"Time of Day","Process Name","PID","Operation","Path","Result","Detail" "10:48:40.7269679 AM","icl.exe","47804","Process Start","","SUCCESS","Parent PID: 47392, Command line: icl.exe /nologo /Oi /D _CRT_SECURE_NO_WARNINGS /Qopenmp /fp:consistent ""-DBUILDID=\""1060643uwn33211_Ce64RB68UH14M\"""" -c ./main/ccvers.c /MT /O2 -DNDEBUG /Qdiag-disable:10397 -DUSE_FPTR -D_WIN32 -D_64 -DWIN32 -DWIN64 -D_WIN64 -DOS_AVLEXB -DFCCI -DFCCI2 -DMKL15 -DARPACKNG -DD_CUDA -DOS64 -DBLASTYPE_mkl=1 -DCPP_mach=CPP_p4win64 -DUSE_SIMPACK -DUSE_OMP=1 -DUSE_MUMPS=1 -DUSE_ZMUMPS -DNDEBUG=1 -DH3DREAD=1 -DOS_WIN=1 -DS_RDFLX=21 -DC_CYGWIN=1 -DCYGWIN_e64=1 -DH3D=14 -I_obj_CYGWIN_e64_os64 -Iheader -Iheader_drv -Iheader/h3d14 -Iossolver/bcs -Iosresults/h3d -Iosopti/HB -Iosinput/c-reader -DBUILDINFO=1 -DBUILDINFO=1 -DRELEASE_BUILD=1 -Fo_obj_CYGWIN_e64_os64/ccvers.obj, Current directory: C:\Users\osqa\workarea\osqa_ca-w10-bld-05_os_211\os\, Environment: ; =C:=C:\Users\osqa\workarea\osqa_ca-w10-bld-05_os_211\os ; ADVISOR_2017_DIR=C:\Program Files (x86)\IntelSWTools\Advisor 2017\ ; ALLUSERSPROFILE=C:\ProgramData ; APPDATA=C:\Users\osqa\AppData\Roaming ; ARCH_PATH=intel64 ; BIN_DIR=bin64 ; BIN_ROOT=C:\Program Files (x86)\IntelSWTools\parallel_studio_xe_2017.4.051\compilers_and_libraries_2017\windows\bin\ ; BLDCMD=wsl make C=e64 BLAS=mkl ML=all RDFLX=21 OS64=1 USEHOSTTYPE=CYGWIN ; CCOMPNM=icl.exe ; CHKCMD=wsl make C=e64 BLAS=mkl ML=all RDFLX=21 OS64=1 USEHOSTTYPE=CYGWIN check ; CLASSPATH=C:\Program Files (x86)\IntelSWTools\parallel_studio_xe_2017.4.051\compilers_and_libraries_2017\windows\daal\lib\daal.jar; ; CMPLR_PATH=C:\Program Files (x86)\IntelSWTools\parallel_studio_xe_2017.4.051\compilers_and_libraries_2017\windows\bin\intel64 ; COMPUTERNAME=CA-W10-BLD-05 ; CPATH=C:\Program Files (x86)\IntelSWTools\parallel_studio_xe_2017.4.051\compilers_and_libraries_2017\windows\ipp\include;C:\Program Files (x86)\IntelSWTools\parallel_studio_xe_2017.4.051\compilers_and_libraries_2017\windows\mkl\include;C:\Program Files (x86)\IntelSWTools\parallel_studio_xe_2017.4.051\compilers_and_libraries_2017\windows\tbb\bin\..\include;C:\Program Files (x86)\IntelSWTools\parallel_studio_xe_2017.4.051\compilers_and_libraries_2017\windows\daal\include; ; C_TARGET_ARCH=intel64 ; ComSpec=C:\Windows\system32\cmd.exe ; CommandPromptType=Native ; CommonProgramFiles=C:\Program Files\Common Files ; CommonProgramFiles(x86)=C:\Program Files (x86)\Common Files ; CommonProgramW6432=C:\Program Files\Common Files ; DAALROOT=C:\Program Files (x86)\IntelSWTools\parallel_studio_xe_2017.4.051\compilers_and_libraries_2017\windows\daal ; DriverData=C:\Windows\System32\Drivers\DriverData ; FCOMPNM=ifort.exe ; Framework40Version=v4.0 ; FrameworkDIR64=C:\Windows\Microsoft.NET\Framework64 ; FrameworkDir=C:\Windows\Microsoft.NET\Framework64 ; FrameworkVersion=v4.0.30319 ; FrameworkVersion64=v4.0.30319 ; HOME=C:\Users\osqa ; HOMEDRIVE=C: ; HOMEPATH=\Users\osqa ; ICPP_COMPILER17=C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\ ; IFORT_COMPILER17=C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\ ; INCLUDE=C:\Program Files (x86)\IntelSWTools\parallel_studio_xe_2017.4.051\compilers_and_libraries_2017\windows\compiler\include;C:\Program Files (x86)\IntelSWTools\parallel_studio_xe_2017.4.051\compilers_and_libraries_2017\windows\compiler\include\intel64;C:\Program Files (x86)\Microsoft Visual Studio 14.0\VC\INCLUDE;C:\Program Files (x86)\Microsoft Visual Studio 14.0\VC\ATLMFC\INCLUDE;C:\Program Files (x86)\Windows Kits\10\include\10.0.10240.0\ucrt;C:\Program Files (x86)\Windows Kits\NETFXSDK\4.6.1\include\um;C:\Program Files (x86)\Windows Kits\8.1\include\\shared;C:\Program Files (x86)\Windows Kits\8.1\include\\um;C:\Program Files (x86)\Windows Kits\8.1\include\\winrt;C:\Program Files (x86)\IntelSWTools\parallel_studio_xe_2017.4.051\compilers_and_libraries_2017\windows\mpi\intel64\bin\..\..\intel64\include;C:\Program Files (x86)\IntelSWTools\parallel_studio_xe_2017.4.051\compilers_and_libraries_2017\windows\ipp\include;C:\Program Files (x86)\IntelSWTools\parallel_studio_xe_2017.4.051\compilers_and_libraries_2017\windows\mkl\include;C:\Program Files (x86)\IntelSWTools\parallel_studio_xe_2017.4.05" "10:48:40.7269810 AM","icl.exe","47804","Thread Create","","SUCCESS","Thread ID: 39576" "10:48:40.7304816 AM","icl.exe","47804","CreateFile","C:\","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Complete If Oplocked, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "10:48:40.7306229 AM","icl.exe","47804","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\icl.exe","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Complete If Oplocked, Open By ID, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "10:48:40.7306562 AM","icl.exe","47804","CloseFile","C:\","SUCCESS","" "10:48:40.7357160 AM","icl.exe","47804","CloseFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\icl.exe","SUCCESS","" "10:48:40.7358255 AM","icl.exe","47804","CreateFile","C:\","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Complete If Oplocked, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "10:48:40.7359680 AM","icl.exe","47804","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\icl.exe","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Complete If Oplocked, Open By ID, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "10:48:40.7360018 AM","icl.exe","47804","CloseFile","C:\","SUCCESS","" "10:48:40.7361020 AM","icl.exe","47804","CloseFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\icl.exe","SUCCESS","" "10:48:40.7426232 AM","icl.exe","47804","Load Image","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\icl.exe","SUCCESS","Image Base: 0x7ff6546a0000, Image Size: 0x491000" "10:48:40.7428528 AM","icl.exe","47804","Load Image","C:\Windows\System32\ntdll.dll","SUCCESS","Image Base: 0x7ffbdd590000, Image Size: 0x1f5000" "10:48:40.7429533 AM","icl.exe","47804","CreateFile","C:\Windows\Prefetch\ICL.EXE-4354B25E.pf","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Attributes: n/a, ShareMode: None, AllocationSize: n/a, OpenResult: Opened" "10:48:40.7430118 AM","icl.exe","47804","QueryStandardInformationFile","C:\Windows\Prefetch\ICL.EXE-4354B25E.pf","SUCCESS","AllocationSize: 28,672, EndOfFile: 26,465, NumberOfLinks: 1, DeletePending: False, Directory: False" "10:48:40.7430271 AM","icl.exe","47804","ReadFile","C:\Windows\Prefetch\ICL.EXE-4354B25E.pf","SUCCESS","Offset: 0, Length: 26,465, Priority: Normal" "10:48:40.7435010 AM","icl.exe","47804","CloseFile","C:\Windows\Prefetch\ICL.EXE-4354B25E.pf","SUCCESS","" "10:48:40.9150944 AM","icl.exe","47804","RegOpenKey","HKLM\System\CurrentControlSet\Control\Session Manager","REPARSE","Desired Access: Query Value" "10:48:40.9154758 AM","icl.exe","47804","RegOpenKey","HKLM\System\CurrentControlSet\Control\Session Manager","SUCCESS","Desired Access: Query Value" "10:48:40.9155025 AM","icl.exe","47804","RegQueryValue","HKLM\System\CurrentControlSet\Control\Session Manager\RaiseExceptionOnPossibleDeadlock","NAME NOT FOUND","Length: 80" "10:48:40.9155294 AM","icl.exe","47804","RegCloseKey","HKLM\System\CurrentControlSet\Control\Session Manager","SUCCESS","" "10:48:40.9156639 AM","icl.exe","47804","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Segment Heap","REPARSE","Desired Access: Query Value" "10:48:40.9156798 AM","icl.exe","47804","RegOpenKey","HKLM\System\CurrentControlSet\Control\Session Manager\Segment Heap","NAME NOT FOUND","Desired Access: Query Value" "10:48:40.9157730 AM","icl.exe","47804","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Control\Session Manager","REPARSE","Desired Access: Query Value, Enumerate Sub Keys" "10:48:40.9158213 AM","icl.exe","47804","RegOpenKey","HKLM\System\CurrentControlSet\Control\Session Manager","SUCCESS","Desired Access: Query Value, Enumerate Sub Keys" "10:48:40.9158427 AM","icl.exe","47804","RegQueryValue","HKLM\System\CurrentControlSet\Control\Session Manager\ResourcePolicies","NAME NOT FOUND","Length: 24" "10:48:40.9158677 AM","icl.exe","47804","RegCloseKey","HKLM\System\CurrentControlSet\Control\Session Manager","SUCCESS","" "10:48:40.9167563 AM","icl.exe","47804","CreateFile","C:\Users\osqa\workarea\osqa_ca-w10-bld-05_os_211\os","SUCCESS","Desired Access: Execute/Traverse, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened" "10:48:40.9171646 AM","icl.exe","47804","Load Image","C:\Windows\System32\kernel32.dll","SUCCESS","Image Base: 0x7ffbdd490000, Image Size: 0xbd000" "10:48:40.9177276 AM","icl.exe","47804","Load Image","C:\Windows\System32\KernelBase.dll","SUCCESS","Image Base: 0x7ffbdacd0000, Image Size: 0x2c9000" "10:48:40.9424142 AM","icl.exe","47804","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\3c74afb9-8d82-44e3-b52c-365dbf48382a","NAME NOT FOUND","Length: 528" "10:48:40.9424784 AM","icl.exe","47804","QueryNameInformationFile","C:\Windows\System32\KernelBase.dll","SUCCESS","Name: \Windows\System32\KernelBase.dll" "10:48:40.9427407 AM","icl.exe","47804","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\05f95efe-7f75-49c7-a994-60a55cc09571","NAME NOT FOUND","Length: 528" "10:48:40.9427958 AM","icl.exe","47804","QueryNameInformationFile","C:\Windows\System32\KernelBase.dll","SUCCESS","Name: \Windows\System32\KernelBase.dll" "10:48:40.9430457 AM","icl.exe","47804","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\e36c4458-ed80-4ad7-a8be-52dda1eb5f1c","NAME NOT FOUND","Length: 528" "10:48:40.9431063 AM","icl.exe","47804","QueryNameInformationFile","C:\Windows\System32\kernel32.dll","SUCCESS","Name: \Windows\System32\kernel32.dll" "10:48:40.9439959 AM","icl.exe","47804","RegOpenKey","HKLM\System\CurrentControlSet\Control\SafeBoot\Option","REPARSE","Desired Access: Query Value, Set Value" "10:48:40.9440127 AM","icl.exe","47804","RegOpenKey","HKLM\System\CurrentControlSet\Control\SafeBoot\Option","NAME NOT FOUND","Desired Access: Query Value, Set Value" "10:48:40.9440379 AM","icl.exe","47804","RegOpenKey","HKLM\System\CurrentControlSet\Control\Srp\GP\DLL","REPARSE","Desired Access: Read" "10:48:40.9440729 AM","icl.exe","47804","RegOpenKey","HKLM\System\CurrentControlSet\Control\Srp\GP\DLL","NAME NOT FOUND","Desired Access: Read" "10:48:40.9440968 AM","icl.exe","47804","RegOpenKey","HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers","SUCCESS","Desired Access: Query Value" "10:48:40.9441218 AM","icl.exe","47804","RegQueryValue","HKLM\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\TransparentEnabled","NAME NOT FOUND","Length: 80" "10:48:40.9441440 AM","icl.exe","47804","RegCloseKey","HKLM\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers","SUCCESS","" "10:48:40.9441743 AM","icl.exe","47804","RegOpenKey","HKU\S-1-5-21-2109960903-2035505985-632688529-10574\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers","NAME NOT FOUND","Desired Access: Query Value" "10:48:40.9442220 AM","icl.exe","47804","RegOpenKey","HKLM\System\CurrentControlSet\Control\FileSystem\","REPARSE","Desired Access: Read" "10:48:40.9442336 AM","icl.exe","47804","RegOpenKey","HKLM\System\CurrentControlSet\Control\FileSystem","SUCCESS","Desired Access: Read" "10:48:40.9442542 AM","icl.exe","47804","RegQueryValue","HKLM\System\CurrentControlSet\Control\FileSystem\LongPathsEnabled","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0" "10:48:40.9442757 AM","icl.exe","47804","RegCloseKey","HKLM\System\CurrentControlSet\Control\FileSystem","SUCCESS","" "10:48:40.9446285 AM","icl.exe","47804","CreateFile","C:\Windows\System32\sysfer.