22:54:01.2820616 SnippingTool.exe 1476 IRP_MJ_CREATE C:\Windows\System32\SnippingTool.exe.Local NAME NOT FOUND Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a
22:54:01.2783191 SnippingTool.exe 1476 RegOpenKey HKLM\System\CurrentControlSet\Control\SafeBoot\Option NAME NOT FOUND Desired Access: Query Value, Set Value
22:54:01.2783557 SnippingTool.exe 1476 RegOpenKey HKLM\System\CurrentControlSet\Control\Srp\GP\DLL NAME NOT FOUND Desired Access: Read
22:54:01.2784019 SnippingTool.exe 1476 RegQueryValue HKLM\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\TransparentEnabled NAME NOT FOUND Length: 80
22:54:01.2784468 SnippingTool.exe 1476 RegOpenKey HKCU\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers NAME NOT FOUND Desired Access: Query Value
22:54:01.2816086 SnippingTool.exe 1476 RegOpenKey HKLM\Software\Microsoft\Windows\CurrentVersion\SideBySide\AssemblyStorageRoots NAME NOT FOUND Desired Access: Enumerate Sub Keys
22:54:01.2820616 SnippingTool.exe 1476 IRP_MJ_CREATE C:\Windows\System32\SnippingTool.exe.Local NAME NOT FOUND Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a
22:54:01.2849532 SnippingTool.exe 1476 RegOpenKey HKLM\Software\Microsoft\Windows\CurrentVersion\SideBySide\AssemblyStorageRoots NAME NOT FOUND Desired Access: Enumerate Sub Keys
22:54:01.2854325 SnippingTool.exe 1476 IRP_MJ_CREATE C:\Windows\System32\SnippingTool.exe.Local NAME NOT FOUND Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a
22:54:01.2959329 SnippingTool.exe 1476 RegQueryValue HKLM\System\CurrentControlSet\Control\Nls\CustomLocale\zh-CN NAME NOT FOUND Length: 532
22:54:01.2959996 SnippingTool.exe 1476 RegQueryValue HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale\zh-CN NAME NOT FOUND Length: 532
22:54:01.2962068 SnippingTool.exe 1476 RegOpenKey HKLM\Software\Microsoft\Windows NT\CurrentVersion\Diagnostics NAME NOT FOUND Desired Access: Read
22:54:01.2973572 SnippingTool.exe 1476 RegQueryValue HKLM\System\CurrentControlSet\Control\Session Manager\SafeDllSearchMode NAME NOT FOUND Length: 16
22:54:01.2998607 SnippingTool.exe 1476 RegOpenKey HKLM\System\CurrentControlSet\Control\Error Message Instrument NAME NOT FOUND Desired Access: Read
22:54:01.2999146 SnippingTool.exe 1476 RegQueryValue HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles NAME NOT FOUND Length: 20
22:54:01.3000128 SnippingTool.exe 1476 RegQueryValue HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Compatibility32\SnippingTool NAME NOT FOUND Length: 172
22:54:01.3000397 SnippingTool.exe 1476 RegOpenKey HKLM\Software\Microsoft\Windows NT\CurrentVersion\IME Compatibility NAME NOT FOUND Desired Access: Read
22:54:01.3002906 SnippingTool.exe 1476 RegOpenKey HKCU\Control Panel\Desktop\MuiCached\MachineLanguageConfiguration NAME NOT FOUND Desired Access: Read
22:54:01.3003233 SnippingTool.exe 1476 RegOpenKey HKLM\Software\Policies\Microsoft\MUI\Settings NAME NOT FOUND Desired Access: Read
22:54:01.3003740 SnippingTool.exe 1476 RegOpenKey HKCU\Software\Policies\Microsoft\Control Panel\Desktop NAME NOT FOUND Desired Access: Read
22:54:01.3004523 SnippingTool.exe 1476 RegOpenKey HKLM\Software\Policies\Microsoft\MUI\Settings NAME NOT FOUND Desired Access: Read
