public override void StopRun()
        {
            watchers.ForEach(x => x.EnableRaisingEvents = false);

            // Write each accessed file once.
            foreach (var e in filesAccessed)
            {
                var ToWrite = new FileMonitorObject(e.Value.FullPath)
                {
                    ResultType       = RESULT_TYPE.FILEMONITOR,
                    ChangeType       = ChangeTypeStringToChangeType(e.Value.ChangeType.ToString()),
                    Name             = e.Value.Name,
                    Timestamp        = DateTime.Now.ToString("O", CultureInfo.InvariantCulture),
                    FileSystemObject = fsc.FilePathToFileSystemObject(e.Value.FullPath),
                    NotifyFilters    = NotifyFilters.LastAccess
                };
                changeHandler(ToWrite);
            }

            RunStatus = RUN_STATUS.COMPLETED;
        }
        public void ParseComObjects(RegistryKey SearchKey, RegistryView View)
        {
            if (SearchKey == null)
            {
                return;
            }
            List <ComObject> comObjects = new List <ComObject>();

            try
            {
                Parallel.ForEach(SearchKey.GetSubKeyNames(), (SubKeyName) =>
                {
                    try
                    {
                        RegistryKey CurrentKey = SearchKey.OpenSubKey(SubKeyName);

                        var RegObj = RegistryWalker.RegistryKeyToRegistryObject(CurrentKey, View);

                        if (RegObj != null)
                        {
                            ComObject comObject = new ComObject(RegObj);

                            foreach (string ComDetails in CurrentKey.GetSubKeyNames())
                            {
                                var ComKey = CurrentKey.OpenSubKey(ComDetails);
                                var obj    = RegistryWalker.RegistryKeyToRegistryObject(ComKey, View);
                                if (obj != null)
                                {
                                    comObject.AddSubKey(obj);
                                }
                            }

                            //Get the information from the InProcServer32 Subkey (for 32 bit)
                            string?BinaryPath32       = null;
                            var InProcServer32SubKeys = comObject.Subkeys.Where(x => x.Key.Contains("InprocServer32"));
                            if (InProcServer32SubKeys.Any() && InProcServer32SubKeys.First().Values?.TryGetValue("", out BinaryPath32) is bool successful)
                            {
                                if (BinaryPath32 != null && successful)
                                {
                                    // Clean up cases where some extra spaces are thrown into the start (breaks our permission checker)
                                    BinaryPath32 = BinaryPath32.Trim();
                                    // Clean up cases where the binary is quoted (also breaks permission checker)
                                    if (BinaryPath32.StartsWith("\"") && BinaryPath32.EndsWith("\""))
                                    {
                                        BinaryPath32 = BinaryPath32.AsSpan().Slice(1, BinaryPath32.Length - 2).ToString();
                                    }
                                    // Unqualified binary name probably comes from Windows\System32
                                    if (!BinaryPath32.Contains("\\") && !BinaryPath32.Contains("%"))
                                    {
                                        BinaryPath32 = Path.Combine(Environment.SystemDirectory, BinaryPath32.Trim());
                                    }

                                    comObject.x86_Binary     = FileSystemCollector.FilePathToFileSystemObject(BinaryPath32.Trim(), true);
                                    comObject.x86_BinaryName = BinaryPath32;
                                }
                            }
                            // And the InProcServer64 for 64 bit
                            string?BinaryPath64       = null;
                            var InProcServer64SubKeys = comObject.Subkeys.Where(x => x.Key.Contains("InprocServer64"));
                            if (InProcServer64SubKeys.Any() && InProcServer64SubKeys.First().Values?.TryGetValue("", out BinaryPath64) is bool successful64)
                            {
                                if (BinaryPath64 != null && successful64)
                                {
                                    // Clean up cases where some extra spaces are thrown into the start (breaks our permission checker)
                                    BinaryPath64 = BinaryPath64.Trim();
                                    // Clean up cases where the binary is quoted (also breaks permission checker)
                                    if (BinaryPath64.StartsWith("\"") && BinaryPath64.EndsWith("\""))
                                    {
                                        BinaryPath64 = BinaryPath64.Substring(1, BinaryPath64.Length - 2);
                                    }
                                    // Unqualified binary name probably comes from Windows\System32
                                    if (!BinaryPath64.Contains("\\") && !BinaryPath64.Contains("%"))
                                    {
                                        BinaryPath64 = Path.Combine(Environment.SystemDirectory, BinaryPath64.Trim());
                                    }
                                    comObject.x64_Binary     = FileSystemCollector.FilePathToFileSystemObject(BinaryPath64.Trim(), true);
                                    comObject.x64_BinaryName = BinaryPath64;
                                }
                            }