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "10:48:40.9446638 AM","icl.exe","47804","QueryBasicInformationFile","C:\Windows\System32\sysfer.dll","SUCCESS","CreationTime: 2/17/2021 7:38:16 AM, LastAccessTime: 3/25/2021 10:48:40 AM, LastWriteTime: 2/17/2021 7:38:16 AM, ChangeTime: 2/17/2021 7:38:16 AM, FileAttributes: A" "10:48:40.9446762 AM","icl.exe","47804","CloseFile","C:\Windows\System32\sysfer.dll","SUCCESS","" "10:48:40.9447743 AM","icl.exe","47804","CreateFile","C:\Windows\System32\sysfer.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened" "10:48:40.9448156 AM","icl.exe","47804","CreateFileMapping","C:\Windows\System32\sysfer.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_WRITECOPY|PAGE_NOCACHE" "10:48:40.9449489 AM","icl.exe","47804","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Read" "10:48:40.9449697 AM","icl.exe","47804","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Read" "10:48:40.9449883 AM","icl.exe","47804","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 20" "10:48:40.9450089 AM","icl.exe","47804","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","" "10:48:40.9450247 AM","icl.exe","47804","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Query Value" "10:48:40.9450407 AM","icl.exe","47804","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Query Value" "10:48:40.9450854 AM","icl.exe","47804","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 80" "10:48:40.9451371 AM","icl.exe","47804","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","" "10:48:40.9451525 AM","icl.exe","47804","CreateFileMapping","C:\Windows\System32\sysfer.dll","SUCCESS","SyncType: SyncTypeOther" "10:48:40.9454160 AM","icl.exe","47804","Load Image","C:\Windows\System32\sysfer.dll","SUCCESS","Image Base: 0x50660000, Image Size: 0x93000" "10:48:40.9456659 AM","icl.exe","47804","Thread Create","","SUCCESS","Thread ID: 46540" "10:48:40.9457022 AM","icl.exe","47804","CloseFile","C:\Windows\System32\sysfer.dll","SUCCESS","" "10:48:40.9461383 AM","icl.exe","47804","Load Image","C:\Windows\System32\advapi32.dll","SUCCESS","Image Base: 0x7ffbdd170000, Image Size: 0xac000" "10:48:40.9466088 AM","icl.exe","47804","Load Image","C:\Windows\System32\msvcrt.dll","SUCCESS","Image Base: 0x7ffbdc6e0000, Image Size: 0x9e000" "10:48:40.9472241 AM","icl.exe","47804","Load Image","C:\Windows\System32\sechost.dll","SUCCESS","Image Base: 0x7ffbdc640000, Image Size: 0x9c000" "10:48:40.9476490 AM","icl.exe","47804","Load Image","C:\Windows\System32\rpcrt4.dll","SUCCESS","Image Base: 0x7ffbdd300000, Image Size: 0x12b000" "10:48:40.9480034 AM","icl.exe","47804","Thread Create","","SUCCESS","Thread ID: 48012" "10:48:40.9486720 AM","icl.exe","47804","Load Image","C:\Windows\System32\shlwapi.dll","SUCCESS","Image Base: 0x7ffbdd0b0000, Image Size: 0x55000" "10:48:40.9494259 AM","icl.exe","47804","Load Image","C:\Windows\System32\oleaut32.dll","SUCCESS","Image Base: 0x7ffbdc4b0000, Image Size: 0xcd000" "10:48:40.9499108 AM","icl.exe","47804","Load Image","C:\Windows\System32\msvcp_win.dll","SUCCESS","Image Base: 0x7ffbdb0d0000, Image Size: 0x9d000" "10:48:40.9503740 AM","icl.exe","47804","Load Image","C:\Windows\System32\ucrtbase.dll","SUCCESS","Image Base: 0x7ffbdafa0000, Image Size: 0x100000" "10:48:40.9507291 AM","icl.exe","47804","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Control\Session Manager","REPARSE","Desired Access: Query Value, Enumerate Sub Keys" "10:48:40.9507492 AM","icl.exe","47804","RegOpenKey","HKLM\System\CurrentControlSet\Control\Session Manager","SUCCESS","Desired Access: Query Value, Enumerate Sub Keys" "10:48:40.9508073 AM","icl.exe","47804","RegQueryValue","HKLM\System\CurrentControlSet\Control\Session Manager\ResourcePolicies","NAME NOT FOUND","Length: 24" "10:48:40.9508359 AM","icl.exe","47804","RegCloseKey","HKLM\System\CurrentControlSet\Control\Session Manager","SUCCESS","" "10:48:40.9510817 AM","icl.exe","47804","Load Image","C:\Windows\System32\combase.dll","SUCCESS","Image Base: 0x7ffbdcb90000, Image Size: 0x355000" "10:48:40.9517519 AM","icl.exe","47804","Load Image","C:\Windows\System32\ole32.dll","SUCCESS","Image Base: 0x7ffbdbd40000, Image Size: 0x12a000" "10:48:40.9523058 AM","icl.exe","47804","Load Image","C:\Windows\System32\gdi32.dll","SUCCESS","Image Base: 0x7ffbdd220000, Image Size: 0x2a000" "10:48:40.9528163 AM","icl.exe","47804","Load Image","C:\Windows\System32\win32u.dll","SUCCESS","Image Base: 0x7ffbdb0a0000, Image Size: 0x22000" "10:48:40.9532289 AM","icl.exe","47804","Load Image","C:\Windows\System32\gdi32full.dll","SUCCESS","Image Base: 0x7ffbdb4e0000, Image Size: 0x10b000" "10:48:40.9538295 AM","icl.exe","47804","Load Image","C:\Windows\System32\user32.dll","SUCCESS","Image Base: 0x7ffbdc860000, Image Size: 0x1a0000" "10:48:40.9544416 AM","icl.exe","47804","Load Image","C:\Windows\System32\shell32.dll","SUCCESS","Image Base: 0x7ffbdb5f0000, Image Size: 0x742000" "10:48:40.9551772 AM","icl.exe","47804","Load Image","C:\Windows\System32\comdlg32.dll","SUCCESS","Image Base: 0x7ffbdc780000, Image Size: 0xda000" "10:48:40.9556663 AM","icl.exe","47804","Load Image","C:\Windows\System32\SHCore.dll","SUCCESS","Image Base: 0x7ffbdc590000, Image Size: 0xae000" "10:48:40.9559649 AM","icl.exe","47804","RegOpenKey","HKLM\Software\Microsoft\Windows\CurrentVersion\SideBySide\AssemblyStorageRoots","NAME NOT FOUND","Desired Access: Enumerate Sub Keys" "10:48:40.9561889 AM","icl.exe","47804","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\icl.exe.Local","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a" "10:48:40.9567859 AM","icl.exe","47804","CreateFile","C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.19041.844_none_423537bff6b9828c","SUCCESS","Desired Access: Execute/Traverse, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened" "10:48:40.9571305 AM","icl.exe","47804","Load Image","C:\Windows\System32\ws2_32.dll","SUCCESS","Image Base: 0x7ffbdd250000, Image Size: 0x6b000" "10:48:40.9576712 AM","icl.exe","47804","RegOpenKey","HKLM\System\CurrentControlSet\Control\Session Manager","REPARSE","Desired Access: Query Value" "10:48:40.9577256 AM","icl.exe","47804","RegOpenKey","HKLM\System\CurrentControlSet\Control\Session Manager","SUCCESS","Desired Access: Query Value" "10:48:40.9577518 AM","icl.exe","47804","RegQueryValue","HKLM\System\CurrentControlSet\Control\Session Manager\SafeDllSearchMode","NAME NOT FOUND","Length: 16" "10:48:40.9582718 AM","icl.exe","47804","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\VERSION.dll","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a" "10:48:40.9582774 AM","icl.exe","47804","Thread Create","","SUCCESS","Thread ID: 47144" "10:48:40.9583403 AM","icl.exe","47804","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\FNP_Act_Installer.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "10:48:40.9583741 AM","icl.exe","47804","QueryBasicInformationFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\FNP_Act_Installer.dll","SUCCESS","CreationTime: 4/12/2017 7:50:50 AM, LastAccessTime: 3/25/2021 10:48:38 AM, LastWriteTime: 4/12/2017 7:50:50 AM, ChangeTime: 2/24/2021 12:42:11 AM, FileAttributes: A" "10:48:40.9583861 AM","icl.exe","47804","CloseFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\FNP_Act_Installer.dll","SUCCESS","" "10:48:40.9586465 AM","icl.exe","47804","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\FNP_Act_Installer.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened" "10:48:40.9586896 AM","icl.exe","47804","CreateFileMapping","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\FNP_Act_Installer.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_WRITECOPY|PAGE_NOCACHE" "10:48:40.9586939 AM","icl.exe","47804","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\intelremotemon.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "10:48:40.9587255 AM","icl.exe","47804","QueryBasicInformationFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\intelremotemon.dll","SUCCESS","CreationTime: 4/12/2017 7:50:48 AM, LastAccessTime: 3/25/2021 10:48:38 AM, LastWriteTime: 4/12/2017 7:50:48 AM, ChangeTime: 2/24/2021 12:42:11 AM, FileAttributes: A" "10:48:40.9587360 AM","icl.exe","47804","CloseFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\intelremotemon.dll","SUCCESS","" "10:48:40.9588394 AM","icl.exe","47804","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\intelremotemon.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened" "10:48:40.9588830 AM","icl.exe","47804","CreateFileMapping","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\intelremotemon.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_WRITECOPY|PAGE_NOCACHE" "10:48:40.9589434 AM","icl.exe","47804","CreateFile","C:\Windows\System32\version.