Information concernant les Cookies et services Web tiers
Nos partenaires et nous-mêmes utilisons différentes technologies, telles que les cookies, pour personnaliser les contenus et les publicités, proposer des fonctionnalités sur les réseaux sociaux et analyser le trafic. Merci de cliquer sur le bouton ci-dessous pour donner votre accord. Vous pouvez changer d’avis et modifier vos choix à tout moment. Informations RGPD
Condor.exe.CSV
À propos
- Type de fichier
- Fichier CSV de 4.7 Mo (text/plain)
- Confidentialité
- Fichier public, envoyé le 26 février 2018 à 14:04, depuis l'adresse IP 178.38.x.x (CH)
- Sécurité
- Ne contient aucun Virus ou Malware connus - Dernière vérification: 03/06/19
- Statistiques
- La présente page de téléchargement a été vue 927 fois depuis l'envoi du fichier
- Page de téléchargement
Aperçu du fichier
"Time of Day","Process Name","PID","Operation","Path","Result","Detail"
"13:37:23,2745118","Condor.exe","10428","Process Start","","SUCCESS","Parent PID: 8308, Command line: ""E:\Condor2\Condor.exe"" , Current directory: E:\Condor2\, Environment:
; =::=::\
; ALLUSERSPROFILE=C:\ProgramData
; APPDATA=C:\Users\Michel.DESKTOP-T5RJH6O\AppData\Roaming
; asl.log=Destination=file
; CommonProgramFiles=C:\Program Files\Common Files
; CommonProgramFiles(x86)=C:\Program Files (x86)\Common Files
; CommonProgramW6432=C:\Program Files\Common Files
; COMPUTERNAME=DESKTOP-T5RJH6O
; ComSpec=C:\WINDOWS\system32\cmd.exe
; FPS_BROWSER_APP_PROFILE_STRING=Internet Explorer
; FPS_BROWSER_USER_PROFILE_STRING=Default
; HOMEDRIVE=C:
; HOMEPATH=\Users\Michel.DESKTOP-T5RJH6O
; LOCALAPPDATA=C:\Users\Michel.DESKTOP-T5RJH6O\AppData\Local
; LOGONSERVER=\\DESKTOP-T5RJH6O
; NUMBER_OF_PROCESSORS=4
; OneDrive=C:\Users\Michel.DESKTOP-T5RJH6O\OneDrive
; OS=Windows_NT
; Path=C:\Program Files (x86)\PC Connectivity Solution\;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files (x86)\Calibre2\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;e:\Program Files (x86)\GNU\GnuPG\pub;E:\Program Files (x86)\Skype\Phone\;E:\Program Files (x86)\AOMEI Backupper;C:\Users\Michel.DESKTOP-T5RJH6O\AppData\Local\Microsoft\WindowsApps;
; PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
; PROCESSOR_ARCHITECTURE=AMD64
; PROCESSOR_IDENTIFIER=Intel64 Family 6 Model 60 Stepping 3, GenuineIntel
; PROCESSOR_LEVEL=6
; PROCESSOR_REVISION=3c03
; ProgramData=C:\ProgramData
; ProgramFiles=C:\Program Files
; ProgramFiles(x86)=C:\Program Files (x86)
; ProgramW6432=C:\Program Files
; PSModulePath=C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\
; PUBLIC=C:\Users\Public
; SESSIONNAME=Console
; SystemDrive=C:
; SystemRoot=C:\WINDOWS
; TEMP=C:\Users\Michel.DESKTOP-T5RJH6O\AppData\Local\Temp
; TMP=C:\Users\Michel.DESKTOP-T5RJH6O\AppData\Local\Temp
; USERDOMAIN=DESKTOP-T5RJH6O
; USERDOMAIN_ROAMINGPROFILE=DESKTOP-T5RJH6O
; USERNAME=Michel
; USERPROFILE=C:\Users\Michel.DESKTOP-T5RJH6O
; windir=C:\WINDOWS
; _JAVA_OPTIONS=-Xmx512M"
"13:37:23,2745172","Condor.exe","10428","Thread Create","","SUCCESS","Thread ID: 14240"
"13:37:23,2892254","Condor.exe","10428","Load Image","E:\Condor2\Condor.exe","SUCCESS","Image Base: 0x400000, Image Size: 0x3d3000"
"13:37:23,2892722","Condor.exe","10428","Load Image","C:\Windows\System32\ntdll.dll","SUCCESS","Image Base: 0x7ffb71c70000, Image Size: 0x1e0000"
"13:37:23,2893057","Condor.exe","10428","Load Image","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Image Base: 0x779b0000, Image Size: 0x18d000"
"13:37:23,2894261","Condor.exe","10428","CreateFile","C:\Windows\Prefetch\CONDOR.EXE-D54B91FE.pf","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Attributes: n/a, ShareMode: None, AllocationSize: n/a, OpenResult: Opened"
"13:37:23,2911362","Condor.exe","10428","QueryStandardInformationFile","C:\Windows\Prefetch\CONDOR.EXE-D54B91FE.pf","SUCCESS","AllocationSize: 16 384, EndOfFile: 12 740, NumberOfLinks: 1, DeletePending: False, Directory: False"
"13:37:23,2911637","Condor.exe","10428","ReadFile","C:\Windows\Prefetch\CONDOR.EXE-D54B91FE.pf","SUCCESS","Offset: 0, Length: 12 740, Priority: Normal"
"13:37:23,2913316","Condor.exe","10428","CloseFile","C:\Windows\Prefetch\CONDOR.EXE-D54B91FE.pf","SUCCESS",""
"13:37:23,3845693","Condor.exe","10428","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Segment Heap","REPARSE","Desired Access: Query Value"
"13:37:23,3845865","Condor.exe","10428","RegOpenKey","HKLM\System\CurrentControlSet\Control\Session Manager\Segment Heap","NAME NOT FOUND","Desired Access: Query Value"
"13:37:23,3846267","Condor.exe","10428","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Control\Session Manager","REPARSE","Desired Access: Query Value, Enumerate Sub Keys"
"13:37:23,3846348","Condor.exe","10428","RegOpenKey","HKLM\System\CurrentControlSet\Control\Session Manager","SUCCESS","Desired Access: Query Value, Enumerate Sub Keys"
"13:37:23,3846475","Condor.exe","10428","RegQueryValue","HKLM\System\CurrentControlSet\Control\Session Manager\ResourcePolicies","NAME NOT FOUND","Length: 24"
"13:37:23,3846581","Condor.exe","10428","RegCloseKey","HKLM\System\CurrentControlSet\Control\Session Manager","SUCCESS",""
"13:37:23,3848993","Condor.exe","10428","CreateFile","C:\Windows","SUCCESS","Desired Access: Execute/Traverse, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"13:37:23,3852869","Condor.exe","10428","Load Image","C:\Windows\System32\wow64.dll","SUCCESS","Image Base: 0x6c240000, Image Size: 0x51000"
"13:37:23,3853663","Condor.exe","10428","Load Image","C:\Windows\System32\wow64win.dll","SUCCESS","Image Base: 0x6c2a0000, Image Size: 0x76000"
"13:37:23,3856494","Condor.exe","10428","CreateFile","C:\Windows\System32\wow64log.dll","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"13:37:23,3857723","Condor.exe","10428","Load Image","C:\Windows\System32\kernel32.dll","SUCCESS","Image Base: 0x27f0000, Image Size: 0xae000"
"13:37:23,3858444","Condor.exe","10428","Load Image","C:\Windows\SysWOW64\kernel32.dll","SUCCESS","Image Base: 0x76ac0000, Image Size: 0xd0000"
"13:37:23,3859057","Condor.exe","10428","Load Image","C:\Windows\System32\user32.dll","SUCCESS","Image Base: 0x2950000, Image Size: 0x18f000"
"13:37:23,3859878","Condor.exe","10428","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"13:37:23,3860189","Condor.exe","10428","QueryNameInformationFile","C:\Windows","SUCCESS","Name: \Windows"
"13:37:23,3860313","Condor.exe","10428","CloseFile","C:\Windows","SUCCESS",""
"13:37:23,3860630","Condor.exe","10428","RegOpenKey","HKLM\Software\Microsoft\Wow64\x86","SUCCESS","Desired Access: Read"
"13:37:23,3860929","Condor.exe","10428","RegQueryValue","HKLM\SOFTWARE\Microsoft\Wow64\x86\Condor.exe","NAME NOT FOUND","Length: 520"
"13:37:23,3860980","Condor.exe","10428","RegQueryValue","HKLM\SOFTWARE\Microsoft\Wow64\x86\(Default)","SUCCESS","Type: REG_SZ, Length: 26, Data: wow64cpu.dll"
"13:37:23,3861059","Condor.exe","10428","RegCloseKey","HKLM\SOFTWARE\Microsoft\Wow64\x86","SUCCESS",""
"13:37:23,3861620","Condor.exe","10428","Load Image","C:\Windows\System32\wow64cpu.dll","SUCCESS","Image Base: 0x6c230000, Image Size: 0xa000"
"13:37:23,3863326","Condor.exe","10428","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Segment Heap","REPARSE","Desired Access: Query Value"
"13:37:23,3863437","Condor.exe","10428","RegOpenKey","HKLM\System\CurrentControlSet\Control\Session Manager\Segment Heap","NAME NOT FOUND","Desired Access: Query Value"
"13:37:23,3863788","Condor.exe","10428","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Control\Session Manager","REPARSE","Desired Access: Query Value, Enumerate Sub Keys"
"13:37:23,3863854","Condor.exe","10428","RegOpenKey","HKLM\System\CurrentControlSet\Control\Session Manager","SUCCESS","Desired Access: Query Value, Enumerate Sub Keys"
"13:37:23,3863948","Condor.exe","10428","RegSetInfoKey","HKLM\System\CurrentControlSet\Control\Session Manager","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"13:37:23,3863999","Condor.exe","10428","RegQueryValue","HKLM\System\CurrentControlSet\Control\Session Manager\ResourcePolicies","NAME NOT FOUND","Length: 24"
"13:37:23,3864080","Condor.exe","10428","RegCloseKey","HKLM\System\CurrentControlSet\Control\Session Manager","SUCCESS",""
"13:37:23,3866139","Condor.exe","10428","CreateFile","E:\Condor2","SUCCESS","Desired Access: Execute/Traverse, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"13:37:23,3867069","Condor.exe","10428","Load Image","C:\Windows\SysWOW64\kernel32.dll","SUCCESS","Image Base: 0x76ac0000, Image Size: 0xd0000"
"13:37:23,3868122","Condor.exe","10428","Load Image","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","Image Base: 0x771a0000, Image Size: 0x1d7000"
"13:37:23,3873161","Condor.exe","10428","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\3c74afb9-8d82-44e3-b52c-365dbf48382a","NAME NOT FOUND","Length: 524"
"13:37:23,3873689","Condor.exe","10428","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\05f95efe-7f75-49c7-a994-60a55cc09571","NAME NOT FOUND","Length: 524"
"13:37:23,3874124","Condor.exe","10428","RegOpenKey","HKLM\System\CurrentControlSet\Control\Terminal Server","REPARSE","Desired Access: Read"
"13:37:23,3874220","Condor.exe","10428","RegOpenKey","HKLM\System\CurrentControlSet\Control\Terminal Server","SUCCESS","Desired Access: Read"
"13:37:23,3874326","Condor.exe","10428","RegSetInfoKey","HKLM\System\CurrentControlSet\Control\Terminal Server","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"13:37:23,3874380","Condor.exe","10428","RegQueryValue","HKLM\System\CurrentControlSet\Control\Terminal Server\TSAppCompat","NAME NOT FOUND","Length: 548"
"13:37:23,3874438","Condor.exe","10428","RegQueryValue","HKLM\System\CurrentControlSet\Control\Terminal Server\TSUserEnabled","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"13:37:23,3874513","Condor.exe","10428","RegCloseKey","HKLM\System\CurrentControlSet\Control\Terminal Server","SUCCESS",""
"13:37:23,3876062","Condor.exe","10428","CreateFile","C:\Program Files\Bitdefender\Bitdefender 2017\atcuf\263239525519876350\atcuf32.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"13:37:23,3877236","Condor.exe","10428","QueryBasicInformationFile","C:\Program Files\Bitdefender\Bitdefender 2017\atcuf\263239525519876350\atcuf32.dll","SUCCESS","CreationTime: 26.02.2018 04:32:41, LastAccessTime: 26.02.2018 04:32:41, LastWriteTime: 01.02.2018 17:31:20, ChangeTime: 02.02.2018 07:09:36, FileAttributes: A"
"13:37:23,3877336","Condor.exe","10428","CloseFile","C:\Program Files\Bitdefender\Bitdefender 2017\atcuf\263239525519876350\atcuf32.dll","SUCCESS",""
"13:37:23,3878181","Condor.exe","10428","CreateFile","C:\Program Files\Bitdefender\Bitdefender 2017\atcuf\263239525519876350\atcuf32.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"13:37:23,3878552","Condor.exe","10428","CreateFileMapping","C:\Program Files\Bitdefender\Bitdefender 2017\atcuf\263239525519876350\atcuf32.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READ|PAGE_NOCACHE"
"13:37:23,3878857","Condor.exe","10428","CreateFileMapping","C:\Program Files\Bitdefender\Bitdefender 2017\atcuf\263239525519876350\atcuf32.dll","SUCCESS","SyncType: SyncTypeOther"
"13:37:23,3879361","Condor.exe","10428","Load Image","C:\Program Files\Bitdefender\Bitdefender 2017\atcuf\263239525519876350\atcuf32.dll","SUCCESS","Image Base: 0x73940000, Image Size: 0x8d000"
"13:37:23,3880167","Condor.exe","10428","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Control\Nls\CustomLocale","REPARSE","Desired Access: Query Value"
"13:37:23,3880279","Condor.exe","10428","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","Desired Access: Query Value"
"13:37:23,3880406","Condor.exe","10428","RegSetInfoKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"13:37:23,3880463","Condor.exe","10428","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale\EMPTY","NAME NOT FOUND","Length: 120"
"13:37:23,3880563","Condor.exe","10428","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale\EMPTY","NAME NOT FOUND","Length: 120"
"13:37:23,3881064","Condor.exe","10428","RegOpenKey","HKLM\System\CurrentControlSet\Control\NLS\Language","REPARSE","Desired Access: Read"
"13:37:23,3881166","Condor.exe","10428","RegOpenKey","HKLM\System\CurrentControlSet\Control\NLS\Language","SUCCESS","Desired Access: Read"
"13:37:23,3881354","Condor.exe","10428","RegSetInfoKey","HKLM\System\CurrentControlSet\Control\Nls\Language","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"13:37:23,3881420","Condor.exe","10428","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\Language\InstallLanguageFallback","BUFFER OVERFLOW","Length: 16"
"13:37:23,3881565","Condor.exe","10428","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\Language","SUCCESS",""
"13:37:23,3881683","Condor.exe","10428","RegOpenKey","HKLM\System\CurrentControlSet\Control\MUI\UILanguages","REPARSE","Desired Access: Read"
"13:37:23,3881761","Condor.exe","10428","RegOpenKey","HKLM\System\CurrentControlSet\Control\MUI\UILanguages","SUCCESS","Desired Access: Read"
"13:37:23,3881855","Condor.exe","10428","RegSetInfoKey","HKLM\System\CurrentControlSet\Control\MUI\UILanguages","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"13:37:23,3881906","Condor.exe","10428","RegEnumKey","HKLM\System\CurrentControlSet\Control\MUI\UILanguages","SUCCESS","Index: 0, Name: fr-FR"
"13:37:23,3881997","Condor.exe","10428","RegQueryKey","HKLM\System\CurrentControlSet\Control\MUI\UILanguages","SUCCESS","Query: HandleTags, HandleTags: 0x400"
"13:37:23,3882054","Condor.exe","10428","RegOpenKey","HKLM\System\CurrentControlSet\Control\MUI\UILanguages\fr-FR","SUCCESS","Desired Access: Read"
"13:37:23,3882144","Condor.exe","10428","RegQueryValue","HKLM\System\CurrentControlSet\Control\MUI\UILanguages\fr-FR\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: 146"
"13:37:23,3882314","Condor.exe","10428","RegQueryValue","HKLM\System\CurrentControlSet\Control\MUI\UILanguages\fr-FR\DefaultFallback","SUCCESS","Type: REG_SZ, Length: 12, Data: en-US"
"13:37:23,3882362","Condor.exe","10428","RegQueryValue","HKLM\System\CurrentControlSet\Control\MUI\UILanguages\fr-FR\en-US","SUCCESS","Type: REG_MULTI_SZ, Length: 4, Data: "
"13:37:23,3882437","Condor.exe","10428","RegEnumValue","HKLM\System\CurrentControlSet\Control\MUI\UILanguages\fr-FR","SUCCESS","Index: 0, Name: DefaultFallback, Type: REG_SZ, Length: 12, Data: en-US"
"13:37:23,3882486","Condor.exe","10428","RegEnumValue","HKLM\System\CurrentControlSet\Control\MUI\UILanguages\fr-FR","SUCCESS","Index: 1, Name: en-US, Type: REG_MULTI_SZ, Length: 4, Data: "
"13:37:23,3882528","Condor.exe","10428","RegEnumValue","HKLM\System\CurrentControlSet\Control\MUI\UILanguages\fr-FR","SUCCESS","Index: 2, Name: LCID, Type: REG_DWORD, Length: 4, Data: 1036"
"13:37:23,3882600","Condor.exe","10428","RegEnumValue","HKLM\System\CurrentControlSet\Control\MUI\UILanguages\fr-FR","SUCCESS","Index: 3, Name: Type, Type: REG_DWORD, Length: 4, Data: 146"
"13:37:23,3882721","Condor.exe","10428","RegEnumValue","HKLM\System\CurrentControlSet\Control\MUI\UILanguages\fr-FR","NO MORE ENTRIES","Index: 4, Length: 512"
"13:37:23,3882800","Condor.exe","10428","RegQueryValue","HKLM\System\CurrentControlSet\Control\MUI\UILanguages\fr-FR\AlternateCodePage","NAME NOT FOUND","Length: 12"
"13:37:23,3882878","Condor.exe","10428","RegCloseKey","HKLM\System\CurrentControlSet\Control\MUI\UILanguages\fr-FR","SUCCESS",""
"13:37:23,3882941","Condor.exe","10428","RegEnumKey","HKLM\System\CurrentControlSet\Control\MUI\UILanguages","NO MORE ENTRIES","Index: 1, Length: 512"
"13:37:23,3882999","Condor.exe","10428","RegCloseKey","HKLM\System\CurrentControlSet\Control\MUI\UILanguages","SUCCESS",""
"13:37:23,3883144","Condor.exe","10428","RegOpenKey","HKLM\System\CurrentControlSet\Control\MUI\UILanguages\PendingDelete","REPARSE","Desired Access: Read"
"13:37:23,3883222","Condor.exe","10428","RegOpenKey","HKLM\System\CurrentControlSet\Control\MUI\UILanguages\PendingDelete","NAME NOT FOUND","Desired Access: Read"
"13:37:23,3883385","Condor.exe","10428","RegOpenKey","HKLM\Software\WOW6432Node\Policies\Microsoft\MUI\Settings","REPARSE","Desired Access: Read"
"13:37:23,3883606","Condor.exe","10428","RegOpenKey","HKLM\SOFTWARE\Policies\Microsoft\MUI\Settings","NAME NOT FOUND","Desired Access: Read"
"13:37:23,3883820","Condor.exe","10428","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"13:37:23,3884052","Condor.exe","10428","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"13:37:23,3884104","Condor.exe","10428","RegQueryKey","HKCU","SUCCESS","Query: Name"
"13:37:23,3884179","Condor.exe","10428","RegOpenKey","HKCU\Control Panel\Desktop\MuiCached\MachineLanguageConfiguration","NAME NOT FOUND","Desired Access: Read"
"13:37:23,3884297","Condor.exe","10428","RegOpenKey","HKLM\System\CurrentControlSet\Control\MUI\Settings\LanguageConfiguration","REPARSE","Desired Access: Read"
"13:37:23,3884360","Condor.exe","10428","RegOpenKey","HKLM\System\CurrentControlSet\Control\MUI\Settings\LanguageConfiguration","SUCCESS","Desired Access: Read"
"13:37:23,3884454","Condor.exe","10428","RegSetInfoKey","HKLM\System\CurrentControlSet\Control\MUI\Settings\LanguageConfiguration","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"13:37:23,3884499","Condor.exe","10428","RegEnumValue","HKLM\System\CurrentControlSet\Control\MUI\Settings\LanguageConfiguration","NO MORE ENTRIES","Index: 0, Length: 512"
"13:37:23,3884565","Condor.exe","10428","RegCloseKey","HKLM\System\CurrentControlSet\Control\MUI\Settings\LanguageConfiguration","SUCCESS",""
"13:37:23,3884626","Condor.exe","10428","RegCloseKey","HKCU","SUCCESS",""
"13:37:23,3884713","Condor.exe","10428","RegOpenKey","HKLM\Software\WOW6432Node\Policies\Microsoft\MUI\Settings","REPARSE","Desired Access: Read"
"13:37:23,3884837","Condor.exe","10428","RegOpenKey","HKLM\SOFTWARE\Policies\Microsoft\MUI\Settings","NAME NOT FOUND","Desired Access: Read"
"13:37:23,3884973","Condor.exe","10428","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"13:37:23,3885106","Condor.exe","10428","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"13:37:23,3885154","Condor.exe","10428","RegQueryKey","HKCU","SUCCESS","Query: Name"
"13:37:23,3885224","Condor.exe","10428","RegOpenKey","HKCU\Software\Policies\Microsoft\Control Panel\Desktop","NAME NOT FOUND","Desired Access: Read"
"13:37:23,3885335","Condor.exe","10428","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"13:37:23,3885378","Condor.exe","10428","RegQueryKey","HKCU","SUCCESS","Query: Name"
