"Time of Day","Process Name","PID","Operation","Path","Result","Detail" "11:31:19.9533626 AM","icl.exe","42776","Process Start","","SUCCESS","Parent PID: 36520, Command line: icl.exe /nologo /Oi /D _CRT_SECURE_NO_WARNINGS /Qopenmp /fp:consistent ""-DBUILDID=\""1060646uwn33211_Ce64RB68UH14M\"""" -c ./main/ccvers.c /MT /O2 -DNDEBUG /Qdiag-disable:10397 -DUSE_FPTR -D_WIN32 -D_64 -DWIN32 -DWIN64 -D_WIN64 -DOS_AVLEXB -DFCCI -DFCCI2 -DMKL15 -DARPACKNG -DD_CUDA -DOS64 -DBLASTYPE_mkl=1 -DCPP_mach=CPP_p4win64 -DUSE_SIMPACK -DUSE_OMP=1 -DUSE_MUMPS=1 -DUSE_ZMUMPS -DNDEBUG=1 -DH3DREAD=1 -DOS_WIN=1 -DS_RDFLX=21 -DC_CYGWIN=1 -DCYGWIN_e64=1 -DH3D=14 -I_obj_CYGWIN_e64_os64 -Iheader -Iheader_drv -Iheader/h3d14 -Iossolver/bcs -Iosresults/h3d -Iosopti/HB -Iosinput/c-reader -DBUILDINFO=1 -DBUILDINFO=1 -DRELEASE_BUILD=1 -Fo_obj_CYGWIN_e64_os64/ccvers.obj, Current directory: C:\Users\osqa\workarea\osqa_ca-w10-bld-05_os_211\os\, Environment: ; =C:=C:\Users\osqa\workarea\osqa_ca-w10-bld-05_os_211\os ; ADVISOR_2017_DIR=C:\Program Files (x86)\IntelSWTools\Advisor 2017\ ; ALLUSERSPROFILE=C:\ProgramData ; APPDATA=C:\Users\osqa\AppData\Roaming ; ARCH_PATH=intel64 ; BIN_DIR=bin64 ; BIN_ROOT=C:\Program Files (x86)\IntelSWTools\parallel_studio_xe_2017.4.051\compilers_and_libraries_2017\windows\bin\ ; BLDCMD=wsl make C=e64 OS64=1 BLAS=mkl ML=all RDFLX=21 USEHOSTTYPE=CYGWIN ; CCOMPNM=icl.exe ; CHKCMD=wsl make C=e64 OS64=1 BLAS=mkl ML=all RDFLX=21 USEHOSTTYPE=CYGWIN check ; CLASSPATH=C:\Program Files (x86)\IntelSWTools\parallel_studio_xe_2017.4.051\compilers_and_libraries_2017\windows\daal\lib\daal.jar; ; CMPLR_PATH=C:\Program Files (x86)\IntelSWTools\parallel_studio_xe_2017.4.051\compilers_and_libraries_2017\windows\bin\intel64 ; COMPUTERNAME=CA-W10-BLD-05 ; CPATH=C:\Program Files (x86)\IntelSWTools\parallel_studio_xe_2017.4.051\compilers_and_libraries_2017\windows\ipp\include;C:\Program Files (x86)\IntelSWTools\parallel_studio_xe_2017.4.051\compilers_and_libraries_2017\windows\mkl\include;C:\Program Files (x86)\IntelSWTools\parallel_studio_xe_2017.4.051\compilers_and_libraries_2017\windows\tbb\bin\..\include;C:\Program Files (x86)\IntelSWTools\parallel_studio_xe_2017.4.051\compilers_and_libraries_2017\windows\daal\include; ; C_TARGET_ARCH=intel64 ; ComSpec=C:\Windows\system32\cmd.exe ; CommandPromptType=Native ; CommonProgramFiles=C:\Program Files\Common Files ; CommonProgramFiles(x86)=C:\Program Files (x86)\Common Files ; CommonProgramW6432=C:\Program Files\Common Files ; DAALROOT=C:\Program Files (x86)\IntelSWTools\parallel_studio_xe_2017.4.051\compilers_and_libraries_2017\windows\daal ; DriverData=C:\Windows\System32\Drivers\DriverData ; FCOMPNM=ifort.exe ; Framework40Version=v4.0 ; FrameworkDIR64=C:\Windows\Microsoft.NET\Framework64 ; FrameworkDir=C:\Windows\Microsoft.NET\Framework64 ; FrameworkVersion=v4.0.30319 ; FrameworkVersion64=v4.0.30319 ; HOME=C:\Users\osqa ; HOMEDRIVE=C: ; HOMEPATH=\Users\osqa ; ICPP_COMPILER17=C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\ ; IFORT_COMPILER17=C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\ ; INCLUDE=C:\Program Files (x86)\IntelSWTools\parallel_studio_xe_2017.4.051\compilers_and_libraries_2017\windows\compiler\include;C:\Program Files (x86)\IntelSWTools\parallel_studio_xe_2017.4.051\compilers_and_libraries_2017\windows\compiler\include\intel64;C:\Program Files (x86)\Microsoft Visual Studio 14.0\VC\INCLUDE;C:\Program Files (x86)\Microsoft Visual Studio 14.0\VC\ATLMFC\INCLUDE;C:\Program Files (x86)\Windows Kits\10\include\10.0.10240.0\ucrt;C:\Program Files (x86)\Windows Kits\NETFXSDK\4.6.1\include\um;C:\Program Files (x86)\Windows Kits\8.1\include\\shared;C:\Program Files (x86)\Windows Kits\8.1\include\\um;C:\Program Files (x86)\Windows Kits\8.1\include\\winrt;C:\Program Files (x86)\IntelSWTools\parallel_studio_xe_2017.4.051\compilers_and_libraries_2017\windows\mpi\intel64\bin\..\..\intel64\include;C:\Program Files (x86)\IntelSWTools\parallel_studio_xe_2017.4.051\compilers_and_libraries_2017\windows\ipp\include;C:\Program Files (x86)\IntelSWTools\parallel_studio_xe_2017.4.051\compilers_and_libraries_2017\windows\mkl\include;C:\Program Files (x86)\IntelSWTools\parallel_studio_xe_2017.4.05" "11:31:19.9533735 AM","icl.exe","42776","Thread Create","","SUCCESS","Thread ID: 8680" "11:31:19.9549173 AM","icl.exe","42776","CreateFile","C:\","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Complete If Oplocked, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:19.9552239 AM","icl.exe","42776","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\icl.exe","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Complete If Oplocked, Open By ID, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:19.9552821 AM","icl.exe","42776","CloseFile","C:\","SUCCESS","" "11:31:19.9583372 AM","icl.exe","42776","CloseFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\icl.exe","SUCCESS","" "11:31:19.9584737 AM","icl.exe","42776","CreateFile","C:\","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Complete If Oplocked, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:19.9586775 AM","icl.exe","42776","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\icl.exe","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Complete If Oplocked, Open By ID, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:19.9587139 AM","icl.exe","42776","CloseFile","C:\","SUCCESS","" "11:31:19.9588155 AM","icl.exe","42776","CloseFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\icl.exe","SUCCESS","" "11:31:19.9652374 AM","icl.exe","42776","Load Image","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\icl.exe","SUCCESS","Image Base: 0x7ff6546a0000, Image Size: 0x491000" "11:31:19.9654892 AM","icl.exe","42776","Load Image","C:\Windows\System32\ntdll.dll","SUCCESS","Image Base: 0x7ffbdd590000, Image Size: 0x1f5000" "11:31:19.9656024 AM","icl.exe","42776","CreateFile","C:\Windows\Prefetch\ICL.EXE-4354B25E.pf","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Attributes: n/a, ShareMode: None, AllocationSize: n/a, OpenResult: Opened" "11:31:19.9656642 AM","icl.exe","42776","QueryStandardInformationFile","C:\Windows\Prefetch\ICL.EXE-4354B25E.pf","SUCCESS","AllocationSize: 28,672, EndOfFile: 27,148, NumberOfLinks: 1, DeletePending: False, Directory: False" "11:31:19.9656808 AM","icl.exe","42776","ReadFile","C:\Windows\Prefetch\ICL.EXE-4354B25E.pf","SUCCESS","Offset: 0, Length: 27,148, Priority: Normal" "11:31:19.9660748 AM","icl.exe","42776","CloseFile","C:\Windows\Prefetch\ICL.EXE-4354B25E.pf","SUCCESS","" "11:31:20.0224764 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Session Manager","REPARSE","Desired Access: Query Value" "11:31:20.0224927 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Session Manager","SUCCESS","Desired Access: Query Value" "11:31:20.0225097 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\Session Manager\RaiseExceptionOnPossibleDeadlock","NAME NOT FOUND","Length: 80" "11:31:20.0225257 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Control\Session Manager","SUCCESS","" "11:31:20.0225402 AM","icl.exe","42776","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Segment Heap","REPARSE","Desired Access: Query Value" "11:31:20.0225537 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Session Manager\Segment Heap","NAME NOT FOUND","Desired Access: Query Value" "11:31:20.0225926 AM","icl.exe","42776","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Control\Session Manager","REPARSE","Desired Access: Query Value, Enumerate Sub Keys" "11:31:20.0226045 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Session Manager","SUCCESS","Desired Access: Query Value, Enumerate Sub Keys" "11:31:20.0226159 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\Session Manager\ResourcePolicies","NAME NOT FOUND","Length: 24" "11:31:20.0226288 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Control\Session Manager","SUCCESS","" "11:31:20.0230004 AM","icl.exe","42776","CreateFile","C:\Users\osqa\workarea\osqa_ca-w10-bld-05_os_211\os","SUCCESS","Desired Access: Execute/Traverse, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened" "11:31:20.0233189 AM","icl.exe","42776","Load Image","C:\Windows\System32\kernel32.dll","SUCCESS","Image Base: 0x7ffbdd490000, Image Size: 0xbd000" "11:31:20.0236367 AM","icl.exe","42776","Load Image","C:\Windows\System32\KernelBase.dll","SUCCESS","Image Base: 0x7ffbdacd0000, Image Size: 0x2c9000" "11:31:20.0321307 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\3c74afb9-8d82-44e3-b52c-365dbf48382a","NAME NOT FOUND","Length: 528" "11:31:20.0321862 AM","icl.exe","42776","QueryNameInformationFile","C:\Windows\System32\KernelBase.dll","SUCCESS","Name: \Windows\System32\KernelBase.dll" "11:31:20.0322487 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\05f95efe-7f75-49c7-a994-60a55cc09571","NAME NOT FOUND","Length: 528" "11:31:20.0322901 AM","icl.exe","42776","QueryNameInformationFile","C:\Windows\System32\KernelBase.dll","SUCCESS","Name: \Windows\System32\KernelBase.dll" "11:31:20.0323737 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\e36c4458-ed80-4ad7-a8be-52dda1eb5f1c","NAME NOT FOUND","Length: 528" "11:31:20.0324146 AM","icl.exe","42776","QueryNameInformationFile","C:\Windows\System32\kernel32.dll","SUCCESS","Name: \Windows\System32\kernel32.dll" "11:31:20.0326068 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\SafeBoot\Option","REPARSE","Desired Access: Query Value, Set Value" "11:31:20.0326222 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\SafeBoot\Option","NAME NOT FOUND","Desired Access: Query Value, Set Value" "11:31:20.0326378 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Srp\GP\DLL","REPARSE","Desired Access: Read" "11:31:20.0326482 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Srp\GP\DLL","NAME NOT FOUND","Desired Access: Read" "11:31:20.0326622 AM","icl.exe","42776","RegOpenKey","HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers","SUCCESS","Desired Access: Query Value" "11:31:20.0326787 AM","icl.exe","42776","RegQueryValue","HKLM\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\TransparentEnabled","NAME NOT FOUND","Length: 80" "11:31:20.0326926 AM","icl.exe","42776","RegCloseKey","HKLM\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers","SUCCESS","" "11:31:20.0327062 AM","icl.exe","42776","RegOpenKey","HKCU\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers","NAME NOT FOUND","Desired Access: Query Value" "11:31:20.0327331 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\FileSystem\","REPARSE","Desired Access: Read" "11:31:20.0327436 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\FileSystem","SUCCESS","Desired Access: Read" "11:31:20.0327558 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\FileSystem\LongPathsEnabled","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0" "11:31:20.0327687 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Control\FileSystem","SUCCESS","" "11:31:20.0329938 AM","icl.exe","42776","CreateFile","C:\Windows\System32\sysfer.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:20.0330248 AM","icl.exe","42776","QueryBasicInformationFile","C:\Windows\System32\sysfer.dll","SUCCESS","CreationTime: 2/17/2021 7:38:16 AM, LastAccessTime: 3/25/2021 11:31:19 AM, LastWriteTime: 2/17/2021 7:38:16 AM, ChangeTime: 2/17/2021 7:38:16 AM, FileAttributes: A" "11:31:20.0330357 AM","icl.exe","42776","CloseFile","C:\Windows\System32\sysfer.dll","SUCCESS","" "11:31:20.0331216 AM","icl.exe","42776","CreateFile","C:\Windows\System32\sysfer.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:20.0331489 AM","icl.exe","42776","CreateFileMapping","C:\Windows\System32\sysfer.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_WRITECOPY|PAGE_NOCACHE" "11:31:20.0332632 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Read" "11:31:20.0332793 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Read" "11:31:20.0332932 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 20" "11:31:20.0333085 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","" "11:31:20.0333224 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Query Value" "11:31:20.0333359 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Query Value" "11:31:20.0333483 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 80" "11:31:20.0333620 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","" "11:31:20.0333739 AM","icl.exe","42776","CreateFileMapping","C:\Windows\System32\sysfer.dll","SUCCESS","SyncType: SyncTypeOther" "11:31:20.0336032 AM","icl.exe","42776","Load Image","C:\Windows\System32\sysfer.dll","SUCCESS","Image Base: 0x50660000, Image Size: 0x93000" "11:31:20.0336947 AM","icl.exe","42776","Thread Create","","SUCCESS","Thread ID: 42732" "11:31:20.0337259 AM","icl.exe","42776","CloseFile","C:\Windows\System32\sysfer.dll","SUCCESS","" "11:31:20.0339921 AM","icl.exe","42776","Load Image","C:\Windows\System32\advapi32.dll","SUCCESS","Image Base: 0x7ffbdd170000, Image Size: 0xac000" "11:31:20.0342795 AM","icl.exe","42776","Load Image","C:\Windows\System32\msvcrt.dll","SUCCESS","Image Base: 0x7ffbdc6e0000, Image Size: 0x9e000" "11:31:20.0345648 AM","icl.exe","42776","Load Image","C:\Windows\System32\sechost.dll","SUCCESS","Image Base: 0x7ffbdc640000, Image Size: 0x9c000" "11:31:20.0348602 AM","icl.exe","42776","Load Image","C:\Windows\System32\rpcrt4.dll","SUCCESS","Image Base: 0x7ffbdd300000, Image Size: 0x12b000" "11:31:20.0350113 AM","icl.exe","42776","Thread Create","","SUCCESS","Thread ID: 29492" "11:31:20.0351491 AM","icl.exe","42776","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Control\Session Manager","REPARSE","Desired Access: Query Value, Enumerate Sub Keys" "11:31:20.0351673 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Session Manager","SUCCESS","Desired Access: Query Value, Enumerate Sub Keys" "11:31:20.0351823 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\Session Manager\ResourcePolicies","NAME NOT FOUND","Length: 24" "11:31:20.0351987 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Control\Session Manager","SUCCESS","" "11:31:20.0354480 AM","icl.exe","42776","Load Image","C:\Windows\System32\shlwapi.dll","SUCCESS","Image Base: 0x7ffbdd0b0000, Image Size: 0x55000" "11:31:20.0358010 AM","icl.exe","42776","Load Image","C:\Windows\System32\oleaut32.dll","SUCCESS","Image Base: 0x7ffbdc4b0000, Image Size: 0xcd000" "11:31:20.0360412 AM","icl.exe","42776","Load Image","C:\Windows\System32\msvcp_win.dll","SUCCESS","Image Base: 0x7ffbdb0d0000, Image Size: 0x9d000" "11:31:20.0363124 AM","icl.exe","42776","Load Image","C:\Windows\System32\ucrtbase.dll","SUCCESS","Image Base: 0x7ffbdafa0000, Image Size: 0x100000" "11:31:20.0366271 AM","icl.exe","42776","Load Image","C:\Windows\System32\combase.dll","SUCCESS","Image Base: 0x7ffbdcb90000, Image Size: 0x355000" "11:31:20.0369819 AM","icl.exe","42776","Load Image","C:\Windows\System32\ole32.dll","SUCCESS","Image Base: 0x7ffbdbd40000, Image Size: 0x12a000" "11:31:20.0372387 AM","icl.exe","42776","Load Image","C:\Windows\System32\gdi32.dll","SUCCESS","Image Base: 0x7ffbdd220000, Image Size: 0x2a000" "11:31:20.0374649 AM","icl.exe","42776","Load Image","C:\Windows\System32\win32u.dll","SUCCESS","Image Base: 0x7ffbdb0a0000, Image Size: 0x22000" "11:31:20.0377185 AM","icl.exe","42776","Load Image","C:\Windows\System32\gdi32full.dll","SUCCESS","Image Base: 0x7ffbdb4e0000, Image Size: 0x10b000" "11:31:20.0379491 AM","icl.exe","42776","Load Image","C:\Windows\System32\user32.dll","SUCCESS","Image Base: 0x7ffbdc860000, Image Size: 0x1a0000" "11:31:20.0381173 AM","icl.exe","42776","Thread Create","","SUCCESS","Thread ID: 30524" "11:31:20.0382142 AM","icl.exe","42776","Load Image","C:\Windows\System32\shell32.dll","SUCCESS","Image Base: 0x7ffbdb5f0000, Image Size: 0x742000" "11:31:20.0386052 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Session Manager","REPARSE","Desired Access: Query Value" "11:31:20.0386212 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Session Manager","SUCCESS","Desired Access: Query Value" "11:31:20.0386362 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\Session Manager\SafeDllSearchMode","NAME NOT FOUND","Length: 16" "11:31:20.0391095 AM","icl.exe","42776","Load Image","C:\Windows\System32\comdlg32.dll","SUCCESS","Image Base: 0x7ffbdc780000, Image Size: 0xda000" "11:31:20.0395208 AM","icl.exe","42776","Load Image","C:\Windows\System32\SHCore.dll","SUCCESS","Image Base: 0x7ffbdc590000, Image Size: 0xae000" "11:31:20.0397095 AM","icl.exe","42776","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\VERSION.dll","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a" "11:31:20.0397233 AM","icl.exe","42776","RegOpenKey","HKLM\Software\Microsoft\Windows\CurrentVersion\SideBySide\AssemblyStorageRoots","NAME NOT FOUND","Desired Access: Enumerate Sub Keys" "11:31:20.0397266 AM","icl.exe","42776","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\FNP_Act_Installer.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:20.0397625 AM","icl.exe","42776","QueryBasicInformationFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\FNP_Act_Installer.dll","SUCCESS","CreationTime: 4/12/2017 7:50:50 AM, LastAccessTime: 3/25/2021 11:31:16 AM, LastWriteTime: 4/12/2017 7:50:50 AM, ChangeTime: 2/24/2021 12:42:11 AM, FileAttributes: A" "11:31:20.0397736 AM","icl.exe","42776","CloseFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\FNP_Act_Installer.dll","SUCCESS","" "11:31:20.0397949 AM","icl.exe","42776","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\intelremotemon.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:20.0398422 AM","icl.exe","42776","QueryBasicInformationFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\intelremotemon.dll","SUCCESS","CreationTime: 4/12/2017 7:50:48 AM, LastAccessTime: 3/25/2021 11:31:16 AM, LastWriteTime: 4/12/2017 7:50:48 AM, ChangeTime: 2/24/2021 12:42:11 AM, FileAttributes: A" "11:31:20.0398540 AM","icl.exe","42776","CloseFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\intelremotemon.dll","SUCCESS","" "11:31:20.0399462 AM","icl.exe","42776","CreateFile","C:\Windows\System32\version.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:20.0399877 AM","icl.exe","42776","QueryBasicInformationFile","C:\Windows\System32\version.dll","SUCCESS","CreationTime: 2/17/2021 8:54:00 AM, LastAccessTime: 3/25/2021 11:31:16 AM, LastWriteTime: 2/17/2021 8:54:00 AM, ChangeTime: 3/10/2021 10:24:06 PM, FileAttributes: A" "11:31:20.0399987 AM","icl.exe","42776","CloseFile","C:\Windows\System32\version.dll","SUCCESS","" "11:31:20.0400887 AM","icl.exe","42776","CreateFile","C:\Windows\System32\version.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:20.0401258 AM","icl.exe","42776","CreateFileMapping","C:\Windows\System32\version.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_WRITECOPY|PAGE_NOCACHE" "11:31:20.0402483 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Read" "11:31:20.0402757 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Read" "11:31:20.0402913 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 20" "11:31:20.0403074 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","" "11:31:20.0403216 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Query Value" "11:31:20.0403365 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Query Value" "11:31:20.0403492 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 80" "11:31:20.0403633 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","" "11:31:20.0403778 AM","icl.exe","42776","CreateFileMapping","C:\Windows\System32\version.dll","SUCCESS","SyncType: SyncTypeOther" "11:31:20.0404125 AM","icl.exe","42776","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\FNP_Act_Installer.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:20.0404218 AM","icl.exe","42776","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\intelremotemon.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:20.0404581 AM","icl.exe","42776","CreateFileMapping","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\FNP_Act_Installer.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_WRITECOPY|PAGE_NOCACHE" "11:31:20.0404597 AM","icl.exe","42776","CreateFileMapping","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\intelremotemon.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_WRITECOPY|PAGE_NOCACHE" "11:31:20.0404697 AM","icl.exe","42776","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\icl.exe.Local","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a" "11:31:20.0405822 AM","icl.exe","42776","CreateFile","C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.19041.844_none_423537bff6b9828c","SUCCESS","Desired Access: Execute/Traverse, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened" "11:31:20.0405929 AM","icl.exe","42776","Load Image","C:\Windows\System32\version.dll","SUCCESS","Image Base: 0x7ffbd1d40000, Image Size: 0xa000" "11:31:20.0407017 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Read" "11:31:20.0407191 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Read" "11:31:20.0407346 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 20" "11:31:20.0407509 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","" "11:31:20.0407643 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Query Value" "11:31:20.0407774 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Query Value" "11:31:20.0407900 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 80" "11:31:20.0408078 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","" "11:31:20.0408270 AM","icl.exe","42776","CreateFileMapping","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\intelremotemon.dll","SUCCESS","SyncType: SyncTypeOther" "11:31:20.0410107 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Read" "11:31:20.0410212 AM","icl.exe","42776","Load Image","C:\Windows\System32\ws2_32.dll","SUCCESS","Image Base: 0x7ffbdd250000, Image Size: 0x6b000" "11:31:20.0410289 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Read" "11:31:20.0410446 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 20" "11:31:20.0410611 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","" "11:31:20.0410750 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Query Value" "11:31:20.0410892 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Query Value" "11:31:20.0411018 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 80" "11:31:20.0411157 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","" "11:31:20.0411290 AM","icl.exe","42776","CreateFileMapping","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\FNP_Act_Installer.dll","SUCCESS","SyncType: SyncTypeOther" "11:31:20.0411491 AM","icl.exe","42776","Load Image","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\intelremotemon.dll","SUCCESS","Image Base: 0x7ffbae940000, Image Size: 0x158000" "11:31:20.0418917 AM","icl.exe","42776","CloseFile","C:\Windows\System32\version.dll","SUCCESS","" "11:31:20.0429772 AM","icl.exe","42776","Load Image","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\FNP_Act_Installer.dll","SUCCESS","Image Base: 0x77410000, Image Size: 0x1eb000" "11:31:20.0430367 AM","icl.exe","42776","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access" "11:31:20.0430583 AM","icl.exe","42776","RegOpenKey","HKCU\Control Panel\Desktop\MuiCached\MachineLanguageConfiguration","NAME NOT FOUND","Desired Access: Read" "11:31:20.0430776 AM","icl.exe","42776","RegCloseKey","HKCU","SUCCESS","" "11:31:20.0430914 AM","icl.exe","42776","RegOpenKey","HKLM\Software\Policies\Microsoft\MUI\Settings","NAME NOT FOUND","Desired Access: Read" "11:31:20.0431103 AM","icl.exe","42776","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access" "11:31:20.0431242 AM","icl.exe","42776","RegOpenKey","HKCU\Software\Policies\Microsoft\Control Panel\Desktop","NAME NOT FOUND","Desired Access: Read" "11:31:20.0431404 AM","icl.exe","42776","RegOpenKey","HKCU\Control Panel\Desktop\LanguageConfiguration","NAME NOT FOUND","Desired Access: Read" "11:31:20.0431549 AM","icl.exe","42776","RegCloseKey","HKCU","SUCCESS","" "11:31:20.0432151 AM","icl.exe","42776","RegOpenKey","HKLM\Software\Policies\Microsoft\MUI\Settings","NAME NOT FOUND","Desired Access: Read" "11:31:20.0432320 AM","icl.exe","42776","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access" "11:31:20.0432550 AM","icl.exe","42776","RegOpenKey","HKCU\Software\Policies\Microsoft\Control Panel\Desktop","NAME NOT FOUND","Desired Access: Read" "11:31:20.0432690 AM","icl.exe","42776","RegOpenKey","HKCU\Control Panel\Desktop","SUCCESS","Desired Access: Read" "11:31:20.0433126 AM","icl.exe","42776","CloseFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\FNP_Act_Installer.dll","SUCCESS","" "11:31:20.0433485 AM","icl.exe","42776","RegQueryValue","HKCU\Control Panel\Desktop\PreferredUILanguages","NAME NOT FOUND","Length: 12" "11:31:20.0433710 AM","icl.exe","42776","RegCloseKey","HKCU\Control Panel\Desktop","SUCCESS","" "11:31:20.0433835 AM","icl.exe","42776","RegCloseKey","HKCU","SUCCESS","" "11:31:20.0433984 AM","icl.exe","42776","RegOpenKey","HKLM\Software\Policies\Microsoft\MUI\Settings","NAME NOT FOUND","Desired Access: Read" "11:31:20.0434204 AM","icl.exe","42776","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access" "11:31:20.0434370 AM","icl.exe","42776","RegOpenKey","HKCU\Control Panel\Desktop\MuiCached","SUCCESS","Desired Access: Read" "11:31:20.0434558 AM","icl.exe","42776","RegQueryValue","HKCU\Control Panel\Desktop\MuiCached\MachinePreferredUILanguages","BUFFER OVERFLOW","Length: 12" "11:31:20.0434688 AM","icl.exe","42776","RegQueryValue","HKCU\Control Panel\Desktop\MuiCached\MachinePreferredUILanguages","SUCCESS","Type: REG_MULTI_SZ, Length: 12, Data: en-US" "11:31:20.0434724 AM","icl.exe","42776","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\NETAPI32.dll","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a" "11:31:20.0436568 AM","icl.exe","42776","RegCloseKey","HKCU\Control Panel\Desktop\MuiCached","SUCCESS","" "11:31:20.0436718 AM","icl.exe","42776","RegCloseKey","HKCU","SUCCESS","" "11:31:20.0437223 AM","icl.exe","42776","RegOpenKey","HKLM\Software\Microsoft\Windows\CurrentVersion\SideBySide","SUCCESS","Desired Access: Read" "11:31:20.0437425 AM","icl.exe","42776","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest","NAME NOT FOUND","Length: 20" "11:31:20.0437582 AM","icl.exe","42776","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide","SUCCESS","" "11:31:20.0437799 AM","icl.exe","42776","CreateFile","C:\Windows\System32\netapi32.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:20.0438353 AM","icl.exe","42776","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\intelremotemon.dll","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:20.0438388 AM","icl.exe","42776","QueryBasicInformationFile","C:\Windows\System32\netapi32.dll","SUCCESS","CreationTime: 2/17/2021 8:53:25 AM, LastAccessTime: 3/25/2021 11:31:16 AM, LastWriteTime: 2/17/2021 8:53:25 AM, ChangeTime: 3/10/2021 10:24:06 PM, FileAttributes: A" "11:31:20.0438548 AM","icl.exe","42776","CloseFile","C:\Windows\System32\netapi32.dll","SUCCESS","" "11:31:20.0444333 AM","icl.exe","42776","CloseFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\intelremotemon.dll","SUCCESS","" "11:31:20.0445491 AM","icl.exe","42776","CreateFile","C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.19041.844_none_423537bff6b9828c\comctl32.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:20.0445840 AM","icl.exe","42776","QueryBasicInformationFile","C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.19041.844_none_423537bff6b9828c\comctl32.dll","SUCCESS","CreationTime: 3/10/2021 10:13:43 PM, LastAccessTime: 3/25/2021 11:31:16 AM, LastWriteTime: 2/10/2021 4:51:30 AM, ChangeTime: 3/19/2021 4:20:31 AM, FileAttributes: A" "11:31:20.0445948 AM","icl.exe","42776","CloseFile","C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.19041.844_none_423537bff6b9828c\comctl32.dll","SUCCESS","" "11:31:20.0446827 AM","icl.exe","42776","CreateFile","C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.19041.844_none_423537bff6b9828c\comctl32.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:20.0447131 AM","icl.exe","42776","CreateFileMapping","C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.19041.844_none_423537bff6b9828c\comctl32.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_WRITECOPY|PAGE_NOCACHE" "11:31:20.0448506 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Read" "11:31:20.0448671 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Read" "11:31:20.0448702 AM","icl.exe","42776","RegOpenKey","HKLM\Software\Microsoft\Windows\CurrentVersion\SideBySide\AssemblyStorageRoots","NAME NOT FOUND","Desired Access: Enumerate Sub Keys" "11:31:20.0448832 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 20" "11:31:20.0448993 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","" "11:31:20.0449129 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Query Value" "11:31:20.0449263 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Query Value" "11:31:20.0449398 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 80" "11:31:20.0449536 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","" "11:31:20.0449667 AM","icl.exe","42776","CreateFileMapping","C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.19041.844_none_423537bff6b9828c\comctl32.dll","SUCCESS","SyncType: SyncTypeOther" "11:31:20.0450382 AM","icl.exe","42776","CreateFile","C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.19041.844_none_423537bff6b9828c\comctl32.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:20.0450887 AM","icl.exe","42776","QueryBasicInformationFile","C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.19041.844_none_423537bff6b9828c\comctl32.dll","SUCCESS","CreationTime: 3/10/2021 10:13:43 PM, LastAccessTime: 3/25/2021 11:31:16 AM, LastWriteTime: 2/10/2021 4:51:30 AM, ChangeTime: 3/19/2021 4:20:31 AM, FileAttributes: A" "11:31:20.0451430 AM","icl.exe","42776","Load Image","C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.19041.844_none_423537bff6b9828c\comctl32.dll","SUCCESS","Image Base: 0x7ffbcf500000, Image Size: 0xb0000" "11:31:20.0451914 AM","icl.exe","42776","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\icl.exe.Local","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a" "11:31:20.0453114 AM","icl.exe","42776","CreateFile","C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.844_none_ca00b6081b84eb1d","SUCCESS","Desired Access: Execute/Traverse, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened" "11:31:20.0453473 AM","icl.exe","42776","CreateFile","C:\Windows\System32\netapi32.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:20.0453731 AM","icl.exe","42776","CloseFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\intelremotemon.dll","SUCCESS","" "11:31:20.0454339 AM","icl.exe","42776","CreateFileMapping","C:\Windows\System32\netapi32.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_WRITECOPY|PAGE_NOCACHE" "11:31:20.0456190 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Read" "11:31:20.0456463 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Read" "11:31:20.0456696 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 20" "11:31:20.0457078 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","" "11:31:20.0457189 AM","icl.exe","42776","CloseFile","C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.19041.844_none_423537bff6b9828c\comctl32.dll","SUCCESS","" "11:31:20.0457430 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Query Value" "11:31:20.0458136 AM","icl.exe","42776","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\msi.dll","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a" "11:31:20.0458173 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Query Value" "11:31:20.0458381 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 80" "11:31:20.0458596 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","" "11:31:20.0459234 AM","icl.exe","42776","CreateFileMapping","C:\Windows\System32\netapi32.dll","SUCCESS","SyncType: SyncTypeOther" "11:31:20.0459456 AM","icl.exe","42776","CloseFile","C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.19041.844_none_423537bff6b9828c\comctl32.dll","SUCCESS","" "11:31:20.0459612 AM","icl.exe","42776","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\OLEACC.dll","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a" "11:31:20.0462283 AM","icl.exe","42776","Load Image","C:\Windows\System32\netapi32.dll","SUCCESS","Image Base: 0x7ffbd0460000, Image Size: 0x18000" "11:31:20.0463012 AM","icl.exe","42776","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\WINSPOOL.DRV","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a" "11:31:20.0464260 AM","icl.exe","42776","CloseFile","C:\Windows\System32\netapi32.dll","SUCCESS","" "11:31:20.0466764 AM","icl.exe","42776","CreateFile","C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.844_none_ca00b6081b84eb1d\comctl32.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:20.0466985 AM","icl.exe","42776","CreateFile","C:\Windows\System32\msi.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:20.0467069 AM","icl.exe","42776","QueryBasicInformationFile","C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.844_none_ca00b6081b84eb1d\comctl32.dll","SUCCESS","CreationTime: 3/10/2021 10:13:43 PM, LastAccessTime: 3/25/2021 11:31:19 AM, LastWriteTime: 2/10/2021 4:51:10 AM, ChangeTime: 3/12/2021 3:20:58 PM, FileAttributes: A" "11:31:20.0467172 AM","icl.exe","42776","CloseFile","C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.844_none_ca00b6081b84eb1d\comctl32.dll","SUCCESS","" "11:31:20.0467836 AM","icl.exe","42776","QueryBasicInformationFile","C:\Windows\System32\msi.dll","SUCCESS","CreationTime: 3/10/2021 10:22:36 PM, LastAccessTime: 3/25/2021 11:31:16 AM, LastWriteTime: 3/10/2021 10:22:36 PM, ChangeTime: 3/10/2021 10:53:09 PM, FileAttributes: A" "11:31:20.0467966 AM","icl.exe","42776","CloseFile","C:\Windows\System32\msi.dll","SUCCESS","" "11:31:20.0468232 AM","icl.exe","42776","CreateFile","C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.844_none_ca00b6081b84eb1d\comctl32.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:20.0468554 AM","icl.exe","42776","CreateFileMapping","C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.844_none_ca00b6081b84eb1d\comctl32.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_WRITECOPY|PAGE_NOCACHE" "11:31:20.0469416 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Read" "11:31:20.0469581 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Read" "11:31:20.0469721 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 20" "11:31:20.0469875 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","" "11:31:20.0470012 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Query Value" "11:31:20.0470149 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Query Value" "11:31:20.0470268 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 80" "11:31:20.0470415 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","" "11:31:20.0470538 AM","icl.exe","42776","CreateFileMapping","C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.844_none_ca00b6081b84eb1d\comctl32.dll","SUCCESS","SyncType: SyncTypeOther" "11:31:20.0472303 AM","icl.exe","42776","Load Image","C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.844_none_ca00b6081b84eb1d\comctl32.dll","SUCCESS","Image Base: 0x7ffbc5b10000, Image Size: 0x29a000" "11:31:20.0473286 AM","icl.exe","42776","CloseFile","C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.844_none_ca00b6081b84eb1d\comctl32.dll","SUCCESS","" "11:31:20.0476741 AM","icl.exe","42776","CreateFile","C:\Windows\System32\oleacc.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:20.0477995 AM","icl.exe","42776","QueryBasicInformationFile","C:\Windows\System32\oleacc.dll","SUCCESS","CreationTime: 2/17/2021 8:53:56 AM, LastAccessTime: 3/25/2021 11:31:16 AM, LastWriteTime: 2/17/2021 8:53:56 AM, ChangeTime: 3/10/2021 10:24:06 PM, FileAttributes: A" "11:31:20.0478312 AM","icl.exe","42776","CloseFile","C:\Windows\System32\oleacc.dll","SUCCESS","" "11:31:20.0478547 AM","icl.exe","42776","CreateFile","C:\Windows\System32\msi.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:20.0479568 AM","icl.exe","42776","CreateFileMapping","C:\Windows\System32\msi.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_WRITECOPY|PAGE_NOCACHE" "11:31:20.0480684 AM","icl.exe","42776","CreateFile","C:\Windows\System32\winspool.drv","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:20.0481136 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Read" "11:31:20.0481373 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Read" "11:31:20.0481597 AM","icl.exe","42776","QueryBasicInformationFile","C:\Windows\System32\winspool.drv","SUCCESS","CreationTime: 2/17/2021 8:52:44 AM, LastAccessTime: 3/25/2021 11:31:16 AM, LastWriteTime: 2/17/2021 8:52:44 AM, ChangeTime: 3/10/2021 10:24:06 PM, FileAttributes: A" "11:31:20.0481612 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 20" "11:31:20.0481721 AM","icl.exe","42776","CloseFile","C:\Windows\System32\winspool.drv","SUCCESS","" "11:31:20.0481855 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","" "11:31:20.0482065 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Query Value" "11:31:20.0482146 AM","icl.exe","42776","CreateFile","C:\Windows\System32\oleacc.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:20.0482269 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Query Value" "11:31:20.0482448 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 80" "11:31:20.0482648 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","" "11:31:20.0482850 AM","icl.exe","42776","CreateFileMapping","C:\Windows\System32\msi.dll","SUCCESS","SyncType: SyncTypeOther" "11:31:20.0482952 AM","icl.exe","42776","CreateFileMapping","C:\Windows\System32\oleacc.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_WRITECOPY|PAGE_NOCACHE" "11:31:20.0483846 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Read" "11:31:20.0484026 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Read" "11:31:20.0484184 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 20" "11:31:20.0484351 AM","icl.exe","42776","CreateFile","C:\Windows\System32\winspool.drv","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:20.0484656 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","" "11:31:20.0484823 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Query Value" "11:31:20.0484964 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Query Value" "11:31:20.0485083 AM","icl.exe","42776","CreateFileMapping","C:\Windows\System32\winspool.drv","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_WRITECOPY|PAGE_NOCACHE" "11:31:20.0485099 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 80" "11:31:20.0485244 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","" "11:31:20.0485383 AM","icl.exe","42776","CreateFileMapping","C:\Windows\System32\oleacc.dll","SUCCESS","SyncType: SyncTypeOther" "11:31:20.0485955 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Read" "11:31:20.0486183 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Read" "11:31:20.0487388 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 20" "11:31:20.0487539 AM","icl.exe","42776","Load Image","C:\Windows\System32\msi.dll","SUCCESS","Image Base: 0x7ffbc4210000, Image Size: 0x32b000" "11:31:20.0487666 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","" "11:31:20.0488174 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Query Value" "11:31:20.0488432 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Query Value" "11:31:20.0488582 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 80" "11:31:20.0488759 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","" "11:31:20.0488903 AM","icl.exe","42776","CreateFileMapping","C:\Windows\System32\winspool.drv","SUCCESS","SyncType: SyncTypeOther" "11:31:20.0491681 AM","icl.exe","42776","Load Image","C:\Windows\System32\oleacc.dll","SUCCESS","Image Base: 0x7ffbc1bf0000, Image Size: 0x66000" "11:31:20.0496875 AM","icl.exe","42776","RegOpenKey","HKLM\Software\Microsoft\Windows\CurrentVersion\SideBySide","SUCCESS","Desired Access: Read" "11:31:20.0497103 AM","icl.exe","42776","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest","NAME NOT FOUND","Length: 20" "11:31:20.0497265 AM","icl.exe","42776","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide","SUCCESS","" "11:31:20.0500183 AM","icl.exe","42776","CloseFile","C:\Windows\System32\oleacc.dll","SUCCESS","" "11:31:20.0500217 AM","icl.exe","42776","Load Image","C:\Windows\System32\winspool.drv","SUCCESS","Image Base: 0x7ffbc6af0000, Image Size: 0x8e000" "11:31:20.0502302 AM","icl.exe","42776","CreateFile","C:\Windows\System32\msi.dll","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:20.0503580 AM","icl.exe","42776","CloseFile","C:\Windows\System32\winspool.drv","SUCCESS","" "11:31:20.0505747 AM","icl.exe","42776","CloseFile","C:\Windows\System32\msi.dll","SUCCESS","" "11:31:20.0509238 AM","icl.exe","42776","Load Image","C:\Windows\System32\bcrypt.dll","SUCCESS","Image Base: 0x7ffbdb3e0000, Image Size: 0x27000" "11:31:20.0510015 AM","icl.exe","42776","CloseFile","C:\Windows\System32\msi.dll","SUCCESS","" "11:31:20.0514612 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\Sorting\Versions","REPARSE","Desired Access: Read" "11:31:20.0514814 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\Sorting\Versions","SUCCESS","Desired Access: Read" "11:31:20.0515059 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\Sorting\Versions\(Default)","SUCCESS","Type: REG_SZ, Length: 18, Data: 00060305" "11:31:20.0515220 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\Sorting\Versions\000603xx","SUCCESS","Type: REG_SZ, Length: 26, Data: kernel32.dll" "11:31:20.0519296 AM","icl.exe","42776","RegOpenKey","HKLM\SOFTWARE\Symantec\Symantec Endpoint Protection\SMC","SUCCESS","Desired Access: Read, Maximum Allowed" "11:31:20.0519560 AM","icl.exe","42776","RegQueryValue","HKLM\SOFTWARE\Symantec\Symantec Endpoint Protection\SMC\smc_install_path","NAME NOT FOUND","Length: 4,094" "11:31:20.0519723 AM","icl.exe","42776","RegCloseKey","HKLM\SOFTWARE\Symantec\Symantec Endpoint Protection\SMC","SUCCESS","" "11:31:20.0519978 AM","icl.exe","42776","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion","SUCCESS","Desired Access: Read, Maximum Allowed" "11:31:20.0520176 AM","icl.exe","42776","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot","SUCCESS","Type: REG_SZ, Length: 22, Data: C:\Windows" "11:31:20.0520365 AM","icl.exe","42776","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion","SUCCESS","" "11:31:20.0520525 AM","icl.exe","42776","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Services\Sysplant\Sysfer","REPARSE","Desired Access: Read, Maximum Allowed" "11:31:20.0521173 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Services\Sysplant\Sysfer","SUCCESS","Desired Access: Read, Maximum Allowed" "11:31:20.0521599 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\SysPlant\SysFer\SepBinDir","SUCCESS","Type: REG_SZ, Length: 170, Data: C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.2.4815.1101.105\Bin\" "11:31:20.0521893 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Services\SysPlant\SysFer","SUCCESS","" "11:31:20.0522230 AM","icl.exe","42776","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Services\Sysplant\Sysfer","REPARSE","Desired Access: Read, Maximum Allowed" "11:31:20.0522425 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Services\Sysplant\Sysfer","SUCCESS","Desired Access: Read, Maximum Allowed" "11:31:20.0522701 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\SysPlant\SysFer\SepBinDir64","SUCCESS","Type: REG_SZ, Length: 174, Data: C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.2.4815.1101.105\Bin64\" "11:31:20.0522923 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Services\SysPlant\SysFer","SUCCESS","" "11:31:20.0528863 AM","icl.exe","42776","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\icl.exe","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:20.0529457 AM","icl.exe","42776","QueryNameInformationFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\icl.exe","SUCCESS","Name: \Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\icl.exe" "11:31:20.0529718 AM","icl.exe","42776","CloseFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\icl.exe","SUCCESS","" "11:31:20.0531913 AM","icl.exe","42776","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\icl.exe","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened" "11:31:20.0532383 AM","icl.exe","42776","CloseFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\icl.exe","SUCCESS","" "11:31:20.0533780 AM","icl.exe","42776","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\icl.exe","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened" "11:31:20.0534180 AM","icl.exe","42776","CloseFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\icl.exe","SUCCESS","" "11:31:20.0535375 AM","icl.exe","42776","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\icl.exe","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened" "11:31:20.0536274 AM","icl.exe","42776","DeviceIoControl","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\icl.exe","INVALID PARAMETER","Control: IOCTL_MOUNTDEV_QUERY_DEVICE_NAME" "11:31:20.0536508 AM","icl.exe","42776","CloseFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\icl.exe","SUCCESS","" "11:31:20.0537760 AM","icl.exe","42776","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\icl.exe","NAME INVALID","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open For Backup, Open Reparse Point, Attributes: N, ShareMode: Read, Write, AllocationSize: n/a" "11:31:20.0541563 AM","icl.exe","42776","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64","IS DIRECTORY","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a" "11:31:20.0542975 AM","icl.exe","42776","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open For Backup, Open Reparse Point, Attributes: N, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened" "11:31:20.0543440 AM","icl.exe","42776","FileSystemControl","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64","NOT REPARSE POINT","Control: FSCTL_GET_REPARSE_POINT" "11:31:20.0543772 AM","icl.exe","42776","CloseFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64","SUCCESS","" "11:31:20.0544991 AM","icl.exe","42776","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened" "11:31:20.0545369 AM","icl.exe","42776","CloseFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64","SUCCESS","" "11:31:20.0546640 AM","icl.exe","42776","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened" "11:31:20.0547171 AM","icl.exe","42776","DeviceIoControl","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64","INVALID PARAMETER","Control: IOCTL_MOUNTDEV_QUERY_DEVICE_NAME" "11:31:20.0547407 AM","icl.exe","42776","CloseFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64","SUCCESS","" "11:31:20.0548887 AM","icl.exe","42776","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open For Backup, Open Reparse Point, Attributes: N, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened" "11:31:20.0549267 AM","icl.exe","42776","FileSystemControl","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64","NOT REPARSE POINT","Control: FSCTL_GET_REPARSE_POINT" "11:31:20.0549537 AM","icl.exe","42776","CloseFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64","SUCCESS","" "11:31:20.0550804 AM","icl.exe","42776","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin","IS DIRECTORY","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a" "11:31:20.0551907 AM","icl.exe","42776","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open For Backup, Open Reparse Point, Attributes: N, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened" "11:31:20.0552291 AM","icl.exe","42776","FileSystemControl","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin","NOT REPARSE POINT","Control: FSCTL_GET_REPARSE_POINT" "11:31:20.0552556 AM","icl.exe","42776","CloseFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin","SUCCESS","" "11:31:20.0553777 AM","icl.exe","42776","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened" "11:31:20.0554175 AM","icl.exe","42776","CloseFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin","SUCCESS","" "11:31:20.0555379 AM","icl.exe","42776","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened" "11:31:20.0555926 AM","icl.exe","42776","DeviceIoControl","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin","INVALID PARAMETER","Control: IOCTL_MOUNTDEV_QUERY_DEVICE_NAME" "11:31:20.0556144 AM","icl.exe","42776","CloseFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin","SUCCESS","" "11:31:20.0557383 AM","icl.exe","42776","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open For Backup, Open Reparse Point, Attributes: N, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened" "11:31:20.0557775 AM","icl.exe","42776","FileSystemControl","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin","NOT REPARSE POINT","Control: FSCTL_GET_REPARSE_POINT" "11:31:20.0558264 AM","icl.exe","42776","CloseFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin","SUCCESS","" "11:31:20.0559546 AM","icl.exe","42776","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows","IS DIRECTORY","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a" "11:31:20.0560647 AM","icl.exe","42776","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open For Backup, Open Reparse Point, Attributes: N, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened" "11:31:20.0561041 AM","icl.exe","42776","FileSystemControl","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows","NOT REPARSE POINT","Control: FSCTL_GET_REPARSE_POINT" "11:31:20.0561342 AM","icl.exe","42776","CloseFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows","SUCCESS","" "11:31:20.0562555 AM","icl.exe","42776","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened" "11:31:20.0562939 AM","icl.exe","42776","CloseFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows","SUCCESS","" "11:31:20.0564102 AM","icl.exe","42776","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened" "11:31:20.0564585 AM","icl.exe","42776","DeviceIoControl","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows","INVALID PARAMETER","Control: IOCTL_MOUNTDEV_QUERY_DEVICE_NAME" "11:31:20.0564800 AM","icl.exe","42776","CloseFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows","SUCCESS","" "11:31:20.0566370 AM","icl.exe","42776","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open For Backup, Open Reparse Point, Attributes: N, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened" "11:31:20.0566790 AM","icl.exe","42776","FileSystemControl","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows","NOT REPARSE POINT","Control: FSCTL_GET_REPARSE_POINT" "11:31:20.0567036 AM","icl.exe","42776","CloseFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows","SUCCESS","" "11:31:20.0568424 AM","icl.exe","42776","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210","IS DIRECTORY","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a" "11:31:20.0569498 AM","icl.exe","42776","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open For Backup, Open Reparse Point, Attributes: N, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened" "11:31:20.0569848 AM","icl.exe","42776","FileSystemControl","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210","NOT REPARSE POINT","Control: FSCTL_GET_REPARSE_POINT" "11:31:20.0570046 AM","icl.exe","42776","CloseFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210","SUCCESS","" "11:31:20.0570976 AM","icl.exe","42776","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened" "11:31:20.0571411 AM","icl.exe","42776","CloseFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210","SUCCESS","" "11:31:20.0572254 AM","icl.exe","42776","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened" "11:31:20.0572707 AM","icl.exe","42776","DeviceIoControl","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210","INVALID PARAMETER","Control: IOCTL_MOUNTDEV_QUERY_DEVICE_NAME" "11:31:20.0572909 AM","icl.exe","42776","CloseFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210","SUCCESS","" "11:31:20.0574146 AM","icl.exe","42776","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open For Backup, Open Reparse Point, Attributes: N, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened" "11:31:20.0574566 AM","icl.exe","42776","FileSystemControl","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210","NOT REPARSE POINT","Control: FSCTL_GET_REPARSE_POINT" "11:31:20.0574844 AM","icl.exe","42776","CloseFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210","SUCCESS","" "11:31:20.0575920 AM","icl.exe","42776","CreateFile","C:\Program Files (x86)\IntelSWTools","IS DIRECTORY","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a" "11:31:20.0577047 AM","icl.exe","42776","CreateFile","C:\Program Files (x86)\IntelSWTools","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open For Backup, Open Reparse Point, Attributes: N, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened" "11:31:20.0577457 AM","icl.exe","42776","FileSystemControl","C:\Program Files (x86)\IntelSWTools","NOT REPARSE POINT","Control: FSCTL_GET_REPARSE_POINT" "11:31:20.0577720 AM","icl.exe","42776","CloseFile","C:\Program Files (x86)\IntelSWTools","SUCCESS","" "11:31:20.0579230 AM","icl.exe","42776","CreateFile","C:\Program Files (x86)\IntelSWTools","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened" "11:31:20.0579613 AM","icl.exe","42776","CloseFile","C:\Program Files (x86)\IntelSWTools","SUCCESS","" "11:31:20.0581247 AM","icl.exe","42776","CreateFile","C:\Program Files (x86)\IntelSWTools","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened" "11:31:20.0581719 AM","icl.exe","42776","DeviceIoControl","C:\Program Files (x86)\IntelSWTools","INVALID PARAMETER","Control: IOCTL_MOUNTDEV_QUERY_DEVICE_NAME" "11:31:20.0581891 AM","icl.exe","42776","CloseFile","C:\Program Files (x86)\IntelSWTools","SUCCESS","" "11:31:20.0582740 AM","icl.exe","42776","CreateFile","C:\Program Files (x86)\IntelSWTools","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open For Backup, Open Reparse Point, Attributes: N, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened" "11:31:20.0582991 AM","icl.exe","42776","FileSystemControl","C:\Program Files (x86)\IntelSWTools","NOT REPARSE POINT","Control: FSCTL_GET_REPARSE_POINT" "11:31:20.0583178 AM","icl.exe","42776","CloseFile","C:\Program Files (x86)\IntelSWTools","SUCCESS","" "11:31:20.0584028 AM","icl.exe","42776","CreateFile","C:\Program Files (x86)","IS DIRECTORY","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a" "11:31:20.0584821 AM","icl.exe","42776","CreateFile","C:\Program Files (x86)","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open For Backup, Open Reparse Point, Attributes: N, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened" "11:31:20.0585071 AM","icl.exe","42776","FileSystemControl","C:\Program Files (x86)","NOT REPARSE POINT","Control: FSCTL_GET_REPARSE_POINT" "11:31:20.0585251 AM","icl.exe","42776","CloseFile","C:\Program Files (x86)","SUCCESS","" "11:31:20.0586020 AM","icl.exe","42776","CreateFile","C:\Program Files (x86)","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened" "11:31:20.0586256 AM","icl.exe","42776","CloseFile","C:\Program Files (x86)","SUCCESS","" "11:31:20.0587002 AM","icl.exe","42776","CreateFile","C:\Program Files (x86)","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened" "11:31:20.0587325 AM","icl.exe","42776","DeviceIoControl","C:\Program Files (x86)","INVALID PARAMETER","Control: IOCTL_MOUNTDEV_QUERY_DEVICE_NAME" "11:31:20.0587466 AM","icl.exe","42776","CloseFile","C:\Program Files (x86)","SUCCESS","" "11:31:20.0588796 AM","icl.exe","42776","CreateFile","C:\Program Files (x86)","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open For Backup, Open Reparse Point, Attributes: N, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened" "11:31:20.0589125 AM","icl.exe","42776","FileSystemControl","C:\Program Files (x86)","NOT REPARSE POINT","Control: FSCTL_GET_REPARSE_POINT" "11:31:20.0589306 AM","icl.exe","42776","CloseFile","C:\Program Files (x86)","SUCCESS","" "11:31:20.0592171 AM","icl.exe","42776","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Control\DeviceClasses\{53f56307-b6bf-11d0-94f2-00a0c91efb8b}","REPARSE","Desired Access: Read" "11:31:20.0592330 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{53f56307-b6bf-11d0-94f2-00a0c91efb8b}","SUCCESS","Desired Access: Read" "11:31:20.0592534 AM","icl.exe","42776","RegEnumKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{53f56307-b6bf-11d0-94f2-00a0c91efb8b}","BUFFER TOO SMALL","Index: 0, Length: 0" "11:31:20.0592665 AM","icl.exe","42776","RegEnumKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{53f56307-b6bf-11d0-94f2-00a0c91efb8b}","SUCCESS","Index: 0, Name: ##?#SCSI#Disk&Ven_VMware&Prod_Virtual_disk#5&1ec51bf7&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}" "11:31:20.0593136 AM","icl.exe","42776","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Control\DeviceClasses\{53f56307-b6bf-11d0-94f2-00a0c91efb8b}\##?#SCSI#Disk&Ven_VMware&Prod_Virtual_disk#5&1ec51bf7&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}","REPARSE","Desired Access: Read, Maximum Allowed" "11:31:20.0593281 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{53f56307-b6bf-11d0-94f2-00a0c91efb8b}\##?#SCSI#Disk&Ven_VMware&Prod_Virtual_disk#5&1ec51bf7&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}","SUCCESS","Desired Access: Read, Maximum Allowed" "11:31:20.0593540 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\DeviceClasses\{53f56307-b6bf-11d0-94f2-00a0c91efb8b}\##?#SCSI#Disk&Ven_VMware&Prod_Virtual_disk#5&1ec51bf7&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}\DeviceInstance","SUCCESS","Type: REG_SZ, Length: 118, Data: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&1ec51bf7&0&000000" "11:31:20.0593724 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{53f56307-b6bf-11d0-94f2-00a0c91efb8b}\##?#SCSI#Disk&Ven_VMware&Prod_Virtual_disk#5&1ec51bf7&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}","SUCCESS","" "11:31:20.0593921 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{53f56307-b6bf-11d0-94f2-00a0c91efb8b}","SUCCESS","" "11:31:20.0594166 AM","icl.exe","42776","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Enum\SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&1ec51bf7&0&000000","REPARSE","Desired Access: Read, Maximum Allowed" "11:31:20.0594303 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Enum\SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&1ec51bf7&0&000000","SUCCESS","Desired Access: Read, Maximum Allowed" "11:31:20.0594548 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Enum\SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&1ec51bf7&0&000000\Class","NAME NOT FOUND","Length: 4,094" "11:31:20.0594698 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Enum\SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&1ec51bf7&0&000000","SUCCESS","" "11:31:20.0598355 AM","icl.exe","42776","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Control\Session Manager","REPARSE","Desired Access: Query Value, Enumerate Sub Keys" "11:31:20.0598523 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Session Manager","SUCCESS","Desired Access: Query Value, Enumerate Sub Keys" "11:31:20.0598679 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\Session Manager\ResourcePolicies","NAME NOT FOUND","Length: 24" "11:31:20.0598844 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Control\Session Manager","SUCCESS","" "11:31:20.0600551 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\ca967c75-04bf-40b5-9a16-98b5f9332a92","NAME NOT FOUND","Length: 528" "11:31:20.0601360 AM","icl.exe","42776","QueryNameInformationFile","C:\Windows\System32\sechost.dll","SUCCESS","Name: \Windows\System32\sechost.dll" "11:31:20.0601968 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\b6fd710b-f783-4b1c-ab9c-c68099dcc0c7","NAME NOT FOUND","Length: 528" "11:31:20.0602387 AM","icl.exe","42776","QueryNameInformationFile","C:\Windows\System32\sechost.dll","SUCCESS","Name: \Windows\System32\sechost.dll" "11:31:20.0603288 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\c1376338-0984-48b8-b933-9c7d779fd84d","NAME NOT FOUND","Length: 528" "11:31:20.0603699 AM","icl.exe","42776","QueryNameInformationFile","C:\Windows\System32\advapi32.dll","SUCCESS","Name: \Windows\System32\advapi32.dll" "11:31:20.0609976 AM","icl.exe","42776","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access" "11:31:20.0610187 AM","icl.exe","42776","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" "11:31:20.0610331 AM","icl.exe","42776","RegOpenKey","HKLM\SOFTWARE\Microsoft\OLE","SUCCESS","Desired Access: Read" "11:31:20.0610504 AM","icl.exe","42776","RegQueryValue","HKLM\SOFTWARE\Microsoft\Ole\PageAllocatorUseSystemHeap","NAME NOT FOUND","Length: 20" "11:31:20.0610701 AM","icl.exe","42776","RegCloseKey","HKLM\SOFTWARE\Microsoft\Ole","SUCCESS","" "11:31:20.0610808 AM","icl.exe","42776","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" "11:31:20.0610922 AM","icl.exe","42776","RegOpenKey","HKLM\SOFTWARE\Microsoft\OLE","SUCCESS","Desired Access: Read" "11:31:20.0611041 AM","icl.exe","42776","RegQueryValue","HKLM\SOFTWARE\Microsoft\Ole\PageAllocatorSystemHeapIsPrivate","NAME NOT FOUND","Length: 20" "11:31:20.0611169 AM","icl.exe","42776","RegCloseKey","HKLM\SOFTWARE\Microsoft\Ole","SUCCESS","" "11:31:20.0611266 AM","icl.exe","42776","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" "11:31:20.0611375 AM","icl.exe","42776","RegOpenKey","HKLM\SOFTWARE\Microsoft\OLE","SUCCESS","Desired Access: Read" "11:31:20.0611491 AM","icl.exe","42776","RegQueryValue","HKLM\SOFTWARE\Microsoft\Ole\AggressiveMTATesting","NAME NOT FOUND","Length: 16" "11:31:20.0611612 AM","icl.exe","42776","RegCloseKey","HKLM\SOFTWARE\Microsoft\Ole","SUCCESS","" "11:31:20.0612604 AM","icl.exe","42776","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" "11:31:20.0612723 AM","icl.exe","42776","RegOpenKey","HKLM","SUCCESS","Desired Access: Read" "11:31:20.0612856 AM","icl.exe","42776","RegSetInfoKey","HKLM","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" "11:31:20.0612959 AM","icl.exe","42776","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x100" "11:31:20.0613070 AM","icl.exe","42776","RegOpenKey","HKLM\Software\Microsoft\Ole\FeatureDevelopmentProperties","NAME NOT FOUND","Desired Access: Read" "11:31:20.0613287 AM","icl.exe","42776","RegOpenKey","HKLM\SOFTWARE\Microsoft\AppModel\Lookaside\Packages","NAME NOT FOUND","Desired Access: Read" "11:31:20.0613491 AM","icl.exe","42776","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x100" "11:31:20.0613610 AM","icl.exe","42776","RegOpenKey","HKLM\Software\Microsoft\Ole\FeatureDevelopmentProperties","NAME NOT FOUND","Desired Access: Read" "11:31:20.0613761 AM","icl.exe","42776","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x100" "11:31:20.0613875 AM","icl.exe","42776","RegOpenKey","HKLM\Software\Microsoft\Ole","SUCCESS","Desired Access: Read" "11:31:20.0615112 AM","icl.exe","42776","RegOpenKey","HKCU","SUCCESS","Desired Access: Read" "11:31:20.0615349 AM","icl.exe","42776","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0" "11:31:20.0615467 AM","icl.exe","42776","RegOpenKey","HKCU\Software\Classes\Local Settings","REPARSE","Desired Access: Read" "11:31:20.0615615 AM","icl.exe","42776","RegOpenKey","HKCU\Software\Classes\Local Settings","SUCCESS","Desired Access: Read" "11:31:20.0615773 AM","icl.exe","42776","RegSetInfoKey","HKCU\Software\Classes\Local Settings","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" "11:31:20.0615893 AM","icl.exe","42776","RegCloseKey","HKCU","SUCCESS","" "11:31:20.0615996 AM","icl.exe","42776","RegQueryKey","HKCU\Software\Classes\Local Settings","SUCCESS","Query: HandleTags, HandleTags: 0x100" "11:31:20.0616111 AM","icl.exe","42776","RegOpenKey","HKCU\Software\Classes\Local Settings\Software\Microsoft\Ole\FeatureDevelopmentProperties","NAME NOT FOUND","Desired Access: Read" "11:31:20.0616262 AM","icl.exe","42776","RegQueryKey","HKCU\Software\Classes\Local Settings","SUCCESS","Query: HandleTags, HandleTags: 0x100" "11:31:20.0616374 AM","icl.exe","42776","RegOpenKey","HKCU\Software\Classes\Local Settings\Software\Microsoft\Ole\FeatureDevelopmentProperties","NAME NOT FOUND","Desired Access: Read" "11:31:20.0616511 AM","icl.exe","42776","RegQueryKey","HKCU\Software\Classes\Local Settings","SUCCESS","Query: HandleTags, HandleTags: 0x100" "11:31:20.0616791 AM","icl.exe","42776","RegOpenKey","HKCU\Software\Classes\Local Settings\Software\Microsoft\Ole","NAME NOT FOUND","Desired Access: Read" "11:31:20.0616920 AM","icl.exe","42776","RegQueryKey","HKCU\Software\Classes\Local Settings","SUCCESS","Query: HandleTags, HandleTags: 0x100" "11:31:20.0617028 AM","icl.exe","42776","RegOpenKey","HKCU\Software\Classes\Local Settings\Software\Microsoft","SUCCESS","Desired Access: Read" "11:31:20.0617542 AM","icl.exe","42776","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" "11:31:20.0617650 AM","icl.exe","42776","RegOpenKey","HKLM\Software\Microsoft\OLE\Tracing","NAME NOT FOUND","Desired Access: Read" "11:31:20.0618446 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\1aff6089-e863-4d36-bdfd-3581f07440be","NAME NOT FOUND","Length: 528" "11:31:20.0619169 AM","icl.exe","42776","QueryNameInformationFile","C:\Windows\System32\combase.dll","SUCCESS","Name: \Windows\System32\combase.dll" "11:31:20.0619494 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\f0558438-f56a-5987-47da-040ca75aef05","NAME NOT FOUND","Length: 528" "11:31:20.0619905 AM","icl.exe","42776","QueryNameInformationFile","C:\Windows\System32\combase.dll","SUCCESS","Name: \Windows\System32\combase.dll" "11:31:20.0620807 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\c7e09e2a-c663-5399-af79-2fccd321d19a","NAME NOT FOUND","Length: 528" "11:31:20.0621211 AM","icl.exe","42776","QueryNameInformationFile","C:\Windows\System32\combase.dll","SUCCESS","Name: \Windows\System32\combase.dll" "11:31:20.0621485 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\703fcc13-b66f-5868-ddd9-e2db7f381ffb","NAME NOT FOUND","Length: 528" "11:31:20.0621875 AM","icl.exe","42776","QueryNameInformationFile","C:\Windows\System32\combase.dll","SUCCESS","Name: \Windows\System32\combase.dll" "11:31:20.0623888 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Error Message Instrument\","REPARSE","Desired Access: Read" "11:31:20.0624063 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Error Message Instrument","NAME NOT FOUND","Desired Access: Read" "11:31:20.0624446 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\f25bcd2e-2690-55dc-3bc4-07b65b1b41c9","NAME NOT FOUND","Length: 528" "11:31:20.0624967 AM","icl.exe","42776","QueryNameInformationFile","C:\Windows\System32\user32.dll","SUCCESS","Name: \Windows\System32\user32.dll" "11:31:20.0625368 AM","icl.exe","42776","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options","SUCCESS","Desired Access: Query Value, Enumerate Sub Keys" "11:31:20.0625595 AM","icl.exe","42776","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\icl.exe","NAME NOT FOUND","Desired Access: Query Value, Enumerate Sub Keys" "11:31:20.0625765 AM","icl.exe","42776","RegOpenKey","HKLM\Software\Policies\Microsoft\Windows\Display","NAME NOT FOUND","Desired Access: Read" "11:31:20.0626024 AM","icl.exe","42776","RegOpenKey","HKLM\Software\Policies\Microsoft\Windows\Display","NAME NOT FOUND","Desired Access: Read" "11:31:20.0626175 AM","icl.exe","42776","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\icl.exe","NAME NOT FOUND","Desired Access: Query Value, Enumerate Sub Keys" "11:31:20.0626314 AM","icl.exe","42776","RegOpenKey","HKLM\Software\Policies\Microsoft\Windows\Display","NAME NOT FOUND","Desired Access: Read" "11:31:20.0626462 AM","icl.exe","42776","RegOpenKey","HKLM\Software\Policies\Microsoft\Windows\Display","NAME NOT FOUND","Desired Access: Read" "11:31:20.0626816 AM","icl.exe","42776","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\GRE_Initialize","SUCCESS","Desired Access: Read" "11:31:20.0626993 AM","icl.exe","42776","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles","NAME NOT FOUND","Length: 20" "11:31:20.0627153 AM","icl.exe","42776","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize","SUCCESS","" "11:31:20.0627306 AM","icl.exe","42776","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\GRE_Initialize","SUCCESS","Desired Access: Read" "11:31:20.0627454 AM","icl.exe","42776","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableUmpdBufferSizeCheck","NAME NOT FOUND","Length: 20" "11:31:20.0627599 AM","icl.exe","42776","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize","SUCCESS","" "11:31:20.0628254 AM","icl.exe","42776","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\icl.exe","NAME NOT FOUND","Desired Access: Read" "11:31:20.0628585 AM","icl.exe","42776","RegOpenKey","HKCU\Control Panel\Desktop","SUCCESS","Desired Access: Read" "11:31:20.0628786 AM","icl.exe","42776","RegQueryValue","HKCU\Control Panel\Desktop\EnablePerProcessSystemDPI","NAME NOT FOUND","Length: 20" "11:31:20.0628999 AM","icl.exe","42776","RegCloseKey","HKCU\Control Panel\Desktop","SUCCESS","" "11:31:20.0629954 AM","icl.exe","42776","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\Compatibility32","SUCCESS","Desired Access: Read" "11:31:20.0630150 AM","icl.exe","42776","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Compatibility32\icl","NAME NOT FOUND","Length: 172" "11:31:20.0630346 AM","icl.exe","42776","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Compatibility32","SUCCESS","" "11:31:20.0630532 AM","icl.exe","42776","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\IME Compatibility","NAME NOT FOUND","Desired Access: Read" "11:31:20.0634842 AM","icl.exe","42776","CreateFile","C:\Windows\System32\edgegdi.dll","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a" "11:31:20.0636402 AM","icl.exe","42776","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" "11:31:20.0636607 AM","icl.exe","42776","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows","SUCCESS","Desired Access: Read" "11:31:20.0637403 AM","icl.exe","42776","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\LoadAppInit_DLLs","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0" "11:31:20.0637678 AM","icl.exe","42776","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows","SUCCESS","" "11:31:20.0638143 AM","icl.exe","42776","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\icl.exe","NAME NOT FOUND","Desired Access: Query Value, Enumerate Sub Keys" "11:31:20.0639884 AM","icl.exe","42776","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" "11:31:20.0640708 AM","icl.exe","42776","RegOpenKey","HKLM\Software\Microsoft\OLE\Tracing","NAME NOT FOUND","Desired Access: Read" "11:31:20.0641342 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\1aff6089-e863-4d36-bdfd-3581f07440be","NAME NOT FOUND","Length: 528" "11:31:20.0641973 AM","icl.exe","42776","QueryNameInformationFile","C:\Windows\System32\ole32.dll","SUCCESS","Name: \Windows\System32\ole32.dll" "11:31:20.0642313 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\f0558438-f56a-5987-47da-040ca75aef05","NAME NOT FOUND","Length: 528" "11:31:20.0642740 AM","icl.exe","42776","QueryNameInformationFile","C:\Windows\System32\ole32.dll","SUCCESS","Name: \Windows\System32\ole32.dll" "11:31:20.0644228 AM","icl.exe","42776","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" "11:31:20.0644378 AM","icl.exe","42776","RegOpenKey","HKLM\SOFTWARE\Microsoft\OLEAUT","NAME NOT FOUND","Desired Access: Query Value" "11:31:20.0647002 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\30336ed4-e327-447c-9de0-51b652c86108","NAME NOT FOUND","Length: 528" "11:31:20.0647542 AM","icl.exe","42776","QueryNameInformationFile","C:\Windows\System32\shell32.dll","SUCCESS","Name: \Windows\System32\shell32.dll" "11:31:20.0648088 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\32980f26-c8f5-5767-6b26-635b3fa83c61","NAME NOT FOUND","Length: 528" "11:31:20.0648524 AM","icl.exe","42776","QueryNameInformationFile","C:\Windows\System32\shell32.dll","SUCCESS","Name: \Windows\System32\shell32.dll" "11:31:20.0648815 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\703fcc13-b66f-5868-ddd9-e2db7f381ffb","NAME NOT FOUND","Length: 528" "11:31:20.0649208 AM","icl.exe","42776","QueryNameInformationFile","C:\Windows\System32\shell32.dll","SUCCESS","Name: \Windows\System32\shell32.dll" "11:31:20.0649794 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\f3a71a4b-6118-4257-8ccb-39a33ba059d4","NAME NOT FOUND","Length: 528" "11:31:20.0650193 AM","icl.exe","42776","QueryNameInformationFile","C:\Windows\System32\bcrypt.dll","SUCCESS","Name: \Windows\System32\bcrypt.dll" "11:31:20.0651555 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\1cba82b8-2b26-4d68-8447-1a3b85805b6a","NAME NOT FOUND","Length: 528" "11:31:20.0651957 AM","icl.exe","42776","QueryNameInformationFile","C:\Windows\System32\msi.dll","SUCCESS","Name: \Windows\System32\msi.dll" "11:31:20.0652276 AM","icl.exe","42776","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" "11:31:20.0652441 AM","icl.exe","42776","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Control\FileSystem","REPARSE","Desired Access: Read" "11:31:20.0652593 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\FileSystem","SUCCESS","Desired Access: Read" "11:31:20.0652738 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\FileSystem\Win31FileSystem","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0" "11:31:20.0652914 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Control\FileSystem","SUCCESS","" "11:31:20.0655493 AM","icl.exe","42776","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\OLEACCRC.DLL","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a" "11:31:20.0657030 AM","icl.exe","42776","CreateFile","C:\Windows\System32\oleaccrc.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:20.0657409 AM","icl.exe","42776","QueryBasicInformationFile","C:\Windows\System32\oleaccrc.dll","SUCCESS","CreationTime: 12/7/2019 2:09:05 AM, LastAccessTime: 3/25/2021 11:31:16 AM, LastWriteTime: 12/7/2019 2:09:05 AM, ChangeTime: 3/10/2021 10:24:06 PM, FileAttributes: A" "11:31:20.0657519 AM","icl.exe","42776","CloseFile","C:\Windows\System32\oleaccrc.dll","SUCCESS","" "11:31:20.0658548 AM","icl.exe","42776","CreateFile","C:\Windows\System32\oleaccrc.dll","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:20.0658973 AM","icl.exe","42776","CreateFileMapping","C:\Windows\System32\oleaccrc.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_WRITECOPY|PAGE_NOCACHE" "11:31:20.0659093 AM","icl.exe","42776","QueryStandardInformationFile","C:\Windows\System32\oleaccrc.dll","SUCCESS","AllocationSize: 8,192, EndOfFile: 4,608, NumberOfLinks: 2, DeletePending: False, Directory: False" "11:31:20.0659298 AM","icl.exe","42776","CreateFileMapping","C:\Windows\System32\oleaccrc.dll","SUCCESS","SyncType: SyncTypeOther" "11:31:20.0659809 AM","icl.exe","42776","CloseFile","C:\Windows\System32\oleaccrc.dll","SUCCESS","" "11:31:20.0660879 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\c69cb70a-3133-4cca-ab0e-046848effcda","NAME NOT FOUND","Length: 528" "11:31:20.0661388 AM","icl.exe","42776","QueryNameInformationFile","C:\Windows\System32\winspool.drv","SUCCESS","Name: \Windows\System32\winspool.drv" "11:31:20.0663547 AM","icl.exe","42776","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Control\Session Manager","REPARSE","Desired Access: Query Value, Enumerate Sub Keys" "11:31:20.0663728 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Session Manager","SUCCESS","Desired Access: Query Value, Enumerate Sub Keys" "11:31:20.0663876 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\Session Manager\ResourcePolicies","NAME NOT FOUND","Length: 24" "11:31:20.0664038 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Control\Session Manager","SUCCESS","" "11:31:20.0668186 AM","icl.exe","42776","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\shfolder.dll","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a" "11:31:20.0669686 AM","icl.exe","42776","CreateFile","C:\Windows\System32\shfolder.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:20.0670059 AM","icl.exe","42776","QueryBasicInformationFile","C:\Windows\System32\shfolder.dll","SUCCESS","CreationTime: 12/7/2019 2:09:09 AM, LastAccessTime: 3/25/2021 11:31:16 AM, LastWriteTime: 12/7/2019 2:09:09 AM, ChangeTime: 3/10/2021 10:24:06 PM, FileAttributes: A" "11:31:20.0670177 AM","icl.exe","42776","CloseFile","C:\Windows\System32\shfolder.dll","SUCCESS","" "11:31:20.0670993 AM","icl.exe","42776","CreateFile","C:\Windows\System32\shfolder.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:20.0671353 AM","icl.exe","42776","CreateFileMapping","C:\Windows\System32\shfolder.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_WRITECOPY|PAGE_NOCACHE" "11:31:20.0676618 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Read" "11:31:20.0676900 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Read" "11:31:20.0677156 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 20" "11:31:20.0677459 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","" "11:31:20.0677737 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Query Value" "11:31:20.0677976 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Query Value" "11:31:20.0678397 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 80" "11:31:20.0678637 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","" "11:31:20.0679363 AM","icl.exe","42776","CreateFileMapping","C:\Windows\System32\shfolder.dll","SUCCESS","SyncType: SyncTypeOther" "11:31:20.0681643 AM","icl.exe","42776","Load Image","C:\Windows\System32\shfolder.dll","SUCCESS","Image Base: 0x7ffbce4b0000, Image Size: 0x7000" "11:31:20.0682433 AM","icl.exe","42776","CloseFile","C:\Windows\System32\shfolder.dll","SUCCESS","" "11:31:20.0684618 AM","icl.exe","42776","CreateFile","C:\Windows\System32\windows.storage.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:20.0684907 AM","icl.exe","42776","QueryBasicInformationFile","C:\Windows\System32\windows.storage.dll","SUCCESS","CreationTime: 3/10/2021 10:21:44 PM, LastAccessTime: 3/25/2021 11:31:16 AM, LastWriteTime: 3/10/2021 10:21:45 PM, ChangeTime: 3/10/2021 10:53:06 PM, FileAttributes: A" "11:31:20.0685022 AM","icl.exe","42776","CloseFile","C:\Windows\System32\windows.storage.dll","SUCCESS","" "11:31:20.0685835 AM","icl.exe","42776","CreateFile","C:\Windows\System32\windows.storage.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:20.0686110 AM","icl.exe","42776","CreateFileMapping","C:\Windows\System32\windows.storage.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_WRITECOPY|PAGE_NOCACHE" "11:31:20.0687022 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Read" "11:31:20.0687201 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Read" "11:31:20.0687351 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 20" "11:31:20.0687519 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","" "11:31:20.0687673 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Query Value" "11:31:20.0687821 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Query Value" "11:31:20.0687959 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 80" "11:31:20.0688288 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","" "11:31:20.0688431 AM","icl.exe","42776","CreateFileMapping","C:\Windows\System32\windows.storage.dll","SUCCESS","SyncType: SyncTypeOther" "11:31:20.0690952 AM","icl.exe","42776","Load Image","C:\Windows\System32\windows.storage.dll","SUCCESS","Image Base: 0x7ffbd8df0000, Image Size: 0x790000" "11:31:20.0692320 AM","icl.exe","42776","CloseFile","C:\Windows\System32\windows.storage.dll","SUCCESS","" "11:31:20.0694237 AM","icl.exe","42776","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\Wldp.dll","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a" "11:31:20.0695647 AM","icl.exe","42776","CreateFile","C:\Windows\System32\wldp.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:20.0696008 AM","icl.exe","42776","QueryBasicInformationFile","C:\Windows\System32\wldp.dll","SUCCESS","CreationTime: 2/17/2021 8:53:40 AM, LastAccessTime: 3/25/2021 11:31:16 AM, LastWriteTime: 2/17/2021 8:53:40 AM, ChangeTime: 3/10/2021 10:24:06 PM, FileAttributes: A" "11:31:20.0696124 AM","icl.exe","42776","CloseFile","C:\Windows\System32\wldp.dll","SUCCESS","" "11:31:20.0696947 AM","icl.exe","42776","CreateFile","C:\Windows\System32\wldp.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:20.0697296 AM","icl.exe","42776","CreateFileMapping","C:\Windows\System32\wldp.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_WRITECOPY|PAGE_NOCACHE" "11:31:20.0698749 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Read" "11:31:20.0698931 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Read" "11:31:20.0699100 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 20" "11:31:20.0699274 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","" "11:31:20.0699424 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Query Value" "11:31:20.0699570 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Query Value" "11:31:20.0699708 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 80" "11:31:20.0699860 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","" "11:31:20.0700006 AM","icl.exe","42776","CreateFileMapping","C:\Windows\System32\wldp.dll","SUCCESS","SyncType: SyncTypeOther" "11:31:20.0702248 AM","icl.exe","42776","Load Image","C:\Windows\System32\wldp.dll","SUCCESS","Image Base: 0x7ffbda600000, Image Size: 0x2c000" "11:31:20.0703005 AM","icl.exe","42776","CloseFile","C:\Windows\System32\wldp.dll","SUCCESS","" "11:31:20.0706367 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\9a2edb8f-5883-499f-aced-6e4b69d43ddf","NAME NOT FOUND","Length: 528" "11:31:20.0706895 AM","icl.exe","42776","QueryNameInformationFile","C:\Windows\System32\wldp.dll","SUCCESS","Name: \Windows\System32\wldp.dll" "11:31:20.0709521 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\30336ed4-e327-447c-9de0-51b652c86108","NAME NOT FOUND","Length: 528" "11:31:20.0709982 AM","icl.exe","42776","QueryNameInformationFile","C:\Windows\System32\windows.storage.dll","SUCCESS","Name: \Windows\System32\windows.storage.dll" "11:31:20.0710474 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\a40b455c-253c-4311-ac6d-6e667edccefc","NAME NOT FOUND","Length: 528" "11:31:20.0710879 AM","icl.exe","42776","QueryNameInformationFile","C:\Windows\System32\windows.storage.dll","SUCCESS","Name: \Windows\System32\windows.storage.dll" "11:31:20.0711199 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\703fcc13-b66f-5868-ddd9-e2db7f381ffb","NAME NOT FOUND","Length: 528" "11:31:20.0711603 AM","icl.exe","42776","QueryNameInformationFile","C:\Windows\System32\windows.storage.dll","SUCCESS","Name: \Windows\System32\windows.storage.dll" "11:31:20.0711898 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\32980f26-c8f5-5767-6b26-635b3fa83c61","NAME NOT FOUND","Length: 528" "11:31:20.0712286 AM","icl.exe","42776","QueryNameInformationFile","C:\Windows\System32\windows.storage.dll","SUCCESS","Name: \Windows\System32\windows.storage.dll" "11:31:20.0713998 AM","icl.exe","42776","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" "11:31:20.0714162 AM","icl.exe","42776","RegOpenKey","HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions","SUCCESS","Desired Access: Read" "11:31:20.0714584 AM","icl.exe","42776","RegQueryKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions","SUCCESS","Query: HandleTags, HandleTags: 0x0" "11:31:20.0714713 AM","icl.exe","42776","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{905E63B6-C1BF-494E-B29C-65B732D3D21A}","SUCCESS","Desired Access: Read" "11:31:20.0714887 AM","icl.exe","42776","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions","SUCCESS","" "11:31:20.0715020 AM","icl.exe","42776","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\Category","SUCCESS","Type: REG_DWORD, Length: 4, Data: 2" "11:31:20.0715170 AM","icl.exe","42776","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\Name","SUCCESS","Type: REG_SZ, Length: 26, Data: ProgramFiles" "11:31:20.0715319 AM","icl.exe","42776","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\ParentFolder","NAME NOT FOUND","Length: 90" "11:31:20.0715457 AM","icl.exe","42776","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\Description","NAME NOT FOUND","Length: 144" "11:31:20.0715571 AM","icl.exe","42776","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\RelativePath","NAME NOT FOUND","Length: 144" "11:31:20.0715683 AM","icl.exe","42776","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\ParsingName","NAME NOT FOUND","Length: 144" "11:31:20.0715809 AM","icl.exe","42776","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\InfoTip","NAME NOT FOUND","Length: 144" "11:31:20.0715920 AM","icl.exe","42776","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\LocalizedName","SUCCESS","Type: REG_EXPAND_SZ, Length: 84, Data: @%SystemRoot%\system32\shell32.dll,-21781" "11:31:20.0716048 AM","icl.exe","42776","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\Icon","NAME NOT FOUND","Length: 144" "11:31:20.0716157 AM","icl.exe","42776","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\Security","NAME NOT FOUND","Length: 144" "11:31:20.0716266 AM","icl.exe","42776","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\StreamResource","NAME NOT FOUND","Length: 144" "11:31:20.0716378 AM","icl.exe","42776","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\StreamResourceType","NAME NOT FOUND","Length: 144" "11:31:20.0716489 AM","icl.exe","42776","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\LocalRedirectOnly","NAME NOT FOUND","Length: 16" "11:31:20.0716600 AM","icl.exe","42776","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\Roamable","NAME NOT FOUND","Length: 16" "11:31:20.0716929 AM","icl.exe","42776","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\PreCreate","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1" "11:31:20.0717058 AM","icl.exe","42776","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\Stream","NAME NOT FOUND","Length: 16" "11:31:20.0717171 AM","icl.exe","42776","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\PublishExpandedPath","NAME NOT FOUND","Length: 16" "11:31:20.0717311 AM","icl.exe","42776","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\DefinitionFlags","NAME NOT FOUND","Length: 16" "11:31:20.0717477 AM","icl.exe","42776","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\Attributes","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1" "11:31:20.0717654 AM","icl.exe","42776","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\FolderTypeID","NAME NOT FOUND","Length: 90" "11:31:20.0717787 AM","icl.exe","42776","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\InitFolderHandler","NAME NOT FOUND","Length: 90" "11:31:20.0718562 AM","icl.exe","42776","RegQueryKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{905e63b6-c1bf-494e-b29c-65b732d3d21a}","SUCCESS","Query: HandleTags, HandleTags: 0x0" "11:31:20.0718710 AM","icl.exe","42776","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\PropertyBag","SUCCESS","Desired Access: Read" "11:31:20.0718932 AM","icl.exe","42776","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{905e63b6-c1bf-494e-b29c-65b732d3d21a}","SUCCESS","" "11:31:20.0719197 AM","icl.exe","42776","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" "11:31:20.0719325 AM","icl.exe","42776","RegOpenKey","HKLM\Software\Microsoft\Windows\CurrentVersion","SUCCESS","Desired Access: Read" "11:31:20.0719486 AM","icl.exe","42776","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir","SUCCESS","Type: REG_SZ, Length: 34, Data: C:\Program Files" "11:31:20.0719629 AM","icl.exe","42776","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion","SUCCESS","" "11:31:20.0721468 AM","icl.exe","42776","CreateFile","C:\Program Files","NAME COLLISION","Desired Access: Read Data/List Directory, Synchronize, Disposition: Create, Options: Directory, Synchronous IO Non-Alert, Open For Backup, Open Reparse Point, Attributes: N, ShareMode: Read, Write, AllocationSize: 0" "11:31:20.0722938 AM","icl.exe","42776","CreateFile","C:\Program Files","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:20.0723201 AM","icl.exe","42776","QueryBasicInformationFile","C:\Program Files","SUCCESS","CreationTime: 12/7/2019 2:14:52 AM, LastAccessTime: 3/25/2021 11:31:17 AM, LastWriteTime: 3/5/2021 10:22:09 AM, ChangeTime: 3/5/2021 10:22:09 AM, FileAttributes: RD" "11:31:20.0723322 AM","icl.exe","42776","CloseFile","C:\Program Files","SUCCESS","" "11:31:20.0723689 AM","icl.exe","42776","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" "11:31:20.0723866 AM","icl.exe","42776","RegOpenKey","HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\KnownFolderSettings","NAME NOT FOUND","Desired Access: Query Value" "11:31:20.0724052 AM","icl.exe","42776","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" "11:31:20.0724165 AM","icl.exe","42776","RegOpenKey","HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\KnownFolderSettings","NAME NOT FOUND","Desired Access: Query Value" "11:31:20.0724594 AM","icl.exe","42776","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" "11:31:20.0724714 AM","icl.exe","42776","RegOpenKey","HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions","SUCCESS","Desired Access: Read" "11:31:20.0724867 AM","icl.exe","42776","RegQueryKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions","SUCCESS","Query: HandleTags, HandleTags: 0x0" "11:31:20.0724989 AM","icl.exe","42776","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}","SUCCESS","Desired Access: Read" "11:31:20.0725153 AM","icl.exe","42776","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions","SUCCESS","" "11:31:20.0725265 AM","icl.exe","42776","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\Category","SUCCESS","Type: REG_DWORD, Length: 4, Data: 2" "11:31:20.0725396 AM","icl.exe","42776","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\Name","SUCCESS","Type: REG_SZ, Length: 38, Data: ProgramFilesCommon" "11:31:20.0725529 AM","icl.exe","42776","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\ParentFolder","NAME NOT FOUND","Length: 90" "11:31:20.0725645 AM","icl.exe","42776","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\Description","NAME NOT FOUND","Length: 144" "11:31:20.0725785 AM","icl.exe","42776","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\RelativePath","NAME NOT FOUND","Length: 144" "11:31:20.0725917 AM","icl.exe","42776","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\ParsingName","NAME NOT FOUND","Length: 144" "11:31:20.0726029 AM","icl.exe","42776","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\InfoTip","NAME NOT FOUND","Length: 144" "11:31:20.0726532 AM","icl.exe","42776","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\LocalizedName","NAME NOT FOUND","Length: 144" "11:31:20.0726683 AM","icl.exe","42776","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\Icon","NAME NOT FOUND","Length: 144" "11:31:20.0726797 AM","icl.exe","42776","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\Security","NAME NOT FOUND","Length: 144" "11:31:20.0726905 AM","icl.exe","42776","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\StreamResource","NAME NOT FOUND","Length: 144" "11:31:20.0727037 AM","icl.exe","42776","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\StreamResourceType","NAME NOT FOUND","Length: 144" "11:31:20.0727178 AM","icl.exe","42776","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\LocalRedirectOnly","NAME NOT FOUND","Length: 16" "11:31:20.0727321 AM","icl.exe","42776","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\Roamable","NAME NOT FOUND","Length: 16" "11:31:20.0727471 AM","icl.exe","42776","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\PreCreate","NAME NOT FOUND","Length: 16" "11:31:20.0727616 AM","icl.exe","42776","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\Stream","NAME NOT FOUND","Length: 16" "11:31:20.0728155 AM","icl.exe","42776","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\PublishExpandedPath","NAME NOT FOUND","Length: 16" "11:31:20.0728346 AM","icl.exe","42776","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\DefinitionFlags","NAME NOT FOUND","Length: 16" "11:31:20.0728488 AM","icl.exe","42776","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\Attributes","NAME NOT FOUND","Length: 16" "11:31:20.0728795 AM","icl.exe","42776","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\FolderTypeID","NAME NOT FOUND","Length: 90" "11:31:20.0729064 AM","icl.exe","42776","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\InitFolderHandler","NAME NOT FOUND","Length: 90" "11:31:20.0729206 AM","icl.exe","42776","RegQueryKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}","SUCCESS","Query: HandleTags, HandleTags: 0x0" "11:31:20.0729338 AM","icl.exe","42776","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\PropertyBag","NAME NOT FOUND","Desired Access: Read" "11:31:20.0729514 AM","icl.exe","42776","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}","SUCCESS","" "11:31:20.0729662 AM","icl.exe","42776","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" "11:31:20.0729777 AM","icl.exe","42776","RegOpenKey","HKLM\Software\Microsoft\Windows\CurrentVersion","SUCCESS","Desired Access: Read" "11:31:20.0729914 AM","icl.exe","42776","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\CommonFilesDir","SUCCESS","Type: REG_SZ, Length: 60, Data: C:\Program Files\Common Files" "11:31:20.0730059 AM","icl.exe","42776","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion","SUCCESS","" "11:31:20.0730975 AM","icl.exe","42776","CreateFile","C:\Program Files\Common Files","NAME COLLISION","Desired Access: Read Data/List Directory, Synchronize, Disposition: Create, Options: Directory, Synchronous IO Non-Alert, Open For Backup, Open Reparse Point, Attributes: N, ShareMode: Read, Write, AllocationSize: 0" "11:31:20.0732547 AM","icl.exe","42776","CreateFile","C:\Program Files\Common Files","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:20.0732814 AM","icl.exe","42776","QueryBasicInformationFile","C:\Program Files\Common Files","SUCCESS","CreationTime: 12/7/2019 2:14:52 AM, LastAccessTime: 3/25/2021 11:31:10 AM, LastWriteTime: 3/5/2021 10:13:45 AM, ChangeTime: 3/5/2021 10:13:45 AM, FileAttributes: D" "11:31:20.0732939 AM","icl.exe","42776","CloseFile","C:\Program Files\Common Files","SUCCESS","" "11:31:20.0733414 AM","icl.exe","42776","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" "11:31:20.0733559 AM","icl.exe","42776","RegOpenKey","HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions","SUCCESS","Desired Access: Read" "11:31:20.0733716 AM","icl.exe","42776","RegQueryKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions","SUCCESS","Query: HandleTags, HandleTags: 0x0" "11:31:20.0733830 AM","icl.exe","42776","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}","SUCCESS","Desired Access: Read" "11:31:20.0733980 AM","icl.exe","42776","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions","SUCCESS","" "11:31:20.0734088 AM","icl.exe","42776","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\Category","SUCCESS","Type: REG_DWORD, Length: 4, Data: 2" "11:31:20.0734214 AM","icl.exe","42776","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\Name","SUCCESS","Type: REG_SZ, Length: 30, Data: Common AppData" "11:31:20.0734346 AM","icl.exe","42776","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\ParentFolder","NAME NOT FOUND","Length: 90" "11:31:20.0734461 AM","icl.exe","42776","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\Description","NAME NOT FOUND","Length: 144" "11:31:20.0734571 AM","icl.exe","42776","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\RelativePath","NAME NOT FOUND","Length: 144" "11:31:20.0734703 AM","icl.exe","42776","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\ParsingName","NAME NOT FOUND","Length: 144" "11:31:20.0735058 AM","icl.exe","42776","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\InfoTip","NAME NOT FOUND","Length: 144" "11:31:20.0735216 AM","icl.exe","42776","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\LocalizedName","NAME NOT FOUND","Length: 144" "11:31:20.0735462 AM","icl.exe","42776","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\Icon","NAME NOT FOUND","Length: 144" "11:31:20.0735572 AM","icl.exe","42776","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\Security","NAME NOT FOUND","Length: 144" "11:31:20.0736047 AM","icl.exe","42776","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\StreamResource","NAME NOT FOUND","Length: 144" "11:31:20.0736161 AM","icl.exe","42776","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\StreamResourceType","NAME NOT FOUND","Length: 144" "11:31:20.0736271 AM","icl.exe","42776","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\LocalRedirectOnly","NAME NOT FOUND","Length: 16" "11:31:20.0736601 AM","icl.exe","42776","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\Roamable","NAME NOT FOUND","Length: 16" "11:31:20.0736721 AM","icl.exe","42776","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\PreCreate","NAME NOT FOUND","Length: 16" "11:31:20.0736828 AM","icl.exe","42776","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\Stream","NAME NOT FOUND","Length: 16" "11:31:20.0736933 AM","icl.exe","42776","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\PublishExpandedPath","NAME NOT FOUND","Length: 16" "11:31:20.0737038 AM","icl.exe","42776","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\DefinitionFlags","NAME NOT FOUND","Length: 16" "11:31:20.0737145 AM","icl.exe","42776","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\Attributes","NAME NOT FOUND","Length: 16" "11:31:20.0737250 AM","icl.exe","42776","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\FolderTypeID","NAME NOT FOUND","Length: 90" "11:31:20.0737359 AM","icl.exe","42776","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\InitFolderHandler","NAME NOT FOUND","Length: 90" "11:31:20.0737504 AM","icl.exe","42776","RegQueryKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}","SUCCESS","Query: HandleTags, HandleTags: 0x0" "11:31:20.0737673 AM","icl.exe","42776","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\PropertyBag","NAME NOT FOUND","Desired Access: Read" "11:31:20.0737864 AM","icl.exe","42776","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}","SUCCESS","" "11:31:20.0739912 AM","icl.exe","42776","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\profapi.dll","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a" "11:31:20.0745803 AM","icl.exe","42776","CreateFile","C:\Windows\System32\profapi.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:20.0746329 AM","icl.exe","42776","QueryBasicInformationFile","C:\Windows\System32\profapi.dll","SUCCESS","CreationTime: 3/10/2021 10:22:00 PM, LastAccessTime: 3/25/2021 11:31:18 AM, LastWriteTime: 3/10/2021 10:22:00 PM, ChangeTime: 3/10/2021 10:53:07 PM, FileAttributes: A" "11:31:20.0746508 AM","icl.exe","42776","CloseFile","C:\Windows\System32\profapi.dll","SUCCESS","" "11:31:20.0747536 AM","icl.exe","42776","CreateFile","C:\Windows\System32\profapi.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:20.0747935 AM","icl.exe","42776","CreateFileMapping","C:\Windows\System32\profapi.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_WRITECOPY|PAGE_NOCACHE" "11:31:20.0748972 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Read" "11:31:20.0749162 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Read" "11:31:20.0749324 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 20" "11:31:20.0749496 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","" "11:31:20.0749648 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Query Value" "11:31:20.0749803 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Query Value" "11:31:20.0749946 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 80" "11:31:20.0750104 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","" "11:31:20.0750250 AM","icl.exe","42776","CreateFileMapping","C:\Windows\System32\profapi.dll","SUCCESS","SyncType: SyncTypeOther" "11:31:20.0752635 AM","icl.exe","42776","Load Image","C:\Windows\System32\profapi.dll","SUCCESS","Image Base: 0x7ffbdac10000, Image Size: 0x1f000" "11:31:20.0753393 AM","icl.exe","42776","CloseFile","C:\Windows\System32\profapi.dll","SUCCESS","" "11:31:20.0755189 AM","icl.exe","42776","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" "11:31:20.0755423 AM","icl.exe","42776","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\ProfileList","SUCCESS","Desired Access: Read" "11:31:20.0755683 AM","icl.exe","42776","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\ProgramData","BUFFER OVERFLOW","Length: 12" "11:31:20.0755876 AM","icl.exe","42776","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\ProgramData","SUCCESS","Type: REG_EXPAND_SZ, Length: 52, Data: %SystemDrive%\ProgramData" "11:31:20.0756103 AM","icl.exe","42776","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList","SUCCESS","" "11:31:20.0757066 AM","icl.exe","42776","CreateFile","C:\ProgramData","NAME COLLISION","Desired Access: Read Data/List Directory, Synchronize, Disposition: Create, Options: Directory, Synchronous IO Non-Alert, Open For Backup, Open Reparse Point, Attributes: N, ShareMode: Read, Write, AllocationSize: 0" "11:31:20.0758581 AM","icl.exe","42776","CreateFile","C:\ProgramData","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:20.0758839 AM","icl.exe","42776","QueryBasicInformationFile","C:\ProgramData","SUCCESS","CreationTime: 12/7/2019 2:14:52 AM, LastAccessTime: 3/25/2021 11:31:19 AM, LastWriteTime: 3/5/2021 10:14:13 AM, ChangeTime: 3/5/2021 10:14:13 AM, FileAttributes: HDNCI" "11:31:20.0758953 AM","icl.exe","42776","CloseFile","C:\ProgramData","SUCCESS","" "11:31:20.0762711 AM","icl.exe","42776","CreateFile","C:\Windows\WindowsShell.Manifest","SUCCESS","Desired Access: Generic Read/Execute, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:20.0763073 AM","icl.exe","42776","CreateFileMapping","C:\Windows\WindowsShell.Manifest","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_WRITECOPY|PAGE_NOCACHE" "11:31:20.0763198 AM","icl.exe","42776","QueryStandardInformationFile","C:\Windows\WindowsShell.Manifest","SUCCESS","AllocationSize: 4,096, EndOfFile: 670, NumberOfLinks: 4, DeletePending: False, Directory: False" "11:31:20.0763412 AM","icl.exe","42776","CreateFileMapping","C:\Windows\WindowsShell.Manifest","SUCCESS","SyncType: SyncTypeOther" "11:31:20.0763991 AM","icl.exe","42776","RegOpenKey","HKLM\Software\Microsoft\Windows\CurrentVersion\SideBySide","SUCCESS","Desired Access: Read" "11:31:20.0764177 AM","icl.exe","42776","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest","NAME NOT FOUND","Length: 20" "11:31:20.0764331 AM","icl.exe","42776","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide","SUCCESS","" "11:31:20.0764444 AM","icl.exe","42776","QueryStandardInformationFile","C:\Windows\WindowsShell.Manifest","SUCCESS","AllocationSize: 4,096, EndOfFile: 670, NumberOfLinks: 4, DeletePending: False, Directory: False" "11:31:20.0766724 AM","icl.exe","42776","CloseFile","C:\Windows\WindowsShell.Manifest","SUCCESS","" "11:31:20.0770174 AM","icl.exe","42776","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Control\Session Manager","REPARSE","Desired Access: Query Value, Enumerate Sub Keys" "11:31:20.0770344 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Session Manager","SUCCESS","Desired Access: Query Value, Enumerate Sub Keys" "11:31:20.0770489 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\Session Manager\ResourcePolicies","NAME NOT FOUND","Length: 24" "11:31:20.0770650 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Control\Session Manager","SUCCESS","" "11:31:20.0773087 AM","icl.exe","42776","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Control\Session Manager","REPARSE","Desired Access: Query Value, Enumerate Sub Keys" "11:31:20.0773226 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Session Manager","SUCCESS","Desired Access: Query Value, Enumerate Sub Keys" "11:31:20.0773353 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\Session Manager\ResourcePolicies","NAME NOT FOUND","Length: 24" "11:31:20.0773494 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Control\Session Manager","SUCCESS","" "11:31:20.0775231 AM","icl.exe","42776","RegOpenKey","HKCU","SUCCESS","Desired Access: Read" "11:31:20.0775514 AM","icl.exe","42776","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0" "11:31:20.0775654 AM","icl.exe","42776","RegOpenKey","HKCU\Control Panel\Desktop","SUCCESS","Desired Access: Read" "11:31:20.0775792 AM","icl.exe","42776","RegQueryValue","HKCU\Control Panel\Desktop\SmoothScroll","NAME NOT FOUND","Length: 16" "11:31:20.0775956 AM","icl.exe","42776","RegCloseKey","HKCU\Control Panel\Desktop","SUCCESS","" "11:31:20.0776313 AM","icl.exe","42776","RegCloseKey","HKCU","SUCCESS","" "11:31:20.0777464 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\d0f1a5c6-fc43-48ae-99bf-efb1c38be9d1","NAME NOT FOUND","Length: 528" "11:31:20.0778137 AM","icl.exe","42776","QueryNameInformationFile","C:\Windows\System32\ws2_32.dll","SUCCESS","Name: \Windows\System32\ws2_32.dll" "11:31:20.0781226 AM","icl.exe","42776","ReadFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\icl.exe","SUCCESS","Offset: 4,500,480, Length: 16,384, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O, Priority: Normal" "11:31:20.0920519 AM","icl.exe","42776","ReadFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\icl.exe","SUCCESS","Offset: 4,516,864, Length: 12,288, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O, Priority: Normal" "11:31:20.0922553 AM","icl.exe","42776","ReadFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\icl.exe","SUCCESS","Offset: 3,282,944, Length: 16,384, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O, Priority: Normal" "11:31:20.1026661 AM","icl.exe","42776","ReadFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\icl.exe","SUCCESS","Offset: 4,484,096, Length: 16,384, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O, Priority: Normal" "11:31:20.1085988 AM","icl.exe","42776","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Control\Session Manager","REPARSE","Desired Access: Query Value, Enumerate Sub Keys" "11:31:20.1086331 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Session Manager","SUCCESS","Desired Access: Query Value, Enumerate Sub Keys" "11:31:20.1086542 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\Session Manager\ResourcePolicies","NAME NOT FOUND","Length: 24" "11:31:20.1086723 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Control\Session Manager","SUCCESS","" "11:31:20.1087866 AM","icl.exe","42776","QueryNameInformationFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\icl.exe","SUCCESS","Name: \Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\icl.exe" "11:31:20.1089800 AM","icl.exe","42776","ReadFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\icl.exe","SUCCESS","Offset: 4,475,904, Length: 8,192, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O, Priority: Normal" "11:31:20.1168470 AM","icl.exe","42776","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access" "11:31:20.1168810 AM","icl.exe","42776","RegOpenKey","HKCU\Control Panel\International","SUCCESS","Desired Access: Read" "11:31:20.1169000 AM","icl.exe","42776","RegCloseKey","HKCU","SUCCESS","" "11:31:20.1169347 AM","icl.exe","42776","RegQueryMultipleValueKey","HKCU\Control Panel\International","SUCCESS","" "11:31:20.1169996 AM","icl.exe","42776","RegQueryValue","HKCU\Control Panel\International\sCurrency","SUCCESS","Type: REG_SZ, Length: 4, Data: $" "11:31:20.1170120 AM","icl.exe","42776","RegQueryValue","HKCU\Control Panel\International\iCalendarType","SUCCESS","Type: REG_SZ, Length: 4, Data: 1" "11:31:20.1170298 AM","icl.exe","42776","RegOpenKey","HKCU\Control Panel\International\🌎🌏🌍","NAME NOT FOUND","Desired Access: Query Value" "11:31:20.1170509 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","REPARSE","Desired Access: Read" "11:31:20.1170647 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","Desired Access: Read" "11:31:20.1170791 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale\en-US","NAME NOT FOUND","Length: 532" "11:31:20.1170913 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","" "11:31:20.1171034 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","REPARSE","Desired Access: Read" "11:31:20.1171153 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","Desired Access: Read" "11:31:20.1171282 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale\en-US","NAME NOT FOUND","Length: 532" "11:31:20.1171398 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","" "11:31:20.1173094 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\Sorting\Versions\000603xx","SUCCESS","Type: REG_SZ, Length: 26, Data: kernel32.dll" "11:31:20.1174478 AM","icl.exe","42776","CreateFile","C:\Windows\Globalization\Sorting\SortDefault.nls","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, AllocationSize: n/a, OpenResult: Opened" "11:31:20.1175031 AM","icl.exe","42776","CreateFileMapping","C:\Windows\Globalization\Sorting\SortDefault.nls","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_WRITECOPY|PAGE_NOCACHE" "11:31:20.1175173 AM","icl.exe","42776","QueryStandardInformationFile","C:\Windows\Globalization\Sorting\SortDefault.nls","SUCCESS","AllocationSize: 3,375,104, EndOfFile: 3,371,404, NumberOfLinks: 2, DeletePending: False, Directory: False" "11:31:20.1175431 AM","icl.exe","42776","CreateFileMapping","C:\Windows\Globalization\Sorting\SortDefault.nls","SUCCESS","SyncType: SyncTypeOther" "11:31:20.1175729 AM","icl.exe","42776","CloseFile","C:\Windows\Globalization\Sorting\SortDefault.nls","SUCCESS","" "11:31:20.1176925 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\Sorting\Ids","REPARSE","Desired Access: Read" "11:31:20.1177090 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\Sorting\Ids","SUCCESS","Desired Access: Read" "11:31:20.1177246 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\Sorting\Ids\en-US","NAME NOT FOUND","Length: 90" "11:31:20.1177422 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\Sorting\Ids\en","NAME NOT FOUND","Length: 90" "11:31:20.1180075 AM","icl.exe","42776","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:20.1180425 AM","icl.exe","42776","QueryBasicInformationFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64","SUCCESS","CreationTime: 2/24/2021 12:42:09 AM, LastAccessTime: 3/25/2021 11:31:20 AM, LastWriteTime: 2/24/2021 12:42:51 AM, ChangeTime: 2/24/2021 12:42:51 AM, FileAttributes: D" "11:31:20.1180615 AM","icl.exe","42776","CloseFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64","SUCCESS","" "11:31:20.1181189 AM","icl.exe","42776","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Open For Backup, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:20.1181530 AM","icl.exe","42776","QueryDirectory","C:\Program Files (x86)","SUCCESS","FileInformationClass: FileBothDirectoryInformation, Filter: Program Files (x86), 2: Program Files (x86)" "11:31:20.1182073 AM","icl.exe","42776","CloseFile","C:\","SUCCESS","" "11:31:20.1183149 AM","icl.exe","42776","CreateFile","C:\Program Files (x86)","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Open For Backup, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:20.1183455 AM","icl.exe","42776","QueryDirectory","C:\Program Files (x86)\IntelSWTools","SUCCESS","FileInformationClass: FileBothDirectoryInformation, Filter: IntelSWTools, 2: IntelSWTools" "11:31:20.1183718 AM","icl.exe","42776","CloseFile","C:\Program Files (x86)","SUCCESS","" "11:31:20.1184698 AM","icl.exe","42776","CreateFile","C:\Program Files (x86)\IntelSWTools","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Open For Backup, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:20.1185351 AM","icl.exe","42776","QueryDirectory","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210","SUCCESS","FileInformationClass: FileBothDirectoryInformation, Filter: compilers_and_libraries_2017.4.210, 2: compilers_and_libraries_2017.4.210" "11:31:20.1185897 AM","icl.exe","42776","CloseFile","C:\Program Files (x86)\IntelSWTools","SUCCESS","" "11:31:20.1188304 AM","icl.exe","42776","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\1033\diagscUI.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:20.1188614 AM","icl.exe","42776","QueryBasicInformationFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\1033\diagscUI.dll","SUCCESS","CreationTime: 4/12/2017 8:26:38 AM, LastAccessTime: 3/25/2021 9:21:16 AM, LastWriteTime: 4/12/2017 8:26:38 AM, ChangeTime: 2/24/2021 12:42:37 AM, FileAttributes: A" "11:31:20.1188727 AM","icl.exe","42776","CloseFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\1033\diagscUI.dll","SUCCESS","" "11:31:20.1189552 AM","icl.exe","42776","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\1033\diagscUI.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:20.1238455 AM","icl.exe","42776","CreateFileMapping","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\1033\diagscUI.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_WRITECOPY|PAGE_NOCACHE" "11:31:20.1239902 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Read" "11:31:20.1240092 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Read" "11:31:20.1240262 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 20" "11:31:20.1240438 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","" "11:31:20.1240592 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Query Value" "11:31:20.1240735 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Query Value" "11:31:20.1240866 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 80" "11:31:20.1241012 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","" "11:31:20.1241151 AM","icl.exe","42776","CreateFileMapping","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\1033\diagscUI.dll","SUCCESS","SyncType: SyncTypeOther" "11:31:20.1243386 AM","icl.exe","42776","Load Image","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\1033\diagscUI.dll","SUCCESS","Image Base: 0x4590000, Image Size: 0xb7000" "11:31:20.1243749 AM","icl.exe","42776","CloseFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\1033\diagscUI.dll","SUCCESS","" "11:31:20.1246500 AM","icl.exe","42776","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" "11:31:20.1246665 AM","icl.exe","42776","RegOpenKey","HKLM\HARDWARE\DESCRIPTION\System\CentralProcessor","SUCCESS","Desired Access: Read" "11:31:20.1246869 AM","icl.exe","42776","RegQueryKey","HKLM\HARDWARE\DESCRIPTION\System\CentralProcessor","SUCCESS","Query: Cached, SubKeys: 4, Values: 0" "11:31:20.1247049 AM","icl.exe","42776","RegCloseKey","HKLM\HARDWARE\DESCRIPTION\System\CentralProcessor","SUCCESS","" "11:31:20.1249402 AM","icl.exe","42776","ReadFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\icl.exe","SUCCESS","Offset: 3,250,176, Length: 16,384, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O, Priority: Normal" "11:31:20.1275421 AM","icl.exe","42776","CreateFile","C:\Users\osqa\AppData\Local\Temp","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:20.1275738 AM","icl.exe","42776","QueryBasicInformationFile","C:\Users\osqa\AppData\Local\Temp","SUCCESS","CreationTime: 2/23/2021 6:57:50 PM, LastAccessTime: 3/25/2021 11:31:16 AM, LastWriteTime: 3/25/2021 11:31:06 AM, ChangeTime: 3/25/2021 11:31:06 AM, FileAttributes: D" "11:31:20.1275844 AM","icl.exe","42776","CloseFile","C:\Users\osqa\AppData\Local\Temp","SUCCESS","" "11:31:20.1276878 AM","icl.exe","42776","CreateFile","C:\Users\osqa\AppData\Local","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Open For Backup, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:20.1277179 AM","icl.exe","42776","QueryDirectory","C:\Users\osqa\AppData\Local\Temp","SUCCESS","FileInformationClass: FileBothDirectoryInformation, Filter: Temp, 2: Temp" "11:31:20.1317610 AM","icl.exe","42776","CreateFile","C:\Windows\System32\tzres.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:20.1318206 AM","icl.exe","42776","QueryBasicInformationFile","C:\Windows\System32\tzres.dll","SUCCESS","CreationTime: 2/17/2021 8:53:41 AM, LastAccessTime: 3/25/2021 11:31:19 AM, LastWriteTime: 2/17/2021 8:53:41 AM, ChangeTime: 3/10/2021 10:24:06 PM, FileAttributes: A" "11:31:20.1318329 AM","icl.exe","42776","CloseFile","C:\Windows\System32\tzres.dll","SUCCESS","" "11:31:20.1319254 AM","icl.exe","42776","CreateFile","C:\Windows\System32\tzres.dll","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:20.1319681 AM","icl.exe","42776","CreateFileMapping","C:\Windows\System32\tzres.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_WRITECOPY|PAGE_NOCACHE" "11:31:20.1319980 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Read" "11:31:20.1320154 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Read" "11:31:20.1320307 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 20" "11:31:20.1320473 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","" "11:31:20.1320602 AM","icl.exe","42776","CreateFileMapping","C:\Windows\System32\tzres.dll","SUCCESS","SyncType: SyncTypeOther" "11:31:20.1321157 AM","icl.exe","42776","CloseFile","C:\Windows\System32\tzres.dll","SUCCESS","" "11:31:20.1321793 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\StateSeparation\RedirectionMap\Keys","REPARSE","Desired Access: Read" "11:31:20.1321948 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\StateSeparation\RedirectionMap\Keys","NAME NOT FOUND","Desired Access: Read" "11:31:20.1322130 AM","icl.exe","42776","RegOpenKey","HKLM\Software\Microsoft\LanguageOverlay\OverlayPackages\en-US","NAME NOT FOUND","Desired Access: Read" "11:31:20.1323026 AM","icl.exe","42776","CreateFile","C:\Windows\System32\en-US\tzres.dll.mui","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:20.1323349 AM","icl.exe","42776","CreateFileMapping","C:\Windows\System32\en-US\tzres.dll.mui","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_WRITECOPY|PAGE_NOCACHE" "11:31:20.1323478 AM","icl.exe","42776","QueryStandardInformationFile","C:\Windows\System32\en-US\tzres.dll.mui","SUCCESS","AllocationSize: 45,056, EndOfFile: 44,544, NumberOfLinks: 2, DeletePending: False, Directory: False" "11:31:20.1323686 AM","icl.exe","42776","CreateFileMapping","C:\Windows\System32\en-US\tzres.dll.mui","SUCCESS","SyncType: SyncTypeOther" "11:31:20.1324447 AM","icl.exe","42776","CloseFile","C:\Windows\System32\en-US\tzres.dll.mui","SUCCESS","" "11:31:20.1326260 AM","icl.exe","42776","CreateFile","C:\Windows\System32\tzres.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:20.1326705 AM","icl.exe","42776","QueryBasicInformationFile","C:\Windows\System32\tzres.dll","SUCCESS","CreationTime: 2/17/2021 8:53:41 AM, LastAccessTime: 3/25/2021 11:31:20 AM, LastWriteTime: 2/17/2021 8:53:41 AM, ChangeTime: 3/10/2021 10:24:06 PM, FileAttributes: A" "11:31:20.1326813 AM","icl.exe","42776","CloseFile","C:\Windows\System32\tzres.dll","SUCCESS","" "11:31:20.1327696 AM","icl.exe","42776","CreateFile","C:\Windows\System32\tzres.dll","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:20.1328258 AM","icl.exe","42776","CreateFileMapping","C:\Windows\System32\tzres.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_WRITECOPY|PAGE_NOCACHE" "11:31:20.1328535 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Read" "11:31:20.1328705 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Read" "11:31:20.1329011 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 20" "11:31:20.1329179 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","" "11:31:20.1329302 AM","icl.exe","42776","CreateFileMapping","C:\Windows\System32\tzres.dll","SUCCESS","SyncType: SyncTypeOther" "11:31:20.1329618 AM","icl.exe","42776","CloseFile","C:\Windows\System32\tzres.dll","SUCCESS","" "11:31:20.1330170 AM","icl.exe","42776","RegOpenKey","HKLM\Software\Microsoft\LanguageOverlay\OverlayPackages\en-US","NAME NOT FOUND","Desired Access: Read" "11:31:20.1331011 AM","icl.exe","42776","CreateFile","C:\Windows\System32\en-US\tzres.dll.mui","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:20.1331290 AM","icl.exe","42776","CreateFileMapping","C:\Windows\System32\en-US\tzres.dll.mui","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_WRITECOPY|PAGE_NOCACHE" "11:31:20.1331428 AM","icl.exe","42776","QueryStandardInformationFile","C:\Windows\System32\en-US\tzres.dll.mui","SUCCESS","AllocationSize: 45,056, EndOfFile: 44,544, NumberOfLinks: 2, DeletePending: False, Directory: False" "11:31:20.1331635 AM","icl.exe","42776","CreateFileMapping","C:\Windows\System32\en-US\tzres.dll.mui","SUCCESS","SyncType: SyncTypeOther" "11:31:20.1332142 AM","icl.exe","42776","CloseFile","C:\Windows\System32\en-US\tzres.dll.mui","SUCCESS","" "11:31:20.1332746 AM","icl.exe","42776","CloseFile","C:\Users\osqa\AppData\Local","SUCCESS","" "11:31:20.1334803 AM","icl.exe","42776","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:20.1335191 AM","icl.exe","42776","QueryBasicInformationFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64","SUCCESS","CreationTime: 2/24/2021 12:42:09 AM, LastAccessTime: 3/25/2021 11:31:20 AM, LastWriteTime: 2/24/2021 12:42:51 AM, ChangeTime: 2/24/2021 12:42:51 AM, FileAttributes: D" "11:31:20.1335302 AM","icl.exe","42776","CloseFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64","SUCCESS","" "11:31:20.1335768 AM","icl.exe","42776","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Open For Backup, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:20.1336072 AM","icl.exe","42776","QueryDirectory","C:\Program Files (x86)","SUCCESS","FileInformationClass: FileBothDirectoryInformation, Filter: Program Files (x86), 2: Program Files (x86)" "11:31:20.1336413 AM","icl.exe","42776","CloseFile","C:\","SUCCESS","" "11:31:20.1337374 AM","icl.exe","42776","CreateFile","C:\Program Files (x86)","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Open For Backup, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:20.1337647 AM","icl.exe","42776","QueryDirectory","C:\Program Files (x86)\IntelSWTools","SUCCESS","FileInformationClass: FileBothDirectoryInformation, Filter: IntelSWTools, 2: IntelSWTools" "11:31:20.1337886 AM","icl.exe","42776","CloseFile","C:\Program Files (x86)","SUCCESS","" "11:31:20.1338896 AM","icl.exe","42776","CreateFile","C:\Program Files (x86)\IntelSWTools","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Open For Backup, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:20.1339160 AM","icl.exe","42776","QueryDirectory","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210","SUCCESS","FileInformationClass: FileBothDirectoryInformation, Filter: compilers_and_libraries_2017.4.210, 2: compilers_and_libraries_2017.4.210" "11:31:20.1339406 AM","icl.exe","42776","CloseFile","C:\Program Files (x86)\IntelSWTools","SUCCESS","" "11:31:20.1341397 AM","icl.exe","42776","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\mcpcom.