g3log created log at: Sun Jul 02 20:43:21 2023 LOG format: [YYYY/MM/DD hh:mm:ss uuu* LEVEL FILE->FUNCTION:LINE] message (uuu*: microseconds fractions of the seconds value) 2023/07/02 20:43:21 159560 DEBUG [OSForensics.cpp->CheckRunInUSBMode:2473] LOGGER NOT INITIALIZED: CheckRunInUSBMode: Not Running from Removable DriveCheckRunInUSBMode: Not Running from Removable Drive 2023/07/02 20:43:52 549670 DEBUG [OSForensics.cpp->wWinMain:218] DEBUG: Starting... 2023/07/02 20:43:52 549679 DEBUG [OSForensics.cpp->wWinMain:224] DEBUG: 2023/7/2, 20:43:52 2023/07/02 20:43:52 549683 DEBUG [OSForensics.cpp->wWinMain:228] DEBUG: OSForensics 9.2 build 1000 64-bit 2023/07/02 20:43:52 549766 DEBUG [OSForensics.cpp->wWinMain:236] DEBUG OS: Windows 10 Home build 19045 (64-bit) 2023/07/02 20:43:52 549780 DEBUG [OSForensics.cpp->wWinMain:238] DEBUG Path: C:\Program Files\OSForensics 2023/07/02 20:43:52 549788 DEBUG [OSForensics.cpp->wWinMain:246] Date: 07/02/23 20:43:52 2023/07/02 20:43:52 551381 DEBUG [OSForensics.cpp->wWinMain:262] Main: Regproc check 2023/07/02 20:43:52 672397 DEBUG [OSForensics.cpp->wWinMain:302] Main: Set security OK 2023/07/02 20:43:52 672409 DEBUG [OSForensics.cpp->wWinMain:314] Main: Creating temp folder C:\ProgramData\PassMark\OSForensics\Temp\18140 2023/07/02 20:43:52 676333 DEBUG [OSForensics.cpp->wWinMain:331] Main: Available phys mem: 9107922944 2023/07/02 20:43:52 676520 DEBUG [OSForensics.cpp->wWinMain:372] Main: Load OSF config 2023/07/02 20:43:52 685119 DEBUG [OSForensics.cpp->wWinMain:381] Main: Init OSFMount interface OK 2023/07/02 20:43:52 688267 DEBUG [OSForensics.cpp->wWinMain:401] Main: Init direct access OK 2023/07/02 20:43:52 809242 DEBUG [OSForensics.cpp->wWinMain:461] Main: Register disk events 2023/07/02 20:43:52 809398 DEBUG [OSForensics.cpp->wWinMain:471] Main: init dialog 2023/07/02 20:43:52 809403 DEBUG [OSForensics.cpp->InitDialog:1119] Init main dialog 2023/07/02 20:43:52 867582 DEBUG [CfgMain.cpp->InitCfgMain:389] CfgMain: Creating start window 2023/07/02 20:43:52 876090 DEBUG [CfgMain.cpp->InitCfgMain:392] CfgMain: Creating signature window 2023/07/02 20:43:52 877593 DEBUG [CfgMain.cpp->InitCfgMain:401] CfgMain: Creating FileHashing window 2023/07/02 20:43:52 879312 DEBUG [CfgFileHashing.cpp->FileHashingWindow::InitWindow:251] FileHashing: Creating Hash Sets Tab 2023/07/02 20:43:52 888930 DEBUG [CfgFileHashing.cpp->FileHashingWindow::InitWindow:253] FileHashing: Creating Create Hash Tab 2023/07/02 20:43:52 926460 DEBUG [CfgMain.cpp->InitCfgMain:414] CfgMain: Creating file name search window 2023/07/02 20:43:52 960685 DEBUG [CfgMain.cpp->InitCfgMain:416] CfgMain: Creating mismatch search window 2023/07/02 20:43:52 985814 DEBUG [CfgMain.cpp->InitCfgMain:418] CfgMain: Creating create index window 2023/07/02 20:43:52 987694 DEBUG [CfgMain.cpp->InitCfgMain:420] CfgMain: Creating search index window 2023/07/02 20:43:53 006969 DEBUG [CfgMain.cpp->InitCfgMain:422] CfgMain: Creating user activity window 2023/07/02 20:43:53 023051 DEBUG [CfgMain.cpp->InitCfgMain:424] CfgMain: Creating deleted file search window 2023/07/02 20:43:53 047498 DEBUG [CfgMain.cpp->InitCfgMain:426] CfgMain: Creating mem viewer window 2023/07/02 20:43:53 049515 DEBUG [CfgMain.cpp->InitCfgMain:428] CfgMain: Creating prefetch viewer window 2023/07/02 20:43:53 051873 DEBUG [CfgMain.cpp->InitCfgMain:431] CfgMain: Creating raw disk viewer window 2023/07/02 20:43:53 060895 DEBUG [CfgMain.cpp->InitCfgMain:433] CfgMain: Creating sys info window 2023/07/02 20:43:53 081271 DEBUG [CfgMain.cpp->InitCfgMain:435] CfgMain: Creating drive prep window 2023/07/02 20:43:53 108892 DEBUG [CfgMain.cpp->InitCfgMain:437] CfgMain: Creating password window 2023/07/02 20:43:53 123217 DEBUG [CfgMain.cpp->InitCfgMain:439] CfgMain: Creating forensic imaging window 2023/07/02 20:43:53 126030 DEBUG [CfgMain.cpp->InitCfgMain:441] CfgMain: Creating boot virtual machine window 2023/07/02 20:43:53 129519 DEBUG [CfgMain.cpp->InitCfgMain:445] CfgMain: Creating Mobile Artifact window 2023/07/02 20:43:53 140034 DEBUG [CfgMain.cpp->InitCfgMain:447] CfgMain: Creating remote acquisition window 2023/07/02 20:43:53 165938 DEBUG [CfgMain.cpp->InitCfgMain:455] CfgMain: Creating manage case window 2023/07/02 20:43:53 206324 DEBUG [CfgMain.cpp->InitCfgMain:459] CfgMain: Creating triage window 2023/07/02 20:43:53 212803 DEBUG [CfgMain.cpp->InitCfgMain:462] CfgMain: set focus 2023/07/02 20:43:53 229868 DEBUG [OSForensics.cpp->InitDialog:1139] Init main dialog finished 2023/07/02 20:43:53 229875 DEBUG [OSForensics.cpp->wWinMain:475] Main: show window 2023/07/02 20:43:53 242239 DEBUG [OSForensics.cpp->wWinMain:494] Main: set Foreground 2023/07/02 20:43:53 242362 DEBUG [OSForensics.cpp->wWinMain:505] Main: PopFileInitialize 2023/07/02 20:43:53 242503 DEBUG [OSForensics.cpp->wWinMain:523] Main: Display welcome 2023/07/02 20:43:53 246871 DEBUG [OSForensics.cpp->wWinMain:537] Main: SubCheck 2023/07/02 20:43:54 752645 DEBUG [OSForensics.cpp->wWinMain:787] CaseManagementInitWindow: No case successfully loaded. Setting default drive to C:\ 2023/07/02 20:43:54 754419 DEBUG [CfgCracking.cpp->CrackingWindow::InitWindow:407] Pswd: Creating Passwords & keys tab 2023/07/02 20:43:54 754428 DEBUG [CfgCracking.cpp->CrackingWindow::InitWindow:409] Pswd: Creating Windows Login tab 2023/07/02 20:43:54 770226 DEBUG [CfgCracking.cpp->CrackingWindow::InitWindow:411] Pswd: Initializing rainbow 2023/07/02 20:43:54 770383 DEBUG [main.cpp->initRainbowCrack:151] Rainbow: Loading charsets from C:\ProgramData\PassMark\OSForensics\RainbowTables\charset.txt 2023/07/02 20:43:54 770583 DEBUG [main.cpp->initRainbowCrack:157] Rainbow: Initializing SSL 2023/07/02 20:43:54 770587 DEBUG [main.cpp->initRainbowCrack:159] Rainbow: Initializing SSL 2023/07/02 20:43:54 771356 DEBUG [main.cpp->initRainbowCrack:172] Rainbow: Initializing Rainbow Table 2023/07/02 20:43:54 771360 DEBUG [main.cpp->initRainbowCrack:174] Rainbow: Initializing RainbowTable 2023/07/02 20:43:54 771366 DEBUG [CfgCracking.cpp->CrackingWindow::InitWindow:413] Pswd: Creating Rainbow Generate tab 2023/07/02 20:43:54 861929 DEBUG [CfgCracking.cpp->CrackingWindow::InitWindow:415] Pswd: Creating Rainbow Retrieval tab 2023/07/02 20:43:54 876094 DEBUG [CfgCracking.cpp->CrackingWindow::InitWindow:417] Pswd: Creating Decryption tab 2023/07/02 20:43:54 916596 DEBUG [CfgCracking.cpp->CrackingWindow::InitWindow:419] Pswd: Creating Install PFX tab 2023/07/02 20:43:54 932824 DEBUG [CfgSignature.cpp->SignatureWindow::InitWindow:193] Sig: Creating create sig tab 2023/07/02 20:43:54 941064 DEBUG [CfgSignature.cpp->SignatureWindow::InitWindow:195] Sig: Creating compare sig tab 2023/07/02 20:43:54 963385 DEBUG [OSForensics.cpp->wWinMain:792] CaseManagementInitWindow: Message loop 2023/07/02 20:43:55 701470 DEBUG [misc.cpp->RefreshPhysicalDisks:5441] Refresh Disks: sysinfo get partition info 2023/07/02 20:43:57 346494 DEBUG [misc.cpp->RefreshPhysicalDisks:5453] Refresh Disks: Open device: \\.\PhysicalDrive0 2023/07/02 20:43:57 347006 DEBUG [misc.cpp->RefreshPhysicalDisks:5459] Refresh Disks: Scan part table 2023/07/02 20:43:57 351369 DEBUG [DiskPartitionInfo.cpp->ScanAllDiskPartitions:2102] Scanning for recovered file systems (StartSec=0,NumSec=2048) 2023/07/02 20:43:57 356529 DEBUG [DiskPartitionInfo.cpp->ScanAllDiskPartitions:2110] Scanning for recovered file systems (StartSec=234438656,NumSec=2992) 2023/07/02 20:43:57 362828 DEBUG [DiskPartitionInfo.cpp->ScanAllDiskPartitions:2113] Found 0 recovered file systems 2023/07/02 20:43:57 362897 DEBUG [misc.cpp->RefreshPhysicalDisks:5453] Refresh Disks: Open device: \\.\PhysicalDrive1 2023/07/02 20:43:57 363602 DEBUG [misc.cpp->RefreshPhysicalDisks:5459] Refresh Disks: Scan part table 2023/07/02 20:43:57 365049 DEBUG [DiskPartitionInfo.cpp->ScanAllDiskPartitions:2102] Scanning for recovered file systems (StartSec=0,NumSec=34) 2023/07/02 20:43:57 368159 DEBUG [DiskPartitionInfo.cpp->ScanAllDiskPartitions:2110] Scanning for recovered file systems (StartSec=1953521664,NumSec=3504) 2023/07/02 20:43:57 415769 DEBUG [DiskPartitionInfo.cpp->ScanAllDiskPartitions:2113] Found 0 recovered file systems 2023/07/02 20:43:57 440464 DEBUG [CfgRecent.cpp->DoSort:2750] User Activity Scan: Sorting 2023/07/02 20:44:01 542274 DEBUG [CfgRecent.cpp->OnScan:3383] User Activity Scan: Begin 2023/07/02 20:44:01 542327 DEBUG [OSFActivityMonitor.cpp->OSFActivityMonitor::StartTask:193] Activity Monitor: Task Started (User Activity) 2023/07/02 20:44:01 542346 DEBUG [CfgRecent.cpp->OnScan:3390] User Activity Scan started on live machine 2023/07/02 20:44:01 556832 DEBUG [CfgRecent.cpp->OnScan:3532] User Activity Scan: Available phys mem: 9088516096 2023/07/02 20:44:01 556839 DEBUG [CfgRecent.cpp->OnScan:3539] User Activity Scan: Allocating MRUList 2023/07/02 20:44:01 556864 DEBUG [CfgRecent.cpp->OnScan:3541] User Activity Scan: Allocating installList 2023/07/02 20:44:01 556921 DEBUG [CfgRecent.cpp->OnScan:3543] User Activity Scan: Allocating autoRunList 2023/07/02 20:44:01 556934 DEBUG [CfgRecent.cpp->OnScan:3545] User Activity Scan: Allocating ClipboardList 2023/07/02 20:44:01 556945 DEBUG [CfgRecent.cpp->OnScan:3547] User Activity Scan: Allocating EventList 2023/07/02 20:44:01 556980 DEBUG [CfgRecent.cpp->OnScan:3549] User Activity Scan: Allocating userAssistList 2023/07/02 20:44:01 557026 DEBUG [CfgRecent.cpp->OnScan:3551] User Activity Scan: Allocating jumpListList 2023/07/02 20:44:01 557065 DEBUG [CfgRecent.cpp->OnScan:3553] User Activity Scan: Allocating shellBagList 2023/07/02 20:44:01 557104 DEBUG [CfgRecent.cpp->OnScan:3555] User Activity Scan: Allocating TimelineDBList 2023/07/02 20:44:01 557142 DEBUG [CfgRecent.cpp->OnScan:3557] User Activity Scan: Allocating RecycleBinList 2023/07/02 20:44:01 557179 DEBUG [CfgRecent.cpp->OnScan:3559] User Activity Scan: Allocating ShimCacheList 2023/07/02 20:44:01 557216 DEBUG [CfgRecent.cpp->OnScan:3561] User Activity Scan: Allocating SRUMDBList 2023/07/02 20:44:01 557252 DEBUG [CfgRecent.cpp->OnScan:3563] User Activity Scan: Allocating prefetchList 2023/07/02 20:44:01 557288 DEBUG [CfgRecent.cpp->OnScan:3565] User Activity Scan: Allocating winsearchList 2023/07/02 20:44:01 557325 DEBUG [CfgRecent.cpp->OnScan:3567] User Activity Scan: Allocating gBAMList 2023/07/02 20:44:01 557364 DEBUG [CfgRecent.cpp->OnScan:3569] User Activity Scan: Allocating gAntiForensicsList 2023/07/02 20:44:01 557380 DEBUG [CfgRecent.cpp->OnScan:3574] User Activity Scan: Available phys mem: 9088466944 2023/07/02 20:44:01 557385 DEBUG [CfgRecent.cpp->OnScan:3576] User Activity Scan: Allocating downloadList 2023/07/02 20:44:01 557397 DEBUG [CfgRecent.cpp->OnScan:3578] User Activity Scan: Allocating urlList 2023/07/02 20:44:01 557410 DEBUG [CfgRecent.cpp->OnScan:3580] User Activity Scan: Allocating SearchTermList 2023/07/02 20:44:01 557423 DEBUG [CfgRecent.cpp->OnScan:3582] User Activity Scan: Allocating LoginList 2023/07/02 20:44:01 557848 DEBUG [CfgRecent.cpp->OnScan:3584] User Activity Scan: Allocating formList 2023/07/02 20:44:01 557881 DEBUG [CfgRecent.cpp->OnScan:3586] User Activity Scan: Allocating bookmarkList 2023/07/02 20:44:01 557924 DEBUG [CfgRecent.cpp->OnScan:3588] User Activity Scan: Allocating ChatList 2023/07/02 20:44:01 557943 DEBUG [CfgRecent.cpp->OnScan:3590] User Activity Scan: Allocating P2PList 2023/07/02 20:44:01 558006 DEBUG [CfgRecent.cpp->OnScan:3592] User Activity Scan: Allocating wlanList 2023/07/02 20:44:01 558058 DEBUG [CfgRecent.cpp->OnScan:3594] User Activity Scan: Allocating gCryptocurrencyList 2023/07/02 20:44:01 558106 DEBUG [CfgRecent.cpp->OnScan:3596] User Activity Scan: Allocating cookieList 2023/07/02 20:44:01 558157 DEBUG [CfgRecent.cpp->OnScan:3598] User Activity Scan: Allocating Custom Dictionary List 2023/07/02 20:44:01 558205 DEBUG [CfgRecent.cpp->OnScan:3603] User Activity Scan: Available phys mem: 9088389120 2023/07/02 20:44:01 558210 DEBUG [CfgRecent.cpp->OnScan:3605] User Activity Scan: Allocating UsbList 2023/07/02 20:44:01 558240 DEBUG [CfgRecent.cpp->OnScan:3607] User Activity Scan: Allocating mountedVolList 2023/07/02 20:44:01 558286 DEBUG [CfgRecent.cpp->OnScan:3609] User Activity Scan: Allocating MobileBackupList 2023/07/02 20:44:01 560758 DEBUG [misc.cpp->LocalOSEnv::GetLocalFolderNames:7338] GetLocalFolderNames: check SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders 2023/07/02 