22:54:01.3004998 SnippingTool.exe 1476 RegOpenKey HKCU\Software\Policies\Microsoft\Control Panel\Desktop NAME NOT FOUND Desired Access: Read
22:54:01.3005338 SnippingTool.exe 1476 RegQueryValue HKCU\Control Panel\Desktop\PreferredUILanguages NAME NOT FOUND Length: 12
22:54:01.3005787 SnippingTool.exe 1476 RegOpenKey HKLM\Software\Policies\Microsoft\MUI\Settings NAME NOT FOUND Desired Access: Read
22:54:01.3012600 SnippingTool.exe 1476 RegQueryValue HKLM\SOFTWARE\Microsoft\Ole\PageAllocatorUseSystemHeap NAME NOT FOUND Length: 144
22:54:01.3013056 SnippingTool.exe 1476 RegQueryValue HKLM\SOFTWARE\Microsoft\Ole\PageAllocatorSystemHeapIsPrivate NAME NOT FOUND Length: 144
22:54:01.3013749 SnippingTool.exe 1476 RegOpenKey HKLM\Software\Microsoft\OLE\Tracing NAME NOT FOUND Desired Access: Read
22:54:01.3022199 SnippingTool.exe 1476 RegQueryValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest NAME NOT FOUND Length: 20
22:54:01.3027768 SnippingTool.exe 1476 RegOpenKey HKLM\SOFTWARE\Microsoft\OLEAUT NAME NOT FOUND Desired Access: Query Value
22:54:01.3028377 SnippingTool.exe 1476 RegOpenKey HKLM\SOFTWARE\Microsoft\OLEAUT NAME NOT FOUND Desired Access: Query Value
22:54:01.3039990 SnippingTool.exe 1476 RegOpenKey HKLM\SOFTWARE\Microsoft\MSDRM NAME NOT FOUND Desired Access: Read
22:54:01.3042345 SnippingTool.exe 1476 RegQueryValue HKLM\System\CurrentControlSet\Control\WMI\Security\79667ef6-8bbe-4833-9280-736c5c3230a3 NAME NOT FOUND Length: 524
22:54:01.3043898 SnippingTool.exe 1476 RegQueryValue HKLM\System\CurrentControlSet\Control\WMI\Security\8a8b5246-6eb6-4339-8b59-b0085b9f4890 NAME NOT FOUND Length: 524
22:54:01.3044898 SnippingTool.exe 1476 RegOpenKey HKLM\SOFTWARE\Policies\Microsoft\TabletPC NAME NOT FOUND Desired Access: Read
22:54:01.3045579 SnippingTool.exe 1476 RegOpenKey HKCU\SOFTWARE\Policies\Microsoft\TabletPC NAME NOT FOUND Desired Access: Read
22:54:01.4070573 SnippingTool.exe 1476 RegQueryValue HKLM\System\CurrentControlSet\Control\Video\{0D35F555-D05F-4708-A1A5-8FF2C04ABE88}\0000\PruningMode NAME NOT FOUND Length: 52
22:54:01.4096474 SnippingTool.exe 1476 RegOpenKey HKCU\Software\Microsoft\Windows\TabletPC\Snipping Tool NAME NOT FOUND Desired Access: Read
22:54:01.4096789 SnippingTool.exe 1476 RegOpenKey HKLM\Software\Microsoft\Windows\TabletPC\Snipping Tool NAME NOT FOUND Desired Access: Read
22:54:01.4104148 SnippingTool.exe 1476 RegOpenKey HKCU\Software\Classes\CLSID\{6E4FCB12-510A-4D40-9304-1DA10AE9147C} NAME NOT FOUND Desired Access: Read
22:54:01.4104392 SnippingTool.exe 1476 RegOpenKey HKCR\CLSID\{6E4FCB12-510A-4D40-9304-1DA10AE9147C} NAME NOT FOUND Desired Access: Read
22:54:01.4105027 SnippingTool.exe 1476 RegQueryValue HKLM\SOFTWARE\Microsoft\Ole\MaxSxSHashCount NAME NOT FOUND Length: 144
22:54:01.4105938 SnippingTool.exe 1476 RegOpenKey HKCU\Software\Classes\CLSID\{6E4FCB12-510A-4D40-9304-1DA10AE9147C} NAME NOT FOUND Desired Access: Read
22:54:01.4106111 SnippingTool.exe 1476 RegOpenKey HKCR\CLSID\{6E4FCB12-510A-4D40-9304-1DA10AE9147C} NAME NOT FOUND Desired Access: Read
22:54:01.4106432 SnippingTool.exe 1476 RegOpenKey HKCU\Software\Classes\CLSID\{6E4FCB12-510A-4D40-9304-1DA10AE9147C} NAME NOT FOUND Desired Access: Read