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:20.1341738 AM","icl.exe","42776","QueryBasicInformationFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\mcpcom.exe","SUCCESS","CreationTime: 4/12/2017 8:26:48 AM, LastAccessTime: 3/25/2021 9:21:16 AM, LastWriteTime: 4/12/2017 8:26:48 AM, ChangeTime: 2/24/2021 12:42:38 AM, FileAttributes: A" "11:31:20.1341834 AM","icl.exe","42776","CloseFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\mcpcom.exe","SUCCESS","" "11:31:20.1343632 AM","icl.exe","42776","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\icl.cfg","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened" "11:31:20.1344918 AM","icl.exe","42776","CloseFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\icl.cfg","SUCCESS","" "11:31:20.1346816 AM","icl.exe","42776","ReadFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\icl.exe","SUCCESS","Offset: 3,246,080, Length: 4,096, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O, Priority: Normal" "11:31:20.1441581 AM","icl.exe","42776","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\icl.cfg","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened" "11:31:20.1442540 AM","icl.exe","42776","ReadFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\icl.cfg","END OF FILE","Offset: 0, Length: 4,096, Priority: Normal" "11:31:20.1442774 AM","icl.exe","42776","CloseFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\icl.cfg","SUCCESS","" "11:31:20.1443933 AM","icl.exe","42776","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\icl.cfg","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened" "11:31:20.1444441 AM","icl.exe","42776","QueryStandardInformationFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\icl.cfg","SUCCESS","AllocationSize: 0, EndOfFile: 0, NumberOfLinks: 1, DeletePending: False, Directory: False" "11:31:20.1444590 AM","icl.exe","42776","ReadFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\icl.cfg","END OF FILE","Offset: 0, Length: 6, Priority: Normal" "11:31:20.1444779 AM","icl.exe","42776","ReadFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\icl.cfg","END OF FILE","Offset: 0, Length: 4,096, Priority: Normal" "11:31:20.1444927 AM","icl.exe","42776","CloseFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\icl.cfg","SUCCESS","" "11:31:20.1452725 AM","icl.exe","42776","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\CRYPTSP.dll","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a" "11:31:20.1454435 AM","icl.exe","42776","CreateFile","C:\Windows\System32\cryptsp.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:20.1454844 AM","icl.exe","42776","QueryBasicInformationFile","C:\Windows\System32\cryptsp.dll","SUCCESS","CreationTime: 2/17/2021 8:53:41 AM, LastAccessTime: 3/25/2021 11:31:16 AM, LastWriteTime: 2/17/2021 8:53:41 AM, ChangeTime: 3/10/2021 10:24:06 PM, FileAttributes: A" "11:31:20.1454985 AM","icl.exe","42776","CloseFile","C:\Windows\System32\cryptsp.dll","SUCCESS","" "11:31:20.1455939 AM","icl.exe","42776","CreateFile","C:\Windows\System32\cryptsp.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:20.1456389 AM","icl.exe","42776","CreateFileMapping","C:\Windows\System32\cryptsp.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_WRITECOPY|PAGE_NOCACHE" "11:31:20.1458098 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Read" "11:31:20.1458302 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Read" "11:31:20.1458485 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 20" "11:31:20.1458687 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","" "11:31:20.1458867 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Query Value" "11:31:20.1459031 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Query Value" "11:31:20.1459183 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 80" "11:31:20.1459591 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","" "11:31:20.1459759 AM","icl.exe","42776","CreateFileMapping","C:\Windows\System32\cryptsp.dll","SUCCESS","SyncType: SyncTypeOther" "11:31:20.1462946 AM","icl.exe","42776","Load Image","C:\Windows\System32\cryptsp.dll","SUCCESS","Image Base: 0x7ffbda930000, Image Size: 0x18000" "11:31:20.1463842 AM","icl.exe","42776","CloseFile","C:\Windows\System32\cryptsp.dll","SUCCESS","" "11:31:20.1465245 AM","icl.exe","42776","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" "11:31:20.1465422 AM","icl.exe","42776","RegOpenKey","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider Types\Type 001","SUCCESS","Desired Access: Read" "11:31:20.1465652 AM","icl.exe","42776","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider Types\Type 001\Name","BUFFER OVERFLOW","Length: 12" "11:31:20.1465791 AM","icl.exe","42776","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider Types\Type 001\Name","SUCCESS","Type: REG_SZ, Length: 80, Data: Microsoft Strong Cryptographic Provider" "11:31:20.1465940 AM","icl.exe","42776","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider Types\Type 001\Name","BUFFER OVERFLOW","Length: 52" "11:31:20.1466054 AM","icl.exe","42776","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider Types\Type 001\Name","SUCCESS","Type: REG_SZ, Length: 80, Data: Microsoft Strong Cryptographic Provider" "11:31:20.1466232 AM","icl.exe","42776","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider Types\Type 001","SUCCESS","" "11:31:20.1466410 AM","icl.exe","42776","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" "11:31:20.1466597 AM","icl.exe","42776","RegOpenKey","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Strong Cryptographic Provider","SUCCESS","Desired Access: Read" "11:31:20.1466793 AM","icl.exe","42776","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Strong Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1" "11:31:20.1466956 AM","icl.exe","42776","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Strong Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12" "11:31:20.1467070 AM","icl.exe","42776","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Strong Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: %SystemRoot%\system32\rsaenh.dll" "11:31:20.1467195 AM","icl.exe","42776","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Strong Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45" "11:31:20.1467307 AM","icl.exe","42776","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Strong Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: %SystemRoot%\system32\rsaenh.dll" "11:31:20.1469386 AM","icl.exe","42776","CreateFile","C:\Windows\System32\rsaenh.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:20.1469818 AM","icl.exe","42776","QueryBasicInformationFile","C:\Windows\System32\rsaenh.dll","SUCCESS","CreationTime: 2/17/2021 8:53:41 AM, LastAccessTime: 3/25/2021 11:31:16 AM, LastWriteTime: 2/17/2021 8:53:41 AM, ChangeTime: 3/10/2021 10:24:06 PM, FileAttributes: A" "11:31:20.1469949 AM","icl.exe","42776","CloseFile","C:\Windows\System32\rsaenh.dll","SUCCESS","" "11:31:20.1470900 AM","icl.exe","42776","CreateFile","C:\Windows\System32\rsaenh.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:20.1471557 AM","icl.exe","42776","CreateFileMapping","C:\Windows\System32\rsaenh.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_WRITECOPY|PAGE_NOCACHE" "11:31:20.1472565 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Read" "11:31:20.1472762 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Read" "11:31:20.1472934 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 20" "11:31:20.1473124 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","" "11:31:20.1473289 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Query Value" "11:31:20.1473501 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Query Value" "11:31:20.1473731 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 80" "11:31:20.1473963 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","" "11:31:20.1474126 AM","icl.exe","42776","CreateFileMapping","C:\Windows\System32\rsaenh.dll","SUCCESS","SyncType: SyncTypeOther" "11:31:20.1477237 AM","icl.exe","42776","Load Image","C:\Windows\System32\rsaenh.dll","SUCCESS","Image Base: 0x7ffbd9db0000, Image Size: 0x34000" "11:31:20.1478639 AM","icl.exe","42776","CloseFile","C:\Windows\System32\rsaenh.dll","SUCCESS","" "11:31:20.1479659 AM","icl.exe","42776","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" "11:31:20.1479834 AM","icl.exe","42776","RegOpenKey","HKLM\Software\Policies\Microsoft\Cryptography","SUCCESS","Desired Access: Read" "11:31:20.1480043 AM","icl.exe","42776","RegSetInfoKey","HKLM\SOFTWARE\Policies\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" "11:31:20.1480176 AM","icl.exe","42776","RegQueryValue","HKLM\SOFTWARE\Policies\Microsoft\Cryptography\PrivKeyCacheMaxItems","NAME NOT FOUND","Length: 16" "11:31:20.1480296 AM","icl.exe","42776","RegQueryValue","HKLM\SOFTWARE\Policies\Microsoft\Cryptography\PrivKeyCachePurgeIntervalSeconds","NAME NOT FOUND","Length: 16" "11:31:20.1480402 AM","icl.exe","42776","RegQueryValue","HKLM\SOFTWARE\Policies\Microsoft\Cryptography\PrivateKeyLifetimeSeconds","NAME NOT FOUND","Length: 16" "11:31:20.1480537 AM","icl.exe","42776","RegCloseKey","HKLM\SOFTWARE\Policies\Microsoft\Cryptography","SUCCESS","" "11:31:20.1480733 AM","icl.exe","42776","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" "11:31:20.1480874 AM","icl.exe","42776","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read" "11:31:20.1481013 AM","icl.exe","42776","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" "11:31:20.1481109 AM","icl.exe","42776","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12" "11:31:20.1481255 AM","icl.exe","42776","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: 7f7421c1-6067-490b-b147-4e8eac31a572" "11:31:20.1481412 AM","icl.exe","42776","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49" "11:31:20.1481576 AM","icl.exe","42776","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: 7f7421c1-6067-490b-b147-4e8eac31a572" "11:31:20.1482006 AM","icl.exe","42776","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","" "11:31:20.1482126 AM","icl.exe","42776","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" "11:31:20.1482247 AM","icl.exe","42776","RegOpenKey","HKLM\Software\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read" "11:31:20.1484108 AM","icl.exe","42776","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\CRYPTBASE.dll","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a" "11:31:20.1485532 AM","icl.exe","42776","CreateFile","C:\Windows\System32\cryptbase.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:20.1485818 AM","icl.exe","42776","QueryBasicInformationFile","C:\Windows\System32\cryptbase.dll","SUCCESS","CreationTime: 2/17/2021 8:53:44 AM, LastAccessTime: 3/25/2021 11:31:16 AM, LastWriteTime: 2/17/2021 8:53:44 AM, ChangeTime: 3/10/2021 10:24:06 PM, FileAttributes: A" "11:31:20.1485933 AM","icl.exe","42776","CloseFile","C:\Windows\System32\cryptbase.dll","SUCCESS","" "11:31:20.1486759 AM","icl.exe","42776","CreateFile","C:\Windows\System32\cryptbase.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:20.1487038 AM","icl.exe","42776","CreateFileMapping","C:\Windows\System32\cryptbase.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_WRITECOPY|PAGE_NOCACHE" "11:31:20.1487892 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Read" "11:31:20.1488070 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Read" "11:31:20.1488221 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 20" "11:31:20.1488385 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","" "11:31:20.1488530 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Query Value" "11:31:20.1488681 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Query Value" "11:31:20.1488820 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 80" "11:31:20.1488965 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","" "11:31:20.1489103 AM","icl.exe","42776","CreateFileMapping","C:\Windows\System32\cryptbase.dll","SUCCESS","SyncType: SyncTypeOther" "11:31:20.1492728 AM","icl.exe","42776","Load Image","C:\Windows\System32\cryptbase.dll","SUCCESS","Image Base: 0x7ffbda570000, Image Size: 0xc000" "11:31:20.1493608 AM","icl.exe","42776","CloseFile","C:\Windows\System32\cryptbase.dll","SUCCESS","" "11:31:20.1497516 AM","icl.exe","42776","Load Image","C:\Windows\System32\bcryptprimitives.dll","SUCCESS","Image Base: 0x7ffbdb410000, Image Size: 0x80000" "11:31:20.1499533 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\f3a71a4b-6118-4257-8ccb-39a33ba059d4","NAME NOT FOUND","Length: 528" "11:31:20.1500381 AM","icl.exe","42776","QueryNameInformationFile","C:\Windows\System32\bcryptprimitives.dll","SUCCESS","Name: \Windows\System32\bcryptprimitives.dll" "11:31:20.1500692 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy","REPARSE","Desired Access: Query Value" "11:31:20.1500877 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy","SUCCESS","Desired Access: Query Value" "11:31:20.1501073 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy\STE","NAME NOT FOUND","Length: 20" "11:31:20.1501440 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy","SUCCESS","" "11:31:20.1501631 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy","REPARSE","Desired Access: Query Value" "11:31:20.1501803 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy","SUCCESS","Desired Access: Query Value" "11:31:20.1501955 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy\Enabled","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0" "11:31:20.1502134 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Lsa","REPARSE","Desired Access: Query Value" "11:31:20.1502278 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Lsa","SUCCESS","Desired Access: Query Value" "11:31:20.1502425 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy","NAME NOT FOUND","Length: 20" "11:31:20.1502569 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy\MDMEnabled","NAME NOT FOUND","Length: 20" "11:31:20.1502740 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy","SUCCESS","" "11:31:20.1502870 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Control\Lsa","SUCCESS","" "11:31:20.1503023 AM","icl.exe","42776","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Policies\Microsoft\Cryptography\Configuration","REPARSE","Desired Access: Query Value" "11:31:20.1503189 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Policies\Microsoft\Cryptography\Configuration","NAME NOT FOUND","Desired Access: Query Value" "11:31:20.1503817 AM","icl.exe","42776","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Strong Cryptographic Provider","SUCCESS","" "11:31:20.1504266 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Cryptography\Providers","REPARSE","Desired Access: Read" "11:31:20.1504453 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Cryptography\Providers","SUCCESS","Desired Access: Read" "11:31:20.1504681 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Control\Cryptography\Providers","SUCCESS","" "11:31:20.1504850 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Cryptography\Configuration","REPARSE","Desired Access: Read" "11:31:20.1505022 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Cryptography\Configuration","SUCCESS","Desired Access: Read" "11:31:20.1505212 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Control\Cryptography\Configuration","SUCCESS","" "11:31:20.1507760 AM","icl.exe","42776","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\SspiCli.dll","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a" "11:31:20.1509426 AM","icl.exe","42776","CreateFile","C:\Windows\System32\sspicli.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:20.1509844 AM","icl.exe","42776","QueryBasicInformationFile","C:\Windows\System32\sspicli.dll","SUCCESS","CreationTime: 2/17/2021 8:53:44 AM, LastAccessTime: 3/25/2021 11:31:16 AM, LastWriteTime: 2/17/2021 8:53:44 AM, ChangeTime: 3/10/2021 10:24:06 PM, FileAttributes: A" "11:31:20.1509978 AM","icl.exe","42776","CloseFile","C:\Windows\System32\sspicli.dll","SUCCESS","" "11:31:20.1510926 AM","icl.exe","42776","CreateFile","C:\Windows\System32\sspicli.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:20.1511572 AM","icl.exe","42776","CreateFileMapping","C:\Windows\System32\sspicli.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_WRITECOPY|PAGE_NOCACHE" "11:31:20.1512542 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Read" "11:31:20.1512742 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Read" "11:31:20.1512924 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 20" "11:31:20.1513119 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","" "11:31:20.1513306 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Query Value" "11:31:20.1513495 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Query Value" "11:31:20.1513655 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 80" "11:31:20.1513825 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","" "11:31:20.1513985 AM","icl.exe","42776","CreateFileMapping","C:\Windows\System32\sspicli.dll","SUCCESS","SyncType: SyncTypeOther" "11:31:20.1516796 AM","icl.exe","42776","Load Image","C:\Windows\System32\sspicli.dll","SUCCESS","Image Base: 0x7ffbdab90000, Image Size: 0x3c000" "11:31:20.1517673 AM","icl.exe","42776","CloseFile","C:\Windows\System32\sspicli.dll","SUCCESS","" "11:31:20.1519361 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\a6d3c9ac-9128-522a-495a-1821191173c2","NAME NOT FOUND","Length: 528" "11:31:20.1520131 AM","icl.exe","42776","QueryNameInformationFile","C:\Windows\System32\sspicli.dll","SUCCESS","Name: \Windows\System32\sspicli.dll" "11:31:20.1521003 AM","icl.exe","42776","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" "11:31:20.1521202 AM","icl.exe","42776","RegOpenKey","HKLM\Software\Microsoft\Rpc","SUCCESS","Desired Access: Read" "11:31:20.1521780 AM","icl.exe","42776","RegQueryValue","HKLM\SOFTWARE\Microsoft\Rpc\MaxRpcSize","NAME NOT FOUND","Length: 16" "11:31:20.1521981 AM","icl.exe","42776","RegCloseKey","HKLM\SOFTWARE\Microsoft\Rpc","SUCCESS","" "11:31:20.1522569 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Services\CCG","REPARSE","Desired Access: Read" "11:31:20.1522730 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Services\CCG","NAME NOT FOUND","Desired Access: Read" "11:31:20.1522927 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Services\CCG","REPARSE","Desired Access: Read" "11:31:20.1523072 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Services\CCG","NAME NOT FOUND","Desired Access: Read" "11:31:20.1523255 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\ComputerName\ActiveComputerName","REPARSE","Desired Access: Read" "11:31:20.1523396 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\ComputerName\ActiveComputerName","SUCCESS","Desired Access: Read" "11:31:20.1523612 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\ComputerName\ActiveComputerName\ComputerName","SUCCESS","Type: REG_SZ, Length: 28, Data: CA-W10-BLD-05" "11:31:20.1523809 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Control\ComputerName\ActiveComputerName","SUCCESS","" "11:31:20.1523987 AM","icl.exe","42776","RegOpenKey","HKLM\System\Setup","SUCCESS","Desired Access: Read" "11:31:20.1524274 AM","icl.exe","42776","RegQueryValue","HKLM\SYSTEM\Setup\OOBEInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0" "11:31:20.1524953 AM","icl.exe","42776","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS","" "11:31:20.1525121 AM","icl.exe","42776","RegOpenKey","HKLM\System\Setup","SUCCESS","Desired Access: Read" "11:31:20.1525275 AM","icl.exe","42776","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0" "11:31:20.1525458 AM","icl.exe","42776","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS","" "11:31:20.1525628 AM","icl.exe","42776","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\icl.exe","NAME NOT FOUND","Desired Access: Query Value, Enumerate Sub Keys" "11:31:20.1526200 AM","icl.exe","42776","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" "11:31:20.1526411 AM","icl.exe","42776","RegOpenKey","HKLM\Software\Policies\Microsoft\Windows NT\Rpc","NAME NOT FOUND","Desired Access: Read" "11:31:20.1527049 AM","icl.exe","42776","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" "11:31:20.1527188 AM","icl.exe","42776","RegOpenKey","HKLM\Software\Microsoft\Rpc","SUCCESS","Desired Access: Query Value" "11:31:20.1527347 AM","icl.exe","42776","RegQueryValue","HKLM\SOFTWARE\Microsoft\Rpc\IdleTimerWindow","NAME NOT FOUND","Length: 16" "11:31:20.1527509 AM","icl.exe","42776","RegCloseKey","HKLM\SOFTWARE\Microsoft\Rpc","SUCCESS","" "11:31:20.1531226 AM","icl.exe","42776","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" "11:31:20.1531711 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Hvsi","REPARSE","Desired Access: Read" "11:31:20.1531875 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Hvsi","SUCCESS","Desired Access: Read" "11:31:20.1532059 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\Hvsi\IsHvsiContainer","NAME NOT FOUND","Length: 16" "11:31:20.1532238 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Control\Hvsi","SUCCESS","" "11:31:20.1533932 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Cryptography\Providers","REPARSE","Desired Access: Read" "11:31:20.1534153 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Cryptography\Providers","SUCCESS","Desired Access: Read" "11:31:20.1534395 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Control\Cryptography\Providers","SUCCESS","" "11:31:20.1535095 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Cryptography\Configuration","REPARSE","Desired Access: Read" "11:31:20.1535319 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Cryptography\Configuration","SUCCESS","Desired Access: Read" "11:31:20.1536124 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Control\Cryptography\Configuration","SUCCESS","" "11:31:20.1538064 AM","icl.exe","42776","CreateFile","C:\Users\osqa\AppData\Local\Temp\IntelLicenseCache","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Open For Backup, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:20.1538492 AM","icl.exe","42776","QueryDirectory","C:\Users\osqa\AppData\Local\Temp\IntelLicenseCache\ILC*.TMP","SUCCESS","FileInformationClass: FileBothDirectoryInformation, Filter: ILC*.TMP, 2: ILCE9C9.tmp" "11:31:20.1539551 AM","icl.exe","42776","CreateFile","C:\Users\osqa\AppData\Local\Temp\IntelLicenseCache\ILCE9C9.tmp","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened" "11:31:20.1540134 AM","icl.exe","42776","ReadFile","C:\Users\osqa\AppData\Local\Temp\IntelLicenseCache\ILCE9C9.tmp","SUCCESS","Offset: 0, Length: 101, Priority: Normal" "11:31:20.1540823 AM","icl.exe","42776","ReadFile","C:\Users\osqa\AppData\Local\Temp\IntelLicenseCache\ILCE9C9.tmp","END OF FILE","Offset: 101, Length: 4,096" "11:31:20.1541037 AM","icl.exe","42776","CloseFile","C:\Users\osqa\AppData\Local\Temp\IntelLicenseCache\ILCE9C9.tmp","SUCCESS","" "11:31:20.1541824 AM","icl.exe","42776","QueryDirectory","C:\Users\osqa\AppData\Local\Temp\IntelLicenseCache","NO MORE FILES","FileInformationClass: FileBothDirectoryInformation" "11:31:20.1542100 AM","icl.exe","42776","CloseFile","C:\Users\osqa\AppData\Local\Temp\IntelLicenseCache","SUCCESS","" "11:31:20.1545233 AM","icl.exe","42776","ReadFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\icl.exe","SUCCESS","Offset: 3,266,560, Length: 16,384, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O, Priority: Normal" "11:31:20.1547085 AM","icl.exe","42776","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access" "11:31:20.1547381 AM","icl.exe","42776","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0" "11:31:20.1547928 AM","icl.exe","42776","RegOpenKey","HKCU\SOFTWARE\FLEXlm License Manager","NAME NOT FOUND","Desired Access: Query Value" "11:31:20.1548882 AM","icl.exe","42776","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0" "11:31:20.1549022 AM","icl.exe","42776","RegOpenKey","HKCU\SOFTWARE\FLEXlm License Manager","NAME NOT FOUND","Desired Access: Query Value" "11:31:20.1549355 AM","icl.exe","42776","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0" "11:31:20.1549466 AM","icl.exe","42776","RegOpenKey","HKCU\SOFTWARE\FLEXlm License Manager","NAME NOT FOUND","Desired Access: Query Value" "11:31:20.1549763 AM","icl.exe","42776","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0" "11:31:20.1549869 AM","icl.exe","42776","RegOpenKey","HKCU\SOFTWARE\FLEXlm License Manager","NAME NOT FOUND","Desired Access: Query Value" "11:31:20.1550116 AM","icl.exe","42776","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0" "11:31:20.1550221 AM","icl.exe","42776","RegOpenKey","HKCU\SOFTWARE\FLEXlm License Manager\Borrow","NAME NOT FOUND","Desired Access: Query Value" "11:31:20.1550664 AM","icl.exe","42776","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0" "11:31:20.1550775 AM","icl.exe","42776","RegOpenKey","HKCU\SOFTWARE\FLEXlm License Manager","NAME NOT FOUND","Desired Access: Query Value" "11:31:20.1551392 AM","icl.exe","42776","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0" "11:31:20.1551519 AM","icl.exe","42776","RegOpenKey","HKCU\SOFTWARE\FLEXlm License Manager","NAME NOT FOUND","Desired Access: Query Value" "11:31:20.1552071 AM","icl.exe","42776","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0" "11:31:20.1552185 AM","icl.exe","42776","RegOpenKey","HKCU\SOFTWARE\FLEXlm License Manager","NAME NOT FOUND","Desired Access: Query Value" "11:31:20.1553326 AM","icl.exe","42776","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0" "11:31:20.1553466 AM","icl.exe","42776","RegOpenKey","HKCU\SOFTWARE\FLEXlm License Manager","NAME NOT FOUND","Desired Access: Query Value" "11:31:20.1554975 AM","icl.exe","42776","CreateFile","C:\Program Files (x86)\Common Files\Intel","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Open For Backup, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:20.1555370 AM","icl.exe","42776","QueryDirectory","C:\Program Files (x86)\Common Files\Intel\Licenses","SUCCESS","FileInformationClass: FileBothDirectoryInformation, Filter: Licenses, 2: Licenses" "11:31:20.1556045 AM","icl.exe","42776","CloseFile","C:\Program Files (x86)\Common Files\Intel","SUCCESS","" "11:31:20.1557819 AM","icl.exe","42776","CreateFile","C:\Program Files (x86)\Common Files\Intel\Licenses","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Open For Backup, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:20.1558258 AM","icl.exe","42776","QueryDirectory","C:\Program Files (x86)\Common Files\Intel\Licenses\*","SUCCESS","FileInformationClass: FileBothDirectoryInformation, Filter: *, 2: ." "11:31:20.1558947 AM","icl.exe","42776","QueryDirectory","C:\Program Files (x86)\Common Files\Intel\Licenses","SUCCESS","FileInformationClass: FileBothDirectoryInformation, 1: .., 2: USE_SERVER.lic" "11:31:20.1559311 AM","icl.exe","42776","QueryDirectory","C:\Program Files (x86)\Common Files\Intel\Licenses","NO MORE FILES","FileInformationClass: FileBothDirectoryInformation" "11:31:20.1559467 AM","icl.exe","42776","CloseFile","C:\Program Files (x86)\Common Files\Intel\Licenses","SUCCESS","" "11:31:20.1561104 AM","icl.exe","42776","CreateFile","C:\Program Files (x86)\Common Files\Intel","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Open For Backup, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:20.1561806 AM","icl.exe","42776","QueryDirectory","C:\Program Files (x86)\Common Files\Intel\Licenses","SUCCESS","FileInformationClass: FileBothDirectoryInformation, Filter: Licenses, 2: Licenses" "11:31:20.1562093 AM","icl.exe","42776","CloseFile","C:\Program Files (x86)\Common Files\Intel","SUCCESS","" "11:31:20.1563282 AM","icl.exe","42776","CreateFile","C:\Program Files (x86)\Common Files\Intel\Licenses","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Open For Backup, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:20.1563612 AM","icl.exe","42776","QueryDirectory","C:\Program Files (x86)\Common Files\Intel\Licenses\*","SUCCESS","FileInformationClass: FileBothDirectoryInformation, Filter: *, 2: ." "11:31:20.1564101 AM","icl.exe","42776","QueryDirectory","C:\Program Files (x86)\Common Files\Intel\Licenses","SUCCESS","FileInformationClass: FileBothDirectoryInformation, 1: .., 2: USE_SERVER.lic" "11:31:20.1564421 AM","icl.exe","42776","QueryDirectory","C:\Program Files (x86)\Common Files\Intel\Licenses","NO MORE FILES","FileInformationClass: FileBothDirectoryInformation" "11:31:20.1564571 AM","icl.exe","42776","CloseFile","C:\Program Files (x86)\Common Files\Intel\Licenses","SUCCESS","" "11:31:20.1566136 AM","icl.exe","42776","CreateFile","C:\Program Files\Common Files\Intel","NAME NOT FOUND","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Open For Backup, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a" "11:31:20.1567313 AM","icl.exe","42776","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Open For Backup, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:20.1567684 AM","icl.exe","42776","QueryDirectory","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64","SUCCESS","FileInformationClass: FileBothDirectoryInformation, Filter: intel64, 2: intel64" "11:31:20.1567964 AM","icl.exe","42776","CloseFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin","SUCCESS","" "11:31:20.1569913 AM","icl.exe","42776","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Open For Backup, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:20.1570482 AM","icl.exe","42776","QueryDirectory","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\*","SUCCESS","FileInformationClass: FileBothDirectoryInformation, Filter: *, 2: ." "11:31:20.1571022 AM","icl.exe","42776","QueryDirectory","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64","SUCCESS","FileInformationClass: FileBothDirectoryInformation, 1: .., 2: 1033, 3: 1041, 4: cilkrts20.dll, 5: codecov.exe, 6: dbmerge.exe, 7: deftofd.exe, 8: FNP_Act_Installer.dll, 9: fortcom.exe, 10: fpp.exe, 11: fqwin.hlp, 12: gfx_sys_check.exe, 13: icl.cfg, 14: icl.exe, 15: icl_libFNP.dll, 16: ifort.cfg, 17: ifort.exe, 18: ifort_libFNP.dll, 19: intelremotemon.dll, 20: loopprofileviewer.bat, 21: map_opts.exe, 22: mcpcom.exe, 23: mic_extract.exe, 24: offload_extract.exe, 25: profdcg.exe, 26: profmerge.exe, 27: proforder.exe, 28: tselect.exe, 29: x86_64-linux.env" "11:31:20.1572047 AM","icl.exe","42776","QueryDirectory","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64","SUCCESS","FileInformationClass: FileBothDirectoryInformation, 1: xilib.exe, 2: xilink.exe" "11:31:20.1572281 AM","icl.exe","42776","QueryDirectory","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64","NO MORE FILES","FileInformationClass: FileBothDirectoryInformation" "11:31:20.1572426 AM","icl.exe","42776","CloseFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64","SUCCESS","" "11:31:20.1573848 AM","icl.exe","42776","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Open For Backup, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:20.1574190 AM","icl.exe","42776","QueryDirectory","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64","SUCCESS","FileInformationClass: FileBothDirectoryInformation, Filter: intel64, 2: intel64" "11:31:20.1574450 AM","icl.exe","42776","CloseFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin","SUCCESS","" "11:31:20.1575532 AM","icl.exe","42776","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Open For Backup, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:20.1575855 AM","icl.exe","42776","QueryDirectory","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\*","SUCCESS","FileInformationClass: FileBothDirectoryInformation, Filter: *, 2: ." "11:31:20.1576442 AM","icl.exe","42776","QueryDirectory","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64","SUCCESS","FileInformationClass: FileBothDirectoryInformation, 1: .., 2: 1033, 3: 1041, 4: cilkrts20.dll, 5: codecov.exe, 6: dbmerge.exe, 7: deftofd.exe, 8: FNP_Act_Installer.dll, 9: fortcom.exe, 10: fpp.exe, 11: fqwin.hlp, 12: gfx_sys_check.exe, 13: icl.cfg, 14: icl.exe, 15: icl_libFNP.dll, 16: ifort.cfg, 17: ifort.exe, 18: ifort_libFNP.dll, 19: intelremotemon.dll, 20: loopprofileviewer.bat, 21: map_opts.exe, 22: mcpcom.exe, 23: mic_extract.exe, 24: offload_extract.exe, 25: profdcg.exe, 26: profmerge.exe, 27: proforder.exe, 28: tselect.exe, 29: x86_64-linux.env" "11:31:20.1577106 AM","icl.exe","42776","QueryDirectory","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64","SUCCESS","FileInformationClass: FileBothDirectoryInformation, 1: xilib.exe, 2: xilink.exe" "11:31:20.1577318 AM","icl.exe","42776","QueryDirectory","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64","NO MORE FILES","FileInformationClass: FileBothDirectoryInformation" "11:31:20.1577459 AM","icl.exe","42776","CloseFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64","SUCCESS","" "11:31:20.1579074 AM","icl.exe","42776","CreateFile","C:\Program Files (x86)\Common Files\Intel\Licenses","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Open For Backup, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:20.1579399 AM","icl.exe","42776","QueryDirectory","C:\Program Files (x86)\Common Files\Intel\Licenses\USE_SERVER.lic","SUCCESS","FileInformationClass: FileBothDirectoryInformation, Filter: USE_SERVER.lic, 2: USE_SERVER.lic" "11:31:20.1579650 AM","icl.exe","42776","CloseFile","C:\Program Files (x86)\Common Files\Intel\Licenses","SUCCESS","" "11:31:20.1580614 AM","icl.exe","42776","CreateFile","C:\Program Files (x86)\Common Files\Intel\Licenses","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Open For Backup, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:20.1580911 AM","icl.exe","42776","QueryDirectory","C:\Program Files (x86)\Common Files\Intel\Licenses\USE_SERVER.lic","SUCCESS","FileInformationClass: FileBothDirectoryInformation, Filter: USE_SERVER.lic, 2: USE_SERVER.lic" "11:31:20.1581131 AM","icl.exe","42776","CloseFile","C:\Program Files (x86)\Common Files\Intel\Licenses","SUCCESS","" "11:31:20.1582634 AM","icl.exe","42776","CreateFile","C:\Program Files (x86)\Common Files\Intel\Licenses","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Open For Backup, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:20.1582918 AM","icl.exe","42776","QueryDirectory","C:\Program Files (x86)\Common Files\Intel\Licenses\USE_SERVER.lic","SUCCESS","FileInformationClass: FileBothDirectoryInformation, Filter: USE_SERVER.lic, 2: USE_SERVER.lic" "11:31:20.1583152 AM","icl.exe","42776","CloseFile","C:\Program Files (x86)\Common Files\Intel\Licenses","SUCCESS","" "11:31:20.1584136 AM","icl.exe","42776","CreateFile","C:\Program Files (x86)\Common Files\Intel\Licenses\USE_SERVER.lic","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened" "11:31:20.1584603 AM","icl.exe","42776","ReadFile","C:\Program Files (x86)\Common Files\Intel\Licenses\USE_SERVER.lic","SUCCESS","Offset: 0, Length: 49, Priority: Normal" "11:31:20.1585998 AM","icl.exe","42776","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0" "11:31:20.1586189 AM","icl.exe","42776","RegOpenKey","HKCU\SOFTWARE\FLEXlm License Manager","NAME NOT FOUND","Desired Access: Query Value" "11:31:20.1586870 AM","icl.exe","42776","CloseFile","C:\Program Files (x86)\Common Files\Intel\Licenses\USE_SERVER.lic","SUCCESS","" "11:31:20.1588026 AM","icl.exe","42776","CreateFile","C:\Program Files\Common Files\Intel","NAME NOT FOUND","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Open For Backup, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a" "11:31:20.1588961 AM","icl.exe","42776","CreateFile","C:\Program Files\Common Files\Intel","NAME NOT FOUND","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Open For Backup, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a" "11:31:20.1590374 AM","icl.exe","42776","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0" "11:31:20.1590539 AM","icl.exe","42776","RegOpenKey","HKCU\SOFTWARE\FLEXlm License Manager","NAME NOT FOUND","Desired Access: Query Value" "11:31:20.1590974 AM","icl.exe","42776","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0" "11:31:20.1591130 AM","icl.exe","42776","RegOpenKey","HKCU\SOFTWARE\FLEXlm License Manager\Borrow","NAME NOT FOUND","Desired Access: Query Value" "11:31:20.1591881 AM","icl.exe","42776","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" "11:31:20.1592062 AM","icl.exe","42776","RegOpenKey","HKLM\SOFTWARE\FLEXlm License Manager","NAME NOT FOUND","Desired Access: Query Value" "11:31:20.1594711 AM","icl.exe","42776","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\icmp.Dll","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a" "11:31:20.1596910 AM","icl.exe","42776","CreateFile","C:\Windows\System32\icmp.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:20.1597474 AM","icl.exe","42776","QueryBasicInformationFile","C:\Windows\System32\icmp.dll","SUCCESS","CreationTime: 12/7/2019 2:09:34 AM, LastAccessTime: 3/25/2021 11:31:10 AM, LastWriteTime: 12/7/2019 2:09:34 AM, ChangeTime: 3/10/2021 10:24:07 PM, FileAttributes: A" "11:31:20.1597682 AM","icl.exe","42776","CloseFile","C:\Windows\System32\icmp.dll","SUCCESS","" "11:31:20.1598983 AM","icl.exe","42776","CreateFile","C:\Windows\System32\icmp.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:20.1599530 AM","icl.exe","42776","CreateFileMapping","C:\Windows\System32\icmp.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_WRITECOPY|PAGE_NOCACHE" "11:31:20.1600793 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Read" "11:31:20.1601005 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Read" "11:31:20.1601184 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 20" "11:31:20.1601628 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","" "11:31:20.1601803 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Query Value" "11:31:20.1601979 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Query Value" "11:31:20.1602143 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 80" "11:31:20.1602322 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","" "11:31:20.1602491 AM","icl.exe","42776","CreateFileMapping","C:\Windows\System32\icmp.dll","SUCCESS","SyncType: SyncTypeOther" "11:31:20.1605070 AM","icl.exe","42776","Load Image","C:\Windows\System32\icmp.dll","SUCCESS","Image Base: 0x1260000, Image Size: 0x3000" "11:31:20.1605425 AM","icl.exe","42776","CloseFile","C:\Windows\System32\icmp.dll","SUCCESS","" "11:31:20.1607731 AM","icl.exe","42776","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\iphlpapi.DLL","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a" "11:31:20.1609356 AM","icl.exe","42776","CreateFile","C:\Windows\System32\IPHLPAPI.DLL","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:20.1609759 AM","icl.exe","42776","QueryBasicInformationFile","C:\Windows\System32\IPHLPAPI.DLL","SUCCESS","CreationTime: 2/17/2021 8:53:40 AM, LastAccessTime: 3/25/2021 11:31:10 AM, LastWriteTime: 2/17/2021 8:53:40 AM, ChangeTime: 3/10/2021 10:24:06 PM, FileAttributes: A" "11:31:20.1609887 AM","icl.exe","42776","CloseFile","C:\Windows\System32\IPHLPAPI.DLL","SUCCESS","" "11:31:20.1611120 AM","icl.exe","42776","CreateFile","C:\Windows\System32\IPHLPAPI.DLL","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:20.1611867 AM","icl.exe","42776","CreateFileMapping","C:\Windows\System32\IPHLPAPI.DLL","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_WRITECOPY|PAGE_NOCACHE" "11:31:20.1612825 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Read" "11:31:20.1613044 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Read" "11:31:20.1613222 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 20" "11:31:20.1613817 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","" "11:31:20.1614022 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Query Value" "11:31:20.1614217 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Query Value" "11:31:20.1614388 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 80" "11:31:20.1614553 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","" "11:31:20.1614730 AM","icl.exe","42776","CreateFileMapping","C:\Windows\System32\IPHLPAPI.DLL","SUCCESS","SyncType: SyncTypeOther" "11:31:20.1617884 AM","icl.exe","42776","Load Image","C:\Windows\System32\IPHLPAPI.DLL","SUCCESS","Image Base: 0x7ffbda100000, Image Size: 0x3b000" "11:31:20.1618671 AM","icl.exe","42776","CloseFile","C:\Windows\System32\IPHLPAPI.DLL","SUCCESS","" "11:31:20.1620346 AM","icl.exe","42776","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" "11:31:20.1620515 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters","REPARSE","Desired Access: All Access" "11:31:20.1620683 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters","SUCCESS","Desired Access: All Access" "11:31:20.1621053 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\WinSock_Registry_Version","BUFFER OVERFLOW","Length: 16" "11:31:20.1621189 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\WinSock_Registry_Version","SUCCESS","Type: REG_SZ, Length: 8, Data: 2.0" "11:31:20.1622030 AM","icl.exe","42776","RegQueryKey","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters","SUCCESS","Query: HandleTags, HandleTags: 0x0" "11:31:20.1622274 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\AppId_Catalog","SUCCESS","Desired Access: Read" "11:31:20.1623114 AM","icl.exe","42776","RegQueryKey","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\AppId_Catalog","SUCCESS","Query: HandleTags, HandleTags: 0x0" "11:31:20.1623280 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\AppId_Catalog\0E5E60CC-2A82C4EB","NAME NOT FOUND","Desired Access: Read" "11:31:20.1623473 AM","icl.exe","42776","RegQueryKey","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\AppId_Catalog","SUCCESS","Query: HandleTags, HandleTags: 0x0" "11:31:20.1623606 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\AppId_Catalog\0E5E60CC","NAME NOT FOUND","Desired Access: Read" "11:31:20.1623783 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\AppId_Catalog","SUCCESS","" "11:31:20.1623937 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Callout","BUFFER OVERFLOW","Length: 12" "11:31:20.1624076 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Callout","SUCCESS","Type: REG_EXPAND_SZ, Length: 70, Data: %SystemRoot%\System32\fwpuclnt.dll" "11:31:20.1624424 AM","icl.exe","42776","RegQueryKey","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters","SUCCESS","Query: HandleTags, HandleTags: 0x0" "11:31:20.1624555 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access" "11:31:20.1624720 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Serial_Access_Num","SUCCESS","Type: REG_DWORD, Length: 4, Data: 8" "11:31:20.1625237 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Serial_Access_Num","SUCCESS","Type: REG_DWORD, Length: 4, Data: 8" "11:31:20.1625386 AM","icl.exe","42776","RegQueryKey","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9","SUCCESS","Query: HandleTags, HandleTags: 0x0" "11:31:20.1625513 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\00000008","NAME NOT FOUND","Desired Access: Read" "11:31:20.1625658 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Next_Catalog_Entry_ID","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1017" "11:31:20.1625787 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Num_Catalog_Entries64","SUCCESS","Type: REG_DWORD, Length: 4, Data: 16" "11:31:20.1625918 AM","icl.exe","42776","RegQueryKey","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9","SUCCESS","Query: HandleTags, HandleTags: 0x0" "11:31:20.1626044 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access" "11:31:20.1626198 AM","icl.exe","42776","RegQueryKey","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64","SUCCESS","Query: HandleTags, HandleTags: 0x0" "11:31:20.1626324 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001","SUCCESS","Desired Access: Read" "11:31:20.1626482 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001\PackedCatalogItem","BUFFER OVERFLOW","Length: 144" "11:31:20.1626614 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001\PackedCatalogItem","SUCCESS","Type: REG_BINARY, Length: 888, Data: 25 53 79 73 74 65 6D 52 6F 6F 74 25 5C 73 79 73" "11:31:20.1626795 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001","SUCCESS","" "11:31:20.1626925 AM","icl.exe","42776","RegQueryKey","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64","SUCCESS","Query: HandleTags, HandleTags: 0x0" "11:31:20.1627051 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002","SUCCESS","Desired Access: Read" "11:31:20.1627204 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002\PackedCatalogItem","BUFFER OVERFLOW","Length: 144" "11:31:20.1627334 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002\PackedCatalogItem","SUCCESS","Type: REG_BINARY, Length: 888, Data: 25 53 79 73 74 65 6D 52 6F 6F 74 25 5C 73 79 73" "11:31:20.1627498 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002","SUCCESS","" "11:31:20.1627620 AM","icl.exe","42776","RegQueryKey","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64","SUCCESS","Query: HandleTags, HandleTags: 0x0" "11:31:20.1627745 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003","SUCCESS","Desired Access: Read" "11:31:20.1627884 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003\PackedCatalogItem","BUFFER OVERFLOW","Length: 144" "11:31:20.1628011 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003\PackedCatalogItem","SUCCESS","Type: REG_BINARY, Length: 888, Data: 25 53 79 73 74 65 6D 52 6F 6F 74 25 5C 73 79 73" "11:31:20.1628166 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003","SUCCESS","" "11:31:20.1628288 AM","icl.exe","42776","RegQueryKey","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64","SUCCESS","Query: HandleTags, HandleTags: 0x0" "11:31:20.1628412 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004","SUCCESS","Desired Access: Read" "11:31:20.1628549 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004\PackedCatalogItem","BUFFER OVERFLOW","Length: 144" "11:31:20.1628675 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004\PackedCatalogItem","SUCCESS","Type: REG_BINARY, Length: 888, Data: 25 53 79 73 74 65 6D 52 6F 6F 74 25 5C 73 79 73" "11:31:20.1628837 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004","SUCCESS","" "11:31:20.1628960 AM","icl.exe","42776","RegQueryKey","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64","SUCCESS","Query: HandleTags, HandleTags: 0x0" "11:31:20.1629083 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005","SUCCESS","Desired Access: Read" "11:31:20.1629219 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005\PackedCatalogItem","BUFFER OVERFLOW","Length: 144" "11:31:20.1629343 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005\PackedCatalogItem","SUCCESS","Type: REG_BINARY, Length: 888, Data: 25 53 79 73 74 65 6D 52 6F 6F 74 25 5C 73 79 73" "11:31:20.1629493 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005","SUCCESS","" "11:31:20.1629613 AM","icl.exe","42776","RegQueryKey","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64","SUCCESS","Query: HandleTags, HandleTags: 0x0" "11:31:20.1629740 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006","SUCCESS","Desired Access: Read" "11:31:20.1629874 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006\PackedCatalogItem","BUFFER OVERFLOW","Length: 144" "11:31:20.1630001 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006\PackedCatalogItem","SUCCESS","Type: REG_BINARY, Length: 888, Data: 25 53 79 73 74 65 6D 52 6F 6F 74 25 5C 73 79 73" "11:31:20.1630150 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006","SUCCESS","" "11:31:20.1630280 AM","icl.exe","42776","RegQueryKey","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64","SUCCESS","Query: HandleTags, HandleTags: 0x0" "11:31:20.1630404 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007","SUCCESS","Desired Access: Read" "11:31:20.1630541 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007\PackedCatalogItem","BUFFER OVERFLOW","Length: 144" "11:31:20.1630665 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007\PackedCatalogItem","SUCCESS","Type: REG_BINARY, Length: 888, Data: 25 53 79 73 74 65 6D 52 6F 6F 74 25 5C 73 79 73" "11:31:20.1630815 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007","SUCCESS","" "11:31:20.1630935 AM","icl.exe","42776","RegQueryKey","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64","SUCCESS","Query: HandleTags, HandleTags: 0x0" "11:31:20.1631058 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008","SUCCESS","Desired Access: Read" "11:31:20.1631199 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008\PackedCatalogItem","BUFFER OVERFLOW","Length: 144" "11:31:20.1631528 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008\PackedCatalogItem","SUCCESS","Type: REG_BINARY, Length: 888, Data: 25 53 79 73 74 65 6D 52 6F 6F 74 25 5C 73 79 73" "11:31:20.1631686 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008","SUCCESS","" "11:31:20.1631812 AM","icl.exe","42776","RegQueryKey","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64","SUCCESS","Query: HandleTags, HandleTags: 0x0" "11:31:20.1631939 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009","SUCCESS","Desired Access: Read" "11:31:20.1632079 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009\PackedCatalogItem","BUFFER OVERFLOW","Length: 144" "11:31:20.1632203 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009\PackedCatalogItem","SUCCESS","Type: REG_BINARY, Length: 888, Data: 25 53 79 73 74 65 6D 52 6F 6F 74 25 5C 73 79 73" "11:31:20.1632353 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009","SUCCESS","" "11:31:20.1632565 AM","icl.exe","42776","RegQueryKey","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64","SUCCESS","Query: HandleTags, HandleTags: 0x0" "11:31:20.1632693 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010","SUCCESS","Desired Access: Read" "11:31:20.1632832 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010\PackedCatalogItem","BUFFER OVERFLOW","Length: 144" "11:31:20.1633107 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010\PackedCatalogItem","SUCCESS","Type: REG_BINARY, Length: 888, Data: 25 53 79 73 74 65 6D 52 6F 6F 74 25 5C 73 79 73" "11:31:20.1633270 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010","SUCCESS","" "11:31:20.1633396 AM","icl.exe","42776","RegQueryKey","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64","SUCCESS","Query: HandleTags, HandleTags: 0x0" "11:31:20.1633522 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011","SUCCESS","Desired Access: Read" "11:31:20.1633668 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011\PackedCatalogItem","BUFFER OVERFLOW","Length: 144" "11:31:20.1633792 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011\PackedCatalogItem","SUCCESS","Type: REG_BINARY, Length: 888, Data: 25 53 79 73 74 65 6D 52 6F 6F 74 25 5C 73 79 73" "11:31:20.1633956 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011","SUCCESS","" "11:31:20.1634078 AM","icl.exe","42776","RegQueryKey","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64","SUCCESS","Query: HandleTags, HandleTags: 0x0" "11:31:20.1634203 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012","SUCCESS","Desired Access: Read" "11:31:20.1634339 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012\PackedCatalogItem","BUFFER OVERFLOW","Length: 144" "11:31:20.1634464 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012\PackedCatalogItem","SUCCESS","Type: REG_BINARY, Length: 888, Data: 25 53 79 73 74 65 6D 52 6F 6F 74 25 5C 73 79 73" "11:31:20.1634614 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012","SUCCESS","" "11:31:20.1634735 AM","icl.exe","42776","RegQueryKey","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64","SUCCESS","Query: HandleTags, HandleTags: 0x0" "11:31:20.1634859 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013","SUCCESS","Desired Access: Read" "11:31:20.1634996 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013\PackedCatalogItem","BUFFER OVERFLOW","Length: 144" "11:31:20.1635119 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013\PackedCatalogItem","SUCCESS","Type: REG_BINARY, Length: 888, Data: 25 53 79 73 74 65 6D 52 6F 6F 74 25 5C 73 79 73" "11:31:20.1635271 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000013","SUCCESS","" "11:31:20.1635397 AM","icl.exe","42776","RegQueryKey","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64","SUCCESS","Query: HandleTags, HandleTags: 0x0" "11:31:20.1635521 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000014","SUCCESS","Desired Access: Read" "11:31:20.1635657 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000014\PackedCatalogItem","BUFFER OVERFLOW","Length: 144" "11:31:20.1635780 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000014\PackedCatalogItem","SUCCESS","Type: REG_BINARY, Length: 888, Data: 25 53 79 73 74 65 6D 52 6F 6F 74 25 5C 73 79 73" "11:31:20.1635945 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000014","SUCCESS","" "11:31:20.1636068 AM","icl.exe","42776","RegQueryKey","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64","SUCCESS","Query: HandleTags, HandleTags: 0x0" "11:31:20.1636238 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000015","SUCCESS","Desired Access: Read" "11:31:20.1636551 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000015\PackedCatalogItem","BUFFER OVERFLOW","Length: 144" "11:31:20.1636711 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000015\PackedCatalogItem","SUCCESS","Type: REG_BINARY, Length: 888, Data: 25 77 69 6E 64 69 72 25 5C 73 79 73 74 65 6D 33" "11:31:20.1636872 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000015","SUCCESS","" "11:31:20.1637005 AM","icl.exe","42776","RegQueryKey","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64","SUCCESS","Query: HandleTags, HandleTags: 0x0" "11:31:20.1637135 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000016","SUCCESS","Desired Access: Read" "11:31:20.1637275 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000016\PackedCatalogItem","BUFFER OVERFLOW","Length: 144" "11:31:20.1637442 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000016\PackedCatalogItem","SUCCESS","Type: REG_BINARY, Length: 888, Data: 25 77 69 6E 64 69 72 25 5C 73 79 73 74 65 6D 33" "11:31:20.1637598 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000016","SUCCESS","" "11:31:20.1637721 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64","SUCCESS","" "11:31:20.1637958 AM","icl.exe","42776","RegQueryKey","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters","SUCCESS","Query: HandleTags, HandleTags: 0x0" "11:31:20.1638087 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access" "11:31:20.1638237 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Serial_Access_Num","SUCCESS","Type: REG_DWORD, Length: 4, Data: 22" "11:31:20.1638544 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Serial_Access_Num","SUCCESS","Type: REG_DWORD, Length: 4, Data: 22" "11:31:20.1638684 AM","icl.exe","42776","RegQueryKey","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5","SUCCESS","Query: HandleTags, HandleTags: 0x0" "11:31:20.1638812 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\00000016","NAME NOT FOUND","Desired Access: Read" "11:31:20.1638952 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Num_Catalog_Entries64","SUCCESS","Type: REG_DWORD, Length: 4, Data: 7" "11:31:20.1639086 AM","icl.exe","42776","RegQueryKey","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5","SUCCESS","Query: HandleTags, HandleTags: 0x0" "11:31:20.1639219 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access" "11:31:20.1639368 AM","icl.exe","42776","RegQueryKey","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64","SUCCESS","Query: HandleTags, HandleTags: 0x0" "11:31:20.1639499 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001","SUCCESS","Desired Access: Read" "11:31:20.1639643 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\LibraryPath","SUCCESS","Type: REG_SZ, Length: 68, Data: %SystemRoot%\system32\napinsp.dll" "11:31:20.1639786 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\LibraryPath","SUCCESS","Type: REG_SZ, Length: 68, Data: %SystemRoot%\system32\napinsp.dll" "11:31:20.1639928 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString","BUFFER OVERFLOW","Length: 12" "11:31:20.1640099 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString","SUCCESS","Type: REG_SZ, Length: 82, Data: @%SystemRoot%\system32\napinsp.dll,-1000" "11:31:20.1640241 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString","SUCCESS","Type: REG_SZ, Length: 82, Data: @%SystemRoot%\system32\napinsp.dll,-1000" "11:31:20.1640368 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\DisplayString","SUCCESS","Type: REG_SZ, Length: 82, Data: @%SystemRoot%\system32\napinsp.dll,-1000" "11:31:20.1640503 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderId","SUCCESS","Type: REG_BINARY, Length: 16, Data: A2 CB 4A 96 BC B2 EB 40 8C 6A A6 DB 40 16 1C AE" "11:31:20.1640634 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\AddressFamily","NAME NOT FOUND","Length: 16" "11:31:20.1640764 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\SupportedNameSpace","SUCCESS","Type: REG_DWORD, Length: 4, Data: 37" "11:31:20.1640899 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\Enabled","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1" "11:31:20.1641030 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\Version","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0" "11:31:20.1641161 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\StoresServiceClassInfo","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0" "11:31:20.1641570 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderInfo","SUCCESS","Type: REG_BINARY, Length: 0" "11:31:20.1641734 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\ProviderInfo","SUCCESS","Type: REG_BINARY, Length: 0" "11:31:20.1641888 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001","SUCCESS","" "11:31:20.1642017 AM","icl.exe","42776","RegQueryKey","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64","SUCCESS","Query: HandleTags, HandleTags: 0x0" "11:31:20.1642151 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002","SUCCESS","Desired Access: Read" "11:31:20.1642297 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\LibraryPath","SUCCESS","Type: REG_SZ, Length: 68, Data: %SystemRoot%\system32\pnrpnsp.dll" "11:31:20.1642425 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\LibraryPath","SUCCESS","Type: REG_SZ, Length: 68, Data: %SystemRoot%\system32\pnrpnsp.dll" "11:31:20.1642555 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString","BUFFER OVERFLOW","Length: 12" "11:31:20.1642676 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString","SUCCESS","Type: REG_SZ, Length: 82, Data: @%SystemRoot%\system32\pnrpnsp.dll,-1000" "11:31:20.1642808 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString","SUCCESS","Type: REG_SZ, Length: 82, Data: @%SystemRoot%\system32\pnrpnsp.dll,-1000" "11:31:20.1642933 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\DisplayString","SUCCESS","Type: REG_SZ, Length: 82, Data: @%SystemRoot%\system32\pnrpnsp.dll,-1000" "11:31:20.1643070 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderId","SUCCESS","Type: REG_BINARY, Length: 16, Data: CE 89 FE 03 6D 76 76 49 B9 C1 BB 9B C4 2C 7B 4D" "11:31:20.1643199 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\AddressFamily","NAME NOT FOUND","Length: 16" "11:31:20.1643328 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\SupportedNameSpace","SUCCESS","Type: REG_DWORD, Length: 4, Data: 39" "11:31:20.1643461 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\Enabled","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1" "11:31:20.1643590 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\Version","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0" "11:31:20.1643722 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\StoresServiceClassInfo","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0" "11:31:20.1643858 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderInfo","SUCCESS","Type: REG_BINARY, Length: 0" "11:31:20.1643989 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002\ProviderInfo","SUCCESS","Type: REG_BINARY, Length: 0" "11:31:20.1644150 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002","SUCCESS","" "11:31:20.1644278 AM","icl.exe","42776","RegQueryKey","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64","SUCCESS","Query: HandleTags, HandleTags: 0x0" "11:31:20.1644408 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003","SUCCESS","Desired Access: Read" "11:31:20.1644543 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\LibraryPath","SUCCESS","Type: REG_SZ, Length: 68, Data: %SystemRoot%\system32\pnrpnsp.dll" "11:31:20.1644671 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\LibraryPath","SUCCESS","Type: REG_SZ, Length: 68, Data: %SystemRoot%\system32\pnrpnsp.dll" "11:31:20.1644814 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString","BUFFER OVERFLOW","Length: 12" "11:31:20.1644937 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString","SUCCESS","Type: REG_SZ, Length: 82, Data: @%SystemRoot%\system32\pnrpnsp.dll,-1001" "11:31:20.1645068 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString","SUCCESS","Type: REG_SZ, Length: 82, Data: @%SystemRoot%\system32\pnrpnsp.dll,-1001" "11:31:20.1645193 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\DisplayString","SUCCESS","Type: REG_SZ, Length: 82, Data: @%SystemRoot%\system32\pnrpnsp.dll,-1001" "11:31:20.1645324 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderId","SUCCESS","Type: REG_BINARY, Length: 16, Data: CD 89 FE 03 6D 76 76 49 B9 C1 BB 9B C4 2C 7B 4D" "11:31:20.1645452 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\AddressFamily","NAME NOT FOUND","Length: 16" "11:31:20.1645590 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\SupportedNameSpace","SUCCESS","Type: REG_DWORD, Length: 4, Data: 38" "11:31:20.1645721 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\Enabled","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1" "11:31:20.1645864 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\Version","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0" "11:31:20.1645994 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\StoresServiceClassInfo","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0" "11:31:20.1646125 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderInfo","SUCCESS","Type: REG_BINARY, Length: 0" "11:31:20.1646255 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003\ProviderInfo","SUCCESS","Type: REG_BINARY, Length: 0" "11:31:20.1646401 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003","SUCCESS","" "11:31:20.1646523 AM","icl.exe","42776","RegQueryKey","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64","SUCCESS","Query: HandleTags, HandleTags: 0x0" "11:31:20.1646649 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004","SUCCESS","Desired Access: Read" "11:31:20.1646784 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\LibraryPath","SUCCESS","Type: REG_SZ, Length: 66, Data: %SystemRoot%\system32\wshbth.dll" "11:31:20.1646911 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\LibraryPath","SUCCESS","Type: REG_SZ, Length: 66, Data: %SystemRoot%\system32\wshbth.dll" "11:31:20.1647043 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString","BUFFER OVERFLOW","Length: 12" "11:31:20.1647162 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString","SUCCESS","Type: REG_SZ, Length: 40, Data: Bluetooth Namespace" "11:31:20.1647293 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString","SUCCESS","Type: REG_SZ, Length: 40, Data: Bluetooth Namespace" "11:31:20.1647435 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\DisplayString","SUCCESS","Type: REG_SZ, Length: 40, Data: Bluetooth Namespace" "11:31:20.1647730 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderId","SUCCESS","Type: REG_BINARY, Length: 16, Data: E0 63 AA 06 60 7D FF 41 AF B2 3E E6 D2 D9 39 2D" "11:31:20.1647864 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\AddressFamily","NAME NOT FOUND","Length: 16" "11:31:20.1647993 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\SupportedNameSpace","SUCCESS","Type: REG_DWORD, Length: 4, Data: 16" "11:31:20.1648123 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\Enabled","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1" "11:31:20.1648251 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\Version","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0" "11:31:20.1648380 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\StoresServiceClassInfo","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0" "11:31:20.1648509 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderInfo","SUCCESS","Type: REG_BINARY, Length: 0" "11:31:20.1648647 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004\ProviderInfo","SUCCESS","Type: REG_BINARY, Length: 0" "11:31:20.1648805 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004","SUCCESS","" "11:31:20.1648963 AM","icl.exe","42776","RegQueryKey","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64","SUCCESS","Query: HandleTags, HandleTags: 0x0" "11:31:20.1649096 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005","SUCCESS","Desired Access: Read" "11:31:20.1649236 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\LibraryPath","SUCCESS","Type: REG_SZ, Length: 66, Data: %SystemRoot%\system32\NLAapi.dll" "11:31:20.1649362 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\LibraryPath","SUCCESS","Type: REG_SZ, Length: 66, Data: %SystemRoot%\system32\NLAapi.dll" "11:31:20.1649490 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString","BUFFER OVERFLOW","Length: 12" "11:31:20.1649608 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString","SUCCESS","Type: REG_SZ, Length: 80, Data: @%SystemRoot%\system32\nlasvc.dll,-1000" "11:31:20.1649739 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString","SUCCESS","Type: REG_SZ, Length: 80, Data: @%SystemRoot%\system32\nlasvc.dll,-1000" "11:31:20.1649863 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\DisplayString","SUCCESS","Type: REG_SZ, Length: 80, Data: @%SystemRoot%\system32\nlasvc.dll,-1000" "11:31:20.1649995 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderId","SUCCESS","Type: REG_BINARY, Length: 16, Data: 3A 24 42 66 A8 3B A6 4A BA A5 2E 0B D7 1F DD 83" "11:31:20.1650122 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\AddressFamily","NAME NOT FOUND","Length: 16" "11:31:20.1650253 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\SupportedNameSpace","SUCCESS","Type: REG_DWORD, Length: 4, Data: 15" "11:31:20.1650382 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\Enabled","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1" "11:31:20.1650511 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\Version","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0" "11:31:20.1650639 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\StoresServiceClassInfo","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0" "11:31:20.1650779 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderInfo","SUCCESS","Type: REG_BINARY, Length: 0" "11:31:20.1650913 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ProviderInfo","SUCCESS","Type: REG_BINARY, Length: 0" "11:31:20.1651058 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005","SUCCESS","" "11:31:20.1651191 AM","icl.exe","42776","RegQueryKey","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64","SUCCESS","Query: HandleTags, HandleTags: 0x0" "11:31:20.1651997 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006","SUCCESS","Desired Access: Read" "11:31:20.1652145 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\LibraryPath","SUCCESS","Type: REG_SZ, Length: 68, Data: %SystemRoot%\System32\mswsock.dll" "11:31:20.1652276 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\LibraryPath","SUCCESS","Type: REG_SZ, Length: 68, Data: %SystemRoot%\System32\mswsock.dll" "11:31:20.1652406 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString","BUFFER OVERFLOW","Length: 12" "11:31:20.1652526 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString","SUCCESS","Type: REG_SZ, Length: 86, Data: @%SystemRoot%\system32\wshtcpip.dll,-60103" "11:31:20.1652659 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString","SUCCESS","Type: REG_SZ, Length: 86, Data: @%SystemRoot%\system32\wshtcpip.dll,-60103" "11:31:20.1652784 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\DisplayString","SUCCESS","Type: REG_SZ, Length: 86, Data: @%SystemRoot%\system32\wshtcpip.dll,-60103" "11:31:20.1652918 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderId","SUCCESS","Type: REG_BINARY, Length: 16, Data: 40 9D 05 22 9E 7E CF 11 AE 5A 00 AA 00 A7 11 2B" "11:31:20.1653046 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\AddressFamily","NAME NOT FOUND","Length: 16" "11:31:20.1653173 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\SupportedNameSpace","SUCCESS","Type: REG_DWORD, Length: 4, Data: 12" "11:31:20.1653301 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\Enabled","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1" "11:31:20.1653428 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\Version","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0" "11:31:20.1653557 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\StoresServiceClassInfo","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0" "11:31:20.1653686 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderInfo","SUCCESS","Type: REG_BINARY, Length: 0" "11:31:20.1653816 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ProviderInfo","SUCCESS","Type: REG_BINARY, Length: 0" "11:31:20.1653964 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006","SUCCESS","" "11:31:20.1654089 AM","icl.exe","42776","RegQueryKey","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64","SUCCESS","Query: HandleTags, HandleTags: 0x0" "11:31:20.1654217 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007","SUCCESS","Desired Access: Read" "11:31:20.1654357 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\LibraryPath","SUCCESS","Type: REG_SZ, Length: 66, Data: %SystemRoot%\System32\winrnr.dll" "11:31:20.1654502 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\LibraryPath","SUCCESS","Type: REG_SZ, Length: 66, Data: %SystemRoot%\System32\winrnr.dll" "11:31:20.1654635 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString","BUFFER OVERFLOW","Length: 12" "11:31:20.1654754 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString","SUCCESS","Type: REG_SZ, Length: 80, Data: @%SystemRoot%\System32\winrnr.dll,-1000" "11:31:20.1654883 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString","SUCCESS","Type: REG_SZ, Length: 80, Data: @%SystemRoot%\System32\winrnr.dll,-1000" "11:31:20.1655008 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\DisplayString","SUCCESS","Type: REG_SZ, Length: 80, Data: @%SystemRoot%\System32\winrnr.dll,-1000" "11:31:20.1655144 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderId","SUCCESS","Type: REG_BINARY, Length: 16, Data: EE 37 26 3B 80 E5 CF 11 A5 55 00 C0 4F D8 D4 AC" "11:31:20.1655273 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\AddressFamily","NAME NOT FOUND","Length: 16" "11:31:20.1655399 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\SupportedNameSpace","SUCCESS","Type: REG_DWORD, Length: 4, Data: 32" "11:31:20.1655528 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\Enabled","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1" "11:31:20.1655656 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\Version","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0" "11:31:20.1655787 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\StoresServiceClassInfo","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0" "11:31:20.1655917 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderInfo","SUCCESS","Type: REG_BINARY, Length: 0" "11:31:20.1656048 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007\ProviderInfo","SUCCESS","Type: REG_BINARY, Length: 0" "11:31:20.1656193 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007","SUCCESS","" "11:31:20.1656354 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64","SUCCESS","" "11:31:20.1656541 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters","SUCCESS","" "11:31:20.1656773 AM","icl.exe","42776","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" "11:31:20.1656914 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Services\Winsock2\Parameters","REPARSE","Desired Access: Query Value" "11:31:20.1657074 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Services\Winsock2\Parameters","SUCCESS","Desired Access: Query Value" "11:31:20.1657236 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Ws2_32NumHandleBuckets","NAME NOT FOUND","Length: 16" "11:31:20.1657365 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Ws2_32SpinCount","NAME NOT FOUND","Length: 16" "11:31:20.1657503 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters","SUCCESS","" "11:31:20.1658148 AM","icl.exe","42776","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0" "11:31:20.1658284 AM","icl.exe","42776","RegOpenKey","HKCU\SOFTWARE\FLEXlm License Manager","NAME NOT FOUND","Desired Access: Query Value" "11:31:20.1662358 AM","icl.exe","42776","CreateFile","C:\Windows\System32\NapiNSP.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:20.1662838 AM","icl.exe","42776","QueryBasicInformationFile","C:\Windows\System32\NapiNSP.dll","SUCCESS","CreationTime: 2/17/2021 8:53:31 AM, LastAccessTime: 3/25/2021 11:31:10 AM, LastWriteTime: 2/17/2021 8:53:31 AM, ChangeTime: 3/10/2021 10:24:06 PM, FileAttributes: A" "11:31:20.1662994 AM","icl.exe","42776","CloseFile","C:\Windows\System32\NapiNSP.dll","SUCCESS","" "11:31:20.1663987 AM","icl.exe","42776","CreateFile","C:\Windows\System32\NapiNSP.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:20.1664411 AM","icl.exe","42776","CreateFileMapping","C:\Windows\System32\NapiNSP.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_WRITECOPY|PAGE_NOCACHE" "11:31:20.1665380 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Read" "11:31:20.1665596 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Read" "11:31:20.1665798 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 20" "11:31:20.1666002 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","" "11:31:20.1666187 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Query Value" "11:31:20.1666369 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Query Value" "11:31:20.1666540 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 80" "11:31:20.1666725 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","" "11:31:20.1666893 AM","icl.exe","42776","CreateFileMapping","C:\Windows\System32\NapiNSP.dll","SUCCESS","SyncType: SyncTypeOther" "11:31:20.1669865 AM","icl.exe","42776","Load Image","C:\Windows\System32\NapiNSP.dll","SUCCESS","Image Base: 0x7ffbd1080000, Image Size: 0x17000" "11:31:20.1671067 AM","icl.exe","42776","CloseFile","C:\Windows\System32\NapiNSP.dll","SUCCESS","" "11:31:20.1678415 AM","icl.exe","42776","CreateFile","C:\Windows\System32\pnrpnsp.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:20.1678893 AM","icl.exe","42776","QueryBasicInformationFile","C:\Windows\System32\pnrpnsp.dll","SUCCESS","CreationTime: 2/17/2021 8:55:05 AM, LastAccessTime: 3/25/2021 11:31:10 AM, LastWriteTime: 2/17/2021 8:55:05 AM, ChangeTime: 3/10/2021 10:23:50 PM, FileAttributes: A" "11:31:20.1679041 AM","icl.exe","42776","CloseFile","C:\Windows\System32\pnrpnsp.dll","SUCCESS","" "11:31:20.1680024 AM","icl.exe","42776","CreateFile","C:\Windows\System32\pnrpnsp.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:20.1680445 AM","icl.exe","42776","CreateFileMapping","C:\Windows\System32\pnrpnsp.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_WRITECOPY|PAGE_NOCACHE" "11:31:20.1681669 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Read" "11:31:20.1681893 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Read" "11:31:20.1682086 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 20" "11:31:20.1682297 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","" "11:31:20.1682480 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Query Value" "11:31:20.1682659 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Query Value" "11:31:20.1682832 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 80" "11:31:20.1683208 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","" "11:31:20.1683389 AM","icl.exe","42776","CreateFileMapping","C:\Windows\System32\pnrpnsp.dll","SUCCESS","SyncType: SyncTypeOther" "11:31:20.1685852 AM","icl.exe","42776","Load Image","C:\Windows\System32\pnrpnsp.dll","SUCCESS","Image Base: 0x7ffbd10a0000, Image Size: 0x1b000" "11:31:20.1686996 AM","icl.exe","42776","CloseFile","C:\Windows\System32\pnrpnsp.dll","SUCCESS","" "11:31:20.1690691 AM","icl.exe","42776","CreateFile","C:\Windows\System32\wshbth.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:20.1691135 AM","icl.exe","42776","QueryBasicInformationFile","C:\Windows\System32\wshbth.dll","SUCCESS","CreationTime: 2/17/2021 8:53:24 AM, LastAccessTime: 3/25/2021 11:31:10 AM, LastWriteTime: 2/17/2021 8:53:24 AM, ChangeTime: 3/10/2021 10:24:06 PM, FileAttributes: A" "11:31:20.1691521 AM","icl.exe","42776","CloseFile","C:\Windows\System32\wshbth.dll","SUCCESS","" "11:31:20.1692535 AM","icl.exe","42776","CreateFile","C:\Windows\System32\wshbth.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:20.1692956 AM","icl.exe","42776","CreateFileMapping","C:\Windows\System32\wshbth.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_WRITECOPY|PAGE_NOCACHE" "11:31:20.1693926 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Read" "11:31:20.1694141 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Read" "11:31:20.1694331 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 20" "11:31:20.1694535 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","" "11:31:20.1694714 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Query Value" "11:31:20.1694894 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Query Value" "11:31:20.1695065 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 80" "11:31:20.1695248 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","" "11:31:20.1695424 AM","icl.exe","42776","CreateFileMapping","C:\Windows\System32\wshbth.dll","SUCCESS","SyncType: SyncTypeOther" "11:31:20.1697892 AM","icl.exe","42776","Load Image","C:\Windows\System32\wshbth.dll","SUCCESS","Image Base: 0x7ffbd10c0000, Image Size: 0x15000" "11:31:20.1698962 AM","icl.exe","42776","CloseFile","C:\Windows\System32\wshbth.dll","SUCCESS","" "11:31:20.1701793 AM","icl.exe","42776","CreateFile","C:\Windows\System32\nlaapi.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:20.1702248 AM","icl.exe","42776","QueryBasicInformationFile","C:\Windows\System32\nlaapi.dll","SUCCESS","CreationTime: 2/17/2021 8:53:56 AM, LastAccessTime: 3/25/2021 11:31:10 AM, LastWriteTime: 2/17/2021 8:53:56 AM, ChangeTime: 3/10/2021 10:24:06 PM, FileAttributes: A" "11:31:20.1702391 AM","icl.exe","42776","CloseFile","C:\Windows\System32\nlaapi.dll","SUCCESS","" "11:31:20.1703720 AM","icl.exe","42776","CreateFile","C:\Windows\System32\nlaapi.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:20.1704307 AM","icl.exe","42776","CreateFileMapping","C:\Windows\System32\nlaapi.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_WRITECOPY|PAGE_NOCACHE" "11:31:20.1705562 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Read" "11:31:20.1705869 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Read" "11:31:20.1706141 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 20" "11:31:20.1706428 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","" "11:31:20.1706695 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Query Value" "11:31:20.1706966 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Query Value" "11:31:20.1707217 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 80" "11:31:20.1707491 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","" "11:31:20.1707746 AM","icl.exe","42776","CreateFileMapping","C:\Windows\System32\nlaapi.dll","SUCCESS","SyncType: SyncTypeOther" "11:31:20.1711121 AM","icl.exe","42776","Load Image","C:\Windows\System32\nlaapi.dll","SUCCESS","Image Base: 0x7ffbd66a0000, Image Size: 0x1d000" "11:31:20.1714006 AM","icl.exe","42776","CloseFile","C:\Windows\System32\nlaapi.dll","SUCCESS","" "11:31:20.1715982 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\6ff5771a-f64e-473f-a2e8-4654c218ff3a","NAME NOT FOUND","Length: 528" "11:31:20.1716756 AM","icl.exe","42776","QueryNameInformationFile","C:\Windows\System32\nlaapi.dll","SUCCESS","Name: \Windows\System32\nlaapi.dll" "11:31:20.1717146 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\703fcc13-b66f-5868-ddd9-e2db7f381ffb","NAME NOT FOUND","Length: 528" "11:31:20.1717635 AM","icl.exe","42776","QueryNameInformationFile","C:\Windows\System32\nlaapi.dll","SUCCESS","Name: \Windows\System32\nlaapi.dll" "11:31:20.1719647 AM","icl.exe","42776","CreateFile","C:\Windows\System32\mswsock.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:20.1720088 AM","icl.exe","42776","QueryBasicInformationFile","C:\Windows\System32\mswsock.dll","SUCCESS","CreationTime: 2/17/2021 8:53:40 AM, LastAccessTime: 3/25/2021 11:31:16 AM, LastWriteTime: 2/17/2021 8:53:40 AM, ChangeTime: 3/10/2021 10:24:06 PM, FileAttributes: A" "11:31:20.1720229 AM","icl.exe","42776","CloseFile","C:\Windows\System32\mswsock.dll","SUCCESS","" "11:31:20.1721195 AM","icl.exe","42776","CreateFile","C:\Windows\System32\mswsock.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:20.1721893 AM","icl.exe","42776","CreateFileMapping","C:\Windows\System32\mswsock.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_WRITECOPY|PAGE_NOCACHE" "11:31:20.1722874 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Read" "11:31:20.1723105 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Read" "11:31:20.1723295 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 20" "11:31:20.1723499 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","" "11:31:20.1723682 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Query Value" "11:31:20.1723862 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Query Value" "11:31:20.1724030 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 80" "11:31:20.1724217 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","" "11:31:20.1724388 AM","icl.exe","42776","CreateFileMapping","C:\Windows\System32\mswsock.dll","SUCCESS","SyncType: SyncTypeOther" "11:31:20.1726971 AM","icl.exe","42776","Load Image","C:\Windows\System32\mswsock.dll","SUCCESS","Image Base: 0x7ffbda3f0000, Image Size: 0x6a000" "11:31:20.1728387 AM","icl.exe","42776","CloseFile","C:\Windows\System32\mswsock.dll","SUCCESS","" "11:31:20.1729373 AM","icl.exe","42776","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" "11:31:20.1729586 AM","icl.exe","42776","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters","REPARSE","Desired Access: Read" "11:31:20.1729781 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters","SUCCESS","Desired Access: Read" "11:31:20.1729982 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\DisableSockPollConnFailureReturn","NAME NOT FOUND","Length: 16" "11:31:20.1730182 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters","SUCCESS","" "11:31:20.1732401 AM","icl.exe","42776","CreateFile","C:\Windows\System32\dnsapi.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:20.1732930 AM","icl.exe","42776","QueryBasicInformationFile","C:\Windows\System32\dnsapi.dll","SUCCESS","CreationTime: 2/17/2021 8:53:40 AM, LastAccessTime: 3/25/2021 11:31:10 AM, LastWriteTime: 2/17/2021 8:53:40 AM, ChangeTime: 3/10/2021 10:24:06 PM, FileAttributes: A" "11:31:20.1733079 AM","icl.exe","42776","CloseFile","C:\Windows\System32\dnsapi.dll","SUCCESS","" "11:31:20.1734087 AM","icl.exe","42776","CreateFile","C:\Windows\System32\dnsapi.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:20.1734508 AM","icl.exe","42776","CreateFileMapping","C:\Windows\System32\dnsapi.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_WRITECOPY|PAGE_NOCACHE" "11:31:20.1735464 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Read" "11:31:20.1735677 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Read" "11:31:20.1736078 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 20" "11:31:20.1736289 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","" "11:31:20.1736474 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Query Value" "11:31:20.1736664 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Query Value" "11:31:20.1736837 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 80" "11:31:20.1737027 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","" "11:31:20.1737222 AM","icl.exe","42776","CreateFileMapping","C:\Windows\System32\dnsapi.dll","SUCCESS","SyncType: SyncTypeOther" "11:31:20.1739827 AM","icl.exe","42776","Load Image","C:\Windows\System32\dnsapi.dll","SUCCESS","Image Base: 0x7ffbda150000, Image Size: 0xcb000" "11:31:20.1740759 AM","icl.exe","42776","CloseFile","C:\Windows\System32\dnsapi.dll","SUCCESS","" "11:31:20.1743180 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\9ca335ed-c0a6-4b4d-b084-9c9b5143aff0","NAME NOT FOUND","Length: 528" "11:31:20.1743951 AM","icl.exe","42776","QueryNameInformationFile","C:\Windows\System32\dnsapi.dll","SUCCESS","Name: \Windows\System32\dnsapi.dll" "11:31:20.1744372 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\703fcc13-b66f-5868-ddd9-e2db7f381ffb","NAME NOT FOUND","Length: 528" "11:31:20.1744874 AM","icl.exe","42776","QueryNameInformationFile","C:\Windows\System32\dnsapi.dll","SUCCESS","Name: \Windows\System32\dnsapi.dll" "11:31:20.1748049 AM","icl.exe","42776","Load Image","C:\Windows\System32\nsi.dll","SUCCESS","Image Base: 0x7ffbdcb20000, Image Size: 0x8000" "11:31:20.1749343 AM","icl.exe","42776","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" "11:31:20.1749545 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces","REPARSE","Desired Access: Read" "11:31:20.1749746 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces","SUCCESS","Desired Access: Read" "11:31:20.1749940 AM","icl.exe","42776","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" "11:31:20.1750084 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces","REPARSE","Desired Access: Read" "11:31:20.1750237 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces","SUCCESS","Desired Access: Read" "11:31:20.1750696 AM","icl.exe","42776","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" "11:31:20.1750860 AM","icl.exe","42776","RegCreateKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters","REPARSE","Desired Access: Read" "11:31:20.1753391 AM","icl.exe","42776","RegCreateKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters","SUCCESS","Desired Access: Read, Disposition: REG_OPENED_EXISTING_KEY" "11:31:20.1755611 AM","icl.exe","42776","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" "11:31:20.1755764 AM","icl.exe","42776","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters","REPARSE","Desired Access: Read" "11:31:20.1755903 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters","SUCCESS","Desired Access: Read" "11:31:20.1756050 AM","icl.exe","42776","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" "11:31:20.1756175 AM","icl.exe","42776","RegOpenKey","HKLM\Software\Policies\Microsoft\Windows NT\DnsClient","SUCCESS","Desired Access: Read" "11:31:20.1756403 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Hostname","BUFFER OVERFLOW","Length: 12" "11:31:20.1756555 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Hostname","SUCCESS","Type: REG_SZ, Length: 28, Data: ca-w10-bld-05" "11:31:20.1756727 AM","icl.exe","42776","RegCloseKey","HKLM\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient","SUCCESS","" "11:31:20.1756858 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters","SUCCESS","" "11:31:20.1756976 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters","SUCCESS","" "11:31:20.1757120 AM","icl.exe","42776","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" "11:31:20.1757257 AM","icl.exe","42776","RegCreateKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters","REPARSE","Desired Access: Read" "11:31:20.1759286 AM","icl.exe","42776","RegCreateKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters","SUCCESS","Desired Access: Read, Disposition: REG_OPENED_EXISTING_KEY" "11:31:20.1761747 AM","icl.exe","42776","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" "11:31:20.1761930 AM","icl.exe","42776","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters","REPARSE","Desired Access: Read" "11:31:20.1762108 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters","SUCCESS","Desired Access: Read" "11:31:20.1762255 AM","icl.exe","42776","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" "11:31:20.1762383 AM","icl.exe","42776","RegOpenKey","HKLM\Software\Policies\Microsoft\Windows NT\DnsClient","SUCCESS","Desired Access: Read" "11:31:20.1762544 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Hostname","BUFFER OVERFLOW","Length: 12" "11:31:20.1762711 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Hostname","SUCCESS","Type: REG_SZ, Length: 28, Data: ca-w10-bld-05" "11:31:20.1762869 AM","icl.exe","42776","RegCloseKey","HKLM\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient","SUCCESS","" "11:31:20.1762994 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters","SUCCESS","" "11:31:20.1763109 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters","SUCCESS","" "11:31:20.1763231 AM","icl.exe","42776","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" "11:31:20.1763365 AM","icl.exe","42776","RegCreateKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters","REPARSE","Desired Access: Read" "11:31:20.1765514 AM","icl.exe","42776","RegCreateKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters","SUCCESS","Desired Access: Read, Disposition: REG_OPENED_EXISTING_KEY" "11:31:20.1767418 AM","icl.exe","42776","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" "11:31:20.1767558 AM","icl.exe","42776","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters","REPARSE","Desired Access: Read" "11:31:20.1767692 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters","SUCCESS","Desired Access: Read" "11:31:20.1767827 AM","icl.exe","42776","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" "11:31:20.1767952 AM","icl.exe","42776","RegOpenKey","HKLM\Software\Policies\Microsoft\Windows NT\DnsClient","SUCCESS","Desired Access: Read" "11:31:20.1768104 AM","icl.exe","42776","RegQueryValue","HKLM\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\PrimaryDomainName","NAME NOT FOUND","Length: 12" "11:31:20.1768239 AM","icl.exe","42776","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" "11:31:20.1768362 AM","icl.exe","42776","RegOpenKey","HKLM\Software\Policies\Microsoft\System\DNSClient","SUCCESS","Desired Access: Query Value" "11:31:20.1768520 AM","icl.exe","42776","RegQueryValue","HKLM\SOFTWARE\Policies\Microsoft\System\DNSClient\PrimaryDNSSuffix","BUFFER OVERFLOW","Length: 12" "11:31:20.1768690 AM","icl.exe","42776","RegQueryValue","HKLM\SOFTWARE\Policies\Microsoft\System\DNSClient\PrimaryDNSSuffix","SUCCESS","Type: REG_SZ, Length: 32, Data: prog.altair.com" "11:31:20.1768904 AM","icl.exe","42776","RegCloseKey","HKLM\SOFTWARE\Policies\Microsoft\System\DNSClient","SUCCESS","" "11:31:20.1769142 AM","icl.exe","42776","RegCloseKey","HKLM\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient","SUCCESS","" "11:31:20.1769343 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters","SUCCESS","" "11:31:20.1769469 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters","SUCCESS","" "11:31:20.1771384 AM","icl.exe","42776","CreateFile","C:\Windows\System32\winrnr.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:20.1771985 AM","icl.exe","42776","QueryBasicInformationFile","C:\Windows\System32\winrnr.dll","SUCCESS","CreationTime: 2/17/2021 8:53:49 AM, LastAccessTime: 3/25/2021 11:31:10 AM, LastWriteTime: 2/17/2021 8:53:49 AM, ChangeTime: 3/10/2021 10:24:06 PM, FileAttributes: A" "11:31:20.1772285 AM","icl.exe","42776","CloseFile","C:\Windows\System32\winrnr.dll","SUCCESS","" "11:31:20.1773217 AM","icl.exe","42776","CreateFile","C:\Windows\System32\winrnr.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:20.1773618 AM","icl.exe","42776","CreateFileMapping","C:\Windows\System32\winrnr.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_WRITECOPY|PAGE_NOCACHE" "11:31:20.1774502 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Read" "11:31:20.1774694 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Read" "11:31:20.1774864 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 20" "11:31:20.1775070 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","" "11:31:20.1775228 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Query Value" "11:31:20.1775385 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Query Value" "11:31:20.1775530 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 80" "11:31:20.1775693 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","" "11:31:20.1775848 AM","icl.exe","42776","CreateFileMapping","C:\Windows\System32\winrnr.dll","SUCCESS","SyncType: SyncTypeOther" "11:31:20.1778203 AM","icl.exe","42776","Load Image","C:\Windows\System32\winrnr.dll","SUCCESS","Image Base: 0x7ffbd1170000, Image Size: 0x12000" "11:31:20.1779017 AM","icl.exe","42776","CloseFile","C:\Windows\System32\winrnr.dll","SUCCESS","" "11:31:20.1780153 AM","icl.exe","42776","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" "11:31:20.1780340 AM","icl.exe","42776","RegCreateKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters","REPARSE","Desired Access: Read" "11:31:20.1782765 AM","icl.exe","42776","RegCreateKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters","SUCCESS","Desired Access: Read, Disposition: REG_OPENED_EXISTING_KEY" "11:31:20.1784888 AM","icl.exe","42776","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" "11:31:20.1785047 AM","icl.exe","42776","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters","REPARSE","Desired Access: Read" "11:31:20.1785199 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters","SUCCESS","Desired Access: Read" "11:31:20.1785345 AM","icl.exe","42776","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" "11:31:20.1785470 AM","icl.exe","42776","RegOpenKey","HKLM\Software\Policies\Microsoft\Windows NT\DnsClient","SUCCESS","Desired Access: Read" "11:31:20.1785666 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Hostname","BUFFER OVERFLOW","Length: 12" "11:31:20.1785807 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Hostname","SUCCESS","Type: REG_SZ, Length: 28, Data: ca-w10-bld-05" "11:31:20.1785972 AM","icl.exe","42776","RegCloseKey","HKLM\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient","SUCCESS","" "11:31:20.1786097 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters","SUCCESS","" "11:31:20.1786211 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters","SUCCESS","" "11:31:20.1786919 AM","icl.exe","42776","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0" "11:31:20.1787045 AM","icl.exe","42776","RegOpenKey","HKCU\SOFTWARE\FLEXlm License Manager","NAME NOT FOUND","Desired Access: Query Value" "11:31:20.1787797 AM","icl.exe","42776","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" "11:31:20.1787939 AM","icl.exe","42776","RegCreateKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters","REPARSE","Desired Access: Read" "11:31:20.1789994 AM","icl.exe","42776","RegCreateKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters","SUCCESS","Desired Access: Read, Disposition: REG_OPENED_EXISTING_KEY" "11:31:20.1792115 AM","icl.exe","42776","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" "11:31:20.1792259 AM","icl.exe","42776","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters","REPARSE","Desired Access: Read" "11:31:20.1792394 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters","SUCCESS","Desired Access: Read" "11:31:20.1792541 AM","icl.exe","42776","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" "11:31:20.1792682 AM","icl.exe","42776","RegOpenKey","HKLM\Software\Policies\Microsoft\Windows NT\DnsClient","SUCCESS","Desired Access: Read" "11:31:20.1792842 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Hostname","BUFFER OVERFLOW","Length: 12" "11:31:20.1792974 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Hostname","SUCCESS","Type: REG_SZ, Length: 28, Data: ca-w10-bld-05" "11:31:20.1793131 AM","icl.exe","42776","RegCloseKey","HKLM\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient","SUCCESS","" "11:31:20.1793254 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters","SUCCESS","" "11:31:20.1793368 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters","SUCCESS","" "11:31:20.1794090 AM","icl.exe","42776","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" "11:31:20.1794231 AM","icl.exe","42776","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Services\Winsock\Parameters","REPARSE","Desired Access: Read" "11:31:20.1794368 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Services\Winsock\Parameters","SUCCESS","Desired Access: Read" "11:31:20.1794524 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\Winsock\Parameters\Transports","BUFFER OVERFLOW","Length: 12" "11:31:20.1794650 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\Winsock\Parameters\Transports","SUCCESS","Type: REG_MULTI_SZ, Length: 82, Data: Tcpip, Tcpip6, afunix, Psched, vmbus, RFCOMM" "11:31:20.1794796 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Services\Winsock\Parameters","SUCCESS","" "11:31:20.1794939 AM","icl.exe","42776","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" "11:31:20.1795064 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock","REPARSE","Desired Access: Read" "11:31:20.1795197 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock","SUCCESS","Desired Access: Read" "11:31:20.1795345 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock\Mapping","BUFFER OVERFLOW","Length: 12" "11:31:20.1795476 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock\Mapping","SUCCESS","Type: REG_BINARY, Length: 104, Data: 08 00 00 00 03 00 00 00 02 00 00 00 01 00 00 00" "11:31:20.1795618 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock","SUCCESS","" "11:31:20.1795734 AM","icl.exe","42776","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" "11:31:20.1795859 AM","icl.exe","42776","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Services\Winsock\Setup Migration\Providers","REPARSE","Desired Access: Read" "11:31:20.1796023 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Services\Winsock\Setup Migration\Providers","SUCCESS","Desired Access: Read" "11:31:20.1796178 AM","icl.exe","42776","RegQueryKey","HKLM\System\CurrentControlSet\Services\Winsock\Setup Migration\Providers","SUCCESS","Query: HandleTags, HandleTags: 0x0" "11:31:20.1796301 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Services\Winsock\Setup Migration\Providers\Tcpip","SUCCESS","Desired Access: Read" "11:31:20.1796432 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\Winsock\Setup Migration\Providers\Tcpip\WinSock 2.0 Provider ID","SUCCESS","Type: REG_BINARY, Length: 16, Data: A0 1A 0F E7 8B AB CF 11 8C A3 00 80 5F 48 A1 92" "11:31:20.1796573 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Services\Winsock\Setup Migration\Providers\Tcpip","SUCCESS","" "11:31:20.1796691 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Services\Winsock\Setup Migration\Providers","SUCCESS","" "11:31:20.1796810 AM","icl.exe","42776","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" "11:31:20.1796930 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock","REPARSE","Desired Access: Read" "11:31:20.1797058 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock","SUCCESS","Desired Access: Read" "11:31:20.1797189 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock\MinSockaddrLength","SUCCESS","Type: REG_DWORD, Length: 4, Data: 16" "11:31:20.1797310 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock\MaxSockaddrLength","SUCCESS","Type: REG_DWORD, Length: 4, Data: 16" "11:31:20.1797425 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock\UseDelayedAcceptance","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0" "11:31:20.1797560 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock","SUCCESS","" "11:31:20.1798652 AM","icl.exe","42776","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" "11:31:20.1798784 AM","icl.exe","42776","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Services\Winsock\Parameters","REPARSE","Desired Access: Read" "11:31:20.1798918 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Services\Winsock\Parameters","SUCCESS","Desired Access: Read" "11:31:20.1799054 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\Winsock\Parameters\Transports","BUFFER OVERFLOW","Length: 12" "11:31:20.1799177 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\Winsock\Parameters\Transports","SUCCESS","Type: REG_MULTI_SZ, Length: 82, Data: Tcpip, Tcpip6, afunix, Psched, vmbus, RFCOMM" "11:31:20.1799319 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Services\Winsock\Parameters","SUCCESS","" "11:31:20.1799438 AM","icl.exe","42776","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" "11:31:20.1799562 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock","REPARSE","Desired Access: Read" "11:31:20.1799689 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock","SUCCESS","Desired Access: Read" "11:31:20.1799823 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock\Mapping","BUFFER OVERFLOW","Length: 12" "11:31:20.1799985 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock\Mapping","SUCCESS","Type: REG_BINARY, Length: 104, Data: 08 00 00 00 03 00 00 00 02 00 00 00 01 00 00 00" "11:31:20.1800184 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock","SUCCESS","" "11:31:20.1800346 AM","icl.exe","42776","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" "11:31:20.1800511 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Services\Tcpip6\Parameters\Winsock","REPARSE","Desired Access: Read" "11:31:20.1800689 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Services\Tcpip6\Parameters\Winsock","SUCCESS","Desired Access: Read" "11:31:20.1800837 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip6\Parameters\Winsock\Mapping","BUFFER OVERFLOW","Length: 12" "11:31:20.1800963 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip6\Parameters\Winsock\Mapping","SUCCESS","Type: REG_BINARY, Length: 104, Data: 08 00 00 00 03 00 00 00 17 00 00 00 01 00 00 00" "11:31:20.1801100 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Services\Tcpip6\Parameters\Winsock","SUCCESS","" "11:31:20.1801213 AM","icl.exe","42776","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" "11:31:20.1801339 AM","icl.exe","42776","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Services\Winsock\Setup Migration\Providers","REPARSE","Desired Access: Read" "11:31:20.1801619 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Services\Winsock\Setup Migration\Providers","SUCCESS","Desired Access: Read" "11:31:20.1801902 AM","icl.exe","42776","RegQueryKey","HKLM\System\CurrentControlSet\Services\Winsock\Setup Migration\Providers","SUCCESS","Query: HandleTags, HandleTags: 0x0" "11:31:20.1802030 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Services\Winsock\Setup Migration\Providers\Tcpip6","SUCCESS","Desired Access: Read" "11:31:20.1802161 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\Winsock\Setup Migration\Providers\Tcpip6\WinSock 2.0 Provider ID","SUCCESS","Type: REG_BINARY, Length: 16, Data: C0 B0 EA F9 D4 26 D0 11 BB BF 00 AA 00 6C 34 E4" "11:31:20.1802299 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Services\Winsock\Setup Migration\Providers\Tcpip6","SUCCESS","" "11:31:20.1802415 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Services\Winsock\Setup Migration\Providers","SUCCESS","" "11:31:20.1802534 AM","icl.exe","42776","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" "11:31:20.1802655 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Services\Tcpip6\Parameters\Winsock","REPARSE","Desired Access: Read" "11:31:20.1802784 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Services\Tcpip6\Parameters\Winsock","SUCCESS","Desired Access: Read" "11:31:20.1802914 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip6\Parameters\Winsock\MinSockaddrLength","SUCCESS","Type: REG_DWORD, Length: 4, Data: 28" "11:31:20.1803061 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip6\Parameters\Winsock\MaxSockaddrLength","SUCCESS","Type: REG_DWORD, Length: 4, Data: 28" "11:31:20.1803180 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip6\Parameters\Winsock\UseDelayedAcceptance","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0" "11:31:20.1803316 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Services\Tcpip6\Parameters\Winsock","SUCCESS","" "11:31:20.1804240 AM","icl.exe","42776","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" "11:31:20.1804380 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters","REPARSE","Desired Access: All Access" "11:31:20.1804528 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters","SUCCESS","Desired Access: All Access" "11:31:20.1804697 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\WinSock_Registry_Version","BUFFER OVERFLOW","Length: 16" "11:31:20.1804829 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\WinSock_Registry_Version","SUCCESS","Type: REG_SZ, Length: 8, Data: 2.0" "11:31:20.1805089 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\AutodialDLL","SUCCESS","Type: REG_SZ, Length: 66, Data: C:\Windows\System32\rasadhlp.dll" "11:31:20.1805216 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\AutodialDLL","SUCCESS","Type: REG_SZ, Length: 66, Data: C:\Windows\System32\rasadhlp.dll" "11:31:20.1805365 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters","SUCCESS","" "11:31:20.1810385 AM","icl.exe","42776","CreateFile","C:\Windows\System32\rasadhlp.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:20.1811303 AM","icl.exe","42776","QueryBasicInformationFile","C:\Windows\System32\rasadhlp.dll","SUCCESS","CreationTime: 2/17/2021 8:53:59 AM, LastAccessTime: 3/25/2021 11:31:10 AM, LastWriteTime: 2/17/2021 8:53:59 AM, ChangeTime: 3/10/2021 10:24:06 PM, FileAttributes: A" "11:31:20.1811607 AM","icl.exe","42776","CloseFile","C:\Windows\System32\rasadhlp.dll","SUCCESS","" "11:31:20.1812997 AM","icl.exe","42776","CreateFile","C:\Windows\System32\rasadhlp.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:20.1813471 AM","icl.exe","42776","CreateFileMapping","C:\Windows\System32\rasadhlp.