20:44:01 560769 DEBUG [misc.cpp->LocalOSEnv::GetLocalFolderNames:7343] GetLocalFolderNames: Key loaded successfully 2023/07/02 20:44:01 560780 DEBUG [misc.cpp->LocalOSEnv::GetLocalFolderNames:7363] GetLocaFolderNames: DocumentsAndSettingsLocalName Users 2023/07/02 20:44:01 560788 DEBUG [misc.cpp->LocalOSEnv::GetLocalFolderNames:7385] GetLocaFolderNames: CommonAppDataLocalName ProgramData 2023/07/02 20:44:01 560861 DEBUG [misc.cpp->LocalOSEnv::GetLocalFolderNames:7412] GetLocalFolderNames: Could not query "{374DE290-123F-4565-9164-39C4925E467B}" 2023/07/02 20:44:01 560868 DEBUG [misc.cpp->LocalOSEnv::GetLocalFolderNames:7434] GetLocalFolderNames: Could not query "{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}" 2023/07/02 20:44:01 560874 DEBUG [misc.cpp->LocalOSEnv::GetLocalFolderNames:7456] GetLocalFolderNames: Could not query "{FDD39AD0-238F-46AF-ADB4-6C85480369C7}" 2023/07/02 20:44:01 560927 DEBUG [misc.cpp->LocalOSEnv::GetLocalFolderNames:7688] GetLocaFolderNames: Getting folder locations based on current user C:\Users\User 2023/07/02 20:44:01 561121 DEBUG [misc.cpp->LocalOSEnv::GetLocalFolderNames:7705] GetLocaFolderNames: AppDataLocalName AppData\Roaming 2023/07/02 20:44:01 561128 DEBUG [misc.cpp->LocalOSEnv::GetLocalFolderNames:7722] GetLocaFolderNames: LocalAppDataLocalName AppData\Local 2023/07/02 20:44:01 561304 DEBUG [misc.cpp->LocalOSEnv::GetLocalFolderNames:7740] GetLocaFolderNames: HistoryLocalName AppData\Local\Microsoft\Windows\History 2023/07/02 20:44:01 561457 DEBUG [misc.cpp->LocalOSEnv::GetLocalFolderNames:7759] GetLocaFolderNames: RecentLocalName AppData\Roaming\Microsoft\Windows\Recent 2023/07/02 20:44:01 561471 DEBUG [misc.cpp->LocalOSEnv::GetLocalFolderNames:7770] GetLocalFolderNames: check local registry for "Local Settings" 2023/07/02 20:44:01 561512 DEBUG [misc.cpp->LocalOSEnv::GetLocalFolderNames:7811] GetLocalFolderNames end (detected OS: Unknown) 2023/07/02 20:44:01 561523 DEBUG [RegistryPasswords.cpp->GetWindowsPasswordHashes:635] Password recovery: GetWindowsPasswordHashes start 2023/07/02 20:44:01 561559 DEBUG [RegistryPasswords.cpp->GetWindowsPasswordHashes:782] Password recovery: GetWindowsPasswordHashes Live system drive 2023/07/02 20:44:01 562064 DEBUG [RegistryPasswords.cpp->DecryptHashes:2204] Password recovery: DecryptHashes start 2023/07/02 20:44:01 582269 DEBUG [RegistryPasswords.cpp->GetCachedDomainUsers:223] Password recovery: GetCachedDomainUsers open C:\Windows\System32\Config\security 2023/07/02 20:44:01 582277 DEBUG [CfgStart.cpp->CreateTempRegFileIfNeeded:2900] CreateTempRegFileIfNeeded: A 2023/07/02 20:44:01 582334 DEBUG [CfgStart.cpp->CreateTempRegFileIfNeeded:2905] CreateTempRegFileIfNeeded: B 2023/07/02 20:44:01 582337 DEBUG [CfgStart.cpp->CreateTempRegFileIfNeeded:2910] CreateTempRegFileIfNeeded: C 2023/07/02 20:44:01 582521 DEBUG [CfgStart.cpp->CreateTempRegFileIfNeeded:2919] CreateTempRegFileIfNeeded: DA 2023/07/02 20:44:01 582527 DEBUG [CfgStart.cpp->CreateTempRegFileIfNeeded:2927] CreateTempRegFileIfNeeded: DB 2023/07/02 20:44:01 582529 DEBUG [CfgStart.cpp->CreateTempRegFileIfNeeded:2932] CreateTempRegFileIfNeeded: DC 2023/07/02 20:44:01 582608 DEBUG [RegViewer.cpp->ShadowCopyFiles:180] ShadowCopyFiles entry 2023/07/02 20:44:01 582614 DEBUG [RegViewer.cpp->ShadowCopyFiles:184] ShadowCopyFiles: Trying to create shadow volume 2023/07/02 20:44:01 582690 DEBUG [RegViewer.cpp->CreateShadowVolumeForFC:70] CreateShadowVolumeForFC entry 2023/07/02 20:44:01 582695 DEBUG [RegViewer.cpp->CreateShadowVolumeForFC:81] CreateShadowVolumeForFC Initialize VSS client 2023/07/02 20:44:01 589563 DEBUG [RegViewer.cpp->CreateShadowVolumeForFC:86] CreateShadowVolumeForFC Get unique vol name for: C:\ 2023/07/02 20:44:01 592183 DEBUG [RegViewer.cpp->CreateShadowVolumeForFC:90] unique vol name: \\?\Volume{7ca98c3f-915d-4b9b-af94-0c1461c57887}\ 2023/07/02 20:44:01 592193 DEBUG [RegViewer.cpp->CreateShadowVolumeForFC:98] CreateShadowVolumeForFC create snapshot set 2023/07/02 20:44:02 964600 DEBUG [RegViewer.cpp->CreateShadowVolumeForFC:107] CreateShadowVolumeForFC getLatestSnapshotIdListt 2023/07/02 20:44:02 964607 DEBUG [RegViewer.cpp->CreateShadowVolumeForFC:112] CreateShadowVolumeForFC GetSnapshotDeviceName 2023/07/02 20:44:02 965111 DEBUG [RegViewer.cpp->CreateShadowVolumeForFC:121] CreateShadowVolumeForFC exit 2023/07/02 20:44:02 965119 DEBUG [RegViewer.cpp->ShadowCopyFiles:206] ShadowCopyFiles: created shadow volume 2023/07/02 20:44:02 965122 DEBUG [RegViewer.cpp->ShadowCopyFiles:211] ShadowCopyFiles: 1 files to copy 2023/07/02 20:44:02 965125 DEBUG [RegViewer.cpp->ShadowCopyFiles:218] ShadowCopyFiles: curent file: C:\Windows\System32\Config\security 2023/07/02 20:44:02 965129 DEBUG [RegViewer.cpp->ShadowCopyFiles:223] ShadowCopyFiles: SourceFile: \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy5\Windows\System32\Config\security 2023/07/02 20:44:02 965139 DEBUG [RegViewer.cpp->ShadowCopyFiles:236] ShadowCopyFiles: DestFile: C:\ProgramData\PassMark\OSForensics\Temp\18140\7BF3CE7C9DC6F1EC11D70AC3ADB400B8 2023/07/02 20:44:03 298360 DEBUG [RegViewer.cpp->ShadowCopyFiles:273] ShadowCopyFiles done 2023/07/02 20:44:03 302182 DEBUG [CfgStart.cpp->CreateTempRegFileIfNeeded:2944] CreateTempRegFileIfNeeded check temp file access 2023/07/02 20:44:03 306568 DEBUG [CfgStart.cpp->CreateTempRegFileIfNeeded:2989] CreateTempRegFileIfNeeded: finished 2023/07/02 20:44:03 306693 DEBUG [RegistryPasswords.cpp->GetCachedDomainUsers:256] Password recovery: GetCachedDomainUsers 1 2023/07/02 20:44:03 306748 DEBUG [RegistryPasswords.cpp->GetCachedDomainUsers:296] Password recovery: GetCachedDomainUsers 2 2023/07/02 20:44:03 306893 DEBUG [RegistryPasswords.cpp->GetCachedDomainUsers:324] Password recovery: GetCachedDomainUsers 3 2023/07/02 20:44:03 306913 DEBUG [RegistryPasswords.cpp->GetCachedDomainUsers:368] Password recovery: GetCachedDomainUsers 4 2023/07/02 20:44:03 307052 DEBUG [RegistryPasswords.cpp->GetCachedDomainUsers:402] Password recovery: GetCachedDomainUsers 5 2023/07/02 20:44:03 307061 DEBUG [RegistryPasswords.cpp->GetCachedDomainUsers:429] Password recovery: GetCachedDomainUsers 6 2023/07/02 20:44:03 307065 DEBUG [RegistryPasswords.cpp->GetCachedDomainUsers:554] Password recovery: GetCachedDomainUsers done 2023/07/02 20:44:03 307069 DEBUG [RegistryPasswords.cpp->GetCachedDomainUsers:561] Password recovery: GetCachedDomainUsers cleaned up 2023/07/02 20:44:03 307346 DEBUG [RegistryPasswords.cpp->GetWindowsPasswordHashes:871] Password recovery: GetWindowsPasswordHashes end 2023/07/02 20:44:03 307519 DEBUG [LSASecrets.cpp->GetSystemPWfromLSASecrets:39] GetSystemPWfromLSASecrets start 2023/07/02 20:44:03 307706 DEBUG [CfgStart.cpp->CreateTempRegFileIfNeeded:2900] CreateTempRegFileIfNeeded: A 2023/07/02 20:44:03 307769 DEBUG [CfgStart.cpp->CreateTempRegFileIfNeeded:2905] CreateTempRegFileIfNeeded: B 2023/07/02 20:44:03 307773 DEBUG [CfgStart.cpp->CreateTempRegFileIfNeeded:2910] CreateTempRegFileIfNeeded: C 2023/07/02 20:44:03 308013 DEBUG [CfgStart.cpp->CreateTempRegFileIfNeeded:2919] CreateTempRegFileIfNeeded: DA 2023/07/02 20:44:03 308018 DEBUG [CfgStart.cpp->CreateTempRegFileIfNeeded:2927] CreateTempRegFileIfNeeded: DB 2023/07/02 20:44:03 308020 DEBUG [CfgStart.cpp->CreateTempRegFileIfNeeded:2932] CreateTempRegFileIfNeeded: DC 2023/07/02 20:44:03 308125 DEBUG [RegViewer.cpp->ShadowCopyFiles:180] ShadowCopyFiles entry 2023/07/02 20:44:03 308130 DEBUG [RegViewer.cpp->ShadowCopyFiles:184] ShadowCopyFiles: Trying to create shadow volume 2023/07/02 20:44:03 308140 DEBUG [RegViewer.cpp->CreateShadowVolumeForFC:70] CreateShadowVolumeForFC entry 2023/07/02 20:44:03 308142 DEBUG [RegViewer.cpp->CreateShadowVolumeForFC:81] CreateShadowVolumeForFC Initialize VSS client 2023/07/02 20:44:03 311822 DEBUG [RegViewer.cpp->CreateShadowVolumeForFC:86] CreateShadowVolumeForFC Get unique vol name for: C:\ 2023/07/02 20:44:03 312005 DEBUG [RegViewer.cpp->CreateShadowVolumeForFC:90] unique vol name: \\?\Volume{7ca98c3f-915d-4b9b-af94-0c1461c57887}\ 2023/07/02 20:44:03 312010 DEBUG [RegViewer.cpp->CreateShadowVolumeForFC:98] CreateShadowVolumeForFC create snapshot set 2023/07/02 20:44:04 516222 DEBUG [RegViewer.cpp->CreateShadowVolumeForFC:107] CreateShadowVolumeForFC getLatestSnapshotIdListt 2023/07/02 20:44:04 516229 DEBUG [RegViewer.cpp->CreateShadowVolumeForFC:112] CreateShadowVolumeForFC GetSnapshotDeviceName 2023/07/02 20:44:04 516696 DEBUG [RegViewer.cpp->CreateShadowVolumeForFC:121] CreateShadowVolumeForFC exit 2023/07/02 20:44:04 516707 DEBUG [RegViewer.cpp->ShadowCopyFiles:206] ShadowCopyFiles: created shadow volume 2023/07/02 20:44:04 516711 DEBUG [RegViewer.cpp->ShadowCopyFiles:211] ShadowCopyFiles: 1 files to copy 2023/07/02 20:44:04 516713 DEBUG [RegViewer.cpp->ShadowCopyFiles:218] ShadowCopyFiles: curent file: C:\Windows\System32\config\SYSTEM 2023/07/02 20:44:04 516716 DEBUG [RegViewer.cpp->ShadowCopyFiles:223] ShadowCopyFiles: SourceFile: \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy6\Windows\System32\config\SYSTEM 2023/07/02 20:44:04 516727 DEBUG [RegViewer.cpp->ShadowCopyFiles:236] ShadowCopyFiles: DestFile: C:\ProgramData\PassMark\OSForensics\Temp\18140\8F337D42B54B75C4007A892D5DDC3F83 2023/07/02 20:44:04 926083 DEBUG [RegViewer.cpp->ShadowCopyFiles:273] ShadowCopyFiles done 2023/07/02 20:44:04 931353 DEBUG [CfgStart.cpp->CreateTempRegFileIfNeeded:2944] CreateTempRegFileIfNeeded check temp file access 2023/07/02 20:44:04 935202 DEBUG [CfgStart.cpp->CreateTempRegFileIfNeeded:2989] CreateTempRegFileIfNeeded: finished 2023/07/02 20:44:04 935209 DEBUG [CfgStart.cpp->CreateTempRegFileIfNeeded:2900] CreateTempRegFileIfNeeded: A 2023/07/02 20:44:04 935293 DEBUG [CfgStart.cpp->CreateTempRegFileIfNeeded:2905] CreateTempRegFileIfNeeded: B 2023/07/02 20:44:04 935297 DEBUG [CfgStart.cpp->CreateTempRegFileIfNeeded:2910] CreateTempRegFileIfNeeded: C 2023/07/02 20:44:04 935347 DEBUG [CfgStart.cpp->CreateTempRegFileIfNeeded:2919] CreateTempRegFileIfNeeded: DA 2023/07/02 20:44:04 935351 DEBUG [CfgStart.cpp->CreateTempRegFileIfNeeded:2927] CreateTempRegFileIfNeeded: DB 2023/07/02 20:44:04 935353 DEBUG [CfgStart.cpp->CreateTempRegFileIfNeeded:2932] CreateTempRegFileIfNeeded: DC 2023/07/02 20:44:04 935357 DEBUG [RegViewer.cpp->ShadowCopyFiles:180] ShadowCopyFiles entry 2023/07/02 20:44:04 935360 DEBUG [RegViewer.cpp->ShadowCopyFiles:184] ShadowCopyFiles: Trying to create shadow volume 2023/07/02 20:44:04 935398 DEBUG [RegViewer.cpp->CreateShadowVolumeForFC:70] CreateShadowVolumeForFC entry 2023/07/02 20:44:04 935402 DEBUG [RegViewer.cpp->CreateShadowVolumeForFC:81] CreateShadowVolumeForFC Initialize VSS client 2023/07/02 20:44:04 938090 DEBUG [RegViewer.cpp->CreateShadowVolumeForFC:86] CreateShadowVolumeForFC Get unique vol name for: C:\ 2023/07/02 20:44:04 938298 DEBUG [RegViewer.cpp->CreateShadowVolumeForFC:90] unique vol name: \\?