VirtualBox

Ticket #9318: copy_vs_xcopy_for_9318.CSV

File copy_vs_xcopy_for_9318.CSV, 138.5 KB (added by Walter Nicholls, 13 years ago)

Proc mon log file for copy and xcopy of an exe and then copy of a txt

Line 
1"Time of Day","Process Name","PID","Operation","Path","Result","Detail"
2"10:34:10.4539934 a.m.","cmd.exe","4604","CreateFile","\\vboxsvr\DataShared\temp\temp.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
3"10:34:10.4552303 a.m.","cmd.exe","4604","QueryBasicInformationFile","\\vboxsvr\DataShared\temp\temp.exe","SUCCESS","CreationTime: 28/07/2011 5:37:00 p.m., LastAccessTime: 29/07/2011 10:30:45 a.m., LastWriteTime: 22/03/2011 1:05:27 p.m., ChangeTime: 28/07/2011 5:37:00 p.m., FileAttributes: N"
4"10:34:10.4553378 a.m.","cmd.exe","4604","CloseFile","\\vboxsvr\DataShared\temp\temp.exe","SUCCESS",""
5"10:34:10.4562057 a.m.","cmd.exe","4604","CreateFile","\\vboxsvr\DataShared\temp","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
6"10:34:10.4563838 a.m.","cmd.exe","4604","QueryDirectory","\\vboxsvr\DataShared\temp\temp.exe","SUCCESS","Filter: temp.exe, 1: temp.exe"
7"10:34:10.4579744 a.m.","cmd.exe","4604","CreateFile","\\vboxsvr\DataShared\temp\temp.exe","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Sequential Access, Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
8"10:34:11.1382006 a.m.","cmd.exe","4604","QueryDeviceInformationVolume","\\vboxsvr\DataShared\temp\temp.exe","SUCCESS","DeviceType: Disk, Characteristics: Remote"
9"10:34:11.1382713 a.m.","cmd.exe","4604","QueryDeviceInformationVolume","\\vboxsvr\DataShared\temp\temp.exe","SUCCESS","DeviceType: Disk, Characteristics: Remote"
10"10:34:11.1383805 a.m.","cmd.exe","4604","ReadFile","\\vboxsvr\DataShared\temp\temp.exe","SUCCESS","Offset: 0, Length: 512, Priority: Normal"
11"10:34:11.1461149 a.m.","cmd.exe","4604","CreateFile","\\vboxsvr\DataShared\temp\temp2.exe","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
12"10:34:11.1485478 a.m.","cmd.exe","4604","CreateFile","\\vboxsvr\DataShared\temp\temp2.exe","NAME NOT FOUND","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, AllocationSize: n/a"
13"10:34:11.1570353 a.m.","cmd.exe","4604","CreateFile","\\vboxsvr\DataShared\temp\temp2.exe","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
14"10:34:11.1588045 a.m.","cmd.exe","4604","CreateFile","\\vboxsvr\DataShared\temp\temp.exe","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Sequential Access, Non-Directory File, Open Reparse Point, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
15"10:34:11.2129282 a.m.","cmd.exe","4604","QueryAttributeTagFile","\\vboxsvr\DataShared\temp\temp.exe","SUCCESS","Attributes: N, ReparseTag: 0x0"
16"10:34:11.2131956 a.m.","cmd.exe","4604","QueryDeviceInformationVolume","\\vboxsvr\DataShared\temp\temp.exe","SUCCESS","DeviceType: Disk, Characteristics: Remote"
17"10:34:11.2132329 a.m.","cmd.exe","4604","FileSystemControl","\\vboxsvr\DataShared\temp\temp.exe","SUCCESS","Control: IOCTL_LMR_DISABLE_LOCAL_BUFFERING"
18"10:34:11.2133101 a.m.","cmd.exe","4604","FileSystemControl","\\vboxsvr\DataShared\temp\temp.exe","INVALID DEVICE REQUEST","Control: FSCTL_LMR_GET_HINT_SIZE"
19"10:34:11.2133426 a.m.","cmd.exe","4604","QueryStandardInformationFile","\\vboxsvr\DataShared\temp\temp.exe","SUCCESS","AllocationSize: 4,313,088, EndOfFile: 4,312,397, NumberOfLinks: 1, DeletePending: False, Directory: False"
20"10:34:11.2134488 a.m.","cmd.exe","4604","QueryBasicInformationFile","\\vboxsvr\DataShared\temp\temp.exe","SUCCESS","CreationTime: 28/07/2011 5:37:00 p.m., LastAccessTime: 29/07/2011 10:30:45 a.m., LastWriteTime: 22/03/2011 1:05:27 p.m., ChangeTime: 28/07/2011 5:37:00 p.m., FileAttributes: N"
21"10:34:11.2136183 a.m.","cmd.exe","4604","QueryStreamInformationFile","\\vboxsvr\DataShared\temp\temp.exe","NOT IMPLEMENTED",""
22"10:34:11.2137939 a.m.","cmd.exe","4604","QueryBasicInformationFile","\\vboxsvr\DataShared\temp\temp.exe","SUCCESS","CreationTime: 28/07/2011 5:37:00 p.m., LastAccessTime: 29/07/2011 10:30:45 a.m., LastWriteTime: 22/03/2011 1:05:27 p.m., ChangeTime: 28/07/2011 5:37:00 p.m., FileAttributes: N"
23"10:34:11.2139539 a.m.","cmd.exe","4604","QueryEaInformationFile","\\vboxsvr\DataShared\temp\temp.exe","SUCCESS","EaSize: 0"
24"10:34:11.2164158 a.m.","cmd.exe","4604","CreateFile","\\vboxsvr\DataShared\temp\temp2.exe","SUCCESS","Desired Access: Generic Write, Read Data/List Directory, Read Attributes, Delete, Disposition: OverwriteIf, Options: Sequential Access, Non-Directory File, Attributes: N, ShareMode: None, AllocationSize: 4,312,397, OpenResult: Created"
25"10:34:11.2183571 a.m.","cmd.exe","4604","QueryDeviceInformationVolume","\\vboxsvr\DataShared\temp\temp2.exe","SUCCESS","DeviceType: Disk, Characteristics: Remote"
26"10:34:11.2184009 a.m.","cmd.exe","4604","FileSystemControl","\\vboxsvr\DataShared\temp\temp2.exe","SUCCESS","Control: IOCTL_LMR_DISABLE_LOCAL_BUFFERING"
27"10:34:11.2184360 a.m.","cmd.exe","4604","QueryAttributeInformationVolume","\\vboxsvr\DataShared\temp\temp2.exe","SUCCESS","FileSystemAttributes: , MaximumComponentNameLength: 255, FileSystemName: VBoxSharedFolderFS"
28"10:34:11.2184560 a.m.","cmd.exe","4604","QueryBasicInformationFile","\\vboxsvr\DataShared\temp\temp2.exe","SUCCESS","CreationTime: 29/07/2011 10:34:11 a.m., LastAccessTime: 29/07/2011 10:34:11 a.m., LastWriteTime: 29/07/2011 10:34:11 a.m., ChangeTime: 29/07/2011 10:34:11 a.m., FileAttributes: N"
29"10:34:11.2186086 a.m.","cmd.exe","4604","QueryAttributeInformationVolume","\\vboxsvr\DataShared\temp\temp.exe","SUCCESS","FileSystemAttributes: , MaximumComponentNameLength: 255, FileSystemName: VBoxSharedFolderFS"
30"10:34:11.2186320 a.m.","cmd.exe","4604","QueryDeviceInformationVolume","\\vboxsvr\DataShared\temp\temp.exe","SUCCESS","DeviceType: Disk, Characteristics: Remote"
31"10:34:11.2186584 a.m.","cmd.exe","4604","QueryDeviceInformationVolume","\\vboxsvr\DataShared\temp\temp2.exe","SUCCESS","DeviceType: Disk, Characteristics: Remote"
32"10:34:11.2190971 a.m.","cmd.exe","4604","DeviceIoControl","\\vboxsvr\DataShared\temp\temp.exe","INVALID DEVICE REQUEST","Control: 0x140410 (Device:0x14 Function:260 Method: 0)"
33"10:34:11.2191223 a.m.","cmd.exe","4604","SetEndOfFileInformationFile","\\vboxsvr\DataShared\temp\temp2.exe","SUCCESS","EndOfFile: 4,312,397"
34"10:34:11.2193876 a.m.","cmd.exe","4604","QueryDeviceInformationVolume","\\vboxsvr\DataShared\temp\temp.exe","SUCCESS","DeviceType: Disk, Characteristics: Remote"
35"10:34:11.2194088 a.m.","cmd.exe","4604","QueryDeviceInformationVolume","\\vboxsvr\DataShared\temp\temp2.exe","SUCCESS","DeviceType: Disk, Characteristics: Remote"
36"10:34:11.2194284 a.m.","cmd.exe","4604","<Unknown>","\\vboxsvr\DataShared\temp\temp.exe","NOT IMPLEMENTED",""
37"10:34:11.2195476 a.m.","cmd.exe","4604","<Unknown>","\\vboxsvr\DataShared\temp\temp2.exe","NOT IMPLEMENTED",""
38"10:34:11.2221383 a.m.","cmd.exe","4604","ReadFile","\\vboxsvr\DataShared\temp\temp.exe","INVALID PARAMETER","Offset: 0, Length: 4,294,966,605, Priority: Normal"
39"10:34:11.2270184 a.m.","cmd.exe","4604","ReadFile","\\vboxsvr\DataShared\temp\temp.exe","INVALID PARAMETER","Offset: 524,288, Length: 523,597, Priority: Normal"
40"10:34:11.2309227 a.m.","cmd.exe","4604","ReadFile","\\vboxsvr\DataShared\temp\temp.exe","SUCCESS","Offset: 1,048,576, Length: 524,288, Priority: Normal"
41"10:34:11.2348270 a.m.","cmd.exe","4604","ReadFile","\\vboxsvr\DataShared\temp\temp.exe","SUCCESS","Offset: 1,572,864, Length: 524,288, Priority: Normal"
42"10:34:11.2367791 a.m.","cmd.exe","4604","ReadFile","\\vboxsvr\DataShared\temp\temp.exe","SUCCESS","Offset: 2,097,152, Length: 524,288, Priority: Normal"
43"10:34:11.2397071 a.m.","cmd.exe","4604","ReadFile","\\vboxsvr\DataShared\temp\temp.exe","SUCCESS","Offset: 2,621,440, Length: 524,288, Priority: Normal"
44"10:34:11.2660604 a.m.","cmd.exe","4604","ReadFile","\\vboxsvr\DataShared\temp\temp.exe","SUCCESS","Offset: 3,145,728, Length: 524,288, Priority: Normal"
45"10:34:11.2680125 a.m.","cmd.exe","4604","ReadFile","\\vboxsvr\DataShared\temp\temp.exe","SUCCESS","Offset: 3,670,016, Length: 524,288, Priority: Normal"
46"10:34:11.2865576 a.m.","cmd.exe","4604","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 1,111,040, Length: 8,192, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O, Priority: Normal"
47"10:34:11.2913528 a.m.","cmd.exe","4604","SetDispositionInformationFile","\\vboxsvr\DataShared\temp\temp2.exe","SUCCESS","Delete: True"
48"10:34:11.2973835 a.m.","cmd.exe","4604","CloseFile","\\vboxsvr\DataShared\temp\temp.exe","SUCCESS",""
49"10:34:11.2975625 a.m.","cmd.exe","4604","CloseFile","\\vboxsvr\DataShared\temp\temp2.exe","SUCCESS",""
50"10:34:11.2977546 a.m.","cmd.exe","4604","CloseFile","\\vboxsvr\DataShared\temp\temp.exe","SUCCESS",""
51"10:34:11.3003041 a.m.","cmd.exe","4604","QueryDirectory","\\vboxsvr\DataShared\temp","NO MORE FILES",""
52"10:34:11.3010224 a.m.","cmd.exe","4604","CloseFile","\\vboxsvr\DataShared\temp","SUCCESS",""
53"10:34:12.9424910 a.m.","cmd.exe","4604","CreateFile","C:\my\commands","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
54"10:34:12.9427993 a.m.","cmd.exe","4604","QueryDirectory","C:\my\commands\xcopy.*","NO SUCH FILE","Filter: xcopy.*"
55"10:34:12.9432441 a.m.","cmd.exe","4604","CloseFile","C:\my\commands","SUCCESS",""
56"10:34:12.9437010 a.m.","cmd.exe","4604","CreateFile","C:\my\commands","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
57"10:34:12.9438011 a.m.","cmd.exe","4604","QueryDirectory","C:\my\commands\xcopy","NO SUCH FILE","Filter: xcopy"
58"10:34:12.9438831 a.m.","cmd.exe","4604","CloseFile","C:\my\commands","SUCCESS",""
59"10:34:12.9444055 a.m.","cmd.exe","4604","CreateFile","C:\Windows\System32","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
60"10:34:12.9445169 a.m.","cmd.exe","4604","QueryDirectory","C:\Windows\System32\xcopy.*","SUCCESS","Filter: xcopy.*, 1: xcopy.exe"
61"10:34:12.9449153 a.m.","cmd.exe","4604","CloseFile","C:\Windows\System32","SUCCESS",""
62"10:34:12.9455599 a.m.","cmd.exe","4604","CreateFile","C:\Windows\System32","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
63"10:34:12.9456883 a.m.","cmd.exe","4604","QueryDirectory","C:\Windows\System32\xcopy.COM","NO SUCH FILE","Filter: xcopy.COM"
64"10:34:12.9457867 a.m.","cmd.exe","4604","CloseFile","C:\Windows\System32","SUCCESS",""
65"10:34:12.9460589 a.m.","cmd.exe","4604","CreateFile","C:\Windows\System32","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
66"10:34:12.9460936 a.m.","cmd.exe","4604","QueryDirectory","C:\Windows\System32\xcopy.EXE","SUCCESS","Filter: xcopy.EXE, 1: xcopy.exe"
67"10:34:12.9461825 a.m.","cmd.exe","4604","CloseFile","C:\Windows\System32","SUCCESS",""
68"10:34:12.9512932 a.m.","cmd.exe","4604","CreateFile","C:\my\commands","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
69"10:34:12.9515521 a.m.","cmd.exe","4604","QueryBasicInformationFile","C:\my\commands","SUCCESS","CreationTime: 16/06/2011 10:34:09 p.m., LastAccessTime: 29/07/2011 10:32:02 a.m., LastWriteTime: 29/07/2011 10:32:02 a.m., ChangeTime: 29/07/2011 10:32:02 a.m., FileAttributes: D"
70"10:34:12.9516960 a.m.","cmd.exe","4604","CloseFile","C:\my\commands","SUCCESS",""
71"10:34:12.9522921 a.m.","cmd.exe","4604","CreateFile","C:\Windows\System32\xcopy.exe","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
72"10:34:12.9529476 a.m.","cmd.exe","4604","CreateFileMapping","C:\Windows\System32\xcopy.exe","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: "
73"10:34:12.9532714 a.m.","cmd.exe","4604","CreateFileMapping","C:\Windows\System32\xcopy.exe","SUCCESS","SyncType: SyncTypeOther"
74"10:34:12.9535003 a.m.","cmd.exe","4604","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\xcopy.exe","NAME NOT FOUND","Desired Access: Query Value, Enumerate Sub Keys"
75"10:34:12.9537032 a.m.","cmd.exe","4604","QuerySecurityFile","C:\Windows\System32\xcopy.exe","SUCCESS","Information: Label"
76"10:34:12.9552873 a.m.","cmd.exe","4604","QueryNameInformationFile","C:\Windows\System32\xcopy.exe","SUCCESS","Name: \Windows\System32\xcopy.exe"
77"10:34:12.9588230 a.m.","cmd.exe","4604","Process Create","C:\Windows\system32\xcopy.exe","SUCCESS","PID: 4996, Command line: xcopy d:\temp\temp.exe d:\temp\temp2.exe"
78"10:34:12.9588894 a.m.","xcopy.exe","4996","Process Start","","SUCCESS","Parent PID: 4604"
79"10:34:12.9589496 a.m.","xcopy.exe","4996","Thread Create","","SUCCESS","Thread ID: 3328"
80"10:34:12.9591209 a.m.","cmd.exe","4604","QuerySecurityFile","C:\Windows\System32\xcopy.exe","SUCCESS","Information: Owner, Group, DACL, SACL, Label"
81"10:34:12.9592548 a.m.","cmd.exe","4604","QueryBasicInformationFile","C:\Windows\System32\xcopy.exe","SUCCESS","CreationTime: 14/07/2009 11:25:32 a.m., LastAccessTime: 14/07/2009 11:25:32 a.m., LastWriteTime: 14/07/2009 1:39:58 p.m., ChangeTime: 17/06/2011 5:50:31 p.m., FileAttributes: A"
82"10:34:12.9594256 a.m.","cmd.exe","4604","RegOpenKey","HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers","SUCCESS","Desired Access: Query Value"
83"10:34:12.9597391 a.m.","cmd.exe","4604","RegQueryValue","HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\system32\xcopy.exe","NAME NOT FOUND","Length: 16"
84"10:34:12.9598566 a.m.","cmd.exe","4604","RegCloseKey","HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers","SUCCESS",""