"13:37:23,3885444","Condor.exe","10428","RegOpenKey","HKCU\Control Panel\Desktop\LanguageConfiguration","SUCCESS","Desired Access: Read"
"13:37:23,3885535","Condor.exe","10428","RegSetInfoKey","HKCU\Control Panel\Desktop\LanguageConfiguration","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"13:37:23,3885580","Condor.exe","10428","RegEnumValue","HKCU\Control Panel\Desktop\LanguageConfiguration","NO MORE ENTRIES","Index: 0, Length: 512"
"13:37:23,3885637","Condor.exe","10428","RegCloseKey","HKCU\Control Panel\Desktop\LanguageConfiguration","SUCCESS",""
"13:37:23,3885685","Condor.exe","10428","RegCloseKey","HKCU","SUCCESS",""
"13:37:23,3885761","Condor.exe","10428","RegOpenKey","HKLM\Software\WOW6432Node\Policies\Microsoft\MUI\Settings","REPARSE","Desired Access: Read"
"13:37:23,3885870","Condor.exe","10428","RegOpenKey","HKLM\SOFTWARE\Policies\Microsoft\MUI\Settings","NAME NOT FOUND","Desired Access: Read"
"13:37:23,3885999","Condor.exe","10428","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"13:37:23,3886114","Condor.exe","10428","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"13:37:23,3886159","Condor.exe","10428","RegQueryKey","HKCU","SUCCESS","Query: Name"
"13:37:23,3886223","Condor.exe","10428","RegOpenKey","HKCU\Software\Policies\Microsoft\Control Panel\Desktop","NAME NOT FOUND","Desired Access: Read"
"13:37:23,3886307","Condor.exe","10428","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"13:37:23,3886350","Condor.exe","10428","RegQueryKey","HKCU","SUCCESS","Query: Name"
"13:37:23,3886413","Condor.exe","10428","RegOpenKey","HKCU\Control Panel\Desktop","SUCCESS","Desired Access: Read"
"13:37:23,3886485","Condor.exe","10428","RegSetInfoKey","HKCU\Control Panel\Desktop","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"13:37:23,3886534","Condor.exe","10428","RegQueryValue","HKCU\Control Panel\Desktop\PreferredUILanguages","BUFFER OVERFLOW","Length: 12"
"13:37:23,3886615","Condor.exe","10428","RegQueryValue","HKCU\Control Panel\Desktop\PreferredUILanguages","SUCCESS","Type: REG_MULTI_SZ, Length: 12, Data: fr-FR"
"13:37:23,3886697","Condor.exe","10428","RegCloseKey","HKCU\Control Panel\Desktop","SUCCESS",""
"13:37:23,3886748","Condor.exe","10428","RegCloseKey","HKCU","SUCCESS",""
"13:37:23,3886824","Condor.exe","10428","RegOpenKey","HKLM\Software\WOW6432Node\Policies\Microsoft\MUI\Settings","REPARSE","Desired Access: Read"
"13:37:23,3887002","Condor.exe","10428","RegOpenKey","HKLM\SOFTWARE\Policies\Microsoft\MUI\Settings","NAME NOT FOUND","Desired Access: Read"
"13:37:23,3887273","Condor.exe","10428","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"13:37:23,3887454","Condor.exe","10428","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"13:37:23,3887509","Condor.exe","10428","RegQueryKey","HKCU","SUCCESS","Query: Name"
"13:37:23,3887590","Condor.exe","10428","RegOpenKey","HKCU\Control Panel\Desktop\MuiCached","SUCCESS","Desired Access: Read"
"13:37:23,3887702","Condor.exe","10428","RegSetInfoKey","HKCU\Control Panel\Desktop\MuiCached","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"13:37:23,3887759","Condor.exe","10428","RegQueryValue","HKCU\Control Panel\Desktop\MuiCached\MachinePreferredUILanguages","BUFFER OVERFLOW","Length: 12"
"13:37:23,3887814","Condor.exe","10428","RegQueryValue","HKCU\Control Panel\Desktop\MuiCached\MachinePreferredUILanguages","SUCCESS","Type: REG_MULTI_SZ, Length: 12, Data: fr-FR"
"13:37:23,3887898","Condor.exe","10428","RegCloseKey","HKCU\Control Panel\Desktop\MuiCached","SUCCESS",""
"13:37:23,3887953","Condor.exe","10428","RegCloseKey","HKCU","SUCCESS",""
"13:37:23,3888638","Condor.exe","10428","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\SideBySide","NAME NOT FOUND","Desired Access: Read"
"13:37:23,3889622","Condor.exe","10428","CreateFile","C:\Program Files\Bitdefender\Bitdefender 2017\atcuf\263239525519876350\atcuf32.dll","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"13:37:23,3890066","Condor.exe","10428","QueryBasicInformationFile","C:\Program Files\Bitdefender\Bitdefender 2017\atcuf\263239525519876350\atcuf32.dll","SUCCESS","CreationTime: 26.02.2018 04:32:41, LastAccessTime: 26.02.2018 04:32:41, LastWriteTime: 01.02.2018 17:31:20, ChangeTime: 02.02.2018 07:09:36, FileAttributes: A"
"13:37:23,3890875","Condor.exe","10428","CloseFile","C:\Program Files\Bitdefender\Bitdefender 2017\atcuf\263239525519876350\atcuf32.dll","SUCCESS",""
"13:37:23,3891877","Condor.exe","10428","CloseFile","C:\Program Files\Bitdefender\Bitdefender 2017\atcuf\263239525519876350\atcuf32.dll","SUCCESS",""
"13:37:23,3896272","Condor.exe","10428","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Control\Session Manager","REPARSE","Desired Access: Query Value, Enumerate Sub Keys"
"13:37:23,3896375","Condor.exe","10428","RegOpenKey","HKLM\System\CurrentControlSet\Control\Session Manager","SUCCESS","Desired Access: Query Value, Enumerate Sub Keys"
"13:37:23,3896474","Condor.exe","10428","RegSetInfoKey","HKLM\System\CurrentControlSet\Control\Session Manager","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"13:37:23,3896532","Condor.exe","10428","RegQueryValue","HKLM\System\CurrentControlSet\Control\Session Manager\ResourcePolicies","NAME NOT FOUND","Length: 24"
"13:37:23,3896613","Condor.exe","10428","RegCloseKey","HKLM\System\CurrentControlSet\Control\Session Manager","SUCCESS",""
"13:37:23,3902430","Condor.exe","10428","RegOpenKey","HKLM\System\CurrentControlSet\Control\SafeBoot\Option","REPARSE","Desired Access: Query Value, Set Value"
"13:37:23,3902536","Condor.exe","10428","RegOpenKey","HKLM\System\CurrentControlSet\Control\SafeBoot\Option","NAME NOT FOUND","Desired Access: Query Value, Set Value"
"13:37:23,3902654","Condor.exe","10428","RegOpenKey","HKLM\System\CurrentControlSet\Control\Srp\GP\DLL","REPARSE","Desired Access: Read"
"13:37:23,3902799","Condor.exe","10428","RegOpenKey","HKLM\System\CurrentControlSet\Control\Srp\GP\DLL","NAME NOT FOUND","Desired Access: Read"
"13:37:23,3902968","Condor.exe","10428","RegOpenKey","HKLM\Software\WOW6432Node\Policies\Microsoft\Windows\Safer\CodeIdentifiers","REPARSE","Desired Access: Query Value"
"13:37:23,3903122","Condor.exe","10428","RegOpenKey","HKLM\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers","SUCCESS","Desired Access: Query Value"
"13:37:23,3903248","Condor.exe","10428","RegSetInfoKey","HKLM\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"13:37:23,3903303","Condor.exe","10428","RegQueryValue","HKLM\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\TransparentEnabled","NAME NOT FOUND","Length: 80"
"13:37:23,3903408","Condor.exe","10428","RegCloseKey","HKLM\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers","SUCCESS",""
"13:37:23,3903538","Condor.exe","10428","RegOpenKey","HKCU\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers","NAME NOT FOUND","Desired Access: Query Value"
"13:37:23,3903728","Condor.exe","10428","RegOpenKey","HKLM\System\CurrentControlSet\Control\FileSystem\","REPARSE","Desired Access: Read"
"13:37:23,3903795","Condor.exe","10428","RegOpenKey","HKLM\System\CurrentControlSet\Control\FileSystem","SUCCESS","Desired Access: Read"
"13:37:23,3903873","Condor.exe","10428","RegSetInfoKey","HKLM\System\CurrentControlSet\Control\FileSystem","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"13:37:23,3903925","Condor.exe","10428","RegQueryValue","HKLM\System\CurrentControlSet\Control\FileSystem\LongPathsEnabled","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"13:37:23,3904018","Condor.exe","10428","RegCloseKey","HKLM\System\CurrentControlSet\Control\FileSystem","SUCCESS",""
"13:37:23,3904869","Condor.exe","10428","Load Image","C:\Windows\SysWOW64\oleaut32.dll","SUCCESS","Image Base: 0x75010000, Image Size: 0x93000"
"13:37:23,3905078","Condor.exe","10428","QueryNameInformationFile","C:\Windows\SysWOW64\oleaut32.dll","BUFFER OVERFLOW","Name: \Windo"
"13:37:23,3905226","Condor.exe","10428","QueryNameInformationFile","C:\Windows\SysWOW64\oleaut32.dll","SUCCESS","Name: \Windows\SysWOW64\oleaut32.dll"
"13:37:23,3906134","Condor.exe","10428","Load Image","C:\Windows\SysWOW64\msvcp_win.dll","SUCCESS","Image Base: 0x745e0000, Image Size: 0x7c000"
"13:37:23,3906370","Condor.exe","10428","QueryNameInformationFile","C:\Windows\SysWOW64\msvcp_win.dll","BUFFER OVERFLOW","Name: \Windo"
"13:37:23,3906497","Condor.exe","10428","QueryNameInformationFile","C:\Windows\SysWOW64\msvcp_win.dll","SUCCESS","Name: \Windows\SysWOW64\msvcp_win.dll"
"13:37:23,3907257","Condor.exe","10428","Load Image","C:\Windows\SysWOW64\ucrtbase.dll","SUCCESS","Image Base: 0x74be0000, Image Size: 0x117000"
"13:37:23,3907378","Condor.exe","10428","QueryNameInformationFile","C:\Windows\SysWOW64\ucrtbase.dll","BUFFER OVERFLOW","Name: \Windo"
"13:37:23,3907511","Condor.exe","10428","QueryNameInformationFile","C:\Windows\SysWOW64\ucrtbase.dll","SUCCESS","Name: \Windows\SysWOW64\ucrtbase.dll"
"13:37:23,3908749","Condor.exe","10428","Load Image","C:\Windows\SysWOW64\combase.dll","SUCCESS","Image Base: 0x76860000, Image Size: 0x246000"
"13:37:23,3908924","Condor.exe","10428","QueryNameInformationFile","C:\Windows\SysWOW64\combase.dll","BUFFER OVERFLOW","Name: \Windo"
"13:37:23,3909029","Condor.exe","10428","QueryNameInformationFile","C:\Windows\SysWOW64\combase.dll","SUCCESS","Name: \Windows\SysWOW64\combase.dll"
"13:37:23,3909853","Condor.exe","10428","Load Image","C:\Windows\SysWOW64\rpcrt4.dll","SUCCESS","Image Base: 0x74f50000, Image Size: 0xbe000"
"13:37:23,3910035","Condor.exe","10428","QueryNameInformationFile","C:\Windows\SysWOW64\rpcrt4.dll","BUFFER OVERFLOW","Name: \Windo"
"13:37:23,3910140","Condor.exe","10428","QueryNameInformationFile","C:\Windows\SysWOW64\rpcrt4.dll","SUCCESS","Name: \Windows\SysWOW64\rpcrt4.dll"
"13:37:23,3911158","Condor.exe","10428","Load Image","C:\Windows\SysWOW64\sspicli.dll","SUCCESS","Image Base: 0x743d0000, Image Size: 0x20000"
"13:37:23,3911305","Condor.exe","10428","QueryNameInformationFile","C:\Windows\SysWOW64\sspicli.dll","BUFFER OVERFLOW","Name: \Windo"
"13:37:23,3911411","Condor.exe","10428","QueryNameInformationFile","C:\Windows\SysWOW64\sspicli.dll","SUCCESS","Name: \Windows\SysWOW64\sspicli.dll"
"13:37:23,3912157","Condor.exe","10428","Load Image","C:\Windows\SysWOW64\cryptbase.dll","SUCCESS","Image Base: 0x743c0000, Image Size: 0xa000"
"13:37:23,3912299","Condor.exe","10428","QueryNameInformationFile","C:\Windows\SysWOW64\cryptbase.dll","BUFFER OVERFLOW","Name: \Windo"
"13:37:23,3912404","Condor.exe","10428","QueryNameInformationFile","C:\Windows\SysWOW64\cryptbase.dll","SUCCESS","Name: \Windows\SysWOW64\cryptbase.dll"
"13:37:23,3913141","Condor.exe","10428","Load Image","C:\Windows\SysWOW64\bcryptprimitives.dll","SUCCESS","Image Base: 0x76b90000, Image Size: 0x57000"
"13:37:23,3913289","Condor.exe","10428","QueryNameInformationFile","C:\Windows\SysWOW64\bcryptprimitives.dll","BUFFER OVERFLOW","Name: \Windo"
"13:37:23,3913394","Condor.exe","10428","QueryNameInformationFile","C:\Windows\SysWOW64\bcryptprimitives.dll","SUCCESS","Name: \Windows\SysWOW64\bcryptprimitives.dll"
"13:37:23,3914074","Condor.exe","10428","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Control\Session Manager","REPARSE","Desired Access: Query Value, Enumerate Sub Keys"
"13:37:23,3914167","Condor.exe","10428","RegOpenKey","HKLM\System\CurrentControlSet\Control\Session Manager","SUCCESS","Desired Access: Query Value, Enumerate Sub Keys"
"13:37:23,3914261","Condor.exe","10428","RegSetInfoKey","HKLM\System\CurrentControlSet\Control\Session Manager","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"13:37:23,3914315","Condor.exe","10428","RegQueryValue","HKLM\System\CurrentControlSet\Control\Session Manager\ResourcePolicies","NAME NOT FOUND","Length: 24"
"13:37:23,3914400","Condor.exe","10428","RegCloseKey","HKLM\System\CurrentControlSet\Control\Session Manager","SUCCESS",""
"13:37:23,3914952","Condor.exe","10428","Load Image","C:\Windows\SysWOW64\sechost.dll","SUCCESS","Image Base: 0x76470000, Image Size: 0x43000"
"13:37:23,3915124","Condor.exe","10428","QueryNameInformationFile","C:\Windows\SysWOW64\sechost.dll","BUFFER OVERFLOW","Name: \Windo"
"13:37:23,3915236","Condor.exe","10428","QueryNameInformationFile","C:\Windows\SysWOW64\sechost.dll","SUCCESS","Name: \Windows\SysWOW64\sechost.dll"
"13:37:23,3916917","Condor.exe","10428","Load Image","C:\Windows\SysWOW64\advapi32.dll","SUCCESS","Image Base: 0x74e60000, Image Size: 0x78000"
"13:37:23,3917119","Condor.exe","10428","QueryNameInformationFile","C:\Windows\SysWOW64\advapi32.dll","BUFFER OVERFLOW","Name: \Windo"
"13:37:23,3917225","Condor.exe","10428","QueryNameInformationFile","C:\Windows\SysWOW64\advapi32.dll","SUCCESS","Name: \Windows\SysWOW64\advapi32.dll"
"13:37:23,3918236","Condor.exe","10428","Load Image","C:\Windows\SysWOW64\msvcrt.dll","SUCCESS","Image Base: 0x770c0000, Image Size: 0xbd000"
"13:37:23,3918436","Condor.exe","10428","QueryNameInformationFile","C:\Windows\SysWOW64\msvcrt.dll","BUFFER OVERFLOW","Name: \Windo"
"13:37:23,3918538","Condor.exe","10428","QueryNameInformationFile","C:\Windows\SysWOW64\msvcrt.dll","SUCCESS","Name: \Windows\SysWOW64\msvcrt.dll"
"13:37:23,3919667","Condor.exe","10428","Load Image","C:\Windows\SysWOW64\user32.dll","SUCCESS","Image Base: 0x76550000, Image Size: 0x175000"
"13:37:23,3919981","Condor.exe","10428","QueryNameInformationFile","C:\Windows\SysWOW64\user32.dll","BUFFER OVERFLOW","Name: \Windo"
"13:37:23,3920093","Condor.exe","10428","QueryNameInformationFile","C:\Windows\SysWOW64\user32.dll","SUCCESS","Name: \Windows\SysWOW64\user32.dll"
"13:37:23,3921702","Condor.exe","10428","Load Image","C:\Windows\SysWOW64\win32u.dll","SUCCESS","Image Base: 0x74670000, Image Size: 0x16000"
"13:37:23,3921977","Condor.exe","10428","QueryNameInformationFile","C:\Windows\SysWOW64\win32u.dll","BUFFER OVERFLOW","Name: \Windo"
"13:37:23,3922085","Condor.exe","10428","QueryNameInformationFile","C:\Windows\SysWOW64\win32u.dll","SUCCESS","Name: \Windows\SysWOW64\win32u.dll"
"13:37:23,3923009","Condor.exe","10428","Load Image","C:\Windows\SysWOW64\gdi32.dll","SUCCESS","Image Base: 0x74f20000, Image Size: 0x22000"
"13:37:23,3923199","Condor.exe","10428","QueryNameInformationFile","C:\Windows\SysWOW64\gdi32.dll","BUFFER OVERFLOW","Name: \Windo"
"13:37:23,3923305","Condor.exe","10428","QueryNameInformationFile","C:\Windows\SysWOW64\gdi32.dll","SUCCESS","Name: \Windows\SysWOW64\gdi32.dll"
"13:37:23,3924099","Condor.exe","10428","Load Image","C:\Windows\SysWOW64\gdi32full.dll","SUCCESS","Image Base: 0x743f0000, Image Size: 0x15e000"
"13:37:23,3924289","Condor.exe","10428","QueryNameInformationFile","C:\Windows\SysWOW64\gdi32full.dll","BUFFER OVERFLOW","Name: \Windo"
"13:37:23,3924395","Condor.exe","10428","QueryNameInformationFile","C:\Windows\SysWOW64\gdi32full.dll","SUCCESS","Name: \Windows\SysWOW64\gdi32full.dll"
"13:37:23,3925650","Condor.exe","10428","Load Image","C:\Windows\SysWOW64\ole32.dll","SUCCESS","Image Base: 0x76f50000, Image Size: 0xf7000"
"13:37:23,3925838","Condor.exe","10428","QueryNameInformationFile","C:\Windows\SysWOW64\ole32.dll","BUFFER OVERFLOW","Name: \Windo"
"13:37:23,3925940","Condor.exe","10428","QueryNameInformationFile","C:\Windows\SysWOW64\ole32.dll","SUCCESS","Name: \Windows\SysWOW64\ole32.dll"
"13:37:23,3926810","Condor.exe","10428","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\SideBySide\AssemblyStorageRoots","NAME NOT FOUND","Desired Access: Enumerate Sub Keys"
"13:37:23,3927495","Condor.exe","10428","QueryOpen","E:\Condor2\Condor.exe.Local","NAME NOT FOUND",""
"13:37:23,3928497","Condor.exe","10428","CreateFile","C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.16299.248_none_d0271d135f36f548","SUCCESS","Desired Access: Execute/Traverse, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"13:37:23,3929324","Condor.exe","10428","Load Image","C:\Windows\SysWOW64\shell32.dll","SUCCESS","Image Base: 0x750b0000, Image Size: 0x1333000"
"13:37:23,3929560","Condor.exe","10428","QueryNameInformationFile","C:\Windows\SysWOW64\shell32.dll","BUFFER OVERFLOW","Name: \Windo"
"13:37:23,3929747","Condor.exe","10428","QueryNameInformationFile","C:\Windows\SysWOW64\shell32.dll","SUCCESS","Name: \Windows\SysWOW64\shell32.dll"
"13:37:23,3931048","Condor.exe","10428","Load Image","C:\Windows\SysWOW64\cfgmgr32.dll","SUCCESS","Image Base: 0x74ee0000, Image Size: 0x38000"
"13:37:23,3931223","Condor.exe","10428","QueryNameInformationFile","C:\Windows\SysWOW64\cfgmgr32.dll","BUFFER OVERFLOW","Name: \Windo"
"13:37:23,3931576","Condor.exe","10428","QueryNameInformationFile","C:\Windows\SysWOW64\cfgmgr32.dll","SUCCESS","Name: \Windows\SysWOW64\cfgmgr32.dll"
"13:37:23,3932781","Condor.exe","10428","Load Image","C:\Windows\SysWOW64\SHCore.dll","SUCCESS","Image Base: 0x764c0000, Image Size: 0x88000"
"13:37:23,3932941","Condor.exe","10428","QueryNameInformationFile","C:\Windows\SysWOW64\SHCore.dll","BUFFER OVERFLOW","Name: \Windo"
"13:37:23,3933052","Condor.exe","10428","QueryNameInformationFile","C:\Windows\SysWOW64\SHCore.dll","SUCCESS","Name: \Windows\SysWOW64\SHCore.dll"
"13:37:23,3934193","Condor.exe","10428","Load Image","C:\Windows\SysWOW64\windows.storage.dll","SUCCESS","Image Base: 0x773e0000, Image Size: 0x5c6000"
"13:37:23,3934366","Condor.exe","10428","QueryNameInformationFile","C:\Windows\SysWOW64\windows.storage.dll","BUFFER OVERFLOW","Name: \Windo"
"13:37:23,3934489","Condor.exe","10428","QueryNameInformationFile","C:\Windows\SysWOW64\windows.storage.dll","SUCCESS","Name: \Windows\SysWOW64\windows.storage.dll"
"13:37:23,3935519","Condor.exe","10428","Load Image","C:\Windows\SysWOW64\shlwapi.dll","SUCCESS","Image Base: 0x76ea0000, Image Size: 0x45000"
"13:37:23,3935694","Condor.exe","10428","QueryNameInformationFile","C:\Windows\SysWOW64\shlwapi.dll","BUFFER OVERFLOW","Name: \Windo"
"13:37:23,3935799","Condor.exe","10428","QueryNameInformationFile","C:\Windows\SysWOW64\shlwapi.dll","SUCCESS","Name: \Windows\SysWOW64\shlwapi.dll"
"13:37:23,3936907","Condor.exe","10428","Load Image","C:\Windows\SysWOW64\kernel.appcore.dll","SUCCESS","Image Base: 0x773d0000, Image Size: 0xe000"
"13:37:23,3937067","Condor.exe","10428","QueryNameInformationFile","C:\Windows\SysWOW64\kernel.appcore.dll","BUFFER OVERFLOW","Name: \Windo"
"13:37:23,3937173","Condor.exe","10428","QueryNameInformationFile","C:\Windows\SysWOW64\kernel.appcore.dll","SUCCESS","Name: \Windows\SysWOW64\kernel.appcore.dll"
