"Time of Day","Process Name","PID","Operation","Path","Result","Detail"
"16:55:03.7807686","Explorer.EXE","1800","CreateFile","C:\Users\USER\Desktop\Msg.lnk","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Open Requiring Oplock, Attributes: N, ShareMode: Read, AllocationSize: n/a, OpenResult: Opened"
"16:55:03.7810456","Explorer.EXE","1800","FileSystemControl","C:\Users\USER\Desktop\Msg.lnk","SUCCESS","Control: FSCTL_REQUEST_FILTER_OPLOCK"
"16:55:03.7811031","Explorer.EXE","1800","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: Name"
"16:55:03.7811341","Explorer.EXE","1800","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"16:55:03.7811602","Explorer.EXE","1800","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"16:55:03.7811908","Explorer.EXE","1800","RegOpenKey","HKCU\Software\Classes\CLSID\{00021401-0000-0000-C000-000000000046}","NAME NOT FOUND","Desired Access: Read"
"16:55:03.7812330","Explorer.EXE","1800","RegOpenKey","HKCR\CLSID\{00021401-0000-0000-C000-000000000046}","SUCCESS","Desired Access: Read"
"16:55:03.7812701","Explorer.EXE","1800","RegQueryKey","HKCR\CLSID\{00021401-0000-0000-C000-000000000046}","SUCCESS","Query: Name"
"16:55:03.7812931","Explorer.EXE","1800","RegQueryKey","HKCR\CLSID\{00021401-0000-0000-C000-000000000046}","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"16:55:03.7813310","Explorer.EXE","1800","RegOpenKey","HKCU\Software\Classes\CLSID\{00021401-0000-0000-C000-000000000046}","NAME NOT FOUND","Desired Access: Maximum Allowed"
"16:55:03.7813644","Explorer.EXE","1800","RegQueryValue","HKCR\CLSID\{00021401-0000-0000-C000-000000000046}\EnableShareDenyNone","NAME NOT FOUND","Length: 144"
"16:55:03.7816954","Explorer.EXE","1800","CreateFile","C:\Users\USER\Desktop\Msg.lnk","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"16:55:03.7817651","Explorer.EXE","1800","ReadFile","C:\Users\USER\Desktop\Msg.lnk","SUCCESS","Offset: 0, Length: 619, Priority: Normal"
"16:55:03.7818352","Explorer.EXE","1800","QueryBasicInformationFile","C:\Users\USER\Desktop\Msg.lnk","SUCCESS","CreationTime: 07/02/2016 22:39:13, LastAccessTime: 07/02/2016 22:39:13, LastWriteTime: 20/02/2016 23:03:12, ChangeTime: 25/02/2016 13:22:36, FileAttributes: ANCI"
"16:55:03.7818624","Explorer.EXE","1800","QueryStandardInformationFile","C:\Users\USER\Desktop\Msg.lnk","SUCCESS","AllocationSize: 624, EndOfFile: 619, NumberOfLinks: 1, DeletePending: False, Directory: False"
"16:55:03.7820705","Explorer.EXE","1800","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: Name"
"16:55:03.7821091","Explorer.EXE","1800","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"16:55:03.7821421","Explorer.EXE","1800","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"16:55:03.7821800","Explorer.EXE","1800","RegOpenKey","HKCU\Software\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}","NAME NOT FOUND","Desired Access: Read"
"16:55:03.7822256","Explorer.EXE","1800","RegOpenKey","HKCR\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}","SUCCESS","Desired Access: Read"
"16:55:03.7822693","Explorer.EXE","1800","RegQueryKey","HKCR\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}","SUCCESS","Query: Name"
"16:55:03.7823049","Explorer.EXE","1800","RegQueryKey","HKCR\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"16:55:03.7823467","Explorer.EXE","1800","RegOpenKey","HKCU\Software\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}","NAME NOT FOUND","Desired Access: Maximum Allowed"
"16:55:03.7823900","Explorer.EXE","1800","RegQueryValue","HKCR\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\System.NamespaceCLSID","NAME NOT FOUND","Length: 144"
"16:55:03.7824268","Explorer.EXE","1800","RegCloseKey","HKCR\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}","SUCCESS",""
"16:55:03.7824654","Explorer.EXE","1800","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: Name"
"16:55:03.7825007","Explorer.EXE","1800","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"16:55:03.7825329","Explorer.EXE","1800","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"16:55:03.7825708","Explorer.EXE","1800","RegOpenKey","HKCU\Software\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}","NAME NOT FOUND","Desired Access: Read"
"16:55:03.7826095","Explorer.EXE","1800","RegOpenKey","HKCR\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}","SUCCESS","Desired Access: Read"
"16:55:03.7826490","Explorer.EXE","1800","RegQueryKey","HKCR\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}","SUCCESS","Query: Name"