22:54:01.4106592 SnippingTool.exe 1476 RegOpenKey HKCR\CLSID\{6E4FCB12-510A-4D40-9304-1DA10AE9147C} NAME NOT FOUND Desired Access: Read
22:54:01.4107670 SnippingTool.exe 1476 RegOpenKey HKCU\Software\Classes\CLSID\{6E4FCB12-510A-4D40-9304-1DA10AE9147C} NAME NOT FOUND Desired Access: Read
22:54:01.4107837 SnippingTool.exe 1476 RegOpenKey HKCR\CLSID\{6E4FCB12-510A-4D40-9304-1DA10AE9147C} NAME NOT FOUND Desired Access: Read
22:54:01.4108151 SnippingTool.exe 1476 RegOpenKey HKCU\Software\Classes\CLSID\{6E4FCB12-510A-4D40-9304-1DA10AE9147C} NAME NOT FOUND Desired Access: Read
22:54:01.4108312 SnippingTool.exe 1476 RegOpenKey HKCR\CLSID\{6E4FCB12-510A-4D40-9304-1DA10AE9147C} NAME NOT FOUND Desired Access: Read
22:54:01.4110448 SnippingTool.exe 1476 RegQueryValue HKLM\SOFTWARE\Microsoft\Rpc\MaxRpcSize NAME NOT FOUND Length: 144
22:54:01.4112771 SnippingTool.exe 1476 RegOpenKey HKLM\Software\Policies\Microsoft\Windows NT\Rpc NAME NOT FOUND Desired Access: Read
22:54:01.4113156 SnippingTool.exe 1476 RegOpenKey HKLM\Software\Policies\Microsoft\SQMClient\Windows NAME NOT FOUND Desired Access: Read
22:54:01.4113554 SnippingTool.exe 1476 RegQueryValue HKLM\SOFTWARE\Microsoft\SQMClient\Windows\CEIPEnable NAME NOT FOUND Length: 20
22:54:01.4343181 SnippingTool.exe 1476 RegOpenKey HKCU\Software\Classes\AppID\SnippingTool.exe NAME NOT FOUND Desired Access: Read
22:54:01.4343386 SnippingTool.exe 1476 RegOpenKey HKCR\AppID\SnippingTool.exe NAME NOT FOUND Desired Access: Read
22:54:01.4344054 SnippingTool.exe 1476 RegQueryValue HKLM\SOFTWARE\Microsoft\Ole\AppCompat\RaiseDefaultAuthnLevel NAME NOT FOUND Length: 144
22:54:01.4344548 SnippingTool.exe 1476 RegQueryValue HKLM\SOFTWARE\Microsoft\Ole\DefaultAccessPermission NAME NOT FOUND Length: 144
22:54:01.4391378 SnippingTool.exe 1476 RegQueryValue HKLM\System\CurrentControlSet\Control\Session Manager\SafeProcessSearchMode NAME NOT FOUND Length: 16
22:54:01.4515199 SnippingTool.exe 1476 RegQueryValue HKLM\System\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy NAME NOT FOUND Length: 20
22:54:01.4515796 SnippingTool.exe 1476 RegOpenKey HKLM\System\CurrentControlSet\Policies\Microsoft\Cryptography\Configuration NAME NOT FOUND Desired Access: Query Value
22:54:01.4516643 SnippingTool.exe 1476 RegQueryValue HKLM\SOFTWARE\Policies\Microsoft\Cryptography\PrivKeyCacheMaxItems NAME NOT FOUND Length: 144
22:54:01.4516803 SnippingTool.exe 1476 RegQueryValue HKLM\SOFTWARE\Policies\Microsoft\Cryptography\PrivKeyCachePurgeIntervalSeconds NAME NOT FOUND Length: 144
22:54:01.4516932 SnippingTool.exe 1476 RegQueryValue HKLM\SOFTWARE\Policies\Microsoft\Cryptography\PrivateKeyLifetimeSeconds NAME NOT FOUND Length: 144
22:54:01.4518433 SnippingTool.exe 1476 RegOpenKey HKLM\Software\Microsoft\Cryptography\Offload NAME NOT FOUND Desired Access: Read
22:54:01.4521673 SnippingTool.exe 1476 RegOpenKey HKCU\Software\Classes\Inte***ce\{00000134-0000-0000-C000-000000000046} NAME NOT FOUND Desired Access: Read
22:54:01.4522539 SnippingTool.exe 1476 RegOpenKey HKCU\Software\Classes\Inte***ce\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32 NAME NOT FOUND Desired Access: Read