\Volume{7ca98c3f-915d-4b9b-af94-0c1461c57887}\ 2023/07/02 20:44:04 938303 DEBUG [RegViewer.cpp->CreateShadowVolumeForFC:98] CreateShadowVolumeForFC create snapshot set 2023/07/02 20:44:06 735763 DEBUG [RegViewer.cpp->CreateShadowVolumeForFC:107] CreateShadowVolumeForFC getLatestSnapshotIdListt 2023/07/02 20:44:06 735771 DEBUG [RegViewer.cpp->CreateShadowVolumeForFC:112] CreateShadowVolumeForFC GetSnapshotDeviceName 2023/07/02 20:44:06 736311 DEBUG [RegViewer.cpp->CreateShadowVolumeForFC:121] CreateShadowVolumeForFC exit 2023/07/02 20:44:06 736317 DEBUG [RegViewer.cpp->ShadowCopyFiles:206] ShadowCopyFiles: created shadow volume 2023/07/02 20:44:06 736321 DEBUG [RegViewer.cpp->ShadowCopyFiles:211] ShadowCopyFiles: 1 files to copy 2023/07/02 20:44:06 736323 DEBUG [RegViewer.cpp->ShadowCopyFiles:218] ShadowCopyFiles: curent file: C:\Windows\System32\config\SECURITY 2023/07/02 20:44:06 736327 DEBUG [RegViewer.cpp->ShadowCopyFiles:223] ShadowCopyFiles: SourceFile: \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy7\Windows\System32\config\SECURITY 2023/07/02 20:44:06 736338 DEBUG [RegViewer.cpp->ShadowCopyFiles:236] ShadowCopyFiles: DestFile: C:\ProgramData\PassMark\OSForensics\Temp\18140\9252EB97A379014387027E5488A602AC 2023/07/02 20:44:07 106159 DEBUG [RegViewer.cpp->ShadowCopyFiles:273] ShadowCopyFiles done 2023/07/02 20:44:07 112152 DEBUG [CfgStart.cpp->CreateTempRegFileIfNeeded:2944] CreateTempRegFileIfNeeded check temp file access 2023/07/02 20:44:07 119741 DEBUG [CfgStart.cpp->CreateTempRegFileIfNeeded:2989] CreateTempRegFileIfNeeded: finished 2023/07/02 20:44:07 128228 DEBUG [LSASecrets.cpp->GetSystemPWfromLSASecrets:174] Opening keys in : ControlSet001\Control\Lsa 2023/07/02 20:44:07 128513 DEBUG [LSASecrets.cpp->GetSystemPWfromLSASecrets:237] Opening key: Policy\PolRevision 2023/07/02 20:44:07 128536 DEBUG [LSASecrets.cpp->GetSystemPWfromLSASecrets:272] Policy revision: 1.2 2023/07/02 20:44:07 128548 DEBUG [LSASecrets.cpp->GetSystemPWfromLSASecrets:280] Opening key: Policy\PolEKList 2023/07/02 20:44:07 128595 DEBUG [LSASecrets.cpp->decryptLSAKeyNT6:611] decryptLSAKeyNT6 start (lsa len: 172, syskey len: 16) 2023/07/02 20:44:07 128699 DEBUG [LSASecrets.cpp->decryptLSAKeyNT6:705] pt len = 96 2023/07/02 20:44:07 128703 DEBUG [LSASecrets.cpp->decryptLSAKeyNT6:716] key size = 84 2023/07/02 20:44:07 128708 DEBUG [LSASecrets.cpp->decryptLSAKeyNT6:750] nb = 1 2023/07/02 20:44:07 128710 DEBUG [LSASecrets.cpp->decryptLSAKeyNT6:782] [0] t = 3, l = 32 2023/07/02 20:44:07 128714 DEBUG [LSASecrets.cpp->decryptLSAKeyNT6:803] decryptLSAKeyNT6 end 2023/07/02 20:44:07 128776 DEBUG [LSASecrets.cpp->decryptLSASecret:491] decryptLSASecret start 2023/07/02 20:44:07 128933 DEBUG [LSASecrets.cpp->decryptLSASecret:605] decryptLSASecret end 2023/07/02 20:44:07 129028 DEBUG [LSASecrets.cpp->decryptLSASecret:491] decryptLSASecret start 2023/07/02 20:44:07 129114 DEBUG [LSASecrets.cpp->decryptLSASecret:605] decryptLSASecret end 2023/07/02 20:44:07 129168 DEBUG [LSASecrets.cpp->decryptLSASecret:491] decryptLSASecret start 2023/07/02 20:44:07 129324 DEBUG [LSASecrets.cpp->decryptLSASecret:605] decryptLSASecret end 2023/07/02 20:44:07 129413 DEBUG [LSASecrets.cpp->GetSystemPWfromLSASecrets:483] GetSystemPWfromLSASecrets end 2023/07/02 20:44:07 130132 DEBUG [DPAPI_Emulator.cpp->DPAPIEmulator::DPAPIEmulator:99] using DPAPISystemToken (0) 2023/07/02 20:44:07 130144 DEBUG [misc.cpp->LocalOSEnv::GetNextUser:7836] LocalOSEnv::GetNextUser start 2023/07/02 20:44:07 130147 DEBUG [misc.cpp->LocalOSEnv::GetNextUser:7856] LocalOSEnv::GetNextUser xp check 2023/07/02 20:44:07 130296 DEBUG [misc.cpp->LocalOSEnv::GetNextUser:7863] LocalOSEnv::GetNextUser cleanup profile path 2023/07/02 20:44:07 130308 DEBUG [misc.cpp->LocalOSEnv::GetNextUser:7891] LocalOSEnv::GetNextUser Drive != 0 2023/07/02 20:44:07 130312 DEBUG [misc.cpp->LocalOSEnv::GetNextUser:7899] LocalOSEnv::GetNextUser GetVolumeInformation C:\ 2023/07/02 20:44:07 130416 DEBUG [misc.cpp->LocalOSEnv::GetNextUser:7908] LocalOSEnv::GetNextUser win7/mac check 2023/07/02 20:44:07 130496 DEBUG [misc.cpp->LocalOSEnv::GetNextUser:7939] LocalOSEnv::GetNextUser cleanup profile path C:\Users\* 2023/07/02 20:44:07 130503 DEBUG [misc.cpp->LocalOSEnv::GetNextUser:7945] LocalOSEnv::GetNextUser next 2023/07/02 20:44:07 130506 DEBUG [misc.cpp->LocalOSEnv::GetNextUser:8007] LocalOSEnv::GetNextUser Search for users in this location 2023/07/02 20:44:07 130509 DEBUG [misc.cpp->LocalOSEnv::GetNextUser:8011] LocalOSEnv::GetNextUser next file 2023/07/02 20:44:07 130512 DEBUG [misc.cpp->LocalOSEnv::GetNextUser:8013] . 2023/07/02 20:44:07 130564 DEBUG [misc.cpp->LocalOSEnv::GetNextUser:8011] LocalOSEnv::GetNextUser next file 2023/07/02 20:44:07 130568 DEBUG [misc.cpp->LocalOSEnv::GetNextUser:8013] .. 2023/07/02 20:44:07 130570 DEBUG [misc.cpp->LocalOSEnv::GetNextUser:8011] LocalOSEnv::GetNextUser next file 2023/07/02 20:44:07 130574 DEBUG [misc.cpp->LocalOSEnv::GetNextUser:8013] All Users 2023/07/02 20:44:07 130576 DEBUG [misc.cpp->LocalOSEnv::GetNextUser:8021] LocalOSEnv::GetNextUser finish 2023/07/02 20:44:07 130679 DEBUG [misc.cpp->LocalOSEnv::GetNextUser:7836] LocalOSEnv::GetNextUser start 2023/07/02 20:44:07 130684 DEBUG [misc.cpp->LocalOSEnv::GetNextUser:8007] LocalOSEnv::GetNextUser Search for users in this location 2023/07/02 20:44:07 130686 DEBUG [misc.cpp->LocalOSEnv::GetNextUser:8011] LocalOSEnv::GetNextUser next file 2023/07/02 20:44:07 130688 DEBUG [misc.cpp->LocalOSEnv::GetNextUser:8013] Default 2023/07/02 20:44:07 130783 DEBUG [misc.cpp->LocalOSEnv::GetNextUser:8021] LocalOSEnv::GetNextUser finish 2023/07/02 20:44:07 130838 DEBUG [misc.cpp->LocalOSEnv::GetNextUser:7836] LocalOSEnv::GetNextUser start 2023/07/02 20:44:07 130937 DEBUG [misc.cpp->LocalOSEnv::GetNextUser:8007] LocalOSEnv::GetNextUser Search for users in this location 2023/07/02 20:44:07 130942 DEBUG [misc.cpp->LocalOSEnv::GetNextUser:8011] LocalOSEnv::GetNextUser next file 2023/07/02 20:44:07 130945 DEBUG [misc.cpp->LocalOSEnv::GetNextUser:8013] Default User 2023/07/02 20:44:07 131052 DEBUG [misc.cpp->LocalOSEnv::GetNextUser:8021] LocalOSEnv::GetNextUser finish 2023/07/02 20:44:07 131152 DEBUG [misc.cpp->LocalOSEnv::GetNextUser:7836] LocalOSEnv::GetNextUser start 2023/07/02 20:44:07 131189 DEBUG [misc.cpp->LocalOSEnv::GetNextUser:8007] LocalOSEnv::GetNextUser Search for users in this location 2023/07/02 20:44:07 131193 DEBUG [misc.cpp->LocalOSEnv::GetNextUser:8011] LocalOSEnv::GetNextUser next file 2023/07/02 20:44:07 131195 DEBUG [misc.cpp->LocalOSEnv::GetNextUser:8013] desktop.ini 2023/07/02 20:44:07 131235 DEBUG [misc.cpp->LocalOSEnv::GetNextUser:8011] LocalOSEnv::GetNextUser next file 2023/07/02 20:44:07 131240 DEBUG [misc.cpp->LocalOSEnv::GetNextUser:8013] Public 2023/07/02 20:44:07 131242 DEBUG [misc.cpp->LocalOSEnv::GetNextUser:8021] LocalOSEnv::GetNextUser finish 2023/07/02 20:44:07 131287 DEBUG [misc.cpp->LocalOSEnv::GetNextUser:7836] LocalOSEnv::GetNextUser start 2023/07/02 20:44:07 131291 DEBUG [misc.cpp->LocalOSEnv::GetNextUser:8007] LocalOSEnv::GetNextUser Search for users in this location 2023/07/02 20:44:07 131299 DEBUG [misc.cpp->LocalOSEnv::GetNextUser:8011] LocalOSEnv::GetNextUser next file 2023/07/02 20:44:07 131343 DEBUG [misc.cpp->LocalOSEnv::GetNextUser:8013] User 2023/07/02 20:44:07 131347 DEBUG [misc.cpp->LocalOSEnv::GetNextUser:8021] LocalOSEnv::GetNextUser finish 2023/07/02 20:44:07 131552 DEBUG [DPAPI_Emulator.cpp->DPAPIEmulator::AddMasterKeyFileToPool:230] AddMasterKeyFileToPool - C:\Users\User\AppData\Roaming\Microsoft\Protect\S-1-5-21-3433735131-2610830180-146811263-1001\1364fb9a-90d0-49d6-9cde-0680120fe0af 2023/07/02 20:44:07 131750 DEBUG [DPAPI_Emulator.cpp->DPAPIEmulator::AddMasterKeyFileToPool:230] AddMasterKeyFileToPool - C:\Users\User\AppData\Roaming\Microsoft\Protect\S-1-5-21-3433735131-2610830180-146811263-1001\204e7ad4-f85d-48d8-8dcb-54b860a55f81 2023/07/02 20:44:07 131899 DEBUG [DPAPI_Emulator.cpp->DPAPIEmulator::AddMasterKeyFileToPool:230] AddMasterKeyFileToPool - C:\Users\User\AppData\Roaming\Microsoft\Protect\S-1-5-21-3433735131-2610830180-146811263-1001\4838034f-dd34-4293-829b-99f75b0608c0 2023/07/02 20:44:07 132156 DEBUG [DPAPI_Emulator.cpp->DPAPIEmulator::AddMasterKeyFileToPool:230] AddMasterKeyFileToPool - C:\Users\User\AppData\Roaming\Microsoft\Protect\S-1-5-21-3433735131-2610830180-146811263-1001\5baba3fc-72fc-4c20-82f6-806eefb9ca37 2023/07/02 20:44:07 132404 DEBUG [DPAPI_Emulator.cpp->DPAPIEmulator::AddMasterKeyFileToPool:230] AddMasterKeyFileToPool - C:\Users\User\AppData\Roaming\Microsoft\Protect\S-1-5-21-3433735131-2610830180-146811263-1001\6149bc79-de93-4f07-a8c1-40fd701bba95 2023/07/02 20:44:07 132544 DEBUG [DPAPI_Emulator.cpp->DPAPIEmulator::AddMasterKeyFileToPool:230] AddMasterKeyFileToPool - C:\Users\User\AppData\Roaming\Microsoft\Protect\S-1-5-21-3433735131-2610830180-146811263-1001\61775497-a204-41de-bf98-0e5880e7a6f2 2023/07/02 20:44:07 132667 DEBUG [DPAPI_Emulator.cpp->DPAPIEmulator::AddMasterKeyFileToPool:230] AddMasterKeyFileToPool - C:\Users\User\AppData\Roaming\Microsoft\Protect\S-1-5-21-3433735131-2610830180-146811263-1001\646e1ef2-d412-4012-acf5-5fa1674979cf 2023/07/02 20:44:07 132866 DEBUG [DPAPI_Emulator.cpp->DPAPIEmulator::AddMasterKeyFileToPool:230] AddMasterKeyFileToPool - C:\Users\User\AppData\Roaming\Microsoft\Protect\S-1-5-21-3433735131-2610830180-146811263-1001\813ac69a-15e8-4c95-8c7b-14b0fc71605a 2023/07/02 20:44:07 132996 DEBUG [DPAPI_Emulator.cpp->DPAPIEmulator::AddMasterKeyFileToPool:230] AddMasterKeyFileToPool - C:\Users\User\AppData\Roaming\Microsoft\Protect\S-1-5-21-3433735131-2610830180-146811263-1001\95eb7a08-b147-48b4-8300-b5aa4b43d9af 2023/07/02 20:44:07 133118 DEBUG [DPAPI_Emulator.cpp->DPAPIEmulator::AddMasterKeyFileToPool:230] AddMasterKeyFileToPool - C:\Users\User\AppData\Roaming\Microsoft\Protect\S-1-5-21-3433735131-2610830180-146811263-1001\9e6ae495-a7f3-4eda-aec8-907d779d75aa 2023/07/02 20:44:07 133543 DEBUG [DPAPI_Emulator.cpp->DPAPIEmulator::AddMasterKeyFileToPool:230] AddMasterKeyFileToPool - C:\Users\User\AppData\Roaming\Microsoft\Protect\S-1-5-21-3433735131-2610830180-146811263-1001\f46b943c-dfe2-4aea-a69b-aa9d731511e6 2023/07/02 20:44:07 133742 DEBUG [DPAPI_Emulator.cpp->DPAPIEmulator::AddMasterKeyFileToPool:230] AddMasterKeyFileToPool - C:\Users\User\AppData\Roaming\Microsoft\Protect\S-1-5-21-3433735131-2610830180-146811263-1001\f5a23ee7-1eb4-46dd-b17e-8f63726cde65 2023/07/02 20:44:07 133908 DEBUG [misc.cpp->LocalOSEnv::GetNextUser:7836] LocalOSEnv::GetNextUser start 2023/07/02 20:44:07 133918 DEBUG [misc.cpp->LocalOSEnv::GetNextUser:7883] LocalOSEnv::GetNextUser close handle 2023/07/02 20:44:07 133929 DEBUG [misc.cpp->LocalOSEnv::GetNextUser:7891] LocalOSEnv::GetNextUser Drive != 0 2023/07/02 20:44:07 133932 DEBUG [misc.cpp->LocalOSEnv::GetNextUser:7899] LocalOSEnv::GetNextUser GetVolumeInformation C:\ 2023/07/02 20:44:07 134074 DEBUG [misc.cpp->LocalOSEnv::GetNextUser:7923] LocalOSEnv::GetNextUser ubununtu check 2023/07/02 20:44:07 134123 DEBUG [misc.cpp->LocalOSEnv::GetNextUser:7939] LocalOSEnv::GetNextUser cleanup profile path C:\home\* 2023/07/02 20:44:07 134127 DEBUG [misc.cpp->LocalOSEnv::GetNextUser:7945] LocalOSEnv::GetNextUser next 2023/07/02 20:44:07 134129 DEBUG [misc.cpp->LocalOSEnv::GetNextUser:7891] LocalOSEnv::GetNextUser Drive != 0 2023/07/02 20:44:07 134219 DEBUG [misc.cpp->LocalOSEnv::GetNextUser:7899] LocalOSEnv::GetNextUser GetVolumeInformation C:\ 2023/07/02 20:44:07 134359 DEBUG [misc.cpp->LocalOSEnv::GetNextUser:7939] LocalOSEnv::GetNextUser cleanup profile path 2023/07/02 20:44:07 134363 DEBUG [misc.cpp->LocalOSEnv::GetNextUser:7945] LocalOSEnv::GetNextUser next 2023/07/02 20:44:07 134407 DEBUG [misc.cpp->LocalOSEnv::GetNextUser:8038] LocalOSEnv::GetNextUser end 2023/07/02 20:44:07 134542 DEBUG [DPAPI_Emulator.cpp->DPAPIEmulator::AddMasterKeyFileToPool:230] AddMasterKeyFileToPool - C:\Windows\System32\Microsoft\Protect\S-1-5-18\03f95ae3-6db4-4482-b476-e89db1f73808 2023/07/02 20:44:07 134649 DEBUG [DPAPI_Emulator.cpp->DPAPIEmulator::AddMasterKeyFileToPool:399] AddMasterKeyFileToPool Found DECRYPT_TYPE_SYSTEM master key 2023/07/02 20:44:07 134683 DEBUG [DPAPI_Emulator.cpp->DPAPIEmulator::AddMasterKeyFileToPool:230] AddMasterKeyFileToPool - C:\Windows\System32\Microsoft\Protect\S-1-5-18\19fe09c1-04a2-4ddd-bdff-03f493f410e1 2023/07/02 20:44:07 134757 DEBUG [DPAPI_Emulator.cpp->DPAPIEmulator::AddMasterKeyFileToPool:399] AddMasterKeyFileToPool Found DECRYPT_TYPE_SYSTEM master key 2023/07/02 20:44:07 135135 DEBUG [DPAPI_Emulator.cpp->DPAPIEmulator::AddMasterKeyFileToPool:230] AddMasterKeyFileToPool - C:\Windows\System32\Microsoft\Protect\S-1-5-18\1cb44743-fed7-4fb5-be5b-364d20be132f 2023/07/02 20:44:07 135259 DEBUG [DPAPI_Emulator.cpp->DPAPIEmulator::AddMasterKeyFileToPool:399] AddMasterKeyFileToPool Found DECRYPT_TYPE_SYSTEM master key 2023/07/02 20:44:07 135284 DEBUG [DPAPI_Emulator.cpp->DPAPIEmulator::AddMasterKeyFileToPool:230] AddMasterKeyFileToPool - C:\Windows\System32\Microsoft\Protect\S-1-5-18\3d5f12eb-2a33-4361-9674-b1098b1fad81 2023/07/02 20:44:07 135354 DEBUG [DPAPI_Emulator.cpp->DPAPIEmulator::AddMasterKeyFileToPool:399] AddMasterKeyFileToPool Found DECRYPT_TYPE_SYSTEM master key 2023/07/02 20:44:07 135389 DEBUG [DPAPI_Emulator.cpp->DPAPIEmulator::AddMasterKeyFileToPool:230] AddMasterKeyFileToPool - C:\Windows\System32\Microsoft\Protect\S-1-5-18\5a9cafc1-139a-468f-81b1-7a815726efb5 2023/07/02 20:44:07 135471 DEBUG [DPAPI_Emulator.cpp->DPAPIEmulator::AddMasterKeyFileToPool:399] AddMasterKeyFileToPool Found DECRYPT_TYPE_SYSTEM master key 2023/07/02 20:44:07 135497 DEBUG [DPAPI_Emulator.cpp->DPAPIEmulator::AddMasterKeyFileToPool:230] AddMasterKeyFileToPool - C:\Windows\System32\Microsoft\Protect\S-1-5-18\61363162-2599-48cd-81fe-85fa20b9c0f0 2023/07/02 20:44:07 135678 DEBUG [DPAPI_Emulator.cpp->DPAPIEmulator::AddMasterKeyFileToPool:399] AddMasterKeyFileToPool Found DECRYPT_TYPE_SYSTEM master key 2023/07/02 20:44:07 135711 DEBUG [DPAPI_Emulator.cpp->DPAPIEmulator::AddMasterKeyFileToPool:230] AddMasterKeyFileToPool - C:\Windows\System32\Microsoft\Protect\S-1-5-18\66447004-a0e5-4a56-bade-d9200d4fe823 2023/07/02 20:44:07 135826 DEBUG [DPAPI_Emulator.cpp->DPAPIEmulator::AddMasterKeyFileToPool:399] AddMasterKeyFileToPool Found DECRYPT_TYPE_SYSTEM master key 2023/07/02 20:44:07 135872 DEBUG [DPAPI_Emulator.cpp->DPAPIEmulator::AddMasterKeyFileToPool:230] AddMasterKeyFileToPool - C:\Windows\System32\Microsoft\Protect\S-1-5-18\7621f9b8-0ed0-423e-b192-01001ee54211 2023/07/02 20:44:07 135997 DEBUG [DPAPI_Emulator.cpp->DPAPIEmulator::AddMasterKeyFileToPool:399] AddMasterKeyFileToPool Found DECRYPT_TYPE_SYSTEM master key 2023/07/02 20:44:07 136457 DEBUG [DPAPI_Emulator.cpp->DPAPIEmulator::AddMasterKeyFileToPool:230] AddMasterKeyFileToPool - C:\Windows\System32\Microsoft\Protect\S-1-5-18\90dc85cd-4fce-4eac-99cd-ca86c2c064d7 2023/07/02 20:44:07 136546 DEBUG [DPAPI_Emulator.cpp->DPAPIEmulator::AddMasterKeyFileToPool:399] AddMasterKeyFileToPool Found DECRYPT_TYPE_SYSTEM master key 2023/07/02 20:44:07 136577 DEBUG [DPAPI_Emulator.cpp->DPAPIEmulator::AddMasterKeyFileToPool:230] AddMasterKeyFileToPool - C:\Windows\System32\Microsoft\Protect\S-1-5-18\b3497bb5-9fe2-456b-9f73-d749acf416fc 2023/07/02 20:44:07 136743 DEBUG [DPAPI_Emulator.cpp->DPAPIEmulator::AddMasterKeyFileToPool:399] AddMasterKeyFileToPool Found DECRYPT_TYPE_SYSTEM master key 2023/07/02 20:44:07 136767 DEBUG [DPAPI_Emulator.cpp->DPAPIEmulator::AddMasterKeyFileToPool:230] AddMasterKeyFileToPool - C:\Windows\System32\Microsoft\Protect\S-1-5-18\cd95054d-8c0e-4f26-a42b-4d45cde7073e 2023/07/02 20:44:07 136939 DEBUG [DPAPI_Emulator.cpp->DPAPIEmulator::AddMasterKeyFileToPool:399] AddMasterKeyFileToPool Found DECRYPT_TYPE_SYSTEM master key 2023/07/02 20:44:07 136965 DEBUG [DPAPI_Emulator.cpp->DPAPIEmulator::AddMasterKeyFileToPool:230] AddMasterKeyFileToPool - C:\Windows\System32\Microsoft\Protect\S-1-5-18\d9fd3abf-b694-46bf-9563-e1a3139fb5e9 2023/07/02 20:44:07 137032 DEBUG [DPAPI_Emulator.cpp->DPAPIEmulator::AddMasterKeyFileToPool:399] AddMasterKeyFileToPool Found DECRYPT_TYPE_SYSTEM master key 2023/07/02 20:44:07 137121 DEBUG [DPAPI_Emulator.cpp->DPAPIEmulator::AddMasterKeyFileToPool:230] AddMasterKeyFileToPool - C:\Windows\System32\Microsoft\Protect\S-1-5-18\fec2c25a-e53e-4b3c-9461-4e0b769a29d7 2023/07/02 20:44:07 137200 DEBUG [DPAPI_Emulator.cpp->DPAPIEmulator::AddMasterKeyFileToPool:399] AddMasterKeyFileToPool Found DECRYPT_TYPE_SYSTEM master key 2023/07/02 20:44:07 137357 DEBUG [DPAPI_Emulator.cpp->DPAPIEmulator::AddMasterKeyFileToPool:230] AddMasterKeyFileToPool - C:\Windows\System32\Microsoft\Protect\S-1-5-18\User\25f362bb-240b-49de-bfb0-702dce299208 2023/07/02 20:44:07 137437 DEBUG [DPAPI_Emulator.cpp->DPAPIEmulator::AddMasterKeyFileToPool:399] AddMasterKeyFileToPool Found DECRYPT_TYPE_SYSTEM master key 2023/07/02 20:44:07 137521 DEBUG [DPAPI_Emulator.cpp->DPAPIEmulator::AddMasterKeyFileToPool:230] AddMasterKeyFileToPool - C:\Windows\System32\Microsoft\Protect\S-1-5-18\User\3411840e-c54e-464e-8e1a-bdd1e0d2a755 2023/07/02 20:44:07 137597 DEBUG [DPAPI_Emulator.cpp->DPAPIEmulator::AddMasterKeyFileToPool:399] AddMasterKeyFileToPool Found DECRYPT_TYPE_SYSTEM master key 2023/07/02 20:44:07 137650 DEBUG [DPAPI_Emulator.cpp->DPAPIEmulator::AddMasterKeyFileToPool:230] AddMasterKeyFileToPool - C:\Windows\System32\Microsoft\Protect\S-1-5-18\User\37305382-59b1-48c8-ab7e-2b1ae7487c47 2023/07/02 20:44:07 137749 DEBUG [DPAPI_Emulator.cpp->DPAPIEmulator::AddMasterKeyFileToPool:399] AddMasterKeyFileToPool Found DECRYPT_TYPE_SYSTEM master key 2023/07/02 20:44:07 137801 DEBUG [DPAPI_Emulator.cpp->DPAPIEmulator::AddMasterKeyFileToPool:230] AddMasterKeyFileToPool - C:\Windows\System32\Microsoft\Protect\S-1-5-18\User\4ded6254-7a79-494f-9281-1cd1ce58094a 2023/07/02 20:44:07 137892 DEBUG [DPAPI_Emulator.cpp->DPAPIEmulator::AddMasterKeyFileToPool:399] AddMasterKeyFileToPool Found DECRYPT_TYPE_SYSTEM master key 2023/07/02 20:44:07 138490 DEBUG [DPAPI_Emulator.cpp->DPAPIEmulator::AddMasterKeyFileToPool:230] AddMasterKeyFileToPool - C:\Windows\System32\Microsoft\Protect\S-1-5-18\User\5812b1c1-e9aa-4e4b-bddf-1a45f61c0104 2023/07/02 20:44:07 138592 DEBUG [DPAPI_Emulator.cpp->DPAPIEmulator::AddMasterKeyFileToPool:399] AddMasterKeyFileToPool Found DECRYPT_TYPE_SYSTEM master key 2023/07/02 20:44:07 138633 DEBUG [DPAPI_Emulator.cpp->DPAPIEmulator::AddMasterKeyFileToPool:230] AddMasterKeyFileToPool - C:\Windows\System32\Microsoft\Protect\S-1-5-18\User\5ac75647-5556-44eb-af54-98ca59c1fc6b 2023/07/02 20:44:07 138717 DEBUG [DPAPI_Emulator.cpp->DPAPIEmulator::AddMasterKeyFileToPool:399] AddMasterKeyFileToPool Found DECRYPT_TYPE_SYSTEM master key 2023/07/02 20:44:07 138742 DEBUG [DPAPI_Emulator.cpp->DPAPIEmulator::AddMasterKeyFileToPool:230] AddMasterKeyFileToPool - C:\Windows\System32\Microsoft\Protect\S-1-5-18\User\83d03260-0b4a-447d-8281-306f3ff71553 2023/07/02 20:44:07 138907 DEBUG [DPAPI_Emulator.cpp->DPAPIEmulator::AddMasterKeyFileToPool:399] AddMasterKeyFileToPool Found DECRYPT_TYPE_SYSTEM master key 2023/07/02 20:44:07 138935 DEBUG [DPAPI_Emulator.cpp->DPAPIEmulator::AddMasterKeyFileToPool:230] AddMasterKeyFileToPool - C:\Windows\System32\Microsoft\Protect\S-1-5-18\User\a4ab9305-1480-45dc-8769-640a3f7aba3f 2023/07/02 20:44:07 139012 DEBUG [DPAPI_Emulator.cpp->DPAPIEmulator::AddMasterKeyFileToPool:399] AddMasterKeyFileToPool Found DECRYPT_TYPE_SYSTEM master key 2023/07/02 20:44:07 139060 DEBUG [DPAPI_Emulator.cpp->DPAPIEmulator::AddMasterKeyFileToPool:230] AddMasterKeyFileToPool - C:\Windows\System32\Microsoft\Protect\S-1-5-18\User\aac7f893-1c8b-4e2c-9d40-95dba8b94cdb 2023/07/02 20:44:07 139183 DEBUG [DPAPI_Emulator.cpp->DPAPIEmulator::AddMasterKeyFileToPool:399] AddMasterKeyFileToPool Found DECRYPT_TYPE_SYSTEM master key 2023/07/02 20:44:07 139206 DEBUG [DPAPI_Emulator.cpp->DPAPIEmulator::AddMasterKeyFileToPool:230] AddMasterKeyFileToPool - C:\Windows\System32\Microsoft\Protect\S-1-5-18\User\e31136dc-f5b0-4cf7-9c5e-6abd56fc6c8f 2023/07/02 20:44:07 139354 DEBUG [DPAPI_Emulator.cpp->DPAPIEmulator::AddMasterKeyFileToPool:399] AddMasterKeyFileToPool Found DECRYPT_TYPE_SYSTEM master key 2023/07/02 20:44:07 139447 DEBUG [DPAPI_Emulator.cpp->DPAPIEmulator::AddMasterKeyFileToPool:230] AddMasterKeyFileToPool - C:\Windows\System32\Microsoft\Protect\S-1-5-18\User\e4c77d25-4d09-4543-817d-dbd31abf03e8 2023/07/02 20:44:07 139565 DEBUG [DPAPI_Emulator.cpp->DPAPIEmulator::AddMasterKeyFileToPool:399] AddMasterKeyFileToPool Found DECRYPT_TYPE_SYSTEM master key 2023/07/02 20:44:07 139588 DEBUG [DPAPI_Emulator.cpp->DPAPIEmulator::AddMasterKeyFileToPool:230] AddMasterKeyFileToPool - C:\Windows\System32\Microsoft\Protect\S-1-5-18\User\f482c7a6-e354-4812-941f-77321ddefe5d 2023/07/02 20:44:07 139656 DEBUG [DPAPI_Emulator.cpp->DPAPIEmulator::AddMasterKeyFileToPool:399] AddMasterKeyFileToPool Found DECRYPT_TYPE_SYSTEM master key 2023/07/02 20:44:07 139712 DEBUG [DPAPI_Emulator.cpp->DPAPIEmulator::AddMasterKeyFileToPool:230] AddMasterKeyFileToPool - C:\Windows\System32\Microsoft\Protect\S-1-5-18\User\f87b443f-06d6-42cd-8b7e-14e9da15b7c0 2023/07/02 20:44:07 139789 DEBUG [DPAPI_Emulator.cpp->DPAPIEmulator::AddMasterKeyFileToPool:399] AddMasterKeyFileToPool Found DECRYPT_TYPE_SYSTEM master key 2023/07/02 20:44:07 139864 DEBUG [CfgRecent.cpp->UserActivityScanThread:3879] User Activity Scan: Registry 2023/07/02 20:44:07 139884 DEBUG [RegistryInfo.cpp->IsWindowsVistaOrHigher:3930] IsWindowsVistaOrHigher start 2023/07/02 20:44:07 139958 DEBUG [RegistryInfo.cpp->IsWindowsVistaOrHigher:4071] IsWindowsVistaOrHigher finished 2023/07/02 20:44:07 139965 DEBUG [RegistryInfo.cpp->GetRegistryInfo:9098] User Activity Scan: Registry Info live system 2023/07/02 20:44:07 140791 DEBUG [RegistryInfo.cpp->GetRegistryInfo:9103] User Activity Scan: Registry Info: User User 2023/07/02 20:44:07 140822 DEBUG [RegistryInfo.cpp->GetLastVisitedMRU:4360] User Activity Scan: GetLastVisitedMRU: Number of subkeys: 2 2023/07/02 20:44:07 140965 DEBUG [RegistryInfo.cpp->GetLastVisitedMRU:4432] User Activity Scan: GetLastVisitedMRU: (2) 0 (Size: 159 Bytes) => brave.exe [F:\Downloads] 2023/07/02 20:44:07 140982 DEBUG [RegistryInfo.cpp->GetMRUInfo:8636] User Activity Scan: Got GetLastVisited MRUs: new total 1 2023/07/02 20:44:07 141908 DEBUG [RegistryInfo.cpp->GetMRUInfo:8640] User Activity Scan: Got GetOpenSBave MRUs: new total 3 2023/07/02 20:44:07 142019 DEBUG [RegistryInfo.cpp->GetMRUInfo:8644] User Activity Scan: Got GetRecentDocs MRUs: new total 3 2023/07/02 20:44:07 145580 DEBUG [RegistryInfo.cpp->GetMRUInfo:8648] User Activity Scan: Got Office MRUs: new total 237 2023/07/02 20:44:07 145601 DEBUG [RegistryInfo.cpp->GetMRUInfo:8652] User Activity Scan: Got Run MRUs: new total 237 2023/07/02 20:44:07 145626 DEBUG [RegistryInfo.cpp->GetMRUInfo:8656] User Activity Scan: Got Network Drive MRUs: new total 237 2023/07/02 20:44:07 145650 DEBUG [RegistryInfo.cpp->GetMRUInfo:8660] User Activity Scan: Got Search MRUs: new total 237 2023/07/02 20:44:07 145802 DEBUG [RegistryInfo.cpp->GetMRUInfo:8664] User Activity Scan: Got PMV Search MRUs: new total 237 2023/07/02 20:44:07 145879 DEBUG [RegistryInfo.cpp->GetMRUInfo:8668] User Activity Scan: Got Internet Search MRUs: new total 237 2023/07/02 20:44:07 145897 DEBUG [RegistryInfo.cpp->GetMRUInfo:8672] User Activity Scan: Got PCP Search MRUs: new total 237 2023/07/02 20:44:07 145931 DEBUG [RegistryInfo.cpp->GetMRUInfo:8676] User Activity Scan: Got Wordpad MRUs: new total 238 2023/07/02 20:44:07 145948 DEBUG [RegistryInfo.cpp->GetMRUInfo:8680] User Activity Scan: Got Paint MRUs: new total 238 2023/07/02 20:44:07 146131 DEBUG [RegistryInfo.cpp->GetMRUInfo:8684] User Activity Scan: Got Windows Media Player MRUs: new total 238 2023/07/02 20:44:07 146433 DEBUG [RegistryInfo.cpp->GetMRUInfo:8688] User Activity Scan: Got Adobe Acrobat Reader MRUs: new total 242 2023/07/02 20:44:07 146908 DEBUG [RegistryInfo.cpp->GetMRUInfo:8692] User Activity Scan: Got Adobe Acrobat MRUs: new total 249 2023/07/02 20:44:07 146911 DEBUG [RegistryInfo.cpp->GetTypedIEURLS:3258] User Activity Scan: GetTypedIEURLS start 2023/07/02 20:44:07 146922 DEBUG [RegistryInfo.cpp->GetTypedIEURLS:3321] User Activity Scan: GetTypedIEURLS finish no key found 2023/07/02 20:44:07 146928 DEBUG [RegistryInfo.cpp->GetMountPointsSystem:330] GetMountPointsSystem start 2023/07/02 20:44:07 146961 DEBUG [RegistryInfo.cpp->GetMountPointsSystem:364] GetMountPointsSystem local 2023/07/02 20:44:07 146970 DEBUG [RegistryInfo.cpp->GetMountPointsSystem:471] GetMountPointsSystem - enum live systems results 2023/07/02 20:44:07 148366 DEBUG [RegistryInfo.cpp->GetMountPointsSystem:554] GetMountPointsSystem - finished 2023/07/02 20:44:07 148373 DEBUG [RegistryInfo.cpp->GetOnceConnectedUSBStorage:7103] User Activity Scan: GetOnceConnectedUSBStorage start 2023/07/02 20:44:07 148391 DEBUG [RegistryInfo.cpp->GetOnceConnectedUSBStorage:7296] User Activity Scan: GetOnceConnectedUSBStorage couldn't open key 2023/07/02 20:44:07 148559 DEBUG [RegistryInfo.cpp->GetRegistryInfo:9112] User Activity Scan: Got connected USB 2023/07/02 20:44:07 148562 DEBUG [RegistryInfo.cpp->GetOtherConnectedUSB:5171] User Activity Scan: GetOtherConnectedUSB start 2023/07/02 20:44:07 148566 DEBUG [RegistryInfo.cpp->GetOtherConnectedUSB:5201] GetOtherConnectedUSB() - Parsing Vendor ID file. 2023/07/02 20:44:07 150297 DEBUG [RegistryInfo.cpp->GetOtherConnectedUSB:5238] Found 844 VIDs in file C:\ProgramData\PassMark\OSForensics\usb.if. 2023/07/02 20:44:07 182595 DEBUG [RegistryInfo.cpp->GetOtherConnectedUSB:5321] Found 3411 VIDs 2951 PIDs in file C:\ProgramData\PassMark\OSForensics\usb.ids. 2023/07/02 20:44:07 182602 DEBUG [RegistryInfo.cpp->GetOtherConnectedUSB:5334] Open SYSTEM\CurrentControlSet\Enum\USB 2023/07/02 20:44:07 182645 DEBUG [RegistryInfo.cpp->GetOtherConnectedUSB:5613] tmpVID = _HUB30 2023/07/02 20:44:07 182648 DEBUG [RegistryInfo.cpp->GetOtherConnectedUSB:5627] Count < 2 2023/07/02 20:44:07 182653 DEBUG [RegistryInfo.cpp->GetOtherConnectedUSB:5613] tmpVID = 03F0 2023/07/02 20:44:07 182667 DEBUG [RegistryInfo.cpp->GetOtherConnectedUSB:5638] Find unique IDs 2023/07/02 20:44:07 182840 DEBUG [RegistryInfo.cpp->GetOtherConnectedUSB:5708] Look