"13:37:23,3938148","Condor.exe","10428","Load Image","C:\Windows\SysWOW64\powrprof.dll","SUCCESS","Image Base: 0x76e40000, Image Size: 0x45000"
"13:37:23,3938302","Condor.exe","10428","QueryNameInformationFile","C:\Windows\SysWOW64\powrprof.dll","BUFFER OVERFLOW","Name: \Windo"
"13:37:23,3938405","Condor.exe","10428","QueryNameInformationFile","C:\Windows\SysWOW64\powrprof.dll","SUCCESS","Name: \Windows\SysWOW64\powrprof.dll"
"13:37:23,3939479","Condor.exe","10428","Load Image","C:\Windows\SysWOW64\profapi.dll","SUCCESS","Image Base: 0x76450000, Image Size: 0x14000"
"13:37:23,3939669","Condor.exe","10428","QueryNameInformationFile","C:\Windows\SysWOW64\profapi.dll","BUFFER OVERFLOW","Name: \Windo"
"13:37:23,3939796","Condor.exe","10428","QueryNameInformationFile","C:\Windows\SysWOW64\profapi.dll","SUCCESS","Name: \Windows\SysWOW64\profapi.dll"
"13:37:23,3948071","Condor.exe","10428","RegOpenKey","HKLM\System\CurrentControlSet\Control\Session Manager","REPARSE","Desired Access: Query Value"
"13:37:23,3948188","Condor.exe","10428","RegOpenKey","HKLM\System\CurrentControlSet\Control\Session Manager","SUCCESS","Desired Access: Query Value"
"13:37:23,3948297","Condor.exe","10428","RegSetInfoKey","HKLM\System\CurrentControlSet\Control\Session Manager","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"13:37:23,3948357","Condor.exe","10428","RegQueryValue","HKLM\System\CurrentControlSet\Control\Session Manager\SafeDllSearchMode","NAME NOT FOUND","Length: 16"
"13:37:23,3948907","Condor.exe","10428","QueryOpen","E:\Condor2\version.dll","NAME NOT FOUND",""
"13:37:23,3950265","Condor.exe","10428","CreateFile","C:\Windows\SysWOW64\version.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"13:37:23,3950975","Condor.exe","10428","QueryBasicInformationFile","C:\Windows\SysWOW64\version.dll","SUCCESS","CreationTime: 29.09.2017 14:42:24, LastAccessTime: 29.09.2017 14:42:24, LastWriteTime: 29.09.2017 14:42:24, ChangeTime: 19.01.2018 04:59:42, FileAttributes: A"
"13:37:23,3951077","Condor.exe","10428","CloseFile","C:\Windows\SysWOW64\version.dll","SUCCESS",""
"13:37:23,3953480","Condor.exe","10428","CreateFile","C:\Windows\SysWOW64\version.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"13:37:23,3953936","Condor.exe","10428","CreateFileMapping","C:\Windows\SysWOW64\version.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READ|PAGE_NOCACHE"
"13:37:23,3954141","Condor.exe","10428","CreateFileMapping","C:\Windows\SysWOW64\version.dll","SUCCESS","SyncType: SyncTypeOther"
"13:37:23,3954727","Condor.exe","10428","Load Image","C:\Windows\SysWOW64\version.dll","SUCCESS","Image Base: 0x743a0000, Image Size: 0x8000"
"13:37:23,3954905","Condor.exe","10428","QueryNameInformationFile","C:\Windows\SysWOW64\version.dll","BUFFER OVERFLOW","Name: \Windo"
"13:37:23,3955026","Condor.exe","10428","QueryNameInformationFile","C:\Windows\SysWOW64\version.dll","SUCCESS","Name: \Windows\SysWOW64\version.dll"
"13:37:23,3955575","Condor.exe","10428","CloseFile","C:\Windows\SysWOW64\version.dll","SUCCESS",""
"13:37:23,3958217","Condor.exe","10428","CreateFile","C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.16299.248_none_d0271d135f36f548\comctl32.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"13:37:23,3958488","Condor.exe","10428","QueryBasicInformationFile","C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.16299.248_none_d0271d135f36f548\comctl32.dll","SUCCESS","CreationTime: 14.02.2018 01:31:18, LastAccessTime: 14.02.2018 01:31:18, LastWriteTime: 10.02.2018 06:05:40, ChangeTime: 14.02.2018 01:34:27, FileAttributes: A"
"13:37:23,3958585","Condor.exe","10428","CloseFile","C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.16299.248_none_d0271d135f36f548\comctl32.dll","SUCCESS",""
"13:37:23,3959397","Condor.exe","10428","CreateFile","C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.16299.248_none_d0271d135f36f548\comctl32.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"13:37:23,3959750","Condor.exe","10428","CreateFileMapping","C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.16299.248_none_d0271d135f36f548\comctl32.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READ|PAGE_NOCACHE"
"13:37:23,3959940","Condor.exe","10428","CreateFileMapping","C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.16299.248_none_d0271d135f36f548\comctl32.dll","SUCCESS","SyncType: SyncTypeOther"
"13:37:23,3960450","Condor.exe","10428","Load Image","C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.16299.248_none_d0271d135f36f548\comctl32.dll","SUCCESS","Image Base: 0x729e0000, Image Size: 0x8e000"
"13:37:23,3960743","Condor.exe","10428","QueryNameInformationFile","C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.16299.248_none_d0271d135f36f548\comctl32.dll","BUFFER OVERFLOW","Name: \Windo"
"13:37:23,3960876","Condor.exe","10428","QueryNameInformationFile","C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.16299.248_none_d0271d135f36f548\comctl32.dll","SUCCESS","Name: \Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.16299.248_none_d0271d135f36f548\comctl32.dll"
"13:37:23,3961368","Condor.exe","10428","CloseFile","C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.16299.248_none_d0271d135f36f548\comctl32.dll","SUCCESS",""
"13:37:23,3967593","Condor.exe","10428","QueryOpen","E:\Condor2\winspool.drv","NAME NOT FOUND",""
"13:37:23,3969392","Condor.exe","10428","CreateFile","C:\Windows\SysWOW64\winspool.drv","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"13:37:23,3970095","Condor.exe","10428","QueryBasicInformationFile","C:\Windows\SysWOW64\winspool.drv","SUCCESS","CreationTime: 29.09.2017 14:42:27, LastAccessTime: 29.09.2017 14:42:27, LastWriteTime: 29.09.2017 14:42:27, ChangeTime: 18.01.2018 20:24:14, FileAttributes: A"
"13:37:23,3970189","Condor.exe","10428","CloseFile","C:\Windows\SysWOW64\winspool.drv","SUCCESS",""
"13:37:23,3971369","Condor.exe","10428","CreateFile","C:\Windows\SysWOW64\winspool.drv","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"13:37:23,3971843","Condor.exe","10428","CreateFileMapping","C:\Windows\SysWOW64\winspool.drv","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READ|PAGE_NOCACHE"
"13:37:23,3972042","Condor.exe","10428","CreateFileMapping","C:\Windows\SysWOW64\winspool.drv","SUCCESS","SyncType: SyncTypeOther"
"13:37:23,3972649","Condor.exe","10428","Load Image","C:\Windows\SysWOW64\winspool.drv","SUCCESS","Image Base: 0x73d20000, Image Size: 0x6c000"
"13:37:23,3972848","Condor.exe","10428","QueryNameInformationFile","C:\Windows\SysWOW64\winspool.drv","BUFFER OVERFLOW","Name: \Windo"
"13:37:23,3972975","Condor.exe","10428","QueryNameInformationFile","C:\Windows\SysWOW64\winspool.drv","SUCCESS","Name: \Windows\SysWOW64\winspool.drv"
"13:37:23,3973808","Condor.exe","10428","CloseFile","C:\Windows\SysWOW64\winspool.drv","SUCCESS",""
"13:37:23,3974433","Condor.exe","10428","QueryOpen","E:\Condor2\wsock32.dll","NAME NOT FOUND",""
"13:37:23,3975819","Condor.exe","10428","CreateFile","C:\Windows\SysWOW64\wsock32.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"13:37:23,3976407","Condor.exe","10428","QueryBasicInformationFile","C:\Windows\SysWOW64\wsock32.dll","SUCCESS","CreationTime: 29.09.2017 14:42:19, LastAccessTime: 29.09.2017 14:42:19, LastWriteTime: 29.09.2017 14:42:19, ChangeTime: 19.01.2018 04:59:44, FileAttributes: A"
"13:37:23,3976498","Condor.exe","10428","CloseFile","C:\Windows\SysWOW64\wsock32.dll","SUCCESS",""
"13:37:23,3977434","Condor.exe","10428","CreateFile","C:\Windows\SysWOW64\wsock32.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"13:37:23,3977847","Condor.exe","10428","CreateFileMapping","C:\Windows\SysWOW64\wsock32.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READ|PAGE_NOCACHE"
"13:37:23,3978025","Condor.exe","10428","CreateFileMapping","C:\Windows\SysWOW64\wsock32.dll","SUCCESS","SyncType: SyncTypeOther"
"13:37:23,3978877","Condor.exe","10428","Load Image","C:\Windows\SysWOW64\wsock32.dll","SUCCESS","Image Base: 0x740b0000, Image Size: 0x8000"
"13:37:23,3979073","Condor.exe","10428","QueryNameInformationFile","C:\Windows\SysWOW64\wsock32.dll","BUFFER OVERFLOW","Name: \Windo"
"13:37:23,3979194","Condor.exe","10428","QueryNameInformationFile","C:\Windows\SysWOW64\wsock32.dll","SUCCESS","Name: \Windows\SysWOW64\wsock32.dll"
"13:37:23,3980006","Condor.exe","10428","Load Image","C:\Windows\SysWOW64\ws2_32.dll","SUCCESS","Image Base: 0x77050000, Image Size: 0x66000"
"13:37:23,3980190","Condor.exe","10428","QueryNameInformationFile","C:\Windows\SysWOW64\ws2_32.dll","BUFFER OVERFLOW","Name: \Windo"
"13:37:23,3980305","Condor.exe","10428","QueryNameInformationFile","C:\Windows\SysWOW64\ws2_32.dll","SUCCESS","Name: \Windows\SysWOW64\ws2_32.dll"
"13:37:23,3981159","Condor.exe","10428","CloseFile","C:\Windows\SysWOW64\wsock32.dll","SUCCESS",""
"13:37:23,3982055","Condor.exe","10428","QueryOpen","E:\Condor2\dxgi.dll","NAME NOT FOUND",""
"13:37:23,3983939","Condor.exe","10428","CreateFile","C:\Windows\SysWOW64\dxgi.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"13:37:23,3984558","Condor.exe","10428","QueryBasicInformationFile","C:\Windows\SysWOW64\dxgi.dll","SUCCESS","CreationTime: 18.01.2018 21:21:41, LastAccessTime: 18.01.2018 21:21:41, LastWriteTime: 18.01.2018 21:21:41, ChangeTime: 14.02.2018 01:34:27, FileAttributes: A"
"13:37:23,3984655","Condor.exe","10428","CloseFile","C:\Windows\SysWOW64\dxgi.dll","SUCCESS",""
"13:37:23,3985560","Condor.exe","10428","CreateFile","C:\Windows\SysWOW64\dxgi.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"13:37:23,3986007","Condor.exe","10428","CreateFileMapping","C:\Windows\SysWOW64\dxgi.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READ|PAGE_NOCACHE"
"13:37:23,3986200","Condor.exe","10428","CreateFileMapping","C:\Windows\SysWOW64\dxgi.dll","SUCCESS","SyncType: SyncTypeOther"
"13:37:23,3986897","Condor.exe","10428","Load Image","C:\Windows\SysWOW64\dxgi.dll","SUCCESS","Image Base: 0x6c9d0000, Image Size: 0x93000"
"13:37:23,3987121","Condor.exe","10428","QueryNameInformationFile","C:\Windows\SysWOW64\dxgi.dll","BUFFER OVERFLOW","Name: \Windo"
"13:37:23,3987251","Condor.exe","10428","QueryNameInformationFile","C:\Windows\SysWOW64\dxgi.dll","SUCCESS","Name: \Windows\SysWOW64\dxgi.dll"
"13:37:23,3988132","Condor.exe","10428","CloseFile","C:\Windows\SysWOW64\dxgi.dll","SUCCESS",""
"13:37:23,3988769","Condor.exe","10428","QueryOpen","E:\Condor2\d3d11.dll","NAME NOT FOUND",""
"13:37:23,3990363","Condor.exe","10428","CreateFile","C:\Windows\SysWOW64\d3d11.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"13:37:23,3991087","Condor.exe","10428","QueryBasicInformationFile","C:\Windows\SysWOW64\d3d11.dll","SUCCESS","CreationTime: 14.02.2018 01:31:29, LastAccessTime: 14.02.2018 01:31:29, LastWriteTime: 10.02.2018 06:09:28, ChangeTime: 14.02.2018 02:22:34, FileAttributes: A"
"13:37:23,3991190","Condor.exe","10428","CloseFile","C:\Windows\SysWOW64\d3d11.dll","SUCCESS",""
"13:37:23,3992099","Condor.exe","10428","CreateFile","C:\Windows\SysWOW64\d3d11.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"13:37:23,3992524","Condor.exe","10428","CreateFileMapping","C:\Windows\SysWOW64\d3d11.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READ|PAGE_NOCACHE"
"13:37:23,3992787","Condor.exe","10428","CreateFileMapping","C:\Windows\SysWOW64\d3d11.dll","SUCCESS","SyncType: SyncTypeOther"
"13:37:23,3993439","Condor.exe","10428","Load Image","C:\Windows\SysWOW64\d3d11.dll","SUCCESS","Image Base: 0x62890000, Image Size: 0x23e000"
"13:37:23,3993644","Condor.exe","10428","QueryNameInformationFile","C:\Windows\SysWOW64\d3d11.dll","BUFFER OVERFLOW","Name: \Windo"
"13:37:23,3993771","Condor.exe","10428","QueryNameInformationFile","C:\Windows\SysWOW64\d3d11.dll","SUCCESS","Name: \Windows\SysWOW64\d3d11.dll"
"13:37:23,3994574","Condor.exe","10428","CloseFile","C:\Windows\SysWOW64\d3d11.dll","SUCCESS",""
"13:37:23,3995175","Condor.exe","10428","QueryOpen","E:\Condor2\d3dx.dll","SUCCESS","CreationTime: 26.02.2018 13:33:12, LastAccessTime: 26.02.2018 13:33:12, LastWriteTime: 12.02.2018 11:34:10, ChangeTime: 26.02.2018 13:33:12, AllocationSize: 282 624, EndOfFile: 280 136, FileAttributes: A"
"13:37:23,3995558","Condor.exe","10428","CreateFile","E:\Condor2\d3dx.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"13:37:23,3995887","Condor.exe","10428","CreateFileMapping","E:\Condor2\d3dx.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READ|PAGE_NOCACHE"
"13:37:23,3996053","Condor.exe","10428","CreateFileMapping","E:\Condor2\d3dx.dll","SUCCESS","SyncType: SyncTypeOther"
"13:37:23,3996473","Condor.exe","10428","Load Image","E:\Condor2\d3dx.dll","SUCCESS","Image Base: 0x10000000, Image Size: 0x44000"
"13:37:23,3996606","Condor.exe","10428","QueryNameInformationFile","E:\Condor2\d3dx.dll","BUFFER OVERFLOW","Name: \Condo"
"13:37:23,3996720","Condor.exe","10428","QueryNameInformationFile","E:\Condor2\d3dx.dll","SUCCESS","Name: \Condor2\d3dx.dll"
"13:37:23,3997140","Condor.exe","10428","CloseFile","E:\Condor2\d3dx.dll","SUCCESS",""
"13:37:23,3997611","Condor.exe","10428","QueryOpen","E:\Condor2\winmm.dll","NAME NOT FOUND",""
"13:37:23,3999120","Condor.exe","10428","CreateFile","C:\Windows\SysWOW64\winmm.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"13:37:23,3999706","Condor.exe","10428","QueryBasicInformationFile","C:\Windows\SysWOW64\winmm.dll","SUCCESS","CreationTime: 29.09.2017 14:42:08, LastAccessTime: 29.09.2017 14:42:08, LastWriteTime: 29.09.2017 14:42:08, ChangeTime: 19.01.2018 04:59:44, FileAttributes: A"
"13:37:23,3999797","Condor.exe","10428","CloseFile","C:\Windows\SysWOW64\winmm.dll","SUCCESS",""
"13:37:23,4000756","Condor.exe","10428","CreateFile","C:\Windows\SysWOW64\winmm.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"13:37:23,4001203","Condor.exe","10428","CreateFileMapping","C:\Windows\SysWOW64\winmm.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READ|PAGE_NOCACHE"
"13:37:23,4001490","Condor.exe","10428","CreateFileMapping","C:\Windows\SysWOW64\winmm.dll","SUCCESS","SyncType: SyncTypeOther"
"13:37:23,4002085","Condor.exe","10428","Load Image","C:\Windows\SysWOW64\winmm.dll","SUCCESS","Image Base: 0x74140000, Image Size: 0x24000"
"13:37:23,4002272","Condor.exe","10428","QueryNameInformationFile","C:\Windows\SysWOW64\winmm.dll","BUFFER OVERFLOW","Name: \Windo"
"13:37:23,4002393","Condor.exe","10428","QueryNameInformationFile","C:\Windows\SysWOW64\winmm.dll","SUCCESS","Name: \Windows\SysWOW64\winmm.dll"
"13:37:23,4003247","Condor.exe","10428","CloseFile","C:\Windows\SysWOW64\winmm.dll","SUCCESS",""
"13:37:23,4004044","Condor.exe","10428","QueryOpen","E:\Condor2\d3dx11Effects_JSB.dll","SUCCESS","CreationTime: 26.02.2018 13:33:12, LastAccessTime: 26.02.2018 13:33:12, LastWriteTime: 12.02.2018 11:34:02, ChangeTime: 26.02.2018 13:33:12, AllocationSize: 266 240, EndOfFile: 264 264, FileAttributes: A"
"13:37:23,4004476","Condor.exe","10428","CreateFile","E:\Condor2\d3dx11Effects_JSB.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"13:37:23,4004765","Condor.exe","10428","CreateFileMapping","E:\Condor2\d3dx11Effects_JSB.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READ|PAGE_NOCACHE"
"13:37:23,4005131","Condor.exe","10428","CreateFileMapping","E:\Condor2\d3dx11Effects_JSB.dll","SUCCESS","SyncType: SyncTypeOther"
"13:37:23,4005538","Condor.exe","10428","Load Image","E:\Condor2\d3dx11Effects_JSB.dll","SUCCESS","Image Base: 0x51430000, Image Size: 0x43000"
"13:37:23,4005677","Condor.exe","10428","QueryNameInformationFile","E:\Condor2\d3dx11Effects_JSB.dll","BUFFER OVERFLOW","Name: \Condo"
"13:37:23,4005789","Condor.exe","10428","QueryNameInformationFile","E:\Condor2\d3dx11Effects_JSB.dll","SUCCESS","Name: \Condor2\d3dx11Effects_JSB.dll"
"13:37:23,4006296","Condor.exe","10428","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\SideBySide","NAME NOT FOUND","Desired Access: Read"
"13:37:23,4006984","Condor.exe","10428","CreateFile","E:\Condor2\d3dx11Effects_JSB.dll","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"13:37:23,4007265","Condor.exe","10428","QueryBasicInformationFile","E:\Condor2\d3dx11Effects_JSB.dll","SUCCESS","CreationTime: 26.02.2018 13:33:12, LastAccessTime: 26.02.2018 13:33:12, LastWriteTime: 12.02.2018 11:34:02, ChangeTime: 26.02.2018 13:33:12, FileAttributes: A"
"13:37:23,4007875","Condor.exe","10428","CloseFile","E:\Condor2\d3dx11Effects_JSB.dll","SUCCESS",""
"13:37:23,4008632","Condor.exe","10428","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\SideBySide\AssemblyStorageRoots","NAME NOT FOUND","Desired Access: Enumerate Sub Keys"
"13:37:23,4009242","Condor.exe","10428","QueryOpen","E:\Condor2\Condor.exe.Local","NAME NOT FOUND",""
"13:37:23,4010320","Condor.exe","10428","CreateFile","C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.9317_none_508dca76bcbcfe81","SUCCESS","Desired Access: Execute/Traverse, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"13:37:23,4010724","Condor.exe","10428","CloseFile","E:\Condor2\d3dx11Effects_JSB.dll","SUCCESS",""
"13:37:23,4011156","Condor.exe","10428","QueryOpen","E:\Condor2\d3dx11_43.dll","SUCCESS","CreationTime: 26.02.2018 13:33:12, LastAccessTime: 26.02.2018 13:33:12, LastWriteTime: 12.02.2018 11:33:52, ChangeTime: 26.02.2018 13:33:12, AllocationSize: 249 856, EndOfFile: 248 392, FileAttributes: A"
"13:37:23,4011521","Condor.exe","10428","CreateFile","E:\Condor2\d3dx11_43.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"13:37:23,4011793","Condor.exe","10428","CreateFileMapping","E:\Condor2\d3dx11_43.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READ|PAGE_NOCACHE"
"13:37:23,4012125","Condor.exe","10428","CreateFileMapping","E:\Condor2\d3dx11_43.dll","SUCCESS","SyncType: SyncTypeOther"
"13:37:23,4012542","Condor.exe","10428","Load Image","E:\Condor2\d3dx11_43.dll","SUCCESS","Image Base: 0x50070000, Image Size: 0x3f000"
"13:37:23,4012693","Condor.exe","10428","QueryNameInformationFile","E:\Condor2\d3dx11_43.dll","BUFFER OVERFLOW","Name: \Condo"
"13:37:23,4012816","Condor.exe","10428","QueryNameInformationFile","E:\Condor2\d3dx11_43.dll","SUCCESS","Name: \Condor2\d3dx11_43.dll"
"13:37:23,4013263","Condor.exe","10428","CloseFile","E:\Condor2\d3dx11_43.dll","SUCCESS",""
"13:37:23,4014383","Condor.exe","10428","QueryOpen","E:\Condor2\IPHLPAPI.DLL","NAME NOT FOUND",""