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "10:48:40.9589969 AM","icl.exe","47804","QueryBasicInformationFile","C:\Windows\System32\version.dll","SUCCESS","CreationTime: 2/17/2021 8:54:00 AM, LastAccessTime: 3/25/2021 10:48:38 AM, LastWriteTime: 2/17/2021 8:54:00 AM, ChangeTime: 3/10/2021 10:24:06 PM, FileAttributes: A" "10:48:40.9590094 AM","icl.exe","47804","CloseFile","C:\Windows\System32\version.dll","SUCCESS","" "10:48:40.9590651 AM","icl.exe","47804","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Read" "10:48:40.9590950 AM","icl.exe","47804","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Read" "10:48:40.9591128 AM","icl.exe","47804","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 20" "10:48:40.9591302 AM","icl.exe","47804","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","" "10:48:40.9592475 AM","icl.exe","47804","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Query Value" "10:48:40.9592692 AM","icl.exe","47804","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Query Value" "10:48:40.9592858 AM","icl.exe","47804","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 80" "10:48:40.9593021 AM","icl.exe","47804","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","" "10:48:40.9593158 AM","icl.exe","47804","CreateFileMapping","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\FNP_Act_Installer.dll","SUCCESS","SyncType: SyncTypeOther" "10:48:40.9593285 AM","icl.exe","47804","CreateFile","C:\Windows\System32\version.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened" "10:48:40.9593737 AM","icl.exe","47804","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Read" "10:48:40.9593922 AM","icl.exe","47804","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Read" "10:48:40.9594086 AM","icl.exe","47804","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 20" "10:48:40.9594238 AM","icl.exe","47804","CreateFileMapping","C:\Windows\System32\version.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_WRITECOPY|PAGE_NOCACHE" "10:48:40.9594253 AM","icl.exe","47804","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","" "10:48:40.9594395 AM","icl.exe","47804","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Query Value" "10:48:40.9594527 AM","icl.exe","47804","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Query Value" "10:48:40.9594659 AM","icl.exe","47804","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 80" "10:48:40.9594801 AM","icl.exe","47804","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","" "10:48:40.9594946 AM","icl.exe","47804","CreateFileMapping","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\intelremotemon.dll","SUCCESS","SyncType: SyncTypeOther" "10:48:40.9595453 AM","icl.exe","47804","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Read" "10:48:40.9595625 AM","icl.exe","47804","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Read" "10:48:40.9595763 AM","icl.exe","47804","Load Image","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\FNP_Act_Installer.dll","SUCCESS","Image Base: 0x77410000, Image Size: 0x1eb000" "10:48:40.9595772 AM","icl.exe","47804","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 20" "10:48:40.9595925 AM","icl.exe","47804","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","" "10:48:40.9596061 AM","icl.exe","47804","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Query Value" "10:48:40.9596195 AM","icl.exe","47804","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Query Value" "10:48:40.9596752 AM","icl.exe","47804","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 80" "10:48:40.9596869 AM","icl.exe","47804","Load Image","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\intelremotemon.dll","SUCCESS","Image Base: 0x7ffbb5b00000, Image Size: 0x158000" "10:48:40.9596924 AM","icl.exe","47804","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","" "10:48:40.9597265 AM","icl.exe","47804","CreateFileMapping","C:\Windows\System32\version.dll","SUCCESS","SyncType: SyncTypeOther" "10:48:40.9599266 AM","icl.exe","47804","CloseFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\FNP_Act_Installer.dll","SUCCESS","" "10:48:40.9599277 AM","icl.exe","47804","Load Image","C:\Windows\System32\version.dll","SUCCESS","Image Base: 0x7ffbd1d40000, Image Size: 0xa000" "10:48:40.9601293 AM","icl.exe","47804","RegOpenKey","HKU\S-1-5-21-2109960903-2035505985-632688529-10574","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access" "10:48:40.9601700 AM","icl.exe","47804","RegOpenKey","HKU\S-1-5-21-2109960903-2035505985-632688529-10574\Control Panel\Desktop\MuiCached\MachineLanguageConfiguration","NAME NOT FOUND","Desired Access: Read" "10:48:40.9601992 AM","icl.exe","47804","RegCloseKey","HKU\S-1-5-21-2109960903-2035505985-632688529-10574","SUCCESS","" "10:48:40.9602107 AM","icl.exe","47804","CloseFile","C:\Windows\System32\version.dll","SUCCESS","" "10:48:40.9602260 AM","icl.exe","47804","RegOpenKey","HKLM\Software\Policies\Microsoft\MUI\Settings","NAME NOT FOUND","Desired Access: Read" "10:48:40.9602647 AM","icl.exe","47804","RegOpenKey","HKU\S-1-5-21-2109960903-2035505985-632688529-10574","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access" "10:48:40.9602898 AM","icl.exe","47804","RegOpenKey","HKU\S-1-5-21-2109960903-2035505985-632688529-10574\Software\Policies\Microsoft\Control Panel\Desktop","NAME NOT FOUND","Desired Access: Read" "10:48:40.9603160 AM","icl.exe","47804","RegOpenKey","HKU\S-1-5-21-2109960903-2035505985-632688529-10574\Control Panel\Desktop\LanguageConfiguration","NAME NOT FOUND","Desired Access: Read" "10:48:40.9603407 AM","icl.exe","47804","RegCloseKey","HKU\S-1-5-21-2109960903-2035505985-632688529-10574","SUCCESS","" "10:48:40.9603641 AM","icl.exe","47804","RegOpenKey","HKLM\Software\Policies\Microsoft\MUI\Settings","NAME NOT FOUND","Desired Access: Read" "10:48:40.9603978 AM","icl.exe","47804","RegOpenKey","HKU\S-1-5-21-2109960903-2035505985-632688529-10574","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access" "10:48:40.9604222 AM","icl.exe","47804","RegOpenKey","HKU\S-1-5-21-2109960903-2035505985-632688529-10574\Software\Policies\Microsoft\Control Panel\Desktop","NAME NOT FOUND","Desired Access: Read" "10:48:40.9604595 AM","icl.exe","47804","RegOpenKey","HKU\S-1-5-21-2109960903-2035505985-632688529-10574\Control Panel\Desktop","SUCCESS","Desired Access: Read" "10:48:40.9604845 AM","icl.exe","47804","RegQueryValue","HKU\S-1-5-21-2109960903-2035505985-632688529-10574\Control Panel\Desktop\PreferredUILanguages","NAME NOT FOUND","Length: 12" "10:48:40.9605132 AM","icl.exe","47804","RegCloseKey","HKU\S-1-5-21-2109960903-2035505985-632688529-10574\Control Panel\Desktop","SUCCESS","" "10:48:40.9605339 AM","icl.exe","47804","RegCloseKey","HKU\S-1-5-21-2109960903-2035505985-632688529-10574","SUCCESS","" "10:48:40.9605551 AM","icl.exe","47804","RegOpenKey","HKLM\Software\Policies\Microsoft\MUI\Settings","NAME NOT FOUND","Desired Access: Read" "10:48:40.9605889 AM","icl.exe","47804","RegOpenKey","HKU\S-1-5-21-2109960903-2035505985-632688529-10574","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access" "10:48:40.9606129 AM","icl.exe","47804","RegOpenKey","HKU\S-1-5-21-2109960903-2035505985-632688529-10574\Control Panel\Desktop\MuiCached","SUCCESS","Desired Access: Read" "10:48:40.9606368 AM","icl.exe","47804","RegQueryValue","HKU\S-1-5-21-2109960903-2035505985-632688529-10574\Control Panel\Desktop\MuiCached\MachinePreferredUILanguages","BUFFER OVERFLOW","Length: 12" "10:48:40.9606649 AM","icl.exe","47804","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\NETAPI32.dll","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a" "10:48:40.9606956 AM","icl.exe","47804","RegQueryValue","HKU\S-1-5-21-2109960903-2035505985-632688529-10574\Control Panel\Desktop\MuiCached\MachinePreferredUILanguages","SUCCESS","Type: REG_MULTI_SZ, Length: 12, Data: en-US" "10:48:40.9607272 AM","icl.exe","47804","RegCloseKey","HKU\S-1-5-21-2109960903-2035505985-632688529-10574\Control Panel\Desktop\MuiCached","SUCCESS","" "10:48:40.9607507 AM","icl.exe","47804","RegCloseKey","HKU\S-1-5-21-2109960903-2035505985-632688529-10574","SUCCESS","" "10:48:40.9608331 AM","icl.exe","47804","RegOpenKey","HKLM\Software\Microsoft\Windows\CurrentVersion\SideBySide","SUCCESS","Desired Access: Read" "10:48:40.9608602 AM","icl.exe","47804","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest","NAME NOT FOUND","Length: 20" "10:48:40.9608848 AM","icl.exe","47804","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide","SUCCESS","" "10:48:40.9609982 AM","icl.exe","47804","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\intelremotemon.dll","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened" "10:48:40.9610704 AM","icl.exe","47804","CreateFile","C:\Windows\System32\netapi32.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "10:48:40.9611860 AM","icl.exe","47804","QueryBasicInformationFile","C:\Windows\System32\netapi32.dll","SUCCESS","CreationTime: 2/17/2021 8:53:25 AM, LastAccessTime: 3/25/2021 10:48:38 AM, LastWriteTime: 2/17/2021 8:53:25 AM, ChangeTime: 3/10/2021 10:24:06 PM, FileAttributes: A" "10:48:40.9612011 AM","icl.exe","47804","CloseFile","C:\Windows\System32\netapi32.dll","SUCCESS","" "10:48:40.9614100 AM","icl.exe","47804","CloseFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\intelremotemon.dll","SUCCESS","" "10:48:40.9615246 AM","icl.exe","47804","CreateFile","C:\Windows\System32\netapi32.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened" "10:48:40.9616795 AM","icl.exe","47804","CreateFileMapping","C:\Windows\System32\netapi32.