Condor.exe.CSV

À propos

Type de fichier

Fichier CSV de 4.7 Mo (text/plain)

Confidentialité

Fichier public, envoyé le 26 février 2018 à 14:04, depuis l'adresse IP 178.38.x.x (CH)

Sécurité

Ne contient aucun Virus ou Malware connus - Dernière vérification: 03/06

Statistiques

La présente page de téléchargement a été vue 199 fois depuis l'envoi du fichier

Page de téléchargement

https://www.petit-fichier.fr/2018/02/26/condor-exe/   Copier

Aperçu du fichier

"Time of Day","Process Name","PID","Operation","Path","Result","Detail"
"13:37:23,2745118","Condor.exe","10428","Process Start","","SUCCESS","Parent PID: 8308, Command line: ""E:\Condor2\Condor.exe"" , Current directory: E:\Condor2\, Environment: 
;	=::=::\
;	ALLUSERSPROFILE=C:\ProgramData
;	APPDATA=C:\Users\Michel.DESKTOP-T5RJH6O\AppData\Roaming
;	asl.log=Destination=file
;	CommonProgramFiles=C:\Program Files\Common Files
;	CommonProgramFiles(x86)=C:\Program Files (x86)\Common Files
;	CommonProgramW6432=C:\Program Files\Common Files
;	COMPUTERNAME=DESKTOP-T5RJH6O
;	ComSpec=C:\WINDOWS\system32\cmd.exe
;	FPS_BROWSER_APP_PROFILE_STRING=Internet Explorer
;	FPS_BROWSER_USER_PROFILE_STRING=Default
;	HOMEDRIVE=C:
;	HOMEPATH=\Users\Michel.DESKTOP-T5RJH6O
;	LOCALAPPDATA=C:\Users\Michel.DESKTOP-T5RJH6O\AppData\Local
;	LOGONSERVER=\\DESKTOP-T5RJH6O
;	NUMBER_OF_PROCESSORS=4
;	OneDrive=C:\Users\Michel.DESKTOP-T5RJH6O\OneDrive
;	OS=Windows_NT
;	Path=C:\Program Files (x86)\PC Connectivity Solution\;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files (x86)\Calibre2\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;e:\Program Files (x86)\GNU\GnuPG\pub;E:\Program Files (x86)\Skype\Phone\;E:\Program Files (x86)\AOMEI Backupper;C:\Users\Michel.DESKTOP-T5RJH6O\AppData\Local\Microsoft\WindowsApps;
;	PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
;	PROCESSOR_ARCHITECTURE=AMD64
;	PROCESSOR_IDENTIFIER=Intel64 Family 6 Model 60 Stepping 3, GenuineIntel
;	PROCESSOR_LEVEL=6
;	PROCESSOR_REVISION=3c03
;	ProgramData=C:\ProgramData
;	ProgramFiles=C:\Program Files
;	ProgramFiles(x86)=C:\Program Files (x86)
;	ProgramW6432=C:\Program Files
;	PSModulePath=C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\
;	PUBLIC=C:\Users\Public
;	SESSIONNAME=Console
;	SystemDrive=C:
;	SystemRoot=C:\WINDOWS
;	TEMP=C:\Users\Michel.DESKTOP-T5RJH6O\AppData\Local\Temp
;	TMP=C:\Users\Michel.DESKTOP-T5RJH6O\AppData\Local\Temp
;	USERDOMAIN=DESKTOP-T5RJH6O
;	USERDOMAIN_ROAMINGPROFILE=DESKTOP-T5RJH6O
;	USERNAME=Michel
;	USERPROFILE=C:\Users\Michel.DESKTOP-T5RJH6O
;	windir=C:\WINDOWS
;	_JAVA_OPTIONS=-Xmx512M"
"13:37:23,2745172","Condor.exe","10428","Thread Create","","SUCCESS","Thread ID: 14240"
"13:37:23,2892254","Condor.exe","10428","Load Image","E:\Condor2\Condor.exe","SUCCESS","Image Base: 0x400000, Image Size: 0x3d3000"
"13:37:23,2892722","Condor.exe","10428","Load Image","C:\Windows\System32\ntdll.dll","SUCCESS","Image Base: 0x7ffb71c70000, Image Size: 0x1e0000"
"13:37:23,2893057","Condor.exe","10428","Load Image","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Image Base: 0x779b0000, Image Size: 0x18d000"
"13:37:23,2894261","Condor.exe","10428","CreateFile","C:\Windows\Prefetch\CONDOR.EXE-D54B91FE.pf","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Attributes: n/a, ShareMode: None, AllocationSize: n/a, OpenResult: Opened"
"13:37:23,2911362","Condor.exe","10428","QueryStandardInformationFile","C:\Windows\Prefetch\CONDOR.EXE-D54B91FE.pf","SUCCESS","AllocationSize: 16 384, EndOfFile: 12 740, NumberOfLinks: 1, DeletePending: False, Directory: False"
"13:37:23,2911637","Condor.exe","10428","ReadFile","C:\Windows\Prefetch\CONDOR.EXE-D54B91FE.pf","SUCCESS","Offset: 0, Length: 12 740, Priority: Normal"
"13:37:23,2913316","Condor.exe","10428","CloseFile","C:\Windows\Prefetch\CONDOR.EXE-D54B91FE.pf","SUCCESS",""
"13:37:23,3845693","Condor.exe","10428","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Segment Heap","REPARSE","Desired Access: Query Value"
"13:37:23,3845865","Condor.exe","10428","RegOpenKey","HKLM\System\CurrentControlSet\Control\Session Manager\Segment Heap","NAME NOT FOUND","Desired Access: Query Value"
"13:37:23,3846267","Condor.exe","10428","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Control\Session Manager","REPARSE","Desired Access: Query Value, Enumerate Sub Keys"
"13:37:23,3846348","Condor.exe","10428","RegOpenKey","HKLM\System\CurrentControlSet\Control\Session Manager","SUCCESS","Desired Access: Query Value, Enumerate Sub Keys"
"13:37:23,3846475","Condor.exe","10428","RegQueryValue","HKLM\System\CurrentControlSet\Control\Session Manager\ResourcePolicies","NAME NOT FOUND","Length: 24"
"13:37:23,3846581","Condor.exe","10428","RegCloseKey","HKLM\System\CurrentControlSet\Control\Session Manager","SUCCESS",""
"13:37:23,3848993","Condor.exe","10428","CreateFile","C:\Windows","SUCCESS","Desired Access: Execute/Traverse, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"13:37:23,3852869","Condor.exe","10428","Load Image","C:\Windows\System32\wow64.dll","SUCCESS","Image Base: 0x6c240000, Image Size: 0x51000"
"13:37:23,3853663","Condor.exe","10428","Load Image","C:\Windows\System32\wow64win.dll","SUCCESS","Image Base: 0x6c2a0000, Image Size: 0x76000"
"13:37:23,3856494","Condor.exe","10428","CreateFile","C:\Windows\System32\wow64log.dll","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"13:37:23,3857723","Condor.exe","10428","Load Image","C:\Windows\System32\kernel32.dll","SUCCESS","Image Base: 0x27f0000, Image Size: 0xae000"
"13:37:23,3858444","Condor.exe","10428","Load Image","C:\Windows\SysWOW64\kernel32.dll","SUCCESS","Image Base: 0x76ac0000, Image Size: 0xd0000"
"13:37:23,3859057","Condor.exe","10428","Load Image","C:\Windows\System32\user32.dll","SUCCESS","Image Base: 0x2950000, Image Size: 0x18f000"
"13:37:23,3859878","Condor.exe","10428","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"13:37:23,3860189","Condor.exe","10428","QueryNameInformationFile","C:\Windows","SUCCESS","Name: \Windows"
"13:37:23,3860313","Condor.exe","10428","CloseFile","C:\Windows","SUCCESS",""
"13:37:23,3860630","Condor.exe","10428","RegOpenKey","HKLM\Software\Microsoft\Wow64\x86","SUCCESS","Desired Access: Read"
"13:37:23,3860929","Condor.exe","10428","RegQueryValue","HKLM\SOFTWARE\Microsoft\Wow64\x86\Condor.exe","NAME NOT FOUND","Length: 520"
"13:37:23,3860980","Condor.exe","10428","RegQueryValue","HKLM\SOFTWARE\Microsoft\Wow64\x86\(Default)","SUCCESS","Type: REG_SZ, Length: 26, Data: wow64cpu.dll"
"13:37:23,3861059","Condor.exe","10428","RegCloseKey","HKLM\SOFTWARE\Microsoft\Wow64\x86","SUCCESS",""
"13:37:23,3861620","Condor.exe","10428","Load Image","C:\Windows\System32\wow64cpu.dll","SUCCESS","Image Base: 0x6c230000, Image Size: 0xa000"
"13:37:23,3863326","Condor.exe","10428","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Segment Heap","REPARSE","Desired Access: Query Value"
"13:37:23,3863437","Condor.exe","10428","RegOpenKey","HKLM\System\CurrentControlSet\Control\Session Manager\Segment Heap","NAME NOT FOUND","Desired Access: Query Value"
"13:37:23,3863788","Condor.exe","10428","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Control\Session Manager","REPARSE","Desired Access: Query Value, Enumerate Sub Keys"
"13:37:23,3863854","Condor.exe","10428","RegOpenKey","HKLM\System\CurrentControlSet\Control\Session Manager","SUCCESS","Desired Access: Query Value, Enumerate Sub Keys"
"13:37:23,3863948","Condor.exe","10428","RegSetInfoKey","HKLM\System\CurrentControlSet\Control\Session Manager","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"13:37:23,3863999","Condor.exe","10428","RegQueryValue","HKLM\System\CurrentControlSet\Control\Session Manager\ResourcePolicies","NAME NOT FOUND","Length: 24"
"13:37:23,3864080","Condor.exe","10428","RegCloseKey","HKLM\System\CurrentControlSet\Control\Session Manager","SUCCESS",""
"13:37:23,3866139","Condor.exe","10428","CreateFile","E:\Condor2","SUCCESS","Desired Access: Execute/Traverse, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"13:37:23,3867069","Condor.exe","10428","Load Image","C:\Windows\SysWOW64\kernel32.dll","SUCCESS","Image Base: 0x76ac0000, Image Size: 0xd0000"
"13:37:23,3868122","Condor.exe","10428","Load Image","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","Image Base: 0x771a0000, Image Size: 0x1d7000"
"13:37:23,3873161","Condor.exe","10428","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\3c74afb9-8d82-44e3-b52c-365dbf48382a","NAME NOT FOUND","Length: 524"
"13:37:23,3873689","Condor.exe","10428","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\05f95efe-7f75-49c7-a994-60a55cc09571","NAME NOT FOUND","Length: 524"
"13:37:23,3874124","Condor.exe","10428","RegOpenKey","HKLM\System\CurrentControlSet\Control\Terminal Server","REPARSE","Desired Access: Read"
"13:37:23,3874220","Condor.exe","10428","RegOpenKey","HKLM\System\CurrentControlSet\Control\Terminal Server","SUCCESS","Desired Access: Read"
"13:37:23,3874326","Condor.exe","10428","RegSetInfoKey","HKLM\System\CurrentControlSet\Control\Terminal Server","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"13:37:23,3874380","Condor.exe","10428","RegQueryValue","HKLM\System\CurrentControlSet\Control\Terminal Server\TSAppCompat","NAME NOT FOUND","Length: 548"
"13:37:23,3874438","Condor.exe","10428","RegQueryValue","HKLM\System\CurrentControlSet\Control\Terminal Server\TSUserEnabled","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"13:37:23,3874513","Condor.exe","10428","RegCloseKey","HKLM\System\CurrentControlSet\Control\Terminal Server","SUCCESS",""
"13:37:23,3876062","Condor.exe","10428","CreateFile","C:\Program Files\Bitdefender\Bitdefender 2017\atcuf\263239525519876350\atcuf32.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"13:37:23,3877236","Condor.exe","10428","QueryBasicInformationFile","C:\Program Files\Bitdefender\Bitdefender 2017\atcuf\263239525519876350\atcuf32.dll","SUCCESS","CreationTime: 26.02.2018 04:32:41, LastAccessTime: 26.02.2018 04:32:41, LastWriteTime: 01.02.2018 17:31:20, ChangeTime: 02.02.2018 07:09:36, FileAttributes: A"
"13:37:23,3877336","Condor.exe","10428","CloseFile","C:\Program Files\Bitdefender\Bitdefender 2017\atcuf\263239525519876350\atcuf32.dll","SUCCESS",""
"13:37:23,3878181","Condor.exe","10428","CreateFile","C:\Program Files\Bitdefender\Bitdefender 2017\atcuf\263239525519876350\atcuf32.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"13:37:23,3878552","Condor.exe","10428","CreateFileMapping","C:\Program Files\Bitdefender\Bitdefender 2017\atcuf\263239525519876350\atcuf32.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READ|PAGE_NOCACHE"
"13:37:23,3878857","Condor.exe","10428","CreateFileMapping","C:\Program Files\Bitdefender\Bitdefender 2017\atcuf\263239525519876350\atcuf32.dll","SUCCESS","SyncType: SyncTypeOther"
"13:37:23,3879361","Condor.exe","10428","Load Image","C:\Program Files\Bitdefender\Bitdefender 2017\atcuf\263239525519876350\atcuf32.dll","SUCCESS","Image Base: 0x73940000, Image Size: 0x8d000"
"13:37:23,3880167","Condor.exe","10428","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Control\Nls\CustomLocale","REPARSE","Desired Access: Query Value"
"13:37:23,3880279","Condor.exe","10428","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","Desired Access: Query Value"
"13:37:23,3880406","Condor.exe","10428","RegSetInfoKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"13:37:23,3880463","Condor.exe","10428","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale\EMPTY","NAME NOT FOUND","Length: 120"
"13:37:23,3880563","Condor.exe","10428","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale\EMPTY","NAME NOT FOUND","Length: 120"
"13:37:23,3881064","Condor.exe","10428","RegOpenKey","HKLM\System\CurrentControlSet\Control\NLS\Language","REPARSE","Desired Access: Read"
"13:37:23,3881166","Condor.exe","10428","RegOpenKey","HKLM\System\CurrentControlSet\Control\NLS\Language","SUCCESS","Desired Access: Read"
"13:37:23,3881354","Condor.exe","10428","RegSetInfoKey","HKLM\System\CurrentControlSet\Control\Nls\Language","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"13:37:23,3881420","Condor.exe","10428","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\Language\InstallLanguageFallback","BUFFER OVERFLOW","Length: 16"
"13:37:23,3881565","Condor.exe","10428","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\Language","SUCCESS",""
"13:37:23,3881683","Condor.exe","10428","RegOpenKey","HKLM\System\CurrentControlSet\Control\MUI\UILanguages","REPARSE","Desired Access: Read"
"13:37:23,3881761","Condor.exe","10428","RegOpenKey","HKLM\System\CurrentControlSet\Control\MUI\UILanguages","SUCCESS","Desired Access: Read"
"13:37:23,3881855","Condor.exe","10428","RegSetInfoKey","HKLM\System\CurrentControlSet\Control\MUI\UILanguages","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"13:37:23,3881906","Condor.exe","10428","RegEnumKey","HKLM\System\CurrentControlSet\Control\MUI\UILanguages","SUCCESS","Index: 0, Name: fr-FR"
"13:37:23,3881997","Condor.exe","10428","RegQueryKey","HKLM\System\CurrentControlSet\Control\MUI\UILanguages","SUCCESS","Query: HandleTags, HandleTags: 0x400"
"13:37:23,3882054","Condor.exe","10428","RegOpenKey","HKLM\System\CurrentControlSet\Control\MUI\UILanguages\fr-FR","SUCCESS","Desired Access: Read"
"13:37:23,3882144","Condor.exe","10428","RegQueryValue","HKLM\System\CurrentControlSet\Control\MUI\UILanguages\fr-FR\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: 146"
"13:37:23,3882314","Condor.exe","10428","RegQueryValue","HKLM\System\CurrentControlSet\Control\MUI\UILanguages\fr-FR\DefaultFallback","SUCCESS","Type: REG_SZ, Length: 12, Data: en-US"
"13:37:23,3882362","Condor.exe","10428","RegQueryValue","HKLM\System\CurrentControlSet\Control\MUI\UILanguages\fr-FR\en-US","SUCCESS","Type: REG_MULTI_SZ, Length: 4, Data: "
"13:37:23,3882437","Condor.exe","10428","RegEnumValue","HKLM\System\CurrentControlSet\Control\MUI\UILanguages\fr-FR","SUCCESS","Index: 0, Name: DefaultFallback, Type: REG_SZ, Length: 12, Data: en-US"
"13:37:23,3882486","Condor.exe","10428","RegEnumValue","HKLM\System\CurrentControlSet\Control\MUI\UILanguages\fr-FR","SUCCESS","Index: 1, Name: en-US, Type: REG_MULTI_SZ, Length: 4, Data: "
"13:37:23,3882528","Condor.exe","10428","RegEnumValue","HKLM\System\CurrentControlSet\Control\MUI\UILanguages\fr-FR","SUCCESS","Index: 2, Name: LCID, Type: REG_DWORD, Length: 4, Data: 1036"
"13:37:23,3882600","Condor.exe","10428","RegEnumValue","HKLM\System\CurrentControlSet\Control\MUI\UILanguages\fr-FR","SUCCESS","Index: 3, Name: Type, Type: REG_DWORD, Length: 4, Data: 146"
"13:37:23,3882721","Condor.exe","10428","RegEnumValue","HKLM\System\CurrentControlSet\Control\MUI\UILanguages\fr-FR","NO MORE ENTRIES","Index: 4, Length: 512"
"13:37:23,3882800","Condor.exe","10428","RegQueryValue","HKLM\System\CurrentControlSet\Control\MUI\UILanguages\fr-FR\AlternateCodePage","NAME NOT FOUND","Length: 12"
"13:37:23,3882878","Condor.exe","10428","RegCloseKey","HKLM\System\CurrentControlSet\Control\MUI\UILanguages\fr-FR","SUCCESS",""
"13:37:23,3882941","Condor.exe","10428","RegEnumKey","HKLM\System\CurrentControlSet\Control\MUI\UILanguages","NO MORE ENTRIES","Index: 1, Length: 512"
"13:37:23,3882999","Condor.exe","10428","RegCloseKey","HKLM\System\CurrentControlSet\Control\MUI\UILanguages","SUCCESS",""
"13:37:23,3883144","Condor.exe","10428","RegOpenKey","HKLM\System\CurrentControlSet\Control\MUI\UILanguages\PendingDelete","REPARSE","Desired Access: Read"
"13:37:23,3883222","Condor.exe","10428","RegOpenKey","HKLM\System\CurrentControlSet\Control\MUI\UILanguages\PendingDelete","NAME NOT FOUND","Desired Access: Read"
"13:37:23,3883385","Condor.exe","10428","RegOpenKey","HKLM\Software\WOW6432Node\Policies\Microsoft\MUI\Settings","REPARSE","Desired Access: Read"
"13:37:23,3883606","Condor.exe","10428","RegOpenKey","HKLM\SOFTWARE\Policies\Microsoft\MUI\Settings","NAME NOT FOUND","Desired Access: Read"
"13:37:23,3883820","Condor.exe","10428","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"13:37:23,3884052","Condor.exe","10428","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"13:37:23,3884104","Condor.exe","10428","RegQueryKey","HKCU","SUCCESS","Query: Name"
"13:37:23,3884179","Condor.exe","10428","RegOpenKey","HKCU\Control Panel\Desktop\MuiCached\MachineLanguageConfiguration","NAME NOT FOUND","Desired Access: Read"
"13:37:23,3884297","Condor.exe","10428","RegOpenKey","HKLM\System\CurrentControlSet\Control\MUI\Settings\LanguageConfiguration","REPARSE","Desired Access: Read"
"13:37:23,3884360","Condor.exe","10428","RegOpenKey","HKLM\System\CurrentControlSet\Control\MUI\Settings\LanguageConfiguration","SUCCESS","Desired Access: Read"
"13:37:23,3884454","Condor.exe","10428","RegSetInfoKey","HKLM\System\CurrentControlSet\Control\MUI\Settings\LanguageConfiguration","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"13:37:23,3884499","Condor.exe","10428","RegEnumValue","HKLM\System\CurrentControlSet\Control\MUI\Settings\LanguageConfiguration","NO MORE ENTRIES","Index: 0, Length: 512"
"13:37:23,3884565","Condor.exe","10428","RegCloseKey","HKLM\System\CurrentControlSet\Control\MUI\Settings\LanguageConfiguration","SUCCESS",""
"13:37:23,3884626","Condor.exe","10428","RegCloseKey","HKCU","SUCCESS",""
"13:37:23,3884713","Condor.exe","10428","RegOpenKey","HKLM\Software\WOW6432Node\Policies\Microsoft\MUI\Settings","REPARSE","Desired Access: Read"
"13:37:23,3884837","Condor.exe","10428","RegOpenKey","HKLM\SOFTWARE\Policies\Microsoft\MUI\Settings","NAME NOT FOUND","Desired Access: Read"
"13:37:23,3884973","Condor.exe","10428","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"13:37:23,3885106","Condor.exe","10428","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"13:37:23,3885154","Condor.exe","10428","RegQueryKey","HKCU","SUCCESS","Query: Name"
"13:37:23,3885224","Condor.exe","10428","RegOpenKey","HKCU\Software\Policies\Microsoft\Control Panel\Desktop","NAME NOT FOUND","Desired Access: Read"
"13:37:23,3885335","Condor.exe","10428","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"13:37:23,3885378","Condor.exe","10428","RegQueryKey","HKCU","SUCCESS","Query: Name"
"13:37:23,3885444","Condor.exe","10428","RegOpenKey","HKCU\Control Panel\Desktop\LanguageConfiguration","SUCCESS","Desired Access: Read"