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_WRITECOPY|PAGE_NOCACHE" "11:31:20.1814388 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Read" "11:31:20.1814605 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Read" "11:31:20.1814778 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 20" "11:31:20.1814965 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","" "11:31:20.1815130 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Query Value" "11:31:20.1815291 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Query Value" "11:31:20.1815440 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 80" "11:31:20.1815604 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","" "11:31:20.1815755 AM","icl.exe","42776","CreateFileMapping","C:\Windows\System32\rasadhlp.dll","SUCCESS","SyncType: SyncTypeOther" "11:31:20.1818371 AM","icl.exe","42776","Load Image","C:\Windows\System32\rasadhlp.dll","SUCCESS","Image Base: 0x7ffbd2c20000, Image Size: 0xa000" "11:31:20.1819310 AM","icl.exe","42776","CloseFile","C:\Windows\System32\rasadhlp.dll","SUCCESS","" "11:31:20.1820205 AM","icl.exe","42776","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" "11:31:20.1820397 AM","icl.exe","42776","RegCreateKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters","REPARSE","Desired Access: Read" "11:31:20.1823014 AM","icl.exe","42776","RegCreateKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters","SUCCESS","Desired Access: Read, Disposition: REG_OPENED_EXISTING_KEY" "11:31:20.1825062 AM","icl.exe","42776","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" "11:31:20.1825223 AM","icl.exe","42776","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters","REPARSE","Desired Access: Read" "11:31:20.1825398 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters","SUCCESS","Desired Access: Read" "11:31:20.1825551 AM","icl.exe","42776","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" "11:31:20.1825682 AM","icl.exe","42776","RegOpenKey","HKLM\Software\Policies\Microsoft\Windows NT\DnsClient","SUCCESS","Desired Access: Read" "11:31:20.1825874 AM","icl.exe","42776","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" "11:31:20.1826002 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Services\DNS","REPARSE","Desired Access: Query Value" "11:31:20.1826142 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Services\DNS","NAME NOT FOUND","Desired Access: Query Value" "11:31:20.1826356 AM","icl.exe","42776","RegQueryValue","HKLM\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\QueryAdapterName","NAME NOT FOUND","Length: 16" "11:31:20.1826512 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\QueryAdapterName","NAME NOT FOUND","Length: 16" "11:31:20.1826653 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DisableAdapterDomainName","NAME NOT FOUND","Length: 16" "11:31:20.1826788 AM","icl.exe","42776","RegQueryValue","HKLM\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\UseDomainNameDevolution","NAME NOT FOUND","Length: 16" "11:31:20.1826909 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\UseDomainNameDevolution","NAME NOT FOUND","Length: 16" "11:31:20.1827027 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\UseDomainNameDevolution","NAME NOT FOUND","Length: 16" "11:31:20.1827152 AM","icl.exe","42776","RegQueryValue","HKLM\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\DomainNameDevolutionLevel","NAME NOT FOUND","Length: 16" "11:31:20.1827271 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\DomainNameDevolutionLevel","NAME NOT FOUND","Length: 16" "11:31:20.1827390 AM","icl.exe","42776","RegQueryValue","HKLM\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\PrioritizeRecordData","NAME NOT FOUND","Length: 16" "11:31:20.1827508 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\PrioritizeRecordData","NAME NOT FOUND","Length: 16" "11:31:20.1827625 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\PrioritizeRecordData","NAME NOT FOUND","Length: 16" "11:31:20.1827749 AM","icl.exe","42776","RegQueryValue","HKLM\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\AllowUnqualifiedQuery","NAME NOT FOUND","Length: 16" "11:31:20.1827870 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\AllowUnqualifiedQuery","NAME NOT FOUND","Length: 16" "11:31:20.1827987 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\AllowUnqualifiedQuery","NAME NOT FOUND","Length: 16" "11:31:20.1828110 AM","icl.exe","42776","RegQueryValue","HKLM\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\AppendToMultiLabelName","NAME NOT FOUND","Length: 16" "11:31:20.1828228 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\AppendToMultiLabelName","NAME NOT FOUND","Length: 16" "11:31:20.1828346 AM","icl.exe","42776","RegQueryValue","HKLM\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\ScreenBadTlds","NAME NOT FOUND","Length: 16" "11:31:20.1828465 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\ScreenBadTlds","NAME NOT FOUND","Length: 16" "11:31:20.1828584 AM","icl.exe","42776","RegQueryValue","HKLM\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\ScreenUnreachableServers","NAME NOT FOUND","Length: 16" "11:31:20.1828702 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\ScreenUnreachableServers","NAME NOT FOUND","Length: 16" "11:31:20.1828824 AM","icl.exe","42776","RegQueryValue","HKLM\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\ScreenDefaultServers","NAME NOT FOUND","Length: 16" "11:31:20.1828944 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\ScreenDefaultServers","NAME NOT FOUND","Length: 16" "11:31:20.1829076 AM","icl.exe","42776","RegQueryValue","HKLM\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\DynamicServerQueryOrder","NAME NOT FOUND","Length: 16" "11:31:20.1829197 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\DynamicServerQueryOrder","NAME NOT FOUND","Length: 16" "11:31:20.1829316 AM","icl.exe","42776","RegQueryValue","HKLM\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\FilterClusterIp","NAME NOT FOUND","Length: 16" "11:31:20.1829433 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\FilterClusterIp","NAME NOT FOUND","Length: 16" "11:31:20.1829552 AM","icl.exe","42776","RegQueryValue","HKLM\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\WaitForNameErrorOnAll","NAME NOT FOUND","Length: 16" "11:31:20.1829670 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\WaitForNameErrorOnAll","NAME NOT FOUND","Length: 16" "11:31:20.1829790 AM","icl.exe","42776","RegQueryValue","HKLM\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\UseEdns","NAME NOT FOUND","Length: 16" "11:31:20.1829908 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\UseEdns","NAME NOT FOUND","Length: 16" "11:31:20.1830028 AM","icl.exe","42776","RegQueryValue","HKLM\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\DnsSecureNameQueryFallback","NAME NOT FOUND","Length: 16" "11:31:20.1830146 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\DnsSecureNameQueryFallback","NAME NOT FOUND","Length: 16" "11:31:20.1830268 AM","icl.exe","42776","RegQueryValue","HKLM\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\EnableDAForAllNetworks","NAME NOT FOUND","Length: 16" "11:31:20.1830385 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\EnableDAForAllNetworks","NAME NOT FOUND","Length: 16" "11:31:20.1830504 AM","icl.exe","42776","RegQueryValue","HKLM\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\DirectAccessQueryOrder","NAME NOT FOUND","Length: 16" "11:31:20.1830622 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\DirectAccessQueryOrder","NAME NOT FOUND","Length: 16" "11:31:20.1830740 AM","icl.exe","42776","RegQueryValue","HKLM\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\QueryIpMatching","NAME NOT FOUND","Length: 16" "11:31:20.1830857 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\QueryIpMatching","NAME NOT FOUND","Length: 16" "11:31:20.1830979 AM","icl.exe","42776","RegQueryValue","HKLM\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\UseHostsFile","NAME NOT FOUND","Length: 16" "11:31:20.1831098 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\UseHostsFile","NAME NOT FOUND","Length: 16" "11:31:20.1831217 AM","icl.exe","42776","RegQueryValue","HKLM\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\AddrConfigControl","NAME NOT FOUND","Length: 16" "11:31:20.1831512 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\AddrConfigControl","NAME NOT FOUND","Length: 16" "11:31:20.1831633 AM","icl.exe","42776","RegQueryValue","HKLM\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\DisableSmartNameResolution","NAME NOT FOUND","Length: 16" "11:31:20.1831752 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\DisableSmartNameResolution","NAME NOT FOUND","Length: 16" "11:31:20.1831873 AM","icl.exe","42776","RegQueryValue","HKLM\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\PreferLocalOverLowerBindingDNS","NAME NOT FOUND","Length: 16" "11:31:20.1831994 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\PreferLocalOverLowerBindingDNS","NAME NOT FOUND","Length: 16" "11:31:20.1832270 AM","icl.exe","42776","RegQueryValue","HKLM\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\QueryNetBTFQDN","NAME NOT FOUND","Length: 16" "11:31:20.1832393 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\QueryNetBTFQDN","NAME NOT FOUND","Length: 16" "11:31:20.1832603 AM","icl.exe","42776","RegQueryValue","HKLM\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\DisableSmartProtocolReordering","NAME NOT FOUND","Length: 16" "11:31:20.1832722 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\DisableSmartProtocolReordering","NAME NOT FOUND","Length: 16" "11:31:20.1832841 AM","icl.exe","42776","RegQueryValue","HKLM\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\UdpRecvBufferSize","NAME NOT FOUND","Length: 16" "11:31:20.1832958 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\UdpRecvBufferSize","NAME NOT FOUND","Length: 16" "11:31:20.1833077 AM","icl.exe","42776","RegQueryValue","HKLM\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\DisableParallelAandAAAA","NAME NOT FOUND","Length: 16" "11:31:20.1833200 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\DisableParallelAandAAAA","NAME NOT FOUND","Length: 16" "11:31:20.1833318 AM","icl.exe","42776","RegQueryValue","HKLM\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\DisableCoalescing","NAME NOT FOUND","Length: 16" "11:31:20.1833449 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\DisableCoalescing","NAME NOT FOUND","Length: 16" "11:31:20.1833569 AM","icl.exe","42776","RegQueryValue","HKLM\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\FilterVPNTrigger","NAME NOT FOUND","Length: 16" "11:31:20.1833688 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\FilterVPNTrigger","NAME NOT FOUND","Length: 16" "11:31:20.1833808 AM","icl.exe","42776","RegQueryValue","HKLM\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\EnableMultiHomedRouteConflicts","NAME NOT FOUND","Length: 16" "11:31:20.1833928 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\EnableMultiHomedRouteConflicts","NAME NOT FOUND","Length: 16" "11:31:20.1834045 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\ForceQueriesOverTcp","NAME NOT FOUND","Length: 16" "11:31:20.1834163 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\ShareTcpConnections","NAME NOT FOUND","Length: 16" "11:31:20.1834282 AM","icl.exe","42776","RegQueryValue","HKLM\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\RegistrationEnabled","NAME NOT FOUND","Length: 16" "11:31:20.1834401 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\RegistrationEnabled","NAME NOT FOUND","Length: 16" "11:31:20.1834521 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DisableDynamicUpdate","NAME NOT FOUND","Length: 16" "11:31:20.1834644 AM","icl.exe","42776","RegQueryValue","HKLM\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\RegisterPrimaryName","NAME NOT FOUND","Length: 16" "11:31:20.1834761 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\RegisterPrimaryName","NAME NOT FOUND","Length: 16" "11:31:20.1834880 AM","icl.exe","42776","RegQueryValue","HKLM\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\RegisterAdapterName","NAME NOT FOUND","Length: 16" "11:31:20.1835007 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\RegisterAdapterName","NAME NOT FOUND","Length: 16" "11:31:20.1835134 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\EnableAdapterDomainNameRegistration","NAME NOT FOUND","Length: 16" "11:31:20.1835265 AM","icl.exe","42776","RegQueryValue","HKLM\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\RegisterReverseLookup","NAME NOT FOUND","Length: 16" "11:31:20.1835383 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\RegisterReverseLookup","NAME NOT FOUND","Length: 16" "11:31:20.1835506 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DisableReverseAddressRegistrations","NAME NOT FOUND","Length: 16" "11:31:20.1835644 AM","icl.exe","42776","RegQueryValue","HKLM\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\RegisterWanAdapters","NAME NOT FOUND","Length: 16" "11:31:20.1835761 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\RegisterWanAdapters","NAME NOT FOUND","Length: 16" "11:31:20.1836007 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DisableWanDynamicUpdate","NAME NOT FOUND","Length: 16" "11:31:20.1836180 AM","icl.exe","42776","RegQueryValue","HKLM\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\RegistrationTtl","NAME NOT FOUND","Length: 16" "11:31:20.1836301 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\RegistrationTtl","NAME NOT FOUND","Length: 16" "11:31:20.1836425 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DefaultRegistrationTTL","NAME NOT FOUND","Length: 16" "11:31:20.1836557 AM","icl.exe","42776","RegQueryValue","HKLM\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\RegistrationRefreshInterval","NAME NOT FOUND","Length: 16" "11:31:20.1836693 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\RegistrationRefreshInterval","NAME NOT FOUND","Length: 16" "11:31:20.1836833 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DefaultRegistrationRefreshInterval","NAME NOT FOUND","Length: 16" "11:31:20.1836964 AM","icl.exe","42776","RegQueryValue","HKLM\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\RegistrationMaxAddressCount","NAME NOT FOUND","Length: 16" "11:31:20.1837082 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\RegistrationMaxAddressCount","NAME NOT FOUND","Length: 16" "11:31:20.1837202 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\MaxNumberOfAddressesToRegister","NAME NOT FOUND","Length: 16" "11:31:20.1837326 AM","icl.exe","42776","RegQueryValue","HKLM\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\UpdateSecurityLevel","NAME NOT FOUND","Length: 16" "11:31:20.1837443 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\UpdateSecurityLevel","NAME NOT FOUND","Length: 16" "11:31:20.1837575 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\UpdateSecurityLevel","NAME NOT FOUND","Length: 16" "11:31:20.1837700 AM","icl.exe","42776","RegQueryValue","HKLM\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\UpdateTopLevelDomainZones","NAME NOT FOUND","Length: 16" "11:31:20.1837851 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\UpdateTopLevelDomainZones","NAME NOT FOUND","Length: 16" "11:31:20.1837976 AM","icl.exe","42776","RegQueryValue","HKLM\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\DowncaseSpnCauseApiOwnerIsTooLazy","NAME NOT FOUND","Length: 16" "11:31:20.1838100 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\DowncaseSpnCauseApiOwnerIsTooLazy","NAME NOT FOUND","Length: 16" "11:31:20.1838222 AM","icl.exe","42776","RegQueryValue","HKLM\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\RegistrationOverwrite","NAME NOT FOUND","Length: 16" "11:31:20.1838340 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\RegistrationOverwrite","NAME NOT FOUND","Length: 16" "11:31:20.1838465 AM","icl.exe","42776","RegQueryValue","HKLM\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\MaxCacheSize","NAME NOT FOUND","Length: 16" "11:31:20.1838586 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\MaxCacheSize","NAME NOT FOUND","Length: 16" "11:31:20.1838738 AM","icl.exe","42776","RegQueryValue","HKLM\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\MaxCacheTtl","NAME NOT FOUND","Length: 16" "11:31:20.1838892 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\MaxCacheTtl","NAME NOT FOUND","Length: 16" "11:31:20.1839025 AM","icl.exe","42776","RegQueryValue","HKLM\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\MaxNegativeCacheTtl","NAME NOT FOUND","Length: 16" "11:31:20.1839148 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\MaxNegativeCacheTtl","NAME NOT FOUND","Length: 16" "11:31:20.1839271 AM","icl.exe","42776","RegQueryValue","HKLM\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\AdapterTimeoutLimit","NAME NOT FOUND","Length: 16" "11:31:20.1839389 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\AdapterTimeoutLimit","NAME NOT FOUND","Length: 16" "11:31:20.1839507 AM","icl.exe","42776","RegQueryValue","HKLM\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\ServerPriorityTimeLimit","NAME NOT FOUND","Length: 16" "11:31:20.1839625 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\ServerPriorityTimeLimit","NAME NOT FOUND","Length: 16" "11:31:20.1839744 AM","icl.exe","42776","RegQueryValue","HKLM\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\MaxCachedSockets","NAME NOT FOUND","Length: 16" "11:31:20.1839862 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\MaxCachedSockets","NAME NOT FOUND","Length: 16" "11:31:20.1839981 AM","icl.exe","42776","RegQueryValue","HKLM\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\DisableServerUnreachability","NAME NOT FOUND","Length: 16" "11:31:20.1840098 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\DisableServerUnreachability","NAME NOT FOUND","Length: 16" "11:31:20.1840216 AM","icl.exe","42776","RegQueryValue","HKLM\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\EnableMulticast","NAME NOT FOUND","Length: 16" "11:31:20.1840334 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\EnableMulticast","NAME NOT FOUND","Length: 16" "11:31:20.1840452 AM","icl.exe","42776","RegQueryValue","HKLM\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\MulticastResponderFlags","NAME NOT FOUND","Length: 16" "11:31:20.1840570 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\MulticastResponderFlags","NAME NOT FOUND","Length: 16" "11:31:20.1840688 AM","icl.exe","42776","RegQueryValue","HKLM\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\MulticastSenderFlags","NAME NOT FOUND","Length: 16" "11:31:20.1840807 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\MulticastSenderFlags","NAME NOT FOUND","Length: 16" "11:31:20.1840926 AM","icl.exe","42776","RegQueryValue","HKLM\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\MulticastSenderMaxTimeout","NAME NOT FOUND","Length: 16" "11:31:20.1841043 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\MulticastSenderMaxTimeout","NAME NOT FOUND","Length: 16" "11:31:20.1841162 AM","icl.exe","42776","RegQueryValue","HKLM\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\EnableMDNS","NAME NOT FOUND","Length: 16" "11:31:20.1841409 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\EnableMDNS","NAME NOT FOUND","Length: 16" "11:31:20.1841532 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\DnsTest","NAME NOT FOUND","Length: 16" "11:31:20.1841650 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\UseCompartments","NAME NOT FOUND","Length: 16" "11:31:20.1841767 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\CacheAllCompartments","NAME NOT FOUND","Length: 16" "11:31:20.1841888 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\UseNewRegistration","NAME NOT FOUND","Length: 16" "11:31:20.1842015 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\ResolverRegistration","NAME NOT FOUND","Length: 16" "11:31:20.1842133 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\ResolverRegistrationOnly","NAME NOT FOUND","Length: 16" "11:31:20.1842249 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\NewDhcpSrvRegistration","NAME NOT FOUND","Length: 16" "11:31:20.1842367 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\DirectAccessPreferLocal","NAME NOT FOUND","Length: 16" "11:31:20.1842485 AM","icl.exe","42776","RegQueryValue","HKLM\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\DisableIdnEncoding","NAME NOT FOUND","Length: 16" "11:31:20.1842603 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\DisableIdnEncoding","NAME NOT FOUND","Length: 16" "11:31:20.1842722 AM","icl.exe","42776","RegQueryValue","HKLM\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\EnableIdnMapping","NAME NOT FOUND","Length: 16" "11:31:20.1842840 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\EnableIdnMapping","NAME NOT FOUND","Length: 16" "11:31:20.1842957 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\ShortnameProxyDefault","NAME NOT FOUND","Length: 16" "11:31:20.1843077 AM","icl.exe","42776","RegQueryValue","HKLM\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\DisableNRPTForAdapterRegistration","NAME NOT FOUND","Length: 16" "11:31:20.1843200 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\DisableNRPTForAdapterRegistration","NAME NOT FOUND","Length: 16" "11:31:20.1843330 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\TestMode_AdaptiveTimeoutHistoryLength","NAME NOT FOUND","Length: 16" "11:31:20.1843457 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\TestMode_AdaptiveTimeoutRecalculationInterval","NAME NOT FOUND","Length: 16" "11:31:20.1843594 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\DnsQueryTimeouts","NAME NOT FOUND","Length: 12" "11:31:20.1843719 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DnsQueryTimeouts","NAME NOT FOUND","Length: 12" "11:31:20.1843853 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\DnsQuickQueryTimeouts","NAME NOT FOUND","Length: 12" "11:31:20.1843982 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DnsQuickQueryTimeouts","NAME NOT FOUND","Length: 12" "11:31:20.1844153 AM","icl.exe","42776","RegCloseKey","HKLM\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient","SUCCESS","" "11:31:20.1844287 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters","SUCCESS","" "11:31:20.1844406 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters","SUCCESS","" "11:31:20.1844546 AM","icl.exe","42776","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" "11:31:20.1844733 AM","icl.exe","42776","RegCreateKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters","REPARSE","Desired Access: Read" "11:31:20.1846850 AM","icl.exe","42776","RegCreateKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters","SUCCESS","Desired Access: Read, Disposition: REG_OPENED_EXISTING_KEY" "11:31:20.1849066 AM","icl.exe","42776","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" "11:31:20.1849223 AM","icl.exe","42776","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters","REPARSE","Desired Access: Read" "11:31:20.1849371 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters","SUCCESS","Desired Access: Read" "11:31:20.1849513 AM","icl.exe","42776","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" "11:31:20.1849642 AM","icl.exe","42776","RegOpenKey","HKLM\Software\Policies\Microsoft\Windows NT\DnsClient","SUCCESS","Desired Access: Read" "11:31:20.1849803 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Hostname","BUFFER OVERFLOW","Length: 12" "11:31:20.1849940 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Hostname","SUCCESS","Type: REG_SZ, Length: 28, Data: ca-w10-bld-05" "11:31:20.1850101 AM","icl.exe","42776","RegCloseKey","HKLM\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient","SUCCESS","" "11:31:20.1850229 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters","SUCCESS","" "11:31:20.1850345 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters","SUCCESS","" "11:31:20.1850467 AM","icl.exe","42776","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" "11:31:20.1850604 AM","icl.exe","42776","RegCreateKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters","REPARSE","Desired Access: Read" "11:31:20.1852817 AM","icl.exe","42776","RegCreateKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters","SUCCESS","Desired Access: Read, Disposition: REG_OPENED_EXISTING_KEY" "11:31:20.1854777 AM","icl.exe","42776","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" "11:31:20.1854920 AM","icl.exe","42776","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters","REPARSE","Desired Access: Read" "11:31:20.1855056 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters","SUCCESS","Desired Access: Read" "11:31:20.1855193 AM","icl.exe","42776","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" "11:31:20.1855319 AM","icl.exe","42776","RegOpenKey","HKLM\Software\Policies\Microsoft\Windows NT\DnsClient","SUCCESS","Desired Access: Read" "11:31:20.1855473 AM","icl.exe","42776","RegQueryValue","HKLM\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\PrimaryDomainName","NAME NOT FOUND","Length: 12" "11:31:20.1855608 AM","icl.exe","42776","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" "11:31:20.1855733 AM","icl.exe","42776","RegOpenKey","HKLM\Software\Policies\Microsoft\System\DNSClient","SUCCESS","Desired Access: Query Value" "11:31:20.1855887 AM","icl.exe","42776","RegQueryValue","HKLM\SOFTWARE\Policies\Microsoft\System\DNSClient\PrimaryDNSSuffix","BUFFER OVERFLOW","Length: 12" "11:31:20.1856043 AM","icl.exe","42776","RegQueryValue","HKLM\SOFTWARE\Policies\Microsoft\System\DNSClient\PrimaryDNSSuffix","SUCCESS","Type: REG_SZ, Length: 32, Data: prog.altair.com" "11:31:20.1856199 AM","icl.exe","42776","RegCloseKey","HKLM\SOFTWARE\Policies\Microsoft\System\DNSClient","SUCCESS","" "11:31:20.1856330 AM","icl.exe","42776","RegCloseKey","HKLM\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient","SUCCESS","" "11:31:20.1856453 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters","SUCCESS","" "11:31:20.1856570 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters","SUCCESS","" "11:31:20.1856707 AM","icl.exe","42776","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" "11:31:20.1856843 AM","icl.exe","42776","RegCreateKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters","REPARSE","Desired Access: Read" "11:31:20.1858867 AM","icl.exe","42776","RegCreateKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters","SUCCESS","Desired Access: Read, Disposition: REG_OPENED_EXISTING_KEY" "11:31:20.1860785 AM","icl.exe","42776","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" "11:31:20.1860922 AM","icl.exe","42776","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters","REPARSE","Desired Access: Read" "11:31:20.1861058 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters","SUCCESS","Desired Access: Read" "11:31:20.1861194 AM","icl.exe","42776","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" "11:31:20.1861484 AM","icl.exe","42776","RegOpenKey","HKLM\Software\Policies\Microsoft\Windows NT\DnsClient","SUCCESS","Desired Access: Read" "11:31:20.1861635 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Hostname","BUFFER OVERFLOW","Length: 12" "11:31:20.1861767 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Hostname","SUCCESS","Type: REG_SZ, Length: 28, Data: ca-w10-bld-05" "11:31:20.1861922 AM","icl.exe","42776","RegCloseKey","HKLM\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient","SUCCESS","" "11:31:20.1862047 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters","SUCCESS","" "11:31:20.1862165 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters","SUCCESS","" "11:31:20.1870705 AM","icl.exe","42776","CreateFile","C:\Windows\System32\FWPUCLNT.DLL","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:20.1871148 AM","icl.exe","42776","QueryBasicInformationFile","C:\Windows\System32\FWPUCLNT.DLL","SUCCESS","CreationTime: 3/10/2021 10:21:46 PM, LastAccessTime: 3/25/2021 11:31:17 AM, LastWriteTime: 3/10/2021 10:21:46 PM, ChangeTime: 3/10/2021 10:53:06 PM, FileAttributes: A" "11:31:20.1871324 AM","icl.exe","42776","CloseFile","C:\Windows\System32\FWPUCLNT.DLL","SUCCESS","" "11:31:20.1872609 AM","icl.exe","42776","CreateFile","C:\Windows\System32\FWPUCLNT.DLL","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:20.1873027 AM","icl.exe","42776","CreateFileMapping","C:\Windows\System32\FWPUCLNT.DLL","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_WRITECOPY|PAGE_NOCACHE" "11:31:20.1873898 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Read" "11:31:20.1874091 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Read" "11:31:20.1874276 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 20" "11:31:20.1874456 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","" "11:31:20.1874611 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Query Value" "11:31:20.1874765 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Query Value" "11:31:20.1874912 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 80" "11:31:20.1875074 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","" "11:31:20.1875219 AM","icl.exe","42776","CreateFileMapping","C:\Windows\System32\FWPUCLNT.DLL","SUCCESS","SyncType: SyncTypeOther" "11:31:20.1877689 AM","icl.exe","42776","Load Image","C:\Windows\System32\FWPUCLNT.DLL","SUCCESS","Image Base: 0x7ffbd5710000, Image Size: 0x7f000" "11:31:20.1878991 AM","icl.exe","42776","CloseFile","C:\Windows\System32\FWPUCLNT.DLL","SUCCESS","" "11:31:20.1880114 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\7e32a1c4-d502-5b7c-39e8-2b7b0b5f0424","NAME NOT FOUND","Length: 528" "11:31:20.1880726 AM","icl.exe","42776","QueryNameInformationFile","C:\Windows\System32\FWPUCLNT.DLL","SUCCESS","Name: \Windows\System32\FWPUCLNT.DLL" "11:31:20.1881057 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\703fcc13-b66f-5868-ddd9-e2db7f381ffb","NAME NOT FOUND","Length: 528" "11:31:20.1881689 AM","icl.exe","42776","QueryNameInformationFile","C:\Windows\System32\FWPUCLNT.DLL","SUCCESS","Name: \Windows\System32\FWPUCLNT.DLL" "11:31:20.1895948 AM","icl.exe","42776","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0" "11:31:20.1896137 AM","icl.exe","42776","RegOpenKey","HKCU\SOFTWARE\FLEXlm License Manager","NAME NOT FOUND","Desired Access: Query Value" "11:31:20.1898004 AM","icl.exe","42776","Thread Create","","SUCCESS","Thread ID: 31676" "11:31:20.1907060 AM","icl.exe","42776","TCP Connect","ca-w10-bld-05.prog.altair.com:59995 -> 204.235.26.31:28518","SUCCESS","Length: 0, mss: 1460, sackopt: 1, tsopt: 0, wsopt: 1, rcvwin: 2102400, rcvwinscale: 8, sndwinscale: 7, seqnum: 0, connid: 0" "11:31:20.1913115 AM","icl.exe","42776","TCP Send","ca-w10-bld-05.prog.altair.com:59995 -> 204.235.26.31:28518","SUCCESS","Length: 147, startime: 754064, endtime: 754064, seqnum: 0, connid: 0" "11:31:20.1913463 AM","icl.exe","42776","TCP TCPCopy","ca-w10-bld-05.prog.altair.com:59995 -> 204.235.26.31:28518","SUCCESS","Length: 35, seqnum: 0, connid: 0" "11:31:20.1913916 AM","icl.exe","42776","TCP Receive","ca-w10-bld-05.prog.altair.com:59995 -> 204.235.26.31:28518","SUCCESS","Length: 35, seqnum: 0, connid: 0" "11:31:20.1915119 AM","icl.exe","42776","TCP Disconnect","ca-w10-bld-05.prog.altair.com:59995 -> 204.235.26.31:28518","SUCCESS","Length: 0, seqnum: 0, connid: 0" "11:31:20.1926845 AM","icl.exe","42776","TCP Connect","ca-w10-bld-05.prog.altair.com:59996 -> 204.235.26.31:28519","SUCCESS","Length: 0, mss: 1460, sackopt: 1, tsopt: 0, wsopt: 1, rcvwin: 2102400, rcvwinscale: 8, sndwinscale: 7, seqnum: 0, connid: 0" "11:31:20.1932629 AM","icl.exe","42776","TCP Send","ca-w10-bld-05.prog.altair.com:59996 -> 204.235.26.31:28519","SUCCESS","Length: 147, startime: 754064, endtime: 754064, seqnum: 0, connid: 0" "11:31:20.1932939 AM","icl.exe","42776","TCP TCPCopy","ca-w10-bld-05.prog.altair.com:59996 -> 204.235.26.31:28519","SUCCESS","Length: 45, seqnum: 0, connid: 0" "11:31:20.1933427 AM","icl.exe","42776","TCP Receive","ca-w10-bld-05.prog.altair.com:59996 -> 204.235.26.31:28519","SUCCESS","Length: 45, seqnum: 0, connid: 0" "11:31:20.1938350 AM","icl.exe","42776","TCP Send","ca-w10-bld-05.prog.altair.com:59996 -> 204.235.26.31:28519","SUCCESS","Length: 36, startime: 754064, endtime: 754064, seqnum: 0, connid: 0" "11:31:20.1938429 AM","icl.exe","42776","TCP TCPCopy","ca-w10-bld-05.prog.altair.com:59996 -> 204.235.26.31:28519","SUCCESS","Length: 168, seqnum: 0, connid: 0" "11:31:20.1938799 AM","icl.exe","42776","TCP Receive","ca-w10-bld-05.prog.altair.com:59996 -> 204.235.26.31:28519","SUCCESS","Length: 168, seqnum: 0, connid: 0" "11:31:20.1942540 AM","icl.exe","42776","TCP Send","ca-w10-bld-05.prog.altair.com:59996 -> 204.235.26.31:28519","SUCCESS","Length: 31, startime: 754064, endtime: 754064, seqnum: 0, connid: 0" "11:31:20.1942619 AM","icl.exe","42776","TCP TCPCopy","ca-w10-bld-05.prog.altair.com:59996 -> 204.235.26.31:28519","SUCCESS","Length: 282, seqnum: 0, connid: 0" "11:31:20.1942983 AM","icl.exe","42776","TCP Receive","ca-w10-bld-05.prog.altair.com:59996 -> 204.235.26.31:28519","SUCCESS","Length: 282, seqnum: 0, connid: 0" "11:31:20.1949712 AM","icl.exe","42776","TCP Send","ca-w10-bld-05.prog.altair.com:59996 -> 204.235.26.31:28519","SUCCESS","Length: 38, startime: 754064, endtime: 754064, seqnum: 0, connid: 0" "11:31:20.1949778 AM","icl.exe","42776","TCP TCPCopy","ca-w10-bld-05.prog.altair.com:59996 -> 204.235.26.31:28519","SUCCESS","Length: 31, seqnum: 0, connid: 0" "11:31:20.1950071 AM","icl.exe","42776","TCP Receive","ca-w10-bld-05.prog.altair.com:59996 -> 204.235.26.31:28519","SUCCESS","Length: 31, seqnum: 0, connid: 0" "11:31:20.1950884 AM","icl.exe","42776","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0" "11:31:20.1951073 AM","icl.exe","42776","RegOpenKey","HKCU\SOFTWARE\FLEXlm License Manager","NAME NOT FOUND","Desired Access: Query Value" "11:31:20.1951616 AM","icl.exe","42776","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0" "11:31:20.1951750 AM","icl.exe","42776","RegOpenKey","HKCU\SOFTWARE\FLEXlm License Manager\Borrow","NAME NOT FOUND","Desired Access: Query Value" "11:31:20.1952514 AM","icl.exe","42776","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0" "11:31:20.1952638 AM","icl.exe","42776","RegOpenKey","HKCU\SOFTWARE\FLEXlm License Manager","NAME NOT FOUND","Desired Access: Query Value" "11:31:20.1958768 AM","icl.exe","42776","CreateFile","C:\Windows\System32\dhcpcsvc6.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:20.1959113 AM","icl.exe","42776","QueryBasicInformationFile","C:\Windows\System32\dhcpcsvc6.dll","SUCCESS","CreationTime: 2/17/2021 8:53:40 AM, LastAccessTime: 3/25/2021 11:31:10 AM, LastWriteTime: 2/17/2021 8:53:40 AM, ChangeTime: 3/10/2021 10:24:06 PM, FileAttributes: A" "11:31:20.1959248 AM","icl.exe","42776","CloseFile","C:\Windows\System32\dhcpcsvc6.dll","SUCCESS","" "11:31:20.1960142 AM","icl.exe","42776","CreateFile","C:\Windows\System32\dhcpcsvc6.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:20.1960444 AM","icl.exe","42776","CreateFileMapping","C:\Windows\System32\dhcpcsvc6.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_WRITECOPY|PAGE_NOCACHE" "11:31:20.1961939 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Read" "11:31:20.1962140 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Read" "11:31:20.1962310 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 20" "11:31:20.1962493 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","" "11:31:20.1962662 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Query Value" "11:31:20.1962842 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Query Value" "11:31:20.1962988 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 80" "11:31:20.1963153 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","" "11:31:20.1963302 AM","icl.exe","42776","CreateFileMapping","C:\Windows\System32\dhcpcsvc6.dll","SUCCESS","SyncType: SyncTypeOther" "11:31:20.1965714 AM","icl.exe","42776","Load Image","C:\Windows\System32\dhcpcsvc6.dll","SUCCESS","Image Base: 0x7ffbd54f0000, Image Size: 0x17000" "11:31:20.1966415 AM","icl.exe","42776","CloseFile","C:\Windows\System32\dhcpcsvc6.dll","SUCCESS","" "11:31:20.1975186 AM","icl.exe","42776","CreateFile","C:\Windows\System32\dhcpcsvc.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:20.1975591 AM","icl.exe","42776","QueryBasicInformationFile","C:\Windows\System32\dhcpcsvc.dll","SUCCESS","CreationTime: 2/17/2021 8:53:40 AM, LastAccessTime: 3/25/2021 11:31:10 AM, LastWriteTime: 2/17/2021 8:53:40 AM, ChangeTime: 3/10/2021 10:24:06 PM, FileAttributes: A" "11:31:20.1975720 AM","icl.exe","42776","CloseFile","C:\Windows\System32\dhcpcsvc.dll","SUCCESS","" "11:31:20.1976587 AM","icl.exe","42776","CreateFile","C:\Windows\System32\dhcpcsvc.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:20.1976957 AM","icl.exe","42776","CreateFileMapping","C:\Windows\System32\dhcpcsvc.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_WRITECOPY|PAGE_NOCACHE" "11:31:20.1977822 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Read" "11:31:20.1978222 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Read" "11:31:20.1978390 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 20" "11:31:20.1978570 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","" "11:31:20.1978725 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Query Value" "11:31:20.1978884 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Query Value" "11:31:20.1979029 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 80" "11:31:20.1979188 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","" "11:31:20.1979334 AM","icl.exe","42776","CreateFileMapping","C:\Windows\System32\dhcpcsvc.dll","SUCCESS","SyncType: SyncTypeOther" "11:31:20.1981898 AM","icl.exe","42776","Load Image","C:\Windows\System32\dhcpcsvc.dll","SUCCESS","Image Base: 0x7ffbd54d0000, Image Size: 0x1d000" "11:31:20.1982574 AM","icl.exe","42776","CloseFile","C:\Windows\System32\dhcpcsvc.dll","SUCCESS","" "11:31:20.1990585 AM","icl.exe","42776","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" "11:31:20.1990771 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces","REPARSE","Desired Access: Query Value" "11:31:20.1990931 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces","SUCCESS","Desired Access: Query Value" "11:31:20.1991107 AM","icl.exe","42776","RegQueryKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces","SUCCESS","Query: HandleTags, HandleTags: 0x0" "11:31:20.1991247 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{42b92138-684a-4721-9def-587212c7b024}","SUCCESS","Desired Access: Query Value" "11:31:20.1991746 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{42b92138-684a-4721-9def-587212c7b024}\EnableDhcp","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0" "11:31:20.1991950 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{42b92138-684a-4721-9def-587212c7b024}","SUCCESS","" "11:31:20.1992141 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces","SUCCESS","" "11:31:20.1992455 AM","icl.exe","42776","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" "11:31:20.1992599 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces","REPARSE","Desired Access: Query Value" "11:31:20.1992742 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces","SUCCESS","Desired Access: Query Value" "11:31:20.1992880 AM","icl.exe","42776","RegQueryKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces","SUCCESS","Query: HandleTags, HandleTags: 0x0" "11:31:20.1992998 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{eb425c71-25c7-47a7-92d5-8a8608c0d403}","SUCCESS","Desired Access: Query Value" "11:31:20.1993138 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{eb425c71-25c7-47a7-92d5-8a8608c0d403}\EnableDhcp","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0" "11:31:20.1993279 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{eb425c71-25c7-47a7-92d5-8a8608c0d403}","SUCCESS","" "11:31:20.1993390 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces","SUCCESS","" "11:31:20.1993597 AM","icl.exe","42776","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" "11:31:20.1993718 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces","REPARSE","Desired Access: Query Value" "11:31:20.1993845 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces","SUCCESS","Desired Access: Query Value" "11:31:20.1993968 AM","icl.exe","42776","RegQueryKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces","SUCCESS","Query: HandleTags, HandleTags: 0x0" "11:31:20.1994082 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{9ed6f0dd-70da-11eb-969a-806e6f6e6963}","SUCCESS","Desired Access: Query Value" "11:31:20.1994213 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{9ed6f0dd-70da-11eb-969a-806e6f6e6963}\EnableDhcp","NAME NOT FOUND","Length: 16" "11:31:20.1994348 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{9ed6f0dd-70da-11eb-969a-806e6f6e6963}","SUCCESS","" "11:31:20.1994454 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces","SUCCESS","" "11:31:20.2064724 AM","icl.exe","42776","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" "11:31:20.2064934 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces","REPARSE","Desired Access: Query Value" "11:31:20.2065294 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces","SUCCESS","Desired Access: Query Value" "11:31:20.2065478 AM","icl.exe","42776","RegQueryKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces","SUCCESS","Query: HandleTags, HandleTags: 0x0" "11:31:20.2065617 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{42b92138-684a-4721-9def-587212c7b024}","SUCCESS","Desired Access: Query Value" "11:31:20.2065776 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{42b92138-684a-4721-9def-587212c7b024}\EnableDhcp","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0" "11:31:20.2065957 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{42b92138-684a-4721-9def-587212c7b024}","SUCCESS","" "11:31:20.2066077 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces","SUCCESS","" "11:31:20.2066353 AM","icl.exe","42776","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" "11:31:20.2066497 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces","REPARSE","Desired Access: Query Value" "11:31:20.2066627 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces","SUCCESS","Desired Access: Query Value" "11:31:20.2066756 AM","icl.exe","42776","RegQueryKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces","SUCCESS","Query: HandleTags, HandleTags: 0x0" "11:31:20.2066874 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{eb425c71-25c7-47a7-92d5-8a8608c0d403}","SUCCESS","Desired Access: Query Value" "11:31:20.2066992 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{eb425c71-25c7-47a7-92d5-8a8608c0d403}\EnableDhcp","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0" "11:31:20.2067130 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{eb425c71-25c7-47a7-92d5-8a8608c0d403}","SUCCESS","" "11:31:20.2067239 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces","SUCCESS","" "11:31:20.2067429 AM","icl.exe","42776","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" "11:31:20.2067546 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces","REPARSE","Desired Access: Query Value" "11:31:20.2067667 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces","SUCCESS","Desired Access: Query Value" "11:31:20.2067790 AM","icl.exe","42776","RegQueryKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces","SUCCESS","Query: HandleTags, HandleTags: 0x0" "11:31:20.2067906 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{9ed6f0dd-70da-11eb-969a-806e6f6e6963}","SUCCESS","Desired Access: Query Value" "11:31:20.2068027 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{9ed6f0dd-70da-11eb-969a-806e6f6e6963}\EnableDhcp","NAME NOT FOUND","Length: 16" "11:31:20.2068152 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{9ed6f0dd-70da-11eb-969a-806e6f6e6963}","SUCCESS","" "11:31:20.2068258 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces","SUCCESS","" "11:31:20.2114378 AM","icl.exe","42776","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" "11:31:20.2114551 AM","icl.exe","42776","RegCreateKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters","REPARSE","Desired Access: Read" "11:31:20.2116816 AM","icl.exe","42776","RegCreateKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters","SUCCESS","Desired Access: Read, Disposition: REG_OPENED_EXISTING_KEY" "11:31:20.2118787 AM","icl.exe","42776","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" "11:31:20.2118931 AM","icl.exe","42776","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters","REPARSE","Desired Access: Read" "11:31:20.2119069 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters","SUCCESS","Desired Access: Read" "11:31:20.2119211 AM","icl.exe","42776","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" "11:31:20.2119333 AM","icl.exe","42776","RegOpenKey","HKLM\Software\Policies\Microsoft\Windows NT\DnsClient","SUCCESS","Desired Access: Read" "11:31:20.2119506 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Hostname","BUFFER OVERFLOW","Length: 12" "11:31:20.2119639 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Hostname","SUCCESS","Type: REG_SZ, Length: 28, Data: ca-w10-bld-05" "11:31:20.2119798 AM","icl.exe","42776","RegCloseKey","HKLM\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient","SUCCESS","" "11:31:20.2119921 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters","SUCCESS","" "11:31:20.2120032 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Services\Dnscache\Parameters","SUCCESS","" "11:31:20.2126080 AM","icl.exe","42776","TCP Send","ca-w10-bld-05.prog.altair.com:59996 -> 204.235.26.31:28519","SUCCESS","Length: 64, startime: 754066, endtime: 754066, seqnum: 0, connid: 0" "11:31:20.2126247 AM","icl.exe","42776","TCP TCPCopy","ca-w10-bld-05.prog.altair.com:59996 -> 204.235.26.31:28519","SUCCESS","Length: 168, seqnum: 0, connid: 0" "11:31:20.2126662 AM","icl.exe","42776","TCP Receive","ca-w10-bld-05.prog.altair.com:59996 -> 204.235.26.31:28519","SUCCESS","Length: 168, seqnum: 0, connid: 0" "11:31:20.2136700 AM","icl.exe","42776","TCP Send","ca-w10-bld-05.prog.altair.com:59996 -> 204.235.26.31:28519","SUCCESS","Length: 138, startime: 754066, endtime: 754066, seqnum: 0, connid: 0" "11:31:20.2136809 AM","icl.exe","42776","TCP TCPCopy","ca-w10-bld-05.prog.altair.com:59996 -> 204.235.26.31:28519","SUCCESS","Length: 168, seqnum: 0, connid: 0" "11:31:20.2137171 AM","icl.exe","42776","TCP Receive","ca-w10-bld-05.prog.altair.com:59996 -> 204.235.26.31:28519","SUCCESS","Length: 168, seqnum: 0, connid: 0" "11:31:20.2143092 AM","icl.exe","42776","TCP Send","ca-w10-bld-05.prog.altair.com:59996 -> 204.235.26.31:28519","SUCCESS","Length: 41, startime: 754066, endtime: 754066, seqnum: 0, connid: 0" "11:31:20.2143184 AM","icl.exe","42776","TCP TCPCopy","ca-w10-bld-05.prog.altair.com:59996 -> 204.235.26.31:28519","SUCCESS","Length: 573, seqnum: 0, connid: 0" "11:31:20.2143663 AM","icl.exe","42776","TCP Receive","ca-w10-bld-05.prog.altair.com:59996 -> 204.235.26.31:28519","SUCCESS","Length: 573, seqnum: 0, connid: 0" "11:31:20.2148868 AM","icl.exe","42776","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0" "11:31:20.2149057 AM","icl.exe","42776","RegOpenKey","HKCU\SOFTWARE\FLEXlm License Manager","NAME NOT FOUND","Desired Access: Query Value" "11:31:20.2149902 AM","icl.exe","42776","Thread Create","","SUCCESS","Thread ID: 28184" "11:31:20.2152504 AM","icl.exe","42776","CreateFile","C:\Users\osqa\AppData\Local\Temp","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:20.2152805 AM","icl.exe","42776","QueryBasicInformationFile","C:\Users\osqa\AppData\Local\Temp","SUCCESS","CreationTime: 2/23/2021 6:57:50 PM, LastAccessTime: 3/25/2021 11:31:20 AM, LastWriteTime: 3/25/2021 11:31:06 AM, ChangeTime: 3/25/2021 11:31:06 AM, FileAttributes: D" "11:31:20.2152914 AM","icl.exe","42776","CloseFile","C:\Users\osqa\AppData\Local\Temp","SUCCESS","" "11:31:20.2154225 AM","icl.exe","42776","CreateFile","C:\Users\osqa\AppData\Local\Temp\IntelLicenseCache","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:20.2154442 AM","icl.exe","42776","QueryBasicInformationFile","C:\Users\osqa\AppData\Local\Temp\IntelLicenseCache","SUCCESS","CreationTime: 2/24/2021 11:40:36 PM, LastAccessTime: 3/25/2021 11:31:20 AM, LastWriteTime: 3/25/2021 11:31:10 AM, ChangeTime: 3/25/2021 11:31:10 AM, FileAttributes: D" "11:31:20.2154532 AM","icl.exe","42776","CloseFile","C:\Users\osqa\AppData\Local\Temp\IntelLicenseCache","SUCCESS","" "11:31:20.2155724 AM","icl.exe","42776","CreateFile","C:\Users\osqa\AppData\Local\Temp\IntelLicenseCache","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:20.2155946 AM","icl.exe","42776","QueryBasicInformationFile","C:\Users\osqa\AppData\Local\Temp\IntelLicenseCache","SUCCESS","CreationTime: 2/24/2021 11:40:36 PM, LastAccessTime: 3/25/2021 11:31:20 AM, LastWriteTime: 3/25/2021 11:31:10 AM, ChangeTime: 3/25/2021 11:31:10 AM, FileAttributes: D" "11:31:20.2156076 AM","icl.exe","42776","CloseFile","C:\Users\osqa\AppData\Local\Temp\IntelLicenseCache","SUCCESS","" "11:31:20.2157079 AM","icl.exe","42776","CreateFile","C:\Users\osqa\AppData\Local\Temp\IntelLicenseCache\ILCFA0.tmp","SUCCESS","Desired Access: Generic Read, Disposition: Create, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: None, AllocationSize: 0, OpenResult: Created" "11:31:20.2159443 AM","icl.exe","42776","CloseFile","C:\Users\osqa\AppData\Local\Temp\IntelLicenseCache\ILCFA0.tmp","SUCCESS","" "11:31:20.2161056 AM","icl.exe","42776","CreateFile","C:\Users\osqa\AppData\Local\Temp\IntelLicenseCache\ILCFA0.tmp","SUCCESS","Desired Access: Generic Write, Read Attributes, Disposition: OverwriteIf, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, Write, AllocationSize: 0, OpenResult: Overwritten" "11:31:20.2162576 AM","icl.exe","42776","WriteFile","C:\Users\osqa\AppData\Local\Temp\IntelLicenseCache\ILCFA0.tmp","SUCCESS","Offset: 0, Length: 101, Priority: Normal" "11:31:20.2163467 AM","icl.exe","42776","CloseFile","C:\Users\osqa\AppData\Local\Temp\IntelLicenseCache\ILCFA0.tmp","SUCCESS","" "11:31:20.2167401 AM","icl.exe","42776","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\icl.cfg","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened" "11:31:20.2167993 AM","icl.exe","42776","CloseFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\icl.cfg","SUCCESS","" "11:31:20.2168958 AM","icl.exe","42776","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\icl.cfg","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened" "11:31:20.2169427 AM","icl.exe","42776","ReadFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\icl.cfg","END OF FILE","Offset: 0, Length: 4,096, Priority: Normal" "11:31:20.2169635 AM","icl.exe","42776","CloseFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\icl.cfg","SUCCESS","" "11:31:20.2170496 AM","icl.exe","42776","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\icl.cfg","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened" "11:31:20.2170916 AM","icl.exe","42776","QueryStandardInformationFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\icl.cfg","SUCCESS","AllocationSize: 0, EndOfFile: 0, NumberOfLinks: 1, DeletePending: False, Directory: False" "11:31:20.2171061 AM","icl.exe","42776","ReadFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\icl.cfg","END OF FILE","Offset: 0, Length: 6, Priority: Normal" "11:31:20.2171237 AM","icl.exe","42776","ReadFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\icl.cfg","END OF FILE","Offset: 0, Length: 4,096, Priority: Normal" "11:31:20.2171380 AM","icl.exe","42776","CloseFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\icl.cfg","SUCCESS","" "11:31:20.2178212 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","REPARSE","Desired Access: Read" "11:31:20.2178383 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","Desired Access: Read" "11:31:20.2178553 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale\af-ZA","NAME NOT FOUND","Length: 532" "11:31:20.2178700 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","" "11:31:20.2178831 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","REPARSE","Desired Access: Read" "11:31:20.2178949 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","Desired Access: Read" "11:31:20.2179081 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale\af-ZA","NAME NOT FOUND","Length: 532" "11:31:20.2179198 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","" "11:31:20.2179449 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","REPARSE","Desired Access: Read" "11:31:20.2179563 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","Desired Access: Read" "11:31:20.2179676 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale\am-ET","NAME NOT FOUND","Length: 532" "11:31:20.2179788 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","" "11:31:20.2179903 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","REPARSE","Desired Access: Read" "11:31:20.2180015 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","Desired Access: Read" "11:31:20.2180124 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale\am-ET","NAME NOT FOUND","Length: 532" "11:31:20.2180232 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","" "11:31:20.2180400 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\Codepage","REPARSE","Desired Access: Read" "11:31:20.2180512 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\Codepage","SUCCESS","Desired Access: Read" "11:31:20.2180630 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\CodePage\AllowDeprecatedCP","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1111573537" "11:31:20.2180902 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","REPARSE","Desired Access: Read" "11:31:20.2181014 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","Desired Access: Read" "11:31:20.2181128 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale\ar-AE","NAME NOT FOUND","Length: 532" "11:31:20.2181247 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","" "11:31:20.2181364 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","REPARSE","Desired Access: Read" "11:31:20.2181658 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","Desired Access: Read" "11:31:20.2181771 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale\ar-AE","NAME NOT FOUND","Length: 532" "11:31:20.2181881 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","" "11:31:20.2182051 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\CodePage\1256","SUCCESS","Type: REG_SZ, Length: 22, Data: c_1256.nls" "11:31:20.2183612 AM","icl.exe","42776","CreateFile","C:\Windows\System32\C_1256.NLS","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:20.2183985 AM","icl.exe","42776","QueryBasicInformationFile","C:\Windows\System32\C_1256.NLS","SUCCESS","CreationTime: 12/7/2019 2:08:49 AM, LastAccessTime: 3/25/2021 10:46:36 AM, LastWriteTime: 12/7/2019 2:08:49 AM, ChangeTime: 3/10/2021 10:18:37 PM, FileAttributes: A" "11:31:20.2184100 AM","icl.exe","42776","CloseFile","C:\Windows\System32\C_1256.NLS","SUCCESS","" "11:31:20.2184944 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","REPARSE","Desired Access: Read" "11:31:20.2185129 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","Desired Access: Read" "11:31:20.2185300 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale\ar-BH","NAME NOT FOUND","Length: 532" "11:31:20.2185460 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","" "11:31:20.2185625 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","REPARSE","Desired Access: Read" "11:31:20.2185790 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","Desired Access: Read" "11:31:20.2185911 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale\ar-BH","NAME NOT FOUND","Length: 532" "11:31:20.2186027 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","" "11:31:20.2186192 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","REPARSE","Desired Access: Read" "11:31:20.2186303 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","Desired Access: Read" "11:31:20.2186414 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale\ar-DZ","NAME NOT FOUND","Length: 532" "11:31:20.2186524 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","" "11:31:20.2186638 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","REPARSE","Desired Access: Read" "11:31:20.2186747 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","Desired Access: Read" "11:31:20.2186855 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale\ar-DZ","NAME NOT FOUND","Length: 532" "11:31:20.2186962 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","" "11:31:20.2187108 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","REPARSE","Desired Access: Read" "11:31:20.2187217 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","Desired Access: Read" "11:31:20.2187324 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale\ar-EG","NAME NOT FOUND","Length: 532" "11:31:20.2187431 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","" "11:31:20.2187544 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","REPARSE","Desired Access: Read" "11:31:20.2187654 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","Desired Access: Read" "11:31:20.2187760 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale\ar-EG","NAME NOT FOUND","Length: 532" "11:31:20.2187867 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","" "11:31:20.2188061 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","REPARSE","Desired Access: Read" "11:31:20.2188172 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","Desired Access: Read" "11:31:20.2188279 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale\ar-IQ","NAME NOT FOUND","Length: 532" "11:31:20.2188387 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","" "11:31:20.2188499 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","REPARSE","Desired Access: Read" "11:31:20.2188608 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","Desired Access: Read" "11:31:20.2188716 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale\ar-IQ","NAME NOT FOUND","Length: 532" "11:31:20.2188822 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","" "11:31:20.2188969 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","REPARSE","Desired Access: Read" "11:31:20.2189089 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","Desired Access: Read" "11:31:20.2189198 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale\ar-JO","NAME NOT FOUND","Length: 532" "11:31:20.2189305 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","" "11:31:20.2189417 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","REPARSE","Desired Access: Read" "11:31:20.2189526 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","Desired Access: Read" "11:31:20.2189632 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale\ar-JO","NAME NOT FOUND","Length: 532" "11:31:20.2189739 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","" "11:31:20.2189946 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","REPARSE","Desired Access: Read" "11:31:20.2190055 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","Desired Access: Read" "11:31:20.2190163 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale\ar-KW","NAME NOT FOUND","Length: 532" "11:31:20.2190270 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","" "11:31:20.2190381 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","REPARSE","Desired Access: Read" "11:31:20.2190490 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","Desired Access: Read" "11:31:20.2190596 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale\ar-KW","NAME NOT FOUND","Length: 532" "11:31:20.2190704 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","" "11:31:20.2190845 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","REPARSE","Desired Access: Read" "11:31:20.2190954 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","Desired Access: Read" "11:31:20.2191060 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale\ar-LB","NAME NOT FOUND","Length: 532" "11:31:20.2191166 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","" "11:31:20.2191277 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","REPARSE","Desired Access: Read" "11:31:20.2191386 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","Desired Access: Read" "11:31:20.2191665 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale\ar-LB","NAME NOT FOUND","Length: 532" "11:31:20.2191774 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","" "11:31:20.2191919 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","REPARSE","Desired Access: Read" "11:31:20.2192028 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","Desired Access: Read" "11:31:20.2192134 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale\ar-LY","NAME NOT FOUND","Length: 532" "11:31:20.2192240 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","" "11:31:20.2192351 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","REPARSE","Desired Access: Read" "11:31:20.2192460 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","Desired Access: Read" "11:31:20.2192566 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale\ar-LY","NAME NOT FOUND","Length: 532" "11:31:20.2192673 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","" "11:31:20.2192814 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","REPARSE","Desired Access: Read" "11:31:20.2192923 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","Desired Access: Read" "11:31:20.2193028 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale\ar-MA","NAME NOT FOUND","Length: 532" "11:31:20.2193135 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","" "11:31:20.2193246 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","REPARSE","Desired Access: Read" "11:31:20.2193354 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","Desired Access: Read" "11:31:20.2193460 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale\ar-MA","NAME NOT FOUND","Length: 532" "11:31:20.2193566 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","" "11:31:20.2193722 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","REPARSE","Desired Access: Read" "11:31:20.2193835 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","Desired Access: Read" "11:31:20.2193942 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale\ar-OM","NAME NOT FOUND","Length: 532" "11:31:20.2194048 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","" "11:31:20.2194174 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","REPARSE","Desired Access: Read" "11:31:20.2194287 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","Desired Access: Read" "11:31:20.2194406 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale\ar-OM","NAME NOT FOUND","Length: 532" "11:31:20.2194515 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","" "11:31:20.2194678 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","REPARSE","Desired Access: Read" "11:31:20.2194788 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","Desired Access: Read" "11:31:20.2194893 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale\ar-QA","NAME NOT FOUND","Length: 532" "11:31:20.2195005 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","" "11:31:20.2195128 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","REPARSE","Desired Access: Read" "11:31:20.2195236 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","Desired Access: Read" "11:31:20.2195343 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale\ar-QA","NAME NOT FOUND","Length: 532" "11:31:20.2195449 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","" "11:31:20.2195592 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","REPARSE","Desired Access: Read" "11:31:20.2195700 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","Desired Access: Read" "11:31:20.2195959 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale\ar-SA","NAME NOT FOUND","Length: 532" "11:31:20.2196071 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","" "11:31:20.2196194 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","REPARSE","Desired Access: Read" "11:31:20.2196303 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","Desired Access: Read" "11:31:20.2196413 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale\ar-SA","NAME NOT FOUND","Length: 532" "11:31:20.2196520 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","" "11:31:20.2196687 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","REPARSE","Desired Access: Read" "11:31:20.2196808 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","Desired Access: Read" "11:31:20.2196915 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale\ar-SY","NAME NOT FOUND","Length: 532" "11:31:20.2197023 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","" "11:31:20.2197135 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","REPARSE","Desired Access: Read" "11:31:20.2197245 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","Desired Access: Read" "11:31:20.2197352 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale\ar-SY","NAME NOT FOUND","Length: 532" "11:31:20.2197458 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","" "11:31:20.2197597 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","REPARSE","Desired Access: Read" "11:31:20.2197706 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","Desired Access: Read" "11:31:20.2197812 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale\ar-TN","NAME NOT FOUND","Length: 532" "11:31:20.2197919 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","" "11:31:20.2198031 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","REPARSE","Desired Access: Read" "11:31:20.2198138 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","Desired Access: Read" "11:31:20.2198250 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale\ar-TN","NAME NOT FOUND","Length: 532" "11:31:20.2198356 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","" "11:31:20.2198509 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","REPARSE","Desired Access: Read" "11:31:20.2198619 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","Desired Access: Read" "11:31:20.2198726 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale\ar-YE","NAME NOT FOUND","Length: 532" "11:31:20.2198832 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","" "11:31:20.2198947 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","REPARSE","Desired Access: Read" "11:31:20.2199065 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","Desired Access: Read" "11:31:20.2199172 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale\ar-YE","NAME NOT FOUND","Length: 532" "11:31:20.2199280 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","" "11:31:20.2199421 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","REPARSE","Desired Access: Read" "11:31:20.2199531 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","Desired Access: Read" "11:31:20.2199638 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale\arn-CL","NAME NOT FOUND","Length: 532" "11:31:20.2199745 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","" "11:31:20.2199856 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","REPARSE","Desired Access: Read" "11:31:20.2199964 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","Desired Access: Read" "11:31:20.2200072 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale\arn-CL","NAME NOT FOUND","Length: 532" "11:31:20.2200179 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","" "11:31:20.2200325 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","REPARSE","Desired Access: Read" "11:31:20.2200433 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","Desired Access: Read" "11:31:20.2200542 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale\as-IN","NAME NOT FOUND","Length: 532" "11:31:20.2200648 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","" "11:31:20.2200759 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","REPARSE","Desired Access: Read" "11:31:20.2200868 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","Desired Access: Read" "11:31:20.2200974 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale\as-IN","NAME NOT FOUND","Length: 532" "11:31:20.2201082 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","" "11:31:20.2201250 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","REPARSE","Desired Access: Read" "11:31:20.2201358 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","Desired Access: Read" "11:31:20.2201575 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale\az-Cyrl-AZ","NAME NOT FOUND","Length: 532" "11:31:20.2201686 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","" "11:31:20.2201799 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","REPARSE","Desired Access: Read" "11:31:20.2201908 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","Desired Access: Read" "11:31:20.2202017 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale\az-Cyrl-AZ","NAME NOT FOUND","Length: 532" "11:31:20.2202123 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","" "11:31:20.2202256 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\CodePage\1251","SUCCESS","Type: REG_SZ, Length: 22, Data: c_1251.nls" "11:31:20.2203726 AM","icl.exe","42776","CreateFile","C:\Windows\System32\C_1251.NLS","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:20.2204089 AM","icl.exe","42776","QueryBasicInformationFile","C:\Windows\System32\C_1251.NLS","SUCCESS","CreationTime: 12/7/2019 2:08:49 AM, LastAccessTime: 3/25/2021 10:46:36 AM, LastWriteTime: 12/7/2019 2:08:49 AM, ChangeTime: 3/10/2021 10:18:37 PM, FileAttributes: A" "11:31:20.2204202 AM","icl.exe","42776","CloseFile","C:\Windows\System32\C_1251.NLS","SUCCESS","" "11:31:20.2204992 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","REPARSE","Desired Access: Read" "11:31:20.2205130 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","Desired Access: Read" "11:31:20.2205264 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale\az-Latn-AZ","NAME NOT FOUND","Length: 532" "11:31:20.2205390 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","" "11:31:20.2205507 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","REPARSE","Desired Access: Read" "11:31:20.2205625 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","Desired Access: Read" "11:31:20.2205747 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale\az-Latn-AZ","NAME NOT FOUND","Length: 532" "11:31:20.2205861 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","" "11:31:20.2205985 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\CodePage\1254","SUCCESS","Type: REG_SZ, Length: 22, Data: c_1254.nls" "11:31:20.2207292 AM","icl.exe","42776","CreateFile","C:\Windows\System32\C_1254.NLS","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:20.2207620 AM","icl.exe","42776","QueryBasicInformationFile","C:\Windows\System32\C_1254.NLS","SUCCESS","CreationTime: 12/7/2019 2:08:49 AM, LastAccessTime: 3/25/2021 10:46:36 AM, LastWriteTime: 12/7/2019 2:08:49 AM, ChangeTime: 3/10/2021 10:18:37 PM, FileAttributes: A" "11:31:20.2207728 AM","icl.exe","42776","CloseFile","C:\Windows\System32\C_1254.NLS","SUCCESS","" "11:31:20.2208423 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","REPARSE","Desired Access: Read" "11:31:20.2208551 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","Desired Access: Read" "11:31:20.2208678 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale\ba-RU","NAME NOT FOUND","Length: 532" "11:31:20.2208803 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","" "11:31:20.2208919 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","REPARSE","Desired Access: Read" "11:31:20.2209030 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","Desired Access: Read" "11:31:20.2209143 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale\ba-RU","NAME NOT FOUND","Length: 532" "11:31:20.2209255 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","" "11:31:20.2209441 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","REPARSE","Desired Access: Read" "11:31:20.2209550 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","Desired Access: Read" "11:31:20.2209661 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale\be-BY","NAME NOT FOUND","Length: 532" "11:31:20.2209770 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","" "11:31:20.2209886 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","REPARSE","Desired Access: Read" "11:31:20.2209998 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","Desired Access: Read" "11:31:20.2210107 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale\be-BY","NAME NOT FOUND","Length: 532" "11:31:20.2210215 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","" "11:31:20.2210380 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","REPARSE","Desired Access: Read" "11:31:20.2210489 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","Desired Access: Read" "11:31:20.2210595 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale\bg-BG","NAME NOT FOUND","Length: 532" "11:31:20.2210703 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","" "11:31:20.2210816 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","REPARSE","Desired Access: Read" "11:31:20.2210924 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","Desired Access: Read" "11:31:20.2211032 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale\bg-BG","NAME NOT FOUND","Length: 532" "11:31:20.2211161 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","" "11:31:20.2211326 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","REPARSE","Desired Access: Read" "11:31:20.2211567 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","Desired Access: Read" "11:31:20.2211682 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale\bin-NG","NAME NOT FOUND","Length: 532" "11:31:20.2211791 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","" "11:31:20.2211905 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","REPARSE","Desired Access: Read" "11:31:20.2212015 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","Desired Access: Read" "11:31:20.2212123 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale\bin-NG","NAME NOT FOUND","Length: 532" "11:31:20.2212231 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","" "11:31:20.2212385 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","REPARSE","Desired Access: Read" "11:31:20.2212493 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","Desired Access: Read" "11:31:20.2212600 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale\bn-BD","NAME NOT FOUND","Length: 532" "11:31:20.2212707 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","" "11:31:20.2212823 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","REPARSE","Desired Access: Read" "11:31:20.2212942 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","Desired Access: Read" "11:31:20.2213051 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale\bn-BD","NAME NOT FOUND","Length: 532" "11:31:20.2213160 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","" "11:31:20.2213325 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","REPARSE","Desired Access: Read" "11:31:20.2213433 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","Desired Access: Read" "11:31:20.2213544 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale\bn-IN","NAME NOT FOUND","Length: 532" "11:31:20.2213662 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","" "11:31:20.2213775 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","REPARSE","Desired Access: Read" "11:31:20.2213886 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","Desired Access: Read" "11:31:20.2213994 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale\bn-IN","NAME NOT FOUND","Length: 532" "11:31:20.2214101 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","" "11:31:20.2214244 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","REPARSE","Desired Access: Read" "11:31:20.2214354 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","Desired Access: Read" "11:31:20.2214460 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale\bo-CN","NAME NOT FOUND","Length: 532" "11:31:20.2214568 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","" "11:31:20.2214681 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","REPARSE","Desired Access: Read" "11:31:20.2214789 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","Desired Access: Read" "11:31:20.2214909 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale\bo-CN","NAME NOT FOUND","Length: 532" "11:31:20.2215017 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","" "11:31:20.2215188 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","REPARSE","Desired Access: Read" "11:31:20.2215299 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","Desired Access: Read" "11:31:20.2215405 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale\br-FR","NAME NOT FOUND","Length: 532" "11:31:20.2215513 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","" "11:31:20.2215624 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","REPARSE","Desired Access: Read" "11:31:20.2215731 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","Desired Access: Read" "11:31:20.2215837 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale\br-FR","NAME NOT FOUND","Length: 532" "11:31:20.2215944 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","" "11:31:20.2216114 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","REPARSE","Desired Access: Read" "11:31:20.2216224 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","Desired Access: Read" "11:31:20.2216474 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale\bs-Cyrl-BA","NAME NOT FOUND","Length: 532" "11:31:20.2216590 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","" "11:31:20.2216705 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","REPARSE","Desired Access: Read" "11:31:20.2216814 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","Desired Access: Read" "11:31:20.2216922 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale\bs-Cyrl-BA","NAME NOT FOUND","Length: 532" "11:31:20.2217030 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","" "11:31:20.2217195 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","REPARSE","Desired Access: Read" "11:31:20.2217308 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","Desired Access: Read" "11:31:20.2217425 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale\bs-Latn-BA","NAME NOT FOUND","Length: 532" "11:31:20.2217534 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","" "11:31:20.2217647 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","REPARSE","Desired Access: Read" "11:31:20.2217756 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","Desired Access: Read" "11:31:20.2217863 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale\bs-Latn-BA","NAME NOT FOUND","Length: 532" "11:31:20.2217969 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","" "11:31:20.2218082 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\CodePage\1250","SUCCESS","Type: REG_SZ, Length: 22, Data: c_1250.nls" "11:31:20.2219421 AM","icl.exe","42776","CreateFile","C:\Windows\System32\C_1250.NLS","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:20.2219762 AM","icl.exe","42776","QueryBasicInformationFile","C:\Windows\System32\C_1250.NLS","SUCCESS","CreationTime: 12/7/2019 2:08:49 AM, LastAccessTime: 3/25/2021 10:46:36 AM, LastWriteTime: 12/7/2019 2:08:49 AM, ChangeTime: 3/10/2021 10:18:37 PM, FileAttributes: A" "11:31:20.2219874 AM","icl.exe","42776","CloseFile","C:\Windows\System32\C_1250.NLS","SUCCESS","" "11:31:20.2220572 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","REPARSE","Desired Access: Read" "11:31:20.2220703 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","Desired Access: Read" "11:31:20.2220833 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale\ca-ES","NAME NOT FOUND","Length: 532" "11:31:20.2220957 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","" "11:31:20.2221076 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","REPARSE","Desired Access: Read" "11:31:20.2221187 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","Desired Access: Read" "11:31:20.2221300 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale\ca-ES","NAME NOT FOUND","Length: 532" "11:31:20.2221562 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","" "11:31:20.2221761 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","REPARSE","Desired Access: Read" "11:31:20.2221873 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","Desired Access: Read" "11:31:20.2221983 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale\ca-ES-valencia","NAME NOT FOUND","Length: 532" "11:31:20.2222095 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","" "11:31:20.2222208 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","REPARSE","Desired Access: Read" "11:31:20.2222317 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","Desired Access: Read" "11:31:20.2222425 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale\ca-ES-valencia","NAME NOT FOUND","Length: 532" "11:31:20.2222533 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","" "11:31:20.2222700 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","REPARSE","Desired Access: Read" "11:31:20.2222810 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","Desired Access: Read" "11:31:20.2222918 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale\chr-Cher-US","NAME NOT FOUND","Length: 532" "11:31:20.2223026 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","" "11:31:20.2223139 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","REPARSE","Desired Access: Read" "11:31:20.2223248 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","Desired Access: Read" "11:31:20.2223356 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale\chr-Cher-US","NAME NOT FOUND","Length: 532" "11:31:20.2223463 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","" "11:31:20.2223638 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","REPARSE","Desired Access: Read" "11:31:20.2223751 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","Desired Access: Read" "11:31:20.2223862 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale\co-FR","NAME NOT FOUND","Length: 532" "11:31:20.2223969 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","" "11:31:20.2224092 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","REPARSE","Desired Access: Read" "11:31:20.2224201 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","Desired Access: Read" "11:31:20.2224310 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale\co-FR","NAME NOT FOUND","Length: 532" "11:31:20.2224417 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","" "11:31:20.2224563 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","REPARSE","Desired Access: Read" "11:31:20.2224673 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","Desired Access: Read" "11:31:20.2224779 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale\cs-CZ","NAME NOT FOUND","Length: 532" "11:31:20.2224886 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","" "11:31:20.2224998 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","REPARSE","Desired Access: Read" "11:31:20.2225106 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","Desired Access: Read" "11:31:20.2225213 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale\cs-CZ","NAME NOT FOUND","Length: 532" "11:31:20.2225320 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","" "11:31:20.2225462 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","REPARSE","Desired Access: Read" "11:31:20.2225574 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","Desired Access: Read" "11:31:20.2225689 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale\cy-GB","NAME NOT FOUND","Length: 532" "11:31:20.2225797 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","" "11:31:20.2225909 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","REPARSE","Desired Access: Read" "11:31:20.2226017 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","Desired Access: Read" "11:31:20.2226125 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale\cy-GB","NAME NOT FOUND","Length: 532" "11:31:20.2226231 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","" "11:31:20.2226390 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","REPARSE","Desired Access: Read" "11:31:20.2226498 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","Desired Access: Read" "11:31:20.2226606 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale\da-DK","NAME NOT FOUND","Length: 532" "11:31:20.2226713 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","" "11:31:20.2226826 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","REPARSE","Desired Access: Read" "11:31:20.2226934 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","Desired Access: Read" "11:31:20.2227042 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale\da-DK","NAME NOT FOUND","Length: 532" "11:31:20.2227149 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","" "11:31:20.2227314 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","REPARSE","Desired Access: Read" "11:31:20.2227422 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","Desired Access: Read" "11:31:20.2227530 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale\de-AT","NAME NOT FOUND","Length: 532" "11:31:20.2227638 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","" "11:31:20.2227754 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","REPARSE","Desired Access: Read" "11:31:20.2227863 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","Desired Access: Read" "11:31:20.2227971 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale\de-AT","NAME NOT FOUND","Length: 532" "11:31:20.2228078 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","" "11:31:20.2228219 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","REPARSE","Desired Access: Read" "11:31:20.2228337 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","Desired Access: Read" "11:31:20.2228444 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale\de-CH","NAME NOT FOUND","Length: 532" "11:31:20.2228552 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","" "11:31:20.2228667 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","REPARSE","Desired Access: Read" "11:31:20.2228786 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","Desired Access: Read" "11:31:20.2228894 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale\de-CH","NAME NOT FOUND","Length: 532" "11:31:20.2229013 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","" "11:31:20.2229170 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","REPARSE","Desired Access: Read" "11:31:20.2229278 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","Desired Access: Read" "11:31:20.2229384 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale\de-DE","NAME NOT FOUND","Length: 532" "11:31:20.2229493 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","" "11:31:20.2229605 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","REPARSE","Desired Access: Read" "11:31:20.2229714 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","Desired Access: Read" "11:31:20.2229821 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale\de-DE","NAME NOT FOUND","Length: 532" "11:31:20.2229928 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","" "11:31:20.2230084 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","REPARSE","Desired Access: Read" "11:31:20.2230193 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","Desired Access: Read" "11:31:20.2230299 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale\de-LI","NAME NOT FOUND","Length: 532" "11:31:20.2230413 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","" "11:31:20.2230562 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","REPARSE","Desired Access: Read" "11:31:20.2230705 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","Desired Access: Read" "11:31:20.2230850 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale\de-LI","NAME NOT FOUND","Length: 532" "11:31:20.2230986 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","" "11:31:20.2231217 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","REPARSE","Desired Access: Read" "11:31:20.2231379 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","Desired Access: Read" "11:31:20.2231683 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale\de-LU","NAME NOT FOUND","Length: 532" "11:31:20.2231829 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","" "11:31:20.2231950 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","REPARSE","Desired Access: Read" "11:31:20.2232060 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","Desired Access: Read" "11:31:20.2232168 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale\de-LU","NAME NOT FOUND","Length: 532" "11:31:20.2232279 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","" "11:31:20.2232533 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","REPARSE","Desired Access: Read" "11:31:20.2232694 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","Desired Access: Read" "11:31:20.2232837 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale\dsb-DE","NAME NOT FOUND","Length: 532" "11:31:20.2232949 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","" "11:31:20.2233065 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","REPARSE","Desired Access: Read" "11:31:20.2233193 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","Desired Access: Read" "11:31:20.2233303 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale\dsb-DE","NAME NOT FOUND","Length: 532" "11:31:20.2233412 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","" "11:31:20.2233563 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","REPARSE","Desired Access: Read" "11:31:20.2233672 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","Desired Access: Read" "11:31:20.2233780 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale\dv-MV","NAME NOT FOUND","Length: 532" "11:31:20.2233887 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","" "11:31:20.2234002 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","REPARSE","Desired Access: Read" "11:31:20.2234120 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","Desired Access: Read" "11:31:20.2234228 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale\dv-MV","NAME NOT FOUND","Length: 532" "11:31:20.2234336 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","" "11:31:20.2234503 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","REPARSE","Desired Access: Read" "11:31:20.2234611 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","Desired Access: Read" "11:31:20.2234718 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale\dz-BT","NAME NOT FOUND","Length: 532" "11:31:20.2234826 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","" "11:31:20.2234937 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","REPARSE","Desired Access: Read" "11:31:20.2235046 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","Desired Access: Read" "11:31:20.2235154 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale\dz-BT","NAME NOT FOUND","Length: 532" "11:31:20.2235261 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","" "11:31:20.2235407 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","REPARSE","Desired Access: Read" "11:31:20.2235669 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","Desired Access: Read" "11:31:20.2235783 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale\el-GR","NAME NOT FOUND","Length: 532" "11:31:20.2235891 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","" "11:31:20.2236004 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","REPARSE","Desired Access: Read" "11:31:20.2236112 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","Desired Access: Read" "11:31:20.2236220 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale\el-GR","NAME NOT FOUND","Length: 532" "11:31:20.2236327 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","" "11:31:20.2236465 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\CodePage\1253","SUCCESS","Type: REG_SZ, Length: 22, Data: c_1253.nls" "11:31:20.2237916 AM","icl.exe","42776","CreateFile","C:\Windows\System32\C_1253.NLS","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:20.2238274 AM","icl.exe","42776","QueryBasicInformationFile","C:\Windows\System32\C_1253.NLS","SUCCESS","CreationTime: 12/7/2019 2:08:49 AM, LastAccessTime: 3/25/2021 10:46:36 AM, LastWriteTime: 12/7/2019 2:08:49 AM, ChangeTime: 3/10/2021 10:18:37 PM, FileAttributes: A" "11:31:20.2238386 AM","icl.exe","42776","CloseFile","C:\Windows\System32\C_1253.NLS","SUCCESS","" "11:31:20.2239121 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","REPARSE","Desired Access: Read" "11:31:20.2239260 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","Desired Access: Read" "11:31:20.2239404 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale\en-029","NAME NOT FOUND","Length: 532" "11:31:20.2239531 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","" "11:31:20.2239649 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","REPARSE","Desired Access: Read" "11:31:20.2239761 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","Desired Access: Read" "11:31:20.2239875 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale\en-029","NAME NOT FOUND","Length: 532" "11:31:20.2239986 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","" "11:31:20.2240152 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","REPARSE","Desired Access: Read" "11:31:20.2240261 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","Desired Access: Read" "11:31:20.2240370 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale\en-AE","NAME NOT FOUND","Length: 532" "11:31:20.2240479 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","" "11:31:20.2240593 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","REPARSE","Desired Access: Read" "11:31:20.2240702 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","Desired Access: Read" "11:31:20.2240811 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale\en-AE","NAME NOT FOUND","Length: 532" "11:31:20.2240919 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","" "11:31:20.2241069 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","REPARSE","Desired Access: Read" "11:31:20.2241179 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","Desired Access: Read" "11:31:20.2241286 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale\en-AU","NAME NOT FOUND","Length: 532" "11:31:20.2241396 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","" "11:31:20.2241645 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","REPARSE","Desired Access: Read" "11:31:20.2241769 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","Desired Access: Read" "11:31:20.2241878 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale\en-AU","NAME NOT FOUND","Length: 532" "11:31:20.2241988 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","" "11:31:20.2242155 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","REPARSE","Desired Access: Read" "11:31:20.2242264 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","Desired Access: Read" "11:31:20.2242371 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale\en-BZ","NAME NOT FOUND","Length: 532" "11:31:20.2242479 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","" "11:31:20.2242592 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","REPARSE","Desired Access: Read" "11:31:20.2242700 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","Desired Access: Read" "11:31:20.2242808 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale\en-BZ","NAME NOT FOUND","Length: 532" "11:31:20.2242918 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","" "11:31:20.2243094 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","REPARSE","Desired Access: Read" "11:31:20.2243204 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","Desired Access: Read" "11:31:20.2243316 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale\en-CA","NAME NOT FOUND","Length: 532" "11:31:20.2243432 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","" "11:31:20.2243546 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","REPARSE","Desired Access: Read" "11:31:20.2243656 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","Desired Access: Read" "11:31:20.2243764 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale\en-CA","NAME NOT FOUND","Length: 532" "11:31:20.2243870 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","" "11:31:20.2244033 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","REPARSE","Desired Access: Read" "11:31:20.2244141 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","Desired Access: Read" "11:31:20.2244248 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale\en-GB","NAME NOT FOUND","Length: 532" "11:31:20.2244356 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","" "11:31:20.2244467 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","REPARSE","Desired Access: Read" "11:31:20.2244575 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","Desired Access: Read" "11:31:20.2244682 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale\en-GB","NAME NOT FOUND","Length: 532" "11:31:20.2244789 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","" "11:31:20.2244955 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","REPARSE","Desired Access: Read" "11:31:20.2245065 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","Desired Access: Read" "11:31:20.2245172 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale\en-HK","NAME NOT FOUND","Length: 532" "11:31:20.2245279 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","" "11:31:20.2245390 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","REPARSE","Desired Access: Read" "11:31:20.2245499 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","Desired Access: Read" "11:31:20.2245607 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale\en-HK","NAME NOT FOUND","Length: 532" "11:31:20.2245713 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","" "11:31:20.2245857 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","REPARSE","Desired Access: Read" "11:31:20.2245966 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","Desired Access: Read" "11:31:20.2246073 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale\en-ID","NAME NOT FOUND","Length: 532" "11:31:20.2246180 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","" "11:31:20.2246292 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","REPARSE","Desired Access: Read" "11:31:20.2246404 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","Desired Access: Read" "11:31:20.2246523 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale\en-ID","NAME NOT FOUND","Length: 532" "11:31:20.2246632 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","" "11:31:20.2246785 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","REPARSE","Desired Access: Read" "11:31:20.2246894 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","Desired Access: Read" "11:31:20.2247000 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale\en-IE","NAME NOT FOUND","Length: 532" "11:31:20.2247108 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","" "11:31:20.2247218 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","REPARSE","Desired Access: Read" "11:31:20.2247327 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","Desired Access: Read" "11:31:20.2247434 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale\en-IE","NAME NOT FOUND","Length: 532" "11:31:20.2247541 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","" "11:31:20.2247687 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","REPARSE","Desired Access: Read" "11:31:20.2247794 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","Desired Access: Read" "11:31:20.2247901 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale\en-IN","NAME NOT FOUND","Length: 532" "11:31:20.2248009 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","" "11:31:20.2248120 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","REPARSE","Desired Access: Read" "11:31:20.2248228 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","Desired Access: Read" "11:31:20.2248336 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale\en-IN","NAME NOT FOUND","Length: 532" "11:31:20.2248442 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","" "11:31:20.2248585 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","REPARSE","Desired Access: Read" "11:31:20.2248695 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","Desired Access: Read" "11:31:20.2248802 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale\en-JM","NAME NOT FOUND","Length: 532" "11:31:20.2248909 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","" "11:31:20.2249021 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","REPARSE","Desired Access: Read" "11:31:20.2249129 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","Desired Access: Read" "11:31:20.2249236 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale\en-JM","NAME NOT FOUND","Length: 532" "11:31:20.2249342 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","" "11:31:20.2249513 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","REPARSE","Desired Access: Read" "11:31:20.2249622 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","Desired Access: Read" "11:31:20.2249728 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale\en-MY","NAME NOT FOUND","Length: 532" "11:31:20.2249839 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","" "11:31:20.2249960 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","REPARSE","Desired Access: Read" "11:31:20.2250070 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","Desired Access: Read" "11:31:20.2250177 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale\en-MY","NAME NOT FOUND","Length: 532" "11:31:20.2250284 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","" "11:31:20.2250429 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","REPARSE","Desired Access: Read" "11:31:20.2250537 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","Desired Access: Read" "11:31:20.2250644 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale\en-NZ","NAME NOT FOUND","Length: 532" "11:31:20.2250750 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","" "11:31:20.2250861 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","REPARSE","Desired Access: Read" "11:31:20.2250969 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","Desired Access: Read" "11:31:20.2251077 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale\en-NZ","NAME NOT FOUND","Length: 532" "11:31:20.2251184 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","" "11:31:20.2251330 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","REPARSE","Desired Access: Read" "11:31:20.2251556 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","Desired Access: Read" "11:31:20.2251668 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale\en-PH","NAME NOT FOUND","Length: 532" "11:31:20.2251777 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","" "11:31:20.2251890 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","REPARSE","Desired Access: Read" "11:31:20.2251998 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","Desired Access: Read" "11:31:20.2252106 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale\en-PH","NAME NOT FOUND","Length: 532" "11:31:20.2252213 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","" "11:31:20.2252389 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","REPARSE","Desired Access: Read" "11:31:20.2252497 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","Desired Access: Read" "11:31:20.2252605 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale\en-SG","NAME NOT FOUND","Length: 532" "11:31:20.2252712 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","" "11:31:20.2252823 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","REPARSE","Desired Access: Read" "11:31:20.2252931 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","Desired Access: Read" "11:31:20.2253039 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale\en-SG","NAME NOT FOUND","Length: 532" "11:31:20.2253146 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","" "11:31:20.2253324 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","REPARSE","Desired Access: Read" "11:31:20.2253433 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","Desired Access: Read" "11:31:20.2253540 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale\en-TT","NAME NOT FOUND","Length: 532" "11:31:20.2253648 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","" "11:31:20.2253759 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","REPARSE","Desired Access: Read" "11:31:20.2253867 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","Desired Access: Read" "11:31:20.2253975 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale\en-TT","NAME NOT FOUND","Length: 532" "11:31:20.2254082 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","" "11:31:20.2257102 AM","icl.exe","42776","CreateFile","C:\Users\osqa\AppData\Local\Temp","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:20.2257354 AM","icl.exe","42776","QueryBasicInformationFile","C:\Users\osqa\AppData\Local\Temp","SUCCESS","CreationTime: 2/23/2021 6:57:50 PM, LastAccessTime: 3/25/2021 11:31:20 AM, LastWriteTime: 3/25/2021 11:31:06 AM, ChangeTime: 3/25/2021 11:31:06 AM, FileAttributes: D" "11:31:20.2257453 AM","icl.exe","42776","CloseFile","C:\Users\osqa\AppData\Local\Temp","SUCCESS","" "11:31:20.2259040 AM","icl.exe","42776","CreateFile","C:\Users\osqa\AppData\Local\Temp\42776000000104612","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a" "11:31:20.2265803 AM","icl.exe","42776","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:20.2266100 AM","icl.exe","42776","QueryBasicInformationFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows","SUCCESS","CreationTime: 2/24/2021 12:38:24 AM, LastAccessTime: 3/25/2021 11:31:20 AM, LastWriteTime: 2/24/2021 12:45:27 AM, ChangeTime: 2/24/2021 12:45:27 AM, FileAttributes: D" "11:31:20.2266200 AM","icl.exe","42776","CloseFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows","SUCCESS","" "11:31:20.2268129 AM","icl.exe","42776","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\compiler\include","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:20.2268465 AM","icl.exe","42776","QueryBasicInformationFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\compiler\include","SUCCESS","CreationTime: 2/24/2021 12:42:03 AM, LastAccessTime: 3/25/2021 9:21:16 AM, LastWriteTime: 2/24/2021 12:42:51 AM, ChangeTime: 2/24/2021 12:42:51 AM, FileAttributes: D" "11:31:20.2268554 AM","icl.exe","42776","CloseFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\compiler\include","SUCCESS","" "11:31:20.2269548 AM","icl.exe","42776","ReadFile","C:\$Directory","SUCCESS","Offset: 0, Length: 4,096, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O, Priority: Normal" "11:31:20.2361342 AM","icl.exe","42776","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\compiler\lib\intel64_win","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:20.2362228 AM","icl.exe","42776","QueryBasicInformationFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\compiler\lib\intel64_win","SUCCESS","CreationTime: 2/24/2021 12:41:58 AM, LastAccessTime: 3/25/2021 9:22:16 AM, LastWriteTime: 2/24/2021 12:42:51 AM, ChangeTime: 2/24/2021 12:42:51 AM, FileAttributes: D" "11:31:20.2362339 AM","icl.exe","42776","CloseFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\compiler\lib\intel64_win","SUCCESS","" "11:31:20.2363480 AM","icl.exe","42776","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\mcpcom","NAME NOT FOUND","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, Write, AllocationSize: n/a" "11:31:20.2364407 AM","icl.exe","42776","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Open For Backup, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:20.2364726 AM","icl.exe","42776","QueryDirectory","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\mcpcom","NO SUCH FILE","FileInformationClass: FileBothDirectoryInformation, Filter: mcpcom" "11:31:20.2364974 AM","icl.exe","42776","CloseFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64","SUCCESS","" "11:31:20.2366100 AM","icl.exe","42776","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\mcpcom.exe","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened" "11:31:20.2456310 AM","icl.exe","42776","CloseFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\mcpcom.exe","SUCCESS","" "11:31:20.2458488 AM","icl.exe","42776","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\cl.exe","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a" "11:31:20.2459965 AM","icl.exe","42776","CreateFile","C:\Windows\System32\cl.exe","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a" "11:31:20.2461212 AM","icl.exe","42776","CreateFile","C:\Windows\System\cl.exe","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a" "11:31:20.2462494 AM","icl.exe","42776","CreateFile","C:\Windows\cl.exe","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a" "11:31:20.2463928 AM","icl.exe","42776","CreateFile","C:\Users\osqa\workarea\osqa_ca-w10-bld-05_os_211\os\cl.exe","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a" "11:31:20.2465958 AM","icl.exe","42776","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\cl.exe","REPARSE","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: " "11:31:20.2467185 AM","icl.exe","42776","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\cl.exe","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a" "11:31:20.2469774 AM","icl.exe","42776","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\redist\intel64_win\compiler\cl.exe","REPARSE","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: " "11:31:20.2471672 AM","icl.exe","42776","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\redist\intel64_win\compiler\cl.exe","REPARSE","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: " "11:31:20.2473227 AM","icl.exe","42776","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\redist\intel64_win\compiler\cl.exe","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a" "11:31:20.2475394 AM","icl.exe","42776","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\redist\intel64_win\compiler\cl.exe","REPARSE","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: " "11:31:20.2476958 AM","icl.exe","42776","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\redist\intel64_win\compiler\cl.exe","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a" "11:31:20.2478852 AM","icl.exe","42776","CreateFile","C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\CommonExtensions\Microsoft\TestWindow\cl.exe","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a" "11:31:20.2480270 AM","icl.exe","42776","CreateFile","C:\Program Files (x86)\MSBuild\14.0\Bin\amd64\cl.exe","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a" "11:31:20.2481477 AM","icl.exe","42776","CreateFile","C:\Program Files (x86)\Microsoft Visual Studio 14.0\VC\bin\amd64\cl.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:20.2481725 AM","icl.exe","42776","QueryBasicInformationFile","C:\Program Files (x86)\Microsoft Visual Studio 14.0\VC\bin\amd64\cl.exe","SUCCESS","CreationTime: 8/26/2016 12:06:54 AM, LastAccessTime: 3/25/2021 9:21:53 AM, LastWriteTime: 8/26/2016 12:06:54 AM, ChangeTime: 2/23/2021 5:40:28 PM, FileAttributes: RA" "11:31:20.2481832 AM","icl.exe","42776","CloseFile","C:\Program Files (x86)\Microsoft Visual Studio 14.0\VC\bin\amd64\cl.exe","SUCCESS","" "11:31:20.2482603 AM","icl.exe","42776","CreateFile","C:\Program Files (x86)\Microsoft Visual Studio 14.0\VC\bin\amd64\cl.exe","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:20.2483395 AM","icl.exe","42776","CreateFileMapping","C:\Program Files (x86)\Microsoft Visual Studio 14.0\VC\bin\amd64\cl.exe","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_WRITECOPY|PAGE_NOCACHE" "11:31:20.2483938 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Read" "11:31:20.2484137 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Read" "11:31:20.2484299 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 20" "11:31:20.2484464 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","" "11:31:20.2484758 AM","icl.exe","42776","CreateFileMapping","C:\Program Files (x86)\Microsoft Visual Studio 14.0\VC\bin\amd64\cl.exe","SUCCESS","SyncType: SyncTypeOther" "11:31:20.2485256 AM","icl.exe","42776","CloseFile","C:\Program Files (x86)\Microsoft Visual Studio 14.0\VC\bin\amd64\cl.exe","SUCCESS","" "11:31:20.2487488 AM","icl.exe","42776","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\cl.exe","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a" "11:31:20.2488930 AM","icl.exe","42776","CreateFile","C:\Windows\System32\cl.exe","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a" "11:31:20.2490126 AM","icl.exe","42776","CreateFile","C:\Windows\System\cl.exe","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a" "11:31:20.2491354 AM","icl.exe","42776","CreateFile","C:\Windows\cl.exe","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a" "11:31:20.2492709 AM","icl.exe","42776","CreateFile","C:\Users\osqa\workarea\osqa_ca-w10-bld-05_os_211\os\cl.exe","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a" "11:31:20.2494384 AM","icl.exe","42776","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\cl.exe","REPARSE","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: " "11:31:20.2495851 AM","icl.exe","42776","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\cl.exe","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a" "11:31:20.2498063 AM","icl.exe","42776","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\redist\intel64_win\compiler\cl.exe","REPARSE","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: " "11:31:20.2499902 AM","icl.exe","42776","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\redist\intel64_win\compiler\cl.exe","REPARSE","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: " "11:31:20.2501717 AM","icl.exe","42776","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\redist\intel64_win\compiler\cl.exe","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a" "11:31:20.2503583 AM","icl.exe","42776","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\redist\intel64_win\compiler\cl.exe","REPARSE","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: " "11:31:20.2505327 AM","icl.exe","42776","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\redist\intel64_win\compiler\cl.exe","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a" "11:31:20.2506992 AM","icl.exe","42776","CreateFile","C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\CommonExtensions\Microsoft\TestWindow\cl.exe","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a" "11:31:20.2508352 AM","icl.exe","42776","CreateFile","C:\Program Files (x86)\MSBuild\14.0\Bin\amd64\cl.exe","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a" "11:31:20.2509516 AM","icl.exe","42776","CreateFile","C:\Program Files (x86)\Microsoft Visual Studio 14.0\VC\bin\amd64\cl.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:20.2509750 AM","icl.exe","42776","QueryBasicInformationFile","C:\Program Files (x86)\Microsoft Visual Studio 14.0\VC\bin\amd64\cl.exe","SUCCESS","CreationTime: 8/26/2016 12:06:54 AM, LastAccessTime: 3/25/2021 11:31:20 AM, LastWriteTime: 8/26/2016 12:06:54 AM, ChangeTime: 2/23/2021 5:40:28 PM, FileAttributes: RA" "11:31:20.2509855 AM","icl.exe","42776","CloseFile","C:\Program Files (x86)\Microsoft Visual Studio 14.0\VC\bin\amd64\cl.exe","SUCCESS","" "11:31:20.2510628 AM","icl.exe","42776","CreateFile","C:\Program Files (x86)\Microsoft Visual Studio 14.0\VC\bin\amd64\cl.exe","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:20.2511162 AM","icl.exe","42776","CreateFileMapping","C:\Program Files (x86)\Microsoft Visual Studio 14.0\VC\bin\amd64\cl.exe","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_WRITECOPY|PAGE_NOCACHE" "11:31:20.2511465 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Read" "11:31:20.2511642 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Read" "11:31:20.2511795 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 20" "11:31:20.2511953 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","" "11:31:20.2512065 AM","icl.exe","42776","CreateFileMapping","C:\Program Files (x86)\Microsoft Visual Studio 14.0\VC\bin\amd64\cl.exe","SUCCESS","SyncType: SyncTypeOther" "11:31:20.2512375 AM","icl.exe","42776","CloseFile","C:\Program Files (x86)\Microsoft Visual Studio 14.0\VC\bin\amd64\cl.exe","SUCCESS","" "11:31:20.2527740 AM","icl.exe","42776","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\compiler\include\iostream","REPARSE","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: " "11:31:20.2528674 AM","icl.exe","42776","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\compiler\include\iostream","NAME NOT FOUND","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, Write, AllocationSize: n/a" "11:31:20.2529810 AM","icl.exe","42776","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\compiler\include","REPARSE","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Open For Backup, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: " "11:31:20.2530521 AM","icl.exe","42776","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\compiler\include","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Open For Backup, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:20.2530844 AM","icl.exe","42776","QueryDirectory","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\compiler\include\iostream","NO SUCH FILE","FileInformationClass: FileBothDirectoryInformation, Filter: iostream" "11:31:20.2531162 AM","icl.exe","42776","CloseFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\compiler\include","SUCCESS","" "11:31:20.2533692 AM","icl.exe","42776","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\compiler\include\intel64\iostream","REPARSE","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: " "11:31:20.2534986 AM","icl.exe","42776","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\compiler\include\intel64\iostream","NAME NOT FOUND","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, Write, AllocationSize: n/a" "11:31:20.2536112 AM","icl.exe","42776","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\compiler\include\intel64","REPARSE","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Open For Backup, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: " "11:31:20.2536812 AM","icl.exe","42776","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\compiler\include\intel64","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Open For Backup, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:20.2537099 AM","icl.exe","42776","QueryDirectory","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\compiler\include\intel64\iostream","NO SUCH FILE","FileInformationClass: FileBothDirectoryInformation, Filter: iostream" "11:31:20.2537363 AM","icl.exe","42776","CloseFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\compiler\include\intel64","SUCCESS","" "11:31:20.2539005 AM","icl.exe","42776","CreateFile","C:\Program Files (x86)\Microsoft Visual Studio 14.0\VC\include\iostream","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened" "11:31:20.2541430 AM","icl.exe","42776","CloseFile","C:\Program Files (x86)\Microsoft Visual Studio 14.0\VC\include\iostream","SUCCESS","" "11:31:20.2542775 AM","icl.exe","42776","CreateFile","C:\Users\osqa\workarea\osqa_ca-w10-bld-05_os_211\os\=C:\PROGRA~2\INTELS~1\COMPIL~1.210\windows\compiler\include\intel64","NAME INVALID","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a" "11:31:20.2544125 AM","icl.exe","42776","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\compiler\include\intel64","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:20.2544380 AM","icl.exe","42776","QueryBasicInformationFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\compiler\include\intel64","SUCCESS","CreationTime: 2/24/2021 12:42:50 AM, LastAccessTime: 3/25/2021 11:31:20 AM, LastWriteTime: 2/24/2021 12:42:51 AM, ChangeTime: 2/24/2021 12:42:51 AM, FileAttributes: D" "11:31:20.2544485 AM","icl.exe","42776","CloseFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\compiler\include\intel64","SUCCESS","" "11:31:20.2545691 AM","icl.exe","42776","CreateFile","C:\Users\osqa\workarea\osqa_ca-w10-bld-05_os_211\os\=C:\PROGRA~2\INTELS~1\COMPIL~1.210\windows\compiler\include\icc","NAME INVALID","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a" "11:31:20.2547257 AM","icl.exe","42776","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\compiler\include\icc","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:20.2547704 AM","icl.exe","42776","QueryBasicInformationFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\compiler\include\icc","SUCCESS","CreationTime: 2/24/2021 12:42:28 AM, LastAccessTime: 3/25/2021 8:49:47 AM, LastWriteTime: 2/24/2021 12:42:28 AM, ChangeTime: 2/24/2021 12:42:28 AM, FileAttributes: D" "11:31:20.2547809 AM","icl.exe","42776","CloseFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\compiler\include\icc","SUCCESS","" "11:31:20.2548883 AM","icl.exe","42776","CreateFile","C:\Users\osqa\workarea\osqa_ca-w10-bld-05_os_211\os\=C:\PROGRA~2\INTELS~1\COMPIL~1.210\windows\compiler\include","NAME INVALID","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a" "11:31:20.2550096 AM","icl.exe","42776","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\compiler\include","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:20.2550321 AM","icl.exe","42776","QueryBasicInformationFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\compiler\include","SUCCESS","CreationTime: 2/24/2021 12:42:03 AM, LastAccessTime: 3/25/2021 11:31:20 AM, LastWriteTime: 2/24/2021 12:42:51 AM, ChangeTime: 2/24/2021 12:42:51 AM, FileAttributes: D" "11:31:20.2550419 AM","icl.exe","42776","CloseFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\compiler\include","SUCCESS","" "11:31:20.2552981 AM","icl.exe","42776","CreateFile","C:\Users\osqa\AppData\Local\Temp","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:20.2553209 AM","icl.exe","42776","QueryBasicInformationFile","C:\Users\osqa\AppData\Local\Temp","SUCCESS","CreationTime: 2/23/2021 6:57:50 PM, LastAccessTime: 3/25/2021 11:31:20 AM, LastWriteTime: 3/25/2021 11:31:06 AM, ChangeTime: 3/25/2021 11:31:06 AM, FileAttributes: D" "11:31:20.2553307 AM","icl.exe","42776","CloseFile","C:\Users\osqa\AppData\Local\Temp","SUCCESS","" "11:31:20.2554630 AM","icl.exe","42776","CreateFile","C:\Users\osqa\AppData\Local\Temp\427761tempfile3","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a" "11:31:20.2556300 AM","icl.exe","42776","CreateFile","C:\Users\osqa\AppData\Local\Temp","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:20.2556500 AM","icl.exe","42776","QueryBasicInformationFile","C:\Users\osqa\AppData\Local\Temp","SUCCESS","CreationTime: 2/23/2021 6:57:50 PM, LastAccessTime: 3/25/2021 11:31:20 AM, LastWriteTime: 3/25/2021 11:31:06 AM, ChangeTime: 3/25/2021 11:31:06 AM, FileAttributes: D" "11:31:20.2556597 AM","icl.exe","42776","CloseFile","C:\Users\osqa\AppData\Local\Temp","SUCCESS","" "11:31:20.2557851 AM","icl.exe","42776","CreateFile","C:\Users\osqa\AppData\Local\Temp\427762arg4","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a" "11:31:20.2558713 AM","icl.exe","42776","CreateFile","C:\Users\osqa\AppData\Local\Temp\427762arg4","SUCCESS","Desired Access: Generic Read/Write, Disposition: OverwriteIf, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, Write, AllocationSize: 0, OpenResult: Created" "11:31:20.2561186 AM","icl.exe","42776","QueryStandardInformationFile","C:\Users\osqa\AppData\Local\Temp\427762arg4","SUCCESS","AllocationSize: 0, EndOfFile: 0, NumberOfLinks: 1, DeletePending: False, Directory: False" "11:31:20.2561387 AM","icl.exe","42776","WriteFile","C:\Users\osqa\AppData\Local\Temp\427762arg4","SUCCESS","Offset: 0, Length: 3, Priority: Normal" "11:31:20.2564053 AM","icl.exe","42776","WriteFile","C:\Users\osqa\AppData\Local\Temp\427762arg4","SUCCESS","Offset: 3, Length: 852, Priority: Normal" "11:31:20.2566923 AM","icl.exe","42776","WriteFile","C:\Users\osqa\AppData\Local\Temp\427762arg4","SUCCESS","Offset: 855, Length: 852" "11:31:20.2567125 AM","icl.exe","42776","WriteFile","C:\Users\osqa\AppData\Local\Temp\427762arg4","SUCCESS","Offset: 1,707, Length: 447" "11:31:20.2568099 AM","icl.exe","42776","WriteFile","C:\Users\osqa\AppData\Local\Temp\427762arg4","SUCCESS","Offset: 2,154, Length: 852" "11:31:20.2568222 AM","icl.exe","42776","WriteFile","C:\Users\osqa\AppData\Local\Temp\427762arg4","SUCCESS","Offset: 3,006, Length: 852" "11:31:20.2568450 AM","icl.exe","42776","WriteFile","C:\Users\osqa\AppData\Local\Temp\427762arg4","SUCCESS","Offset: 3,858, Length: 380, Priority: Normal" "11:31:20.2569847 AM","icl.exe","42776","WriteFile","C:\Users\osqa\AppData\Local\Temp\427762arg4","SUCCESS","Offset: 4,238, Length: 852" "11:31:20.2569987 AM","icl.exe","42776","WriteFile","C:\Users\osqa\AppData\Local\Temp\427762arg4","SUCCESS","Offset: 5,090, Length: 852" "11:31:20.2570089 AM","icl.exe","42776","WriteFile","C:\Users\osqa\AppData\Local\Temp\427762arg4","SUCCESS","Offset: 5,942, Length: 299" "11:31:20.2570237 AM","icl.exe","42776","CloseFile","C:\Users\osqa\AppData\Local\Temp\427762arg4","SUCCESS","" "11:31:20.2574687 AM","icl.exe","42776","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\mcpcom.com","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a" "11:31:20.2576103 AM","icl.exe","42776","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\mcpcom.