up product 2023/07/02 20:44:07 182848 DEBUG [RegistryInfo.cpp->GetOtherConnectedUSB:5745] Look up vendor (03F0) 2023/07/02 20:44:07 182883 DEBUG [RegistryInfo.cpp->GetOtherConnectedUSB:5750] Found: vendor 2023/07/02 20:44:07 182886 DEBUG [RegistryInfo.cpp->GetOtherConnectedUSB:5755] Found: HP Inc. (VID_03F0) 2023/07/02 20:44:07 182888 DEBUG [RegistryInfo.cpp->GetOtherConnectedUSB:5763] tmpVID 2 = HP Inc. (VID_03F0) 2023/07/02 20:44:07 183004 DEBUG [RegistryInfo.cpp->GetOtherConnectedUSB:5767] Add USB entry 2023/07/02 20:44:07 183037 DEBUG [RegistryInfo.cpp->GetOtherConnectedUSB:5613] tmpVID = 03F0 2023/07/02 20:44:07 183109 DEBUG [RegistryInfo.cpp->GetOtherConnectedUSB:5638] Find unique IDs 2023/07/02 20:44:07 183190 DEBUG [RegistryInfo.cpp->GetOtherConnectedUSB:5708] Look up product 2023/07/02 20:44:07 183194 DEBUG [RegistryInfo.cpp->GetOtherConnectedUSB:5745] Look up vendor (03F0) 2023/07/02 20:44:07 183260 DEBUG [RegistryInfo.cpp->GetOtherConnectedUSB:5750] Found: vendor 2023/07/02 20:44:07 183263 DEBUG [RegistryInfo.cpp->GetOtherConnectedUSB:5755] Found: HP Inc. (VID_03F0) 2023/07/02 20:44:07 183265 DEBUG [RegistryInfo.cpp->GetOtherConnectedUSB:5763] tmpVID 2 = HP Inc. (VID_03F0) 2023/07/02 20:44:07 183267 DEBUG [RegistryInfo.cpp->GetOtherConnectedUSB:5767] Add USB entry 2023/07/02 20:44:07 183340 DEBUG [RegistryInfo.cpp->GetOtherConnectedUSB:5613] tmpVID = 03F0 2023/07/02 20:44:07 183411 DEBUG [RegistryInfo.cpp->GetOtherConnectedUSB:5638] Find unique IDs 2023/07/02 20:44:07 183490 DEBUG [RegistryInfo.cpp->GetOtherConnectedUSB:5708] Look up product 2023/07/02 20:44:07 183555 DEBUG [RegistryInfo.cpp->GetOtherConnectedUSB:5745] Look up vendor (03F0) 2023/07/02 20:44:07 183559 DEBUG [RegistryInfo.cpp->GetOtherConnectedUSB:5750] Found: vendor 2023/07/02 20:44:07 183561 DEBUG [RegistryInfo.cpp->GetOtherConnectedUSB:5755] Found: HP Inc. (VID_03F0) 2023/07/02 20:44:07 183563 DEBUG [RegistryInfo.cpp->GetOtherConnectedUSB:5763] tmpVID 2 = HP Inc. (VID_03F0) 2023/07/02 20:44:07 183565 DEBUG [RegistryInfo.cpp->GetOtherConnectedUSB:5767] Add USB entry 2023/07/02 20:44:07 183597 DEBUG [RegistryInfo.cpp->GetOtherConnectedUSB:5613] tmpVID = 03F0 2023/07/02 20:44:07 183669 DEBUG [RegistryInfo.cpp->GetOtherConnectedUSB:5638] Find unique IDs 2023/07/02 20:44:07 183742 DEBUG [RegistryInfo.cpp->GetOtherConnectedUSB:5708] Look up product 2023/07/02 20:44:07 183746 DEBUG [RegistryInfo.cpp->GetOtherConnectedUSB:5745] Look up vendor (03F0) 2023/07/02 20:44:07 183749 DEBUG [RegistryInfo.cpp->GetOtherConnectedUSB:5750] Found: vendor 2023/07/02 20:44:07 183822 DEBUG [RegistryInfo.cpp->GetOtherConnectedUSB:5755] Found: HP Inc. (VID_03F0) 2023/07/02 20:44:07 183824 DEBUG [RegistryInfo.cpp->GetOtherConnectedUSB:5763] tmpVID 2 = HP Inc. (VID_03F0) 2023/07/02 20:44:07 183827 DEBUG [RegistryInfo.cpp->GetOtherConnectedUSB:5767] Add USB entry 2023/07/02 20:44:07 183898 DEBUG [RegistryInfo.cpp->GetOtherConnectedUSB:5613] tmpVID = 03F0 2023/07/02 20:44:07 183971 DEBUG [RegistryInfo.cpp->GetOtherConnectedUSB:5638] Find unique IDs 2023/07/02 20:44:07 184049 DEBUG [RegistryInfo.cpp->GetOtherConnectedUSB:5708] Look up product 2023/07/02 20:44:07 184053 DEBUG [RegistryInfo.cpp->GetOtherConnectedUSB:5745] Look up vendor (03F0) 2023/07/02 20:44:07 184082 DEBUG [RegistryInfo.cpp->GetOtherConnectedUSB:5750] Found: vendor 2023/07/02 20:44:07 184085 DEBUG [RegistryInfo.cpp->GetOtherConnectedUSB:5755] Found: HP Inc. (VID_03F0) 2023/07/02 20:44:07 184087 DEBUG [RegistryInfo.cpp->GetOtherConnectedUSB:5763] tmpVID 2 = HP Inc. (VID_03F0) 2023/07/02 20:44:07 184089 DEBUG [RegistryInfo.cpp->GetOtherConnectedUSB:5767] Add USB entry 2023/07/02 20:44:07 184119 DEBUG [RegistryInfo.cpp->GetOtherConnectedUSB:5613] tmpVID = 09DA 2023/07/02 20:44:07 184127 DEBUG [RegistryInfo.cpp->GetOtherConnectedUSB:5638] Find unique IDs 2023/07/02 20:44:07 184200 DEBUG [RegistryInfo.cpp->GetOtherConnectedUSB:5708] Look up product 2023/07/02 20:44:07 184230 DEBUG [RegistryInfo.cpp->GetOtherConnectedUSB:5745] Look up vendor (09DA) 2023/07/02 20:44:07 184234 DEBUG [RegistryInfo.cpp->GetOtherConnectedUSB:5750] Found: vendor 2023/07/02 20:44:07 184237 DEBUG [RegistryInfo.cpp->GetOtherConnectedUSB:5755] Found: A-FOUR TECH CO., LTD. (VID_09DA) 2023/07/02 20:44:07 184268 DEBUG [RegistryInfo.cpp->GetOtherConnectedUSB:5763] tmpVID 2 = A-FOUR TECH CO., LTD. (VID_09DA) 2023/07/02 20:44:07 184271 DEBUG [RegistryInfo.cpp->GetOtherConnectedUSB:5767] Add USB entry 2023/07/02 20:44:07 184306 DEBUG [RegistryInfo.cpp->GetOtherConnectedUSB:5613] tmpVID = 09DA 2023/07/02 20:44:07 184313 DEBUG [RegistryInfo.cpp->GetOtherConnectedUSB:5638] Find unique IDs 2023/07/02 20:44:07 184391 DEBUG [RegistryInfo.cpp->GetOtherConnectedUSB:5708] Look up product 2023/07/02 20:44:07 184431 DEBUG [RegistryInfo.cpp->GetOtherConnectedUSB:5745] Look up vendor (09DA) 2023/07/02 20:44:07 184435 DEBUG [RegistryInfo.cpp->GetOtherConnectedUSB:5750] Found: vendor 2023/07/02 20:44:07 184438 DEBUG [RegistryInfo.cpp->GetOtherConnectedUSB:5755] Found: A-FOUR TECH CO., LTD. (VID_09DA) 2023/07/02 20:44:07 184440 DEBUG [RegistryInfo.cpp->GetOtherConnectedUSB:5763] tmpVID 2 = A-FOUR TECH CO., LTD. (VID_09DA) 2023/07/02 20:44:07 184471 DEBUG [RegistryInfo.cpp->GetOtherConnectedUSB:5767] Add USB entry 2023/07/02 20:44:07 184508 DEBUG [RegistryInfo.cpp->GetOtherConnectedUSB:5613] tmpVID = 09DA 2023/07/02 20:44:07 184515 DEBUG [RegistryInfo.cpp->GetOtherConnectedUSB:5638] Find unique IDs 2023/07/02 20:44:07 184587 DEBUG [RegistryInfo.cpp->GetOtherConnectedUSB:5708] Look up product 2023/07/02 20:44:07 184617 DEBUG [RegistryInfo.cpp->GetOtherConnectedUSB:5745] Look up vendor (09DA) 2023/07/02 20:44:07 184620 DEBUG [RegistryInfo.cpp->GetOtherConnectedUSB:5750] Found: vendor 2023/07/02 20:44:07 184623 DEBUG [RegistryInfo.cpp->GetOtherConnectedUSB:5755] Found: A-FOUR TECH CO., LTD. (VID_09DA) 2023/07/02 20:44:07 184626 DEBUG [RegistryInfo.cpp->GetOtherConnectedUSB:5763] tmpVID 2 = A-FOUR TECH CO., LTD. (VID_09DA) 2023/07/02 20:44:07 184655 DEBUG [RegistryInfo.cpp->GetOtherConnectedUSB:5767] Add USB entry 2023/07/02 20:44:07 184693 DEBUG [RegistryInfo.cpp->GetOtherConnectedUSB:5613] tmpVID = 0C45 2023/07/02 20:44:07 184700 DEBUG [RegistryInfo.cpp->GetOtherConnectedUSB:5638] Find unique IDs 2023/07/02 20:44:07 184773 DEBUG [RegistryInfo.cpp->GetOtherConnectedUSB:5708] Look up product 2023/07/02 20:44:07 184805 DEBUG [RegistryInfo.cpp->GetOtherConnectedUSB:5745] Look up vendor (0C45) 2023/07/02 20:44:07 184810 DEBUG [RegistryInfo.cpp->GetOtherConnectedUSB:5750] Found: vendor 2023/07/02 20:44:07 184813 DEBUG [RegistryInfo.cpp->GetOtherConnectedUSB:5755] Found: Sonix Technology Co., Ltd. (VID_0C45) 2023/07/02 20:44:07 184844 DEBUG [RegistryInfo.cpp->GetOtherConnectedUSB:5763] tmpVID 2 = Sonix Technology Co., Ltd. (VID_0C45) 2023/07/02 20:44:07 184847 DEBUG [RegistryInfo.cpp->GetOtherConnectedUSB:5767] Add USB entry 2023/07/02 20:44:07 184954 DEBUG [RegistryInfo.cpp->GetOtherConnectedUSB:5708] Look up product 2023/07/02 20:44:07 184960 DEBUG [RegistryInfo.cpp->GetOtherConnectedUSB:5745] Look up vendor (0C45) 2023/07/02 20:44:07 184963 DEBUG [RegistryInfo.cpp->GetOtherConnectedUSB:5750] Found: vendor 2023/07/02 20:44:07 184992 DEBUG [RegistryInfo.cpp->GetOtherConnectedUSB:5755] Found: Sonix Technology Co., Ltd. (VID_0C45) 2023/07/02 20:44:07 184995 DEBUG [RegistryInfo.cpp->GetOtherConnectedUSB:5763] tmpVID 2 = Sonix Technology Co., Ltd. (VID_0C45) 2023/07/02 20:44:07 184997 DEBUG [RegistryInfo.cpp->GetOtherConnectedUSB:5767] Add USB entry 2023/07/02 20:44:07 185103 DEBUG [RegistryInfo.cpp->GetOtherConnectedUSB:5708] Look up product 2023/07/02 20:44:07 185108 DEBUG [RegistryInfo.cpp->GetOtherConnectedUSB:5745] Look up vendor (0C45) 2023/07/02 20:44:07 185111 DEBUG [RegistryInfo.cpp->GetOtherConnectedUSB:5750] Found: vendor 2023/07/02 20:44:07 185141 DEBUG [RegistryInfo.cpp->GetOtherConnectedUSB:5755] Found: Sonix Technology Co., Ltd. (VID_0C45) 2023/07/02 20:44:07 185144 DEBUG [RegistryInfo.cpp->GetOtherConnectedUSB:5763] tmpVID 2 = Sonix Technology Co., Ltd. (VID_0C45) 2023/07/02 20:44:07 185146 DEBUG [RegistryInfo.cpp->GetOtherConnectedUSB:5767] Add USB entry 2023/07/02 20:44:07 185179 DEBUG [RegistryInfo.cpp->GetOtherConnectedUSB:5613] tmpVID = 0C45 2023/07/02 20:44:07 185186 DEBUG [RegistryInfo.cpp->GetOtherConnectedUSB:5638] Find unique IDs 2023/07/02 20:44:07 185291 DEBUG [RegistryInfo.cpp->GetOtherConnectedUSB:5708] Look up product 2023/07/02 20:44:07 185296 DEBUG [RegistryInfo.cpp->GetOtherConnectedUSB:5745] Look up vendor (0C45) 2023/07/02 20:44:07 185299 DEBUG [RegistryInfo.cpp->GetOtherConnectedUSB:5750] Found: vendor 2023/07/02 20:44:07 185329 DEBUG [RegistryInfo.cpp->GetOtherConnectedUSB:5755] Found: Sonix Technology Co., Ltd. (VID_0C45) 2023/07/02 20:44:07 185332 DEBUG [RegistryInfo.cpp->GetOtherConnectedUSB:5763] tmpVID 2 = Sonix Technology Co., Ltd. (VID_0C45) 2023/07/02 20:44:07 185334 DEBUG [RegistryInfo.cpp->GetOtherConnectedUSB:5767] Add USB entry 2023/07/02 20:44:07 185440 DEBUG [RegistryInfo.cpp->GetOtherConnectedUSB:5708] Look up product 2023/07/02 20:44:07 185444 DEBUG [RegistryInfo.cpp->GetOtherConnectedUSB:5745] Look up vendor (0C45) 2023/07/02 20:44:07 185448 DEBUG [RegistryInfo.cpp->GetOtherConnectedUSB:5750] Found: vendor 2023/07/02 20:44:07 185477 DEBUG [RegistryInfo.cpp->GetOtherConnectedUSB:5755] Found: Sonix Technology Co., Ltd. (VID_0C45) 2023/07/02 20:44:07 185480 DEBUG [RegistryInfo.cpp->GetOtherConnectedUSB:5763] tmpVID 2 = Sonix Technology Co., Ltd. (VID_0C45) 2023/07/02 20:44:07 185483 DEBUG [RegistryInfo.cpp->GetOtherConnectedUSB:5767] Add USB entry 2023/07/02 20:44:07 185588 DEBUG [RegistryInfo.cpp->GetOtherConnectedUSB:5708] Look up product 2023/07/02 20:44:07 185593 DEBUG [RegistryInfo.cpp->GetOtherConnectedUSB:5745] Look up vendor (0C45) 2023/07/02 20:44:07 185596 DEBUG [RegistryInfo.cpp->GetOtherConnectedUSB:5750] Found: vendor 2023/07/02 20:44:07 185625 DEBUG [RegistryInfo.cpp->GetOtherConnectedUSB:5755] Found: Sonix Technology Co., Ltd. (VID_0C45) 2023/07/02 20:44:07 185628 DEBUG [RegistryInfo.cpp->GetOtherConnectedUSB:5763] tmpVID 2 = Sonix Technology Co., Ltd. (VID_0C45) 2023/07/02 20:44:07 185631 DEBUG [RegistryInfo.cpp->GetOtherConnectedUSB:5767] Add USB entry 2023/07/02 20:44:07 185663 DEBUG [RegistryInfo.cpp->GetOtherConnectedUSB:5613] tmpVID = 0C45 2023/07/02 20:44:07 185670 DEBUG [RegistryInfo.cpp->GetOtherConnectedUSB:5638] Find unique IDs 2023/07/02 20:44:07 185775 DEBUG [RegistryInfo.cpp->GetOtherConnectedUSB:5708] Look up product 2023/07/02 20:44:07 185780 DEBUG [RegistryInfo.cpp->GetOtherConnectedUSB:5745] Look up vendor (0C45) 2023/07/02 20:44:07 185783 DEBUG [RegistryInfo.cpp->GetOtherConnectedUSB:5750] Found: vendor 2023/07/02 20:44:07 185786 DEBUG [RegistryInfo.cpp->GetOtherConnectedUSB:5755] Found: Sonix Technology Co., Ltd. (VID_0C45) 2023/07/02 20:44:07 185815 DEBUG [RegistryInfo.cpp->GetOtherConnectedUSB:5763] tmpVID 2 = Sonix Technology Co., Ltd. (VID_0C45) 2023/07/02 20:44:07 185818 DEBUG [RegistryInfo.cpp->GetOtherConnectedUSB:5767] Add USB entry 2023/07/02 20:44:07 185892 DEBUG [RegistryInfo.cpp->GetOtherConnectedUSB:5708] Look up product 2023/07/02 20:44:07 185897 DEBUG [RegistryInfo.cpp->GetOtherConnectedUSB:5745] Look up vendor (0C45) 2023/07/02 20:44:07 185926 DEBUG [RegistryInfo.cpp->GetOtherConnectedUSB:5750] Found: vendor 2023/07/02 20:44:07 185929 DEBUG [RegistryInfo.cpp->GetOtherConnectedUSB:5755] Found: Sonix Technology Co., Ltd. (VID_0C45) 2023/07/02 20:44:07 185932 DEBUG [RegistryInfo.cpp->GetOtherConnectedUSB:5763] tmpVID 2 = Sonix Technology Co., Ltd. (VID_0C45) 2023/07/02 20:44:07 185934 DEBUG [RegistryInfo.cpp->GetOtherConnectedUSB:5767] Add USB entry 2023/07/02 20:44:07 186038 DEBUG [RegistryInfo.cpp->GetOtherConnectedUSB:5708] Look up product 2023/07/02 20:44:07 186042 DEBUG [RegistryInfo.cpp->GetOtherConnectedUSB:5745] Look up vendor (0C45) 2023/07/02 20:44:07 186045 DEBUG [RegistryInfo.cpp->GetOtherConnectedUSB:5750] Found: vendor 2023/07/02 20:44:07 186075 DEBUG [RegistryInfo.cpp->GetOtherConnectedUSB:5755] Found: Sonix Technology Co., Ltd. (VID_0C45) 2023/07/02 20:44:07 186077 DEBUG [RegistryInfo.cpp->GetOtherConnectedUSB:5763] tmpVID 2 = Sonix Technology Co., Ltd. (VID_0C45) 2023/07/02 20:44:07 186080 DEBUG [RegistryInfo.cpp->GetOtherConnectedUSB:5767] Add