"13:37:23,3885535","Condor.exe","10428","RegSetInfoKey","HKCU\Control Panel\Desktop\LanguageConfiguration","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"13:37:23,3885580","Condor.exe","10428","RegEnumValue","HKCU\Control Panel\Desktop\LanguageConfiguration","NO MORE ENTRIES","Index: 0, Length: 512"
"13:37:23,3885637","Condor.exe","10428","RegCloseKey","HKCU\Control Panel\Desktop\LanguageConfiguration","SUCCESS",""
"13:37:23,3885685","Condor.exe","10428","RegCloseKey","HKCU","SUCCESS",""
"13:37:23,3885761","Condor.exe","10428","RegOpenKey","HKLM\Software\WOW6432Node\Policies\Microsoft\MUI\Settings","REPARSE","Desired Access: Read"
"13:37:23,3885870","Condor.exe","10428","RegOpenKey","HKLM\SOFTWARE\Policies\Microsoft\MUI\Settings","NAME NOT FOUND","Desired Access: Read"
"13:37:23,3885999","Condor.exe","10428","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"13:37:23,3886114","Condor.exe","10428","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"13:37:23,3886159","Condor.exe","10428","RegQueryKey","HKCU","SUCCESS","Query: Name"
"13:37:23,3886223","Condor.exe","10428","RegOpenKey","HKCU\Software\Policies\Microsoft\Control Panel\Desktop","NAME NOT FOUND","Desired Access: Read"
"13:37:23,3886307","Condor.exe","10428","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"13:37:23,3886350","Condor.exe","10428","RegQueryKey","HKCU","SUCCESS","Query: Name"
"13:37:23,3886413","Condor.exe","10428","RegOpenKey","HKCU\Control Panel\Desktop","SUCCESS","Desired Access: Read"
"13:37:23,3886485","Condor.exe","10428","RegSetInfoKey","HKCU\Control Panel\Desktop","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"13:37:23,3886534","Condor.exe","10428","RegQueryValue","HKCU\Control Panel\Desktop\PreferredUILanguages","BUFFER OVERFLOW","Length: 12"
"13:37:23,3886615","Condor.exe","10428","RegQueryValue","HKCU\Control Panel\Desktop\PreferredUILanguages","SUCCESS","Type: REG_MULTI_SZ, Length: 12, Data: fr-FR"
"13:37:23,3886697","Condor.exe","10428","RegCloseKey","HKCU\Control Panel\Desktop","SUCCESS",""
"13:37:23,3886748","Condor.exe","10428","RegCloseKey","HKCU","SUCCESS",""
"13:37:23,3886824","Condor.exe","10428","RegOpenKey","HKLM\Software\WOW6432Node\Policies\Microsoft\MUI\Settings","REPARSE","Desired Access: Read"
"13:37:23,3887002","Condor.exe","10428","RegOpenKey","HKLM\SOFTWARE\Policies\Microsoft\MUI\Settings","NAME NOT FOUND","Desired Access: Read"
"13:37:23,3887273","Condor.exe","10428","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"13:37:23,3887454","Condor.exe","10428","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"13:37:23,3887509","Condor.exe","10428","RegQueryKey","HKCU","SUCCESS","Query: Name"
"13:37:23,3887590","Condor.exe","10428","RegOpenKey","HKCU\Control Panel\Desktop\MuiCached","SUCCESS","Desired Access: Read"
"13:37:23,3887702","Condor.exe","10428","RegSetInfoKey","HKCU\Control Panel\Desktop\MuiCached","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"13:37:23,3887759","Condor.exe","10428","RegQueryValue","HKCU\Control Panel\Desktop\MuiCached\MachinePreferredUILanguages","BUFFER OVERFLOW","Length: 12"
"13:37:23,3887814","Condor.exe","10428","RegQueryValue","HKCU\Control Panel\Desktop\MuiCached\MachinePreferredUILanguages","SUCCESS","Type: REG_MULTI_SZ, Length: 12, Data: fr-FR"
"13:37:23,3887898","Condor.exe","10428","RegCloseKey","HKCU\Control Panel\Desktop\MuiCached","SUCCESS",""
"13:37:23,3887953","Condor.exe","10428","RegCloseKey","HKCU","SUCCESS",""
"13:37:23,3888638","Condor.exe","10428","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\SideBySide","NAME NOT FOUND","Desired Access: Read"
"13:37:23,3889622","Condor.exe","10428","CreateFile","C:\Program Files\Bitdefender\Bitdefender 2017\atcuf\263239525519876350\atcuf32.dll","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"13:37:23,3890066","Condor.exe","10428","QueryBasicInformationFile","C:\Program Files\Bitdefender\Bitdefender 2017\atcuf\263239525519876350\atcuf32.dll","SUCCESS","CreationTime: 26.02.2018 04:32:41, LastAccessTime: 26.02.2018 04:32:41, LastWriteTime: 01.02.2018 17:31:20, ChangeTime: 02.02.2018 07:09:36, FileAttributes: A"
"13:37:23,3890875","Condor.exe","10428","CloseFile","C:\Program Files\Bitdefender\Bitdefender 2017\atcuf\263239525519876350\atcuf32.dll","SUCCESS",""
"13:37:23,3891877","Condor.exe","10428","CloseFile","C:\Program Files\Bitdefender\Bitdefender 2017\atcuf\263239525519876350\atcuf32.dll","SUCCESS",""
"13:37:23,3896272","Condor.exe","10428","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Control\Session Manager","REPARSE","Desired Access: Query Value, Enumerate Sub Keys"
"13:37:23,3896375","Condor.exe","10428","RegOpenKey","HKLM\System\CurrentControlSet\Control\Session Manager","SUCCESS","Desired Access: Query Value, Enumerate Sub Keys"
"13:37:23,3896474","Condor.exe","10428","RegSetInfoKey","HKLM\System\CurrentControlSet\Control\Session Manager","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"13:37:23,3896532","Condor.exe","10428","RegQueryValue","HKLM\System\CurrentControlSet\Control\Session Manager\ResourcePolicies","NAME NOT FOUND","Length: 24"
"13:37:23,3896613","Condor.exe","10428","RegCloseKey","HKLM\System\CurrentControlSet\Control\Session Manager","SUCCESS",""
"13:37:23,3902430","Condor.exe","10428","RegOpenKey","HKLM\System\CurrentControlSet\Control\SafeBoot\Option","REPARSE","Desired Access: Query Value, Set Value"
"13:37:23,3902536","Condor.exe","10428","RegOpenKey","HKLM\System\CurrentControlSet\Control\SafeBoot\Option","NAME NOT FOUND","Desired Access: Query Value, Set Value"
"13:37:23,3902654","Condor.exe","10428","RegOpenKey","HKLM\System\CurrentControlSet\Control\Srp\GP\DLL","REPARSE","Desired Access: Read"
"13:37:23,3902799","Condor.exe","10428","RegOpenKey","HKLM\System\CurrentControlSet\Control\Srp\GP\DLL","NAME NOT FOUND","Desired Access: Read"
"13:37:23,3902968","Condor.exe","10428","RegOpenKey","HKLM\Software\WOW6432Node\Policies\Microsoft\Windows\Safer\CodeIdentifiers","REPARSE","Desired Access: Query Value"
"13:37:23,3903122","Condor.exe","10428","RegOpenKey","HKLM\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers","SUCCESS","Desired Access: Query Value"
"13:37:23,3903248","Condor.exe","10428","RegSetInfoKey","HKLM\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"13:37:23,3903303","Condor.exe","10428","RegQueryValue","HKLM\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\TransparentEnabled","NAME NOT FOUND","Length: 80"
"13:37:23,3903408","Condor.exe","10428","RegCloseKey","HKLM\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers","SUCCESS",""
"13:37:23,3903538","Condor.exe","10428","RegOpenKey","HKCU\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers","NAME NOT FOUND","Desired Access: Query Value"
"13:37:23,3903728","Condor.exe","10428","RegOpenKey","HKLM\System\CurrentControlSet\Control\FileSystem\","REPARSE","Desired Access: Read"
"13:37:23,3903795","Condor.exe","10428","RegOpenKey","HKLM\System\CurrentControlSet\Control\FileSystem","SUCCESS","Desired Access: Read"
"13:37:23,3903873","Condor.exe","10428","RegSetInfoKey","HKLM\System\CurrentControlSet\Control\FileSystem","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"13:37:23,3903925","Condor.exe","10428","RegQueryValue","HKLM\System\CurrentControlSet\Control\FileSystem\LongPathsEnabled","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"13:37:23,3904018","Condor.exe","10428","RegCloseKey","HKLM\System\CurrentControlSet\Control\FileSystem","SUCCESS",""
"13:37:23,3904869","Condor.exe","10428","Load Image","C:\Windows\SysWOW64\oleaut32.dll","SUCCESS","Image Base: 0x75010000, Image Size: 0x93000"
"13:37:23,3905078","Condor.exe","10428","QueryNameInformationFile","C:\Windows\SysWOW64\oleaut32.dll","BUFFER OVERFLOW","Name: \Windo"
"13:37:23,3905226","Condor.exe","10428","QueryNameInformationFile","C:\Windows\SysWOW64\oleaut32.dll","SUCCESS","Name: \Windows\SysWOW64\oleaut32.dll"
"13:37:23,3906134","Condor.exe","10428","Load Image","C:\Windows\SysWOW64\msvcp_win.dll","SUCCESS","Image Base: 0x745e0000, Image Size: 0x7c000"
"13:37:23,3906370","Condor.exe","10428","QueryNameInformationFile","C:\Windows\SysWOW64\msvcp_win.dll","BUFFER OVERFLOW","Name: \Windo"
"13:37:23,3906497","Condor.exe","10428","QueryNameInformationFile","C:\Windows\SysWOW64\msvcp_win.dll","SUCCESS","Name: \Windows\SysWOW64\msvcp_win.dll"
"13:37:23,3907257","Condor.exe","10428","Load Image","C:\Windows\SysWOW64\ucrtbase.dll","SUCCESS","Image Base: 0x74be0000, Image Size: 0x117000"
"13:37:23,3907378","Condor.exe","10428","QueryNameInformationFile","C:\Windows\SysWOW64\ucrtbase.dll","BUFFER OVERFLOW","Name: \Windo"
"13:37:23,3907511","Condor.exe","10428","QueryNameInformationFile","C:\Windows\SysWOW64\ucrtbase.dll","SUCCESS","Name: \Windows\SysWOW64\ucrtbase.dll"
"13:37:23,3908749","Condor.exe","10428","Load Image","C:\Windows\SysWOW64\combase.dll","SUCCESS","Image Base: 0x76860000, Image Size: 0x246000"
"13:37:23,3908924","Condor.exe","10428","QueryNameInformationFile","C:\Windows\SysWOW64\combase.dll","BUFFER OVERFLOW","Name: \Windo"
"13:37:23,3909029","Condor.exe","10428","QueryNameInformationFile","C:\Windows\SysWOW64\combase.dll","SUCCESS","Name: \Windows\SysWOW64\combase.dll"
"13:37:23,3909853","Condor.exe","10428","Load Image","C:\Windows\SysWOW64\rpcrt4.dll","SUCCESS","Image Base: 0x74f50000, Image Size: 0xbe000"
"13:37:23,3910035","Condor.exe","10428","QueryNameInformationFile","C:\Windows\SysWOW64\rpcrt4.dll","BUFFER OVERFLOW","Name: \Windo"
"13:37:23,3910140","Condor.exe","10428","QueryNameInformationFile","C:\Windows\SysWOW64\rpcrt4.dll","SUCCESS","Name: \Windows\SysWOW64\rpcrt4.dll"
"13:37:23,3911158","Condor.exe","10428","Load Image","C:\Windows\SysWOW64\sspicli.dll","SUCCESS","Image Base: 0x743d0000, Image Size: 0x20000"
"13:37:23,3911305","Condor.exe","10428","QueryNameInformationFile","C:\Windows\SysWOW64\sspicli.dll","BUFFER OVERFLOW","Name: \Windo"
"13:37:23,3911411","Condor.exe","10428","QueryNameInformationFile","C:\Windows\SysWOW64\sspicli.dll","SUCCESS","Name: \Windows\SysWOW64\sspicli.dll"
"13:37:23,3912157","Condor.exe","10428","Load Image","C:\Windows\SysWOW64\cryptbase.dll","SUCCESS","Image Base: 0x743c0000, Image Size: 0xa000"
"13:37:23,3912299","Condor.exe","10428","QueryNameInformationFile","C:\Windows\SysWOW64\cryptbase.dll","BUFFER OVERFLOW","Name: \Windo"
"13:37:23,3912404","Condor.exe","10428","QueryNameInformationFile","C:\Windows\SysWOW64\cryptbase.dll","SUCCESS","Name: \Windows\SysWOW64\cryptbase.dll"
"13:37:23,3913141","Condor.exe","10428","Load Image","C:\Windows\SysWOW64\bcryptprimitives.dll","SUCCESS","Image Base: 0x76b90000, Image Size: 0x57000"
"13:37:23,3913289","Condor.exe","10428","QueryNameInformationFile","C:\Windows\SysWOW64\bcryptprimitives.dll","BUFFER OVERFLOW","Name: \Windo"
"13:37:23,3913394","Condor.exe","10428","QueryNameInformationFile","C:\Windows\SysWOW64\bcryptprimitives.dll","SUCCESS","Name: \Windows\SysWOW64\bcryptprimitives.dll"
"13:37:23,3914074","Condor.exe","10428","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Control\Session Manager","REPARSE","Desired Access: Query Value, Enumerate Sub Keys"
"13:37:23,3914167","Condor.exe","10428","RegOpenKey","HKLM\System\CurrentControlSet\Control\Session Manager","SUCCESS","Desired Access: Query Value, Enumerate Sub Keys"
"13:37:23,3914261","Condor.exe","10428","RegSetInfoKey","HKLM\System\CurrentControlSet\Control\Session Manager","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"13:37:23,3914315","Condor.exe","10428","RegQueryValue","HKLM\System\CurrentControlSet\Control\Session Manager\ResourcePolicies","NAME NOT FOUND","Length: 24"
"13:37:23,3914400","Condor.exe","10428","RegCloseKey","HKLM\System\CurrentControlSet\Control\Session Manager","SUCCESS",""
"13:37:23,3914952","Condor.exe","10428","Load Image","C:\Windows\SysWOW64\sechost.dll","SUCCESS","Image Base: 0x76470000, Image Size: 0x43000"
"13:37:23,3915124","Condor.exe","10428","QueryNameInformationFile","C:\Windows\SysWOW64\sechost.dll","BUFFER OVERFLOW","Name: \Windo"
"13:37:23,3915236","Condor.exe","10428","QueryNameInformationFile","C:\Windows\SysWOW64\sechost.dll","SUCCESS","Name: \Windows\SysWOW64\sechost.dll"
"13:37:23,3916917","Condor.exe","10428","Load Image","C:\Windows\SysWOW64\advapi32.dll","SUCCESS","Image Base: 0x74e60000, Image Size: 0x78000"
"13:37:23,3917119","Condor.exe","10428","QueryNameInformationFile","C:\Windows\SysWOW64\advapi32.dll","BUFFER OVERFLOW","Name: \Windo"
"13:37:23,3917225","Condor.exe","10428","QueryNameInformationFile","C:\Windows\SysWOW64\advapi32.dll","SUCCESS","Name: \Windows\SysWOW64\advapi32.dll"
"13:37:23,3918236","Condor.exe","10428","Load Image","C:\Windows\SysWOW64\msvcrt.dll","SUCCESS","Image Base: 0x770c0000, Image Size: 0xbd000"
"13:37:23,3918436","Condor.exe","10428","QueryNameInformationFile","C:\Windows\SysWOW64\msvcrt.dll","BUFFER OVERFLOW","Name: \Windo"
"13:37:23,3918538","Condor.exe","10428","QueryNameInformationFile","C:\Windows\SysWOW64\msvcrt.dll","SUCCESS","Name: \Windows\SysWOW64\msvcrt.dll"
"13:37:23,3919667","Condor.exe","10428","Load Image","C:\Windows\SysWOW64\user32.dll","SUCCESS","Image Base: 0x76550000, Image Size: 0x175000"
"13:37:23,3919981","Condor.exe","10428","QueryNameInformationFile","C:\Windows\SysWOW64\user32.dll","BUFFER OVERFLOW","Name: \Windo"
"13:37:23,3920093","Condor.exe","10428","QueryNameInformationFile","C:\Windows\SysWOW64\user32.dll","SUCCESS","Name: \Windows\SysWOW64\user32.dll"
"13:37:23,3921702","Condor.exe","10428","Load Image","C:\Windows\SysWOW64\win32u.dll","SUCCESS","Image Base: 0x74670000, Image Size: 0x16000"
"13:37:23,3921977","Condor.exe","10428","QueryNameInformationFile","C:\Windows\SysWOW64\win32u.dll","BUFFER OVERFLOW","Name: \Windo"
"13:37:23,3922085","Condor.exe","10428","QueryNameInformationFile","C:\Windows\SysWOW64\win32u.dll","SUCCESS","Name: \Windows\SysWOW64\win32u.dll"
"13:37:23,3923009","Condor.exe","10428","Load Image","C:\Windows\SysWOW64\gdi32.dll","SUCCESS","Image Base: 0x74f20000, Image Size: 0x22000"
"13:37:23,3923199","Condor.exe","10428","QueryNameInformationFile","C:\Windows\SysWOW64\gdi32.dll","BUFFER OVERFLOW","Name: \Windo"
"13:37:23,3923305","Condor.exe","10428","QueryNameInformationFile","C:\Windows\SysWOW64\gdi32.dll","SUCCESS","Name: \Windows\SysWOW64\gdi32.dll"
"13:37:23,3924099","Condor.exe","10428","Load Image","C:\Windows\SysWOW64\gdi32full.dll","SUCCESS","Image Base: 0x743f0000, Image Size: 0x15e000"
"13:37:23,3924289","Condor.exe","10428","QueryNameInformationFile","C:\Windows\SysWOW64\gdi32full.dll","BUFFER OVERFLOW","Name: \Windo"
"13:37:23,3924395","Condor.exe","10428","QueryNameInformationFile","C:\Windows\SysWOW64\gdi32full.dll","SUCCESS","Name: \Windows\SysWOW64\gdi32full.dll"
"13:37:23,3925650","Condor.exe","10428","Load Image","C:\Windows\SysWOW64\ole32.dll","SUCCESS","Image Base: 0x76f50000, Image Size: 0xf7000"
"13:37:23,3925838","Condor.exe","10428","QueryNameInformationFile","C:\Windows\SysWOW64\ole32.dll","BUFFER OVERFLOW","Name: \Windo"
"13:37:23,3925940","Condor.exe","10428","QueryNameInformationFile","C:\Windows\SysWOW64\ole32.dll","SUCCESS","Name: \Windows\SysWOW64\ole32.dll"
"13:37:23,3926810","Condor.exe","10428","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\SideBySide\AssemblyStorageRoots","NAME NOT FOUND","Desired Access: Enumerate Sub Keys"
"13:37:23,3927495","Condor.exe","10428","QueryOpen","E:\Condor2\Condor.exe.Local","NAME NOT FOUND",""
"13:37:23,3928497","Condor.exe","10428","CreateFile","C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.16299.248_none_d0271d135f36f548","SUCCESS","Desired Access: Execute/Traverse, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"13:37:23,3929324","Condor.exe","10428","Load Image","C:\Windows\SysWOW64\shell32.dll","SUCCESS","Image Base: 0x750b0000, Image Size: 0x1333000"
"13:37:23,3929560","Condor.exe","10428","QueryNameInformationFile","C:\Windows\SysWOW64\shell32.dll","BUFFER OVERFLOW","Name: \Windo"
"13:37:23,3929747","Condor.exe","10428","QueryNameInformationFile","C:\Windows\SysWOW64\shell32.dll","SUCCESS","Name: \Windows\SysWOW64\shell32.dll"
"13:37:23,3931048","Condor.exe","10428","Load Image","C:\Windows\SysWOW64\cfgmgr32.dll","SUCCESS","Image Base: 0x74ee0000, Image Size: 0x38000"
"13:37:23,3931223","Condor.exe","10428","QueryNameInformationFile","C:\Windows\SysWOW64\cfgmgr32.dll","BUFFER OVERFLOW","Name: \Windo"
"13:37:23,3931576","Condor.exe","10428","QueryNameInformationFile","C:\Windows\SysWOW64\cfgmgr32.dll","SUCCESS","Name: \Windows\SysWOW64\cfgmgr32.dll"
"13:37:23,3932781","Condor.exe","10428","Load Image","C:\Windows\SysWOW64\SHCore.dll","SUCCESS","Image Base: 0x764c0000, Image Size: 0x88000"
"13:37:23,3932941","Condor.exe","10428","QueryNameInformationFile","C:\Windows\SysWOW64\SHCore.dll","BUFFER OVERFLOW","Name: \Windo"
"13:37:23,3933052","Condor.exe","10428","QueryNameInformationFile","C:\Windows\SysWOW64\SHCore.dll","SUCCESS","Name: \Windows\SysWOW64\SHCore.dll"
"13:37:23,3934193","Condor.exe","10428","Load Image","C:\Windows\SysWOW64\windows.storage.dll","SUCCESS","Image Base: 0x773e0000, Image Size: 0x5c6000"
"13:37:23,3934366","Condor.exe","10428","QueryNameInformationFile","C:\Windows\SysWOW64\windows.storage.dll","BUFFER OVERFLOW","Name: \Windo"
"13:37:23,3934489","Condor.exe","10428","QueryNameInformationFile","C:\Windows\SysWOW64\windows.storage.dll","SUCCESS","Name: \Windows\SysWOW64\windows.storage.dll"
"13:37:23,3935519","Condor.exe","10428","Load Image","C:\Windows\SysWOW64\shlwapi.dll","SUCCESS","Image Base: 0x76ea0000, Image Size: 0x45000"
"13:37:23,3935694","Condor.exe","10428","QueryNameInformationFile","C:\Windows\SysWOW64\shlwapi.dll","BUFFER OVERFLOW","Name: \Windo"
"13:37:23,3935799","Condor.exe","10428","QueryNameInformationFile","C:\Windows\SysWOW64\shlwapi.dll","SUCCESS","Name: \Windows\SysWOW64\shlwapi.dll"
"13:37:23,3936907","Condor.exe","10428","Load Image","C:\Windows\SysWOW64\kernel.appcore.dll","SUCCESS","Image Base: 0x773d0000, Image Size: 0xe000"
"13:37:23,3937067","Condor.exe","10428","QueryNameInformationFile","C:\Windows\SysWOW64\kernel.appcore.dll","BUFFER OVERFLOW","Name: \Windo"
"13:37:23,3937173","Condor.exe","10428","QueryNameInformationFile","C:\Windows\SysWOW64\kernel.appcore.dll","SUCCESS","Name: \Windows\SysWOW64\kernel.appcore.dll"
"13:37:23,3938148","Condor.exe","10428","Load Image","C:\Windows\SysWOW64\powrprof.dll","SUCCESS","Image Base: 0x76e40000, Image Size: 0x45000"
"13:37:23,3938302","Condor.exe","10428","QueryNameInformationFile","C:\Windows\SysWOW64\powrprof.dll","BUFFER OVERFLOW","Name: \Windo"