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_WRITECOPY|PAGE_NOCACHE" "10:48:40.9617060 AM","icl.exe","47804","RegOpenKey","HKLM\Software\Microsoft\Windows\CurrentVersion\SideBySide\AssemblyStorageRoots","NAME NOT FOUND","Desired Access: Enumerate Sub Keys" "10:48:40.9617876 AM","icl.exe","47804","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Read" "10:48:40.9618067 AM","icl.exe","47804","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Read" "10:48:40.9618272 AM","icl.exe","47804","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 20" "10:48:40.9618454 AM","icl.exe","47804","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","" "10:48:40.9618601 AM","icl.exe","47804","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Query Value" "10:48:40.9618747 AM","icl.exe","47804","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Query Value" "10:48:40.9618897 AM","icl.exe","47804","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 80" "10:48:40.9619049 AM","icl.exe","47804","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","" "10:48:40.9619197 AM","icl.exe","47804","CreateFileMapping","C:\Windows\System32\netapi32.dll","SUCCESS","SyncType: SyncTypeOther" "10:48:40.9619466 AM","icl.exe","47804","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\icl.exe.Local","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a" "10:48:40.9621041 AM","icl.exe","47804","CreateFile","C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.844_none_ca00b6081b84eb1d","SUCCESS","Desired Access: Execute/Traverse, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened" "10:48:40.9621813 AM","icl.exe","47804","CloseFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\intelremotemon.dll","SUCCESS","" "10:48:40.9621862 AM","icl.exe","47804","Load Image","C:\Windows\System32\netapi32.dll","SUCCESS","Image Base: 0x7ffbd0460000, Image Size: 0x18000" "10:48:40.9623854 AM","icl.exe","47804","CreateFile","C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.19041.844_none_423537bff6b9828c\comctl32.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "10:48:40.9624178 AM","icl.exe","47804","QueryBasicInformationFile","C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.19041.844_none_423537bff6b9828c\comctl32.dll","SUCCESS","CreationTime: 3/10/2021 10:13:43 PM, LastAccessTime: 3/25/2021 10:48:38 AM, LastWriteTime: 2/10/2021 4:51:30 AM, ChangeTime: 3/19/2021 4:20:31 AM, FileAttributes: A" "10:48:40.9624284 AM","icl.exe","47804","CloseFile","C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.19041.844_none_423537bff6b9828c\comctl32.dll","SUCCESS","" "10:48:40.9625408 AM","icl.exe","47804","CreateFile","C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.19041.844_none_423537bff6b9828c\comctl32.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened" "10:48:40.9625935 AM","icl.exe","47804","CreateFileMapping","C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.19041.844_none_423537bff6b9828c\comctl32.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_WRITECOPY|PAGE_NOCACHE" "10:48:40.9626210 AM","icl.exe","47804","CreateFile","C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.19041.844_none_423537bff6b9828c\comctl32.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "10:48:40.9626547 AM","icl.exe","47804","QueryBasicInformationFile","C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.19041.844_none_423537bff6b9828c\comctl32.dll","SUCCESS","CreationTime: 3/10/2021 10:13:43 PM, LastAccessTime: 3/25/2021 10:48:38 AM, LastWriteTime: 2/10/2021 4:51:30 AM, ChangeTime: 3/19/2021 4:20:31 AM, FileAttributes: A" "10:48:40.9626693 AM","icl.exe","47804","CloseFile","C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.19041.844_none_423537bff6b9828c\comctl32.dll","SUCCESS","" "10:48:40.9627230 AM","icl.exe","47804","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Read" "10:48:40.9627403 AM","icl.exe","47804","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Read" "10:48:40.9627557 AM","icl.exe","47804","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 20" "10:48:40.9627724 AM","icl.exe","47804","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","" "10:48:40.9627873 AM","icl.exe","47804","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Query Value" "10:48:40.9628017 AM","icl.exe","47804","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Query Value" "10:48:40.9628135 AM","icl.exe","47804","CreateFile","C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.19041.844_none_423537bff6b9828c\comctl32.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened" "10:48:40.9628161 AM","icl.exe","47804","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 80" "10:48:40.9628308 AM","icl.exe","47804","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","" "10:48:40.9628441 AM","icl.exe","47804","CreateFileMapping","C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.19041.844_none_423537bff6b9828c\comctl32.dll","SUCCESS","SyncType: SyncTypeOther" "10:48:40.9628574 AM","icl.exe","47804","CreateFileMapping","C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.19041.844_none_423537bff6b9828c\comctl32.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_WRITECOPY|PAGE_NOCACHE" "10:48:40.9629356 AM","icl.exe","47804","CloseFile","C:\Windows\System32\netapi32.dll","SUCCESS","" "10:48:40.9629813 AM","icl.exe","47804","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Read" "10:48:40.9630001 AM","icl.exe","47804","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Read" "10:48:40.9630181 AM","icl.exe","47804","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 20" "10:48:40.9630371 AM","icl.exe","47804","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","" "10:48:40.9630535 AM","icl.exe","47804","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Query Value" "10:48:40.9630545 AM","icl.exe","47804","Load Image","C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.19041.844_none_423537bff6b9828c\comctl32.dll","SUCCESS","Image Base: 0x7ffbcf500000, Image Size: 0xb0000" "10:48:40.9630692 AM","icl.exe","47804","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Query Value" "10:48:40.9631110 AM","icl.exe","47804","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 80" "10:48:40.9631269 AM","icl.exe","47804","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","" "10:48:40.9631408 AM","icl.exe","47804","CreateFileMapping","C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.19041.844_none_423537bff6b9828c\comctl32.dll","SUCCESS","SyncType: SyncTypeOther" "10:48:40.9633809 AM","icl.exe","47804","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\VERSION.dll","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a" "10:48:40.9635518 AM","icl.exe","47804","CreateFile","C:\Windows\System32\version.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "10:48:40.9635786 AM","icl.exe","47804","Load Image","C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.19041.844_none_423537bff6b9828c\comctl32.dll","SUCCESS","Image Base: 0x2e10000, Image Size: 0xb0000" "10:48:40.9635894 AM","icl.exe","47804","QueryBasicInformationFile","C:\Windows\System32\version.dll","SUCCESS","CreationTime: 2/17/2021 8:54:00 AM, LastAccessTime: 3/25/2021 10:48:40 AM, LastWriteTime: 2/17/2021 8:54:00 AM, ChangeTime: 3/10/2021 10:24:06 PM, FileAttributes: A" "10:48:40.9636008 AM","icl.exe","47804","CloseFile","C:\Windows\System32\version.dll","SUCCESS","" "10:48:40.9637722 AM","icl.exe","47804","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\msi.dll","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a" "10:48:40.9639312 AM","icl.exe","47804","CreateFile","C:\Windows\System32\msi.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "10:48:40.9639660 AM","icl.exe","47804","QueryBasicInformationFile","C:\Windows\System32\msi.dll","SUCCESS","CreationTime: 3/10/2021 10:22:36 PM, LastAccessTime: 3/25/2021 10:48:38 AM, LastWriteTime: 3/10/2021 10:22:36 PM, ChangeTime: 3/10/2021 10:53:09 PM, FileAttributes: A" "10:48:40.9639793 AM","icl.exe","47804","CloseFile","C:\Windows\System32\msi.dll","SUCCESS","" "10:48:40.9640782 AM","icl.exe","47804","CloseFile","C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.19041.844_none_423537bff6b9828c\comctl32.dll","SUCCESS","" "10:48:40.9640972 AM","icl.exe","47804","CreateFile","C:\Windows\System32\msi.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened" "10:48:40.9641202 AM","icl.exe","47804","CloseFile","C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.19041.844_none_423537bff6b9828c\comctl32.dll","SUCCESS","" "10:48:40.9641474 AM","icl.exe","47804","CreateFileMapping","C:\Windows\System32\msi.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_WRITECOPY|PAGE_NOCACHE" "10:48:40.9642826 AM","icl.exe","47804","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Read" "10:48:40.9643005 AM","icl.exe","47804","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Read" "10:48:40.9643167 AM","icl.exe","47804","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 20" "10:48:40.9643427 AM","icl.exe","47804","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","" "10:48:40.9643593 AM","icl.exe","47804","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Query Value" "10:48:40.9643761 AM","icl.exe","47804","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Query Value" "10:48:40.9643903 AM","icl.exe","47804","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 80" "10:48:40.9644127 AM","icl.exe","47804","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\WINSPOOL.DRV","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a" "10:48:40.9644680 AM","icl.exe","47804","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","" "10:48:40.9644804 AM","icl.exe","47804","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\OLEACC.dll","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a" "10:48:40.9644833 AM","icl.exe","47804","CreateFileMapping","C:\Windows\System32\msi.dll","SUCCESS","SyncType: SyncTypeOther" "10:48:40.9647214 AM","icl.exe","47804","Load Image","C:\Windows\System32\msi.dll","SUCCESS","Image Base: 0x7ffbc4210000, Image Size: 0x32b000" "10:48:40.9648267 AM","icl.exe","47804","CreateFile","C:\Windows\System32\winspool.drv","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "10:48:40.9648693 AM","icl.exe","47804","QueryBasicInformationFile","C:\Windows\System32\winspool.drv","SUCCESS","CreationTime: 2/17/2021 8:52:44 AM, LastAccessTime: 3/25/2021 10:48:38 AM, LastWriteTime: 2/17/2021 8:52:44 AM, ChangeTime: 3/10/2021 10:24:06 PM, FileAttributes: A" "10:48:40.9648798 AM","icl.exe","47804","CloseFile","C:\Windows\System32\winspool.drv","SUCCESS","" "10:48:40.9648921 AM","icl.exe","47804","CreateFile","C:\Windows\System32\oleacc.