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:20.2576392 AM","icl.exe","42776","QueryBasicInformationFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\mcpcom.exe","SUCCESS","CreationTime: 4/12/2017 8:26:48 AM, LastAccessTime: 3/25/2021 9:21:16 AM, LastWriteTime: 4/12/2017 8:26:48 AM, ChangeTime: 2/24/2021 12:42:38 AM, FileAttributes: A" "11:31:20.2576501 AM","icl.exe","42776","CloseFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\mcpcom.exe","SUCCESS","" "11:31:20.2577692 AM","icl.exe","42776","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcpcom.exe","NAME NOT FOUND","Desired Access: Query Value, Enumerate Sub Keys" "11:31:20.2578103 AM","icl.exe","42776","RegOpenKey","HKLM\Software\Microsoft\Wow64\x86\xtajit","NAME NOT FOUND","Desired Access: Query Value" "11:31:20.2579065 AM","icl.exe","42776","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\mcpcom.exe","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:20.2579438 AM","icl.exe","42776","CreateFileMapping","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\mcpcom.exe","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READ" "11:31:20.2580620 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Read" "11:31:20.2580803 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Read" "11:31:20.2580963 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 20" "11:31:20.2581133 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","" "11:31:20.2581300 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Query Value" "11:31:20.2581462 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Query Value" "11:31:20.2581601 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 80" "11:31:20.2581755 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","" "11:31:20.2581889 AM","icl.exe","42776","CreateFileMapping","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\mcpcom.exe","SUCCESS","SyncType: SyncTypeOther" "11:31:20.2582457 AM","icl.exe","42776","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcpcom.exe","NAME NOT FOUND","Desired Access: Query Value, Enumerate Sub Keys" "11:31:20.2582760 AM","icl.exe","42776","QuerySecurityFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\mcpcom.exe","SUCCESS","Information: Label" "11:31:20.2583175 AM","icl.exe","42776","QueryNameInformationFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\mcpcom.exe","SUCCESS","Name: \PROGRA~2\INTELS~1\COMPIL~1.210\windows\bin\intel64\mcpcom.exe" "11:31:20.2587117 AM","icl.exe","42776","QueryNameInformationFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\mcpcom.exe","SUCCESS","Name: \PROGRA~2\INTELS~1\COMPIL~1.210\windows\bin\intel64\mcpcom.exe" "11:31:20.2587874 AM","icl.exe","42776","CreateFile","C:\","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: N, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:20.2588315 AM","icl.exe","42776","QueryDirectory","C:\PROGRA~2","SUCCESS","FileInformationClass: FileDirectoryInformation, Filter: PROGRA~2, 2: Program Files (x86)" "11:31:20.2588598 AM","icl.exe","42776","CloseFile","C:\","SUCCESS","" "11:31:20.2589597 AM","icl.exe","42776","CreateFile","C:\Program Files (x86)","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: N, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:20.2589926 AM","icl.exe","42776","QueryDirectory","C:\Program Files (x86)\INTELS~1","SUCCESS","FileInformationClass: FileDirectoryInformation, Filter: INTELS~1, 2: IntelSWTools" "11:31:20.2590134 AM","icl.exe","42776","CloseFile","C:\Program Files (x86)","SUCCESS","" "11:31:20.2590998 AM","icl.exe","42776","CreateFile","C:\Program Files (x86)\IntelSWTools","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: N, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:20.2591294 AM","icl.exe","42776","QueryDirectory","C:\Program Files (x86)\IntelSWTools\COMPIL~1.210","SUCCESS","FileInformationClass: FileDirectoryInformation, Filter: COMPIL~1.210, 2: compilers_and_libraries_2017.4.210" "11:31:20.2591501 AM","icl.exe","42776","CloseFile","C:\Program Files (x86)\IntelSWTools","SUCCESS","" "11:31:20.2592335 AM","icl.exe","42776","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: N, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:20.2592616 AM","icl.exe","42776","QueryDirectory","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows","SUCCESS","FileInformationClass: FileDirectoryInformation, Filter: windows, 2: windows" "11:31:20.2592775 AM","icl.exe","42776","CloseFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210","SUCCESS","" "11:31:20.2593589 AM","icl.exe","42776","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: N, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:20.2593861 AM","icl.exe","42776","QueryDirectory","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin","SUCCESS","FileInformationClass: FileDirectoryInformation, Filter: bin, 2: bin" "11:31:20.2594045 AM","icl.exe","42776","CloseFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows","SUCCESS","" "11:31:20.2596034 AM","icl.exe","42776","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: N, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:20.2596378 AM","icl.exe","42776","QueryDirectory","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64","SUCCESS","FileInformationClass: FileDirectoryInformation, Filter: intel64, 2: intel64" "11:31:20.2597399 AM","icl.exe","42776","CloseFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin","SUCCESS","" "11:31:20.2598345 AM","icl.exe","42776","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: N, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:20.2598647 AM","icl.exe","42776","QueryDirectory","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\mcpcom.exe","SUCCESS","FileInformationClass: FileDirectoryInformation, Filter: mcpcom.exe, 2: mcpcom.exe" "11:31:20.2598852 AM","icl.exe","42776","CloseFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64","SUCCESS","" "11:31:20.2600959 AM","icl.exe","42776","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\mcpcom.exe","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Complete If Oplocked, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:20.2601308 AM","icl.exe","42776","QueryStandardInformationFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\mcpcom.exe","SUCCESS","AllocationSize: 40,472,576, EndOfFile: 40,468,736, NumberOfLinks: 1, DeletePending: False, Directory: False" "11:31:20.2601438 AM","icl.exe","42776","CloseFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\mcpcom.exe","SUCCESS","" "11:31:20.2602421 AM","icl.exe","42776","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\mcpcom.exe","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Sequential Access, Synchronous IO Non-Alert, Non-Directory File, Complete If Oplocked, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:20.2602906 AM","icl.exe","42776","CloseFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\mcpcom.exe","SUCCESS","" "11:31:20.2603914 AM","icl.exe","42776","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\mcpcom.exe","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Sequential Access, Synchronous IO Non-Alert, Non-Directory File, Complete If Oplocked, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:20.2605749 AM","icl.exe","42776","CloseFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\mcpcom.exe","SUCCESS","" "11:31:20.2606995 AM","icl.exe","42776","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\mcpcom.exe","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Complete If Oplocked, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:20.2607340 AM","icl.exe","42776","QueryBasicInformationFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\mcpcom.exe","SUCCESS","CreationTime: 4/12/2017 8:26:48 AM, LastAccessTime: 3/25/2021 9:21:16 AM, LastWriteTime: 4/12/2017 8:26:48 AM, ChangeTime: 2/24/2021 12:42:38 AM, FileAttributes: A" "11:31:20.2607520 AM","icl.exe","42776","QueryFileInternalInformationFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\mcpcom.exe","SUCCESS","IndexNumber: 0x100000006bc0b" "11:31:20.2607682 AM","icl.exe","42776","QueryStandardInformationFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\mcpcom.exe","SUCCESS","AllocationSize: 40,472,576, EndOfFile: 40,468,736, NumberOfLinks: 1, DeletePending: False, Directory: False" "11:31:20.2607829 AM","icl.exe","42776","CloseFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\mcpcom.exe","SUCCESS","" "11:31:20.2608410 AM","icl.exe","42776","CreateFile","C:\","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Complete If Oplocked, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:20.2609477 AM","icl.exe","42776","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\mcpcom.exe","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Complete If Oplocked, Open By ID, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:20.2609753 AM","icl.exe","42776","CloseFile","C:\","SUCCESS","" "11:31:20.2610736 AM","icl.exe","42776","CloseFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\mcpcom.exe","SUCCESS","" "11:31:20.2611506 AM","icl.exe","42776","CreateFile","C:\","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Complete If Oplocked, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:20.2612534 AM","icl.exe","42776","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\mcpcom.exe","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Complete If Oplocked, Open By ID, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:20.2612800 AM","icl.exe","42776","CloseFile","C:\","SUCCESS","" "11:31:20.2613447 AM","icl.exe","42776","QueryStandardInformationFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\mcpcom.exe","SUCCESS","AllocationSize: 40,472,576, EndOfFile: 40,468,736, NumberOfLinks: 1, DeletePending: False, Directory: False" "11:31:20.2613667 AM","icl.exe","42776","ReadFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\mcpcom.exe","SUCCESS","Offset: 0, Length: 32,768, Priority: Normal" "11:31:20.2614287 AM","icl.exe","42776","ReadFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\mcpcom.exe","SUCCESS","Offset: 40,009,728, Length: 32,768" "11:31:20.2614982 AM","icl.exe","42776","CloseFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\mcpcom.exe","SUCCESS","" "11:31:20.2615840 AM","icl.exe","42776","QueryStandardInformationFile","C:\ProgramData\Symantec\Symantec Endpoint Protection\14.2.4815.1101.105\Data\Definitions\BASHDefs\20210324.011\bash.dat","SUCCESS","AllocationSize: 102,400, EndOfFile: 102,400, NumberOfLinks: 1, DeletePending: False, Directory: False" "11:31:20.2616010 AM","icl.exe","42776","ReadFile","C:\ProgramData\Symantec\Symantec Endpoint Protection\14.2.4815.1101.105\Data\Definitions\BASHDefs\20210324.011\bash.dat","SUCCESS","Offset: 24, Length: 16" "11:31:20.2616326 AM","icl.exe","42776","QueryStandardInformationFile","C:\ProgramData\Symantec\Symantec Endpoint Protection\14.2.4815.1101.105\Data\Definitions\BASHDefs\20210324.011\bash.dat","SUCCESS","AllocationSize: 102,400, EndOfFile: 102,400, NumberOfLinks: 1, DeletePending: False, Directory: False" "11:31:20.2616617 AM","icl.exe","42776","QueryStandardInformationFile","C:\ProgramData\Symantec\Symantec Endpoint Protection\14.2.4815.1101.105\Data\Definitions\BASHDefs\20210324.011\bash.dat","SUCCESS","AllocationSize: 102,400, EndOfFile: 102,400, NumberOfLinks: 1, DeletePending: False, Directory: False" "11:31:20.2617898 AM","icl.exe","42776","CreateFile","C:\","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Complete If Oplocked, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:20.2619161 AM","icl.exe","42776","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\mcpcom.exe","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Complete If Oplocked, Open By ID, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:20.2619457 AM","icl.exe","42776","CloseFile","C:\","SUCCESS","" "11:31:20.2620031 AM","icl.exe","42776","QuerySecurityFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\mcpcom.exe","SUCCESS","Information: Owner, Group, DACL, SACL, Label, Attribute, Process Trust Label, 0x100" "11:31:20.2620215 AM","icl.exe","42776","QueryStandardInformationFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\mcpcom.exe","SUCCESS","AllocationSize: 40,472,576, EndOfFile: 40,468,736, NumberOfLinks: 1, DeletePending: False, Directory: False" "11:31:20.2638870 AM","icl.exe","42776","CloseFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\mcpcom.exe","SUCCESS","" "11:31:20.2640298 AM","icl.exe","42776","QueryStandardInformationFile","C:\ProgramData\Symantec\Symantec Endpoint Protection\14.2.4815.1101.105\Data\IRON\Iron.db","SUCCESS","AllocationSize: 1,101,824, EndOfFile: 1,101,824, NumberOfLinks: 1, DeletePending: False, Directory: False" "11:31:20.2640487 AM","icl.exe","42776","ReadFile","C:\ProgramData\Symantec\Symantec Endpoint Protection\14.2.4815.1101.105\Data\IRON\Iron.db","SUCCESS","Offset: 24, Length: 16" "11:31:20.2640990 AM","icl.exe","42776","QueryStandardInformationFile","C:\ProgramData\Symantec\Symantec Endpoint Protection\14.2.4815.1101.105\Data\IRON\Iron.db","SUCCESS","AllocationSize: 1,101,824, EndOfFile: 1,101,824, NumberOfLinks: 1, DeletePending: False, Directory: False" "11:31:20.2641356 AM","icl.exe","42776","QueryStandardInformationFile","C:\ProgramData\Symantec\Symantec Endpoint Protection\14.2.4815.1101.105\Data\IRON\Iron.db","SUCCESS","AllocationSize: 1,101,824, EndOfFile: 1,101,824, NumberOfLinks: 1, DeletePending: False, Directory: False" "11:31:20.2642070 AM","icl.exe","42776","QueryStandardInformationFile","C:\ProgramData\Symantec\Symantec Endpoint Protection\14.2.4815.1101.105\Data\IRON\Iron.db","SUCCESS","AllocationSize: 1,101,824, EndOfFile: 1,101,824, NumberOfLinks: 1, DeletePending: False, Directory: False" "11:31:20.2642224 AM","icl.exe","42776","ReadFile","C:\ProgramData\Symantec\Symantec Endpoint Protection\14.2.4815.1101.105\Data\IRON\Iron.db","SUCCESS","Offset: 24, Length: 16" "11:31:20.2642414 AM","icl.exe","42776","QueryStandardInformationFile","C:\ProgramData\Symantec\Symantec Endpoint Protection\14.2.4815.1101.105\Data\IRON\Iron.db","SUCCESS","AllocationSize: 1,101,824, EndOfFile: 1,101,824, NumberOfLinks: 1, DeletePending: False, Directory: False" "11:31:20.2642699 AM","icl.exe","42776","QueryStandardInformationFile","C:\ProgramData\Symantec\Symantec Endpoint Protection\14.2.4815.1101.105\Data\IRON\Iron.db","SUCCESS","AllocationSize: 1,101,824, EndOfFile: 1,101,824, NumberOfLinks: 1, DeletePending: False, Directory: False" "11:31:20.2642963 AM","icl.exe","42776","ReadFile","C:\ProgramData\Symantec\Symantec Endpoint Protection\14.2.4815.1101.105\Data\IRON\Iron.db","SUCCESS","Offset: 747,520, Length: 1,024" "11:31:20.2643571 AM","icl.exe","42776","QueryStandardInformationFile","C:\ProgramData\Symantec\Symantec Endpoint Protection\14.2.4815.1101.105\Data\IRON\Iron.db","SUCCESS","AllocationSize: 1,101,824, EndOfFile: 1,101,824, NumberOfLinks: 1, DeletePending: False, Directory: False" "11:31:20.2643715 AM","icl.exe","42776","ReadFile","C:\ProgramData\Symantec\Symantec Endpoint Protection\14.2.4815.1101.105\Data\IRON\Iron.db","SUCCESS","Offset: 24, Length: 16" "11:31:20.2643865 AM","icl.exe","42776","QueryStandardInformationFile","C:\ProgramData\Symantec\Symantec Endpoint Protection\14.2.4815.1101.105\Data\IRON\Iron.db","SUCCESS","AllocationSize: 1,101,824, EndOfFile: 1,101,824, NumberOfLinks: 1, DeletePending: False, Directory: False" "11:31:20.2644145 AM","icl.exe","42776","QueryStandardInformationFile","C:\ProgramData\Symantec\Symantec Endpoint Protection\14.2.4815.1101.105\Data\IRON\Iron.db","SUCCESS","AllocationSize: 1,101,824, EndOfFile: 1,101,824, NumberOfLinks: 1, DeletePending: False, Directory: False" "11:31:20.2653783 AM","icl.exe","42776","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\mcpcom.exe","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:20.2669275 AM","icl.exe","42776","QueryStandardInformationFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\mcpcom.exe","SUCCESS","AllocationSize: 40,472,576, EndOfFile: 40,468,736, NumberOfLinks: 1, DeletePending: False, Directory: False" "11:31:20.2669479 AM","icl.exe","42776","CloseFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\mcpcom.exe","SUCCESS","" "11:31:20.2670689 AM","icl.exe","42776","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\mcpcom.exe","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Complete If Oplocked, Attributes: N, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:20.2671013 AM","icl.exe","42776","QueryStandardInformationFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\mcpcom.exe","SUCCESS","AllocationSize: 40,472,576, EndOfFile: 40,468,736, NumberOfLinks: 1, DeletePending: False, Directory: False" "11:31:20.2671115 AM","icl.exe","42776","CloseFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\mcpcom.exe","SUCCESS","" "11:31:20.2676078 AM","icl.exe","42776","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened" "11:31:20.2676537 AM","icl.exe","42776","QueryDirectory","C:\PROGRA~2","SUCCESS","FileInformationClass: FileDirectoryInformation, Filter: PROGRA~2, 2: Program Files (x86)" "11:31:20.2676915 AM","icl.exe","42776","CloseFile","C:\","SUCCESS","" "11:31:20.2678024 AM","icl.exe","42776","CreateFile","C:\Program Files (x86)","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened" "11:31:20.2678369 AM","icl.exe","42776","QueryDirectory","C:\Program Files (x86)\INTELS~1","SUCCESS","FileInformationClass: FileDirectoryInformation, Filter: INTELS~1, 2: IntelSWTools" "11:31:20.2679129 AM","icl.exe","42776","CloseFile","C:\Program Files (x86)","SUCCESS","" "11:31:20.2680064 AM","icl.exe","42776","CreateFile","C:\Program Files (x86)\IntelSWTools","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened" "11:31:20.2680382 AM","icl.exe","42776","QueryDirectory","C:\Program Files (x86)\IntelSWTools\COMPIL~1.210","SUCCESS","FileInformationClass: FileDirectoryInformation, Filter: COMPIL~1.210, 2: compilers_and_libraries_2017.4.210" "11:31:20.2680779 AM","icl.exe","42776","CloseFile","C:\Program Files (x86)\IntelSWTools","SUCCESS","" "11:31:20.2696343 AM","icl.exe","42776","QuerySecurityFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\mcpcom.exe","SUCCESS","Information: Owner, Group, DACL, SACL, Label, Attribute, Process Trust Label, 0x100" "11:31:20.2696613 AM","icl.exe","42776","QueryStandardInformationFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\mcpcom.exe","SUCCESS","AllocationSize: 40,472,576, EndOfFile: 40,468,736, NumberOfLinks: 1, DeletePending: False, Directory: False" "11:31:20.2713736 AM","icl.exe","42776","QueryStandardInformationFile","C:\ProgramData\Symantec\Symantec Endpoint Protection\14.2.4815.1101.105\Data\IRON\Iron.db","SUCCESS","AllocationSize: 1,101,824, EndOfFile: 1,101,824, NumberOfLinks: 1, DeletePending: False, Directory: False" "11:31:20.2714014 AM","icl.exe","42776","ReadFile","C:\ProgramData\Symantec\Symantec Endpoint Protection\14.2.4815.1101.105\Data\IRON\Iron.db","SUCCESS","Offset: 24, Length: 16" "11:31:20.2714307 AM","icl.exe","42776","QueryStandardInformationFile","C:\ProgramData\Symantec\Symantec Endpoint Protection\14.2.4815.1101.105\Data\IRON\Iron.db","SUCCESS","AllocationSize: 1,101,824, EndOfFile: 1,101,824, NumberOfLinks: 1, DeletePending: False, Directory: False" "11:31:20.2715105 AM","icl.exe","42776","QueryStandardInformationFile","C:\ProgramData\Symantec\Symantec Endpoint Protection\14.2.4815.1101.105\Data\IRON\Iron.db","SUCCESS","AllocationSize: 1,101,824, EndOfFile: 1,101,824, NumberOfLinks: 1, DeletePending: False, Directory: False" "11:31:20.2716310 AM","icl.exe","42776","QuerySecurityFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\mcpcom.exe","SUCCESS","Information: Owner, Group, DACL, SACL, Label, Attribute, Process Trust Label, 0x100" "11:31:20.2716496 AM","icl.exe","42776","QueryStandardInformationFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\mcpcom.exe","SUCCESS","AllocationSize: 40,472,576, EndOfFile: 40,468,736, NumberOfLinks: 1, DeletePending: False, Directory: False" "11:31:20.2735169 AM","icl.exe","42776","QueryStandardInformationFile","C:\ProgramData\Symantec\Symantec Endpoint Protection\14.2.4815.1101.105\Data\IRON\Iron.db","SUCCESS","AllocationSize: 1,101,824, EndOfFile: 1,101,824, NumberOfLinks: 1, DeletePending: False, Directory: False" "11:31:20.2735965 AM","icl.exe","42776","ReadFile","C:\ProgramData\Symantec\Symantec Endpoint Protection\14.2.4815.1101.105\Data\IRON\Iron.db","SUCCESS","Offset: 24, Length: 16" "11:31:20.2736295 AM","icl.exe","42776","QueryStandardInformationFile","C:\ProgramData\Symantec\Symantec Endpoint Protection\14.2.4815.1101.105\Data\IRON\Iron.db","SUCCESS","AllocationSize: 1,101,824, EndOfFile: 1,101,824, NumberOfLinks: 1, DeletePending: False, Directory: False" "11:31:20.2736840 AM","icl.exe","42776","QueryStandardInformationFile","C:\ProgramData\Symantec\Symantec Endpoint Protection\14.2.4815.1101.105\Data\IRON\Iron.db","SUCCESS","AllocationSize: 1,101,824, EndOfFile: 1,101,824, NumberOfLinks: 1, DeletePending: False, Directory: False" "11:31:20.2737545 AM","icl.exe","42776","QueryStandardInformationFile","C:\ProgramData\Symantec\Symantec Endpoint Protection\14.2.4815.1101.105\Data\IRON\Iron.db","SUCCESS","AllocationSize: 1,101,824, EndOfFile: 1,101,824, NumberOfLinks: 1, DeletePending: False, Directory: False" "11:31:20.2737806 AM","icl.exe","42776","ReadFile","C:\ProgramData\Symantec\Symantec Endpoint Protection\14.2.4815.1101.105\Data\IRON\Iron.db","SUCCESS","Offset: 24, Length: 16" "11:31:20.2738069 AM","icl.exe","42776","QueryStandardInformationFile","C:\ProgramData\Symantec\Symantec Endpoint Protection\14.2.4815.1101.105\Data\IRON\Iron.db","SUCCESS","AllocationSize: 1,101,824, EndOfFile: 1,101,824, NumberOfLinks: 1, DeletePending: False, Directory: False" "11:31:20.2738778 AM","icl.exe","42776","QueryStandardInformationFile","C:\ProgramData\Symantec\Symantec Endpoint Protection\14.2.4815.1101.105\Data\IRON\Iron.db","SUCCESS","AllocationSize: 1,101,824, EndOfFile: 1,101,824, NumberOfLinks: 1, DeletePending: False, Directory: False" "11:31:20.2741320 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-2109960903-2035505985-632688529-10574","SUCCESS","Desired Access: All Access" "11:31:20.2741592 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-2109960903-2035505985-632688529-10574\\Device\HarddiskVolume2\PROGRA~2\INTELS~1\COMPIL~1.210\windows\bin\intel64\mcpcom.exe","NAME NOT FOUND","Length: 40" "11:31:20.2741952 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-2109960903-2035505985-632688529-10574","SUCCESS","" "11:31:20.2742222 AM","icl.exe","42776","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\BAM","REPARSE","Desired Access: Query Value" "11:31:20.2742498 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Session Manager\BAM","NAME NOT FOUND","Desired Access: Query Value" "11:31:20.2743746 AM","icl.exe","42776","Process Create","C:\PROGRA~2\INTELS~1\COMPIL~1.210\windows\bin\intel64\mcpcom.exe","SUCCESS","PID: 41012, Command line: C:\PROGRA~2\INTELS~1\COMPIL~1.210\windows\bin\intel64\mcpcom @C:\Users\osqa\AppData\Local\Temp\427762arg4" "11:31:20.2745909 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Session Manager\AppCertDlls","REPARSE","Desired Access: Query Value" "11:31:20.2746139 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Session Manager\AppCertDlls","NAME NOT FOUND","Desired Access: Query Value" "11:31:20.2746494 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\SafeBoot\Option","REPARSE","Desired Access: Query Value, Set Value" "11:31:20.2746659 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\SafeBoot\Option","NAME NOT FOUND","Desired Access: Query Value, Set Value" "11:31:20.2746892 AM","icl.exe","42776","RegOpenKey","HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers","SUCCESS","Desired Access: Query Value" "11:31:20.2747164 AM","icl.exe","42776","RegQueryValue","HKLM\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\TransparentEnabled","NAME NOT FOUND","Length: 80" "11:31:20.2747338 AM","icl.exe","42776","RegQueryValue","HKLM\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\AuthenticodeEnabled","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0" "11:31:20.2747579 AM","icl.exe","42776","RegCloseKey","HKLM\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers","SUCCESS","" "11:31:20.2747872 AM","icl.exe","42776","RegOpenKey","HKCU\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers","NAME NOT FOUND","Desired Access: Query Value" "11:31:20.2761369 AM","icl.exe","42776","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\mcpcom.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:20.2761799 AM","icl.exe","42776","QueryBasicInformationFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\mcpcom.exe","SUCCESS","CreationTime: 4/12/2017 8:26:48 AM, LastAccessTime: 3/25/2021 11:31:20 AM, LastWriteTime: 4/12/2017 8:26:48 AM, ChangeTime: 2/24/2021 12:42:38 AM, FileAttributes: A" "11:31:20.2761992 AM","icl.exe","42776","CloseFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\mcpcom.exe","SUCCESS","" "11:31:20.2762574 AM","icl.exe","42776","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Open For Backup, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:20.2762896 AM","icl.exe","42776","QueryDirectory","C:\PROGRA~2","SUCCESS","FileInformationClass: FileBothDirectoryInformation, Filter: PROGRA~2, 2: Program Files (x86)" "11:31:20.2763232 AM","icl.exe","42776","CloseFile","C:\","SUCCESS","" "11:31:20.2764256 AM","icl.exe","42776","CreateFile","C:\Program Files (x86)","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Open For Backup, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:20.2764571 AM","icl.exe","42776","QueryDirectory","C:\Program Files (x86)\INTELS~1","SUCCESS","FileInformationClass: FileBothDirectoryInformation, Filter: INTELS~1, 2: IntelSWTools" "11:31:20.2764999 AM","icl.exe","42776","CloseFile","C:\Program Files (x86)","SUCCESS","" "11:31:20.2766525 AM","icl.exe","42776","CreateFile","C:\Program Files (x86)\IntelSWTools","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Open For Backup, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:20.2766862 AM","icl.exe","42776","QueryDirectory","C:\Program Files (x86)\IntelSWTools\COMPIL~1.210","SUCCESS","FileInformationClass: FileBothDirectoryInformation, Filter: COMPIL~1.210, 2: compilers_and_libraries_2017.4.210" "11:31:20.2767140 AM","icl.exe","42776","CloseFile","C:\Program Files (x86)\IntelSWTools","SUCCESS","" "11:31:20.2768309 AM","icl.exe","42776","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Open For Backup, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:20.2768733 AM","icl.exe","42776","QueryDirectory","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows","SUCCESS","FileInformationClass: FileBothDirectoryInformation, Filter: windows, 2: windows" "11:31:20.2769042 AM","icl.exe","42776","CloseFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210","SUCCESS","" "11:31:20.2770007 AM","icl.exe","42776","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Open For Backup, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:20.2770325 AM","icl.exe","42776","QueryDirectory","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin","SUCCESS","FileInformationClass: FileBothDirectoryInformation, Filter: bin, 2: bin" "11:31:20.2770551 AM","icl.exe","42776","CloseFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows","SUCCESS","" "11:31:20.2771538 AM","icl.exe","42776","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Open For Backup, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:20.2771854 AM","icl.exe","42776","QueryDirectory","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64","SUCCESS","FileInformationClass: FileBothDirectoryInformation, Filter: intel64, 2: intel64" "11:31:20.2772080 AM","icl.exe","42776","CloseFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin","SUCCESS","" "11:31:20.2773208 AM","icl.exe","42776","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Open For Backup, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:20.2773708 AM","icl.exe","42776","QueryDirectory","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\mcpcom.exe","SUCCESS","FileInformationClass: FileBothDirectoryInformation, Filter: mcpcom.exe, 2: mcpcom.exe" "11:31:20.2773961 AM","icl.exe","42776","CloseFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64","SUCCESS","" "11:31:20.2774981 AM","icl.exe","42776","RegOpenKey","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders","SUCCESS","Desired Access: Query Value" "11:31:20.2775217 AM","icl.exe","42776","RegQueryValue","HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cache","SUCCESS","Type: REG_SZ, Length: 112, Data: C:\Users\osqa\AppData\Local\Microsoft\Windows\INetCache" "11:31:20.2775444 AM","icl.exe","42776","RegCloseKey","HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders","SUCCESS","" "11:31:20.2775673 AM","icl.exe","42776","RegOpenKey","HKCU\Software\Microsoft\Windows NT\CurrentVersion","SUCCESS","Desired Access: Enumerate Sub Keys" "11:31:20.2775867 AM","icl.exe","42776","RegOpenKey","HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers","NAME NOT FOUND","Desired Access: Query Value" "11:31:20.2776210 AM","icl.exe","42776","QuerySecurityFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\mcpcom.exe","SUCCESS","Information: Owner, Group, DACL, SACL, Label, Attribute, Process Trust Label, 0x100" "11:31:20.2777362 AM","icl.exe","42776","CreateFile","C:\Windows\apppatch\sysmain.sdb","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, AllocationSize: n/a, OpenResult: Opened" "11:31:20.2777891 AM","icl.exe","42776","QueryBasicInformationFile","C:\Windows\apppatch\sysmain.sdb","SUCCESS","CreationTime: 3/10/2021 10:21:37 PM, LastAccessTime: 3/25/2021 11:31:19 AM, LastWriteTime: 3/10/2021 10:21:37 PM, ChangeTime: 3/10/2021 10:52:43 PM, FileAttributes: A" "11:31:20.2778002 AM","icl.exe","42776","CloseFile","C:\Windows\apppatch\sysmain.sdb","SUCCESS","" "11:31:20.2778402 AM","icl.exe","42776","QueryBasicInformationFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\mcpcom.exe","SUCCESS","CreationTime: 4/12/2017 8:26:48 AM, LastAccessTime: 3/25/2021 11:31:20 AM, LastWriteTime: 4/12/2017 8:26:48 AM, ChangeTime: 2/24/2021 12:42:38 AM, FileAttributes: A" "11:31:20.2779158 AM","icl.exe","42776","QueryBasicInformationFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\mcpcom.exe","SUCCESS","CreationTime: 4/12/2017 8:26:48 AM, LastAccessTime: 3/25/2021 11:31:20 AM, LastWriteTime: 4/12/2017 8:26:48 AM, ChangeTime: 2/24/2021 12:42:38 AM, FileAttributes: A" "11:31:20.2779320 AM","icl.exe","42776","QueryNameInformationFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\mcpcom.exe","SUCCESS","Name: \PROGRA~2\INTELS~1\COMPIL~1.210\windows\bin\intel64\mcpcom.exe" "11:31:20.2780737 AM","icl.exe","42776","CreateFile","C:\Windows\apppatch\sysmain.sdb","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:20.2781148 AM","icl.exe","42776","QueryStandardInformationFile","C:\Windows\apppatch\sysmain.sdb","SUCCESS","AllocationSize: 4,059,136, EndOfFile: 4,057,128, NumberOfLinks: 2, DeletePending: False, Directory: False" "11:31:20.2781275 AM","icl.exe","42776","QueryStandardInformationFile","C:\Windows\apppatch\sysmain.sdb","SUCCESS","AllocationSize: 4,059,136, EndOfFile: 4,057,128, NumberOfLinks: 2, DeletePending: False, Directory: False" "11:31:20.2781429 AM","icl.exe","42776","CreateFileMapping","C:\Windows\apppatch\sysmain.sdb","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE|PAGE_NOCACHE" "11:31:20.2781573 AM","icl.exe","42776","QueryStandardInformationFile","C:\Windows\apppatch\sysmain.sdb","SUCCESS","AllocationSize: 4,059,136, EndOfFile: 4,057,128, NumberOfLinks: 2, DeletePending: False, Directory: False" "11:31:20.2781847 AM","icl.exe","42776","CreateFileMapping","C:\Windows\apppatch\sysmain.sdb","SUCCESS","SyncType: SyncTypeOther" "11:31:20.2782789 AM","icl.exe","42776","QueryStandardInformationFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\mcpcom.exe","SUCCESS","AllocationSize: 40,472,576, EndOfFile: 40,468,736, NumberOfLinks: 1, DeletePending: False, Directory: False" "11:31:20.2783042 AM","icl.exe","42776","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers","SUCCESS","Desired Access: Read" "11:31:20.2783332 AM","icl.exe","42776","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\mcpcom.exe","NAME NOT FOUND","Length: 1,024" "11:31:20.2783514 AM","icl.exe","42776","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers","SUCCESS","" "11:31:20.2783717 AM","icl.exe","42776","RegOpenKey","HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers","NAME NOT FOUND","Desired Access: Read" "11:31:20.2783994 AM","icl.exe","42776","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom\mcpcom.exe","NAME NOT FOUND","Desired Access: Read" "11:31:20.2785363 AM","icl.exe","42776","QueryStandardInformationFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\mcpcom.exe","SUCCESS","AllocationSize: 40,472,576, EndOfFile: 40,468,736, NumberOfLinks: 1, DeletePending: False, Directory: False" "11:31:20.2785537 AM","icl.exe","42776","CreateFileMapping","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\mcpcom.exe","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READ|PAGE_NOCACHE" "11:31:20.2785706 AM","icl.exe","42776","QueryStandardInformationFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\mcpcom.exe","SUCCESS","AllocationSize: 40,472,576, EndOfFile: 40,468,736, NumberOfLinks: 1, DeletePending: False, Directory: False" "11:31:20.2785991 AM","icl.exe","42776","CreateFileMapping","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\mcpcom.exe","SUCCESS","SyncType: SyncTypeOther" "11:31:20.2792383 AM","icl.exe","42776","CloseFile","C:\Windows\apppatch\sysmain.sdb","SUCCESS","" "11:31:20.2793775 AM","icl.exe","42776","RegOpenKey","HKLM\Software\Microsoft\Windows\CurrentVersion\SideBySide","SUCCESS","Desired Access: Read" "11:31:20.2793988 AM","icl.exe","42776","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest","NAME NOT FOUND","Length: 20" "11:31:20.2794143 AM","icl.exe","42776","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide","SUCCESS","" "11:31:20.2804178 AM","icl.exe","42776","CloseFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\mcpcom.exe","SUCCESS","" "11:31:20.7231103 AM","icl.exe","42776","CreateFile","C:\Users\osqa\AppData\Local\Temp\427761tempfile3","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened" "11:31:20.7251368 AM","icl.exe","42776","CloseFile","C:\Users\osqa\AppData\Local\Temp\427761tempfile3","SUCCESS","" "11:31:20.7252695 AM","icl.exe","42776","CreateFile","C:\Users\osqa\AppData\Local\Temp\427761tempfile3","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened" "11:31:20.7253059 AM","icl.exe","42776","ReadFile","C:\Users\osqa\AppData\Local\Temp\427761tempfile3","SUCCESS","Offset: 0, Length: 73, Priority: Normal" "11:31:20.7253512 AM","icl.exe","42776","ReadFile","C:\Users\osqa\AppData\Local\Temp\427761tempfile3","END OF FILE","Offset: 73, Length: 4,096" "11:31:20.7253680 AM","icl.exe","42776","CloseFile","C:\Users\osqa\AppData\Local\Temp\427761tempfile3","SUCCESS","" "11:31:20.7254800 AM","icl.exe","42776","CreateFile","C:\Users\osqa\AppData\Local\Temp\427761tempfile3","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened" "11:31:20.7255142 AM","icl.exe","42776","ReadFile","C:\Users\osqa\AppData\Local\Temp\427761tempfile3","SUCCESS","Offset: 0, Length: 73, Priority: Normal" "11:31:20.7255523 AM","icl.exe","42776","ReadFile","C:\Users\osqa\AppData\Local\Temp\427761tempfile3","SUCCESS","Offset: 36, Length: 37" "11:31:20.7255713 AM","icl.exe","42776","ReadFile","C:\Users\osqa\AppData\Local\Temp\427761tempfile3","END OF FILE","Offset: 73, Length: 4,096" "11:31:20.7255878 AM","icl.exe","42776","CloseFile","C:\Users\osqa\AppData\Local\Temp\427761tempfile3","SUCCESS","" "11:31:20.7256958 AM","icl.exe","42776","CreateFile","C:\Users\osqa\AppData\Local\Temp\427761tempfile3","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened" "11:31:20.7257248 AM","icl.exe","42776","CloseFile","C:\Users\osqa\AppData\Local\Temp\427761tempfile3","SUCCESS","" "11:31:20.7258176 AM","icl.exe","42776","CreateFile","C:\Users\osqa\AppData\Local\Temp\427761tempfile3","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened" "11:31:20.7258470 AM","icl.exe","42776","ReadFile","C:\Users\osqa\AppData\Local\Temp\427761tempfile3","SUCCESS","Offset: 0, Length: 73, Priority: Normal" "11:31:20.7258687 AM","icl.exe","42776","ReadFile","C:\Users\osqa\AppData\Local\Temp\427761tempfile3","END OF FILE","Offset: 73, Length: 4,096" "11:31:20.7258848 AM","icl.exe","42776","CloseFile","C:\Users\osqa\AppData\Local\Temp\427761tempfile3","SUCCESS","" "11:31:20.7259791 AM","icl.exe","42776","CreateFile","C:\Users\osqa\AppData\Local\Temp\427761tempfile3","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened" "11:31:20.7260112 AM","icl.exe","42776","ReadFile","C:\Users\osqa\AppData\Local\Temp\427761tempfile3","SUCCESS","Offset: 0, Length: 73, Priority: Normal" "11:31:20.7260358 AM","icl.exe","42776","ReadFile","C:\Users\osqa\AppData\Local\Temp\427761tempfile3","SUCCESS","Offset: 36, Length: 37" "11:31:20.7260535 AM","icl.exe","42776","ReadFile","C:\Users\osqa\AppData\Local\Temp\427761tempfile3","END OF FILE","Offset: 73, Length: 4,096" "11:31:20.7260687 AM","icl.exe","42776","CloseFile","C:\Users\osqa\AppData\Local\Temp\427761tempfile3","SUCCESS","" "11:31:20.7261706 AM","icl.exe","42776","CreateFile","C:\Users\osqa\AppData\Local\Temp\427761tempfile3","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened" "11:31:20.7261982 AM","icl.exe","42776","CloseFile","C:\Users\osqa\AppData\Local\Temp\427761tempfile3","SUCCESS","" "11:31:20.7262875 AM","icl.exe","42776","CreateFile","C:\Users\osqa\AppData\Local\Temp\427761tempfile3","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened" "11:31:20.7263152 AM","icl.exe","42776","ReadFile","C:\Users\osqa\AppData\Local\Temp\427761tempfile3","SUCCESS","Offset: 0, Length: 73, Priority: Normal" "11:31:20.7263361 AM","icl.exe","42776","ReadFile","C:\Users\osqa\AppData\Local\Temp\427761tempfile3","END OF FILE","Offset: 73, Length: 4,096" "11:31:20.7263508 AM","icl.exe","42776","CloseFile","C:\Users\osqa\AppData\Local\Temp\427761tempfile3","SUCCESS","" "11:31:20.7264964 AM","icl.exe","42776","CreateFile","C:\Users\osqa\AppData\Local\Temp\427761tempfile3","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened" "11:31:20.7265314 AM","icl.exe","42776","ReadFile","C:\Users\osqa\AppData\Local\Temp\427761tempfile3","SUCCESS","Offset: 0, Length: 73, Priority: Normal" "11:31:20.7265572 AM","icl.exe","42776","ReadFile","C:\Users\osqa\AppData\Local\Temp\427761tempfile3","SUCCESS","Offset: 36, Length: 37" "11:31:20.7265750 AM","icl.exe","42776","ReadFile","C:\Users\osqa\AppData\Local\Temp\427761tempfile3","END OF FILE","Offset: 73, Length: 4,096" "11:31:20.7265899 AM","icl.exe","42776","CloseFile","C:\Users\osqa\AppData\Local\Temp\427761tempfile3","SUCCESS","" "11:31:20.7268252 AM","icl.exe","42776","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" "11:31:20.7268473 AM","icl.exe","42776","RegOpenKey","HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions","SUCCESS","Desired Access: Read" "11:31:20.7268745 AM","icl.exe","42776","RegQueryKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions","SUCCESS","Query: HandleTags, HandleTags: 0x0" "11:31:20.7268891 AM","icl.exe","42776","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{DE974D24-D9C6-4D3E-BF91-F4455120B917}","SUCCESS","Desired Access: Read" "11:31:20.7269166 AM","icl.exe","42776","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions","SUCCESS","" "11:31:20.7269350 AM","icl.exe","42776","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\Category","SUCCESS","Type: REG_DWORD, Length: 4, Data: 2" "11:31:20.7269507 AM","icl.exe","42776","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\Name","SUCCESS","Type: REG_SZ, Length: 44, Data: ProgramFilesCommonX86" "11:31:20.7269672 AM","icl.exe","42776","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\ParentFolder","NAME NOT FOUND","Length: 90" "11:31:20.7269810 AM","icl.exe","42776","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\Description","NAME NOT FOUND","Length: 144" "11:31:20.7269937 AM","icl.exe","42776","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\RelativePath","NAME NOT FOUND","Length: 144" "11:31:20.7270061 AM","icl.exe","42776","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\ParsingName","NAME NOT FOUND","Length: 144" "11:31:20.7270185 AM","icl.exe","42776","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\InfoTip","NAME NOT FOUND","Length: 144" "11:31:20.7270307 AM","icl.exe","42776","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\LocalizedName","NAME NOT FOUND","Length: 144" "11:31:20.7270430 AM","icl.exe","42776","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\Icon","NAME NOT FOUND","Length: 144" "11:31:20.7270552 AM","icl.exe","42776","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\Security","NAME NOT FOUND","Length: 144" "11:31:20.7270674 AM","icl.exe","42776","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\StreamResource","NAME NOT FOUND","Length: 144" "11:31:20.7270803 AM","icl.exe","42776","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\StreamResourceType","NAME NOT FOUND","Length: 144" "11:31:20.7270929 AM","icl.exe","42776","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\LocalRedirectOnly","NAME NOT FOUND","Length: 16" "11:31:20.7271054 AM","icl.exe","42776","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\Roamable","NAME NOT FOUND","Length: 16" "11:31:20.7271175 AM","icl.exe","42776","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\PreCreate","NAME NOT FOUND","Length: 16" "11:31:20.7271296 AM","icl.exe","42776","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\Stream","NAME NOT FOUND","Length: 16" "11:31:20.7271418 AM","icl.exe","42776","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\PublishExpandedPath","NAME NOT FOUND","Length: 16" "11:31:20.7271539 AM","icl.exe","42776","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\DefinitionFlags","NAME NOT FOUND","Length: 16" "11:31:20.7271696 AM","icl.exe","42776","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\Attributes","NAME NOT FOUND","Length: 16" "11:31:20.7271821 AM","icl.exe","42776","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\FolderTypeID","NAME NOT FOUND","Length: 90" "11:31:20.7271944 AM","icl.exe","42776","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\InitFolderHandler","NAME NOT FOUND","Length: 90" "11:31:20.7272101 AM","icl.exe","42776","RegQueryKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{DE974D24-D9C6-4D3E-BF91-F4455120B917}","SUCCESS","Query: HandleTags, HandleTags: 0x0" "11:31:20.7272240 AM","icl.exe","42776","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\PropertyBag","NAME NOT FOUND","Desired Access: Read" "11:31:20.7272425 AM","icl.exe","42776","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{DE974D24-D9C6-4D3E-BF91-F4455120B917}","SUCCESS","" "11:31:20.7273399 AM","icl.exe","42776","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" "11:31:20.7273543 AM","icl.exe","42776","RegOpenKey","HKLM\Software\Microsoft\Windows\CurrentVersion","SUCCESS","Desired Access: Read" "11:31:20.7273759 AM","icl.exe","42776","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\CommonFilesDir (x86)","SUCCESS","Type: REG_SZ, Length: 72, Data: C:\Program Files (x86)\Common Files" "11:31:20.7273939 AM","icl.exe","42776","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion","SUCCESS","" "11:31:20.7275845 AM","icl.exe","42776","CreateFile","C:\Program Files (x86)\Common Files","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:20.7276166 AM","icl.exe","42776","QueryBasicInformationFile","C:\Program Files (x86)\Common Files","SUCCESS","CreationTime: 12/7/2019 2:14:52 AM, LastAccessTime: 3/25/2021 11:31:20 AM, LastWriteTime: 2/24/2021 12:50:14 AM, ChangeTime: 2/24/2021 12:50:14 AM, FileAttributes: D" "11:31:20.7276298 AM","icl.exe","42776","CloseFile","C:\Program Files (x86)\Common Files","SUCCESS","" "11:31:20.7278452 AM","icl.exe","42776","CreateFile","C:\Program Files (x86)\Common Files\Intel\Intel Software Manager\intel64\intelremotemonserver.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:20.7278729 AM","icl.exe","42776","QueryBasicInformationFile","C:\Program Files (x86)\Common Files\Intel\Intel Software Manager\intel64\intelremotemonserver.exe","SUCCESS","CreationTime: 4/7/2017 3:05:48 PM, LastAccessTime: 3/25/2021 9:17:37 AM, LastWriteTime: 4/7/2017 3:05:48 PM, ChangeTime: 2/24/2021 12:50:15 AM, FileAttributes: A" "11:31:20.7278839 AM","icl.exe","42776","CloseFile","C:\Program Files (x86)\Common Files\Intel\Intel Software Manager\intel64\intelremotemonserver.exe","SUCCESS","" "11:31:20.7280295 AM","icl.exe","42776","CreateFile","C:\Program Files (x86)\Common Files\Intel\Intel Software Manager\intel64\intelremotemonserver.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:20.7280510 AM","icl.exe","42776","QueryBasicInformationFile","C:\Program Files (x86)\Common Files\Intel\Intel Software Manager\intel64\intelremotemonserver.exe","SUCCESS","CreationTime: 4/7/2017 3:05:48 PM, LastAccessTime: 3/25/2021 9:17:37 AM, LastWriteTime: 4/7/2017 3:05:48 PM, ChangeTime: 2/24/2021 12:50:15 AM, FileAttributes: A" "11:31:20.7280612 AM","icl.exe","42776","CloseFile","C:\Program Files (x86)\Common Files\Intel\Intel Software Manager\intel64\intelremotemonserver.exe","SUCCESS","" "11:31:20.7282181 AM","icl.exe","42776","CreateFile","C:\Program Files (x86)\Common Files\Intel\Intel Software Manager","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:20.7282434 AM","icl.exe","42776","QueryBasicInformationFile","C:\Program Files (x86)\Common Files\Intel\Intel Software Manager","SUCCESS","CreationTime: 2/24/2021 12:50:14 AM, LastAccessTime: 3/25/2021 11:31:19 AM, LastWriteTime: 2/24/2021 12:50:15 AM, ChangeTime: 2/24/2021 12:50:15 AM, FileAttributes: D" "11:31:20.7282538 AM","icl.exe","42776","CloseFile","C:\Program Files (x86)\Common Files\Intel\Intel Software Manager","SUCCESS","" "11:31:20.7283117 AM","icl.exe","42776","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\intelremotemonserver.exe","NAME NOT FOUND","Desired Access: Query Value, Enumerate Sub Keys" "11:31:20.7283325 AM","icl.exe","42776","RegOpenKey","HKLM\Software\Microsoft\Wow64\x86\xtajit","NAME NOT FOUND","Desired Access: Query Value" "11:31:20.7284234 AM","icl.exe","42776","CreateFile","C:\Program Files (x86)\Common Files\Intel\Intel Software Manager\intel64\intelremotemonserver.exe","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:20.7424217 AM","icl.exe","42776","CreateFileMapping","C:\Program Files (x86)\Common Files\Intel\Intel Software Manager\intel64\intelremotemonserver.exe","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READ" "11:31:20.7425628 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Read" "11:31:20.7425857 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Read" "11:31:20.7426042 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 20" "11:31:20.7426213 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","" "11:31:20.7426366 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Query Value" "11:31:20.7426506 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Query Value" "11:31:20.7426638 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 80" "11:31:20.7426784 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","" "11:31:20.7426916 AM","icl.exe","42776","CreateFileMapping","C:\Program Files (x86)\Common Files\Intel\Intel Software Manager\intel64\intelremotemonserver.exe","SUCCESS","SyncType: SyncTypeOther" "11:31:20.7427495 AM","icl.exe","42776","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\intelremotemonserver.exe","NAME NOT FOUND","Desired Access: Query Value, Enumerate Sub Keys" "11:31:20.7427830 AM","icl.exe","42776","QuerySecurityFile","C:\Program Files (x86)\Common Files\Intel\Intel Software Manager\intel64\intelremotemonserver.exe","SUCCESS","Information: Label" "11:31:20.7428777 AM","icl.exe","42776","QueryNameInformationFile","C:\Program Files (x86)\Common Files\Intel\Intel Software Manager\intel64\intelremotemonserver.exe","SUCCESS","Name: \Program Files (x86)\Common Files\Intel\Intel Software Manager\intel64\intelremotemonserver.exe" "11:31:20.7431703 AM","icl.exe","42776","QueryNameInformationFile","C:\Program Files (x86)\Common Files\Intel\Intel Software Manager\intel64\intelremotemonserver.exe","SUCCESS","Name: \Program Files (x86)\Common Files\Intel\Intel Software Manager\intel64\intelremotemonserver.exe" "11:31:20.7432473 AM","icl.exe","42776","CreateFile","C:\","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: N, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:20.7433014 AM","icl.exe","42776","QueryDirectory","C:\Program Files (x86)","SUCCESS","FileInformationClass: FileDirectoryInformation, Filter: Program Files (x86), 2: Program Files (x86)" "11:31:20.7433345 AM","icl.exe","42776","CloseFile","C:\","SUCCESS","" "11:31:20.7434383 AM","icl.exe","42776","CreateFile","C:\Program Files (x86)","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: N, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:20.7434876 AM","icl.exe","42776","QueryDirectory","C:\Program Files (x86)\Common Files","SUCCESS","FileInformationClass: FileDirectoryInformation, Filter: Common Files, 2: Common Files" "11:31:20.7435103 AM","icl.exe","42776","CloseFile","C:\Program Files (x86)","SUCCESS","" "11:31:20.7435972 AM","icl.exe","42776","CreateFile","C:\Program Files (x86)\Common Files","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: N, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:20.7436261 AM","icl.exe","42776","QueryDirectory","C:\Program Files (x86)\Common Files\Intel","SUCCESS","FileInformationClass: FileDirectoryInformation, Filter: Intel, 2: Intel" "11:31:20.7436450 AM","icl.exe","42776","CloseFile","C:\Program Files (x86)\Common Files","SUCCESS","" "11:31:20.7437238 AM","icl.exe","42776","CreateFile","C:\Program Files (x86)\Common Files\Intel","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: N, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:20.7437536 AM","icl.exe","42776","QueryDirectory","C:\Program Files (x86)\Common Files\Intel\Intel Software Manager","SUCCESS","FileInformationClass: FileDirectoryInformation, Filter: Intel Software Manager, 2: Intel Software Manager" "11:31:20.7437718 AM","icl.exe","42776","CloseFile","C:\Program Files (x86)\Common Files\Intel","SUCCESS","" "11:31:20.7438502 AM","icl.exe","42776","CreateFile","C:\Program Files (x86)\Common Files\Intel\Intel Software Manager","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: N, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:20.7438777 AM","icl.exe","42776","QueryDirectory","C:\Program Files (x86)\Common Files\Intel\Intel Software Manager\intel64","SUCCESS","FileInformationClass: FileDirectoryInformation, Filter: intel64, 2: intel64" "11:31:20.7438968 AM","icl.exe","42776","CloseFile","C:\Program Files (x86)\Common Files\Intel\Intel Software Manager","SUCCESS","" "11:31:20.7439980 AM","icl.exe","42776","CreateFile","C:\Program Files (x86)\Common Files\Intel\Intel Software Manager\intel64","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: N, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:20.7440270 AM","icl.exe","42776","QueryDirectory","C:\Program Files (x86)\Common Files\Intel\Intel Software Manager\intel64\intelremotemonserver.exe","SUCCESS","FileInformationClass: FileDirectoryInformation, Filter: intelremotemonserver.exe, 2: intelremotemonserver.exe" "11:31:20.7440453 AM","icl.exe","42776","CloseFile","C:\Program Files (x86)\Common Files\Intel\Intel Software Manager\intel64","SUCCESS","" "11:31:20.7443601 AM","icl.exe","42776","CreateFile","C:\Program Files (x86)\Common Files\Intel\Intel Software Manager\intel64\intelremotemonserver.exe","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Complete If Oplocked, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:20.7443978 AM","icl.exe","42776","QueryStandardInformationFile","C:\Program Files (x86)\Common Files\Intel\Intel Software Manager\intel64\intelremotemonserver.exe","SUCCESS","AllocationSize: 1,429,504, EndOfFile: 1,425,680, NumberOfLinks: 1, DeletePending: False, Directory: False" "11:31:20.7444103 AM","icl.exe","42776","CloseFile","C:\Program Files (x86)\Common Files\Intel\Intel Software Manager\intel64\intelremotemonserver.exe","SUCCESS","" "11:31:20.7445283 AM","icl.exe","42776","CreateFile","C:\Program Files (x86)\Common Files\Intel\Intel Software Manager\intel64\intelremotemonserver.exe","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Sequential Access, Synchronous IO Non-Alert, Non-Directory File, Complete If Oplocked, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:20.7445816 AM","icl.exe","42776","CloseFile","C:\Program Files (x86)\Common Files\Intel\Intel Software Manager\intel64\intelremotemonserver.exe","SUCCESS","" "11:31:20.7446843 AM","icl.exe","42776","CreateFile","C:\Program Files (x86)\Common Files\Intel\Intel Software Manager\intel64\intelremotemonserver.exe","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Sequential Access, Synchronous IO Non-Alert, Non-Directory File, Complete If Oplocked, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:20.7448165 AM","icl.exe","42776","CloseFile","C:\Program Files (x86)\Common Files\Intel\Intel Software Manager\intel64\intelremotemonserver.exe","SUCCESS","" "11:31:20.7449305 AM","icl.exe","42776","CreateFile","C:\Program Files (x86)\Common Files\Intel\Intel Software Manager\intel64\intelremotemonserver.exe","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Complete If Oplocked, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:20.7449623 AM","icl.exe","42776","QueryBasicInformationFile","C:\Program Files (x86)\Common Files\Intel\Intel Software Manager\intel64\intelremotemonserver.exe","SUCCESS","CreationTime: 4/7/2017 3:05:48 PM, LastAccessTime: 3/25/2021 9:17:37 AM, LastWriteTime: 4/7/2017 3:05:48 PM, ChangeTime: 2/24/2021 12:50:15 AM, FileAttributes: A" "11:31:20.7449794 AM","icl.exe","42776","QueryFileInternalInformationFile","C:\Program Files (x86)\Common Files\Intel\Intel Software Manager\intel64\intelremotemonserver.exe","SUCCESS","IndexNumber: 0x1000000070b8f" "11:31:20.7449944 AM","icl.exe","42776","QueryStandardInformationFile","C:\Program Files (x86)\Common Files\Intel\Intel Software Manager\intel64\intelremotemonserver.exe","SUCCESS","AllocationSize: 1,429,504, EndOfFile: 1,425,680, NumberOfLinks: 1, DeletePending: False, Directory: False" "11:31:20.7450090 AM","icl.exe","42776","CloseFile","C:\Program Files (x86)\Common Files\Intel\Intel Software Manager\intel64\intelremotemonserver.exe","SUCCESS","" "11:31:20.7450659 AM","icl.exe","42776","CreateFile","C:\","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Complete If Oplocked, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:20.7451742 AM","icl.exe","42776","CreateFile","C:\Program Files (x86)\Common Files\Intel\Intel Software Manager\intel64\intelremotemonserver.exe","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Complete If Oplocked, Open By ID, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:20.7452008 AM","icl.exe","42776","CloseFile","C:\","SUCCESS","" "11:31:20.7452904 AM","icl.exe","42776","CloseFile","C:\Program Files (x86)\Common Files\Intel\Intel Software Manager\intel64\intelremotemonserver.exe","SUCCESS","" "11:31:20.7453669 AM","icl.exe","42776","CreateFile","C:\","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Complete If Oplocked, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:20.7454876 AM","icl.exe","42776","CreateFile","C:\Program Files (x86)\Common Files\Intel\Intel Software Manager\intel64\intelremotemonserver.exe","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Complete If Oplocked, Open By ID, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:20.7455167 AM","icl.exe","42776","CloseFile","C:\","SUCCESS","" "11:31:20.7455741 AM","icl.exe","42776","QuerySecurityFile","C:\Program Files (x86)\Common Files\Intel\Intel Software Manager\intel64\intelremotemonserver.exe","SUCCESS","Information: Owner, Group, DACL, SACL, Label, Attribute, Process Trust Label, 0x100" "11:31:20.7455933 AM","icl.exe","42776","QueryStandardInformationFile","C:\Program Files (x86)\Common Files\Intel\Intel Software Manager\intel64\intelremotemonserver.exe","SUCCESS","AllocationSize: 1,429,504, EndOfFile: 1,425,680, NumberOfLinks: 1, DeletePending: False, Directory: False" "11:31:20.7472940 AM","icl.exe","42776","CloseFile","C:\Program Files (x86)\Common Files\Intel\Intel Software Manager\intel64\intelremotemonserver.exe","SUCCESS","" "11:31:20.7474509 AM","icl.exe","42776","QueryStandardInformationFile","C:\ProgramData\Symantec\Symantec Endpoint Protection\14.2.4815.1101.105\Data\IRON\Iron.db","SUCCESS","AllocationSize: 1,101,824, EndOfFile: 1,101,824, NumberOfLinks: 1, DeletePending: False, Directory: False" "11:31:20.7474843 AM","icl.exe","42776","ReadFile","C:\ProgramData\Symantec\Symantec Endpoint Protection\14.2.4815.1101.105\Data\IRON\Iron.db","SUCCESS","Offset: 24, Length: 16" "11:31:20.7475043 AM","icl.exe","42776","QueryStandardInformationFile","C:\ProgramData\Symantec\Symantec Endpoint Protection\14.2.4815.1101.105\Data\IRON\Iron.db","SUCCESS","AllocationSize: 1,101,824, EndOfFile: 1,101,824, NumberOfLinks: 1, DeletePending: False, Directory: False" "11:31:20.7475345 AM","icl.exe","42776","QueryStandardInformationFile","C:\ProgramData\Symantec\Symantec Endpoint Protection\14.2.4815.1101.105\Data\IRON\Iron.db","SUCCESS","AllocationSize: 1,101,824, EndOfFile: 1,101,824, NumberOfLinks: 1, DeletePending: False, Directory: False" "11:31:20.7475986 AM","icl.exe","42776","QueryStandardInformationFile","C:\ProgramData\Symantec\Symantec Endpoint Protection\14.2.4815.1101.105\Data\IRON\Iron.db","SUCCESS","AllocationSize: 1,101,824, EndOfFile: 1,101,824, NumberOfLinks: 1, DeletePending: False, Directory: False" "11:31:20.7476135 AM","icl.exe","42776","ReadFile","C:\ProgramData\Symantec\Symantec Endpoint Protection\14.2.4815.1101.105\Data\IRON\Iron.db","SUCCESS","Offset: 24, Length: 16" "11:31:20.7476313 AM","icl.exe","42776","QueryStandardInformationFile","C:\ProgramData\Symantec\Symantec Endpoint Protection\14.2.4815.1101.105\Data\IRON\Iron.db","SUCCESS","AllocationSize: 1,101,824, EndOfFile: 1,101,824, NumberOfLinks: 1, DeletePending: False, Directory: False" "11:31:20.7476599 AM","icl.exe","42776","QueryStandardInformationFile","C:\ProgramData\Symantec\Symantec Endpoint Protection\14.2.4815.1101.105\Data\IRON\Iron.db","SUCCESS","AllocationSize: 1,101,824, EndOfFile: 1,101,824, NumberOfLinks: 1, DeletePending: False, Directory: False" "11:31:20.7477135 AM","icl.exe","42776","QueryStandardInformationFile","C:\ProgramData\Symantec\Symantec Endpoint Protection\14.2.4815.1101.105\Data\IRON\Iron.db","SUCCESS","AllocationSize: 1,101,824, EndOfFile: 1,101,824, NumberOfLinks: 1, DeletePending: False, Directory: False" "11:31:20.7477278 AM","icl.exe","42776","ReadFile","C:\ProgramData\Symantec\Symantec Endpoint Protection\14.2.4815.1101.105\Data\IRON\Iron.db","SUCCESS","Offset: 24, Length: 16" "11:31:20.7477422 AM","icl.exe","42776","QueryStandardInformationFile","C:\ProgramData\Symantec\Symantec Endpoint Protection\14.2.4815.1101.105\Data\IRON\Iron.db","SUCCESS","AllocationSize: 1,101,824, EndOfFile: 1,101,824, NumberOfLinks: 1, DeletePending: False, Directory: False" "11:31:20.7477699 AM","icl.exe","42776","QueryStandardInformationFile","C:\ProgramData\Symantec\Symantec Endpoint Protection\14.2.4815.1101.105\Data\IRON\Iron.db","SUCCESS","AllocationSize: 1,101,824, EndOfFile: 1,101,824, NumberOfLinks: 1, DeletePending: False, Directory: False" "11:31:20.7478126 AM","icl.exe","42776","QueryStandardInformationFile","C:\ProgramData\Symantec\Symantec Endpoint Protection\14.2.4815.1101.105\Data\IRON\Iron.db","SUCCESS","AllocationSize: 1,101,824, EndOfFile: 1,101,824, NumberOfLinks: 1, DeletePending: False, Directory: False" "11:31:20.7478269 AM","icl.exe","42776","ReadFile","C:\ProgramData\Symantec\Symantec Endpoint Protection\14.2.4815.1101.105\Data\IRON\Iron.db","SUCCESS","Offset: 24, Length: 16" "11:31:20.7478411 AM","icl.exe","42776","QueryStandardInformationFile","C:\ProgramData\Symantec\Symantec Endpoint Protection\14.2.4815.1101.105\Data\IRON\Iron.db","SUCCESS","AllocationSize: 1,101,824, EndOfFile: 1,101,824, NumberOfLinks: 1, DeletePending: False, Directory: False" "11:31:20.7478685 AM","icl.exe","42776","QueryStandardInformationFile","C:\ProgramData\Symantec\Symantec Endpoint Protection\14.2.4815.1101.105\Data\IRON\Iron.db","SUCCESS","AllocationSize: 1,101,824, EndOfFile: 1,101,824, NumberOfLinks: 1, DeletePending: False, Directory: False" "11:31:20.7479194 AM","icl.exe","42776","QueryStandardInformationFile","C:\ProgramData\Symantec\Symantec Endpoint Protection\14.2.4815.1101.105\Data\IRON\Iron.db","SUCCESS","AllocationSize: 1,101,824, EndOfFile: 1,101,824, NumberOfLinks: 1, DeletePending: False, Directory: False" "11:31:20.7479335 AM","icl.exe","42776","ReadFile","C:\ProgramData\Symantec\Symantec Endpoint Protection\14.2.4815.1101.105\Data\IRON\Iron.db","SUCCESS","Offset: 24, Length: 16" "11:31:20.7479480 AM","icl.exe","42776","QueryStandardInformationFile","C:\ProgramData\Symantec\Symantec Endpoint Protection\14.2.4815.1101.105\Data\IRON\Iron.db","SUCCESS","AllocationSize: 1,101,824, EndOfFile: 1,101,824, NumberOfLinks: 1, DeletePending: False, Directory: False" "11:31:20.7479756 AM","icl.exe","42776","QueryStandardInformationFile","C:\ProgramData\Symantec\Symantec Endpoint Protection\14.2.4815.1101.105\Data\IRON\Iron.db","SUCCESS","AllocationSize: 1,101,824, EndOfFile: 1,101,824, NumberOfLinks: 1, DeletePending: False, Directory: False" "11:31:20.7480412 AM","icl.exe","42776","CreateFile","C:\","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Complete If Oplocked, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:20.7481686 AM","icl.exe","42776","CreateFile","C:\Program Files (x86)\Common Files\Intel\Intel Software Manager\intel64\intelremotemonserver.exe","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Complete If Oplocked, Open By ID, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:20.7481982 AM","icl.exe","42776","CloseFile","C:\","SUCCESS","" "11:31:20.7482401 AM","icl.exe","42776","QueryStandardInformationFile","C:\Program Files (x86)\Common Files\Intel\Intel Software Manager\intel64\intelremotemonserver.exe","SUCCESS","AllocationSize: 1,429,504, EndOfFile: 1,425,680, NumberOfLinks: 1, DeletePending: False, Directory: False" "11:31:20.7482596 AM","icl.exe","42776","ReadFile","C:\Program Files (x86)\Common Files\Intel\Intel Software Manager\intel64\intelremotemonserver.exe","SUCCESS","Offset: 0, Length: 32,768, Priority: Normal" "11:31:20.7483266 AM","icl.exe","42776","ReadFile","C:\Program Files (x86)\Common Files\Intel\Intel Software Manager\intel64\intelremotemonserver.exe","SUCCESS","Offset: 1,343,488, Length: 32,768" "11:31:20.7484002 AM","icl.exe","42776","ReadFile","C:\Program Files (x86)\Common Files\Intel\Intel Software Manager\intel64\intelremotemonserver.exe","SUCCESS","Offset: 1,376,256, Length: 32,768" "11:31:20.7484562 AM","icl.exe","42776","CloseFile","C:\Program Files (x86)\Common Files\Intel\Intel Software Manager\intel64\intelremotemonserver.exe","SUCCESS","" "11:31:20.7485575 AM","icl.exe","42776","QueryStandardInformationFile","C:\ProgramData\Symantec\Symantec Endpoint Protection\14.2.4815.1101.105\Data\Definitions\BASHDefs\20210324.011\bash.dat","SUCCESS","AllocationSize: 102,400, EndOfFile: 102,400, NumberOfLinks: 1, DeletePending: False, Directory: False" "11:31:20.7485731 AM","icl.exe","42776","ReadFile","C:\ProgramData\Symantec\Symantec Endpoint Protection\14.2.4815.1101.105\Data\Definitions\BASHDefs\20210324.011\bash.dat","SUCCESS","Offset: 24, Length: 16" "11:31:20.7485894 AM","icl.exe","42776","QueryStandardInformationFile","C:\ProgramData\Symantec\Symantec Endpoint Protection\14.2.4815.1101.105\Data\Definitions\BASHDefs\20210324.011\bash.dat","SUCCESS","AllocationSize: 102,400, EndOfFile: 102,400, NumberOfLinks: 1, DeletePending: False, Directory: False" "11:31:20.7486166 AM","icl.exe","42776","QueryStandardInformationFile","C:\ProgramData\Symantec\Symantec Endpoint Protection\14.2.4815.1101.105\Data\Definitions\BASHDefs\20210324.011\bash.dat","SUCCESS","AllocationSize: 102,400, EndOfFile: 102,400, NumberOfLinks: 1, DeletePending: False, Directory: False" "11:31:20.7487711 AM","icl.exe","42776","QueryStandardInformationFile","C:\ProgramData\Symantec\Symantec Endpoint Protection\14.2.4815.1101.105\Data\IRON\Iron.db","SUCCESS","AllocationSize: 1,101,824, EndOfFile: 1,101,824, NumberOfLinks: 1, DeletePending: False, Directory: False" "11:31:20.7487893 AM","icl.exe","42776","ReadFile","C:\ProgramData\Symantec\Symantec Endpoint Protection\14.2.4815.1101.105\Data\IRON\Iron.db","SUCCESS","Offset: 24, Length: 16" "11:31:20.7488052 AM","icl.exe","42776","QueryStandardInformationFile","C:\ProgramData\Symantec\Symantec Endpoint Protection\14.2.4815.1101.105\Data\IRON\Iron.db","SUCCESS","AllocationSize: 1,101,824, EndOfFile: 1,101,824, NumberOfLinks: 1, DeletePending: False, Directory: False" "11:31:20.7488328 AM","icl.exe","42776","QueryStandardInformationFile","C:\ProgramData\Symantec\Symantec Endpoint Protection\14.2.4815.1101.105\Data\IRON\Iron.db","SUCCESS","AllocationSize: 1,101,824, EndOfFile: 1,101,824, NumberOfLinks: 1, DeletePending: False, Directory: False" "11:31:20.7488886 AM","icl.exe","42776","QueryStandardInformationFile","C:\ProgramData\Symantec\Symantec Endpoint Protection\14.2.4815.1101.105\Data\IRON\Iron.db","SUCCESS","AllocationSize: 1,101,824, EndOfFile: 1,101,824, NumberOfLinks: 1, DeletePending: False, Directory: False" "11:31:20.7489026 AM","icl.exe","42776","ReadFile","C:\ProgramData\Symantec\Symantec Endpoint Protection\14.2.4815.1101.105\Data\IRON\Iron.db","SUCCESS","Offset: 24, Length: 16" "11:31:20.7489167 AM","icl.exe","42776","QueryStandardInformationFile","C:\ProgramData\Symantec\Symantec Endpoint Protection\14.2.4815.1101.105\Data\IRON\Iron.db","SUCCESS","AllocationSize: 1,101,824, EndOfFile: 1,101,824, NumberOfLinks: 1, DeletePending: False, Directory: False" "11:31:20.7489436 AM","icl.exe","42776","QueryStandardInformationFile","C:\ProgramData\Symantec\Symantec Endpoint Protection\14.2.4815.1101.105\Data\IRON\Iron.db","SUCCESS","AllocationSize: 1,101,824, EndOfFile: 1,101,824, NumberOfLinks: 1, DeletePending: False, Directory: False" "11:31:20.7489984 AM","icl.exe","42776","QueryStandardInformationFile","C:\ProgramData\Symantec\Symantec Endpoint Protection\14.2.4815.1101.105\Data\IRON\Iron.db","SUCCESS","AllocationSize: 1,101,824, EndOfFile: 1,101,824, NumberOfLinks: 1, DeletePending: False, Directory: False" "11:31:20.7490118 AM","icl.exe","42776","ReadFile","C:\ProgramData\Symantec\Symantec Endpoint Protection\14.2.4815.1101.105\Data\IRON\Iron.db","SUCCESS","Offset: 24, Length: 16" "11:31:20.7490256 AM","icl.exe","42776","QueryStandardInformationFile","C:\ProgramData\Symantec\Symantec Endpoint Protection\14.2.4815.1101.105\Data\IRON\Iron.db","SUCCESS","AllocationSize: 1,101,824, EndOfFile: 1,101,824, NumberOfLinks: 1, DeletePending: False, Directory: False" "11:31:20.7490525 AM","icl.exe","42776","QueryStandardInformationFile","C:\ProgramData\Symantec\Symantec Endpoint Protection\14.2.4815.1101.105\Data\IRON\Iron.db","SUCCESS","AllocationSize: 1,101,824, EndOfFile: 1,101,824, NumberOfLinks: 1, DeletePending: False, Directory: False" "11:31:20.7501594 AM","icl.exe","42776","CreateFile","C:\Program Files (x86)\Common Files\Intel\Intel Software Manager\intel64\intelremotemonserver.exe","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:20.7516398 AM","icl.exe","42776","QueryStandardInformationFile","C:\Program Files (x86)\Common Files\Intel\Intel Software Manager\intel64\intelremotemonserver.exe","SUCCESS","AllocationSize: 1,429,504, EndOfFile: 1,425,680, NumberOfLinks: 1, DeletePending: False, Directory: False" "11:31:20.7516637 AM","icl.exe","42776","CloseFile","C:\Program Files (x86)\Common Files\Intel\Intel Software Manager\intel64\intelremotemonserver.exe","SUCCESS","" "11:31:20.7517933 AM","icl.exe","42776","CreateFile","C:\Program Files (x86)\Common Files\Intel\Intel Software Manager\intel64\intelremotemonserver.exe","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Complete If Oplocked, Attributes: N, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:20.7518255 AM","icl.exe","42776","QueryStandardInformationFile","C:\Program Files (x86)\Common Files\Intel\Intel Software Manager\intel64\intelremotemonserver.exe","SUCCESS","AllocationSize: 1,429,504, EndOfFile: 1,425,680, NumberOfLinks: 1, DeletePending: False, Directory: False" "11:31:20.7518359 AM","icl.exe","42776","CloseFile","C:\Program Files (x86)\Common Files\Intel\Intel Software Manager\intel64\intelremotemonserver.exe","SUCCESS","" "11:31:20.7538443 AM","icl.exe","42776","QuerySecurityFile","C:\Program Files (x86)\Common Files\Intel\Intel Software Manager\intel64\intelremotemonserver.exe","SUCCESS","Information: Owner, Group, DACL, SACL, Label, Attribute, Process Trust Label, 0x100" "11:31:20.7538651 AM","icl.exe","42776","QueryStandardInformationFile","C:\Program Files (x86)\Common Files\Intel\Intel Software Manager\intel64\intelremotemonserver.exe","SUCCESS","AllocationSize: 1,429,504, EndOfFile: 1,425,680, NumberOfLinks: 1, DeletePending: False, Directory: False" "11:31:20.7555227 AM","icl.exe","42776","QueryStandardInformationFile","C:\ProgramData\Symantec\Symantec Endpoint Protection\14.2.4815.1101.105\Data\IRON\Iron.db","SUCCESS","AllocationSize: 1,101,824, EndOfFile: 1,101,824, NumberOfLinks: 1, DeletePending: False, Directory: False" "11:31:20.7555398 AM","icl.exe","42776","ReadFile","C:\ProgramData\Symantec\Symantec Endpoint Protection\14.2.4815.1101.105\Data\IRON\Iron.db","SUCCESS","Offset: 24, Length: 16" "11:31:20.7555564 AM","icl.exe","42776","QueryStandardInformationFile","C:\ProgramData\Symantec\Symantec Endpoint Protection\14.2.4815.1101.105\Data\IRON\Iron.db","SUCCESS","AllocationSize: 1,101,824, EndOfFile: 1,101,824, NumberOfLinks: 1, DeletePending: False, Directory: False" "11:31:20.7555840 AM","icl.exe","42776","QueryStandardInformationFile","C:\ProgramData\Symantec\Symantec Endpoint Protection\14.2.4815.1101.105\Data\IRON\Iron.db","SUCCESS","AllocationSize: 1,101,824, EndOfFile: 1,101,824, NumberOfLinks: 1, DeletePending: False, Directory: False" "11:31:20.7556336 AM","icl.exe","42776","QuerySecurityFile","C:\Program Files (x86)\Common Files\Intel\Intel Software Manager\intel64\intelremotemonserver.exe","SUCCESS","Information: Owner, Group, DACL, SACL, Label, Attribute, Process Trust Label, 0x100" "11:31:20.7556486 AM","icl.exe","42776","QueryStandardInformationFile","C:\Program Files (x86)\Common Files\Intel\Intel Software Manager\intel64\intelremotemonserver.exe","SUCCESS","AllocationSize: 1,429,504, EndOfFile: 1,425,680, NumberOfLinks: 1, DeletePending: False, Directory: False" "11:31:20.7572917 AM","icl.exe","42776","QueryStandardInformationFile","C:\ProgramData\Symantec\Symantec Endpoint Protection\14.2.4815.1101.105\Data\IRON\Iron.db","SUCCESS","AllocationSize: 1,101,824, EndOfFile: 1,101,824, NumberOfLinks: 1, DeletePending: False, Directory: False" "11:31:20.7573101 AM","icl.exe","42776","ReadFile","C:\ProgramData\Symantec\Symantec Endpoint Protection\14.2.4815.1101.105\Data\IRON\Iron.db","SUCCESS","Offset: 24, Length: 16" "11:31:20.7573268 AM","icl.exe","42776","QueryStandardInformationFile","C:\ProgramData\Symantec\Symantec Endpoint Protection\14.2.4815.1101.105\Data\IRON\Iron.db","SUCCESS","AllocationSize: 1,101,824, EndOfFile: 1,101,824, NumberOfLinks: 1, DeletePending: False, Directory: False" "11:31:20.7573553 AM","icl.exe","42776","QueryStandardInformationFile","C:\ProgramData\Symantec\Symantec Endpoint Protection\14.2.4815.1101.105\Data\IRON\Iron.db","SUCCESS","AllocationSize: 1,101,824, EndOfFile: 1,101,824, NumberOfLinks: 1, DeletePending: False, Directory: False" "11:31:20.7573954 AM","icl.exe","42776","QueryStandardInformationFile","C:\ProgramData\Symantec\Symantec Endpoint Protection\14.2.4815.1101.105\Data\IRON\Iron.db","SUCCESS","AllocationSize: 1,101,824, EndOfFile: 1,101,824, NumberOfLinks: 1, DeletePending: False, Directory: False" "11:31:20.7574082 AM","icl.exe","42776","ReadFile","C:\ProgramData\Symantec\Symantec Endpoint Protection\14.2.4815.1101.105\Data\IRON\Iron.db","SUCCESS","Offset: 24, Length: 16" "11:31:20.7574212 AM","icl.exe","42776","QueryStandardInformationFile","C:\ProgramData\Symantec\Symantec Endpoint Protection\14.2.4815.1101.105\Data\IRON\Iron.db","SUCCESS","AllocationSize: 1,101,824, EndOfFile: 1,101,824, NumberOfLinks: 1, DeletePending: False, Directory: False" "11:31:20.7574470 AM","icl.exe","42776","QueryStandardInformationFile","C:\ProgramData\Symantec\Symantec Endpoint Protection\14.2.4815.1101.105\Data\IRON\Iron.db","SUCCESS","AllocationSize: 1,101,824, EndOfFile: 1,101,824, NumberOfLinks: 1, DeletePending: False, Directory: False" "11:31:20.7576785 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-2109960903-2035505985-632688529-10574","SUCCESS","Desired Access: All Access" "11:31:20.7577006 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-2109960903-2035505985-632688529-10574\\Device\HarddiskVolume2\Program Files (x86)\Common Files\Intel\Intel Software Manager\intel64\intelremotemonserver.exe","NAME NOT FOUND","Length: 40" "11:31:20.7577233 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-2109960903-2035505985-632688529-10574","SUCCESS","" "11:31:20.7577527 AM","icl.exe","42776","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\BAM","REPARSE","Desired Access: Query Value" "11:31:20.7577713 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Control\Session Manager\BAM","NAME NOT FOUND","Desired Access: Query Value" "11:31:20.7578638 AM","icl.exe","42776","Process Create","C:\Program Files (x86)\Common Files\Intel\Intel Software Manager\intel64\intelremotemonserver.exe","SUCCESS","PID: 33984, Command line: ""C:\Program Files (x86)\Common Files\Intel\Intel Software Manager\intel64\intelremotemonserver.exe""" "11:31:20.7580940 AM","icl.exe","42776","RegOpenKey","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders","SUCCESS","Desired Access: Query Value" "11:31:20.7581193 AM","icl.exe","42776","RegQueryValue","HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cache","SUCCESS","Type: REG_SZ, Length: 112, Data: C:\Users\osqa\AppData\Local\Microsoft\Windows\INetCache" "11:31:20.7581779 AM","icl.exe","42776","RegCloseKey","HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders","SUCCESS","" "11:31:20.7581995 AM","icl.exe","42776","RegOpenKey","HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers","NAME NOT FOUND","Desired Access: Query Value" "11:31:20.7582360 AM","icl.exe","42776","QuerySecurityFile","C:\Program Files (x86)\Common Files\Intel\Intel Software Manager\intel64\intelremotemonserver.exe","SUCCESS","Information: Owner, Group, DACL, SACL, Label, Attribute, Process Trust Label, 0x100" "11:31:20.7583355 AM","icl.exe","42776","CreateFile","C:\Windows\apppatch\sysmain.sdb","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, AllocationSize: n/a, OpenResult: Opened" "11:31:20.7583891 AM","icl.exe","42776","QueryBasicInformationFile","C:\Windows\apppatch\sysmain.sdb","SUCCESS","CreationTime: 3/10/2021 10:21:37 PM, LastAccessTime: 3/25/2021 11:31:20 AM, LastWriteTime: 3/10/2021 10:21:37 PM, ChangeTime: 3/10/2021 10:52:43 PM, FileAttributes: A" "11:31:20.7584011 AM","icl.exe","42776","CloseFile","C:\Windows\apppatch\sysmain.sdb","SUCCESS","" "11:31:20.7584688 AM","icl.exe","42776","QueryBasicInformationFile","C:\Program Files (x86)\Common Files\Intel\Intel Software Manager\intel64\intelremotemonserver.exe","SUCCESS","CreationTime: 4/7/2017 3:05:48 PM, LastAccessTime: 3/25/2021 11:31:20 AM, LastWriteTime: 4/7/2017 3:05:48 PM, ChangeTime: 2/24/2021 12:50:15 AM, FileAttributes: A" "11:31:20.7585800 AM","icl.exe","42776","RegOpenKey","HKLM\Software\Microsoft\Windows\CurrentVersion\SideBySide","SUCCESS","Desired Access: Read" "11:31:20.7586024 AM","icl.exe","42776","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest","NAME NOT FOUND","Length: 20" "11:31:20.7586183 AM","icl.exe","42776","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide","SUCCESS","" "11:31:20.7595330 AM","icl.exe","42776","CloseFile","C:\Program Files (x86)\Common Files\Intel\Intel Software Manager\intel64\intelremotemonserver.exe","SUCCESS","" "11:31:20.8720197 AM","icl.exe","42776","TCP Send","ca-w10-bld-05.prog.altair.com:59996 -> 204.235.26.31:28519","SUCCESS","Length: 43, startime: 754132, endtime: 754132, seqnum: 0, connid: 0" "11:31:20.8720444 AM","icl.exe","42776","TCP TCPCopy","ca-w10-bld-05.prog.altair.com:59996 -> 204.235.26.31:28519","SUCCESS","Length: 168, seqnum: 0, connid: 0" "11:31:20.8720764 AM","icl.exe","42776","TCP Receive","ca-w10-bld-05.prog.altair.com:59996 -> 204.235.26.31:28519","SUCCESS","Length: 168, seqnum: 0, connid: 0" "11:31:20.8721937 AM","icl.exe","42776","TCP Disconnect","ca-w10-bld-05.prog.altair.com:59996 -> 204.235.26.31:28519","SUCCESS","Length: 0, seqnum: 0, connid: 0" "11:31:20.8725064 AM","icl.exe","42776","CreateFile","C:\Users\osqa\AppData\Local\Temp\427761tempfile3","SUCCESS","Desired Access: Read Attributes, Delete, Disposition: Open, Options: Non-Directory File, Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:20.8725572 AM","icl.exe","42776","QueryAttributeTagFile","C:\Users\osqa\AppData\Local\Temp\427761tempfile3","SUCCESS","Attributes: A, ReparseTag: 0x0" "11:31:20.8725740 AM","icl.exe","42776","SetDispositionInformationEx","C:\Users\osqa\AppData\Local\Temp\427761tempfile3","SUCCESS","Flags: FILE_DISPOSITION_DELETE, FILE_DISPOSITION_POSIX_SEMANTICS, FILE_DISPOSITION_FORCE_IMAGE_SECTION_CHECK" "11:31:20.8726643 AM","icl.exe","42776","CloseFile","C:\Users\osqa\AppData\Local\Temp\427761tempfile3","SUCCESS","" "11:31:20.8728894 AM","icl.exe","42776","CreateFile","C:\Users\osqa\AppData\Local\Temp\427762arg4","SUCCESS","Desired Access: Read Attributes, Delete, Disposition: Open, Options: Non-Directory File, Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:20.8729226 AM","icl.exe","42776","QueryAttributeTagFile","C:\Users\osqa\AppData\Local\Temp\427762arg4","SUCCESS","Attributes: A, ReparseTag: 0x0" "11:31:20.8729360 AM","icl.exe","42776","SetDispositionInformationEx","C:\Users\osqa\AppData\Local\Temp\427762arg4","SUCCESS","Flags: FILE_DISPOSITION_DELETE, FILE_DISPOSITION_POSIX_SEMANTICS, FILE_DISPOSITION_FORCE_IMAGE_SECTION_CHECK" "11:31:20.8729803 AM","icl.exe","42776","CloseFile","C:\Users\osqa\AppData\Local\Temp\427762arg4","SUCCESS","" "11:31:20.8732898 AM","icl.exe","42776","Thread Exit","","SUCCESS","Thread ID: 31676, User Time: 0.0000000, Kernel Time: 0.0000000" "11:31:20.8732967 AM","icl.exe","42776","Thread Exit","","SUCCESS","Thread ID: 30524, User Time: 0.0000000, Kernel Time: 0.0000000" "11:31:20.8733020 AM","icl.exe","42776","Thread Exit","","SUCCESS","Thread ID: 28184, User Time: 0.0000000, Kernel Time: 0.0000000" "11:31:20.8733517 AM","icl.exe","42776","Thread Exit","","SUCCESS","Thread ID: 29492, User Time: 0.0000000, Kernel Time: 0.0000000" "11:31:20.8734026 AM","icl.exe","42776","Thread Exit","","SUCCESS","Thread ID: 42732, User Time: 0.0000000, Kernel Time: 0.0000000" "11:31:20.8739878 AM","icl.exe","42776","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\GRE_Initialize","SUCCESS","Desired Access: Read" "11:31:20.8740175 AM","icl.exe","42776","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles","NAME NOT FOUND","Length: 20" "11:31:20.8740389 AM","icl.exe","42776","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize","SUCCESS","" "11:31:20.8740545 AM","icl.exe","42776","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\GRE_Initialize","SUCCESS","Desired Access: Read" "11:31:20.8740680 AM","icl.exe","42776","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableUmpdBufferSizeCheck","NAME NOT FOUND","Length: 20" "11:31:20.8740806 AM","icl.exe","42776","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize","SUCCESS","" "11:31:20.8741494 AM","icl.exe","42776","RegCloseKey","HKCU\Software\Classes\Local Settings\Software\Microsoft","SUCCESS","" "11:31:20.8741633 AM","icl.exe","42776","RegCloseKey","HKCU\Software\Classes\Local Settings","SUCCESS","" "11:31:20.8741807 AM","icl.exe","42776","RegCloseKey","HKLM\SOFTWARE\Microsoft\Ole","SUCCESS","" "11:31:20.8741935 AM","icl.exe","42776","RegCloseKey","HKLM","SUCCESS","" "11:31:20.8744397 AM","icl.exe","42776","Thread Exit","","SUCCESS","Thread ID: 8680, User Time: 0.0312500, Kernel Time: 0.1250000" "11:31:20.8753962 AM","icl.exe","42776","CreateFile","C:\","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Complete If Oplocked, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:20.8755547 AM","icl.exe","42776","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\icl.exe","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Complete If Oplocked, Open By ID, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:20.8756575 AM","icl.exe","42776","CloseFile","C:\","SUCCESS","" "11:31:20.8757567 AM","icl.exe","42776","CloseFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\icl.exe","SUCCESS","" "11:31:20.8758878 AM","icl.exe","42776","Process Exit","","SUCCESS","Exit Status: 0, User Time: 0.0312500 seconds, Kernel Time: 0.1250000 seconds, Private Bytes: 5,169,152, Peak Private Bytes: 5,304,320, Working Set: 16,072,704, Peak Working Set: 16,076,800" "11:31:20.8759149 AM","icl.exe","42776","RegOpenKey","HKLM\System\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-2109960903-2035505985-632688529-10574","SUCCESS","Desired Access: All Access" "11:31:20.8759320 AM","icl.exe","42776","RegQueryValue","HKLM\System\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-2109960903-2035505985-632688529-10574\\Device\HarddiskVolume2\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\icl.exe","NAME NOT FOUND","Length: 40" "11:31:20.8759749 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-2109960903-2035505985-632688529-10574","SUCCESS","" "11:31:20.8760932 AM","icl.exe","42776","CloseFile","C:\Users\osqa\workarea\osqa_ca-w10-bld-05_os_211\os","SUCCESS","" "11:31:20.8762778 AM","icl.exe","42776","CloseFile","C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.844_none_ca00b6081b84eb1d","SUCCESS","" "11:31:20.8763753 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\Sorting\Versions","SUCCESS","" "11:31:20.8763835 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Control\Session Manager","SUCCESS","" "11:31:20.8763916 AM","icl.exe","42776","CloseFile","C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.19041.844_none_423537bff6b9828c","SUCCESS","" "11:31:20.8764720 AM","icl.exe","42776","RegCloseKey","HKLM","SUCCESS","" "11:31:20.8764846 AM","icl.exe","42776","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options","SUCCESS","" "11:31:20.8765034 AM","icl.exe","42776","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\PropertyBag","SUCCESS","" "11:31:20.8765137 AM","icl.exe","42776","RegCloseKey","HKCU\Control Panel\International","SUCCESS","" "11:31:20.8765217 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\Sorting\Ids","SUCCESS","" "11:31:20.8765490 AM","icl.exe","42776","RegCloseKey","HKCU","SUCCESS","" "11:31:20.8765569 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9","SUCCESS","" "11:31:20.8765649 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5","SUCCESS","" "11:31:20.8766148 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces","SUCCESS","" "11:31:20.8766216 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces","SUCCESS","" "11:31:20.8767019 AM","icl.exe","42776","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\CodePage","SUCCESS","" "11:31:20.8767102 AM","icl.exe","42776","RegCloseKey","HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion","SUCCESS","" "11:31:23.5929092 AM","icl.exe","36504","Process Start","","SUCCESS","Parent PID: 36520, Command line: icl.exe /nologo /Oi /D _CRT_SECURE_NO_WARNINGS /Qopenmp /fp:consistent ""-DBUILDID=\""1060646uwn33211_Ce64RB68UH14M\"""" -c ../os3rdparty/conmin/os3_ver.c /MT /O2 -DNDEBUG /Qdiag-disable:10397 -DUSE_FPTR -D_WIN32 -D_64 -DWIN32 -DWIN64 -D_WIN64 -DOS_AVLEXB -DFCCI -DFCCI2 -DMKL15 -DARPACKNG -DD_CUDA -DOS64 -DBLASTYPE_mkl=1 -DCPP_mach=CPP_p4win64 -DUSE_SIMPACK -DUSE_OMP=1 -DUSE_MUMPS=1 -DUSE_ZMUMPS -DNDEBUG=1 -DH3DREAD=1 -DOS_WIN=1 -DS_RDFLX=21 -DC_CYGWIN=1 -DCYGWIN_e64=1 -DH3D=14 -I../_obj_CYGWIN_e64_os64 -I../header -I../header_drv -I../header/h3d14 -I./rpc3/inc -DBUILDINFO=1 -DBUILDINFO=1 -DRELEASE_BUILD=1 -Fo_obj_CYGWIN_e64_os64/os3_ver.obj, Current directory: C:\Users\osqa\workarea\osqa_ca-w10-bld-05_os_211\os\os3rdparty\, Environment: ; =C:=C:\Users\osqa\workarea\osqa_ca-w10-bld-05_os_211\os ; ADVISOR_2017_DIR=C:\Program Files (x86)\IntelSWTools\Advisor 2017\ ; ALLUSERSPROFILE=C:\ProgramData ; APPDATA=C:\Users\osqa\AppData\Roaming ; ARCH_PATH=intel64 ; BIN_DIR=bin64 ; BIN_ROOT=C:\Program Files (x86)\IntelSWTools\parallel_studio_xe_2017.4.051\compilers_and_libraries_2017\windows\bin\ ; BLDCMD=wsl make C=e64 OS64=1 BLAS=mkl ML=all RDFLX=21 USEHOSTTYPE=CYGWIN ; CCOMPNM=icl.exe ; CHKCMD=wsl make C=e64 OS64=1 BLAS=mkl ML=all RDFLX=21 USEHOSTTYPE=CYGWIN check ; CLASSPATH=C:\Program Files (x86)\IntelSWTools\parallel_studio_xe_2017.4.051\compilers_and_libraries_2017\windows\daal\lib\daal.jar; ; CMPLR_PATH=C:\Program Files (x86)\IntelSWTools\parallel_studio_xe_2017.4.051\compilers_and_libraries_2017\windows\bin\intel64 ; COMPUTERNAME=CA-W10-BLD-05 ; CPATH=C:\Program Files (x86)\IntelSWTools\parallel_studio_xe_2017.4.051\compilers_and_libraries_2017\windows\ipp\include;C:\Program Files (x86)\IntelSWTools\parallel_studio_xe_2017.4.051\compilers_and_libraries_2017\windows\mkl\include;C:\Program Files (x86)\IntelSWTools\parallel_studio_xe_2017.4.051\compilers_and_libraries_2017\windows\tbb\bin\..\include;C:\Program Files (x86)\IntelSWTools\parallel_studio_xe_2017.4.051\compilers_and_libraries_2017\windows\daal\include; ; C_TARGET_ARCH=intel64 ; ComSpec=C:\Windows\system32\cmd.exe ; CommandPromptType=Native ; CommonProgramFiles=C:\Program Files\Common Files ; CommonProgramFiles(x86)=C:\Program Files (x86)\Common Files ; CommonProgramW6432=C:\Program Files\Common Files ; DAALROOT=C:\Program Files (x86)\IntelSWTools\parallel_studio_xe_2017.4.051\compilers_and_libraries_2017\windows\daal ; DriverData=C:\Windows\System32\Drivers\DriverData ; FCOMPNM=ifort.exe ; Framework40Version=v4.0 ; FrameworkDIR64=C:\Windows\Microsoft.NET\Framework64 ; FrameworkDir=C:\Windows\Microsoft.NET\Framework64 ; FrameworkVersion=v4.0.30319 ; FrameworkVersion64=v4.0.30319 ; HOME=C:\Users\osqa ; HOMEDRIVE=C: ; HOMEPATH=\Users\osqa ; ICPP_COMPILER17=C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\ ; IFORT_COMPILER17=C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\ ; INCLUDE=C:\Program Files (x86)\IntelSWTools\parallel_studio_xe_2017.4.051\compilers_and_libraries_2017\windows\compiler\include;C:\Program Files (x86)\IntelSWTools\parallel_studio_xe_2017.4.051\compilers_and_libraries_2017\windows\compiler\include\intel64;C:\Program Files (x86)\Microsoft Visual Studio 14.0\VC\INCLUDE;C:\Program Files (x86)\Microsoft Visual Studio 14.0\VC\ATLMFC\INCLUDE;C:\Program Files (x86)\Windows Kits\10\include\10.0.10240.0\ucrt;C:\Program Files (x86)\Windows Kits\NETFXSDK\4.6.1\include\um;C:\Program Files (x86)\Windows Kits\8.1\include\\shared;C:\Program Files (x86)\Windows Kits\8.1\include\\um;C:\Program Files (x86)\Windows Kits\8.1\include\\winrt;C:\Program Files (x86)\IntelSWTools\parallel_studio_xe_2017.4.051\compilers_and_libraries_2017\windows\mpi\intel64\bin\..\..\intel64\include;C:\Program Files (x86)\IntelSWTools\parallel_studio_xe_2017.4.051\compilers_and_libraries_2017\windows\ipp\include;C:\Program Files (x86)\IntelSWTools\parallel_studio_xe_2017.4.051\compilers_and_libraries_2017\windows\mkl\include;C:\Program Files (x86)\IntelSWTools\parallel_studio_xe_2017.4.051\compiler" "11:31:23.5929361 AM","icl.exe","36504","Thread Create","","SUCCESS","Thread ID: 39540" "11:31:23.6009838 AM","icl.exe","36504","Load Image","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\icl.exe","SUCCESS","Image Base: 0x7ff6546a0000, Image Size: 0x491000" "11:31:23.6012453 AM","icl.exe","36504","Load Image","C:\Windows\System32\ntdll.dll","SUCCESS","Image Base: 0x7ffbdd590000, Image Size: 0x1f5000" "11:31:23.6014251 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Session Manager","REPARSE","Desired Access: Query Value" "11:31:23.6014411 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Session Manager","SUCCESS","Desired Access: Query Value" "11:31:23.6014551 AM","icl.exe","36504","RegQueryValue","HKLM\System\CurrentControlSet\Control\Session Manager\RaiseExceptionOnPossibleDeadlock","NAME NOT FOUND","Length: 80" "11:31:23.6014701 AM","icl.exe","36504","RegCloseKey","HKLM\System\CurrentControlSet\Control\Session Manager","SUCCESS","" "11:31:23.6014840 AM","icl.exe","36504","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Segment Heap","REPARSE","Desired Access: Query Value" "11:31:23.6014951 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Session Manager\Segment Heap","NAME NOT FOUND","Desired Access: Query Value" "11:31:23.6015294 AM","icl.exe","36504","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Control\Session Manager","REPARSE","Desired Access: Query Value, Enumerate Sub Keys" "11:31:23.6015397 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Session Manager","SUCCESS","Desired Access: Query Value, Enumerate Sub Keys" "11:31:23.6015501 AM","icl.exe","36504","RegQueryValue","HKLM\System\CurrentControlSet\Control\Session Manager\ResourcePolicies","NAME NOT FOUND","Length: 24" "11:31:23.6015623 AM","icl.exe","36504","RegCloseKey","HKLM\System\CurrentControlSet\Control\Session Manager","SUCCESS","" "11:31:23.6018838 AM","icl.exe","36504","CreateFile","C:\Users\osqa\workarea\osqa_ca-w10-bld-05_os_211\os\os3rdparty","SUCCESS","Desired Access: Execute/Traverse, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened" "11:31:23.6021542 AM","icl.exe","36504","Load Image","C:\Windows\System32\kernel32.dll","SUCCESS","Image Base: 0x7ffbdd490000, Image Size: 0xbd000" "11:31:23.6025983 AM","icl.exe","36504","Load Image","C:\Windows\System32\KernelBase.dll","SUCCESS","Image Base: 0x7ffbdacd0000, Image Size: 0x2c9000" "11:31:23.6141366 AM","icl.exe","36504","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\3c74afb9-8d82-44e3-b52c-365dbf48382a","NAME NOT FOUND","Length: 528" "11:31:23.6141914 AM","icl.exe","36504","QueryNameInformationFile","C:\Windows\System32\KernelBase.dll","SUCCESS","Name: \Windows\System32\KernelBase.dll" "11:31:23.6142429 AM","icl.exe","36504","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\05f95efe-7f75-49c7-a994-60a55cc09571","NAME NOT FOUND","Length: 528" "11:31:23.6142840 AM","icl.exe","36504","QueryNameInformationFile","C:\Windows\System32\KernelBase.dll","SUCCESS","Name: \Windows\System32\KernelBase.dll" "11:31:23.6143356 AM","icl.exe","36504","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\e36c4458-ed80-4ad7-a8be-52dda1eb5f1c","NAME NOT FOUND","Length: 528" "11:31:23.6143753 AM","icl.exe","36504","QueryNameInformationFile","C:\Windows\System32\kernel32.dll","SUCCESS","Name: \Windows\System32\kernel32.dll" "11:31:23.6145506 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\SafeBoot\Option","REPARSE","Desired Access: Query Value, Set Value" "11:31:23.6145645 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\SafeBoot\Option","NAME NOT FOUND","Desired Access: Query Value, Set Value" "11:31:23.6145799 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Srp\GP\DLL","REPARSE","Desired Access: Read" "11:31:23.6145904 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Srp\GP\DLL","NAME NOT FOUND","Desired Access: Read" "11:31:23.6146038 AM","icl.exe","36504","RegOpenKey","HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers","SUCCESS","Desired Access: Query Value" "11:31:23.6146197 AM","icl.exe","36504","RegQueryValue","HKLM\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\TransparentEnabled","NAME NOT FOUND","Length: 80" "11:31:23.6146329 AM","icl.exe","36504","RegCloseKey","HKLM\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers","SUCCESS","" "11:31:23.6146465 AM","icl.exe","36504","RegOpenKey","HKCU\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers","NAME NOT FOUND","Desired Access: Query Value" "11:31:23.6146758 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\FileSystem\","REPARSE","Desired Access: Read" "11:31:23.6147346 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\FileSystem","SUCCESS","Desired Access: Read" "11:31:23.6147545 AM","icl.exe","36504","RegQueryValue","HKLM\System\CurrentControlSet\Control\FileSystem\LongPathsEnabled","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0" "11:31:23.6147723 AM","icl.exe","36504","RegCloseKey","HKLM\System\CurrentControlSet\Control\FileSystem","SUCCESS","" "11:31:23.6149691 AM","icl.exe","36504","CreateFile","C:\Windows\System32\sysfer.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:23.6149992 AM","icl.exe","36504","QueryBasicInformationFile","C:\Windows\System32\sysfer.dll","SUCCESS","CreationTime: 2/17/2021 7:38:16 AM, LastAccessTime: 3/25/2021 11:31:23 AM, LastWriteTime: 2/17/2021 7:38:16 AM, ChangeTime: 2/17/2021 7:38:16 AM, FileAttributes: A" "11:31:23.6150101 AM","icl.exe","36504","CloseFile","C:\Windows\System32\sysfer.dll","SUCCESS","" "11:31:23.6150892 AM","icl.exe","36504","CreateFile","C:\Windows\System32\sysfer.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:23.6151165 AM","icl.exe","36504","CreateFileMapping","C:\Windows\System32\sysfer.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_WRITECOPY|PAGE_NOCACHE" "11:31:23.6152124 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Read" "11:31:23.6152289 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Read" "11:31:23.6152431 AM","icl.exe","36504","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 20" "11:31:23.6152585 AM","icl.exe","36504","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","" "11:31:23.6152721 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Query Value" "11:31:23.6152854 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Query Value" "11:31:23.6152977 AM","icl.exe","36504","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 80" "11:31:23.6153113 AM","icl.exe","36504","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","" "11:31:23.6153232 AM","icl.exe","36504","CreateFileMapping","C:\Windows\System32\sysfer.dll","SUCCESS","SyncType: SyncTypeOther" "11:31:23.6155580 AM","icl.exe","36504","Load Image","C:\Windows\System32\sysfer.dll","SUCCESS","Image Base: 0x50660000, Image Size: 0x93000" "11:31:23.6156888 AM","icl.exe","36504","Thread Create","","SUCCESS","Thread ID: 32168" "11:31:23.6157231 AM","icl.exe","36504","CloseFile","C:\Windows\System32\sysfer.dll","SUCCESS","" "11:31:23.6159788 AM","icl.exe","36504","Load Image","C:\Windows\System32\advapi32.dll","SUCCESS","Image Base: 0x7ffbdd170000, Image Size: 0xac000" "11:31:23.6163524 AM","icl.exe","36504","Load Image","C:\Windows\System32\msvcrt.dll","SUCCESS","Image Base: 0x7ffbdc6e0000, Image Size: 0x9e000" "11:31:23.6167379 AM","icl.exe","36504","Load Image","C:\Windows\System32\sechost.dll","SUCCESS","Image Base: 0x7ffbdc640000, Image Size: 0x9c000" "11:31:23.6169881 AM","icl.exe","36504","Load Image","C:\Windows\System32\rpcrt4.dll","SUCCESS","Image Base: 0x7ffbdd300000, Image Size: 0x12b000" "11:31:23.6171420 AM","icl.exe","36504","Thread Create","","SUCCESS","Thread ID: 29960" "11:31:23.6172541 AM","icl.exe","36504","Thread Create","","SUCCESS","Thread ID: 18152" "11:31:23.6172873 AM","icl.exe","36504","Load Image","C:\Windows\System32\shlwapi.dll","SUCCESS","Image Base: 0x7ffbdd0b0000, Image Size: 0x55000" "11:31:23.6179160 AM","icl.exe","36504","Load Image","C:\Windows\System32\oleaut32.dll","SUCCESS","Image Base: 0x7ffbdc4b0000, Image Size: 0xcd000" "11:31:23.6182024 AM","icl.exe","36504","Load Image","C:\Windows\System32\msvcp_win.dll","SUCCESS","Image Base: 0x7ffbdb0d0000, Image Size: 0x9d000" "11:31:23.6184749 AM","icl.exe","36504","Load Image","C:\Windows\System32\ucrtbase.dll","SUCCESS","Image Base: 0x7ffbdafa0000, Image Size: 0x100000" "11:31:23.6185980 AM","icl.exe","36504","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Control\Session Manager","REPARSE","Desired Access: Query Value, Enumerate Sub Keys" "11:31:23.6186152 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Session Manager","SUCCESS","Desired Access: Query Value, Enumerate Sub Keys" "11:31:23.6186301 AM","icl.exe","36504","RegQueryValue","HKLM\System\CurrentControlSet\Control\Session Manager\ResourcePolicies","NAME NOT FOUND","Length: 24" "11:31:23.6186467 AM","icl.exe","36504","RegCloseKey","HKLM\System\CurrentControlSet\Control\Session Manager","SUCCESS","" "11:31:23.6189021 AM","icl.exe","36504","Load Image","C:\Windows\System32\combase.dll","SUCCESS","Image Base: 0x7ffbdcb90000, Image Size: 0x355000" "11:31:23.6192027 AM","icl.exe","36504","Load Image","C:\Windows\System32\ole32.dll","SUCCESS","Image Base: 0x7ffbdbd40000, Image Size: 0x12a000" "11:31:23.6196293 AM","icl.exe","36504","Load Image","C:\Windows\System32\gdi32.dll","SUCCESS","Image Base: 0x7ffbdd220000, Image Size: 0x2a000" "11:31:23.6199045 AM","icl.exe","36504","Load Image","C:\Windows\System32\win32u.dll","SUCCESS","Image Base: 0x7ffbdb0a0000, Image Size: 0x22000" "11:31:23.6202592 AM","icl.exe","36504","Load Image","C:\Windows\System32\gdi32full.dll","SUCCESS","Image Base: 0x7ffbdb4e0000, Image Size: 0x10b000" "11:31:23.6228081 AM","icl.exe","36504","Load Image","C:\Windows\System32\user32.dll","SUCCESS","Image Base: 0x7ffbdc860000, Image Size: 0x1a0000" "11:31:23.6238844 AM","icl.exe","36504","Load Image","C:\Windows\System32\shell32.dll","SUCCESS","Image Base: 0x7ffbdb5f0000, Image Size: 0x742000" "11:31:23.6254225 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Session Manager","REPARSE","Desired Access: Query Value" "11:31:23.6254396 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Session Manager","SUCCESS","Desired Access: Query Value" "11:31:23.6254551 AM","icl.exe","36504","RegQueryValue","HKLM\System\CurrentControlSet\Control\Session Manager\SafeDllSearchMode","NAME NOT FOUND","Length: 16" "11:31:23.6256541 AM","icl.exe","36504","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\VERSION.dll","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a" "11:31:23.6258799 AM","icl.exe","36504","CreateFile","C:\Windows\System32\version.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:23.6258889 AM","icl.exe","36504","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\intelremotemon.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:23.6259145 AM","icl.exe","36504","QueryBasicInformationFile","C:\Windows\System32\version.dll","SUCCESS","CreationTime: 2/17/2021 8:54:00 AM, LastAccessTime: 3/25/2021 11:31:21 AM, LastWriteTime: 2/17/2021 8:54:00 AM, ChangeTime: 3/10/2021 10:24:06 PM, FileAttributes: A" "11:31:23.6259220 AM","icl.exe","36504","QueryBasicInformationFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\intelremotemon.dll","SUCCESS","CreationTime: 4/12/2017 7:50:48 AM, LastAccessTime: 3/25/2021 11:31:21 AM, LastWriteTime: 4/12/2017 7:50:48 AM, ChangeTime: 2/24/2021 12:42:11 AM, FileAttributes: A" "11:31:23.6259291 AM","icl.exe","36504","CloseFile","C:\Windows\System32\version.dll","SUCCESS","" "11:31:23.6259450 AM","icl.exe","36504","CloseFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\intelremotemon.dll","SUCCESS","" "11:31:23.6260532 AM","icl.exe","36504","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\intelremotemon.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:23.6260544 AM","icl.exe","36504","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\FNP_Act_Installer.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:23.6260852 AM","icl.exe","36504","CreateFileMapping","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\intelremotemon.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_WRITECOPY|PAGE_NOCACHE" "11:31:23.6260914 AM","icl.exe","36504","CreateFile","C:\Windows\System32\version.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:23.6261233 AM","icl.exe","36504","QueryBasicInformationFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\FNP_Act_Installer.dll","SUCCESS","CreationTime: 4/12/2017 7:50:50 AM, LastAccessTime: 3/25/2021 11:31:21 AM, LastWriteTime: 4/12/2017 7:50:50 AM, ChangeTime: 2/24/2021 12:42:11 AM, FileAttributes: A" "11:31:23.6261356 AM","icl.exe","36504","CreateFileMapping","C:\Windows\System32\version.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_WRITECOPY|PAGE_NOCACHE" "11:31:23.6262098 AM","icl.exe","36504","CloseFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\FNP_Act_Installer.dll","SUCCESS","" "11:31:23.6262338 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Read" "11:31:23.6262521 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Read" "11:31:23.6262665 AM","icl.exe","36504","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 20" "11:31:23.6263056 AM","icl.exe","36504","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","" "11:31:23.6263205 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Query Value" "11:31:23.6263339 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Query Value" "11:31:23.6263395 AM","icl.exe","36504","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\FNP_Act_Installer.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:23.6263483 AM","icl.exe","36504","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 80" "11:31:23.6263631 AM","icl.exe","36504","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","" "11:31:23.6263696 AM","icl.exe","36504","CreateFileMapping","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\FNP_Act_Installer.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_WRITECOPY|PAGE_NOCACHE" "11:31:23.6264016 AM","icl.exe","36504","CreateFileMapping","C:\Windows\System32\version.dll","SUCCESS","SyncType: SyncTypeOther" "11:31:23.6267254 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Read" "11:31:23.6267591 AM","icl.exe","36504","Load Image","C:\Windows\System32\version.dll","SUCCESS","Image Base: 0x7ffbd1d40000, Image Size: 0xa000" "11:31:23.6267663 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Read" "11:31:23.6267859 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Read" "11:31:23.6268280 AM","icl.exe","36504","Load Image","C:\Windows\System32\comdlg32.dll","SUCCESS","Image Base: 0x7ffbdc780000, Image Size: 0xda000" "11:31:23.6268400 AM","icl.exe","36504","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 20" "11:31:23.6268438 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Read" "11:31:23.6268657 AM","icl.exe","36504","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 20" "11:31:23.6268822 AM","icl.exe","36504","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","" "11:31:23.6268982 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Query Value" "11:31:23.6269139 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Query Value" "11:31:23.6269267 AM","icl.exe","36504","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 80" "11:31:23.6269404 AM","icl.exe","36504","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","" "11:31:23.6269549 AM","icl.exe","36504","CreateFileMapping","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\FNP_Act_Installer.dll","SUCCESS","SyncType: SyncTypeOther" "11:31:23.6274579 AM","icl.exe","36504","CloseFile","C:\Windows\System32\version.dll","SUCCESS","" "11:31:23.6275851 AM","icl.exe","36504","Load Image","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\FNP_Act_Installer.dll","SUCCESS","Image Base: 0x77410000, Image Size: 0x1eb000" "11:31:23.6284440 AM","icl.exe","36504","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","" "11:31:23.6284650 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Query Value" "11:31:23.6284822 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Query Value" "11:31:23.6284974 AM","icl.exe","36504","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 80" "11:31:23.6285132 AM","icl.exe","36504","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","" "11:31:23.6285286 AM","icl.exe","36504","CreateFileMapping","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\intelremotemon.dll","SUCCESS","SyncType: SyncTypeOther" "11:31:23.6286464 AM","icl.exe","36504","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\NETAPI32.dll","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a" "11:31:23.6287897 AM","icl.exe","36504","CreateFile","C:\Windows\System32\netapi32.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:23.6288256 AM","icl.exe","36504","QueryBasicInformationFile","C:\Windows\System32\netapi32.dll","SUCCESS","CreationTime: 2/17/2021 8:53:25 AM, LastAccessTime: 3/25/2021 11:31:21 AM, LastWriteTime: 2/17/2021 8:53:25 AM, ChangeTime: 3/10/2021 10:24:06 PM, FileAttributes: A" "11:31:23.6288361 AM","icl.exe","36504","CloseFile","C:\Windows\System32\netapi32.dll","SUCCESS","" "11:31:23.6289135 AM","icl.exe","36504","CreateFile","C:\Windows\System32\netapi32.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:23.6289483 AM","icl.exe","36504","CreateFileMapping","C:\Windows\System32\netapi32.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_WRITECOPY|PAGE_NOCACHE" "11:31:23.6290293 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Read" "11:31:23.6290458 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Read" "11:31:23.6290597 AM","icl.exe","36504","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 20" "11:31:23.6290753 AM","icl.exe","36504","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","" "11:31:23.6290884 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Query Value" "11:31:23.6291012 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Query Value" "11:31:23.6291132 AM","icl.exe","36504","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 80" "11:31:23.6291266 AM","icl.exe","36504","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","" "11:31:23.6291390 AM","icl.exe","36504","CreateFileMapping","C:\Windows\System32\netapi32.dll","SUCCESS","SyncType: SyncTypeOther" "11:31:23.6304415 AM","icl.exe","36504","CloseFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\FNP_Act_Installer.dll","SUCCESS","" "11:31:23.6304773 AM","icl.exe","36504","Load Image","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\intelremotemon.dll","SUCCESS","Image Base: 0x7ffbae940000, Image Size: 0x158000" "11:31:23.6306015 AM","icl.exe","36504","Load Image","C:\Windows\System32\netapi32.dll","SUCCESS","Image Base: 0x7ffbd0460000, Image Size: 0x18000" "11:31:23.6313997 AM","icl.exe","36504","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access" "11:31:23.6314226 AM","icl.exe","36504","RegOpenKey","HKCU\Control Panel\Desktop\MuiCached\MachineLanguageConfiguration","NAME NOT FOUND","Desired Access: Read" "11:31:23.6314408 AM","icl.exe","36504","RegCloseKey","HKCU","SUCCESS","" "11:31:23.6314546 AM","icl.exe","36504","RegOpenKey","HKLM\Software\Policies\Microsoft\MUI\Settings","NAME NOT FOUND","Desired Access: Read" "11:31:23.6314756 AM","icl.exe","36504","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access" "11:31:23.6314921 AM","icl.exe","36504","RegOpenKey","HKCU\Software\Policies\Microsoft\Control Panel\Desktop","NAME NOT FOUND","Desired Access: Read" "11:31:23.6315085 AM","icl.exe","36504","RegOpenKey","HKCU\Control Panel\Desktop\LanguageConfiguration","NAME NOT FOUND","Desired Access: Read" "11:31:23.6315226 AM","icl.exe","36504","RegCloseKey","HKCU","SUCCESS","" "11:31:23.6315356 AM","icl.exe","36504","RegOpenKey","HKLM\Software\Policies\Microsoft\MUI\Settings","NAME NOT FOUND","Desired Access: Read" "11:31:23.6315459 AM","icl.exe","36504","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\msi.dll","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a" "11:31:23.6315511 AM","icl.exe","36504","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access" "11:31:23.6315643 AM","icl.exe","36504","RegOpenKey","HKCU\Software\Policies\Microsoft\Control Panel\Desktop","NAME NOT FOUND","Desired Access: Read" "11:31:23.6315776 AM","icl.exe","36504","RegOpenKey","HKCU\Control Panel\Desktop","SUCCESS","Desired Access: Read" "11:31:23.6315912 AM","icl.exe","36504","RegQueryValue","HKCU\Control Panel\Desktop\PreferredUILanguages","NAME NOT FOUND","Length: 12" "11:31:23.6316075 AM","icl.exe","36504","RegCloseKey","HKCU\Control Panel\Desktop","SUCCESS","" "11:31:23.6316178 AM","icl.exe","36504","RegCloseKey","HKCU","SUCCESS","" "11:31:23.6316290 AM","icl.exe","36504","RegOpenKey","HKLM\Software\Policies\Microsoft\MUI\Settings","NAME NOT FOUND","Desired Access: Read" "11:31:23.6316442 AM","icl.exe","36504","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access" "11:31:23.6316579 AM","icl.exe","36504","RegOpenKey","HKCU\Control Panel\Desktop\MuiCached","SUCCESS","Desired Access: Read" "11:31:23.6316705 AM","icl.exe","36504","RegQueryValue","HKCU\Control Panel\Desktop\MuiCached\MachinePreferredUILanguages","BUFFER OVERFLOW","Length: 12" "11:31:23.6316826 AM","icl.exe","36504","RegQueryValue","HKCU\Control Panel\Desktop\MuiCached\MachinePreferredUILanguages","SUCCESS","Type: REG_MULTI_SZ, Length: 12, Data: en-US" "11:31:23.6316858 AM","icl.exe","36504","CreateFile","C:\Windows\System32\msi.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:23.6317123 AM","icl.exe","36504","RegCloseKey","HKCU\Control Panel\Desktop\MuiCached","SUCCESS","" "11:31:23.6317293 AM","icl.exe","36504","RegCloseKey","HKCU","SUCCESS","" "11:31:23.6317844 AM","icl.exe","36504","QueryBasicInformationFile","C:\Windows\System32\msi.dll","SUCCESS","CreationTime: 3/10/2021 10:22:36 PM, LastAccessTime: 3/25/2021 11:31:21 AM, LastWriteTime: 3/10/2021 10:22:36 PM, ChangeTime: 3/10/2021 10:53:09 PM, FileAttributes: A" "11:31:23.6317960 AM","icl.exe","36504","CloseFile","C:\Windows\System32\msi.dll","SUCCESS","" "11:31:23.6318982 AM","icl.exe","36504","CreateFile","C:\Windows\System32\msi.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:23.6319324 AM","icl.exe","36504","CreateFileMapping","C:\Windows\System32\msi.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_WRITECOPY|PAGE_NOCACHE" "11:31:23.6320397 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Read" "11:31:23.6320557 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Read" "11:31:23.6320692 AM","icl.exe","36504","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 20" "11:31:23.6320838 AM","icl.exe","36504","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","" "11:31:23.6320969 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Query Value" "11:31:23.6321099 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Query Value" "11:31:23.6321219 AM","icl.exe","36504","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 80" "11:31:23.6321349 AM","icl.exe","36504","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","" "11:31:23.6321471 AM","icl.exe","36504","CreateFileMapping","C:\Windows\System32\msi.dll","SUCCESS","SyncType: SyncTypeOther" "11:31:23.6323415 AM","icl.exe","36504","RegOpenKey","HKLM\Software\Microsoft\Windows\CurrentVersion\SideBySide","SUCCESS","Desired Access: Read" "11:31:23.6323623 AM","icl.exe","36504","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest","NAME NOT FOUND","Length: 20" "11:31:23.6323777 AM","icl.exe","36504","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide","SUCCESS","" "11:31:23.6324799 AM","icl.exe","36504","Load Image","C:\Windows\System32\SHCore.dll","SUCCESS","Image Base: 0x7ffbdc590000, Image Size: 0xae000" "11:31:23.6325169 AM","icl.exe","36504","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\intelremotemon.dll","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:23.6330762 AM","icl.exe","36504","CloseFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\intelremotemon.dll","SUCCESS","" "11:31:23.6331655 AM","icl.exe","36504","CloseFile","C:\Windows\System32\netapi32.dll","SUCCESS","" "11:31:23.6333341 AM","icl.exe","36504","RegOpenKey","HKLM\Software\Microsoft\Windows\CurrentVersion\SideBySide\AssemblyStorageRoots","NAME NOT FOUND","Desired Access: Enumerate Sub Keys" "11:31:23.6335072 AM","icl.exe","36504","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\OLEACC.dll","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a" "11:31:23.6336956 AM","icl.exe","36504","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\icl.exe.Local","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a" "11:31:23.6337106 AM","icl.exe","36504","CreateFile","C:\Windows\System32\oleacc.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:23.6337497 AM","icl.exe","36504","QueryBasicInformationFile","C:\Windows\System32\oleacc.dll","SUCCESS","CreationTime: 2/17/2021 8:53:56 AM, LastAccessTime: 3/25/2021 11:31:21 AM, LastWriteTime: 2/17/2021 8:53:56 AM, ChangeTime: 3/10/2021 10:24:06 PM, FileAttributes: A" "11:31:23.6337610 AM","icl.exe","36504","CloseFile","C:\Windows\System32\oleacc.dll","SUCCESS","" "11:31:23.6338514 AM","icl.exe","36504","CreateFile","C:\Windows\System32\oleacc.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:23.6338613 AM","icl.exe","36504","CreateFile","C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.844_none_ca00b6081b84eb1d","SUCCESS","Desired Access: Execute/Traverse, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened" "11:31:23.6339351 AM","icl.exe","36504","CreateFileMapping","C:\Windows\System32\oleacc.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_WRITECOPY|PAGE_NOCACHE" "11:31:23.6339641 AM","icl.exe","36504","CloseFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\intelremotemon.dll","SUCCESS","" "11:31:23.6340263 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Read" "11:31:23.6340438 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Read" "11:31:23.6340579 AM","icl.exe","36504","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 20" "11:31:23.6340746 AM","icl.exe","36504","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","" "11:31:23.6340841 AM","icl.exe","36504","RegOpenKey","HKLM\Software\Microsoft\Windows\CurrentVersion\SideBySide\AssemblyStorageRoots","NAME NOT FOUND","Desired Access: Enumerate Sub Keys" "11:31:23.6340896 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Query Value" "11:31:23.6341053 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Query Value" "11:31:23.6341490 AM","icl.exe","36504","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 80" "11:31:23.6341630 AM","icl.exe","36504","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","" "11:31:23.6341768 AM","icl.exe","36504","CreateFileMapping","C:\Windows\System32\oleacc.dll","SUCCESS","SyncType: SyncTypeOther" "11:31:23.6344436 AM","icl.exe","36504","Load Image","C:\Windows\System32\oleacc.dll","SUCCESS","Image Base: 0x7ffbc1bf0000, Image Size: 0x66000" "11:31:23.6344954 AM","icl.exe","36504","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\icl.exe.Local","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a" "11:31:23.6346029 AM","icl.exe","36504","Load Image","C:\Windows\System32\msi.dll","SUCCESS","Image Base: 0x7ffbc4210000, Image Size: 0x32b000" "11:31:23.6346528 AM","icl.exe","36504","CreateFile","C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.19041.844_none_423537bff6b9828c","SUCCESS","Desired Access: Execute/Traverse, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened" "11:31:23.6365193 AM","icl.exe","36504","Load Image","C:\Windows\System32\ws2_32.dll","SUCCESS","Image Base: 0x7ffbdd250000, Image Size: 0x6b000" "11:31:23.6367756 AM","icl.exe","36504","RegOpenKey","HKLM\Software\Microsoft\Windows\CurrentVersion\SideBySide","SUCCESS","Desired Access: Read" "11:31:23.6367978 AM","icl.exe","36504","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest","NAME NOT FOUND","Length: 20" "11:31:23.6368146 AM","icl.exe","36504","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide","SUCCESS","" "11:31:23.6369448 AM","icl.exe","36504","CreateFile","C:\Windows\System32\msi.dll","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:23.6374195 AM","icl.exe","36504","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\WINSPOOL.DRV","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a" "11:31:23.6375917 AM","icl.exe","36504","CreateFile","C:\Windows\System32\winspool.drv","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:23.6376523 AM","icl.exe","36504","CloseFile","C:\Windows\System32\msi.dll","SUCCESS","" "11:31:23.6376545 AM","icl.exe","36504","QueryBasicInformationFile","C:\Windows\System32\winspool.drv","SUCCESS","CreationTime: 2/17/2021 8:52:44 AM, LastAccessTime: 3/25/2021 11:31:21 AM, LastWriteTime: 2/17/2021 8:52:44 AM, ChangeTime: 3/10/2021 10:24:06 PM, FileAttributes: A" "11:31:23.6376594 AM","icl.exe","36504","CloseFile","C:\Windows\System32\oleacc.dll","SUCCESS","" "11:31:23.6376659 AM","icl.exe","36504","CloseFile","C:\Windows\System32\winspool.drv","SUCCESS","" "11:31:23.6377651 AM","icl.exe","36504","CreateFile","C:\Windows\System32\winspool.drv","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:23.6378002 AM","icl.exe","36504","CreateFileMapping","C:\Windows\System32\winspool.drv","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_WRITECOPY|PAGE_NOCACHE" "11:31:23.6378795 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Read" "11:31:23.6378955 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Read" "11:31:23.6379092 AM","icl.exe","36504","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 20" "11:31:23.6379243 AM","icl.exe","36504","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","" "11:31:23.6379371 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Query Value" "11:31:23.6379513 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Query Value" "11:31:23.6379635 AM","icl.exe","36504","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 80" "11:31:23.6379770 AM","icl.exe","36504","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","" "11:31:23.6379896 AM","icl.exe","36504","CreateFileMapping","C:\Windows\System32\winspool.drv","SUCCESS","SyncType: SyncTypeOther" "11:31:23.6381952 AM","icl.exe","36504","CreateFile","C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.844_none_ca00b6081b84eb1d\comctl32.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:23.6382271 AM","icl.exe","36504","QueryBasicInformationFile","C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.844_none_ca00b6081b84eb1d\comctl32.dll","SUCCESS","CreationTime: 3/10/2021 10:13:43 PM, LastAccessTime: 3/25/2021 11:31:21 AM, LastWriteTime: 2/10/2021 4:51:10 AM, ChangeTime: 3/12/2021 3:20:58 PM, FileAttributes: A" "11:31:23.6382373 AM","icl.exe","36504","CloseFile","C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.844_none_ca00b6081b84eb1d\comctl32.dll","SUCCESS","" "11:31:23.6383142 AM","icl.exe","36504","CreateFile","C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.844_none_ca00b6081b84eb1d\comctl32.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:23.6383418 AM","icl.exe","36504","CreateFileMapping","C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.844_none_ca00b6081b84eb1d\comctl32.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_WRITECOPY|PAGE_NOCACHE" "11:31:23.6384754 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Read" "11:31:23.6384924 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Read" "11:31:23.6385078 AM","icl.exe","36504","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 20" "11:31:23.6385235 AM","icl.exe","36504","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","" "11:31:23.6385369 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Query Value" "11:31:23.6385502 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Query Value" "11:31:23.6385627 AM","icl.exe","36504","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 80" "11:31:23.6385767 AM","icl.exe","36504","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","" "11:31:23.6386245 AM","icl.exe","36504","Load Image","C:\Windows\System32\winspool.drv","SUCCESS","Image Base: 0x7ffbc6af0000, Image Size: 0x8e000" "11:31:23.6386408 AM","icl.exe","36504","CreateFileMapping","C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.844_none_ca00b6081b84eb1d\comctl32.dll","SUCCESS","SyncType: SyncTypeOther" "11:31:23.6387880 AM","icl.exe","36504","Load Image","C:\Windows\System32\bcrypt.dll","SUCCESS","Image Base: 0x7ffbdb3e0000, Image Size: 0x27000" "11:31:23.6388756 AM","icl.exe","36504","Load Image","C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.844_none_ca00b6081b84eb1d\comctl32.dll","SUCCESS","Image Base: 0x7ffbc5b10000, Image Size: 0x29a000" "11:31:23.6395287 AM","icl.exe","36504","CreateFile","C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.19041.844_none_423537bff6b9828c\comctl32.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:23.6395608 AM","icl.exe","36504","QueryBasicInformationFile","C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.19041.844_none_423537bff6b9828c\comctl32.dll","SUCCESS","CreationTime: 3/10/2021 10:13:43 PM, LastAccessTime: 3/25/2021 11:31:21 AM, LastWriteTime: 2/10/2021 4:51:30 AM, ChangeTime: 3/19/2021 4:20:31 AM, FileAttributes: A" "11:31:23.6395713 AM","icl.exe","36504","CloseFile","C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.19041.844_none_423537bff6b9828c\comctl32.dll","SUCCESS","" "11:31:23.6396488 AM","icl.exe","36504","CreateFile","C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.19041.844_none_423537bff6b9828c\comctl32.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:23.6396767 AM","icl.exe","36504","CreateFileMapping","C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.19041.844_none_423537bff6b9828c\comctl32.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_WRITECOPY|PAGE_NOCACHE" "11:31:23.6397648 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Read" "11:31:23.6397813 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Read" "11:31:23.6397954 AM","icl.exe","36504","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 20" "11:31:23.6398110 AM","icl.exe","36504","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","" "11:31:23.6398243 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Query Value" "11:31:23.6398375 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Query Value" "11:31:23.6398496 AM","icl.exe","36504","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 80" "11:31:23.6398630 AM","icl.exe","36504","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","" "11:31:23.6398746 AM","icl.exe","36504","CreateFileMapping","C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.19041.844_none_423537bff6b9828c\comctl32.dll","SUCCESS","SyncType: SyncTypeOther" "11:31:23.6399701 AM","icl.exe","36504","CloseFile","C:\Windows\System32\msi.dll","SUCCESS","" "11:31:23.6399899 AM","icl.exe","36504","CloseFile","C:\Windows\System32\winspool.drv","SUCCESS","" "11:31:23.6400846 AM","icl.exe","36504","Load Image","C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.19041.844_none_423537bff6b9828c\comctl32.dll","SUCCESS","Image Base: 0x7ffbcf500000, Image Size: 0xb0000" "11:31:23.6401532 AM","icl.exe","36504","CreateFile","C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.19041.844_none_423537bff6b9828c\comctl32.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:23.6401828 AM","icl.exe","36504","QueryBasicInformationFile","C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.19041.844_none_423537bff6b9828c\comctl32.dll","SUCCESS","CreationTime: 3/10/2021 10:13:43 PM, LastAccessTime: 3/25/2021 11:31:21 AM, LastWriteTime: 2/10/2021 4:51:30 AM, ChangeTime: 3/19/2021 4:20:31 AM, FileAttributes: A" "11:31:23.6401926 AM","icl.exe","36504","CloseFile","C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.19041.844_none_423537bff6b9828c\comctl32.dll","SUCCESS","" "11:31:23.6402667 AM","icl.exe","36504","CreateFile","C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.19041.844_none_423537bff6b9828c\comctl32.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:23.6402949 AM","icl.exe","36504","CreateFileMapping","C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.19041.844_none_423537bff6b9828c\comctl32.