"13:37:23,3938405","Condor.exe","10428","QueryNameInformationFile","C:\Windows\SysWOW64\powrprof.dll","SUCCESS","Name: \Windows\SysWOW64\powrprof.dll"
"13:37:23,3939479","Condor.exe","10428","Load Image","C:\Windows\SysWOW64\profapi.dll","SUCCESS","Image Base: 0x76450000, Image Size: 0x14000"
"13:37:23,3939669","Condor.exe","10428","QueryNameInformationFile","C:\Windows\SysWOW64\profapi.dll","BUFFER OVERFLOW","Name: \Windo"
"13:37:23,3939796","Condor.exe","10428","QueryNameInformationFile","C:\Windows\SysWOW64\profapi.dll","SUCCESS","Name: \Windows\SysWOW64\profapi.dll"
"13:37:23,3948071","Condor.exe","10428","RegOpenKey","HKLM\System\CurrentControlSet\Control\Session Manager","REPARSE","Desired Access: Query Value"
"13:37:23,3948188","Condor.exe","10428","RegOpenKey","HKLM\System\CurrentControlSet\Control\Session Manager","SUCCESS","Desired Access: Query Value"
"13:37:23,3948297","Condor.exe","10428","RegSetInfoKey","HKLM\System\CurrentControlSet\Control\Session Manager","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"13:37:23,3948357","Condor.exe","10428","RegQueryValue","HKLM\System\CurrentControlSet\Control\Session Manager\SafeDllSearchMode","NAME NOT FOUND","Length: 16"
"13:37:23,3948907","Condor.exe","10428","QueryOpen","E:\Condor2\version.dll","NAME NOT FOUND",""
"13:37:23,3950265","Condor.exe","10428","CreateFile","C:\Windows\SysWOW64\version.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"13:37:23,3950975","Condor.exe","10428","QueryBasicInformationFile","C:\Windows\SysWOW64\version.dll","SUCCESS","CreationTime: 29.09.2017 14:42:24, LastAccessTime: 29.09.2017 14:42:24, LastWriteTime: 29.09.2017 14:42:24, ChangeTime: 19.01.2018 04:59:42, FileAttributes: A"
"13:37:23,3951077","Condor.exe","10428","CloseFile","C:\Windows\SysWOW64\version.dll","SUCCESS",""
"13:37:23,3953480","Condor.exe","10428","CreateFile","C:\Windows\SysWOW64\version.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"13:37:23,3953936","Condor.exe","10428","CreateFileMapping","C:\Windows\SysWOW64\version.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READ|PAGE_NOCACHE"
"13:37:23,3954141","Condor.exe","10428","CreateFileMapping","C:\Windows\SysWOW64\version.dll","SUCCESS","SyncType: SyncTypeOther"
"13:37:23,3954727","Condor.exe","10428","Load Image","C:\Windows\SysWOW64\version.dll","SUCCESS","Image Base: 0x743a0000, Image Size: 0x8000"
"13:37:23,3954905","Condor.exe","10428","QueryNameInformationFile","C:\Windows\SysWOW64\version.dll","BUFFER OVERFLOW","Name: \Windo"
"13:37:23,3955026","Condor.exe","10428","QueryNameInformationFile","C:\Windows\SysWOW64\version.dll","SUCCESS","Name: \Windows\SysWOW64\version.dll"
"13:37:23,3955575","Condor.exe","10428","CloseFile","C:\Windows\SysWOW64\version.dll","SUCCESS",""
"13:37:23,3958217","Condor.exe","10428","CreateFile","C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.16299.248_none_d0271d135f36f548\comctl32.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"13:37:23,3958488","Condor.exe","10428","QueryBasicInformationFile","C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.16299.248_none_d0271d135f36f548\comctl32.dll","SUCCESS","CreationTime: 14.02.2018 01:31:18, LastAccessTime: 14.02.2018 01:31:18, LastWriteTime: 10.02.2018 06:05:40, ChangeTime: 14.02.2018 01:34:27, FileAttributes: A"
"13:37:23,3958585","Condor.exe","10428","CloseFile","C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.16299.248_none_d0271d135f36f548\comctl32.dll","SUCCESS",""
"13:37:23,3959397","Condor.exe","10428","CreateFile","C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.16299.248_none_d0271d135f36f548\comctl32.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"13:37:23,3959750","Condor.exe","10428","CreateFileMapping","C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.16299.248_none_d0271d135f36f548\comctl32.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READ|PAGE_NOCACHE"
"13:37:23,3959940","Condor.exe","10428","CreateFileMapping","C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.16299.248_none_d0271d135f36f548\comctl32.dll","SUCCESS","SyncType: SyncTypeOther"
"13:37:23,3960450","Condor.exe","10428","Load Image","C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.16299.248_none_d0271d135f36f548\comctl32.dll","SUCCESS","Image Base: 0x729e0000, Image Size: 0x8e000"
"13:37:23,3960743","Condor.exe","10428","QueryNameInformationFile","C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.16299.248_none_d0271d135f36f548\comctl32.dll","BUFFER OVERFLOW","Name: \Windo"
"13:37:23,3960876","Condor.exe","10428","QueryNameInformationFile","C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.16299.248_none_d0271d135f36f548\comctl32.dll","SUCCESS","Name: \Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.16299.248_none_d0271d135f36f548\comctl32.dll"
"13:37:23,3961368","Condor.exe","10428","CloseFile","C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.16299.248_none_d0271d135f36f548\comctl32.dll","SUCCESS",""
"13:37:23,3967593","Condor.exe","10428","QueryOpen","E:\Condor2\winspool.drv","NAME NOT FOUND",""
"13:37:23,3969392","Condor.exe","10428","CreateFile","C:\Windows\SysWOW64\winspool.drv","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"13:37:23,3970095","Condor.exe","10428","QueryBasicInformationFile","C:\Windows\SysWOW64\winspool.drv","SUCCESS","CreationTime: 29.09.2017 14:42:27, LastAccessTime: 29.09.2017 14:42:27, LastWriteTime: 29.09.2017 14:42:27, ChangeTime: 18.01.2018 20:24:14, FileAttributes: A"
"13:37:23,3970189","Condor.exe","10428","CloseFile","C:\Windows\SysWOW64\winspool.drv","SUCCESS",""
"13:37:23,3971369","Condor.exe","10428","CreateFile","C:\Windows\SysWOW64\winspool.drv","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"13:37:23,3971843","Condor.exe","10428","CreateFileMapping","C:\Windows\SysWOW64\winspool.drv","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READ|PAGE_NOCACHE"
"13:37:23,3972042","Condor.exe","10428","CreateFileMapping","C:\Windows\SysWOW64\winspool.drv","SUCCESS","SyncType: SyncTypeOther"
"13:37:23,3972649","Condor.exe","10428","Load Image","C:\Windows\SysWOW64\winspool.drv","SUCCESS","Image Base: 0x73d20000, Image Size: 0x6c000"
"13:37:23,3972848","Condor.exe","10428","QueryNameInformationFile","C:\Windows\SysWOW64\winspool.drv","BUFFER OVERFLOW","Name: \Windo"
"13:37:23,3972975","Condor.exe","10428","QueryNameInformationFile","C:\Windows\SysWOW64\winspool.drv","SUCCESS","Name: \Windows\SysWOW64\winspool.drv"
"13:37:23,3973808","Condor.exe","10428","CloseFile","C:\Windows\SysWOW64\winspool.drv","SUCCESS",""
"13:37:23,3974433","Condor.exe","10428","QueryOpen","E:\Condor2\wsock32.dll","NAME NOT FOUND",""
"13:37:23,3975819","Condor.exe","10428","CreateFile","C:\Windows\SysWOW64\wsock32.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"13:37:23,3976407","Condor.exe","10428","QueryBasicInformationFile","C:\Windows\SysWOW64\wsock32.dll","SUCCESS","CreationTime: 29.09.2017 14:42:19, LastAccessTime: 29.09.2017 14:42:19, LastWriteTime: 29.09.2017 14:42:19, ChangeTime: 19.01.2018 04:59:44, FileAttributes: A"
"13:37:23,3976498","Condor.exe","10428","CloseFile","C:\Windows\SysWOW64\wsock32.dll","SUCCESS",""
"13:37:23,3977434","Condor.exe","10428","CreateFile","C:\Windows\SysWOW64\wsock32.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"13:37:23,3977847","Condor.exe","10428","CreateFileMapping","C:\Windows\SysWOW64\wsock32.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READ|PAGE_NOCACHE"
"13:37:23,3978025","Condor.exe","10428","CreateFileMapping","C:\Windows\SysWOW64\wsock32.dll","SUCCESS","SyncType: SyncTypeOther"
"13:37:23,3978877","Condor.exe","10428","Load Image","C:\Windows\SysWOW64\wsock32.dll","SUCCESS","Image Base: 0x740b0000, Image Size: 0x8000"
"13:37:23,3979073","Condor.exe","10428","QueryNameInformationFile","C:\Windows\SysWOW64\wsock32.dll","BUFFER OVERFLOW","Name: \Windo"
"13:37:23,3979194","Condor.exe","10428","QueryNameInformationFile","C:\Windows\SysWOW64\wsock32.dll","SUCCESS","Name: \Windows\SysWOW64\wsock32.dll"
"13:37:23,3980006","Condor.exe","10428","Load Image","C:\Windows\SysWOW64\ws2_32.dll","SUCCESS","Image Base: 0x77050000, Image Size: 0x66000"
"13:37:23,3980190","Condor.exe","10428","QueryNameInformationFile","C:\Windows\SysWOW64\ws2_32.dll","BUFFER OVERFLOW","Name: \Windo"
"13:37:23,3980305","Condor.exe","10428","QueryNameInformationFile","C:\Windows\SysWOW64\ws2_32.dll","SUCCESS","Name: \Windows\SysWOW64\ws2_32.dll"
"13:37:23,3981159","Condor.exe","10428","CloseFile","C:\Windows\SysWOW64\wsock32.dll","SUCCESS",""
"13:37:23,3982055","Condor.exe","10428","QueryOpen","E:\Condor2\dxgi.dll","NAME NOT FOUND",""
"13:37:23,3983939","Condor.exe","10428","CreateFile","C:\Windows\SysWOW64\dxgi.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"13:37:23,3984558","Condor.exe","10428","QueryBasicInformationFile","C:\Windows\SysWOW64\dxgi.dll","SUCCESS","CreationTime: 18.01.2018 21:21:41, LastAccessTime: 18.01.2018 21:21:41, LastWriteTime: 18.01.2018 21:21:41, ChangeTime: 14.02.2018 01:34:27, FileAttributes: A"
"13:37:23,3984655","Condor.exe","10428","CloseFile","C:\Windows\SysWOW64\dxgi.dll","SUCCESS",""
"13:37:23,3985560","Condor.exe","10428","CreateFile","C:\Windows\SysWOW64\dxgi.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"13:37:23,3986007","Condor.exe","10428","CreateFileMapping","C:\Windows\SysWOW64\dxgi.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READ|PAGE_NOCACHE"
"13:37:23,3986200","Condor.exe","10428","CreateFileMapping","C:\Windows\SysWOW64\dxgi.dll","SUCCESS","SyncType: SyncTypeOther"
"13:37:23,3986897","Condor.exe","10428","Load Image","C:\Windows\SysWOW64\dxgi.dll","SUCCESS","Image Base: 0x6c9d0000, Image Size: 0x93000"
"13:37:23,3987121","Condor.exe","10428","QueryNameInformationFile","C:\Windows\SysWOW64\dxgi.dll","BUFFER OVERFLOW","Name: \Windo"
"13:37:23,3987251","Condor.exe","10428","QueryNameInformationFile","C:\Windows\SysWOW64\dxgi.dll","SUCCESS","Name: \Windows\SysWOW64\dxgi.dll"
"13:37:23,3988132","Condor.exe","10428","CloseFile","C:\Windows\SysWOW64\dxgi.dll","SUCCESS",""
"13:37:23,3988769","Condor.exe","10428","QueryOpen","E:\Condor2\d3d11.dll","NAME NOT FOUND",""
"13:37:23,3990363","Condor.exe","10428","CreateFile","C:\Windows\SysWOW64\d3d11.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"13:37:23,3991087","Condor.exe","10428","QueryBasicInformationFile","C:\Windows\SysWOW64\d3d11.dll","SUCCESS","CreationTime: 14.02.2018 01:31:29, LastAccessTime: 14.02.2018 01:31:29, LastWriteTime: 10.02.2018 06:09:28, ChangeTime: 14.02.2018 02:22:34, FileAttributes: A"
"13:37:23,3991190","Condor.exe","10428","CloseFile","C:\Windows\SysWOW64\d3d11.dll","SUCCESS",""
"13:37:23,3992099","Condor.exe","10428","CreateFile","C:\Windows\SysWOW64\d3d11.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"13:37:23,3992524","Condor.exe","10428","CreateFileMapping","C:\Windows\SysWOW64\d3d11.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READ|PAGE_NOCACHE"
"13:37:23,3992787","Condor.exe","10428","CreateFileMapping","C:\Windows\SysWOW64\d3d11.dll","SUCCESS","SyncType: SyncTypeOther"
"13:37:23,3993439","Condor.exe","10428","Load Image","C:\Windows\SysWOW64\d3d11.dll","SUCCESS","Image Base: 0x62890000, Image Size: 0x23e000"
"13:37:23,3993644","Condor.exe","10428","QueryNameInformationFile","C:\Windows\SysWOW64\d3d11.dll","BUFFER OVERFLOW","Name: \Windo"
"13:37:23,3993771","Condor.exe","10428","QueryNameInformationFile","C:\Windows\SysWOW64\d3d11.dll","SUCCESS","Name: \Windows\SysWOW64\d3d11.dll"
"13:37:23,3994574","Condor.exe","10428","CloseFile","C:\Windows\SysWOW64\d3d11.dll","SUCCESS",""
"13:37:23,3995175","Condor.exe","10428","QueryOpen","E:\Condor2\d3dx.dll","SUCCESS","CreationTime: 26.02.2018 13:33:12, LastAccessTime: 26.02.2018 13:33:12, LastWriteTime: 12.02.2018 11:34:10, ChangeTime: 26.02.2018 13:33:12, AllocationSize: 282 624, EndOfFile: 280 136, FileAttributes: A"
"13:37:23,3995558","Condor.exe","10428","CreateFile","E:\Condor2\d3dx.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"13:37:23,3995887","Condor.exe","10428","CreateFileMapping","E:\Condor2\d3dx.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READ|PAGE_NOCACHE"
"13:37:23,3996053","Condor.exe","10428","CreateFileMapping","E:\Condor2\d3dx.dll","SUCCESS","SyncType: SyncTypeOther"
"13:37:23,3996473","Condor.exe","10428","Load Image","E:\Condor2\d3dx.dll","SUCCESS","Image Base: 0x10000000, Image Size: 0x44000"
"13:37:23,3996606","Condor.exe","10428","QueryNameInformationFile","E:\Condor2\d3dx.dll","BUFFER OVERFLOW","Name: \Condo"
"13:37:23,3996720","Condor.exe","10428","QueryNameInformationFile","E:\Condor2\d3dx.dll","SUCCESS","Name: \Condor2\d3dx.dll"
"13:37:23,3997140","Condor.exe","10428","CloseFile","E:\Condor2\d3dx.dll","SUCCESS",""
"13:37:23,3997611","Condor.exe","10428","QueryOpen","E:\Condor2\winmm.dll","NAME NOT FOUND",""
"13:37:23,3999120","Condor.exe","10428","CreateFile","C:\Windows\SysWOW64\winmm.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"13:37:23,3999706","Condor.exe","10428","QueryBasicInformationFile","C:\Windows\SysWOW64\winmm.dll","SUCCESS","CreationTime: 29.09.2017 14:42:08, LastAccessTime: 29.09.2017 14:42:08, LastWriteTime: 29.09.2017 14:42:08, ChangeTime: 19.01.2018 04:59:44, FileAttributes: A"
"13:37:23,3999797","Condor.exe","10428","CloseFile","C:\Windows\SysWOW64\winmm.dll","SUCCESS",""
"13:37:23,4000756","Condor.exe","10428","CreateFile","C:\Windows\SysWOW64\winmm.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"13:37:23,4001203","Condor.exe","10428","CreateFileMapping","C:\Windows\SysWOW64\winmm.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READ|PAGE_NOCACHE"
"13:37:23,4001490","Condor.exe","10428","CreateFileMapping","C:\Windows\SysWOW64\winmm.dll","SUCCESS","SyncType: SyncTypeOther"
"13:37:23,4002085","Condor.exe","10428","Load Image","C:\Windows\SysWOW64\winmm.dll","SUCCESS","Image Base: 0x74140000, Image Size: 0x24000"
"13:37:23,4002272","Condor.exe","10428","QueryNameInformationFile","C:\Windows\SysWOW64\winmm.dll","BUFFER OVERFLOW","Name: \Windo"
"13:37:23,4002393","Condor.exe","10428","QueryNameInformationFile","C:\Windows\SysWOW64\winmm.dll","SUCCESS","Name: \Windows\SysWOW64\winmm.dll"
"13:37:23,4003247","Condor.exe","10428","CloseFile","C:\Windows\SysWOW64\winmm.dll","SUCCESS",""
"13:37:23,4004044","Condor.exe","10428","QueryOpen","E:\Condor2\d3dx11Effects_JSB.dll","SUCCESS","CreationTime: 26.02.2018 13:33:12, LastAccessTime: 26.02.2018 13:33:12, LastWriteTime: 12.02.2018 11:34:02, ChangeTime: 26.02.2018 13:33:12, AllocationSize: 266 240, EndOfFile: 264 264, FileAttributes: A"
"13:37:23,4004476","Condor.exe","10428","CreateFile","E:\Condor2\d3dx11Effects_JSB.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"13:37:23,4004765","Condor.exe","10428","CreateFileMapping","E:\Condor2\d3dx11Effects_JSB.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READ|PAGE_NOCACHE"
"13:37:23,4005131","Condor.exe","10428","CreateFileMapping","E:\Condor2\d3dx11Effects_JSB.dll","SUCCESS","SyncType: SyncTypeOther"
"13:37:23,4005538","Condor.exe","10428","Load Image","E:\Condor2\d3dx11Effects_JSB.dll","SUCCESS","Image Base: 0x51430000, Image Size: 0x43000"
"13:37:23,4005677","Condor.exe","10428","QueryNameInformationFile","E:\Condor2\d3dx11Effects_JSB.dll","BUFFER OVERFLOW","Name: \Condo"
"13:37:23,4005789","Condor.exe","10428","QueryNameInformationFile","E:\Condor2\d3dx11Effects_JSB.dll","SUCCESS","Name: \Condor2\d3dx11Effects_JSB.dll"
"13:37:23,4006296","Condor.exe","10428","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\SideBySide","NAME NOT FOUND","Desired Access: Read"
"13:37:23,4006984","Condor.exe","10428","CreateFile","E:\Condor2\d3dx11Effects_JSB.dll","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"13:37:23,4007265","Condor.exe","10428","QueryBasicInformationFile","E:\Condor2\d3dx11Effects_JSB.dll","SUCCESS","CreationTime: 26.02.2018 13:33:12, LastAccessTime: 26.02.2018 13:33:12, LastWriteTime: 12.02.2018 11:34:02, ChangeTime: 26.02.2018 13:33:12, FileAttributes: A"
"13:37:23,4007875","Condor.exe","10428","CloseFile","E:\Condor2\d3dx11Effects_JSB.dll","SUCCESS",""
"13:37:23,4008632","Condor.exe","10428","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\SideBySide\AssemblyStorageRoots","NAME NOT FOUND","Desired Access: Enumerate Sub Keys"
"13:37:23,4009242","Condor.exe","10428","QueryOpen","E:\Condor2\Condor.exe.Local","NAME NOT FOUND",""
"13:37:23,4010320","Condor.exe","10428","CreateFile","C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.9317_none_508dca76bcbcfe81","SUCCESS","Desired Access: Execute/Traverse, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"13:37:23,4010724","Condor.exe","10428","CloseFile","E:\Condor2\d3dx11Effects_JSB.dll","SUCCESS",""
"13:37:23,4011156","Condor.exe","10428","QueryOpen","E:\Condor2\d3dx11_43.dll","SUCCESS","CreationTime: 26.02.2018 13:33:12, LastAccessTime: 26.02.2018 13:33:12, LastWriteTime: 12.02.2018 11:33:52, ChangeTime: 26.02.2018 13:33:12, AllocationSize: 249 856, EndOfFile: 248 392, FileAttributes: A"
"13:37:23,4011521","Condor.exe","10428","CreateFile","E:\Condor2\d3dx11_43.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"13:37:23,4011793","Condor.exe","10428","CreateFileMapping","E:\Condor2\d3dx11_43.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READ|PAGE_NOCACHE"
"13:37:23,4012125","Condor.exe","10428","CreateFileMapping","E:\Condor2\d3dx11_43.dll","SUCCESS","SyncType: SyncTypeOther"
"13:37:23,4012542","Condor.exe","10428","Load Image","E:\Condor2\d3dx11_43.dll","SUCCESS","Image Base: 0x50070000, Image Size: 0x3f000"
"13:37:23,4012693","Condor.exe","10428","QueryNameInformationFile","E:\Condor2\d3dx11_43.dll","BUFFER OVERFLOW","Name: \Condo"
"13:37:23,4012816","Condor.exe","10428","QueryNameInformationFile","E:\Condor2\d3dx11_43.dll","SUCCESS","Name: \Condor2\d3dx11_43.dll"
"13:37:23,4013263","Condor.exe","10428","CloseFile","E:\Condor2\d3dx11_43.dll","SUCCESS",""
"13:37:23,4014383","Condor.exe","10428","QueryOpen","E:\Condor2\IPHLPAPI.DLL","NAME NOT FOUND",""
"13:37:23,4015796","Condor.exe","10428","CreateFile","C:\Windows\SysWOW64\IPHLPAPI.DLL","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"13:37:23,4016493","Condor.exe","10428","QueryBasicInformationFile","C:\Windows\SysWOW64\IPHLPAPI.DLL","SUCCESS","CreationTime: 29.09.2017 14:42:14, LastAccessTime: 29.09.2017 14:42:14, LastWriteTime: 29.09.2017 14:42:14, ChangeTime: 19.01.2018 04:59:36, FileAttributes: A"