"13:37:23,4015796","Condor.exe","10428","CreateFile","C:\Windows\SysWOW64\IPHLPAPI.DLL","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"13:37:23,4016493","Condor.exe","10428","QueryBasicInformationFile","C:\Windows\SysWOW64\IPHLPAPI.DLL","SUCCESS","CreationTime: 29.09.2017 14:42:14, LastAccessTime: 29.09.2017 14:42:14, LastWriteTime: 29.09.2017 14:42:14, ChangeTime: 19.01.2018 04:59:36, FileAttributes: A"
"13:37:23,4016590","Condor.exe","10428","CloseFile","C:\Windows\SysWOW64\IPHLPAPI.DLL","SUCCESS",""
"13:37:23,4017544","Condor.exe","10428","CreateFile","C:\Windows\SysWOW64\IPHLPAPI.DLL","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"13:37:23,4017966","Condor.exe","10428","CreateFileMapping","C:\Windows\SysWOW64\IPHLPAPI.DLL","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READ|PAGE_NOCACHE"
"13:37:23,4018156","Condor.exe","10428","CreateFileMapping","C:\Windows\SysWOW64\IPHLPAPI.DLL","SUCCESS","SyncType: SyncTypeOther"
"13:37:23,4018772","Condor.exe","10428","Load Image","C:\Windows\SysWOW64\IPHLPAPI.DLL","SUCCESS","Image Base: 0x73b60000, Image Size: 0x30000"
"13:37:23,4018965","Condor.exe","10428","QueryNameInformationFile","C:\Windows\SysWOW64\IPHLPAPI.DLL","BUFFER OVERFLOW","Name: \Windo"
"13:37:23,4019098","Condor.exe","10428","QueryNameInformationFile","C:\Windows\SysWOW64\IPHLPAPI.DLL","SUCCESS","Name: \Windows\SysWOW64\IPHLPAPI.DLL"
"13:37:23,4019672","Condor.exe","10428","CloseFile","C:\Windows\SysWOW64\IPHLPAPI.DLL","SUCCESS",""
"13:37:23,4020254","Condor.exe","10428","QueryOpen","E:\Condor2\bcrypt.dll","NAME NOT FOUND",""
"13:37:23,4022060","Condor.exe","10428","CreateFile","C:\Windows\SysWOW64\bcrypt.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"13:37:23,4022793","Condor.exe","10428","QueryBasicInformationFile","C:\Windows\SysWOW64\bcrypt.dll","SUCCESS","CreationTime: 18.01.2018 21:21:10, LastAccessTime: 18.01.2018 21:21:10, LastWriteTime: 18.01.2018 21:21:10, ChangeTime: 14.02.2018 01:34:27, FileAttributes: A"
"13:37:23,4022890","Condor.exe","10428","CloseFile","C:\Windows\SysWOW64\bcrypt.dll","SUCCESS",""
"13:37:23,4023756","Condor.exe","10428","CreateFile","C:\Windows\SysWOW64\bcrypt.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"13:37:23,4024191","Condor.exe","10428","CreateFileMapping","C:\Windows\SysWOW64\bcrypt.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READ|PAGE_NOCACHE"
"13:37:23,4024381","Condor.exe","10428","CreateFileMapping","C:\Windows\SysWOW64\bcrypt.dll","SUCCESS","SyncType: SyncTypeOther"
"13:37:23,4024949","Condor.exe","10428","Load Image","C:\Windows\SysWOW64\bcrypt.dll","SUCCESS","Image Base: 0x73dd0000, Image Size: 0x19000"
"13:37:23,4025133","Condor.exe","10428","QueryNameInformationFile","C:\Windows\SysWOW64\bcrypt.dll","BUFFER OVERFLOW","Name: \Windo"
"13:37:23,4025257","Condor.exe","10428","QueryNameInformationFile","C:\Windows\SysWOW64\bcrypt.dll","SUCCESS","Name: \Windows\SysWOW64\bcrypt.dll"
"13:37:23,4025806","Condor.exe","10428","CloseFile","C:\Windows\SysWOW64\bcrypt.dll","SUCCESS",""
"13:37:23,4027964","Condor.exe","10428","QueryOpen","E:\Condor2\DDRAW.dll","NAME NOT FOUND",""
"13:37:23,4029329","Condor.exe","10428","CreateFile","C:\Windows\SysWOW64\ddraw.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"13:37:23,4029972","Condor.exe","10428","QueryBasicInformationFile","C:\Windows\SysWOW64\ddraw.dll","SUCCESS","CreationTime: 29.09.2017 14:42:14, LastAccessTime: 29.09.2017 14:42:14, LastWriteTime: 29.09.2017 14:42:14, ChangeTime: 19.01.2018 04:59:34, FileAttributes: A"
"13:37:23,4030108","Condor.exe","10428","CloseFile","C:\Windows\SysWOW64\ddraw.dll","SUCCESS",""
"13:37:23,4031261","Condor.exe","10428","CreateFile","C:\Windows\SysWOW64\ddraw.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"13:37:23,4031720","Condor.exe","10428","CreateFileMapping","C:\Windows\SysWOW64\ddraw.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READ|PAGE_NOCACHE"
"13:37:23,4033244","Condor.exe","10428","CreateFileMapping","C:\Windows\SysWOW64\ddraw.dll","SUCCESS","SyncType: SyncTypeOther"
"13:37:23,4033914","Condor.exe","10428","Load Image","C:\Windows\SysWOW64\ddraw.dll","SUCCESS","Image Base: 0x77d10000, Image Size: 0xea000"
"13:37:23,4034101","Condor.exe","10428","QueryNameInformationFile","C:\Windows\SysWOW64\ddraw.dll","BUFFER OVERFLOW","Name: \Windo"
"13:37:23,4034228","Condor.exe","10428","QueryNameInformationFile","C:\Windows\SysWOW64\ddraw.dll","SUCCESS","Name: \Windows\SysWOW64\ddraw.dll"
"13:37:23,4034956","Condor.exe","10428","CloseFile","C:\Windows\SysWOW64\ddraw.dll","SUCCESS",""
"13:37:23,4035565","Condor.exe","10428","QueryOpen","E:\Condor2\WINMMBASE.dll","NAME NOT FOUND",""
"13:37:23,4037075","Condor.exe","10428","CreateFile","C:\Windows\SysWOW64\winmmbase.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"13:37:23,4037582","Condor.exe","10428","QueryBasicInformationFile","C:\Windows\SysWOW64\winmmbase.dll","SUCCESS","CreationTime: 29.09.2017 14:42:08, LastAccessTime: 29.09.2017 14:42:08, LastWriteTime: 29.09.2017 14:42:08, ChangeTime: 19.01.2018 04:59:44, FileAttributes: A"
"13:37:23,4037667","Condor.exe","10428","CloseFile","C:\Windows\SysWOW64\winmmbase.dll","SUCCESS",""
"13:37:23,4038503","Condor.exe","10428","CreateFile","C:\Windows\SysWOW64\winmmbase.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"13:37:23,4038841","Condor.exe","10428","CreateFileMapping","C:\Windows\SysWOW64\winmmbase.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READ|PAGE_NOCACHE"
"13:37:23,4039019","Condor.exe","10428","CreateFileMapping","C:\Windows\SysWOW64\winmmbase.dll","SUCCESS","SyncType: SyncTypeOther"
"13:37:23,4039611","Condor.exe","10428","Load Image","C:\Windows\SysWOW64\winmmbase.dll","SUCCESS","Image Base: 0x740c0000, Image Size: 0x23000"
"13:37:23,4039810","Condor.exe","10428","QueryNameInformationFile","C:\Windows\SysWOW64\winmmbase.dll","BUFFER OVERFLOW","Name: \Windo"
"13:37:23,4039928","Condor.exe","10428","QueryNameInformationFile","C:\Windows\SysWOW64\winmmbase.dll","SUCCESS","Name: \Windows\SysWOW64\winmmbase.dll"
"13:37:23,4040637","Condor.exe","10428","CloseFile","C:\Windows\SysWOW64\winmmbase.dll","SUCCESS",""
"13:37:23,4042635","Condor.exe","10428","CreateFile","C:\Windows\SysWOW64\winmmbase.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"13:37:23,4042865","Condor.exe","10428","QueryBasicInformationFile","C:\Windows\SysWOW64\winmmbase.dll","SUCCESS","CreationTime: 29.09.2017 14:42:08, LastAccessTime: 29.09.2017 14:42:08, LastWriteTime: 29.09.2017 14:42:08, ChangeTime: 19.01.2018 04:59:44, FileAttributes: A"
"13:37:23,4042952","Condor.exe","10428","CloseFile","C:\Windows\SysWOW64\winmmbase.dll","SUCCESS",""
"13:37:23,4044661","Condor.exe","10428","CreateFile","C:\Windows\SysWOW64\winmmbase.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"13:37:23,4044872","Condor.exe","10428","QueryBasicInformationFile","C:\Windows\SysWOW64\winmmbase.dll","SUCCESS","CreationTime: 29.09.2017 14:42:08, LastAccessTime: 29.09.2017 14:42:08, LastWriteTime: 29.09.2017 14:42:08, ChangeTime: 19.01.2018 04:59:44, FileAttributes: A"
"13:37:23,4044957","Condor.exe","10428","CloseFile","C:\Windows\SysWOW64\winmmbase.dll","SUCCESS",""
"13:37:23,4045509","Condor.exe","10428","QueryOpen","E:\Condor2\D3DCompiler_43.dll","SUCCESS","CreationTime: 26.02.2018 13:33:12, LastAccessTime: 26.02.2018 13:33:12, LastWriteTime: 12.02.2018 11:36:02, ChangeTime: 26.02.2018 13:33:12, AllocationSize: 2 109 440, EndOfFile: 2 105 928, FileAttributes: A"
"13:37:23,4045884","Condor.exe","10428","CreateFile","E:\Condor2\D3DCompiler_43.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"13:37:23,4046161","Condor.exe","10428","CreateFileMapping","E:\Condor2\D3DCompiler_43.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READ|PAGE_NOCACHE"
"13:37:23,4046542","Condor.exe","10428","CreateFileMapping","E:\Condor2\D3DCompiler_43.dll","SUCCESS","SyncType: SyncTypeOther"
"13:37:23,4046961","Condor.exe","10428","Load Image","E:\Condor2\D3DCompiler_43.dll","SUCCESS","Image Base: 0xf360000, Image Size: 0x207000"
"13:37:23,4047100","Condor.exe","10428","QueryNameInformationFile","E:\Condor2\D3DCompiler_43.dll","BUFFER OVERFLOW","Name: \Condo"
"13:37:23,4047212","Condor.exe","10428","QueryNameInformationFile","E:\Condor2\D3DCompiler_43.dll","SUCCESS","Name: \Condor2\D3DCompiler_43.dll"
"13:37:23,4047677","Condor.exe","10428","CloseFile","E:\Condor2\D3DCompiler_43.dll","SUCCESS",""
"13:37:23,4049092","Condor.exe","10428","CreateFile","C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.9317_none_508dca76bcbcfe81\msvcr90.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"13:37:23,4049331","Condor.exe","10428","QueryBasicInformationFile","C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.9317_none_508dca76bcbcfe81\msvcr90.dll","SUCCESS","CreationTime: 29.09.2017 14:41:23, LastAccessTime: 29.09.2017 14:41:23, LastWriteTime: 29.09.2017 14:41:23, ChangeTime: 14.02.2018 01:34:27, FileAttributes: A"
"13:37:23,4049421","Condor.exe","10428","CloseFile","C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.9317_none_508dca76bcbcfe81\msvcr90.dll","SUCCESS",""
"13:37:23,4050200","Condor.exe","10428","CreateFile","C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.9317_none_508dca76bcbcfe81\msvcr90.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"13:37:23,4050560","Condor.exe","10428","CreateFileMapping","C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.9317_none_508dca76bcbcfe81\msvcr90.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READ|PAGE_NOCACHE"
"13:37:23,4050756","Condor.exe","10428","CreateFileMapping","C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.9317_none_508dca76bcbcfe81\msvcr90.dll","SUCCESS","SyncType: SyncTypeOther"
"13:37:23,4051187","Condor.exe","10428","Load Image","C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.9317_none_508dca76bcbcfe81\msvcr90.dll","SUCCESS","Image Base: 0x728f0000, Image Size: 0xa3000"
"13:37:23,4051384","Condor.exe","10428","QueryNameInformationFile","C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.9317_none_508dca76bcbcfe81\msvcr90.dll","BUFFER OVERFLOW","Name: \Windo"
"13:37:23,4051510","Condor.exe","10428","QueryNameInformationFile","C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.9317_none_508dca76bcbcfe81\msvcr90.dll","SUCCESS","Name: \Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.9317_none_508dca76bcbcfe81\msvcr90.dll"
"13:37:23,4051939","Condor.exe","10428","CloseFile","C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.9317_none_508dca76bcbcfe81\msvcr90.dll","SUCCESS",""
"13:37:23,4055287","Condor.exe","10428","QueryOpen","E:\Condor2\DCIMAN32.dll","NAME NOT FOUND",""
"13:37:23,4056805","Condor.exe","10428","CreateFile","C:\Windows\SysWOW64\dciman32.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"13:37:23,4057421","Condor.exe","10428","QueryBasicInformationFile","C:\Windows\SysWOW64\dciman32.dll","SUCCESS","CreationTime: 29.09.2017 14:42:13, LastAccessTime: 29.09.2017 14:42:13, LastWriteTime: 29.09.2017 14:42:13, ChangeTime: 14.02.2018 01:34:27, FileAttributes: A"
"13:37:23,4057518","Condor.exe","10428","CloseFile","C:\Windows\SysWOW64\dciman32.dll","SUCCESS",""
"13:37:23,4058632","Condor.exe","10428","CreateFile","C:\Windows\SysWOW64\dciman32.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"13:37:23,4059118","Condor.exe","10428","CreateFileMapping","C:\Windows\SysWOW64\dciman32.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READ|PAGE_NOCACHE"
"13:37:23,4059528","Condor.exe","10428","CreateFileMapping","C:\Windows\SysWOW64\dciman32.dll","SUCCESS","SyncType: SyncTypeOther"
"13:37:23,4060872","Condor.exe","10428","Load Image","C:\Windows\SysWOW64\dciman32.dll","SUCCESS","Image Base: 0x52fc0000, Image Size: 0x7000"
"13:37:23,4061071","Condor.exe","10428","QueryNameInformationFile","C:\Windows\SysWOW64\dciman32.dll","BUFFER OVERFLOW","Name: \Windo"
"13:37:23,4061198","Condor.exe","10428","QueryNameInformationFile","C:\Windows\SysWOW64\dciman32.dll","SUCCESS","Name: \Windows\SysWOW64\dciman32.dll"
"13:37:23,4061816","Condor.exe","10428","CloseFile","C:\Windows\SysWOW64\dciman32.dll","SUCCESS",""
"13:37:23,4064506","Condor.exe","10428","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options","REPARSE","Desired Access: Query Value, Enumerate Sub Keys"
"13:37:23,4064711","Condor.exe","10428","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options","SUCCESS","Desired Access: Query Value, Enumerate Sub Keys"
"13:37:23,4064841","Condor.exe","10428","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"13:37:23,4064950","Condor.exe","10428","RegQueryKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options","SUCCESS","Query: HandleTags, HandleTags: 0x400"
"13:37:23,4065016","Condor.exe","10428","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DllNXOptions","NAME NOT FOUND","Desired Access: Query Value, Enumerate Sub Keys"
"13:37:23,4065360","Condor.exe","10428","RegQueryKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options","SUCCESS","Query: HandleTags, HandleTags: 0x400"
"13:37:23,4065418","Condor.exe","10428","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DllNXOptions","NAME NOT FOUND","Desired Access: Query Value, Enumerate Sub Keys"
"13:37:23,4066523","Condor.exe","10428","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\Sorting\Versions","REPARSE","Desired Access: Read"
"13:37:23,4066616","Condor.exe","10428","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\Sorting\Versions","SUCCESS","Desired Access: Read"
"13:37:23,4066731","Condor.exe","10428","RegSetInfoKey","HKLM\System\CurrentControlSet\Control\Nls\Sorting\Versions","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"13:37:23,4066791","Condor.exe","10428","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\Sorting\Versions\(Default)","SUCCESS","Type: REG_SZ, Length: 18, Data: 0006020E"
"13:37:23,4068805","Condor.exe","10428","RegOpenKey","HKLM\System\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy","REPARSE","Desired Access: Query Value"
"13:37:23,4068883","Condor.exe","10428","RegOpenKey","HKLM\System\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy","SUCCESS","Desired Access: Query Value"
"13:37:23,4068983","Condor.exe","10428","RegSetInfoKey","HKLM\System\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"13:37:23,4069037","Condor.exe","10428","RegQueryValue","HKLM\System\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy\Enabled","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"13:37:23,4069134","Condor.exe","10428","RegOpenKey","HKLM\System\CurrentControlSet\Control\Lsa","REPARSE","Desired Access: Query Value"
"13:37:23,4069200","Condor.exe","10428","RegOpenKey","HKLM\System\CurrentControlSet\Control\Lsa","SUCCESS","Desired Access: Query Value"
"13:37:23,4069273","Condor.exe","10428","RegSetInfoKey","HKLM\System\CurrentControlSet\Control\Lsa","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"13:37:23,4069318","Condor.exe","10428","RegQueryValue","HKLM\System\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy","NAME NOT FOUND","Length: 20"
"13:37:23,4069424","Condor.exe","10428","RegQueryValue","HKLM\System\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy\MDMEnabled","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"13:37:23,4069547","Condor.exe","10428","RegCloseKey","HKLM\System\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy","SUCCESS",""
"13:37:23,4069623","Condor.exe","10428","RegCloseKey","HKLM\System\CurrentControlSet\Control\Lsa","SUCCESS",""
"13:37:23,4069710","Condor.exe","10428","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Policies\Microsoft\Cryptography\Configuration","REPARSE","Desired Access: Query Value"
"13:37:23,4069783","Condor.exe","10428","RegOpenKey","HKLM\System\CurrentControlSet\Policies\Microsoft\Cryptography\Configuration","NAME NOT FOUND","Desired Access: Query Value"
"13:37:23,4070399","Condor.exe","10428","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\a6d3c9ac-9128-522a-495a-1821191173c2","NAME NOT FOUND","Length: 524"
"13:37:23,4071416","Condor.exe","10428","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: Read"
"13:37:23,4071549","Condor.exe","10428","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"13:37:23,4071597","Condor.exe","10428","RegQueryKey","HKLM","SUCCESS","Query: Name"
"13:37:23,4071682","Condor.exe","10428","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\OLE","REPARSE","Desired Access: Read"
"13:37:23,4071872","Condor.exe","10428","RegOpenKey","HKLM\SOFTWARE\Microsoft\Ole","SUCCESS","Desired Access: Read"
"13:37:23,4071996","Condor.exe","10428","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Ole","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"13:37:23,4072053","Condor.exe","10428","RegQueryValue","HKLM\SOFTWARE\Microsoft\Ole\PageAllocatorUseSystemHeap","NAME NOT FOUND","Length: 144"
"13:37:23,4072180","Condor.exe","10428","RegCloseKey","HKLM\SOFTWARE\Microsoft\Ole","SUCCESS",""
"13:37:23,4072255","Condor.exe","10428","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"13:37:23,4072300","Condor.exe","10428","RegQueryKey","HKLM","SUCCESS","Query: Name"
"13:37:23,4072373","Condor.exe","10428","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\OLE","REPARSE","Desired Access: Read"
"13:37:23,4072491","Condor.exe","10428","RegOpenKey","HKLM\SOFTWARE\Microsoft\Ole","SUCCESS","Desired Access: Read"
"13:37:23,4072593","Condor.exe","10428","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Ole","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"13:37:23,4072642","Condor.exe","10428","RegQueryValue","HKLM\SOFTWARE\Microsoft\Ole\PageAllocatorSystemHeapIsPrivate","NAME NOT FOUND","Length: 144"
"13:37:23,4072720","Condor.exe","10428","RegCloseKey","HKLM\SOFTWARE\Microsoft\Ole","SUCCESS",""
"13:37:23,4072783","Condor.exe","10428","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"13:37:23,4072823","Condor.exe","10428","RegQueryKey","HKLM","SUCCESS","Query: Name"
"13:37:23,4072892","Condor.exe","10428","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\OLE","REPARSE","Desired Access: Read"
"13:37:23,4072998","Condor.exe","10428","RegOpenKey","HKLM\SOFTWARE\Microsoft\Ole","SUCCESS","Desired Access: Read"
"13:37:23,4073094","Condor.exe","10428","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Ole","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"13:37:23,4073146","Condor.exe","10428","RegQueryValue","HKLM\SOFTWARE\Microsoft\Ole\AggressiveMTATesting","NAME NOT FOUND","Length: 144"