85"10:34:12.9599788 a.m.","cmd.exe","4604","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom\xcopy.exe","NAME NOT FOUND","Desired Access: Query Value"
86"10:34:12.9601184 a.m.","cmd.exe","4604","RegOpenKey","HKLM\Software\Microsoft\Windows\CurrentVersion\SideBySide","SUCCESS","Desired Access: Read"
87"10:34:12.9602606 a.m.","cmd.exe","4604","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest","NAME NOT FOUND","Length: 20"
88"10:34:12.9603243 a.m.","cmd.exe","4604","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide","SUCCESS",""
89"10:34:12.9620831 a.m.","cmd.exe","4604","CloseFile","C:\Windows\System32\xcopy.exe","SUCCESS",""
90"10:34:13.0434123 a.m.","xcopy.exe","4996","Load Image","C:\Windows\System32\xcopy.exe","SUCCESS","Image Base: 0xff9d0000, Image Size: 0xf000"
91"10:34:13.0438762 a.m.","xcopy.exe","4996","Load Image","C:\Windows\System32\ntdll.dll","SUCCESS","Image Base: 0x779a0000, Image Size: 0x1a9000"
92"10:34:13.0442677 a.m.","xcopy.exe","4996","CreateFile","C:\Windows\Prefetch\XCOPY.EXE-41E6513F.pf","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Attributes: n/a, ShareMode: None, AllocationSize: n/a, OpenResult: Opened"
93"10:34:13.0443739 a.m.","xcopy.exe","4996","QueryStandardInformationFile","C:\Windows\Prefetch\XCOPY.EXE-41E6513F.pf","SUCCESS","AllocationSize: 12,288, EndOfFile: 11,738, NumberOfLinks: 1, DeletePending: False, Directory: False"
94"10:34:13.0444671 a.m.","xcopy.exe","4996","ReadFile","C:\Windows\Prefetch\XCOPY.EXE-41E6513F.pf","SUCCESS","Offset: 0, Length: 11,738, Priority: Normal"
95"10:34:13.0447146 a.m.","xcopy.exe","4996","CloseFile","C:\Windows\Prefetch\XCOPY.EXE-41E6513F.pf","SUCCESS",""
96"10:34:13.0451503 a.m.","xcopy.exe","4996","CreateFile","C:","SUCCESS","Desired Access: Read Attributes, Write Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Complete If Oplocked, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
97"10:34:13.0452942 a.m.","xcopy.exe","4996","QueryInformationVolume","C:","SUCCESS","VolumeCreationTime: 17/06/2011 5:45:58 p.m., VolumeSerialNumber: 3CD6-DF01, SupportsObjects: True, VolumeLabel: "
98"10:34:13.0453874 a.m.","xcopy.exe","4996","FileSystemControl","C:","SUCCESS","Control: FSCTL_FILE_PREFETCH"
99"10:34:13.0457074 a.m.","xcopy.exe","4996","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Complete If Oplocked, Open For Backup, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
100"10:34:13.0458227 a.m.","xcopy.exe","4996","SetBasicInformationFile","C:\Windows","SUCCESS","CreationTime: 1/01/1601 11:59:59 a.m., LastAccessTime: 1/01/1601 11:59:59 a.m., LastWriteTime: 1/01/1601 11:59:59 a.m., ChangeTime: 1/01/1601 11:59:59 a.m., FileAttributes: n/a"
101"10:34:13.0459606 a.m.","xcopy.exe","4996","QueryFileInternalInformationFile","C:\Windows","SUCCESS","IndexNumber: 0x1000000000270"
102"10:34:13.0460538 a.m.","xcopy.exe","4996","FileSystemControl","C:\Windows","END OF FILE","Control: FSCTL_FILE_PREFETCH"
103"10:34:13.0462345 a.m.","xcopy.exe","4996","CloseFile","C:\Windows","SUCCESS",""
104"10:34:13.0463728 a.m.","xcopy.exe","4996","CreateFile","C:\Windows\Globalization","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Complete If Oplocked, Open For Backup, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
105"10:34:13.0464751 a.m.","xcopy.exe","4996","SetBasicInformationFile","C:\Windows\Globalization","SUCCESS","CreationTime: 1/01/1601 11:59:59 a.m., LastAccessTime: 1/01/1601 11:59:59 a.m., LastWriteTime: 1/01/1601 11:59:59 a.m., ChangeTime: 1/01/1601 11:59:59 a.m., FileAttributes: n/a"
106"10:34:13.0464981 a.m.","xcopy.exe","4996","QueryFileInternalInformationFile","C:\Windows\Globalization","SUCCESS","IndexNumber: 0x1000000000711"
107"10:34:13.0465202 a.m.","xcopy.exe","4996","FileSystemControl","C:\Windows\Globalization","SUCCESS","Control: FSCTL_FILE_PREFETCH"
108"10:34:13.0465670 a.m.","xcopy.exe","4996","CloseFile","C:\Windows\Globalization","SUCCESS",""
109"10:34:13.0467539 a.m.","xcopy.exe","4996","CreateFile","C:\Windows\Globalization\Sorting","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Complete If Oplocked, Open For Backup, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
110"10:34:13.0468090 a.m.","xcopy.exe","4996","SetBasicInformationFile","C:\Windows\Globalization\Sorting","SUCCESS","CreationTime: 1/01/1601 11:59:59 a.m., LastAccessTime: 1/01/1601 11:59:59 a.m., LastWriteTime: 1/01/1601 11:59:59 a.m., ChangeTime: 1/01/1601 11:59:59 a.m., FileAttributes: n/a"
111"10:34:13.0468298 a.m.","xcopy.exe","4996","QueryFileInternalInformationFile","C:\Windows\Globalization\Sorting","SUCCESS","IndexNumber: 0x100000000072b"
112"10:34:13.0468506 a.m.","xcopy.exe","4996","FileSystemControl","C:\Windows\Globalization\Sorting","SUCCESS","Control: FSCTL_FILE_PREFETCH"
113"10:34:13.0468753 a.m.","xcopy.exe","4996","CloseFile","C:\Windows\Globalization\Sorting","SUCCESS",""
114"10:34:13.0470175 a.m.","xcopy.exe","4996","CreateFile","C:\Windows\System32","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Complete If Oplocked, Open For Backup, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
115"10:34:13.0470548 a.m.","xcopy.exe","4996","SetBasicInformationFile","C:\Windows\System32","SUCCESS","CreationTime: 1/01/1601 11:59:59 a.m., LastAccessTime: 1/01/1601 11:59:59 a.m., LastWriteTime: 1/01/1601 11:59:59 a.m., ChangeTime: 1/01/1601 11:59:59 a.m., FileAttributes: n/a"
116"10:34:13.0470751 a.m.","xcopy.exe","4996","QueryFileInternalInformationFile","C:\Windows\System32","SUCCESS","IndexNumber: 0x1000000000909"
117"10:34:13.0470964 a.m.","xcopy.exe","4996","FileSystemControl","C:\Windows\System32","END OF FILE","Control: FSCTL_FILE_PREFETCH"
118"10:34:13.0473274 a.m.","xcopy.exe","4996","CloseFile","C:\Windows\System32","SUCCESS",""
119"10:34:13.0483323 a.m.","xcopy.exe","4996","CreateFile","C:\Windows\System32\ntdll.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Read Attributes, Disposition: Open, Options: Non-Directory File, Complete If Oplocked, Attributes: N, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
120"10:34:13.0486068 a.m.","xcopy.exe","4996","SetBasicInformationFile","C:\Windows\System32\ntdll.dll","SUCCESS","CreationTime: 1/01/1601 11:59:59 a.m., LastAccessTime: 1/01/1601 11:59:59 a.m., LastWriteTime: 1/01/1601 11:59:59 a.m., ChangeTime: 1/01/1601 11:59:59 a.m., FileAttributes: n/a"
121"10:34:13.0486961 a.m.","xcopy.exe","4996","QueryAttributeTagFile","C:\Windows\System32\ntdll.dll","SUCCESS","Attributes: A, ReparseTag: 0x0"
122"10:34:13.0487758 a.m.","xcopy.exe","4996","QueryFileInternalInformationFile","C:\Windows\System32\ntdll.dll","SUCCESS","IndexNumber: 0x10000000063f4"
123"10:34:13.0488534 a.m.","xcopy.exe","4996","CreateFileMapping","C:\Windows\System32\ntdll.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: "
124"10:34:13.0489219 a.m.","xcopy.exe","4996","QueryStandardInformationFile","C:\Windows\System32\ntdll.dll","SUCCESS","AllocationSize: 1,732,608, EndOfFile: 1,731,936, NumberOfLinks: 2, DeletePending: False, Directory: False"
125"10:34:13.0490585 a.m.","xcopy.exe","4996","CreateFileMapping","C:\Windows\System32\ntdll.dll","SUCCESS","SyncType: SyncTypeOther"
126"10:34:13.0493008 a.m.","xcopy.exe","4996","CreateFile","C:\Windows\System32\kernel32.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Read Attributes, Disposition: Open, Options: Non-Directory File, Complete If Oplocked, Attributes: N, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
127"10:34:13.0494742 a.m.","xcopy.exe","4996","SetBasicInformationFile","C:\Windows\System32\kernel32.dll","SUCCESS","CreationTime: 1/01/1601 11:59:59 a.m., LastAccessTime: 1/01/1601 11:59:59 a.m., LastWriteTime: 1/01/1601 11:59:59 a.m., ChangeTime: 1/01/1601 11:59:59 a.m., FileAttributes: n/a"
128"10:34:13.0495124 a.m.","xcopy.exe","4996","QueryAttributeTagFile","C:\Windows\System32\kernel32.dll","SUCCESS","Attributes: A, ReparseTag: 0x0"
129"10:34:13.0495328 a.m.","xcopy.exe","4996","QueryFileInternalInformationFile","C:\Windows\System32\kernel32.dll","SUCCESS","IndexNumber: 0x200000001ea11"
130"10:34:13.0495527 a.m.","xcopy.exe","4996","CreateFileMapping","C:\Windows\System32\kernel32.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: "
131"10:34:13.0495692 a.m.","xcopy.exe","4996","QueryStandardInformationFile","C:\Windows\System32\kernel32.dll","SUCCESS","AllocationSize: 1,163,264, EndOfFile: 1,162,752, NumberOfLinks: 2, DeletePending: False, Directory: False"
132"10:34:13.0496342 a.m.","xcopy.exe","4996","CreateFileMapping","C:\Windows\System32\kernel32.dll","SUCCESS","SyncType: SyncTypeOther"
133"10:34:13.0497656 a.m.","xcopy.exe","4996","CreateFile","C:\Windows\System32\apisetschema.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Read Attributes, Disposition: Open, Options: Non-Directory File, Complete If Oplocked, Attributes: N, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
134"10:34:13.0498232 a.m.","xcopy.exe","4996","SetBasicInformationFile","C:\Windows\System32\apisetschema.dll","SUCCESS","CreationTime: 1/01/1601 11:59:59 a.m., LastAccessTime: 1/01/1601 11:59:59 a.m., LastWriteTime: 1/01/1601 11:59:59 a.m., ChangeTime: 1/01/1601 11:59:59 a.m., FileAttributes: n/a"
135"10:34:13.0498449 a.m.","xcopy.exe","4996","QueryAttributeTagFile","C:\Windows\System32\apisetschema.dll","SUCCESS","Attributes: A, ReparseTag: 0x0"
136"10:34:13.0498631 a.m.","xcopy.exe","4996","QueryFileInternalInformationFile","C:\Windows\System32\apisetschema.dll","SUCCESS","IndexNumber: 0x1000000005ca5"
137"10:34:13.0498822 a.m.","xcopy.exe","4996","CreateFileMapping","C:\Windows\System32\apisetschema.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: "
138"10:34:13.0498986 a.m.","xcopy.exe","4996","QueryStandardInformationFile","C:\Windows\System32\apisetschema.dll","SUCCESS","AllocationSize: 8,192, EndOfFile: 6,656, NumberOfLinks: 2, DeletePending: False, Directory: False"
139"10:34:13.0499472 a.m.","xcopy.exe","4996","CreateFileMapping","C:\Windows\System32\apisetschema.dll","SUCCESS","SyncType: SyncTypeOther"
140"10:34:13.0500894 a.m.","xcopy.exe","4996","CreateFile","C:\Windows\System32\KernelBase.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Read Attributes, Disposition: Open, Options: Non-Directory File, Complete If Oplocked, Attributes: N, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
141"10:34:13.0501479 a.m.","xcopy.exe","4996","SetBasicInformationFile","C:\Windows\System32\KernelBase.dll","SUCCESS","CreationTime: 1/01/1601 11:59:59 a.m., LastAccessTime: 1/01/1601 11:59:59 a.m., LastWriteTime: 1/01/1601 11:59:59 a.m., ChangeTime: 1/01/1601 11:59:59 a.m., FileAttributes: n/a"
142"10:34:13.0501830 a.m.","xcopy.exe","4996","QueryAttributeTagFile","C:\Windows\System32\KernelBase.dll","SUCCESS","Attributes: A, ReparseTag: 0x0"
143"10:34:13.0502086 a.m.","xcopy.exe","4996","QueryFileInternalInformationFile","C:\Windows\System32\KernelBase.dll","SUCCESS","IndexNumber: 0x200000001eaff"
144"10:34:13.0502294 a.m.","xcopy.exe","4996","CreateFileMapping","C:\Windows\System32\KernelBase.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: "
145"10:34:13.0502459 a.m.","xcopy.exe","4996","QueryStandardInformationFile","C:\Windows\System32\KernelBase.dll","SUCCESS","AllocationSize: 421,888, EndOfFile: 421,888, NumberOfLinks: 2, DeletePending: False, Directory: False"
146"10:34:13.0505168 a.m.","xcopy.exe","4996","CreateFileMapping","C:\Windows\System32\KernelBase.dll","SUCCESS","SyncType: SyncTypeOther"
147"10:34:13.0506543 a.m.","xcopy.exe","4996","CreateFile","C:\Windows\System32\locale.nls","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Read Attributes, Disposition: Open, Options: Non-Directory File, Complete If Oplocked, Attributes: N, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
148"10:34:13.0507869 a.m.","xcopy.exe","4996","SetBasicInformationFile","C:\Windows\System32\locale.nls","SUCCESS","CreationTime: 1/01/1601 11:59:59 a.m., LastAccessTime: 1/01/1601 11:59:59 a.m., LastWriteTime: 1/01/1601 11:59:59 a.m., ChangeTime: 1/01/1601 11:59:59 a.m., FileAttributes: n/a"
149"10:34:13.0508090 a.m.","xcopy.exe","4996","QueryAttributeTagFile","C:\Windows\System32\locale.nls","SUCCESS","Attributes: A, ReparseTag: 0x0"
150"10:34:13.0508381 a.m.","xcopy.exe","4996","QueryFileInternalInformationFile","C:\Windows\System32\locale.nls","SUCCESS","IndexNumber: 0x1000000006203"
151"10:34:13.0508650 a.m.","xcopy.exe","4996","CreateFileMapping","C:\Windows\System32\locale.nls","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: "
152"10:34:13.0508823 a.m.","xcopy.exe","4996","QueryStandardInformationFile","C:\Windows\System32\locale.nls","SUCCESS","AllocationSize: 421,888, EndOfFile: 419,880, NumberOfLinks: 2, DeletePending: False, Directory: False"
153"10:34:13.0509382 a.m.","xcopy.exe","4996","CreateFileMapping","C:\Windows\System32\locale.nls","SUCCESS","SyncType: SyncTypeOther"
154"10:34:13.0511389 a.m.","xcopy.exe","4996","CreateFile","C:\Windows\System32\xcopy.exe","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Read Attributes, Disposition: Open, Options: Non-Directory File, Complete If Oplocked, Attributes: N, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
155"10:34:13.0512703 a.m.","xcopy.exe","4996","SetBasicInformationFile","C:\Windows\System32\xcopy.exe","SUCCESS","CreationTime: 1/01/1601 11:59:59 a.m., LastAccessTime: 1/01/1601 11:59:59 a.m., LastWriteTime: 1/01/1601 11:59:59 a.m., ChangeTime: 1/01/1601 11:59:59 a.m., FileAttributes: n/a"