"13:37:23,4016590","Condor.exe","10428","CloseFile","C:\Windows\SysWOW64\IPHLPAPI.DLL","SUCCESS",""
"13:37:23,4017544","Condor.exe","10428","CreateFile","C:\Windows\SysWOW64\IPHLPAPI.DLL","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"13:37:23,4017966","Condor.exe","10428","CreateFileMapping","C:\Windows\SysWOW64\IPHLPAPI.DLL","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READ|PAGE_NOCACHE"
"13:37:23,4018156","Condor.exe","10428","CreateFileMapping","C:\Windows\SysWOW64\IPHLPAPI.DLL","SUCCESS","SyncType: SyncTypeOther"
"13:37:23,4018772","Condor.exe","10428","Load Image","C:\Windows\SysWOW64\IPHLPAPI.DLL","SUCCESS","Image Base: 0x73b60000, Image Size: 0x30000"
"13:37:23,4018965","Condor.exe","10428","QueryNameInformationFile","C:\Windows\SysWOW64\IPHLPAPI.DLL","BUFFER OVERFLOW","Name: \Windo"
"13:37:23,4019098","Condor.exe","10428","QueryNameInformationFile","C:\Windows\SysWOW64\IPHLPAPI.DLL","SUCCESS","Name: \Windows\SysWOW64\IPHLPAPI.DLL"
"13:37:23,4019672","Condor.exe","10428","CloseFile","C:\Windows\SysWOW64\IPHLPAPI.DLL","SUCCESS",""
"13:37:23,4020254","Condor.exe","10428","QueryOpen","E:\Condor2\bcrypt.dll","NAME NOT FOUND",""
"13:37:23,4022060","Condor.exe","10428","CreateFile","C:\Windows\SysWOW64\bcrypt.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"13:37:23,4022793","Condor.exe","10428","QueryBasicInformationFile","C:\Windows\SysWOW64\bcrypt.dll","SUCCESS","CreationTime: 18.01.2018 21:21:10, LastAccessTime: 18.01.2018 21:21:10, LastWriteTime: 18.01.2018 21:21:10, ChangeTime: 14.02.2018 01:34:27, FileAttributes: A"
"13:37:23,4022890","Condor.exe","10428","CloseFile","C:\Windows\SysWOW64\bcrypt.dll","SUCCESS",""
"13:37:23,4023756","Condor.exe","10428","CreateFile","C:\Windows\SysWOW64\bcrypt.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"13:37:23,4024191","Condor.exe","10428","CreateFileMapping","C:\Windows\SysWOW64\bcrypt.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READ|PAGE_NOCACHE"
"13:37:23,4024381","Condor.exe","10428","CreateFileMapping","C:\Windows\SysWOW64\bcrypt.dll","SUCCESS","SyncType: SyncTypeOther"
"13:37:23,4024949","Condor.exe","10428","Load Image","C:\Windows\SysWOW64\bcrypt.dll","SUCCESS","Image Base: 0x73dd0000, Image Size: 0x19000"
"13:37:23,4025133","Condor.exe","10428","QueryNameInformationFile","C:\Windows\SysWOW64\bcrypt.dll","BUFFER OVERFLOW","Name: \Windo"
"13:37:23,4025257","Condor.exe","10428","QueryNameInformationFile","C:\Windows\SysWOW64\bcrypt.dll","SUCCESS","Name: \Windows\SysWOW64\bcrypt.dll"
"13:37:23,4025806","Condor.exe","10428","CloseFile","C:\Windows\SysWOW64\bcrypt.dll","SUCCESS",""
"13:37:23,4027964","Condor.exe","10428","QueryOpen","E:\Condor2\DDRAW.dll","NAME NOT FOUND",""
"13:37:23,4029329","Condor.exe","10428","CreateFile","C:\Windows\SysWOW64\ddraw.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"13:37:23,4029972","Condor.exe","10428","QueryBasicInformationFile","C:\Windows\SysWOW64\ddraw.dll","SUCCESS","CreationTime: 29.09.2017 14:42:14, LastAccessTime: 29.09.2017 14:42:14, LastWriteTime: 29.09.2017 14:42:14, ChangeTime: 19.01.2018 04:59:34, FileAttributes: A"
"13:37:23,4030108","Condor.exe","10428","CloseFile","C:\Windows\SysWOW64\ddraw.dll","SUCCESS",""
"13:37:23,4031261","Condor.exe","10428","CreateFile","C:\Windows\SysWOW64\ddraw.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"13:37:23,4031720","Condor.exe","10428","CreateFileMapping","C:\Windows\SysWOW64\ddraw.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READ|PAGE_NOCACHE"
"13:37:23,4033244","Condor.exe","10428","CreateFileMapping","C:\Windows\SysWOW64\ddraw.dll","SUCCESS","SyncType: SyncTypeOther"
"13:37:23,4033914","Condor.exe","10428","Load Image","C:\Windows\SysWOW64\ddraw.dll","SUCCESS","Image Base: 0x77d10000, Image Size: 0xea000"
"13:37:23,4034101","Condor.exe","10428","QueryNameInformationFile","C:\Windows\SysWOW64\ddraw.dll","BUFFER OVERFLOW","Name: \Windo"
"13:37:23,4034228","Condor.exe","10428","QueryNameInformationFile","C:\Windows\SysWOW64\ddraw.dll","SUCCESS","Name: \Windows\SysWOW64\ddraw.dll"
"13:37:23,4034956","Condor.exe","10428","CloseFile","C:\Windows\SysWOW64\ddraw.dll","SUCCESS",""
"13:37:23,4035565","Condor.exe","10428","QueryOpen","E:\Condor2\WINMMBASE.dll","NAME NOT FOUND",""
"13:37:23,4037075","Condor.exe","10428","CreateFile","C:\Windows\SysWOW64\winmmbase.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"13:37:23,4037582","Condor.exe","10428","QueryBasicInformationFile","C:\Windows\SysWOW64\winmmbase.dll","SUCCESS","CreationTime: 29.09.2017 14:42:08, LastAccessTime: 29.09.2017 14:42:08, LastWriteTime: 29.09.2017 14:42:08, ChangeTime: 19.01.2018 04:59:44, FileAttributes: A"
"13:37:23,4037667","Condor.exe","10428","CloseFile","C:\Windows\SysWOW64\winmmbase.dll","SUCCESS",""
"13:37:23,4038503","Condor.exe","10428","CreateFile","C:\Windows\SysWOW64\winmmbase.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"13:37:23,4038841","Condor.exe","10428","CreateFileMapping","C:\Windows\SysWOW64\winmmbase.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READ|PAGE_NOCACHE"
"13:37:23,4039019","Condor.exe","10428","CreateFileMapping","C:\Windows\SysWOW64\winmmbase.dll","SUCCESS","SyncType: SyncTypeOther"
"13:37:23,4039611","Condor.exe","10428","Load Image","C:\Windows\SysWOW64\winmmbase.dll","SUCCESS","Image Base: 0x740c0000, Image Size: 0x23000"
"13:37:23,4039810","Condor.exe","10428","QueryNameInformationFile","C:\Windows\SysWOW64\winmmbase.dll","BUFFER OVERFLOW","Name: \Windo"
"13:37:23,4039928","Condor.exe","10428","QueryNameInformationFile","C:\Windows\SysWOW64\winmmbase.dll","SUCCESS","Name: \Windows\SysWOW64\winmmbase.dll"
"13:37:23,4040637","Condor.exe","10428","CloseFile","C:\Windows\SysWOW64\winmmbase.dll","SUCCESS",""
"13:37:23,4042635","Condor.exe","10428","CreateFile","C:\Windows\SysWOW64\winmmbase.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"13:37:23,4042865","Condor.exe","10428","QueryBasicInformationFile","C:\Windows\SysWOW64\winmmbase.dll","SUCCESS","CreationTime: 29.09.2017 14:42:08, LastAccessTime: 29.09.2017 14:42:08, LastWriteTime: 29.09.2017 14:42:08, ChangeTime: 19.01.2018 04:59:44, FileAttributes: A"
"13:37:23,4042952","Condor.exe","10428","CloseFile","C:\Windows\SysWOW64\winmmbase.dll","SUCCESS",""
"13:37:23,4044661","Condor.exe","10428","CreateFile","C:\Windows\SysWOW64\winmmbase.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"13:37:23,4044872","Condor.exe","10428","QueryBasicInformationFile","C:\Windows\SysWOW64\winmmbase.dll","SUCCESS","CreationTime: 29.09.2017 14:42:08, LastAccessTime: 29.09.2017 14:42:08, LastWriteTime: 29.09.2017 14:42:08, ChangeTime: 19.01.2018 04:59:44, FileAttributes: A"
"13:37:23,4044957","Condor.exe","10428","CloseFile","C:\Windows\SysWOW64\winmmbase.dll","SUCCESS",""
"13:37:23,4045509","Condor.exe","10428","QueryOpen","E:\Condor2\D3DCompiler_43.dll","SUCCESS","CreationTime: 26.02.2018 13:33:12, LastAccessTime: 26.02.2018 13:33:12, LastWriteTime: 12.02.2018 11:36:02, ChangeTime: 26.02.2018 13:33:12, AllocationSize: 2 109 440, EndOfFile: 2 105 928, FileAttributes: A"
"13:37:23,4045884","Condor.exe","10428","CreateFile","E:\Condor2\D3DCompiler_43.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"13:37:23,4046161","Condor.exe","10428","CreateFileMapping","E:\Condor2\D3DCompiler_43.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READ|PAGE_NOCACHE"
"13:37:23,4046542","Condor.exe","10428","CreateFileMapping","E:\Condor2\D3DCompiler_43.dll","SUCCESS","SyncType: SyncTypeOther"
"13:37:23,4046961","Condor.exe","10428","Load Image","E:\Condor2\D3DCompiler_43.dll","SUCCESS","Image Base: 0xf360000, Image Size: 0x207000"
"13:37:23,4047100","Condor.exe","10428","QueryNameInformationFile","E:\Condor2\D3DCompiler_43.dll","BUFFER OVERFLOW","Name: \Condo"
"13:37:23,4047212","Condor.exe","10428","QueryNameInformationFile","E:\Condor2\D3DCompiler_43.dll","SUCCESS","Name: \Condor2\D3DCompiler_43.dll"
"13:37:23,4047677","Condor.exe","10428","CloseFile","E:\Condor2\D3DCompiler_43.dll","SUCCESS",""
"13:37:23,4049092","Condor.exe","10428","CreateFile","C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.9317_none_508dca76bcbcfe81\msvcr90.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"13:37:23,4049331","Condor.exe","10428","QueryBasicInformationFile","C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.9317_none_508dca76bcbcfe81\msvcr90.dll","SUCCESS","CreationTime: 29.09.2017 14:41:23, LastAccessTime: 29.09.2017 14:41:23, LastWriteTime: 29.09.2017 14:41:23, ChangeTime: 14.02.2018 01:34:27, FileAttributes: A"
"13:37:23,4049421","Condor.exe","10428","CloseFile","C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.9317_none_508dca76bcbcfe81\msvcr90.dll","SUCCESS",""
"13:37:23,4050200","Condor.exe","10428","CreateFile","C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.9317_none_508dca76bcbcfe81\msvcr90.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"13:37:23,4050560","Condor.exe","10428","CreateFileMapping","C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.9317_none_508dca76bcbcfe81\msvcr90.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READ|PAGE_NOCACHE"
"13:37:23,4050756","Condor.exe","10428","CreateFileMapping","C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.9317_none_508dca76bcbcfe81\msvcr90.dll","SUCCESS","SyncType: SyncTypeOther"
"13:37:23,4051187","Condor.exe","10428","Load Image","C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.9317_none_508dca76bcbcfe81\msvcr90.dll","SUCCESS","Image Base: 0x728f0000, Image Size: 0xa3000"
"13:37:23,4051384","Condor.exe","10428","QueryNameInformationFile","C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.9317_none_508dca76bcbcfe81\msvcr90.dll","BUFFER OVERFLOW","Name: \Windo"
"13:37:23,4051510","Condor.exe","10428","QueryNameInformationFile","C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.9317_none_508dca76bcbcfe81\msvcr90.dll","SUCCESS","Name: \Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.9317_none_508dca76bcbcfe81\msvcr90.dll"
"13:37:23,4051939","Condor.exe","10428","CloseFile","C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.9317_none_508dca76bcbcfe81\msvcr90.dll","SUCCESS",""
"13:37:23,4055287","Condor.exe","10428","QueryOpen","E:\Condor2\DCIMAN32.dll","NAME NOT FOUND",""
"13:37:23,4056805","Condor.exe","10428","CreateFile","C:\Windows\SysWOW64\dciman32.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"13:37:23,4057421","Condor.exe","10428","QueryBasicInformationFile","C:\Windows\SysWOW64\dciman32.dll","SUCCESS","CreationTime: 29.09.2017 14:42:13, LastAccessTime: 29.09.2017 14:42:13, LastWriteTime: 29.09.2017 14:42:13, ChangeTime: 14.02.2018 01:34:27, FileAttributes: A"
"13:37:23,4057518","Condor.exe","10428","CloseFile","C:\Windows\SysWOW64\dciman32.dll","SUCCESS",""
"13:37:23,4058632","Condor.exe","10428","CreateFile","C:\Windows\SysWOW64\dciman32.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"13:37:23,4059118","Condor.exe","10428","CreateFileMapping","C:\Windows\SysWOW64\dciman32.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READ|PAGE_NOCACHE"
"13:37:23,4059528","Condor.exe","10428","CreateFileMapping","C:\Windows\SysWOW64\dciman32.dll","SUCCESS","SyncType: SyncTypeOther"
"13:37:23,4060872","Condor.exe","10428","Load Image","C:\Windows\SysWOW64\dciman32.dll","SUCCESS","Image Base: 0x52fc0000, Image Size: 0x7000"
"13:37:23,4061071","Condor.exe","10428","QueryNameInformationFile","C:\Windows\SysWOW64\dciman32.dll","BUFFER OVERFLOW","Name: \Windo"
"13:37:23,4061198","Condor.exe","10428","QueryNameInformationFile","C:\Windows\SysWOW64\dciman32.dll","SUCCESS","Name: \Windows\SysWOW64\dciman32.dll"
"13:37:23,4061816","Condor.exe","10428","CloseFile","C:\Windows\SysWOW64\dciman32.dll","SUCCESS",""
"13:37:23,4064506","Condor.exe","10428","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options","REPARSE","Desired Access: Query Value, Enumerate Sub Keys"
"13:37:23,4064711","Condor.exe","10428","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options","SUCCESS","Desired Access: Query Value, Enumerate Sub Keys"
"13:37:23,4064841","Condor.exe","10428","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"13:37:23,4064950","Condor.exe","10428","RegQueryKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options","SUCCESS","Query: HandleTags, HandleTags: 0x400"
"13:37:23,4065016","Condor.exe","10428","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DllNXOptions","NAME NOT FOUND","Desired Access: Query Value, Enumerate Sub Keys"
"13:37:23,4065360","Condor.exe","10428","RegQueryKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options","SUCCESS","Query: HandleTags, HandleTags: 0x400"
"13:37:23,4065418","Condor.exe","10428","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DllNXOptions","NAME NOT FOUND","Desired Access: Query Value, Enumerate Sub Keys"
"13:37:23,4066523","Condor.exe","10428","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\Sorting\Versions","REPARSE","Desired Access: Read"
"13:37:23,4066616","Condor.exe","10428","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\Sorting\Versions","SUCCESS","Desired Access: Read"
"13:37:23,4066731","Condor.exe","10428","RegSetInfoKey","HKLM\System\CurrentControlSet\Control\Nls\Sorting\Versions","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"13:37:23,4066791","Condor.exe","10428","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\Sorting\Versions\(Default)","SUCCESS","Type: REG_SZ, Length: 18, Data: 0006020E"
"13:37:23,4068805","Condor.exe","10428","RegOpenKey","HKLM\System\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy","REPARSE","Desired Access: Query Value"
"13:37:23,4068883","Condor.exe","10428","RegOpenKey","HKLM\System\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy","SUCCESS","Desired Access: Query Value"
"13:37:23,4068983","Condor.exe","10428","RegSetInfoKey","HKLM\System\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"13:37:23,4069037","Condor.exe","10428","RegQueryValue","HKLM\System\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy\Enabled","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"13:37:23,4069134","Condor.exe","10428","RegOpenKey","HKLM\System\CurrentControlSet\Control\Lsa","REPARSE","Desired Access: Query Value"
"13:37:23,4069200","Condor.exe","10428","RegOpenKey","HKLM\System\CurrentControlSet\Control\Lsa","SUCCESS","Desired Access: Query Value"
"13:37:23,4069273","Condor.exe","10428","RegSetInfoKey","HKLM\System\CurrentControlSet\Control\Lsa","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"13:37:23,4069318","Condor.exe","10428","RegQueryValue","HKLM\System\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy","NAME NOT FOUND","Length: 20"
"13:37:23,4069424","Condor.exe","10428","RegQueryValue","HKLM\System\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy\MDMEnabled","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"13:37:23,4069547","Condor.exe","10428","RegCloseKey","HKLM\System\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy","SUCCESS",""
"13:37:23,4069623","Condor.exe","10428","RegCloseKey","HKLM\System\CurrentControlSet\Control\Lsa","SUCCESS",""
"13:37:23,4069710","Condor.exe","10428","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Policies\Microsoft\Cryptography\Configuration","REPARSE","Desired Access: Query Value"
"13:37:23,4069783","Condor.exe","10428","RegOpenKey","HKLM\System\CurrentControlSet\Policies\Microsoft\Cryptography\Configuration","NAME NOT FOUND","Desired Access: Query Value"
"13:37:23,4070399","Condor.exe","10428","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\a6d3c9ac-9128-522a-495a-1821191173c2","NAME NOT FOUND","Length: 524"
"13:37:23,4071416","Condor.exe","10428","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: Read"
"13:37:23,4071549","Condor.exe","10428","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"13:37:23,4071597","Condor.exe","10428","RegQueryKey","HKLM","SUCCESS","Query: Name"
"13:37:23,4071682","Condor.exe","10428","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\OLE","REPARSE","Desired Access: Read"
"13:37:23,4071872","Condor.exe","10428","RegOpenKey","HKLM\SOFTWARE\Microsoft\Ole","SUCCESS","Desired Access: Read"
"13:37:23,4071996","Condor.exe","10428","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Ole","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"13:37:23,4072053","Condor.exe","10428","RegQueryValue","HKLM\SOFTWARE\Microsoft\Ole\PageAllocatorUseSystemHeap","NAME NOT FOUND","Length: 144"
"13:37:23,4072180","Condor.exe","10428","RegCloseKey","HKLM\SOFTWARE\Microsoft\Ole","SUCCESS",""
"13:37:23,4072255","Condor.exe","10428","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"13:37:23,4072300","Condor.exe","10428","RegQueryKey","HKLM","SUCCESS","Query: Name"
"13:37:23,4072373","Condor.exe","10428","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\OLE","REPARSE","Desired Access: Read"
"13:37:23,4072491","Condor.exe","10428","RegOpenKey","HKLM\SOFTWARE\Microsoft\Ole","SUCCESS","Desired Access: Read"
"13:37:23,4072593","Condor.exe","10428","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Ole","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"13:37:23,4072642","Condor.exe","10428","RegQueryValue","HKLM\SOFTWARE\Microsoft\Ole\PageAllocatorSystemHeapIsPrivate","NAME NOT FOUND","Length: 144"
"13:37:23,4072720","Condor.exe","10428","RegCloseKey","HKLM\SOFTWARE\Microsoft\Ole","SUCCESS",""
"13:37:23,4072783","Condor.exe","10428","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"13:37:23,4072823","Condor.exe","10428","RegQueryKey","HKLM","SUCCESS","Query: Name"
"13:37:23,4072892","Condor.exe","10428","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\OLE","REPARSE","Desired Access: Read"
"13:37:23,4072998","Condor.exe","10428","RegOpenKey","HKLM\SOFTWARE\Microsoft\Ole","SUCCESS","Desired Access: Read"
"13:37:23,4073094","Condor.exe","10428","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Ole","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"13:37:23,4073146","Condor.exe","10428","RegQueryValue","HKLM\SOFTWARE\Microsoft\Ole\AggressiveMTATesting","NAME NOT FOUND","Length: 144"
"13:37:23,4073227","Condor.exe","10428","RegCloseKey","HKLM\SOFTWARE\Microsoft\Ole","SUCCESS",""
"13:37:23,4073580","Condor.exe","10428","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"13:37:23,4073632","Condor.exe","10428","RegOpenKey","HKLM","SUCCESS","Desired Access: Read"