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_WRITECOPY|PAGE_NOCACHE" "11:31:23.6403773 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Read" "11:31:23.6403934 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Read" "11:31:23.6404077 AM","icl.exe","36504","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 20" "11:31:23.6404227 AM","icl.exe","36504","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","" "11:31:23.6404360 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Query Value" "11:31:23.6404488 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Query Value" "11:31:23.6404608 AM","icl.exe","36504","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 80" "11:31:23.6404742 AM","icl.exe","36504","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","" "11:31:23.6404855 AM","icl.exe","36504","CreateFileMapping","C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.19041.844_none_423537bff6b9828c\comctl32.dll","SUCCESS","SyncType: SyncTypeOther" "11:31:23.6435334 AM","icl.exe","36504","Load Image","C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.19041.844_none_423537bff6b9828c\comctl32.dll","SUCCESS","Image Base: 0x1ad0000, Image Size: 0xb0000" "11:31:23.6444286 AM","icl.exe","36504","CloseFile","C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.844_none_ca00b6081b84eb1d\comctl32.dll","SUCCESS","" "11:31:23.6454343 AM","icl.exe","36504","CloseFile","C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.19041.844_none_423537bff6b9828c\comctl32.dll","SUCCESS","" "11:31:23.6463399 AM","icl.exe","36504","CloseFile","C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.19041.844_none_423537bff6b9828c\comctl32.dll","SUCCESS","" "11:31:23.6469580 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\Sorting\Versions","REPARSE","Desired Access: Read" "11:31:23.6469769 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\Sorting\Versions","SUCCESS","Desired Access: Read" "11:31:23.6470000 AM","icl.exe","36504","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\Sorting\Versions\(Default)","SUCCESS","Type: REG_SZ, Length: 18, Data: 00060305" "11:31:23.6470153 AM","icl.exe","36504","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\Sorting\Versions\000603xx","SUCCESS","Type: REG_SZ, Length: 26, Data: kernel32.dll" "11:31:23.6473607 AM","icl.exe","36504","RegOpenKey","HKLM\SOFTWARE\Symantec\Symantec Endpoint Protection\SMC","SUCCESS","Desired Access: Read, Maximum Allowed" "11:31:23.6473982 AM","icl.exe","36504","RegQueryValue","HKLM\SOFTWARE\Symantec\Symantec Endpoint Protection\SMC\smc_install_path","NAME NOT FOUND","Length: 4,094" "11:31:23.6474149 AM","icl.exe","36504","RegCloseKey","HKLM\SOFTWARE\Symantec\Symantec Endpoint Protection\SMC","SUCCESS","" "11:31:23.6474373 AM","icl.exe","36504","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion","SUCCESS","Desired Access: Read, Maximum Allowed" "11:31:23.6474570 AM","icl.exe","36504","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot","SUCCESS","Type: REG_SZ, Length: 22, Data: C:\Windows" "11:31:23.6474742 AM","icl.exe","36504","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion","SUCCESS","" "11:31:23.6474900 AM","icl.exe","36504","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Services\Sysplant\Sysfer","REPARSE","Desired Access: Read, Maximum Allowed" "11:31:23.6475445 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Services\Sysplant\Sysfer","SUCCESS","Desired Access: Read, Maximum Allowed" "11:31:23.6475639 AM","icl.exe","36504","RegQueryValue","HKLM\System\CurrentControlSet\Services\SysPlant\SysFer\SepBinDir","SUCCESS","Type: REG_SZ, Length: 170, Data: C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.2.4815.1101.105\Bin\" "11:31:23.6475787 AM","icl.exe","36504","RegCloseKey","HKLM\System\CurrentControlSet\Services\SysPlant\SysFer","SUCCESS","" "11:31:23.6475936 AM","icl.exe","36504","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Services\Sysplant\Sysfer","REPARSE","Desired Access: Read, Maximum Allowed" "11:31:23.6476048 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Services\Sysplant\Sysfer","SUCCESS","Desired Access: Read, Maximum Allowed" "11:31:23.6476187 AM","icl.exe","36504","RegQueryValue","HKLM\System\CurrentControlSet\Services\SysPlant\SysFer\SepBinDir64","SUCCESS","Type: REG_SZ, Length: 174, Data: C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.2.4815.1101.105\Bin64\" "11:31:23.6476326 AM","icl.exe","36504","RegCloseKey","HKLM\System\CurrentControlSet\Services\SysPlant\SysFer","SUCCESS","" "11:31:23.6480545 AM","icl.exe","36504","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\icl.exe","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:23.6480980 AM","icl.exe","36504","QueryNameInformationFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\icl.exe","SUCCESS","Name: \Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\icl.exe" "11:31:23.6481173 AM","icl.exe","36504","CloseFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\icl.exe","SUCCESS","" "11:31:23.6482642 AM","icl.exe","36504","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\icl.exe","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened" "11:31:23.6482953 AM","icl.exe","36504","CloseFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\icl.exe","SUCCESS","" "11:31:23.6483950 AM","icl.exe","36504","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\icl.exe","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened" "11:31:23.6484394 AM","icl.exe","36504","CloseFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\icl.exe","SUCCESS","" "11:31:23.6485249 AM","icl.exe","36504","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\icl.exe","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened" "11:31:23.6485633 AM","icl.exe","36504","DeviceIoControl","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\icl.exe","INVALID PARAMETER","Control: IOCTL_MOUNTDEV_QUERY_DEVICE_NAME" "11:31:23.6485803 AM","icl.exe","36504","CloseFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\icl.exe","SUCCESS","" "11:31:23.6486589 AM","icl.exe","36504","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\icl.exe","NAME INVALID","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open For Backup, Open Reparse Point, Attributes: N, ShareMode: Read, Write, AllocationSize: n/a" "11:31:23.6487515 AM","icl.exe","36504","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64","IS DIRECTORY","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a" "11:31:23.6488298 AM","icl.exe","36504","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open For Backup, Open Reparse Point, Attributes: N, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened" "11:31:23.6488553 AM","icl.exe","36504","FileSystemControl","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64","NOT REPARSE POINT","Control: FSCTL_GET_REPARSE_POINT" "11:31:23.6488755 AM","icl.exe","36504","CloseFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64","SUCCESS","" "11:31:23.6489542 AM","icl.exe","36504","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened" "11:31:23.6489780 AM","icl.exe","36504","CloseFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64","SUCCESS","" "11:31:23.6490518 AM","icl.exe","36504","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened" "11:31:23.6491331 AM","icl.exe","36504","DeviceIoControl","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64","INVALID PARAMETER","Control: IOCTL_MOUNTDEV_QUERY_DEVICE_NAME" "11:31:23.6491501 AM","icl.exe","36504","CloseFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64","SUCCESS","" "11:31:23.6492382 AM","icl.exe","36504","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open For Backup, Open Reparse Point, Attributes: N, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened" "11:31:23.6492673 AM","icl.exe","36504","FileSystemControl","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64","NOT REPARSE POINT","Control: FSCTL_GET_REPARSE_POINT" "11:31:23.6492870 AM","icl.exe","36504","CloseFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64","SUCCESS","" "11:31:23.6493742 AM","icl.exe","36504","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin","IS DIRECTORY","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a" "11:31:23.6494598 AM","icl.exe","36504","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open For Backup, Open Reparse Point, Attributes: N, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened" "11:31:23.6494836 AM","icl.exe","36504","FileSystemControl","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin","NOT REPARSE POINT","Control: FSCTL_GET_REPARSE_POINT" "11:31:23.6495006 AM","icl.exe","36504","CloseFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin","SUCCESS","" "11:31:23.6495710 AM","icl.exe","36504","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened" "11:31:23.6496120 AM","icl.exe","36504","CloseFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin","SUCCESS","" "11:31:23.6496932 AM","icl.exe","36504","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened" "11:31:23.6497599 AM","icl.exe","36504","DeviceIoControl","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin","INVALID PARAMETER","Control: IOCTL_MOUNTDEV_QUERY_DEVICE_NAME" "11:31:23.6497917 AM","icl.exe","36504","CloseFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin","SUCCESS","" "11:31:23.6499184 AM","icl.exe","36504","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open For Backup, Open Reparse Point, Attributes: N, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened" "11:31:23.6499512 AM","icl.exe","36504","FileSystemControl","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin","NOT REPARSE POINT","Control: FSCTL_GET_REPARSE_POINT" "11:31:23.6499720 AM","icl.exe","36504","CloseFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin","SUCCESS","" "11:31:23.6501033 AM","icl.exe","36504","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows","IS DIRECTORY","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a" "11:31:23.6501751 AM","icl.exe","36504","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open For Backup, Open Reparse Point, Attributes: N, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened" "11:31:23.6502007 AM","icl.exe","36504","FileSystemControl","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows","NOT REPARSE POINT","Control: FSCTL_GET_REPARSE_POINT" "11:31:23.6502217 AM","icl.exe","36504","CloseFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows","SUCCESS","" "11:31:23.6502974 AM","icl.exe","36504","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened" "11:31:23.6503222 AM","icl.exe","36504","CloseFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows","SUCCESS","" "11:31:23.6504062 AM","icl.exe","36504","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened" "11:31:23.6504391 AM","icl.exe","36504","DeviceIoControl","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows","INVALID PARAMETER","Control: IOCTL_MOUNTDEV_QUERY_DEVICE_NAME" "11:31:23.6504527 AM","icl.exe","36504","CloseFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows","SUCCESS","" "11:31:23.6505540 AM","icl.exe","36504","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open For Backup, Open Reparse Point, Attributes: N, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened" "11:31:23.6505778 AM","icl.exe","36504","FileSystemControl","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows","NOT REPARSE POINT","Control: FSCTL_GET_REPARSE_POINT" "11:31:23.6505957 AM","icl.exe","36504","CloseFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows","SUCCESS","" "11:31:23.6506865 AM","icl.exe","36504","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210","IS DIRECTORY","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a" "11:31:23.6507679 AM","icl.exe","36504","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open For Backup, Open Reparse Point, Attributes: N, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened" "11:31:23.6507938 AM","icl.exe","36504","FileSystemControl","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210","NOT REPARSE POINT","Control: FSCTL_GET_REPARSE_POINT" "11:31:23.6508105 AM","icl.exe","36504","CloseFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210","SUCCESS","" "11:31:23.6509619 AM","icl.exe","36504","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened" "11:31:23.6510082 AM","icl.exe","36504","CloseFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210","SUCCESS","" "11:31:23.6510952 AM","icl.exe","36504","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened" "11:31:23.6511351 AM","icl.exe","36504","DeviceIoControl","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210","INVALID PARAMETER","Control: IOCTL_MOUNTDEV_QUERY_DEVICE_NAME" "11:31:23.6511536 AM","icl.exe","36504","CloseFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210","SUCCESS","" "11:31:23.6512358 AM","icl.exe","36504","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open For Backup, Open Reparse Point, Attributes: N, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened" "11:31:23.6512605 AM","icl.exe","36504","FileSystemControl","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210","NOT REPARSE POINT","Control: FSCTL_GET_REPARSE_POINT" "11:31:23.6512822 AM","icl.exe","36504","CloseFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210","SUCCESS","" "11:31:23.6513671 AM","icl.exe","36504","CreateFile","C:\Program Files (x86)\IntelSWTools","IS DIRECTORY","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a" "11:31:23.6514810 AM","icl.exe","36504","CreateFile","C:\Program Files (x86)\IntelSWTools","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open For Backup, Open Reparse Point, Attributes: N, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened" "11:31:23.6515077 AM","icl.exe","36504","FileSystemControl","C:\Program Files (x86)\IntelSWTools","NOT REPARSE POINT","Control: FSCTL_GET_REPARSE_POINT" "11:31:23.6515660 AM","icl.exe","36504","CloseFile","C:\Program Files (x86)\IntelSWTools","SUCCESS","" "11:31:23.6516479 AM","icl.exe","36504","CreateFile","C:\Program Files (x86)\IntelSWTools","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened" "11:31:23.6516730 AM","icl.exe","36504","CloseFile","C:\Program Files (x86)\IntelSWTools","SUCCESS","" "11:31:23.6517518 AM","icl.exe","36504","CreateFile","C:\Program Files (x86)\IntelSWTools","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened" "11:31:23.6518000 AM","icl.exe","36504","DeviceIoControl","C:\Program Files (x86)\IntelSWTools","INVALID PARAMETER","Control: IOCTL_MOUNTDEV_QUERY_DEVICE_NAME" "11:31:23.6518196 AM","icl.exe","36504","CloseFile","C:\Program Files (x86)\IntelSWTools","SUCCESS","" "11:31:23.6519092 AM","icl.exe","36504","CreateFile","C:\Program Files (x86)\IntelSWTools","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open For Backup, Open Reparse Point, Attributes: N, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened" "11:31:23.6519329 AM","icl.exe","36504","FileSystemControl","C:\Program Files (x86)\IntelSWTools","NOT REPARSE POINT","Control: FSCTL_GET_REPARSE_POINT" "11:31:23.6519499 AM","icl.exe","36504","CloseFile","C:\Program Files (x86)\IntelSWTools","SUCCESS","" "11:31:23.6520359 AM","icl.exe","36504","CreateFile","C:\Program Files (x86)","IS DIRECTORY","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a" "11:31:23.6521134 AM","icl.exe","36504","CreateFile","C:\Program Files (x86)","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open For Backup, Open Reparse Point, Attributes: N, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened" "11:31:23.6521383 AM","icl.exe","36504","FileSystemControl","C:\Program Files (x86)","NOT REPARSE POINT","Control: FSCTL_GET_REPARSE_POINT" "11:31:23.6521555 AM","icl.exe","36504","CloseFile","C:\Program Files (x86)","SUCCESS","" "11:31:23.6522522 AM","icl.exe","36504","CreateFile","C:\Program Files (x86)","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened" "11:31:23.6522760 AM","icl.exe","36504","CloseFile","C:\Program Files (x86)","SUCCESS","" "11:31:23.6523529 AM","icl.exe","36504","CreateFile","C:\Program Files (x86)","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened" "11:31:23.6523999 AM","icl.exe","36504","DeviceIoControl","C:\Program Files (x86)","INVALID PARAMETER","Control: IOCTL_MOUNTDEV_QUERY_DEVICE_NAME" "11:31:23.6524135 AM","icl.exe","36504","CloseFile","C:\Program Files (x86)","SUCCESS","" "11:31:23.6524883 AM","icl.exe","36504","CreateFile","C:\Program Files (x86)","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open For Backup, Open Reparse Point, Attributes: N, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened" "11:31:23.6525108 AM","icl.exe","36504","FileSystemControl","C:\Program Files (x86)","NOT REPARSE POINT","Control: FSCTL_GET_REPARSE_POINT" "11:31:23.6525285 AM","icl.exe","36504","CloseFile","C:\Program Files (x86)","SUCCESS","" "11:31:23.6527299 AM","icl.exe","36504","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Control\DeviceClasses\{53f56307-b6bf-11d0-94f2-00a0c91efb8b}","REPARSE","Desired Access: Read" "11:31:23.6527462 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{53f56307-b6bf-11d0-94f2-00a0c91efb8b}","SUCCESS","Desired Access: Read" "11:31:23.6528134 AM","icl.exe","36504","RegEnumKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{53f56307-b6bf-11d0-94f2-00a0c91efb8b}","BUFFER TOO SMALL","Index: 0, Length: 0" "11:31:23.6528283 AM","icl.exe","36504","RegEnumKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{53f56307-b6bf-11d0-94f2-00a0c91efb8b}","SUCCESS","Index: 0, Name: ##?#SCSI#Disk&Ven_VMware&Prod_Virtual_disk#5&1ec51bf7&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}" "11:31:23.6528787 AM","icl.exe","36504","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Control\DeviceClasses\{53f56307-b6bf-11d0-94f2-00a0c91efb8b}\##?#SCSI#Disk&Ven_VMware&Prod_Virtual_disk#5&1ec51bf7&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}","REPARSE","Desired Access: Read, Maximum Allowed" "11:31:23.6528963 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{53f56307-b6bf-11d0-94f2-00a0c91efb8b}\##?#SCSI#Disk&Ven_VMware&Prod_Virtual_disk#5&1ec51bf7&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}","SUCCESS","Desired Access: Read, Maximum Allowed" "11:31:23.6529217 AM","icl.exe","36504","RegQueryValue","HKLM\System\CurrentControlSet\Control\DeviceClasses\{53f56307-b6bf-11d0-94f2-00a0c91efb8b}\##?#SCSI#Disk&Ven_VMware&Prod_Virtual_disk#5&1ec51bf7&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}\DeviceInstance","SUCCESS","Type: REG_SZ, Length: 118, Data: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&1ec51bf7&0&000000" "11:31:23.6529392 AM","icl.exe","36504","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{53f56307-b6bf-11d0-94f2-00a0c91efb8b}\##?#SCSI#Disk&Ven_VMware&Prod_Virtual_disk#5&1ec51bf7&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}","SUCCESS","" "11:31:23.6529571 AM","icl.exe","36504","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{53f56307-b6bf-11d0-94f2-00a0c91efb8b}","SUCCESS","" "11:31:23.6529798 AM","icl.exe","36504","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Enum\SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&1ec51bf7&0&000000","REPARSE","Desired Access: Read, Maximum Allowed" "11:31:23.6529924 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Enum\SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&1ec51bf7&0&000000","SUCCESS","Desired Access: Read, Maximum Allowed" "11:31:23.6530140 AM","icl.exe","36504","RegQueryValue","HKLM\System\CurrentControlSet\Enum\SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&1ec51bf7&0&000000\Class","NAME NOT FOUND","Length: 4,094" "11:31:23.6530304 AM","icl.exe","36504","RegCloseKey","HKLM\System\CurrentControlSet\Enum\SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&1ec51bf7&0&000000","SUCCESS","" "11:31:23.6533775 AM","icl.exe","36504","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Control\Session Manager","REPARSE","Desired Access: Query Value, Enumerate Sub Keys" "11:31:23.6534131 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Session Manager","SUCCESS","Desired Access: Query Value, Enumerate Sub Keys" "11:31:23.6534286 AM","icl.exe","36504","RegQueryValue","HKLM\System\CurrentControlSet\Control\Session Manager\ResourcePolicies","NAME NOT FOUND","Length: 24" "11:31:23.6534446 AM","icl.exe","36504","RegCloseKey","HKLM\System\CurrentControlSet\Control\Session Manager","SUCCESS","" "11:31:23.6536107 AM","icl.exe","36504","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\ca967c75-04bf-40b5-9a16-98b5f9332a92","NAME NOT FOUND","Length: 528" "11:31:23.6536871 AM","icl.exe","36504","QueryNameInformationFile","C:\Windows\System32\sechost.dll","SUCCESS","Name: \Windows\System32\sechost.dll" "11:31:23.6537457 AM","icl.exe","36504","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\b6fd710b-f783-4b1c-ab9c-c68099dcc0c7","NAME NOT FOUND","Length: 528" "11:31:23.6537883 AM","icl.exe","36504","QueryNameInformationFile","C:\Windows\System32\sechost.dll","SUCCESS","Name: \Windows\System32\sechost.dll" "11:31:23.6538650 AM","icl.exe","36504","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\c1376338-0984-48b8-b933-9c7d779fd84d","NAME NOT FOUND","Length: 528" "11:31:23.6539071 AM","icl.exe","36504","QueryNameInformationFile","C:\Windows\System32\advapi32.dll","SUCCESS","Name: \Windows\System32\advapi32.dll" "11:31:23.6545358 AM","icl.exe","36504","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access" "11:31:23.6545562 AM","icl.exe","36504","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" "11:31:23.6545704 AM","icl.exe","36504","RegOpenKey","HKLM\SOFTWARE\Microsoft\OLE","SUCCESS","Desired Access: Read" "11:31:23.6545873 AM","icl.exe","36504","RegQueryValue","HKLM\SOFTWARE\Microsoft\Ole\PageAllocatorUseSystemHeap","NAME NOT FOUND","Length: 20" "11:31:23.6546062 AM","icl.exe","36504","RegCloseKey","HKLM\SOFTWARE\Microsoft\Ole","SUCCESS","" "11:31:23.6546171 AM","icl.exe","36504","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" "11:31:23.6546302 AM","icl.exe","36504","RegOpenKey","HKLM\SOFTWARE\Microsoft\OLE","SUCCESS","Desired Access: Read" "11:31:23.6546430 AM","icl.exe","36504","RegQueryValue","HKLM\SOFTWARE\Microsoft\Ole\PageAllocatorSystemHeapIsPrivate","NAME NOT FOUND","Length: 20" "11:31:23.6546730 AM","icl.exe","36504","RegCloseKey","HKLM\SOFTWARE\Microsoft\Ole","SUCCESS","" "11:31:23.6546835 AM","icl.exe","36504","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" "11:31:23.6547397 AM","icl.exe","36504","RegOpenKey","HKLM\SOFTWARE\Microsoft\OLE","SUCCESS","Desired Access: Read" "11:31:23.6547695 AM","icl.exe","36504","RegQueryValue","HKLM\SOFTWARE\Microsoft\Ole\AggressiveMTATesting","NAME NOT FOUND","Length: 16" "11:31:23.6547872 AM","icl.exe","36504","RegCloseKey","HKLM\SOFTWARE\Microsoft\Ole","SUCCESS","" "11:31:23.6548968 AM","icl.exe","36504","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" "11:31:23.6549136 AM","icl.exe","36504","RegOpenKey","HKLM","SUCCESS","Desired Access: Read" "11:31:23.6549270 AM","icl.exe","36504","RegSetInfoKey","HKLM","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" "11:31:23.6549378 AM","icl.exe","36504","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x100" "11:31:23.6549496 AM","icl.exe","36504","RegOpenKey","HKLM\Software\Microsoft\Ole\FeatureDevelopmentProperties","NAME NOT FOUND","Desired Access: Read" "11:31:23.6549698 AM","icl.exe","36504","RegOpenKey","HKLM\SOFTWARE\Microsoft\AppModel\Lookaside\Packages","NAME NOT FOUND","Desired Access: Read" "11:31:23.6549900 AM","icl.exe","36504","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x100" "11:31:23.6550013 AM","icl.exe","36504","RegOpenKey","HKLM\Software\Microsoft\Ole\FeatureDevelopmentProperties","NAME NOT FOUND","Desired Access: Read" "11:31:23.6550184 AM","icl.exe","36504","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x100" "11:31:23.6550292 AM","icl.exe","36504","RegOpenKey","HKLM\Software\Microsoft\Ole","SUCCESS","Desired Access: Read" "11:31:23.6550847 AM","icl.exe","36504","RegOpenKey","HKCU","SUCCESS","Desired Access: Read" "11:31:23.6551030 AM","icl.exe","36504","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0" "11:31:23.6551147 AM","icl.exe","36504","RegOpenKey","HKCU\Software\Classes\Local Settings","REPARSE","Desired Access: Read" "11:31:23.6551297 AM","icl.exe","36504","RegOpenKey","HKCU\Software\Classes\Local Settings","SUCCESS","Desired Access: Read" "11:31:23.6551460 AM","icl.exe","36504","RegSetInfoKey","HKCU\Software\Classes\Local Settings","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" "11:31:23.6551579 AM","icl.exe","36504","RegCloseKey","HKCU","SUCCESS","" "11:31:23.6551682 AM","icl.exe","36504","RegQueryKey","HKCU\Software\Classes\Local Settings","SUCCESS","Query: HandleTags, HandleTags: 0x100" "11:31:23.6551797 AM","icl.exe","36504","RegOpenKey","HKCU\Software\Classes\Local Settings\Software\Microsoft\Ole\FeatureDevelopmentProperties","NAME NOT FOUND","Desired Access: Read" "11:31:23.6551945 AM","icl.exe","36504","RegQueryKey","HKCU\Software\Classes\Local Settings","SUCCESS","Query: HandleTags, HandleTags: 0x100" "11:31:23.6552052 AM","icl.exe","36504","RegOpenKey","HKCU\Software\Classes\Local Settings\Software\Microsoft\Ole\FeatureDevelopmentProperties","NAME NOT FOUND","Desired Access: Read" "11:31:23.6552709 AM","icl.exe","36504","RegQueryKey","HKCU\Software\Classes\Local Settings","SUCCESS","Query: HandleTags, HandleTags: 0x100" "11:31:23.6552830 AM","icl.exe","36504","RegOpenKey","HKCU\Software\Classes\Local Settings\Software\Microsoft\Ole","NAME NOT FOUND","Desired Access: Read" "11:31:23.6552952 AM","icl.exe","36504","RegQueryKey","HKCU\Software\Classes\Local Settings","SUCCESS","Query: HandleTags, HandleTags: 0x100" "11:31:23.6553059 AM","icl.exe","36504","RegOpenKey","HKCU\Software\Classes\Local Settings\Software\Microsoft","SUCCESS","Desired Access: Read" "11:31:23.6553855 AM","icl.exe","36504","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" "11:31:23.6553976 AM","icl.exe","36504","RegOpenKey","HKLM\Software\Microsoft\OLE\Tracing","NAME NOT FOUND","Desired Access: Read" "11:31:23.6568729 AM","icl.exe","36504","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\1aff6089-e863-4d36-bdfd-3581f07440be","NAME NOT FOUND","Length: 528" "11:31:23.6569382 AM","icl.exe","36504","QueryNameInformationFile","C:\Windows\System32\combase.dll","SUCCESS","Name: \Windows\System32\combase.dll" "11:31:23.6569759 AM","icl.exe","36504","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\f0558438-f56a-5987-47da-040ca75aef05","NAME NOT FOUND","Length: 528" "11:31:23.6570161 AM","icl.exe","36504","QueryNameInformationFile","C:\Windows\System32\combase.dll","SUCCESS","Name: \Windows\System32\combase.dll" "11:31:23.6571064 AM","icl.exe","36504","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\c7e09e2a-c663-5399-af79-2fccd321d19a","NAME NOT FOUND","Length: 528" "11:31:23.6571454 AM","icl.exe","36504","QueryNameInformationFile","C:\Windows\System32\combase.dll","SUCCESS","Name: \Windows\System32\combase.dll" "11:31:23.6571737 AM","icl.exe","36504","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\703fcc13-b66f-5868-ddd9-e2db7f381ffb","NAME NOT FOUND","Length: 528" "11:31:23.6572113 AM","icl.exe","36504","QueryNameInformationFile","C:\Windows\System32\combase.dll","SUCCESS","Name: \Windows\System32\combase.dll" "11:31:23.6574487 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Error Message Instrument\","REPARSE","Desired Access: Read" "11:31:23.6574656 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Error Message Instrument","NAME NOT FOUND","Desired Access: Read" "11:31:23.6575044 AM","icl.exe","36504","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\f25bcd2e-2690-55dc-3bc4-07b65b1b41c9","NAME NOT FOUND","Length: 528" "11:31:23.6575573 AM","icl.exe","36504","QueryNameInformationFile","C:\Windows\System32\user32.dll","SUCCESS","Name: \Windows\System32\user32.dll" "11:31:23.6575986 AM","icl.exe","36504","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options","SUCCESS","Desired Access: Query Value, Enumerate Sub Keys" "11:31:23.6576205 AM","icl.exe","36504","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\icl.exe","NAME NOT FOUND","Desired Access: Query Value, Enumerate Sub Keys" "11:31:23.6576368 AM","icl.exe","36504","RegOpenKey","HKLM\Software\Policies\Microsoft\Windows\Display","NAME NOT FOUND","Desired Access: Read" "11:31:23.6576593 AM","icl.exe","36504","RegOpenKey","HKLM\Software\Policies\Microsoft\Windows\Display","NAME NOT FOUND","Desired Access: Read" "11:31:23.6576741 AM","icl.exe","36504","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\icl.exe","NAME NOT FOUND","Desired Access: Query Value, Enumerate Sub Keys" "11:31:23.6576879 AM","icl.exe","36504","RegOpenKey","HKLM\Software\Policies\Microsoft\Windows\Display","NAME NOT FOUND","Desired Access: Read" "11:31:23.6577025 AM","icl.exe","36504","RegOpenKey","HKLM\Software\Policies\Microsoft\Windows\Display","NAME NOT FOUND","Desired Access: Read" "11:31:23.6577348 AM","icl.exe","36504","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\GRE_Initialize","SUCCESS","Desired Access: Read" "11:31:23.6577521 AM","icl.exe","36504","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles","NAME NOT FOUND","Length: 20" "11:31:23.6577677 AM","icl.exe","36504","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize","SUCCESS","" "11:31:23.6577802 AM","icl.exe","36504","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\GRE_Initialize","SUCCESS","Desired Access: Read" "11:31:23.6577930 AM","icl.exe","36504","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableUmpdBufferSizeCheck","NAME NOT FOUND","Length: 20" "11:31:23.6578056 AM","icl.exe","36504","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize","SUCCESS","" "11:31:23.6578528 AM","icl.exe","36504","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\icl.exe","NAME NOT FOUND","Desired Access: Read" "11:31:23.6578830 AM","icl.exe","36504","RegOpenKey","HKCU\Control Panel\Desktop","SUCCESS","Desired Access: Read" "11:31:23.6579020 AM","icl.exe","36504","RegQueryValue","HKCU\Control Panel\Desktop\EnablePerProcessSystemDPI","NAME NOT FOUND","Length: 20" "11:31:23.6579232 AM","icl.exe","36504","RegCloseKey","HKCU\Control Panel\Desktop","SUCCESS","" "11:31:23.6580112 AM","icl.exe","36504","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\Compatibility32","SUCCESS","Desired Access: Read" "11:31:23.6580310 AM","icl.exe","36504","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Compatibility32\icl","NAME NOT FOUND","Length: 172" "11:31:23.6580502 AM","icl.exe","36504","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Compatibility32","SUCCESS","" "11:31:23.6580864 AM","icl.exe","36504","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\IME Compatibility","NAME NOT FOUND","Desired Access: Read" "11:31:23.6585925 AM","icl.exe","36504","CreateFile","C:\Windows\System32\edgegdi.dll","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a" "11:31:23.6587144 AM","icl.exe","36504","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" "11:31:23.6587345 AM","icl.exe","36504","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows","SUCCESS","Desired Access: Read" "11:31:23.6587573 AM","icl.exe","36504","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\LoadAppInit_DLLs","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0" "11:31:23.6587782 AM","icl.exe","36504","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows","SUCCESS","" "11:31:23.6588020 AM","icl.exe","36504","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\icl.exe","NAME NOT FOUND","Desired Access: Query Value, Enumerate Sub Keys" "11:31:23.6589576 AM","icl.exe","36504","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" "11:31:23.6589718 AM","icl.exe","36504","RegOpenKey","HKLM\Software\Microsoft\OLE\Tracing","NAME NOT FOUND","Desired Access: Read" "11:31:23.6590199 AM","icl.exe","36504","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\1aff6089-e863-4d36-bdfd-3581f07440be","NAME NOT FOUND","Length: 528" "11:31:23.6590798 AM","icl.exe","36504","QueryNameInformationFile","C:\Windows\System32\ole32.dll","SUCCESS","Name: \Windows\System32\ole32.dll" "11:31:23.6591101 AM","icl.exe","36504","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\f0558438-f56a-5987-47da-040ca75aef05","NAME NOT FOUND","Length: 528" "11:31:23.6591505 AM","icl.exe","36504","QueryNameInformationFile","C:\Windows\System32\ole32.dll","SUCCESS","Name: \Windows\System32\ole32.dll" "11:31:23.6592851 AM","icl.exe","36504","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" "11:31:23.6592981 AM","icl.exe","36504","RegOpenKey","HKLM\SOFTWARE\Microsoft\OLEAUT","NAME NOT FOUND","Desired Access: Query Value" "11:31:23.6595953 AM","icl.exe","36504","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\30336ed4-e327-447c-9de0-51b652c86108","NAME NOT FOUND","Length: 528" "11:31:23.6596471 AM","icl.exe","36504","QueryNameInformationFile","C:\Windows\System32\shell32.dll","SUCCESS","Name: \Windows\System32\shell32.dll" "11:31:23.6596856 AM","icl.exe","36504","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\32980f26-c8f5-5767-6b26-635b3fa83c61","NAME NOT FOUND","Length: 528" "11:31:23.6597251 AM","icl.exe","36504","QueryNameInformationFile","C:\Windows\System32\shell32.dll","SUCCESS","Name: \Windows\System32\shell32.dll" "11:31:23.6597518 AM","icl.exe","36504","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\703fcc13-b66f-5868-ddd9-e2db7f381ffb","NAME NOT FOUND","Length: 528" "11:31:23.6597893 AM","icl.exe","36504","QueryNameInformationFile","C:\Windows\System32\shell32.dll","SUCCESS","Name: \Windows\System32\shell32.dll" "11:31:23.6598444 AM","icl.exe","36504","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\f3a71a4b-6118-4257-8ccb-39a33ba059d4","NAME NOT FOUND","Length: 528" "11:31:23.6598828 AM","icl.exe","36504","QueryNameInformationFile","C:\Windows\System32\bcrypt.dll","SUCCESS","Name: \Windows\System32\bcrypt.dll" "11:31:23.6600152 AM","icl.exe","36504","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\1cba82b8-2b26-4d68-8447-1a3b85805b6a","NAME NOT FOUND","Length: 528" "11:31:23.6600552 AM","icl.exe","36504","QueryNameInformationFile","C:\Windows\System32\msi.dll","SUCCESS","Name: \Windows\System32\msi.dll" "11:31:23.6600855 AM","icl.exe","36504","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" "11:31:23.6600997 AM","icl.exe","36504","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Control\FileSystem","REPARSE","Desired Access: Read" "11:31:23.6601141 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\FileSystem","SUCCESS","Desired Access: Read" "11:31:23.6601286 AM","icl.exe","36504","RegQueryValue","HKLM\System\CurrentControlSet\Control\FileSystem\Win31FileSystem","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0" "11:31:23.6601453 AM","icl.exe","36504","RegCloseKey","HKLM\System\CurrentControlSet\Control\FileSystem","SUCCESS","" "11:31:23.6604052 AM","icl.exe","36504","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\OLEACCRC.DLL","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a" "11:31:23.6605480 AM","icl.exe","36504","CreateFile","C:\Windows\System32\oleaccrc.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:23.6605848 AM","icl.exe","36504","QueryBasicInformationFile","C:\Windows\System32\oleaccrc.dll","SUCCESS","CreationTime: 12/7/2019 2:09:05 AM, LastAccessTime: 3/25/2021 11:31:21 AM, LastWriteTime: 12/7/2019 2:09:05 AM, ChangeTime: 3/10/2021 10:24:06 PM, FileAttributes: A" "11:31:23.6605958 AM","icl.exe","36504","CloseFile","C:\Windows\System32\oleaccrc.dll","SUCCESS","" "11:31:23.6606778 AM","icl.exe","36504","CreateFile","C:\Windows\System32\oleaccrc.dll","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:23.6607184 AM","icl.exe","36504","CreateFileMapping","C:\Windows\System32\oleaccrc.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_WRITECOPY|PAGE_NOCACHE" "11:31:23.6607297 AM","icl.exe","36504","QueryStandardInformationFile","C:\Windows\System32\oleaccrc.dll","SUCCESS","AllocationSize: 8,192, EndOfFile: 4,608, NumberOfLinks: 2, DeletePending: False, Directory: False" "11:31:23.6607498 AM","icl.exe","36504","CreateFileMapping","C:\Windows\System32\oleaccrc.dll","SUCCESS","SyncType: SyncTypeOther" "11:31:23.6607775 AM","icl.exe","36504","CloseFile","C:\Windows\System32\oleaccrc.dll","SUCCESS","" "11:31:23.6608798 AM","icl.exe","36504","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\c69cb70a-3133-4cca-ab0e-046848effcda","NAME NOT FOUND","Length: 528" "11:31:23.6609318 AM","icl.exe","36504","QueryNameInformationFile","C:\Windows\System32\winspool.drv","SUCCESS","Name: \Windows\System32\winspool.drv" "11:31:23.6611762 AM","icl.exe","36504","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Control\Session Manager","REPARSE","Desired Access: Query Value, Enumerate Sub Keys" "11:31:23.6611925 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Session Manager","SUCCESS","Desired Access: Query Value, Enumerate Sub Keys" "11:31:23.6612071 AM","icl.exe","36504","RegQueryValue","HKLM\System\CurrentControlSet\Control\Session Manager\ResourcePolicies","NAME NOT FOUND","Length: 24" "11:31:23.6612231 AM","icl.exe","36504","RegCloseKey","HKLM\System\CurrentControlSet\Control\Session Manager","SUCCESS","" "11:31:23.6617074 AM","icl.exe","36504","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\shfolder.dll","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a" "11:31:23.6618477 AM","icl.exe","36504","CreateFile","C:\Windows\System32\shfolder.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:23.6618834 AM","icl.exe","36504","QueryBasicInformationFile","C:\Windows\System32\shfolder.dll","SUCCESS","CreationTime: 12/7/2019 2:09:09 AM, LastAccessTime: 3/25/2021 11:31:21 AM, LastWriteTime: 12/7/2019 2:09:09 AM, ChangeTime: 3/10/2021 10:24:06 PM, FileAttributes: A" "11:31:23.6618953 AM","icl.exe","36504","CloseFile","C:\Windows\System32\shfolder.dll","SUCCESS","" "11:31:23.6619779 AM","icl.exe","36504","CreateFile","C:\Windows\System32\shfolder.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:23.6620129 AM","icl.exe","36504","CreateFileMapping","C:\Windows\System32\shfolder.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_WRITECOPY|PAGE_NOCACHE" "11:31:23.6621441 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Read" "11:31:23.6621616 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Read" "11:31:23.6621767 AM","icl.exe","36504","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 20" "11:31:23.6621935 AM","icl.exe","36504","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","" "11:31:23.6622086 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Query Value" "11:31:23.6622232 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Query Value" "11:31:23.6622368 AM","icl.exe","36504","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 80" "11:31:23.6622527 AM","icl.exe","36504","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","" "11:31:23.6622668 AM","icl.exe","36504","CreateFileMapping","C:\Windows\System32\shfolder.dll","SUCCESS","SyncType: SyncTypeOther" "11:31:23.6626048 AM","icl.exe","36504","Load Image","C:\Windows\System32\shfolder.dll","SUCCESS","Image Base: 0x7ffbce4b0000, Image Size: 0x7000" "11:31:23.6628195 AM","icl.exe","36504","CloseFile","C:\Windows\System32\shfolder.dll","SUCCESS","" "11:31:23.6630426 AM","icl.exe","36504","CreateFile","C:\Windows\System32\windows.storage.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:23.6630713 AM","icl.exe","36504","QueryBasicInformationFile","C:\Windows\System32\windows.storage.dll","SUCCESS","CreationTime: 3/10/2021 10:21:44 PM, LastAccessTime: 3/25/2021 11:31:21 AM, LastWriteTime: 3/10/2021 10:21:45 PM, ChangeTime: 3/10/2021 10:53:06 PM, FileAttributes: A" "11:31:23.6630828 AM","icl.exe","36504","CloseFile","C:\Windows\System32\windows.storage.dll","SUCCESS","" "11:31:23.6631691 AM","icl.exe","36504","CreateFile","C:\Windows\System32\windows.storage.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:23.6631970 AM","icl.exe","36504","CreateFileMapping","C:\Windows\System32\windows.storage.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_WRITECOPY|PAGE_NOCACHE" "11:31:23.6632966 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Read" "11:31:23.6633145 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Read" "11:31:23.6633309 AM","icl.exe","36504","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 20" "11:31:23.6633479 AM","icl.exe","36504","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","" "11:31:23.6634117 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Query Value" "11:31:23.6634271 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Query Value" "11:31:23.6634414 AM","icl.exe","36504","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 80" "11:31:23.6634573 AM","icl.exe","36504","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","" "11:31:23.6634723 AM","icl.exe","36504","CreateFileMapping","C:\Windows\System32\windows.storage.dll","SUCCESS","SyncType: SyncTypeOther" "11:31:23.6637364 AM","icl.exe","36504","Load Image","C:\Windows\System32\windows.storage.dll","SUCCESS","Image Base: 0x7ffbd8df0000, Image Size: 0x790000" "11:31:23.6638670 AM","icl.exe","36504","CloseFile","C:\Windows\System32\windows.storage.dll","SUCCESS","" "11:31:23.6640469 AM","icl.exe","36504","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\Wldp.dll","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a" "11:31:23.6641835 AM","icl.exe","36504","CreateFile","C:\Windows\System32\wldp.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:23.6642187 AM","icl.exe","36504","QueryBasicInformationFile","C:\Windows\System32\wldp.dll","SUCCESS","CreationTime: 2/17/2021 8:53:40 AM, LastAccessTime: 3/25/2021 11:31:21 AM, LastWriteTime: 2/17/2021 8:53:40 AM, ChangeTime: 3/10/2021 10:24:06 PM, FileAttributes: A" "11:31:23.6642307 AM","icl.exe","36504","CloseFile","C:\Windows\System32\wldp.dll","SUCCESS","" "11:31:23.6643108 AM","icl.exe","36504","CreateFile","C:\Windows\System32\wldp.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:23.6643446 AM","icl.exe","36504","CreateFileMapping","C:\Windows\System32\wldp.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_WRITECOPY|PAGE_NOCACHE" "11:31:23.6645613 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Read" "11:31:23.6645788 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Read" "11:31:23.6645944 AM","icl.exe","36504","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 20" "11:31:23.6646115 AM","icl.exe","36504","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","" "11:31:23.6646263 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Query Value" "11:31:23.6646409 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Query Value" "11:31:23.6646544 AM","icl.exe","36504","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 80" "11:31:23.6646697 AM","icl.exe","36504","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","" "11:31:23.6646838 AM","icl.exe","36504","CreateFileMapping","C:\Windows\System32\wldp.dll","SUCCESS","SyncType: SyncTypeOther" "11:31:23.6649001 AM","icl.exe","36504","Load Image","C:\Windows\System32\wldp.dll","SUCCESS","Image Base: 0x7ffbda600000, Image Size: 0x2c000" "11:31:23.6649727 AM","icl.exe","36504","CloseFile","C:\Windows\System32\wldp.dll","SUCCESS","" "11:31:23.6652931 AM","icl.exe","36504","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\9a2edb8f-5883-499f-aced-6e4b69d43ddf","NAME NOT FOUND","Length: 528" "11:31:23.6653487 AM","icl.exe","36504","QueryNameInformationFile","C:\Windows\System32\wldp.dll","SUCCESS","Name: \Windows\System32\wldp.dll" "11:31:23.6656232 AM","icl.exe","36504","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\30336ed4-e327-447c-9de0-51b652c86108","NAME NOT FOUND","Length: 528" "11:31:23.6657075 AM","icl.exe","36504","QueryNameInformationFile","C:\Windows\System32\windows.storage.dll","SUCCESS","Name: \Windows\System32\windows.storage.dll" "11:31:23.6657907 AM","icl.exe","36504","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\a40b455c-253c-4311-ac6d-6e667edccefc","NAME NOT FOUND","Length: 528" "11:31:23.6658537 AM","icl.exe","36504","QueryNameInformationFile","C:\Windows\System32\windows.storage.dll","SUCCESS","Name: \Windows\System32\windows.storage.dll" "11:31:23.6658919 AM","icl.exe","36504","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\703fcc13-b66f-5868-ddd9-e2db7f381ffb","NAME NOT FOUND","Length: 528" "11:31:23.6659383 AM","icl.exe","36504","QueryNameInformationFile","C:\Windows\System32\windows.storage.dll","SUCCESS","Name: \Windows\System32\windows.storage.dll" "11:31:23.6659727 AM","icl.exe","36504","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\32980f26-c8f5-5767-6b26-635b3fa83c61","NAME NOT FOUND","Length: 528" "11:31:23.6660441 AM","icl.exe","36504","QueryNameInformationFile","C:\Windows\System32\windows.storage.dll","SUCCESS","Name: \Windows\System32\windows.storage.dll" "11:31:23.6662615 AM","icl.exe","36504","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" "11:31:23.6662819 AM","icl.exe","36504","RegOpenKey","HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions","SUCCESS","Desired Access: Read" "11:31:23.6663238 AM","icl.exe","36504","RegQueryKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions","SUCCESS","Query: HandleTags, HandleTags: 0x0" "11:31:23.6663368 AM","icl.exe","36504","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{905E63B6-C1BF-494E-B29C-65B732D3D21A}","SUCCESS","Desired Access: Read" "11:31:23.6663532 AM","icl.exe","36504","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions","SUCCESS","" "11:31:23.6663972 AM","icl.exe","36504","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\Category","SUCCESS","Type: REG_DWORD, Length: 4, Data: 2" "11:31:23.6664128 AM","icl.exe","36504","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\Name","SUCCESS","Type: REG_SZ, Length: 26, Data: ProgramFiles" "11:31:23.6664274 AM","icl.exe","36504","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\ParentFolder","NAME NOT FOUND","Length: 90" "11:31:23.6664395 AM","icl.exe","36504","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\Description","NAME NOT FOUND","Length: 144" "11:31:23.6664533 AM","icl.exe","36504","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\RelativePath","NAME NOT FOUND","Length: 144" "11:31:23.6664644 AM","icl.exe","36504","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\ParsingName","NAME NOT FOUND","Length: 144" "11:31:23.6664769 AM","icl.exe","36504","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\InfoTip","NAME NOT FOUND","Length: 144" "11:31:23.6664878 AM","icl.exe","36504","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\LocalizedName","SUCCESS","Type: REG_EXPAND_SZ, Length: 84, Data: @%SystemRoot%\system32\shell32.dll,-21781" "11:31:23.6665006 AM","icl.exe","36504","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\Icon","NAME NOT FOUND","Length: 144" "11:31:23.6665127 AM","icl.exe","36504","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\Security","NAME NOT FOUND","Length: 144" "11:31:23.6665239 AM","icl.exe","36504","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\StreamResource","NAME NOT FOUND","Length: 144" "11:31:23.6665349 AM","icl.exe","36504","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\StreamResourceType","NAME NOT FOUND","Length: 144" "11:31:23.6665459 AM","icl.exe","36504","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\LocalRedirectOnly","NAME NOT FOUND","Length: 16" "11:31:23.6665570 AM","icl.exe","36504","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\Roamable","NAME NOT FOUND","Length: 16" "11:31:23.6665678 AM","icl.exe","36504","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\PreCreate","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1" "11:31:23.6665792 AM","icl.exe","36504","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\Stream","NAME NOT FOUND","Length: 16" "11:31:23.6665901 AM","icl.exe","36504","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\PublishExpandedPath","NAME NOT FOUND","Length: 16" "11:31:23.6666010 AM","icl.exe","36504","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\DefinitionFlags","NAME NOT FOUND","Length: 16" "11:31:23.6666120 AM","icl.exe","36504","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\Attributes","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1" "11:31:23.6666233 AM","icl.exe","36504","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\FolderTypeID","NAME NOT FOUND","Length: 90" "11:31:23.6666344 AM","icl.exe","36504","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\InitFolderHandler","NAME NOT FOUND","Length: 90" "11:31:23.6666724 AM","icl.exe","36504","RegQueryKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{905e63b6-c1bf-494e-b29c-65b732d3d21a}","SUCCESS","Query: HandleTags, HandleTags: 0x0" "11:31:23.6666857 AM","icl.exe","36504","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\PropertyBag","SUCCESS","Desired Access: Read" "11:31:23.6667064 AM","icl.exe","36504","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{905e63b6-c1bf-494e-b29c-65b732d3d21a}","SUCCESS","" "11:31:23.6667296 AM","icl.exe","36504","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" "11:31:23.6667429 AM","icl.exe","36504","RegOpenKey","HKLM\Software\Microsoft\Windows\CurrentVersion","SUCCESS","Desired Access: Read" "11:31:23.6667576 AM","icl.exe","36504","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir","SUCCESS","Type: REG_SZ, Length: 34, Data: C:\Program Files" "11:31:23.6667716 AM","icl.exe","36504","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion","SUCCESS","" "11:31:23.6668926 AM","icl.exe","36504","CreateFile","C:\Program Files","NAME COLLISION","Desired Access: Read Data/List Directory, Synchronize, Disposition: Create, Options: Directory, Synchronous IO Non-Alert, Open For Backup, Open Reparse Point, Attributes: N, ShareMode: Read, Write, AllocationSize: 0" "11:31:23.6670288 AM","icl.exe","36504","CreateFile","C:\Program Files","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:23.6670535 AM","icl.exe","36504","QueryBasicInformationFile","C:\Program Files","SUCCESS","CreationTime: 12/7/2019 2:14:52 AM, LastAccessTime: 3/25/2021 11:31:21 AM, LastWriteTime: 3/5/2021 10:22:09 AM, ChangeTime: 3/5/2021 10:22:09 AM, FileAttributes: RD" "11:31:23.6670647 AM","icl.exe","36504","CloseFile","C:\Program Files","SUCCESS","" "11:31:23.6670974 AM","icl.exe","36504","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" "11:31:23.6671116 AM","icl.exe","36504","RegOpenKey","HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\KnownFolderSettings","NAME NOT FOUND","Desired Access: Query Value" "11:31:23.6671283 AM","icl.exe","36504","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" "11:31:23.6671396 AM","icl.exe","36504","RegOpenKey","HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\KnownFolderSettings","NAME NOT FOUND","Desired Access: Query Value" "11:31:23.6671783 AM","icl.exe","36504","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" "11:31:23.6671899 AM","icl.exe","36504","RegOpenKey","HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions","SUCCESS","Desired Access: Read" "11:31:23.6672046 AM","icl.exe","36504","RegQueryKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions","SUCCESS","Query: HandleTags, HandleTags: 0x0" "11:31:23.6672357 AM","icl.exe","36504","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}","SUCCESS","Desired Access: Read" "11:31:23.6672522 AM","icl.exe","36504","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions","SUCCESS","" "11:31:23.6672644 AM","icl.exe","36504","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\Category","SUCCESS","Type: REG_DWORD, Length: 4, Data: 2" "11:31:23.6672775 AM","icl.exe","36504","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\Name","SUCCESS","Type: REG_SZ, Length: 38, Data: ProgramFilesCommon" "11:31:23.6672904 AM","icl.exe","36504","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\ParentFolder","NAME NOT FOUND","Length: 90" "11:31:23.6673017 AM","icl.exe","36504","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\Description","NAME NOT FOUND","Length: 144" "11:31:23.6673125 AM","icl.exe","36504","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\RelativePath","NAME NOT FOUND","Length: 144" "11:31:23.6673253 AM","icl.exe","36504","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\ParsingName","NAME NOT FOUND","Length: 144" "11:31:23.6673367 AM","icl.exe","36504","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\InfoTip","NAME NOT FOUND","Length: 144" "11:31:23.6673477 AM","icl.exe","36504","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\LocalizedName","NAME NOT FOUND","Length: 144" "11:31:23.6673894 AM","icl.exe","36504","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\Icon","NAME NOT FOUND","Length: 144" "11:31:23.6674009 AM","icl.exe","36504","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\Security","NAME NOT FOUND","Length: 144" "11:31:23.6674116 AM","icl.exe","36504","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\StreamResource","NAME NOT FOUND","Length: 144" "11:31:23.6674229 AM","icl.exe","36504","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\StreamResourceType","NAME NOT FOUND","Length: 144" "11:31:23.6674345 AM","icl.exe","36504","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\LocalRedirectOnly","NAME NOT FOUND","Length: 16" "11:31:23.6674453 AM","icl.exe","36504","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\Roamable","NAME NOT FOUND","Length: 16" "11:31:23.6674558 AM","icl.exe","36504","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\PreCreate","NAME NOT FOUND","Length: 16" "11:31:23.6674665 AM","icl.exe","36504","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\Stream","NAME NOT FOUND","Length: 16" "11:31:23.6674774 AM","icl.exe","36504","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\PublishExpandedPath","NAME NOT FOUND","Length: 16" "11:31:23.6674892 AM","icl.exe","36504","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\DefinitionFlags","NAME NOT FOUND","Length: 16" "11:31:23.6675001 AM","icl.exe","36504","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\Attributes","NAME NOT FOUND","Length: 16" "11:31:23.6675111 AM","icl.exe","36504","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\FolderTypeID","NAME NOT FOUND","Length: 90" "11:31:23.6675548 AM","icl.exe","36504","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\InitFolderHandler","NAME NOT FOUND","Length: 90" "11:31:23.6675776 AM","icl.exe","36504","RegQueryKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}","SUCCESS","Query: HandleTags, HandleTags: 0x0" "11:31:23.6675956 AM","icl.exe","36504","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\PropertyBag","NAME NOT FOUND","Desired Access: Read" "11:31:23.6676178 AM","icl.exe","36504","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}","SUCCESS","" "11:31:23.6676342 AM","icl.exe","36504","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" "11:31:23.6676482 AM","icl.exe","36504","RegOpenKey","HKLM\Software\Microsoft\Windows\CurrentVersion","SUCCESS","Desired Access: Read" "11:31:23.6676652 AM","icl.exe","36504","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\CommonFilesDir","SUCCESS","Type: REG_SZ, Length: 60, Data: C:\Program Files\Common Files" "11:31:23.6676812 AM","icl.exe","36504","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion","SUCCESS","" "11:31:23.6677837 AM","icl.exe","36504","CreateFile","C:\Program Files\Common Files","NAME COLLISION","Desired Access: Read Data/List Directory, Synchronize, Disposition: Create, Options: Directory, Synchronous IO Non-Alert, Open For Backup, Open Reparse Point, Attributes: N, ShareMode: Read, Write, AllocationSize: 0" "11:31:23.6679177 AM","icl.exe","36504","CreateFile","C:\Program Files\Common Files","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:23.6679433 AM","icl.exe","36504","QueryBasicInformationFile","C:\Program Files\Common Files","SUCCESS","CreationTime: 12/7/2019 2:14:52 AM, LastAccessTime: 3/25/2021 11:31:20 AM, LastWriteTime: 3/5/2021 10:13:45 AM, ChangeTime: 3/5/2021 10:13:45 AM, FileAttributes: D" "11:31:23.6679546 AM","icl.exe","36504","CloseFile","C:\Program Files\Common Files","SUCCESS","" "11:31:23.6680020 AM","icl.exe","36504","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" "11:31:23.6680181 AM","icl.exe","36504","RegOpenKey","HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions","SUCCESS","Desired Access: Read" "11:31:23.6680356 AM","icl.exe","36504","RegQueryKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions","SUCCESS","Query: HandleTags, HandleTags: 0x0" "11:31:23.6680475 AM","icl.exe","36504","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}","SUCCESS","Desired Access: Read" "11:31:23.6680627 AM","icl.exe","36504","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions","SUCCESS","" "11:31:23.6680740 AM","icl.exe","36504","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\Category","SUCCESS","Type: REG_DWORD, Length: 4, Data: 2" "11:31:23.6680868 AM","icl.exe","36504","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\Name","SUCCESS","Type: REG_SZ, Length: 30, Data: Common AppData" "11:31:23.6681006 AM","icl.exe","36504","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\ParentFolder","NAME NOT FOUND","Length: 90" "11:31:23.6681121 AM","icl.exe","36504","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\Description","NAME NOT FOUND","Length: 144" "11:31:23.6681228 AM","icl.exe","36504","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\RelativePath","NAME NOT FOUND","Length: 144" "11:31:23.6681336 AM","icl.exe","36504","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\ParsingName","NAME NOT FOUND","Length: 144" "11:31:23.6681452 AM","icl.exe","36504","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\InfoTip","NAME NOT FOUND","Length: 144" "11:31:23.6681576 AM","icl.exe","36504","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\LocalizedName","NAME NOT FOUND","Length: 144" "11:31:23.6681694 AM","icl.exe","36504","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\Icon","NAME NOT FOUND","Length: 144" "11:31:23.6681802 AM","icl.exe","36504","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\Security","NAME NOT FOUND","Length: 144" "11:31:23.6681908 AM","icl.exe","36504","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\StreamResource","NAME NOT FOUND","Length: 144" "11:31:23.6682017 AM","icl.exe","36504","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\StreamResourceType","NAME NOT FOUND","Length: 144" "11:31:23.6682125 AM","icl.exe","36504","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\LocalRedirectOnly","NAME NOT FOUND","Length: 16" "11:31:23.6682232 AM","icl.exe","36504","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\Roamable","NAME NOT FOUND","Length: 16" "11:31:23.6682338 AM","icl.exe","36504","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\PreCreate","NAME NOT FOUND","Length: 16" "11:31:23.6682445 AM","icl.exe","36504","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\Stream","NAME NOT FOUND","Length: 16" "11:31:23.6682552 AM","icl.exe","36504","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\PublishExpandedPath","NAME NOT FOUND","Length: 16" "11:31:23.6682657 AM","icl.exe","36504","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\DefinitionFlags","NAME NOT FOUND","Length: 16" "11:31:23.6682765 AM","icl.exe","36504","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\Attributes","NAME NOT FOUND","Length: 16" "11:31:23.6682871 AM","icl.exe","36504","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\FolderTypeID","NAME NOT FOUND","Length: 90" "11:31:23.6682977 AM","icl.exe","36504","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\InitFolderHandler","NAME NOT FOUND","Length: 90" "11:31:23.6683105 AM","icl.exe","36504","RegQueryKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}","SUCCESS","Query: HandleTags, HandleTags: 0x0" "11:31:23.6683227 AM","icl.exe","36504","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\PropertyBag","NAME NOT FOUND","Desired Access: Read" "11:31:23.6683395 AM","icl.exe","36504","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}","SUCCESS","" "11:31:23.6685170 AM","icl.exe","36504","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\profapi.dll","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a" "11:31:23.6686579 AM","icl.exe","36504","CreateFile","C:\Windows\System32\profapi.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:23.6686952 AM","icl.exe","36504","QueryBasicInformationFile","C:\Windows\System32\profapi.dll","SUCCESS","CreationTime: 3/10/2021 10:22:00 PM, LastAccessTime: 3/25/2021 11:31:21 AM, LastWriteTime: 3/10/2021 10:22:00 PM, ChangeTime: 3/10/2021 10:53:07 PM, FileAttributes: A" "11:31:23.6687073 AM","icl.exe","36504","CloseFile","C:\Windows\System32\profapi.dll","SUCCESS","" "11:31:23.6687943 AM","icl.exe","36504","CreateFile","C:\Windows\System32\profapi.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:23.6688308 AM","icl.exe","36504","CreateFileMapping","C:\Windows\System32\profapi.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_WRITECOPY|PAGE_NOCACHE" "11:31:23.6689179 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Read" "11:31:23.6689364 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Read" "11:31:23.6689526 AM","icl.exe","36504","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 20" "11:31:23.6689701 AM","icl.exe","36504","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","" "11:31:23.6689855 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Query Value" "11:31:23.6690007 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Query Value" "11:31:23.6690149 AM","icl.exe","36504","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 80" "11:31:23.6690310 AM","icl.exe","36504","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","" "11:31:23.6690456 AM","icl.exe","36504","CreateFileMapping","C:\Windows\System32\profapi.dll","SUCCESS","SyncType: SyncTypeOther" "11:31:23.6692571 AM","icl.exe","36504","Load Image","C:\Windows\System32\profapi.dll","SUCCESS","Image Base: 0x7ffbdac10000, Image Size: 0x1f000" "11:31:23.6693277 AM","icl.exe","36504","CloseFile","C:\Windows\System32\profapi.dll","SUCCESS","" "11:31:23.6695271 AM","icl.exe","36504","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" "11:31:23.6695440 AM","icl.exe","36504","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\ProfileList","SUCCESS","Desired Access: Read" "11:31:23.6695633 AM","icl.exe","36504","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\ProgramData","BUFFER OVERFLOW","Length: 12" "11:31:23.6695769 AM","icl.exe","36504","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\ProgramData","SUCCESS","Type: REG_EXPAND_SZ, Length: 52, Data: %SystemDrive%\ProgramData" "11:31:23.6695959 AM","icl.exe","36504","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList","SUCCESS","" "11:31:23.6696884 AM","icl.exe","36504","CreateFile","C:\ProgramData","NAME COLLISION","Desired Access: Read Data/List Directory, Synchronize, Disposition: Create, Options: Directory, Synchronous IO Non-Alert, Open For Backup, Open Reparse Point, Attributes: N, ShareMode: Read, Write, AllocationSize: 0" "11:31:23.6698179 AM","icl.exe","36504","CreateFile","C:\ProgramData","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:23.6698429 AM","icl.exe","36504","QueryBasicInformationFile","C:\ProgramData","SUCCESS","CreationTime: 12/7/2019 2:14:52 AM, LastAccessTime: 3/25/2021 11:31:19 AM, LastWriteTime: 3/5/2021 10:14:13 AM, ChangeTime: 3/5/2021 10:14:13 AM, FileAttributes: HDNCI" "11:31:23.6698546 AM","icl.exe","36504","CloseFile","C:\ProgramData","SUCCESS","" "11:31:23.6702189 AM","icl.exe","36504","CreateFile","C:\Windows\WindowsShell.Manifest","SUCCESS","Desired Access: Generic Read/Execute, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:23.6702549 AM","icl.exe","36504","CreateFileMapping","C:\Windows\WindowsShell.Manifest","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_WRITECOPY|PAGE_NOCACHE" "11:31:23.6702671 AM","icl.exe","36504","QueryStandardInformationFile","C:\Windows\WindowsShell.Manifest","SUCCESS","AllocationSize: 4,096, EndOfFile: 670, NumberOfLinks: 4, DeletePending: False, Directory: False" "11:31:23.6702886 AM","icl.exe","36504","CreateFileMapping","C:\Windows\WindowsShell.Manifest","SUCCESS","SyncType: SyncTypeOther" "11:31:23.6703446 AM","icl.exe","36504","RegOpenKey","HKLM\Software\Microsoft\Windows\CurrentVersion\SideBySide","SUCCESS","Desired Access: Read" "11:31:23.6703913 AM","icl.exe","36504","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest","NAME NOT FOUND","Length: 20" "11:31:23.6704073 AM","icl.exe","36504","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide","SUCCESS","" "11:31:23.6704187 AM","icl.exe","36504","QueryStandardInformationFile","C:\Windows\WindowsShell.Manifest","SUCCESS","AllocationSize: 4,096, EndOfFile: 670, NumberOfLinks: 4, DeletePending: False, Directory: False" "11:31:23.6706513 AM","icl.exe","36504","CloseFile","C:\Windows\WindowsShell.Manifest","SUCCESS","" "11:31:23.6710124 AM","icl.exe","36504","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Control\Session Manager","REPARSE","Desired Access: Query Value, Enumerate Sub Keys" "11:31:23.6710313 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Session Manager","SUCCESS","Desired Access: Query Value, Enumerate Sub Keys" "11:31:23.6710460 AM","icl.exe","36504","RegQueryValue","HKLM\System\CurrentControlSet\Control\Session Manager\ResourcePolicies","NAME NOT FOUND","Length: 24" "11:31:23.6710618 AM","icl.exe","36504","RegCloseKey","HKLM\System\CurrentControlSet\Control\Session Manager","SUCCESS","" "11:31:23.6712972 AM","icl.exe","36504","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Control\Session Manager","REPARSE","Desired Access: Query Value, Enumerate Sub Keys" "11:31:23.6713110 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Session Manager","SUCCESS","Desired Access: Query Value, Enumerate Sub Keys" "11:31:23.6713245 AM","icl.exe","36504","RegQueryValue","HKLM\System\CurrentControlSet\Control\Session Manager\ResourcePolicies","NAME NOT FOUND","Length: 24" "11:31:23.6713391 AM","icl.exe","36504","RegCloseKey","HKLM\System\CurrentControlSet\Control\Session Manager","SUCCESS","" "11:31:23.6715595 AM","icl.exe","36504","RegOpenKey","HKCU","SUCCESS","Desired Access: Read" "11:31:23.6715875 AM","icl.exe","36504","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0" "11:31:23.6716001 AM","icl.exe","36504","RegOpenKey","HKCU\Control Panel\Desktop","SUCCESS","Desired Access: Read" "11:31:23.6716139 AM","icl.exe","36504","RegQueryValue","HKCU\Control Panel\Desktop\SmoothScroll","NAME NOT FOUND","Length: 16" "11:31:23.6716309 AM","icl.exe","36504","RegCloseKey","HKCU\Control Panel\Desktop","SUCCESS","" "11:31:23.6716676 AM","icl.exe","36504","RegCloseKey","HKCU","SUCCESS","" "11:31:23.6717817 AM","icl.exe","36504","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\d0f1a5c6-fc43-48ae-99bf-efb1c38be9d1","NAME NOT FOUND","Length: 528" "11:31:23.6718396 AM","icl.exe","36504","QueryNameInformationFile","C:\Windows\System32\ws2_32.dll","SUCCESS","Name: \Windows\System32\ws2_32.dll" "11:31:23.6720958 AM","icl.exe","36504","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Control\Session Manager","REPARSE","Desired Access: Query Value, Enumerate Sub Keys" "11:31:23.6721105 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Session Manager","SUCCESS","Desired Access: Query Value, Enumerate Sub Keys" "11:31:23.6721236 AM","icl.exe","36504","RegQueryValue","HKLM\System\CurrentControlSet\Control\Session Manager\ResourcePolicies","NAME NOT FOUND","Length: 24" "11:31:23.6721379 AM","icl.exe","36504","RegCloseKey","HKLM\System\CurrentControlSet\Control\Session Manager","SUCCESS","" "11:31:23.6722164 AM","icl.exe","36504","QueryNameInformationFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\icl.exe","SUCCESS","Name: \Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\icl.exe" "11:31:23.6723238 AM","icl.exe","36504","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access" "11:31:23.6723410 AM","icl.exe","36504","RegOpenKey","HKCU\Control Panel\International","SUCCESS","Desired Access: Read" "11:31:23.6723883 AM","icl.exe","36504","RegCloseKey","HKCU","SUCCESS","" "11:31:23.6724106 AM","icl.exe","36504","RegQueryMultipleValueKey","HKCU\Control Panel\International","SUCCESS","" "11:31:23.6724710 AM","icl.exe","36504","RegQueryValue","HKCU\Control Panel\International\sCurrency","SUCCESS","Type: REG_SZ, Length: 4, Data: $" "11:31:23.6724824 AM","icl.exe","36504","RegQueryValue","HKCU\Control Panel\International\iCalendarType","SUCCESS","Type: REG_SZ, Length: 4, Data: 1" "11:31:23.6724980 AM","icl.exe","36504","RegOpenKey","HKCU\Control Panel\International\🌎🌏🌍","NAME NOT FOUND","Desired Access: Query Value" "11:31:23.6725176 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","REPARSE","Desired Access: Read" "11:31:23.6725297 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","Desired Access: Read" "11:31:23.6725429 AM","icl.exe","36504","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale\en-US","NAME NOT FOUND","Length: 532" "11:31:23.6725542 AM","icl.exe","36504","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","" "11:31:23.6725655 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","REPARSE","Desired Access: Read" "11:31:23.6725768 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","Desired Access: Read" "11:31:23.6725889 AM","icl.exe","36504","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale\en-US","NAME NOT FOUND","Length: 532" "11:31:23.6725995 AM","icl.exe","36504","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","" "11:31:23.6727623 AM","icl.exe","36504","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\Sorting\Versions\000603xx","SUCCESS","Type: REG_SZ, Length: 26, Data: kernel32.dll" "11:31:23.6728673 AM","icl.exe","36504","CreateFile","C:\Windows\Globalization\Sorting\SortDefault.nls","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, AllocationSize: n/a, OpenResult: Opened" "11:31:23.6729135 AM","icl.exe","36504","CreateFileMapping","C:\Windows\Globalization\Sorting\SortDefault.nls","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_WRITECOPY|PAGE_NOCACHE" "11:31:23.6730438 AM","icl.exe","36504","QueryStandardInformationFile","C:\Windows\Globalization\Sorting\SortDefault.nls","SUCCESS","AllocationSize: 3,375,104, EndOfFile: 3,371,404, NumberOfLinks: 2, DeletePending: False, Directory: False" "11:31:23.6730695 AM","icl.exe","36504","CreateFileMapping","C:\Windows\Globalization\Sorting\SortDefault.nls","SUCCESS","SyncType: SyncTypeOther" "11:31:23.6730998 AM","icl.exe","36504","CloseFile","C:\Windows\Globalization\Sorting\SortDefault.nls","SUCCESS","" "11:31:23.6731630 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\Sorting\Ids","REPARSE","Desired Access: Read" "11:31:23.6731772 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\Sorting\Ids","SUCCESS","Desired Access: Read" "11:31:23.6731923 AM","icl.exe","36504","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\Sorting\Ids\en-US","NAME NOT FOUND","Length: 90" "11:31:23.6732101 AM","icl.exe","36504","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\Sorting\Ids\en","NAME NOT FOUND","Length: 90" "11:31:23.6734583 AM","icl.exe","36504","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:23.6734856 AM","icl.exe","36504","QueryBasicInformationFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64","SUCCESS","CreationTime: 2/24/2021 12:42:09 AM, LastAccessTime: 3/25/2021 11:31:23 AM, LastWriteTime: 2/24/2021 12:42:51 AM, ChangeTime: 2/24/2021 12:42:51 AM, FileAttributes: D" "11:31:23.6734955 AM","icl.exe","36504","CloseFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64","SUCCESS","" "11:31:23.6735798 AM","icl.exe","36504","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Open For Backup, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:23.6736102 AM","icl.exe","36504","QueryDirectory","C:\Program Files (x86)","SUCCESS","FileInformationClass: FileBothDirectoryInformation, Filter: Program Files (x86), 2: Program Files (x86)" "11:31:23.6736379 AM","icl.exe","36504","CloseFile","C:\","SUCCESS","" "11:31:23.6737270 AM","icl.exe","36504","CreateFile","C:\Program Files (x86)","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Open For Backup, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:23.6737540 AM","icl.exe","36504","QueryDirectory","C:\Program Files (x86)\IntelSWTools","SUCCESS","FileInformationClass: FileBothDirectoryInformation, Filter: IntelSWTools, 2: IntelSWTools" "11:31:23.6737773 AM","icl.exe","36504","CloseFile","C:\Program Files (x86)","SUCCESS","" "11:31:23.6738588 AM","icl.exe","36504","CreateFile","C:\Program Files (x86)\IntelSWTools","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Open For Backup, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:23.6738854 AM","icl.exe","36504","QueryDirectory","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210","SUCCESS","FileInformationClass: FileBothDirectoryInformation, Filter: compilers_and_libraries_2017.4.210, 2: compilers_and_libraries_2017.4.210" "11:31:23.6739080 AM","icl.exe","36504","CloseFile","C:\Program Files (x86)\IntelSWTools","SUCCESS","" "11:31:23.6740811 AM","icl.exe","36504","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\1033\diagscUI.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:23.6741074 AM","icl.exe","36504","QueryBasicInformationFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\1033\diagscUI.dll","SUCCESS","CreationTime: 4/12/2017 8:26:38 AM, LastAccessTime: 3/25/2021 11:31:20 AM, LastWriteTime: 4/12/2017 8:26:38 AM, ChangeTime: 2/24/2021 12:42:37 AM, FileAttributes: A" "11:31:23.6741173 AM","icl.exe","36504","CloseFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\1033\diagscUI.dll","SUCCESS","" "11:31:23.6741913 AM","icl.exe","36504","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\1033\diagscUI.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:23.6742181 AM","icl.exe","36504","CreateFileMapping","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\1033\diagscUI.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_WRITECOPY|PAGE_NOCACHE" "11:31:23.6742988 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Read" "11:31:23.6743153 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Read" "11:31:23.6743295 AM","icl.exe","36504","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 20" "11:31:23.6743452 AM","icl.exe","36504","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","" "11:31:23.6743982 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Query Value" "11:31:23.6744128 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Query Value" "11:31:23.6744256 AM","icl.exe","36504","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 80" "11:31:23.6744400 AM","icl.exe","36504","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","" "11:31:23.6744522 AM","icl.exe","36504","CreateFileMapping","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\1033\diagscUI.dll","SUCCESS","SyncType: SyncTypeOther" "11:31:23.6746270 AM","icl.exe","36504","Load Image","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\1033\diagscUI.dll","SUCCESS","Image Base: 0x4e60000, Image Size: 0xb7000" "11:31:23.6746553 AM","icl.exe","36504","CloseFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\1033\diagscUI.dll","SUCCESS","" "11:31:23.6747315 AM","icl.exe","36504","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" "11:31:23.6747458 AM","icl.exe","36504","RegOpenKey","HKLM\HARDWARE\DESCRIPTION\System\CentralProcessor","SUCCESS","Desired Access: Read" "11:31:23.6747642 AM","icl.exe","36504","RegQueryKey","HKLM\HARDWARE\DESCRIPTION\System\CentralProcessor","SUCCESS","Query: Cached, SubKeys: 4, Values: 0" "11:31:23.6747786 AM","icl.exe","36504","RegCloseKey","HKLM\HARDWARE\DESCRIPTION\System\CentralProcessor","SUCCESS","" "11:31:23.6750259 AM","icl.exe","36504","CreateFile","C:\Users\osqa\AppData\Local\Temp","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:23.6750527 AM","icl.exe","36504","QueryBasicInformationFile","C:\Users\osqa\AppData\Local\Temp","SUCCESS","CreationTime: 2/23/2021 6:57:50 PM, LastAccessTime: 3/25/2021 11:31:21 AM, LastWriteTime: 3/25/2021 11:31:20 AM, ChangeTime: 3/25/2021 11:31:20 AM, FileAttributes: D" "11:31:23.6750625 AM","icl.exe","36504","CloseFile","C:\Users\osqa\AppData\Local\Temp","SUCCESS","" "11:31:23.6751426 AM","icl.exe","36504","CreateFile","C:\Users\osqa\AppData\Local","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Open For Backup, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:23.6751687 AM","icl.exe","36504","QueryDirectory","C:\Users\osqa\AppData\Local\Temp","SUCCESS","FileInformationClass: FileBothDirectoryInformation, Filter: Temp, 2: Temp" "11:31:23.6792842 AM","icl.exe","36504","CreateFile","C:\Windows\System32\tzres.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:23.6793238 AM","icl.exe","36504","QueryBasicInformationFile","C:\Windows\System32\tzres.dll","SUCCESS","CreationTime: 2/17/2021 8:53:41 AM, LastAccessTime: 3/25/2021 11:31:21 AM, LastWriteTime: 2/17/2021 8:53:41 AM, ChangeTime: 3/10/2021 10:24:06 PM, FileAttributes: A" "11:31:23.6793356 AM","icl.exe","36504","CloseFile","C:\Windows\System32\tzres.dll","SUCCESS","" "11:31:23.6794608 AM","icl.exe","36504","CreateFile","C:\Windows\System32\tzres.dll","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:23.6795028 AM","icl.exe","36504","CreateFileMapping","C:\Windows\System32\tzres.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_WRITECOPY|PAGE_NOCACHE" "11:31:23.6795463 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Read" "11:31:23.6795635 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Read" "11:31:23.6795782 AM","icl.exe","36504","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 20" "11:31:23.6795942 AM","icl.exe","36504","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","" "11:31:23.6796066 AM","icl.exe","36504","CreateFileMapping","C:\Windows\System32\tzres.dll","SUCCESS","SyncType: SyncTypeOther" "11:31:23.6796384 AM","icl.exe","36504","CloseFile","C:\Windows\System32\tzres.dll","SUCCESS","" "11:31:23.6796949 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\StateSeparation\RedirectionMap\Keys","REPARSE","Desired Access: Read" "11:31:23.6797093 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\StateSeparation\RedirectionMap\Keys","NAME NOT FOUND","Desired Access: Read" "11:31:23.6797264 AM","icl.exe","36504","RegOpenKey","HKLM\Software\Microsoft\LanguageOverlay\OverlayPackages\en-US","NAME NOT FOUND","Desired Access: Read" "11:31:23.6798136 AM","icl.exe","36504","CreateFile","C:\Windows\System32\en-US\tzres.dll.mui","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:23.6798437 AM","icl.exe","36504","CreateFileMapping","C:\Windows\System32\en-US\tzres.dll.mui","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_WRITECOPY|PAGE_NOCACHE" "11:31:23.6798565 AM","icl.exe","36504","QueryStandardInformationFile","C:\Windows\System32\en-US\tzres.dll.mui","SUCCESS","AllocationSize: 45,056, EndOfFile: 44,544, NumberOfLinks: 2, DeletePending: False, Directory: False" "11:31:23.6798800 AM","icl.exe","36504","CreateFileMapping","C:\Windows\System32\en-US\tzres.dll.mui","SUCCESS","SyncType: SyncTypeOther" "11:31:23.6799318 AM","icl.exe","36504","CloseFile","C:\Windows\System32\en-US\tzres.dll.mui","SUCCESS","" "11:31:23.6801142 AM","icl.exe","36504","CreateFile","C:\Windows\System32\tzres.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:23.6801742 AM","icl.exe","36504","QueryBasicInformationFile","C:\Windows\System32\tzres.dll","SUCCESS","CreationTime: 2/17/2021 8:53:41 AM, LastAccessTime: 3/25/2021 11:31:23 AM, LastWriteTime: 2/17/2021 8:53:41 AM, ChangeTime: 3/10/2021 10:24:06 PM, FileAttributes: A" "11:31:23.6801999 AM","icl.exe","36504","CloseFile","C:\Windows\System32\tzres.dll","SUCCESS","" "11:31:23.6803478 AM","icl.exe","36504","CreateFile","C:\Windows\System32\tzres.dll","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:23.6804247 AM","icl.exe","36504","CreateFileMapping","C:\Windows\System32\tzres.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_WRITECOPY|PAGE_NOCACHE" "11:31:23.6804526 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Read" "11:31:23.6804940 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Read" "11:31:23.6805178 AM","icl.exe","36504","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 20" "11:31:23.6805350 AM","icl.exe","36504","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","" "11:31:23.6805506 AM","icl.exe","36504","CreateFileMapping","C:\Windows\System32\tzres.dll","SUCCESS","SyncType: SyncTypeOther" "11:31:23.6805865 AM","icl.exe","36504","CloseFile","C:\Windows\System32\tzres.dll","SUCCESS","" "11:31:23.6806496 AM","icl.exe","36504","RegOpenKey","HKLM\Software\Microsoft\LanguageOverlay\OverlayPackages\en-US","NAME NOT FOUND","Desired Access: Read" "11:31:23.6807503 AM","icl.exe","36504","CreateFile","C:\Windows\System32\en-US\tzres.dll.mui","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:23.6808027 AM","icl.exe","36504","CreateFileMapping","C:\Windows\System32\en-US\tzres.dll.mui","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_WRITECOPY|PAGE_NOCACHE" "11:31:23.6808158 AM","icl.exe","36504","QueryStandardInformationFile","C:\Windows\System32\en-US\tzres.dll.mui","SUCCESS","AllocationSize: 45,056, EndOfFile: 44,544, NumberOfLinks: 2, DeletePending: False, Directory: False" "11:31:23.6808432 AM","icl.exe","36504","CreateFileMapping","C:\Windows\System32\en-US\tzres.dll.mui","SUCCESS","SyncType: SyncTypeOther" "11:31:23.6808978 AM","icl.exe","36504","CloseFile","C:\Windows\System32\en-US\tzres.dll.mui","SUCCESS","" "11:31:23.6809533 AM","icl.exe","36504","CloseFile","C:\Users\osqa\AppData\Local","SUCCESS","" "11:31:23.6811233 AM","icl.exe","36504","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:23.6811462 AM","icl.exe","36504","QueryBasicInformationFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64","SUCCESS","CreationTime: 2/24/2021 12:42:09 AM, LastAccessTime: 3/25/2021 11:31:23 AM, LastWriteTime: 2/24/2021 12:42:51 AM, ChangeTime: 2/24/2021 12:42:51 AM, FileAttributes: D" "11:31:23.6811554 AM","icl.exe","36504","CloseFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64","SUCCESS","" "11:31:23.6811940 AM","icl.exe","36504","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Open For Backup, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:23.6812199 AM","icl.exe","36504","QueryDirectory","C:\Program Files (x86)","SUCCESS","FileInformationClass: FileBothDirectoryInformation, Filter: Program Files (x86), 2: Program Files (x86)" "11:31:23.6812439 AM","icl.exe","36504","CloseFile","C:\","SUCCESS","" "11:31:23.6813266 AM","icl.exe","36504","CreateFile","C:\Program Files (x86)","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Open For Backup, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:23.6813519 AM","icl.exe","36504","QueryDirectory","C:\Program Files (x86)\IntelSWTools","SUCCESS","FileInformationClass: FileBothDirectoryInformation, Filter: IntelSWTools, 2: IntelSWTools" "11:31:23.6813745 AM","icl.exe","36504","CloseFile","C:\Program Files (x86)","SUCCESS","" "11:31:23.6814995 AM","icl.exe","36504","CreateFile","C:\Program Files (x86)\IntelSWTools","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Open For Backup, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:23.6815253 AM","icl.exe","36504","QueryDirectory","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210","SUCCESS","FileInformationClass: FileBothDirectoryInformation, Filter: compilers_and_libraries_2017.4.210, 2: compilers_and_libraries_2017.4.210" "11:31:23.6815480 AM","icl.exe","36504","CloseFile","C:\Program Files (x86)\IntelSWTools","SUCCESS","" "11:31:23.6817202 AM","icl.exe","36504","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\mcpcom.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:23.6817485 AM","icl.exe","36504","QueryBasicInformationFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\mcpcom.exe","SUCCESS","CreationTime: 4/12/2017 8:26:48 AM, LastAccessTime: 3/25/2021 11:31:20 AM, LastWriteTime: 4/12/2017 8:26:48 AM, ChangeTime: 2/24/2021 12:42:38 AM, FileAttributes: A" "11:31:23.6817576 AM","icl.exe","36504","CloseFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\mcpcom.exe","SUCCESS","" "11:31:23.6819237 AM","icl.exe","36504","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\icl.cfg","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened" "11:31:23.6819862 AM","icl.exe","36504","CloseFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\icl.cfg","SUCCESS","" "11:31:23.6820805 AM","icl.exe","36504","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\icl.cfg","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened" "11:31:23.6821402 AM","icl.exe","36504","ReadFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\icl.cfg","END OF FILE","Offset: 0, Length: 4,096, Priority: Normal" "11:31:23.6821604 AM","icl.exe","36504","CloseFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\icl.cfg","SUCCESS","" "11:31:23.6822477 AM","icl.exe","36504","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\icl.cfg","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened" "11:31:23.6822932 AM","icl.exe","36504","QueryStandardInformationFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\icl.cfg","SUCCESS","AllocationSize: 0, EndOfFile: 0, NumberOfLinks: 1, DeletePending: False, Directory: False" "11:31:23.6823073 AM","icl.exe","36504","ReadFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\icl.cfg","END OF FILE","Offset: 0, Length: 6, Priority: Normal" "11:31:23.6823256 AM","icl.exe","36504","ReadFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\icl.cfg","END OF FILE","Offset: 0, Length: 4,096, Priority: Normal" "11:31:23.6823400 AM","icl.exe","36504","CloseFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\icl.cfg","SUCCESS","" "11:31:23.6830462 AM","icl.exe","36504","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\CRYPTSP.dll","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a" "11:31:23.6832389 AM","icl.exe","36504","CreateFile","C:\Windows\System32\cryptsp.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:23.6832805 AM","icl.exe","36504","QueryBasicInformationFile","C:\Windows\System32\cryptsp.dll","SUCCESS","CreationTime: 2/17/2021 8:53:41 AM, LastAccessTime: 3/25/2021 11:31:21 AM, LastWriteTime: 2/17/2021 8:53:41 AM, ChangeTime: 3/10/2021 10:24:06 PM, FileAttributes: A" "11:31:23.6833027 AM","icl.exe","36504","CloseFile","C:\Windows\System32\cryptsp.dll","SUCCESS","" "11:31:23.6834180 AM","icl.exe","36504","CreateFile","C:\Windows\System32\cryptsp.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:23.6834601 AM","icl.exe","36504","CreateFileMapping","C:\Windows\System32\cryptsp.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_WRITECOPY|PAGE_NOCACHE" "11:31:23.6835899 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Read" "11:31:23.6836101 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Read" "11:31:23.6836274 AM","icl.exe","36504","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 20" "11:31:23.6836471 AM","icl.exe","36504","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","" "11:31:23.6836642 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Query Value" "11:31:23.6836808 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Query Value" "11:31:23.6836961 AM","icl.exe","36504","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 80" "11:31:23.6837132 AM","icl.exe","36504","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","" "11:31:23.6837286 AM","icl.exe","36504","CreateFileMapping","C:\Windows\System32\cryptsp.dll","SUCCESS","SyncType: SyncTypeOther" "11:31:23.6839676 AM","icl.exe","36504","Load Image","C:\Windows\System32\cryptsp.dll","SUCCESS","Image Base: 0x7ffbda930000, Image Size: 0x18000" "11:31:23.6840329 AM","icl.exe","36504","CloseFile","C:\Windows\System32\cryptsp.dll","SUCCESS","" "11:31:23.6841504 AM","icl.exe","36504","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" "11:31:23.6841672 AM","icl.exe","36504","RegOpenKey","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider Types\Type 001","SUCCESS","Desired Access: Read" "11:31:23.6841874 AM","icl.exe","36504","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider Types\Type 001\Name","BUFFER OVERFLOW","Length: 12" "11:31:23.6841991 AM","icl.exe","36504","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider Types\Type 001\Name","SUCCESS","Type: REG_SZ, Length: 80, Data: Microsoft Strong Cryptographic Provider" "11:31:23.6842112 AM","icl.exe","36504","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider Types\Type 001\Name","BUFFER OVERFLOW","Length: 52" "11:31:23.6842211 AM","icl.exe","36504","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider Types\Type 001\Name","SUCCESS","Type: REG_SZ, Length: 80, Data: Microsoft Strong Cryptographic Provider" "11:31:23.6842350 AM","icl.exe","36504","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider Types\Type 001","SUCCESS","" "11:31:23.6842471 AM","icl.exe","36504","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" "11:31:23.6842586 AM","icl.exe","36504","RegOpenKey","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Strong Cryptographic Provider","SUCCESS","Desired Access: Read" "11:31:23.6842744 AM","icl.exe","36504","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Strong Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1" "11:31:23.6842855 AM","icl.exe","36504","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Strong Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12" "11:31:23.6842952 AM","icl.exe","36504","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Strong Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: %SystemRoot%\system32\rsaenh.dll" "11:31:23.6843058 AM","icl.exe","36504","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Strong Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45" "11:31:23.6843155 AM","icl.exe","36504","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Strong Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: %SystemRoot%\system32\rsaenh.dll" "11:31:23.6845334 AM","icl.exe","36504","CreateFile","C:\Windows\System32\rsaenh.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:23.6845719 AM","icl.exe","36504","QueryBasicInformationFile","C:\Windows\System32\rsaenh.dll","SUCCESS","CreationTime: 2/17/2021 8:53:41 AM, LastAccessTime: 3/25/2021 11:31:21 AM, LastWriteTime: 2/17/2021 8:53:41 AM, ChangeTime: 3/10/2021 10:24:06 PM, FileAttributes: A" "11:31:23.6845830 AM","icl.exe","36504","CloseFile","C:\Windows\System32\rsaenh.dll","SUCCESS","" "11:31:23.6846639 AM","icl.exe","36504","CreateFile","C:\Windows\System32\rsaenh.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:23.6846989 AM","icl.exe","36504","CreateFileMapping","C:\Windows\System32\rsaenh.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_WRITECOPY|PAGE_NOCACHE" "11:31:23.6847816 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Read" "11:31:23.6847988 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Read" "11:31:23.6848137 AM","icl.exe","36504","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 20" "11:31:23.6848300 AM","icl.exe","36504","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","" "11:31:23.6848442 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Query Value" "11:31:23.6848585 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Query Value" "11:31:23.6848717 AM","icl.exe","36504","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 80" "11:31:23.6848866 AM","icl.exe","36504","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","" "11:31:23.6849008 AM","icl.exe","36504","CreateFileMapping","C:\Windows\System32\rsaenh.dll","SUCCESS","SyncType: SyncTypeOther" "11:31:23.6851106 AM","icl.exe","36504","Load Image","C:\Windows\System32\rsaenh.dll","SUCCESS","Image Base: 0x7ffbd9db0000, Image Size: 0x34000" "11:31:23.6852248 AM","icl.exe","36504","CloseFile","C:\Windows\System32\rsaenh.dll","SUCCESS","" "11:31:23.6853128 AM","icl.exe","36504","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" "11:31:23.6853278 AM","icl.exe","36504","RegOpenKey","HKLM\Software\Policies\Microsoft\Cryptography","SUCCESS","Desired Access: Read" "11:31:23.6853456 AM","icl.exe","36504","RegSetInfoKey","HKLM\SOFTWARE\Policies\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" "11:31:23.6853930 AM","icl.exe","36504","RegQueryValue","HKLM\SOFTWARE\Policies\Microsoft\Cryptography\PrivKeyCacheMaxItems","NAME NOT FOUND","Length: 16" "11:31:23.6854055 AM","icl.exe","36504","RegQueryValue","HKLM\SOFTWARE\Policies\Microsoft\Cryptography\PrivKeyCachePurgeIntervalSeconds","NAME NOT FOUND","Length: 16" "11:31:23.6854156 AM","icl.exe","36504","RegQueryValue","HKLM\SOFTWARE\Policies\Microsoft\Cryptography\PrivateKeyLifetimeSeconds","NAME NOT FOUND","Length: 16" "11:31:23.6854296 AM","icl.exe","36504","RegCloseKey","HKLM\SOFTWARE\Policies\Microsoft\Cryptography","SUCCESS","" "11:31:23.6854442 AM","icl.exe","36504","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" "11:31:23.6854566 AM","icl.exe","36504","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read" "11:31:23.6854703 AM","icl.exe","36504","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" "11:31:23.6854797 AM","icl.exe","36504","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12" "11:31:23.6854907 AM","icl.exe","36504","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: 7f7421c1-6067-490b-b147-4e8eac31a572" "11:31:23.6855026 AM","icl.exe","36504","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49" "11:31:23.6855159 AM","icl.exe","36504","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: 7f7421c1-6067-490b-b147-4e8eac31a572" "11:31:23.6855339 AM","icl.exe","36504","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","" "11:31:23.6855449 AM","icl.exe","36504","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" "11:31:23.6855560 AM","icl.exe","36504","RegOpenKey","HKLM\Software\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read" "11:31:23.6857318 AM","icl.exe","36504","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\CRYPTBASE.dll","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a" "11:31:23.6858711 AM","icl.exe","36504","CreateFile","C:\Windows\System32\cryptbase.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:23.6858973 AM","icl.exe","36504","QueryBasicInformationFile","C:\Windows\System32\cryptbase.dll","SUCCESS","CreationTime: 2/17/2021 8:53:44 AM, LastAccessTime: 3/25/2021 11:31:21 AM, LastWriteTime: 2/17/2021 8:53:44 AM, ChangeTime: 3/10/2021 10:24:06 PM, FileAttributes: A" "11:31:23.6859087 AM","icl.exe","36504","CloseFile","C:\Windows\System32\cryptbase.dll","SUCCESS","" "11:31:23.6859892 AM","icl.exe","36504","CreateFile","C:\Windows\System32\cryptbase.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:23.6860166 AM","icl.exe","36504","CreateFileMapping","C:\Windows\System32\cryptbase.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_WRITECOPY|PAGE_NOCACHE" "11:31:23.6860975 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Read" "11:31:23.6861149 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Read" "11:31:23.6861296 AM","icl.exe","36504","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 20" "11:31:23.6861457 AM","icl.exe","36504","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","" "11:31:23.6861602 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Query Value" "11:31:23.6861748 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Query Value" "11:31:23.6861882 AM","icl.exe","36504","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 80" "11:31:23.6862037 AM","icl.exe","36504","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","" "11:31:23.6862173 AM","icl.exe","36504","CreateFileMapping","C:\Windows\System32\cryptbase.dll","SUCCESS","SyncType: SyncTypeOther" "11:31:23.6864447 AM","icl.exe","36504","Load Image","C:\Windows\System32\cryptbase.dll","SUCCESS","Image Base: 0x7ffbda570000, Image Size: 0xc000" "11:31:23.6865020 AM","icl.exe","36504","CloseFile","C:\Windows\System32\cryptbase.dll","SUCCESS","" "11:31:23.6867839 AM","icl.exe","36504","Load Image","C:\Windows\System32\bcryptprimitives.dll","SUCCESS","Image Base: 0x7ffbdb410000, Image Size: 0x80000" "11:31:23.6869831 AM","icl.exe","36504","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\f3a71a4b-6118-4257-8ccb-39a33ba059d4","NAME NOT FOUND","Length: 528" "11:31:23.6870507 AM","icl.exe","36504","QueryNameInformationFile","C:\Windows\System32\bcryptprimitives.dll","SUCCESS","Name: \Windows\System32\bcryptprimitives.dll" "11:31:23.6870829 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy","REPARSE","Desired Access: Query Value" "11:31:23.6871004 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy","SUCCESS","Desired Access: Query Value" "11:31:23.6871181 AM","icl.exe","36504","RegQueryValue","HKLM\System\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy\STE","NAME NOT FOUND","Length: 20" "11:31:23.6871335 AM","icl.exe","36504","RegCloseKey","HKLM\System\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy","SUCCESS","" "11:31:23.6871478 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy","REPARSE","Desired Access: Query Value" "11:31:23.6871611 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy","SUCCESS","Desired Access: Query Value" "11:31:23.6871747 AM","icl.exe","36504","RegQueryValue","HKLM\System\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy\Enabled","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0" "11:31:23.6871902 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Lsa","REPARSE","Desired Access: Query Value" "11:31:23.6872025 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Lsa","SUCCESS","Desired Access: Query Value" "11:31:23.6872154 AM","icl.exe","36504","RegQueryValue","HKLM\System\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy","NAME NOT FOUND","Length: 20" "11:31:23.6872282 AM","icl.exe","36504","RegQueryValue","HKLM\System\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy\MDMEnabled","NAME NOT FOUND","Length: 20" "11:31:23.6872429 AM","icl.exe","36504","RegCloseKey","HKLM\System\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy","SUCCESS","" "11:31:23.6872542 AM","icl.exe","36504","RegCloseKey","HKLM\System\CurrentControlSet\Control\Lsa","SUCCESS","" "11:31:23.6872670 AM","icl.exe","36504","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Policies\Microsoft\Cryptography\Configuration","REPARSE","Desired Access: Query Value" "11:31:23.6872797 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Policies\Microsoft\Cryptography\Configuration","NAME NOT FOUND","Desired Access: Query Value" "11:31:23.6873382 AM","icl.exe","36504","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Strong Cryptographic Provider","SUCCESS","" "11:31:23.6873761 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Cryptography\Providers","REPARSE","Desired Access: Read" "11:31:23.6874087 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Cryptography\Providers","SUCCESS","Desired Access: Read" "11:31:23.6874292 AM","icl.exe","36504","RegCloseKey","HKLM\System\CurrentControlSet\Control\Cryptography\Providers","SUCCESS","" "11:31:23.6874442 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Cryptography\Configuration","REPARSE","Desired Access: Read" "11:31:23.6874588 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Cryptography\Configuration","SUCCESS","Desired Access: Read" "11:31:23.6874756 AM","icl.exe","36504","RegCloseKey","HKLM\System\CurrentControlSet\Control\Cryptography\Configuration","SUCCESS","" "11:31:23.6876852 AM","icl.exe","36504","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\SspiCli.dll","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a" "11:31:23.6878268 AM","icl.exe","36504","CreateFile","C:\Windows\System32\sspicli.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:23.6878629 AM","icl.exe","36504","QueryBasicInformationFile","C:\Windows\System32\sspicli.dll","SUCCESS","CreationTime: 2/17/2021 8:53:44 AM, LastAccessTime: 3/25/2021 11:31:21 AM, LastWriteTime: 2/17/2021 8:53:44 AM, ChangeTime: 3/10/2021 10:24:06 PM, FileAttributes: A" "11:31:23.6878951 AM","icl.exe","36504","CloseFile","C:\Windows\System32\sspicli.dll","SUCCESS","" "11:31:23.6879826 AM","icl.exe","36504","CreateFile","C:\Windows\System32\sspicli.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:23.6880202 AM","icl.exe","36504","CreateFileMapping","C:\Windows\System32\sspicli.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_WRITECOPY|PAGE_NOCACHE" "11:31:23.6881073 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Read" "11:31:23.6881245 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Read" "11:31:23.6881395 AM","icl.exe","36504","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 20" "11:31:23.6881571 AM","icl.exe","36504","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","" "11:31:23.6881717 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Query Value" "11:31:23.6881860 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Query Value" "11:31:23.6882001 AM","icl.exe","36504","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 80" "11:31:23.6882158 AM","icl.exe","36504","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","" "11:31:23.6882304 AM","icl.exe","36504","CreateFileMapping","C:\Windows\System32\sspicli.dll","SUCCESS","SyncType: SyncTypeOther" "11:31:23.6884477 AM","icl.exe","36504","Load Image","C:\Windows\System32\sspicli.dll","SUCCESS","Image Base: 0x7ffbdab90000, Image Size: 0x3c000" "11:31:23.6885228 AM","icl.exe","36504","CloseFile","C:\Windows\System32\sspicli.dll","SUCCESS","" "11:31:23.6886625 AM","icl.exe","36504","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\a6d3c9ac-9128-522a-495a-1821191173c2","NAME NOT FOUND","Length: 528" "11:31:23.6887255 AM","icl.exe","36504","QueryNameInformationFile","C:\Windows\System32\sspicli.dll","SUCCESS","Name: \Windows\System32\sspicli.dll" "11:31:23.6888076 AM","icl.exe","36504","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" "11:31:23.6888617 AM","icl.exe","36504","RegOpenKey","HKLM\Software\Microsoft\Rpc","SUCCESS","Desired Access: Read" "11:31:23.6889138 AM","icl.exe","36504","RegQueryValue","HKLM\SOFTWARE\Microsoft\Rpc\MaxRpcSize","NAME NOT FOUND","Length: 16" "11:31:23.6889367 AM","icl.exe","36504","RegCloseKey","HKLM\SOFTWARE\Microsoft\Rpc","SUCCESS","" "11:31:23.6890053 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Services\CCG","REPARSE","Desired Access: Read" "11:31:23.6890226 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Services\CCG","NAME NOT FOUND","Desired Access: Read" "11:31:23.6890415 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Services\CCG","REPARSE","Desired Access: Read" "11:31:23.6890545 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Services\CCG","NAME NOT FOUND","Desired Access: Read" "11:31:23.6890704 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\ComputerName\ActiveComputerName","REPARSE","Desired Access: Read" "11:31:23.6890842 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\ComputerName\ActiveComputerName","SUCCESS","Desired Access: Read" "11:31:23.6890992 AM","icl.exe","36504","RegQueryValue","HKLM\System\CurrentControlSet\Control\ComputerName\ActiveComputerName\ComputerName","SUCCESS","Type: REG_SZ, Length: 28, Data: CA-W10-BLD-05" "11:31:23.6891144 AM","icl.exe","36504","RegCloseKey","HKLM\System\CurrentControlSet\Control\ComputerName\ActiveComputerName","SUCCESS","" "11:31:23.6891286 AM","icl.exe","36504","RegOpenKey","HKLM\System\Setup","SUCCESS","Desired Access: Read" "11:31:23.6891410 AM","icl.exe","36504","RegQueryValue","HKLM\SYSTEM\Setup\OOBEInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0" "11:31:23.6891542 AM","icl.exe","36504","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS","" "11:31:23.6891657 AM","icl.exe","36504","RegOpenKey","HKLM\System\Setup","SUCCESS","Desired Access: Read" "11:31:23.6891766 AM","icl.exe","36504","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0" "11:31:23.6891897 AM","icl.exe","36504","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS","" "11:31:23.6892031 AM","icl.exe","36504","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\icl.exe","NAME NOT FOUND","Desired Access: Query Value, Enumerate Sub Keys" "11:31:23.6892528 AM","icl.exe","36504","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" "11:31:23.6892654 AM","icl.exe","36504","RegOpenKey","HKLM\Software\Policies\Microsoft\Windows NT\Rpc","NAME NOT FOUND","Desired Access: Read" "11:31:23.6893575 AM","icl.exe","36504","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" "11:31:23.6893694 AM","icl.exe","36504","RegOpenKey","HKLM\Software\Microsoft\Rpc","SUCCESS","Desired Access: Query Value" "11:31:23.6893954 AM","icl.exe","36504","RegQueryValue","HKLM\SOFTWARE\Microsoft\Rpc\IdleTimerWindow","NAME NOT FOUND","Length: 16" "11:31:23.6894102 AM","icl.exe","36504","RegCloseKey","HKLM\SOFTWARE\Microsoft\Rpc","SUCCESS","" "11:31:23.6897348 AM","icl.exe","36504","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" "11:31:23.6897506 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Hvsi","REPARSE","Desired Access: Read" "11:31:23.6898110 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Hvsi","SUCCESS","Desired Access: Read" "11:31:23.6898292 AM","icl.exe","36504","RegQueryValue","HKLM\System\CurrentControlSet\Control\Hvsi\IsHvsiContainer","NAME NOT FOUND","Length: 16" "11:31:23.6898434 AM","icl.exe","36504","RegCloseKey","HKLM\System\CurrentControlSet\Control\Hvsi","SUCCESS","" "11:31:23.6899888 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Cryptography\Providers","REPARSE","Desired Access: Read" "11:31:23.6900074 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Cryptography\Providers","SUCCESS","Desired Access: Read" "11:31:23.6900286 AM","icl.exe","36504","RegCloseKey","HKLM\System\CurrentControlSet\Control\Cryptography\Providers","SUCCESS","" "11:31:23.6900445 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Cryptography\Configuration","REPARSE","Desired Access: Read" "11:31:23.6900916 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Cryptography\Configuration","SUCCESS","Desired Access: Read" "11:31:23.6901166 AM","icl.exe","36504","RegCloseKey","HKLM\System\CurrentControlSet\Control\Cryptography\Configuration","SUCCESS","" "11:31:23.6902821 AM","icl.exe","36504","CreateFile","C:\Users\osqa\AppData\Local\Temp\IntelLicenseCache","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Open For Backup, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:23.6903357 AM","icl.exe","36504","QueryDirectory","C:\Users\osqa\AppData\Local\Temp\IntelLicenseCache\ILC*.TMP","SUCCESS","FileInformationClass: FileBothDirectoryInformation, Filter: ILC*.TMP, 2: ILCE9C9.tmp" "11:31:23.6904522 AM","icl.exe","36504","CreateFile","C:\Users\osqa\AppData\Local\Temp\IntelLicenseCache\ILCE9C9.tmp","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened" "11:31:23.6904919 AM","icl.exe","36504","ReadFile","C:\Users\osqa\AppData\Local\Temp\IntelLicenseCache\ILCE9C9.tmp","SUCCESS","Offset: 0, Length: 101, Priority: Normal" "11:31:23.6905234 AM","icl.exe","36504","ReadFile","C:\Users\osqa\AppData\Local\Temp\IntelLicenseCache\ILCE9C9.tmp","END OF FILE","Offset: 101, Length: 4,096" "11:31:23.6905404 AM","icl.exe","36504","CloseFile","C:\Users\osqa\AppData\Local\Temp\IntelLicenseCache\ILCE9C9.tmp","SUCCESS","" "11:31:23.6906157 AM","icl.exe","36504","QueryDirectory","C:\Users\osqa\AppData\Local\Temp\IntelLicenseCache","SUCCESS","FileInformationClass: FileBothDirectoryInformation, 1: ILCFA0.tmp" "11:31:23.6907209 AM","icl.exe","36504","CreateFile","C:\Users\osqa\AppData\Local\Temp\IntelLicenseCache\ILCFA0.tmp","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened" "11:31:23.6907575 AM","icl.exe","36504","ReadFile","C:\Users\osqa\AppData\Local\Temp\IntelLicenseCache\ILCFA0.tmp","SUCCESS","Offset: 0, Length: 101, Priority: Normal" "11:31:23.6907763 AM","icl.exe","36504","ReadFile","C:\Users\osqa\AppData\Local\Temp\IntelLicenseCache\ILCFA0.tmp","END OF FILE","Offset: 101, Length: 4,096" "11:31:23.6907907 AM","icl.exe","36504","CloseFile","C:\Users\osqa\AppData\Local\Temp\IntelLicenseCache\ILCFA0.tmp","SUCCESS","" "11:31:23.6908739 AM","icl.exe","36504","CloseFile","C:\Users\osqa\AppData\Local\Temp\IntelLicenseCache","SUCCESS","" "11:31:23.6910185 AM","icl.exe","36504","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\icl.cfg","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened" "11:31:23.6910753 AM","icl.exe","36504","CloseFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\icl.cfg","SUCCESS","" "11:31:23.6911688 AM","icl.exe","36504","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\icl.cfg","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened" "11:31:23.6912387 AM","icl.exe","36504","ReadFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\icl.cfg","END OF FILE","Offset: 0, Length: 4,096, Priority: Normal" "11:31:23.6912582 AM","icl.exe","36504","CloseFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\icl.cfg","SUCCESS","" "11:31:23.6913572 AM","icl.exe","36504","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\icl.cfg","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened" "11:31:23.6914434 AM","icl.exe","36504","QueryStandardInformationFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\icl.cfg","SUCCESS","AllocationSize: 0, EndOfFile: 0, NumberOfLinks: 1, DeletePending: False, Directory: False" "11:31:23.6914584 AM","icl.exe","36504","ReadFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\icl.cfg","END OF FILE","Offset: 0, Length: 6, Priority: Normal" "11:31:23.6914782 AM","icl.exe","36504","ReadFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\icl.cfg","END OF FILE","Offset: 0, Length: 4,096, Priority: Normal" "11:31:23.6914936 AM","icl.exe","36504","CloseFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\icl.cfg","SUCCESS","" "11:31:23.6921509 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","REPARSE","Desired Access: Read" "11:31:23.6921686 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","Desired Access: Read" "11:31:23.6921864 AM","icl.exe","36504","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale\af-ZA","NAME NOT FOUND","Length: 532" "11:31:23.6922010 AM","icl.exe","36504","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","" "11:31:23.6922138 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","REPARSE","Desired Access: Read" "11:31:23.6922258 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","Desired Access: Read" "11:31:23.6922396 AM","icl.exe","36504","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale\af-ZA","NAME NOT FOUND","Length: 532" "11:31:23.6922513 AM","icl.exe","36504","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","" "11:31:23.6922762 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","REPARSE","Desired Access: Read" "11:31:23.6922894 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","Desired Access: Read" "11:31:23.6923007 AM","icl.exe","36504","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale\am-ET","NAME NOT FOUND","Length: 532" "11:31:23.6923120 AM","icl.exe","36504","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","" "11:31:23.6923255 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","REPARSE","Desired Access: Read" "11:31:23.6923369 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","Desired Access: Read" "11:31:23.6923481 AM","icl.exe","36504","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale\am-ET","NAME NOT FOUND","Length: 532" "11:31:23.6923590 AM","icl.exe","36504","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","" "11:31:23.6923759 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\Codepage","REPARSE","Desired Access: Read" "11:31:23.6924050 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\Codepage","SUCCESS","Desired Access: Read" "11:31:23.6924180 AM","icl.exe","36504","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\CodePage\AllowDeprecatedCP","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1111573537" "11:31:23.6924433 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","REPARSE","Desired Access: Read" "11:31:23.6924548 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","Desired Access: Read" "11:31:23.6924661 AM","icl.exe","36504","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale\ar-AE","NAME NOT FOUND","Length: 532" "11:31:23.6924776 AM","icl.exe","36504","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","" "11:31:23.6925075 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","REPARSE","Desired Access: Read" "11:31:23.6925192 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","Desired Access: Read" "11:31:23.6925674 AM","icl.exe","36504","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale\ar-AE","NAME NOT FOUND","Length: 532" "11:31:23.6925812 AM","icl.exe","36504","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","" "11:31:23.6926381 AM","icl.exe","36504","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\CodePage\1256","SUCCESS","Type: REG_SZ, Length: 22, Data: c_1256.nls" "11:31:23.6927710 AM","icl.exe","36504","CreateFile","C:\Windows\System32\C_1256.NLS","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:23.6928046 AM","icl.exe","36504","QueryBasicInformationFile","C:\Windows\System32\C_1256.NLS","SUCCESS","CreationTime: 12/7/2019 2:08:49 AM, LastAccessTime: 3/25/2021 10:46:36 AM, LastWriteTime: 12/7/2019 2:08:49 AM, ChangeTime: 3/10/2021 10:18:37 PM, FileAttributes: A" "11:31:23.6928151 AM","icl.exe","36504","CloseFile","C:\Windows\System32\C_1256.NLS","SUCCESS","" "11:31:23.6928763 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","REPARSE","Desired Access: Read" "11:31:23.6928919 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","Desired Access: Read" "11:31:23.6929075 AM","icl.exe","36504","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale\ar-BH","NAME NOT FOUND","Length: 532" "11:31:23.6929217 AM","icl.exe","36504","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","" "11:31:23.6929349 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","REPARSE","Desired Access: Read" "11:31:23.6929473 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","Desired Access: Read" "11:31:23.6929600 AM","icl.exe","36504","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale\ar-BH","NAME NOT FOUND","Length: 532" "11:31:23.6929728 AM","icl.exe","36504","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","" "11:31:23.6930316 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","REPARSE","Desired Access: Read" "11:31:23.6930446 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","Desired Access: Read" "11:31:23.6930565 AM","icl.exe","36504","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale\ar-DZ","NAME NOT FOUND","Length: 532" "11:31:23.6930681 AM","icl.exe","36504","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","" "11:31:23.6930802 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","REPARSE","Desired Access: Read" "11:31:23.6930919 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","Desired Access: Read" "11:31:23.6931034 AM","icl.exe","36504","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale\ar-DZ","NAME NOT FOUND","Length: 532" "11:31:23.6931147 AM","icl.exe","36504","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","" "11:31:23.6931325 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","REPARSE","Desired Access: Read" "11:31:23.6931445 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","Desired Access: Read" "11:31:23.6931609 AM","icl.exe","36504","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale\ar-EG","NAME NOT FOUND","Length: 532" "11:31:23.6931733 AM","icl.exe","36504","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","" "11:31:23.6931861 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","REPARSE","Desired Access: Read" "11:31:23.6932004 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","Desired Access: Read" "11:31:23.6932132 AM","icl.exe","36504","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale\ar-EG","NAME NOT FOUND","Length: 532" "11:31:23.6932258 AM","icl.exe","36504","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","" "11:31:23.6932462 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","REPARSE","Desired Access: Read" "11:31:23.6932612 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","Desired Access: Read" "11:31:23.6932737 AM","icl.exe","36504","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale\ar-IQ","NAME NOT FOUND","Length: 532" "11:31:23.6933109 AM","icl.exe","36504","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","" "11:31:23.6933237 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","REPARSE","Desired Access: Read" "11:31:23.6933350 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","Desired Access: Read" "11:31:23.6933462 AM","icl.exe","36504","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale\ar-IQ","NAME NOT FOUND","Length: 532" "11:31:23.6933873 AM","icl.exe","36504","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","" "11:31:23.6934039 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","REPARSE","Desired Access: Read" "11:31:23.6934153 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","Desired Access: Read" "11:31:23.6934264 AM","icl.exe","36504","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale\ar-JO","NAME NOT FOUND","Length: 532" "11:31:23.6934382 AM","icl.exe","36504","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","" "11:31:23.6934504 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","REPARSE","Desired Access: Read" "11:31:23.6934614 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","Desired Access: Read" "11:31:23.6934724 AM","icl.exe","36504","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale\ar-JO","NAME NOT FOUND","Length: 532" "11:31:23.6934833 AM","icl.exe","36504","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","" "11:31:23.6935000 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","REPARSE","Desired Access: Read" "11:31:23.6935126 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","Desired Access: Read" "11:31:23.6935248 AM","icl.exe","36504","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale\ar-KW","NAME NOT FOUND","Length: 532" "11:31:23.6935369 AM","icl.exe","36504","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","" "11:31:23.6935487 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","REPARSE","Desired Access: Read" "11:31:23.6935606 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","Desired Access: Read" "11:31:23.6935715 AM","icl.exe","36504","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale\ar-KW","NAME NOT FOUND","Length: 532" "11:31:23.6935822 AM","icl.exe","36504","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","" "11:31:23.6935965 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","REPARSE","Desired Access: Read" "11:31:23.6936078 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","Desired Access: Read" "11:31:23.6936193 AM","icl.exe","36504","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale\ar-LB","NAME NOT FOUND","Length: 532" "11:31:23.6936301 AM","icl.exe","36504","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","" "11:31:23.6936417 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","REPARSE","Desired Access: Read" "11:31:23.6936530 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","Desired Access: Read" "11:31:23.6936649 AM","icl.exe","36504","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale\ar-LB","NAME NOT FOUND","Length: 532" "11:31:23.6936921 AM","icl.exe","36504","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","" "11:31:23.6937080 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","REPARSE","Desired Access: Read" "11:31:23.6937203 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","Desired Access: Read" "11:31:23.6937331 AM","icl.exe","36504","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale\ar-LY","NAME NOT FOUND","Length: 532" "11:31:23.6937461 AM","icl.exe","36504","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","" "11:31:23.6937703 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","REPARSE","Desired Access: Read" "11:31:23.6937857 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","Desired Access: Read" "11:31:23.6937982 AM","icl.exe","36504","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale\ar-LY","NAME NOT FOUND","Length: 532" "11:31:23.6938113 AM","icl.exe","36504","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","" "11:31:23.6938282 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","REPARSE","Desired Access: Read" "11:31:23.6938396 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","Desired Access: Read" "11:31:23.6938513 AM","icl.exe","36504","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale\ar-MA","NAME NOT FOUND","Length: 532" "11:31:23.6938623 AM","icl.exe","36504","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","" "11:31:23.6938987 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","REPARSE","Desired Access: Read" "11:31:23.6939151 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","Desired Access: Read" "11:31:23.6939292 AM","icl.exe","36504","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale\ar-MA","NAME NOT FOUND","Length: 532" "11:31:23.6939418 AM","icl.exe","36504","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","" "11:31:23.6939647 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","REPARSE","Desired Access: Read" "11:31:23.6939761 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","Desired Access: Read" "11:31:23.6939876 AM","icl.exe","36504","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale\ar-OM","NAME NOT FOUND","Length: 532" "11:31:23.6939988 AM","icl.exe","36504","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","" "11:31:23.6940105 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","REPARSE","Desired Access: Read" "11:31:23.6940216 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","Desired Access: Read" "11:31:23.6940325 AM","icl.exe","36504","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale\ar-OM","NAME NOT FOUND","Length: 532" "11:31:23.6940434 AM","icl.exe","36504","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","" "11:31:23.6940601 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","REPARSE","Desired Access: Read" "11:31:23.6940711 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","Desired Access: Read" "11:31:23.6940819 AM","icl.exe","36504","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale\ar-QA","NAME NOT FOUND","Length: 532" "11:31:23.6940939 AM","icl.exe","36504","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","" "11:31:23.6941070 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","REPARSE","Desired Access: Read" "11:31:23.6941182 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","Desired Access: Read" "11:31:23.6941290 AM","icl.exe","36504","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale\ar-QA","NAME NOT FOUND","Length: 532" "11:31:23.6941398 AM","icl.exe","36504","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","" "11:31:23.6941545 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","REPARSE","Desired Access: Read" "11:31:23.6941655 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","Desired Access: Read" "11:31:23.6941762 AM","icl.exe","36504","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale\ar-SA","NAME NOT FOUND","Length: 532" "11:31:23.6941872 AM","icl.exe","36504","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","" "11:31:23.6941986 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","REPARSE","Desired Access: Read" "11:31:23.6942095 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","Desired Access: Read" "11:31:23.6942202 AM","icl.exe","36504","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale\ar-SA","NAME NOT FOUND","Length: 532" "11:31:23.6942310 AM","icl.exe","36504","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","" "11:31:23.6942472 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","REPARSE","Desired Access: Read" "11:31:23.6942581 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","Desired Access: Read" "11:31:23.6942687 AM","icl.exe","36504","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale\ar-SY","NAME NOT FOUND","Length: 532" "11:31:23.6942794 AM","icl.exe","36504","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","" "11:31:23.6942908 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","REPARSE","Desired Access: Read" "11:31:23.6943016 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","Desired Access: Read" "11:31:23.6943123 AM","icl.exe","36504","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale\ar-SY","NAME NOT FOUND","Length: 532" "11:31:23.6943231 AM","icl.exe","36504","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","" "11:31:23.6943373 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","REPARSE","Desired Access: Read" "11:31:23.6943482 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","Desired Access: Read" "11:31:23.6943589 AM","icl.exe","36504","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale\ar-TN","NAME NOT FOUND","Length: 532" "11:31:23.6943696 AM","icl.exe","36504","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","" "11:31:23.6943935 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","REPARSE","Desired Access: Read" "11:31:23.6944058 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","Desired Access: Read" "11:31:23.6944167 AM","icl.exe","36504","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale\ar-TN","NAME NOT FOUND","Length: 532" "11:31:23.6944277 AM","icl.exe","36504","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","" "11:31:23.6944433 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","REPARSE","Desired Access: Read" "11:31:23.6944543 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","Desired Access: Read" "11:31:23.6944651 AM","icl.exe","36504","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale\ar-YE","NAME NOT FOUND","Length: 532" "11:31:23.6944759 AM","icl.exe","36504","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","" "11:31:23.6944872 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","REPARSE","Desired Access: Read" "11:31:23.6944980 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","Desired Access: Read" "11:31:23.6945086 AM","icl.exe","36504","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale\ar-YE","NAME NOT FOUND","Length: 532" "11:31:23.6945193 AM","icl.exe","36504","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","" "11:31:23.6945339 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","REPARSE","Desired Access: Read" "11:31:23.6945591 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","Desired Access: Read" "11:31:23.6945706 AM","icl.exe","36504","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale\arn-CL","NAME NOT FOUND","Length: 532" "11:31:23.6945816 AM","icl.exe","36504","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","" "11:31:23.6945932 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","REPARSE","Desired Access: Read" "11:31:23.6946041 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","Desired Access: Read" "11:31:23.6946150 AM","icl.exe","36504","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale\arn-CL","NAME NOT FOUND","Length: 532" "11:31:23.6946257 AM","icl.exe","36504","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","" "11:31:23.6946412 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","REPARSE","Desired Access: Read" "11:31:23.6946524 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","Desired Access: Read" "11:31:23.6946636 AM","icl.exe","36504","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale\as-IN","NAME NOT FOUND","Length: 532" "11:31:23.6946753 AM","icl.exe","36504","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","" "11:31:23.6946874 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","REPARSE","Desired Access: Read" "11:31:23.6946985 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","Desired Access: Read" "11:31:23.6947092 AM","icl.exe","36504","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale\as-IN","NAME NOT FOUND","Length: 532" "11:31:23.6947199 AM","icl.exe","36504","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","" "11:31:23.6947364 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","REPARSE","Desired Access: Read" "11:31:23.6947473 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","Desired Access: Read" "11:31:23.6947580 AM","icl.exe","36504","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale\az-Cyrl-AZ","NAME NOT FOUND","Length: 532" "11:31:23.6947687 AM","icl.exe","36504","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","" "11:31:23.6947800 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","REPARSE","Desired Access: Read" "11:31:23.6947909 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","Desired Access: Read" "11:31:23.6948016 AM","icl.exe","36504","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale\az-Cyrl-AZ","NAME NOT FOUND","Length: 532" "11:31:23.6948123 AM","icl.exe","36504","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","" "11:31:23.6948256 AM","icl.exe","36504","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\CodePage\1251","SUCCESS","Type: REG_SZ, Length: 22, Data: c_1251.nls" "11:31:23.6949796 AM","icl.exe","36504","CreateFile","C:\Windows\System32\C_1251.NLS","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:23.6950168 AM","icl.exe","36504","QueryBasicInformationFile","C:\Windows\System32\C_1251.NLS","SUCCESS","CreationTime: 12/7/2019 2:08:49 AM, LastAccessTime: 3/25/2021 10:46:36 AM, LastWriteTime: 12/7/2019 2:08:49 AM, ChangeTime: 3/10/2021 10:18:37 PM, FileAttributes: A" "11:31:23.6950287 AM","icl.exe","36504","CloseFile","C:\Windows\System32\C_1251.NLS","SUCCESS","" "11:31:23.6950878 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","REPARSE","Desired Access: Read" "11:31:23.6951023 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","Desired Access: Read" "11:31:23.6951151 AM","icl.exe","36504","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale\az-Latn-AZ","NAME NOT FOUND","Length: 532" "11:31:23.6951271 AM","icl.exe","36504","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","" "11:31:23.6951387 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","REPARSE","Desired Access: Read" "11:31:23.6951497 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","Desired Access: Read" "11:31:23.6951609 AM","icl.exe","36504","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale\az-Latn-AZ","NAME NOT FOUND","Length: 532" "11:31:23.6951720 