"13:37:23,4073227","Condor.exe","10428","RegCloseKey","HKLM\SOFTWARE\Microsoft\Ole","SUCCESS",""
"13:37:23,4073580","Condor.exe","10428","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"13:37:23,4073632","Condor.exe","10428","RegOpenKey","HKLM","SUCCESS","Desired Access: Read"
"13:37:23,4073704","Condor.exe","10428","RegSetInfoKey","HKLM","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"13:37:23,4073774","Condor.exe","10428","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x100"
"13:37:23,4073822","Condor.exe","10428","RegOpenKey","HKLM\Software\Microsoft\Ole\FeatureDevelopmentProperties","NAME NOT FOUND","Desired Access: Read"
"13:37:23,4074000","Condor.exe","10428","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x100"
"13:37:23,4074048","Condor.exe","10428","RegOpenKey","HKLM\Software\Microsoft\Ole\FeatureDevelopmentProperties","NAME NOT FOUND","Desired Access: Read"
"13:37:23,4074175","Condor.exe","10428","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x100"
"13:37:23,4074223","Condor.exe","10428","RegOpenKey","HKLM\Software\Microsoft\Ole","SUCCESS","Desired Access: Read"
"13:37:23,4074779","Condor.exe","10428","RegOpenKey","HKCU","SUCCESS","Desired Access: Read"
"13:37:23,4074863","Condor.exe","10428","RegSetInfoKey","HKCU","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"13:37:23,4074927","Condor.exe","10428","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x100"
"13:37:23,4074975","Condor.exe","10428","RegOpenKey","HKCU\Software\Classes\Local Settings","REPARSE","Desired Access: Read"
"13:37:23,4075060","Condor.exe","10428","RegOpenKey","HKCU\Software\Classes\Local Settings","SUCCESS","Desired Access: Read"
"13:37:23,4075171","Condor.exe","10428","RegCloseKey","HKCU","SUCCESS",""
"13:37:23,4075253","Condor.exe","10428","RegQueryKey","HKCU\Software\Classes\Local Settings","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"13:37:23,4075295","Condor.exe","10428","RegQueryKey","HKCU\Software\Classes\Local Settings","SUCCESS","Query: Name"
"13:37:23,4075374","Condor.exe","10428","RegOpenKey","HKCU\Software\Classes\Local Settings\Software\Microsoft\Ole\FeatureDevelopmentProperties","NAME NOT FOUND","Desired Access: Read"
"13:37:23,4075464","Condor.exe","10428","RegQueryKey","HKCU\Software\Classes\Local Settings","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"13:37:23,4075506","Condor.exe","10428","RegQueryKey","HKCU\Software\Classes\Local Settings","SUCCESS","Query: Name"
"13:37:23,4075570","Condor.exe","10428","RegOpenKey","HKCU\Software\Classes\Local Settings\Software\Microsoft\Ole\FeatureDevelopmentProperties","NAME NOT FOUND","Desired Access: Read"
"13:37:23,4075675","Condor.exe","10428","RegQueryKey","HKCU\Software\Classes\Local Settings","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"13:37:23,4075730","Condor.exe","10428","RegQueryKey","HKCU\Software\Classes\Local Settings","SUCCESS","Query: Name"
"13:37:23,4075799","Condor.exe","10428","RegOpenKey","HKCU\Software\Classes\Local Settings\Software\Microsoft\Ole","NAME NOT FOUND","Desired Access: Read"
"13:37:23,4075881","Condor.exe","10428","RegQueryKey","HKCU\Software\Classes\Local Settings","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"13:37:23,4075920","Condor.exe","10428","RegQueryKey","HKCU\Software\Classes\Local Settings","SUCCESS","Query: Name"
"13:37:23,4075983","Condor.exe","10428","RegOpenKey","HKCU\Software\Classes\Local Settings\Software\Microsoft","SUCCESS","Desired Access: Read"
"13:37:23,4076059","Condor.exe","10428","RegSetInfoKey","HKCU\Software\Classes\Local Settings\Software\Microsoft","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"13:37:23,4076678","Condor.exe","10428","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"13:37:23,4076720","Condor.exe","10428","RegQueryKey","HKLM","SUCCESS","Query: Name"
"13:37:23,4076798","Condor.exe","10428","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\OLE\Tracing","REPARSE","Desired Access: Read"
"13:37:23,4076973","Condor.exe","10428","RegOpenKey","HKLM\SOFTWARE\Microsoft\Ole\Tracing","NAME NOT FOUND","Desired Access: Read"
"13:37:23,4077408","Condor.exe","10428","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\1aff6089-e863-4d36-bdfd-3581f07440be","NAME NOT FOUND","Length: 524"
"13:37:23,4077861","Condor.exe","10428","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\f0558438-f56a-5987-47da-040ca75aef05","NAME NOT FOUND","Length: 524"
"13:37:23,4080511","Condor.exe","10428","CreateFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"13:37:23,4081233","Condor.exe","10428","QueryBasicInformationFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","CreationTime: 14.02.2018 01:31:21, LastAccessTime: 14.02.2018 01:31:21, LastWriteTime: 10.02.2018 06:22:00, ChangeTime: 14.02.2018 02:22:35, FileAttributes: A"
"13:37:23,4081323","Condor.exe","10428","CloseFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS",""
"13:37:23,4083412","Condor.exe","10428","CreateFile","C:\Windows\SysWOW64\ole32.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"13:37:23,4084028","Condor.exe","10428","QueryBasicInformationFile","C:\Windows\SysWOW64\ole32.dll","SUCCESS","CreationTime: 03.02.2018 07:12:20, LastAccessTime: 03.02.2018 07:12:20, LastWriteTime: 01.01.2018 12:42:32, ChangeTime: 14.02.2018 01:34:27, FileAttributes: A"
"13:37:23,4084119","Condor.exe","10428","CloseFile","C:\Windows\SysWOW64\ole32.dll","SUCCESS",""
"13:37:23,4087482","Condor.exe","10428","CreateFile","C:\Windows\SysWOW64\imm32.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"13:37:23,4088070","Condor.exe","10428","QueryBasicInformationFile","C:\Windows\SysWOW64\imm32.dll","SUCCESS","CreationTime: 29.09.2017 14:42:14, LastAccessTime: 29.09.2017 14:42:14, LastWriteTime: 29.09.2017 14:42:14, ChangeTime: 19.01.2018 04:59:36, FileAttributes: A"
"13:37:23,4088161","Condor.exe","10428","CloseFile","C:\Windows\SysWOW64\imm32.dll","SUCCESS",""
"13:37:23,4089190","Condor.exe","10428","CreateFile","C:\Windows\SysWOW64\imm32.dll","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"13:37:23,4089604","Condor.exe","10428","CreateFileMapping","C:\Windows\SysWOW64\imm32.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READ|PAGE_NOCACHE"
"13:37:23,4089691","Condor.exe","10428","QueryStandardInformationFile","C:\Windows\SysWOW64\imm32.dll","SUCCESS","AllocationSize: 143 360, EndOfFile: 143 152, NumberOfLinks: 2, DeletePending: False, Directory: False"
"13:37:23,4089833","Condor.exe","10428","CreateFileMapping","C:\Windows\SysWOW64\imm32.dll","SUCCESS","SyncType: SyncTypeOther"
"13:37:23,4090223","Condor.exe","10428","CloseFile","C:\Windows\SysWOW64\imm32.dll","SUCCESS",""
"13:37:23,4091116","Condor.exe","10428","Load Image","C:\Windows\SysWOW64\imm32.dll","SUCCESS","Image Base: 0x745b0000, Image Size: 0x25000"
"13:37:23,4091569","Condor.exe","10428","QueryNameInformationFile","C:\Windows\SysWOW64\imm32.dll","BUFFER OVERFLOW","Name: \Windo"
"13:37:23,4091895","Condor.exe","10428","QueryNameInformationFile","C:\Windows\SysWOW64\imm32.dll","SUCCESS","Name: \Windows\SysWOW64\imm32.dll"
"13:37:23,4094395","Condor.exe","10428","CreateFile","C:\Windows\SysWOW64\imm32.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"13:37:23,4094705","Condor.exe","10428","QueryBasicInformationFile","C:\Windows\SysWOW64\imm32.dll","SUCCESS","CreationTime: 29.09.2017 14:42:14, LastAccessTime: 29.09.2017 14:42:14, LastWriteTime: 29.09.2017 14:42:14, ChangeTime: 19.01.2018 04:59:36, FileAttributes: A"
"13:37:23,4094799","Condor.exe","10428","CloseFile","C:\Windows\SysWOW64\imm32.dll","SUCCESS",""
"13:37:23,4096665","Condor.exe","10428","CreateFile","C:\Windows\SysWOW64\imm32.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"13:37:23,4097000","Condor.exe","10428","QueryBasicInformationFile","C:\Windows\SysWOW64\imm32.dll","SUCCESS","CreationTime: 29.09.2017 14:42:14, LastAccessTime: 29.09.2017 14:42:14, LastWriteTime: 29.09.2017 14:42:14, ChangeTime: 19.01.2018 04:59:36, FileAttributes: A"
"13:37:23,4097090","Condor.exe","10428","CloseFile","C:\Windows\SysWOW64\imm32.dll","SUCCESS",""
"13:37:23,4097588","Condor.exe","10428","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\f25bcd2e-2690-55dc-3bc4-07b65b1b41c9","NAME NOT FOUND","Length: 524"
"13:37:23,4097981","Condor.exe","10428","RegOpenKey","HKLM\Software\WOW6432Node\Policies\Microsoft\Windows\Display","REPARSE","Desired Access: Read"
"13:37:23,4098243","Condor.exe","10428","RegOpenKey","HKLM\SOFTWARE\Policies\Microsoft\Windows\Display","NAME NOT FOUND","Desired Access: Read"
"13:37:23,4098464","Condor.exe","10428","RegQueryKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options","SUCCESS","Query: HandleTags, HandleTags: 0x400"
"13:37:23,4098539","Condor.exe","10428","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Condor.exe","NAME NOT FOUND","Desired Access: Query Value, Enumerate Sub Keys"
"13:37:23,4098790","Condor.exe","10428","RegOpenKey","HKLM\Software\WOW6432Node\Policies\Microsoft\Windows\Display","REPARSE","Desired Access: Read"
"13:37:23,4098908","Condor.exe","10428","RegOpenKey","HKLM\SOFTWARE\Policies\Microsoft\Windows\Display","NAME NOT FOUND","Desired Access: Read"
"13:37:23,4099110","Condor.exe","10428","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\GRE_Initialize","REPARSE","Desired Access: Read"
"13:37:23,4099221","Condor.exe","10428","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize","SUCCESS","Desired Access: Read"
"13:37:23,4099315","Condor.exe","10428","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"13:37:23,4099372","Condor.exe","10428","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles","NAME NOT FOUND","Length: 20"
"13:37:23,4099481","Condor.exe","10428","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize","SUCCESS",""
"13:37:23,4099774","Condor.exe","10428","RegOpenKey","HKCU\Control Panel\Desktop","SUCCESS","Desired Access: Read"
"13:37:23,4099904","Condor.exe","10428","RegQueryValue","HKCU\Control Panel\Desktop\EnablePerProcessSystemDPI","NAME NOT FOUND","Length: 520"
"13:37:23,4100031","Condor.exe","10428","RegCloseKey","HKCU\Control Panel\Desktop","SUCCESS",""
"13:37:23,4100942","Condor.exe","10428","RegOpenKey","HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Compatibility32","SUCCESS","Desired Access: Read"
"13:37:23,4101120","Condor.exe","10428","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Compatibility32\Condor","NAME NOT FOUND","Length: 172"
"13:37:23,4101226","Condor.exe","10428","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Compatibility32","SUCCESS",""
"13:37:23,4101313","Condor.exe","10428","RegOpenKey","HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\IME Compatibility","NAME NOT FOUND","Desired Access: Read"
"13:37:23,4111939","Condor.exe","10428","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"13:37:23,4112033","Condor.exe","10428","RegQueryKey","HKLM","SUCCESS","Query: Name"
"13:37:23,4112178","Condor.exe","10428","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Windows","SUCCESS","Desired Access: Read"
"13:37:23,4112344","Condor.exe","10428","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Windows","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"13:37:23,4112419","Condor.exe","10428","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Windows\LoadAppInit_DLLs","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"13:37:23,4112540","Condor.exe","10428","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Windows","SUCCESS",""
"13:37:23,4113228","Condor.exe","10428","RegQueryKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options","SUCCESS","Query: HandleTags, HandleTags: 0x400"
"13:37:23,4113307","Condor.exe","10428","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Condor.exe","NAME NOT FOUND","Desired Access: Query Value, Enumerate Sub Keys"
"13:37:23,4113775","Condor.exe","10428","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"13:37:23,4113865","Condor.exe","10428","RegQueryKey","HKLM","SUCCESS","Query: Name"
"13:37:23,4113965","Condor.exe","10428","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\OLE\Tracing","REPARSE","Desired Access: Read"
"13:37:23,4114134","Condor.exe","10428","RegOpenKey","HKLM\SOFTWARE\Microsoft\Ole\Tracing","NAME NOT FOUND","Desired Access: Read"
"13:37:23,4114539","Condor.exe","10428","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\1aff6089-e863-4d36-bdfd-3581f07440be","NAME NOT FOUND","Length: 524"
"13:37:23,4114934","Condor.exe","10428","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\f0558438-f56a-5987-47da-040ca75aef05","NAME NOT FOUND","Length: 524"
"13:37:23,4117008","Condor.exe","10428","CreateFile","C:\Windows\SysWOW64\oleaut32.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"13:37:23,4117651","Condor.exe","10428","QueryBasicInformationFile","C:\Windows\SysWOW64\oleaut32.dll","SUCCESS","CreationTime: 29.09.2017 14:42:14, LastAccessTime: 29.09.2017 14:42:14, LastWriteTime: 29.09.2017 14:42:14, ChangeTime: 19.01.2018 04:59:39, FileAttributes: A"
"13:37:23,4117750","Condor.exe","10428","CloseFile","C:\Windows\SysWOW64\oleaut32.dll","SUCCESS",""
"13:37:23,4118692","Condor.exe","10428","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"13:37:23,4118753","Condor.exe","10428","RegQueryKey","HKLM","SUCCESS","Query: Name"
"13:37:23,4118855","Condor.exe","10428","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\OLEAUT","NAME NOT FOUND","Desired Access: Query Value"
"13:37:23,4121916","Condor.exe","10428","RegOpenKey","HKCU","SUCCESS","Desired Access: Read"
"13:37:23,4122239","Condor.exe","10428","RegCloseKey","HKCU","SUCCESS",""
"13:37:23,4124374","Condor.exe","10428","CreateFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"13:37:23,4124645","Condor.exe","10428","QueryBasicInformationFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","CreationTime: 14.02.2018 01:31:21, LastAccessTime: 14.02.2018 01:31:21, LastWriteTime: 10.02.2018 06:22:00, ChangeTime: 14.02.2018 02:22:35, FileAttributes: A"
"13:37:23,4124745","Condor.exe","10428","CloseFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS",""
"13:37:23,4126979","Condor.exe","10428","CreateFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"13:37:23,4127205","Condor.exe","10428","QueryBasicInformationFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","CreationTime: 14.02.2018 01:31:21, LastAccessTime: 14.02.2018 01:31:21, LastWriteTime: 10.02.2018 06:22:00, ChangeTime: 14.02.2018 02:22:35, FileAttributes: A"
"13:37:23,4127290","Condor.exe","10428","CloseFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS",""
"13:37:23,4129928","Condor.exe","10428","CreateFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"13:37:23,4130191","Condor.exe","10428","QueryBasicInformationFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","CreationTime: 14.02.2018 01:31:21, LastAccessTime: 14.02.2018 01:31:21, LastWriteTime: 10.02.2018 06:22:00, ChangeTime: 14.02.2018 02:22:35, FileAttributes: A"
"13:37:23,4130317","Condor.exe","10428","CloseFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS",""
"13:37:23,4133572","Condor.exe","10428","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\30336ed4-e327-447c-9de0-51b652c86108","NAME NOT FOUND","Length: 524"
"13:37:23,4133997","Condor.exe","10428","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\b87cf16b-0bf8-4492-a510-d5f59626b033","NAME NOT FOUND","Length: 524"
"13:37:23,4134296","Condor.exe","10428","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\a40b455c-253c-4311-ac6d-6e667edccefc","NAME NOT FOUND","Length: 524"
"13:37:23,4134571","Condor.exe","10428","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\703fcc13-b66f-5868-ddd9-e2db7f381ffb","NAME NOT FOUND","Length: 524"
"13:37:23,4134827","Condor.exe","10428","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\32980f26-c8f5-5767-6b26-635b3fa83c61","NAME NOT FOUND","Length: 524"
"13:37:23,4137212","Condor.exe","10428","CreateFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"13:37:23,4137457","Condor.exe","10428","QueryBasicInformationFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","CreationTime: 14.02.2018 01:31:21, LastAccessTime: 14.02.2018 01:31:21, LastWriteTime: 10.02.2018 06:22:00, ChangeTime: 14.02.2018 02:22:35, FileAttributes: A"
"13:37:23,4137550","Condor.exe","10428","CloseFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS",""
"13:37:23,4140095","Condor.exe","10428","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\30336ed4-e327-447c-9de0-51b652c86108","NAME NOT FOUND","Length: 524"
"13:37:23,4140433","Condor.exe","10428","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\b87cf16b-0bf8-4492-a510-d5f59626b033","NAME NOT FOUND","Length: 524"
"13:37:23,4140735","Condor.exe","10428","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\32980f26-c8f5-5767-6b26-635b3fa83c61","NAME NOT FOUND","Length: 524"
"13:37:23,4140998","Condor.exe","10428","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\703fcc13-b66f-5868-ddd9-e2db7f381ffb","NAME NOT FOUND","Length: 524"
"13:37:23,4141547","Condor.exe","10428","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\f3a71a4b-6118-4257-8ccb-39a33ba059d4","NAME NOT FOUND","Length: 524"
"13:37:23,4143624","Condor.exe","10428","CreateFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"13:37:23,4143869","Condor.exe","10428","QueryBasicInformationFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","CreationTime: 14.02.2018 01:31:21, LastAccessTime: 14.02.2018 01:31:21, LastWriteTime: 10.02.2018 06:22:00, ChangeTime: 14.02.2018 02:22:35, FileAttributes: A"
"13:37:23,4143962","Condor.exe","10428","CloseFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS",""
"13:37:23,4144717","Condor.exe","10428","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\c69cb70a-3133-4cca-ab0e-046848effcda","NAME NOT FOUND","Length: 524"
"13:37:23,4146353","Condor.exe","10428","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\d0f1a5c6-fc43-48ae-99bf-efb1c38be9d1","NAME NOT FOUND","Length: 524"
"13:37:23,4147624","Condor.exe","10428","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\03bbe5b8-c788-4d0b-b47e-5b5731398a89","NAME NOT FOUND","Length: 524"
"13:37:23,4148508","Condor.exe","10428","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\86cc27ea-6f87-47f7-8b43-3473527d4a87","NAME NOT FOUND","Length: 524"
"13:37:23,4148943","Condor.exe","10428","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\d479cbb9-0cf0-494c-b98f-684c33849782","NAME NOT FOUND","Length: 524"