"13:37:23,4073704","Condor.exe","10428","RegSetInfoKey","HKLM","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"13:37:23,4073774","Condor.exe","10428","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x100"
"13:37:23,4073822","Condor.exe","10428","RegOpenKey","HKLM\Software\Microsoft\Ole\FeatureDevelopmentProperties","NAME NOT FOUND","Desired Access: Read"
"13:37:23,4074000","Condor.exe","10428","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x100"
"13:37:23,4074048","Condor.exe","10428","RegOpenKey","HKLM\Software\Microsoft\Ole\FeatureDevelopmentProperties","NAME NOT FOUND","Desired Access: Read"
"13:37:23,4074175","Condor.exe","10428","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x100"
"13:37:23,4074223","Condor.exe","10428","RegOpenKey","HKLM\Software\Microsoft\Ole","SUCCESS","Desired Access: Read"
"13:37:23,4074779","Condor.exe","10428","RegOpenKey","HKCU","SUCCESS","Desired Access: Read"
"13:37:23,4074863","Condor.exe","10428","RegSetInfoKey","HKCU","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"13:37:23,4074927","Condor.exe","10428","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x100"
"13:37:23,4074975","Condor.exe","10428","RegOpenKey","HKCU\Software\Classes\Local Settings","REPARSE","Desired Access: Read"
"13:37:23,4075060","Condor.exe","10428","RegOpenKey","HKCU\Software\Classes\Local Settings","SUCCESS","Desired Access: Read"
"13:37:23,4075171","Condor.exe","10428","RegCloseKey","HKCU","SUCCESS",""
"13:37:23,4075253","Condor.exe","10428","RegQueryKey","HKCU\Software\Classes\Local Settings","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"13:37:23,4075295","Condor.exe","10428","RegQueryKey","HKCU\Software\Classes\Local Settings","SUCCESS","Query: Name"
"13:37:23,4075374","Condor.exe","10428","RegOpenKey","HKCU\Software\Classes\Local Settings\Software\Microsoft\Ole\FeatureDevelopmentProperties","NAME NOT FOUND","Desired Access: Read"
"13:37:23,4075464","Condor.exe","10428","RegQueryKey","HKCU\Software\Classes\Local Settings","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"13:37:23,4075506","Condor.exe","10428","RegQueryKey","HKCU\Software\Classes\Local Settings","SUCCESS","Query: Name"
"13:37:23,4075570","Condor.exe","10428","RegOpenKey","HKCU\Software\Classes\Local Settings\Software\Microsoft\Ole\FeatureDevelopmentProperties","NAME NOT FOUND","Desired Access: Read"
"13:37:23,4075675","Condor.exe","10428","RegQueryKey","HKCU\Software\Classes\Local Settings","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"13:37:23,4075730","Condor.exe","10428","RegQueryKey","HKCU\Software\Classes\Local Settings","SUCCESS","Query: Name"
"13:37:23,4075799","Condor.exe","10428","RegOpenKey","HKCU\Software\Classes\Local Settings\Software\Microsoft\Ole","NAME NOT FOUND","Desired Access: Read"
"13:37:23,4075881","Condor.exe","10428","RegQueryKey","HKCU\Software\Classes\Local Settings","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"13:37:23,4075920","Condor.exe","10428","RegQueryKey","HKCU\Software\Classes\Local Settings","SUCCESS","Query: Name"
"13:37:23,4075983","Condor.exe","10428","RegOpenKey","HKCU\Software\Classes\Local Settings\Software\Microsoft","SUCCESS","Desired Access: Read"
"13:37:23,4076059","Condor.exe","10428","RegSetInfoKey","HKCU\Software\Classes\Local Settings\Software\Microsoft","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"13:37:23,4076678","Condor.exe","10428","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"13:37:23,4076720","Condor.exe","10428","RegQueryKey","HKLM","SUCCESS","Query: Name"
"13:37:23,4076798","Condor.exe","10428","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\OLE\Tracing","REPARSE","Desired Access: Read"
"13:37:23,4076973","Condor.exe","10428","RegOpenKey","HKLM\SOFTWARE\Microsoft\Ole\Tracing","NAME NOT FOUND","Desired Access: Read"
"13:37:23,4077408","Condor.exe","10428","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\1aff6089-e863-4d36-bdfd-3581f07440be","NAME NOT FOUND","Length: 524"
"13:37:23,4077861","Condor.exe","10428","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\f0558438-f56a-5987-47da-040ca75aef05","NAME NOT FOUND","Length: 524"
"13:37:23,4080511","Condor.exe","10428","CreateFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"13:37:23,4081233","Condor.exe","10428","QueryBasicInformationFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","CreationTime: 14.02.2018 01:31:21, LastAccessTime: 14.02.2018 01:31:21, LastWriteTime: 10.02.2018 06:22:00, ChangeTime: 14.02.2018 02:22:35, FileAttributes: A"
"13:37:23,4081323","Condor.exe","10428","CloseFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS",""
"13:37:23,4083412","Condor.exe","10428","CreateFile","C:\Windows\SysWOW64\ole32.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"13:37:23,4084028","Condor.exe","10428","QueryBasicInformationFile","C:\Windows\SysWOW64\ole32.dll","SUCCESS","CreationTime: 03.02.2018 07:12:20, LastAccessTime: 03.02.2018 07:12:20, LastWriteTime: 01.01.2018 12:42:32, ChangeTime: 14.02.2018 01:34:27, FileAttributes: A"
"13:37:23,4084119","Condor.exe","10428","CloseFile","C:\Windows\SysWOW64\ole32.dll","SUCCESS",""
"13:37:23,4087482","Condor.exe","10428","CreateFile","C:\Windows\SysWOW64\imm32.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"13:37:23,4088070","Condor.exe","10428","QueryBasicInformationFile","C:\Windows\SysWOW64\imm32.dll","SUCCESS","CreationTime: 29.09.2017 14:42:14, LastAccessTime: 29.09.2017 14:42:14, LastWriteTime: 29.09.2017 14:42:14, ChangeTime: 19.01.2018 04:59:36, FileAttributes: A"
"13:37:23,4088161","Condor.exe","10428","CloseFile","C:\Windows\SysWOW64\imm32.dll","SUCCESS",""
"13:37:23,4089190","Condor.exe","10428","CreateFile","C:\Windows\SysWOW64\imm32.dll","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"13:37:23,4089604","Condor.exe","10428","CreateFileMapping","C:\Windows\SysWOW64\imm32.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READ|PAGE_NOCACHE"
"13:37:23,4089691","Condor.exe","10428","QueryStandardInformationFile","C:\Windows\SysWOW64\imm32.dll","SUCCESS","AllocationSize: 143 360, EndOfFile: 143 152, NumberOfLinks: 2, DeletePending: False, Directory: False"
"13:37:23,4089833","Condor.exe","10428","CreateFileMapping","C:\Windows\SysWOW64\imm32.dll","SUCCESS","SyncType: SyncTypeOther"
"13:37:23,4090223","Condor.exe","10428","CloseFile","C:\Windows\SysWOW64\imm32.dll","SUCCESS",""
"13:37:23,4091116","Condor.exe","10428","Load Image","C:\Windows\SysWOW64\imm32.dll","SUCCESS","Image Base: 0x745b0000, Image Size: 0x25000"
"13:37:23,4091569","Condor.exe","10428","QueryNameInformationFile","C:\Windows\SysWOW64\imm32.dll","BUFFER OVERFLOW","Name: \Windo"
"13:37:23,4091895","Condor.exe","10428","QueryNameInformationFile","C:\Windows\SysWOW64\imm32.dll","SUCCESS","Name: \Windows\SysWOW64\imm32.dll"
"13:37:23,4094395","Condor.exe","10428","CreateFile","C:\Windows\SysWOW64\imm32.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"13:37:23,4094705","Condor.exe","10428","QueryBasicInformationFile","C:\Windows\SysWOW64\imm32.dll","SUCCESS","CreationTime: 29.09.2017 14:42:14, LastAccessTime: 29.09.2017 14:42:14, LastWriteTime: 29.09.2017 14:42:14, ChangeTime: 19.01.2018 04:59:36, FileAttributes: A"
"13:37:23,4094799","Condor.exe","10428","CloseFile","C:\Windows\SysWOW64\imm32.dll","SUCCESS",""
"13:37:23,4096665","Condor.exe","10428","CreateFile","C:\Windows\SysWOW64\imm32.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"13:37:23,4097000","Condor.exe","10428","QueryBasicInformationFile","C:\Windows\SysWOW64\imm32.dll","SUCCESS","CreationTime: 29.09.2017 14:42:14, LastAccessTime: 29.09.2017 14:42:14, LastWriteTime: 29.09.2017 14:42:14, ChangeTime: 19.01.2018 04:59:36, FileAttributes: A"
"13:37:23,4097090","Condor.exe","10428","CloseFile","C:\Windows\SysWOW64\imm32.dll","SUCCESS",""
"13:37:23,4097588","Condor.exe","10428","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\f25bcd2e-2690-55dc-3bc4-07b65b1b41c9","NAME NOT FOUND","Length: 524"
"13:37:23,4097981","Condor.exe","10428","RegOpenKey","HKLM\Software\WOW6432Node\Policies\Microsoft\Windows\Display","REPARSE","Desired Access: Read"
"13:37:23,4098243","Condor.exe","10428","RegOpenKey","HKLM\SOFTWARE\Policies\Microsoft\Windows\Display","NAME NOT FOUND","Desired Access: Read"
"13:37:23,4098464","Condor.exe","10428","RegQueryKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options","SUCCESS","Query: HandleTags, HandleTags: 0x400"
"13:37:23,4098539","Condor.exe","10428","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Condor.exe","NAME NOT FOUND","Desired Access: Query Value, Enumerate Sub Keys"
"13:37:23,4098790","Condor.exe","10428","RegOpenKey","HKLM\Software\WOW6432Node\Policies\Microsoft\Windows\Display","REPARSE","Desired Access: Read"
"13:37:23,4098908","Condor.exe","10428","RegOpenKey","HKLM\SOFTWARE\Policies\Microsoft\Windows\Display","NAME NOT FOUND","Desired Access: Read"
"13:37:23,4099110","Condor.exe","10428","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\GRE_Initialize","REPARSE","Desired Access: Read"
"13:37:23,4099221","Condor.exe","10428","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize","SUCCESS","Desired Access: Read"
"13:37:23,4099315","Condor.exe","10428","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"13:37:23,4099372","Condor.exe","10428","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles","NAME NOT FOUND","Length: 20"
"13:37:23,4099481","Condor.exe","10428","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize","SUCCESS",""
"13:37:23,4099774","Condor.exe","10428","RegOpenKey","HKCU\Control Panel\Desktop","SUCCESS","Desired Access: Read"
"13:37:23,4099904","Condor.exe","10428","RegQueryValue","HKCU\Control Panel\Desktop\EnablePerProcessSystemDPI","NAME NOT FOUND","Length: 520"
"13:37:23,4100031","Condor.exe","10428","RegCloseKey","HKCU\Control Panel\Desktop","SUCCESS",""
"13:37:23,4100942","Condor.exe","10428","RegOpenKey","HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Compatibility32","SUCCESS","Desired Access: Read"
"13:37:23,4101120","Condor.exe","10428","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Compatibility32\Condor","NAME NOT FOUND","Length: 172"
"13:37:23,4101226","Condor.exe","10428","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Compatibility32","SUCCESS",""
"13:37:23,4101313","Condor.exe","10428","RegOpenKey","HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\IME Compatibility","NAME NOT FOUND","Desired Access: Read"
"13:37:23,4111939","Condor.exe","10428","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"13:37:23,4112033","Condor.exe","10428","RegQueryKey","HKLM","SUCCESS","Query: Name"
"13:37:23,4112178","Condor.exe","10428","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Windows","SUCCESS","Desired Access: Read"
"13:37:23,4112344","Condor.exe","10428","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Windows","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"13:37:23,4112419","Condor.exe","10428","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Windows\LoadAppInit_DLLs","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"13:37:23,4112540","Condor.exe","10428","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Windows","SUCCESS",""
"13:37:23,4113228","Condor.exe","10428","RegQueryKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options","SUCCESS","Query: HandleTags, HandleTags: 0x400"
"13:37:23,4113307","Condor.exe","10428","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Condor.exe","NAME NOT FOUND","Desired Access: Query Value, Enumerate Sub Keys"
"13:37:23,4113775","Condor.exe","10428","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"13:37:23,4113865","Condor.exe","10428","RegQueryKey","HKLM","SUCCESS","Query: Name"
"13:37:23,4113965","Condor.exe","10428","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\OLE\Tracing","REPARSE","Desired Access: Read"
"13:37:23,4114134","Condor.exe","10428","RegOpenKey","HKLM\SOFTWARE\Microsoft\Ole\Tracing","NAME NOT FOUND","Desired Access: Read"
"13:37:23,4114539","Condor.exe","10428","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\1aff6089-e863-4d36-bdfd-3581f07440be","NAME NOT FOUND","Length: 524"
"13:37:23,4114934","Condor.exe","10428","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\f0558438-f56a-5987-47da-040ca75aef05","NAME NOT FOUND","Length: 524"
"13:37:23,4117008","Condor.exe","10428","CreateFile","C:\Windows\SysWOW64\oleaut32.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"13:37:23,4117651","Condor.exe","10428","QueryBasicInformationFile","C:\Windows\SysWOW64\oleaut32.dll","SUCCESS","CreationTime: 29.09.2017 14:42:14, LastAccessTime: 29.09.2017 14:42:14, LastWriteTime: 29.09.2017 14:42:14, ChangeTime: 19.01.2018 04:59:39, FileAttributes: A"
"13:37:23,4117750","Condor.exe","10428","CloseFile","C:\Windows\SysWOW64\oleaut32.dll","SUCCESS",""
"13:37:23,4118692","Condor.exe","10428","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"13:37:23,4118753","Condor.exe","10428","RegQueryKey","HKLM","SUCCESS","Query: Name"
"13:37:23,4118855","Condor.exe","10428","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\OLEAUT","NAME NOT FOUND","Desired Access: Query Value"
"13:37:23,4121916","Condor.exe","10428","RegOpenKey","HKCU","SUCCESS","Desired Access: Read"
"13:37:23,4122239","Condor.exe","10428","RegCloseKey","HKCU","SUCCESS",""
"13:37:23,4124374","Condor.exe","10428","CreateFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"13:37:23,4124645","Condor.exe","10428","QueryBasicInformationFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","CreationTime: 14.02.2018 01:31:21, LastAccessTime: 14.02.2018 01:31:21, LastWriteTime: 10.02.2018 06:22:00, ChangeTime: 14.02.2018 02:22:35, FileAttributes: A"
"13:37:23,4124745","Condor.exe","10428","CloseFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS",""
"13:37:23,4126979","Condor.exe","10428","CreateFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"13:37:23,4127205","Condor.exe","10428","QueryBasicInformationFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","CreationTime: 14.02.2018 01:31:21, LastAccessTime: 14.02.2018 01:31:21, LastWriteTime: 10.02.2018 06:22:00, ChangeTime: 14.02.2018 02:22:35, FileAttributes: A"
"13:37:23,4127290","Condor.exe","10428","CloseFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS",""
"13:37:23,4129928","Condor.exe","10428","CreateFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"13:37:23,4130191","Condor.exe","10428","QueryBasicInformationFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","CreationTime: 14.02.2018 01:31:21, LastAccessTime: 14.02.2018 01:31:21, LastWriteTime: 10.02.2018 06:22:00, ChangeTime: 14.02.2018 02:22:35, FileAttributes: A"
"13:37:23,4130317","Condor.exe","10428","CloseFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS",""
"13:37:23,4133572","Condor.exe","10428","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\30336ed4-e327-447c-9de0-51b652c86108","NAME NOT FOUND","Length: 524"
"13:37:23,4133997","Condor.exe","10428","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\b87cf16b-0bf8-4492-a510-d5f59626b033","NAME NOT FOUND","Length: 524"
"13:37:23,4134296","Condor.exe","10428","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\a40b455c-253c-4311-ac6d-6e667edccefc","NAME NOT FOUND","Length: 524"
"13:37:23,4134571","Condor.exe","10428","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\703fcc13-b66f-5868-ddd9-e2db7f381ffb","NAME NOT FOUND","Length: 524"
"13:37:23,4134827","Condor.exe","10428","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\32980f26-c8f5-5767-6b26-635b3fa83c61","NAME NOT FOUND","Length: 524"
"13:37:23,4137212","Condor.exe","10428","CreateFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"13:37:23,4137457","Condor.exe","10428","QueryBasicInformationFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","CreationTime: 14.02.2018 01:31:21, LastAccessTime: 14.02.2018 01:31:21, LastWriteTime: 10.02.2018 06:22:00, ChangeTime: 14.02.2018 02:22:35, FileAttributes: A"
"13:37:23,4137550","Condor.exe","10428","CloseFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS",""
"13:37:23,4140095","Condor.exe","10428","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\30336ed4-e327-447c-9de0-51b652c86108","NAME NOT FOUND","Length: 524"
"13:37:23,4140433","Condor.exe","10428","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\b87cf16b-0bf8-4492-a510-d5f59626b033","NAME NOT FOUND","Length: 524"
"13:37:23,4140735","Condor.exe","10428","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\32980f26-c8f5-5767-6b26-635b3fa83c61","NAME NOT FOUND","Length: 524"
"13:37:23,4140998","Condor.exe","10428","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\703fcc13-b66f-5868-ddd9-e2db7f381ffb","NAME NOT FOUND","Length: 524"
"13:37:23,4141547","Condor.exe","10428","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\f3a71a4b-6118-4257-8ccb-39a33ba059d4","NAME NOT FOUND","Length: 524"
"13:37:23,4143624","Condor.exe","10428","CreateFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"13:37:23,4143869","Condor.exe","10428","QueryBasicInformationFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","CreationTime: 14.02.2018 01:31:21, LastAccessTime: 14.02.2018 01:31:21, LastWriteTime: 10.02.2018 06:22:00, ChangeTime: 14.02.2018 02:22:35, FileAttributes: A"
"13:37:23,4143962","Condor.exe","10428","CloseFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS",""
"13:37:23,4144717","Condor.exe","10428","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\c69cb70a-3133-4cca-ab0e-046848effcda","NAME NOT FOUND","Length: 524"
"13:37:23,4146353","Condor.exe","10428","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\d0f1a5c6-fc43-48ae-99bf-efb1c38be9d1","NAME NOT FOUND","Length: 524"
"13:37:23,4147624","Condor.exe","10428","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\03bbe5b8-c788-4d0b-b47e-5b5731398a89","NAME NOT FOUND","Length: 524"
"13:37:23,4148508","Condor.exe","10428","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\86cc27ea-6f87-47f7-8b43-3473527d4a87","NAME NOT FOUND","Length: 524"
"13:37:23,4148943","Condor.exe","10428","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\d479cbb9-0cf0-494c-b98f-684c33849782","NAME NOT FOUND","Length: 524"
"13:37:23,4149188","Condor.exe","10428","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\d479cbb9-0cf0-494c-b98f-684c33849782","NAME NOT FOUND","Length: 524"