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "10:48:40.9649352 AM","icl.exe","47804","QueryBasicInformationFile","C:\Windows\System32\oleacc.dll","SUCCESS","CreationTime: 2/17/2021 8:53:56 AM, LastAccessTime: 3/25/2021 10:48:38 AM, LastWriteTime: 2/17/2021 8:53:56 AM, ChangeTime: 3/10/2021 10:24:06 PM, FileAttributes: A" "10:48:40.9649471 AM","icl.exe","47804","CloseFile","C:\Windows\System32\oleacc.dll","SUCCESS","" "10:48:40.9650007 AM","icl.exe","47804","CreateFile","C:\Windows\System32\winspool.drv","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened" "10:48:40.9650451 AM","icl.exe","47804","RegOpenKey","HKLM\Software\Microsoft\Windows\CurrentVersion\SideBySide","SUCCESS","Desired Access: Read" "10:48:40.9650543 AM","icl.exe","47804","CreateFileMapping","C:\Windows\System32\winspool.drv","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_WRITECOPY|PAGE_NOCACHE" "10:48:40.9650889 AM","icl.exe","47804","CreateFile","C:\Windows\System32\oleacc.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened" "10:48:40.9651219 AM","icl.exe","47804","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest","NAME NOT FOUND","Length: 20" "10:48:40.9651429 AM","icl.exe","47804","CreateFileMapping","C:\Windows\System32\oleacc.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_WRITECOPY|PAGE_NOCACHE" "10:48:40.9651469 AM","icl.exe","47804","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide","SUCCESS","" "10:48:40.9651753 AM","icl.exe","47804","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Read" "10:48:40.9651923 AM","icl.exe","47804","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Read" "10:48:40.9652081 AM","icl.exe","47804","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 20" "10:48:40.9652248 AM","icl.exe","47804","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","" "10:48:40.9652399 AM","icl.exe","47804","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Query Value" "10:48:40.9652551 AM","icl.exe","47804","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Query Value" "10:48:40.9652588 AM","icl.exe","47804","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Read" "10:48:40.9652794 AM","icl.exe","47804","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Read" "10:48:40.9652839 AM","icl.exe","47804","CreateFile","C:\Windows\System32\msi.dll","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened" "10:48:40.9653213 AM","icl.exe","47804","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 80" "10:48:40.9653456 AM","icl.exe","47804","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 20" "10:48:40.9653475 AM","icl.exe","47804","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","" "10:48:40.9653622 AM","icl.exe","47804","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","" "10:48:40.9653634 AM","icl.exe","47804","CreateFileMapping","C:\Windows\System32\winspool.drv","SUCCESS","SyncType: SyncTypeOther" "10:48:40.9653767 AM","icl.exe","47804","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Query Value" "10:48:40.9653919 AM","icl.exe","47804","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Query Value" "10:48:40.9654058 AM","icl.exe","47804","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 80" "10:48:40.9654206 AM","icl.exe","47804","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","" "10:48:40.9654337 AM","icl.exe","47804","CreateFileMapping","C:\Windows\System32\oleacc.dll","SUCCESS","SyncType: SyncTypeOther" "10:48:40.9656007 AM","icl.exe","47804","Load Image","C:\Windows\System32\winspool.drv","SUCCESS","Image Base: 0x7ffbc6af0000, Image Size: 0x8e000" "10:48:40.9656263 AM","icl.exe","47804","Load Image","C:\Windows\System32\oleacc.dll","SUCCESS","Image Base: 0x7ffbbefe0000, Image Size: 0x66000" "10:48:40.9656482 AM","icl.exe","47804","CloseFile","C:\Windows\System32\msi.dll","SUCCESS","" "10:48:40.9659744 AM","icl.exe","47804","CreateFile","C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.844_none_ca00b6081b84eb1d\comctl32.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "10:48:40.9660074 AM","icl.exe","47804","QueryBasicInformationFile","C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.844_none_ca00b6081b84eb1d\comctl32.dll","SUCCESS","CreationTime: 3/10/2021 10:13:43 PM, LastAccessTime: 3/25/2021 10:48:38 AM, LastWriteTime: 2/10/2021 4:51:10 AM, ChangeTime: 3/12/2021 3:20:58 PM, FileAttributes: A" "10:48:40.9660188 AM","icl.exe","47804","CloseFile","C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.844_none_ca00b6081b84eb1d\comctl32.dll","SUCCESS","" "10:48:40.9662989 AM","icl.exe","47804","Load Image","C:\Windows\System32\bcrypt.dll","SUCCESS","Image Base: 0x7ffbdb3e0000, Image Size: 0x27000" "10:48:40.9663636 AM","icl.exe","47804","CloseFile","C:\Windows\System32\oleacc.dll","SUCCESS","" "10:48:40.9665208 AM","icl.exe","47804","CloseFile","C:\Windows\System32\winspool.drv","SUCCESS","" "10:48:40.9667392 AM","icl.exe","47804","CloseFile","C:\Windows\System32\msi.dll","SUCCESS","" "10:48:40.9669897 AM","icl.exe","47804","CreateFile","C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.844_none_ca00b6081b84eb1d\comctl32.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened" "10:48:40.9670732 AM","icl.exe","47804","CreateFileMapping","C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.844_none_ca00b6081b84eb1d\comctl32.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_WRITECOPY|PAGE_NOCACHE" "10:48:40.9672905 AM","icl.exe","47804","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Read" "10:48:40.9673079 AM","icl.exe","47804","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Read" "10:48:40.9673227 AM","icl.exe","47804","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 20" "10:48:40.9673380 AM","icl.exe","47804","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","" "10:48:40.9673519 AM","icl.exe","47804","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Query Value" "10:48:40.9674028 AM","icl.exe","47804","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Query Value" "10:48:40.9674160 AM","icl.exe","47804","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 80" "10:48:40.9674295 AM","icl.exe","47804","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","" "10:48:40.9674427 AM","icl.exe","47804","CreateFileMapping","C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.844_none_ca00b6081b84eb1d\comctl32.dll","SUCCESS","SyncType: SyncTypeOther" "10:48:40.9676383 AM","icl.exe","47804","Load Image","C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.844_none_ca00b6081b84eb1d\comctl32.dll","SUCCESS","Image Base: 0x7ffbc5b10000, Image Size: 0x29a000" "10:48:40.9680706 AM","icl.exe","47804","CloseFile","C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.844_none_ca00b6081b84eb1d\comctl32.dll","SUCCESS","" "10:48:40.9698324 AM","icl.exe","47804","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\Sorting\Versions","REPARSE","Desired Access: Read" "10:48:40.9698527 AM","icl.exe","47804","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\Sorting\Versions","SUCCESS","Desired Access: Read" "10:48:40.9699478 AM","icl.exe","47804","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\Sorting\Versions\(Default)","SUCCESS","Type: REG_SZ, Length: 18, Data: 00060305" "10:48:40.9699840 AM","icl.exe","47804","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\Sorting\Versions\000603xx","SUCCESS","Type: REG_SZ, Length: 26, Data: kernel32.dll" "10:48:40.9712738 AM","icl.exe","47804","RegOpenKey","HKLM\SOFTWARE\Symantec\Symantec Endpoint Protection\SMC","SUCCESS","Desired Access: Read, Maximum Allowed" "10:48:40.9713342 AM","icl.exe","47804","RegQueryValue","HKLM\SOFTWARE\Symantec\Symantec Endpoint Protection\SMC\smc_install_path","NAME NOT FOUND","Length: 4,094" "10:48:40.9713622 AM","icl.exe","47804","RegCloseKey","HKLM\SOFTWARE\Symantec\Symantec Endpoint Protection\SMC","SUCCESS","" "10:48:40.9714212 AM","icl.exe","47804","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion","SUCCESS","Desired Access: Read, Maximum Allowed" "10:48:40.9714752 AM","icl.exe","47804","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot","SUCCESS","Type: REG_SZ, Length: 22, Data: C:\Windows" "10:48:40.9715109 AM","icl.exe","47804","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion","SUCCESS","" "10:48:40.9715447 AM","icl.exe","47804","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Services\Sysplant\Sysfer","REPARSE","Desired Access: Read, Maximum Allowed" "10:48:40.9715595 AM","icl.exe","47804","RegOpenKey","HKLM\System\CurrentControlSet\Services\Sysplant\Sysfer","SUCCESS","Desired Access: Read, Maximum Allowed" "10:48:40.9716083 AM","icl.exe","47804","RegQueryValue","HKLM\System\CurrentControlSet\Services\SysPlant\SysFer\SepBinDir","SUCCESS","Type: REG_SZ, Length: 170, Data: C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.2.4815.1101.105\Bin\" "10:48:40.9716343 AM","icl.exe","47804","RegCloseKey","HKLM\System\CurrentControlSet\Services\SysPlant\SysFer","SUCCESS","" "10:48:40.9717909 AM","icl.exe","47804","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Services\Sysplant\Sysfer","REPARSE","Desired Access: Read, Maximum Allowed" "10:48:40.9718103 AM","icl.exe","47804","RegOpenKey","HKLM\System\CurrentControlSet\Services\Sysplant\Sysfer","SUCCESS","Desired Access: Read, Maximum Allowed" "10:48:40.9718701 AM","icl.exe","47804","RegQueryValue","HKLM\System\CurrentControlSet\Services\SysPlant\SysFer\SepBinDir64","SUCCESS","Type: REG_SZ, Length: 174, Data: C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.2.4815.1101.105\Bin64\" "10:48:40.9718991 AM","icl.exe","47804","RegCloseKey","HKLM\System\CurrentControlSet\Services\SysPlant\SysFer","SUCCESS","" "10:48:40.9727925 AM","icl.exe","47804","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\icl.exe","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "10:48:40.9728665 AM","icl.exe","47804","QueryNameInformationFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\icl.exe","SUCCESS","Name: \Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\icl.exe" "10:48:40.9728973 AM","icl.exe","47804","CloseFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\icl.exe","SUCCESS","" "10:48:40.9732961 AM","icl.exe","47804","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\icl.exe","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened" "10:48:40.9733510 AM","icl.exe","47804","CloseFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\icl.exe","SUCCESS","" "10:48:40.9734561 