AM","icl.exe","36504","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","" "11:31:23.6951840 AM","icl.exe","36504","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\CodePage\1254","SUCCESS","Type: REG_SZ, Length: 22, Data: c_1254.nls" "11:31:23.6953086 AM","icl.exe","36504","CreateFile","C:\Windows\System32\C_1254.NLS","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:23.6953409 AM","icl.exe","36504","QueryBasicInformationFile","C:\Windows\System32\C_1254.NLS","SUCCESS","CreationTime: 12/7/2019 2:08:49 AM, LastAccessTime: 3/25/2021 10:46:36 AM, LastWriteTime: 12/7/2019 2:08:49 AM, ChangeTime: 3/10/2021 10:18:37 PM, FileAttributes: A" "11:31:23.6953515 AM","icl.exe","36504","CloseFile","C:\Windows\System32\C_1254.NLS","SUCCESS","" "11:31:23.6954220 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","REPARSE","Desired Access: Read" "11:31:23.6954355 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","Desired Access: Read" "11:31:23.6954484 AM","icl.exe","36504","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale\ba-RU","NAME NOT FOUND","Length: 532" "11:31:23.6954609 AM","icl.exe","36504","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","" "11:31:23.6954728 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","REPARSE","Desired Access: Read" "11:31:23.6954841 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","Desired Access: Read" "11:31:23.6954954 AM","icl.exe","36504","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale\ba-RU","NAME NOT FOUND","Length: 532" "11:31:23.6955067 AM","icl.exe","36504","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","" "11:31:23.6955240 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","REPARSE","Desired Access: Read" "11:31:23.6955351 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","Desired Access: Read" "11:31:23.6955462 AM","icl.exe","36504","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale\be-BY","NAME NOT FOUND","Length: 532" "11:31:23.6955572 AM","icl.exe","36504","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","" "11:31:23.6955685 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","REPARSE","Desired Access: Read" "11:31:23.6955795 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","Desired Access: Read" "11:31:23.6955903 AM","icl.exe","36504","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale\be-BY","NAME NOT FOUND","Length: 532" "11:31:23.6956011 AM","icl.exe","36504","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","" "11:31:23.6956172 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","REPARSE","Desired Access: Read" "11:31:23.6956280 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","Desired Access: Read" "11:31:23.6956387 AM","icl.exe","36504","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale\bg-BG","NAME NOT FOUND","Length: 532" "11:31:23.6956495 AM","icl.exe","36504","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","" "11:31:23.6956607 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","REPARSE","Desired Access: Read" "11:31:23.6956717 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","Desired Access: Read" "11:31:23.6956823 AM","icl.exe","36504","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale\bg-BG","NAME NOT FOUND","Length: 532" "11:31:23.6956951 AM","icl.exe","36504","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","" "11:31:23.6957109 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","REPARSE","Desired Access: Read" "11:31:23.6957218 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","Desired Access: Read" "11:31:23.6957325 AM","icl.exe","36504","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale\bin-NG","NAME NOT FOUND","Length: 532" "11:31:23.6957434 AM","icl.exe","36504","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","" "11:31:23.6957547 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","REPARSE","Desired Access: Read" "11:31:23.6957660 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","Desired Access: Read" "11:31:23.6957776 AM","icl.exe","36504","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale\bin-NG","NAME NOT FOUND","Length: 532" "11:31:23.6957884 AM","icl.exe","36504","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","" "11:31:23.6958032 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","REPARSE","Desired Access: Read" "11:31:23.6958141 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","Desired Access: Read" "11:31:23.6958248 AM","icl.exe","36504","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale\bn-BD","NAME NOT FOUND","Length: 532" "11:31:23.6958357 AM","icl.exe","36504","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","" "11:31:23.6958470 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","REPARSE","Desired Access: Read" "11:31:23.6958579 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","Desired Access: Read" "11:31:23.6958685 AM","icl.exe","36504","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale\bn-BD","NAME NOT FOUND","Length: 532" "11:31:23.6958793 AM","icl.exe","36504","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","" "11:31:23.6958950 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","REPARSE","Desired Access: Read" "11:31:23.6959060 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","Desired Access: Read" "11:31:23.6959167 AM","icl.exe","36504","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale\bn-IN","NAME NOT FOUND","Length: 532" "11:31:23.6959275 AM","icl.exe","36504","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","" "11:31:23.6959386 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","REPARSE","Desired Access: Read" "11:31:23.6959495 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","Desired Access: Read" "11:31:23.6959602 AM","icl.exe","36504","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale\bn-IN","NAME NOT FOUND","Length: 532" "11:31:23.6959708 AM","icl.exe","36504","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","" "11:31:23.6959851 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","REPARSE","Desired Access: Read" "11:31:23.6959959 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","Desired Access: Read" "11:31:23.6960065 AM","icl.exe","36504","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale\bo-CN","NAME NOT FOUND","Length: 532" "11:31:23.6960172 AM","icl.exe","36504","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","" "11:31:23.6960285 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","REPARSE","Desired Access: Read" "11:31:23.6960394 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","Desired Access: Read" "11:31:23.6960513 AM","icl.exe","36504","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale\bo-CN","NAME NOT FOUND","Length: 532" "11:31:23.6960621 AM","icl.exe","36504","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","" "11:31:23.6960792 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","REPARSE","Desired Access: Read" "11:31:23.6960902 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","Desired Access: Read" "11:31:23.6961008 AM","icl.exe","36504","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale\br-FR","NAME NOT FOUND","Length: 532" "11:31:23.6961116 AM","icl.exe","36504","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","" "11:31:23.6961229 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","REPARSE","Desired Access: Read" "11:31:23.6961337 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","Desired Access: Read" "11:31:23.6961444 AM","icl.exe","36504","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale\br-FR","NAME NOT FOUND","Length: 532" "11:31:23.6961552 AM","icl.exe","36504","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","" "11:31:23.6961721 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","REPARSE","Desired Access: Read" "11:31:23.6961830 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","Desired Access: Read" "11:31:23.6961938 AM","icl.exe","36504","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale\bs-Cyrl-BA","NAME NOT FOUND","Length: 532" "11:31:23.6962046 AM","icl.exe","36504","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","" "11:31:23.6962161 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","REPARSE","Desired Access: Read" "11:31:23.6962280 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","Desired Access: Read" "11:31:23.6962388 AM","icl.exe","36504","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale\bs-Cyrl-BA","NAME NOT FOUND","Length: 532" "11:31:23.6962495 AM","icl.exe","36504","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","" "11:31:23.6962653 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","REPARSE","Desired Access: Read" "11:31:23.6962770 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","Desired Access: Read" "11:31:23.6962882 AM","icl.exe","36504","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale\bs-Latn-BA","NAME NOT FOUND","Length: 532" "11:31:23.6962990 AM","icl.exe","36504","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","" "11:31:23.6963106 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","REPARSE","Desired Access: Read" "11:31:23.6963215 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","Desired Access: Read" "11:31:23.6963322 AM","icl.exe","36504","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale\bs-Latn-BA","NAME NOT FOUND","Length: 532" "11:31:23.6963429 AM","icl.exe","36504","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","" "11:31:23.6963543 AM","icl.exe","36504","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\CodePage\1250","SUCCESS","Type: REG_SZ, Length: 22, Data: c_1250.nls" "11:31:23.6965003 AM","icl.exe","36504","CreateFile","C:\Windows\System32\C_1250.NLS","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:23.6965345 AM","icl.exe","36504","QueryBasicInformationFile","C:\Windows\System32\C_1250.NLS","SUCCESS","CreationTime: 12/7/2019 2:08:49 AM, LastAccessTime: 3/25/2021 10:46:36 AM, LastWriteTime: 12/7/2019 2:08:49 AM, ChangeTime: 3/10/2021 10:18:37 PM, FileAttributes: A" "11:31:23.6965452 AM","icl.exe","36504","CloseFile","C:\Windows\System32\C_1250.NLS","SUCCESS","" "11:31:23.6965948 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","REPARSE","Desired Access: Read" "11:31:23.6966083 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","Desired Access: Read" "11:31:23.6966208 AM","icl.exe","36504","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale\ca-ES","NAME NOT FOUND","Length: 532" "11:31:23.6966326 AM","icl.exe","36504","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","" "11:31:23.6966443 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","REPARSE","Desired Access: Read" "11:31:23.6966554 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","Desired Access: Read" "11:31:23.6966664 AM","icl.exe","36504","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale\ca-ES","NAME NOT FOUND","Length: 532" "11:31:23.6966789 AM","icl.exe","36504","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","" "11:31:23.6966966 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","REPARSE","Desired Access: Read" "11:31:23.6967283 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","Desired Access: Read" "11:31:23.6967397 AM","icl.exe","36504","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale\ca-ES-valencia","NAME NOT FOUND","Length: 532" "11:31:23.6967507 AM","icl.exe","36504","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","" "11:31:23.6967623 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","REPARSE","Desired Access: Read" "11:31:23.6967732 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","Desired Access: Read" "11:31:23.6967842 AM","icl.exe","36504","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale\ca-ES-valencia","NAME NOT FOUND","Length: 532" "11:31:23.6967950 AM","icl.exe","36504","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","" "11:31:23.6968118 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","REPARSE","Desired Access: Read" "11:31:23.6968226 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","Desired Access: Read" "11:31:23.6968334 AM","icl.exe","36504","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale\chr-Cher-US","NAME NOT FOUND","Length: 532" "11:31:23.6968442 AM","icl.exe","36504","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","" "11:31:23.6968559 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","REPARSE","Desired Access: Read" "11:31:23.6968680 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","Desired Access: Read" "11:31:23.6968787 AM","icl.exe","36504","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale\chr-Cher-US","NAME NOT FOUND","Length: 532" "11:31:23.6968895 AM","icl.exe","36504","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","" "11:31:23.6969068 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","REPARSE","Desired Access: Read" "11:31:23.6969179 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","Desired Access: Read" "11:31:23.6969290 AM","icl.exe","36504","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale\co-FR","NAME NOT FOUND","Length: 532" "11:31:23.6969397 AM","icl.exe","36504","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","" "11:31:23.6969509 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","REPARSE","Desired Access: Read" "11:31:23.6969619 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","Desired Access: Read" "11:31:23.6969725 AM","icl.exe","36504","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale\co-FR","NAME NOT FOUND","Length: 532" "11:31:23.6969832 AM","icl.exe","36504","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","" "11:31:23.6969976 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","REPARSE","Desired Access: Read" "11:31:23.6970085 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","Desired Access: Read" "11:31:23.6970191 AM","icl.exe","36504","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale\cs-CZ","NAME NOT FOUND","Length: 532" "11:31:23.6970299 AM","icl.exe","36504","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","" "11:31:23.6970417 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","REPARSE","Desired Access: Read" "11:31:23.6970528 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","Desired Access: Read" "11:31:23.6970634 AM","icl.exe","36504","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale\cs-CZ","NAME NOT FOUND","Length: 532" "11:31:23.6970742 AM","icl.exe","36504","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","" "11:31:23.6970887 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","REPARSE","Desired Access: Read" "11:31:23.6970999 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","Desired Access: Read" "11:31:23.6971114 AM","icl.exe","36504","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale\cy-GB","NAME NOT FOUND","Length: 532" "11:31:23.6971223 AM","icl.exe","36504","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","" "11:31:23.6971336 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","REPARSE","Desired Access: Read" "11:31:23.6971444 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","Desired Access: Read" "11:31:23.6971550 AM","icl.exe","36504","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale\cy-GB","NAME NOT FOUND","Length: 532" "11:31:23.6971657 AM","icl.exe","36504","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","" "11:31:23.6971815 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","REPARSE","Desired Access: Read" "11:31:23.6971924 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","Desired Access: Read" "11:31:23.6972031 AM","icl.exe","36504","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale\da-DK","NAME NOT FOUND","Length: 532" "11:31:23.6972139 AM","icl.exe","36504","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","" "11:31:23.6972251 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","REPARSE","Desired Access: Read" "11:31:23.6972360 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","Desired Access: Read" "11:31:23.6972469 AM","icl.exe","36504","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale\da-DK","NAME NOT FOUND","Length: 532" "11:31:23.6972575 AM","icl.exe","36504","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","" "11:31:23.6972737 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","REPARSE","Desired Access: Read" "11:31:23.6972846 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","Desired Access: Read" "11:31:23.6972953 AM","icl.exe","36504","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale\de-AT","NAME NOT FOUND","Length: 532" "11:31:23.6973061 AM","icl.exe","36504","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","" "11:31:23.6973176 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","REPARSE","Desired Access: Read" "11:31:23.6973295 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","Desired Access: Read" "11:31:23.6973402 AM","icl.exe","36504","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale\de-AT","NAME NOT FOUND","Length: 532" "11:31:23.6973509 AM","icl.exe","36504","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","" "11:31:23.6973651 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","REPARSE","Desired Access: Read" "11:31:23.6973885 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","Desired Access: Read" "11:31:23.6973996 AM","icl.exe","36504","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale\de-CH","NAME NOT FOUND","Length: 532" "11:31:23.6974104 AM","icl.exe","36504","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","" "11:31:23.6974217 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","REPARSE","Desired Access: Read" "11:31:23.6974326 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","Desired Access: Read" "11:31:23.6974434 AM","icl.exe","36504","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale\de-CH","NAME NOT FOUND","Length: 532" "11:31:23.6974552 AM","icl.exe","36504","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","" "11:31:23.6974712 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","REPARSE","Desired Access: Read" "11:31:23.6974821 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","Desired Access: Read" "11:31:23.6974927 AM","icl.exe","36504","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale\de-DE","NAME NOT FOUND","Length: 532" "11:31:23.6975036 AM","icl.exe","36504","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","" "11:31:23.6975149 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","REPARSE","Desired Access: Read" "11:31:23.6975261 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","Desired Access: Read" "11:31:23.6975367 AM","icl.exe","36504","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale\de-DE","NAME NOT FOUND","Length: 532" "11:31:23.6975474 AM","icl.exe","36504","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","" "11:31:23.6975632 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","REPARSE","Desired Access: Read" "11:31:23.6975742 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","Desired Access: Read" "11:31:23.6975849 AM","icl.exe","36504","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale\de-LI","NAME NOT FOUND","Length: 532" "11:31:23.6975956 AM","icl.exe","36504","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","" "11:31:23.6976069 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","REPARSE","Desired Access: Read" "11:31:23.6976177 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","Desired Access: Read" "11:31:23.6976283 AM","icl.exe","36504","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale\de-LI","NAME NOT FOUND","Length: 532" "11:31:23.6976391 AM","icl.exe","36504","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","" "11:31:23.6976532 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","REPARSE","Desired Access: Read" "11:31:23.6976641 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","Desired Access: Read" "11:31:23.6976746 AM","icl.exe","36504","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale\de-LU","NAME NOT FOUND","Length: 532" "11:31:23.6976853 AM","icl.exe","36504","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","" "11:31:23.6976965 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","REPARSE","Desired Access: Read" "11:31:23.6977073 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","Desired Access: Read" "11:31:23.6977179 AM","icl.exe","36504","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale\de-LU","NAME NOT FOUND","Length: 532" "11:31:23.6977286 AM","icl.exe","36504","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","" "11:31:23.6977430 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","REPARSE","Desired Access: Read" "11:31:23.6977538 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","Desired Access: Read" "11:31:23.6977649 AM","icl.exe","36504","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale\dsb-DE","NAME NOT FOUND","Length: 532" "11:31:23.6977765 AM","icl.exe","36504","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","" "11:31:23.6977879 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","REPARSE","Desired Access: Read" "11:31:23.6978002 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","Desired Access: Read" "11:31:23.6978119 AM","icl.exe","36504","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale\dsb-DE","NAME NOT FOUND","Length: 532" "11:31:23.6978227 AM","icl.exe","36504","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","" "11:31:23.6978371 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","REPARSE","Desired Access: Read" "11:31:23.6978480 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","Desired Access: Read" "11:31:23.6978587 AM","icl.exe","36504","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale\dv-MV","NAME NOT FOUND","Length: 532" "11:31:23.6978694 AM","icl.exe","36504","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","" "11:31:23.6978806 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","REPARSE","Desired Access: Read" "11:31:23.6978914 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","Desired Access: Read" "11:31:23.6979020 AM","icl.exe","36504","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale\dv-MV","NAME NOT FOUND","Length: 532" "11:31:23.6979127 AM","icl.exe","36504","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","" "11:31:23.6979309 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","REPARSE","Desired Access: Read" "11:31:23.6979418 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","Desired Access: Read" "11:31:23.6979524 AM","icl.exe","36504","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale\dz-BT","NAME NOT FOUND","Length: 532" "11:31:23.6979631 AM","icl.exe","36504","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","" "11:31:23.6979742 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","REPARSE","Desired Access: Read" "11:31:23.6979851 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","Desired Access: Read" "11:31:23.6979958 AM","icl.exe","36504","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale\dz-BT","NAME NOT FOUND","Length: 532" "11:31:23.6980065 AM","icl.exe","36504","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","" "11:31:23.6980209 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","REPARSE","Desired Access: Read" "11:31:23.6980317 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","Desired Access: Read" "11:31:23.6980423 AM","icl.exe","36504","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale\el-GR","NAME NOT FOUND","Length: 532" "11:31:23.6980532 AM","icl.exe","36504","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","" "11:31:23.6980644 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","REPARSE","Desired Access: Read" "11:31:23.6980752 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","Desired Access: Read" "11:31:23.6980857 AM","icl.exe","36504","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale\el-GR","NAME NOT FOUND","Length: 532" "11:31:23.6980965 AM","icl.exe","36504","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","" "11:31:23.6981092 AM","icl.exe","36504","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\CodePage\1253","SUCCESS","Type: REG_SZ, Length: 22, Data: c_1253.nls" "11:31:23.6982454 AM","icl.exe","36504","CreateFile","C:\Windows\System32\C_1253.NLS","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:23.6982802 AM","icl.exe","36504","QueryBasicInformationFile","C:\Windows\System32\C_1253.NLS","SUCCESS","CreationTime: 12/7/2019 2:08:49 AM, LastAccessTime: 3/25/2021 10:46:36 AM, LastWriteTime: 12/7/2019 2:08:49 AM, ChangeTime: 3/10/2021 10:18:37 PM, FileAttributes: A" "11:31:23.6982912 AM","icl.exe","36504","CloseFile","C:\Windows\System32\C_1253.NLS","SUCCESS","" "11:31:23.6983444 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","REPARSE","Desired Access: Read" "11:31:23.6983581 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","Desired Access: Read" "11:31:23.6983869 AM","icl.exe","36504","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale\en-029","NAME NOT FOUND","Length: 532" "11:31:23.6983997 AM","icl.exe","36504","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","" "11:31:23.6984115 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","REPARSE","Desired Access: Read" "11:31:23.6984228 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","Desired Access: Read" "11:31:23.6984341 AM","icl.exe","36504","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale\en-029","NAME NOT FOUND","Length: 532" "11:31:23.6984452 AM","icl.exe","36504","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","" "11:31:23.6984615 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","REPARSE","Desired Access: Read" "11:31:23.6984725 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","Desired Access: Read" "11:31:23.6984834 AM","icl.exe","36504","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale\en-AE","NAME NOT FOUND","Length: 532" "11:31:23.6984943 AM","icl.exe","36504","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","" "11:31:23.6985060 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","REPARSE","Desired Access: Read" "11:31:23.6985178 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","Desired Access: Read" "11:31:23.6985285 AM","icl.exe","36504","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale\en-AE","NAME NOT FOUND","Length: 532" "11:31:23.6985556 AM","icl.exe","36504","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","" "11:31:23.6985715 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","REPARSE","Desired Access: Read" "11:31:23.6985826 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","Desired Access: Read" "11:31:23.6985935 AM","icl.exe","36504","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale\en-AU","NAME NOT FOUND","Length: 532" "11:31:23.6986043 AM","icl.exe","36504","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","" "11:31:23.6986156 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","REPARSE","Desired Access: Read" "11:31:23.6986265 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","Desired Access: Read" "11:31:23.6986373 AM","icl.exe","36504","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale\en-AU","NAME NOT FOUND","Length: 532" "11:31:23.6986479 AM","icl.exe","36504","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","" "11:31:23.6986647 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","REPARSE","Desired Access: Read" "11:31:23.6986757 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","Desired Access: Read" "11:31:23.6986864 AM","icl.exe","36504","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale\en-BZ","NAME NOT FOUND","Length: 532" "11:31:23.6986973 AM","icl.exe","36504","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","" "11:31:23.6987085 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","REPARSE","Desired Access: Read" "11:31:23.6987193 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","Desired Access: Read" "11:31:23.6987300 AM","icl.exe","36504","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale\en-BZ","NAME NOT FOUND","Length: 532" "11:31:23.6987407 AM","icl.exe","36504","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","" "11:31:23.6987582 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","REPARSE","Desired Access: Read" "11:31:23.6987693 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","Desired Access: Read" "11:31:23.6987800 AM","icl.exe","36504","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale\en-CA","NAME NOT FOUND","Length: 532" "11:31:23.6987912 AM","icl.exe","36504","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","" "11:31:23.6988026 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","REPARSE","Desired Access: Read" "11:31:23.6988134 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","Desired Access: Read" "11:31:23.6988239 AM","icl.exe","36504","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale\en-CA","NAME NOT FOUND","Length: 532" "11:31:23.6988347 AM","icl.exe","36504","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","" "11:31:23.6988511 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","REPARSE","Desired Access: Read" "11:31:23.6988623 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","Desired Access: Read" "11:31:23.6988729 AM","icl.exe","36504","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale\en-GB","NAME NOT FOUND","Length: 532" "11:31:23.6988837 AM","icl.exe","36504","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","" "11:31:23.6988949 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","REPARSE","Desired Access: Read" "11:31:23.6989057 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","Desired Access: Read" "11:31:23.6989162 AM","icl.exe","36504","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale\en-GB","NAME NOT FOUND","Length: 532" "11:31:23.6989270 AM","icl.exe","36504","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","" "11:31:23.6989431 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","REPARSE","Desired Access: Read" "11:31:23.6989539 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","Desired Access: Read" "11:31:23.6989647 AM","icl.exe","36504","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale\en-HK","NAME NOT FOUND","Length: 532" "11:31:23.6989753 AM","icl.exe","36504","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","" "11:31:23.6989866 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","REPARSE","Desired Access: Read" "11:31:23.6989977 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","Desired Access: Read" "11:31:23.6990084 AM","icl.exe","36504","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale\en-HK","NAME NOT FOUND","Length: 532" "11:31:23.6990192 AM","icl.exe","36504","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","" "11:31:23.6990347 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","REPARSE","Desired Access: Read" "11:31:23.6990455 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","Desired Access: Read" "11:31:23.6990561 AM","icl.exe","36504","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale\en-ID","NAME NOT FOUND","Length: 532" "11:31:23.6990670 AM","icl.exe","36504","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","" "11:31:23.6990782 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","REPARSE","Desired Access: Read" "11:31:23.6990890 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","Desired Access: Read" "11:31:23.6991008 AM","icl.exe","36504","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale\en-ID","NAME NOT FOUND","Length: 532" "11:31:23.6991116 AM","icl.exe","36504","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","" "11:31:23.6991261 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","REPARSE","Desired Access: Read" "11:31:23.6991370 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","Desired Access: Read" "11:31:23.6991476 AM","icl.exe","36504","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale\en-IE","NAME NOT FOUND","Length: 532" "11:31:23.6991584 AM","icl.exe","36504","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","" "11:31:23.6991701 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","REPARSE","Desired Access: Read" "11:31:23.6991810 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","Desired Access: Read" "11:31:23.6991916 AM","icl.exe","36504","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale\en-IE","NAME NOT FOUND","Length: 532" "11:31:23.6992022 AM","icl.exe","36504","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","" "11:31:23.6992168 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","REPARSE","Desired Access: Read" "11:31:23.6992286 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","Desired Access: Read" "11:31:23.6992392 AM","icl.exe","36504","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale\en-IN","NAME NOT FOUND","Length: 532" "11:31:23.6992501 AM","icl.exe","36504","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","" "11:31:23.6992613 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","REPARSE","Desired Access: Read" "11:31:23.6992722 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","Desired Access: Read" "11:31:23.6992828 AM","icl.exe","36504","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale\en-IN","NAME NOT FOUND","Length: 532" "11:31:23.6992936 AM","icl.exe","36504","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","" "11:31:23.6993080 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","REPARSE","Desired Access: Read" "11:31:23.6993189 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","Desired Access: Read" "11:31:23.6993295 AM","icl.exe","36504","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale\en-JM","NAME NOT FOUND","Length: 532" "11:31:23.6993403 AM","icl.exe","36504","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","" "11:31:23.6993514 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","REPARSE","Desired Access: Read" "11:31:23.6993623 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","Desired Access: Read" "11:31:23.6993730 AM","icl.exe","36504","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale\en-JM","NAME NOT FOUND","Length: 532" "11:31:23.6993956 AM","icl.exe","36504","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","" "11:31:23.6994128 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","REPARSE","Desired Access: Read" "11:31:23.6994238 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","Desired Access: Read" "11:31:23.6994345 AM","icl.exe","36504","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale\en-MY","NAME NOT FOUND","Length: 532" "11:31:23.6994457 AM","icl.exe","36504","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","" "11:31:23.6994576 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","REPARSE","Desired Access: Read" "11:31:23.6994685 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","Desired Access: Read" "11:31:23.6994791 AM","icl.exe","36504","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale\en-MY","NAME NOT FOUND","Length: 532" "11:31:23.6994897 AM","icl.exe","36504","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","" "11:31:23.6995043 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","REPARSE","Desired Access: Read" "11:31:23.6995160 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","Desired Access: Read" "11:31:23.6995266 AM","icl.exe","36504","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale\en-NZ","NAME NOT FOUND","Length: 532" "11:31:23.6995374 AM","icl.exe","36504","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","" "11:31:23.6995485 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","REPARSE","Desired Access: Read" "11:31:23.6995593 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","Desired Access: Read" "11:31:23.6995699 AM","icl.exe","36504","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale\en-NZ","NAME NOT FOUND","Length: 532" "11:31:23.6995806 AM","icl.exe","36504","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","" "11:31:23.6995950 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","REPARSE","Desired Access: Read" "11:31:23.6996059 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","Desired Access: Read" "11:31:23.6996165 AM","icl.exe","36504","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale\en-PH","NAME NOT FOUND","Length: 532" "11:31:23.6996272 AM","icl.exe","36504","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","" "11:31:23.6996383 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","REPARSE","Desired Access: Read" "11:31:23.6996492 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","Desired Access: Read" "11:31:23.6996598 AM","icl.exe","36504","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale\en-PH","NAME NOT FOUND","Length: 532" "11:31:23.6996705 AM","icl.exe","36504","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","" "11:31:23.6996875 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","REPARSE","Desired Access: Read" "11:31:23.6996983 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","Desired Access: Read" "11:31:23.6997089 AM","icl.exe","36504","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale\en-SG","NAME NOT FOUND","Length: 532" "11:31:23.6997195 AM","icl.exe","36504","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","" "11:31:23.6997308 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","REPARSE","Desired Access: Read" "11:31:23.6997418 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","Desired Access: Read" "11:31:23.6997524 AM","icl.exe","36504","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale\en-SG","NAME NOT FOUND","Length: 532" "11:31:23.6997631 AM","icl.exe","36504","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","" "11:31:23.6997803 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","REPARSE","Desired Access: Read" "11:31:23.6997913 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","Desired Access: Read" "11:31:23.6998019 AM","icl.exe","36504","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale\en-TT","NAME NOT FOUND","Length: 532" "11:31:23.6998128 AM","icl.exe","36504","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","" "11:31:23.6998240 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","REPARSE","Desired Access: Read" "11:31:23.6998348 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","Desired Access: Read" "11:31:23.6998454 AM","icl.exe","36504","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale\en-TT","NAME NOT FOUND","Length: 532" "11:31:23.6998562 AM","icl.exe","36504","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","" "11:31:23.7001328 AM","icl.exe","36504","CreateFile","C:\Users\osqa\AppData\Local\Temp","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:23.7001585 AM","icl.exe","36504","QueryBasicInformationFile","C:\Users\osqa\AppData\Local\Temp","SUCCESS","CreationTime: 2/23/2021 6:57:50 PM, LastAccessTime: 3/25/2021 11:31:23 AM, LastWriteTime: 3/25/2021 11:31:20 AM, ChangeTime: 3/25/2021 11:31:20 AM, FileAttributes: D" "11:31:23.7001688 AM","icl.exe","36504","CloseFile","C:\Users\osqa\AppData\Local\Temp","SUCCESS","" "11:31:23.7003039 AM","icl.exe","36504","CreateFile","C:\Users\osqa\AppData\Local\Temp\36504000000292872","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a" "11:31:23.7009743 AM","icl.exe","36504","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:23.7010040 AM","icl.exe","36504","QueryBasicInformationFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows","SUCCESS","CreationTime: 2/24/2021 12:38:24 AM, LastAccessTime: 3/25/2021 11:31:23 AM, LastWriteTime: 2/24/2021 12:45:27 AM, ChangeTime: 2/24/2021 12:45:27 AM, FileAttributes: D" "11:31:23.7010139 AM","icl.exe","36504","CloseFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows","SUCCESS","" "11:31:23.7011883 AM","icl.exe","36504","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\compiler\include","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:23.7012123 AM","icl.exe","36504","QueryBasicInformationFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\compiler\include","SUCCESS","CreationTime: 2/24/2021 12:42:03 AM, LastAccessTime: 3/25/2021 11:31:20 AM, LastWriteTime: 2/24/2021 12:42:51 AM, ChangeTime: 2/24/2021 12:42:51 AM, FileAttributes: D" "11:31:23.7012212 AM","icl.exe","36504","CloseFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\compiler\include","SUCCESS","" "11:31:23.7013515 AM","icl.exe","36504","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\compiler\lib\intel64_win","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:23.7013920 AM","icl.exe","36504","QueryBasicInformationFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\compiler\lib\intel64_win","SUCCESS","CreationTime: 2/24/2021 12:41:58 AM, LastAccessTime: 3/25/2021 9:22:16 AM, LastWriteTime: 2/24/2021 12:42:51 AM, ChangeTime: 2/24/2021 12:42:51 AM, FileAttributes: D" "11:31:23.7014008 AM","icl.exe","36504","CloseFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\compiler\lib\intel64_win","SUCCESS","" "11:31:23.7014897 AM","icl.exe","36504","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\mcpcom","NAME NOT FOUND","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, Write, AllocationSize: n/a" "11:31:23.7015751 AM","icl.exe","36504","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Open For Backup, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:23.7016287 AM","icl.exe","36504","QueryDirectory","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\mcpcom","NO SUCH FILE","FileInformationClass: FileBothDirectoryInformation, Filter: mcpcom" "11:31:23.7016524 AM","icl.exe","36504","CloseFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64","SUCCESS","" "11:31:23.7017527 AM","icl.exe","36504","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\mcpcom.exe","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened" "11:31:23.7017865 AM","icl.exe","36504","CloseFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\mcpcom.exe","SUCCESS","" "11:31:23.7019493 AM","icl.exe","36504","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\cl.exe","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a" "11:31:23.7020841 AM","icl.exe","36504","CreateFile","C:\Windows\System32\cl.exe","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a" "11:31:23.7022048 AM","icl.exe","36504","CreateFile","C:\Windows\System\cl.exe","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a" "11:31:23.7023297 AM","icl.exe","36504","CreateFile","C:\Windows\cl.exe","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a" "11:31:23.7024848 AM","icl.exe","36504","CreateFile","C:\Users\osqa\workarea\osqa_ca-w10-bld-05_os_211\os\os3rdparty\cl.exe","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a" "11:31:23.7026531 AM","icl.exe","36504","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\cl.exe","REPARSE","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: " "11:31:23.7027768 AM","icl.exe","36504","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\cl.exe","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a" "11:31:23.7030020 AM","icl.exe","36504","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\redist\intel64_win\compiler\cl.exe","REPARSE","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: " "11:31:23.7031836 AM","icl.exe","36504","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\redist\intel64_win\compiler\cl.exe","REPARSE","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: " "11:31:23.7033475 AM","icl.exe","36504","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\redist\intel64_win\compiler\cl.exe","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a" "11:31:23.7035583 AM","icl.exe","36504","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\redist\intel64_win\compiler\cl.exe","REPARSE","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: " "11:31:23.7037094 AM","icl.exe","36504","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\redist\intel64_win\compiler\cl.exe","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a" "11:31:23.7038736 AM","icl.exe","36504","CreateFile","C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\CommonExtensions\Microsoft\TestWindow\cl.exe","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a" "11:31:23.7040087 AM","icl.exe","36504","CreateFile","C:\Program Files (x86)\MSBuild\14.0\Bin\amd64\cl.exe","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a" "11:31:23.7041276 AM","icl.exe","36504","CreateFile","C:\Program Files (x86)\Microsoft Visual Studio 14.0\VC\bin\amd64\cl.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:23.7041530 AM","icl.exe","36504","QueryBasicInformationFile","C:\Program Files (x86)\Microsoft Visual Studio 14.0\VC\bin\amd64\cl.exe","SUCCESS","CreationTime: 8/26/2016 12:06:54 AM, LastAccessTime: 3/25/2021 11:31:20 AM, LastWriteTime: 8/26/2016 12:06:54 AM, ChangeTime: 2/23/2021 5:40:28 PM, FileAttributes: RA" "11:31:23.7041635 AM","icl.exe","36504","CloseFile","C:\Program Files (x86)\Microsoft Visual Studio 14.0\VC\bin\amd64\cl.exe","SUCCESS","" "11:31:23.7042394 AM","icl.exe","36504","CreateFile","C:\Program Files (x86)\Microsoft Visual Studio 14.0\VC\bin\amd64\cl.exe","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:23.7042713 AM","icl.exe","36504","CreateFileMapping","C:\Program Files (x86)\Microsoft Visual Studio 14.0\VC\bin\amd64\cl.exe","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_WRITECOPY|PAGE_NOCACHE" "11:31:23.7043002 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Read" "11:31:23.7043165 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Read" "11:31:23.7043308 AM","icl.exe","36504","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 20" "11:31:23.7043466 AM","icl.exe","36504","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","" "11:31:23.7043576 AM","icl.exe","36504","CreateFileMapping","C:\Program Files (x86)\Microsoft Visual Studio 14.0\VC\bin\amd64\cl.exe","SUCCESS","SyncType: SyncTypeOther" "11:31:23.7044049 AM","icl.exe","36504","CloseFile","C:\Program Files (x86)\Microsoft Visual Studio 14.0\VC\bin\amd64\cl.exe","SUCCESS","" "11:31:23.7045912 AM","icl.exe","36504","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\cl.exe","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a" "11:31:23.7047251 AM","icl.exe","36504","CreateFile","C:\Windows\System32\cl.exe","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a" "11:31:23.7048447 AM","icl.exe","36504","CreateFile","C:\Windows\System\cl.exe","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a" "11:31:23.7049646 AM","icl.exe","36504","CreateFile","C:\Windows\cl.exe","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a" "11:31:23.7050907 AM","icl.exe","36504","CreateFile","C:\Users\osqa\workarea\osqa_ca-w10-bld-05_os_211\os\os3rdparty\cl.exe","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a" "11:31:23.7052533 AM","icl.exe","36504","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\cl.exe","REPARSE","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: " "11:31:23.7053704 AM","icl.exe","36504","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\cl.exe","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a" "11:31:23.7056090 AM","icl.exe","36504","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\redist\intel64_win\compiler\cl.exe","REPARSE","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: " "11:31:23.7057880 AM","icl.exe","36504","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\redist\intel64_win\compiler\cl.exe","REPARSE","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: " "11:31:23.7059395 AM","icl.exe","36504","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\redist\intel64_win\compiler\cl.exe","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a" "11:31:23.7061241 AM","icl.exe","36504","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\redist\intel64_win\compiler\cl.exe","REPARSE","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: " "11:31:23.7062757 AM","icl.exe","36504","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\redist\intel64_win\compiler\cl.exe","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a" "11:31:23.7064632 AM","icl.exe","36504","CreateFile","C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\CommonExtensions\Microsoft\TestWindow\cl.exe","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a" "11:31:23.7065981 AM","icl.exe","36504","CreateFile","C:\Program Files (x86)\MSBuild\14.0\Bin\amd64\cl.exe","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a" "11:31:23.7067164 AM","icl.exe","36504","CreateFile","C:\Program Files (x86)\Microsoft Visual Studio 14.0\VC\bin\amd64\cl.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:23.7067398 AM","icl.exe","36504","QueryBasicInformationFile","C:\Program Files (x86)\Microsoft Visual Studio 14.0\VC\bin\amd64\cl.exe","SUCCESS","CreationTime: 8/26/2016 12:06:54 AM, LastAccessTime: 3/25/2021 11:31:23 AM, LastWriteTime: 8/26/2016 12:06:54 AM, ChangeTime: 2/23/2021 5:40:28 PM, FileAttributes: RA" "11:31:23.7067502 AM","icl.exe","36504","CloseFile","C:\Program Files (x86)\Microsoft Visual Studio 14.0\VC\bin\amd64\cl.exe","SUCCESS","" "11:31:23.7068261 AM","icl.exe","36504","CreateFile","C:\Program Files (x86)\Microsoft Visual Studio 14.0\VC\bin\amd64\cl.exe","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:23.7068573 AM","icl.exe","36504","CreateFileMapping","C:\Program Files (x86)\Microsoft Visual Studio 14.0\VC\bin\amd64\cl.exe","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_WRITECOPY|PAGE_NOCACHE" "11:31:23.7068843 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Read" "11:31:23.7069006 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Read" "11:31:23.7069146 AM","icl.exe","36504","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 20" "11:31:23.7069302 AM","icl.exe","36504","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","" "11:31:23.7069410 AM","icl.exe","36504","CreateFileMapping","C:\Program Files (x86)\Microsoft Visual Studio 14.0\VC\bin\amd64\cl.exe","SUCCESS","SyncType: SyncTypeOther" "11:31:23.7069696 AM","icl.exe","36504","CloseFile","C:\Program Files (x86)\Microsoft Visual Studio 14.0\VC\bin\amd64\cl.exe","SUCCESS","" "11:31:23.7082666 AM","icl.exe","36504","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\compiler\include\iostream","REPARSE","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: " "11:31:23.7083899 AM","icl.exe","36504","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\compiler\include\iostream","NAME NOT FOUND","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, Write, AllocationSize: n/a" "11:31:23.7085029 AM","icl.exe","36504","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\compiler\include","REPARSE","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Open For Backup, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: " "11:31:23.7085734 AM","icl.exe","36504","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\compiler\include","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Open For Backup, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:23.7086213 AM","icl.exe","36504","QueryDirectory","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\compiler\include\iostream","NO SUCH FILE","FileInformationClass: FileBothDirectoryInformation, Filter: iostream" "11:31:23.7086481 AM","icl.exe","36504","CloseFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\compiler\include","SUCCESS","" "11:31:23.7088002 AM","icl.exe","36504","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\compiler\include\intel64\iostream","REPARSE","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: " "11:31:23.7089043 AM","icl.exe","36504","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\compiler\include\intel64\iostream","NAME NOT FOUND","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, Write, AllocationSize: n/a" "11:31:23.7090072 AM","icl.exe","36504","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\compiler\include\intel64","REPARSE","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Open For Backup, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: " "11:31:23.7090758 AM","icl.exe","36504","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\compiler\include\intel64","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Open For Backup, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:23.7091032 AM","icl.exe","36504","QueryDirectory","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\compiler\include\intel64\iostream","NO SUCH FILE","FileInformationClass: FileBothDirectoryInformation, Filter: iostream" "11:31:23.7091263 AM","icl.exe","36504","CloseFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\compiler\include\intel64","SUCCESS","" "11:31:23.7092324 AM","icl.exe","36504","CreateFile","C:\Program Files (x86)\Microsoft Visual Studio 14.0\VC\include\iostream","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened" "11:31:23.7092633 AM","icl.exe","36504","CloseFile","C:\Program Files (x86)\Microsoft Visual Studio 14.0\VC\include\iostream","SUCCESS","" "11:31:23.7094269 AM","icl.exe","36504","CreateFile","C:\Users\osqa\workarea\osqa_ca-w10-bld-05_os_211\os\os3rdparty\=C:\PROGRA~2\INTELS~1\COMPIL~1.210\windows\compiler\include\intel64","NAME INVALID","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a" "11:31:23.7095642 AM","icl.exe","36504","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\compiler\include\intel64","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:23.7095892 AM","icl.exe","36504","QueryBasicInformationFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\compiler\include\intel64","SUCCESS","CreationTime: 2/24/2021 12:42:50 AM, LastAccessTime: 3/25/2021 11:31:23 AM, LastWriteTime: 2/24/2021 12:42:51 AM, ChangeTime: 2/24/2021 12:42:51 AM, FileAttributes: D" "11:31:23.7095994 AM","icl.exe","36504","CloseFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\compiler\include\intel64","SUCCESS","" "11:31:23.7097033 AM","icl.exe","36504","CreateFile","C:\Users\osqa\workarea\osqa_ca-w10-bld-05_os_211\os\os3rdparty\=C:\PROGRA~2\INTELS~1\COMPIL~1.210\windows\compiler\include\icc","NAME INVALID","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a" "11:31:23.7098233 AM","icl.exe","36504","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\compiler\include\icc","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:23.7098472 AM","icl.exe","36504","QueryBasicInformationFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\compiler\include\icc","SUCCESS","CreationTime: 2/24/2021 12:42:28 AM, LastAccessTime: 3/25/2021 11:31:20 AM, LastWriteTime: 2/24/2021 12:42:28 AM, ChangeTime: 2/24/2021 12:42:28 AM, FileAttributes: D" "11:31:23.7098569 AM","icl.exe","36504","CloseFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\compiler\include\icc","SUCCESS","" "11:31:23.7099563 AM","icl.exe","36504","CreateFile","C:\Users\osqa\workarea\osqa_ca-w10-bld-05_os_211\os\os3rdparty\=C:\PROGRA~2\INTELS~1\COMPIL~1.210\windows\compiler\include","NAME INVALID","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a" "11:31:23.7100747 AM","icl.exe","36504","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\compiler\include","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:23.7100969 AM","icl.exe","36504","QueryBasicInformationFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\compiler\include","SUCCESS","CreationTime: 2/24/2021 12:42:03 AM, LastAccessTime: 3/25/2021 11:31:23 AM, LastWriteTime: 2/24/2021 12:42:51 AM, ChangeTime: 2/24/2021 12:42:51 AM, FileAttributes: D" "11:31:23.7101064 AM","icl.exe","36504","CloseFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\compiler\include","SUCCESS","" "11:31:23.7103462 AM","icl.exe","36504","CreateFile","C:\Users\osqa\AppData\Local\Temp","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:23.7104457 AM","icl.exe","36504","QueryBasicInformationFile","C:\Users\osqa\AppData\Local\Temp","SUCCESS","CreationTime: 2/23/2021 6:57:50 PM, LastAccessTime: 3/25/2021 11:31:23 AM, LastWriteTime: 3/25/2021 11:31:20 AM, ChangeTime: 3/25/2021 11:31:20 AM, FileAttributes: D" "11:31:23.7104562 AM","icl.exe","36504","CloseFile","C:\Users\osqa\AppData\Local\Temp","SUCCESS","" "11:31:23.7105962 AM","icl.exe","36504","CreateFile","C:\Users\osqa\AppData\Local\Temp\365041tempfile3","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a" "11:31:23.7107440 AM","icl.exe","36504","CreateFile","C:\Users\osqa\AppData\Local\Temp","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:23.7107638 AM","icl.exe","36504","QueryBasicInformationFile","C:\Users\osqa\AppData\Local\Temp","SUCCESS","CreationTime: 2/23/2021 6:57:50 PM, LastAccessTime: 3/25/2021 11:31:23 AM, LastWriteTime: 3/25/2021 11:31:20 AM, ChangeTime: 3/25/2021 11:31:20 AM, FileAttributes: D" "11:31:23.7107735 AM","icl.exe","36504","CloseFile","C:\Users\osqa\AppData\Local\Temp","SUCCESS","" "11:31:23.7109010 AM","icl.exe","36504","CreateFile","C:\Users\osqa\AppData\Local\Temp\365042arg4","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a" "11:31:23.7109933 AM","icl.exe","36504","CreateFile","C:\Users\osqa\AppData\Local\Temp\365042arg4","SUCCESS","Desired Access: Generic Read/Write, Disposition: OverwriteIf, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, Write, AllocationSize: 0, OpenResult: Created" "11:31:23.7112447 AM","icl.exe","36504","QueryStandardInformationFile","C:\Users\osqa\AppData\Local\Temp\365042arg4","SUCCESS","AllocationSize: 0, EndOfFile: 0, NumberOfLinks: 1, DeletePending: False, Directory: False" "11:31:23.7112606 AM","icl.exe","36504","WriteFile","C:\Users\osqa\AppData\Local\Temp\365042arg4","SUCCESS","Offset: 0, Length: 3, Priority: Normal" "11:31:23.7115983 AM","icl.exe","36504","WriteFile","C:\Users\osqa\AppData\Local\Temp\365042arg4","SUCCESS","Offset: 3, Length: 852, Priority: Normal" "11:31:23.7118741 AM","icl.exe","36504","WriteFile","C:\Users\osqa\AppData\Local\Temp\365042arg4","SUCCESS","Offset: 855, Length: 852" "11:31:23.7118944 AM","icl.exe","36504","WriteFile","C:\Users\osqa\AppData\Local\Temp\365042arg4","SUCCESS","Offset: 1,707, Length: 444" "11:31:23.7119923 AM","icl.exe","36504","WriteFile","C:\Users\osqa\AppData\Local\Temp\365042arg4","SUCCESS","Offset: 2,151, Length: 852" "11:31:23.7120059 AM","icl.exe","36504","WriteFile","C:\Users\osqa\AppData\Local\Temp\365042arg4","SUCCESS","Offset: 3,003, Length: 852" "11:31:23.7120335 AM","icl.exe","36504","WriteFile","C:\Users\osqa\AppData\Local\Temp\365042arg4","SUCCESS","Offset: 3,855, Length: 380, Priority: Normal" "11:31:23.7121740 AM","icl.exe","36504","WriteFile","C:\Users\osqa\AppData\Local\Temp\365042arg4","SUCCESS","Offset: 4,235, Length: 852" "11:31:23.7121899 AM","icl.exe","36504","WriteFile","C:\Users\osqa\AppData\Local\Temp\365042arg4","SUCCESS","Offset: 5,087, Length: 852" "11:31:23.7122168 AM","icl.exe","36504","WriteFile","C:\Users\osqa\AppData\Local\Temp\365042arg4","SUCCESS","Offset: 5,939, Length: 285" "11:31:23.7122329 AM","icl.exe","36504","CloseFile","C:\Users\osqa\AppData\Local\Temp\365042arg4","SUCCESS","" "11:31:23.7127884 AM","icl.exe","36504","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\mcpcom.com","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a" "11:31:23.7129313 AM","icl.exe","36504","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\mcpcom.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:23.7129614 AM","icl.exe","36504","QueryBasicInformationFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\mcpcom.exe","SUCCESS","CreationTime: 4/12/2017 8:26:48 AM, LastAccessTime: 3/25/2021 11:31:20 AM, LastWriteTime: 4/12/2017 8:26:48 AM, ChangeTime: 2/24/2021 12:42:38 AM, FileAttributes: A" "11:31:23.7129744 AM","icl.exe","36504","CloseFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\mcpcom.exe","SUCCESS","" "11:31:23.7131158 AM","icl.exe","36504","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcpcom.exe","NAME NOT FOUND","Desired Access: Query Value, Enumerate Sub Keys" "11:31:23.7131374 AM","icl.exe","36504","RegOpenKey","HKLM\Software\Microsoft\Wow64\x86\xtajit","NAME NOT FOUND","Desired Access: Query Value" "11:31:23.7132371 AM","icl.exe","36504","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\mcpcom.exe","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:23.7132772 AM","icl.exe","36504","CreateFileMapping","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\mcpcom.exe","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READ" "11:31:23.7134039 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Read" "11:31:23.7134216 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Read" "11:31:23.7134384 AM","icl.exe","36504","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 20" "11:31:23.7134677 AM","icl.exe","36504","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","" "11:31:23.7134837 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Query Value" "11:31:23.7135025 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Query Value" "11:31:23.7135173 AM","icl.exe","36504","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 80" "11:31:23.7135338 AM","icl.exe","36504","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","" "11:31:23.7135487 AM","icl.exe","36504","CreateFileMapping","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\mcpcom.exe","SUCCESS","SyncType: SyncTypeOther" "11:31:23.7136094 AM","icl.exe","36504","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcpcom.exe","NAME NOT FOUND","Desired Access: Query Value, Enumerate Sub Keys" "11:31:23.7136409 AM","icl.exe","36504","QuerySecurityFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\mcpcom.exe","SUCCESS","Information: Label" "11:31:23.7136808 AM","icl.exe","36504","QueryNameInformationFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\mcpcom.exe","SUCCESS","Name: \PROGRA~2\INTELS~1\COMPIL~1.210\windows\bin\intel64\mcpcom.exe" "11:31:23.7141104 AM","icl.exe","36504","QueryNameInformationFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\mcpcom.exe","SUCCESS","Name: \PROGRA~2\INTELS~1\COMPIL~1.210\windows\bin\intel64\mcpcom.exe" "11:31:23.7142063 AM","icl.exe","36504","CreateFile","C:\","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: N, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:23.7142927 AM","icl.exe","36504","QueryDirectory","C:\PROGRA~2","SUCCESS","FileInformationClass: FileDirectoryInformation, Filter: PROGRA~2, 2: Program Files (x86)" "11:31:23.7143220 AM","icl.exe","36504","CloseFile","C:\","SUCCESS","" "11:31:23.7144425 AM","icl.exe","36504","CreateFile","C:\Program Files (x86)","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: N, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:23.7144777 AM","icl.exe","36504","QueryDirectory","C:\Program Files (x86)\INTELS~1","SUCCESS","FileInformationClass: FileDirectoryInformation, Filter: INTELS~1, 2: IntelSWTools" "11:31:23.7145018 AM","icl.exe","36504","CloseFile","C:\Program Files (x86)","SUCCESS","" "11:31:23.7145985 AM","icl.exe","36504","CreateFile","C:\Program Files (x86)\IntelSWTools","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: N, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:23.7146327 AM","icl.exe","36504","QueryDirectory","C:\Program Files (x86)\IntelSWTools\COMPIL~1.210","SUCCESS","FileInformationClass: FileDirectoryInformation, Filter: COMPIL~1.210, 2: compilers_and_libraries_2017.4.210" "11:31:23.7146557 AM","icl.exe","36504","CloseFile","C:\Program Files (x86)\IntelSWTools","SUCCESS","" "11:31:23.7148300 AM","icl.exe","36504","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: N, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:23.7148712 AM","icl.exe","36504","QueryDirectory","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows","SUCCESS","FileInformationClass: FileDirectoryInformation, Filter: windows, 2: windows" "11:31:23.7148942 AM","icl.exe","36504","CloseFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210","SUCCESS","" "11:31:23.7149881 AM","icl.exe","36504","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: N, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:23.7150198 AM","icl.exe","36504","QueryDirectory","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin","SUCCESS","FileInformationClass: FileDirectoryInformation, Filter: bin, 2: bin" "11:31:23.7150389 AM","icl.exe","36504","CloseFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows","SUCCESS","" "11:31:23.7151199 AM","icl.exe","36504","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: N, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:23.7151482 AM","icl.exe","36504","QueryDirectory","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64","SUCCESS","FileInformationClass: FileDirectoryInformation, Filter: intel64, 2: intel64" "11:31:23.7151669 AM","icl.exe","36504","CloseFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin","SUCCESS","" "11:31:23.7152465 AM","icl.exe","36504","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: N, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:23.7152742 AM","icl.exe","36504","QueryDirectory","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\mcpcom.exe","SUCCESS","FileInformationClass: FileDirectoryInformation, Filter: mcpcom.exe, 2: mcpcom.exe" "11:31:23.7153026 AM","icl.exe","36504","CloseFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64","SUCCESS","" "11:31:23.7155310 AM","icl.exe","36504","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\mcpcom.exe","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Complete If Oplocked, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:23.7155656 AM","icl.exe","36504","QueryStandardInformationFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\mcpcom.exe","SUCCESS","AllocationSize: 40,472,576, EndOfFile: 40,468,736, NumberOfLinks: 1, DeletePending: False, Directory: False" "11:31:23.7155782 AM","icl.exe","36504","CloseFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\mcpcom.exe","SUCCESS","" "11:31:23.7156710 AM","icl.exe","36504","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\mcpcom.exe","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Sequential Access, Synchronous IO Non-Alert, Non-Directory File, Complete If Oplocked, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:23.7157183 AM","icl.exe","36504","CloseFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\mcpcom.exe","SUCCESS","" "11:31:23.7158135 AM","icl.exe","36504","CreateFile","C:\","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Complete If Oplocked, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:23.7159241 AM","icl.exe","36504","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\mcpcom.exe","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Complete If Oplocked, Open By ID, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:23.7159536 AM","icl.exe","36504","CloseFile","C:\","SUCCESS","" "11:31:23.7159973 AM","icl.exe","36504","QueryStandardInformationFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\mcpcom.exe","SUCCESS","AllocationSize: 40,472,576, EndOfFile: 40,468,736, NumberOfLinks: 1, DeletePending: False, Directory: False" "11:31:23.7160190 AM","icl.exe","36504","ReadFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\mcpcom.exe","SUCCESS","Offset: 0, Length: 32,768, Priority: Normal" "11:31:23.7160641 AM","icl.exe","36504","ReadFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\mcpcom.exe","SUCCESS","Offset: 40,009,728, Length: 32,768" "11:31:23.7160887 AM","icl.exe","36504","CloseFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\mcpcom.exe","SUCCESS","" "11:31:23.7161492 AM","icl.exe","36504","QueryStandardInformationFile","C:\ProgramData\Symantec\Symantec Endpoint Protection\14.2.4815.1101.105\Data\Definitions\BASHDefs\20210324.011\bash.dat","SUCCESS","AllocationSize: 102,400, EndOfFile: 102,400, NumberOfLinks: 1, DeletePending: False, Directory: False" "11:31:23.7161650 AM","icl.exe","36504","ReadFile","C:\ProgramData\Symantec\Symantec Endpoint Protection\14.2.4815.1101.105\Data\Definitions\BASHDefs\20210324.011\bash.dat","SUCCESS","Offset: 24, Length: 16" "11:31:23.7161808 AM","icl.exe","36504","QueryStandardInformationFile","C:\ProgramData\Symantec\Symantec Endpoint Protection\14.2.4815.1101.105\Data\Definitions\BASHDefs\20210324.011\bash.dat","SUCCESS","AllocationSize: 102,400, EndOfFile: 102,400, NumberOfLinks: 1, DeletePending: False, Directory: False" "11:31:23.7162112 AM","icl.exe","36504","QueryStandardInformationFile","C:\ProgramData\Symantec\Symantec Endpoint Protection\14.2.4815.1101.105\Data\Definitions\BASHDefs\20210324.011\bash.dat","SUCCESS","AllocationSize: 102,400, EndOfFile: 102,400, NumberOfLinks: 1, DeletePending: False, Directory: False" "11:31:23.7172717 AM","icl.exe","36504","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\mcpcom.exe","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:23.7188795 AM","icl.exe","36504","QueryStandardInformationFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\mcpcom.exe","SUCCESS","AllocationSize: 40,472,576, EndOfFile: 40,468,736, NumberOfLinks: 1, DeletePending: False, Directory: False" "11:31:23.7189022 AM","icl.exe","36504","CloseFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\mcpcom.exe","SUCCESS","" "11:31:23.7190475 AM","icl.exe","36504","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\mcpcom.exe","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Complete If Oplocked, Attributes: N, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:23.7190821 AM","icl.exe","36504","QueryStandardInformationFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\mcpcom.exe","SUCCESS","AllocationSize: 40,472,576, EndOfFile: 40,468,736, NumberOfLinks: 1, DeletePending: False, Directory: False" "11:31:23.7190926 AM","icl.exe","36504","CloseFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\mcpcom.exe","SUCCESS","" "11:31:23.7195067 AM","icl.exe","36504","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened" "11:31:23.7195470 AM","icl.exe","36504","QueryDirectory","C:\PROGRA~2","SUCCESS","FileInformationClass: FileDirectoryInformation, Filter: PROGRA~2, 2: Program Files (x86)" "11:31:23.7195809 AM","icl.exe","36504","CloseFile","C:\","SUCCESS","" "11:31:23.7196821 AM","icl.exe","36504","CreateFile","C:\Program Files (x86)","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened" "11:31:23.7197168 AM","icl.exe","36504","QueryDirectory","C:\Program Files (x86)\INTELS~1","SUCCESS","FileInformationClass: FileDirectoryInformation, Filter: INTELS~1, 2: IntelSWTools" "11:31:23.7197429 AM","icl.exe","36504","CloseFile","C:\Program Files (x86)","SUCCESS","" "11:31:23.7198369 AM","icl.exe","36504","CreateFile","C:\Program Files (x86)\IntelSWTools","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened" "11:31:23.7198680 AM","icl.exe","36504","QueryDirectory","C:\Program Files (x86)\IntelSWTools\COMPIL~1.210","SUCCESS","FileInformationClass: FileDirectoryInformation, Filter: COMPIL~1.210, 2: compilers_and_libraries_2017.4.210" "11:31:23.7198903 AM","icl.exe","36504","CloseFile","C:\Program Files (x86)\IntelSWTools","SUCCESS","" "11:31:23.7213534 AM","icl.exe","36504","QuerySecurityFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\mcpcom.exe","SUCCESS","Information: Owner, Group, DACL, SACL, Label, Attribute, Process Trust Label, 0x100" "11:31:23.7213988 AM","icl.exe","36504","QueryStandardInformationFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\mcpcom.exe","SUCCESS","AllocationSize: 40,472,576, EndOfFile: 40,468,736, NumberOfLinks: 1, DeletePending: False, Directory: False" "11:31:23.7235339 AM","icl.exe","36504","QueryStandardInformationFile","C:\ProgramData\Symantec\Symantec Endpoint Protection\14.2.4815.1101.105\Data\IRON\Iron.db","SUCCESS","AllocationSize: 1,101,824, EndOfFile: 1,101,824, NumberOfLinks: 1, DeletePending: False, Directory: False" "11:31:23.7235520 AM","icl.exe","36504","ReadFile","C:\ProgramData\Symantec\Symantec Endpoint Protection\14.2.4815.1101.105\Data\IRON\Iron.db","SUCCESS","Offset: 24, Length: 16" "11:31:23.7235698 AM","icl.exe","36504","QueryStandardInformationFile","C:\ProgramData\Symantec\Symantec Endpoint Protection\14.2.4815.1101.105\Data\IRON\Iron.db","SUCCESS","AllocationSize: 1,101,824, EndOfFile: 1,101,824, NumberOfLinks: 1, DeletePending: False, Directory: False" "11:31:23.7235973 AM","icl.exe","36504","QueryStandardInformationFile","C:\ProgramData\Symantec\Symantec Endpoint Protection\14.2.4815.1101.105\Data\IRON\Iron.db","SUCCESS","AllocationSize: 1,101,824, EndOfFile: 1,101,824, NumberOfLinks: 1, DeletePending: False, Directory: False" "11:31:23.7236525 AM","icl.exe","36504","QuerySecurityFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\mcpcom.exe","SUCCESS","Information: Owner, Group, DACL, SACL, Label, Attribute, Process Trust Label, 0x100" "11:31:23.7236685 AM","icl.exe","36504","QueryStandardInformationFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\mcpcom.exe","SUCCESS","AllocationSize: 40,472,576, EndOfFile: 40,468,736, NumberOfLinks: 1, DeletePending: False, Directory: False" "11:31:23.7269039 AM","icl.exe","36504","QueryStandardInformationFile","C:\ProgramData\Symantec\Symantec Endpoint Protection\14.2.4815.1101.105\Data\IRON\Iron.db","SUCCESS","AllocationSize: 1,101,824, EndOfFile: 1,101,824, NumberOfLinks: 1, DeletePending: False, Directory: False" "11:31:23.7269241 AM","icl.exe","36504","ReadFile","C:\ProgramData\Symantec\Symantec Endpoint Protection\14.2.4815.1101.105\Data\IRON\Iron.db","SUCCESS","Offset: 24, Length: 16" "11:31:23.7269423 AM","icl.exe","36504","QueryStandardInformationFile","C:\ProgramData\Symantec\Symantec Endpoint Protection\14.2.4815.1101.105\Data\IRON\Iron.db","SUCCESS","AllocationSize: 1,101,824, EndOfFile: 1,101,824, NumberOfLinks: 1, DeletePending: False, Directory: False" "11:31:23.7269710 AM","icl.exe","36504","QueryStandardInformationFile","C:\ProgramData\Symantec\Symantec Endpoint Protection\14.2.4815.1101.105\Data\IRON\Iron.db","SUCCESS","AllocationSize: 1,101,824, EndOfFile: 1,101,824, NumberOfLinks: 1, DeletePending: False, Directory: False" "11:31:23.7270175 AM","icl.exe","36504","QueryStandardInformationFile","C:\ProgramData\Symantec\Symantec Endpoint Protection\14.2.4815.1101.105\Data\IRON\Iron.db","SUCCESS","AllocationSize: 1,101,824, EndOfFile: 1,101,824, NumberOfLinks: 1, DeletePending: False, Directory: False" "11:31:23.7270311 AM","icl.exe","36504","ReadFile","C:\ProgramData\Symantec\Symantec Endpoint Protection\14.2.4815.1101.105\Data\IRON\Iron.db","SUCCESS","Offset: 24, Length: 16" "11:31:23.7270448 AM","icl.exe","36504","QueryStandardInformationFile","C:\ProgramData\Symantec\Symantec Endpoint Protection\14.2.4815.1101.105\Data\IRON\Iron.db","SUCCESS","AllocationSize: 1,101,824, EndOfFile: 1,101,824, NumberOfLinks: 1, DeletePending: False, Directory: False" "11:31:23.7270731 AM","icl.exe","36504","QueryStandardInformationFile","C:\ProgramData\Symantec\Symantec Endpoint Protection\14.2.4815.1101.105\Data\IRON\Iron.db","SUCCESS","AllocationSize: 1,101,824, EndOfFile: 1,101,824, NumberOfLinks: 1, DeletePending: False, Directory: False" "11:31:23.7272530 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-2109960903-2035505985-632688529-10574","SUCCESS","Desired Access: All Access" "11:31:23.7272716 AM","icl.exe","36504","RegQueryValue","HKLM\System\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-2109960903-2035505985-632688529-10574\\Device\HarddiskVolume2\PROGRA~2\INTELS~1\COMPIL~1.210\windows\bin\intel64\mcpcom.exe","NAME NOT FOUND","Length: 40" "11:31:23.7272942 AM","icl.exe","36504","RegCloseKey","HKLM\System\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-2109960903-2035505985-632688529-10574","SUCCESS","" "11:31:23.7273127 AM","icl.exe","36504","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\BAM","REPARSE","Desired Access: Query Value" "11:31:23.7273297 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Session Manager\BAM","NAME NOT FOUND","Desired Access: Query Value" "11:31:23.7274586 AM","icl.exe","36504","Process Create","C:\PROGRA~2\INTELS~1\COMPIL~1.210\windows\bin\intel64\mcpcom.exe","SUCCESS","PID: 46400, Command line: C:\PROGRA~2\INTELS~1\COMPIL~1.210\windows\bin\intel64\mcpcom @C:\Users\osqa\AppData\Local\Temp\365042arg4" "11:31:23.7275568 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Session Manager\AppCertDlls","REPARSE","Desired Access: Query Value" "11:31:23.7275712 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\Session Manager\AppCertDlls","NAME NOT FOUND","Desired Access: Query Value" "11:31:23.7276302 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\SafeBoot\Option","REPARSE","Desired Access: Query Value, Set Value" "11:31:23.7276498 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Control\SafeBoot\Option","NAME NOT FOUND","Desired Access: Query Value, Set Value" "11:31:23.7277173 AM","icl.exe","36504","RegOpenKey","HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers","SUCCESS","Desired Access: Query Value" "11:31:23.7277446 AM","icl.exe","36504","RegQueryValue","HKLM\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\TransparentEnabled","NAME NOT FOUND","Length: 80" "11:31:23.7277578 AM","icl.exe","36504","RegQueryValue","HKLM\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\AuthenticodeEnabled","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0" "11:31:23.7277735 AM","icl.exe","36504","RegCloseKey","HKLM\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers","SUCCESS","" "11:31:23.7278319 AM","icl.exe","36504","RegOpenKey","HKCU\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers","NAME NOT FOUND","Desired Access: Query Value" "11:31:23.7282613 AM","icl.exe","36504","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\mcpcom.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:23.7282998 AM","icl.exe","36504","QueryBasicInformationFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\mcpcom.exe","SUCCESS","CreationTime: 4/12/2017 8:26:48 AM, LastAccessTime: 3/25/2021 11:31:23 AM, LastWriteTime: 4/12/2017 8:26:48 AM, ChangeTime: 2/24/2021 12:42:38 AM, FileAttributes: A" "11:31:23.7283128 AM","icl.exe","36504","CloseFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\mcpcom.exe","SUCCESS","" "11:31:23.7283933 AM","icl.exe","36504","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Open For Backup, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:23.7284558 AM","icl.exe","36504","QueryDirectory","C:\PROGRA~2","SUCCESS","FileInformationClass: FileBothDirectoryInformation, Filter: PROGRA~2, 2: Program Files (x86)" "11:31:23.7284907 AM","icl.exe","36504","CloseFile","C:\","SUCCESS","" "11:31:23.7285992 AM","icl.exe","36504","CreateFile","C:\Program Files (x86)","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Open For Backup, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:23.7286315 AM","icl.exe","36504","QueryDirectory","C:\Program Files (x86)\INTELS~1","SUCCESS","FileInformationClass: FileBothDirectoryInformation, Filter: INTELS~1, 2: IntelSWTools" "11:31:23.7286562 AM","icl.exe","36504","CloseFile","C:\Program Files (x86)","SUCCESS","" "11:31:23.7287451 AM","icl.exe","36504","CreateFile","C:\Program Files (x86)\IntelSWTools","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Open For Backup, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:23.7287752 AM","icl.exe","36504","QueryDirectory","C:\Program Files (x86)\IntelSWTools\COMPIL~1.210","SUCCESS","FileInformationClass: FileBothDirectoryInformation, Filter: COMPIL~1.210, 2: compilers_and_libraries_2017.4.210" "11:31:23.7287980 AM","icl.exe","36504","CloseFile","C:\Program Files (x86)\IntelSWTools","SUCCESS","" "11:31:23.7288811 AM","icl.exe","36504","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Open For Backup, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:23.7289108 AM","icl.exe","36504","QueryDirectory","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows","SUCCESS","FileInformationClass: FileBothDirectoryInformation, Filter: windows, 2: windows" "11:31:23.7289305 AM","icl.exe","36504","CloseFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210","SUCCESS","" "11:31:23.7290147 AM","icl.exe","36504","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Open For Backup, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:23.7290446 AM","icl.exe","36504","QueryDirectory","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin","SUCCESS","FileInformationClass: FileBothDirectoryInformation, Filter: bin, 2: bin" "11:31:23.7290654 AM","icl.exe","36504","CloseFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows","SUCCESS","" "11:31:23.7291532 AM","icl.exe","36504","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Open For Backup, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:23.7291841 AM","icl.exe","36504","QueryDirectory","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64","SUCCESS","FileInformationClass: FileBothDirectoryInformation, Filter: intel64, 2: intel64" "11:31:23.7292077 AM","icl.exe","36504","CloseFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin","SUCCESS","" "11:31:23.7292952 AM","icl.exe","36504","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Open For Backup, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:23.7293246 AM","icl.exe","36504","QueryDirectory","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\mcpcom.exe","SUCCESS","FileInformationClass: FileBothDirectoryInformation, Filter: mcpcom.exe, 2: mcpcom.exe" "11:31:23.7293467 AM","icl.exe","36504","CloseFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64","SUCCESS","" "11:31:23.7294735 AM","icl.exe","36504","RegOpenKey","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders","SUCCESS","Desired Access: Query Value" "11:31:23.7294969 AM","icl.exe","36504","RegQueryValue","HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cache","SUCCESS","Type: REG_SZ, Length: 112, Data: C:\Users\osqa\AppData\Local\Microsoft\Windows\INetCache" "11:31:23.7295201 AM","icl.exe","36504","RegCloseKey","HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders","SUCCESS","" "11:31:23.7295399 AM","icl.exe","36504","RegOpenKey","HKCU\Software\Microsoft\Windows NT\CurrentVersion","SUCCESS","Desired Access: Enumerate Sub Keys" "11:31:23.7295575 AM","icl.exe","36504","RegOpenKey","HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers","NAME NOT FOUND","Desired Access: Query Value" "11:31:23.7295865 AM","icl.exe","36504","QuerySecurityFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\mcpcom.exe","SUCCESS","Information: Owner, Group, DACL, SACL, Label, Attribute, Process Trust Label, 0x100" "11:31:23.7296761 AM","icl.exe","36504","CreateFile","C:\Windows\apppatch\sysmain.sdb","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, AllocationSize: n/a, OpenResult: Opened" "11:31:23.7297282 AM","icl.exe","36504","QueryBasicInformationFile","C:\Windows\apppatch\sysmain.sdb","SUCCESS","CreationTime: 3/10/2021 10:21:37 PM, LastAccessTime: 3/25/2021 11:31:20 AM, LastWriteTime: 3/10/2021 10:21:37 PM, ChangeTime: 3/10/2021 10:52:43 PM, FileAttributes: A" "11:31:23.7297383 AM","icl.exe","36504","CloseFile","C:\Windows\apppatch\sysmain.sdb","SUCCESS","" "11:31:23.7297751 AM","icl.exe","36504","QueryBasicInformationFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\mcpcom.exe","SUCCESS","CreationTime: 4/12/2017 8:26:48 AM, LastAccessTime: 3/25/2021 11:31:23 AM, LastWriteTime: 4/12/2017 8:26:48 AM, ChangeTime: 2/24/2021 12:42:38 AM, FileAttributes: A" "11:31:23.7298454 AM","icl.exe","36504","QueryBasicInformationFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\mcpcom.exe","SUCCESS","CreationTime: 4/12/2017 8:26:48 AM, LastAccessTime: 3/25/2021 11:31:23 AM, LastWriteTime: 4/12/2017 8:26:48 AM, ChangeTime: 2/24/2021 12:42:38 AM, FileAttributes: A" "11:31:23.7298614 AM","icl.exe","36504","QueryNameInformationFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\mcpcom.exe","SUCCESS","Name: \PROGRA~2\INTELS~1\COMPIL~1.210\windows\bin\intel64\mcpcom.exe" "11:31:23.7299955 AM","icl.exe","36504","CreateFile","C:\Windows\apppatch\sysmain.sdb","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:23.7300435 AM","icl.exe","36504","QueryStandardInformationFile","C:\Windows\apppatch\sysmain.sdb","SUCCESS","AllocationSize: 4,059,136, EndOfFile: 4,057,128, NumberOfLinks: 2, DeletePending: False, Directory: False" "11:31:23.7300572 AM","icl.exe","36504","QueryStandardInformationFile","C:\Windows\apppatch\sysmain.sdb","SUCCESS","AllocationSize: 4,059,136, EndOfFile: 4,057,128, NumberOfLinks: 2, DeletePending: False, Directory: False" "11:31:23.7300739 AM","icl.exe","36504","CreateFileMapping","C:\Windows\apppatch\sysmain.sdb","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE|PAGE_NOCACHE" "11:31:23.7300902 AM","icl.exe","36504","QueryStandardInformationFile","C:\Windows\apppatch\sysmain.sdb","SUCCESS","AllocationSize: 4,059,136, EndOfFile: 4,057,128, NumberOfLinks: 2, DeletePending: False, Directory: False" "11:31:23.7301181 AM","icl.exe","36504","CreateFileMapping","C:\Windows\apppatch\sysmain.sdb","SUCCESS","SyncType: SyncTypeOther" "11:31:23.7302105 AM","icl.exe","36504","QueryStandardInformationFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\mcpcom.exe","SUCCESS","AllocationSize: 40,472,576, EndOfFile: 40,468,736, NumberOfLinks: 1, DeletePending: False, Directory: False" "11:31:23.7302357 AM","icl.exe","36504","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers","SUCCESS","Desired Access: Read" "11:31:23.7302629 AM","icl.exe","36504","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\mcpcom.exe","NAME NOT FOUND","Length: 1,024" "11:31:23.7302840 AM","icl.exe","36504","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers","SUCCESS","" "11:31:23.7303048 AM","icl.exe","36504","RegOpenKey","HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers","NAME NOT FOUND","Desired Access: Read" "11:31:23.7303304 AM","icl.exe","36504","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom\mcpcom.exe","NAME NOT FOUND","Desired Access: Read" "11:31:23.7304947 AM","icl.exe","36504","QueryStandardInformationFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\mcpcom.exe","SUCCESS","AllocationSize: 40,472,576, EndOfFile: 40,468,736, NumberOfLinks: 1, DeletePending: False, Directory: False" "11:31:23.7305125 AM","icl.exe","36504","CreateFileMapping","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\mcpcom.exe","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READ|PAGE_NOCACHE" "11:31:23.7305297 AM","icl.exe","36504","QueryStandardInformationFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\mcpcom.exe","SUCCESS","AllocationSize: 40,472,576, EndOfFile: 40,468,736, NumberOfLinks: 1, DeletePending: False, Directory: False" "11:31:23.7305583 AM","icl.exe","36504","CreateFileMapping","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\mcpcom.exe","SUCCESS","SyncType: SyncTypeOther" "11:31:23.7311891 AM","icl.exe","36504","CloseFile","C:\Windows\apppatch\sysmain.sdb","SUCCESS","" "11:31:23.7313031 AM","icl.exe","36504","RegOpenKey","HKLM\Software\Microsoft\Windows\CurrentVersion\SideBySide","SUCCESS","Desired Access: Read" "11:31:23.7313236 AM","icl.exe","36504","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest","NAME NOT FOUND","Length: 20" "11:31:23.7313392 AM","icl.exe","36504","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide","SUCCESS","" "11:31:23.7320145 AM","icl.exe","36504","CloseFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\mcpcom.exe","SUCCESS","" "11:31:23.8021124 AM","icl.exe","36504","CreateFile","C:\Users\osqa\AppData\Local\Temp\365041tempfile3","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened" "11:31:23.8039963 AM","icl.exe","36504","CloseFile","C:\Users\osqa\AppData\Local\Temp\365041tempfile3","SUCCESS","" "11:31:23.8041250 AM","icl.exe","36504","CreateFile","C:\Users\osqa\AppData\Local\Temp\365041tempfile3","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened" "11:31:23.8041616 AM","icl.exe","36504","ReadFile","C:\Users\osqa\AppData\Local\Temp\365041tempfile3","SUCCESS","Offset: 0, Length: 73, Priority: Normal" "11:31:23.8041842 AM","icl.exe","36504","ReadFile","C:\Users\osqa\AppData\Local\Temp\365041tempfile3","END OF FILE","Offset: 73, Length: 4,096" "11:31:23.8042075 AM","icl.exe","36504","CloseFile","C:\Users\osqa\AppData\Local\Temp\365041tempfile3","SUCCESS","" "11:31:23.8043249 AM","icl.exe","36504","CreateFile","C:\Users\osqa\AppData\Local\Temp\365041tempfile3","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened" "11:31:23.8044040 AM","icl.exe","36504","ReadFile","C:\Users\osqa\AppData\Local\Temp\365041tempfile3","SUCCESS","Offset: 0, Length: 73, Priority: Normal" "11:31:23.8044356 AM","icl.exe","36504","ReadFile","C:\Users\osqa\AppData\Local\Temp\365041tempfile3","SUCCESS","Offset: 36, Length: 37" "11:31:23.8044543 AM","icl.exe","36504","ReadFile","C:\Users\osqa\AppData\Local\Temp\365041tempfile3","END OF FILE","Offset: 73, Length: 4,096" "11:31:23.8044710 AM","icl.exe","36504","CloseFile","C:\Users\osqa\AppData\Local\Temp\365041tempfile3","SUCCESS","" "11:31:23.8045846 AM","icl.exe","36504","CreateFile","C:\Users\osqa\AppData\Local\Temp\365041tempfile3","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened" "11:31:23.8046160 AM","icl.exe","36504","CloseFile","C:\Users\osqa\AppData\Local\Temp\365041tempfile3","SUCCESS","" "11:31:23.8047111 AM","icl.exe","36504","CreateFile","C:\Users\osqa\AppData\Local\Temp\365041tempfile3","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened" "11:31:23.8047408 AM","icl.exe","36504","ReadFile","C:\Users\osqa\AppData\Local\Temp\365041tempfile3","SUCCESS","Offset: 0, Length: 73, Priority: Normal" "11:31:23.8047714 AM","icl.exe","36504","ReadFile","C:\Users\osqa\AppData\Local\Temp\365041tempfile3","END OF FILE","Offset: 73, Length: 4,096" "11:31:23.8047962 AM","icl.exe","36504","CloseFile","C:\Users\osqa\AppData\Local\Temp\365041tempfile3","SUCCESS","" "11:31:23.8049035 AM","icl.exe","36504","CreateFile","C:\Users\osqa\AppData\Local\Temp\365041tempfile3","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened" "11:31:23.8049383 AM","icl.exe","36504","ReadFile","C:\Users\osqa\AppData\Local\Temp\365041tempfile3","SUCCESS","Offset: 0, Length: 73, Priority: Normal" "11:31:23.8049639 AM","icl.exe","36504","ReadFile","C:\Users\osqa\AppData\Local\Temp\365041tempfile3","SUCCESS","Offset: 36, Length: 37" "11:31:23.8049816 AM","icl.exe","36504","ReadFile","C:\Users\osqa\AppData\Local\Temp\365041tempfile3","END OF FILE","Offset: 73, Length: 4,096" "11:31:23.8049970 AM","icl.exe","36504","CloseFile","C:\Users\osqa\AppData\Local\Temp\365041tempfile3","SUCCESS","" "11:31:23.8050991 AM","icl.exe","36504","CreateFile","C:\Users\osqa\AppData\Local\Temp\365041tempfile3","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened" "11:31:23.8051268 AM","icl.exe","36504","CloseFile","C:\Users\osqa\AppData\Local\Temp\365041tempfile3","SUCCESS","" "11:31:23.8052174 AM","icl.exe","36504","CreateFile","C:\Users\osqa\AppData\Local\Temp\365041tempfile3","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened" "11:31:23.8052508 AM","icl.exe","36504","ReadFile","C:\Users\osqa\AppData\Local\Temp\365041tempfile3","SUCCESS","Offset: 0, Length: 73, Priority: Normal" "11:31:23.8052712 AM","icl.exe","36504","ReadFile","C:\Users\osqa\AppData\Local\Temp\365041tempfile3","END OF FILE","Offset: 73, Length: 4,096" "11:31:23.8052858 AM","icl.exe","36504","CloseFile","C:\Users\osqa\AppData\Local\Temp\365041tempfile3","SUCCESS","" "11:31:23.8054476 AM","icl.exe","36504","CreateFile","C:\Users\osqa\AppData\Local\Temp\365041tempfile3","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened" "11:31:23.8054858 AM","icl.exe","36504","ReadFile","C:\Users\osqa\AppData\Local\Temp\365041tempfile3","SUCCESS","Offset: 0, Length: 73, Priority: Normal" "11:31:23.8055146 AM","icl.exe","36504","ReadFile","C:\Users\osqa\AppData\Local\Temp\365041tempfile3","SUCCESS","Offset: 36, Length: 37" "11:31:23.8055323 AM","icl.exe","36504","ReadFile","C:\Users\osqa\AppData\Local\Temp\365041tempfile3","END OF FILE","Offset: 73, Length: 4,096" "11:31:23.8055476 AM","icl.exe","36504","CloseFile","C:\Users\osqa\AppData\Local\Temp\365041tempfile3","SUCCESS","" "11:31:23.8060493 AM","icl.exe","36504","CreateFile","C:\Users\osqa\AppData\Local\Temp\365041tempfile3","SUCCESS","Desired Access: Read Attributes, Delete, Disposition: Open, Options: Non-Directory File, Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:23.8060813 AM","icl.exe","36504","QueryAttributeTagFile","C:\Users\osqa\AppData\Local\Temp\365041tempfile3","SUCCESS","Attributes: A, ReparseTag: 0x0" "11:31:23.8060969 AM","icl.exe","36504","SetDispositionInformationEx","C:\Users\osqa\AppData\Local\Temp\365041tempfile3","SUCCESS","Flags: FILE_DISPOSITION_DELETE, FILE_DISPOSITION_POSIX_SEMANTICS, FILE_DISPOSITION_FORCE_IMAGE_SECTION_CHECK" "11:31:23.8061577 AM","icl.exe","36504","CloseFile","C:\Users\osqa\AppData\Local\Temp\365041tempfile3","SUCCESS","" "11:31:23.8064689 AM","icl.exe","36504","CreateFile","C:\Users\osqa\AppData\Local\Temp\365042arg4","SUCCESS","Desired Access: Read Attributes, Delete, Disposition: Open, Options: Non-Directory File, Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:23.8065144 AM","icl.exe","36504","QueryAttributeTagFile","C:\Users\osqa\AppData\Local\Temp\365042arg4","SUCCESS","Attributes: A, ReparseTag: 0x0" "11:31:23.8065324 AM","icl.exe","36504","SetDispositionInformationEx","C:\Users\osqa\AppData\Local\Temp\365042arg4","SUCCESS","Flags: FILE_DISPOSITION_DELETE, FILE_DISPOSITION_POSIX_SEMANTICS, FILE_DISPOSITION_FORCE_IMAGE_SECTION_CHECK" "11:31:23.8065828 AM","icl.exe","36504","CloseFile","C:\Users\osqa\AppData\Local\Temp\365042arg4","SUCCESS","" "11:31:23.8068794 AM","icl.exe","36504","Thread Exit","","SUCCESS","Thread ID: 29960, User Time: 0.0000000, Kernel Time: 0.0312500" "11:31:23.8068825 AM","icl.exe","36504","Thread Exit","","SUCCESS","Thread ID: 32168, User Time: 0.0000000, Kernel Time: 0.0312500" "11:31:23.8069074 AM","icl.exe","36504","Thread Exit","","SUCCESS","Thread ID: 18152, User Time: 0.0000000, Kernel Time: 0.0312500" "11:31:23.8074194 AM","icl.exe","36504","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\GRE_Initialize","SUCCESS","Desired Access: Read" "11:31:23.8074438 AM","icl.exe","36504","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles","NAME NOT FOUND","Length: 20" "11:31:23.8074606 AM","icl.exe","36504","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize","SUCCESS","" "11:31:23.8074743 AM","icl.exe","36504","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\GRE_Initialize","SUCCESS","Desired Access: Read" "11:31:23.8074882 AM","icl.exe","36504","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableUmpdBufferSizeCheck","NAME NOT FOUND","Length: 20" "11:31:23.8075016 AM","icl.exe","36504","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize","SUCCESS","" "11:31:23.8075635 AM","icl.exe","36504","RegCloseKey","HKCU\Software\Classes\Local Settings\Software\Microsoft","SUCCESS","" "11:31:23.8075762 AM","icl.exe","36504","RegCloseKey","HKCU\Software\Classes\Local Settings","SUCCESS","" "11:31:23.8075923 AM","icl.exe","36504","RegCloseKey","HKLM\SOFTWARE\Microsoft\Ole","SUCCESS","" "11:31:23.8076036 AM","icl.exe","36504","RegCloseKey","HKLM","SUCCESS","" "11:31:23.8078363 AM","icl.exe","36504","Thread Exit","","SUCCESS","Thread ID: 39540, User Time: 0.0312500, Kernel Time: 0.0937500" "11:31:23.8086379 AM","icl.exe","36504","CreateFile","C:\","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Complete If Oplocked, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:23.8087816 AM","icl.exe","36504","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\icl.exe","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Complete If Oplocked, Open By ID, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:23.8088155 AM","icl.exe","36504","CloseFile","C:\","SUCCESS","" "11:31:23.8088939 AM","icl.exe","36504","CloseFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\icl.exe","SUCCESS","" "11:31:23.8100665 AM","icl.exe","36504","Process Exit","","SUCCESS","Exit Status: 0, User Time: 0.0312500 seconds, Kernel Time: 0.1875000 seconds, Private Bytes: 4,542,464, Peak Private Bytes: 4,665,344, Working Set: 13,684,736, Peak Working Set: 13,688,832" "11:31:23.8101115 AM","icl.exe","36504","RegOpenKey","HKLM\System\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-2109960903-2035505985-632688529-10574","SUCCESS","Desired Access: All Access" "11:31:23.8101290 AM","icl.exe","36504","RegQueryValue","HKLM\System\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-2109960903-2035505985-632688529-10574\\Device\HarddiskVolume2\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\icl.exe","NAME NOT FOUND","Length: 40" "11:31:23.8101463 AM","icl.exe","36504","RegCloseKey","HKLM\System\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-2109960903-2035505985-632688529-10574","SUCCESS","" "11:31:23.8102088 AM","icl.exe","36504","CloseFile","C:\Users\osqa\workarea\osqa_ca-w10-bld-05_os_211\os\os3rdparty","SUCCESS","" "11:31:23.8104801 AM","icl.exe","36504","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\Sorting\Versions","SUCCESS","" "11:31:23.8104885 AM","icl.exe","36504","RegCloseKey","HKLM\System\CurrentControlSet\Control\Session Manager","SUCCESS","" "11:31:23.8104991 AM","icl.exe","36504","CloseFile","C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.844_none_ca00b6081b84eb1d","SUCCESS","" "11:31:23.8106416 AM","icl.exe","36504","CloseFile","C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.19041.844_none_423537bff6b9828c","SUCCESS","" "11:31:23.8107373 AM","icl.exe","36504","RegCloseKey","HKLM","SUCCESS","" "11:31:23.8107539 AM","icl.exe","36504","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options","SUCCESS","" "11:31:23.8107747 AM","icl.exe","36504","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\PropertyBag","SUCCESS","" "11:31:23.8107857 AM","icl.exe","36504","RegCloseKey","HKCU\Control Panel\International","SUCCESS","" "11:31:23.8107944 AM","icl.exe","36504","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\Sorting\Ids","SUCCESS","" "11:31:23.8108261 AM","icl.exe","36504","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\CodePage","SUCCESS","" "11:31:23.8108337 AM","icl.exe","36504","RegCloseKey","HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion","SUCCESS","" "11:31:27.4874649 AM","icl.exe","29584","Process Start","","SUCCESS","Parent PID: 36520, Command line: icl.exe /nologo /Oi /D _CRT_SECURE_NO_WARNINGS /Qopenmp /fp:consistent ""-DBUILDID=\""1060646uwn33211_Ce64RB68UH14M\"""" -c ../osbase/dsetio/osb_ver.c /MT /O2 -DNDEBUG /Qdiag-disable:10397 -DUSE_FPTR -D_WIN32 -D_64 -DWIN32 -DWIN64 -D_WIN64 -DOS_AVLEXB -DFCCI -DFCCI2 -DMKL15 -DARPACKNG -DD_CUDA -DOS64 -DBLASTYPE_mkl=1 -DCPP_mach=CPP_p4win64 -DUSE_SIMPACK -DUSE_OMP=1 -DUSE_MUMPS=1 -DUSE_ZMUMPS -DNDEBUG=1 -DH3DREAD=1 -DOS_WIN=1 -DS_RDFLX=21 -DC_CYGWIN=1 -DCYGWIN_e64=1 -DH3D=14 -I../_obj_CYGWIN_e64_os64 -I../osbase/dsetio -I../osbase/base_var/rdflx21 -I../header -I../header_drv -I../header/h3d14 -I../ossolver/bcs -I../osbase/base_var -I../osbase/base_var/rdflx21 -DBUILDINFO=1 -DBUILDINFO=1 -DRELEASE_BUILD=1 -Fo_obj_CYGWIN_e64_os64/osb_ver.obj, Current directory: C:\Users\osqa\workarea\osqa_ca-w10-bld-05_os_211\os\osbase\, Environment: ; =C:=C:\Users\osqa\workarea\osqa_ca-w10-bld-05_os_211\os ; ADVISOR_2017_DIR=C:\Program Files (x86)\IntelSWTools\Advisor 2017\ ; ALLUSERSPROFILE=C:\ProgramData ; APPDATA=C:\Users\osqa\AppData\Roaming ; ARCH_PATH=intel64 ; BIN_DIR=bin64 ; BIN_ROOT=C:\Program Files (x86)\IntelSWTools\parallel_studio_xe_2017.4.051\compilers_and_libraries_2017\windows\bin\ ; BLDCMD=wsl make C=e64 OS64=1 BLAS=mkl ML=all RDFLX=21 USEHOSTTYPE=CYGWIN ; CCOMPNM=icl.exe ; CHKCMD=wsl make C=e64 OS64=1 BLAS=mkl ML=all RDFLX=21 USEHOSTTYPE=CYGWIN check ; CLASSPATH=C:\Program Files (x86)\IntelSWTools\parallel_studio_xe_2017.4.051\compilers_and_libraries_2017\windows\daal\lib\daal.jar; ; CMPLR_PATH=C:\Program Files (x86)\IntelSWTools\parallel_studio_xe_2017.4.051\compilers_and_libraries_2017\windows\bin\intel64 ; COMPUTERNAME=CA-W10-BLD-05 ; CPATH=C:\Program Files (x86)\IntelSWTools\parallel_studio_xe_2017.4.051\compilers_and_libraries_2017\windows\ipp\include;C:\Program Files (x86)\IntelSWTools\parallel_studio_xe_2017.4.051\compilers_and_libraries_2017\windows\mkl\include;C:\Program Files (x86)\IntelSWTools\parallel_studio_xe_2017.4.051\compilers_and_libraries_2017\windows\tbb\bin\..\include;C:\Program Files (x86)\IntelSWTools\parallel_studio_xe_2017.4.051\compilers_and_libraries_2017\windows\daal\include; ; C_TARGET_ARCH=intel64 ; ComSpec=C:\Windows\system32\cmd.exe ; CommandPromptType=Native ; CommonProgramFiles=C:\Program Files\Common Files ; CommonProgramFiles(x86)=C:\Program Files (x86)\Common Files ; CommonProgramW6432=C:\Program Files\Common Files ; DAALROOT=C:\Program Files (x86)\IntelSWTools\parallel_studio_xe_2017.4.051\compilers_and_libraries_2017\windows\daal ; DriverData=C:\Windows\System32\Drivers\DriverData ; FCOMPNM=ifort.exe ; Framework40Version=v4.0 ; FrameworkDIR64=C:\Windows\Microsoft.NET\Framework64 ; FrameworkDir=C:\Windows\Microsoft.NET\Framework64 ; FrameworkVersion=v4.0.30319 ; FrameworkVersion64=v4.0.30319 ; HOME=C:\Users\osqa ; HOMEDRIVE=C: ; HOMEPATH=\Users\osqa ; ICPP_COMPILER17=C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\ ; IFORT_COMPILER17=C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\ ; INCLUDE=C:\Program Files (x86)\IntelSWTools\parallel_studio_xe_2017.4.051\compilers_and_libraries_2017\windows\compiler\include;C:\Program Files (x86)\IntelSWTools\parallel_studio_xe_2017.4.051\compilers_and_libraries_2017\windows\compiler\include\intel64;C:\Program Files (x86)\Microsoft Visual Studio 14.0\VC\INCLUDE;C:\Program Files (x86)\Microsoft Visual Studio 14.0\VC\ATLMFC\INCLUDE;C:\Program Files (x86)\Windows Kits\10\include\10.0.10240.0\ucrt;C:\Program Files (x86)\Windows Kits\NETFXSDK\4.6.1\include\um;C:\Program Files (x86)\Windows Kits\8.1\include\\shared;C:\Program Files (x86)\Windows Kits\8.1\include\\um;C:\Program Files (x86)\Windows Kits\8.1\include\\winrt;C:\Program Files (x86)\IntelSWTools\parallel_studio_xe_2017.4.051\compilers_and_libraries_2017\windows\mpi\intel64\bin\..\..\intel64\include;C:\Program Files (x86)\IntelSWTools\parallel_studio_xe_2017.4.051\compilers_and_libraries_2017\windows\ipp\include;C:\Program Files (x86)\IntelSWTools\parallel_studio_xe_2017.4.051\compilers_and_libraries_2017" "11:31:27.4874784 AM","icl.exe","29584","Thread Create","","SUCCESS","Thread ID: 33904" "11:31:27.4966084 AM","icl.exe","29584","Load Image","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\icl.exe","SUCCESS","Image Base: 0x7ff6546a0000, Image Size: 0x491000" "11:31:27.4968580 AM","icl.exe","29584","Load Image","C:\Windows\System32\ntdll.dll","SUCCESS","Image Base: 0x7ffbdd590000, Image Size: 0x1f5000" "11:31:27.4969673 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Session Manager","REPARSE","Desired Access: Query Value" "11:31:27.4970263 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Session Manager","SUCCESS","Desired Access: Query Value" "11:31:27.4970557 AM","icl.exe","29584","RegQueryValue","HKLM\System\CurrentControlSet\Control\Session Manager\RaiseExceptionOnPossibleDeadlock","NAME NOT FOUND","Length: 80" "11:31:27.4970757 AM","icl.exe","29584","RegCloseKey","HKLM\System\CurrentControlSet\Control\Session Manager","SUCCESS","" "11:31:27.4970906 AM","icl.exe","29584","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Segment Heap","REPARSE","Desired Access: Query Value" "11:31:27.4971024 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Session Manager\Segment Heap","NAME NOT FOUND","Desired Access: Query Value" "11:31:27.4971363 AM","icl.exe","29584","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Control\Session Manager","REPARSE","Desired Access: Query Value, Enumerate Sub Keys" "11:31:27.4971488 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Session Manager","SUCCESS","Desired Access: Query Value, Enumerate Sub Keys" "11:31:27.4971636 AM","icl.exe","29584","RegQueryValue","HKLM\System\CurrentControlSet\Control\Session Manager\ResourcePolicies","NAME NOT FOUND","Length: 24" "11:31:27.4971775 AM","icl.exe","29584","RegCloseKey","HKLM\System\CurrentControlSet\Control\Session Manager","SUCCESS","" "11:31:27.4974977 AM","icl.exe","29584","CreateFile","C:\Users\osqa\workarea\osqa_ca-w10-bld-05_os_211\os\osbase","SUCCESS","Desired Access: Execute/Traverse, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened" "11:31:27.4977681 AM","icl.exe","29584","Load Image","C:\Windows\System32\kernel32.dll","SUCCESS","Image Base: 0x7ffbdd490000, Image Size: 0xbd000" "11:31:27.4980044 AM","icl.exe","29584","Load Image","C:\Windows\System32\KernelBase.dll","SUCCESS","Image Base: 0x7ffbdacd0000, Image Size: 0x2c9000" "11:31:27.5058773 AM","icl.exe","29584","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\3c74afb9-8d82-44e3-b52c-365dbf48382a","NAME NOT FOUND","Length: 528" "11:31:27.5059301 AM","icl.exe","29584","QueryNameInformationFile","C:\Windows\System32\KernelBase.dll","SUCCESS","Name: \Windows\System32\KernelBase.dll" "11:31:27.5059780 AM","icl.exe","29584","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\05f95efe-7f75-49c7-a994-60a55cc09571","NAME NOT FOUND","Length: 528" "11:31:27.5060179 AM","icl.exe","29584","QueryNameInformationFile","C:\Windows\System32\KernelBase.dll","SUCCESS","Name: \Windows\System32\KernelBase.dll" "11:31:27.5060681 AM","icl.exe","29584","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\e36c4458-ed80-4ad7-a8be-52dda1eb5f1c","NAME NOT FOUND","Length: 528" "11:31:27.5061073 AM","icl.exe","29584","QueryNameInformationFile","C:\Windows\System32\kernel32.dll","SUCCESS","Name: \Windows\System32\kernel32.dll" "11:31:27.5062460 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\SafeBoot\Option","REPARSE","Desired Access: Query Value, Set Value" "11:31:27.5062598 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\SafeBoot\Option","NAME NOT FOUND","Desired Access: Query Value, Set Value" "11:31:27.5062749 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Srp\GP\DLL","REPARSE","Desired Access: Read" "11:31:27.5062863 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Srp\GP\DLL","NAME NOT FOUND","Desired Access: Read" "11:31:27.5063014 AM","icl.exe","29584","RegOpenKey","HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers","SUCCESS","Desired Access: Query Value" "11:31:27.5063175 AM","icl.exe","29584","RegQueryValue","HKLM\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\TransparentEnabled","NAME NOT FOUND","Length: 80" "11:31:27.5063306 AM","icl.exe","29584","RegCloseKey","HKLM\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers","SUCCESS","" "11:31:27.5063454 AM","icl.exe","29584","RegOpenKey","HKCU\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers","NAME NOT FOUND","Desired Access: Query Value" "11:31:27.5063721 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\FileSystem\","REPARSE","Desired Access: Read" "11:31:27.5063845 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\FileSystem","SUCCESS","Desired Access: Read" "11:31:27.5063962 AM","icl.exe","29584","RegQueryValue","HKLM\System\CurrentControlSet\Control\FileSystem\LongPathsEnabled","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0" "11:31:27.5064089 AM","icl.exe","29584","RegCloseKey","HKLM\System\CurrentControlSet\Control\FileSystem","SUCCESS","" "11:31:27.5067001 AM","icl.exe","29584","CreateFile","C:\Windows\System32\sysfer.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:27.5067312 AM","icl.exe","29584","QueryBasicInformationFile","C:\Windows\System32\sysfer.dll","SUCCESS","CreationTime: 2/17/2021 7:38:16 AM, LastAccessTime: 3/25/2021 11:31:27 AM, LastWriteTime: 2/17/2021 7:38:16 AM, ChangeTime: 2/17/2021 7:38:16 AM, FileAttributes: A" "11:31:27.5067420 AM","icl.exe","29584","CloseFile","C:\Windows\System32\sysfer.dll","SUCCESS","" "11:31:27.5068234 AM","icl.exe","29584","CreateFile","C:\Windows\System32\sysfer.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:27.5069230 AM","icl.exe","29584","CreateFileMapping","C:\Windows\System32\sysfer.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_WRITECOPY|PAGE_NOCACHE" "11:31:27.5070223 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Read" "11:31:27.5070385 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Read" "11:31:27.5070524 AM","icl.exe","29584","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 20" "11:31:27.5070678 AM","icl.exe","29584","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","" "11:31:27.5070817 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Query Value" "11:31:27.5070949 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Query Value" "11:31:27.5071071 AM","icl.exe","29584","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 80" "11:31:27.5071208 AM","icl.exe","29584","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","" "11:31:27.5071325 AM","icl.exe","29584","CreateFileMapping","C:\Windows\System32\sysfer.dll","SUCCESS","SyncType: SyncTypeOther" "11:31:27.5073333 AM","icl.exe","29584","Load Image","C:\Windows\System32\sysfer.dll","SUCCESS","Image Base: 0x50660000, Image Size: 0x93000" "11:31:27.5074196 AM","icl.exe","29584","Thread Create","","SUCCESS","Thread ID: 36648" "11:31:27.5074526 AM","icl.exe","29584","CloseFile","C:\Windows\System32\sysfer.dll","SUCCESS","" "11:31:27.5076027 AM","icl.exe","29584","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Control\Session Manager","REPARSE","Desired Access: Query Value, Enumerate Sub Keys" "11:31:27.5076183 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Session Manager","SUCCESS","Desired Access: Query Value, Enumerate Sub Keys" "11:31:27.5076324 AM","icl.exe","29584","RegQueryValue","HKLM\System\CurrentControlSet\Control\Session Manager\ResourcePolicies","NAME NOT FOUND","Length: 24" "11:31:27.5076480 AM","icl.exe","29584","RegCloseKey","HKLM\System\CurrentControlSet\Control\Session Manager","SUCCESS","" "11:31:27.5077461 AM","icl.exe","29584","Load Image","C:\Windows\System32\advapi32.dll","SUCCESS","Image Base: 0x7ffbdd170000, Image Size: 0xac000" "11:31:27.5079701 AM","icl.exe","29584","Load Image","C:\Windows\System32\msvcrt.dll","SUCCESS","Image Base: 0x7ffbdc6e0000, Image Size: 0x9e000" "11:31:27.5082303 AM","icl.exe","29584","Load Image","C:\Windows\System32\sechost.dll","SUCCESS","Image Base: 0x7ffbdc640000, Image Size: 0x9c000" "11:31:27.5084353 AM","icl.exe","29584","Load Image","C:\Windows\System32\rpcrt4.dll","SUCCESS","Image Base: 0x7ffbdd300000, Image Size: 0x12b000" "11:31:27.5085897 AM","icl.exe","29584","Thread Create","","SUCCESS","Thread ID: 28764" "11:31:27.5089326 AM","icl.exe","29584","Load Image","C:\Windows\System32\shlwapi.dll","SUCCESS","Image Base: 0x7ffbdd0b0000, Image Size: 0x55000" "11:31:27.5092031 AM","icl.exe","29584","Load Image","C:\Windows\System32\oleaut32.dll","SUCCESS","Image Base: 0x7ffbdc4b0000, Image Size: 0xcd000" "11:31:27.5094173 AM","icl.exe","29584","Load Image","C:\Windows\System32\msvcp_win.dll","SUCCESS","Image Base: 0x7ffbdb0d0000, Image Size: 0x9d000" "11:31:27.5097382 AM","icl.exe","29584","Load Image","C:\Windows\System32\ucrtbase.dll","SUCCESS","Image Base: 0x7ffbdafa0000, Image Size: 0x100000" "11:31:27.5101200 AM","icl.exe","29584","Load Image","C:\Windows\System32\combase.dll","SUCCESS","Image Base: 0x7ffbdcb90000, Image Size: 0x355000" "11:31:27.5105481 AM","icl.exe","29584","Load Image","C:\Windows\System32\ole32.dll","SUCCESS","Image Base: 0x7ffbdbd40000, Image Size: 0x12a000" "11:31:27.5109109 AM","icl.exe","29584","Load Image","C:\Windows\System32\gdi32.dll","SUCCESS","Image Base: 0x7ffbdd220000, Image Size: 0x2a000" "11:31:27.5112166 AM","icl.exe","29584","Load Image","C:\Windows\System32\win32u.dll","SUCCESS","Image Base: 0x7ffbdb0a0000, Image Size: 0x22000" "11:31:27.5115988 AM","icl.exe","29584","Load Image","C:\Windows\System32\gdi32full.dll","SUCCESS","Image Base: 0x7ffbdb4e0000, Image Size: 0x10b000" "11:31:27.5119413 AM","icl.exe","29584","Load Image","C:\Windows\System32\user32.dll","SUCCESS","Image Base: 0x7ffbdc860000, Image Size: 0x1a0000" "11:31:27.5122589 AM","icl.exe","29584","Thread Create","","SUCCESS","Thread ID: 46060" "11:31:27.5123362 AM","icl.exe","29584","Load Image","C:\Windows\System32\shell32.dll","SUCCESS","Image Base: 0x7ffbdb5f0000, Image Size: 0x742000" "11:31:27.5141121 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Session Manager","REPARSE","Desired Access: Query Value" "11:31:27.5141307 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Session Manager","SUCCESS","Desired Access: Query Value" "11:31:27.5141458 AM","icl.exe","29584","RegQueryValue","HKLM\System\CurrentControlSet\Control\Session Manager\SafeDllSearchMode","NAME NOT FOUND","Length: 16" "11:31:27.5148531 AM","icl.exe","29584","Load Image","C:\Windows\System32\comdlg32.dll","SUCCESS","Image Base: 0x7ffbdc780000, Image Size: 0xda000" "11:31:27.5152473 AM","icl.exe","29584","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\FNP_Act_Installer.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:27.5152957 AM","icl.exe","29584","QueryBasicInformationFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\FNP_Act_Installer.dll","SUCCESS","CreationTime: 4/12/2017 7:50:50 AM, LastAccessTime: 3/25/2021 11:31:25 AM, LastWriteTime: 4/12/2017 7:50:50 AM, ChangeTime: 2/24/2021 12:42:11 AM, FileAttributes: A" "11:31:27.5153122 AM","icl.exe","29584","CloseFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\FNP_Act_Installer.dll","SUCCESS","" "11:31:27.5154169 AM","icl.exe","29584","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\VERSION.dll","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a" "11:31:27.5155711 AM","icl.exe","29584","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\intelremotemon.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:27.5155909 AM","icl.exe","29584","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\FNP_Act_Installer.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:27.5156028 AM","icl.exe","29584","QueryBasicInformationFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\intelremotemon.dll","SUCCESS","CreationTime: 4/12/2017 7:50:48 AM, LastAccessTime: 3/25/2021 11:31:25 AM, LastWriteTime: 4/12/2017 7:50:48 AM, ChangeTime: 2/24/2021 12:42:11 AM, FileAttributes: A" "11:31:27.5156147 AM","icl.exe","29584","CloseFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\intelremotemon.dll","SUCCESS","" "11:31:27.5156384 AM","icl.exe","29584","CreateFileMapping","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\FNP_Act_Installer.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_WRITECOPY|PAGE_NOCACHE" "11:31:27.5156800 AM","icl.exe","29584","Load Image","C:\Windows\System32\SHCore.dll","SUCCESS","Image Base: 0x7ffbdc590000, Image Size: 0xae000" "11:31:27.5157107 AM","icl.exe","29584","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\intelremotemon.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:27.5157429 AM","icl.exe","29584","CreateFileMapping","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\intelremotemon.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_WRITECOPY|PAGE_NOCACHE" "11:31:27.5159011 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Read" "11:31:27.5159191 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Read" "11:31:27.5159341 AM","icl.exe","29584","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 20" "11:31:27.5159502 AM","icl.exe","29584","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","" "11:31:27.5159660 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Query Value" "11:31:27.5159792 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Query Value" "11:31:27.5159914 AM","icl.exe","29584","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 80" "11:31:27.5160049 AM","icl.exe","29584","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","" "11:31:27.5160187 AM","icl.exe","29584","CreateFileMapping","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\FNP_Act_Installer.dll","SUCCESS","SyncType: SyncTypeOther" "11:31:27.5161006 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Read" "11:31:27.5161187 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Read" "11:31:27.5161336 AM","icl.exe","29584","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 20" "11:31:27.5161493 AM","icl.exe","29584","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","" "11:31:27.5161631 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Query Value" "11:31:27.5161770 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Query Value" "11:31:27.5161892 AM","icl.exe","29584","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 80" "11:31:27.5162028 AM","icl.exe","29584","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","" "11:31:27.5162161 AM","icl.exe","29584","CreateFileMapping","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\intelremotemon.dll","SUCCESS","SyncType: SyncTypeOther" "11:31:27.5162383 AM","icl.exe","29584","Load Image","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\FNP_Act_Installer.dll","SUCCESS","Image Base: 0x77410000, Image Size: 0x1eb000" "11:31:27.5163900 AM","icl.exe","29584","CreateFile","C:\Windows\System32\version.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:27.5164416 AM","icl.exe","29584","Load Image","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\intelremotemon.dll","SUCCESS","Image Base: 0x7ffbae940000, Image Size: 0x158000" "11:31:27.5164456 AM","icl.exe","29584","QueryBasicInformationFile","C:\Windows\System32\version.dll","SUCCESS","CreationTime: 2/17/2021 8:54:00 AM, LastAccessTime: 3/25/2021 11:31:25 AM, LastWriteTime: 2/17/2021 8:54:00 AM, ChangeTime: 3/10/2021 10:24:06 PM, FileAttributes: A" "11:31:27.5164576 AM","icl.exe","29584","CloseFile","C:\Windows\System32\version.dll","SUCCESS","" "11:31:27.5165882 AM","icl.exe","29584","CreateFile","C:\Windows\System32\version.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:27.5166104 AM","icl.exe","29584","CloseFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\FNP_Act_Installer.dll","SUCCESS","" "11:31:27.5166293 AM","icl.exe","29584","CreateFileMapping","C:\Windows\System32\version.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_WRITECOPY|PAGE_NOCACHE" "11:31:27.5167146 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Read" "11:31:27.5167312 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Read" "11:31:27.5167462 AM","icl.exe","29584","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 20" "11:31:27.5167618 AM","icl.exe","29584","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","" "11:31:27.5167753 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Query Value" "11:31:27.5169299 AM","icl.exe","29584","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access" "11:31:27.5169483 AM","icl.exe","29584","RegOpenKey","HKCU\Control Panel\Desktop\MuiCached\MachineLanguageConfiguration","NAME NOT FOUND","Desired Access: Read" "11:31:27.5169669 AM","icl.exe","29584","RegCloseKey","HKCU","SUCCESS","" "11:31:27.5169800 AM","icl.exe","29584","RegOpenKey","HKLM\Software\Policies\Microsoft\MUI\Settings","NAME NOT FOUND","Desired Access: Read" "11:31:27.5169992 AM","icl.exe","29584","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access" "11:31:27.5170129 AM","icl.exe","29584","RegOpenKey","HKCU\Software\Policies\Microsoft\Control Panel\Desktop","NAME NOT FOUND","Desired Access: Read" "11:31:27.5170299 AM","icl.exe","29584","RegOpenKey","HKCU\Control Panel\Desktop\LanguageConfiguration","NAME NOT FOUND","Desired Access: Read" "11:31:27.5170442 AM","icl.exe","29584","RegCloseKey","HKCU","SUCCESS","" "11:31:27.5170479 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Query Value" "11:31:27.5170610 AM","icl.exe","29584","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\NETAPI32.dll","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a" "11:31:27.5170626 AM","icl.exe","29584","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 80" "11:31:27.5170777 AM","icl.exe","29584","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","" "11:31:27.5170950 AM","icl.exe","29584","CreateFileMapping","C:\Windows\System32\version.dll","SUCCESS","SyncType: SyncTypeOther" "11:31:27.5171128 AM","icl.exe","29584","RegOpenKey","HKLM\Software\Policies\Microsoft\MUI\Settings","NAME NOT FOUND","Desired Access: Read" "11:31:27.5171283 AM","icl.exe","29584","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access" "11:31:27.5171426 AM","icl.exe","29584","RegOpenKey","HKCU\Software\Policies\Microsoft\Control Panel\Desktop","NAME NOT FOUND","Desired Access: Read" "11:31:27.5171563 AM","icl.exe","29584","RegOpenKey","HKCU\Control Panel\Desktop","SUCCESS","Desired Access: Read" "11:31:27.5171696 AM","icl.exe","29584","RegQueryValue","HKCU\Control Panel\Desktop\PreferredUILanguages","NAME NOT FOUND","Length: 12" "11:31:27.5171875 AM","icl.exe","29584","RegCloseKey","HKCU\Control Panel\Desktop","SUCCESS","" "11:31:27.5171981 AM","icl.exe","29584","RegCloseKey","HKCU","SUCCESS","" "11:31:27.5172098 AM","icl.exe","29584","RegOpenKey","HKLM\Software\Policies\Microsoft\MUI\Settings","NAME NOT FOUND","Desired Access: Read" "11:31:27.5172250 AM","icl.exe","29584","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access" "11:31:27.5172381 AM","icl.exe","29584","RegOpenKey","HKCU\Control Panel\Desktop\MuiCached","SUCCESS","Desired Access: Read" "11:31:27.5172522 AM","icl.exe","29584","RegQueryValue","HKCU\Control Panel\Desktop\MuiCached\MachinePreferredUILanguages","BUFFER OVERFLOW","Length: 12" "11:31:27.5172641 AM","icl.exe","29584","RegQueryValue","HKCU\Control Panel\Desktop\MuiCached\MachinePreferredUILanguages","SUCCESS","Type: REG_MULTI_SZ, Length: 12, Data: en-US" "11:31:27.5172793 AM","icl.exe","29584","RegCloseKey","HKCU\Control Panel\Desktop\MuiCached","SUCCESS","" "11:31:27.5172899 AM","icl.exe","29584","RegCloseKey","HKCU","SUCCESS","" "11:31:27.5173549 AM","icl.exe","29584","CreateFile","C:\Windows\System32\netapi32.