156"10:34:13.0512924 a.m.","xcopy.exe","4996","QueryAttributeTagFile","C:\Windows\System32\xcopy.exe","SUCCESS","Attributes: A, ReparseTag: 0x0"
157"10:34:13.0513111 a.m.","xcopy.exe","4996","QueryFileInternalInformationFile","C:\Windows\System32\xcopy.exe","SUCCESS","IndexNumber: 0x1000000006882"
158"10:34:13.0513306 a.m.","xcopy.exe","4996","CreateFileMapping","C:\Windows\System32\xcopy.exe","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: "
159"10:34:13.0513470 a.m.","xcopy.exe","4996","QueryStandardInformationFile","C:\Windows\System32\xcopy.exe","SUCCESS","AllocationSize: 45,056, EndOfFile: 43,008, NumberOfLinks: 2, DeletePending: False, Directory: False"
160"10:34:13.0513822 a.m.","xcopy.exe","4996","CreateFileMapping","C:\Windows\System32\xcopy.exe","SUCCESS","SyncType: SyncTypeOther"
161"10:34:13.0514550 a.m.","xcopy.exe","4996","CreateFile","C:\Windows\System32\advapi32.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Read Attributes, Disposition: Open, Options: Non-Directory File, Complete If Oplocked, Attributes: N, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
162"10:34:13.0514550 a.m.","xcopy.exe","4996","SetBasicInformationFile","C:\Windows\System32\advapi32.dll","SUCCESS","CreationTime: 1/01/1601 11:59:59 a.m., LastAccessTime: 1/01/1601 11:59:59 a.m., LastWriteTime: 1/01/1601 11:59:59 a.m., ChangeTime: 1/01/1601 11:59:59 a.m., FileAttributes: n/a"
163"10:34:13.0514667 a.m.","xcopy.exe","4996","QueryAttributeTagFile","C:\Windows\System32\advapi32.dll","SUCCESS","Attributes: A, ReparseTag: 0x0"
164"10:34:13.0514953 a.m.","xcopy.exe","4996","QueryFileInternalInformationFile","C:\Windows\System32\advapi32.dll","SUCCESS","IndexNumber: 0x1000000005c6f"
165"10:34:13.0515243 a.m.","xcopy.exe","4996","CreateFileMapping","C:\Windows\System32\advapi32.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: "
166"10:34:13.0515508 a.m.","xcopy.exe","4996","QueryStandardInformationFile","C:\Windows\System32\advapi32.dll","SUCCESS","AllocationSize: 880,640, EndOfFile: 877,056, NumberOfLinks: 2, DeletePending: False, Directory: False"
167"10:34:13.0516254 a.m.","xcopy.exe","4996","CreateFileMapping","C:\Windows\System32\advapi32.dll","SUCCESS","SyncType: SyncTypeOther"
168"10:34:13.0517866 a.m.","xcopy.exe","4996","CreateFile","C:\Windows\System32\msvcrt.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Read Attributes, Disposition: Open, Options: Non-Directory File, Complete If Oplocked, Attributes: N, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
169"10:34:13.0519505 a.m.","xcopy.exe","4996","SetBasicInformationFile","C:\Windows\System32\msvcrt.dll","SUCCESS","CreationTime: 1/01/1601 11:59:59 a.m., LastAccessTime: 1/01/1601 11:59:59 a.m., LastWriteTime: 1/01/1601 11:59:59 a.m., ChangeTime: 1/01/1601 11:59:59 a.m., FileAttributes: n/a"
170"10:34:13.0519795 a.m.","xcopy.exe","4996","QueryAttributeTagFile","C:\Windows\System32\msvcrt.dll","SUCCESS","Attributes: A, ReparseTag: 0x0"
171"10:34:13.0519995 a.m.","xcopy.exe","4996","QueryFileInternalInformationFile","C:\Windows\System32\msvcrt.dll","SUCCESS","IndexNumber: 0x1000000006308"
172"10:34:13.0520190 a.m.","xcopy.exe","4996","CreateFileMapping","C:\Windows\System32\msvcrt.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: "
173"10:34:13.0520355 a.m.","xcopy.exe","4996","QueryStandardInformationFile","C:\Windows\System32\msvcrt.dll","SUCCESS","AllocationSize: 634,880, EndOfFile: 634,880, NumberOfLinks: 2, DeletePending: False, Directory: False"
174"10:34:13.0520819 a.m.","xcopy.exe","4996","CreateFileMapping","C:\Windows\System32\msvcrt.dll","SUCCESS","SyncType: SyncTypeOther"
175"10:34:13.0522353 a.m.","xcopy.exe","4996","CreateFile","C:\Windows\System32\sechost.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Read Attributes, Disposition: Open, Options: Non-Directory File, Complete If Oplocked, Attributes: N, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
176"10:34:13.0523116 a.m.","xcopy.exe","4996","SetBasicInformationFile","C:\Windows\System32\sechost.dll","SUCCESS","CreationTime: 1/01/1601 11:59:59 a.m., LastAccessTime: 1/01/1601 11:59:59 a.m., LastWriteTime: 1/01/1601 11:59:59 a.m., ChangeTime: 1/01/1601 11:59:59 a.m., FileAttributes: n/a"
177"10:34:13.0523285 a.m.","xcopy.exe","4996","QueryAttributeTagFile","C:\Windows\System32\sechost.dll","SUCCESS","Attributes: A, ReparseTag: 0x0"
178"10:34:13.0523571 a.m.","xcopy.exe","4996","QueryFileInternalInformationFile","C:\Windows\System32\sechost.dll","SUCCESS","IndexNumber: 0x1000000006587"
179"10:34:13.0523866 a.m.","xcopy.exe","4996","CreateFileMapping","C:\Windows\System32\sechost.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: "
180"10:34:13.0524126 a.m.","xcopy.exe","4996","QueryStandardInformationFile","C:\Windows\System32\sechost.dll","SUCCESS","AllocationSize: 114,688, EndOfFile: 113,664, NumberOfLinks: 2, DeletePending: False, Directory: False"
181"10:34:13.0524768 a.m.","xcopy.exe","4996","CreateFileMapping","C:\Windows\System32\sechost.dll","SUCCESS","SyncType: SyncTypeOther"
182"10:34:13.0526697 a.m.","xcopy.exe","4996","CreateFile","C:\Windows\System32\rpcrt4.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Read Attributes, Disposition: Open, Options: Non-Directory File, Complete If Oplocked, Attributes: N, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
183"10:34:13.0528145 a.m.","xcopy.exe","4996","SetBasicInformationFile","C:\Windows\System32\rpcrt4.dll","SUCCESS","CreationTime: 1/01/1601 11:59:59 a.m., LastAccessTime: 1/01/1601 11:59:59 a.m., LastWriteTime: 1/01/1601 11:59:59 a.m., ChangeTime: 1/01/1601 11:59:59 a.m., FileAttributes: n/a"
184"10:34:13.0528383 a.m.","xcopy.exe","4996","QueryAttributeTagFile","C:\Windows\System32\rpcrt4.dll","SUCCESS","Attributes: A, ReparseTag: 0x0"
185"10:34:13.0528635 a.m.","xcopy.exe","4996","QueryFileInternalInformationFile","C:\Windows\System32\rpcrt4.dll","SUCCESS","IndexNumber: 0x100000000653b"
186"10:34:13.0528826 a.m.","xcopy.exe","4996","CreateFileMapping","C:\Windows\System32\rpcrt4.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: "
187"10:34:13.0528990 a.m.","xcopy.exe","4996","QueryStandardInformationFile","C:\Windows\System32\rpcrt4.dll","SUCCESS","AllocationSize: 1,220,608, EndOfFile: 1,219,584, NumberOfLinks: 2, DeletePending: False, Directory: False"
188"10:34:13.0529558 a.m.","xcopy.exe","4996","CreateFileMapping","C:\Windows\System32\rpcrt4.dll","SUCCESS","SyncType: SyncTypeOther"
189"10:34:13.0531310 a.m.","xcopy.exe","4996","CreateFile","C:\Windows\System32\ulib.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Read Attributes, Disposition: Open, Options: Non-Directory File, Complete If Oplocked, Attributes: N, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
190"10:34:13.0532844 a.m.","xcopy.exe","4996","SetBasicInformationFile","C:\Windows\System32\ulib.dll","SUCCESS","CreationTime: 1/01/1601 11:59:59 a.m., LastAccessTime: 1/01/1601 11:59:59 a.m., LastWriteTime: 1/01/1601 11:59:59 a.m., ChangeTime: 1/01/1601 11:59:59 a.m., FileAttributes: n/a"
191"10:34:13.0533065 a.m.","xcopy.exe","4996","QueryAttributeTagFile","C:\Windows\System32\ulib.dll","SUCCESS","Attributes: A, ReparseTag: 0x0"
192"10:34:13.0533252 a.m.","xcopy.exe","4996","QueryFileInternalInformationFile","C:\Windows\System32\ulib.dll","SUCCESS","IndexNumber: 0x10000000066d4"
193"10:34:13.0533443 a.m.","xcopy.exe","4996","CreateFileMapping","C:\Windows\System32\ulib.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: "
194"10:34:13.0533612 a.m.","xcopy.exe","4996","QueryStandardInformationFile","C:\Windows\System32\ulib.dll","SUCCESS","AllocationSize: 147,456, EndOfFile: 146,944, NumberOfLinks: 2, DeletePending: False, Directory: False"
195"10:34:13.0534236 a.m.","xcopy.exe","4996","CreateFileMapping","C:\Windows\System32\ulib.dll","SUCCESS","SyncType: SyncTypeOther"
196"10:34:13.0535710 a.m.","xcopy.exe","4996","CreateFile","C:\Windows\System32\user32.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Read Attributes, Disposition: Open, Options: Non-Directory File, Complete If Oplocked, Attributes: N, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
197"10:34:13.0536824 a.m.","xcopy.exe","4996","SetBasicInformationFile","C:\Windows\System32\user32.dll","SUCCESS","CreationTime: 1/01/1601 11:59:59 a.m., LastAccessTime: 1/01/1601 11:59:59 a.m., LastWriteTime: 1/01/1601 11:59:59 a.m., ChangeTime: 1/01/1601 11:59:59 a.m., FileAttributes: n/a"
198"10:34:13.0537045 a.m.","xcopy.exe","4996","QueryAttributeTagFile","C:\Windows\System32\user32.dll","SUCCESS","Attributes: A, ReparseTag: 0x0"
199"10:34:13.0537232 a.m.","xcopy.exe","4996","QueryFileInternalInformationFile","C:\Windows\System32\user32.dll","SUCCESS","IndexNumber: 0x10000000066f2"
200"10:34:13.0537422 a.m.","xcopy.exe","4996","CreateFileMapping","C:\Windows\System32\user32.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: "
201"10:34:13.0537669 a.m.","xcopy.exe","4996","QueryStandardInformationFile","C:\Windows\System32\user32.dll","SUCCESS","AllocationSize: 1,011,712, EndOfFile: 1,008,128, NumberOfLinks: 2, DeletePending: False, Directory: False"
202"10:34:13.0538229 a.m.","xcopy.exe","4996","CreateFileMapping","C:\Windows\System32\user32.dll","SUCCESS","SyncType: SyncTypeOther"
203"10:34:13.0539542 a.m.","xcopy.exe","4996","CreateFile","C:\Windows\System32\gdi32.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Read Attributes, Disposition: Open, Options: Non-Directory File, Complete If Oplocked, Attributes: N, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
204"10:34:13.0540882 a.m.","xcopy.exe","4996","SetBasicInformationFile","C:\Windows\System32\gdi32.dll","SUCCESS","CreationTime: 1/01/1601 11:59:59 a.m., LastAccessTime: 1/01/1601 11:59:59 a.m., LastWriteTime: 1/01/1601 11:59:59 a.m., ChangeTime: 1/01/1601 11:59:59 a.m., FileAttributes: n/a"
205"10:34:13.0541103 a.m.","xcopy.exe","4996","QueryAttributeTagFile","C:\Windows\System32\gdi32.dll","SUCCESS","Attributes: A, ReparseTag: 0x0"
206"10:34:13.0541285 a.m.","xcopy.exe","4996","QueryFileInternalInformationFile","C:\Windows\System32\gdi32.dll","SUCCESS","IndexNumber: 0x1000000006062"
207"10:34:13.0541480 a.m.","xcopy.exe","4996","CreateFileMapping","C:\Windows\System32\gdi32.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: "
208"10:34:13.0541641 a.m.","xcopy.exe","4996","QueryStandardInformationFile","C:\Windows\System32\gdi32.dll","SUCCESS","AllocationSize: 405,504, EndOfFile: 403,968, NumberOfLinks: 2, DeletePending: False, Directory: False"
209"10:34:13.0542000 a.m.","xcopy.exe","4996","CreateFileMapping","C:\Windows\System32\gdi32.dll","SUCCESS","SyncType: SyncTypeOther"
210"10:34:13.0545919 a.m.","xcopy.exe","4996","CreateFile","C:\Windows\System32\lpk.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Read Attributes, Disposition: Open, Options: Non-Directory File, Complete If Oplocked, Attributes: N, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
211"10:34:13.0547484 a.m.","xcopy.exe","4996","SetBasicInformationFile","C:\Windows\System32\lpk.dll","SUCCESS","CreationTime: 1/01/1601 11:59:59 a.m., LastAccessTime: 1/01/1601 11:59:59 a.m., LastWriteTime: 1/01/1601 11:59:59 a.m., ChangeTime: 1/01/1601 11:59:59 a.m., FileAttributes: n/a"
212"10:34:13.0548213 a.m.","xcopy.exe","4996","QueryAttributeTagFile","C:\Windows\System32\lpk.dll","SUCCESS","Attributes: A, ReparseTag: 0x0"
213"10:34:13.0548846 a.m.","xcopy.exe","4996","QueryFileInternalInformationFile","C:\Windows\System32\lpk.dll","SUCCESS","IndexNumber: 0x1000000006216"
214"10:34:13.0549453 a.m.","xcopy.exe","4996","CreateFileMapping","C:\Windows\System32\lpk.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: "
215"10:34:13.0549990 a.m.","xcopy.exe","4996","QueryStandardInformationFile","C:\Windows\System32\lpk.dll","SUCCESS","AllocationSize: 45,056, EndOfFile: 41,984, NumberOfLinks: 4, DeletePending: False, Directory: False"
216"10:34:13.0551178 a.m.","xcopy.exe","4996","CreateFileMapping","C:\Windows\System32\lpk.dll","SUCCESS","SyncType: SyncTypeOther"
217"10:34:13.0613007 a.m.","xcopy.exe","4996","CreateFile","C:\Windows\System32\usp10.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Read Attributes, Disposition: Open, Options: Non-Directory File, Complete If Oplocked, Attributes: N, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
218"10:34:13.0614424 a.m.","xcopy.exe","4996","SetBasicInformationFile","C:\Windows\System32\usp10.dll","SUCCESS","CreationTime: 1/01/1601 11:59:59 a.m., LastAccessTime: 1/01/1601 11:59:59 a.m., LastWriteTime: 1/01/1601 11:59:59 a.m., ChangeTime: 1/01/1601 11:59:59 a.m., FileAttributes: n/a"
219"10:34:13.0614689 a.m.","xcopy.exe","4996","QueryAttributeTagFile","C:\Windows\System32\usp10.dll","SUCCESS","Attributes: A, ReparseTag: 0x0"
220"10:34:13.0614888 a.m.","xcopy.exe","4996","QueryFileInternalInformationFile","C:\Windows\System32\usp10.dll","SUCCESS","IndexNumber: 0x10000000066fb"
221"10:34:13.0615100 a.m.","xcopy.exe","4996","CreateFileMapping","C:\Windows\System32\usp10.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: "
222"10:34:13.0615278 a.m.","xcopy.exe","4996","QueryStandardInformationFile","C:\Windows\System32\usp10.dll","SUCCESS","AllocationSize: 802,816, EndOfFile: 800,256, NumberOfLinks: 2, DeletePending: False, Directory: False"
223"10:34:13.0615876 a.m.","xcopy.exe","4996","CreateFileMapping","C:\Windows\System32\usp10.dll","SUCCESS","SyncType: SyncTypeOther"
