
"12:56:06.8389886","nwtoolset.exe","17432","QueryNameInformationFile","C:\Windows\SysWOW64\powrprof.dll","SUCCESS","Name: \Windows\SysWOW64\powrprof.dll"
"12:56:06.8389979","nwtoolset.exe","17432","QueryNameInformationFile","C:\Windows\SysWOW64\msvcp_win.dll","SUCCESS","Name: \Windows\SysWOW64\msvcp_win.dll"
"12:56:06.8390100","nwtoolset.exe","17432","QueryNameInformationFile","C:\Windows\SysWOW64\rpcrt4.dll","SUCCESS","Name: \Windows\SysWOW64\rpcrt4.dll"
"12:56:06.8390211","nwtoolset.exe","17432","QueryNameInformationFile","C:\Windows\SysWOW64\kernel32.dll","SUCCESS","Name: \Windows\SysWOW64\kernel32.dll"
"12:56:06.8390320","nwtoolset.exe","17432","QueryNameInformationFile","C:\Windows\SysWOW64\ole32.dll","SUCCESS","Name: \Windows\SysWOW64\ole32.dll"
"12:56:06.8390557","nwtoolset.exe","17432","QueryNameInformationFile","C:\Windows\SysWOW64\oleaut32.dll","SUCCESS","Name: \Windows\SysWOW64\oleaut32.dll"
"12:56:06.8390711","nwtoolset.exe","17432","QueryNameInformationFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","Name: \Windows\SysWOW64\KernelBase.dll"
"12:56:06.8390919","nwtoolset.exe","17432","QueryNameInformationFile","C:\Windows\SysWOW64\bcryptprimitives.dll","SUCCESS","Name: \Windows\SysWOW64\bcryptprimitives.dll"
"12:56:06.8391106","nwtoolset.exe","17432","QueryNameInformationFile","C:\Windows\SysWOW64\windows.storage.dll","SUCCESS","Name: \Windows\SysWOW64\windows.storage.dll"
"12:56:06.8391214","nwtoolset.exe","17432","QueryNameInformationFile","C:\Windows\SysWOW64\msvcrt.dll","SUCCESS","Name: \Windows\SysWOW64\msvcrt.dll"
"12:56:06.8391362","nwtoolset.exe","17432","QueryNameInformationFile","C:\Windows\SysWOW64\gdi32full.dll","SUCCESS","Name: \Windows\SysWOW64\gdi32full.dll"
"12:56:06.8391494","nwtoolset.exe","17432","QueryNameInformationFile","C:\Windows\SysWOW64\user32.dll","SUCCESS","Name: \Windows\SysWOW64\user32.dll"
"12:56:06.8391669","nwtoolset.exe","17432","QueryNameInformationFile","C:\Windows\SysWOW64\shell32.dll","SUCCESS","Name: \Windows\SysWOW64\shell32.dll"
"12:56:06.8391771","nwtoolset.exe","17432","QueryNameInformationFile","C:\Windows\SysWOW64\profapi.dll","SUCCESS","Name: \Windows\SysWOW64\profapi.dll"
"12:56:06.8391862","nwtoolset.exe","17432","QueryNameInformationFile","C:\Windows\SysWOW64\gdi32.dll","SUCCESS","Name: \Windows\SysWOW64\gdi32.dll"
"12:56:06.8391988","nwtoolset.exe","17432","QueryNameInformationFile","C:\Windows\SysWOW64\msctf.dll","SUCCESS","Name: \Windows\SysWOW64\msctf.dll"
"12:56:06.8392148","nwtoolset.exe","17432","QueryNameInformationFile","C:\Windows\SysWOW64\comdlg32.dll","SUCCESS","Name: \Windows\SysWOW64\comdlg32.dll"
"12:56:06.8392268","nwtoolset.exe","17432","QueryNameInformationFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Name: \Windows\SysWOW64\ntdll.dll"
"12:56:06.8392371","nwtoolset.exe","17432","QueryNameInformationFile","C:\Windows\System32\ntdll.dll","SUCCESS","Name: \Windows\System32\ntdll.dll"
"12:56:06.8403875","nwtoolset.exe","17432","Process Exit","","SUCCESS","Exit Status: 3, User Time: 0.0625000 seconds, Kernel Time: 0.4062500 seconds, Private Bytes: 5,107,712, Peak Private Bytes: 7,127,040, Working Set: 16,580,608, Peak Working Set: 35,667,968"