"13:37:23,4149188","Condor.exe","10428","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\d479cbb9-0cf0-494c-b98f-684c33849782","NAME NOT FOUND","Length: 524"
"13:37:23,4150685","Condor.exe","10428","QueryNameInformationFile","E:\Condor2\d3dx.dll","SUCCESS","Name: \Condor2\d3dx.dll"
"13:37:23,4154455","Condor.exe","10428","CreateFile","C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.9317_none_508dca76bcbcfe81\msvcr90.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"13:37:23,4154724","Condor.exe","10428","QueryBasicInformationFile","C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.9317_none_508dca76bcbcfe81\msvcr90.dll","SUCCESS","CreationTime: 29.09.2017 14:41:23, LastAccessTime: 29.09.2017 14:41:23, LastWriteTime: 29.09.2017 14:41:23, ChangeTime: 14.02.2018 01:34:27, FileAttributes: A"
"13:37:23,4154814","Condor.exe","10428","CloseFile","C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.9317_none_508dca76bcbcfe81\msvcr90.dll","SUCCESS",""
"13:37:23,4155168","Condor.exe","10428","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"13:37:23,4155476","Condor.exe","10428","QueryDirectory","C:\WINDOWS","SUCCESS","Filter: WINDOWS, 1: Windows"
"13:37:23,4156016","Condor.exe","10428","CloseFile","C:\","SUCCESS",""
"13:37:23,4156982","Condor.exe","10428","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"13:37:23,4157281","Condor.exe","10428","QueryDirectory","C:\Windows\WinSxS","SUCCESS","Filter: WinSxS, 1: WinSxS"
"13:37:23,4157501","Condor.exe","10428","CloseFile","C:\Windows","SUCCESS",""
"13:37:23,4158476","Condor.exe","10428","CreateFile","C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.9317_none_508dca76bcbcfe81","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"13:37:23,4158712","Condor.exe","10428","QueryDirectory","C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.9317_none_508dca76bcbcfe81\MSVCR90.dll","SUCCESS","Filter: MSVCR90.dll, 1: msvcr90.dll"
"13:37:23,4158890","Condor.exe","10428","CloseFile","C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.9317_none_508dca76bcbcfe81","SUCCESS",""
"13:37:23,4160251","Condor.exe","10428","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"13:37:23,4160538","Condor.exe","10428","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"13:37:23,4160650","Condor.exe","10428","RegQueryKey","HKCU","SUCCESS","Query: Name"
"13:37:23,4160740","Condor.exe","10428","RegOpenKey","HKCU\Software\Borland\Locales","NAME NOT FOUND","Desired Access: Read, Delete, Write DAC, Write Owner"
"13:37:23,4160888","Condor.exe","10428","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"13:37:23,4160930","Condor.exe","10428","RegQueryKey","HKLM","SUCCESS","Query: Name"
"13:37:23,4161015","Condor.exe","10428","RegOpenKey","HKLM\Software\WOW6432Node\Borland\Locales","NAME NOT FOUND","Desired Access: Read, Delete, Write DAC, Write Owner"
"13:37:23,4161265","Condor.exe","10428","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"13:37:23,4161308","Condor.exe","10428","RegQueryKey","HKCU","SUCCESS","Query: Name"
"13:37:23,4161697","Condor.exe","10428","RegOpenKey","HKCU\Software\Borland\Delphi\Locales","NAME NOT FOUND","Desired Access: Read, Delete, Write DAC, Write Owner"
"13:37:23,4161957","Condor.exe","10428","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","REPARSE","Desired Access: Read"
"13:37:23,4162059","Condor.exe","10428","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","Desired Access: Read"
"13:37:23,4162174","Condor.exe","10428","RegSetInfoKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"13:37:23,4162231","Condor.exe","10428","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale\fr-CH","NAME NOT FOUND","Length: 532"
"13:37:23,4162337","Condor.exe","10428","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS",""
"13:37:23,4162422","Condor.exe","10428","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","REPARSE","Desired Access: Read"
"13:37:23,4162488","Condor.exe","10428","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","Desired Access: Read"
"13:37:23,4162573","Condor.exe","10428","RegSetInfoKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"13:37:23,4162618","Condor.exe","10428","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale\fr-CH","NAME NOT FOUND","Length: 532"
"13:37:23,4162693","Condor.exe","10428","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS",""
"13:37:23,4163557","Condor.exe","10428","QueryOpen","E:\Condor2\Condor.FRS","NAME NOT FOUND",""
"13:37:23,4163976","Condor.exe","10428","QueryOpen","E:\Condor2\Condor.FRS.DLL","NAME NOT FOUND",""
"13:37:23,4164366","Condor.exe","10428","QueryOpen","E:\Condor2\Condor.FR","NAME NOT FOUND",""
"13:37:23,4164698","Condor.exe","10428","QueryOpen","E:\Condor2\Condor.FR.DLL","NAME NOT FOUND",""
"13:37:23,4167146","Condor.exe","10428","CreateFile","C:\Windows\SysWOW64\uxtheme.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"13:37:23,4168033","Condor.exe","10428","QueryBasicInformationFile","C:\Windows\SysWOW64\uxtheme.dll","SUCCESS","CreationTime: 29.09.2017 14:42:25, LastAccessTime: 29.09.2017 14:42:25, LastWriteTime: 29.09.2017 14:42:25, ChangeTime: 19.01.2018 04:59:42, FileAttributes: A"
"13:37:23,4168166","Condor.exe","10428","CloseFile","C:\Windows\SysWOW64\uxtheme.dll","SUCCESS",""
"13:37:23,4169208","Condor.exe","10428","CreateFile","C:\Windows\SysWOW64\uxtheme.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"13:37:23,4169673","Condor.exe","10428","CreateFileMapping","C:\Windows\SysWOW64\uxtheme.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READ"
"13:37:23,4169893","Condor.exe","10428","CreateFileMapping","C:\Windows\SysWOW64\uxtheme.dll","SUCCESS","SyncType: SyncTypeOther"
"13:37:23,4170705","Condor.exe","10428","Load Image","C:\Windows\SysWOW64\uxtheme.dll","SUCCESS","Image Base: 0x70800000, Image Size: 0x79000"
"13:37:23,4170931","Condor.exe","10428","QueryNameInformationFile","C:\Windows\SysWOW64\uxtheme.dll","BUFFER OVERFLOW","Name: \Windo"
"13:37:23,4171073","Condor.exe","10428","QueryNameInformationFile","C:\Windows\SysWOW64\uxtheme.dll","SUCCESS","Name: \Windows\SysWOW64\uxtheme.dll"
"13:37:23,4172697","Condor.exe","10428","CloseFile","C:\Windows\SysWOW64\uxtheme.dll","SUCCESS",""
"13:37:23,4174862","Condor.exe","10428","CreateFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"13:37:23,4175128","Condor.exe","10428","QueryBasicInformationFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","CreationTime: 14.02.2018 01:31:21, LastAccessTime: 14.02.2018 01:31:21, LastWriteTime: 10.02.2018 06:22:00, ChangeTime: 14.02.2018 02:22:35, FileAttributes: A"
"13:37:23,4175236","Condor.exe","10428","CloseFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS",""
"13:37:23,4179091","Condor.exe","10428","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"13:37:23,4179161","Condor.exe","10428","RegQueryKey","HKLM","SUCCESS","Query: Name"
"13:37:23,4179290","Condor.exe","10428","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","REPARSE","Desired Access: Read"
"13:37:23,4179541","Condor.exe","10428","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS","Desired Access: Read"
"13:37:23,4179650","Condor.exe","10428","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"13:37:23,4179749","Condor.exe","10428","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\MS Shell Dlg 2","SUCCESS","Type: REG_SZ, Length: 14, Data: Tahoma"
"13:37:23,4179819","Condor.exe","10428","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\MS Shell Dlg 2","SUCCESS","Type: REG_SZ, Length: 14, Data: Tahoma"
"13:37:23,4179885","Condor.exe","10428","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\MS Shell Dlg 2","SUCCESS","Type: REG_SZ, Length: 14, Data: Tahoma"
"13:37:23,4179948","Condor.exe","10428","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\MS Shell Dlg 2","SUCCESS","Type: REG_SZ, Length: 14, Data: Tahoma"
"13:37:23,4180090","Condor.exe","10428","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes","SUCCESS",""
"13:37:23,4188434","Condor.exe","10428","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Control\Session Manager","REPARSE","Desired Access: Query Value, Enumerate Sub Keys"
"13:37:23,4188561","Condor.exe","10428","RegOpenKey","HKLM\System\CurrentControlSet\Control\Session Manager","SUCCESS","Desired Access: Query Value, Enumerate Sub Keys"
"13:37:23,4188679","Condor.exe","10428","RegSetInfoKey","HKLM\System\CurrentControlSet\Control\Session Manager","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"13:37:23,4188739","Condor.exe","10428","RegQueryValue","HKLM\System\CurrentControlSet\Control\Session Manager\ResourcePolicies","NAME NOT FOUND","Length: 24"
"13:37:23,4188833","Condor.exe","10428","RegCloseKey","HKLM\System\CurrentControlSet\Control\Session Manager","SUCCESS",""
"13:37:23,4192977","Condor.exe","10428","Load Image","C:\Windows\SysWOW64\msctf.dll","SUCCESS","Image Base: 0x74d10000, Image Size: 0x144000"
"13:37:23,4193207","Condor.exe","10428","QueryNameInformationFile","C:\Windows\SysWOW64\msctf.dll","BUFFER OVERFLOW","Name: \Windo"
"13:37:23,4193367","Condor.exe","10428","QueryNameInformationFile","C:\Windows\SysWOW64\msctf.dll","SUCCESS","Name: \Windows\SysWOW64\msctf.dll"
"13:37:23,4196588","Condor.exe","10428","CreateFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"13:37:23,4196859","Condor.exe","10428","QueryBasicInformationFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","CreationTime: 14.02.2018 01:31:21, LastAccessTime: 14.02.2018 01:31:21, LastWriteTime: 10.02.2018 06:22:00, ChangeTime: 14.02.2018 02:22:35, FileAttributes: A"
"13:37:23,4196971","Condor.exe","10428","CloseFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS",""
"13:37:23,4198508","Condor.exe","10428","QueryOpen","E:\Program Files (x86)\ASUS\ASUS MultiFrame\HookTitle.dll","SUCCESS","CreationTime: 15.08.2013 17:36:44, LastAccessTime: 19.01.2018 07:10:32, LastWriteTime: 15.08.2013 17:36:44, ChangeTime: 19.01.2018 07:10:32, AllocationSize: 1 994 752, EndOfFile: 1 993 728, FileAttributes: A"
"13:37:23,4198927","Condor.exe","10428","CreateFile","E:\Program Files (x86)\ASUS\ASUS MultiFrame\HookTitle.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"13:37:23,4199259","Condor.exe","10428","CreateFileMapping","E:\Program Files (x86)\ASUS\ASUS MultiFrame\HookTitle.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READ"
"13:37:23,4199462","Condor.exe","10428","CreateFileMapping","E:\Program Files (x86)\ASUS\ASUS MultiFrame\HookTitle.dll","SUCCESS","SyncType: SyncTypeOther"
"13:37:23,4199969","Condor.exe","10428","Load Image","E:\Program Files (x86)\ASUS\ASUS MultiFrame\HookTitle.dll","SUCCESS","Image Base: 0x77e00000, Image Size: 0x1f4000"
"13:37:23,4200120","Condor.exe","10428","QueryNameInformationFile","E:\Program Files (x86)\ASUS\ASUS MultiFrame\HookTitle.dll","BUFFER OVERFLOW","Name: \Progr"
"13:37:23,4200252","Condor.exe","10428","QueryNameInformationFile","E:\Program Files (x86)\ASUS\ASUS MultiFrame\HookTitle.dll","SUCCESS","Name: \Program Files (x86)\ASUS\ASUS MultiFrame\HookTitle.dll"
"13:37:23,4200892","Condor.exe","10428","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\SideBySide","NAME NOT FOUND","Desired Access: Read"
"13:37:23,4201659","Condor.exe","10428","CreateFile","E:\Program Files (x86)\ASUS\ASUS MultiFrame\HookTitle.dll","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"13:37:23,4201994","Condor.exe","10428","QueryBasicInformationFile","E:\Program Files (x86)\ASUS\ASUS MultiFrame\HookTitle.dll","SUCCESS","CreationTime: 15.08.2013 17:36:44, LastAccessTime: 19.01.2018 07:10:32, LastWriteTime: 15.08.2013 17:36:44, ChangeTime: 19.01.2018 07:10:32, FileAttributes: A"
"13:37:23,4202604","Condor.exe","10428","CloseFile","E:\Program Files (x86)\ASUS\ASUS MultiFrame\HookTitle.dll","SUCCESS",""
"13:37:23,4203338","Condor.exe","10428","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\SideBySide\AssemblyStorageRoots","NAME NOT FOUND","Desired Access: Enumerate Sub Keys"
"13:37:23,4204008","Condor.exe","10428","QueryOpen","E:\Condor2\Condor.exe.Local","NAME NOT FOUND",""
"13:37:23,4204937","Condor.exe","10428","CreateFile","C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.16299.248_none_8e66fbc1026df8ab","SUCCESS","Desired Access: Execute/Traverse, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"13:37:23,4205484","Condor.exe","10428","CloseFile","E:\Program Files (x86)\ASUS\ASUS MultiFrame\HookTitle.dll","SUCCESS",""
"13:37:23,4206082","Condor.exe","10428","QueryOpen","E:\Program Files (x86)\ASUS\ASUS MultiFrame\MSIMG32.dll","NAME NOT FOUND",""
"13:37:23,4207875","Condor.exe","10428","CreateFile","C:\Windows\SysWOW64\msimg32.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"13:37:23,4208536","Condor.exe","10428","QueryBasicInformationFile","C:\Windows\SysWOW64\msimg32.dll","SUCCESS","CreationTime: 29.09.2017 14:42:14, LastAccessTime: 29.09.2017 14:42:14, LastWriteTime: 29.09.2017 14:42:14, ChangeTime: 19.01.2018 04:59:38, FileAttributes: A"
"13:37:23,4208654","Condor.exe","10428","CloseFile","C:\Windows\SysWOW64\msimg32.dll","SUCCESS",""
"13:37:23,4209607","Condor.exe","10428","CreateFile","C:\Windows\SysWOW64\msimg32.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"13:37:23,4210045","Condor.exe","10428","CreateFileMapping","C:\Windows\SysWOW64\msimg32.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READ"
"13:37:23,4210266","Condor.exe","10428","CreateFileMapping","C:\Windows\SysWOW64\msimg32.dll","SUCCESS","SyncType: SyncTypeOther"
"13:37:23,4211090","Condor.exe","10428","Load Image","C:\Windows\SysWOW64\msimg32.dll","SUCCESS","Image Base: 0x743b0000, Image Size: 0x6000"
"13:37:23,4211277","Condor.exe","10428","QueryNameInformationFile","C:\Windows\SysWOW64\msimg32.dll","BUFFER OVERFLOW","Name: \Windo"
"13:37:23,4211419","Condor.exe","10428","QueryNameInformationFile","C:\Windows\SysWOW64\msimg32.dll","SUCCESS","Name: \Windows\SysWOW64\msimg32.dll"
"13:37:23,4211977","Condor.exe","10428","CloseFile","C:\Windows\SysWOW64\msimg32.dll","SUCCESS",""
"13:37:23,4212632","Condor.exe","10428","QueryOpen","E:\Program Files (x86)\ASUS\ASUS MultiFrame\OLEACC.dll","NAME NOT FOUND",""
"13:37:23,4214594","Condor.exe","10428","CreateFile","C:\Windows\SysWOW64\oleacc.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"13:37:23,4215337","Condor.exe","10428","QueryBasicInformationFile","C:\Windows\SysWOW64\oleacc.dll","SUCCESS","CreationTime: 29.09.2017 14:42:23, LastAccessTime: 29.09.2017 14:42:23, LastWriteTime: 29.09.2017 14:42:23, ChangeTime: 19.01.2018 04:59:39, FileAttributes: A"
"13:37:23,4215452","Condor.exe","10428","CloseFile","C:\Windows\SysWOW64\oleacc.dll","SUCCESS",""
"13:37:23,4216460","Condor.exe","10428","CreateFile","C:\Windows\SysWOW64\oleacc.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"13:37:23,4216922","Condor.exe","10428","CreateFileMapping","C:\Windows\SysWOW64\oleacc.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READ"
"13:37:23,4217145","Condor.exe","10428","CreateFileMapping","C:\Windows\SysWOW64\oleacc.dll","SUCCESS","SyncType: SyncTypeOther"
"13:37:23,4217791","Condor.exe","10428","Load Image","C:\Windows\SysWOW64\oleacc.dll","SUCCESS","Image Base: 0x72ba0000, Image Size: 0x56000"
"13:37:23,4217984","Condor.exe","10428","QueryNameInformationFile","C:\Windows\SysWOW64\oleacc.dll","BUFFER OVERFLOW","Name: \Windo"
"13:37:23,4218126","Condor.exe","10428","QueryNameInformationFile","C:\Windows\SysWOW64\oleacc.dll","SUCCESS","Name: \Windows\SysWOW64\oleacc.dll"
"13:37:23,4218857","Condor.exe","10428","CloseFile","C:\Windows\SysWOW64\oleacc.dll","SUCCESS",""
"13:37:23,4220493","Condor.exe","10428","CreateFile","C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.16299.248_none_8e66fbc1026df8ab\GdiPlus.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"13:37:23,4220780","Condor.exe","10428","QueryBasicInformationFile","C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.16299.248_none_8e66fbc1026df8ab\GdiPlus.dll","SUCCESS","CreationTime: 14.02.2018 01:31:20, LastAccessTime: 14.02.2018 01:31:20, LastWriteTime: 10.02.2018 05:46:22, ChangeTime: 14.02.2018 01:34:27, FileAttributes: A"
"13:37:23,4220888","Condor.exe","10428","CloseFile","C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.16299.248_none_8e66fbc1026df8ab\GdiPlus.dll","SUCCESS",""
"13:37:23,4222280","Condor.exe","10428","CreateFile","C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.16299.248_none_8e66fbc1026df8ab\GdiPlus.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"13:37:23,4222679","Condor.exe","10428","CreateFileMapping","C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.16299.248_none_8e66fbc1026df8ab\GdiPlus.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READ"
"13:37:23,4222905","Condor.exe","10428","CreateFileMapping","C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.16299.248_none_8e66fbc1026df8ab\GdiPlus.dll","SUCCESS","SyncType: SyncTypeOther"
"13:37:23,4223545","Condor.exe","10428","Load Image","C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.16299.248_none_8e66fbc1026df8ab\GdiPlus.dll","SUCCESS","Image Base: 0x739d0000, Image Size: 0x16b000"
"13:37:23,4223811","Condor.exe","10428","QueryNameInformationFile","C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.16299.248_none_8e66fbc1026df8ab\GdiPlus.dll","BUFFER OVERFLOW","Name: \Windo"
"13:37:23,4223965","Condor.exe","10428","QueryNameInformationFile","C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.16299.248_none_8e66fbc1026df8ab\GdiPlus.dll","SUCCESS","Name: \Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.16299.248_none_8e66fbc1026df8ab\GdiPlus.dll"
"13:37:23,4224683","Condor.exe","10428","CloseFile","C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.16299.248_none_8e66fbc1026df8ab\GdiPlus.dll","SUCCESS",""
"13:37:23,4228233","Condor.exe","10428","QueryOpen","E:\Condor2\OLEACCRC.DLL","NAME NOT FOUND",""
"13:37:23,4229969","Condor.exe","10428","CreateFile","C:\Windows\SysWOW64\oleaccrc.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"13:37:23,4230787","Condor.exe","10428","QueryBasicInformationFile","C:\Windows\SysWOW64\oleaccrc.dll","SUCCESS","CreationTime: 29.09.2017 14:42:22, LastAccessTime: 29.09.2017 14:42:22, LastWriteTime: 29.09.2017 14:42:22, ChangeTime: 19.01.2018 04:59:39, FileAttributes: A"
"13:37:23,4230926","Condor.exe","10428","CloseFile","C:\Windows\SysWOW64\oleaccrc.dll","SUCCESS",""