USB entry 2023/07/02 20:44:07 186112 DEBUG [RegistryInfo.cpp->GetOtherConnectedUSB:5613] tmpVID = 1532 2023/07/02 20:44:07 186119 DEBUG [RegistryInfo.cpp->GetOtherConnectedUSB:5638] Find unique IDs 2023/07/02 20:44:07 186225 DEBUG [RegistryInfo.cpp->GetOtherConnectedUSB:5708] Look up product 2023/07/02 20:44:07 186230 DEBUG [RegistryInfo.cpp->GetOtherConnectedUSB:5745] Look up vendor (1532) 2023/07/02 20:44:07 186262 DEBUG [RegistryInfo.cpp->GetOtherConnectedUSB:5750] Found: vendor 2023/07/02 20:44:07 186266 DEBUG [RegistryInfo.cpp->GetOtherConnectedUSB:5755] Found: Razer USA, Ltd (VID_1532) 2023/07/02 20:44:07 186268 DEBUG [RegistryInfo.cpp->GetOtherConnectedUSB:5763] tmpVID 2 = Razer USA, Ltd (VID_1532) 2023/07/02 20:44:07 186270 DEBUG [RegistryInfo.cpp->GetOtherConnectedUSB:5767] Add USB entry 2023/07/02 20:44:07 186373 DEBUG [RegistryInfo.cpp->GetOtherConnectedUSB:5708] Look up product 2023/07/02 20:44:07 186377 DEBUG [RegistryInfo.cpp->GetOtherConnectedUSB:5745] Look up vendor (1532) 2023/07/02 20:44:07 186380 DEBUG [RegistryInfo.cpp->GetOtherConnectedUSB:5750] Found: vendor 2023/07/02 20:44:07 186411 DEBUG [RegistryInfo.cpp->GetOtherConnectedUSB:5755] Found: Razer USA, Ltd (VID_1532) 2023/07/02 20:44:07 186414 DEBUG [RegistryInfo.cpp->GetOtherConnectedUSB:5763] tmpVID 2 = Razer USA, Ltd (VID_1532) 2023/07/02 20:44:07 186416 DEBUG [RegistryInfo.cpp->GetOtherConnectedUSB:5767] Add USB entry 2023/07/02 20:44:07 186448 DEBUG [RegistryInfo.cpp->GetOtherConnectedUSB:5613] tmpVID = 1532 2023/07/02 20:44:07 186455 DEBUG [RegistryInfo.cpp->GetOtherConnectedUSB:5638] Find unique IDs 2023/07/02 20:44:07 186561 DEBUG [RegistryInfo.cpp->GetOtherConnectedUSB:5708] Look up product 2023/07/02 20:44:07 186564 DEBUG [RegistryInfo.cpp->GetOtherConnectedUSB:5745] Look up vendor (1532) 2023/07/02 20:44:07 186568 DEBUG [RegistryInfo.cpp->GetOtherConnectedUSB:5750] Found: vendor 2023/07/02 20:44:07 186598 DEBUG [RegistryInfo.cpp->GetOtherConnectedUSB:5755] Found: Razer USA, Ltd (VID_1532) 2023/07/02 20:44:07 186601 DEBUG [RegistryInfo.cpp->GetOtherConnectedUSB:5763] tmpVID 2 = Razer USA, Ltd (VID_1532) 2023/07/02 20:44:07 186603 DEBUG [RegistryInfo.cpp->GetOtherConnectedUSB:5767] Add USB entry 2023/07/02 20:44:07 186707 DEBUG [RegistryInfo.cpp->GetOtherConnectedUSB:5708] Look up product 2023/07/02 20:44:07 186711 DEBUG [RegistryInfo.cpp->GetOtherConnectedUSB:5745] Look up vendor (1532) 2023/07/02 20:44:07 186715 DEBUG [RegistryInfo.cpp->GetOtherConnectedUSB:5750] Found: vendor 2023/07/02 20:44:07 186745 DEBUG [RegistryInfo.cpp->GetOtherConnectedUSB:5755] Found: Razer USA, Ltd (VID_1532) 2023/07/02 20:44:07 186748 DEBUG [RegistryInfo.cpp->GetOtherConnectedUSB:5763] tmpVID 2 = Razer USA, Ltd (VID_1532) 2023/07/02 20:44:07 186750 DEBUG [RegistryInfo.cpp->GetOtherConnectedUSB:5767] Add USB entry 2023/07/02 20:44:07 186782 DEBUG [RegistryInfo.cpp->GetOtherConnectedUSB:5613] tmpVID = 1532 2023/07/02 20:44:07 186789 DEBUG [RegistryInfo.cpp->GetOtherConnectedUSB:5638] Find unique IDs 2023/07/02 20:44:07 186893 DEBUG [RegistryInfo.cpp->GetOtherConnectedUSB:5708] Look up product 2023/07/02 20:44:07 186896 DEBUG [RegistryInfo.cpp->GetOtherConnectedUSB:5745] Look up vendor (1532) 2023/07/02 20:44:07 186899 DEBUG [RegistryInfo.cpp->GetOtherConnectedUSB:5750] Found: vendor 2023/07/02 20:44:07 186930 DEBUG [RegistryInfo.cpp->GetOtherConnectedUSB:5755] Found: Razer USA, Ltd (VID_1532) 2023/07/02 20:44:07 186933 DEBUG [RegistryInfo.cpp->GetOtherConnectedUSB:5763] tmpVID 2 = Razer USA, Ltd (VID_1532) 2023/07/02 20:44:07 186935 DEBUG [RegistryInfo.cpp->GetOtherConnectedUSB:5767] Add USB entry 2023/07/02 20:44:07 187041 DEBUG [RegistryInfo.cpp->GetOtherConnectedUSB:5708] Look up product 2023/07/02 20:44:07 187045 DEBUG [RegistryInfo.cpp->GetOtherConnectedUSB:5745] Look up vendor (1532) 2023/07/02 20:44:07 187048 DEBUG [RegistryInfo.cpp->GetOtherConnectedUSB:5750] Found: vendor 2023/07/02 20:44:07 187079 DEBUG [RegistryInfo.cpp->GetOtherConnectedUSB:5755] Found: Razer USA, Ltd (VID_1532) 2023/07/02 20:44:07 187082 DEBUG [RegistryInfo.cpp->GetOtherConnectedUSB:5763] tmpVID 2 = Razer USA, Ltd (VID_1532) 2023/07/02 20:44:07 187084 DEBUG [RegistryInfo.cpp->GetOtherConnectedUSB:5767] Add USB entry 2023/07/02 20:44:07 187116 DEBUG [RegistryInfo.cpp->GetOtherConnectedUSB:5613] tmpVID = 1532 2023/07/02 20:44:07 187123 DEBUG [RegistryInfo.cpp->GetOtherConnectedUSB:5638] Find unique IDs 2023/07/02 20:44:07 187276 DEBUG [RegistryInfo.cpp->GetOtherConnectedUSB:5708] Look up product 2023/07/02 20:44:07 187280 DEBUG [RegistryInfo.cpp->GetOtherConnectedUSB:5745] Look up vendor (1532) 2023/07/02 20:44:07 187283 DEBUG [RegistryInfo.cpp->GetOtherConnectedUSB:5750] Found: vendor 2023/07/02 20:44:07 187286 DEBUG [RegistryInfo.cpp->GetOtherConnectedUSB:5755] Found: Razer USA, Ltd (VID_1532) 2023/07/02 20:44:07 187289 DEBUG [RegistryInfo.cpp->GetOtherConnectedUSB:5763] tmpVID 2 = Razer USA, Ltd (VID_1532) 2023/07/02 20:44:07 187291 DEBUG [RegistryInfo.cpp->GetOtherConnectedUSB:5767] Add USB entry 2023/07/02 20:44:07 187380 DEBUG [RegistryInfo.cpp->GetOtherConnectedUSB:5708] Look up product 2023/07/02 20:44:07 187384 DEBUG [RegistryInfo.cpp->GetOtherConnectedUSB:5745] Look up vendor (1532) 2023/07/02 20:44:07 187388 DEBUG [RegistryInfo.cpp->GetOtherConnectedUSB:5750] Found: vendor 2023/07/02 20:44:07 187391 DEBUG [RegistryInfo.cpp->GetOtherConnectedUSB:5755] Found: Razer USA, Ltd (VID_1532) 2023/07/02 20:44:07 187429 DEBUG [RegistryInfo.cpp->GetOtherConnectedUSB:5763] tmpVID 2 = Razer USA, Ltd (VID_1532) 2023/07/02 20:44:07 187432 DEBUG [RegistryInfo.cpp->GetOtherConnectedUSB:5767] Add USB entry 2023/07/02 20:44:07 187476 DEBUG [RegistryInfo.cpp->GetOtherConnectedUSB:5613] tmpVID = 1C4F 2023/07/02 20:44:07 187485 DEBUG [RegistryInfo.cpp->GetOtherConnectedUSB:5638] Find unique IDs 2023/07/02 20:44:07 187562 DEBUG [RegistryInfo.cpp->GetOtherConnectedUSB:5708] Look up product 2023/07/02 20:44:07 187567 DEBUG [RegistryInfo.cpp->GetOtherConnectedUSB:5745] Look up vendor (1C4F) 2023/07/02 20:44:07 187571 DEBUG [RegistryInfo.cpp->GetOtherConnectedUSB:5750] Found: vendor 2023/07/02 20:44:07 187573 DEBUG [RegistryInfo.cpp->GetOtherConnectedUSB:5755] Found: SiGma Micro (VID_1C4F) 2023/07/02 20:44:07 187576 DEBUG [RegistryInfo.cpp->GetOtherConnectedUSB:5763] tmpVID 2 = SiGma Micro (VID_1C4F) 2023/07/02 20:44:07 187616 DEBUG [RegistryInfo.cpp->GetOtherConnectedUSB:5767] Add USB entry 2023/07/02 20:44:07 187629 DEBUG [RegistryInfo.cpp->GetOtherConnectedUSB:5613] tmpVID = 1C4F 2023/07/02 20:44:07 187663 DEBUG [RegistryInfo.cpp->GetOtherConnectedUSB:5638] Find unique IDs 2023/07/02 20:44:07 187741 DEBUG [RegistryInfo.cpp->GetOtherConnectedUSB:5708] Look up product 2023/07/02 20:44:07 187746 DEBUG [RegistryInfo.cpp->GetOtherConnectedUSB:5745] Look up vendor (1C4F) 2023/07/02 20:44:07 187776 DEBUG [RegistryInfo.cpp->GetOtherConnectedUSB:5750] Found: vendor 2023/07/02 20:44:07 187779 DEBUG [RegistryInfo.cpp->GetOtherConnectedUSB:5755] Found: SiGma Micro (VID_1C4F) 2023/07/02 20:44:07 187781 DEBUG [RegistryInfo.cpp->GetOtherConnectedUSB:5763] tmpVID 2 = SiGma Micro (VID_1C4F) 2023/07/02 20:44:07 187783 DEBUG [RegistryInfo.cpp->GetOtherConnectedUSB:5767] Add USB entry 2023/07/02 20:44:07 187814 DEBUG [RegistryInfo.cpp->GetOtherConnectedUSB:5613] tmpVID = 1C4F 2023/07/02 20:44:07 187851 DEBUG [RegistryInfo.cpp->GetOtherConnectedUSB:5638] Find unique IDs 2023/07/02 20:44:07 187997 DEBUG [RegistryInfo.cpp->GetOtherConnectedUSB:5708] Look up product 2023/07/02 20:44:07 188002 DEBUG [RegistryInfo.cpp->GetOtherConnectedUSB:5745] Look up vendor (1C4F) 2023/07/02 20:44:07 188006 DEBUG [RegistryInfo.cpp->GetOtherConnectedUSB:5750] Found: vendor 2023/07/02 20:44:07 188036 DEBUG [RegistryInfo.cpp->GetOtherConnectedUSB:5755] Found: SiGma Micro (VID_1C4F) 2023/07/02 20:44:07 188038 DEBUG [RegistryInfo.cpp->GetOtherConnectedUSB:5763] tmpVID 2 = SiGma Micro (VID_1C4F) 2023/07/02 20:44:07 188041 DEBUG [RegistryInfo.cpp->GetOtherConnectedUSB:5767] Add USB entry 2023/07/02 20:44:07 188073 DEBUG [RegistryInfo.cpp->GetOtherConnectedUSB:5795] User Activity Scan: GetOtherConnectedUSB end 2023/07/02 20:44:07 190198 DEBUG [RegistryInfo.cpp->GetRegistryInfo:9115] User Activity Scan: Got other connected USB 2023/07/02 20:44:07 190265 DEBUG [RegistryInfo.cpp->GetConnectedUSBasSCSI:5800] User Activity Scan: GetConnectedUSBasSCSI start 2023/07/02 20:44:07 190270 DEBUG [RegistryInfo.cpp->GetConnectedUSBasSCSI:5833] Open SYSTEM\CurrentControlSet\Enum\SCSI 2023/07/02 20:44:07 190320 DEBUG [RegistryInfo.cpp->GetConnectedUSBasSCSI:6080] Find unique IDs 2023/07/02 20:44:07 190420 DEBUG [RegistryInfo.cpp->GetConnectedUSBasSCSI:6080] Find unique IDs 2023/07/02 20:44:07 190501 DEBUG [RegistryInfo.cpp->GetConnectedUSBasSCSI:6197] User Activity Scan: GetConnectedUSBasSCSI end 2023/07/02 20:44:07 190507 DEBUG [RegistryInfo.cpp->GetRegistryInfo:9118] User Activity Scan: Got connected USB as SCSI device 2023/07/02 20:44:07 190595 DEBUG [RegistryInfo.cpp->IsWindowsVistaOrHigher:3930] IsWindowsVistaOrHigher start 2023/07/02 20:44:07 190643 DEBUG [RegistryInfo.cpp->IsWindowsVistaOrHigher:4071] IsWindowsVistaOrHigher finished 2023/07/02 20:44:07 190651 DEBUG [RegistryInfo.cpp->GetShimCacheInfo:1809] GetShimCacheInfo 潬慣l 2023/07/02 20:44:07 190655 DEBUG [RegistryInfo.cpp->GetShimCacheInfo:1819] User Activity Scan: GetShimCacheInfo opening key SYSTEM\CurrentControlSet\Control\Session Manager\AppCompatCache 2023/07/02 20:44:07 191809 DEBUG [RegistryInfo.cpp->ParseShimEntries_Win10:1770] Unknown Shim Entry - App Name: 0000000b 00720000071f003a 000a00004a610000 8664 Microsoft.MicrosoftEdge.Stable 8wekyb3d8bbwe 2023/07/02 20:44:07 191962 DEBUG [RegistryInfo.cpp->ParseShimEntries_Win10:1770] Unknown Shim Entry - App Name: 00000009 0002000447940000 000a000042ee0000 8664 Microsoft.Wallet 8wekyb3d8bbwe 2023/07/02 20:44:07 192668 DEBUG [RegistryInfo.cpp->ParseShimEntries_Win10:1770] Unknown Shim Entry - App Name: 0000000b 000a0000000203e8 000a000047ba0001 8664 windows.immersivecontrolpanel cw5n1h2txyewy neutral 2023/07/02 20:44:07 192751 DEBUG [RegistryInfo.cpp->ParseShimEntries_Win10:1770] Unknown Shim Entry - App Name: 00000009 00015a0c00790000 000a0000585d0000 8664 Microsoft.YourPhone 8wekyb3d8bbwe 2023/07/02 20:44:07 192755 DEBUG [RegistryInfo.cpp->ParseShimEntries_Win10:1770] Unknown Shim Entry - App Name: 00000009 0bb80372089f0000 000c000000000000 8664 Microsoft.WindowsAppRuntime.1.3 8wekyb3d8bbwe 2023/07/02 20:44:07 192760 DEBUG [RegistryInfo.cpp->ParseShimEntries_Win10:1770] Unknown Shim Entry - App Name: 00000009 3e8537f653f20000 000a00004c610000 8664 microsoft.windowscommunicationsapps 8wekyb3d8bbwe 2023/07/02 20:44:07 192803 DEBUG [RegistryInfo.cpp->ParseShimEntries_Win10:1770] Unknown Shim Entry - App Name: 00000009 5721057900020000 000a000047ba0000 8664 Microsoft.StorePurchaseApp 8wekyb3d8bbwe 2023/07/02 20:44:07 192810 DEBUG [RegistryInfo.cpp->ParseShimEntries_Win10:1770] Unknown Shim Entry - App Name: 00000000 0bb80372089f0000 000c000000000000 8664 Microsoft.WindowsAppRuntime.1.3 8wekyb3d8bbwe 2023/07/02 20:44:07 193309 DEBUG [RegistryInfo.cpp->ParseShimEntries_Win10:1770] Unknown Shim Entry - App Name: 00000009 0004089c33f70000 000a00004a610000 8664 Microsoft.549981C3F5F10 8wekyb3d8bbwe 2023/07/02 20:44:07 193349 DEBUG [RegistryInfo.cpp->ParseShimEntries_Win10:1770] Unknown Shim Entry - App Name: 0000000b 000a00004a610749 000a00004a610749 8664 Microsoft.Windows.SecHealthUI cw5n1h2txyewy 2023/07/02 20:44:07 193353 DEBUG [RegistryInfo.cpp->ParseShimEntries_Win10:1770] Unknown Shim Entry - App Name: 00000009 03e84a6103e80000 000a00007fff0000 8664 MicrosoftWindows.Client.CBS cw5n1h2txyewy 2023/07/02 20:44:07 193539 DEBUG [RegistryInfo.cpp->ParseShimEntries_Win10:1770] Unknown Shim Entry - App Name: 00000000 000100d6047d0000 000a0000585d0000 014c SpotifyAB.SpotifyMusic zpdnekdrzrea0 2023/07/02 20:44:07 193546 DEBUG [RegistryInfo.cpp->ParseShimEntries_Win10:1770] Unknown Shim Entry - App Name: 00000000 000100d6047d0000 000a0000585d0000 8664 SpotifyAB.SpotifyMusic zpdnekdrzrea0 2023/07/02 20:44:07 193549 DEBUG [RegistryInfo.cpp->ParseShimEntries_Win10:1770] Unknown Shim Entry - App Name: 00000009 5721057900010000 000a0000585d0000 8664 Microsoft.WindowsStore 8wekyb3d8bbwe 2023/07/02 20:44:07 193554 DEBUG [RegistryInfo.cpp->ParseShimEntries_Win10:1770] Unknown