"13:37:23,4150685","Condor.exe","10428","QueryNameInformationFile","E:\Condor2\d3dx.dll","SUCCESS","Name: \Condor2\d3dx.dll"
"13:37:23,4154455","Condor.exe","10428","CreateFile","C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.9317_none_508dca76bcbcfe81\msvcr90.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"13:37:23,4154724","Condor.exe","10428","QueryBasicInformationFile","C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.9317_none_508dca76bcbcfe81\msvcr90.dll","SUCCESS","CreationTime: 29.09.2017 14:41:23, LastAccessTime: 29.09.2017 14:41:23, LastWriteTime: 29.09.2017 14:41:23, ChangeTime: 14.02.2018 01:34:27, FileAttributes: A"
"13:37:23,4154814","Condor.exe","10428","CloseFile","C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.9317_none_508dca76bcbcfe81\msvcr90.dll","SUCCESS",""
"13:37:23,4155168","Condor.exe","10428","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"13:37:23,4155476","Condor.exe","10428","QueryDirectory","C:\WINDOWS","SUCCESS","Filter: WINDOWS, 1: Windows"
"13:37:23,4156016","Condor.exe","10428","CloseFile","C:\","SUCCESS",""
"13:37:23,4156982","Condor.exe","10428","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"13:37:23,4157281","Condor.exe","10428","QueryDirectory","C:\Windows\WinSxS","SUCCESS","Filter: WinSxS, 1: WinSxS"
"13:37:23,4157501","Condor.exe","10428","CloseFile","C:\Windows","SUCCESS",""
"13:37:23,4158476","Condor.exe","10428","CreateFile","C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.9317_none_508dca76bcbcfe81","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"13:37:23,4158712","Condor.exe","10428","QueryDirectory","C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.9317_none_508dca76bcbcfe81\MSVCR90.dll","SUCCESS","Filter: MSVCR90.dll, 1: msvcr90.dll"
"13:37:23,4158890","Condor.exe","10428","CloseFile","C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.9317_none_508dca76bcbcfe81","SUCCESS",""
"13:37:23,4160251","Condor.exe","10428","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"13:37:23,4160538","Condor.exe","10428","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"13:37:23,4160650","Condor.exe","10428","RegQueryKey","HKCU","SUCCESS","Query: Name"
"13:37:23,4160740","Condor.exe","10428","RegOpenKey","HKCU\Software\Borland\Locales","NAME NOT FOUND","Desired Access: Read, Delete, Write DAC, Write Owner"
"13:37:23,4160888","Condor.exe","10428","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"13:37:23,4160930","Condor.exe","10428","RegQueryKey","HKLM","SUCCESS","Query: Name"
"13:37:23,4161015","Condor.exe","10428","RegOpenKey","HKLM\Software\WOW6432Node\Borland\Locales","NAME NOT FOUND","Desired Access: Read, Delete, Write DAC, Write Owner"
"13:37:23,4161265","Condor.exe","10428","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"13:37:23,4161308","Condor.exe","10428","RegQueryKey","HKCU","SUCCESS","Query: Name"
"13:37:23,4161697","Condor.exe","10428","RegOpenKey","HKCU\Software\Borland\Delphi\Locales","NAME NOT FOUND","Desired Access: Read, Delete, Write DAC, Write Owner"
"13:37:23,4161957","Condor.exe","10428","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","REPARSE","Desired Access: Read"
"13:37:23,4162059","Condor.exe","10428","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","Desired Access: Read"
"13:37:23,4162174","Condor.exe","10428","RegSetInfoKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"13:37:23,4162231","Condor.exe","10428","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale\fr-CH","NAME NOT FOUND","Length: 532"
"13:37:23,4162337","Condor.exe","10428","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS",""
"13:37:23,4162422","Condor.exe","10428","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","REPARSE","Desired Access: Read"
"13:37:23,4162488","Condor.exe","10428","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","Desired Access: Read"
"13:37:23,4162573","Condor.exe","10428","RegSetInfoKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"13:37:23,4162618","Condor.exe","10428","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale\fr-CH","NAME NOT FOUND","Length: 532"
"13:37:23,4162693","Condor.exe","10428","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS",""
"13:37:23,4163557","Condor.exe","10428","QueryOpen","E:\Condor2\Condor.FRS","NAME NOT FOUND",""
"13:37:23,4163976","Condor.exe","10428","QueryOpen","E:\Condor2\Condor.FRS.DLL","NAME NOT FOUND",""
"13:37:23,4164366","Condor.exe","10428","QueryOpen","E:\Condor2\Condor.FR","NAME NOT FOUND",""
"13:37:23,4164698","Condor.exe","10428","QueryOpen","E:\Condor2\Condor.FR.DLL","NAME NOT FOUND",""
"13:37:23,4167146","Condor.exe","10428","CreateFile","C:\Windows\SysWOW64\uxtheme.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"13:37:23,4168033","Condor.exe","10428","QueryBasicInformationFile","C:\Windows\SysWOW64\uxtheme.dll","SUCCESS","CreationTime: 29.09.2017 14:42:25, LastAccessTime: 29.09.2017 14:42:25, LastWriteTime: 29.09.2017 14:42:25, ChangeTime: 19.01.2018 04:59:42, FileAttributes: A"
"13:37:23,4168166","Condor.exe","10428","CloseFile","C:\Windows\SysWOW64\uxtheme.dll","SUCCESS",""
"13:37:23,4169208","Condor.exe","10428","CreateFile","C:\Windows\SysWOW64\uxtheme.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"13:37:23,4169673","Condor.exe","10428","CreateFileMapping","C:\Windows\SysWOW64\uxtheme.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READ"
"13:37:23,4169893","Condor.exe","10428","CreateFileMapping","C:\Windows\SysWOW64\uxtheme.dll","SUCCESS","SyncType: SyncTypeOther"
"13:37:23,4170705","Condor.exe","10428","Load Image","C:\Windows\SysWOW64\uxtheme.dll","SUCCESS","Image Base: 0x70800000, Image Size: 0x79000"
"13:37:23,4170931","Condor.exe","10428","QueryNameInformationFile","C:\Windows\SysWOW64\uxtheme.dll","BUFFER OVERFLOW","Name: \Windo"
"13:37:23,4171073","Condor.exe","10428","QueryNameInformationFile","C:\Windows\SysWOW64\uxtheme.dll","SUCCESS","Name: \Windows\SysWOW64\uxtheme.dll"
"13:37:23,4172697","Condor.exe","10428","CloseFile","C:\Windows\SysWOW64\uxtheme.dll","SUCCESS",""
"13:37:23,4174862","Condor.exe","10428","CreateFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"13:37:23,4175128","Condor.exe","10428","QueryBasicInformationFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","CreationTime: 14.02.2018 01:31:21, LastAccessTime: 14.02.2018 01:31:21, LastWriteTime: 10.02.2018 06:22:00, ChangeTime: 14.02.2018 02:22:35, FileAttributes: A"
"13:37:23,4175236","Condor.exe","10428","CloseFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS",""
"13:37:23,4179091","Condor.exe","10428","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"13:37:23,4179161","Condor.exe","10428","RegQueryKey","HKLM","SUCCESS","Query: Name"
"13:37:23,4179290","Condor.exe","10428","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","REPARSE","Desired Access: Read"
"13:37:23,4179541","Condor.exe","10428","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS","Desired Access: Read"
"13:37:23,4179650","Condor.exe","10428","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"13:37:23,4179749","Condor.exe","10428","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\MS Shell Dlg 2","SUCCESS","Type: REG_SZ, Length: 14, Data: Tahoma"
"13:37:23,4179819","Condor.exe","10428","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\MS Shell Dlg 2","SUCCESS","Type: REG_SZ, Length: 14, Data: Tahoma"
"13:37:23,4179885","Condor.exe","10428","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\MS Shell Dlg 2","SUCCESS","Type: REG_SZ, Length: 14, Data: Tahoma"
"13:37:23,4179948","Condor.exe","10428","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\MS Shell Dlg 2","SUCCESS","Type: REG_SZ, Length: 14, Data: Tahoma"
"13:37:23,4180090","Condor.exe","10428","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS",""
"13:37:23,4188434","Condor.exe","10428","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Control\Session Manager","REPARSE","Desired Access: Query Value, Enumerate Sub Keys"
"13:37:23,4188561","Condor.exe","10428","RegOpenKey","HKLM\System\CurrentControlSet\Control\Session Manager","SUCCESS","Desired Access: Query Value, Enumerate Sub Keys"
"13:37:23,4188679","Condor.exe","10428","RegSetInfoKey","HKLM\System\CurrentControlSet\Control\Session Manager","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"13:37:23,4188739","Condor.exe","10428","RegQueryValue","HKLM\System\CurrentControlSet\Control\Session Manager\ResourcePolicies","NAME NOT FOUND","Length: 24"
"13:37:23,4188833","Condor.exe","10428","RegCloseKey","HKLM\System\CurrentControlSet\Control\Session Manager","SUCCESS",""
"13:37:23,4192977","Condor.exe","10428","Load Image","C:\Windows\SysWOW64\msctf.dll","SUCCESS","Image Base: 0x74d10000, Image Size: 0x144000"
"13:37:23,4193207","Condor.exe","10428","QueryNameInformationFile","C:\Windows\SysWOW64\msctf.dll","BUFFER OVERFLOW","Name: \Windo"
"13:37:23,4193367","Condor.exe","10428","QueryNameInformationFile","C:\Windows\SysWOW64\msctf.dll","SUCCESS","Name: \Windows\SysWOW64\msctf.dll"
"13:37:23,4196588","Condor.exe","10428","CreateFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"13:37:23,4196859","Condor.exe","10428","QueryBasicInformationFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","CreationTime: 14.02.2018 01:31:21, LastAccessTime: 14.02.2018 01:31:21, LastWriteTime: 10.02.2018 06:22:00, ChangeTime: 14.02.2018 02:22:35, FileAttributes: A"
"13:37:23,4196971","Condor.exe","10428","CloseFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS",""
"13:37:23,4198508","Condor.exe","10428","QueryOpen","E:\Program Files (x86)\ASUS\ASUS MultiFrame\HookTitle.dll","SUCCESS","CreationTime: 15.08.2013 17:36:44, LastAccessTime: 19.01.2018 07:10:32, LastWriteTime: 15.08.2013 17:36:44, ChangeTime: 19.01.2018 07:10:32, AllocationSize: 1 994 752, EndOfFile: 1 993 728, FileAttributes: A"
"13:37:23,4198927","Condor.exe","10428","CreateFile","E:\Program Files (x86)\ASUS\ASUS MultiFrame\HookTitle.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"13:37:23,4199259","Condor.exe","10428","CreateFileMapping","E:\Program Files (x86)\ASUS\ASUS MultiFrame\HookTitle.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READ"
"13:37:23,4199462","Condor.exe","10428","CreateFileMapping","E:\Program Files (x86)\ASUS\ASUS MultiFrame\HookTitle.dll","SUCCESS","SyncType: SyncTypeOther"
"13:37:23,4199969","Condor.exe","10428","Load Image","E:\Program Files (x86)\ASUS\ASUS MultiFrame\HookTitle.dll","SUCCESS","Image Base: 0x77e00000, Image Size: 0x1f4000"
"13:37:23,4200120","Condor.exe","10428","QueryNameInformationFile","E:\Program Files (x86)\ASUS\ASUS MultiFrame\HookTitle.dll","BUFFER OVERFLOW","Name: \Progr"
"13:37:23,4200252","Condor.exe","10428","QueryNameInformationFile","E:\Program Files (x86)\ASUS\ASUS MultiFrame\HookTitle.dll","SUCCESS","Name: \Program Files (x86)\ASUS\ASUS MultiFrame\HookTitle.dll"
"13:37:23,4200892","Condor.exe","10428","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\SideBySide","NAME NOT FOUND","Desired Access: Read"
"13:37:23,4201659","Condor.exe","10428","CreateFile","E:\Program Files (x86)\ASUS\ASUS MultiFrame\HookTitle.dll","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"13:37:23,4201994","Condor.exe","10428","QueryBasicInformationFile","E:\Program Files (x86)\ASUS\ASUS MultiFrame\HookTitle.dll","SUCCESS","CreationTime: 15.08.2013 17:36:44, LastAccessTime: 19.01.2018 07:10:32, LastWriteTime: 15.08.2013 17:36:44, ChangeTime: 19.01.2018 07:10:32, FileAttributes: A"
"13:37:23,4202604","Condor.exe","10428","CloseFile","E:\Program Files (x86)\ASUS\ASUS MultiFrame\HookTitle.dll","SUCCESS",""
"13:37:23,4203338","Condor.exe","10428","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\SideBySide\AssemblyStorageRoots","NAME NOT FOUND","Desired Access: Enumerate Sub Keys"
"13:37:23,4204008","Condor.exe","10428","QueryOpen","E:\Condor2\Condor.exe.Local","NAME NOT FOUND",""
"13:37:23,4204937","Condor.exe","10428","CreateFile","C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.16299.248_none_8e66fbc1026df8ab","SUCCESS","Desired Access: Execute/Traverse, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"13:37:23,4205484","Condor.exe","10428","CloseFile","E:\Program Files (x86)\ASUS\ASUS MultiFrame\HookTitle.dll","SUCCESS",""
"13:37:23,4206082","Condor.exe","10428","QueryOpen","E:\Program Files (x86)\ASUS\ASUS MultiFrame\MSIMG32.dll","NAME NOT FOUND",""
"13:37:23,4207875","Condor.exe","10428","CreateFile","C:\Windows\SysWOW64\msimg32.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"13:37:23,4208536","Condor.exe","10428","QueryBasicInformationFile","C:\Windows\SysWOW64\msimg32.dll","SUCCESS","CreationTime: 29.09.2017 14:42:14, LastAccessTime: 29.09.2017 14:42:14, LastWriteTime: 29.09.2017 14:42:14, ChangeTime: 19.01.2018 04:59:38, FileAttributes: A"
"13:37:23,4208654","Condor.exe","10428","CloseFile","C:\Windows\SysWOW64\msimg32.dll","SUCCESS",""
"13:37:23,4209607","Condor.exe","10428","CreateFile","C:\Windows\SysWOW64\msimg32.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"13:37:23,4210045","Condor.exe","10428","CreateFileMapping","C:\Windows\SysWOW64\msimg32.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READ"
"13:37:23,4210266","Condor.exe","10428","CreateFileMapping","C:\Windows\SysWOW64\msimg32.dll","SUCCESS","SyncType: SyncTypeOther"
"13:37:23,4211090","Condor.exe","10428","Load Image","C:\Windows\SysWOW64\msimg32.dll","SUCCESS","Image Base: 0x743b0000, Image Size: 0x6000"
"13:37:23,4211277","Condor.exe","10428","QueryNameInformationFile","C:\Windows\SysWOW64\msimg32.dll","BUFFER OVERFLOW","Name: \Windo"
"13:37:23,4211419","Condor.exe","10428","QueryNameInformationFile","C:\Windows\SysWOW64\msimg32.dll","SUCCESS","Name: \Windows\SysWOW64\msimg32.dll"
"13:37:23,4211977","Condor.exe","10428","CloseFile","C:\Windows\SysWOW64\msimg32.dll","SUCCESS",""
"13:37:23,4212632","Condor.exe","10428","QueryOpen","E:\Program Files (x86)\ASUS\ASUS MultiFrame\OLEACC.dll","NAME NOT FOUND",""
"13:37:23,4214594","Condor.exe","10428","CreateFile","C:\Windows\SysWOW64\oleacc.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"13:37:23,4215337","Condor.exe","10428","QueryBasicInformationFile","C:\Windows\SysWOW64\oleacc.dll","SUCCESS","CreationTime: 29.09.2017 14:42:23, LastAccessTime: 29.09.2017 14:42:23, LastWriteTime: 29.09.2017 14:42:23, ChangeTime: 19.01.2018 04:59:39, FileAttributes: A"
"13:37:23,4215452","Condor.exe","10428","CloseFile","C:\Windows\SysWOW64\oleacc.dll","SUCCESS",""
"13:37:23,4216460","Condor.exe","10428","CreateFile","C:\Windows\SysWOW64\oleacc.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"13:37:23,4216922","Condor.exe","10428","CreateFileMapping","C:\Windows\SysWOW64\oleacc.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READ"
"13:37:23,4217145","Condor.exe","10428","CreateFileMapping","C:\Windows\SysWOW64\oleacc.dll","SUCCESS","SyncType: SyncTypeOther"
"13:37:23,4217791","Condor.exe","10428","Load Image","C:\Windows\SysWOW64\oleacc.dll","SUCCESS","Image Base: 0x72ba0000, Image Size: 0x56000"
"13:37:23,4217984","Condor.exe","10428","QueryNameInformationFile","C:\Windows\SysWOW64\oleacc.dll","BUFFER OVERFLOW","Name: \Windo"
"13:37:23,4218126","Condor.exe","10428","QueryNameInformationFile","C:\Windows\SysWOW64\oleacc.dll","SUCCESS","Name: \Windows\SysWOW64\oleacc.dll"
"13:37:23,4218857","Condor.exe","10428","CloseFile","C:\Windows\SysWOW64\oleacc.dll","SUCCESS",""
"13:37:23,4220493","Condor.exe","10428","CreateFile","C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.16299.248_none_8e66fbc1026df8ab\GdiPlus.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"13:37:23,4220780","Condor.exe","10428","QueryBasicInformationFile","C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.16299.248_none_8e66fbc1026df8ab\GdiPlus.dll","SUCCESS","CreationTime: 14.02.2018 01:31:20, LastAccessTime: 14.02.2018 01:31:20, LastWriteTime: 10.02.2018 05:46:22, ChangeTime: 14.02.2018 01:34:27, FileAttributes: A"
"13:37:23,4220888","Condor.exe","10428","CloseFile","C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.16299.248_none_8e66fbc1026df8ab\GdiPlus.dll","SUCCESS",""
"13:37:23,4222280","Condor.exe","10428","CreateFile","C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.16299.248_none_8e66fbc1026df8ab\GdiPlus.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"13:37:23,4222679","Condor.exe","10428","CreateFileMapping","C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.16299.248_none_8e66fbc1026df8ab\GdiPlus.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READ"
"13:37:23,4222905","Condor.exe","10428","CreateFileMapping","C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.16299.248_none_8e66fbc1026df8ab\GdiPlus.dll","SUCCESS","SyncType: SyncTypeOther"
"13:37:23,4223545","Condor.exe","10428","Load Image","C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.16299.248_none_8e66fbc1026df8ab\GdiPlus.dll","SUCCESS","Image Base: 0x739d0000, Image Size: 0x16b000"
"13:37:23,4223811","Condor.exe","10428","QueryNameInformationFile","C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.16299.248_none_8e66fbc1026df8ab\GdiPlus.dll","BUFFER OVERFLOW","Name: \Windo"
"13:37:23,4223965","Condor.exe","10428","QueryNameInformationFile","C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.16299.248_none_8e66fbc1026df8ab\GdiPlus.dll","SUCCESS","Name: \Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.16299.248_none_8e66fbc1026df8ab\GdiPlus.dll"
"13:37:23,4224683","Condor.exe","10428","CloseFile","C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.16299.248_none_8e66fbc1026df8ab\GdiPlus.dll","SUCCESS",""
"13:37:23,4228233","Condor.exe","10428","QueryOpen","E:\Condor2\OLEACCRC.DLL","NAME NOT FOUND",""
"13:37:23,4229969","Condor.exe","10428","CreateFile","C:\Windows\SysWOW64\oleaccrc.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"13:37:23,4230787","Condor.exe","10428","QueryBasicInformationFile","C:\Windows\SysWOW64\oleaccrc.dll","SUCCESS","CreationTime: 29.09.2017 14:42:22, LastAccessTime: 29.09.2017 14:42:22, LastWriteTime: 29.09.2017 14:42:22, ChangeTime: 19.01.2018 04:59:39, FileAttributes: A"
"13:37:23,4230926","Condor.exe","10428","CloseFile","C:\Windows\SysWOW64\oleaccrc.dll","SUCCESS",""