                            comObjects.Add(comObject);
                        }
                    }
                    catch (Exception e) when(
                        e is System.Security.SecurityException ||
                        e is ObjectDisposedException ||
                        e is UnauthorizedAccessException ||
                        e is IOException)
                    {
                        Log.Debug($"Couldn't parse {SubKeyName}");
                    }
                });
            }
            catch (Exception e) when(
                e is System.Security.SecurityException ||
                e is ObjectDisposedException ||
                e is UnauthorizedAccessException ||
                e is IOException)
            {
                Log.Debug($"Failing parsing com objects {SearchKey.Name} {e.GetType().ToString()} {e.Message}");
            }

            foreach (var comObject in comObjects)
            {
                DatabaseManager.Write(comObject, RunId);
            }
        }
        /// <summary>
        /// Parse all the Subkeys of the given SearchKey into ComObjects and returns a list of them
        /// </summary>
        /// <param name="SearchKey">The Registry Key to search</param>
        /// <param name="View">The View of the registry to use</param>
        public static IEnumerable <CollectObject> ParseComObjects(RegistryKey SearchKey, RegistryView View, bool SingleThreaded = false)
        {
            if (SearchKey == null)
            {
                return(new List <CollectObject>());
            }
            List <ComObject> comObjects = new List <ComObject>();
            var fsc = new FileSystemCollector(new CollectCommandOptions()
            {
                SingleThread = SingleThreaded
            });
            Action <string> ParseComObjectsIn = SubKeyName =>
            {
                try
                {
                    RegistryKey CurrentKey = SearchKey.OpenSubKey(SubKeyName);

                    var RegObj = RegistryWalker.RegistryKeyToRegistryObject(CurrentKey, View);

                    if (RegObj != null)
                    {
                        ComObject comObject = new ComObject(RegObj);

                        foreach (string ComDetails in CurrentKey.GetSubKeyNames())
                        {
                            if (ComDetails.Contains("InprocServer32"))
                            {
                                var    ComKey       = CurrentKey.OpenSubKey(ComDetails);
                                var    obj          = RegistryWalker.RegistryKeyToRegistryObject(ComKey, View);
                                string?BinaryPath32 = null;

                                if (obj != null && obj.Values?.TryGetValue("", out BinaryPath32) is bool successful)
                                {
                                    if (successful && BinaryPath32 != null)
                                    {
                                        // Clean up cases where some extra spaces are thrown into the start (breaks our permission checker)
                                        BinaryPath32 = BinaryPath32.Trim();
                                        // Clean up cases where the binary is quoted (also breaks permission checker)
                                        if (BinaryPath32.StartsWith("\"") && BinaryPath32.EndsWith("\""))
                                        {
                                            BinaryPath32 = BinaryPath32.AsSpan().Slice(1, BinaryPath32.Length - 2).ToString();
                                        }
                                        // Unqualified binary name probably comes from Windows\System32
                                        if (!BinaryPath32.Contains("\\") && !BinaryPath32.Contains("%"))
                                        {
                                            BinaryPath32 = Path.Combine(Environment.SystemDirectory, BinaryPath32.Trim());
                                        }

                                        comObject.x86_Binary = fsc.FilePathToFileSystemObject(BinaryPath32.Trim());
                                    }
                                }
                            }
                            if (ComDetails.Contains("InprocServer64"))
                            {
                                var    ComKey       = CurrentKey.OpenSubKey(ComDetails);
                                var    obj          = RegistryWalker.RegistryKeyToRegistryObject(ComKey, View);
                                string?BinaryPath64 = null;

                                if (obj != null && obj.Values?.TryGetValue("", out BinaryPath64) is bool successful)
                                {
                                    if (successful && BinaryPath64 != null)
                                    {
                                        // Clean up cases where some extra spaces are thrown into the start (breaks our permission checker)
                                        BinaryPath64 = BinaryPath64.Trim();
                                        // Clean up cases where the binary is quoted (also breaks permission checker)
                                        if (BinaryPath64.StartsWith("\"") && BinaryPath64.EndsWith("\""))
                                        {
                                            BinaryPath64 = BinaryPath64.AsSpan().Slice(1, BinaryPath64.Length - 2).ToString();
                                        }
                                        // Unqualified binary name probably comes from Windows\System32
                                        if (!BinaryPath64.Contains("\\") && !BinaryPath64.Contains("%"))
                                        {
                                            BinaryPath64 = Path.Combine(Environment.SystemDirectory, BinaryPath64.Trim());
                                        }

                                        comObject.x64_Binary = fsc.FilePathToFileSystemObject(BinaryPath64.Trim());
                                    }
                                }
                            }
                        }

                        comObjects.Add(comObject);
                    }
                }
                catch (Exception e) when(
                    e is System.Security.SecurityException ||
                    e is ObjectDisposedException ||
                    e is UnauthorizedAccessException ||
                    e is IOException)
                {
                    Log.Debug($"Couldn't parse {SubKeyName}");
                }
            };

            try
            {
                if (SingleThreaded)
                {
                    foreach (var subKey in SearchKey.GetSubKeyNames())
                    {
                        ParseComObjectsIn(subKey);
                    }
                }
                else
                {
                    SearchKey.GetSubKeyNames().AsParallel().ForAll(subKey => ParseComObjectsIn(subKey));
                }
            }
            catch (Exception e)
            {
                Log.Debug("Failing parsing com objects {0} {1}", SearchKey.Name, e.GetType());
            }

            return(comObjects);
        }