224"10:34:13.0618413 a.m.","xcopy.exe","4996","CreateFile","C:\Windows\System32\ifsutil.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Read Attributes, Disposition: Open, Options: Non-Directory File, Complete If Oplocked, Attributes: N, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
225"10:34:13.0620112 a.m.","xcopy.exe","4996","SetBasicInformationFile","C:\Windows\System32\ifsutil.dll","SUCCESS","CreationTime: 1/01/1601 11:59:59 a.m., LastAccessTime: 1/01/1601 11:59:59 a.m., LastWriteTime: 1/01/1601 11:59:59 a.m., ChangeTime: 1/01/1601 11:59:59 a.m., FileAttributes: n/a"
226"10:34:13.0620602 a.m.","xcopy.exe","4996","QueryAttributeTagFile","C:\Windows\System32\ifsutil.dll","SUCCESS","Attributes: A, ReparseTag: 0x0"
227"10:34:13.0620892 a.m.","xcopy.exe","4996","QueryFileInternalInformationFile","C:\Windows\System32\ifsutil.dll","SUCCESS","IndexNumber: 0x10000000060cb"
228"10:34:13.0621187 a.m.","xcopy.exe","4996","CreateFileMapping","C:\Windows\System32\ifsutil.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: "
229"10:34:13.0621452 a.m.","xcopy.exe","4996","QueryStandardInformationFile","C:\Windows\System32\ifsutil.dll","SUCCESS","AllocationSize: 184,320, EndOfFile: 180,736, NumberOfLinks: 2, DeletePending: False, Directory: False"
230"10:34:13.0622267 a.m.","xcopy.exe","4996","CreateFileMapping","C:\Windows\System32\ifsutil.dll","SUCCESS","SyncType: SyncTypeOther"
231"10:34:13.0623754 a.m.","xcopy.exe","4996","CreateFile","C:\Windows\System32\cfgmgr32.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Read Attributes, Disposition: Open, Options: Non-Directory File, Complete If Oplocked, Attributes: N, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
232"10:34:13.0624759 a.m.","xcopy.exe","4996","SetBasicInformationFile","C:\Windows\System32\cfgmgr32.dll","SUCCESS","CreationTime: 1/01/1601 11:59:59 a.m., LastAccessTime: 1/01/1601 11:59:59 a.m., LastWriteTime: 1/01/1601 11:59:59 a.m., ChangeTime: 1/01/1601 11:59:59 a.m., FileAttributes: n/a"
233"10:34:13.0624980 a.m.","xcopy.exe","4996","QueryAttributeTagFile","C:\Windows\System32\cfgmgr32.dll","SUCCESS","Attributes: A, ReparseTag: 0x0"
234"10:34:13.0625167 a.m.","xcopy.exe","4996","QueryFileInternalInformationFile","C:\Windows\System32\cfgmgr32.dll","SUCCESS","IndexNumber: 0x1000000005d4f"
235"10:34:13.0625358 a.m.","xcopy.exe","4996","CreateFileMapping","C:\Windows\System32\cfgmgr32.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: "
236"10:34:13.0625527 a.m.","xcopy.exe","4996","QueryStandardInformationFile","C:\Windows\System32\cfgmgr32.dll","SUCCESS","AllocationSize: 208,896, EndOfFile: 207,872, NumberOfLinks: 4, DeletePending: False, Directory: False"
237"10:34:13.0626177 a.m.","xcopy.exe","4996","CreateFileMapping","C:\Windows\System32\cfgmgr32.dll","SUCCESS","SyncType: SyncTypeOther"
238"10:34:13.0628284 a.m.","xcopy.exe","4996","CreateFile","C:\Windows\System32\setupapi.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Read Attributes, Disposition: Open, Options: Non-Directory File, Complete If Oplocked, Attributes: N, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
239"10:34:13.0630577 a.m.","xcopy.exe","4996","SetBasicInformationFile","C:\Windows\System32\setupapi.dll","SUCCESS","CreationTime: 1/01/1601 11:59:59 a.m., LastAccessTime: 1/01/1601 11:59:59 a.m., LastWriteTime: 1/01/1601 11:59:59 a.m., ChangeTime: 1/01/1601 11:59:59 a.m., FileAttributes: n/a"
240"10:34:13.0630842 a.m.","xcopy.exe","4996","QueryAttributeTagFile","C:\Windows\System32\setupapi.dll","SUCCESS","Attributes: A, ReparseTag: 0x0"
241"10:34:13.0631050 a.m.","xcopy.exe","4996","QueryFileInternalInformationFile","C:\Windows\System32\setupapi.dll","SUCCESS","IndexNumber: 0x10000000065ad"
242"10:34:13.0631266 a.m.","xcopy.exe","4996","CreateFileMapping","C:\Windows\System32\setupapi.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: "
243"10:34:13.0631791 a.m.","xcopy.exe","4996","QueryStandardInformationFile","C:\Windows\System32\setupapi.dll","SUCCESS","AllocationSize: 1,900,544, EndOfFile: 1,900,544, NumberOfLinks: 2, DeletePending: False, Directory: False"
244"10:34:13.0632220 a.m.","xcopy.exe","4996","CreateFileMapping","C:\Windows\System32\setupapi.dll","SUCCESS","SyncType: SyncTypeOther"
245"10:34:13.0633590 a.m.","xcopy.exe","4996","CreateFile","C:\Windows\System32\oleaut32.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Read Attributes, Disposition: Open, Options: Non-Directory File, Complete If Oplocked, Attributes: N, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
246"10:34:13.0635935 a.m.","xcopy.exe","4996","SetBasicInformationFile","C:\Windows\System32\oleaut32.dll","SUCCESS","CreationTime: 1/01/1601 11:59:59 a.m., LastAccessTime: 1/01/1601 11:59:59 a.m., LastWriteTime: 1/01/1601 11:59:59 a.m., ChangeTime: 1/01/1601 11:59:59 a.m., FileAttributes: n/a"
247"10:34:13.0636933 a.m.","xcopy.exe","4996","QueryAttributeTagFile","C:\Windows\System32\oleaut32.dll","SUCCESS","Attributes: A, ReparseTag: 0x0"
248"10:34:13.0637830 a.m.","xcopy.exe","4996","QueryFileInternalInformationFile","C:\Windows\System32\oleaut32.dll","SUCCESS","IndexNumber: 0x200000000e885"
249"10:34:13.0638684 a.m.","xcopy.exe","4996","CreateFileMapping","C:\Windows\System32\oleaut32.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: "
250"10:34:13.0639417 a.m.","xcopy.exe","4996","QueryStandardInformationFile","C:\Windows\System32\oleaut32.dll","SUCCESS","AllocationSize: 864,256, EndOfFile: 861,696, NumberOfLinks: 2, DeletePending: False, Directory: False"
251"10:34:13.0643010 a.m.","xcopy.exe","4996","CreateFileMapping","C:\Windows\System32\oleaut32.dll","SUCCESS","SyncType: SyncTypeOther"
252"10:34:13.0644302 a.m.","xcopy.exe","4996","CreateFile","C:\Windows\System32\ole32.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Read Attributes, Disposition: Open, Options: Non-Directory File, Complete If Oplocked, Attributes: N, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
253"10:34:13.0645334 a.m.","xcopy.exe","4996","SetBasicInformationFile","C:\Windows\System32\ole32.dll","SUCCESS","CreationTime: 1/01/1601 11:59:59 a.m., LastAccessTime: 1/01/1601 11:59:59 a.m., LastWriteTime: 1/01/1601 11:59:59 a.m., ChangeTime: 1/01/1601 11:59:59 a.m., FileAttributes: n/a"
254"10:34:13.0645560 a.m.","xcopy.exe","4996","QueryAttributeTagFile","C:\Windows\System32\ole32.dll","SUCCESS","Attributes: A, ReparseTag: 0x0"
255"10:34:13.0645746 a.m.","xcopy.exe","4996","QueryFileInternalInformationFile","C:\Windows\System32\ole32.dll","SUCCESS","IndexNumber: 0x1000000006417"
256"10:34:13.0645937 a.m.","xcopy.exe","4996","CreateFileMapping","C:\Windows\System32\ole32.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: "
257"10:34:13.0646101 a.m.","xcopy.exe","4996","QueryStandardInformationFile","C:\Windows\System32\ole32.dll","SUCCESS","AllocationSize: 2,088,960, EndOfFile: 2,086,912, NumberOfLinks: 2, DeletePending: False, Directory: False"
258"10:34:13.0646583 a.m.","xcopy.exe","4996","CreateFileMapping","C:\Windows\System32\ole32.dll","SUCCESS","SyncType: SyncTypeOther"
259"10:34:13.0647679 a.m.","xcopy.exe","4996","CreateFile","C:\Windows\System32\devobj.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Read Attributes, Disposition: Open, Options: Non-Directory File, Complete If Oplocked, Attributes: N, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
260"10:34:13.0649075 a.m.","xcopy.exe","4996","SetBasicInformationFile","C:\Windows\System32\devobj.dll","SUCCESS","CreationTime: 1/01/1601 11:59:59 a.m., LastAccessTime: 1/01/1601 11:59:59 a.m., LastWriteTime: 1/01/1601 11:59:59 a.m., ChangeTime: 1/01/1601 11:59:59 a.m., FileAttributes: n/a"
261"10:34:13.0649310 a.m.","xcopy.exe","4996","QueryAttributeTagFile","C:\Windows\System32\devobj.dll","SUCCESS","Attributes: A, ReparseTag: 0x0"
262"10:34:13.0649492 a.m.","xcopy.exe","4996","QueryFileInternalInformationFile","C:\Windows\System32\devobj.dll","SUCCESS","IndexNumber: 0x1000000005f2f"
263"10:34:13.0649687 a.m.","xcopy.exe","4996","CreateFileMapping","C:\Windows\System32\devobj.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: "
264"10:34:13.0649851 a.m.","xcopy.exe","4996","QueryStandardInformationFile","C:\Windows\System32\devobj.dll","SUCCESS","AllocationSize: 94,208, EndOfFile: 93,184, NumberOfLinks: 4, DeletePending: False, Directory: False"
265"10:34:13.0650337 a.m.","xcopy.exe","4996","CreateFileMapping","C:\Windows\System32\devobj.dll","SUCCESS","SyncType: SyncTypeOther"
266"10:34:13.0651200 a.m.","xcopy.exe","4996","CreateFile","C:\Windows\System32\imm32.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Read Attributes, Disposition: Open, Options: Non-Directory File, Complete If Oplocked, Attributes: N, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
267"10:34:13.0651200 a.m.","xcopy.exe","4996","SetBasicInformationFile","C:\Windows\System32\imm32.dll","SUCCESS","CreationTime: 1/01/1601 11:59:59 a.m., LastAccessTime: 1/01/1601 11:59:59 a.m., LastWriteTime: 1/01/1601 11:59:59 a.m., ChangeTime: 1/01/1601 11:59:59 a.m., FileAttributes: n/a"
268"10:34:13.0651304 a.m.","xcopy.exe","4996","QueryAttributeTagFile","C:\Windows\System32\imm32.dll","SUCCESS","Attributes: A, ReparseTag: 0x0"
269"10:34:13.0651590 a.m.","xcopy.exe","4996","QueryFileInternalInformationFile","C:\Windows\System32\imm32.dll","SUCCESS","IndexNumber: 0x10000000060df"
270"10:34:13.0651880 a.m.","xcopy.exe","4996","CreateFileMapping","C:\Windows\System32\imm32.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: "
271"10:34:13.0652145 a.m.","xcopy.exe","4996","QueryStandardInformationFile","C:\Windows\System32\imm32.dll","SUCCESS","AllocationSize: 167,936, EndOfFile: 167,424, NumberOfLinks: 2, DeletePending: False, Directory: False"
272"10:34:13.0652695 a.m.","xcopy.exe","4996","CreateFileMapping","C:\Windows\System32\imm32.dll","SUCCESS","SyncType: SyncTypeOther"
273"10:34:13.0654191 a.m.","xcopy.exe","4996","CreateFile","C:\Windows\System32\msctf.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Read Attributes, Disposition: Open, Options: Non-Directory File, Complete If Oplocked, Attributes: N, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
274"10:34:13.0655184 a.m.","xcopy.exe","4996","SetBasicInformationFile","C:\Windows\System32\msctf.dll","SUCCESS","CreationTime: 1/01/1601 11:59:59 a.m., LastAccessTime: 1/01/1601 11:59:59 a.m., LastWriteTime: 1/01/1601 11:59:59 a.m., ChangeTime: 1/01/1601 11:59:59 a.m., FileAttributes: n/a"
275"10:34:13.0655400 a.m.","xcopy.exe","4996","QueryAttributeTagFile","C:\Windows\System32\msctf.dll","SUCCESS","Attributes: A, ReparseTag: 0x0"
276"10:34:13.0655587 a.m.","xcopy.exe","4996","QueryFileInternalInformationFile","C:\Windows\System32\msctf.dll","SUCCESS","IndexNumber: 0x10000000062a3"
277"10:34:13.0655778 a.m.","xcopy.exe","4996","CreateFileMapping","C:\Windows\System32\msctf.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: "
278"10:34:13.0655942 a.m.","xcopy.exe","4996","QueryStandardInformationFile","C:\Windows\System32\msctf.dll","SUCCESS","AllocationSize: 1,069,056, EndOfFile: 1,067,008, NumberOfLinks: 2, DeletePending: False, Directory: False"
279"10:34:13.0656493 a.m.","xcopy.exe","4996","CreateFileMapping","C:\Windows\System32\msctf.dll","SUCCESS","SyncType: SyncTypeOther"
280"10:34:13.0657802 a.m.","xcopy.exe","4996","CreateFile","C:\Windows\Globalization\Sorting\SortDefault.nls","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Read Attributes, Disposition: Open, Options: Non-Directory File, Complete If Oplocked, Attributes: N, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
281"10:34:13.0658318 a.m.","xcopy.exe","4996","SetBasicInformationFile","C:\Windows\Globalization\Sorting\SortDefault.nls","SUCCESS","CreationTime: 1/01/1601 11:59:59 a.m., LastAccessTime: 1/01/1601 11:59:59 a.m., LastWriteTime: 1/01/1601 11:59:59 a.m., ChangeTime: 1/01/1601 11:59:59 a.m., FileAttributes: n/a"
282"10:34:13.0658530 a.m.","xcopy.exe","4996","QueryAttributeTagFile","C:\Windows\Globalization\Sorting\SortDefault.nls","SUCCESS","Attributes: A, ReparseTag: 0x0"
283"10:34:13.0658713 a.m.","xcopy.exe","4996","QueryFileInternalInformationFile","C:\Windows\Globalization\Sorting\SortDefault.nls","SUCCESS","IndexNumber: 0x10000000046c8"
284"10:34:13.0658899 a.m.","xcopy.exe","4996","CreateFileMapping","C:\Windows\Globalization\Sorting\SortDefault.nls","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: "
285"10:34:13.0659059 a.m.","xcopy.exe","4996","QueryStandardInformationFile","C:\Windows\Globalization\Sorting\SortDefault.nls","SUCCESS","AllocationSize: 2,945,024, EndOfFile: 2,944,004, NumberOfLinks: 2, DeletePending: False, Directory: False"
286"10:34:13.0659411 a.m.","xcopy.exe","4996","CreateFileMapping","C:\Windows\Globalization\Sorting\SortDefault.nls","SUCCESS","SyncType: SyncTypeOther"
287"10:34:13.0662801 a.m.","xcopy.exe","4996","CloseFile","C:\Windows\System32\locale.nls","SUCCESS",""
288"10:34:13.0665051 a.m.","xcopy.exe","4996","CloseFile","C:\Windows\Globalization\Sorting\SortDefault.nls","SUCCESS",""
289"10:34:13.0666711 a.m.","xcopy.exe","4996","CreateFileMapping","C:\Windows\System32\ntdll.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: "
290"10:34:13.0669529 a.m.","xcopy.exe","4996","CreateFileMapping","C:\Windows\System32\ntdll.dll","SUCCESS","SyncType: SyncTypeOther"