"13:37:23,4232148","Condor.exe","10428","CreateFile","C:\Windows\SysWOW64\oleaccrc.dll","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"13:37:23,4232662","Condor.exe","10428","CreateFileMapping","C:\Windows\SysWOW64\oleaccrc.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READ"
"13:37:23,4232779","Condor.exe","10428","QueryStandardInformationFile","C:\Windows\SysWOW64\oleaccrc.dll","SUCCESS","AllocationSize: 8 192, EndOfFile: 4 608, NumberOfLinks: 2, DeletePending: False, Directory: False"
"13:37:23,4232963","Condor.exe","10428","CreateFileMapping","C:\Windows\SysWOW64\oleaccrc.dll","SUCCESS","SyncType: SyncTypeOther"
"13:37:23,4233289","Condor.exe","10428","CloseFile","C:\Windows\SysWOW64\oleaccrc.dll","SUCCESS",""
"13:37:23,4233893","Condor.exe","10428","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Control\Session Manager","REPARSE","Desired Access: Query Value, Enumerate Sub Keys"
"13:37:23,4234026","Condor.exe","10428","RegOpenKey","HKLM\System\CurrentControlSet\Control\Session Manager","SUCCESS","Desired Access: Query Value, Enumerate Sub Keys"
"13:37:23,4234153","Condor.exe","10428","RegSetInfoKey","HKLM\System\CurrentControlSet\Control\Session Manager","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"13:37:23,4234225","Condor.exe","10428","RegQueryValue","HKLM\System\CurrentControlSet\Control\Session Manager\ResourcePolicies","NAME NOT FOUND","Length: 24"
"13:37:23,4234337","Condor.exe","10428","RegCloseKey","HKLM\System\CurrentControlSet\Control\Session Manager","SUCCESS",""
"13:37:23,4243227","Condor.exe","10428","RegOpenKey","HKCU","SUCCESS","Desired Access: Read"
"13:37:23,4243426","Condor.exe","10428","RegCloseKey","HKCU","SUCCESS",""
"13:37:23,4243565","Condor.exe","10428","RegOpenKey","HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows","SUCCESS","Desired Access: Read"
"13:37:23,4243713","Condor.exe","10428","RegSetInfoKey","HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"13:37:23,4243783","Condor.exe","10428","RegQueryValue","HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\DragMinDist","NAME NOT FOUND","Length: 16"
"13:37:23,4243891","Condor.exe","10428","RegCloseKey","HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows","SUCCESS",""
"13:37:23,4244226","Condor.exe","10428","RegOpenKey","HKCU","SUCCESS","Desired Access: Read"
"13:37:23,4244350","Condor.exe","10428","RegCloseKey","HKCU","SUCCESS",""
"13:37:23,4244450","Condor.exe","10428","RegOpenKey","HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows","SUCCESS","Desired Access: Read"
"13:37:23,4244546","Condor.exe","10428","RegSetInfoKey","HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"13:37:23,4244613","Condor.exe","10428","RegQueryValue","HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\DragDelay","NAME NOT FOUND","Length: 16"
"13:37:23,4244703","Condor.exe","10428","RegCloseKey","HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows","SUCCESS",""
"13:37:23,4262526","Condor.exe","10428","CreateFile","C:\Windows\SysWOW64\dwmapi.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"13:37:23,4263193","Condor.exe","10428","QueryBasicInformationFile","C:\Windows\SysWOW64\dwmapi.dll","SUCCESS","CreationTime: 29.09.2017 14:42:16, LastAccessTime: 29.09.2017 14:42:16, LastWriteTime: 29.09.2017 14:42:16, ChangeTime: 19.01.2018 04:59:35, FileAttributes: A"
"13:37:23,4263308","Condor.exe","10428","CloseFile","C:\Windows\SysWOW64\dwmapi.dll","SUCCESS",""
"13:37:23,4264256","Condor.exe","10428","CreateFile","C:\Windows\SysWOW64\dwmapi.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"13:37:23,4264711","Condor.exe","10428","CreateFileMapping","C:\Windows\SysWOW64\dwmapi.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READ"
"13:37:23,4264932","Condor.exe","10428","CreateFileMapping","C:\Windows\SysWOW64\dwmapi.dll","SUCCESS","SyncType: SyncTypeOther"
"13:37:23,4265677","Condor.exe","10428","Load Image","C:\Windows\SysWOW64\dwmapi.dll","SUCCESS","Image Base: 0x707b0000, Image Size: 0x23000"
"13:37:23,4265886","Condor.exe","10428","QueryNameInformationFile","C:\Windows\SysWOW64\dwmapi.dll","BUFFER OVERFLOW","Name: \Windo"
"13:37:23,4266025","Condor.exe","10428","QueryNameInformationFile","C:\Windows\SysWOW64\dwmapi.dll","SUCCESS","Name: \Windows\SysWOW64\dwmapi.dll"
"13:37:23,4266737","Condor.exe","10428","CloseFile","C:\Windows\SysWOW64\dwmapi.dll","SUCCESS",""
"13:37:23,4269765","Condor.exe","10428","CreateFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"13:37:23,4270027","Condor.exe","10428","QueryBasicInformationFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","CreationTime: 14.02.2018 01:31:21, LastAccessTime: 14.02.2018 01:31:21, LastWriteTime: 10.02.2018 06:22:00, ChangeTime: 14.02.2018 02:22:35, FileAttributes: A"
"13:37:23,4270127","Condor.exe","10428","CloseFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS",""
"13:37:23,4274915","Condor.exe","10428","QueryOpen","E:\Condor2\Condor.exe","SUCCESS","CreationTime: 26.02.2018 13:33:12, LastAccessTime: 26.02.2018 13:33:12, LastWriteTime: 20.02.2018 19:43:12, ChangeTime: 26.02.2018 13:34:54, AllocationSize: 3 809 280, EndOfFile: 3 806 280, FileAttributes: A"
"13:37:23,4280050","Condor.exe","10428","QueryOpen","E:\Condor2\Condor.exe","SUCCESS","CreationTime: 26.02.2018 13:33:12, LastAccessTime: 26.02.2018 13:33:12, LastWriteTime: 20.02.2018 19:43:12, ChangeTime: 26.02.2018 13:34:54, AllocationSize: 3 809 280, EndOfFile: 3 806 280, FileAttributes: A"
"13:37:23,4283062","Condor.exe","10428","RegOpenKey","HKLM\System\CurrentControlSet\Control\CMF\Config","REPARSE","Desired Access: Read"
"13:37:23,4283268","Condor.exe","10428","RegOpenKey","HKLM\System\CurrentControlSet\Control\CMF\Config","SUCCESS","Desired Access: Read"
"13:37:23,4283455","Condor.exe","10428","RegSetInfoKey","HKLM\System\CurrentControlSet\Control\CMF\Config","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"13:37:23,4283551","Condor.exe","10428","RegQueryValue","HKLM\System\CurrentControlSet\Control\CMF\Config\SYSTEM","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"13:37:23,4283684","Condor.exe","10428","RegCloseKey","HKLM\System\CurrentControlSet\Control\CMF\Config","SUCCESS",""
"13:37:23,4284557","Condor.exe","10428","CreateFile","C:\Windows\SysWOW64\fr-FR\user32.dll.mui","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"13:37:23,4285607","Condor.exe","10428","CreateFileMapping","C:\Windows\SysWOW64\fr-FR\user32.dll.mui","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READ"
"13:37:23,4285725","Condor.exe","10428","QueryStandardInformationFile","C:\Windows\SysWOW64\fr-FR\user32.dll.mui","SUCCESS","AllocationSize: 20 480, EndOfFile: 19 968, NumberOfLinks: 4, DeletePending: False, Directory: False"
"13:37:23,4285894","Condor.exe","10428","CreateFileMapping","C:\Windows\System32\fr-FR\user32.dll.mui","SUCCESS","SyncType: SyncTypeOther"
"13:37:23,4287370","Condor.exe","10428","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\Sorting\Versions\000602xx","SUCCESS","Type: REG_SZ, Length: 26, Data: kernel32.dll"
"13:37:23,4288502","Condor.exe","10428","CreateFile","C:\Windows\Globalization\Sorting\SortDefault.nls","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, AllocationSize: n/a, OpenResult: Opened"
"13:37:23,4288928","Condor.exe","10428","CreateFileMapping","C:\Windows\Globalization\Sorting\SortDefault.nls","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READ|PAGE_NOCACHE"
"13:37:23,4289015","Condor.exe","10428","QueryStandardInformationFile","C:\Windows\Globalization\Sorting\SortDefault.nls","SUCCESS","AllocationSize: 3 371 008, EndOfFile: 3 368 788, NumberOfLinks: 2, DeletePending: False, Directory: False"
"13:37:23,4289172","Condor.exe","10428","CreateFileMapping","C:\Windows\Globalization\Sorting\SortDefault.nls","SUCCESS","SyncType: SyncTypeOther"
"13:37:23,4289453","Condor.exe","10428","CloseFile","C:\Windows\Globalization\Sorting\SortDefault.nls","SUCCESS",""
"13:37:23,4289951","Condor.exe","10428","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\Sorting\Ids","REPARSE","Desired Access: Read"
"13:37:23,4290063","Condor.exe","10428","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\Sorting\Ids","SUCCESS","Desired Access: Read"
"13:37:23,4290180","Condor.exe","10428","RegSetInfoKey","HKLM\System\CurrentControlSet\Control\Nls\Sorting\Ids","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"13:37:23,4290238","Condor.exe","10428","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\Sorting\Ids\fr-CH","NAME NOT FOUND","Length: 90"
"13:37:23,4290325","Condor.exe","10428","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\Sorting\Ids\fr","SUCCESS","Type: REG_SZ, Length: 78, Data: {00000003-57EE-1E5C-00B4-D0000BB1E11E}"
"13:37:23,4291998","Condor.exe","10428","CreateFile","C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.16299.248_none_d0271d135f36f548\comctl32.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"13:37:23,4292233","Condor.exe","10428","QueryBasicInformationFile","C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.16299.248_none_d0271d135f36f548\comctl32.dll","SUCCESS","CreationTime: 14.02.2018 01:31:18, LastAccessTime: 14.02.2018 01:31:18, LastWriteTime: 10.02.2018 06:05:40, ChangeTime: 14.02.2018 01:34:27, FileAttributes: A"
"13:37:23,4292324","Condor.exe","10428","CloseFile","C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.16299.248_none_d0271d135f36f548\comctl32.dll","SUCCESS",""
"13:37:23,4293549","Condor.exe","10428","QueryOpen","E:\Condor2\D3DXOF.DLL","NAME NOT FOUND",""
"13:37:23,4295267","Condor.exe","10428","CreateFile","C:\Windows\SysWOW64\d3dxof.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"13:37:23,4295913","Condor.exe","10428","QueryBasicInformationFile","C:\Windows\SysWOW64\d3dxof.dll","SUCCESS","CreationTime: 29.09.2017 14:42:14, LastAccessTime: 29.09.2017 14:42:14, LastWriteTime: 29.09.2017 14:42:14, ChangeTime: 19.01.2018 04:59:34, FileAttributes: A"
"13:37:23,4296070","Condor.exe","10428","CloseFile","C:\Windows\SysWOW64\d3dxof.dll","SUCCESS",""
"13:37:23,4297000","Condor.exe","10428","CreateFile","C:\Windows\SysWOW64\d3dxof.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"13:37:23,4297453","Condor.exe","10428","CreateFileMapping","C:\Windows\SysWOW64\d3dxof.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READ|PAGE_NOCACHE"
"13:37:23,4297860","Condor.exe","10428","CreateFileMapping","C:\Windows\SysWOW64\d3dxof.dll","SUCCESS","SyncType: SyncTypeOther"
"13:37:23,4298560","Condor.exe","10428","Load Image","C:\Windows\SysWOW64\d3dxof.dll","SUCCESS","Image Base: 0x50050000, Image Size: 0x14000"
"13:37:23,4298772","Condor.exe","10428","QueryNameInformationFile","C:\Windows\SysWOW64\d3dxof.dll","BUFFER OVERFLOW","Name: \Windo"
"13:37:23,4298899","Condor.exe","10428","QueryNameInformationFile","C:\Windows\SysWOW64\d3dxof.dll","SUCCESS","Name: \Windows\SysWOW64\d3dxof.dll"
"13:37:23,4299548","Condor.exe","10428","CloseFile","C:\Windows\SysWOW64\d3dxof.dll","SUCCESS",""
"13:37:23,4300918","Condor.exe","10428","QueryOpen","E:\Condor2\DSound.dll","NAME NOT FOUND",""
"13:37:23,4302690","Condor.exe","10428","CreateFile","C:\Windows\SysWOW64\dsound.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"13:37:23,4303297","Condor.exe","10428","QueryBasicInformationFile","C:\Windows\SysWOW64\dsound.dll","SUCCESS","CreationTime: 29.09.2017 14:42:09, LastAccessTime: 29.09.2017 14:42:09, LastWriteTime: 29.09.2017 14:42:09, ChangeTime: 19.01.2018 04:59:35, FileAttributes: A"
"13:37:23,4303393","Condor.exe","10428","CloseFile","C:\Windows\SysWOW64\dsound.dll","SUCCESS",""
"13:37:23,4304474","Condor.exe","10428","CreateFile","C:\Windows\SysWOW64\dsound.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"13:37:23,4304915","Condor.exe","10428","CreateFileMapping","C:\Windows\SysWOW64\dsound.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READ|PAGE_NOCACHE"
"13:37:23,4305135","Condor.exe","10428","CreateFileMapping","C:\Windows\SysWOW64\dsound.dll","SUCCESS","SyncType: SyncTypeOther"
"13:37:23,4305905","Condor.exe","10428","Load Image","C:\Windows\SysWOW64\dsound.dll","SUCCESS","Image Base: 0x6a270000, Image Size: 0x80000"
"13:37:23,4306089","Condor.exe","10428","QueryNameInformationFile","C:\Windows\SysWOW64\dsound.dll","BUFFER OVERFLOW","Name: \Windo"
"13:37:23,4306216","Condor.exe","10428","QueryNameInformationFile","C:\Windows\SysWOW64\dsound.dll","SUCCESS","Name: \Windows\SysWOW64\dsound.dll"
"13:37:23,4307433","Condor.exe","10428","CloseFile","C:\Windows\SysWOW64\dsound.dll","SUCCESS",""
"13:37:23,4310116","Condor.exe","10428","CreateFile","C:\Windows\SysWOW64\rpcss.dll","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"13:37:23,4315166","Condor.exe","10428","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\SideBySide\AssemblyStorageRoots","NAME NOT FOUND","Desired Access: Enumerate Sub Keys"
"13:37:23,4315927","Condor.exe","10428","QueryOpen","E:\Condor2\Condor.exe.Local","NAME NOT FOUND",""
"13:37:23,4316942","Condor.exe","10428","CreateFile","C:\Windows\WinSxS\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.16299.248_fr-fr_88b538db7ed62f3c","SUCCESS","Desired Access: Execute/Traverse, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"13:37:23,4318074","Condor.exe","10428","CreateFile","C:\Windows\WinSxS\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.16299.248_fr-fr_88b538db7ed62f3c\comctl32.dll.mui","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"13:37:23,4318505","Condor.exe","10428","CreateFileMapping","C:\Windows\WinSxS\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.16299.248_fr-fr_88b538db7ed62f3c\comctl32.dll.mui","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READ|PAGE_NOCACHE"
"13:37:23,4318599","Condor.exe","10428","QueryStandardInformationFile","C:\Windows\WinSxS\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.16299.248_fr-fr_88b538db7ed62f3c\comctl32.dll.mui","SUCCESS","AllocationSize: 8 192, EndOfFile: 6 144, NumberOfLinks: 2, DeletePending: False, Directory: False"
"13:37:23,4318738","Condor.exe","10428","CreateFileMapping","C:\Windows\WinSxS\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.16299.248_fr-fr_88b538db7ed62f3c\comctl32.dll.mui","SUCCESS","SyncType: SyncTypeOther"
"13:37:23,4320066","Condor.exe","10428","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"13:37:23,4320126","Condor.exe","10428","RegQueryKey","HKLM","SUCCESS","Query: Name"
"13:37:23,4320250","Condor.exe","10428","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions","SUCCESS","Desired Access: Read"
"13:37:23,4320443","Condor.exe","10428","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"13:37:23,4320733","Condor.exe","10428","RegQueryKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions","SUCCESS","Query: HandleTags, HandleTags: 0x400"
"13:37:23,4320793","Condor.exe","10428","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}","SUCCESS","Desired Access: Read"
"13:37:23,4320959","Condor.exe","10428","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions","SUCCESS",""
"13:37:23,4321035","Condor.exe","10428","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\Category","SUCCESS","Type: REG_DWORD, Length: 4, Data: 4"
"13:37:23,4321101","Condor.exe","10428","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\Name","SUCCESS","Type: REG_SZ, Length: 16, Data: Desktop"
"13:37:23,4321165","Condor.exe","10428","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\ParentFolder","NAME NOT FOUND","Length: 144"
"13:37:23,4321219","Condor.exe","10428","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\Description","NAME NOT FOUND","Length: 144"
"13:37:23,4321295","Condor.exe","10428","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\RelativePath","SUCCESS","Type: REG_SZ, Length: 16, Data: Desktop"
"13:37:23,4321458","Condor.exe","10428","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\ParsingName","NAME NOT FOUND","Length: 144"
"13:37:23,4321536","Condor.exe","10428","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\InfoTip","NAME NOT FOUND","Length: 144"
"13:37:23,4321590","Condor.exe","10428","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\LocalizedName","SUCCESS","Type: REG_EXPAND_SZ, Length: 84, Data: @%SystemRoot%\system32\shell32.dll,-21769"
"13:37:23,4321657","Condor.exe","10428","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\Icon","SUCCESS","Type: REG_EXPAND_SZ, Length: 80, Data: %SystemRoot%\system32\imageres.dll,-183"
"13:37:23,4321714","Condor.exe","10428","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\Security","NAME NOT FOUND","Length: 144"
"13:37:23,4321762","Condor.exe","10428","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\StreamResource","NAME NOT FOUND","Length: 144"
"13:37:23,4321811","Condor.exe","10428","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\StreamResourceType","NAME NOT FOUND","Length: 144"
"13:37:23,4321859","Condor.exe","10428","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\LocalRedirectOnly","NAME NOT FOUND","Length: 144"
"13:37:23,4321901","Condor.exe","10428","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\Roamable","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1"
"13:37:23,4321950","Condor.exe","10428","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\PreCreate","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1"
"13:37:23,4322001","Condor.exe","10428","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\Stream","NAME NOT FOUND","Length: 144"
"13:37:23,4322149","Condor.exe","10428","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\PublishExpandedPath","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1"
"13:37:23,4322230","Condor.exe","10428","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\DefinitionFlags","NAME NOT FOUND","Length: 144"
"13:37:23,4322285","Condor.exe","10428","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\Attributes","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1"
"13:37:23,4322330","Condor.exe","10428","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\FolderTypeID","NAME NOT FOUND","Length: 144"
"13:37:23,4322378","Condor.exe","10428","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\InitFolderHandler","NAME NOT FOUND","Length: 144"
"13:37:23,4322547","Condor.exe","10428","RegQueryKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}","SUCCESS","Query: HandleTags, HandleTags: 0x400"
"13:37:23,4322617","Condor.exe","10428","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\PropertyBag","SUCCESS","Desired Access: Read"