"16:55:03.7826850","Explorer.EXE","1800","RegQueryKey","HKCR\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"16:55:03.7827286","Explorer.EXE","1800","RegOpenKey","HKCU\Software\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}","NAME NOT FOUND","Desired Access: Maximum Allowed"
"16:55:03.7827696","Explorer.EXE","1800","RegQueryValue","HKCR\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\{28636AA6-953D-11D2-B5D6-00C04FD918D0} 6","NAME NOT FOUND","Length: 144"
"16:55:03.7828053","Explorer.EXE","1800","RegCloseKey","HKCR\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}","SUCCESS",""
"16:55:03.7828566","Explorer.EXE","1800","CloseFile","C:\Users\USER\Desktop\Msg.lnk","SUCCESS",""
"16:55:03.7829306","Explorer.EXE","1800","RegCloseKey","HKCR\CLSID\{00021401-0000-0000-C000-000000000046}","SUCCESS",""
"16:55:03.7830512","Explorer.EXE","1800","RegCloseKey","HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell","SUCCESS",""
"16:55:03.7830872","Explorer.EXE","1800","RegQueryKey","HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"16:55:03.7831198","Explorer.EXE","1800","RegOpenKey","HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell","SUCCESS","Desired Access: Read/Write"
"16:55:03.7831654","Explorer.EXE","1800","RegQueryValue","HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU Size","NAME NOT FOUND","Length: 144"
"16:55:03.7832114","Explorer.EXE","1800","RegQueryKey","HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"16:55:03.7832470","Explorer.EXE","1800","RegCreateKey","HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU","SUCCESS","Desired Access: Read/Write, Disposition: REG_OPENED_EXISTING_KEY"
"16:55:03.7833156","Explorer.EXE","1800","RegQueryValue","HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx","SUCCESS","Type: REG_BINARY, Length: 12, Data: 00 00 00 00 02 00 00 00 FF FF FF FF"
"16:55:03.7833497","Explorer.EXE","1800","RegQueryValue","HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots","BUFFER OVERFLOW","Length: 144"
"16:55:03.7833823","Explorer.EXE","1800","RegQueryValue","HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots","SUCCESS","Type: REG_BINARY, Length: 5,000, Data: 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02"
"16:55:03.7834179","Explorer.EXE","1800","RegSetValue","HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots","SUCCESS","Type: REG_BINARY, Length: 5,000, Data: 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02"
"16:55:03.7835056","Explorer.EXE","1800","RegQueryValue","HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0","SUCCESS","Type: REG_BINARY, Length: 22, Data: 14 00 1F 50 E0 4F D0 20 EA 3A 69 10 A2 D8 08 00"
"16:55:03.7835401","Explorer.EXE","1800","RegQueryValue","HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0","SUCCESS","Type: REG_BINARY, Length: 22, Data: 14 00 1F 50 E0 4F D0 20 EA 3A 69 10 A2 D8 08 00"
"16:55:03.7835753","Explorer.EXE","1800","RegQueryKey","HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"16:55:03.7836106","Explorer.EXE","1800","RegCreateKey","HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0","SUCCESS","Desired Access: Read/Write, Disposition: REG_OPENED_EXISTING_KEY"
"16:55:03.7836746","Explorer.EXE","1800","RegQueryValue","HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx","SUCCESS","Type: REG_BINARY, Length: 16, Data: 02 00 00 00 01 00 00 00 00 00 00 00 FF FF FF FF"
"16:55:03.7837079","Explorer.EXE","1800","RegSetValue","HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx","SUCCESS","Type: REG_BINARY, Length: 12, Data: 00 00 00 00 02 00 00 00 FF FF FF FF"
"16:55:03.7837523","Explorer.EXE","1800","RegQueryValue","HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\2","SUCCESS","Type: REG_BINARY, Length: 27, Data: 19 00 2F 45 3A 5C 00 00 00 00 00 00 00 00 00 00"
"16:55:03.7837872","Explorer.EXE","1800","RegQueryValue","HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\2","SUCCESS","Type: REG_BINARY, Length: 27, Data: 19 00 2F 45 3A 5C 00 00 00 00 00 00 00 00 00 00"
"16:55:03.7838228","Explorer.EXE","1800","RegQueryKey","HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"16:55:03.7838581","Explorer.EXE","1800","RegCreateKey","HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\2","SUCCESS","Desired Access: Read/Write, Disposition: REG_OPENED_EXISTING_KEY"
"16:55:03.7839179","Explorer.EXE","1800","RegQueryValue","HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\2\MRUListEx","SUCCESS","Type: REG_BINARY, Length: 60, Data: 0A 00 00 00 02 00 00 00 00 00 00 00 03 00 00 00"
"16:55:03.7839634","Explorer.EXE","1800","RegQueryValue","HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\2\10","SUCCESS","Type: REG_BINARY, Length: 90, Data: 58 00 31 00 00 00 00 00 27 49 3D AC 10 20 23 4D"