291"10:34:13.0669919 a.m.","xcopy.exe","4996","CreateFileMapping","C:\Windows\System32\kernel32.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: "
292"10:34:13.0670877 a.m.","xcopy.exe","4996","CreateFileMapping","C:\Windows\System32\kernel32.dll","SUCCESS","SyncType: SyncTypeOther"
293"10:34:13.0671254 a.m.","xcopy.exe","4996","CreateFileMapping","C:\Windows\System32\apisetschema.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: "
294"10:34:13.0672091 a.m.","xcopy.exe","4996","CreateFileMapping","C:\Windows\System32\apisetschema.dll","SUCCESS","SyncType: SyncTypeOther"
295"10:34:13.0677900 a.m.","xcopy.exe","4996","CreateFileMapping","C:\Windows\System32\KernelBase.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: "
296"10:34:13.0678772 a.m.","xcopy.exe","4996","CreateFileMapping","C:\Windows\System32\KernelBase.dll","SUCCESS","SyncType: SyncTypeOther"
297"10:34:13.0679136 a.m.","xcopy.exe","4996","CreateFileMapping","C:\Windows\System32\xcopy.exe","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: "
298"10:34:13.0679873 a.m.","xcopy.exe","4996","CreateFileMapping","C:\Windows\System32\xcopy.exe","SUCCESS","SyncType: SyncTypeOther"
299"10:34:13.0680319 a.m.","xcopy.exe","4996","CreateFileMapping","C:\Windows\System32\advapi32.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: "
300"10:34:13.0681490 a.m.","xcopy.exe","4996","CreateFileMapping","C:\Windows\System32\advapi32.dll","SUCCESS","SyncType: SyncTypeOther"
301"10:34:13.0681854 a.m.","xcopy.exe","4996","CreateFileMapping","C:\Windows\System32\msvcrt.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: "
302"10:34:13.0682591 a.m.","xcopy.exe","4996","CreateFileMapping","C:\Windows\System32\msvcrt.dll","SUCCESS","SyncType: SyncTypeOther"
303"10:34:13.0683059 a.m.","xcopy.exe","4996","CreateFileMapping","C:\Windows\System32\sechost.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: "
304"10:34:13.0683904 a.m.","xcopy.exe","4996","CreateFileMapping","C:\Windows\System32\sechost.dll","SUCCESS","SyncType: SyncTypeOther"
305"10:34:13.0684260 a.m.","xcopy.exe","4996","CreateFileMapping","C:\Windows\System32\rpcrt4.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: "
306"10:34:13.0684295 a.m.","xcopy.exe","4996","CreateFileMapping","C:\Windows\System32\rpcrt4.dll","SUCCESS","SyncType: SyncTypeOther"
307"10:34:13.0685192 a.m.","xcopy.exe","4996","CreateFileMapping","C:\Windows\System32\ulib.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: "
308"10:34:13.0688218 a.m.","xcopy.exe","4996","CreateFileMapping","C:\Windows\System32\ulib.dll","SUCCESS","SyncType: SyncTypeOther"
309"10:34:13.0688912 a.m.","xcopy.exe","4996","CreateFileMapping","C:\Windows\System32\user32.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: "
310"10:34:13.0689935 a.m.","xcopy.exe","4996","CreateFileMapping","C:\Windows\System32\user32.dll","SUCCESS","SyncType: SyncTypeOther"
311"10:34:13.0690477 a.m.","xcopy.exe","4996","CreateFileMapping","C:\Windows\System32\gdi32.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: "
312"10:34:13.0691469 a.m.","xcopy.exe","4996","CreateFileMapping","C:\Windows\System32\gdi32.dll","SUCCESS","SyncType: SyncTypeOther"
313"10:34:13.0691860 a.m.","xcopy.exe","4996","CreateFileMapping","C:\Windows\System32\lpk.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: "
314"10:34:13.0692896 a.m.","xcopy.exe","4996","CreateFileMapping","C:\Windows\System32\lpk.dll","SUCCESS","SyncType: SyncTypeOther"
315"10:34:13.0693286 a.m.","xcopy.exe","4996","CreateFileMapping","C:\Windows\System32\usp10.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: "
316"10:34:13.0694201 a.m.","xcopy.exe","4996","CreateFileMapping","C:\Windows\System32\usp10.dll","SUCCESS","SyncType: SyncTypeOther"
317"10:34:13.0694582 a.m.","xcopy.exe","4996","CreateFileMapping","C:\Windows\System32\ifsutil.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: "
318"10:34:13.0695991 a.m.","xcopy.exe","4996","CreateFileMapping","C:\Windows\System32\ifsutil.dll","SUCCESS","SyncType: SyncTypeOther"
319"10:34:13.0696411 a.m.","xcopy.exe","4996","CreateFileMapping","C:\Windows\System32\cfgmgr32.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: "
320"10:34:13.0697335 a.m.","xcopy.exe","4996","CreateFileMapping","C:\Windows\System32\cfgmgr32.dll","SUCCESS","SyncType: SyncTypeOther"
321"10:34:13.0697751 a.m.","xcopy.exe","4996","CreateFileMapping","C:\Windows\System32\setupapi.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: "
322"10:34:13.0698674 a.m.","xcopy.exe","4996","CreateFileMapping","C:\Windows\System32\setupapi.dll","SUCCESS","SyncType: SyncTypeOther"
323"10:34:13.0699073 a.m.","xcopy.exe","4996","CreateFileMapping","C:\Windows\System32\oleaut32.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: "
324"10:34:13.0700044 a.m.","xcopy.exe","4996","CreateFileMapping","C:\Windows\System32\oleaut32.dll","SUCCESS","SyncType: SyncTypeOther"
325"10:34:13.0701713 a.m.","xcopy.exe","4996","CreateFileMapping","C:\Windows\System32\ole32.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: "
326"10:34:13.0702741 a.m.","xcopy.exe","4996","CreateFileMapping","C:\Windows\System32\ole32.dll","SUCCESS","SyncType: SyncTypeOther"
327"10:34:13.0703135 a.m.","xcopy.exe","4996","CreateFileMapping","C:\Windows\System32\devobj.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: "
328"10:34:13.0703929 a.m.","xcopy.exe","4996","CreateFileMapping","C:\Windows\System32\devobj.dll","SUCCESS","SyncType: SyncTypeOther"
329"10:34:13.0704319 a.m.","xcopy.exe","4996","CreateFileMapping","C:\Windows\System32\imm32.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: "
330"10:34:13.0705264 a.m.","xcopy.exe","4996","CreateFileMapping","C:\Windows\System32\imm32.dll","SUCCESS","SyncType: SyncTypeOther"
331"10:34:13.0705650 a.m.","xcopy.exe","4996","CreateFileMapping","C:\Windows\System32\msctf.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: "
332"10:34:13.0706872 a.m.","xcopy.exe","4996","CreateFileMapping","C:\Windows\System32\msctf.dll","SUCCESS","SyncType: SyncTypeOther"
333"10:34:13.0709174 a.m.","xcopy.exe","4996","CloseFile","C:\Windows\System32\ntdll.dll","SUCCESS",""
334"10:34:13.0712322 a.m.","xcopy.exe","4996","CloseFile","C:\Windows\System32\kernel32.dll","SUCCESS",""
335"10:34:13.0714069 a.m.","xcopy.exe","4996","CloseFile","C:\Windows\System32\apisetschema.dll","SUCCESS",""
336"10:34:13.0715638 a.m.","xcopy.exe","4996","CloseFile","C:\Windows\System32\KernelBase.dll","SUCCESS",""
337"10:34:13.0717064 a.m.","xcopy.exe","4996","CloseFile","C:\Windows\System32\xcopy.exe","SUCCESS",""
338"10:34:13.0718374 a.m.","xcopy.exe","4996","CloseFile","C:\Windows\System32\advapi32.dll","SUCCESS",""
339"10:34:13.0719050 a.m.","xcopy.exe","4996","CloseFile","C:\Windows\System32\msvcrt.dll","SUCCESS",""
340"10:34:13.0719817 a.m.","xcopy.exe","4996","CloseFile","C:\Windows\System32\sechost.dll","SUCCESS",""
341"10:34:13.0720463 a.m.","xcopy.exe","4996","CloseFile","C:\Windows\System32\rpcrt4.dll","SUCCESS",""
342"10:34:13.0721126 a.m.","xcopy.exe","4996","CloseFile","C:\Windows\System32\ulib.dll","SUCCESS",""
343"10:34:13.0721781 a.m.","xcopy.exe","4996","CloseFile","C:\Windows\System32\user32.dll","SUCCESS",""
344"10:34:13.0722444 a.m.","xcopy.exe","4996","CloseFile","C:\Windows\System32\gdi32.dll","SUCCESS",""
345"10:34:13.0723086 a.m.","xcopy.exe","4996","CloseFile","C:\Windows\System32\lpk.dll","SUCCESS",""
346"10:34:13.0724278 a.m.","xcopy.exe","4996","CloseFile","C:\Windows\System32\usp10.dll","SUCCESS",""
347"10:34:13.0725197 a.m.","xcopy.exe","4996","CloseFile","C:\Windows\System32\ifsutil.dll","SUCCESS",""
348"10:34:13.0725926 a.m.","xcopy.exe","4996","CloseFile","C:\Windows\System32\cfgmgr32.dll","SUCCESS",""
349"10:34:13.0726654 a.m.","xcopy.exe","4996","CloseFile","C:\Windows\System32\setupapi.dll","SUCCESS",""
350"10:34:13.0727404 a.m.","xcopy.exe","4996","CloseFile","C:\Windows\System32\oleaut32.dll","SUCCESS",""
351"10:34:13.0728314 a.m.","xcopy.exe","4996","CloseFile","C:\Windows\System32\ole32.dll","SUCCESS",""
352"10:34:13.0729012 a.m.","xcopy.exe","4996","CloseFile","C:\Windows\System32\devobj.dll","SUCCESS",""
353"10:34:13.0729701 a.m.","xcopy.exe","4996","CloseFile","C:\Windows\System32\imm32.dll","SUCCESS",""
354"10:34:13.0730399 a.m.","xcopy.exe","4996","CloseFile","C:\Windows\System32\msctf.dll","SUCCESS",""
355"10:34:13.0731106 a.m.","xcopy.exe","4996","CloseFile","C:","SUCCESS",""
356"10:34:13.0742972 a.m.","xcopy.exe","4996","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options","SUCCESS","Desired Access: Query Value, Enumerate Sub Keys"
357"10:34:13.0744259 a.m.","xcopy.exe","4996","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DisableUserModeCallbackFilter","NAME NOT FOUND","Length: 1,024"
358"10:34:13.0745234 a.m.","xcopy.exe","4996","RegOpenKey","HKLM\System\CurrentControlSet\Control\Session Manager","REPARSE","Desired Access: Read"
359"10:34:13.0745612 a.m.","xcopy.exe","4996","RegOpenKey","HKLM\System\CurrentControlSet\Control\Session Manager","SUCCESS","Desired Access: Read"
360"10:34:13.0746474 a.m.","xcopy.exe","4996","RegQueryValue","HKLM\System\CurrentControlSet\Control\SESSION MANAGER\CWDIllegalInDLLSearch","NAME NOT FOUND","Length: 1,024"
361"10:34:13.0747103 a.m.","xcopy.exe","4996","RegCloseKey","HKLM\System\CurrentControlSet\Control\SESSION MANAGER","SUCCESS",""
362"10:34:13.0755973 a.m.","xcopy.exe","4996","CreateFile","C:\my\commands","SUCCESS","Desired Access: Execute/Traverse, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
363"10:34:13.0764838 a.m.","xcopy.exe","4996","Load Image","C:\Windows\System32\kernel32.dll","SUCCESS","Image Base: 0x77570000, Image Size: 0x11f000"
364"10:34:13.0786263 a.m.","xcopy.exe","4996","Load Image","C:\Windows\System32\KernelBase.dll","SUCCESS","Image Base: 0x7fefd6d0000, Image Size: 0x6c000"
365"10:34:13.0851625 a.m.","xcopy.exe","4996","RegOpenKey","HKLM\System\CurrentControlSet\Control\SafeBoot\Option","REPARSE","Desired Access: Query Value, Set Value"
366"10:34:13.0853549 a.m.","xcopy.exe","4996","RegOpenKey","HKLM\System\CurrentControlSet\Control\SafeBoot\Option","NAME NOT FOUND","Desired Access: Query Value, Set Value"
367"10:34:13.0854148 a.m.","xcopy.exe","4996","RegOpenKey","HKLM\System\CurrentControlSet\Control\Srp\GP\DLL","REPARSE","Desired Access: Read"
368"10:34:13.0854872 a.m.","xcopy.exe","4996","RegOpenKey","HKLM\System\CurrentControlSet\Control\Srp\GP\DLL","NAME NOT FOUND","Desired Access: Read"
369"10:34:13.0855448 a.m.","xcopy.exe","4996","RegOpenKey","HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers","SUCCESS","Desired Access: Query Value"
370"10:34:13.0857586 a.m.","xcopy.exe","4996","RegQueryValue","HKLM\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\TransparentEnabled","NAME NOT FOUND","Length: 80"
371"10:34:13.0857759 a.m.","xcopy.exe","4996","RegCloseKey","HKLM\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers","SUCCESS",""
372"10:34:13.0858106 a.m.","xcopy.exe","4996","RegOpenKey","HKCU\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers","NAME NOT FOUND","Desired Access: Query Value"
373"10:34:13.0865939 a.m.","xcopy.exe","4996","Load Image","C:\Windows\System32\advapi32.dll","SUCCESS","Image Base: 0x7fefed60000, Image Size: 0xdb000"
374"10:34:13.0872780 a.m.","xcopy.exe","4996","Load Image","C:\Windows\System32\msvcrt.dll","SUCCESS","Image Base: 0x7fefdd20000, Image Size: 0x9f000"
375"10:34:13.0881802 a.m.","xcopy.exe","4996","CreateFile","C:\Windows\System32\sechost.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
376"10:34:13.0882964 a.m.","xcopy.exe","4996","QueryBasicInformationFile","C:\Windows\System32\sechost.dll","SUCCESS","CreationTime: 14/07/2009 11:20:52 a.m., LastAccessTime: 14/07/2009 11:20:52 a.m., LastWriteTime: 14/07/2009 1:41:53 p.m., ChangeTime: 17/06/2011 5:50:13 p.m., FileAttributes: A"
377"10:34:13.0888578 a.m.","xcopy.exe","4996","CloseFile","C:\Windows\System32\sechost.dll","SUCCESS",""
378"10:34:13.0891179 a.m.","xcopy.exe","4996","CreateFile","C:\Windows\System32\sechost.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
379"10:34:13.0895319 a.m.","xcopy.exe","4996","CreateFileMapping","C:\Windows\System32\sechost.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: "
380"10:34:13.0896151 a.m.","xcopy.exe","4996","CreateFileMapping","C:\Windows\System32\sechost.dll","SUCCESS","SyncType: SyncTypeOther"
381"10:34:13.0900816 a.m.","xcopy.exe","4996","Load Image","C:\Windows\System32\sechost.dll","SUCCESS","Image Base: 0x7fefefa0000, Image Size: 0x1f000"
382"10:34:13.0901068 a.m.","xcopy.exe","4996","CloseFile","C:\Windows\System32\sechost.dll","SUCCESS",""
383"10:34:13.0908329 a.m.","xcopy.exe","4996","Load Image","C:\Windows\System32\rpcrt4.dll","SUCCESS","Image Base: 0x7fefec30000, Image Size: 0x12d000"
384"10:34:13.1449535 a.m.","xcopy.exe","4996","CreateFile","C:\Windows\System32\ulib.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
385"10:34:13.1455180 a.m.","xcopy.exe","4996","QueryBasicInformationFile","C:\Windows\System32\ulib.dll","SUCCESS","CreationTime: 14/07/2009 11:25:05 a.m., LastAccessTime: 14/07/2009 11:25:05 a.m., LastWriteTime: 14/07/2009 1:41:55 p.m., ChangeTime: 17/06/2011 5:50:20 p.m., FileAttributes: A"
386"10:34:13.1457222 a.m.","xcopy.exe","4996","CloseFile","C:\Windows\System32\ulib.dll","SUCCESS",""
387"10:34:13.1463274 a.m.","xcopy.exe","4996","CreateFile","C:\Windows\System32\ulib.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