"13:37:23,4322816","Condor.exe","10428","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}","SUCCESS",""
"13:37:23,4323344","Condor.exe","10428","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"13:37:23,4323399","Condor.exe","10428","RegQueryKey","HKCU","SUCCESS","Query: Name"
"13:37:23,4323492","Condor.exe","10428","RegOpenKey","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer","SUCCESS","Desired Access: Query Value"
"13:37:23,4323619","Condor.exe","10428","RegSetInfoKey","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"13:37:23,4323697","Condor.exe","10428","RegQueryKey","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer","SUCCESS","Query: HandleTags, HandleTags: 0x400"
"13:37:23,4323755","Condor.exe","10428","RegOpenKey","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1","SUCCESS","Desired Access: Query Value"
"13:37:23,4323876","Condor.exe","10428","RegQueryKey","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1","SUCCESS","Query: HandleTags, HandleTags: 0x400"
"13:37:23,4323921","Condor.exe","10428","RegOpenKey","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\KnownFolders","NAME NOT FOUND","Desired Access: Query Value"
"13:37:23,4324057","Condor.exe","10428","RegCloseKey","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1","SUCCESS",""
"13:37:23,4324177","Condor.exe","10428","RegOpenKey","HKCU","SUCCESS","Desired Access: Read"
"13:37:23,4324277","Condor.exe","10428","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"13:37:23,4324319","Condor.exe","10428","RegQueryKey","HKCU","SUCCESS","Query: Name"
"13:37:23,4324389","Condor.exe","10428","RegOpenKey","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders","SUCCESS","Desired Access: Read"
"13:37:23,4324485","Condor.exe","10428","RegSetInfoKey","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"13:37:23,4324561","Condor.exe","10428","RegCloseKey","HKCU","SUCCESS",""
"13:37:23,4324663","Condor.exe","10428","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Desktop","SUCCESS","Type: REG_EXPAND_SZ, Length: 44, Data: %USERPROFILE%\Desktop"
"13:37:23,4325050","Condor.exe","10428","RegCloseKey","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders","SUCCESS",""
"13:37:23,4326411","Condor.exe","10428","CreateFile","C:\Users\Michel.DESKTOP-T5RJH6O\Desktop","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"13:37:23,4326662","Condor.exe","10428","QueryBasicInformationFile","C:\Users\Michel.DESKTOP-T5RJH6O\Desktop","SUCCESS","CreationTime: 19.01.2018 05:11:13, LastAccessTime: 26.02.2018 13:29:28, LastWriteTime: 26.02.2018 13:29:28, ChangeTime: 26.02.2018 13:29:28, FileAttributes: RD"
"13:37:23,4326752","Condor.exe","10428","CloseFile","C:\Users\Michel.DESKTOP-T5RJH6O\Desktop","SUCCESS",""
"13:37:23,4327018","Condor.exe","10428","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"13:37:23,4327069","Condor.exe","10428","RegQueryKey","HKLM","SUCCESS","Query: Name"
"13:37:23,4327181","Condor.exe","10428","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\KnownFolderSettings","NAME NOT FOUND","Desired Access: Query Value"
"13:37:23,4327450","Condor.exe","10428","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"13:37:23,4327498","Condor.exe","10428","RegQueryKey","HKLM","SUCCESS","Query: Name"
"13:37:23,4327580","Condor.exe","10428","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\KnownFolderSettings","NAME NOT FOUND","Desired Access: Query Value"
"13:37:23,4328355","Condor.exe","10428","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"13:37:23,4328401","Condor.exe","10428","RegQueryKey","HKLM","SUCCESS","Query: Name"
"13:37:23,4328491","Condor.exe","10428","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\Explorer","REPARSE","Desired Access: Query Value"
"13:37:23,4328651","Condor.exe","10428","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer","SUCCESS","Desired Access: Query Value"
"13:37:23,4328757","Condor.exe","10428","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"13:37:23,4328829","Condor.exe","10428","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoPropertiesMyComputer","NAME NOT FOUND","Length: 144"
"13:37:23,4328935","Condor.exe","10428","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer","SUCCESS",""
"13:37:23,4329022","Condor.exe","10428","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"13:37:23,4329071","Condor.exe","10428","RegQueryKey","HKCU","SUCCESS","Query: Name"
"13:37:23,4329152","Condor.exe","10428","RegOpenKey","HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer","SUCCESS","Desired Access: Query Value"
"13:37:23,4329249","Condor.exe","10428","RegSetInfoKey","HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"13:37:23,4329297","Condor.exe","10428","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoPropertiesMyComputer","NAME NOT FOUND","Length: 144"
"13:37:23,4329373","Condor.exe","10428","RegCloseKey","HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer","SUCCESS",""
"13:37:23,4329451","Condor.exe","10428","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"13:37:23,4329493","Condor.exe","10428","RegQueryKey","HKLM","SUCCESS","Query: Name"
"13:37:23,4329572","Condor.exe","10428","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\Explorer","REPARSE","Desired Access: Query Value"
"13:37:23,4329702","Condor.exe","10428","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer","SUCCESS","Desired Access: Query Value"
"13:37:23,4329771","Condor.exe","10428","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"13:37:23,4329816","Condor.exe","10428","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoPropertiesRecycleBin","NAME NOT FOUND","Length: 144"
"13:37:23,4329895","Condor.exe","10428","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer","SUCCESS",""
"13:37:23,4329964","Condor.exe","10428","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"13:37:23,4330010","Condor.exe","10428","RegQueryKey","HKCU","SUCCESS","Query: Name"
"13:37:23,4330112","Condor.exe","10428","RegOpenKey","HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer","SUCCESS","Desired Access: Query Value"
"13:37:23,4330281","Condor.exe","10428","RegSetInfoKey","HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"13:37:23,4330342","Condor.exe","10428","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoPropertiesRecycleBin","NAME NOT FOUND","Length: 144"
"13:37:23,4330450","Condor.exe","10428","RegCloseKey","HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer","SUCCESS",""
"13:37:23,4331736","Condor.exe","10428","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"13:37:23,4331791","Condor.exe","10428","RegQueryKey","HKLM","SUCCESS","Query: Name"
"13:37:23,4331902","Condor.exe","10428","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\Explorer","REPARSE","Desired Access: Query Value"
"13:37:23,4332093","Condor.exe","10428","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer","SUCCESS","Desired Access: Query Value"
"13:37:23,4332186","Condor.exe","10428","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"13:37:23,4332240","Condor.exe","10428","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoControlPanel","NAME NOT FOUND","Length: 144"
"13:37:23,4332340","Condor.exe","10428","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer","SUCCESS",""
"13:37:23,4332428","Condor.exe","10428","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"13:37:23,4332479","Condor.exe","10428","RegQueryKey","HKCU","SUCCESS","Query: Name"
"13:37:23,4332563","Condor.exe","10428","RegOpenKey","HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer","SUCCESS","Desired Access: Query Value"
"13:37:23,4332648","Condor.exe","10428","RegSetInfoKey","HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"13:37:23,4332696","Condor.exe","10428","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoControlPanel","NAME NOT FOUND","Length: 144"
"13:37:23,4332775","Condor.exe","10428","RegCloseKey","HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer","SUCCESS",""
"13:37:23,4332865","Condor.exe","10428","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"13:37:23,4332914","Condor.exe","10428","RegQueryKey","HKLM","SUCCESS","Query: Name"
"13:37:23,4332992","Condor.exe","10428","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\Explorer","REPARSE","Desired Access: Query Value"
"13:37:23,4333125","Condor.exe","10428","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer","SUCCESS","Desired Access: Query Value"
"13:37:23,4333194","Condor.exe","10428","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"13:37:23,4333240","Condor.exe","10428","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetFolders","NAME NOT FOUND","Length: 144"
"13:37:23,4333315","Condor.exe","10428","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer","SUCCESS",""
"13:37:23,4333385","Condor.exe","10428","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"13:37:23,4333430","Condor.exe","10428","RegQueryKey","HKCU","SUCCESS","Query: Name"
"13:37:23,4333499","Condor.exe","10428","RegOpenKey","HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer","SUCCESS","Desired Access: Query Value"
"13:37:23,4333575","Condor.exe","10428","RegSetInfoKey","HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"13:37:23,4333617","Condor.exe","10428","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetFolders","NAME NOT FOUND","Length: 144"
"13:37:23,4333683","Condor.exe","10428","RegCloseKey","HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer","SUCCESS",""
"13:37:23,4333765","Condor.exe","10428","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"13:37:23,4333807","Condor.exe","10428","RegQueryKey","HKLM","SUCCESS","Query: Name"
"13:37:23,4333883","Condor.exe","10428","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\Explorer","REPARSE","Desired Access: Query Value"
"13:37:23,4334003","Condor.exe","10428","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer","SUCCESS","Desired Access: Query Value"
"13:37:23,4334070","Condor.exe","10428","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"13:37:23,4334115","Condor.exe","10428","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoInternetIcon","NAME NOT FOUND","Length: 144"
"13:37:23,4334188","Condor.exe","10428","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer","SUCCESS",""
"13:37:23,4334254","Condor.exe","10428","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"13:37:23,4334299","Condor.exe","10428","RegQueryKey","HKCU","SUCCESS","Query: Name"
"13:37:23,4334366","Condor.exe","10428","RegOpenKey","HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer","SUCCESS","Desired Access: Query Value"
"13:37:23,4334438","Condor.exe","10428","RegSetInfoKey","HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"13:37:23,4334492","Condor.exe","10428","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoInternetIcon","NAME NOT FOUND","Length: 144"
"13:37:23,4334559","Condor.exe","10428","RegCloseKey","HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer","SUCCESS",""
"13:37:23,4334785","Condor.exe","10428","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"13:37:23,4334846","Condor.exe","10428","RegQueryKey","HKLM","SUCCESS","Query: Name"
"13:37:23,4334969","Condor.exe","10428","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellCompatibility\Applications\Condor.exe","NAME NOT FOUND","Desired Access: Query Value, Enumerate Sub Keys"
"13:37:23,4335404","Condor.exe","10428","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"13:37:23,4335449","Condor.exe","10428","RegQueryKey","HKLM","SUCCESS","Query: Name"
"13:37:23,4335546","Condor.exe","10428","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace","SUCCESS","Desired Access: Query Value"
"13:37:23,4335676","Condor.exe","10428","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"13:37:23,4335748","Condor.exe","10428","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\ValidateRegItems","NAME NOT FOUND","Length: 144"
"13:37:23,4335860","Condor.exe","10428","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace","SUCCESS",""
"13:37:23,4335935","Condor.exe","10428","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"13:37:23,4335978","Condor.exe","10428","RegQueryKey","HKLM","SUCCESS","Query: Name"
"13:37:23,4336059","Condor.exe","10428","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace","SUCCESS","Desired Access: Query Value"
"13:37:23,4336162","Condor.exe","10428","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"13:37:23,4336213","Condor.exe","10428","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\MonitorRegistry","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1"
"13:37:23,4336301","Condor.exe","10428","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace","SUCCESS",""
"13:37:23,4336660","Condor.exe","10428","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"13:37:23,4336708","Condor.exe","10428","RegQueryKey","HKLM","SUCCESS","Query: Name"
"13:37:23,4336796","Condor.exe","10428","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\Explorer","REPARSE","Desired Access: Query Value"
"13:37:23,4336953","Condor.exe","10428","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer","SUCCESS","Desired Access: Query Value"
"13:37:23,4337028","Condor.exe","10428","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"13:37:23,4337076","Condor.exe","10428","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoCommonGroups","NAME NOT FOUND","Length: 144"
"13:37:23,4337164","Condor.exe","10428","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer","SUCCESS",""
"13:37:23,4337246","Condor.exe","10428","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"13:37:23,4337291","Condor.exe","10428","RegQueryKey","HKCU","SUCCESS","Query: Name"
"13:37:23,4337369","Condor.exe","10428","RegOpenKey","HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer","SUCCESS","Desired Access: Query Value"
"13:37:23,4337454","Condor.exe","10428","RegSetInfoKey","HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"13:37:23,4337499","Condor.exe","10428","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoCommonGroups","NAME NOT FOUND","Length: 144"
"13:37:23,4337572","Condor.exe","10428","RegCloseKey","HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer","SUCCESS",""
"13:37:23,4338851","Condor.exe","10428","QueryOpen","E:\Condor2\DInput8.dll","NAME NOT FOUND",""
"13:37:23,4340219","Condor.exe","10428","CreateFile","C:\Windows\SysWOW64\dinput8.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"13:37:23,4340853","Condor.exe","10428","QueryBasicInformationFile","C:\Windows\SysWOW64\dinput8.dll","SUCCESS","CreationTime: 29.09.2017 14:42:14, LastAccessTime: 29.09.2017 14:42:14, LastWriteTime: 29.09.2017 14:42:14, ChangeTime: 19.01.2018 04:59:34, FileAttributes: A"
"13:37:23,4340953","Condor.exe","10428","CloseFile","C:\Windows\SysWOW64\dinput8.dll","SUCCESS",""
"13:37:23,4341816","Condor.exe","10428","CreateFile","C:\Windows\SysWOW64\dinput8.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"13:37:23,4342235","Condor.exe","10428","CreateFileMapping","C:\Windows\SysWOW64\dinput8.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READ|PAGE_NOCACHE"
"13:37:23,4342429","Condor.exe","10428","CreateFileMapping","C:\Windows\SysWOW64\dinput8.dll","SUCCESS","SyncType: SyncTypeOther"
"13:37:23,4343144","Condor.exe","10428","Load Image","C:\Windows\SysWOW64\dinput8.dll","SUCCESS","Image Base: 0x60f20000, Image Size: 0x38000"
"13:37:23,4343325","Condor.exe","10428","QueryNameInformationFile","C:\Windows\SysWOW64\dinput8.dll","BUFFER OVERFLOW","Name: \Windo"
"13:37:23,4343449","Condor.exe","10428","QueryNameInformationFile","C:\Windows\SysWOW64\dinput8.dll","SUCCESS","Name: \Windows\SysWOW64\dinput8.dll"
"13:37:23,4344457","Condor.exe","10428","CloseFile","C:\Windows\SysWOW64\dinput8.dll","SUCCESS",""
"13:37:23,4345197","Condor.exe","10428","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\63ec1c5f-7672-4db1-9db0-98a4531cc134","NAME NOT FOUND","Length: 524"
"13:37:23,4346157","Condor.exe","10428","Thread Create","","SUCCESS","Thread ID: 3308"
"13:37:23,4346836","Condor.exe","10428","QueryOpen","E:\Condor2\Wship6.dll","NAME NOT FOUND",""
"13:37:23,4348533","Condor.exe","10428","CreateFile","C:\Windows\SysWOW64\wship6.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"13:37:23,4349188","Condor.exe","10428","QueryBasicInformationFile","C:\Windows\SysWOW64\wship6.dll","SUCCESS","CreationTime: 29.09.2017 14:42:14, LastAccessTime: 29.09.2017 14:42:14, LastWriteTime: 29.09.2017 14:42:14, ChangeTime: 19.01.2018 04:59:44, FileAttributes: A"
"13:37:23,4349290","Condor.exe","10428","CloseFile","C:\Windows\SysWOW64\wship6.dll","SUCCESS",""
"13:37:23,4350664","Condor.exe","10428","CreateFile","C:\Windows\SysWOW64\wship6.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"13:37:23,4351101","Condor.exe","10428","CreateFileMapping","C:\Windows\SysWOW64\wship6.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READ|PAGE_NOCACHE"
"13:37:23,4351292","Condor.exe","10428","CreateFileMapping","C:\Windows\SysWOW64\wship6.dll","SUCCESS","SyncType: SyncTypeOther"
"13:37:23,4351944","Condor.exe","10428","Load Image","C:\Windows\SysWOW64\wship6.dll","SUCCESS","Image Base: 0x6f5f0000, Image Size: 0x7000"
"13:37:23,4352134","Condor.exe","10428","QueryNameInformationFile","C:\Windows\SysWOW64\wship6.dll","BUFFER OVERFLOW","Name: \Windo"
"13:37:23,4352264","Condor.exe","10428","QueryNameInformationFile","C:\Windows\SysWOW64\wship6.dll","SUCCESS","Name: \Windows\SysWOW64\wship6.dll"
"13:37:23,4352873","Condor.exe","10428","CloseFile","C:\Windows\SysWOW64\wship6.dll","SUCCESS",""
"13:37:23,4355409","Condor.exe","10428","CreateFile","C:\Windows\SysWOW64\InputHost.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"13:37:23,4355937","Condor.exe","10428","QueryBasicInformationFile","C:\Windows\SysWOW64\InputHost.dll","SUCCESS","CreationTime: 29.09.2017 14:42:11, LastAccessTime: 29.09.2017 14:42:11, LastWriteTime: 29.09.2017 14:42:11, ChangeTime: 19.01.2018 04:59:36, FileAttributes: A"
"13:37:23,4356028","Condor.exe","10428","CloseFile","C:\Windows\SysWOW64\InputHost.dll","SUCCESS",""
"13:37:23,4356873","Condor.exe","10428","CreateFile","C:\Windows\SysWOW64\InputHost.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"

Partager le fichier

Télécharger Condor.exe.CSV

Télécharger le fichier (4.7 Mo)