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:27.5173961 AM","icl.exe","29584","QueryBasicInformationFile","C:\Windows\System32\netapi32.dll","SUCCESS","CreationTime: 2/17/2021 8:53:25 AM, LastAccessTime: 3/25/2021 11:31:25 AM, LastWriteTime: 2/17/2021 8:53:25 AM, ChangeTime: 3/10/2021 10:24:06 PM, FileAttributes: A" "11:31:27.5174058 AM","icl.exe","29584","CloseFile","C:\Windows\System32\netapi32.dll","SUCCESS","" "11:31:27.5176066 AM","icl.exe","29584","RegOpenKey","HKLM\Software\Microsoft\Windows\CurrentVersion\SideBySide","SUCCESS","Desired Access: Read" "11:31:27.5176244 AM","icl.exe","29584","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest","NAME NOT FOUND","Length: 20" "11:31:27.5176377 AM","icl.exe","29584","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide","SUCCESS","" "11:31:27.5177292 AM","icl.exe","29584","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\intelremotemon.dll","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:27.5178679 AM","icl.exe","29584","CreateFile","C:\Windows\System32\netapi32.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:27.5179299 AM","icl.exe","29584","CreateFileMapping","C:\Windows\System32\netapi32.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_WRITECOPY|PAGE_NOCACHE" "11:31:27.5180285 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Read" "11:31:27.5180461 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Read" "11:31:27.5180603 AM","icl.exe","29584","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 20" "11:31:27.5180767 AM","icl.exe","29584","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","" "11:31:27.5180840 AM","icl.exe","29584","CloseFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\intelremotemon.dll","SUCCESS","" "11:31:27.5180895 AM","icl.exe","29584","Load Image","C:\Windows\System32\version.dll","SUCCESS","Image Base: 0x7ffbd1d40000, Image Size: 0xa000" "11:31:27.5184192 AM","icl.exe","29584","RegOpenKey","HKLM\Software\Microsoft\Windows\CurrentVersion\SideBySide\AssemblyStorageRoots","NAME NOT FOUND","Desired Access: Enumerate Sub Keys" "11:31:27.5185918 AM","icl.exe","29584","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\icl.exe.Local","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a" "11:31:27.5187040 AM","icl.exe","29584","CreateFile","C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.19041.844_none_423537bff6b9828c","SUCCESS","Desired Access: Execute/Traverse, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened" "11:31:27.5188239 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Query Value" "11:31:27.5188409 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Query Value" "11:31:27.5188449 AM","icl.exe","29584","RegOpenKey","HKLM\Software\Microsoft\Windows\CurrentVersion\SideBySide\AssemblyStorageRoots","NAME NOT FOUND","Desired Access: Enumerate Sub Keys" "11:31:27.5189757 AM","icl.exe","29584","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 80" "11:31:27.5189952 AM","icl.exe","29584","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","" "11:31:27.5190127 AM","icl.exe","29584","CreateFileMapping","C:\Windows\System32\netapi32.dll","SUCCESS","SyncType: SyncTypeOther" "11:31:27.5190154 AM","icl.exe","29584","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\icl.exe.Local","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a" "11:31:27.5191234 AM","icl.exe","29584","CreateFile","C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.844_none_ca00b6081b84eb1d","SUCCESS","Desired Access: Execute/Traverse, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened" "11:31:27.5195842 AM","icl.exe","29584","CloseFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\intelremotemon.dll","SUCCESS","" "11:31:27.5196135 AM","icl.exe","29584","CloseFile","C:\Windows\System32\version.dll","SUCCESS","" "11:31:27.5197139 AM","icl.exe","29584","Load Image","C:\Windows\System32\ws2_32.dll","SUCCESS","Image Base: 0x7ffbdd250000, Image Size: 0x6b000" "11:31:27.5197452 AM","icl.exe","29584","Load Image","C:\Windows\System32\netapi32.dll","SUCCESS","Image Base: 0x7ffbd0460000, Image Size: 0x18000" "11:31:27.5198159 AM","icl.exe","29584","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\msi.dll","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a" "11:31:27.5199256 AM","icl.exe","29584","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\VERSION.dll","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a" "11:31:27.5203381 AM","icl.exe","29584","CloseFile","C:\Windows\System32\netapi32.dll","SUCCESS","" "11:31:27.5203821 AM","icl.exe","29584","CreateFile","C:\Windows\System32\msi.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:27.5204766 AM","icl.exe","29584","QueryBasicInformationFile","C:\Windows\System32\msi.dll","SUCCESS","CreationTime: 3/10/2021 10:22:36 PM, LastAccessTime: 3/25/2021 11:31:25 AM, LastWriteTime: 3/10/2021 10:22:36 PM, ChangeTime: 3/10/2021 10:53:09 PM, FileAttributes: A" "11:31:27.5204903 AM","icl.exe","29584","CloseFile","C:\Windows\System32\msi.dll","SUCCESS","" "11:31:27.5206062 AM","icl.exe","29584","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\OLEACC.dll","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a" "11:31:27.5206819 AM","icl.exe","29584","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\WINSPOOL.DRV","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a" "11:31:27.5207705 AM","icl.exe","29584","CreateFile","C:\Windows\System32\version.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:27.5208465 AM","icl.exe","29584","QueryBasicInformationFile","C:\Windows\System32\version.dll","SUCCESS","CreationTime: 2/17/2021 8:54:00 AM, LastAccessTime: 3/25/2021 11:31:27 AM, LastWriteTime: 2/17/2021 8:54:00 AM, ChangeTime: 3/10/2021 10:24:06 PM, FileAttributes: A" "11:31:27.5208592 AM","icl.exe","29584","CloseFile","C:\Windows\System32\version.dll","SUCCESS","" "11:31:27.5211566 AM","icl.exe","29584","CreateFile","C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.19041.844_none_423537bff6b9828c\comctl32.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:27.5211869 AM","icl.exe","29584","QueryBasicInformationFile","C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.19041.844_none_423537bff6b9828c\comctl32.dll","SUCCESS","CreationTime: 3/10/2021 10:13:43 PM, LastAccessTime: 3/25/2021 11:31:25 AM, LastWriteTime: 2/10/2021 4:51:30 AM, ChangeTime: 3/19/2021 4:20:31 AM, FileAttributes: A" "11:31:27.5211968 AM","icl.exe","29584","CloseFile","C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.19041.844_none_423537bff6b9828c\comctl32.dll","SUCCESS","" "11:31:27.5212120 AM","icl.exe","29584","CreateFile","C:\Windows\System32\msi.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:27.5212767 AM","icl.exe","29584","CreateFile","C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.19041.844_none_423537bff6b9828c\comctl32.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:27.5213546 AM","icl.exe","29584","CreateFileMapping","C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.19041.844_none_423537bff6b9828c\comctl32.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_WRITECOPY|PAGE_NOCACHE" "11:31:27.5214093 AM","icl.exe","29584","CreateFileMapping","C:\Windows\System32\msi.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_WRITECOPY|PAGE_NOCACHE" "11:31:27.5214444 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Read" "11:31:27.5214608 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Read" "11:31:27.5214763 AM","icl.exe","29584","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 20" "11:31:27.5214922 AM","icl.exe","29584","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","" "11:31:27.5215056 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Query Value" "11:31:27.5215453 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Query Value" "11:31:27.5215580 AM","icl.exe","29584","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 80" "11:31:27.5215721 AM","icl.exe","29584","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","" "11:31:27.5215850 AM","icl.exe","29584","CreateFileMapping","C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.19041.844_none_423537bff6b9828c\comctl32.dll","SUCCESS","SyncType: SyncTypeOther" "11:31:27.5216599 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Read" "11:31:27.5216780 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Read" "11:31:27.5216934 AM","icl.exe","29584","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 20" "11:31:27.5217374 AM","icl.exe","29584","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","" "11:31:27.5217396 AM","icl.exe","29584","Load Image","C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.19041.844_none_423537bff6b9828c\comctl32.dll","SUCCESS","Image Base: 0x7ffbcf500000, Image Size: 0xb0000" "11:31:27.5217948 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Query Value" "11:31:27.5218559 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Query Value" "11:31:27.5218824 AM","icl.exe","29584","CreateFile","C:\Windows\System32\oleacc.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:27.5218853 AM","icl.exe","29584","CreateFile","C:\Windows\System32\winspool.drv","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:27.5218925 AM","icl.exe","29584","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 80" "11:31:27.5219092 AM","icl.exe","29584","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","" "11:31:27.5219687 AM","icl.exe","29584","CreateFileMapping","C:\Windows\System32\msi.dll","SUCCESS","SyncType: SyncTypeOther" "11:31:27.5220113 AM","icl.exe","29584","QueryBasicInformationFile","C:\Windows\System32\winspool.drv","SUCCESS","CreationTime: 2/17/2021 8:52:44 AM, LastAccessTime: 3/25/2021 11:31:25 AM, LastWriteTime: 2/17/2021 8:52:44 AM, ChangeTime: 3/10/2021 10:24:06 PM, FileAttributes: A" "11:31:27.5220145 AM","icl.exe","29584","CloseFile","C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.19041.844_none_423537bff6b9828c\comctl32.dll","SUCCESS","" "11:31:27.5220255 AM","icl.exe","29584","CloseFile","C:\Windows\System32\winspool.drv","SUCCESS","" "11:31:27.5222008 AM","icl.exe","29584","Load Image","C:\Windows\System32\msi.dll","SUCCESS","Image Base: 0x7ffbc4210000, Image Size: 0x32b000" "11:31:27.5222052 AM","icl.exe","29584","CreateFile","C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.19041.844_none_423537bff6b9828c\comctl32.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:27.5222337 AM","icl.exe","29584","QueryBasicInformationFile","C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.19041.844_none_423537bff6b9828c\comctl32.dll","SUCCESS","CreationTime: 3/10/2021 10:13:43 PM, LastAccessTime: 3/25/2021 11:31:27 AM, LastWriteTime: 2/10/2021 4:51:30 AM, ChangeTime: 3/19/2021 4:20:31 AM, FileAttributes: A" "11:31:27.5222438 AM","icl.exe","29584","CloseFile","C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.19041.844_none_423537bff6b9828c\comctl32.dll","SUCCESS","" "11:31:27.5223431 AM","icl.exe","29584","CreateFile","C:\Windows\System32\winspool.drv","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:27.5223985 AM","icl.exe","29584","CreateFile","C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.844_none_ca00b6081b84eb1d\comctl32.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:27.5224072 AM","icl.exe","29584","QueryBasicInformationFile","C:\Windows\System32\oleacc.dll","SUCCESS","CreationTime: 2/17/2021 8:53:56 AM, LastAccessTime: 3/25/2021 11:31:25 AM, LastWriteTime: 2/17/2021 8:53:56 AM, ChangeTime: 3/10/2021 10:24:06 PM, FileAttributes: A" "11:31:27.5224237 AM","icl.exe","29584","CloseFile","C:\Windows\System32\oleacc.dll","SUCCESS","" "11:31:27.5224350 AM","icl.exe","29584","CreateFileMapping","C:\Windows\System32\winspool.drv","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_WRITECOPY|PAGE_NOCACHE" "11:31:27.5224399 AM","icl.exe","29584","QueryBasicInformationFile","C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.844_none_ca00b6081b84eb1d\comctl32.dll","SUCCESS","CreationTime: 3/10/2021 10:13:43 PM, LastAccessTime: 3/25/2021 11:31:25 AM, LastWriteTime: 2/10/2021 4:51:10 AM, ChangeTime: 3/12/2021 3:20:58 PM, FileAttributes: A" "11:31:27.5224512 AM","icl.exe","29584","CloseFile","C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.844_none_ca00b6081b84eb1d\comctl32.dll","SUCCESS","" "11:31:27.5225199 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Read" "11:31:27.5225363 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Read" "11:31:27.5225801 AM","icl.exe","29584","CreateFile","C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.844_none_ca00b6081b84eb1d\comctl32.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:27.5226022 AM","icl.exe","29584","RegOpenKey","HKLM\Software\Microsoft\Windows\CurrentVersion\SideBySide","SUCCESS","Desired Access: Read" "11:31:27.5226059 AM","icl.exe","29584","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 20" "11:31:27.5226227 AM","icl.exe","29584","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest","NAME NOT FOUND","Length: 20" "11:31:27.5226336 AM","icl.exe","29584","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","" "11:31:27.5226401 AM","icl.exe","29584","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide","SUCCESS","" "11:31:27.5226488 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Query Value" "11:31:27.5226579 AM","icl.exe","29584","CreateFileMapping","C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.844_none_ca00b6081b84eb1d\comctl32.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_WRITECOPY|PAGE_NOCACHE" "11:31:27.5226640 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Query Value" "11:31:27.5226770 AM","icl.exe","29584","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 80" "11:31:27.5226907 AM","icl.exe","29584","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","" "11:31:27.5227037 AM","icl.exe","29584","CreateFileMapping","C:\Windows\System32\winspool.drv","SUCCESS","SyncType: SyncTypeOther" "11:31:27.5227449 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Read" "11:31:27.5227619 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Read" "11:31:27.5227764 AM","icl.exe","29584","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 20" "11:31:27.5227919 AM","icl.exe","29584","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","" "11:31:27.5228051 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Query Value" "11:31:27.5228180 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Query Value" "11:31:27.5228305 AM","icl.exe","29584","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 80" "11:31:27.5228441 AM","icl.exe","29584","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","" "11:31:27.5228572 AM","icl.exe","29584","CreateFileMapping","C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.844_none_ca00b6081b84eb1d\comctl32.dll","SUCCESS","SyncType: SyncTypeOther" "11:31:27.5229704 AM","icl.exe","29584","Load Image","C:\Windows\System32\winspool.drv","SUCCESS","Image Base: 0x7ffbc6af0000, Image Size: 0x8e000" "11:31:27.5231127 AM","icl.exe","29584","Load Image","C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.844_none_ca00b6081b84eb1d\comctl32.dll","SUCCESS","Image Base: 0x7ffbc5b10000, Image Size: 0x29a000" "11:31:27.5232187 AM","icl.exe","29584","CloseFile","C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.844_none_ca00b6081b84eb1d\comctl32.dll","SUCCESS","" "11:31:27.5233860 AM","icl.exe","29584","CreateFile","C:\Windows\System32\msi.dll","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:27.5234121 AM","icl.exe","29584","CreateFile","C:\Windows\System32\oleacc.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:27.5234600 AM","icl.exe","29584","CreateFileMapping","C:\Windows\System32\oleacc.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_WRITECOPY|PAGE_NOCACHE" "11:31:27.5235413 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Read" "11:31:27.5235878 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Read" "11:31:27.5236027 AM","icl.exe","29584","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 20" "11:31:27.5236194 AM","icl.exe","29584","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","" "11:31:27.5236323 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Query Value" "11:31:27.5236454 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Query Value" "11:31:27.5236577 AM","icl.exe","29584","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 80" "11:31:27.5236722 AM","icl.exe","29584","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","" "11:31:27.5236990 AM","icl.exe","29584","CreateFileMapping","C:\Windows\System32\oleacc.dll","SUCCESS","SyncType: SyncTypeOther" "11:31:27.5238396 AM","icl.exe","29584","CloseFile","C:\Windows\System32\winspool.drv","SUCCESS","" "11:31:27.5238758 AM","icl.exe","29584","CloseFile","C:\Windows\System32\msi.dll","SUCCESS","" "11:31:27.5241118 AM","icl.exe","29584","Load Image","C:\Windows\System32\oleacc.dll","SUCCESS","Image Base: 0x7ffbc1bf0000, Image Size: 0x66000" "11:31:27.5266988 AM","icl.exe","29584","Load Image","C:\Windows\System32\bcrypt.dll","SUCCESS","Image Base: 0x7ffbdb3e0000, Image Size: 0x27000" "11:31:27.5269326 AM","icl.exe","29584","CloseFile","C:\Windows\System32\oleacc.dll","SUCCESS","" "11:31:27.5270422 AM","icl.exe","29584","CloseFile","C:\Windows\System32\msi.dll","SUCCESS","" "11:31:27.5274302 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\Sorting\Versions","REPARSE","Desired Access: Read" "11:31:27.5274510 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\Sorting\Versions","SUCCESS","Desired Access: Read" "11:31:27.5274747 AM","icl.exe","29584","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\Sorting\Versions\(Default)","SUCCESS","Type: REG_SZ, Length: 18, Data: 00060305" "11:31:27.5274899 AM","icl.exe","29584","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\Sorting\Versions\000603xx","SUCCESS","Type: REG_SZ, Length: 26, Data: kernel32.dll" "11:31:27.5278759 AM","icl.exe","29584","RegOpenKey","HKLM\SOFTWARE\Symantec\Symantec Endpoint Protection\SMC","SUCCESS","Desired Access: Read, Maximum Allowed" "11:31:27.5279015 AM","icl.exe","29584","RegQueryValue","HKLM\SOFTWARE\Symantec\Symantec Endpoint Protection\SMC\smc_install_path","NAME NOT FOUND","Length: 4,094" "11:31:27.5279174 AM","icl.exe","29584","RegCloseKey","HKLM\SOFTWARE\Symantec\Symantec Endpoint Protection\SMC","SUCCESS","" "11:31:27.5279399 AM","icl.exe","29584","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion","SUCCESS","Desired Access: Read, Maximum Allowed" "11:31:27.5279586 AM","icl.exe","29584","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot","SUCCESS","Type: REG_SZ, Length: 22, Data: C:\Windows" "11:31:27.5279748 AM","icl.exe","29584","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion","SUCCESS","" "11:31:27.5279898 AM","icl.exe","29584","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Services\Sysplant\Sysfer","REPARSE","Desired Access: Read, Maximum Allowed" "11:31:27.5280021 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Services\Sysplant\Sysfer","SUCCESS","Desired Access: Read, Maximum Allowed" "11:31:27.5280210 AM","icl.exe","29584","RegQueryValue","HKLM\System\CurrentControlSet\Services\SysPlant\SysFer\SepBinDir","SUCCESS","Type: REG_SZ, Length: 170, Data: C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.2.4815.1101.105\Bin\" "11:31:27.5280353 AM","icl.exe","29584","RegCloseKey","HKLM\System\CurrentControlSet\Services\SysPlant\SysFer","SUCCESS","" "11:31:27.5280496 AM","icl.exe","29584","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Services\Sysplant\Sysfer","REPARSE","Desired Access: Read, Maximum Allowed" "11:31:27.5280607 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Services\Sysplant\Sysfer","SUCCESS","Desired Access: Read, Maximum Allowed" "11:31:27.5280765 AM","icl.exe","29584","RegQueryValue","HKLM\System\CurrentControlSet\Services\SysPlant\SysFer\SepBinDir64","SUCCESS","Type: REG_SZ, Length: 174, Data: C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.2.4815.1101.105\Bin64\" "11:31:27.5280927 AM","icl.exe","29584","RegCloseKey","HKLM\System\CurrentControlSet\Services\SysPlant\SysFer","SUCCESS","" "11:31:27.5284774 AM","icl.exe","29584","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\icl.exe","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:27.5285204 AM","icl.exe","29584","QueryNameInformationFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\icl.exe","SUCCESS","Name: \Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\icl.exe" "11:31:27.5285552 AM","icl.exe","29584","CloseFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\icl.exe","SUCCESS","" "11:31:27.5287143 AM","icl.exe","29584","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\icl.exe","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened" "11:31:27.5287456 AM","icl.exe","29584","CloseFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\icl.exe","SUCCESS","" "11:31:27.5288872 AM","icl.exe","29584","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\icl.exe","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened" "11:31:27.5289660 AM","icl.exe","29584","CloseFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\icl.exe","SUCCESS","" "11:31:27.5290695 AM","icl.exe","29584","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\icl.exe","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened" "11:31:27.5291087 AM","icl.exe","29584","DeviceIoControl","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\icl.exe","INVALID PARAMETER","Control: IOCTL_MOUNTDEV_QUERY_DEVICE_NAME" "11:31:27.5291271 AM","icl.exe","29584","CloseFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\icl.exe","SUCCESS","" "11:31:27.5292144 AM","icl.exe","29584","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\icl.exe","NAME INVALID","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open For Backup, Open Reparse Point, Attributes: N, ShareMode: Read, Write, AllocationSize: n/a" "11:31:27.5293026 AM","icl.exe","29584","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64","IS DIRECTORY","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a" "11:31:27.5293808 AM","icl.exe","29584","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open For Backup, Open Reparse Point, Attributes: N, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened" "11:31:27.5294091 AM","icl.exe","29584","FileSystemControl","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64","NOT REPARSE POINT","Control: FSCTL_GET_REPARSE_POINT" "11:31:27.5294305 AM","icl.exe","29584","CloseFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64","SUCCESS","" "11:31:27.5295049 AM","icl.exe","29584","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened" "11:31:27.5295277 AM","icl.exe","29584","CloseFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64","SUCCESS","" "11:31:27.5296568 AM","icl.exe","29584","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened" "11:31:27.5296982 AM","icl.exe","29584","DeviceIoControl","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64","INVALID PARAMETER","Control: IOCTL_MOUNTDEV_QUERY_DEVICE_NAME" "11:31:27.5297642 AM","icl.exe","29584","CloseFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64","SUCCESS","" "11:31:27.5298648 AM","icl.exe","29584","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open For Backup, Open Reparse Point, Attributes: N, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened" "11:31:27.5298912 AM","icl.exe","29584","FileSystemControl","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64","NOT REPARSE POINT","Control: FSCTL_GET_REPARSE_POINT" "11:31:27.5299136 AM","icl.exe","29584","CloseFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64","SUCCESS","" "11:31:27.5299954 AM","icl.exe","29584","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin","IS DIRECTORY","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a" "11:31:27.5300695 AM","icl.exe","29584","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open For Backup, Open Reparse Point, Attributes: N, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened" "11:31:27.5300936 AM","icl.exe","29584","FileSystemControl","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin","NOT REPARSE POINT","Control: FSCTL_GET_REPARSE_POINT" "11:31:27.5301108 AM","icl.exe","29584","CloseFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin","SUCCESS","" "11:31:27.5301888 AM","icl.exe","29584","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened" "11:31:27.5302133 AM","icl.exe","29584","CloseFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin","SUCCESS","" "11:31:27.5302947 AM","icl.exe","29584","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened" "11:31:27.5303247 AM","icl.exe","29584","DeviceIoControl","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin","INVALID PARAMETER","Control: IOCTL_MOUNTDEV_QUERY_DEVICE_NAME" "11:31:27.5303393 AM","icl.exe","29584","CloseFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin","SUCCESS","" "11:31:27.5304144 AM","icl.exe","29584","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open For Backup, Open Reparse Point, Attributes: N, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened" "11:31:27.5304367 AM","icl.exe","29584","FileSystemControl","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin","NOT REPARSE POINT","Control: FSCTL_GET_REPARSE_POINT" "11:31:27.5304522 AM","icl.exe","29584","CloseFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin","SUCCESS","" "11:31:27.5305268 AM","icl.exe","29584","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows","IS DIRECTORY","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a" "11:31:27.5306203 AM","icl.exe","29584","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open For Backup, Open Reparse Point, Attributes: N, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened" "11:31:27.5306441 AM","icl.exe","29584","FileSystemControl","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows","NOT REPARSE POINT","Control: FSCTL_GET_REPARSE_POINT" "11:31:27.5306611 AM","icl.exe","29584","CloseFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows","SUCCESS","" "11:31:27.5307365 AM","icl.exe","29584","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened" "11:31:27.5307592 AM","icl.exe","29584","CloseFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows","SUCCESS","" "11:31:27.5308357 AM","icl.exe","29584","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened" "11:31:27.5308662 AM","icl.exe","29584","DeviceIoControl","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows","INVALID PARAMETER","Control: IOCTL_MOUNTDEV_QUERY_DEVICE_NAME" "11:31:27.5308798 AM","icl.exe","29584","CloseFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows","SUCCESS","" "11:31:27.5309540 AM","icl.exe","29584","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open For Backup, Open Reparse Point, Attributes: N, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened" "11:31:27.5309760 AM","icl.exe","29584","FileSystemControl","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows","NOT REPARSE POINT","Control: FSCTL_GET_REPARSE_POINT" "11:31:27.5309914 AM","icl.exe","29584","CloseFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows","SUCCESS","" "11:31:27.5310743 AM","icl.exe","29584","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210","IS DIRECTORY","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a" "11:31:27.5311548 AM","icl.exe","29584","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open For Backup, Open Reparse Point, Attributes: N, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened" "11:31:27.5311795 AM","icl.exe","29584","FileSystemControl","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210","NOT REPARSE POINT","Control: FSCTL_GET_REPARSE_POINT" "11:31:27.5311964 AM","icl.exe","29584","CloseFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210","SUCCESS","" "11:31:27.5312964 AM","icl.exe","29584","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened" "11:31:27.5313206 AM","icl.exe","29584","CloseFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210","SUCCESS","" "11:31:27.5313956 AM","icl.exe","29584","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened" "11:31:27.5314285 AM","icl.exe","29584","DeviceIoControl","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210","INVALID PARAMETER","Control: IOCTL_MOUNTDEV_QUERY_DEVICE_NAME" "11:31:27.5314426 AM","icl.exe","29584","CloseFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210","SUCCESS","" "11:31:27.5315160 AM","icl.exe","29584","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open For Backup, Open Reparse Point, Attributes: N, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened" "11:31:27.5316961 AM","icl.exe","29584","FileSystemControl","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210","NOT REPARSE POINT","Control: FSCTL_GET_REPARSE_POINT" "11:31:27.5317215 AM","icl.exe","29584","CloseFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210","SUCCESS","" "11:31:27.5318307 AM","icl.exe","29584","CreateFile","C:\Program Files (x86)\IntelSWTools","IS DIRECTORY","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a" "11:31:27.5319172 AM","icl.exe","29584","CreateFile","C:\Program Files (x86)\IntelSWTools","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open For Backup, Open Reparse Point, Attributes: N, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened" "11:31:27.5319473 AM","icl.exe","29584","FileSystemControl","C:\Program Files (x86)\IntelSWTools","NOT REPARSE POINT","Control: FSCTL_GET_REPARSE_POINT" "11:31:27.5319661 AM","icl.exe","29584","CloseFile","C:\Program Files (x86)\IntelSWTools","SUCCESS","" "11:31:27.5320393 AM","icl.exe","29584","CreateFile","C:\Program Files (x86)\IntelSWTools","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened" "11:31:27.5321016 AM","icl.exe","29584","CloseFile","C:\Program Files (x86)\IntelSWTools","SUCCESS","" "11:31:27.5321791 AM","icl.exe","29584","CreateFile","C:\Program Files (x86)\IntelSWTools","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened" "11:31:27.5322116 AM","icl.exe","29584","DeviceIoControl","C:\Program Files (x86)\IntelSWTools","INVALID PARAMETER","Control: IOCTL_MOUNTDEV_QUERY_DEVICE_NAME" "11:31:27.5322253 AM","icl.exe","29584","CloseFile","C:\Program Files (x86)\IntelSWTools","SUCCESS","" "11:31:27.5323021 AM","icl.exe","29584","CreateFile","C:\Program Files (x86)\IntelSWTools","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open For Backup, Open Reparse Point, Attributes: N, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened" "11:31:27.5323255 AM","icl.exe","29584","FileSystemControl","C:\Program Files (x86)\IntelSWTools","NOT REPARSE POINT","Control: FSCTL_GET_REPARSE_POINT" "11:31:27.5323430 AM","icl.exe","29584","CloseFile","C:\Program Files (x86)\IntelSWTools","SUCCESS","" "11:31:27.5324273 AM","icl.exe","29584","CreateFile","C:\Program Files (x86)","IS DIRECTORY","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a" "11:31:27.5325083 AM","icl.exe","29584","CreateFile","C:\Program Files (x86)","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open For Backup, Open Reparse Point, Attributes: N, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened" "11:31:27.5325481 AM","icl.exe","29584","FileSystemControl","C:\Program Files (x86)","NOT REPARSE POINT","Control: FSCTL_GET_REPARSE_POINT" "11:31:27.5325666 AM","icl.exe","29584","CloseFile","C:\Program Files (x86)","SUCCESS","" "11:31:27.5326392 AM","icl.exe","29584","CreateFile","C:\Program Files (x86)","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened" "11:31:27.5326616 AM","icl.exe","29584","CloseFile","C:\Program Files (x86)","SUCCESS","" "11:31:27.5327304 AM","icl.exe","29584","CreateFile","C:\Program Files (x86)","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened" "11:31:27.5327600 AM","icl.exe","29584","DeviceIoControl","C:\Program Files (x86)","INVALID PARAMETER","Control: IOCTL_MOUNTDEV_QUERY_DEVICE_NAME" "11:31:27.5327735 AM","icl.exe","29584","CloseFile","C:\Program Files (x86)","SUCCESS","" "11:31:27.5328554 AM","icl.exe","29584","CreateFile","C:\Program Files (x86)","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open For Backup, Open Reparse Point, Attributes: N, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened" "11:31:27.5328782 AM","icl.exe","29584","FileSystemControl","C:\Program Files (x86)","NOT REPARSE POINT","Control: FSCTL_GET_REPARSE_POINT" "11:31:27.5328943 AM","icl.exe","29584","CloseFile","C:\Program Files (x86)","SUCCESS","" "11:31:27.5331710 AM","icl.exe","29584","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Control\DeviceClasses\{53f56307-b6bf-11d0-94f2-00a0c91efb8b}","REPARSE","Desired Access: Read" "11:31:27.5331898 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{53f56307-b6bf-11d0-94f2-00a0c91efb8b}","SUCCESS","Desired Access: Read" "11:31:27.5332076 AM","icl.exe","29584","RegEnumKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{53f56307-b6bf-11d0-94f2-00a0c91efb8b}","BUFFER TOO SMALL","Index: 0, Length: 0" "11:31:27.5332251 AM","icl.exe","29584","RegEnumKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{53f56307-b6bf-11d0-94f2-00a0c91efb8b}","SUCCESS","Index: 0, Name: ##?#SCSI#Disk&Ven_VMware&Prod_Virtual_disk#5&1ec51bf7&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}" "11:31:27.5332775 AM","icl.exe","29584","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Control\DeviceClasses\{53f56307-b6bf-11d0-94f2-00a0c91efb8b}\##?#SCSI#Disk&Ven_VMware&Prod_Virtual_disk#5&1ec51bf7&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}","REPARSE","Desired Access: Read, Maximum Allowed" "11:31:27.5332913 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{53f56307-b6bf-11d0-94f2-00a0c91efb8b}\##?#SCSI#Disk&Ven_VMware&Prod_Virtual_disk#5&1ec51bf7&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}","SUCCESS","Desired Access: Read, Maximum Allowed" "11:31:27.5333147 AM","icl.exe","29584","RegQueryValue","HKLM\System\CurrentControlSet\Control\DeviceClasses\{53f56307-b6bf-11d0-94f2-00a0c91efb8b}\##?#SCSI#Disk&Ven_VMware&Prod_Virtual_disk#5&1ec51bf7&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}\DeviceInstance","SUCCESS","Type: REG_SZ, Length: 118, Data: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&1ec51bf7&0&000000" "11:31:27.5333392 AM","icl.exe","29584","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{53f56307-b6bf-11d0-94f2-00a0c91efb8b}\##?#SCSI#Disk&Ven_VMware&Prod_Virtual_disk#5&1ec51bf7&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}","SUCCESS","" "11:31:27.5333581 AM","icl.exe","29584","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{53f56307-b6bf-11d0-94f2-00a0c91efb8b}","SUCCESS","" "11:31:27.5333841 AM","icl.exe","29584","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Enum\SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&1ec51bf7&0&000000","REPARSE","Desired Access: Read, Maximum Allowed" "11:31:27.5333965 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Enum\SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&1ec51bf7&0&000000","SUCCESS","Desired Access: Read, Maximum Allowed" "11:31:27.5334162 AM","icl.exe","29584","RegQueryValue","HKLM\System\CurrentControlSet\Enum\SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&1ec51bf7&0&000000\Class","NAME NOT FOUND","Length: 4,094" "11:31:27.5334300 AM","icl.exe","29584","RegCloseKey","HKLM\System\CurrentControlSet\Enum\SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&1ec51bf7&0&000000","SUCCESS","" "11:31:27.5337958 AM","icl.exe","29584","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Control\Session Manager","REPARSE","Desired Access: Query Value, Enumerate Sub Keys" "11:31:27.5338133 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Session Manager","SUCCESS","Desired Access: Query Value, Enumerate Sub Keys" "11:31:27.5338288 AM","icl.exe","29584","RegQueryValue","HKLM\System\CurrentControlSet\Control\Session Manager\ResourcePolicies","NAME NOT FOUND","Length: 24" "11:31:27.5338453 AM","icl.exe","29584","RegCloseKey","HKLM\System\CurrentControlSet\Control\Session Manager","SUCCESS","" "11:31:27.5340060 AM","icl.exe","29584","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\ca967c75-04bf-40b5-9a16-98b5f9332a92","NAME NOT FOUND","Length: 528" "11:31:27.5340774 AM","icl.exe","29584","QueryNameInformationFile","C:\Windows\System32\sechost.dll","SUCCESS","Name: \Windows\System32\sechost.dll" "11:31:27.5341346 AM","icl.exe","29584","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\b6fd710b-f783-4b1c-ab9c-c68099dcc0c7","NAME NOT FOUND","Length: 528" "11:31:27.5341762 AM","icl.exe","29584","QueryNameInformationFile","C:\Windows\System32\sechost.dll","SUCCESS","Name: \Windows\System32\sechost.dll" "11:31:27.5342507 AM","icl.exe","29584","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\c1376338-0984-48b8-b933-9c7d779fd84d","NAME NOT FOUND","Length: 528" "11:31:27.5342919 AM","icl.exe","29584","QueryNameInformationFile","C:\Windows\System32\advapi32.dll","SUCCESS","Name: \Windows\System32\advapi32.dll" "11:31:27.5348395 AM","icl.exe","29584","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access" "11:31:27.5348584 AM","icl.exe","29584","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" "11:31:27.5348719 AM","icl.exe","29584","RegOpenKey","HKLM\SOFTWARE\Microsoft\OLE","SUCCESS","Desired Access: Read" "11:31:27.5348878 AM","icl.exe","29584","RegQueryValue","HKLM\SOFTWARE\Microsoft\Ole\PageAllocatorUseSystemHeap","NAME NOT FOUND","Length: 20" "11:31:27.5349062 AM","icl.exe","29584","RegCloseKey","HKLM\SOFTWARE\Microsoft\Ole","SUCCESS","" "11:31:27.5349176 AM","icl.exe","29584","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" "11:31:27.5349292 AM","icl.exe","29584","RegOpenKey","HKLM\SOFTWARE\Microsoft\OLE","SUCCESS","Desired Access: Read" "11:31:27.5349409 AM","icl.exe","29584","RegQueryValue","HKLM\SOFTWARE\Microsoft\Ole\PageAllocatorSystemHeapIsPrivate","NAME NOT FOUND","Length: 20" "11:31:27.5349537 AM","icl.exe","29584","RegCloseKey","HKLM\SOFTWARE\Microsoft\Ole","SUCCESS","" "11:31:27.5349634 AM","icl.exe","29584","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" "11:31:27.5349748 AM","icl.exe","29584","RegOpenKey","HKLM\SOFTWARE\Microsoft\OLE","SUCCESS","Desired Access: Read" "11:31:27.5349863 AM","icl.exe","29584","RegQueryValue","HKLM\SOFTWARE\Microsoft\Ole\AggressiveMTATesting","NAME NOT FOUND","Length: 16" "11:31:27.5350249 AM","icl.exe","29584","RegCloseKey","HKLM\SOFTWARE\Microsoft\Ole","SUCCESS","" "11:31:27.5351499 AM","icl.exe","29584","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" "11:31:27.5351693 AM","icl.exe","29584","RegOpenKey","HKLM","SUCCESS","Desired Access: Read" "11:31:27.5351856 AM","icl.exe","29584","RegSetInfoKey","HKLM","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" "11:31:27.5351985 AM","icl.exe","29584","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x100" "11:31:27.5352279 AM","icl.exe","29584","RegOpenKey","HKLM\Software\Microsoft\Ole\FeatureDevelopmentProperties","NAME NOT FOUND","Desired Access: Read" "11:31:27.5352536 AM","icl.exe","29584","RegOpenKey","HKLM\SOFTWARE\Microsoft\AppModel\Lookaside\Packages","NAME NOT FOUND","Desired Access: Read" "11:31:27.5352756 AM","icl.exe","29584","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x100" "11:31:27.5353129 AM","icl.exe","29584","RegOpenKey","HKLM\Software\Microsoft\Ole\FeatureDevelopmentProperties","NAME NOT FOUND","Desired Access: Read" "11:31:27.5353367 AM","icl.exe","29584","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x100" "11:31:27.5353494 AM","icl.exe","29584","RegOpenKey","HKLM\Software\Microsoft\Ole","SUCCESS","Desired Access: Read" "11:31:27.5354068 AM","icl.exe","29584","RegOpenKey","HKCU","SUCCESS","Desired Access: Read" "11:31:27.5354225 AM","icl.exe","29584","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0" "11:31:27.5354334 AM","icl.exe","29584","RegOpenKey","HKCU\Software\Classes\Local Settings","REPARSE","Desired Access: Read" "11:31:27.5354476 AM","icl.exe","29584","RegOpenKey","HKCU\Software\Classes\Local Settings","SUCCESS","Desired Access: Read" "11:31:27.5354620 AM","icl.exe","29584","RegSetInfoKey","HKCU\Software\Classes\Local Settings","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" "11:31:27.5354730 AM","icl.exe","29584","RegCloseKey","HKCU","SUCCESS","" "11:31:27.5354832 AM","icl.exe","29584","RegQueryKey","HKCU\Software\Classes\Local Settings","SUCCESS","Query: HandleTags, HandleTags: 0x100" "11:31:27.5354951 AM","icl.exe","29584","RegOpenKey","HKCU\Software\Classes\Local Settings\Software\Microsoft\Ole\FeatureDevelopmentProperties","NAME NOT FOUND","Desired Access: Read" "11:31:27.5355110 AM","icl.exe","29584","RegQueryKey","HKCU\Software\Classes\Local Settings","SUCCESS","Query: HandleTags, HandleTags: 0x100" "11:31:27.5355218 AM","icl.exe","29584","RegOpenKey","HKCU\Software\Classes\Local Settings\Software\Microsoft\Ole\FeatureDevelopmentProperties","NAME NOT FOUND","Desired Access: Read" "11:31:27.5355461 AM","icl.exe","29584","RegQueryKey","HKCU\Software\Classes\Local Settings","SUCCESS","Query: HandleTags, HandleTags: 0x100" "11:31:27.5355576 AM","icl.exe","29584","RegOpenKey","HKCU\Software\Classes\Local Settings\Software\Microsoft\Ole","NAME NOT FOUND","Desired Access: Read" "11:31:27.5355692 AM","icl.exe","29584","RegQueryKey","HKCU\Software\Classes\Local Settings","SUCCESS","Query: HandleTags, HandleTags: 0x100" "11:31:27.5355805 AM","icl.exe","29584","RegOpenKey","HKCU\Software\Classes\Local Settings\Software\Microsoft","SUCCESS","Desired Access: Read" "11:31:27.5356258 AM","icl.exe","29584","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" "11:31:27.5356372 AM","icl.exe","29584","RegOpenKey","HKLM\Software\Microsoft\OLE\Tracing","NAME NOT FOUND","Desired Access: Read" "11:31:27.5356921 AM","icl.exe","29584","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\1aff6089-e863-4d36-bdfd-3581f07440be","NAME NOT FOUND","Length: 528" "11:31:27.5357517 AM","icl.exe","29584","QueryNameInformationFile","C:\Windows\System32\combase.dll","SUCCESS","Name: \Windows\System32\combase.dll" "11:31:27.5357899 AM","icl.exe","29584","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\f0558438-f56a-5987-47da-040ca75aef05","NAME NOT FOUND","Length: 528" "11:31:27.5358314 AM","icl.exe","29584","QueryNameInformationFile","C:\Windows\System32\combase.dll","SUCCESS","Name: \Windows\System32\combase.dll" "11:31:27.5359195 AM","icl.exe","29584","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\c7e09e2a-c663-5399-af79-2fccd321d19a","NAME NOT FOUND","Length: 528" "11:31:27.5359594 AM","icl.exe","29584","QueryNameInformationFile","C:\Windows\System32\combase.dll","SUCCESS","Name: \Windows\System32\combase.dll" "11:31:27.5359872 AM","icl.exe","29584","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\703fcc13-b66f-5868-ddd9-e2db7f381ffb","NAME NOT FOUND","Length: 528" "11:31:27.5360513 AM","icl.exe","29584","QueryNameInformationFile","C:\Windows\System32\combase.dll","SUCCESS","Name: \Windows\System32\combase.dll" "11:31:27.5362427 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Error Message Instrument\","REPARSE","Desired Access: Read" "11:31:27.5362590 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Error Message Instrument","NAME NOT FOUND","Desired Access: Read" "11:31:27.5363053 AM","icl.exe","29584","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\f25bcd2e-2690-55dc-3bc4-07b65b1b41c9","NAME NOT FOUND","Length: 528" "11:31:27.5363648 AM","icl.exe","29584","QueryNameInformationFile","C:\Windows\System32\user32.dll","SUCCESS","Name: \Windows\System32\user32.dll" "11:31:27.5364073 AM","icl.exe","29584","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options","SUCCESS","Desired Access: Query Value, Enumerate Sub Keys" "11:31:27.5364272 AM","icl.exe","29584","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\icl.exe","NAME NOT FOUND","Desired Access: Query Value, Enumerate Sub Keys" "11:31:27.5364443 AM","icl.exe","29584","RegOpenKey","HKLM\Software\Policies\Microsoft\Windows\Display","NAME NOT FOUND","Desired Access: Read" "11:31:27.5364674 AM","icl.exe","29584","RegOpenKey","HKLM\Software\Policies\Microsoft\Windows\Display","NAME NOT FOUND","Desired Access: Read" "11:31:27.5364850 AM","icl.exe","29584","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\icl.exe","NAME NOT FOUND","Desired Access: Query Value, Enumerate Sub Keys" "11:31:27.5364993 AM","icl.exe","29584","RegOpenKey","HKLM\Software\Policies\Microsoft\Windows\Display","NAME NOT FOUND","Desired Access: Read" "11:31:27.5365509 AM","icl.exe","29584","RegOpenKey","HKLM\Software\Policies\Microsoft\Windows\Display","NAME NOT FOUND","Desired Access: Read" "11:31:27.5366069 AM","icl.exe","29584","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\GRE_Initialize","SUCCESS","Desired Access: Read" "11:31:27.5366268 AM","icl.exe","29584","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles","NAME NOT FOUND","Length: 20" "11:31:27.5366445 AM","icl.exe","29584","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize","SUCCESS","" "11:31:27.5366606 AM","icl.exe","29584","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\GRE_Initialize","SUCCESS","Desired Access: Read" "11:31:27.5366744 AM","icl.exe","29584","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableUmpdBufferSizeCheck","NAME NOT FOUND","Length: 20" "11:31:27.5366878 AM","icl.exe","29584","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize","SUCCESS","" "11:31:27.5367315 AM","icl.exe","29584","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\icl.exe","NAME NOT FOUND","Desired Access: Read" "11:31:27.5367613 AM","icl.exe","29584","RegOpenKey","HKCU\Control Panel\Desktop","SUCCESS","Desired Access: Read" "11:31:27.5367803 AM","icl.exe","29584","RegQueryValue","HKCU\Control Panel\Desktop\EnablePerProcessSystemDPI","NAME NOT FOUND","Length: 20" "11:31:27.5368023 AM","icl.exe","29584","RegCloseKey","HKCU\Control Panel\Desktop","SUCCESS","" "11:31:27.5368885 AM","icl.exe","29584","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\Compatibility32","SUCCESS","Desired Access: Read" "11:31:27.5369085 AM","icl.exe","29584","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Compatibility32\icl","NAME NOT FOUND","Length: 172" "11:31:27.5369275 AM","icl.exe","29584","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Compatibility32","SUCCESS","" "11:31:27.5369460 AM","icl.exe","29584","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\IME Compatibility","NAME NOT FOUND","Desired Access: Read" "11:31:27.5375104 AM","icl.exe","29584","CreateFile","C:\Windows\System32\edgegdi.dll","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a" "11:31:27.5376734 AM","icl.exe","29584","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" "11:31:27.5376944 AM","icl.exe","29584","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows","SUCCESS","Desired Access: Read" "11:31:27.5377172 AM","icl.exe","29584","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\LoadAppInit_DLLs","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0" "11:31:27.5377383 AM","icl.exe","29584","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows","SUCCESS","" "11:31:27.5377628 AM","icl.exe","29584","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\icl.exe","NAME NOT FOUND","Desired Access: Query Value, Enumerate Sub Keys" "11:31:27.5379169 AM","icl.exe","29584","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" "11:31:27.5379320 AM","icl.exe","29584","RegOpenKey","HKLM\Software\Microsoft\OLE\Tracing","NAME NOT FOUND","Desired Access: Read" "11:31:27.5379802 AM","icl.exe","29584","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\1aff6089-e863-4d36-bdfd-3581f07440be","NAME NOT FOUND","Length: 528" "11:31:27.5380352 AM","icl.exe","29584","QueryNameInformationFile","C:\Windows\System32\ole32.dll","SUCCESS","Name: \Windows\System32\ole32.dll" "11:31:27.5380681 AM","icl.exe","29584","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\f0558438-f56a-5987-47da-040ca75aef05","NAME NOT FOUND","Length: 528" "11:31:27.5381102 AM","icl.exe","29584","QueryNameInformationFile","C:\Windows\System32\ole32.dll","SUCCESS","Name: \Windows\System32\ole32.dll" "11:31:27.5382378 AM","icl.exe","29584","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" "11:31:27.5382508 AM","icl.exe","29584","RegOpenKey","HKLM\SOFTWARE\Microsoft\OLEAUT","NAME NOT FOUND","Desired Access: Query Value" "11:31:27.5385046 AM","icl.exe","29584","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\30336ed4-e327-447c-9de0-51b652c86108","NAME NOT FOUND","Length: 528" "11:31:27.5385858 AM","icl.exe","29584","QueryNameInformationFile","C:\Windows\System32\shell32.dll","SUCCESS","Name: \Windows\System32\shell32.dll" "11:31:27.5386268 AM","icl.exe","29584","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\32980f26-c8f5-5767-6b26-635b3fa83c61","NAME NOT FOUND","Length: 528" "11:31:27.5386682 AM","icl.exe","29584","QueryNameInformationFile","C:\Windows\System32\shell32.dll","SUCCESS","Name: \Windows\System32\shell32.dll" "11:31:27.5386954 AM","icl.exe","29584","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\703fcc13-b66f-5868-ddd9-e2db7f381ffb","NAME NOT FOUND","Length: 528" "11:31:27.5387345 AM","icl.exe","29584","QueryNameInformationFile","C:\Windows\System32\shell32.dll","SUCCESS","Name: \Windows\System32\shell32.dll" "11:31:27.5388052 AM","icl.exe","29584","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\f3a71a4b-6118-4257-8ccb-39a33ba059d4","NAME NOT FOUND","Length: 528" "11:31:27.5388454 AM","icl.exe","29584","QueryNameInformationFile","C:\Windows\System32\bcrypt.dll","SUCCESS","Name: \Windows\System32\bcrypt.dll" "11:31:27.5389782 AM","icl.exe","29584","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\1cba82b8-2b26-4d68-8447-1a3b85805b6a","NAME NOT FOUND","Length: 528" "11:31:27.5390420 AM","icl.exe","29584","QueryNameInformationFile","C:\Windows\System32\msi.dll","SUCCESS","Name: \Windows\System32\msi.dll" "11:31:27.5390763 AM","icl.exe","29584","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" "11:31:27.5390912 AM","icl.exe","29584","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Control\FileSystem","REPARSE","Desired Access: Read" "11:31:27.5391067 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\FileSystem","SUCCESS","Desired Access: Read" "11:31:27.5391210 AM","icl.exe","29584","RegQueryValue","HKLM\System\CurrentControlSet\Control\FileSystem\Win31FileSystem","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0" "11:31:27.5391383 AM","icl.exe","29584","RegCloseKey","HKLM\System\CurrentControlSet\Control\FileSystem","SUCCESS","" "11:31:27.5393980 AM","icl.exe","29584","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\OLEACCRC.DLL","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a" "11:31:27.5395847 AM","icl.exe","29584","CreateFile","C:\Windows\System32\oleaccrc.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:27.5396247 AM","icl.exe","29584","QueryBasicInformationFile","C:\Windows\System32\oleaccrc.dll","SUCCESS","CreationTime: 12/7/2019 2:09:05 AM, LastAccessTime: 3/25/2021 11:31:25 AM, LastWriteTime: 12/7/2019 2:09:05 AM, ChangeTime: 3/10/2021 10:24:06 PM, FileAttributes: A" "11:31:27.5396361 AM","icl.exe","29584","CloseFile","C:\Windows\System32\oleaccrc.dll","SUCCESS","" "11:31:27.5397310 AM","icl.exe","29584","CreateFile","C:\Windows\System32\oleaccrc.dll","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:27.5397749 AM","icl.exe","29584","CreateFileMapping","C:\Windows\System32\oleaccrc.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_WRITECOPY|PAGE_NOCACHE" "11:31:27.5397876 AM","icl.exe","29584","QueryStandardInformationFile","C:\Windows\System32\oleaccrc.dll","SUCCESS","AllocationSize: 8,192, EndOfFile: 4,608, NumberOfLinks: 2, DeletePending: False, Directory: False" "11:31:27.5398260 AM","icl.exe","29584","CreateFileMapping","C:\Windows\System32\oleaccrc.dll","SUCCESS","SyncType: SyncTypeOther" "11:31:27.5398562 AM","icl.exe","29584","CloseFile","C:\Windows\System32\oleaccrc.dll","SUCCESS","" "11:31:27.5399615 AM","icl.exe","29584","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\c69cb70a-3133-4cca-ab0e-046848effcda","NAME NOT FOUND","Length: 528" "11:31:27.5400323 AM","icl.exe","29584","QueryNameInformationFile","C:\Windows\System32\winspool.drv","SUCCESS","Name: \Windows\System32\winspool.drv" "11:31:27.5402527 AM","icl.exe","29584","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Control\Session Manager","REPARSE","Desired Access: Query Value, Enumerate Sub Keys" "11:31:27.5402711 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Session Manager","SUCCESS","Desired Access: Query Value, Enumerate Sub Keys" "11:31:27.5402861 AM","icl.exe","29584","RegQueryValue","HKLM\System\CurrentControlSet\Control\Session Manager\ResourcePolicies","NAME NOT FOUND","Length: 24" "11:31:27.5403029 AM","icl.exe","29584","RegCloseKey","HKLM\System\CurrentControlSet\Control\Session Manager","SUCCESS","" "11:31:27.5407471 AM","icl.exe","29584","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\shfolder.dll","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a" "11:31:27.5411226 AM","icl.exe","29584","CreateFile","C:\Windows\System32\shfolder.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:27.5411686 AM","icl.exe","29584","QueryBasicInformationFile","C:\Windows\System32\shfolder.dll","SUCCESS","CreationTime: 12/7/2019 2:09:09 AM, LastAccessTime: 3/25/2021 11:31:25 AM, LastWriteTime: 12/7/2019 2:09:09 AM, ChangeTime: 3/10/2021 10:24:06 PM, FileAttributes: A" "11:31:27.5411809 AM","icl.exe","29584","CloseFile","C:\Windows\System32\shfolder.dll","SUCCESS","" "11:31:27.5413245 AM","icl.exe","29584","CreateFile","C:\Windows\System32\shfolder.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:27.5413707 AM","icl.exe","29584","CreateFileMapping","C:\Windows\System32\shfolder.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_WRITECOPY|PAGE_NOCACHE" "11:31:27.5425418 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Read" "11:31:27.5425607 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Read" "11:31:27.5425788 AM","icl.exe","29584","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 20" "11:31:27.5425961 AM","icl.exe","29584","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","" "11:31:27.5426109 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Query Value" "11:31:27.5426258 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Query Value" "11:31:27.5426395 AM","icl.exe","29584","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 80" "11:31:27.5426543 AM","icl.exe","29584","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","" "11:31:27.5426692 AM","icl.exe","29584","CreateFileMapping","C:\Windows\System32\shfolder.dll","SUCCESS","SyncType: SyncTypeOther" "11:31:27.5428536 AM","icl.exe","29584","Load Image","C:\Windows\System32\shfolder.dll","SUCCESS","Image Base: 0x7ffbce4b0000, Image Size: 0x7000" "11:31:27.5429246 AM","icl.exe","29584","CloseFile","C:\Windows\System32\shfolder.dll","SUCCESS","" "11:31:27.5431425 AM","icl.exe","29584","CreateFile","C:\Windows\System32\windows.storage.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:27.5431709 AM","icl.exe","29584","QueryBasicInformationFile","C:\Windows\System32\windows.storage.dll","SUCCESS","CreationTime: 3/10/2021 10:21:44 PM, LastAccessTime: 3/25/2021 11:31:25 AM, LastWriteTime: 3/10/2021 10:21:45 PM, ChangeTime: 3/10/2021 10:53:06 PM, FileAttributes: A" "11:31:27.5431824 AM","icl.exe","29584","CloseFile","C:\Windows\System32\windows.storage.dll","SUCCESS","" "11:31:27.5432648 AM","icl.exe","29584","CreateFile","C:\Windows\System32\windows.storage.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:27.5432959 AM","icl.exe","29584","CreateFileMapping","C:\Windows\System32\windows.storage.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_WRITECOPY|PAGE_NOCACHE" "11:31:27.5433918 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Read" "11:31:27.5434089 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Read" "11:31:27.5434239 AM","icl.exe","29584","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 20" "11:31:27.5434408 AM","icl.exe","29584","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","" "11:31:27.5434555 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Query Value" "11:31:27.5434696 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Query Value" "11:31:27.5435036 AM","icl.exe","29584","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 80" "11:31:27.5435465 AM","icl.exe","29584","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","" "11:31:27.5435614 AM","icl.exe","29584","CreateFileMapping","C:\Windows\System32\windows.storage.dll","SUCCESS","SyncType: SyncTypeOther" "11:31:27.5437817 AM","icl.exe","29584","Load Image","C:\Windows\System32\windows.storage.dll","SUCCESS","Image Base: 0x7ffbd8df0000, Image Size: 0x790000" "11:31:27.5439242 AM","icl.exe","29584","CloseFile","C:\Windows\System32\windows.storage.dll","SUCCESS","" "11:31:27.5441397 AM","icl.exe","29584","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\Wldp.dll","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a" "11:31:27.5442862 AM","icl.exe","29584","CreateFile","C:\Windows\System32\wldp.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:27.5443244 AM","icl.exe","29584","QueryBasicInformationFile","C:\Windows\System32\wldp.dll","SUCCESS","CreationTime: 2/17/2021 8:53:40 AM, LastAccessTime: 3/25/2021 11:31:25 AM, LastWriteTime: 2/17/2021 8:53:40 AM, ChangeTime: 3/10/2021 10:24:06 PM, FileAttributes: A" "11:31:27.5443364 AM","icl.exe","29584","CloseFile","C:\Windows\System32\wldp.dll","SUCCESS","" "11:31:27.5447249 AM","icl.exe","29584","CreateFile","C:\Windows\System32\wldp.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:27.5447997 AM","icl.exe","29584","CreateFileMapping","C:\Windows\System32\wldp.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_WRITECOPY|PAGE_NOCACHE" "11:31:27.5449227 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Read" "11:31:27.5449409 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Read" "11:31:27.5449742 AM","icl.exe","29584","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 20" "11:31:27.5449922 AM","icl.exe","29584","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","" "11:31:27.5450086 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Query Value" "11:31:27.5450369 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Query Value" "11:31:27.5450519 AM","icl.exe","29584","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 80" "11:31:27.5450696 AM","icl.exe","29584","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","" "11:31:27.5451118 AM","icl.exe","29584","CreateFileMapping","C:\Windows\System32\wldp.dll","SUCCESS","SyncType: SyncTypeOther" "11:31:27.5453264 AM","icl.exe","29584","Load Image","C:\Windows\System32\wldp.dll","SUCCESS","Image Base: 0x7ffbda600000, Image Size: 0x2c000" "11:31:27.5453990 AM","icl.exe","29584","CloseFile","C:\Windows\System32\wldp.dll","SUCCESS","" "11:31:27.5457337 AM","icl.exe","29584","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\9a2edb8f-5883-499f-aced-6e4b69d43ddf","NAME NOT FOUND","Length: 528" "11:31:27.5457850 AM","icl.exe","29584","QueryNameInformationFile","C:\Windows\System32\wldp.dll","SUCCESS","Name: \Windows\System32\wldp.dll" "11:31:27.5460240 AM","icl.exe","29584","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\30336ed4-e327-447c-9de0-51b652c86108","NAME NOT FOUND","Length: 528" "11:31:27.5460693 AM","icl.exe","29584","QueryNameInformationFile","C:\Windows\System32\windows.storage.dll","SUCCESS","Name: \Windows\System32\windows.storage.dll" "11:31:27.5461173 AM","icl.exe","29584","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\a40b455c-253c-4311-ac6d-6e667edccefc","NAME NOT FOUND","Length: 528" "11:31:27.5461580 AM","icl.exe","29584","QueryNameInformationFile","C:\Windows\System32\windows.storage.dll","SUCCESS","Name: \Windows\System32\windows.storage.dll" "11:31:27.5461883 AM","icl.exe","29584","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\703fcc13-b66f-5868-ddd9-e2db7f381ffb","NAME NOT FOUND","Length: 528" "11:31:27.5462279 AM","icl.exe","29584","QueryNameInformationFile","C:\Windows\System32\windows.storage.dll","SUCCESS","Name: \Windows\System32\windows.storage.dll" "11:31:27.5462556 AM","icl.exe","29584","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\32980f26-c8f5-5767-6b26-635b3fa83c61","NAME NOT FOUND","Length: 528" "11:31:27.5462955 AM","icl.exe","29584","QueryNameInformationFile","C:\Windows\System32\windows.storage.dll","SUCCESS","Name: \Windows\System32\windows.storage.dll" "11:31:27.5464547 AM","icl.exe","29584","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" "11:31:27.5464728 AM","icl.exe","29584","RegOpenKey","HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions","SUCCESS","Desired Access: Read" "11:31:27.5465122 AM","icl.exe","29584","RegQueryKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions","SUCCESS","Query: HandleTags, HandleTags: 0x0" "11:31:27.5465248 AM","icl.exe","29584","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{905E63B6-C1BF-494E-B29C-65B732D3D21A}","SUCCESS","Desired Access: Read" "11:31:27.5465603 AM","icl.exe","29584","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions","SUCCESS","" "11:31:27.5465742 AM","icl.exe","29584","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\Category","SUCCESS","Type: REG_DWORD, Length: 4, Data: 2" "11:31:27.5465892 AM","icl.exe","29584","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\Name","SUCCESS","Type: REG_SZ, Length: 26, Data: ProgramFiles" "11:31:27.5466036 AM","icl.exe","29584","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\ParentFolder","NAME NOT FOUND","Length: 90" "11:31:27.5466170 AM","icl.exe","29584","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\Description","NAME NOT FOUND","Length: 144" "11:31:27.5466317 AM","icl.exe","29584","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\RelativePath","NAME NOT FOUND","Length: 144" "11:31:27.5466462 AM","icl.exe","29584","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\ParsingName","NAME NOT FOUND","Length: 144" "11:31:27.5466634 AM","icl.exe","29584","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\InfoTip","NAME NOT FOUND","Length: 144" "11:31:27.5466774 AM","icl.exe","29584","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\LocalizedName","SUCCESS","Type: REG_EXPAND_SZ, Length: 84, Data: @%SystemRoot%\system32\shell32.dll,-21781" "11:31:27.5466941 AM","icl.exe","29584","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\Icon","NAME NOT FOUND","Length: 144" "11:31:27.5467082 AM","icl.exe","29584","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\Security","NAME NOT FOUND","Length: 144" "11:31:27.5467222 AM","icl.exe","29584","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\StreamResource","NAME NOT FOUND","Length: 144" "11:31:27.5467344 AM","icl.exe","29584","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\StreamResourceType","NAME NOT FOUND","Length: 144" "11:31:27.5467455 AM","icl.exe","29584","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\LocalRedirectOnly","NAME NOT FOUND","Length: 16" "11:31:27.5467568 AM","icl.exe","29584","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\Roamable","NAME NOT FOUND","Length: 16" "11:31:27.5467676 AM","icl.exe","29584","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\PreCreate","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1" "11:31:27.5467791 AM","icl.exe","29584","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\Stream","NAME NOT FOUND","Length: 16" "11:31:27.5467901 AM","icl.exe","29584","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\PublishExpandedPath","NAME NOT FOUND","Length: 16" "11:31:27.5468009 AM","icl.exe","29584","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\DefinitionFlags","NAME NOT FOUND","Length: 16" "11:31:27.5468117 AM","icl.exe","29584","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\Attributes","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1" "11:31:27.5468227 AM","icl.exe","29584","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\FolderTypeID","NAME NOT FOUND","Length: 90" "11:31:27.5468343 AM","icl.exe","29584","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\InitFolderHandler","NAME NOT FOUND","Length: 90" "11:31:27.5468772 AM","icl.exe","29584","RegQueryKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{905e63b6-c1bf-494e-b29c-65b732d3d21a}","SUCCESS","Query: HandleTags, HandleTags: 0x0" "11:31:27.5468919 AM","icl.exe","29584","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\PropertyBag","SUCCESS","Desired Access: Read" "11:31:27.5469133 AM","icl.exe","29584","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{905e63b6-c1bf-494e-b29c-65b732d3d21a}","SUCCESS","" "11:31:27.5469377 AM","icl.exe","29584","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" "11:31:27.5469497 AM","icl.exe","29584","RegOpenKey","HKLM\Software\Microsoft\Windows\CurrentVersion","SUCCESS","Desired Access: Read" "11:31:27.5469651 AM","icl.exe","29584","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir","SUCCESS","Type: REG_SZ, Length: 34, Data: C:\Program Files" "11:31:27.5469793 AM","icl.exe","29584","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion","SUCCESS","" "11:31:27.5471011 AM","icl.exe","29584","CreateFile","C:\Program Files","NAME COLLISION","Desired Access: Read Data/List Directory, Synchronize, Disposition: Create, Options: Directory, Synchronous IO Non-Alert, Open For Backup, Open Reparse Point, Attributes: N, ShareMode: Read, Write, AllocationSize: 0" "11:31:27.5472330 AM","icl.exe","29584","CreateFile","C:\Program Files","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:27.5472813 AM","icl.exe","29584","QueryBasicInformationFile","C:\Program Files","SUCCESS","CreationTime: 12/7/2019 2:14:52 AM, LastAccessTime: 3/25/2021 11:31:25 AM, LastWriteTime: 3/5/2021 10:22:09 AM, ChangeTime: 3/5/2021 10:22:09 AM, FileAttributes: RD" "11:31:27.5472926 AM","icl.exe","29584","CloseFile","C:\Program Files","SUCCESS","" "11:31:27.5473276 AM","icl.exe","29584","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" "11:31:27.5473418 AM","icl.exe","29584","RegOpenKey","HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\KnownFolderSettings","NAME NOT FOUND","Desired Access: Query Value" "11:31:27.5473594 AM","icl.exe","29584","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" "11:31:27.5473707 AM","icl.exe","29584","RegOpenKey","HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\KnownFolderSettings","NAME NOT FOUND","Desired Access: Query Value" "11:31:27.5474127 AM","icl.exe","29584","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" "11:31:27.5474253 AM","icl.exe","29584","RegOpenKey","HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions","SUCCESS","Desired Access: Read" "11:31:27.5474403 AM","icl.exe","29584","RegQueryKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions","SUCCESS","Query: HandleTags, HandleTags: 0x0" "11:31:27.5474516 AM","icl.exe","29584","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}","SUCCESS","Desired Access: Read" "11:31:27.5474671 AM","icl.exe","29584","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions","SUCCESS","" "11:31:27.5474803 AM","icl.exe","29584","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\Category","SUCCESS","Type: REG_DWORD, Length: 4, Data: 2" "11:31:27.5474937 AM","icl.exe","29584","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\Name","SUCCESS","Type: REG_SZ, Length: 38, Data: ProgramFilesCommon" "11:31:27.5475910 AM","icl.exe","29584","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\ParentFolder","NAME NOT FOUND","Length: 90" "11:31:27.5476268 AM","icl.exe","29584","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\Description","NAME NOT FOUND","Length: 144" "11:31:27.5476431 AM","icl.exe","29584","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\RelativePath","NAME NOT FOUND","Length: 144" "11:31:27.5476550 AM","icl.exe","29584","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\ParsingName","NAME NOT FOUND","Length: 144" "11:31:27.5476684 AM","icl.exe","29584","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\InfoTip","NAME NOT FOUND","Length: 144" "11:31:27.5476794 AM","icl.exe","29584","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\LocalizedName","NAME NOT FOUND","Length: 144" "11:31:27.5476904 AM","icl.exe","29584","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\Icon","NAME NOT FOUND","Length: 144" "11:31:27.5477018 AM","icl.exe","29584","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\Security","NAME NOT FOUND","Length: 144" "11:31:27.5477131 AM","icl.exe","29584","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\StreamResource","NAME NOT FOUND","Length: 144" "11:31:27.5477264 AM","icl.exe","29584","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\StreamResourceType","NAME NOT FOUND","Length: 144" "11:31:27.5477379 AM","icl.exe","29584","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\LocalRedirectOnly","NAME NOT FOUND","Length: 16" "11:31:27.5477495 AM","icl.exe","29584","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\Roamable","NAME NOT FOUND","Length: 16" "11:31:27.5477604 AM","icl.exe","29584","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\PreCreate","NAME NOT FOUND","Length: 16" "11:31:27.5477710 AM","icl.exe","29584","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\Stream","NAME NOT FOUND","Length: 16" "11:31:27.5477818 AM","icl.exe","29584","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\PublishExpandedPath","NAME NOT FOUND","Length: 16" "11:31:27.5477924 AM","icl.exe","29584","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\DefinitionFlags","NAME NOT FOUND","Length: 16" "11:31:27.5478032 AM","icl.exe","29584","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\Attributes","NAME NOT FOUND","Length: 16" "11:31:27.5478139 AM","icl.exe","29584","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\FolderTypeID","NAME NOT FOUND","Length: 90" "11:31:27.5478248 AM","icl.exe","29584","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\InitFolderHandler","NAME NOT FOUND","Length: 90" "11:31:27.5478425 AM","icl.exe","29584","RegQueryKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}","SUCCESS","Query: HandleTags, HandleTags: 0x0" "11:31:27.5478594 AM","icl.exe","29584","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\PropertyBag","NAME NOT FOUND","Desired Access: Read" "11:31:27.5478808 AM","icl.exe","29584","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}","SUCCESS","" "11:31:27.5478958 AM","icl.exe","29584","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" "11:31:27.5479081 AM","icl.exe","29584","RegOpenKey","HKLM\Software\Microsoft\Windows\CurrentVersion","SUCCESS","Desired Access: Read" "11:31:27.5479242 AM","icl.exe","29584","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\CommonFilesDir","SUCCESS","Type: REG_SZ, Length: 60, Data: C:\Program Files\Common Files" "11:31:27.5479395 AM","icl.exe","29584","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion","SUCCESS","" "11:31:27.5480345 AM","icl.exe","29584","CreateFile","C:\Program Files\Common Files","NAME COLLISION","Desired Access: Read Data/List Directory, Synchronize, Disposition: Create, Options: Directory, Synchronous IO Non-Alert, Open For Backup, Open Reparse Point, Attributes: N, ShareMode: Read, Write, AllocationSize: 0" "11:31:27.5481671 AM","icl.exe","29584","CreateFile","C:\Program Files\Common Files","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:27.5481912 AM","icl.exe","29584","QueryBasicInformationFile","C:\Program Files\Common Files","SUCCESS","CreationTime: 12/7/2019 2:14:52 AM, LastAccessTime: 3/25/2021 11:31:20 AM, LastWriteTime: 3/5/2021 10:13:45 AM, ChangeTime: 3/5/2021 10:13:45 AM, FileAttributes: D" "11:31:27.5482026 AM","icl.exe","29584","CloseFile","C:\Program Files\Common Files","SUCCESS","" "11:31:27.5482471 AM","icl.exe","29584","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" "11:31:27.5482626 AM","icl.exe","29584","RegOpenKey","HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions","SUCCESS","Desired Access: Read" "11:31:27.5482795 AM","icl.exe","29584","RegQueryKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions","SUCCESS","Query: HandleTags, HandleTags: 0x0" "11:31:27.5482914 AM","icl.exe","29584","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}","SUCCESS","Desired Access: Read" "11:31:27.5483069 AM","icl.exe","29584","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions","SUCCESS","" "11:31:27.5483182 AM","icl.exe","29584","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\Category","SUCCESS","Type: REG_DWORD, Length: 4, Data: 2" "11:31:27.5483312 AM","icl.exe","29584","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\Name","SUCCESS","Type: REG_SZ, Length: 30, Data: Common AppData" "11:31:27.5483460 AM","icl.exe","29584","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\ParentFolder","NAME NOT FOUND","Length: 90" "11:31:27.5483576 AM","icl.exe","29584","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\Description","NAME NOT FOUND","Length: 144" "11:31:27.5483684 AM","icl.exe","29584","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\RelativePath","NAME NOT FOUND","Length: 144" "11:31:27.5483793 AM","icl.exe","29584","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\ParsingName","NAME NOT FOUND","Length: 144" "11:31:27.5483902 AM","icl.exe","29584","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\InfoTip","NAME NOT FOUND","Length: 144" "11:31:27.5484010 AM","icl.exe","29584","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\LocalizedName","NAME NOT FOUND","Length: 144" "11:31:27.5484118 AM","icl.exe","29584","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\Icon","NAME NOT FOUND","Length: 144" "11:31:27.5484226 AM","icl.exe","29584","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\Security","NAME NOT FOUND","Length: 144" "11:31:27.5484335 AM","icl.exe","29584","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\StreamResource","NAME NOT FOUND","Length: 144" "11:31:27.5484445 AM","icl.exe","29584","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\StreamResourceType","NAME NOT FOUND","Length: 144" "11:31:27.5484555 AM","icl.exe","29584","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\LocalRedirectOnly","NAME NOT FOUND","Length: 16" "11:31:27.5484666 AM","icl.exe","29584","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\Roamable","NAME NOT FOUND","Length: 16" "11:31:27.5484772 AM","icl.exe","29584","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\PreCreate","NAME NOT FOUND","Length: 16" "11:31:27.5484878 AM","icl.exe","29584","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\Stream","NAME NOT FOUND","Length: 16" "11:31:27.5484985 AM","icl.exe","29584","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\PublishExpandedPath","NAME NOT FOUND","Length: 16" "11:31:27.5485091 AM","icl.exe","29584","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\DefinitionFlags","NAME NOT FOUND","Length: 16" "11:31:27.5485199 AM","icl.exe","29584","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\Attributes","NAME NOT FOUND","Length: 16" "11:31:27.5485308 AM","icl.exe","29584","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\FolderTypeID","NAME NOT FOUND","Length: 90" "11:31:27.5485589 AM","icl.exe","29584","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\InitFolderHandler","NAME NOT FOUND","Length: 90" "11:31:27.5485724 AM","icl.exe","29584","RegQueryKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}","SUCCESS","Query: HandleTags, HandleTags: 0x0" "11:31:27.5485845 AM","icl.exe","29584","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\PropertyBag","NAME NOT FOUND","Desired Access: Read" "11:31:27.5486005 AM","icl.exe","29584","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}","SUCCESS","" "11:31:27.5487631 AM","icl.exe","29584","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\profapi.dll","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a" "11:31:27.5489041 AM","icl.exe","29584","CreateFile","C:\Windows\System32\profapi.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:27.5489411 AM","icl.exe","29584","QueryBasicInformationFile","C:\Windows\System32\profapi.dll","SUCCESS","CreationTime: 3/10/2021 10:22:00 PM, LastAccessTime: 3/25/2021 11:31:25 AM, LastWriteTime: 3/10/2021 10:22:00 PM, ChangeTime: 3/10/2021 10:53:07 PM, FileAttributes: A" "11:31:27.5489531 AM","icl.exe","29584","CloseFile","C:\Windows\System32\profapi.dll","SUCCESS","" "11:31:27.5490356 AM","icl.exe","29584","CreateFile","C:\Windows\System32\profapi.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:27.5490717 AM","icl.exe","29584","CreateFileMapping","C:\Windows\System32\profapi.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_WRITECOPY|PAGE_NOCACHE" "11:31:27.5491583 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Read" "11:31:27.5491768 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Read" "11:31:27.5491926 AM","icl.exe","29584","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 20" "11:31:27.5492102 AM","icl.exe","29584","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","" "11:31:27.5492255 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Query Value" "11:31:27.5492410 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Query Value" "11:31:27.5492553 AM","icl.exe","29584","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 80" "11:31:27.5492712 AM","icl.exe","29584","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","" "11:31:27.5492857 AM","icl.exe","29584","CreateFileMapping","C:\Windows\System32\profapi.dll","SUCCESS","SyncType: SyncTypeOther" "11:31:27.5494821 AM","icl.exe","29584","Load Image","C:\Windows\System32\profapi.dll","SUCCESS","Image Base: 0x7ffbdac10000, Image Size: 0x1f000" "11:31:27.5495652 AM","icl.exe","29584","CloseFile","C:\Windows\System32\profapi.dll","SUCCESS","" "11:31:27.5497296 AM","icl.exe","29584","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" "11:31:27.5497471 AM","icl.exe","29584","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\ProfileList","SUCCESS","Desired Access: Read" "11:31:27.5497676 AM","icl.exe","29584","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\ProgramData","BUFFER OVERFLOW","Length: 12" "11:31:27.5497816 AM","icl.exe","29584","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\ProgramData","SUCCESS","Type: REG_EXPAND_SZ, Length: 52, Data: %SystemDrive%\ProgramData" "11:31:27.5498002 AM","icl.exe","29584","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList","SUCCESS","" "11:31:27.5498902 AM","icl.exe","29584","CreateFile","C:\ProgramData","NAME COLLISION","Desired Access: Read Data/List Directory, Synchronize, Disposition: Create, Options: Directory, Synchronous IO Non-Alert, Open For Backup, Open Reparse Point, Attributes: N, ShareMode: Read, Write, AllocationSize: 0" "11:31:27.5500411 AM","icl.exe","29584","CreateFile","C:\ProgramData","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:27.5500658 AM","icl.exe","29584","QueryBasicInformationFile","C:\ProgramData","SUCCESS","CreationTime: 12/7/2019 2:14:52 AM, LastAccessTime: 3/25/2021 11:31:24 AM, LastWriteTime: 3/5/2021 10:14:13 AM, ChangeTime: 3/5/2021 10:14:13 AM, FileAttributes: HDNCI" "11:31:27.5500770 AM","icl.exe","29584","CloseFile","C:\ProgramData","SUCCESS","" "11:31:27.5504392 AM","icl.exe","29584","CreateFile","C:\Windows\WindowsShell.Manifest","SUCCESS","Desired Access: Generic Read/Execute, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:27.5504754 AM","icl.exe","29584","CreateFileMapping","C:\Windows\WindowsShell.Manifest","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_WRITECOPY|PAGE_NOCACHE" "11:31:27.5504876 AM","icl.exe","29584","QueryStandardInformationFile","C:\Windows\WindowsShell.Manifest","SUCCESS","AllocationSize: 4,096, EndOfFile: 670, NumberOfLinks: 4, DeletePending: False, Directory: False" "11:31:27.5505087 AM","icl.exe","29584","CreateFileMapping","C:\Windows\WindowsShell.Manifest","SUCCESS","SyncType: SyncTypeOther" "11:31:27.5505587 AM","icl.exe","29584","RegOpenKey","HKLM\Software\Microsoft\Windows\CurrentVersion\SideBySide","SUCCESS","Desired Access: Read" "11:31:27.5505963 AM","icl.exe","29584","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest","NAME NOT FOUND","Length: 20" "11:31:27.5506116 AM","icl.exe","29584","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide","SUCCESS","" "11:31:27.5506225 AM","icl.exe","29584","QueryStandardInformationFile","C:\Windows\WindowsShell.Manifest","SUCCESS","AllocationSize: 4,096, EndOfFile: 670, NumberOfLinks: 4, DeletePending: False, Directory: False" "11:31:27.5508451 AM","icl.exe","29584","CloseFile","C:\Windows\WindowsShell.Manifest","SUCCESS","" "11:31:27.5511920 AM","icl.exe","29584","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Control\Session Manager","REPARSE","Desired Access: Query Value, Enumerate Sub Keys" "11:31:27.5512088 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Session Manager","SUCCESS","Desired Access: Query Value, Enumerate Sub Keys" "11:31:27.5512239 AM","icl.exe","29584","RegQueryValue","HKLM\System\CurrentControlSet\Control\Session Manager\ResourcePolicies","NAME NOT FOUND","Length: 24" "11:31:27.5512396 AM","icl.exe","29584","RegCloseKey","HKLM\System\CurrentControlSet\Control\Session Manager","SUCCESS","" "11:31:27.5514536 AM","icl.exe","29584","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Control\Session Manager","REPARSE","Desired Access: Query Value, Enumerate Sub Keys" "11:31:27.5514675 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Session Manager","SUCCESS","Desired Access: Query Value, Enumerate Sub Keys" "11:31:27.5514803 AM","icl.exe","29584","RegQueryValue","HKLM\System\CurrentControlSet\Control\Session Manager\ResourcePolicies","NAME NOT FOUND","Length: 24" "11:31:27.5514954 AM","icl.exe","29584","RegCloseKey","HKLM\System\CurrentControlSet\Control\Session Manager","SUCCESS","" "11:31:27.5516755 AM","icl.exe","29584","RegOpenKey","HKCU","SUCCESS","Desired Access: Read" "11:31:27.5517032 AM","icl.exe","29584","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0" "11:31:27.5517157 AM","icl.exe","29584","RegOpenKey","HKCU\Control Panel\Desktop","SUCCESS","Desired Access: Read" "11:31:27.5517295 AM","icl.exe","29584","RegQueryValue","HKCU\Control Panel\Desktop\SmoothScroll","NAME NOT FOUND","Length: 16" "11:31:27.5517462 AM","icl.exe","29584","RegCloseKey","HKCU\Control Panel\Desktop","SUCCESS","" "11:31:27.5517810 AM","icl.exe","29584","RegCloseKey","HKCU","SUCCESS","" "11:31:27.5518925 AM","icl.exe","29584","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\d0f1a5c6-fc43-48ae-99bf-efb1c38be9d1","NAME NOT FOUND","Length: 528" "11:31:27.5519440 AM","icl.exe","29584","QueryNameInformationFile","C:\Windows\System32\ws2_32.dll","SUCCESS","Name: \Windows\System32\ws2_32.dll" "11:31:27.5522220 AM","icl.exe","29584","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Control\Session Manager","REPARSE","Desired Access: Query Value, Enumerate Sub Keys" "11:31:27.5522370 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Session Manager","SUCCESS","Desired Access: Query Value, Enumerate Sub Keys" "11:31:27.5522501 AM","icl.exe","29584","RegQueryValue","HKLM\System\CurrentControlSet\Control\Session Manager\ResourcePolicies","NAME NOT FOUND","Length: 24" "11:31:27.5522647 AM","icl.exe","29584","RegCloseKey","HKLM\System\CurrentControlSet\Control\Session Manager","SUCCESS","" "11:31:27.5523499 AM","icl.exe","29584","QueryNameInformationFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\icl.exe","SUCCESS","Name: \Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\icl.exe" "11:31:27.5524571 AM","icl.exe","29584","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access" "11:31:27.5524739 AM","icl.exe","29584","RegOpenKey","HKCU\Control Panel\International","SUCCESS","Desired Access: Read" "11:31:27.5524895 AM","icl.exe","29584","RegCloseKey","HKCU","SUCCESS","" "11:31:27.5525150 AM","icl.exe","29584","RegQueryMultipleValueKey","HKCU\Control Panel\International","SUCCESS","" "11:31:27.5525900 AM","icl.exe","29584","RegQueryValue","HKCU\Control Panel\International\sCurrency","SUCCESS","Type: REG_SZ, Length: 4, Data: $" "11:31:27.5526016 AM","icl.exe","29584","RegQueryValue","HKCU\Control Panel\International\iCalendarType","SUCCESS","Type: REG_SZ, Length: 4, Data: 1" "11:31:27.5526173 AM","icl.exe","29584","RegOpenKey","HKCU\Control Panel\International\🌎🌏🌍","NAME NOT FOUND","Desired Access: Query Value" "11:31:27.5526370 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","REPARSE","Desired Access: Read" "11:31:27.5526491 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","Desired Access: Read" "11:31:27.5526624 AM","icl.exe","29584","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale\en-US","NAME NOT FOUND","Length: 532" "11:31:27.5526742 AM","icl.exe","29584","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","" "11:31:27.5526857 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","REPARSE","Desired Access: Read" "11:31:27.5526970 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","Desired Access: Read" "11:31:27.5527088 AM","icl.exe","29584","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale\en-US","NAME NOT FOUND","Length: 532" "11:31:27.5527218 AM","icl.exe","29584","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","" "11:31:27.5528812 AM","icl.exe","29584","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\Sorting\Versions\000603xx","SUCCESS","Type: REG_SZ, Length: 26, Data: kernel32.dll" "11:31:27.5529857 AM","icl.exe","29584","CreateFile","C:\Windows\Globalization\Sorting\SortDefault.nls","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, AllocationSize: n/a, OpenResult: Opened" "11:31:27.5530293 AM","icl.exe","29584","CreateFileMapping","C:\Windows\Globalization\Sorting\SortDefault.nls","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_WRITECOPY|PAGE_NOCACHE" "11:31:27.5530413 AM","icl.exe","29584","QueryStandardInformationFile","C:\Windows\Globalization\Sorting\SortDefault.nls","SUCCESS","AllocationSize: 3,375,104, EndOfFile: 3,371,404, NumberOfLinks: 2, DeletePending: False, Directory: False" "11:31:27.5530618 AM","icl.exe","29584","CreateFileMapping","C:\Windows\Globalization\Sorting\SortDefault.nls","SUCCESS","SyncType: SyncTypeOther" "11:31:27.5530881 AM","icl.exe","29584","CloseFile","C:\Windows\Globalization\Sorting\SortDefault.nls","SUCCESS","" "11:31:27.5531461 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\Sorting\Ids","REPARSE","Desired Access: Read" "11:31:27.5531597 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\Sorting\Ids","SUCCESS","Desired Access: Read" "11:31:27.5531742 AM","icl.exe","29584","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\Sorting\Ids\en-US","NAME NOT FOUND","Length: 90" "11:31:27.5531910 AM","icl.exe","29584","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\Sorting\Ids\en","NAME NOT FOUND","Length: 90" "11:31:27.5534223 AM","icl.exe","29584","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:27.5534467 AM","icl.exe","29584","QueryBasicInformationFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64","SUCCESS","CreationTime: 2/24/2021 12:42:09 AM, LastAccessTime: 3/25/2021 11:31:27 AM, LastWriteTime: 2/24/2021 12:42:51 AM, ChangeTime: 2/24/2021 12:42:51 AM, FileAttributes: D" "11:31:27.5534566 AM","icl.exe","29584","CloseFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64","SUCCESS","" "11:31:27.5535005 AM","icl.exe","29584","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Open For Backup, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:27.5535281 AM","icl.exe","29584","QueryDirectory","C:\Program Files (x86)","SUCCESS","FileInformationClass: FileBothDirectoryInformation, Filter: Program Files (x86), 2: Program Files (x86)" "11:31:27.5535717 AM","icl.exe","29584","CloseFile","C:\","SUCCESS","" "11:31:27.5536603 AM","icl.exe","29584","CreateFile","C:\Program Files (x86)","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Open For Backup, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:27.5536870 AM","icl.exe","29584","QueryDirectory","C:\Program Files (x86)\IntelSWTools","SUCCESS","FileInformationClass: FileBothDirectoryInformation, Filter: IntelSWTools, 2: IntelSWTools" "11:31:27.5537103 AM","icl.exe","29584","CloseFile","C:\Program Files (x86)","SUCCESS","" "11:31:27.5537891 AM","icl.exe","29584","CreateFile","C:\Program Files (x86)\IntelSWTools","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Open For Backup, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:27.5538148 AM","icl.exe","29584","QueryDirectory","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210","SUCCESS","FileInformationClass: FileBothDirectoryInformation, Filter: compilers_and_libraries_2017.4.210, 2: compilers_and_libraries_2017.4.210" "11:31:27.5538371 AM","icl.exe","29584","CloseFile","C:\Program Files (x86)\IntelSWTools","SUCCESS","" "11:31:27.5540080 AM","icl.exe","29584","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\1033\diagscUI.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:27.5540333 AM","icl.exe","29584","QueryBasicInformationFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\1033\diagscUI.dll","SUCCESS","CreationTime: 4/12/2017 8:26:38 AM, LastAccessTime: 3/25/2021 11:31:23 AM, LastWriteTime: 4/12/2017 8:26:38 AM, ChangeTime: 2/24/2021 12:42:37 AM, FileAttributes: A" "11:31:27.5540433 AM","icl.exe","29584","CloseFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\1033\diagscUI.dll","SUCCESS","" "11:31:27.5541174 AM","icl.exe","29584","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\1033\diagscUI.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:27.5541443 AM","icl.exe","29584","CreateFileMapping","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\1033\diagscUI.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_WRITECOPY|PAGE_NOCACHE" "11:31:27.5542258 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Read" "11:31:27.5542427 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Read" "11:31:27.5542578 AM","icl.exe","29584","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 20" "11:31:27.5542738 AM","icl.exe","29584","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","" "11:31:27.5542887 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Query Value" "11:31:27.5543035 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Query Value" "11:31:27.5543162 AM","icl.exe","29584","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 80" "11:31:27.5543305 AM","icl.exe","29584","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","" "11:31:27.5543423 AM","icl.exe","29584","CreateFileMapping","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\1033\diagscUI.dll","SUCCESS","SyncType: SyncTypeOther" "11:31:27.5545141 AM","icl.exe","29584","Load Image","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\1033\diagscUI.dll","SUCCESS","Image Base: 0x4640000, Image Size: 0xb7000" "11:31:27.5545532 AM","icl.exe","29584","CloseFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\1033\diagscUI.dll","SUCCESS","" "11:31:27.5546289 AM","icl.exe","29584","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" "11:31:27.5546455 AM","icl.exe","29584","RegOpenKey","HKLM\HARDWARE\DESCRIPTION\System\CentralProcessor","SUCCESS","Desired Access: Read" "11:31:27.5546647 AM","icl.exe","29584","RegQueryKey","HKLM\HARDWARE\DESCRIPTION\System\CentralProcessor","SUCCESS","Query: Cached, SubKeys: 4, Values: 0" "11:31:27.5546789 AM","icl.exe","29584","RegCloseKey","HKLM\HARDWARE\DESCRIPTION\System\CentralProcessor","SUCCESS","" "11:31:27.5549241 AM","icl.exe","29584","CreateFile","C:\Users\osqa\AppData\Local\Temp","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:27.5549499 AM","icl.exe","29584","QueryBasicInformationFile","C:\Users\osqa\AppData\Local\Temp","SUCCESS","CreationTime: 2/23/2021 6:57:50 PM, LastAccessTime: 3/25/2021 11:31:25 AM, LastWriteTime: 3/25/2021 11:31:23 AM, ChangeTime: 3/25/2021 11:31:23 AM, FileAttributes: D" "11:31:27.5549592 AM","icl.exe","29584","CloseFile","C:\Users\osqa\AppData\Local\Temp","SUCCESS","" "11:31:27.5550387 AM","icl.exe","29584","CreateFile","C:\Users\osqa\AppData\Local","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Open For Backup, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:27.5550652 AM","icl.exe","29584","QueryDirectory","C:\Users\osqa\AppData\Local\Temp","SUCCESS","FileInformationClass: FileBothDirectoryInformation, Filter: Temp, 2: Temp" "11:31:27.5590164 AM","icl.exe","29584","CreateFile","C:\Windows\System32\tzres.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:27.5590568 AM","icl.exe","29584","QueryBasicInformationFile","C:\Windows\System32\tzres.dll","SUCCESS","CreationTime: 2/17/2021 8:53:41 AM, LastAccessTime: 3/25/2021 11:31:25 AM, LastWriteTime: 2/17/2021 8:53:41 AM, ChangeTime: 3/10/2021 10:24:06 PM, FileAttributes: A" "11:31:27.5590686 AM","icl.exe","29584","CloseFile","C:\Windows\System32\tzres.dll","SUCCESS","" "11:31:27.5591533 AM","icl.exe","29584","CreateFile","C:\Windows\System32\tzres.dll","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:27.5591929 AM","icl.exe","29584","CreateFileMapping","C:\Windows\System32\tzres.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_WRITECOPY|PAGE_NOCACHE" "11:31:27.5592210 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Read" "11:31:27.5592383 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Read" "11:31:27.5592527 AM","icl.exe","29584","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 20" "11:31:27.5592688 AM","icl.exe","29584","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","" "11:31:27.5592813 AM","icl.exe","29584","CreateFileMapping","C:\Windows\System32\tzres.dll","SUCCESS","SyncType: SyncTypeOther" "11:31:27.5593129 AM","icl.exe","29584","CloseFile","C:\Windows\System32\tzres.dll","SUCCESS","" "11:31:27.5593666 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\StateSeparation\RedirectionMap\Keys","REPARSE","Desired Access: Read" "11:31:27.5593816 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\StateSeparation\RedirectionMap\Keys","NAME NOT FOUND","Desired Access: Read" "11:31:27.5593991 AM","icl.exe","29584","RegOpenKey","HKLM\Software\Microsoft\LanguageOverlay\OverlayPackages\en-US","NAME NOT FOUND","Desired Access: Read" "11:31:27.5594786 AM","icl.exe","29584","CreateFile","C:\Windows\System32\en-US\tzres.dll.mui","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:27.5595074 AM","icl.exe","29584","CreateFileMapping","C:\Windows\System32\en-US\tzres.dll.mui","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_WRITECOPY|PAGE_NOCACHE" "11:31:27.5595188 AM","icl.exe","29584","QueryStandardInformationFile","C:\Windows\System32\en-US\tzres.dll.mui","SUCCESS","AllocationSize: 45,056, EndOfFile: 44,544, NumberOfLinks: 2, DeletePending: False, Directory: False" "11:31:27.5595563 AM","icl.exe","29584","CreateFileMapping","C:\Windows\System32\en-US\tzres.dll.mui","SUCCESS","SyncType: SyncTypeOther" "11:31:27.5596088 AM","icl.exe","29584","CloseFile","C:\Windows\System32\en-US\tzres.dll.mui","SUCCESS","" "11:31:27.5597807 AM","icl.exe","29584","CreateFile","C:\Windows\System32\tzres.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:27.5598127 AM","icl.exe","29584","QueryBasicInformationFile","C:\Windows\System32\tzres.dll","SUCCESS","CreationTime: 2/17/2021 8:53:41 AM, LastAccessTime: 3/25/2021 11:31:27 AM, LastWriteTime: 2/17/2021 8:53:41 AM, ChangeTime: 3/10/2021 10:24:06 PM, FileAttributes: A" "11:31:27.5598229 AM","icl.exe","29584","CloseFile","C:\Windows\System32\tzres.dll","SUCCESS","" "11:31:27.5599028 AM","icl.exe","29584","CreateFile","C:\Windows\System32\tzres.dll","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:27.5599396 AM","icl.exe","29584","CreateFileMapping","C:\Windows\System32\tzres.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_WRITECOPY|PAGE_NOCACHE" "11:31:27.5599658 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Read" "11:31:27.5599825 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Read" "11:31:27.5599967 AM","icl.exe","29584","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 20" "11:31:27.5600122 AM","icl.exe","29584","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","" "11:31:27.5600238 AM","icl.exe","29584","CreateFileMapping","C:\Windows\System32\tzres.dll","SUCCESS","SyncType: SyncTypeOther" "11:31:27.5600526 AM","icl.exe","29584","CloseFile","C:\Windows\System32\tzres.dll","SUCCESS","" "11:31:27.5601027 AM","icl.exe","29584","RegOpenKey","HKLM\Software\Microsoft\LanguageOverlay\OverlayPackages\en-US","NAME NOT FOUND","Desired Access: Read" "11:31:27.5601782 AM","icl.exe","29584","CreateFile","C:\Windows\System32\en-US\tzres.dll.mui","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:27.5602044 AM","icl.exe","29584","CreateFileMapping","C:\Windows\System32\en-US\tzres.dll.mui","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_WRITECOPY|PAGE_NOCACHE" "11:31:27.5602154 AM","icl.exe","29584","QueryStandardInformationFile","C:\Windows\System32\en-US\tzres.dll.mui","SUCCESS","AllocationSize: 45,056, EndOfFile: 44,544, NumberOfLinks: 2, DeletePending: False, Directory: False" "11:31:27.5602351 AM","icl.exe","29584","CreateFileMapping","C:\Windows\System32\en-US\tzres.dll.mui","SUCCESS","SyncType: SyncTypeOther" "11:31:27.5602837 AM","icl.exe","29584","CloseFile","C:\Windows\System32\en-US\tzres.dll.mui","SUCCESS","" "11:31:27.5603379 AM","icl.exe","29584","CloseFile","C:\Users\osqa\AppData\Local","SUCCESS","" "11:31:27.5605065 AM","icl.exe","29584","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:27.5605285 AM","icl.exe","29584","QueryBasicInformationFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64","SUCCESS","CreationTime: 2/24/2021 12:42:09 AM, LastAccessTime: 3/25/2021 11:31:27 AM, LastWriteTime: 2/24/2021 12:42:51 AM, ChangeTime: 2/24/2021 12:42:51 AM, FileAttributes: D" "11:31:27.5605546 AM","icl.exe","29584","CloseFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64","SUCCESS","" "11:31:27.5605941 AM","icl.exe","29584","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Open For Backup, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:27.5606195 AM","icl.exe","29584","QueryDirectory","C:\Program Files (x86)","SUCCESS","FileInformationClass: FileBothDirectoryInformation, Filter: Program Files (x86), 2: Program Files (x86)" "11:31:27.5606448 AM","icl.exe","29584","CloseFile","C:\","SUCCESS","" "11:31:27.5607263 AM","icl.exe","29584","CreateFile","C:\Program Files (x86)","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Open For Backup, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:27.5607526 AM","icl.exe","29584","QueryDirectory","C:\Program Files (x86)\IntelSWTools","SUCCESS","FileInformationClass: FileBothDirectoryInformation, Filter: IntelSWTools, 2: IntelSWTools" "11:31:27.5607748 AM","icl.exe","29584","CloseFile","C:\Program Files (x86)","SUCCESS","" "11:31:27.5608522 AM","icl.exe","29584","CreateFile","C:\Program Files (x86)\IntelSWTools","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Open For Backup, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:27.5608783 AM","icl.exe","29584","QueryDirectory","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210","SUCCESS","FileInformationClass: FileBothDirectoryInformation, Filter: compilers_and_libraries_2017.4.210, 2: compilers_and_libraries_2017.4.210" "11:31:27.5608999 AM","icl.exe","29584","CloseFile","C:\Program Files (x86)\IntelSWTools","SUCCESS","" "11:31:27.5610708 AM","icl.exe","29584","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\mcpcom.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:27.5610981 AM","icl.exe","29584","QueryBasicInformationFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\mcpcom.exe","SUCCESS","CreationTime: 4/12/2017 8:26:48 AM, LastAccessTime: 3/25/2021 11:31:23 AM, LastWriteTime: 4/12/2017 8:26:48 AM, ChangeTime: 2/24/2021 12:42:38 AM, FileAttributes: A" "11:31:27.5611280 AM","icl.exe","29584","CloseFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\mcpcom.exe","SUCCESS","" "11:31:27.5613129 AM","icl.exe","29584","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\icl.cfg","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened" "11:31:27.5613765 AM","icl.exe","29584","CloseFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\icl.cfg","SUCCESS","" "11:31:27.5614701 AM","icl.exe","29584","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\icl.cfg","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened" "11:31:27.5615240 AM","icl.exe","29584","ReadFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\icl.cfg","END OF FILE","Offset: 0, Length: 4,096, Priority: Normal" "11:31:27.5615609 AM","icl.exe","29584","CloseFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\icl.cfg","SUCCESS","" "11:31:27.5616523 AM","icl.exe","29584","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\icl.cfg","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened" "11:31:27.5616987 AM","icl.exe","29584","QueryStandardInformationFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\icl.cfg","SUCCESS","AllocationSize: 0, EndOfFile: 0, NumberOfLinks: 1, DeletePending: False, Directory: False" "11:31:27.5617154 AM","icl.exe","29584","ReadFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\icl.cfg","END OF FILE","Offset: 0, Length: 6, Priority: Normal" "11:31:27.5617337 AM","icl.exe","29584","ReadFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\icl.cfg","END OF FILE","Offset: 0, Length: 4,096, Priority: Normal" "11:31:27.5617484 AM","icl.exe","29584","CloseFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\icl.cfg","SUCCESS","" "11:31:27.5624651 AM","icl.exe","29584","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\CRYPTSP.dll","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a" "11:31:27.5626518 AM","icl.exe","29584","CreateFile","C:\Windows\System32\cryptsp.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:27.5626934 AM","icl.exe","29584","QueryBasicInformationFile","C:\Windows\System32\cryptsp.dll","SUCCESS","CreationTime: 2/17/2021 8:53:41 AM, LastAccessTime: 3/25/2021 11:31:25 AM, LastWriteTime: 2/17/2021 8:53:41 AM, ChangeTime: 3/10/2021 10:24:06 PM, FileAttributes: A" "11:31:27.5627074 AM","icl.exe","29584","CloseFile","C:\Windows\System32\cryptsp.dll","SUCCESS","" "11:31:27.5628086 AM","icl.exe","29584","CreateFile","C:\Windows\System32\cryptsp.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:27.5628512 AM","icl.exe","29584","CreateFileMapping","C:\Windows\System32\cryptsp.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_WRITECOPY|PAGE_NOCACHE" "11:31:27.5629805 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Read" "11:31:27.5630009 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Read" "11:31:27.5630184 AM","icl.exe","29584","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 20" "11:31:27.5630376 AM","icl.exe","29584","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","" "11:31:27.5630549 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Query Value" "11:31:27.5630718 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Query Value" "11:31:27.5630871 AM","icl.exe","29584","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 80" "11:31:27.5631042 AM","icl.exe","29584","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","" "11:31:27.5631196 AM","icl.exe","29584","CreateFileMapping","C:\Windows\System32\cryptsp.dll","SUCCESS","SyncType: SyncTypeOther" "11:31:27.5633692 AM","icl.exe","29584","Load Image","C:\Windows\System32\cryptsp.dll","SUCCESS","Image Base: 0x7ffbda930000, Image Size: 0x18000" "11:31:27.5634419 AM","icl.exe","29584","CloseFile","C:\Windows\System32\cryptsp.dll","SUCCESS","" "11:31:27.5635899 AM","icl.exe","29584","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" "11:31:27.5636075 AM","icl.exe","29584","RegOpenKey","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider Types\Type 001","SUCCESS","Desired Access: Read" "11:31:27.5636297 AM","icl.exe","29584","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider Types\Type 001\Name","BUFFER OVERFLOW","Length: 12" "11:31:27.5636436 AM","icl.exe","29584","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider Types\Type 001\Name","SUCCESS","Type: REG_SZ, Length: 80, Data: Microsoft Strong Cryptographic Provider" "11:31:27.5636577 AM","icl.exe","29584","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider Types\Type 001\Name","BUFFER OVERFLOW","Length: 52" "11:31:27.5636693 AM","icl.exe","29584","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider Types\Type 001\Name","SUCCESS","Type: REG_SZ, Length: 80, Data: Microsoft Strong Cryptographic Provider" "11:31:27.5636858 AM","icl.exe","29584","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider Types\Type 001","SUCCESS","" "11:31:27.5636976 AM","icl.exe","29584","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" "11:31:27.5637105 AM","icl.exe","29584","RegOpenKey","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Strong Cryptographic Provider","SUCCESS","Desired Access: Read" "11:31:27.5637279 AM","icl.exe","29584","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Strong Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1" "11:31:27.5637410 AM","icl.exe","29584","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Strong Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12" "11:31:27.5637522 AM","icl.exe","29584","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Strong Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: %SystemRoot%\system32\rsaenh.dll" "11:31:27.5637645 AM","icl.exe","29584","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Strong Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45" "11:31:27.5637760 AM","icl.exe","29584","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Strong Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: %SystemRoot%\system32\rsaenh.dll" "11:31:27.5639815 AM","icl.exe","29584","CreateFile","C:\Windows\System32\rsaenh.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:27.5640234 AM","icl.exe","29584","QueryBasicInformationFile","C:\Windows\System32\rsaenh.dll","SUCCESS","CreationTime: 2/17/2021 8:53:41 AM, LastAccessTime: 3/25/2021 11:31:25 AM, LastWriteTime: 2/17/2021 8:53:41 AM, ChangeTime: 3/10/2021 10:24:06 PM, FileAttributes: A" "11:31:27.5640385 AM","icl.exe","29584","CloseFile","C:\Windows\System32\rsaenh.dll","SUCCESS","" "11:31:27.5641308 AM","icl.exe","29584","CreateFile","C:\Windows\System32\rsaenh.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:27.5641705 AM","icl.exe","29584","CreateFileMapping","C:\Windows\System32\rsaenh.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_WRITECOPY|PAGE_NOCACHE" "11:31:27.5642628 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Read" "11:31:27.5642823 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Read" "11:31:27.5642990 AM","icl.exe","29584","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 20" "11:31:27.5643175 AM","icl.exe","29584","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","" "11:31:27.5643341 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Query Value" "11:31:27.5643507 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Query Value" "11:31:27.5643657 AM","icl.exe","29584","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 80" "11:31:27.5643832 AM","icl.exe","29584","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","" "11:31:27.5643983 AM","icl.exe","29584","CreateFileMapping","C:\Windows\System32\rsaenh.dll","SUCCESS","SyncType: SyncTypeOther" "11:31:27.5646423 AM","icl.exe","29584","Load Image","C:\Windows\System32\rsaenh.dll","SUCCESS","Image Base: 0x7ffbd9db0000, Image Size: 0x34000" "11:31:27.5647977 AM","icl.exe","29584","CloseFile","C:\Windows\System32\rsaenh.dll","SUCCESS","" "11:31:27.5648986 AM","icl.exe","29584","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" "11:31:27.5649159 AM","icl.exe","29584","RegOpenKey","HKLM\Software\Policies\Microsoft\Cryptography","SUCCESS","Desired Access: Read" "11:31:27.5649342 AM","icl.exe","29584","RegSetInfoKey","HKLM\SOFTWARE\Policies\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" "11:31:27.5649468 AM","icl.exe","29584","RegQueryValue","HKLM\SOFTWARE\Policies\Microsoft\Cryptography\PrivKeyCacheMaxItems","NAME NOT FOUND","Length: 16" "11:31:27.5649586 AM","icl.exe","29584","RegQueryValue","HKLM\SOFTWARE\Policies\Microsoft\Cryptography\PrivKeyCachePurgeIntervalSeconds","NAME NOT FOUND","Length: 16" "11:31:27.5649688 AM","icl.exe","29584","RegQueryValue","HKLM\SOFTWARE\Policies\Microsoft\Cryptography\PrivateKeyLifetimeSeconds","NAME NOT FOUND","Length: 16" "11:31:27.5649833 AM","icl.exe","29584","RegCloseKey","HKLM\SOFTWARE\Policies\Microsoft\Cryptography","SUCCESS","" "11:31:27.5649981 AM","icl.exe","29584","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" "11:31:27.5650099 AM","icl.exe","29584","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read" "11:31:27.5650228 AM","icl.exe","29584","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" "11:31:27.5650324 AM","icl.exe","29584","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12" "11:31:27.5650435 AM","icl.exe","29584","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: 7f7421c1-6067-490b-b147-4e8eac31a572" "11:31:27.5650556 AM","icl.exe","29584","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49" "11:31:27.5650660 AM","icl.exe","29584","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: 7f7421c1-6067-490b-b147-4e8eac31a572" "11:31:27.5650838 AM","icl.exe","29584","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","" "11:31:27.5650951 AM","icl.exe","29584","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" "11:31:27.5651064 AM","icl.exe","29584","RegOpenKey","HKLM\Software\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read" "11:31:27.5652874 AM","icl.exe","29584","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\CRYPTBASE.dll","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a" "11:31:27.5654295 AM","icl.exe","29584","CreateFile","C:\Windows\System32\cryptbase.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:27.5654564 AM","icl.exe","29584","QueryBasicInformationFile","C:\Windows\System32\cryptbase.dll","SUCCESS","CreationTime: 2/17/2021 8:53:44 AM, LastAccessTime: 3/25/2021 11:31:25 AM, LastWriteTime: 2/17/2021 8:53:44 AM, ChangeTime: 3/10/2021 10:24:06 PM, FileAttributes: A" "11:31:27.5654682 AM","icl.exe","29584","CloseFile","C:\Windows\System32\cryptbase.dll","SUCCESS","" "11:31:27.5655958 AM","icl.exe","29584","CreateFile","C:\Windows\System32\cryptbase.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:27.5656262 AM","icl.exe","29584","CreateFileMapping","C:\Windows\System32\cryptbase.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_WRITECOPY|PAGE_NOCACHE" "11:31:27.5657120 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Read" "11:31:27.5657301 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Read" "11:31:27.5657474 AM","icl.exe","29584","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 20" "11:31:27.5657641 AM","icl.exe","29584","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","" "11:31:27.5657793 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Query Value" "11:31:27.5657934 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Query Value" "11:31:27.5658067 AM","icl.exe","29584","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 80" "11:31:27.5658216 AM","icl.exe","29584","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","" "11:31:27.5658361 AM","icl.exe","29584","CreateFileMapping","C:\Windows\System32\cryptbase.dll","SUCCESS","SyncType: SyncTypeOther" "11:31:27.5660438 AM","icl.exe","29584","Load Image","C:\Windows\System32\cryptbase.dll","SUCCESS","Image Base: 0x7ffbda570000, Image Size: 0xc000" "11:31:27.5661026 AM","icl.exe","29584","CloseFile","C:\Windows\System32\cryptbase.dll","SUCCESS","" "11:31:27.5663747 AM","icl.exe","29584","Load Image","C:\Windows\System32\bcryptprimitives.dll","SUCCESS","Image Base: 0x7ffbdb410000, Image Size: 0x80000" "11:31:27.5665657 AM","icl.exe","29584","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\f3a71a4b-6118-4257-8ccb-39a33ba059d4","NAME NOT FOUND","Length: 528" "11:31:27.5666260 AM","icl.exe","29584","QueryNameInformationFile","C:\Windows\System32\bcryptprimitives.dll","SUCCESS","Name: \Windows\System32\bcryptprimitives.dll" "11:31:27.5666553 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy","REPARSE","Desired Access: Query Value" "11:31:27.5666716 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy","SUCCESS","Desired Access: Query Value" "11:31:27.5666884 AM","icl.exe","29584","RegQueryValue","HKLM\System\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy\STE","NAME NOT FOUND","Length: 20" "11:31:27.5667038 AM","icl.exe","29584","RegCloseKey","HKLM\System\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy","SUCCESS","" "11:31:27.5667178 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy","REPARSE","Desired Access: Query Value" "11:31:27.5667302 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy","SUCCESS","Desired Access: Query Value" "11:31:27.5667563 AM","icl.exe","29584","RegQueryValue","HKLM\System\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy\Enabled","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0" "11:31:27.5667719 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Lsa","REPARSE","Desired Access: Query Value" "11:31:27.5667844 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Lsa","SUCCESS","Desired Access: Query Value" "11:31:27.5667974 AM","icl.exe","29584","RegQueryValue","HKLM\System\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy","NAME NOT FOUND","Length: 20" "11:31:27.5668103 AM","icl.exe","29584","RegQueryValue","HKLM\System\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy\MDMEnabled","NAME NOT FOUND","Length: 20" "11:31:27.5668248 AM","icl.exe","29584","RegCloseKey","HKLM\System\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy","SUCCESS","" "11:31:27.5668358 AM","icl.exe","29584","RegCloseKey","HKLM\System\CurrentControlSet\Control\Lsa","SUCCESS","" "11:31:27.5668487 AM","icl.exe","29584","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Policies\Microsoft\Cryptography\Configuration","REPARSE","Desired Access: Query Value" "11:31:27.5668613 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Policies\Microsoft\Cryptography\Configuration","NAME NOT FOUND","Desired Access: Query Value" "11:31:27.5669172 AM","icl.exe","29584","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Strong Cryptographic Provider","SUCCESS","" "11:31:27.5669540 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Cryptography\Providers","REPARSE","Desired Access: Read" "11:31:27.5669703 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Cryptography\Providers","SUCCESS","Desired Access: Read" "11:31:27.5669899 AM","icl.exe","29584","RegCloseKey","HKLM\System\CurrentControlSet\Control\Cryptography\Providers","SUCCESS","" "11:31:27.5670055 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Cryptography\Configuration","REPARSE","Desired Access: Read" "11:31:27.5670200 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Cryptography\Configuration","SUCCESS","Desired Access: Read" "11:31:27.5670396 AM","icl.exe","29584","RegCloseKey","HKLM\System\CurrentControlSet\Control\Cryptography\Configuration","SUCCESS","" "11:31:27.5672643 AM","icl.exe","29584","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\SspiCli.dll","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a" "11:31:27.5674127 AM","icl.exe","29584","CreateFile","C:\Windows\System32\sspicli.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:27.5674530 AM","icl.exe","29584","QueryBasicInformationFile","C:\Windows\System32\sspicli.dll","SUCCESS","CreationTime: 2/17/2021 8:53:44 AM, LastAccessTime: 3/25/2021 11:31:25 AM, LastWriteTime: 2/17/2021 8:53:44 AM, ChangeTime: 3/10/2021 10:24:06 PM, FileAttributes: A" "11:31:27.5674649 AM","icl.exe","29584","CloseFile","C:\Windows\System32\sspicli.dll","SUCCESS","" "11:31:27.5676101 AM","icl.exe","29584","CreateFile","C:\Windows\System32\sspicli.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:27.5676547 AM","icl.exe","29584","CreateFileMapping","C:\Windows\System32\sspicli.