388"10:34:13.1469057 a.m.","xcopy.exe","4996","CreateFileMapping","C:\Windows\System32\ulib.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: "
389"10:34:13.1472130 a.m.","xcopy.exe","4996","CreateFileMapping","C:\Windows\System32\ulib.dll","SUCCESS","SyncType: SyncTypeOther"
390"10:34:13.1482743 a.m.","xcopy.exe","4996","Load Image","C:\Windows\System32\ulib.dll","SUCCESS","Image Base: 0x7fef2240000, Image Size: 0x28000"
391"10:34:13.1483055 a.m.","xcopy.exe","4996","CloseFile","C:\Windows\System32\ulib.dll","SUCCESS",""
392"10:34:13.1511282 a.m.","xcopy.exe","4996","Load Image","C:\Windows\System32\user32.dll","SUCCESS","Image Base: 0x778a0000, Image Size: 0xfa000"
393"10:34:13.1525193 a.m.","xcopy.exe","4996","Load Image","C:\Windows\System32\gdi32.dll","SUCCESS","Image Base: 0x7fefd8e0000, Image Size: 0x67000"
394"10:34:13.1533942 a.m.","xcopy.exe","4996","Load Image","C:\Windows\System32\lpk.dll","SUCCESS","Image Base: 0x7fefd740000, Image Size: 0xe000"
395"10:34:13.1559701 a.m.","xcopy.exe","4996","Load Image","C:\Windows\System32\usp10.dll","SUCCESS","Image Base: 0x7fefdc50000, Image Size: 0xc9000"
396"10:34:13.1569234 a.m.","xcopy.exe","4996","CreateFile","C:\Windows\System32\ifsutil.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
397"10:34:13.1571302 a.m.","xcopy.exe","4996","QueryBasicInformationFile","C:\Windows\System32\ifsutil.dll","SUCCESS","CreationTime: 21/11/2010 3:23:48 p.m., LastAccessTime: 21/11/2010 3:23:48 p.m., LastWriteTime: 21/11/2010 3:23:48 p.m., ChangeTime: 17/06/2011 5:49:36 p.m., FileAttributes: A"
398"10:34:13.1572035 a.m.","xcopy.exe","4996","CloseFile","C:\Windows\System32\ifsutil.dll","SUCCESS",""
399"10:34:13.1574198 a.m.","xcopy.exe","4996","CreateFile","C:\Windows\System32\ifsutil.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
400"10:34:13.1578646 a.m.","xcopy.exe","4996","CreateFileMapping","C:\Windows\System32\ifsutil.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: "
401"10:34:13.1580645 a.m.","xcopy.exe","4996","CreateFileMapping","C:\Windows\System32\ifsutil.dll","SUCCESS","SyncType: SyncTypeOther"
402"10:34:13.1586176 a.m.","xcopy.exe","4996","Load Image","C:\Windows\System32\ifsutil.dll","SUCCESS","Image Base: 0x7fef2270000, Image Size: 0x30000"
403"10:34:13.1586415 a.m.","xcopy.exe","4996","CloseFile","C:\Windows\System32\ifsutil.dll","SUCCESS",""
404"10:34:13.1596412 a.m.","xcopy.exe","4996","Load Image","C:\Windows\System32\cfgmgr32.dll","SUCCESS","Image Base: 0x7fefd590000, Image Size: 0x36000"
405"10:34:13.1602880 a.m.","xcopy.exe","4996","Load Image","C:\Windows\System32\setupapi.dll","SUCCESS","Image Base: 0x7fefefc0000, Image Size: 0x1d7000"
406"10:34:13.1611477 a.m.","xcopy.exe","4996","Load Image","C:\Windows\System32\oleaut32.dll","SUCCESS","Image Base: 0x7fefd950000, Image Size: 0xd7000"
407"10:34:13.1616419 a.m.","xcopy.exe","4996","Load Image","C:\Windows\System32\ole32.dll","SUCCESS","Image Base: 0x7fefda40000, Image Size: 0x203000"
408"10:34:13.1635455 a.m.","xcopy.exe","4996","Load Image","C:\Windows\System32\devobj.dll","SUCCESS","Image Base: 0x7fefd610000, Image Size: 0x1a000"
409"10:34:13.1672893 a.m.","xcopy.exe","4996","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\Sorting\Versions","REPARSE","Desired Access: Read"
410"10:34:13.1674042 a.m.","xcopy.exe","4996","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\Sorting\Versions","SUCCESS","Desired Access: Read"
411"10:34:13.1674745 a.m.","xcopy.exe","4996","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\Sorting\Versions\(Default)","SUCCESS","Type: REG_SZ, Length: 36, Data: 00060101.00060101"
412"10:34:13.1683159 a.m.","xcopy.exe","4996","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: Read"
413"10:34:13.1684083 a.m.","xcopy.exe","4996","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
414"10:34:13.1684278 a.m.","xcopy.exe","4996","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\Diagnostics","NAME NOT FOUND","Desired Access: Read"
415"10:34:13.1688986 a.m.","xcopy.exe","4996","RegOpenKey","HKLM\System\CurrentControlSet\Control\Session Manager","REPARSE","Desired Access: Query Value"
416"10:34:13.1689233 a.m.","xcopy.exe","4996","RegOpenKey","HKLM\System\CurrentControlSet\Control\Session Manager","SUCCESS","Desired Access: Query Value"
417"10:34:13.1689567 a.m.","xcopy.exe","4996","RegQueryValue","HKLM\System\CurrentControlSet\Control\SESSION MANAGER\SafeDllSearchMode","NAME NOT FOUND","Length: 16"
418"10:34:13.1711563 a.m.","xcopy.exe","4996","CreateFile","C:\Windows\System32\imm32.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
419"10:34:13.1713068 a.m.","xcopy.exe","4996","QueryBasicInformationFile","C:\Windows\System32\imm32.dll","SUCCESS","CreationTime: 14/07/2009 11:38:08 a.m., LastAccessTime: 14/07/2009 11:38:08 a.m., LastWriteTime: 14/07/2009 1:41:09 p.m., ChangeTime: 17/06/2011 5:49:38 p.m., FileAttributes: A"
420"10:34:13.1715734 a.m.","xcopy.exe","4996","CloseFile","C:\Windows\System32\imm32.dll","SUCCESS",""
421"10:34:13.1719193 a.m.","xcopy.exe","4996","CreateFile","C:\Windows\System32\imm32.dll","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
422"10:34:13.1724773 a.m.","xcopy.exe","4996","CreateFileMapping","C:\Windows\System32\imm32.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: "
423"10:34:13.1724946 a.m.","xcopy.exe","4996","QueryStandardInformationFile","C:\Windows\System32\imm32.dll","SUCCESS","AllocationSize: 167,936, EndOfFile: 167,424, NumberOfLinks: 2, DeletePending: False, Directory: False"
424"10:34:13.1725306 a.m.","xcopy.exe","4996","CreateFileMapping","C:\Windows\System32\imm32.dll","SUCCESS","SyncType: SyncTypeOther"
425"10:34:13.1727829 a.m.","xcopy.exe","4996","CloseFile","C:\Windows\System32\imm32.dll","SUCCESS",""
426"10:34:13.1730057 a.m.","xcopy.exe","4996","CreateFile","C:\Windows\System32\imm32.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
427"10:34:13.1731224 a.m.","xcopy.exe","4996","QueryBasicInformationFile","C:\Windows\System32\imm32.dll","SUCCESS","CreationTime: 14/07/2009 11:38:08 a.m., LastAccessTime: 14/07/2009 11:38:08 a.m., LastWriteTime: 14/07/2009 1:41:09 p.m., ChangeTime: 17/06/2011 5:49:38 p.m., FileAttributes: A"
428"10:34:13.1731449 a.m.","xcopy.exe","4996","CloseFile","C:\Windows\System32\imm32.dll","SUCCESS",""
429"10:34:13.1732641 a.m.","xcopy.exe","4996","CreateFile","C:\Windows\System32\imm32.dll","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
430"10:34:13.1736729 a.m.","xcopy.exe","4996","CreateFileMapping","C:\Windows\System32\imm32.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: "
431"10:34:13.1736894 a.m.","xcopy.exe","4996","QueryStandardInformationFile","C:\Windows\System32\imm32.dll","SUCCESS","AllocationSize: 167,936, EndOfFile: 167,424, NumberOfLinks: 2, DeletePending: False, Directory: False"
432"10:34:13.1737232 a.m.","xcopy.exe","4996","CreateFileMapping","C:\Windows\System32\imm32.dll","SUCCESS","SyncType: SyncTypeOther"
433"10:34:13.1740471 a.m.","xcopy.exe","4996","CloseFile","C:\Windows\System32\imm32.dll","SUCCESS",""
434"10:34:13.1743002 a.m.","xcopy.exe","4996","CreateFile","C:\Windows\System32\imm32.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
435"10:34:13.1743978 a.m.","xcopy.exe","4996","QueryBasicInformationFile","C:\Windows\System32\imm32.dll","SUCCESS","CreationTime: 14/07/2009 11:38:08 a.m., LastAccessTime: 14/07/2009 11:38:08 a.m., LastWriteTime: 14/07/2009 1:41:09 p.m., ChangeTime: 17/06/2011 5:49:38 p.m., FileAttributes: A"
436"10:34:13.1744173 a.m.","xcopy.exe","4996","CloseFile","C:\Windows\System32\imm32.dll","SUCCESS",""
437"10:34:13.1745291 a.m.","xcopy.exe","4996","CreateFile","C:\Windows\System32\imm32.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
438"10:34:13.1748387 a.m.","xcopy.exe","4996","CreateFileMapping","C:\Windows\System32\imm32.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: "
439"10:34:13.1749089 a.m.","xcopy.exe","4996","CreateFileMapping","C:\Windows\System32\imm32.dll","SUCCESS","SyncType: SyncTypeOther"
440"10:34:13.1761917 a.m.","xcopy.exe","4996","Load Image","C:\Windows\System32\imm32.dll","SUCCESS","Image Base: 0x7fefee40000, Image Size: 0x2e000"
441"10:34:13.1762519 a.m.","xcopy.exe","4996","CloseFile","C:\Windows\System32\imm32.dll","SUCCESS",""
442"10:34:13.1778997 a.m.","xcopy.exe","4996","Load Image","C:\Windows\System32\msctf.dll","SUCCESS","Image Base: 0x7fefee90000, Image Size: 0x109000"
443"10:34:13.1791153 a.m.","xcopy.exe","4996","RegOpenKey","HKLM\System\CurrentControlSet\Control\Error Message Instrument","REPARSE","Desired Access: Read"
444"10:34:13.1792003 a.m.","xcopy.exe","4996","RegOpenKey","HKLM\System\CurrentControlSet\Control\Error Message Instrument","NAME NOT FOUND","Desired Access: Read"
445"10:34:13.1793616 a.m.","xcopy.exe","4996","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\GRE_Initialize","SUCCESS","Desired Access: Read"
446"10:34:13.1794487 a.m.","xcopy.exe","4996","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles","NAME NOT FOUND","Length: 20"
447"10:34:13.1795272 a.m.","xcopy.exe","4996","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize","SUCCESS",""
448"10:34:13.1802234 a.m.","xcopy.exe","4996","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\Compatibility32","SUCCESS","Desired Access: Read"
449"10:34:13.1802915 a.m.","xcopy.exe","4996","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Compatibility32\xcopy","NAME NOT FOUND","Length: 172"
450"10:34:13.1803283 a.m.","xcopy.exe","4996","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Compatibility32","SUCCESS",""
451"10:34:13.1804410 a.m.","xcopy.exe","4996","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\IME Compatibility","NAME NOT FOUND","Desired Access: Read"
452"10:34:13.1810675 a.m.","xcopy.exe","4996","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
453"10:34:13.1812708 a.m.","xcopy.exe","4996","RegOpenKey","HKCU\Control Panel\Desktop\MuiCached\MachineLanguageConfiguration","NAME NOT FOUND","Desired Access: Read"
454"10:34:13.1814134 a.m.","xcopy.exe","4996","RegCloseKey","HKCU","SUCCESS",""
455"10:34:13.1815079 a.m.","xcopy.exe","4996","RegOpenKey","HKLM\Software\Policies\Microsoft\MUI\Settings","NAME NOT FOUND","Desired Access: Read"
456"10:34:13.1816232 a.m.","xcopy.exe","4996","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
457"10:34:13.1817095 a.m.","xcopy.exe","4996","RegOpenKey","HKCU\Software\Policies\Microsoft\Control Panel\Desktop","NAME NOT FOUND","Desired Access: Read"
458"10:34:13.1818079 a.m.","xcopy.exe","4996","RegOpenKey","HKCU\Control Panel\Desktop\LanguageConfiguration","SUCCESS","Desired Access: Read"
459"10:34:13.1819206 a.m.","xcopy.exe","4996","RegEnumValue","HKCU\Control Panel\Desktop\LanguageConfiguration","NO MORE ENTRIES","Index: 0, Length: 512"
460"10:34:13.1819887 a.m.","xcopy.exe","4996","RegCloseKey","HKCU\Control Panel\Desktop\LanguageConfiguration","SUCCESS",""
461"10:34:13.1820433 a.m.","xcopy.exe","4996","RegCloseKey","HKCU","SUCCESS",""
462"10:34:13.1821049 a.m.","xcopy.exe","4996","RegOpenKey","HKLM\Software\Policies\Microsoft\MUI\Settings","NAME NOT FOUND","Desired Access: Read"
463"10:34:13.1821370 a.m.","xcopy.exe","4996","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
464"10:34:13.1821651 a.m.","xcopy.exe","4996","RegOpenKey","HKCU\Software\Policies\Microsoft\Control Panel\Desktop","NAME NOT FOUND","Desired Access: Read"
465"10:34:13.1821899 a.m.","xcopy.exe","4996","RegOpenKey","HKCU\Control Panel\Desktop","SUCCESS","Desired Access: Read"
466"10:34:13.1822159 a.m.","xcopy.exe","4996","RegQueryValue","HKCU\Control Panel\Desktop\PreferredUILanguages","NAME NOT FOUND","Length: 12"
467"10:34:13.1822675 a.m.","xcopy.exe","4996","RegCloseKey","HKCU\Control Panel\Desktop","SUCCESS",""
468"10:34:13.1822887 a.m.","xcopy.exe","4996","RegCloseKey","HKCU","SUCCESS",""
469"10:34:13.1823130 a.m.","xcopy.exe","4996","RegOpenKey","HKLM\Software\Policies\Microsoft\MUI\Settings","NAME NOT FOUND","Desired Access: Read"
470"10:34:13.1823446 a.m.","xcopy.exe","4996","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
471"10:34:13.1823719 a.m.","xcopy.exe","4996","RegOpenKey","HKCU\Control Panel\Desktop\MuiCached","SUCCESS","Desired Access: Read"
472"10:34:13.1824175 a.m.","xcopy.exe","4996","RegQueryValue","HKCU\Control Panel\Desktop\MuiCached\MachinePreferredUILanguages","BUFFER OVERFLOW","Length: 12"
473"10:34:13.1824413 a.m.","xcopy.exe","4996","RegQueryValue","HKCU\Control Panel\Desktop\MuiCached\MachinePreferredUILanguages","SUCCESS","Type: REG_MULTI_SZ, Length: 12, Data: en-US"
474"10:34:13.1824677 a.m.","xcopy.exe","4996","RegCloseKey","HKCU\Control Panel\Desktop\MuiCached","SUCCESS",""
475"10:34:13.1824890 a.m.","xcopy.exe","4996","RegCloseKey","HKCU","SUCCESS",""
476"10:34:13.1831796 a.m.","xcopy.exe","4996","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
477"10:34:13.1832043 a.m.","xcopy.exe","4996","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows","SUCCESS","Desired Access: Read"
478"10:34:13.1832554 a.m.","xcopy.exe","4996","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\LoadAppInit_DLLs","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
479"10:34:13.1832901 a.m.","xcopy.exe","4996","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows","SUCCESS",""