Shim Entry - App Name: 00000009 00010000f0970000 000a0000585d0000 8664 Microsoft.WebMediaExtensions 8wekyb3d8bbwe 2023/07/02 20:44:07 193713 DEBUG [RegistryInfo.cpp->ParseShimEntries_Win10:1770] Unknown Shim Entry - App Name: 00000009 07e7272e697a0000 000a00004a650000 8664 Microsoft.Windows.Photos 8wekyb3d8bbwe 2023/07/02 20:44:07 193876 DEBUG [RegistryInfo.cpp->ParseShimEntries_Win10:1770] Unknown Shim Entry - App Name: 00000009 00920003043f0000 000a000047ba0000 8664 AD2F1837.HPPrinterControl v10z8vjag6ke6 2023/07/02 20:44:07 193880 DEBUG [RegistryInfo.cpp->ParseShimEntries_Win10:1770] Unknown Shim Entry - App Name: 00000009 000a564b27390000 000a00004bc80000 8664 Microsoft.ZuneVideo 8wekyb3d8bbwe 2023/07/02 20:44:07 193883 DEBUG [RegistryInfo.cpp->ParseShimEntries_Win10:1770] Unknown Shim Entry - App Name: 00000009 000b090000000000 000a000055f00000 8664 Microsoft.WindowsAlarms 8wekyb3d8bbwe 2023/07/02 20:44:07 194442 DEBUG [RegistryInfo.cpp->ParseShimEntries_Win10:1770] Unknown Shim Entry - App Name: 00000009 3e8137f653cc0000 000a000047ba0000 8664 Microsoft.Office.OneNote 8wekyb3d8bbwe 2023/07/02 20:44:07 194446 DEBUG [RegistryInfo.cpp->ParseShimEntries_Win10:1770] Unknown Shim Entry - App Name: 00000009 000609013ed70000 000a000047ba0000 8664 Microsoft.MSPaint 8wekyb3d8bbwe 2023/07/02 20:44:07 195158 DEBUG [RegistryInfo.cpp->ParseShimEntries_Win10:1770] Unknown Shim Entry - App Name: 00000009 07e7272e697a0000 000a000055f00000 8664 Microsoft.Windows.Photos 8wekyb3d8bbwe 2023/07/02 20:44:07 195175 DEBUG [RegistryInfo.cpp->ParseShimEntries_Win10:1770] Unknown Shim Entry - App Name: 00000009 000503370cbd0000 000a000055f00000 8664 Microsoft.XboxGamingOverlay 8wekyb3d8bbwe 2023/07/02 20:44:07 195362 DEBUG [RegistryInfo.cpp->ParseShimEntries_Win10:1770] Unknown Shim Entry - App Name: 0000000b 0001000e000a4a61 000a00004a610000 8664 Microsoft.Windows.Search cw5n1h2txyewy neutral 2023/07/02 20:44:07 195398 DEBUG [RegistryInfo.cpp->ParseShimEntries_Win10:1770] Unknown Shim Entry - App Name: 00000009 3e8537f653e80000 000a00004c610000 8664 microsoft.windowscommunicationsapps 8wekyb3d8bbwe 2023/07/02 20:44:07 195476 DEBUG [RegistryInfo.cpp->ParseShimEntries_Win10:1770] Unknown Shim Entry - App Name: 00000009 00920002041f0000 000a000047ba0000 8664 AD2F1837.HPPrinterControl v10z8vjag6ke6 2023/07/02 20:44:07 195928 DEBUG [RegistryInfo.cpp->ParseShimEntries_Win10:1770] Unknown Shim Entry - App Name: 0000000b 03e84a6103ff0000 000a0000295b0000 8664 Microsoft.AAD.BrokerPlugin cw5n1h2txyewy neutral 2023/07/02 20:44:07 196541 DEBUG [RegistryInfo.cpp->ParseShimEntries_Win10:1770] Unknown Shim Entry - App Name: 00000000 000100d502950000 000a0000585d0000 014c SpotifyAB.SpotifyMusic zpdnekdrzrea0 2023/07/02 20:44:07 196690 DEBUG [RegistryInfo.cpp->ParseShimEntries_Win10:1770] Unknown Shim Entry - App Name: 0000000b 000a00004a6103ff 000a000000000000 8664 Microsoft.Windows.ContentDeliveryManager cw5n1h2txyewy neutral 2023/07/02 20:44:07 196922 DEBUG [RegistryInfo.cpp->ParseShimEntries_Win10:1770] Unknown Shim Entry - App Name: 0000000b 000a00004a6103ff 000a00004a6103ff 8664 Microsoft.Windows.StartMenuExperienceHost cw5n1h2txyewy neutral 2023/07/02 20:44:07 197129 DEBUG [RegistryInfo.cpp->ParseShimEntries_Win10:1770] Unknown Shim Entry - App Name: 00000000 000100d502950000 000a0000585d0000 8664 SpotifyAB.SpotifyMusic zpdnekdrzrea0 2023/07/02 20:44:07 197133 DEBUG [RegistryInfo.cpp->ParseShimEntries_Win10:1770] Unknown Shim Entry - App Name: 00000009 00920001043a0000 000a000047ba0000 8664 AD2F1837.HPPrinterControl v10z8vjag6ke6 2023/07/02 20:44:07 197347 DEBUG [RegistryInfo.cpp->ParseShimEntries_Win10:1770] Unknown Shim Entry - App Name: 00000009 00010000a4d00000 000a00004a610000 8664 Microsoft.WebMediaExtensions 8wekyb3d8bbwe 2023/07/02 20:44:07 197445 DEBUG [RegistryInfo.cpp->ParseShimEntries_Win10:1770] Unknown Shim Entry - App Name: 00000009 3e8537f653e00000 000a00004c610000 8664 microsoft.windowscommunicationsapps 8wekyb3d8bbwe 2023/07/02 20:44:07 197449 DEBUG [RegistryInfo.cpp->ParseShimEntries_Win10:1770] Unknown Shim Entry - App Name: 00000009 00015a02006c0000 000a0000585d0000 8664 Microsoft.YourPhone 8wekyb3d8bbwe 2023/07/02 20:44:07 197454 DEBUG [RegistryInfo.cpp->ParseShimEntries_Win10:1770] Unknown Shim Entry - App Name: 00000000 000e00007f120000 000a0000273a0000 8664 Microsoft.VCLibs.140.00.UWPDesktop 8wekyb3d8bbwe 2023/07/02 20:44:07 197459 DEBUG [RegistryInfo.cpp->ParseShimEntries_Win10:1770] Unknown Shim Entry - App Name: 00000009 000e00007f120000 000a0000273a0000 8664 Microsoft.VCLibs.140.00.UWPDesktop 8wekyb3d8bbwe 2023/07/02 20:44:07 197465 DEBUG [RegistryInfo.cpp->ParseShimEntries_Win10:1770] Unknown Shim Entry - App Name: 00000000 000e00007f120000 000a0000273a0000 8664 Microsoft.VCLibs.140.00 8wekyb3d8bbwe 2023/07/02 20:44:07 197468 DEBUG [RegistryInfo.cpp->ParseShimEntries_Win10:1770] Unknown Shim Entry - App Name: 00000009 000e00007f120000 000a0000273a0000 8664 Microsoft.VCLibs.140.00 8wekyb3d8bbwe 2023/07/02 20:44:07 197472 DEBUG [RegistryInfo.cpp->ParseShimEntries_Win10:1770] Unknown Shim Entry - App Name: 00000009 0012090104c60000 000a00004a610000 8664 Microsoft.MicrosoftOfficeHub 8wekyb3d8bbwe 2023/07/02 20:44:07 197475 DEBUG [RegistryInfo.cpp->ParseShimEntries_Win10:1770] Unknown Shim Entry - App Name: 00000009 0bb8035306b00000 000c000000000000 8664 Microsoft.WindowsAppRuntime.1.3 8wekyb3d8bbwe 2023/07/02 20:44:07 197480 DEBUG [RegistryInfo.cpp->ParseShimEntries_Win10:1770] Unknown Shim Entry - App Name: 00000009 0066090136b20000 000a00004a610000 8664 Microsoft.6365217CE6EB4 8wekyb3d8bbwe 2023/07/02 20:44:07 197483 DEBUG [RegistryInfo.cpp->ParseShimEntries_Win10:1770] Unknown Shim Entry - App Name: 00000000 0bb8035306b00000 000c000000000000 8664 Microsoft.WindowsAppRuntime.1.3 8wekyb3d8bbwe 2023/07/02 20:44:07 198187 DEBUG [RegistryInfo.cpp->ParseShimEntries_Win10:1770] Unknown Shim Entry - App Name: 00000009 5720057900030000 000a00004a650000 8664 Microsoft.WindowsStore 8wekyb3d8bbwe 2023/07/02 20:44:07 198372 DEBUG [RegistryInfo.cpp->ParseShimEntries_Win10:1770] Unknown Shim Entry - App Name: 00000009 3e8537f653d80000 000a00004c610000 8664 microsoft.windowscommunicationsapps 8wekyb3d8bbwe 2023/07/02 20:44:07 198556 DEBUG [RegistryInfo.cpp->ParseShimEntries_Win10:1770] Unknown Shim Entry - App Name: 0000000b 00720000071f0025 000a00004a610000 8664 Microsoft.MicrosoftEdge.Stable 8wekyb3d8bbwe 2023/07/02 20:44:07 199133 DEBUG [RegistryInfo.cpp->ParseShimEntries_Win10:1770] Unknown Shim Entry - App Name: 0000000b 03e84a6103ff0000 000a000000000000 8664 Microsoft.Windows.Apprep.ChxApp cw5n1h2txyewy neutral 2023/07/02 20:44:07 199162 DEBUG [RegistryInfo.cpp->ParseShimEntries_Win10:1770] Unknown Shim Entry - App Name: 0000000b 0001000e00094a61 000a00004a610000 8664 Microsoft.Windows.Search cw5n1h2txyewy neutral 2023/07/02 20:44:07 199212 DEBUG [RegistryInfo.cpp->ParseShimEntries_Win10:1770] Unknown Shim Entry - App Name: 00000009 07e70900000b0000 000a000055f00000 8664 Microsoft.WindowsCamera 8wekyb3d8bbwe 2023/07/02 20:44:07 199217 DEBUG [RegistryInfo.cpp->ParseShimEntries_Win10:1770] Unknown Shim Entry - App Name: 00000009 5720057900030000 000a0000585d0000 8664 Microsoft.WindowsStore 8wekyb3d8bbwe 2023/07/02 20:44:07 199221 DEBUG [RegistryInfo.cpp->ParseShimEntries_Win10:1770] Unknown Shim Entry - App Name: 00000009 000100132b3f0000 000a000062200000 8664 Microsoft.DesktopAppInstaller 8wekyb3d8bbwe 2023/07/02 20:44:07 199225 DEBUG [RegistryInfo.cpp->ParseShimEntries_Win10:1770] Unknown Shim Entry - App Name: 00000009 000b090000020000 000a000055f0015a 8664 Microsoft.ZuneMusic 8wekyb3d8bbwe 2023/07/02 20:44:07 199300 DEBUG [RegistryInfo.cpp->ParseShimEntries_Win10:1770] Unknown Shim Entry - App Name: 00000009 000a089a001e0000 000a000045630000 8664 Microsoft.People 8wekyb3d8bbwe 2023/07/02 20:44:07 199308 DEBUG [RegistryInfo.cpp->ParseShimEntries_Win10:1770] Unknown Shim Entry - App Name: 00000009 300f057900010000 000a000047ba0000 8664 Microsoft.StorePurchaseApp 8wekyb3d8bbwe 2023/07/02 20:44:07 199312 DEBUG [RegistryInfo.cpp->ParseShimEntries_Win10:1770] Unknown Shim Entry - App Name: 00000009 000a089a001f0000 000a000045630000 8664 Microsoft.People 8wekyb3d8bbwe 2023/07/02 20:44:07 201440 DEBUG [RegistryInfo.cpp->ParseShimEntries_Win10:1770] Unknown Shim Entry - App Name: 00000000 000100d403860000 000a0000585d0000 014c SpotifyAB.SpotifyMusic zpdnekdrzrea0 2023/07/02 20:44:07 201528 DEBUG [RegistryInfo.cpp->ParseShimEntries_Win10:1770] Unknown Shim Entry - App Name: 0000000b 0071000006ee0039 000a00004a610000 8664 Microsoft.MicrosoftEdge.Stable 8wekyb3d8bbwe 2023/07/02 20:44:07 201698 DEBUG [RegistryInfo.cpp->ParseShimEntries_Win10:1770] Unknown Shim Entry - App Name: 00000000 000100d403860000 000a0000585d0000 8664 SpotifyAB.SpotifyMusic zpdnekdrzrea0 2023/07/02 20:44:07 201715 DEBUG [RegistryInfo.cpp->ParseShimEntries_Win10:1770] Unknown Shim Entry - App Name: 00000009 3e8537f653c60000 000a00004c610000 8664 microsoft.windowscommunicationsapps 8wekyb3d8bbwe 2023/07/02 20:44:07 201719 DEBUG [RegistryInfo.cpp->ParseShimEntries_Win10:1770] Unknown Shim Entry - App Name: 00000009 00040035c9050000 000a00004a610000 8664 Microsoft.BingWeather 8wekyb3d8bbwe 2023/07/02 20:44:07 201964 DEBUG [RegistryInfo.cpp->ParseShimEntries_Win10:1770] Unknown Shim Entry - App Name: 0000000b 000a00004a61079d 000a00004a61079d 8664 Microsoft.Windows.ShellExperienceHost cw5n1h2txyewy neutral 2023/07/02 20:44:07 202320 DEBUG [RegistryInfo.cpp->ParseShimEntries_Win10:1770] Unknown Shim Entry - App Name: 00000009 0030005961a90000 000a00003ad70000 8664 Microsoft.XboxApp 8wekyb3d8bbwe 2023/07/02 20:44:07 202326 DEBUG [RegistryInfo.cpp->ParseShimEntries_Win10:1770] Unknown Shim Entry - App Name: 00000009 300d057900080000 000a000047ba0000 8664 Microsoft.StorePurchaseApp 8wekyb3d8bbwe 2023/07/02 20:44:07 202329 DEBUG [RegistryInfo.cpp->ParseShimEntries_Win10:1770] Unknown Shim Entry - App Name: 00000009 07d0523b05020000 000a000045180000 8664 Microsoft.MixedReality.Portal 8wekyb3d8bbwe 2023/07/02 20:44:07 202334 DEBUG [RegistryInfo.cpp->ParseShimEntries_Win10:1770] Unknown Shim Entry - App Name: 00000009 000c005f0bb90000 000a000045630000 8664 Microsoft.XboxIdentityProvider 8wekyb3d8bbwe 2023/07/02 20:44:07 202338 DEBUG [RegistryInfo.cpp->ParseShimEntries_Win10:1770] Unknown Shim Entry - App Name: 00000009 0004000600000000 000a000047ba0000 8664 Microsoft.MicrosoftStickyNotes 8wekyb3d8bbwe 2023/07/02 20:44:07 202342 DEBUG [RegistryInfo.cpp->ParseShimEntries_Win10:1770] Unknown Shim Entry - App Name: 00000009 000400100c440000 000a00004a610000 8664 Microsoft.MicrosoftSolitaireCollection 8wekyb3d8bbwe 2023/07/02 20:44:07 202346 DEBUG [RegistryInfo.cpp->ParseShimEntries_Win10:1770] Unknown Shim Entry - App Name: 00000009 07e708fe000e0000 000a000055f00000 8664 Microsoft.WindowsCamera 8wekyb3d8bbwe 2023/07/02 20:44:07 202349 DEBUG [RegistryInfo.cpp->ParseShimEntries_Win10:1770] Unknown Shim Entry - App Name: 00000009 000b08ff00050000 000a000055f00000 8664 Microsoft.WindowsMaps 8wekyb3d8bbwe 2023/07/02 20:44:07 202986 DEBUG [RegistryInfo.cpp->ParseShimEntries_Win10:1770] Unknown Shim Entry - App Name: 00000009 000a07d80bb90000 000a000047ba0000 8664 Microsoft.ScreenSketch 8wekyb3d8bbwe 2023/07/02 20:44:07 203244 DEBUG [RegistryInfo.cpp->ParseShimEntries_Win10:1770] Unknown Shim Entry - App Name: 00000009 00910003043e0000 000a000047ba0000 8664 AD2F1837.HPPrinterControl v10z8vjag6ke6 2023/07/02 20:44:07 203249 DEBUG [RegistryInfo.cpp->ParseShimEntries_Win10:1770] Unknown Shim Entry - App Name: 00000009 000159f800ba0000 000a0000585d0000 8664 Microsoft.YourPhone 8wekyb3d8bbwe 2023/07/02 20:44:07 203252 DEBUG [RegistryInfo.cpp->ParseShimEntries_Win10:1770] Unknown Shim Entry - App Name: 00000009 000159f800c40000 000a0000585d0000 8664 Microsoft.YourPhone 8wekyb3d8bbwe 2023/07/02 20:44:07 203256 DEBUG [RegistryInfo.cpp->ParseShimEntries_Win10:1770] Unknown Shim Entry - App Name: 00000009 571f057900070000 000a0000585d0000 8664 Microsoft.WindowsStore 8wekyb3d8bbwe 2023/07/02 20:44:07 203296 DEBUG [RegistryInfo.cpp->ParseShimEntries_Win10:1770] Unknown Shim Entry - App Name: 00000009 0012090004b20000 000a00004a610000 8664 Microsoft.MicrosoftOfficeHub 8wekyb3d8bbwe 2023/07/02 20:44:07 203312 DEBUG [RegistryInfo.cpp->ParseShimEntries_Win10:1770] Unknown Shim Entry - App Name: 00000009 00040035c8350000 