22:54:01.4523251 SnippingTool.exe 1476 RegOpenKey HKCU\Software\Classes\Inte***ce\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32 NAME NOT FOUND Desired Access: Maximum Allowed
22:54:01.4543847 SnippingTool.exe 1476 RegQueryValue HKLM\SOFTWARE\Microsoft\SQMClient\Windows\DisabledProcesses\BDEFDD92 NAME NOT FOUND Length: 24
22:54:01.4544341 SnippingTool.exe 1476 RegQueryValue HKLM\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\MachineThrottling NAME NOT FOUND Length: 24
22:54:01.4544783 SnippingTool.exe 1476 RegQueryValue HKLM\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\GlobalSession NAME NOT FOUND Length: 24
22:54:01.4575195 SnippingTool.exe 1476 RegOpenKey HKCU\Software\Policies\Microsoft\Windows\App Management NAME NOT FOUND Desired Access: Query Value
22:54:01.4575419 SnippingTool.exe 1476 RegOpenKey HKLM\Software\Policies\Microsoft\Windows\App Management NAME NOT FOUND Desired Access: Query Value
22:54:01.4575708 SnippingTool.exe 1476 RegOpenKey HKCU\Software\Microsoft\Windows\TabletPC\Snipping Tool NAME NOT FOUND Desired Access: Read
22:54:01.4580956 SnippingTool.exe 1476 RegOpenKey HKCU\SOFTWARE\Microsoft\Windows\Tablet PC NAME NOT FOUND Desired Access: Read
22:54:01.4581778 SnippingTool.exe 1476 RegOpenKey HKCU\Software\Microsoft\WISP\PEN\SysEventParameters NAME NOT FOUND Desired Access: Read
22:54:01.4581951 SnippingTool.exe 1476 RegOpenKey HKLM\Software\Microsoft\WISP\PEN\SysEventParameters NAME NOT FOUND Desired Access: Read
22:54:01.4650281 SnippingTool.exe 1476 RegQueryValue HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\Disable NAME NOT FOUND Length: 144
22:54:01.4662959 SnippingTool.exe 1476 RegQueryValue HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane1 NAME NOT FOUND Length: 144
22:54:01.4663440 SnippingTool.exe 1476 RegQueryValue HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane3 NAME NOT FOUND Length: 144
22:54:01.4666879 SnippingTool.exe 1476 RegOpenKey HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\微软雅黑 NAME NOT FOUND Desired Access: Query Value
22:54:01.4748888 SnippingTool.exe 1476 RegOpenKey HKCU\Software\Classes\CLSID\{65D00646-CDE3-4A88-9163-6769F0F1A97D} NAME NOT FOUND Desired Access: Read
22:54:01.4749202 SnippingTool.exe 1476 RegOpenKey HKCR\CLSID\{65D00646-CDE3-4A88-9163-6769F0F1A97D} NAME NOT FOUND Desired Access: Read
22:54:01.4750325 SnippingTool.exe 1476 RegOpenKey HKCU\Software\Classes\CLSID\{65D00646-CDE3-4A88-9163-6769F0F1A97D} NAME NOT FOUND Desired Access: Read
22:54:01.4750511 SnippingTool.exe 1476 RegOpenKey HKCR\CLSID\{65D00646-CDE3-4A88-9163-6769F0F1A97D} NAME NOT FOUND Desired Access: Read
22:54:01.4750845 SnippingTool.exe 1476 RegOpenKey HKCU\Software\Classes\CLSID\{65D00646-CDE3-4A88-9163-6769F0F1A97D} NAME NOT FOUND Desired Access: Read
22:54:01.4751018 SnippingTool.exe 1476 RegOpenKey HKCR\CLSID\{65D00646-CDE3-4A88-9163-6769F0F1A97D} NAME NOT FOUND Desired Access: Read
22:54:01.4752109 SnippingTool.exe 1476 RegOpenKey HKCU\Software\Classes\CLSID\{65D00646-CDE3-4A88-9163-6769F0F1A97D} NAME NOT FOUND Desired Access: Read
22:54:01.4752288 SnippingTool.exe 1476 RegOpenKey HKCR\CLSID\{65D00646-CDE3-4A88-9163-6769F0F1A97D} NAME NOT FOUND Desired Access: Read