480"10:34:13.1858267 a.m.","xcopy.exe","4996","ReadFile","C:\Windows\System32\ulib.dll","SUCCESS","Offset: 133,632, Length: 1,024, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O, Priority: Normal"
481"10:34:13.1999096 a.m.","xcopy.exe","4996","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","REPARSE","Desired Access: Read"
482"10:34:13.2003496 a.m.","xcopy.exe","4996","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","Desired Access: Read"
483"10:34:13.2005754 a.m.","xcopy.exe","4996","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale\en-NZ","NAME NOT FOUND","Length: 532"
484"10:34:13.2008685 a.m.","xcopy.exe","4996","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS",""
485"10:34:13.2009569 a.m.","xcopy.exe","4996","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","REPARSE","Desired Access: Read"
486"10:34:13.2010315 a.m.","xcopy.exe","4996","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","Desired Access: Read"
487"10:34:13.2011204 a.m.","xcopy.exe","4996","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale\en-NZ","NAME NOT FOUND","Length: 532"
488"10:34:13.2011819 a.m.","xcopy.exe","4996","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS",""
489"10:34:13.2015643 a.m.","xcopy.exe","4996","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\Locale","REPARSE","Desired Access: Read"
490"10:34:13.2017104 a.m.","xcopy.exe","4996","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\Locale","SUCCESS","Desired Access: Read"
491"10:34:13.2017915 a.m.","xcopy.exe","4996","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\Locale\Alternate Sorts","REPARSE","Desired Access: Read"
492"10:34:13.2018136 a.m.","xcopy.exe","4996","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\Locale\Alternate Sorts","SUCCESS","Desired Access: Read"
493"10:34:13.2018682 a.m.","xcopy.exe","4996","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\Language Groups","REPARSE","Desired Access: Read"
494"10:34:13.2019024 a.m.","xcopy.exe","4996","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\Language Groups","SUCCESS","Desired Access: Read"
495"10:34:13.2019722 a.m.","xcopy.exe","4996","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\Locale\00001409","SUCCESS","Type: REG_SZ, Length: 4, Data: 1"
496"10:34:13.2020290 a.m.","xcopy.exe","4996","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\Language Groups\1","SUCCESS","Type: REG_SZ, Length: 4, Data: 1"
497"10:34:13.2026169 a.m.","xcopy.exe","4996","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\Locale\00001409","SUCCESS","Type: REG_SZ, Length: 4, Data: 1"
498"10:34:13.2026438 a.m.","xcopy.exe","4996","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\Language Groups\1","SUCCESS","Type: REG_SZ, Length: 4, Data: 1"
499"10:34:13.2033686 a.m.","xcopy.exe","4996","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
500"10:34:13.2034540 a.m.","xcopy.exe","4996","RegOpenKey","HKLM\SOFTWARE\Microsoft\OLE","SUCCESS","Desired Access: Read"
501"10:34:13.2042348 a.m.","xcopy.exe","4996","RegQueryValue","HKLM\SOFTWARE\Microsoft\OLE\PageAllocatorUseSystemHeap","NAME NOT FOUND","Length: 144"
502"10:34:13.2042959 a.m.","xcopy.exe","4996","RegCloseKey","HKLM\SOFTWARE\Microsoft\OLE","SUCCESS",""
503"10:34:13.2043804 a.m.","xcopy.exe","4996","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
504"10:34:13.2044342 a.m.","xcopy.exe","4996","RegOpenKey","HKLM\SOFTWARE\Microsoft\OLE","SUCCESS","Desired Access: Read"
505"10:34:13.2044880 a.m.","xcopy.exe","4996","RegQueryValue","HKLM\SOFTWARE\Microsoft\OLE\PageAllocatorSystemHeapIsPrivate","NAME NOT FOUND","Length: 144"
506"10:34:13.2261566 a.m.","xcopy.exe","4996","RegCloseKey","HKLM\SOFTWARE\Microsoft\OLE","SUCCESS",""
507"10:34:13.2267965 a.m.","xcopy.exe","4996","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
508"10:34:13.2268307 a.m.","xcopy.exe","4996","RegOpenKey","HKLM\Software\Microsoft\OLE\Tracing","NAME NOT FOUND","Desired Access: Read"
509"10:34:13.2288938 a.m.","xcopy.exe","4996","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
510"10:34:13.2289498 a.m.","xcopy.exe","4996","RegOpenKey","HKLM\SOFTWARE\Microsoft\OLEAUT","NAME NOT FOUND","Desired Access: Query Value"
511"10:34:13.2290026 a.m.","xcopy.exe","4996","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
512"10:34:13.2290208 a.m.","xcopy.exe","4996","RegOpenKey","HKLM\SOFTWARE\Microsoft\OLEAUT","NAME NOT FOUND","Desired Access: Query Value"
513"10:34:13.2302035 a.m.","xcopy.exe","4996","RegOpenKey","HKLM\Software\Microsoft\Windows\Windows Error Reporting\WMR","SUCCESS","Desired Access: Query Value"
514"10:34:13.2303396 a.m.","xcopy.exe","4996","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\Windows Error Reporting\WMR\Disable","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1"
515"10:34:13.2303622 a.m.","xcopy.exe","4996","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows\Windows Error Reporting\WMR","SUCCESS",""
516"10:34:13.2304085 a.m.","xcopy.exe","4996","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
517"10:34:13.2304289 a.m.","xcopy.exe","4996","RegOpenKey","HKLM\Software\Microsoft\Windows\CurrentVersion\Setup","SUCCESS","Desired Access: Read"
518"10:34:13.2305395 a.m.","xcopy.exe","4996","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\SourcePath","NAME NOT FOUND","Length: 144"
519"10:34:13.2415825 a.m.","xcopy.exe","4996","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup","SUCCESS",""
520"10:34:13.2634267 a.m.","xcopy.exe","4996","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
521"10:34:13.2634996 a.m.","xcopy.exe","4996","RegOpenKey","HKLM\Software\Microsoft\Windows\CurrentVersion","SUCCESS","Desired Access: Read"
522"10:34:13.2636587 a.m.","xcopy.exe","4996","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\DevicePath","SUCCESS","Type: REG_EXPAND_SZ, Length: 34, Data: %SystemRoot%\inf"
523"10:34:13.2640770 a.m.","xcopy.exe","4996","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion","SUCCESS",""
524"10:34:13.2648491 a.m.","xcopy.exe","4996","ReadFile","C:\Windows\System32\ifsutil.dll","SUCCESS","Offset: 173,056, Length: 5,632, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O, Priority: Normal"
525"10:34:13.2880606 a.m.","xcopy.exe","4996","ReadFile","C:\Windows\System32\ifsutil.dll","SUCCESS","Offset: 144,384, Length: 27,648, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O, Priority: Normal"
526"10:34:13.3503791 a.m.","xcopy.exe","4996","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\6b1db052-734f-4e23-af5e-6cd8ae459f98","NAME NOT FOUND","Length: 524"
527"10:34:13.3515050 a.m.","xcopy.exe","4996","QueryNameInformationFile","C:\Windows\System32\xcopy.exe","SUCCESS","Name: \Windows\System32\xcopy.exe"
528"10:34:13.3541807 a.m.","xcopy.exe","4996","CreateFile","C:\Windows\Globalization\Sorting\SortDefault.nls","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Disallow Exclusive, Attributes: N, ShareMode: Read, AllocationSize: n/a, OpenResult: Opened"
529"10:34:13.3542544 a.m.","xcopy.exe","4996","CreateFileMapping","C:\Windows\Globalization\Sorting\SortDefault.nls","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: "
530"10:34:13.3543441 a.m.","xcopy.exe","4996","QueryStandardInformationFile","C:\Windows\Globalization\Sorting\SortDefault.nls","SUCCESS","AllocationSize: 2,945,024, EndOfFile: 2,944,004, NumberOfLinks: 2, DeletePending: False, Directory: False"
531"10:34:13.3545101 a.m.","xcopy.exe","4996","CreateFileMapping","C:\Windows\Globalization\Sorting\SortDefault.nls","SUCCESS","SyncType: SyncTypeOther"
532"10:34:13.3546922 a.m.","xcopy.exe","4996","CloseFile","C:\Windows\Globalization\Sorting\SortDefault.nls","SUCCESS",""
533"10:34:13.3585909 a.m.","xcopy.exe","4996","CreateFile","\\vboxsvr\DataShared\","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
534"10:34:13.3592632 a.m.","xcopy.exe","4996","QueryBasicInformationFile","\\vboxsvr\DataShared\","SUCCESS","CreationTime: 21/06/2011 12:00:00 p.m., LastAccessTime: 28/07/2011 12:20:30 p.m., LastWriteTime: 21/06/2011 12:00:00 p.m., ChangeTime: 21/06/2011 12:00:00 p.m., FileAttributes: D"
535"10:34:13.3592979 a.m.","xcopy.exe","4996","CloseFile","\\vboxsvr\DataShared\","SUCCESS",""
536"10:34:13.3602031 a.m.","xcopy.exe","4996","CreateFile","\\vboxsvr\DataShared\","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
537"10:34:13.3607832 a.m.","xcopy.exe","4996","QueryBasicInformationFile","\\vboxsvr\DataShared\","SUCCESS","CreationTime: 21/06/2011 12:00:00 p.m., LastAccessTime: 28/07/2011 12:20:30 p.m., LastWriteTime: 21/06/2011 12:00:00 p.m., ChangeTime: 21/06/2011 12:00:00 p.m., FileAttributes: D"
538"10:34:13.3608048 a.m.","xcopy.exe","4996","CloseFile","\\vboxsvr\DataShared\","SUCCESS",""
539"10:34:13.3619216 a.m.","xcopy.exe","4996","CreateFile","\\vboxsvr\DataShared\temp","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
540"10:34:13.3621115 a.m.","xcopy.exe","4996","QueryDirectory","\\vboxsvr\DataShared\temp\temp.exe","SUCCESS","Filter: temp.exe, 1: temp.exe"
541"10:34:13.3625272 a.m.","xcopy.exe","4996","CloseFile","\\vboxsvr\DataShared\temp","SUCCESS",""
542"10:34:13.3633995 a.m.","xcopy.exe","4996","CreateFile","\\vboxsvr\DataShared\temp","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
543"10:34:13.3635698 a.m.","xcopy.exe","4996","QueryDirectory","\\vboxsvr\DataShared\temp\temp.exe","SUCCESS","Filter: temp.exe, 1: temp.exe"
544"10:34:13.3639470 a.m.","xcopy.exe","4996","CloseFile","\\vboxsvr\DataShared\temp","SUCCESS",""
545"10:34:13.3644785 a.m.","xcopy.exe","4996","CreateFile","\\vboxsvr\DataShared\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
546"10:34:13.3646840 a.m.","xcopy.exe","4996","QueryDirectory","\\vboxsvr\DataShared\temp","SUCCESS","Filter: temp, 1: temp"
547"10:34:13.3649380 a.m.","xcopy.exe","4996","CloseFile","\\vboxsvr\DataShared\","SUCCESS",""
548"10:34:13.3658666 a.m.","xcopy.exe","4996","CreateFile","\\vboxsvr\DataShared\temp","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
549"10:34:13.3661298 a.m.","xcopy.exe","4996","QueryDirectory","\\vboxsvr\DataShared\temp\temp2.exe","NO SUCH FILE","Filter: temp2.exe"
550"10:34:13.3684357 a.m.","xcopy.exe","4996","CloseFile","\\vboxsvr\DataShared\temp","SUCCESS",""
551"10:34:13.3804520 a.m.","xcopy.exe","4996","CreateFile","\\vboxsvr\DataShared\temp","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
552"10:34:13.3807502 a.m.","xcopy.exe","4996","QueryDirectory","\\vboxsvr\DataShared\temp\temp2.exe","NO SUCH FILE","Filter: temp2.exe"
553"10:34:13.3824674 a.m.","xcopy.exe","4996","CloseFile","\\vboxsvr\DataShared\temp","SUCCESS",""
554"10:34:13.3843107 a.m.","xcopy.exe","4996","CreateFile","\\vboxsvr\DataShared\temp","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
555"10:34:13.3847356 a.m.","xcopy.exe","4996","QueryDirectory","\\vboxsvr\DataShared\temp\temp2.exe","NO SUCH FILE","Filter: temp2.exe"
556"10:34:13.3855783 a.m.","xcopy.exe","4996","CloseFile","\\vboxsvr\DataShared\temp","SUCCESS",""
557"10:34:13.3862386 a.m.","xcopy.exe","4996","ReadFile","C:\Windows\System32\ulib.dll","SUCCESS","Offset: 41,984, Length: 4,096, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O, Priority: Normal"
558"10:34:13.3878907 a.m.","xcopy.exe","4996","ReadFile","C:\Windows\System32\ulib.dll","SUCCESS","Offset: 41,984, Length: 32,768, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O, Priority: Normal"
559"10:34:16.2707398 a.m.","xcopy.exe","4996","ReadFile","C:\Windows\System32\ulib.dll","SUCCESS","Offset: 82,944, Length: 4,096, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O, Priority: Normal"
560"10:34:16.2834510 a.m.","xcopy.exe","4996","ReadFile","C:\Windows\System32\ulib.dll","SUCCESS","Offset: 74,752, Length: 26,112, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O, Priority: Normal"
561"10:34:16.3039079 a.m.","xcopy.exe","4996","CreateFile","\\vboxsvr\DataShared\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
562"10:34:16.3044221 a.m.","xcopy.exe","4996","QueryDirectory","\\vboxsvr\DataShared\temp","SUCCESS","Filter: temp, 1: temp"
563"10:34:16.3050143 a.m.","xcopy.exe","4996","CloseFile","\\vboxsvr\DataShared\","SUCCESS",""
564"10:34:16.3062290 a.m.","xcopy.exe","4996","CreateFile","\\vboxsvr\DataShared\temp","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
565"10:34:16.3064969 a.m.","xcopy.exe","4996","QueryDirectory","\\vboxsvr\DataShared\temp\*","SUCCESS","Filter: *, 1: ."
566"10:34:16.3072109 a.m.","xcopy.exe","4996","QueryDirectory","\\vboxsvr\DataShared\temp","SUCCESS","0: .., 1: DelicHea_1, 2: ._DelicIta_1, 3: cdarc, 4: Dev_Mar12.sql, 5: Migration3 List with TWINS code.xls, 6: Audio Conference File - May Final.csv, 7: ._DelicRom, 8: xpdf-3.02pl5-win32.zip, 9: DIRDEBIT.CSV, 10: affected.txt, 11: dnn56sql.zip, 12: TZC1103011.csv, 13: DelicRom_1, 14: LIVE_Calendar_p9_Autumn2011.pdf, 15: certreq.txt, 16: SCAN5375_000.pdf, 17: south island new.xls, 18: map_northharbour.png, 19: TWINS_invdiagnos_39B0R4N39.pdf, 20: temp2.txt, 21: vpe.xls, 22: Monthly payers 201011 renewals.csv, 23: kennel.key.pem, 24: TZC1102262.csv"
567"10:34:16.3074741 a.m.","xcopy.exe","4996","CloseFile","\\vboxsvr\DataShared\temp","SUCCESS",""
568"10:34:16.3085232 a.m.","xcopy.exe","4996","CreateFile","\\vboxsvr\DataShared\temp","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
569"10:34:16.3087538 a.m.","xcopy.exe","4996","QueryDirectory","\\vboxsvr\DataShared\temp\*","SUCCESS","Filter: *, 1: ."