"12:56:06.8404104","nwtoolset.exe","17432","RegOpenKey","HKLM\System\CurrentControlSet\Services\bam\UserSettings\S-1-5-21-1662289942-932661628-3393754344-1001","SUCCESS","Desired Access: All Access"
"12:56:06.8404378","nwtoolset.exe","17432","RegQueryValue","HKLM\System\CurrentControlSet\Services\bam\UserSettings\S-1-5-21-1662289942-932661628-3393754344-1001\\Device\HarddiskVolume7\Program Files (x86)\Steam\steamapps\common\Neverwinter Nights\bin\win32\nwtoolset.exe","SUCCESS","Type: REG_BINARY, Length: 24, Data: 06 0F 1B 32 71 CA D3 01 00 00 00 00 00 00 00 00"
"12:56:06.8404553","nwtoolset.exe","17432","RegSetValue","HKLM\System\CurrentControlSet\Services\bam\UserSettings\S-1-5-21-1662289942-932661628-3393754344-1001\\Device\HarddiskVolume7\Program Files (x86)\Steam\steamapps\common\Neverwinter Nights\bin\win32\nwtoolset.exe","SUCCESS","Type: REG_BINARY, Length: 24, Data: B6 08 86 33 71 CA D3 01 00 00 00 00 00 00 00 00"
"12:56:06.8405770","nwtoolset.exe","17432","RegCloseKey","HKLM\System\CurrentControlSet\Services\bam\UserSettings\S-1-5-21-1662289942-932661628-3393754344-1001","SUCCESS",""
"12:56:06.8406210","nwtoolset.exe","17432","CloseFile","C:\Windows","SUCCESS",""
"12:56:06.8406658","nwtoolset.exe","17432","CloseFile","C:\Program Files (x86)\Steam\steamapps\common\Neverwinter Nights\bin\win32","SUCCESS",""
"12:56:06.8407294","nwtoolset.exe","17432","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS",""
"12:56:06.8407417","nwtoolset.exe","17432","CloseFile","C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.16299.309_none_d02304ff5f3aa9de","SUCCESS",""
"12:56:06.8407749","nwtoolset.exe","17432","RegCloseKey","HKLM\System\CurrentControlSet\Control\Session Manager","SUCCESS",""
"12:56:06.8407818","nwtoolset.exe","17432","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\Sorting\Versions","SUCCESS",""
"12:56:06.8407887","nwtoolset.exe","17432","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options","SUCCESS",""
"12:56:06.8407947","nwtoolset.exe","17432","RegCloseKey","HKLM","SUCCESS",""
"12:56:06.8408176","nwtoolset.exe","17432","RegCloseKey","HKCU","SUCCESS",""
"12:56:06.8408267","nwtoolset.exe","17432","RegCloseKey","HKCU\Software\Classes","SUCCESS",""
"12:56:06.8408486","nwtoolset.exe","17432","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\Sorting\Ids","SUCCESS",""
"12:56:06.8408583","nwtoolset.exe","17432","CloseFile","C:\Windows\SysWOW64\it-IT\user32.dll.mui","SUCCESS",""
"12:56:06.8408980","nwtoolset.exe","17432","CloseFile","C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.16299.309_none_5d7d0b9ba7da9417","SUCCESS",""
"12:56:06.8409245","nwtoolset.exe","17432","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\Locale","SUCCESS",""
"12:56:06.8409330","nwtoolset.exe","17432","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\PropertyBag","SUCCESS",""
"12:56:06.8409372","nwtoolset.exe","17432","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\Locale\Alternate Sorts","SUCCESS",""
"12:56:06.8409414","nwtoolset.exe","17432","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\Language Groups","SUCCESS",""
"12:56:06.8409474","nwtoolset.exe","17432","RegCloseKey","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer","SUCCESS",""