AM","icl.exe","47804","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\icl.exe","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened" "10:48:40.9735077 AM","icl.exe","47804","CloseFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\icl.exe","SUCCESS","" "10:48:40.9736134 AM","icl.exe","47804","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\icl.exe","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened" "10:48:40.9736665 AM","icl.exe","47804","DeviceIoControl","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\icl.exe","INVALID PARAMETER","Control: IOCTL_MOUNTDEV_QUERY_DEVICE_NAME" "10:48:40.9736982 AM","icl.exe","47804","CloseFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\icl.exe","SUCCESS","" "10:48:40.9738155 AM","icl.exe","47804","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\icl.exe","NAME INVALID","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open Reparse Point, Attributes: N, ShareMode: Read, Write, AllocationSize: n/a" "10:48:40.9739237 AM","icl.exe","47804","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64","IS DIRECTORY","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a" "10:48:40.9740139 AM","icl.exe","47804","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open Reparse Point, Attributes: N, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened" "10:48:40.9741169 AM","icl.exe","47804","FileSystemControl","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64","NOT REPARSE POINT","Control: FSCTL_GET_REPARSE_POINT" "10:48:40.9741543 AM","icl.exe","47804","CloseFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64","SUCCESS","" "10:48:40.9742560 AM","icl.exe","47804","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened" "10:48:40.9743037 AM","icl.exe","47804","CloseFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64","SUCCESS","" "10:48:40.9744027 AM","icl.exe","47804","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened" "10:48:40.9744538 AM","icl.exe","47804","DeviceIoControl","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64","INVALID PARAMETER","Control: IOCTL_MOUNTDEV_QUERY_DEVICE_NAME" "10:48:40.9744877 AM","icl.exe","47804","CloseFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64","SUCCESS","" "10:48:40.9746122 AM","icl.exe","47804","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open Reparse Point, Attributes: N, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened" "10:48:40.9746580 AM","icl.exe","47804","FileSystemControl","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64","NOT REPARSE POINT","Control: FSCTL_GET_REPARSE_POINT" "10:48:40.9746954 AM","icl.exe","47804","CloseFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64","SUCCESS","" "10:48:40.9748222 AM","icl.exe","47804","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin","IS DIRECTORY","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a" "10:48:40.9749191 AM","icl.exe","47804","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open Reparse Point, Attributes: N, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened" "10:48:40.9749621 AM","icl.exe","47804","FileSystemControl","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin","NOT REPARSE POINT","Control: FSCTL_GET_REPARSE_POINT" "10:48:40.9749945 AM","icl.exe","47804","CloseFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin","SUCCESS","" "10:48:40.9751088 AM","icl.exe","47804","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened" "10:48:40.9751552 AM","icl.exe","47804","CloseFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin","SUCCESS","" "10:48:40.9752534 AM","icl.exe","47804","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened" "10:48:40.9753031 AM","icl.exe","47804","DeviceIoControl","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin","INVALID PARAMETER","Control: IOCTL_MOUNTDEV_QUERY_DEVICE_NAME" "10:48:40.9753369 AM","icl.exe","47804","CloseFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin","SUCCESS","" "10:48:40.9754368 AM","icl.exe","47804","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open Reparse Point, Attributes: N, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened" "10:48:40.9754765 AM","icl.exe","47804","FileSystemControl","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin","NOT REPARSE POINT","Control: FSCTL_GET_REPARSE_POINT" "10:48:40.9755064 AM","icl.exe","47804","CloseFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin","SUCCESS","" "10:48:40.9756106 AM","icl.exe","47804","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows","IS DIRECTORY","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a" "10:48:40.9757046 AM","icl.exe","47804","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open Reparse Point, Attributes: N, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened" "10:48:40.9757468 AM","icl.exe","47804","FileSystemControl","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows","NOT REPARSE POINT","Control: FSCTL_GET_REPARSE_POINT" "10:48:40.9757768 AM","icl.exe","47804","CloseFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows","SUCCESS","" "10:48:40.9758764 AM","icl.exe","47804","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened" "10:48:40.9759233 AM","icl.exe","47804","CloseFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows","SUCCESS","" "10:48:40.9760211 AM","icl.exe","47804","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened" "10:48:40.9760684 AM","icl.exe","47804","DeviceIoControl","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows","INVALID PARAMETER","Control: IOCTL_MOUNTDEV_QUERY_DEVICE_NAME" "10:48:40.9761213 AM","icl.exe","47804","CloseFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows","SUCCESS","" "10:48:40.9762537 AM","icl.exe","47804","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open Reparse Point, Attributes: N, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened" "10:48:40.9763096 AM","icl.exe","47804","FileSystemControl","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows","NOT REPARSE POINT","Control: FSCTL_GET_REPARSE_POINT" "10:48:40.9763457 AM","icl.exe","47804","CloseFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows","SUCCESS","" "10:48:40.9764524 AM","icl.exe","47804","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210","IS DIRECTORY","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a" "10:48:40.9765415 AM","icl.exe","47804","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open Reparse Point, Attributes: N, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened" "10:48:40.9765817 AM","icl.exe","47804","FileSystemControl","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210","NOT REPARSE POINT","Control: FSCTL_GET_REPARSE_POINT" "10:48:40.9766143 AM","icl.exe","47804","CloseFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210","SUCCESS","" "10:48:40.9767264 AM","icl.exe","47804","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened" "10:48:40.9767791 AM","icl.exe","47804","CloseFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210","SUCCESS","" "10:48:40.9768733 AM","icl.exe","47804","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened" "10:48:40.9769192 AM","icl.exe","47804","DeviceIoControl","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210","INVALID PARAMETER","Control: IOCTL_MOUNTDEV_QUERY_DEVICE_NAME" "10:48:40.9769444 AM","icl.exe","47804","CloseFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210","SUCCESS","" "10:48:40.9770365 AM","icl.exe","47804","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open Reparse Point, Attributes: N, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened" "10:48:40.9770731 AM","icl.exe","47804","FileSystemControl","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210","NOT REPARSE POINT","Control: FSCTL_GET_REPARSE_POINT" "10:48:40.9771189 AM","icl.exe","47804","CloseFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210","SUCCESS","" "10:48:40.9772886 AM","icl.exe","47804","CreateFile","C:\Program Files (x86)\IntelSWTools","IS DIRECTORY","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a" "10:48:40.9773871 AM","icl.exe","47804","CreateFile","C:\Program Files (x86)\IntelSWTools","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open Reparse Point, Attributes: N, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened" "10:48:40.9774275 AM","icl.exe","47804","FileSystemControl","C:\Program Files (x86)\IntelSWTools","NOT REPARSE POINT","Control: FSCTL_GET_REPARSE_POINT" "10:48:40.9774576 AM","icl.exe","47804","CloseFile","C:\Program Files (x86)\IntelSWTools","SUCCESS","" "10:48:40.9775480 AM","icl.exe","47804","CreateFile","C:\Program Files (x86)\IntelSWTools","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened" "10:48:40.9775925 AM","icl.exe","47804","CloseFile","C:\Program Files (x86)\IntelSWTools","SUCCESS","" "10:48:40.9776803 AM","icl.exe","47804","CreateFile","C:\Program Files (x86)\IntelSWTools","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened" "10:48:40.9777258 AM","icl.exe","47804","DeviceIoControl","C:\Program Files (x86)\IntelSWTools","INVALID PARAMETER","Control: IOCTL_MOUNTDEV_QUERY_DEVICE_NAME" "10:48:40.9777502 AM","icl.exe","47804","CloseFile","C:\Program Files (x86)\IntelSWTools","SUCCESS","" "10:48:40.9778385 AM","icl.exe","47804","CreateFile","C:\Program Files (x86)\IntelSWTools","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open Reparse Point, Attributes: N, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened" "10:48:40.9778754 AM","icl.exe","47804","FileSystemControl","C:\Program Files (x86)\IntelSWTools","NOT REPARSE POINT","Control: FSCTL_GET_REPARSE_POINT" "10:48:40.9779043 AM","icl.exe","47804","CloseFile","C:\Program Files (x86)\IntelSWTools","SUCCESS","" "10:48:40.9780137 AM","icl.exe","47804","CreateFile","C:\Program Files (x86)","IS DIRECTORY","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a" "10:48:40.9781354 AM","icl.exe","47804","CreateFile","C:\Program Files (x86)","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open Reparse Point, Attributes: N, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened" "10:48:40.9781761 AM","icl.exe","47804","FileSystemControl","C:\Program Files (x86)","NOT REPARSE POINT","Control: FSCTL_GET_REPARSE_POINT" "10:48:40.9782062 AM","icl.exe","47804","CloseFile","C:\Program Files (x86)","SUCCESS","" "10:48:40.9782989 AM","icl.exe","47804","CreateFile","C:\Program Files (x86)","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened" "10:48:40.9783455 AM","icl.exe","47804","CloseFile","C:\Program Files (x86)","SUCCESS","" "10:48:40.9784761 AM","icl.exe","47804","CreateFile","C:\Program Files (x86)","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened" "10:48:40.9785233 AM","icl.exe","47804","DeviceIoControl","C:\Program Files (x86)","INVALID PARAMETER","Control: IOCTL_MOUNTDEV_QUERY_DEVICE_NAME" "10:48:40.9785482 AM","icl.exe","47804","CloseFile","C:\Program Files (x86)","SUCCESS","" "10:48:40.9786375 AM","icl.exe","47804","CreateFile","C:\Program Files (x86)","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open Reparse Point, Attributes: N, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened" "10:48:40.9786739 AM","icl.exe","47804","FileSystemControl","C:\Program Files (x86)","NOT REPARSE POINT","Control: FSCTL_GET_REPARSE_POINT" "10:48:40.9787031 AM","icl.exe","47804","CloseFile","C:\Program Files (x86)","SUCCESS","" "10:48:40.9792641 AM","icl.exe","47804","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Control\DeviceClasses\{53f56307-b6bf-11d0-94f2-00a0c91efb8b}","REPARSE","Desired Access: Read" "10:48:40.9792860 AM","icl.exe","47804","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{53f56307-b6bf-11d0-94f2-00a0c91efb8b}","SUCCESS","Desired Access: Read" "10:48:40.9793159 AM","icl.exe","47804","RegEnumKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{53f56307-b6bf-11d0-94f2-00a0c91efb8b}","BUFFER TOO SMALL","Index: 0, Length: 0" "10:48:40.9793404 AM","icl.exe","47804","RegEnumKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{53f56307-b6bf-11d0-94f2-00a0c91efb8b}","SUCCESS","Index: 0, Name: ##?#SCSI#Disk&Ven_VMware&Prod_Virtual_disk#5&1ec51bf7&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}" "10:48:40.9794439 AM","icl.exe","47804","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Control\DeviceClasses\{53f56307-b6bf-11d0-94f2-00a0c91efb8b}\##?#SCSI#Disk&Ven_VMware&Prod_Virtual_disk#5&1ec51bf7&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}","REPARSE","Desired Access: Read, Maximum Allowed" "10:48:40.9794605 AM","icl.exe","47804","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{53f56307-b6bf-11d0-94f2-00a0c91efb8b}\##?#SCSI#Disk&Ven_VMware&Prod_Virtual_disk#5&1ec51bf7&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}","SUCCESS","Desired Access: Read, Maximum Allowed" "10:48:40.9795203 AM","icl.exe","47804","RegQueryValue","HKLM\System\CurrentControlSet\Control\DeviceClasses\{53f56307-b6bf-11d0-94f2-00a0c91efb8b}\##?#SCSI#Disk&Ven_VMware&Prod_Virtual_disk#5&1ec51bf7&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}\DeviceInstance","SUCCESS","Type: REG_SZ, Length: 118, Data: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&1ec51bf7&0&000000" "10:48:40.9795504 AM","icl.exe","47804","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{53f56307-b6bf-11d0-94f2-00a0c91efb8b}\##?#SCSI#Disk&Ven_VMware&Prod_Virtual_disk#5&1ec51bf7&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}","SUCCESS","" "10:48:40.9795888 AM","icl.exe","47804","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{53f56307-b6bf-11d0-94f2-00a0c91efb8b}","SUCCESS","" "10:48:40.9796343 AM","icl.exe","47804","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Enum\SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&1ec51bf7&0&000000","REPARSE","Desired Access: Read, Maximum Allowed" "10:48:40.9796503 AM","icl.exe","47804","RegOpenKey","HKLM\System\CurrentControlSet\Enum\SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&1ec51bf7&0&000000","SUCCESS","Desired Access: Read, Maximum Allowed" "10:48:40.9797029 AM","icl.exe","47804","RegQueryValue","HKLM\System\CurrentControlSet\Enum\SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&1ec51bf7&0&000000\Class","NAME NOT FOUND","Length: 4,094" "10:48:40.9797262 AM","icl.exe","47804","RegCloseKey","HKLM\System\CurrentControlSet\Enum\SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&1ec51bf7&0&000000","SUCCESS","" "10:48:40.9809032 AM","icl.exe","47804","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Control\Session Manager","REPARSE","Desired Access: Query Value, Enumerate Sub Keys" "10:48:40.9809223 AM","icl.exe","47804","RegOpenKey","HKLM\System\CurrentControlSet\Control\Session Manager","SUCCESS","Desired Access: Query Value, Enumerate Sub Keys" "10:48:40.9809479 AM","icl.exe","47804","RegQueryValue","HKLM\System\CurrentControlSet\Control\Session Manager\ResourcePolicies","NAME NOT FOUND","Length: 24" "10:48:40.9809735 AM","icl.exe","47804","RegCloseKey","HKLM\System\CurrentControlSet\Control\Session Manager","SUCCESS","" "10:48:40.9815964 AM","icl.exe","47804","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\ca967c75-04bf-40b5-9a16-98b5f9332a92","NAME NOT FOUND","Length: 528" "10:48:40.9816817 AM","icl.exe","47804","QueryNameInformationFile","C:\Windows\System32\sechost.dll","SUCCESS","Name: \Windows\System32\sechost.dll" "10:48:40.9817616 AM","icl.exe","47804","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\b6fd710b-f783-4b1c-ab9c-c68099dcc0c7","NAME NOT FOUND","Length: 528" "10:48:40.9818091 AM","icl.exe","47804","QueryNameInformationFile","C:\Windows\System32\sechost.dll","SUCCESS","Name: \Windows\System32\sechost.dll" "10:48:40.9820292 AM","icl.exe","47804","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\c1376338-0984-48b8-b933-9c7d779fd84d","NAME NOT FOUND","Length: 528" "10:48:40.9821033 AM","icl.exe","47804","QueryNameInformationFile","C:\Windows\System32\advapi32.dll","SUCCESS","Name: \Windows\System32\advapi32.dll" "10:48:40.9837354 AM","icl.exe","47804","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: Read" "10:48:40.9837639 AM","icl.exe","47804","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" "10:48:40.9837870 AM","icl.exe","47804","RegOpenKey","HKLM\SOFTWARE\Microsoft\OLE","SUCCESS","Desired Access: Read" "10:48:40.9838127 AM","icl.exe","47804","RegQueryValue","HKLM\SOFTWARE\Microsoft\Ole\PageAllocatorUseSystemHeap","NAME NOT FOUND","Length: 20" "10:48:40.9838481 AM","icl.exe","47804","RegCloseKey","HKLM\SOFTWARE\Microsoft\Ole","SUCCESS","" "10:48:40.9838675 AM","icl.exe","47804","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" "10:48:40.9838881 AM","icl.exe","47804","RegOpenKey","HKLM\SOFTWARE\Microsoft\OLE","SUCCESS","Desired Access: Read" "10:48:40.9839113 AM","icl.exe","47804","RegQueryValue","HKLM\SOFTWARE\Microsoft\Ole\PageAllocatorSystemHeapIsPrivate","NAME NOT FOUND","Length: 20" "10:48:40.9839367 AM","icl.exe","47804","RegCloseKey","HKLM\SOFTWARE\Microsoft\Ole","SUCCESS","" "10:48:40.9839588 AM","icl.exe","47804","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" "10:48:40.9839832 AM","icl.exe","47804","RegOpenKey","HKLM\SOFTWARE\Microsoft\OLE","SUCCESS","Desired Access: Read" "10:48:40.9840119 AM","icl.exe","47804","RegQueryValue","HKLM\SOFTWARE\Microsoft\Ole\AggressiveMTATesting","NAME NOT FOUND","Length: 16" "10:48:40.9840404 AM","icl.exe","47804","RegCloseKey","HKLM\SOFTWARE\Microsoft\Ole","SUCCESS","" "10:48:40.9845886 AM","icl.exe","47804","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" "10:48:40.9846194 AM","icl.exe","47804","RegOpenKey","HKLM","SUCCESS","Desired Access: Read" "10:48:40.9846456 AM","icl.exe","47804","RegSetInfoKey","HKLM","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" "10:48:40.9846678 AM","icl.exe","47804","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x100" "10:48:40.9846908 AM","icl.exe","47804","RegOpenKey","HKLM\Software\Microsoft\Ole\FeatureDevelopmentProperties","NAME NOT FOUND","Desired Access: Read" "10:48:40.9847253 AM","icl.exe","47804","RegOpenKey","HKLM\SOFTWARE\Microsoft\AppModel\Lookaside\Packages","NAME NOT FOUND","Desired Access: Read" "10:48:40.9847658 AM","icl.exe","47804","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x100" "10:48:40.9847876 AM","icl.exe","47804","RegOpenKey","HKLM\Software\Microsoft\Ole\FeatureDevelopmentProperties","NAME NOT FOUND","Desired Access: Read" "10:48:40.9848218 AM","icl.exe","47804","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x100" "10:48:40.9848434 AM","icl.exe","47804","RegOpenKey","HKLM\Software\Microsoft\Ole","SUCCESS","Desired Access: Read" "10:48:40.9849661 AM","icl.exe","47804","RegOpenKey","HKU\S-1-5-21-2109960903-2035505985-632688529-10574","SUCCESS","Desired Access: Read" "10:48:40.9850024 AM","icl.exe","47804","RegQueryKey","HKU\S-1-5-21-2109960903-2035505985-632688529-10574","SUCCESS","Query: HandleTags, HandleTags: 0x0" "10:48:40.9850240 AM","icl.exe","47804","RegOpenKey","HKU\S-1-5-21-2109960903-2035505985-632688529-10574\Software\Classes\Local Settings","REPARSE","Desired Access: Read" "10:48:40.9850401 AM","icl.exe","47804","RegOpenKey","HKU\S-1-5-21-2109960903-2035505985-632688529-10574_Classes\Local Settings","SUCCESS","Desired Access: Read" "10:48:40.9850637 AM","icl.exe","47804","RegSetInfoKey","HKU\S-1-5-21-2109960903-2035505985-632688529-10574_Classes\Local Settings","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" "10:48:40.9851001 AM","icl.exe","47804","RegCloseKey","HKU\S-1-5-21-2109960903-2035505985-632688529-10574","SUCCESS","" "10:48:40.9851206 AM","icl.exe","47804","RegQueryKey","HKU\S-1-5-21-2109960903-2035505985-632688529-10574_Classes\Local Settings","SUCCESS","Query: HandleTags, HandleTags: 0x100" "10:48:40.9851421 AM","icl.exe","47804","RegOpenKey","HKU\S-1-5-21-2109960903-2035505985-632688529-10574_Classes\Local Settings\Software\Microsoft\Ole\FeatureDevelopmentProperties","NAME NOT FOUND","Desired Access: Read" "10:48:40.9851660 AM","icl.exe","47804","RegQueryKey","HKU\S-1-5-21-2109960903-2035505985-632688529-10574_Classes\Local Settings","SUCCESS","Query: HandleTags, HandleTags: 0x100" "10:48:40.9851869 AM","icl.exe","47804","RegOpenKey","HKU\S-1-5-21-2109960903-2035505985-632688529-10574_Classes\Local Settings\Software\Microsoft\Ole\FeatureDevelopmentProperties","NAME NOT FOUND","Desired Access: Read" "10:48:40.9852100 AM","icl.exe","47804","RegQueryKey","HKU\S-1-5-21-2109960903-2035505985-632688529-10574_Classes\Local