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_WRITECOPY|PAGE_NOCACHE" "11:31:27.5677404 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Read" "11:31:27.5677578 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Read" "11:31:27.5677739 AM","icl.exe","29584","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 20" "11:31:27.5677920 AM","icl.exe","29584","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","" "11:31:27.5678088 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Query Value" "11:31:27.5678274 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Query Value" "11:31:27.5678438 AM","icl.exe","29584","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 80" "11:31:27.5678603 AM","icl.exe","29584","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","" "11:31:27.5678763 AM","icl.exe","29584","CreateFileMapping","C:\Windows\System32\sspicli.dll","SUCCESS","SyncType: SyncTypeOther" "11:31:27.5680893 AM","icl.exe","29584","Load Image","C:\Windows\System32\sspicli.dll","SUCCESS","Image Base: 0x7ffbdab90000, Image Size: 0x3c000" "11:31:27.5681708 AM","icl.exe","29584","CloseFile","C:\Windows\System32\sspicli.dll","SUCCESS","" "11:31:27.5683339 AM","icl.exe","29584","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\a6d3c9ac-9128-522a-495a-1821191173c2","NAME NOT FOUND","Length: 528" "11:31:27.5683929 AM","icl.exe","29584","QueryNameInformationFile","C:\Windows\System32\sspicli.dll","SUCCESS","Name: \Windows\System32\sspicli.dll" "11:31:27.5684700 AM","icl.exe","29584","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" "11:31:27.5684893 AM","icl.exe","29584","RegOpenKey","HKLM\Software\Microsoft\Rpc","SUCCESS","Desired Access: Read" "11:31:27.5685106 AM","icl.exe","29584","RegQueryValue","HKLM\SOFTWARE\Microsoft\Rpc\MaxRpcSize","NAME NOT FOUND","Length: 16" "11:31:27.5685282 AM","icl.exe","29584","RegCloseKey","HKLM\SOFTWARE\Microsoft\Rpc","SUCCESS","" "11:31:27.5686028 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Services\CCG","REPARSE","Desired Access: Read" "11:31:27.5686849 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Services\CCG","NAME NOT FOUND","Desired Access: Read" "11:31:27.5687086 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Services\CCG","REPARSE","Desired Access: Read" "11:31:27.5687224 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Services\CCG","NAME NOT FOUND","Desired Access: Read" "11:31:27.5687381 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\ComputerName\ActiveComputerName","REPARSE","Desired Access: Read" "11:31:27.5687512 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\ComputerName\ActiveComputerName","SUCCESS","Desired Access: Read" "11:31:27.5687679 AM","icl.exe","29584","RegQueryValue","HKLM\System\CurrentControlSet\Control\ComputerName\ActiveComputerName\ComputerName","SUCCESS","Type: REG_SZ, Length: 28, Data: CA-W10-BLD-05" "11:31:27.5687960 AM","icl.exe","29584","RegCloseKey","HKLM\System\CurrentControlSet\Control\ComputerName\ActiveComputerName","SUCCESS","" "11:31:27.5688134 AM","icl.exe","29584","RegOpenKey","HKLM\System\Setup","SUCCESS","Desired Access: Read" "11:31:27.5688275 AM","icl.exe","29584","RegQueryValue","HKLM\SYSTEM\Setup\OOBEInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0" "11:31:27.5688568 AM","icl.exe","29584","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS","" "11:31:27.5688698 AM","icl.exe","29584","RegOpenKey","HKLM\System\Setup","SUCCESS","Desired Access: Read" "11:31:27.5688857 AM","icl.exe","29584","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0" "11:31:27.5689006 AM","icl.exe","29584","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS","" "11:31:27.5689158 AM","icl.exe","29584","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\icl.exe","NAME NOT FOUND","Desired Access: Query Value, Enumerate Sub Keys" "11:31:27.5689690 AM","icl.exe","29584","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" "11:31:27.5689820 AM","icl.exe","29584","RegOpenKey","HKLM\Software\Policies\Microsoft\Windows NT\Rpc","NAME NOT FOUND","Desired Access: Read" "11:31:27.5690349 AM","icl.exe","29584","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" "11:31:27.5690463 AM","icl.exe","29584","RegOpenKey","HKLM\Software\Microsoft\Rpc","SUCCESS","Desired Access: Query Value" "11:31:27.5690610 AM","icl.exe","29584","RegQueryValue","HKLM\SOFTWARE\Microsoft\Rpc\IdleTimerWindow","NAME NOT FOUND","Length: 16" "11:31:27.5690749 AM","icl.exe","29584","RegCloseKey","HKLM\SOFTWARE\Microsoft\Rpc","SUCCESS","" "11:31:27.5694123 AM","icl.exe","29584","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" "11:31:27.5694291 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Hvsi","REPARSE","Desired Access: Read" "11:31:27.5694446 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Hvsi","SUCCESS","Desired Access: Read" "11:31:27.5694603 AM","icl.exe","29584","RegQueryValue","HKLM\System\CurrentControlSet\Control\Hvsi\IsHvsiContainer","NAME NOT FOUND","Length: 16" "11:31:27.5694746 AM","icl.exe","29584","RegCloseKey","HKLM\System\CurrentControlSet\Control\Hvsi","SUCCESS","" "11:31:27.5696485 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Cryptography\Providers","REPARSE","Desired Access: Read" "11:31:27.5696682 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Cryptography\Providers","SUCCESS","Desired Access: Read" "11:31:27.5696888 AM","icl.exe","29584","RegCloseKey","HKLM\System\CurrentControlSet\Control\Cryptography\Providers","SUCCESS","" "11:31:27.5697044 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Cryptography\Configuration","REPARSE","Desired Access: Read" "11:31:27.5697197 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Cryptography\Configuration","SUCCESS","Desired Access: Read" "11:31:27.5697374 AM","icl.exe","29584","RegCloseKey","HKLM\System\CurrentControlSet\Control\Cryptography\Configuration","SUCCESS","" "11:31:27.5698911 AM","icl.exe","29584","CreateFile","C:\Users\osqa\AppData\Local\Temp\IntelLicenseCache","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Open For Backup, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:27.5699327 AM","icl.exe","29584","QueryDirectory","C:\Users\osqa\AppData\Local\Temp\IntelLicenseCache\ILC*.TMP","SUCCESS","FileInformationClass: FileBothDirectoryInformation, Filter: ILC*.TMP, 2: ILCE9C9.tmp" "11:31:27.5700297 AM","icl.exe","29584","CreateFile","C:\Users\osqa\AppData\Local\Temp\IntelLicenseCache\ILCE9C9.tmp","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened" "11:31:27.5700679 AM","icl.exe","29584","ReadFile","C:\Users\osqa\AppData\Local\Temp\IntelLicenseCache\ILCE9C9.tmp","SUCCESS","Offset: 0, Length: 101, Priority: Normal" "11:31:27.5700993 AM","icl.exe","29584","ReadFile","C:\Users\osqa\AppData\Local\Temp\IntelLicenseCache\ILCE9C9.tmp","END OF FILE","Offset: 101, Length: 4,096" "11:31:27.5701180 AM","icl.exe","29584","CloseFile","C:\Users\osqa\AppData\Local\Temp\IntelLicenseCache\ILCE9C9.tmp","SUCCESS","" "11:31:27.5701548 AM","icl.exe","29584","QueryDirectory","C:\Users\osqa\AppData\Local\Temp\IntelLicenseCache","SUCCESS","FileInformationClass: FileBothDirectoryInformation, 1: ILCFA0.tmp" "11:31:27.5702438 AM","icl.exe","29584","CreateFile","C:\Users\osqa\AppData\Local\Temp\IntelLicenseCache\ILCFA0.tmp","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened" "11:31:27.5702776 AM","icl.exe","29584","ReadFile","C:\Users\osqa\AppData\Local\Temp\IntelLicenseCache\ILCFA0.tmp","SUCCESS","Offset: 0, Length: 101, Priority: Normal" "11:31:27.5703012 AM","icl.exe","29584","ReadFile","C:\Users\osqa\AppData\Local\Temp\IntelLicenseCache\ILCFA0.tmp","END OF FILE","Offset: 101, Length: 4,096" "11:31:27.5703155 AM","icl.exe","29584","CloseFile","C:\Users\osqa\AppData\Local\Temp\IntelLicenseCache\ILCFA0.tmp","SUCCESS","" "11:31:27.5703799 AM","icl.exe","29584","CloseFile","C:\Users\osqa\AppData\Local\Temp\IntelLicenseCache","SUCCESS","" "11:31:27.5705721 AM","icl.exe","29584","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\icl.cfg","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened" "11:31:27.5706339 AM","icl.exe","29584","CloseFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\icl.cfg","SUCCESS","" "11:31:27.5707352 AM","icl.exe","29584","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\icl.cfg","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened" "11:31:27.5707897 AM","icl.exe","29584","ReadFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\icl.cfg","END OF FILE","Offset: 0, Length: 4,096, Priority: Normal" "11:31:27.5708118 AM","icl.exe","29584","CloseFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\icl.cfg","SUCCESS","" "11:31:27.5709137 AM","icl.exe","29584","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\icl.cfg","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened" "11:31:27.5709586 AM","icl.exe","29584","QueryStandardInformationFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\icl.cfg","SUCCESS","AllocationSize: 0, EndOfFile: 0, NumberOfLinks: 1, DeletePending: False, Directory: False" "11:31:27.5709737 AM","icl.exe","29584","ReadFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\icl.cfg","END OF FILE","Offset: 0, Length: 6, Priority: Normal" "11:31:27.5709915 AM","icl.exe","29584","ReadFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\icl.cfg","END OF FILE","Offset: 0, Length: 4,096, Priority: Normal" "11:31:27.5710062 AM","icl.exe","29584","CloseFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\icl.cfg","SUCCESS","" "11:31:27.5717091 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","REPARSE","Desired Access: Read" "11:31:27.5717275 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","Desired Access: Read" "11:31:27.5717465 AM","icl.exe","29584","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale\af-ZA","NAME NOT FOUND","Length: 532" "11:31:27.5717614 AM","icl.exe","29584","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","" "11:31:27.5717755 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","REPARSE","Desired Access: Read" "11:31:27.5717876 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","Desired Access: Read" "11:31:27.5718164 AM","icl.exe","29584","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale\af-ZA","NAME NOT FOUND","Length: 532" "11:31:27.5718292 AM","icl.exe","29584","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","" "11:31:27.5718541 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","REPARSE","Desired Access: Read" "11:31:27.5718675 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","Desired Access: Read" "11:31:27.5718792 AM","icl.exe","29584","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale\am-ET","NAME NOT FOUND","Length: 532" "11:31:27.5718913 AM","icl.exe","29584","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","" "11:31:27.5719031 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","REPARSE","Desired Access: Read" "11:31:27.5719145 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","Desired Access: Read" "11:31:27.5719607 AM","icl.exe","29584","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale\am-ET","NAME NOT FOUND","Length: 532" "11:31:27.5719886 AM","icl.exe","29584","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","" "11:31:27.5720133 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\Codepage","REPARSE","Desired Access: Read" "11:31:27.5720277 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\Codepage","SUCCESS","Desired Access: Read" "11:31:27.5720422 AM","icl.exe","29584","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\CodePage\AllowDeprecatedCP","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1111573537" "11:31:27.5720729 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","REPARSE","Desired Access: Read" "11:31:27.5720859 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","Desired Access: Read" "11:31:27.5720989 AM","icl.exe","29584","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale\ar-AE","NAME NOT FOUND","Length: 532" "11:31:27.5721112 AM","icl.exe","29584","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","" "11:31:27.5721241 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","REPARSE","Desired Access: Read" "11:31:27.5721357 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","Desired Access: Read" "11:31:27.5721479 AM","icl.exe","29584","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale\ar-AE","NAME NOT FOUND","Length: 532" "11:31:27.5721601 AM","icl.exe","29584","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","" "11:31:27.5721761 AM","icl.exe","29584","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\CodePage\1256","SUCCESS","Type: REG_SZ, Length: 22, Data: c_1256.nls" "11:31:27.5723406 AM","icl.exe","29584","CreateFile","C:\Windows\System32\C_1256.NLS","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:27.5723794 AM","icl.exe","29584","QueryBasicInformationFile","C:\Windows\System32\C_1256.NLS","SUCCESS","CreationTime: 12/7/2019 2:08:49 AM, LastAccessTime: 3/25/2021 10:46:36 AM, LastWriteTime: 12/7/2019 2:08:49 AM, ChangeTime: 3/10/2021 10:18:37 PM, FileAttributes: A" "11:31:27.5723909 AM","icl.exe","29584","CloseFile","C:\Windows\System32\C_1256.NLS","SUCCESS","" "11:31:27.5724487 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","REPARSE","Desired Access: Read" "11:31:27.5724632 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","Desired Access: Read" "11:31:27.5724768 AM","icl.exe","29584","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale\ar-BH","NAME NOT FOUND","Length: 532" "11:31:27.5724899 AM","icl.exe","29584","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","" "11:31:27.5725019 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","REPARSE","Desired Access: Read" "11:31:27.5725147 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","Desired Access: Read" "11:31:27.5725271 AM","icl.exe","29584","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale\ar-BH","NAME NOT FOUND","Length: 532" "11:31:27.5725561 AM","icl.exe","29584","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","" "11:31:27.5725731 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","REPARSE","Desired Access: Read" "11:31:27.5725844 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","Desired Access: Read" "11:31:27.5725956 AM","icl.exe","29584","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale\ar-DZ","NAME NOT FOUND","Length: 532" "11:31:27.5726068 AM","icl.exe","29584","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","" "11:31:27.5726181 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","REPARSE","Desired Access: Read" "11:31:27.5726290 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","Desired Access: Read" "11:31:27.5726398 AM","icl.exe","29584","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale\ar-DZ","NAME NOT FOUND","Length: 532" "11:31:27.5726507 AM","icl.exe","29584","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","" "11:31:27.5726652 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","REPARSE","Desired Access: Read" "11:31:27.5726761 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","Desired Access: Read" "11:31:27.5726868 AM","icl.exe","29584","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale\ar-EG","NAME NOT FOUND","Length: 532" "11:31:27.5726976 AM","icl.exe","29584","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","" "11:31:27.5727088 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","REPARSE","Desired Access: Read" "11:31:27.5727197 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","Desired Access: Read" "11:31:27.5727330 AM","icl.exe","29584","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale\ar-EG","NAME NOT FOUND","Length: 532" "11:31:27.5727441 AM","icl.exe","29584","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","" "11:31:27.5727607 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","REPARSE","Desired Access: Read" "11:31:27.5727716 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","Desired Access: Read" "11:31:27.5727823 AM","icl.exe","29584","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale\ar-IQ","NAME NOT FOUND","Length: 532" "11:31:27.5727931 AM","icl.exe","29584","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","" "11:31:27.5728042 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","REPARSE","Desired Access: Read" "11:31:27.5728158 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","Desired Access: Read" "11:31:27.5728268 AM","icl.exe","29584","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale\ar-IQ","NAME NOT FOUND","Length: 532" "11:31:27.5728377 AM","icl.exe","29584","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","" "11:31:27.5728516 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","REPARSE","Desired Access: Read" "11:31:27.5728630 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","Desired Access: Read" "11:31:27.5728738 AM","icl.exe","29584","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale\ar-JO","NAME NOT FOUND","Length: 532" "11:31:27.5728848 AM","icl.exe","29584","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","" "11:31:27.5728969 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","REPARSE","Desired Access: Read" "11:31:27.5729078 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","Desired Access: Read" "11:31:27.5729186 AM","icl.exe","29584","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale\ar-JO","NAME NOT FOUND","Length: 532" "11:31:27.5729296 AM","icl.exe","29584","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","" "11:31:27.5729452 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","REPARSE","Desired Access: Read" "11:31:27.5729561 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","Desired Access: Read" "11:31:27.5729667 AM","icl.exe","29584","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale\ar-KW","NAME NOT FOUND","Length: 532" "11:31:27.5729777 AM","icl.exe","29584","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","" "11:31:27.5729889 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","REPARSE","Desired Access: Read" "11:31:27.5729999 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","Desired Access: Read" "11:31:27.5730106 AM","icl.exe","29584","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale\ar-KW","NAME NOT FOUND","Length: 532" "11:31:27.5730216 AM","icl.exe","29584","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","" "11:31:27.5730355 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","REPARSE","Desired Access: Read" "11:31:27.5730463 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","Desired Access: Read" "11:31:27.5730569 AM","icl.exe","29584","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale\ar-LB","NAME NOT FOUND","Length: 532" "11:31:27.5730681 AM","icl.exe","29584","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","" "11:31:27.5730801 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","REPARSE","Desired Access: Read" "11:31:27.5730910 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","Desired Access: Read" "11:31:27.5731018 AM","icl.exe","29584","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale\ar-LB","NAME NOT FOUND","Length: 532" "11:31:27.5731126 AM","icl.exe","29584","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","" "11:31:27.5731282 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","REPARSE","Desired Access: Read" "11:31:27.5731390 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","Desired Access: Read" "11:31:27.5731497 AM","icl.exe","29584","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale\ar-LY","NAME NOT FOUND","Length: 532" "11:31:27.5731605 AM","icl.exe","29584","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","" "11:31:27.5731715 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","REPARSE","Desired Access: Read" "11:31:27.5731823 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","Desired Access: Read" "11:31:27.5731930 AM","icl.exe","29584","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale\ar-LY","NAME NOT FOUND","Length: 532" "11:31:27.5732040 AM","icl.exe","29584","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","" "11:31:27.5732180 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","REPARSE","Desired Access: Read" "11:31:27.5732288 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","Desired Access: Read" "11:31:27.5732398 AM","icl.exe","29584","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale\ar-MA","NAME NOT FOUND","Length: 532" "11:31:27.5732514 AM","icl.exe","29584","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","" "11:31:27.5732627 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","REPARSE","Desired Access: Read" "11:31:27.5732734 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","Desired Access: Read" "11:31:27.5732840 AM","icl.exe","29584","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale\ar-MA","NAME NOT FOUND","Length: 532" "11:31:27.5732949 AM","icl.exe","29584","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","" "11:31:27.5733104 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","REPARSE","Desired Access: Read" "11:31:27.5733212 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","Desired Access: Read" "11:31:27.5733418 AM","icl.exe","29584","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale\ar-OM","NAME NOT FOUND","Length: 532" "11:31:27.5733528 AM","icl.exe","29584","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","" "11:31:27.5733645 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","REPARSE","Desired Access: Read" "11:31:27.5733763 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","Desired Access: Read" "11:31:27.5733871 AM","icl.exe","29584","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale\ar-OM","NAME NOT FOUND","Length: 532" "11:31:27.5733981 AM","icl.exe","29584","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","" "11:31:27.5734159 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","REPARSE","Desired Access: Read" "11:31:27.5734271 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","Desired Access: Read" "11:31:27.5734379 AM","icl.exe","29584","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale\ar-QA","NAME NOT FOUND","Length: 532" "11:31:27.5734488 AM","icl.exe","29584","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","" "11:31:27.5734601 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","REPARSE","Desired Access: Read" "11:31:27.5734710 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","Desired Access: Read" "11:31:27.5734817 AM","icl.exe","29584","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale\ar-QA","NAME NOT FOUND","Length: 532" "11:31:27.5734927 AM","icl.exe","29584","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","" "11:31:27.5735070 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","REPARSE","Desired Access: Read" "11:31:27.5735178 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","Desired Access: Read" "11:31:27.5735284 AM","icl.exe","29584","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale\ar-SA","NAME NOT FOUND","Length: 532" "11:31:27.5735521 AM","icl.exe","29584","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","" "11:31:27.5735635 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","REPARSE","Desired Access: Read" "11:31:27.5735745 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","Desired Access: Read" "11:31:27.5735854 AM","icl.exe","29584","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale\ar-SA","NAME NOT FOUND","Length: 532" "11:31:27.5735964 AM","icl.exe","29584","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","" "11:31:27.5736277 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","REPARSE","Desired Access: Read" "11:31:27.5736389 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","Desired Access: Read" "11:31:27.5736500 AM","icl.exe","29584","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale\ar-SY","NAME NOT FOUND","Length: 532" "11:31:27.5736608 AM","icl.exe","29584","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","" "11:31:27.5736720 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","REPARSE","Desired Access: Read" "11:31:27.5736828 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","Desired Access: Read" "11:31:27.5736934 AM","icl.exe","29584","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale\ar-SY","NAME NOT FOUND","Length: 532" "11:31:27.5737042 AM","icl.exe","29584","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","" "11:31:27.5737181 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","REPARSE","Desired Access: Read" "11:31:27.5737291 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","Desired Access: Read" "11:31:27.5737398 AM","icl.exe","29584","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale\ar-TN","NAME NOT FOUND","Length: 532" "11:31:27.5737506 AM","icl.exe","29584","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","" "11:31:27.5737616 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","REPARSE","Desired Access: Read" "11:31:27.5737725 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","Desired Access: Read" "11:31:27.5737844 AM","icl.exe","29584","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale\ar-TN","NAME NOT FOUND","Length: 532" "11:31:27.5737954 AM","icl.exe","29584","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","" "11:31:27.5738092 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","REPARSE","Desired Access: Read" "11:31:27.5738200 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","Desired Access: Read" "11:31:27.5738307 AM","icl.exe","29584","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale\ar-YE","NAME NOT FOUND","Length: 532" "11:31:27.5738414 AM","icl.exe","29584","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","" "11:31:27.5738525 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","REPARSE","Desired Access: Read" "11:31:27.5738635 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","Desired Access: Read" "11:31:27.5738742 AM","icl.exe","29584","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale\ar-YE","NAME NOT FOUND","Length: 532" "11:31:27.5738851 AM","icl.exe","29584","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","" "11:31:27.5739002 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","REPARSE","Desired Access: Read" "11:31:27.5739111 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","Desired Access: Read" "11:31:27.5739219 AM","icl.exe","29584","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale\arn-CL","NAME NOT FOUND","Length: 532" "11:31:27.5739328 AM","icl.exe","29584","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","" "11:31:27.5739439 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","REPARSE","Desired Access: Read" "11:31:27.5739548 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","Desired Access: Read" "11:31:27.5739656 AM","icl.exe","29584","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale\arn-CL","NAME NOT FOUND","Length: 532" "11:31:27.5739765 AM","icl.exe","29584","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","" "11:31:27.5739909 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","REPARSE","Desired Access: Read" "11:31:27.5740019 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","Desired Access: Read" "11:31:27.5740126 AM","icl.exe","29584","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale\as-IN","NAME NOT FOUND","Length: 532" "11:31:27.5740236 AM","icl.exe","29584","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","" "11:31:27.5740347 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","REPARSE","Desired Access: Read" "11:31:27.5740456 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","Desired Access: Read" "11:31:27.5740563 AM","icl.exe","29584","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale\as-IN","NAME NOT FOUND","Length: 532" "11:31:27.5740672 AM","icl.exe","29584","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","" "11:31:27.5740839 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","REPARSE","Desired Access: Read" "11:31:27.5740947 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","Desired Access: Read" "11:31:27.5741055 AM","icl.exe","29584","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale\az-Cyrl-AZ","NAME NOT FOUND","Length: 532" "11:31:27.5741164 AM","icl.exe","29584","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","" "11:31:27.5741276 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","REPARSE","Desired Access: Read" "11:31:27.5741384 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","Desired Access: Read" "11:31:27.5741495 AM","icl.exe","29584","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale\az-Cyrl-AZ","NAME NOT FOUND","Length: 532" "11:31:27.5741613 AM","icl.exe","29584","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","" "11:31:27.5741747 AM","icl.exe","29584","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\CodePage\1251","SUCCESS","Type: REG_SZ, Length: 22, Data: c_1251.nls" "11:31:27.5743177 AM","icl.exe","29584","CreateFile","C:\Windows\System32\C_1251.NLS","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:27.5743539 AM","icl.exe","29584","QueryBasicInformationFile","C:\Windows\System32\C_1251.NLS","SUCCESS","CreationTime: 12/7/2019 2:08:49 AM, LastAccessTime: 3/25/2021 10:46:36 AM, LastWriteTime: 12/7/2019 2:08:49 AM, ChangeTime: 3/10/2021 10:18:37 PM, FileAttributes: A" "11:31:27.5743650 AM","icl.exe","29584","CloseFile","C:\Windows\System32\C_1251.NLS","SUCCESS","" "11:31:27.5744235 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","REPARSE","Desired Access: Read" "11:31:27.5744368 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","Desired Access: Read" "11:31:27.5744496 AM","icl.exe","29584","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale\az-Latn-AZ","NAME NOT FOUND","Length: 532" "11:31:27.5744621 AM","icl.exe","29584","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","" "11:31:27.5744738 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","REPARSE","Desired Access: Read" "11:31:27.5744851 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","Desired Access: Read" "11:31:27.5744965 AM","icl.exe","29584","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale\az-Latn-AZ","NAME NOT FOUND","Length: 532" "11:31:27.5745084 AM","icl.exe","29584","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","" "11:31:27.5745207 AM","icl.exe","29584","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\CodePage\1254","SUCCESS","Type: REG_SZ, Length: 22, Data: c_1254.nls" "11:31:27.5746645 AM","icl.exe","29584","CreateFile","C:\Windows\System32\C_1254.NLS","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:27.5746972 AM","icl.exe","29584","QueryBasicInformationFile","C:\Windows\System32\C_1254.NLS","SUCCESS","CreationTime: 12/7/2019 2:08:49 AM, LastAccessTime: 3/25/2021 10:46:36 AM, LastWriteTime: 12/7/2019 2:08:49 AM, ChangeTime: 3/10/2021 10:18:37 PM, FileAttributes: A" "11:31:27.5747080 AM","icl.exe","29584","CloseFile","C:\Windows\System32\C_1254.NLS","SUCCESS","" "11:31:27.5747592 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","REPARSE","Desired Access: Read" "11:31:27.5747721 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","Desired Access: Read" "11:31:27.5747849 AM","icl.exe","29584","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale\ba-RU","NAME NOT FOUND","Length: 532" "11:31:27.5747974 AM","icl.exe","29584","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","" "11:31:27.5748090 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","REPARSE","Desired Access: Read" "11:31:27.5748201 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","Desired Access: Read" "11:31:27.5748313 AM","icl.exe","29584","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale\ba-RU","NAME NOT FOUND","Length: 532" "11:31:27.5748428 AM","icl.exe","29584","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","" "11:31:27.5748604 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","REPARSE","Desired Access: Read" "11:31:27.5748714 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","Desired Access: Read" "11:31:27.5748821 AM","icl.exe","29584","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale\be-BY","NAME NOT FOUND","Length: 532" "11:31:27.5748932 AM","icl.exe","29584","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","" "11:31:27.5749052 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","REPARSE","Desired Access: Read" "11:31:27.5749162 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","Desired Access: Read" "11:31:27.5749268 AM","icl.exe","29584","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale\be-BY","NAME NOT FOUND","Length: 532" "11:31:27.5749377 AM","icl.exe","29584","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","" "11:31:27.5749538 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","REPARSE","Desired Access: Read" "11:31:27.5749656 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","Desired Access: Read" "11:31:27.5749766 AM","icl.exe","29584","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale\bg-BG","NAME NOT FOUND","Length: 532" "11:31:27.5749875 AM","icl.exe","29584","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","" "11:31:27.5749988 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","REPARSE","Desired Access: Read" "11:31:27.5750107 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","Desired Access: Read" "11:31:27.5750216 AM","icl.exe","29584","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale\bg-BG","NAME NOT FOUND","Length: 532" "11:31:27.5750325 AM","icl.exe","29584","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","" "11:31:27.5750483 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","REPARSE","Desired Access: Read" "11:31:27.5750591 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","Desired Access: Read" "11:31:27.5750699 AM","icl.exe","29584","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale\bin-NG","NAME NOT FOUND","Length: 532" "11:31:27.5750808 AM","icl.exe","29584","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","" "11:31:27.5750919 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","REPARSE","Desired Access: Read" "11:31:27.5751028 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","Desired Access: Read" "11:31:27.5751134 AM","icl.exe","29584","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale\bin-NG","NAME NOT FOUND","Length: 532" "11:31:27.5751244 AM","icl.exe","29584","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","" "11:31:27.5751388 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","REPARSE","Desired Access: Read" "11:31:27.5751498 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","Desired Access: Read" "11:31:27.5751605 AM","icl.exe","29584","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale\bn-BD","NAME NOT FOUND","Length: 532" "11:31:27.5751714 AM","icl.exe","29584","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","" "11:31:27.5751825 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","REPARSE","Desired Access: Read" "11:31:27.5751936 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","Desired Access: Read" "11:31:27.5752042 AM","icl.exe","29584","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale\bn-BD","NAME NOT FOUND","Length: 532" "11:31:27.5752151 AM","icl.exe","29584","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","" "11:31:27.5752315 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","REPARSE","Desired Access: Read" "11:31:27.5752424 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","Desired Access: Read" "11:31:27.5752530 AM","icl.exe","29584","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale\bn-IN","NAME NOT FOUND","Length: 532" "11:31:27.5752640 AM","icl.exe","29584","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","" "11:31:27.5752751 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","REPARSE","Desired Access: Read" "11:31:27.5752860 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","Desired Access: Read" "11:31:27.5752967 AM","icl.exe","29584","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale\bn-IN","NAME NOT FOUND","Length: 532" "11:31:27.5753076 AM","icl.exe","29584","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","" "11:31:27.5753219 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","REPARSE","Desired Access: Read" "11:31:27.5753327 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","Desired Access: Read" "11:31:27.5753433 AM","icl.exe","29584","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale\bo-CN","NAME NOT FOUND","Length: 532" "11:31:27.5753577 AM","icl.exe","29584","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","" "11:31:27.5753705 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","REPARSE","Desired Access: Read" "11:31:27.5753816 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","Desired Access: Read" "11:31:27.5753924 AM","icl.exe","29584","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale\bo-CN","NAME NOT FOUND","Length: 532" "11:31:27.5754033 AM","icl.exe","29584","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","" "11:31:27.5754209 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","REPARSE","Desired Access: Read" "11:31:27.5754318 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","Desired Access: Read" "11:31:27.5754425 AM","icl.exe","29584","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale\br-FR","NAME NOT FOUND","Length: 532" "11:31:27.5754533 AM","icl.exe","29584","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","" "11:31:27.5754645 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","REPARSE","Desired Access: Read" "11:31:27.5754754 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","Desired Access: Read" "11:31:27.5754860 AM","icl.exe","29584","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale\br-FR","NAME NOT FOUND","Length: 532" "11:31:27.5754969 AM","icl.exe","29584","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","" "11:31:27.5755142 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","REPARSE","Desired Access: Read" "11:31:27.5755250 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","Desired Access: Read" "11:31:27.5755526 AM","icl.exe","29584","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale\bs-Cyrl-BA","NAME NOT FOUND","Length: 532" "11:31:27.5755636 AM","icl.exe","29584","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","" "11:31:27.5755750 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","REPARSE","Desired Access: Read" "11:31:27.5755858 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","Desired Access: Read" "11:31:27.5755967 AM","icl.exe","29584","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale\bs-Cyrl-BA","NAME NOT FOUND","Length: 532" "11:31:27.5756247 AM","icl.exe","29584","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","" "11:31:27.5756415 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","REPARSE","Desired Access: Read" "11:31:27.5756525 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","Desired Access: Read" "11:31:27.5756636 AM","icl.exe","29584","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale\bs-Latn-BA","NAME NOT FOUND","Length: 532" "11:31:27.5756749 AM","icl.exe","29584","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","" "11:31:27.5756871 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","REPARSE","Desired Access: Read" "11:31:27.5756980 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","Desired Access: Read" "11:31:27.5757089 AM","icl.exe","29584","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale\bs-Latn-BA","NAME NOT FOUND","Length: 532" "11:31:27.5757198 AM","icl.exe","29584","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","" "11:31:27.5757312 AM","icl.exe","29584","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\CodePage\1250","SUCCESS","Type: REG_SZ, Length: 22, Data: c_1250.nls" "11:31:27.5758700 AM","icl.exe","29584","CreateFile","C:\Windows\System32\C_1250.NLS","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:27.5759047 AM","icl.exe","29584","QueryBasicInformationFile","C:\Windows\System32\C_1250.NLS","SUCCESS","CreationTime: 12/7/2019 2:08:49 AM, LastAccessTime: 3/25/2021 10:46:36 AM, LastWriteTime: 12/7/2019 2:08:49 AM, ChangeTime: 3/10/2021 10:18:37 PM, FileAttributes: A" "11:31:27.5759155 AM","icl.exe","29584","CloseFile","C:\Windows\System32\C_1250.NLS","SUCCESS","" "11:31:27.5759666 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","REPARSE","Desired Access: Read" "11:31:27.5759794 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","Desired Access: Read" "11:31:27.5759919 AM","icl.exe","29584","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale\ca-ES","NAME NOT FOUND","Length: 532" "11:31:27.5760041 AM","icl.exe","29584","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","" "11:31:27.5760157 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","REPARSE","Desired Access: Read" "11:31:27.5760287 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","Desired Access: Read" "11:31:27.5760401 AM","icl.exe","29584","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale\ca-ES","NAME NOT FOUND","Length: 532" "11:31:27.5760514 AM","icl.exe","29584","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","" "11:31:27.5760692 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","REPARSE","Desired Access: Read" "11:31:27.5760802 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","Desired Access: Read" "11:31:27.5760912 AM","icl.exe","29584","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale\ca-ES-valencia","NAME NOT FOUND","Length: 532" "11:31:27.5761021 AM","icl.exe","29584","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","" "11:31:27.5761133 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","REPARSE","Desired Access: Read" "11:31:27.5761242 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","Desired Access: Read" "11:31:27.5761351 AM","icl.exe","29584","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale\ca-ES-valencia","NAME NOT FOUND","Length: 532" "11:31:27.5761461 AM","icl.exe","29584","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","" "11:31:27.5761624 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","REPARSE","Desired Access: Read" "11:31:27.5761735 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","Desired Access: Read" "11:31:27.5761842 AM","icl.exe","29584","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale\chr-Cher-US","NAME NOT FOUND","Length: 532" "11:31:27.5761951 AM","icl.exe","29584","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","" "11:31:27.5762063 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","REPARSE","Desired Access: Read" "11:31:27.5762172 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","Desired Access: Read" "11:31:27.5762281 AM","icl.exe","29584","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale\chr-Cher-US","NAME NOT FOUND","Length: 532" "11:31:27.5762391 AM","icl.exe","29584","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","" "11:31:27.5762567 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","REPARSE","Desired Access: Read" "11:31:27.5762676 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","Desired Access: Read" "11:31:27.5762784 AM","icl.exe","29584","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale\co-FR","NAME NOT FOUND","Length: 532" "11:31:27.5762891 AM","icl.exe","29584","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","" "11:31:27.5763008 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","REPARSE","Desired Access: Read" "11:31:27.5763128 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","Desired Access: Read" "11:31:27.5763236 AM","icl.exe","29584","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale\co-FR","NAME NOT FOUND","Length: 532" "11:31:27.5763345 AM","icl.exe","29584","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","" "11:31:27.5763487 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","REPARSE","Desired Access: Read" "11:31:27.5763596 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","Desired Access: Read" "11:31:27.5763707 AM","icl.exe","29584","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale\cs-CZ","NAME NOT FOUND","Length: 532" "11:31:27.5763824 AM","icl.exe","29584","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","" "11:31:27.5763936 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","REPARSE","Desired Access: Read" "11:31:27.5764046 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","Desired Access: Read" "11:31:27.5764153 AM","icl.exe","29584","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale\cs-CZ","NAME NOT FOUND","Length: 532" "11:31:27.5764273 AM","icl.exe","29584","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","" "11:31:27.5764417 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","REPARSE","Desired Access: Read" "11:31:27.5764526 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","Desired Access: Read" "11:31:27.5764633 AM","icl.exe","29584","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale\cy-GB","NAME NOT FOUND","Length: 532" "11:31:27.5764741 AM","icl.exe","29584","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","" "11:31:27.5764852 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","REPARSE","Desired Access: Read" "11:31:27.5764961 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","Desired Access: Read" "11:31:27.5765068 AM","icl.exe","29584","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale\cy-GB","NAME NOT FOUND","Length: 532" "11:31:27.5765176 AM","icl.exe","29584","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","" "11:31:27.5765499 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","REPARSE","Desired Access: Read" "11:31:27.5765611 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","Desired Access: Read" "11:31:27.5765719 AM","icl.exe","29584","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale\da-DK","NAME NOT FOUND","Length: 532" "11:31:27.5765829 AM","icl.exe","29584","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","" "11:31:27.5765941 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","REPARSE","Desired Access: Read" "11:31:27.5766050 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","Desired Access: Read" "11:31:27.5766156 AM","icl.exe","29584","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale\da-DK","NAME NOT FOUND","Length: 532" "11:31:27.5766266 AM","icl.exe","29584","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","" "11:31:27.5766427 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","REPARSE","Desired Access: Read" "11:31:27.5766537 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","Desired Access: Read" "11:31:27.5766644 AM","icl.exe","29584","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale\de-AT","NAME NOT FOUND","Length: 532" "11:31:27.5766753 AM","icl.exe","29584","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","" "11:31:27.5766864 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","REPARSE","Desired Access: Read" "11:31:27.5766972 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","Desired Access: Read" "11:31:27.5767077 AM","icl.exe","29584","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale\de-AT","NAME NOT FOUND","Length: 532" "11:31:27.5767187 AM","icl.exe","29584","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","" "11:31:27.5767328 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","REPARSE","Desired Access: Read" "11:31:27.5767437 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","Desired Access: Read" "11:31:27.5767544 AM","icl.exe","29584","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale\de-CH","NAME NOT FOUND","Length: 532" "11:31:27.5767651 AM","icl.exe","29584","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","" "11:31:27.5767762 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","REPARSE","Desired Access: Read" "11:31:27.5767885 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","Desired Access: Read" "11:31:27.5767991 AM","icl.exe","29584","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale\de-CH","NAME NOT FOUND","Length: 532" "11:31:27.5768101 AM","icl.exe","29584","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","" "11:31:27.5768268 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","REPARSE","Desired Access: Read" "11:31:27.5768377 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","Desired Access: Read" "11:31:27.5768482 AM","icl.exe","29584","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale\de-DE","NAME NOT FOUND","Length: 532" "11:31:27.5768593 AM","icl.exe","29584","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","" "11:31:27.5768704 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","REPARSE","Desired Access: Read" "11:31:27.5768814 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","Desired Access: Read" "11:31:27.5768920 AM","icl.exe","29584","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale\de-DE","NAME NOT FOUND","Length: 532" "11:31:27.5769030 AM","icl.exe","29584","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","" "11:31:27.5769185 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","REPARSE","Desired Access: Read" "11:31:27.5769295 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","Desired Access: Read" "11:31:27.5769401 AM","icl.exe","29584","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale\de-LI","NAME NOT FOUND","Length: 532" "11:31:27.5769510 AM","icl.exe","29584","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","" "11:31:27.5769621 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","REPARSE","Desired Access: Read" "11:31:27.5769730 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","Desired Access: Read" "11:31:27.5769835 AM","icl.exe","29584","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale\de-LI","NAME NOT FOUND","Length: 532" "11:31:27.5769943 AM","icl.exe","29584","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","" "11:31:27.5770083 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","REPARSE","Desired Access: Read" "11:31:27.5770193 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","Desired Access: Read" "11:31:27.5770299 AM","icl.exe","29584","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale\de-LU","NAME NOT FOUND","Length: 532" "11:31:27.5770408 AM","icl.exe","29584","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","" "11:31:27.5770518 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","REPARSE","Desired Access: Read" "11:31:27.5770627 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","Desired Access: Read" "11:31:27.5770733 AM","icl.exe","29584","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale\de-LU","NAME NOT FOUND","Length: 532" "11:31:27.5770841 AM","icl.exe","29584","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","" "11:31:27.5770984 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","REPARSE","Desired Access: Read" "11:31:27.5771106 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","Desired Access: Read" "11:31:27.5771226 AM","icl.exe","29584","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale\dsb-DE","NAME NOT FOUND","Length: 532" "11:31:27.5771335 AM","icl.exe","29584","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","" "11:31:27.5771446 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","REPARSE","Desired Access: Read" "11:31:27.5771555 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","Desired Access: Read" "11:31:27.5771662 AM","icl.exe","29584","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale\dsb-DE","NAME NOT FOUND","Length: 532" "11:31:27.5771771 AM","icl.exe","29584","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","" "11:31:27.5771938 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","REPARSE","Desired Access: Read" "11:31:27.5772047 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","Desired Access: Read" "11:31:27.5772155 AM","icl.exe","29584","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale\dv-MV","NAME NOT FOUND","Length: 532" "11:31:27.5772264 AM","icl.exe","29584","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","" "11:31:27.5772374 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","REPARSE","Desired Access: Read" "11:31:27.5772486 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","Desired Access: Read" "11:31:27.5772595 AM","icl.exe","29584","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale\dv-MV","NAME NOT FOUND","Length: 532" "11:31:27.5772703 AM","icl.exe","29584","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","" "11:31:27.5772867 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","REPARSE","Desired Access: Read" "11:31:27.5772977 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","Desired Access: Read" "11:31:27.5773084 AM","icl.exe","29584","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale\dz-BT","NAME NOT FOUND","Length: 532" "11:31:27.5773193 AM","icl.exe","29584","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","" "11:31:27.5773305 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","REPARSE","Desired Access: Read" "11:31:27.5773413 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","Desired Access: Read" "11:31:27.5773520 AM","icl.exe","29584","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale\dz-BT","NAME NOT FOUND","Length: 532" "11:31:27.5773629 AM","icl.exe","29584","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","" "11:31:27.5773773 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","REPARSE","Desired Access: Read" "11:31:27.5773887 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","Desired Access: Read" "11:31:27.5773996 AM","icl.exe","29584","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale\el-GR","NAME NOT FOUND","Length: 532" "11:31:27.5774104 AM","icl.exe","29584","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","" "11:31:27.5774216 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","REPARSE","Desired Access: Read" "11:31:27.5774493 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","Desired Access: Read" "11:31:27.5774605 AM","icl.exe","29584","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale\el-GR","NAME NOT FOUND","Length: 532" "11:31:27.5774714 AM","icl.exe","29584","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","" "11:31:27.5774856 AM","icl.exe","29584","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\CodePage\1253","SUCCESS","Type: REG_SZ, Length: 22, Data: c_1253.nls" "11:31:27.5776363 AM","icl.exe","29584","CreateFile","C:\Windows\System32\C_1253.NLS","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:27.5776710 AM","icl.exe","29584","QueryBasicInformationFile","C:\Windows\System32\C_1253.NLS","SUCCESS","CreationTime: 12/7/2019 2:08:49 AM, LastAccessTime: 3/25/2021 10:46:36 AM, LastWriteTime: 12/7/2019 2:08:49 AM, ChangeTime: 3/10/2021 10:18:37 PM, FileAttributes: A" "11:31:27.5776819 AM","icl.exe","29584","CloseFile","C:\Windows\System32\C_1253.NLS","SUCCESS","" "11:31:27.5777358 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","REPARSE","Desired Access: Read" "11:31:27.5777484 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","Desired Access: Read" "11:31:27.5777607 AM","icl.exe","29584","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale\en-029","NAME NOT FOUND","Length: 532" "11:31:27.5777729 AM","icl.exe","29584","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","" "11:31:27.5777851 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","REPARSE","Desired Access: Read" "11:31:27.5777961 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","Desired Access: Read" "11:31:27.5778072 AM","icl.exe","29584","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale\en-029","NAME NOT FOUND","Length: 532" "11:31:27.5778184 AM","icl.exe","29584","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","" "11:31:27.5778344 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","REPARSE","Desired Access: Read" "11:31:27.5778466 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","Desired Access: Read" "11:31:27.5778575 AM","icl.exe","29584","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale\en-AE","NAME NOT FOUND","Length: 532" "11:31:27.5778684 AM","icl.exe","29584","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","" "11:31:27.5778797 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","REPARSE","Desired Access: Read" "11:31:27.5778905 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","Desired Access: Read" "11:31:27.5779011 AM","icl.exe","29584","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale\en-AE","NAME NOT FOUND","Length: 532" "11:31:27.5779120 AM","icl.exe","29584","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","" "11:31:27.5779268 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","REPARSE","Desired Access: Read" "11:31:27.5779378 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","Desired Access: Read" "11:31:27.5779484 AM","icl.exe","29584","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale\en-AU","NAME NOT FOUND","Length: 532" "11:31:27.5779594 AM","icl.exe","29584","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","" "11:31:27.5779706 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","REPARSE","Desired Access: Read" "11:31:27.5779818 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","Desired Access: Read" "11:31:27.5779925 AM","icl.exe","29584","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale\en-AU","NAME NOT FOUND","Length: 532" "11:31:27.5780033 AM","icl.exe","29584","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","" "11:31:27.5780208 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","REPARSE","Desired Access: Read" "11:31:27.5780318 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","Desired Access: Read" "11:31:27.5780426 AM","icl.exe","29584","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale\en-BZ","NAME NOT FOUND","Length: 532" "11:31:27.5780536 AM","icl.exe","29584","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","" "11:31:27.5780648 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","REPARSE","Desired Access: Read" "11:31:27.5780764 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","Desired Access: Read" "11:31:27.5780886 AM","icl.exe","29584","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale\en-BZ","NAME NOT FOUND","Length: 532" "11:31:27.5780996 AM","icl.exe","29584","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","" "11:31:27.5781162 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","REPARSE","Desired Access: Read" "11:31:27.5781271 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","Desired Access: Read" "11:31:27.5781378 AM","icl.exe","29584","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale\en-CA","NAME NOT FOUND","Length: 532" "11:31:27.5781488 AM","icl.exe","29584","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","" "11:31:27.5781599 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","REPARSE","Desired Access: Read" "11:31:27.5781713 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","Desired Access: Read" "11:31:27.5781824 AM","icl.exe","29584","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale\en-CA","NAME NOT FOUND","Length: 532" "11:31:27.5781932 AM","icl.exe","29584","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","" "11:31:27.5782092 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","REPARSE","Desired Access: Read" "11:31:27.5782200 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","Desired Access: Read" "11:31:27.5782307 AM","icl.exe","29584","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale\en-GB","NAME NOT FOUND","Length: 532" "11:31:27.5782416 AM","icl.exe","29584","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","" "11:31:27.5782527 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","REPARSE","Desired Access: Read" "11:31:27.5782635 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","Desired Access: Read" "11:31:27.5782742 AM","icl.exe","29584","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale\en-GB","NAME NOT FOUND","Length: 532" "11:31:27.5782851 AM","icl.exe","29584","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","" "11:31:27.5783017 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","REPARSE","Desired Access: Read" "11:31:27.5783126 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","Desired Access: Read" "11:31:27.5783232 AM","icl.exe","29584","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale\en-HK","NAME NOT FOUND","Length: 532" "11:31:27.5783340 AM","icl.exe","29584","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","" "11:31:27.5783453 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","REPARSE","Desired Access: Read" "11:31:27.5783562 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","Desired Access: Read" "11:31:27.5783669 AM","icl.exe","29584","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale\en-HK","NAME NOT FOUND","Length: 532" "11:31:27.5783778 AM","icl.exe","29584","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","" "11:31:27.5783922 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","REPARSE","Desired Access: Read" "11:31:27.5784030 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","Desired Access: Read" "11:31:27.5784136 AM","icl.exe","29584","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale\en-ID","NAME NOT FOUND","Length: 532" "11:31:27.5784247 AM","icl.exe","29584","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","" "11:31:27.5784366 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","REPARSE","Desired Access: Read" "11:31:27.5784476 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","Desired Access: Read" "11:31:27.5784584 AM","icl.exe","29584","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale\en-ID","NAME NOT FOUND","Length: 532" "11:31:27.5784693 AM","icl.exe","29584","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","" "11:31:27.5784839 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","REPARSE","Desired Access: Read" "11:31:27.5784957 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","Desired Access: Read" "11:31:27.5785064 AM","icl.exe","29584","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale\en-IE","NAME NOT FOUND","Length: 532" "11:31:27.5785173 AM","icl.exe","29584","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","" "11:31:27.5785285 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","REPARSE","Desired Access: Read" "11:31:27.5785396 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","Desired Access: Read" "11:31:27.5785661 AM","icl.exe","29584","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale\en-IE","NAME NOT FOUND","Length: 532" "11:31:27.5785772 AM","icl.exe","29584","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","" "11:31:27.5786359 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","REPARSE","Desired Access: Read" "11:31:27.5786540 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","Desired Access: Read" "11:31:27.5786717 AM","icl.exe","29584","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale\en-IN","NAME NOT FOUND","Length: 532" "11:31:27.5786871 AM","icl.exe","29584","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","" "11:31:27.5787010 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","REPARSE","Desired Access: Read" "11:31:27.5787132 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","Desired Access: Read" "11:31:27.5787259 AM","icl.exe","29584","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale\en-IN","NAME NOT FOUND","Length: 532" "11:31:27.5787383 AM","icl.exe","29584","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","" "11:31:27.5787590 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","REPARSE","Desired Access: Read" "11:31:27.5787704 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","Desired Access: Read" "11:31:27.5787817 AM","icl.exe","29584","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale\en-JM","NAME NOT FOUND","Length: 532" "11:31:27.5787934 AM","icl.exe","29584","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","" "11:31:27.5788050 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","REPARSE","Desired Access: Read" "11:31:27.5788162 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","Desired Access: Read" "11:31:27.5788273 AM","icl.exe","29584","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale\en-JM","NAME NOT FOUND","Length: 532" "11:31:27.5788385 AM","icl.exe","29584","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","" "11:31:27.5788606 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","REPARSE","Desired Access: Read" "11:31:27.5788718 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","Desired Access: Read" "11:31:27.5788828 AM","icl.exe","29584","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale\en-MY","NAME NOT FOUND","Length: 532" "11:31:27.5788939 AM","icl.exe","29584","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","" "11:31:27.5789053 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","REPARSE","Desired Access: Read" "11:31:27.5789164 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","Desired Access: Read" "11:31:27.5789273 AM","icl.exe","29584","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale\en-MY","NAME NOT FOUND","Length: 532" "11:31:27.5789382 AM","icl.exe","29584","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","" "11:31:27.5789535 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","REPARSE","Desired Access: Read" "11:31:27.5789645 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","Desired Access: Read" "11:31:27.5789753 AM","icl.exe","29584","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale\en-NZ","NAME NOT FOUND","Length: 532" "11:31:27.5789864 AM","icl.exe","29584","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","" "11:31:27.5789976 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","REPARSE","Desired Access: Read" "11:31:27.5790087 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","Desired Access: Read" "11:31:27.5790196 AM","icl.exe","29584","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale\en-NZ","NAME NOT FOUND","Length: 532" "11:31:27.5790305 AM","icl.exe","29584","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","" "11:31:27.5790453 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","REPARSE","Desired Access: Read" "11:31:27.5790569 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","Desired Access: Read" "11:31:27.5790681 AM","icl.exe","29584","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale\en-PH","NAME NOT FOUND","Length: 532" "11:31:27.5790801 AM","icl.exe","29584","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","" "11:31:27.5790923 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","REPARSE","Desired Access: Read" "11:31:27.5791034 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","Desired Access: Read" "11:31:27.5791143 AM","icl.exe","29584","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale\en-PH","NAME NOT FOUND","Length: 532" "11:31:27.5791253 AM","icl.exe","29584","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","" "11:31:27.5791430 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","REPARSE","Desired Access: Read" "11:31:27.5791541 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","Desired Access: Read" "11:31:27.5791649 AM","icl.exe","29584","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale\en-SG","NAME NOT FOUND","Length: 532" "11:31:27.5791759 AM","icl.exe","29584","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","" "11:31:27.5791871 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","REPARSE","Desired Access: Read" "11:31:27.5791980 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","Desired Access: Read" "11:31:27.5792102 AM","icl.exe","29584","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale\en-SG","NAME NOT FOUND","Length: 532" "11:31:27.5792212 AM","icl.exe","29584","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","" "11:31:27.5792372 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","REPARSE","Desired Access: Read" "11:31:27.5792483 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","Desired Access: Read" "11:31:27.5792591 AM","icl.exe","29584","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale\en-TT","NAME NOT FOUND","Length: 532" "11:31:27.5792702 AM","icl.exe","29584","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","" "11:31:27.5792813 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","REPARSE","Desired Access: Read" "11:31:27.5792923 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","Desired Access: Read" "11:31:27.5793030 AM","icl.exe","29584","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale\en-TT","NAME NOT FOUND","Length: 532" "11:31:27.5793139 AM","icl.exe","29584","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","" "11:31:27.5796217 AM","icl.exe","29584","CreateFile","C:\Users\osqa\AppData\Local\Temp","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:27.5796486 AM","icl.exe","29584","QueryBasicInformationFile","C:\Users\osqa\AppData\Local\Temp","SUCCESS","CreationTime: 2/23/2021 6:57:50 PM, LastAccessTime: 3/25/2021 11:31:27 AM, LastWriteTime: 3/25/2021 11:31:23 AM, ChangeTime: 3/25/2021 11:31:23 AM, FileAttributes: D" "11:31:27.5796774 AM","icl.exe","29584","CloseFile","C:\Users\osqa\AppData\Local\Temp","SUCCESS","" "11:31:27.5798207 AM","icl.exe","29584","CreateFile","C:\Users\osqa\AppData\Local\Temp\29584000000091002","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a" "11:31:27.5804531 AM","icl.exe","29584","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:27.5804823 AM","icl.exe","29584","QueryBasicInformationFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows","SUCCESS","CreationTime: 2/24/2021 12:38:24 AM, LastAccessTime: 3/25/2021 11:31:27 AM, LastWriteTime: 2/24/2021 12:45:27 AM, ChangeTime: 2/24/2021 12:45:27 AM, FileAttributes: D" "11:31:27.5804948 AM","icl.exe","29584","CloseFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows","SUCCESS","" "11:31:27.5807338 AM","icl.exe","29584","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\compiler\include","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:27.5807591 AM","icl.exe","29584","QueryBasicInformationFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\compiler\include","SUCCESS","CreationTime: 2/24/2021 12:42:03 AM, LastAccessTime: 3/25/2021 11:31:23 AM, LastWriteTime: 2/24/2021 12:42:51 AM, ChangeTime: 2/24/2021 12:42:51 AM, FileAttributes: D" "11:31:27.5807680 AM","icl.exe","29584","CloseFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\compiler\include","SUCCESS","" "11:31:27.5808986 AM","icl.exe","29584","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\compiler\lib\intel64_win","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:27.5809219 AM","icl.exe","29584","QueryBasicInformationFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\compiler\lib\intel64_win","SUCCESS","CreationTime: 2/24/2021 12:41:58 AM, LastAccessTime: 3/25/2021 9:22:16 AM, LastWriteTime: 2/24/2021 12:42:51 AM, ChangeTime: 2/24/2021 12:42:51 AM, FileAttributes: D" "11:31:27.5809302 AM","icl.exe","29584","CloseFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\compiler\lib\intel64_win","SUCCESS","" "11:31:27.5810160 AM","icl.exe","29584","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\mcpcom","NAME NOT FOUND","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, Write, AllocationSize: n/a" "11:31:27.5810999 AM","icl.exe","29584","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Open For Backup, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:27.5811292 AM","icl.exe","29584","QueryDirectory","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\mcpcom","NO SUCH FILE","FileInformationClass: FileBothDirectoryInformation, Filter: mcpcom" "11:31:27.5811518 AM","icl.exe","29584","CloseFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64","SUCCESS","" "11:31:27.5812390 AM","icl.exe","29584","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\mcpcom.exe","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened" "11:31:27.5812718 AM","icl.exe","29584","CloseFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\mcpcom.exe","SUCCESS","" "11:31:27.5814397 AM","icl.exe","29584","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\cl.exe","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a" "11:31:27.5815925 AM","icl.exe","29584","CreateFile","C:\Windows\System32\cl.exe","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a" "11:31:27.5817143 AM","icl.exe","29584","CreateFile","C:\Windows\System\cl.exe","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a" "11:31:27.5818371 AM","icl.exe","29584","CreateFile","C:\Windows\cl.exe","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a" "11:31:27.5819717 AM","icl.exe","29584","CreateFile","C:\Users\osqa\workarea\osqa_ca-w10-bld-05_os_211\os\osbase\cl.exe","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a" "11:31:27.5821385 AM","icl.exe","29584","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\cl.exe","REPARSE","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: " "11:31:27.5822584 AM","icl.exe","29584","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\cl.exe","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a" "11:31:27.5824857 AM","icl.exe","29584","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\redist\intel64_win\compiler\cl.exe","REPARSE","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: " "11:31:27.5826861 AM","icl.exe","29584","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\redist\intel64_win\compiler\cl.exe","REPARSE","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: " "11:31:27.5828425 AM","icl.exe","29584","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\redist\intel64_win\compiler\cl.exe","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a" "11:31:27.5830263 AM","icl.exe","29584","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\redist\intel64_win\compiler\cl.exe","REPARSE","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: " "11:31:27.5831769 AM","icl.exe","29584","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\redist\intel64_win\compiler\cl.exe","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a" "11:31:27.5839949 AM","icl.exe","29584","CreateFile","C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\CommonExtensions\Microsoft\TestWindow\cl.exe","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a" "11:31:27.5841410 AM","icl.exe","29584","CreateFile","C:\Program Files (x86)\MSBuild\14.0\Bin\amd64\cl.exe","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a" "11:31:27.5842654 AM","icl.exe","29584","CreateFile","C:\Program Files (x86)\Microsoft Visual Studio 14.0\VC\bin\amd64\cl.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:27.5842913 AM","icl.exe","29584","QueryBasicInformationFile","C:\Program Files (x86)\Microsoft Visual Studio 14.0\VC\bin\amd64\cl.exe","SUCCESS","CreationTime: 8/26/2016 12:06:54 AM, LastAccessTime: 3/25/2021 11:31:23 AM, LastWriteTime: 8/26/2016 12:06:54 AM, ChangeTime: 2/23/2021 5:40:28 PM, FileAttributes: RA" "11:31:27.5843017 AM","icl.exe","29584","CloseFile","C:\Program Files (x86)\Microsoft Visual Studio 14.0\VC\bin\amd64\cl.exe","SUCCESS","" "11:31:27.5843801 AM","icl.exe","29584","CreateFile","C:\Program Files (x86)\Microsoft Visual Studio 14.0\VC\bin\amd64\cl.exe","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:27.5844133 AM","icl.exe","29584","CreateFileMapping","C:\Program Files (x86)\Microsoft Visual Studio 14.0\VC\bin\amd64\cl.exe","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_WRITECOPY|PAGE_NOCACHE" "11:31:27.5844424 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Read" "11:31:27.5844593 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Read" "11:31:27.5844741 AM","icl.exe","29584","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 20" "11:31:27.5844895 AM","icl.exe","29584","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","" "11:31:27.5845006 AM","icl.exe","29584","CreateFileMapping","C:\Program Files (x86)\Microsoft Visual Studio 14.0\VC\bin\amd64\cl.exe","SUCCESS","SyncType: SyncTypeOther" "11:31:27.5845463 AM","icl.exe","29584","CloseFile","C:\Program Files (x86)\Microsoft Visual Studio 14.0\VC\bin\amd64\cl.exe","SUCCESS","" "11:31:27.5847347 AM","icl.exe","29584","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\cl.exe","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a" "11:31:27.5848687 AM","icl.exe","29584","CreateFile","C:\Windows\System32\cl.exe","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a" "11:31:27.5849873 AM","icl.exe","29584","CreateFile","C:\Windows\System\cl.exe","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a" "11:31:27.5851073 AM","icl.exe","29584","CreateFile","C:\Windows\cl.exe","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a" "11:31:27.5852381 AM","icl.exe","29584","CreateFile","C:\Users\osqa\workarea\osqa_ca-w10-bld-05_os_211\os\osbase\cl.exe","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a" "11:31:27.5854004 AM","icl.exe","29584","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\cl.exe","REPARSE","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: " "11:31:27.5855183 AM","icl.exe","29584","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\cl.exe","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a" "11:31:27.5857581 AM","icl.exe","29584","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\redist\intel64_win\compiler\cl.exe","REPARSE","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: " "11:31:27.5859367 AM","icl.exe","29584","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\redist\intel64_win\compiler\cl.exe","REPARSE","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: " "11:31:27.5860909 AM","icl.exe","29584","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\redist\intel64_win\compiler\cl.exe","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a" "11:31:27.5862742 AM","icl.exe","29584","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\redist\intel64_win\compiler\cl.exe","REPARSE","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: " "11:31:27.5864357 AM","icl.exe","29584","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\redist\intel64_win\compiler\cl.exe","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a" "11:31:27.5866164 AM","icl.exe","29584","CreateFile","C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\CommonExtensions\Microsoft\TestWindow\cl.exe","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a" "11:31:27.5867718 AM","icl.exe","29584","CreateFile","C:\Program Files (x86)\MSBuild\14.0\Bin\amd64\cl.exe","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a" "11:31:27.5868971 AM","icl.exe","29584","CreateFile","C:\Program Files (x86)\Microsoft Visual Studio 14.0\VC\bin\amd64\cl.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:27.5869205 AM","icl.exe","29584","QueryBasicInformationFile","C:\Program Files (x86)\Microsoft Visual Studio 14.0\VC\bin\amd64\cl.exe","SUCCESS","CreationTime: 8/26/2016 12:06:54 AM, LastAccessTime: 3/25/2021 11:31:27 AM, LastWriteTime: 8/26/2016 12:06:54 AM, ChangeTime: 2/23/2021 5:40:28 PM, FileAttributes: RA" "11:31:27.5869308 AM","icl.exe","29584","CloseFile","C:\Program Files (x86)\Microsoft Visual Studio 14.0\VC\bin\amd64\cl.exe","SUCCESS","" "11:31:27.5870088 AM","icl.exe","29584","CreateFile","C:\Program Files (x86)\Microsoft Visual Studio 14.0\VC\bin\amd64\cl.exe","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:27.5870410 AM","icl.exe","29584","CreateFileMapping","C:\Program Files (x86)\Microsoft Visual Studio 14.0\VC\bin\amd64\cl.exe","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_WRITECOPY|PAGE_NOCACHE" "11:31:27.5870690 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Read" "11:31:27.5870853 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Read" "11:31:27.5870993 AM","icl.exe","29584","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 20" "11:31:27.5871151 AM","icl.exe","29584","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","" "11:31:27.5871258 AM","icl.exe","29584","CreateFileMapping","C:\Program Files (x86)\Microsoft Visual Studio 14.0\VC\bin\amd64\cl.exe","SUCCESS","SyncType: SyncTypeOther" "11:31:27.5871543 AM","icl.exe","29584","CloseFile","C:\Program Files (x86)\Microsoft Visual Studio 14.0\VC\bin\amd64\cl.exe","SUCCESS","" "11:31:27.5884473 AM","icl.exe","29584","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\compiler\include\iostream","REPARSE","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: " "11:31:27.5885325 AM","icl.exe","29584","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\compiler\include\iostream","NAME NOT FOUND","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, Write, AllocationSize: n/a" "11:31:27.5886498 AM","icl.exe","29584","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\compiler\include","REPARSE","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Open For Backup, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: " "11:31:27.5887292 AM","icl.exe","29584","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\compiler\include","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Open For Backup, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:27.5887623 AM","icl.exe","29584","QueryDirectory","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\compiler\include\iostream","NO SUCH FILE","FileInformationClass: FileBothDirectoryInformation, Filter: iostream" "11:31:27.5887882 AM","icl.exe","29584","CloseFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\compiler\include","SUCCESS","" "11:31:27.5889354 AM","icl.exe","29584","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\compiler\include\intel64\iostream","REPARSE","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: " "11:31:27.5890381 AM","icl.exe","29584","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\compiler\include\intel64\iostream","NAME NOT FOUND","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, Write, AllocationSize: n/a" "11:31:27.5891376 AM","icl.exe","29584","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\compiler\include\intel64","REPARSE","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Open For Backup, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: " "11:31:27.5892074 AM","icl.exe","29584","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\compiler\include\intel64","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Open For Backup, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:27.5892337 AM","icl.exe","29584","QueryDirectory","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\compiler\include\intel64\iostream","NO SUCH FILE","FileInformationClass: FileBothDirectoryInformation, Filter: iostream" "11:31:27.5892560 AM","icl.exe","29584","CloseFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\compiler\include\intel64","SUCCESS","" "11:31:27.5893839 AM","icl.exe","29584","CreateFile","C:\Program Files (x86)\Microsoft Visual Studio 14.0\VC\include\iostream","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened" "11:31:27.5894200 AM","icl.exe","29584","CloseFile","C:\Program Files (x86)\Microsoft Visual Studio 14.0\VC\include\iostream","SUCCESS","" "11:31:27.5895632 AM","icl.exe","29584","CreateFile","C:\Users\osqa\workarea\osqa_ca-w10-bld-05_os_211\os\osbase\=C:\PROGRA~2\INTELS~1\COMPIL~1.210\windows\compiler\include\intel64","NAME INVALID","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a" "11:31:27.5896993 AM","icl.exe","29584","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\compiler\include\intel64","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:27.5897241 AM","icl.exe","29584","QueryBasicInformationFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\compiler\include\intel64","SUCCESS","CreationTime: 2/24/2021 12:42:50 AM, LastAccessTime: 3/25/2021 11:31:27 AM, LastWriteTime: 2/24/2021 12:42:51 AM, ChangeTime: 2/24/2021 12:42:51 AM, FileAttributes: D" "11:31:27.5897344 AM","icl.exe","29584","CloseFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\compiler\include\intel64","SUCCESS","" "11:31:27.5898407 AM","icl.exe","29584","CreateFile","C:\Users\osqa\workarea\osqa_ca-w10-bld-05_os_211\os\osbase\=C:\PROGRA~2\INTELS~1\COMPIL~1.210\windows\compiler\include\icc","NAME INVALID","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a" "11:31:27.5899631 AM","icl.exe","29584","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\compiler\include\icc","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:27.5899869 AM","icl.exe","29584","QueryBasicInformationFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\compiler\include\icc","SUCCESS","CreationTime: 2/24/2021 12:42:28 AM, LastAccessTime: 3/25/2021 11:31:20 AM, LastWriteTime: 2/24/2021 12:42:28 AM, ChangeTime: 2/24/2021 12:42:28 AM, FileAttributes: D" "11:31:27.5899965 AM","icl.exe","29584","CloseFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\compiler\include\icc","SUCCESS","" "11:31:27.5900970 AM","icl.exe","29584","CreateFile","C:\Users\osqa\workarea\osqa_ca-w10-bld-05_os_211\os\osbase\=C:\PROGRA~2\INTELS~1\COMPIL~1.210\windows\compiler\include","NAME INVALID","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a" "11:31:27.5902143 AM","icl.exe","29584","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\compiler\include","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:27.5902358 AM","icl.exe","29584","QueryBasicInformationFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\compiler\include","SUCCESS","CreationTime: 2/24/2021 12:42:03 AM, LastAccessTime: 3/25/2021 11:31:27 AM, LastWriteTime: 2/24/2021 12:42:51 AM, ChangeTime: 2/24/2021 12:42:51 AM, FileAttributes: D" "11:31:27.5902454 AM","icl.exe","29584","CloseFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\compiler\include","SUCCESS","" "11:31:27.5904921 AM","icl.exe","29584","CreateFile","C:\Users\osqa\AppData\Local\Temp","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:27.5905147 AM","icl.exe","29584","QueryBasicInformationFile","C:\Users\osqa\AppData\Local\Temp","SUCCESS","CreationTime: 2/23/2021 6:57:50 PM, LastAccessTime: 3/25/2021 11:31:27 AM, LastWriteTime: 3/25/2021 11:31:23 AM, ChangeTime: 3/25/2021 11:31:23 AM, FileAttributes: D" "11:31:27.5905243 AM","icl.exe","29584","CloseFile","C:\Users\osqa\AppData\Local\Temp","SUCCESS","" "11:31:27.5906781 AM","icl.exe","29584","CreateFile","C:\Users\osqa\AppData\Local\Temp\295841tempfile3","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a" "11:31:27.5908281 AM","icl.exe","29584","CreateFile","C:\Users\osqa\AppData\Local\Temp","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:27.5908473 AM","icl.exe","29584","QueryBasicInformationFile","C:\Users\osqa\AppData\Local\Temp","SUCCESS","CreationTime: 2/23/2021 6:57:50 PM, LastAccessTime: 3/25/2021 11:31:27 AM, LastWriteTime: 3/25/2021 11:31:23 AM, ChangeTime: 3/25/2021 11:31:23 AM, FileAttributes: D" "11:31:27.5908568 AM","icl.exe","29584","CloseFile","C:\Users\osqa\AppData\Local\Temp","SUCCESS","" "11:31:27.5909813 AM","icl.exe","29584","CreateFile","C:\Users\osqa\AppData\Local\Temp\295842arg4","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a" "11:31:27.5910664 AM","icl.exe","29584","CreateFile","C:\Users\osqa\AppData\Local\Temp\295842arg4","SUCCESS","Desired Access: Generic Read/Write, Disposition: OverwriteIf, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, Write, AllocationSize: 0, OpenResult: Created" "11:31:27.5913183 AM","icl.exe","29584","QueryStandardInformationFile","C:\Users\osqa\AppData\Local\Temp\295842arg4","SUCCESS","AllocationSize: 0, EndOfFile: 0, NumberOfLinks: 1, DeletePending: False, Directory: False" "11:31:27.5913341 AM","icl.exe","29584","WriteFile","C:\Users\osqa\AppData\Local\Temp\295842arg4","SUCCESS","Offset: 0, Length: 3, Priority: Normal" "11:31:27.5916009 AM","icl.exe","29584","WriteFile","C:\Users\osqa\AppData\Local\Temp\295842arg4","SUCCESS","Offset: 3, Length: 852, Priority: Normal" "11:31:27.5918962 AM","icl.exe","29584","WriteFile","C:\Users\osqa\AppData\Local\Temp\295842arg4","SUCCESS","Offset: 855, Length: 852" "11:31:27.5919168 AM","icl.exe","29584","WriteFile","C:\Users\osqa\AppData\Local\Temp\295842arg4","SUCCESS","Offset: 1,707, Length: 446" "11:31:27.5920162 AM","icl.exe","29584","WriteFile","C:\Users\osqa\AppData\Local\Temp\295842arg4","SUCCESS","Offset: 2,153, Length: 852" "11:31:27.5920285 AM","icl.exe","29584","WriteFile","C:\Users\osqa\AppData\Local\Temp\295842arg4","SUCCESS","Offset: 3,005, Length: 852" "11:31:27.5920513 AM","icl.exe","29584","WriteFile","C:\Users\osqa\AppData\Local\Temp\295842arg4","SUCCESS","Offset: 3,857, Length: 382, Priority: Normal" "11:31:27.5921898 AM","icl.exe","29584","WriteFile","C:\Users\osqa\AppData\Local\Temp\295842arg4","SUCCESS","Offset: 4,239, Length: 852" "11:31:27.5922038 AM","icl.exe","29584","WriteFile","C:\Users\osqa\AppData\Local\Temp\295842arg4","SUCCESS","Offset: 5,091, Length: 852" "11:31:27.5922173 AM","icl.exe","29584","WriteFile","C:\Users\osqa\AppData\Local\Temp\295842arg4","SUCCESS","Offset: 5,943, Length: 391" "11:31:27.5922317 AM","icl.exe","29584","WriteFile","C:\Users\osqa\AppData\Local\Temp\295842arg4","SUCCESS","Offset: 6,334, Length: 84" "11:31:27.5922469 AM","icl.exe","29584","CloseFile","C:\Users\osqa\AppData\Local\Temp\295842arg4","SUCCESS","" "11:31:27.5928292 AM","icl.exe","29584","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\mcpcom.com","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a" "11:31:27.5929722 AM","icl.exe","29584","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\mcpcom.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:27.5930015 AM","icl.exe","29584","QueryBasicInformationFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\mcpcom.exe","SUCCESS","CreationTime: 4/12/2017 8:26:48 AM, LastAccessTime: 3/25/2021 11:31:23 AM, LastWriteTime: 4/12/2017 8:26:48 AM, ChangeTime: 2/24/2021 12:42:38 AM, FileAttributes: A" "11:31:27.5930124 AM","icl.exe","29584","CloseFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\mcpcom.exe","SUCCESS","" "11:31:27.5931282 AM","icl.exe","29584","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcpcom.exe","NAME NOT FOUND","Desired Access: Query Value, Enumerate Sub Keys" "11:31:27.5931486 AM","icl.exe","29584","RegOpenKey","HKLM\Software\Microsoft\Wow64\x86\xtajit","NAME NOT FOUND","Desired Access: Query Value" "11:31:27.5932416 AM","icl.exe","29584","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\mcpcom.exe","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:27.5932778 AM","icl.exe","29584","CreateFileMapping","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\mcpcom.exe","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READ" "11:31:27.5933814 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Read" "11:31:27.5933992 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Read" "11:31:27.5934149 AM","icl.exe","29584","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 20" "11:31:27.5934317 AM","icl.exe","29584","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","" "11:31:27.5934467 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Query Value" "11:31:27.5934612 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Query Value" "11:31:27.5934948 AM","icl.exe","29584","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 80" "11:31:27.5935103 AM","icl.exe","29584","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","" "11:31:27.5935866 AM","icl.exe","29584","CreateFileMapping","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\mcpcom.exe","SUCCESS","SyncType: SyncTypeOther" "11:31:27.5936799 AM","icl.exe","29584","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcpcom.exe","NAME NOT FOUND","Desired Access: Query Value, Enumerate Sub Keys" "11:31:27.5937739 AM","icl.exe","29584","QuerySecurityFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\mcpcom.exe","SUCCESS","Information: Label" "11:31:27.5938292 AM","icl.exe","29584","QueryNameInformationFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\mcpcom.exe","SUCCESS","Name: \PROGRA~2\INTELS~1\COMPIL~1.210\windows\bin\intel64\mcpcom.exe" "11:31:27.5942348 AM","icl.exe","29584","QueryNameInformationFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\mcpcom.exe","SUCCESS","Name: \PROGRA~2\INTELS~1\COMPIL~1.210\windows\bin\intel64\mcpcom.exe" "11:31:27.5943139 AM","icl.exe","29584","CreateFile","C:\","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: N, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:27.5943595 AM","icl.exe","29584","QueryDirectory","C:\PROGRA~2","SUCCESS","FileInformationClass: FileDirectoryInformation, Filter: PROGRA~2, 2: Program Files (x86)" "11:31:27.5943871 AM","icl.exe","29584","CloseFile","C:\","SUCCESS","" "11:31:27.5945000 AM","icl.exe","29584","CreateFile","C:\Program Files (x86)","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: N, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:27.5945740 AM","icl.exe","29584","QueryDirectory","C:\Program Files (x86)\INTELS~1","SUCCESS","FileInformationClass: FileDirectoryInformation, Filter: INTELS~1, 2: IntelSWTools" "11:31:27.5946169 AM","icl.exe","29584","CloseFile","C:\Program Files (x86)","SUCCESS","" "11:31:27.5947460 AM","icl.exe","29584","CreateFile","C:\Program Files (x86)\IntelSWTools","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: N, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:27.5948291 AM","icl.exe","29584","QueryDirectory","C:\Program Files (x86)\IntelSWTools\COMPIL~1.210","SUCCESS","FileInformationClass: FileDirectoryInformation, Filter: COMPIL~1.210, 2: compilers_and_libraries_2017.4.210" "11:31:27.5948566 AM","icl.exe","29584","CloseFile","C:\Program Files (x86)\IntelSWTools","SUCCESS","" "11:31:27.5949612 AM","icl.exe","29584","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: N, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:27.5949955 AM","icl.exe","29584","QueryDirectory","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows","SUCCESS","FileInformationClass: FileDirectoryInformation, Filter: windows, 2: windows" "11:31:27.5950340 AM","icl.exe","29584","CloseFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210","SUCCESS","" "11:31:27.5951243 AM","icl.exe","29584","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: N, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:27.5951539 AM","icl.exe","29584","QueryDirectory","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin","SUCCESS","FileInformationClass: FileDirectoryInformation, Filter: bin, 2: bin" "11:31:27.5951726 AM","icl.exe","29584","CloseFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows","SUCCESS","" "11:31:27.5952560 AM","icl.exe","29584","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: N, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:27.5953251 AM","icl.exe","29584","QueryDirectory","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64","SUCCESS","FileInformationClass: FileDirectoryInformation, Filter: intel64, 2: intel64" "11:31:27.5953460 AM","icl.exe","29584","CloseFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin","SUCCESS","" "11:31:27.5954327 AM","icl.exe","29584","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: N, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:27.5954641 AM","icl.exe","29584","QueryDirectory","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\mcpcom.exe","SUCCESS","FileInformationClass: FileDirectoryInformation, Filter: mcpcom.exe, 2: mcpcom.exe" "11:31:27.5954830 AM","icl.exe","29584","CloseFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64","SUCCESS","" "11:31:27.5957357 AM","icl.exe","29584","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\mcpcom.exe","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Complete If Oplocked, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:27.5957739 AM","icl.exe","29584","QueryStandardInformationFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\mcpcom.exe","SUCCESS","AllocationSize: 40,472,576, EndOfFile: 40,468,736, NumberOfLinks: 1, DeletePending: False, Directory: False" "11:31:27.5957867 AM","icl.exe","29584","CloseFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\mcpcom.exe","SUCCESS","" "11:31:27.5958804 AM","icl.exe","29584","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\mcpcom.exe","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Sequential Access, Synchronous IO Non-Alert, Non-Directory File, Complete If Oplocked, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:27.5959296 AM","icl.exe","29584","CloseFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\mcpcom.exe","SUCCESS","" "11:31:27.5960273 AM","icl.exe","29584","CreateFile","C:\","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Complete If Oplocked, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:27.5961514 AM","icl.exe","29584","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\mcpcom.exe","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Complete If Oplocked, Open By ID, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:27.5961815 AM","icl.exe","29584","CloseFile","C:\","SUCCESS","" "11:31:27.5962252 AM","icl.exe","29584","QueryStandardInformationFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\mcpcom.exe","SUCCESS","AllocationSize: 40,472,576, EndOfFile: 40,468,736, NumberOfLinks: 1, DeletePending: False, Directory: False" "11:31:27.5962486 AM","icl.exe","29584","ReadFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\mcpcom.exe","SUCCESS","Offset: 0, Length: 32,768, Priority: Normal" "11:31:27.5962971 AM","icl.exe","29584","ReadFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\mcpcom.exe","SUCCESS","Offset: 40,009,728, Length: 32,768" "11:31:27.5963223 AM","icl.exe","29584","CloseFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\mcpcom.exe","SUCCESS","" "11:31:27.5964334 AM","icl.exe","29584","QueryStandardInformationFile","C:\ProgramData\Symantec\Symantec Endpoint Protection\14.2.4815.1101.105\Data\Definitions\BASHDefs\20210324.011\bash.dat","SUCCESS","AllocationSize: 102,400, EndOfFile: 102,400, NumberOfLinks: 1, DeletePending: False, Directory: False" "11:31:27.5964512 AM","icl.exe","29584","ReadFile","C:\ProgramData\Symantec\Symantec Endpoint Protection\14.2.4815.1101.105\Data\Definitions\BASHDefs\20210324.011\bash.dat","SUCCESS","Offset: 24, Length: 16" "11:31:27.5964681 AM","icl.exe","29584","QueryStandardInformationFile","C:\ProgramData\Symantec\Symantec Endpoint Protection\14.2.4815.1101.105\Data\Definitions\BASHDefs\20210324.011\bash.dat","SUCCESS","AllocationSize: 102,400, EndOfFile: 102,400, NumberOfLinks: 1, DeletePending: False, Directory: False" "11:31:27.5964979 AM","icl.exe","29584","QueryStandardInformationFile","C:\ProgramData\Symantec\Symantec Endpoint Protection\14.2.4815.1101.105\Data\Definitions\BASHDefs\20210324.011\bash.dat","SUCCESS","AllocationSize: 102,400, EndOfFile: 102,400, NumberOfLinks: 1, DeletePending: False, Directory: False" "11:31:27.5975789 AM","icl.exe","29584","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\mcpcom.exe","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:27.5991087 AM","icl.exe","29584","QueryStandardInformationFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\mcpcom.exe","SUCCESS","AllocationSize: 40,472,576, EndOfFile: 40,468,736, NumberOfLinks: 1, DeletePending: False, Directory: False" "11:31:27.5991289 AM","icl.exe","29584","CloseFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\mcpcom.exe","SUCCESS","" "11:31:27.5993166 AM","icl.exe","29584","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\mcpcom.exe","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Complete If Oplocked, Attributes: N, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:27.5993573 AM","icl.exe","29584","QueryStandardInformationFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\mcpcom.exe","SUCCESS","AllocationSize: 40,472,576, EndOfFile: 40,468,736, NumberOfLinks: 1, DeletePending: False, Directory: False" "11:31:27.5993693 AM","icl.exe","29584","CloseFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\mcpcom.exe","SUCCESS","" "11:31:27.5997745 AM","icl.exe","29584","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened" "11:31:27.5998201 AM","icl.exe","29584","QueryDirectory","C:\PROGRA~2","SUCCESS","FileInformationClass: FileDirectoryInformation, Filter: PROGRA~2, 2: Program Files (x86)" "11:31:27.5998705 AM","icl.exe","29584","CloseFile","C:\","SUCCESS","" "11:31:27.6001148 AM","icl.exe","29584","CreateFile","C:\Program Files (x86)","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened" "11:31:27.6001577 AM","icl.exe","29584","QueryDirectory","C:\Program Files (x86)\INTELS~1","SUCCESS","FileInformationClass: FileDirectoryInformation, Filter: INTELS~1, 2: IntelSWTools" "11:31:27.6001889 AM","icl.exe","29584","CloseFile","C:\Program Files (x86)","SUCCESS","" "11:31:27.6002819 AM","icl.exe","29584","CreateFile","C:\Program Files (x86)\IntelSWTools","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened" "11:31:27.6003129 AM","icl.exe","29584","QueryDirectory","C:\Program Files (x86)\IntelSWTools\COMPIL~1.210","SUCCESS","FileInformationClass: FileDirectoryInformation, Filter: COMPIL~1.210, 2: compilers_and_libraries_2017.4.210" "11:31:27.6003369 AM","icl.exe","29584","CloseFile","C:\Program Files (x86)\IntelSWTools","SUCCESS","" "11:31:27.6018518 AM","icl.exe","29584","QuerySecurityFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\mcpcom.exe","SUCCESS","Information: Owner, Group, DACL, SACL, Label, Attribute, Process Trust Label, 0x100" "11:31:27.6018707 AM","icl.exe","29584","QueryStandardInformationFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\mcpcom.exe","SUCCESS","AllocationSize: 40,472,576, EndOfFile: 40,468,736, NumberOfLinks: 1, DeletePending: False, Directory: False" "11:31:27.6036189 AM","icl.exe","29584","QueryStandardInformationFile","C:\ProgramData\Symantec\Symantec Endpoint Protection\14.2.4815.1101.105\Data\IRON\Iron.db","SUCCESS","AllocationSize: 1,101,824, EndOfFile: 1,101,824, NumberOfLinks: 1, DeletePending: False, Directory: False" "11:31:27.6036407 AM","icl.exe","29584","ReadFile","C:\ProgramData\Symantec\Symantec Endpoint Protection\14.2.4815.1101.105\Data\IRON\Iron.db","SUCCESS","Offset: 24, Length: 16" "11:31:27.6036597 AM","icl.exe","29584","QueryStandardInformationFile","C:\ProgramData\Symantec\Symantec Endpoint Protection\14.2.4815.1101.105\Data\IRON\Iron.db","SUCCESS","AllocationSize: 1,101,824, EndOfFile: 1,101,824, NumberOfLinks: 1, DeletePending: False, Directory: False" "11:31:27.6036893 AM","icl.exe","29584","QueryStandardInformationFile","C:\ProgramData\Symantec\Symantec Endpoint Protection\14.2.4815.1101.105\Data\IRON\Iron.db","SUCCESS","AllocationSize: 1,101,824, EndOfFile: 1,101,824, NumberOfLinks: 1, DeletePending: False, Directory: False" "11:31:27.6037481 AM","icl.exe","29584","QuerySecurityFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\mcpcom.exe","SUCCESS","Information: Owner, Group, DACL, SACL, Label, Attribute, Process Trust Label, 0x100" "11:31:27.6038057 AM","icl.exe","29584","QueryStandardInformationFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\mcpcom.exe","SUCCESS","AllocationSize: 40,472,576, EndOfFile: 40,468,736, NumberOfLinks: 1, DeletePending: False, Directory: False" "11:31:27.6055000 AM","icl.exe","29584","QueryStandardInformationFile","C:\ProgramData\Symantec\Symantec Endpoint Protection\14.2.4815.1101.105\Data\IRON\Iron.db","SUCCESS","AllocationSize: 1,101,824, EndOfFile: 1,101,824, NumberOfLinks: 1, DeletePending: False, Directory: False" "11:31:27.6055500 AM","icl.exe","29584","ReadFile","C:\ProgramData\Symantec\Symantec Endpoint Protection\14.2.4815.1101.105\Data\IRON\Iron.db","SUCCESS","Offset: 24, Length: 16" "11:31:27.6055693 AM","icl.exe","29584","QueryStandardInformationFile","C:\ProgramData\Symantec\Symantec Endpoint Protection\14.2.4815.1101.105\Data\IRON\Iron.db","SUCCESS","AllocationSize: 1,101,824, EndOfFile: 1,101,824, NumberOfLinks: 1, DeletePending: False, Directory: False" "11:31:27.6056023 AM","icl.exe","29584","QueryStandardInformationFile","C:\ProgramData\Symantec\Symantec Endpoint Protection\14.2.4815.1101.105\Data\IRON\Iron.db","SUCCESS","AllocationSize: 1,101,824, EndOfFile: 1,101,824, NumberOfLinks: 1, DeletePending: False, Directory: False" "11:31:27.6056473 AM","icl.exe","29584","QueryStandardInformationFile","C:\ProgramData\Symantec\Symantec Endpoint Protection\14.2.4815.1101.105\Data\IRON\Iron.db","SUCCESS","AllocationSize: 1,101,824, EndOfFile: 1,101,824, NumberOfLinks: 1, DeletePending: False, Directory: False" "11:31:27.6056632 AM","icl.exe","29584","ReadFile","C:\ProgramData\Symantec\Symantec Endpoint Protection\14.2.4815.1101.105\Data\IRON\Iron.db","SUCCESS","Offset: 24, Length: 16" "11:31:27.6056774 AM","icl.exe","29584","QueryStandardInformationFile","C:\ProgramData\Symantec\Symantec Endpoint Protection\14.2.4815.1101.105\Data\IRON\Iron.db","SUCCESS","AllocationSize: 1,101,824, EndOfFile: 1,101,824, NumberOfLinks: 1, DeletePending: False, Directory: False" "11:31:27.6057055 AM","icl.exe","29584","QueryStandardInformationFile","C:\ProgramData\Symantec\Symantec Endpoint Protection\14.2.4815.1101.105\Data\IRON\Iron.db","SUCCESS","AllocationSize: 1,101,824, EndOfFile: 1,101,824, NumberOfLinks: 1, DeletePending: False, Directory: False" "11:31:27.6058784 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-2109960903-2035505985-632688529-10574","SUCCESS","Desired Access: All Access" "11:31:27.6058984 AM","icl.exe","29584","RegQueryValue","HKLM\System\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-2109960903-2035505985-632688529-10574\\Device\HarddiskVolume2\PROGRA~2\INTELS~1\COMPIL~1.210\windows\bin\intel64\mcpcom.exe","NAME NOT FOUND","Length: 40" "11:31:27.6059201 AM","icl.exe","29584","RegCloseKey","HKLM\System\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-2109960903-2035505985-632688529-10574","SUCCESS","" "11:31:27.6059365 AM","icl.exe","29584","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\BAM","REPARSE","Desired Access: Query Value" "11:31:27.6059545 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Session Manager\BAM","NAME NOT FOUND","Desired Access: Query Value" "11:31:27.6060528 AM","icl.exe","29584","Process Create","C:\PROGRA~2\INTELS~1\COMPIL~1.210\windows\bin\intel64\mcpcom.exe","SUCCESS","PID: 46176, Command line: C:\PROGRA~2\INTELS~1\COMPIL~1.210\windows\bin\intel64\mcpcom @C:\Users\osqa\AppData\Local\Temp\295842arg4" "11:31:27.6061715 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Session Manager\AppCertDlls","REPARSE","Desired Access: Query Value" "11:31:27.6061859 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\Session Manager\AppCertDlls","NAME NOT FOUND","Desired Access: Query Value" "11:31:27.6062113 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\SafeBoot\Option","REPARSE","Desired Access: Query Value, Set Value" "11:31:27.6062237 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Control\SafeBoot\Option","NAME NOT FOUND","Desired Access: Query Value, Set Value" "11:31:27.6062399 AM","icl.exe","29584","RegOpenKey","HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers","SUCCESS","Desired Access: Query Value" "11:31:27.6062594 AM","icl.exe","29584","RegQueryValue","HKLM\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\TransparentEnabled","NAME NOT FOUND","Length: 80" "11:31:27.6062716 AM","icl.exe","29584","RegQueryValue","HKLM\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\AuthenticodeEnabled","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0" "11:31:27.6062865 AM","icl.exe","29584","RegCloseKey","HKLM\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers","SUCCESS","" "11:31:27.6063030 AM","icl.exe","29584","RegOpenKey","HKCU\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers","NAME NOT FOUND","Desired Access: Query Value" "11:31:27.6070592 AM","icl.exe","29584","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\mcpcom.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:27.6071033 AM","icl.exe","29584","QueryBasicInformationFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\mcpcom.exe","SUCCESS","CreationTime: 4/12/2017 8:26:48 AM, LastAccessTime: 3/25/2021 11:31:27 AM, LastWriteTime: 4/12/2017 8:26:48 AM, ChangeTime: 2/24/2021 12:42:38 AM, FileAttributes: A" "11:31:27.6071170 AM","icl.exe","29584","CloseFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\mcpcom.exe","SUCCESS","" "11:31:27.6071773 AM","icl.exe","29584","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Open For Backup, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:27.6072066 AM","icl.exe","29584","QueryDirectory","C:\PROGRA~2","SUCCESS","FileInformationClass: FileBothDirectoryInformation, Filter: PROGRA~2, 2: Program Files (x86)" "11:31:27.6072373 AM","icl.exe","29584","CloseFile","C:\","SUCCESS","" "11:31:27.6073349 AM","icl.exe","29584","CreateFile","C:\Program Files (x86)","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Open For Backup, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:27.6073655 AM","icl.exe","29584","QueryDirectory","C:\Program Files (x86)\INTELS~1","SUCCESS","FileInformationClass: FileBothDirectoryInformation, Filter: INTELS~1, 2: IntelSWTools" "11:31:27.6073908 AM","icl.exe","29584","CloseFile","C:\Program Files (x86)","SUCCESS","" "11:31:27.6074845 AM","icl.exe","29584","CreateFile","C:\Program Files (x86)\IntelSWTools","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Open For Backup, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:27.6075517 AM","icl.exe","29584","QueryDirectory","C:\Program Files (x86)\IntelSWTools\COMPIL~1.210","SUCCESS","FileInformationClass: FileBothDirectoryInformation, Filter: COMPIL~1.210, 2: compilers_and_libraries_2017.4.210" "11:31:27.6075786 AM","icl.exe","29584","CloseFile","C:\Program Files (x86)\IntelSWTools","SUCCESS","" "11:31:27.6076753 AM","icl.exe","29584","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Open For Backup, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:27.6077081 AM","icl.exe","29584","QueryDirectory","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows","SUCCESS","FileInformationClass: FileBothDirectoryInformation, Filter: windows, 2: windows" "11:31:27.6077310 AM","icl.exe","29584","CloseFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210","SUCCESS","" "11:31:27.6078305 AM","icl.exe","29584","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Open For Backup, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:27.6078619 AM","icl.exe","29584","QueryDirectory","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin","SUCCESS","FileInformationClass: FileBothDirectoryInformation, Filter: bin, 2: bin" "11:31:27.6078836 AM","icl.exe","29584","CloseFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows","SUCCESS","" "11:31:27.6079771 AM","icl.exe","29584","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Open For Backup, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:27.6080081 AM","icl.exe","29584","QueryDirectory","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64","SUCCESS","FileInformationClass: FileBothDirectoryInformation, Filter: intel64, 2: intel64" "11:31:27.6080304 AM","icl.exe","29584","CloseFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin","SUCCESS","" "11:31:27.6081307 AM","icl.exe","29584","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Open For Backup, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:27.6081640 AM","icl.exe","29584","QueryDirectory","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\mcpcom.exe","SUCCESS","FileInformationClass: FileBothDirectoryInformation, Filter: mcpcom.exe, 2: mcpcom.exe" "11:31:27.6081855 AM","icl.exe","29584","CloseFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64","SUCCESS","" "11:31:27.6083654 AM","icl.exe","29584","RegOpenKey","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders","SUCCESS","Desired Access: Query Value" "11:31:27.6083883 AM","icl.exe","29584","RegQueryValue","HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cache","SUCCESS","Type: REG_SZ, Length: 112, Data: C:\Users\osqa\AppData\Local\Microsoft\Windows\INetCache" "11:31:27.6084103 AM","icl.exe","29584","RegCloseKey","HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders","SUCCESS","" "11:31:27.6084311 AM","icl.exe","29584","RegOpenKey","HKCU\Software\Microsoft\Windows NT\CurrentVersion","SUCCESS","Desired Access: Enumerate Sub Keys" "11:31:27.6084492 AM","icl.exe","29584","RegOpenKey","HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers","NAME NOT FOUND","Desired Access: Query Value" "11:31:27.6084745 AM","icl.exe","29584","QuerySecurityFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\mcpcom.exe","SUCCESS","Information: Owner, Group, DACL, SACL, Label, Attribute, Process Trust Label, 0x100" "11:31:27.6085964 AM","icl.exe","29584","CreateFile","C:\Windows\apppatch\sysmain.sdb","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, AllocationSize: n/a, OpenResult: Opened" "11:31:27.6086502 AM","icl.exe","29584","QueryBasicInformationFile","C:\Windows\apppatch\sysmain.sdb","SUCCESS","CreationTime: 3/10/2021 10:21:37 PM, LastAccessTime: 3/25/2021 11:31:23 AM, LastWriteTime: 3/10/2021 10:21:37 PM, ChangeTime: 3/10/2021 10:52:43 PM, FileAttributes: A" "11:31:27.6086610 AM","icl.exe","29584","CloseFile","C:\Windows\apppatch\sysmain.sdb","SUCCESS","" "11:31:27.6087013 AM","icl.exe","29584","QueryBasicInformationFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\mcpcom.exe","SUCCESS","CreationTime: 4/12/2017 8:26:48 AM, LastAccessTime: 3/25/2021 11:31:27 AM, LastWriteTime: 4/12/2017 8:26:48 AM, ChangeTime: 2/24/2021 12:42:38 AM, FileAttributes: A" "11:31:27.6087817 AM","icl.exe","29584","QueryBasicInformationFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\mcpcom.exe","SUCCESS","CreationTime: 4/12/2017 8:26:48 AM, LastAccessTime: 3/25/2021 11:31:27 AM, LastWriteTime: 4/12/2017 8:26:48 AM, ChangeTime: 2/24/2021 12:42:38 AM, FileAttributes: A" "11:31:27.6087968 AM","icl.exe","29584","QueryNameInformationFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\mcpcom.exe","SUCCESS","Name: \PROGRA~2\INTELS~1\COMPIL~1.210\windows\bin\intel64\mcpcom.exe" "11:31:27.6089419 AM","icl.exe","29584","CreateFile","C:\Windows\apppatch\sysmain.sdb","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:27.6089845 AM","icl.exe","29584","QueryStandardInformationFile","C:\Windows\apppatch\sysmain.sdb","SUCCESS","AllocationSize: 4,059,136, EndOfFile: 4,057,128, NumberOfLinks: 2, DeletePending: False, Directory: False" "11:31:27.6089971 AM","icl.exe","29584","QueryStandardInformationFile","C:\Windows\apppatch\sysmain.sdb","SUCCESS","AllocationSize: 4,059,136, EndOfFile: 4,057,128, NumberOfLinks: 2, DeletePending: False, Directory: False" "11:31:27.6090124 AM","icl.exe","29584","CreateFileMapping","C:\Windows\apppatch\sysmain.sdb","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE|PAGE_NOCACHE" "11:31:27.6090274 AM","icl.exe","29584","QueryStandardInformationFile","C:\Windows\apppatch\sysmain.sdb","SUCCESS","AllocationSize: 4,059,136, EndOfFile: 4,057,128, NumberOfLinks: 2, DeletePending: False, Directory: False" "11:31:27.6090546 AM","icl.exe","29584","CreateFileMapping","C:\Windows\apppatch\sysmain.sdb","SUCCESS","SyncType: SyncTypeOther" "11:31:27.6091121 AM","icl.exe","29584","QueryStandardInformationFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\mcpcom.exe","SUCCESS","AllocationSize: 40,472,576, EndOfFile: 40,468,736, NumberOfLinks: 1, DeletePending: False, Directory: False" "11:31:27.6091349 AM","icl.exe","29584","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers","SUCCESS","Desired Access: Read" "11:31:27.6091597 AM","icl.exe","29584","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\mcpcom.exe","NAME NOT FOUND","Length: 1,024" "11:31:27.6091800 AM","icl.exe","29584","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers","SUCCESS","" "11:31:27.6092427 AM","icl.exe","29584","RegOpenKey","HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers","NAME NOT FOUND","Desired Access: Read" "11:31:27.6092713 AM","icl.exe","29584","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom\mcpcom.exe","NAME NOT FOUND","Desired Access: Read" "11:31:27.6094068 AM","icl.exe","29584","QueryStandardInformationFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\mcpcom.exe","SUCCESS","AllocationSize: 40,472,576, EndOfFile: 40,468,736, NumberOfLinks: 1, DeletePending: False, Directory: False" "11:31:27.6094295 AM","icl.exe","29584","CreateFileMapping","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\mcpcom.exe","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READ|PAGE_NOCACHE" "11:31:27.6094502 AM","icl.exe","29584","QueryStandardInformationFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\mcpcom.exe","SUCCESS","AllocationSize: 40,472,576, EndOfFile: 40,468,736, NumberOfLinks: 1, DeletePending: False, Directory: False" "11:31:27.6094808 AM","icl.exe","29584","CreateFileMapping","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\mcpcom.exe","SUCCESS","SyncType: SyncTypeOther" "11:31:27.6101337 AM","icl.exe","29584","CloseFile","C:\Windows\apppatch\sysmain.sdb","SUCCESS","" "11:31:27.6102862 AM","icl.exe","29584","RegOpenKey","HKLM\Software\Microsoft\Windows\CurrentVersion\SideBySide","SUCCESS","Desired Access: Read" "11:31:27.6103080 AM","icl.exe","29584","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest","NAME NOT FOUND","Length: 20" "11:31:27.6103244 AM","icl.exe","29584","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide","SUCCESS","" "11:31:27.6109751 AM","icl.exe","29584","CloseFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\mcpcom.exe","SUCCESS","" "11:31:27.6787344 AM","icl.exe","29584","CreateFile","C:\Users\osqa\AppData\Local\Temp\295841tempfile3","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened" "11:31:27.6806442 AM","icl.exe","29584","CloseFile","C:\Users\osqa\AppData\Local\Temp\295841tempfile3","SUCCESS","" "11:31:27.6807866 AM","icl.exe","29584","CreateFile","C:\Users\osqa\AppData\Local\Temp\295841tempfile3","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened" "11:31:27.6808254 AM","icl.exe","29584","ReadFile","C:\Users\osqa\AppData\Local\Temp\295841tempfile3","SUCCESS","Offset: 0, Length: 73, Priority: Normal" "11:31:27.6808476 AM","icl.exe","29584","ReadFile","C:\Users\osqa\AppData\Local\Temp\295841tempfile3","END OF FILE","Offset: 73, Length: 4,096" "11:31:27.6808645 AM","icl.exe","29584","CloseFile","C:\Users\osqa\AppData\Local\Temp\295841tempfile3","SUCCESS","" "11:31:27.6809596 AM","icl.exe","29584","CreateFile","C:\Users\osqa\AppData\Local\Temp\295841tempfile3","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened" "11:31:27.6809933 AM","icl.exe","29584","ReadFile","C:\Users\osqa\AppData\Local\Temp\295841tempfile3","SUCCESS","Offset: 0, Length: 73, Priority: Normal" "11:31:27.6810173 AM","icl.exe","29584","ReadFile","C:\Users\osqa\AppData\Local\Temp\295841tempfile3","SUCCESS","Offset: 36, Length: 37" "11:31:27.6810331 AM","icl.exe","29584","ReadFile","C:\Users\osqa\AppData\Local\Temp\295841tempfile3","END OF FILE","Offset: 73, Length: 4,096" "11:31:27.6810472 AM","icl.exe","29584","CloseFile","C:\Users\osqa\AppData\Local\Temp\295841tempfile3","SUCCESS","" "11:31:27.6811340 AM","icl.exe","29584","CreateFile","C:\Users\osqa\AppData\Local\Temp\295841tempfile3","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened" "11:31:27.6811589 AM","icl.exe","29584","CloseFile","C:\Users\osqa\AppData\Local\Temp\295841tempfile3","SUCCESS","" "11:31:27.6812394 AM","icl.exe","29584","CreateFile","C:\Users\osqa\AppData\Local\Temp\295841tempfile3","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened" "11:31:27.6812639 AM","icl.exe","29584","ReadFile","C:\Users\osqa\AppData\Local\Temp\295841tempfile3","SUCCESS","Offset: 0, Length: 73, Priority: Normal" "11:31:27.6812822 AM","icl.exe","29584","ReadFile","C:\Users\osqa\AppData\Local\Temp\295841tempfile3","END OF FILE","Offset: 73, Length: 4,096" "11:31:27.6812955 AM","icl.exe","29584","CloseFile","C:\Users\osqa\AppData\Local\Temp\295841tempfile3","SUCCESS","" "11:31:27.6813759 AM","icl.exe","29584","CreateFile","C:\Users\osqa\AppData\Local\Temp\295841tempfile3","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened" "11:31:27.6814061 AM","icl.exe","29584","ReadFile","C:\Users\osqa\AppData\Local\Temp\295841tempfile3","SUCCESS","Offset: 0, Length: 73, Priority: Normal" "11:31:27.6814274 AM","icl.exe","29584","ReadFile","C:\Users\osqa\AppData\Local\Temp\295841tempfile3","SUCCESS","Offset: 36, Length: 37" "11:31:27.6814427 AM","icl.exe","29584","ReadFile","C:\Users\osqa\AppData\Local\Temp\295841tempfile3","END OF FILE","Offset: 73, Length: 4,096" "11:31:27.6814560 AM","icl.exe","29584","CloseFile","C:\Users\osqa\AppData\Local\Temp\295841tempfile3","SUCCESS","" "11:31:27.6815913 AM","icl.exe","29584","CreateFile","C:\Users\osqa\AppData\Local\Temp\295841tempfile3","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened" "11:31:27.6816188 AM","icl.exe","29584","CloseFile","C:\Users\osqa\AppData\Local\Temp\295841tempfile3","SUCCESS","" "11:31:27.6817014 AM","icl.exe","29584","CreateFile","C:\Users\osqa\AppData\Local\Temp\295841tempfile3","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened" "11:31:27.6817256 AM","icl.exe","29584","ReadFile","C:\Users\osqa\AppData\Local\Temp\295841tempfile3","SUCCESS","Offset: 0, Length: 73, Priority: Normal" "11:31:27.6817443 AM","icl.exe","29584","ReadFile","C:\Users\osqa\AppData\Local\Temp\295841tempfile3","END OF FILE","Offset: 73, Length: 4,096" "11:31:27.6817573 AM","icl.exe","29584","CloseFile","C:\Users\osqa\AppData\Local\Temp\295841tempfile3","SUCCESS","" "11:31:27.6818365 AM","icl.exe","29584","CreateFile","C:\Users\osqa\AppData\Local\Temp\295841tempfile3","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened" "11:31:27.6818640 AM","icl.exe","29584","ReadFile","C:\Users\osqa\AppData\Local\Temp\295841tempfile3","SUCCESS","Offset: 0, Length: 73, Priority: Normal" "11:31:27.6818850 AM","icl.exe","29584","ReadFile","C:\Users\osqa\AppData\Local\Temp\295841tempfile3","SUCCESS","Offset: 36, Length: 37" "11:31:27.6819011 AM","icl.exe","29584","ReadFile","C:\Users\osqa\AppData\Local\Temp\295841tempfile3","END OF FILE","Offset: 73, Length: 4,096" "11:31:27.6819138 AM","icl.exe","29584","CloseFile","C:\Users\osqa\AppData\Local\Temp\295841tempfile3","SUCCESS","" "11:31:27.6823944 AM","icl.exe","29584","CreateFile","C:\Users\osqa\AppData\Local\Temp\295841tempfile3","SUCCESS","Desired Access: Read Attributes, Delete, Disposition: Open, Options: Non-Directory File, Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:27.6824259 AM","icl.exe","29584","QueryAttributeTagFile","C:\Users\osqa\AppData\Local\Temp\295841tempfile3","SUCCESS","Attributes: A, ReparseTag: 0x0" "11:31:27.6824407 AM","icl.exe","29584","SetDispositionInformationEx","C:\Users\osqa\AppData\Local\Temp\295841tempfile3","SUCCESS","Flags: FILE_DISPOSITION_DELETE, FILE_DISPOSITION_POSIX_SEMANTICS, FILE_DISPOSITION_FORCE_IMAGE_SECTION_CHECK" "11:31:27.6824940 AM","icl.exe","29584","CloseFile","C:\Users\osqa\AppData\Local\Temp\295841tempfile3","SUCCESS","" "11:31:27.6826904 AM","icl.exe","29584","CreateFile","C:\Users\osqa\AppData\Local\Temp\295842arg4","SUCCESS","Desired Access: Read Attributes, Delete, Disposition: Open, Options: Non-Directory File, Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:27.6827195 AM","icl.exe","29584","QueryAttributeTagFile","C:\Users\osqa\AppData\Local\Temp\295842arg4","SUCCESS","Attributes: A, ReparseTag: 0x0" "11:31:27.6827327 AM","icl.exe","29584","SetDispositionInformationEx","C:\Users\osqa\AppData\Local\Temp\295842arg4","SUCCESS","Flags: FILE_DISPOSITION_DELETE, FILE_DISPOSITION_POSIX_SEMANTICS, FILE_DISPOSITION_FORCE_IMAGE_SECTION_CHECK" "11:31:27.6827760 AM","icl.exe","29584","CloseFile","C:\Users\osqa\AppData\Local\Temp\295842arg4","SUCCESS","" "11:31:27.6830268 AM","icl.exe","29584","Thread Exit","","SUCCESS","Thread ID: 36648, User Time: 0.0000000, Kernel Time: 0.0156250" "11:31:27.6830293 AM","icl.exe","29584","Thread Exit","","SUCCESS","Thread ID: 28764, User Time: 0.0000000, Kernel Time: 0.0156250" "11:31:27.6830677 AM","icl.exe","29584","Thread Exit","","SUCCESS","Thread ID: 46060, User Time: 0.0000000, Kernel Time: 0.0000000" "11:31:27.6835817 AM","icl.exe","29584","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\GRE_Initialize","SUCCESS","Desired Access: Read" "11:31:27.6836031 AM","icl.exe","29584","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles","NAME NOT FOUND","Length: 20" "11:31:27.6836190 AM","icl.exe","29584","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize","SUCCESS","" "11:31:27.6836318 AM","icl.exe","29584","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\GRE_Initialize","SUCCESS","Desired Access: Read" "11:31:27.6836444 AM","icl.exe","29584","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableUmpdBufferSizeCheck","NAME NOT FOUND","Length: 20" "11:31:27.6836564 AM","icl.exe","29584","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize","SUCCESS","" "11:31:27.6837180 AM","icl.exe","29584","RegCloseKey","HKCU\Software\Classes\Local Settings\Software\Microsoft","SUCCESS","" "11:31:27.6837313 AM","icl.exe","29584","RegCloseKey","HKCU\Software\Classes\Local Settings","SUCCESS","" "11:31:27.6837480 AM","icl.exe","29584","RegCloseKey","HKLM\SOFTWARE\Microsoft\Ole","SUCCESS","" "11:31:27.6837592 AM","icl.exe","29584","RegCloseKey","HKLM","SUCCESS","" "11:31:27.6839896 AM","icl.exe","29584","Thread Exit","","SUCCESS","Thread ID: 33904, User Time: 0.0156250, Kernel Time: 0.0625000" "11:31:27.6848258 AM","icl.exe","29584","CreateFile","C:\","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Complete If Oplocked, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:27.6849633 AM","icl.exe","29584","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\icl.exe","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Complete If Oplocked, Open By ID, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "11:31:27.6849949 AM","icl.exe","29584","CloseFile","C:\","SUCCESS","" "11:31:27.6850872 AM","icl.exe","29584","CloseFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\icl.exe","SUCCESS","" "11:31:27.6862662 AM","icl.exe","29584","Process Exit","","SUCCESS","Exit Status: 0, User Time: 0.0156250 seconds, Kernel Time: 0.0937500 seconds, Private Bytes: 4,554,752, Peak Private Bytes: 4,677,632, Working Set: 13,688,832, Peak Working Set: 13,692,928" "11:31:27.6863435 AM","icl.exe","29584","RegOpenKey","HKLM\System\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-2109960903-2035505985-632688529-10574","SUCCESS","Desired Access: All Access" "11:31:27.6863589 AM","icl.exe","29584","RegQueryValue","HKLM\System\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-2109960903-2035505985-632688529-10574\\Device\HarddiskVolume2\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\icl.exe","NAME NOT FOUND","Length: 40" "11:31:27.6863841 AM","icl.exe","29584","RegCloseKey","HKLM\System\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-2109960903-2035505985-632688529-10574","SUCCESS","" "11:31:27.6864393 AM","icl.exe","29584","CloseFile","C:\Users\osqa\workarea\osqa_ca-w10-bld-05_os_211\os\osbase","SUCCESS","" "11:31:27.6866360 AM","icl.exe","29584","RegCloseKey","HKLM\System\CurrentControlSet\Control\Session Manager","SUCCESS","" "11:31:27.6866454 AM","icl.exe","29584","CloseFile","C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.19041.844_none_423537bff6b9828c","SUCCESS","" "11:31:27.6867331 AM","icl.exe","29584","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\Sorting\Versions","SUCCESS","" "11:31:27.6867423 AM","icl.exe","29584","CloseFile","C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.844_none_ca00b6081b84eb1d","SUCCESS","" "11:31:27.6868233 AM","icl.exe","29584","RegCloseKey","HKLM","SUCCESS","" "11:31:27.6868354 AM","icl.exe","29584","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options","SUCCESS","" "11:31:27.6868536 AM","icl.exe","29584","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\PropertyBag","SUCCESS","" "11:31:27.6868635 AM","icl.exe","29584","RegCloseKey","HKCU\Control Panel\International","SUCCESS","" "11:31:27.6868710 AM","icl.exe","29584","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\Sorting\Ids","SUCCESS","" "11:31:27.6868968 AM","icl.exe","29584","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\CodePage","SUCCESS","" "11:31:27.6869044 AM","icl.exe","29584","RegCloseKey","HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion","SUCCESS",""