000a00004a610000 8664 Microsoft.BingWeather 8wekyb3d8bbwe 2023/07/02 20:44:07 203315 DEBUG [RegistryInfo.cpp->ParseShimEntries_Win10:1770] Unknown Shim Entry - App Name: 00000009 00040035c8a10000 000a00004a610000 8664 Microsoft.BingWeather 8wekyb3d8bbwe 2023/07/02 20:44:07 203320 DEBUG [RegistryInfo.cpp->ParseShimEntries_Win10:1770] Unknown Shim Entry - App Name: 00000009 00010000eef30000 000a0000585d0000 8664 Microsoft.HEIFImageExtension 8wekyb3d8bbwe 2023/07/02 20:44:07 203324 DEBUG [RegistryInfo.cpp->ParseShimEntries_Win10:1770] Unknown Shim Entry - App Name: 0000000b 0071000006ee0032 000a00004a610000 8664 Microsoft.MicrosoftEdge.Stable 8wekyb3d8bbwe 2023/07/02 20:44:07 203516 DEBUG [RegistryInfo.cpp->GetRegistryInfo:9121] User Activity Scan: Got Shim Cache 2023/07/02 20:44:07 203524 DEBUG [RegistryInfo.cpp->GetBAMInfo:1935] GetBAMInfo local 2023/07/02 20:44:07 203527 DEBUG [RegistryInfo.cpp->GetBAMInfo:1943] User Activity Scan: GetBAMInfo opening key SYSTEM\CurrentControlSet\Services\bam\State\UserSettings 2023/07/02 20:44:07 210477 DEBUG [misc.cpp->GetUserFromSID:12600] Error: LookupAccountSid(S-1-5-90-0-2): 1332 2023/07/02 20:44:07 210633 DEBUG [misc.cpp->GetUserFromSID:12600] Error: LookupAccountSid(S-1-5-90-0-3): 1332 2023/07/02 20:44:07 210758 DEBUG [misc.cpp->GetUserFromSID:12600] Error: LookupAccountSid(S-1-5-90-0-4): 1332 2023/07/02 20:44:07 210927 DEBUG [misc.cpp->GetUserFromSID:12600] Error: LookupAccountSid(S-1-5-90-0-5): 1332 2023/07/02 20:44:07 211050 DEBUG [misc.cpp->GetUserFromSID:12600] Error: LookupAccountSid(S-1-5-90-0-6): 1332 2023/07/02 20:44:07 211175 DEBUG [misc.cpp->GetUserFromSID:12600] Error: LookupAccountSid(S-1-5-90-0-7): 1332 2023/07/02 20:44:07 211274 DEBUG [misc.cpp->GetUserFromSID:12600] Error: LookupAccountSid(S-1-5-90-0-8): 1332 2023/07/02 20:44:07 211435 DEBUG [misc.cpp->GetUserFromSID:12600] Error: LookupAccountSid(S-1-5-90-0-9): 1332 2023/07/02 20:44:07 211454 DEBUG [RegistryInfo.cpp->GetRegistryInfo:9124] User Activity Scan: Got BAM 2023/07/02 20:44:07 211461 DEBUG [RegistryInfo.cpp->GetBAMInfo:1935] GetBAMInfo local 2023/07/02 20:44:07 211464 DEBUG [RegistryInfo.cpp->GetBAMInfo:1943] User Activity Scan: GetBAMInfo opening key SYSTEM\CurrentControlSet\Services\dam\State\UserSettings 2023/07/02 20:44:07 211480 DEBUG [RegistryInfo.cpp->GetBAMInfo:1949] User Activity Scan: GetBAMInfo opening key SYSTEM\CurrentControlSet\Services\dam\UserSettings 2023/07/02 20:44:07 211490 DEBUG [RegistryInfo.cpp->GetBAMInfo:1955] User Activity Scan: GetBAMInfo couldn't open key 2023/07/02 20:44:07 211493 DEBUG [RegistryInfo.cpp->GetRegistryInfo:9127] User Activity Scan: Got DAM 2023/07/02 20:44:07 212754 DEBUG [DPAPI_Emulator.cpp->DPAPIEmulator::CustomCryptUnprotectData:590] DPAPI emulator: using master key 34 : Blob GUID e31136dc-f5b0-4cf7-9c5e-6abd56fc6c8f 2023/07/02 20:44:07 212760 DEBUG [DPAPI_Emulator.cpp->DPAPIEmulator::CustomCryptUnprotectData:621] DPAPI emulator: useHashAlgo 32782 2023/07/02 20:44:07 212762 DEBUG [DPAPI_Emulator.cpp->DPAPIEmulator::CustomCryptUnprotectData:629] DPAPI emulator: DPAPIMasterkey not decrypted 2023/07/02 20:44:07 213493 DEBUG [DPAPI_Emulator.cpp->DPAPIEmulator::CustomCryptUnprotectData:724] DPAPI emulator: sha1 key FDAC2380CE5C61A51DC504E852CA6279C0712BB7 2023/07/02 20:44:07 228090 DEBUG [RegistryInfo.cpp->GetRegistryInfo:9131] User Activity Scan: Got connected Wireless 2023/07/02 20:44:07 228102 DEBUG [RegistryInfo.cpp->GetAmCacheInfo:6266] User Activity Scan: GetAmCacheInfo Start [Live Acq.] 2023/07/02 20:44:07 228190 DEBUG [CfgStart.cpp->CreateTempRegFileIfNeeded:2900] CreateTempRegFileIfNeeded: A 2023/07/02 20:44:07 228321 DEBUG [CfgStart.cpp->CreateTempRegFileIfNeeded:2905] CreateTempRegFileIfNeeded: B 2023/07/02 20:44:07 228327 DEBUG [CfgStart.cpp->CreateTempRegFileIfNeeded:2910] CreateTempRegFileIfNeeded: C 2023/07/02 20:44:07 228369 DEBUG [CfgStart.cpp->CreateTempRegFileIfNeeded:2919] CreateTempRegFileIfNeeded: DA 2023/07/02 20:44:07 228374 DEBUG [CfgStart.cpp->CreateTempRegFileIfNeeded:2927] CreateTempRegFileIfNeeded: DB 2023/07/02 20:44:07 228375 DEBUG [CfgStart.cpp->CreateTempRegFileIfNeeded:2932] CreateTempRegFileIfNeeded: DC 2023/07/02 20:44:07 228379 DEBUG [RegViewer.cpp->ShadowCopyFiles:180] ShadowCopyFiles entry 2023/07/02 20:44:07 228381 DEBUG [RegViewer.cpp->ShadowCopyFiles:184] ShadowCopyFiles: Trying to create shadow volume 2023/07/02 20:44:07 228388 DEBUG [RegViewer.cpp->CreateShadowVolumeForFC:70] CreateShadowVolumeForFC entry 2023/07/02 20:44:07 228390 DEBUG [RegViewer.cpp->CreateShadowVolumeForFC:81] CreateShadowVolumeForFC Initialize VSS client 2023/07/02 20:44:07 231659 DEBUG [RegViewer.cpp->CreateShadowVolumeForFC:86] CreateShadowVolumeForFC Get unique vol name for: C:\ 2023/07/02 20:44:07 231855 DEBUG [RegViewer.cpp->CreateShadowVolumeForFC:90] unique vol name: \\?\Volume{7ca98c3f-915d-4b9b-af94-0c1461c57887}\ 2023/07/02 20:44:07 231860 DEBUG [RegViewer.cpp->CreateShadowVolumeForFC:98] CreateShadowVolumeForFC create snapshot set 2023/07/02 20:44:08 530362 DEBUG [RegViewer.cpp->CreateShadowVolumeForFC:107] CreateShadowVolumeForFC getLatestSnapshotIdListt 2023/07/02 20:44:08 530369 DEBUG [RegViewer.cpp->CreateShadowVolumeForFC:112] CreateShadowVolumeForFC GetSnapshotDeviceName 2023/07/02 20:44:08 530823 DEBUG [RegViewer.cpp->CreateShadowVolumeForFC:121] CreateShadowVolumeForFC exit 2023/07/02 20:44:08 530828 DEBUG [RegViewer.cpp->ShadowCopyFiles:206] ShadowCopyFiles: created shadow volume 2023/07/02 20:44:08 530833 DEBUG [RegViewer.cpp->ShadowCopyFiles:211] ShadowCopyFiles: 1 files to copy 2023/07/02 20:44:08 530837 DEBUG [RegViewer.cpp->ShadowCopyFiles:218] ShadowCopyFiles: curent file: C:\WINDOWS\appcompat\Programs\AmCache.hve 2023/07/02 20:44:08 530840 DEBUG [RegViewer.cpp->ShadowCopyFiles:223] ShadowCopyFiles: SourceFile: \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy8\WINDOWS\appcompat\Programs\AmCache.hve 2023/07/02 20:44:08 530850 DEBUG [RegViewer.cpp->ShadowCopyFiles:236] ShadowCopyFiles: DestFile: C:\ProgramData\PassMark\OSForensics\Temp\18140\932723935BBEACA7AF94DA0223C32809 2023/07/02 20:44:09 012646 DEBUG [RegViewer.cpp->ShadowCopyFiles:273] ShadowCopyFiles done 2023/07/02 20:44:09 016583 DEBUG [CfgStart.cpp->CreateTempRegFileIfNeeded:2944] CreateTempRegFileIfNeeded check temp file access 2023/07/02 20:44:09 020793 DEBUG [CfgStart.cpp->CreateTempRegFileIfNeeded:2989] CreateTempRegFileIfNeeded: finished 2023/07/02 20:44:09 083701 DEBUG [RegistryInfo.cpp->GetAmCacheInfo:6500] User Activity Scan: GetAmCacheInfo Finish [OK] 2023/07/02 20:44:09 083711 DEBUG [RegistryInfo.cpp->GetRegistryInfo:9136] User Activity Scan: Got AmCache 2023/07/02 20:44:09 083716 DEBUG [RegistryInfo.cpp->GetInstalledProgramsSystem:6507] User Activity Scan: GetInstalledPrograms start 2023/07/02 20:44:09 100436 DEBUG [RegistryInfo.cpp->GetInstalledProgramsSystem:6715] User Activity Scan: GetInstalledPrograms done 2023/07/02 20:44:09 100444 DEBUG [RegistryInfo.cpp->GetRegistryInfo:9139] User Activity Scan: Got installed programs system 2023/07/02 20:44:09 100447 DEBUG [RegistryInfo.cpp->GetInstalledProgramsUser:7070] User Activity Scan: GetInstalledProgramsUser Start [Local] 2023/07/02 20:44:09 100796 DEBUG [RegistryInfo.cpp->GetInstalledProgramsUser_Local:6734] User Activity Scan: GetInstalledProgramsUser couldn't open key [Software\Microsoft\Installer\Products] 2023/07/02 20:44:09 100808 DEBUG [RegistryInfo.cpp->GetInstalledProgramsUser_Local:6734] User Activity Scan: GetInstalledProgramsUser couldn't open key [Software\Microsoft\Windows\ShellNoRoam\MuiCache] 2023/07/02 20:44:09 102460 DEBUG [RegistryInfo.cpp->GetInstalledProgramsUser:7091] User Activity Scan: GetInstalledProgramsUser Finish [OK] 2023/07/02 20:44:09 102479 DEBUG [RegistryInfo.cpp->GetRegistryInfo:9142] User Activity Scan: Got installed programs user 2023/07/02 20:44:09 102610 DEBUG [RegistryInfo.cpp->GetAppCompatFlagsInfo:1214] User Activity Scan: GetAppCompatFlagsInfo start 2023/07/02 20:44:09 102617 DEBUG [RegistryInfo.cpp->GetAppCompatFlagsInfo:1233] User Activity Scan: GetAppCompatFlagsInfo opening key SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers 2023/07/02 20:44:09 102642 DEBUG [RegistryInfo.cpp->GetAppCompatFlagsInfo:1291] User Activity Scan: GetAppCompatFlagsInfo done 2023/07/02 20:44:09 102646 DEBUG [RegistryInfo.cpp->GetRegistryInfo:9154] User Activity Scan: Got AppCompatFlags system 2023/07/02 20:44:09 102647 DEBUG [RegistryInfo.cpp->GetAppCompatFlagsInfo:1214] User Activity Scan: GetAppCompatFlagsInfo start 2023/07/02 20:44:09 102651 DEBUG [RegistryInfo.cpp->GetAppCompatFlagsInfo:1225] User Activity Scan: GetAppCompatFlagsInfo opening key Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers 2023/07/02 20:44:09 103064 DEBUG [RegistryInfo.cpp->GetAppCompatFlagsInfo:1291] User Activity Scan: GetAppCompatFlagsInfo done 2023/07/02 20:44:09 103067 DEBUG [RegistryInfo.cpp->GetRegistryInfo:9149] User Activity Scan: Got AppCompatFlags user 2023/07/02 20:44:09 103069 DEBUG [RegistryInfo.cpp->GetAppCompatFlagsInfo:1214] User Activity Scan: GetAppCompatFlagsInfo start 2023/07/02 20:44:09 103072 DEBUG [RegistryInfo.cpp->GetAppCompatFlagsInfo:1225] User Activity Scan: GetAppCompatFlagsInfo opening key Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted 2023/07/02 20:44:09 103082 DEBUG [RegistryInfo.cpp->GetAppCompatFlagsInfo:1239] User Activity Scan: GetAppCompatFlagsInfo couldn't open key 2023/07/02 20:44:09 103085 DEBUG [RegistryInfo.cpp->GetRegistryInfo:9149] User Activity Scan: Got AppCompatFlags user 2023/07/02 20:44:09 103086 DEBUG [RegistryInfo.cpp->GetAppCompatFlagsInfo:1214] User Activity Scan: GetAppCompatFlagsInfo start 2023/07/02 20:44:09 103089 DEBUG [RegistryInfo.cpp->GetAppCompatFlagsInfo:1225] User Activity Scan: GetAppCompatFlagsInfo opening key Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store 2023/07/02 20:44:09 125383 DEBUG [RegistryInfo.cpp->GetAppCompatFlagsInfo:1291] User Activity Scan: GetAppCompatFlagsInfo done 2023/07/02 20:44:09 125391 DEBUG [RegistryInfo.cpp->GetRegistryInfo:9149] User Activity Scan: Got AppCompatFlags user 2023/07/02 20:44:09 125395 DEBUG [RegistryInfo.cpp->GetAutoRunEntriesSystem:577] User Activity Scan: GetAutoRunEntriesSystem start 2023/07/02 20:44:09 125426 DEBUG [RegistryInfo.cpp->GetAutoRunEntriesSystem:598] User Activity Scan: GetAutoRunEntriesSystem Open Software\Microsoft\Windows\CurrentVersion\Run 2023/07/02 20:44:09 125430 DEBUG [RegistryInfo.cpp->GetAutoRunEntriesSystem:650] User Activity Scan: GetAutoRunEntriesSystem scan values local 2023/07/02 20:44:09 125520 DEBUG [RegistryInfo.cpp->GetAutoRunEntriesSystem:685] User Activity Scan: GetAutoRunEntriesSystem scan values done 2023/07/02 20:44:09 125534 DEBUG [RegistryInfo.cpp->GetAutoRunEntriesSystem:693] User Activity Scan: GetAutoRunEntriesSystem Open Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run 2023/07/02 20:44:09 125546 DEBUG [RegistryInfo.cpp->GetAutoRunEntriesSystem:783] User Activity Scan: GetAutoRunEntriesSystem Open Software\Microsoft\Windows\CurrentVersion\RunOnce 2023/07/02 20:44:09 125549 DEBUG [RegistryInfo.cpp->GetAutoRunEntriesSystem:832] User Activity Scan: GetAutoRunEntriesSystem scan values local 2023/07/02 20:44:09 125686 DEBUG [RegistryInfo.cpp->GetAutoRunEntriesSystem:867] User Activity Scan: GetAutoRunEntriesSystem scan values done 2023/07/02 20:44:09 125692 DEBUG [RegistryInfo.cpp->GetAutoRunEntriesSystem:873] User Activity Scan: GetAutoRunEntriesSystem done 2023/07/02 20:44:09 125823 DEBUG [RegistryInfo.cpp->GetRegistryInfo:9160] User Activity Scan: Got autorun entries system 2023/07/02 20:44:09 125828 DEBUG [RegistryInfo.cpp->GetAutoRunEntriesUser:896] User Activity Scan: GetAutoRunEntriesUser start 2023/07/02 20:44:09 126356 DEBUG [RegistryInfo.cpp->GetAutoRunEntriesUser:916] User Activity Scan: GetAutoRunEntriesUser Open Software\Microsoft\Windows NT\CurrentVersion\Run 2023/07/02 20:44:09 126370 DEBUG [RegistryInfo.cpp->GetAutoRunEntriesUser:1010] User Activity Scan: GetAutoRunEntriesUser Open Software\Microsoft\Windows\CurrentVersion\Run 2023/07/02 20:44:09 126372 DEBUG [RegistryInfo.cpp->GetAutoRunEntriesUser:1060] User Activity Scan: GetAutoRunEntriesUser scan values local 2023/07/02 20:44:09 126493 DEBUG [RegistryInfo.cpp->GetAutoRunEntriesUser:1093] User Activity Scan: GetAutoRunEntriesUser scan values done