Settings","SUCCESS","Query: HandleTags, HandleTags: 0x100" "10:48:40.9852307 AM","icl.exe","47804","RegOpenKey","HKU\S-1-5-21-2109960903-2035505985-632688529-10574_Classes\Local Settings\Software\Microsoft\Ole","NAME NOT FOUND","Desired Access: Read" "10:48:40.9852521 AM","icl.exe","47804","RegQueryKey","HKU\S-1-5-21-2109960903-2035505985-632688529-10574_Classes\Local Settings","SUCCESS","Query: HandleTags, HandleTags: 0x100" "10:48:40.9852727 AM","icl.exe","47804","RegOpenKey","HKU\S-1-5-21-2109960903-2035505985-632688529-10574_Classes\Local Settings\Software\Microsoft","SUCCESS","Desired Access: Read" "10:48:40.9854856 AM","icl.exe","47804","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" "10:48:40.9855069 AM","icl.exe","47804","RegOpenKey","HKLM\Software\Microsoft\OLE\Tracing","NAME NOT FOUND","Desired Access: Read" "10:48:40.9856421 AM","icl.exe","47804","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\1aff6089-e863-4d36-bdfd-3581f07440be","NAME NOT FOUND","Length: 528" "10:48:40.9857248 AM","icl.exe","47804","QueryNameInformationFile","C:\Windows\System32\combase.dll","SUCCESS","Name: \Windows\System32\combase.dll" "10:48:40.9858246 AM","icl.exe","47804","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\f0558438-f56a-5987-47da-040ca75aef05","NAME NOT FOUND","Length: 528" "10:48:40.9858712 AM","icl.exe","47804","QueryNameInformationFile","C:\Windows\System32\combase.dll","SUCCESS","Name: \Windows\System32\combase.dll" "10:48:40.9862479 AM","icl.exe","47804","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\c7e09e2a-c663-5399-af79-2fccd321d19a","NAME NOT FOUND","Length: 528" "10:48:40.9862940 AM","icl.exe","47804","QueryNameInformationFile","C:\Windows\System32\combase.dll","SUCCESS","Name: \Windows\System32\combase.dll" "10:48:40.9863903 AM","icl.exe","47804","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\703fcc13-b66f-5868-ddd9-e2db7f381ffb","NAME NOT FOUND","Length: 528" "10:48:40.9864356 AM","icl.exe","47804","QueryNameInformationFile","C:\Windows\System32\combase.dll","SUCCESS","Name: \Windows\System32\combase.dll" "10:48:40.9869697 AM","icl.exe","47804","RegOpenKey","HKLM\System\CurrentControlSet\Control\Error Message Instrument\","REPARSE","Desired Access: Read" "10:48:40.9869903 AM","icl.exe","47804","RegOpenKey","HKLM\System\CurrentControlSet\Control\Error Message Instrument","NAME NOT FOUND","Desired Access: Read" "10:48:40.9870887 AM","icl.exe","47804","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\f25bcd2e-2690-55dc-3bc4-07b65b1b41c9","NAME NOT FOUND","Length: 528" "10:48:40.9871501 AM","icl.exe","47804","QueryNameInformationFile","C:\Windows\System32\user32.dll","SUCCESS","Name: \Windows\System32\user32.dll" "10:48:40.9872408 AM","icl.exe","47804","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options","SUCCESS","Desired Access: Query Value, Enumerate Sub Keys" "10:48:40.9872718 AM","icl.exe","47804","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\icl.exe","NAME NOT FOUND","Desired Access: Query Value, Enumerate Sub Keys" "10:48:40.9872978 AM","icl.exe","47804","RegOpenKey","HKLM\Software\Policies\Microsoft\Windows\Display","NAME NOT FOUND","Desired Access: Read" "10:48:40.9873771 AM","icl.exe","47804","RegOpenKey","HKLM\Software\Policies\Microsoft\Windows\Display","NAME NOT FOUND","Desired Access: Read" "10:48:40.9874029 AM","icl.exe","47804","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\icl.exe","NAME NOT FOUND","Desired Access: Query Value, Enumerate Sub Keys" "10:48:40.9874267 AM","icl.exe","47804","RegOpenKey","HKLM\Software\Policies\Microsoft\Windows\Display","NAME NOT FOUND","Desired Access: Read" "10:48:40.9874514 AM","icl.exe","47804","RegOpenKey","HKLM\Software\Policies\Microsoft\Windows\Display","NAME NOT FOUND","Desired Access: Read" "10:48:40.9875420 AM","icl.exe","47804","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\GRE_Initialize","SUCCESS","Desired Access: Read" "10:48:40.9875774 AM","icl.exe","47804","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles","NAME NOT FOUND","Length: 20" "10:48:40.9876023 AM","icl.exe","47804","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize","SUCCESS","" "10:48:40.9876249 AM","icl.exe","47804","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\GRE_Initialize","SUCCESS","Desired Access: Read" "10:48:40.9876477 AM","icl.exe","47804","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableUmpdBufferSizeCheck","NAME NOT FOUND","Length: 20" "10:48:40.9876703 AM","icl.exe","47804","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize","SUCCESS","" "10:48:40.9877422 AM","icl.exe","47804","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\icl.exe","NAME NOT FOUND","Desired Access: Read" "10:48:40.9877757 AM","icl.exe","47804","RegOpenKey","HKU\S-1-5-21-2109960903-2035505985-632688529-10574\Control Panel\Desktop","SUCCESS","Desired Access: Read" "10:48:40.9877988 AM","icl.exe","47804","RegQueryValue","HKU\S-1-5-21-2109960903-2035505985-632688529-10574\Control Panel\Desktop\EnablePerProcessSystemDPI","NAME NOT FOUND","Length: 20" "10:48:40.9878239 AM","icl.exe","47804","RegCloseKey","HKU\S-1-5-21-2109960903-2035505985-632688529-10574\Control Panel\Desktop","SUCCESS","" "10:48:40.9879270 AM","icl.exe","47804","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\Compatibility32","SUCCESS","Desired Access: Read" "10:48:40.9879477 AM","icl.exe","47804","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Compatibility32\icl","NAME NOT FOUND","Length: 172" "10:48:40.9879686 AM","icl.exe","47804","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Compatibility32","SUCCESS","" "10:48:40.9879886 AM","icl.exe","47804","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\IME Compatibility","NAME NOT FOUND","Desired Access: Read" "10:48:40.9881032 AM","icl.exe","47804","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\icl.exe","NAME NOT FOUND","Desired Access: Query Value, Enumerate Sub Keys" "10:48:40.9881770 AM","icl.exe","47804","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\Compatibility32","SUCCESS","Desired Access: Read" "10:48:40.9881963 AM","icl.exe","47804","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Compatibility32\icl","NAME NOT FOUND","Length: 172" "10:48:40.9882177 AM","icl.exe","47804","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Compatibility32","SUCCESS","" "10:48:40.9882365 AM","icl.exe","47804","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\IME Compatibility","NAME NOT FOUND","Desired Access: Read" "10:48:40.9884968 AM","icl.exe","47804","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" "10:48:40.9885213 AM","icl.exe","47804","RegOpenKey","HKLM\SOFTWARE\Microsoft\OLEAUT","NAME NOT FOUND","Desired Access: Query Value" "10:48:40.9888836 AM","icl.exe","47804","Thread Exit","","SUCCESS","Thread ID: 46540, User Time: 0.0000000, Kernel Time: 0.0000000" "10:48:40.9889420 AM","icl.exe","47804","Thread Exit","","SUCCESS","Thread ID: 47144, User Time: 0.0156250, Kernel Time: 0.0000000" "10:48:40.9889921 AM","icl.exe","47804","Thread Exit","","SUCCESS","Thread ID: 48012, User Time: 0.0000000, Kernel Time: 0.0000000" "10:48:40.9889931 AM","icl.exe","47804","Thread Exit","","SUCCESS","Thread ID: 39576, User Time: 0.0000000, Kernel Time: 0.0468750" "10:48:40.9895748 AM","icl.exe","47804","CreateFile","C:\","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Complete If Oplocked, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "10:48:40.9897969 AM","icl.exe","47804","CreateFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\icl.exe","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Complete If Oplocked, Open By ID, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "10:48:40.9898531 AM","icl.exe","47804","CloseFile","C:\","SUCCESS","" "10:48:40.9902342 AM","icl.exe","47804","CloseFile","C:\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\icl.exe","SUCCESS","" "10:48:40.9910880 AM","icl.exe","47804","Process Exit","","SUCCESS","Exit Status: -1073741502, User Time: 0.0156250 seconds, Kernel Time: 0.0468750 seconds, Private Bytes: 3,796,992, Peak Private Bytes: 3,796,992, Working Set: 6,574,080, Peak Working Set: 6,578,176" "10:48:40.9911302 AM","icl.exe","47804","RegOpenKey","HKLM\System\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-2109960903-2035505985-632688529-10574","SUCCESS","Desired Access: All Access" "10:48:40.9911462 AM","icl.exe","47804","RegQueryValue","HKLM\System\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-2109960903-2035505985-632688529-10574\\Device\HarddiskVolume2\Program Files (x86)\IntelSWTools\compilers_and_libraries_2017.4.210\windows\bin\intel64\icl.exe","NAME NOT FOUND","Length: 40" "10:48:40.9911612 AM","icl.exe","47804","RegCloseKey","HKLM\System\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-2109960903-2035505985-632688529-10574","SUCCESS","" "10:48:40.9912704 AM","icl.exe","47804","CloseFile","C:\Users\osqa\workarea\osqa_ca-w10-bld-05_os_211\os","SUCCESS","" "10:48:40.9914559 AM","icl.exe","47804","RegCloseKey","HKLM\System\CurrentControlSet\Control\Session Manager","SUCCESS","" "10:48:40.9914654 AM","icl.exe","47804","CloseFile","C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.19041.844_none_423537bff6b9828c","SUCCESS","" "10:48:40.9915051 AM","icl.exe","47804","CloseFile","C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.844_none_ca00b6081b84eb1d","SUCCESS","" "10:48:40.9915379 AM","icl.exe","47804","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\Sorting\Versions","SUCCESS","" "10:48:40.9915545 AM","icl.exe","47804","RegCloseKey","HKLM","SUCCESS","" "10:48:40.9915624 AM","icl.exe","47804","RegCloseKey","HKLM","SUCCESS","" "10:48:40.9915715 AM","icl.exe","47804","RegCloseKey","HKLM\SOFTWARE\Microsoft\Ole","SUCCESS","" "10:48:40.9915825 AM","icl.exe","47804","RegCloseKey","HKU\S-1-5-21-2109960903-2035505985-632688529-10574_Classes\Local Settings\Software\Microsoft","SUCCESS","" "10:48:40.9915901 AM","icl.exe","47804","RegCloseKey","HKU\S-1-5-21-2109960903-2035505985-632688529-10574_Classes\Local Settings","SUCCESS","" "10:48:40.9916114 AM","icl.exe","47804","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options","SUCCESS",""