"13:37:23,4232148","Condor.exe","10428","CreateFile","C:\Windows\SysWOW64\oleaccrc.dll","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"13:37:23,4232662","Condor.exe","10428","CreateFileMapping","C:\Windows\SysWOW64\oleaccrc.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READ"
"13:37:23,4232779","Condor.exe","10428","QueryStandardInformationFile","C:\Windows\SysWOW64\oleaccrc.dll","SUCCESS","AllocationSize: 8 192, EndOfFile: 4 608, NumberOfLinks: 2, DeletePending: False, Directory: False"
"13:37:23,4232963","Condor.exe","10428","CreateFileMapping","C:\Windows\SysWOW64\oleaccrc.dll","SUCCESS","SyncType: SyncTypeOther"
"13:37:23,4233289","Condor.exe","10428","CloseFile","C:\Windows\SysWOW64\oleaccrc.dll","SUCCESS",""
"13:37:23,4233893","Condor.exe","10428","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Control\Session Manager","REPARSE","Desired Access: Query Value, Enumerate Sub Keys"
"13:37:23,4234026","Condor.exe","10428","RegOpenKey","HKLM\System\CurrentControlSet\Control\Session Manager","SUCCESS","Desired Access: Query Value, Enumerate Sub Keys"
"13:37:23,4234153","Condor.exe","10428","RegSetInfoKey","HKLM\System\CurrentControlSet\Control\Session Manager","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"13:37:23,4234225","Condor.exe","10428","RegQueryValue","HKLM\System\CurrentControlSet\Control\Session Manager\ResourcePolicies","NAME NOT FOUND","Length: 24"
"13:37:23,4234337","Condor.exe","10428","RegCloseKey","HKLM\System\CurrentControlSet\Control\Session Manager","SUCCESS",""
"13:37:23,4243227","Condor.exe","10428","RegOpenKey","HKCU","SUCCESS","Desired Access: Read"
"13:37:23,4243426","Condor.exe","10428","RegCloseKey","HKCU","SUCCESS",""
"13:37:23,4243565","Condor.exe","10428","RegOpenKey","HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows","SUCCESS","Desired Access: Read"
"13:37:23,4243713","Condor.exe","10428","RegSetInfoKey","HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"13:37:23,4243783","Condor.exe","10428","RegQueryValue","HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\DragMinDist","NAME NOT FOUND","Length: 16"
"13:37:23,4243891","Condor.exe","10428","RegCloseKey","HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows","SUCCESS",""
"13:37:23,4244226","Condor.exe","10428","RegOpenKey","HKCU","SUCCESS","Desired Access: Read"
"13:37:23,4244350","Condor.exe","10428","RegCloseKey","HKCU","SUCCESS",""
"13:37:23,4244450","Condor.exe","10428","RegOpenKey","HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows","SUCCESS","Desired Access: Read"
"13:37:23,4244546","Condor.exe","10428","RegSetInfoKey","HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"13:37:23,4244613","Condor.exe","10428","RegQueryValue","HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\DragDelay","NAME NOT FOUND","Length: 16"
"13:37:23,4244703","Condor.exe","10428","RegCloseKey","HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows","SUCCESS",""
"13:37:23,4262526","Condor.exe","10428","CreateFile","C:\Windows\SysWOW64\dwmapi.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"13:37:23,4263193","Condor.exe","10428","QueryBasicInformationFile","C:\Windows\SysWOW64\dwmapi.dll","SUCCESS","CreationTime: 29.09.2017 14:42:16, LastAccessTime: 29.09.2017 14:42:16, LastWriteTime: 29.09.2017 14:42:16, ChangeTime: 19.01.2018 04:59:35, FileAttributes: A"
"13:37:23,4263308","Condor.exe","10428","CloseFile","C:\Windows\SysWOW64\dwmapi.dll","SUCCESS",""
"13:37:23,4264256","Condor.exe","10428","CreateFile","C:\Windows\SysWOW64\dwmapi.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"13:37:23,4264711","Condor.exe","10428","CreateFileMapping","C:\Windows\SysWOW64\dwmapi.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READ"
"13:37:23,4264932","Condor.exe","10428","CreateFileMapping","C:\Windows\SysWOW64\dwmapi.dll","SUCCESS","SyncType: SyncTypeOther"
"13:37:23,4265677","Condor.exe","10428","Load Image","C:\Windows\SysWOW64\dwmapi.dll","SUCCESS","Image Base: 0x707b0000, Image Size: 0x23000"
"13:37:23,4265886","Condor.exe","10428","QueryNameInformationFile","C:\Windows\SysWOW64\dwmapi.dll","BUFFER OVERFLOW","Name: \Windo"
"13:37:23,4266025","Condor.exe","10428","QueryNameInformationFile","C:\Windows\SysWOW64\dwmapi.dll","SUCCESS","Name: \Windows\SysWOW64\dwmapi.dll"
"13:37:23,4266737","Condor.exe","10428","CloseFile","C:\Windows\SysWOW64\dwmapi.dll","SUCCESS",""
"13:37:23,4269765","Condor.exe","10428","CreateFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"13:37:23,4270027","Condor.exe","10428","QueryBasicInformationFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","CreationTime: 14.02.2018 01:31:21, LastAccessTime: 14.02.2018 01:31:21, LastWriteTime: 10.02.2018 06:22:00, ChangeTime: 14.02.2018 02:22:35, FileAttributes: A"
"13:37:23,4270127","Condor.exe","10428","CloseFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS",""
"13:37:23,4274915","Condor.exe","10428","QueryOpen","E:\Condor2\Condor.exe","SUCCESS","CreationTime: 26.02.2018 13:33:12, LastAccessTime: 26.02.2018 13:33:12, LastWriteTime: 20.02.2018 19:43:12, ChangeTime: 26.02.2018 13:34:54, AllocationSize: 3 809 280, EndOfFile: 3 806 280, FileAttributes: A"
"13:37:23,4280050","Condor.exe","10428","QueryOpen","E:\Condor2\Condor.exe","SUCCESS","CreationTime: 26.02.2018 13:33:12, LastAccessTime: 26.02.2018 13:33:12, LastWriteTime: 20.02.2018 19:43:12, ChangeTime: 26.02.2018 13:34:54, AllocationSize: 3 809 280, EndOfFile: 3 806 280, FileAttributes: A"
"13:37:23,4283062","Condor.exe","10428","RegOpenKey","HKLM\System\CurrentControlSet\Control\CMF\Config","REPARSE","Desired Access: Read"
"13:37:23,4283268","Condor.exe","10428","RegOpenKey","HKLM\System\CurrentControlSet\Control\CMF\Config","SUCCESS","Desired Access: Read"
"13:37:23,4283455","Condor.exe","10428","RegSetInfoKey","HKLM\System\CurrentControlSet\Control\CMF\Config","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"13:37:23,4283551","Condor.exe","10428","RegQueryValue","HKLM\System\CurrentControlSet\Control\CMF\Config\SYSTEM","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"13:37:23,4283684","Condor.exe","10428","RegCloseKey","HKLM\System\CurrentControlSet\Control\CMF\Config","SUCCESS",""
"13:37:23,4284557","Condor.exe","10428","CreateFile","C:\Windows\SysWOW64\fr-FR\user32.dll.mui","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"13:37:23,4285607","Condor.exe","10428","CreateFileMapping","C:\Windows\SysWOW64\fr-FR\user32.dll.mui","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READ"
"13:37:23,4285725","Condor.exe","10428","QueryStandardInformationFile","C:\Windows\SysWOW64\fr-FR\user32.dll.mui","SUCCESS","AllocationSize: 20 480, EndOfFile: 19 968, NumberOfLinks: 4, DeletePending: False, Directory: False"
"13:37:23,4285894","Condor.exe","10428","CreateFileMapping","C:\Windows\System32\fr-FR\user32.dll.mui","SUCCESS","SyncType: SyncTypeOther"
"13:37:23,4287370","Condor.exe","10428","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\Sorting\Versions\000602xx","SUCCESS","Type: REG_SZ, Length: 26, Data: kernel32.dll"
"13:37:23,4288502","Condor.exe","10428","CreateFile","C:\Windows\Globalization\Sorting\SortDefault.nls","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, AllocationSize: n/a, OpenResult: Opened"
"13:37:23,4288928","Condor.exe","10428","CreateFileMapping","C:\Windows\Globalization\Sorting\SortDefault.nls","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READ|PAGE_NOCACHE"
"13:37:23,4289015","Condor.exe","10428","QueryStandardInformationFile","C:\Windows\Globalization\Sorting\SortDefault.nls","SUCCESS","AllocationSize: 3 371 008, EndOfFile: 3 368 788, NumberOfLinks: 2, DeletePending: False, Directory: False"
"13:37:23,4289172","Condor.exe","10428","CreateFileMapping","C:\Windows\Globalization\Sorting\SortDefault.nls","SUCCESS","SyncType: SyncTypeOther"
"13:37:23,4289453","Condor.exe","10428","CloseFile","C:\Windows\Globalization\Sorting\SortDefault.nls","SUCCESS",""
"13:37:23,4289951","Condor.exe","10428","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\Sorting\Ids","REPARSE","Desired Access: Read"
"13:37:23,4290063","Condor.exe","10428","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\Sorting\Ids","SUCCESS","Desired Access: Read"
"13:37:23,4290180","Condor.exe","10428","RegSetInfoKey","HKLM\System\CurrentControlSet\Control\Nls\Sorting\Ids","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"13:37:23,4290238","Condor.exe","10428","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\Sorting\Ids\fr-CH","NAME NOT FOUND","Length: 90"
"13:37:23,4290325","Condor.exe","10428","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\Sorting\Ids\fr","SUCCESS","Type: REG_SZ, Length: 78, Data: {00000003-57EE-1E5C-00B4-D0000BB1E11E}"
"13:37:23,4291998","Condor.exe","10428","CreateFile","C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.16299.248_none_d0271d135f36f548\comctl32.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"13:37:23,4292233","Condor.exe","10428","QueryBasicInformationFile","C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.16299.248_none_d0271d135f36f548\comctl32.dll","SUCCESS","CreationTime: 14.02.2018 01:31:18, LastAccessTime: 14.02.2018 01:31:18, LastWriteTime: 10.02.2018 06:05:40, ChangeTime: 14.02.2018 01:34:27, FileAttributes: A"
"13:37:23,4292324","Condor.exe","10428","CloseFile","C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.16299.248_none_d0271d135f36f548\comctl32.dll","SUCCESS",""
"13:37:23,4293549","Condor.exe","10428","QueryOpen","E:\Condor2\D3DXOF.DLL","NAME NOT FOUND",""
"13:37:23,4295267","Condor.exe","10428","CreateFile","C:\Windows\SysWOW64\d3dxof.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"13:37:23,4295913","Condor.exe","10428","QueryBasicInformationFile","C:\Windows\SysWOW64\d3dxof.dll","SUCCESS","CreationTime: 29.09.2017 14:42:14, LastAccessTime: 29.09.2017 14:42:14, LastWriteTime: 29.09.2017 14:42:14, ChangeTime: 19.01.2018 04:59:34, FileAttributes: A"
"13:37:23,4296070","Condor.exe","10428","CloseFile","C:\Windows\SysWOW64\d3dxof.dll","SUCCESS",""
"13:37:23,4297000","Condor.exe","10428","CreateFile","C:\Windows\SysWOW64\d3dxof.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"13:37:23,4297453","Condor.exe","10428","CreateFileMapping","C:\Windows\SysWOW64\d3dxof.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READ|PAGE_NOCACHE"
"13:37:23,4297860","Condor.exe","10428","CreateFileMapping","C:\Windows\SysWOW64\d3dxof.dll","SUCCESS","SyncType: SyncTypeOther"
"13:37:23,4298560","Condor.exe","10428","Load Image","C:\Windows\SysWOW64\d3dxof.dll","SUCCESS","Image Base: 0x50050000, Image Size: 0x14000"
"13:37:23,4298772","Condor.exe","10428","QueryNameInformationFile","C:\Windows\SysWOW64\d3dxof.dll","BUFFER OVERFLOW","Name: \Windo"
"13:37:23,4298899","Condor.exe","10428","QueryNameInformationFile","C:\Windows\SysWOW64\d3dxof.dll","SUCCESS","Name: \Windows\SysWOW64\d3dxof.dll"
"13:37:23,4299548","Condor.exe","10428","CloseFile","C:\Windows\SysWOW64\d3dxof.dll","SUCCESS",""
"13:37:23,4300918","Condor.exe","10428","QueryOpen","E:\Condor2\DSound.dll","NAME NOT FOUND",""
"13:37:23,4302690","Condor.exe","10428","CreateFile","C:\Windows\SysWOW64\dsound.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"13:37:23,4303297","Condor.exe","10428","QueryBasicInformationFile","C:\Windows\SysWOW64\dsound.dll","SUCCESS","CreationTime: 29.09.2017 14:42:09, LastAccessTime: 29.09.2017 14:42:09, LastWriteTime: 29.09.2017 14:42:09, ChangeTime: 19.01.2018 04:59:35, FileAttributes: A"
"13:37:23,4303393","Condor.exe","10428","CloseFile","C:\Windows\SysWOW64\dsound.dll","SUCCESS",""
"13:37:23,4304474","Condor.exe","10428","CreateFile","C:\Windows\SysWOW64\dsound.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"13:37:23,4304915","Condor.exe","10428","CreateFileMapping","C:\Windows\SysWOW64\dsound.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READ|PAGE_NOCACHE"
"13:37:23,4305135","Condor.exe","10428","CreateFileMapping","C:\Windows\SysWOW64\dsound.dll","SUCCESS","SyncType: SyncTypeOther"
"13:37:23,4305905","Condor.exe","10428","Load Image","C:\Windows\SysWOW64\dsound.dll","SUCCESS","Image Base: 0x6a270000, Image Size: 0x80000"
"13:37:23,4306089","Condor.exe","10428","QueryNameInformationFile","C:\Windows\SysWOW64\dsound.dll","BUFFER OVERFLOW","Name: \Windo"
"13:37:23,4306216","Condor.exe","10428","QueryNameInformationFile","C:\Windows\SysWOW64\dsound.dll","SUCCESS","Name: \Windows\SysWOW64\dsound.dll"
"13:37:23,4307433","Condor.exe","10428","CloseFile","C:\Windows\SysWOW64\dsound.dll","SUCCESS",""
"13:37:23,4310116","Condor.exe","10428","CreateFile","C:\Windows\SysWOW64\rpcss.dll","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"13:37:23,4315166","Condor.exe","10428","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\SideBySide\AssemblyStorageRoots","NAME NOT FOUND","Desired Access: Enumerate Sub Keys"
"13:37:23,4315927","Condor.exe","10428","QueryOpen","E:\Condor2\Condor.exe.Local","NAME NOT FOUND",""
"13:37:23,4316942","Condor.exe","10428","CreateFile","C:\Windows\WinSxS\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.16299.248_fr-fr_88b538db7ed62f3c","SUCCESS","Desired Access: Execute/Traverse, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"13:37:23,4318074","Condor.exe","10428","CreateFile","C:\Windows\WinSxS\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.16299.248_fr-fr_88b538db7ed62f3c\comctl32.dll.mui","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"13:37:23,4318505","Condor.exe","10428","CreateFileMapping","C:\Windows\WinSxS\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.16299.248_fr-fr_88b538db7ed62f3c\comctl32.dll.mui","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READ|PAGE_NOCACHE"
"13:37:23,4318599","Condor.exe","10428","QueryStandardInformationFile","C:\Windows\WinSxS\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.16299.248_fr-fr_88b538db7ed62f3c\comctl32.dll.mui","SUCCESS","AllocationSize: 8 192, EndOfFile: 6 144, NumberOfLinks: 2, DeletePending: False, Directory: False"
"13:37:23,4318738","Condor.exe","10428","CreateFileMapping","C:\Windows\WinSxS\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.16299.248_fr-fr_88b538db7ed62f3c\comctl32.dll.mui","SUCCESS","SyncType: SyncTypeOther"
"13:37:23,4320066","Condor.exe","10428","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"13:37:23,4320126","Condor.exe","10428","RegQueryKey","HKLM","SUCCESS","Query: Name"
"13:37:23,4320250","Condor.exe","10428","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions","SUCCESS","Desired Access: Read"
"13:37:23,4320443","Condor.exe","10428","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"13:37:23,4320733","Condor.exe","10428","RegQueryKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions","SUCCESS","Query: HandleTags, HandleTags: 0x400"
"13:37:23,4320793","Condor.exe","10428","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}","SUCCESS","Desired Access: Read"
"13:37:23,4320959","Condor.exe","10428","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions","SUCCESS",""
"13:37:23,4321035","Condor.exe","10428","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\Category","SUCCESS","Type: REG_DWORD, Length: 4, Data: 4"
"13:37:23,4321101","Condor.exe","10428","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\Name","SUCCESS","Type: REG_SZ, Length: 16, Data: Desktop"
"13:37:23,4321165","Condor.exe","10428","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\ParentFolder","NAME NOT FOUND","Length: 144"
"13:37:23,4321219","Condor.exe","10428","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\Description","NAME NOT FOUND","Length: 144"
"13:37:23,4321295","Condor.exe","10428","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\RelativePath","SUCCESS","Type: REG_SZ, Length: 16, Data: Desktop"
"13:37:23,4321458","Condor.exe","10428","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\ParsingName","NAME NOT FOUND","Length: 144"
"13:37:23,4321536","Condor.exe","10428","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\InfoTip","NAME NOT FOUND","Length: 144"
"13:37:23,4321590","Condor.exe","10428","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\LocalizedName","SUCCESS","Type: REG_EXPAND_SZ, Length: 84, Data: @%SystemRoot%\system32\shell32.dll,-21769"
"13:37:23,4321657","Condor.exe","10428","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\Icon","SUCCESS","Type: REG_EXPAND_SZ, Length: 80, Data: %SystemRoot%\system32\imageres.dll,-183"
"13:37:23,4321714","Condor.exe","10428","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\Security","NAME NOT FOUND","Length: 144"
"13:37:23,4321762","Condor.exe","10428","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\StreamResource","NAME NOT FOUND","Length: 144"
"13:37:23,4321811","Condor.exe","10428","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\StreamResourceType","NAME NOT FOUND","Length: 144"
"13:37:23,4321859","Condor.exe","10428","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\LocalRedirectOnly","NAME NOT FOUND","Length: 144"
"13:37:23,4321901","Condor.exe","10428","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\Roamable","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1"
"13:37:23,4321950","Condor.exe","10428","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\PreCreate","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1"
"13:37:23,4322001","Condor.exe","10428","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\Stream","NAME NOT FOUND","Length: 144"
"13:37:23,4322149","Condor.exe","10428","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\PublishExpandedPath","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1"
"13:37:23,4322230","Condor.exe","10428","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\DefinitionFlags","NAME NOT FOUND","Length: 144"
"13:37:23,4322285","Condor.exe","10428","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\Attributes","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1"
"13:37:23,4322330","Condor.exe","10428","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\FolderTypeID","NAME NOT FOUND","Length: 144"
"13:37:23,4322378","Condor.exe","10428","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\InitFolderHandler","NAME NOT FOUND","Length: 144"
"13:37:23,4322547","Condor.exe","10428","RegQueryKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}","SUCCESS","Query: HandleTags, HandleTags: 0x400"