22:54:01.4752622 SnippingTool.exe 1476 RegOpenKey HKCU\Software\Classes\CLSID\{65D00646-CDE3-4A88-9163-6769F0F1A97D} NAME NOT FOUND Desired Access: Read
22:54:01.4752789 SnippingTool.exe 1476 RegOpenKey HKCR\CLSID\{65D00646-CDE3-4A88-9163-6769F0F1A97D} NAME NOT FOUND Desired Access: Read
22:54:01.4857305 SnippingTool.exe 1476 IRP_MJ_CREATE C:\Windows\System32\zh-CN\imageres.dll.mui NAME NOT FOUND Desired Access: Generic Read, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a
22:54:01.4862290 SnippingTool.exe 1476 IRP_MJ_CREATE C:\Windows\System32\en-US\imageres.dll.mui NAME NOT FOUND Desired Access: Generic Read, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a
22:54:01.4902139 SnippingTool.exe 1476 RegOpenKey HKLM\SOFTWARE\Microsoft\CTF\Compatibility\SnippingTool.exe NAME NOT FOUND Desired Access: Read
22:54:01.4911141 SnippingTool.exe 1476 RegOpenKey HKLM\SOFTWARE\Microsoft\CTF\TIP\{0000897b-83df-4b96-be07-0fb58b01c4a4}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90} NAME NOT FOUND Desired Access: Read
22:54:01.4911520 SnippingTool.exe 1476 RegOpenKey HKLM\SOFTWARE\Microsoft\CTF\TIP\{07EB03D6-B001-41DF-9192-BF9B841EE71F}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90} NAME NOT FOUND Desired Access: Read
22:54:01.4911892 SnippingTool.exe 1476 RegOpenKey HKLM\SOFTWARE\Microsoft\CTF\TIP\{4966A555-1B67-45C0-B82F-627FD19AAD22}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90} NAME NOT FOUND Desired Access: Read
22:54:01.4913810 SnippingTool.exe 1476 RegOpenKey HKLM\SOFTWARE\Microsoft\CTF\TIP\{81D4E9C9-1D3B-41BC-9E6C-4B40BF79E35E}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90} NAME NOT FOUND Desired Access: Read
22:54:01.4914176 SnippingTool.exe 1476 RegOpenKey HKLM\SOFTWARE\Microsoft\CTF\TIP\{AE6BE008-07FB-400D-8BEB-337A64F7051F}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90} NAME NOT FOUND Desired Access: Read
22:54:01.4914535 SnippingTool.exe 1476 RegOpenKey HKLM\SOFTWARE\Microsoft\CTF\TIP\{C1EE01F2-B3B6-4A6A-9DDD-E988C088EC82}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90} NAME NOT FOUND Desired Access: Read
22:54:01.4914882 SnippingTool.exe 1476 RegOpenKey HKLM\SOFTWARE\Microsoft\CTF\TIP\{F89E9E58-BD2F-4008-9AC2-0F816C09F4EE}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90} NAME NOT FOUND Desired Access: Read
22:54:01.4916338 SnippingTool.exe 1476 RegQueryValue HKCU\Keyboard Layout\Toggle\Language Hotkey NAME NOT FOUND Length: 144
22:54:01.4916460 SnippingTool.exe 1476 RegQueryValue HKCU\Keyboard Layout\Toggle\Hotkey NAME NOT FOUND Length: 144
22:54:01.4916640 SnippingTool.exe 1476 RegQueryValue HKCU\Keyboard Layout\Toggle\Layout Hotkey NAME NOT FOUND Length: 144
22:54:01.4921285 SnippingTool.exe 1476 RegQueryValue HKLM\SOFTWARE\Microsoft\CTF\EnableAnchorContext NAME NOT FOUND Length: 144
22:54:01.5828315 SnippingTool.exe 1476 RegOpenKey HKCU\Software\Microsoft\CTF\LayoutIcon\0804\00000804 NAME NOT FOUND Desired Access: Read
22:54:03.0563449 SnippingTool.exe 1476 RegOpenKey HKLM\SOFTWARE\Microsoft\CTF\KnownClasses NAME NOT FOUND Desired Access: Read
22:54:03.0881590 SnippingTool.exe 1476 RegQueryValue HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles NAME NOT FOUND Length: 20