"13:37:23,4322617","Condor.exe","10428","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\PropertyBag","SUCCESS","Desired Access: Read"
"13:37:23,4322816","Condor.exe","10428","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}","SUCCESS",""
"13:37:23,4323344","Condor.exe","10428","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"13:37:23,4323399","Condor.exe","10428","RegQueryKey","HKCU","SUCCESS","Query: Name"
"13:37:23,4323492","Condor.exe","10428","RegOpenKey","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer","SUCCESS","Desired Access: Query Value"
"13:37:23,4323619","Condor.exe","10428","RegSetInfoKey","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"13:37:23,4323697","Condor.exe","10428","RegQueryKey","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer","SUCCESS","Query: HandleTags, HandleTags: 0x400"
"13:37:23,4323755","Condor.exe","10428","RegOpenKey","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1","SUCCESS","Desired Access: Query Value"
"13:37:23,4323876","Condor.exe","10428","RegQueryKey","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1","SUCCESS","Query: HandleTags, HandleTags: 0x400"
"13:37:23,4323921","Condor.exe","10428","RegOpenKey","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\KnownFolders","NAME NOT FOUND","Desired Access: Query Value"
"13:37:23,4324057","Condor.exe","10428","RegCloseKey","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1","SUCCESS",""
"13:37:23,4324177","Condor.exe","10428","RegOpenKey","HKCU","SUCCESS","Desired Access: Read"
"13:37:23,4324277","Condor.exe","10428","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"13:37:23,4324319","Condor.exe","10428","RegQueryKey","HKCU","SUCCESS","Query: Name"
"13:37:23,4324389","Condor.exe","10428","RegOpenKey","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders","SUCCESS","Desired Access: Read"
"13:37:23,4324485","Condor.exe","10428","RegSetInfoKey","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"13:37:23,4324561","Condor.exe","10428","RegCloseKey","HKCU","SUCCESS",""
"13:37:23,4324663","Condor.exe","10428","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Desktop","SUCCESS","Type: REG_EXPAND_SZ, Length: 44, Data: %USERPROFILE%\Desktop"
"13:37:23,4325050","Condor.exe","10428","RegCloseKey","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders","SUCCESS",""
"13:37:23,4326411","Condor.exe","10428","CreateFile","C:\Users\Michel.DESKTOP-T5RJH6O\Desktop","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"13:37:23,4326662","Condor.exe","10428","QueryBasicInformationFile","C:\Users\Michel.DESKTOP-T5RJH6O\Desktop","SUCCESS","CreationTime: 19.01.2018 05:11:13, LastAccessTime: 26.02.2018 13:29:28, LastWriteTime: 26.02.2018 13:29:28, ChangeTime: 26.02.2018 13:29:28, FileAttributes: RD"
"13:37:23,4326752","Condor.exe","10428","CloseFile","C:\Users\Michel.DESKTOP-T5RJH6O\Desktop","SUCCESS",""
"13:37:23,4327018","Condor.exe","10428","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"13:37:23,4327069","Condor.exe","10428","RegQueryKey","HKLM","SUCCESS","Query: Name"
"13:37:23,4327181","Condor.exe","10428","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\KnownFolderSettings","NAME NOT FOUND","Desired Access: Query Value"
"13:37:23,4327450","Condor.exe","10428","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"13:37:23,4327498","Condor.exe","10428","RegQueryKey","HKLM","SUCCESS","Query: Name"
"13:37:23,4327580","Condor.exe","10428","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\KnownFolderSettings","NAME NOT FOUND","Desired Access: Query Value"
"13:37:23,4328355","Condor.exe","10428","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"13:37:23,4328401","Condor.exe","10428","RegQueryKey","HKLM","SUCCESS","Query: Name"
"13:37:23,4328491","Condor.exe","10428","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\Explorer","REPARSE","Desired Access: Query Value"
"13:37:23,4328651","Condor.exe","10428","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer","SUCCESS","Desired Access: Query Value"
"13:37:23,4328757","Condor.exe","10428","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"13:37:23,4328829","Condor.exe","10428","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoPropertiesMyComputer","NAME NOT FOUND","Length: 144"
"13:37:23,4328935","Condor.exe","10428","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer","SUCCESS",""
"13:37:23,4329022","Condor.exe","10428","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"13:37:23,4329071","Condor.exe","10428","RegQueryKey","HKCU","SUCCESS","Query: Name"
"13:37:23,4329152","Condor.exe","10428","RegOpenKey","HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer","SUCCESS","Desired Access: Query Value"
"13:37:23,4329249","Condor.exe","10428","RegSetInfoKey","HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"13:37:23,4329297","Condor.exe","10428","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoPropertiesMyComputer","NAME NOT FOUND","Length: 144"
"13:37:23,4329373","Condor.exe","10428","RegCloseKey","HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer","SUCCESS",""
"13:37:23,4329451","Condor.exe","10428","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"13:37:23,4329493","Condor.exe","10428","RegQueryKey","HKLM","SUCCESS","Query: Name"
"13:37:23,4329572","Condor.exe","10428","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\Explorer","REPARSE","Desired Access: Query Value"
"13:37:23,4329702","Condor.exe","10428","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer","SUCCESS","Desired Access: Query Value"
"13:37:23,4329771","Condor.exe","10428","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"13:37:23,4329816","Condor.exe","10428","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoPropertiesRecycleBin","NAME NOT FOUND","Length: 144"
"13:37:23,4329895","Condor.exe","10428","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer","SUCCESS",""
"13:37:23,4329964","Condor.exe","10428","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"13:37:23,4330010","Condor.exe","10428","RegQueryKey","HKCU","SUCCESS","Query: Name"
"13:37:23,4330112","Condor.exe","10428","RegOpenKey","HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer","SUCCESS","Desired Access: Query Value"
"13:37:23,4330281","Condor.exe","10428","RegSetInfoKey","HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"13:37:23,4330342","Condor.exe","10428","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoPropertiesRecycleBin","NAME NOT FOUND","Length: 144"
"13:37:23,4330450","Condor.exe","10428","RegCloseKey","HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer","SUCCESS",""
"13:37:23,4331736","Condor.exe","10428","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"13:37:23,4331791","Condor.exe","10428","RegQueryKey","HKLM","SUCCESS","Query: Name"
"13:37:23,4331902","Condor.exe","10428","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\Explorer","REPARSE","Desired Access: Query Value"
"13:37:23,4332093","Condor.exe","10428","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer","SUCCESS","Desired Access: Query Value"
"13:37:23,4332186","Condor.exe","10428","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"13:37:23,4332240","Condor.exe","10428","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoControlPanel","NAME NOT FOUND","Length: 144"
"13:37:23,4332340","Condor.exe","10428","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer","SUCCESS",""
"13:37:23,4332428","Condor.exe","10428","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"13:37:23,4332479","Condor.exe","10428","RegQueryKey","HKCU","SUCCESS","Query: Name"
"13:37:23,4332563","Condor.exe","10428","RegOpenKey","HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer","SUCCESS","Desired Access: Query Value"
"13:37:23,4332648","Condor.exe","10428","RegSetInfoKey","HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"13:37:23,4332696","Condor.exe","10428","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoControlPanel","NAME NOT FOUND","Length: 144"
"13:37:23,4332775","Condor.exe","10428","RegCloseKey","HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer","SUCCESS",""
"13:37:23,4332865","Condor.exe","10428","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"13:37:23,4332914","Condor.exe","10428","RegQueryKey","HKLM","SUCCESS","Query: Name"
"13:37:23,4332992","Condor.exe","10428","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\Explorer","REPARSE","Desired Access: Query Value"
"13:37:23,4333125","Condor.exe","10428","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer","SUCCESS","Desired Access: Query Value"
"13:37:23,4333194","Condor.exe","10428","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"13:37:23,4333240","Condor.exe","10428","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetFolders","NAME NOT FOUND","Length: 144"
"13:37:23,4333315","Condor.exe","10428","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer","SUCCESS",""
"13:37:23,4333385","Condor.exe","10428","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"13:37:23,4333430","Condor.exe","10428","RegQueryKey","HKCU","SUCCESS","Query: Name"
"13:37:23,4333499","Condor.exe","10428","RegOpenKey","HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer","SUCCESS","Desired Access: Query Value"
"13:37:23,4333575","Condor.exe","10428","RegSetInfoKey","HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"13:37:23,4333617","Condor.exe","10428","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetFolders","NAME NOT FOUND","Length: 144"
"13:37:23,4333683","Condor.exe","10428","RegCloseKey","HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer","SUCCESS",""
"13:37:23,4333765","Condor.exe","10428","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"13:37:23,4333807","Condor.exe","10428","RegQueryKey","HKLM","SUCCESS","Query: Name"
"13:37:23,4333883","Condor.exe","10428","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\Explorer","REPARSE","Desired Access: Query Value"
"13:37:23,4334003","Condor.exe","10428","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer","SUCCESS","Desired Access: Query Value"
"13:37:23,4334070","Condor.exe","10428","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"13:37:23,4334115","Condor.exe","10428","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoInternetIcon","NAME NOT FOUND","Length: 144"
"13:37:23,4334188","Condor.exe","10428","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer","SUCCESS",""
"13:37:23,4334254","Condor.exe","10428","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"13:37:23,4334299","Condor.exe","10428","RegQueryKey","HKCU","SUCCESS","Query: Name"
"13:37:23,4334366","Condor.exe","10428","RegOpenKey","HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer","SUCCESS","Desired Access: Query Value"
"13:37:23,4334438","Condor.exe","10428","RegSetInfoKey","HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"13:37:23,4334492","Condor.exe","10428","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoInternetIcon","NAME NOT FOUND","Length: 144"
"13:37:23,4334559","Condor.exe","10428","RegCloseKey","HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer","SUCCESS",""
"13:37:23,4334785","Condor.exe","10428","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"13:37:23,4334846","Condor.exe","10428","RegQueryKey","HKLM","SUCCESS","Query: Name"
"13:37:23,4334969","Condor.exe","10428","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellCompatibility\Applications\Condor.exe","NAME NOT FOUND","Desired Access: Query Value, Enumerate Sub Keys"
"13:37:23,4335404","Condor.exe","10428","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"13:37:23,4335449","Condor.exe","10428","RegQueryKey","HKLM","SUCCESS","Query: Name"
"13:37:23,4335546","Condor.exe","10428","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace","SUCCESS","Desired Access: Query Value"
"13:37:23,4335676","Condor.exe","10428","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"13:37:23,4335748","Condor.exe","10428","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\ValidateRegItems","NAME NOT FOUND","Length: 144"
"13:37:23,4335860","Condor.exe","10428","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace","SUCCESS",""
"13:37:23,4335935","Condor.exe","10428","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"13:37:23,4335978","Condor.exe","10428","RegQueryKey","HKLM","SUCCESS","Query: Name"
"13:37:23,4336059","Condor.exe","10428","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace","SUCCESS","Desired Access: Query Value"
"13:37:23,4336162","Condor.exe","10428","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"13:37:23,4336213","Condor.exe","10428","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\MonitorRegistry","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1"
"13:37:23,4336301","Condor.exe","10428","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace","SUCCESS",""
"13:37:23,4336660","Condor.exe","10428","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"13:37:23,4336708","Condor.exe","10428","RegQueryKey","HKLM","SUCCESS","Query: Name"
"13:37:23,4336796","Condor.exe","10428","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\Explorer","REPARSE","Desired Access: Query Value"
"13:37:23,4336953","Condor.exe","10428","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer","SUCCESS","Desired Access: Query Value"
"13:37:23,4337028","Condor.exe","10428","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"13:37:23,4337076","Condor.exe","10428","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoCommonGroups","NAME NOT FOUND","Length: 144"
"13:37:23,4337164","Condor.exe","10428","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer","SUCCESS",""
"13:37:23,4337246","Condor.exe","10428","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"13:37:23,4337291","Condor.exe","10428","RegQueryKey","HKCU","SUCCESS","Query: Name"
"13:37:23,4337369","Condor.exe","10428","RegOpenKey","HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer","SUCCESS","Desired Access: Query Value"
"13:37:23,4337454","Condor.exe","10428","RegSetInfoKey","HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"13:37:23,4337499","Condor.exe","10428","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoCommonGroups","NAME NOT FOUND","Length: 144"
"13:37:23,4337572","Condor.exe","10428","RegCloseKey","HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer","SUCCESS",""
"13:37:23,4338851","Condor.exe","10428","QueryOpen","E:\Condor2\DInput8.dll","NAME NOT FOUND",""
"13:37:23,4340219","Condor.exe","10428","CreateFile","C:\Windows\SysWOW64\dinput8.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"13:37:23,4340853","Condor.exe","10428","QueryBasicInformationFile","C:\Windows\SysWOW64\dinput8.dll","SUCCESS","CreationTime: 29.09.2017 14:42:14, LastAccessTime: 29.09.2017 14:42:14, LastWriteTime: 29.09.2017 14:42:14, ChangeTime: 19.01.2018 04:59:34, FileAttributes: A"
"13:37:23,4340953","Condor.exe","10428","CloseFile","C:\Windows\SysWOW64\dinput8.dll","SUCCESS",""
"13:37:23,4341816","Condor.exe","10428","CreateFile","C:\Windows\SysWOW64\dinput8.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"13:37:23,4342235","Condor.exe","10428","CreateFileMapping","C:\Windows\SysWOW64\dinput8.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READ|PAGE_NOCACHE"
"13:37:23,4342429","Condor.exe","10428","CreateFileMapping","C:\Windows\SysWOW64\dinput8.dll","SUCCESS","SyncType: SyncTypeOther"
"13:37:23,4343144","Condor.exe","10428","Load Image","C:\Windows\SysWOW64\dinput8.dll","SUCCESS","Image Base: 0x60f20000, Image Size: 0x38000"
"13:37:23,4343325","Condor.exe","10428","QueryNameInformationFile","C:\Windows\SysWOW64\dinput8.dll","BUFFER OVERFLOW","Name: \Windo"
"13:37:23,4343449","Condor.exe","10428","QueryNameInformationFile","C:\Windows\SysWOW64\dinput8.dll","SUCCESS","Name: \Windows\SysWOW64\dinput8.dll"
"13:37:23,4344457","Condor.exe","10428","CloseFile","C:\Windows\SysWOW64\dinput8.dll","SUCCESS",""
"13:37:23,4345197","Condor.exe","10428","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\63ec1c5f-7672-4db1-9db0-98a4531cc134","NAME NOT FOUND","Length: 524"
"13:37:23,4346157","Condor.exe","10428","Thread Create","","SUCCESS","Thread ID: 3308"
"13:37:23,4346836","Condor.exe","10428","QueryOpen","E:\Condor2\Wship6.dll","NAME NOT FOUND",""
"13:37:23,4348533","Condor.exe","10428","CreateFile","C:\Windows\SysWOW64\wship6.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"13:37:23,4349188","Condor.exe","10428","QueryBasicInformationFile","C:\Windows\SysWOW64\wship6.dll","SUCCESS","CreationTime: 29.09.2017 14:42:14, LastAccessTime: 29.09.2017 14:42:14, LastWriteTime: 29.09.2017 14:42:14, ChangeTime: 19.01.2018 04:59:44, FileAttributes: A"
"13:37:23,4349290","Condor.exe","10428","CloseFile","C:\Windows\SysWOW64\wship6.dll","SUCCESS",""
"13:37:23,4350664","Condor.exe","10428","CreateFile","C:\Windows\SysWOW64\wship6.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"13:37:23,4351101","Condor.exe","10428","CreateFileMapping","C:\Windows\SysWOW64\wship6.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READ|PAGE_NOCACHE"
"13:37:23,4351292","Condor.exe","10428","CreateFileMapping","C:\Windows\SysWOW64\wship6.dll","SUCCESS","SyncType: SyncTypeOther"
"13:37:23,4351944","Condor.exe","10428","Load Image","C:\Windows\SysWOW64\wship6.dll","SUCCESS","Image Base: 0x6f5f0000, Image Size: 0x7000"
"13:37:23,4352134","Condor.exe","10428","QueryNameInformationFile","C:\Windows\SysWOW64\wship6.dll","BUFFER OVERFLOW","Name: \Windo"
"13:37:23,4352264","Condor.exe","10428","QueryNameInformationFile","C:\Windows\SysWOW64\wship6.dll","SUCCESS","Name: \Windows\SysWOW64\wship6.dll"
"13:37:23,4352873","Condor.exe","10428","CloseFile","C:\Windows\SysWOW64\wship6.dll","SUCCESS",""
"13:37:23,4355409","Condor.exe","10428","CreateFile","C:\Windows\SysWOW64\InputHost.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"13:37:23,4355937","Condor.exe","10428","QueryBasicInformationFile","C:\Windows\SysWOW64\InputHost.dll","SUCCESS","CreationTime: 29.09.2017 14:42:11, LastAccessTime: 29.09.2017 14:42:11, LastWriteTime: 29.09.2017 14:42:11, ChangeTime: 19.01.2018 04:59:36, FileAttributes: A"
"13:37:23,4356028","Condor.exe","10428","CloseFile","C:\Windows\SysWOW64\InputHost.dll","SUCCESS",""
"13:37:23,4356873","Condor.exe","10428","CreateFile","C:\Windows\SysWOW64\InputHost.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"