570"10:34:16.3091657 a.m.","xcopy.exe","4996","QueryDirectory","\\vboxsvr\DataShared\temp","SUCCESS","0: .., 1: DelicHea_1, 2: ._DelicIta_1, 3: cdarc, 4: Dev_Mar12.sql, 5: Migration3 List with TWINS code.xls, 6: Audio Conference File - May Final.csv, 7: ._DelicRom, 8: xpdf-3.02pl5-win32.zip, 9: DIRDEBIT.CSV, 10: affected.txt, 11: dnn56sql.zip, 12: TZC1103011.csv, 13: DelicRom_1, 14: LIVE_Calendar_p9_Autumn2011.pdf, 15: certreq.txt, 16: SCAN5375_000.pdf, 17: south island new.xls, 18: map_northharbour.png, 19: TWINS_invdiagnos_39B0R4N39.pdf, 20: temp2.txt, 21: vpe.xls, 22: Monthly payers 201011 renewals.csv, 23: kennel.key.pem, 24: TZC1102262.csv"
571"10:34:16.3098532 a.m.","xcopy.exe","4996","QueryDirectory","\\vboxsvr\DataShared\temp","SUCCESS","0: AOF_FestivalFlyer-page002.jpg, 1: TWINS Audio Conferencing v01.pdf, 2: spotless_may_buggytwins.pdf, 3: Twins_6.9.10_xCaseReports.pdf, 4: reg_test_w7.CSV, 5: Delicious_76, 6: clsid_5083_w7.reg, 7: twins_error_log_to_20110503.dbf, 8: hotspots.DBF, 9: Junk2.pdf, 10: csl_test_phones.csv, 11: temp.txt, 12: email.pdf, 13: spotless_may_newtwins.pdf, 14: ind2.DBF, 15: holcim channel activity data3a.xls, 16: TWINS Broadband v01.pdf, 17: ._DelicHea_1, 18: AOF_FestivalFlyer-page003.png, 19: callexp_0800a.csv, 20: DelicSmaCap_1, 21: ._Delicious_76, 22: Missing_export_lines.csv~, 23: AOF_FestivalFlyer-page002.rgb"
572"10:34:16.3102608 a.m.","xcopy.exe","4996","QueryDirectory","\\vboxsvr\DataShared\temp","SUCCESS","0: DeutzBarPlan_v1_a4.pdf, 1: cov-part2.log, 2: .mtoolsrc, 3: tfrfixed45_20100919030000950.csv, 4: frfox_v1321.csv, 5: vfptemp, 6: MVNO Billing Issues 1bc Register 1.0.xls, 7: zjames_before.csv, 8: aamxcli_20110311.zip, 9: opera_11.01.1190_i386.deb, 10: aamxcli_20110411.zip, 11: SupperRoomPlan_v1a_a4.pdf, 12: ._DelicBolIta, 13: kennel.key_pp.pem, 14: AOF_FestivalFlyer-page003.rgb, 15: ._DelicBol, 16: aamxsql_20110330.zip, 17: typelib_7805_w7.reg, 18: hotspots.BAK, 19: AOF_FestivalFlyer-page003.jpg, 20: agingsum_o.pdf, 21: athologo.png, 22: ._Delicious_76_1, 23: CSL.DNNModules.Etailer.BulkLoad_01.03.00.zip"
573"10:34:16.3112544 a.m.","xcopy.exe","4996","QueryDirectory","\\vboxsvr\DataShared\temp","SUCCESS","0: aamxcli_20110330.zip, 1: es2500c, 2: callexp_b.csv, 3: supper_a3.pdf, 4: Woosh_496674_june.csv, 5: WF_WCF_Samples.exe, 6: DelicBolIta, 7: accessable_oco_icons.png, 8: Stanford-coelos_ascendit_hodie.pdf, 9: tw6106..txt, 10: twins_history.html, 11: blakes7_logo_32x32.png, 12: temp.idx, 13: Twins_6.10.x_xCase_20110317.pdf, 14: AOF_FestivalFlyer-page002.png, 15: csl_test_masteritems.csv, 16: Test_Mar14.sql, 17: Stanford-c-a-h-print.pdf, 18: changes_since_6.10.0, 19: twins_history2.html, 20: 94770280 2011-02-28.pdf, 21: tcnz_ebill2cdr_20110407.zip, 22: ncafixed29_20100906000003020.csv, 23: temp.exe"
574"10:34:16.3136873 a.m.","xcopy.exe","4996","CreateFile","\\vboxsvr\DataShared\temp","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
575"10:34:16.3138949 a.m.","xcopy.exe","4996","QueryDirectory","\\vboxsvr\DataShared\temp\temp2.exe","NO SUCH FILE","Filter: temp2.exe"
576"10:34:16.3151357 a.m.","xcopy.exe","4996","CloseFile","\\vboxsvr\DataShared\temp","SUCCESS",""
577"10:34:16.3171108 a.m.","xcopy.exe","4996","RegOpenKey","HKLM\Software\Policies\Microsoft\Windows\System","SUCCESS","Desired Access: Query Value"
578"10:34:16.3177988 a.m.","xcopy.exe","4996","RegQueryValue","HKLM\SOFTWARE\Policies\Microsoft\Windows\System\CopyFileBufferedSynchronousIo","NAME NOT FOUND","Length: 20"
579"10:34:16.3179050 a.m.","xcopy.exe","4996","RegCloseKey","HKLM\SOFTWARE\Policies\Microsoft\Windows\System","SUCCESS",""
580"10:34:16.3194132 a.m.","xcopy.exe","4996","CreateFile","\\vboxsvr\DataShared\temp\temp.exe","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Sequential Access, Non-Directory File, Open Reparse Point, Disallow Exclusive, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
581"10:34:16.5579849 a.m.","xcopy.exe","4996","QueryAttributeTagFile","\\vboxsvr\DataShared\temp\temp.exe","SUCCESS","Attributes: N, ReparseTag: 0x0"
582"10:34:16.5581947 a.m.","xcopy.exe","4996","QueryDeviceInformationVolume","\\vboxsvr\DataShared\temp\temp.exe","SUCCESS","DeviceType: Disk, Characteristics: Remote"
583"10:34:16.5582753 a.m.","xcopy.exe","4996","FileSystemControl","\\vboxsvr\DataShared\temp\temp.exe","SUCCESS","Control: IOCTL_LMR_DISABLE_LOCAL_BUFFERING"
584"10:34:16.5588836 a.m.","xcopy.exe","4996","FileSystemControl","\\vboxsvr\DataShared\temp\temp.exe","INVALID DEVICE REQUEST","Control: FSCTL_LMR_GET_HINT_SIZE"
585"10:34:16.5589195 a.m.","xcopy.exe","4996","QueryStandardInformationFile","\\vboxsvr\DataShared\temp\temp.exe","SUCCESS","AllocationSize: 4,313,088, EndOfFile: 4,312,397, NumberOfLinks: 1, DeletePending: False, Directory: False"
586"10:34:16.5591792 a.m.","xcopy.exe","4996","QueryBasicInformationFile","\\vboxsvr\DataShared\temp\temp.exe","SUCCESS","CreationTime: 28/07/2011 5:37:00 p.m., LastAccessTime: 29/07/2011 10:30:45 a.m., LastWriteTime: 22/03/2011 1:05:27 p.m., ChangeTime: 28/07/2011 5:37:00 p.m., FileAttributes: N"
587"10:34:16.5594948 a.m.","xcopy.exe","4996","QueryStreamInformationFile","\\vboxsvr\DataShared\temp\temp.exe","NOT IMPLEMENTED",""
588"10:34:16.5603944 a.m.","xcopy.exe","4996","QueryBasicInformationFile","\\vboxsvr\DataShared\temp\temp.exe","SUCCESS","CreationTime: 28/07/2011 5:37:00 p.m., LastAccessTime: 29/07/2011 10:30:45 a.m., LastWriteTime: 22/03/2011 1:05:27 p.m., ChangeTime: 28/07/2011 5:37:00 p.m., FileAttributes: N"
589"10:34:16.5626860 a.m.","xcopy.exe","4996","QueryEaInformationFile","\\vboxsvr\DataShared\temp\temp.exe","SUCCESS","EaSize: 0"
590"10:34:16.5669544 a.m.","xcopy.exe","4996","CreateFile","\\vboxsvr\DataShared\temp\temp2.exe","SUCCESS","Desired Access: Generic Write, Read Data/List Directory, Read Attributes, Delete, Disposition: OverwriteIf, Options: Sequential Access, Non-Directory File, Attributes: N, ShareMode: None, AllocationSize: 4,312,397, OpenResult: Created"
591"10:34:16.5699258 a.m.","xcopy.exe","4996","QueryDeviceInformationVolume","\\vboxsvr\DataShared\temp\temp2.exe","SUCCESS","DeviceType: Disk, Characteristics: Remote"
592"10:34:16.5700714 a.m.","xcopy.exe","4996","FileSystemControl","\\vboxsvr\DataShared\temp\temp2.exe","SUCCESS","Control: IOCTL_LMR_DISABLE_LOCAL_BUFFERING"
593"10:34:16.5701039 a.m.","xcopy.exe","4996","QueryAttributeInformationVolume","\\vboxsvr\DataShared\temp\temp2.exe","SUCCESS","FileSystemAttributes: , MaximumComponentNameLength: 255, FileSystemName: VBoxSharedFolderFS"
594"10:34:16.5701252 a.m.","xcopy.exe","4996","QueryBasicInformationFile","\\vboxsvr\DataShared\temp\temp2.exe","SUCCESS","CreationTime: 29/07/2011 10:34:16 a.m., LastAccessTime: 29/07/2011 10:34:16 a.m., LastWriteTime: 29/07/2011 10:34:16 a.m., ChangeTime: 29/07/2011 10:34:16 a.m., FileAttributes: N"
595"10:34:16.5705010 a.m.","xcopy.exe","4996","QueryAttributeInformationVolume","\\vboxsvr\DataShared\temp\temp.exe","SUCCESS","FileSystemAttributes: , MaximumComponentNameLength: 255, FileSystemName: VBoxSharedFolderFS"
596"10:34:16.5706194 a.m.","xcopy.exe","4996","QueryDeviceInformationVolume","\\vboxsvr\DataShared\temp\temp.exe","SUCCESS","DeviceType: Disk, Characteristics: Remote"
597"10:34:16.5706966 a.m.","xcopy.exe","4996","QueryDeviceInformationVolume","\\vboxsvr\DataShared\temp\temp2.exe","SUCCESS","DeviceType: Disk, Characteristics: Remote"
598"10:34:16.5709337 a.m.","xcopy.exe","4996","DeviceIoControl","\\vboxsvr\DataShared\temp\temp.exe","INVALID DEVICE REQUEST","Control: 0x140410 (Device:0x14 Function:260 Method: 0)"
599"10:34:16.5709731 a.m.","xcopy.exe","4996","SetEndOfFileInformationFile","\\vboxsvr\DataShared\temp\temp2.exe","SUCCESS","EndOfFile: 4,312,397"
600"10:34:16.5719186 a.m.","xcopy.exe","4996","QueryDeviceInformationVolume","\\vboxsvr\DataShared\temp\temp.exe","SUCCESS","DeviceType: Disk, Characteristics: Remote"
601"10:34:16.5719447 a.m.","xcopy.exe","4996","QueryDeviceInformationVolume","\\vboxsvr\DataShared\temp\temp2.exe","SUCCESS","DeviceType: Disk, Characteristics: Remote"
602"10:34:16.5719663 a.m.","xcopy.exe","4996","<Unknown>","\\vboxsvr\DataShared\temp\temp.exe","NOT IMPLEMENTED",""
603"10:34:16.5725529 a.m.","xcopy.exe","4996","<Unknown>","\\vboxsvr\DataShared\temp\temp2.exe","NOT IMPLEMENTED",""
604"10:34:16.5727085 a.m.","xcopy.exe","4996","RegOpenKey","HKLM\Software\Policies\Microsoft\Windows\System","SUCCESS","Desired Access: Query Value"
605"10:34:16.5729205 a.m.","xcopy.exe","4996","RegQueryValue","HKLM\SOFTWARE\Policies\Microsoft\Windows\System\CopyFileChunkSize","NAME NOT FOUND","Length: 20"
606"10:34:16.5729365 a.m.","xcopy.exe","4996","RegQueryValue","HKLM\SOFTWARE\Policies\Microsoft\Windows\System\CopyFileOverlappedCount","NAME NOT FOUND","Length: 20"
607"10:34:16.5729543 a.m.","xcopy.exe","4996","RegCloseKey","HKLM\SOFTWARE\Policies\Microsoft\Windows\System","SUCCESS",""
608"10:34:16.5745072 a.m.","xcopy.exe","4996","ReadFile","\\vboxsvr\DataShared\temp\temp.exe","SUCCESS","Offset: 0, Length: 524,288, Priority: Normal"
609"10:34:16.5767394 a.m.","xcopy.exe","4996","ReadFile","\\vboxsvr\DataShared\temp\temp.exe","SUCCESS","Offset: 524,288, Length: 524,288, Priority: Normal"
610"10:34:16.5796678 a.m.","xcopy.exe","4996","ReadFile","\\vboxsvr\DataShared\temp\temp.exe","SUCCESS","Offset: 1,048,576, Length: 524,288, Priority: Normal"
611"10:34:16.5844214 a.m.","xcopy.exe","4996","ReadFile","\\vboxsvr\DataShared\temp\temp.exe","SUCCESS","Offset: 1,572,864, Length: 524,288, Priority: Normal"
612"10:34:16.5904044 a.m.","xcopy.exe","4996","ReadFile","\\vboxsvr\DataShared\temp\temp.exe","SUCCESS","Offset: 2,097,152, Length: 524,288, Priority: Normal"
613"10:34:16.5991888 a.m.","xcopy.exe","4996","ReadFile","\\vboxsvr\DataShared\temp\temp.exe","SUCCESS","Offset: 2,621,440, Length: 524,288, Priority: Normal"
614"10:34:16.6086677 a.m.","xcopy.exe","4996","ReadFile","\\vboxsvr\DataShared\temp\temp.exe","SUCCESS","Offset: 3,145,728, Length: 524,288, Priority: Normal"
615"10:34:16.6126019 a.m.","xcopy.exe","4996","ReadFile","\\vboxsvr\DataShared\temp\temp.exe","SUCCESS","Offset: 3,670,016, Length: 524,288, Priority: Normal"
616"10:34:16.6538660 a.m.","xcopy.exe","4996","WriteFile","\\vboxsvr\DataShared\temp\temp2.exe","SUCCESS","Offset: 0, Length: 524,288, Priority: Normal"
617"10:34:16.6697129 a.m.","xcopy.exe","4996","WriteFile","\\vboxsvr\DataShared\temp\temp2.exe","SUCCESS","Offset: 524,288, Length: 524,288, Priority: Normal"
618"10:34:16.6713937 a.m.","xcopy.exe","4996","WriteFile","\\vboxsvr\DataShared\temp\temp2.exe","SUCCESS","Offset: 1,048,576, Length: 524,288, Priority: Normal"
619"10:34:16.6731382 a.m.","xcopy.exe","4996","WriteFile","\\vboxsvr\DataShared\temp\temp2.exe","SUCCESS","Offset: 1,572,864, Length: 524,288, Priority: Normal"
620"10:34:16.6749074 a.m.","xcopy.exe","4996","WriteFile","\\vboxsvr\DataShared\temp\temp2.exe","SUCCESS","Offset: 2,097,152, Length: 524,288, Priority: Normal"
621"10:34:16.6765838 a.m.","xcopy.exe","4996","WriteFile","\\vboxsvr\DataShared\temp\temp2.exe","SUCCESS","Offset: 2,621,440, Length: 524,288, Priority: Normal"
622"10:34:16.6778016 a.m.","xcopy.exe","4996","WriteFile","\\vboxsvr\DataShared\temp\temp2.exe","SUCCESS","Offset: 3,145,728, Length: 524,288, Priority: Normal"
623"10:34:16.6807616 a.m.","xcopy.exe","4996","WriteFile","\\vboxsvr\DataShared\temp\temp2.exe","SUCCESS","Offset: 3,670,016, Length: 524,288, Priority: Normal"
624"10:34:16.6822391 a.m.","xcopy.exe","4996","ReadFile","\\vboxsvr\DataShared\temp\temp.exe","SUCCESS","Offset: 4,194,304, Length: 118,093, Priority: Normal"
625"10:34:16.6826665 a.m.","xcopy.exe","4996","WriteFile","\\vboxsvr\DataShared\temp\temp2.exe","SUCCESS","Offset: 4,194,304, Length: 118,093, Priority: Normal"
626"10:34:16.6841049 a.m.","xcopy.exe","4996","SetBasicInformationFile","\\vboxsvr\DataShared\temp\temp2.exe","SUCCESS","CreationTime: 1/01/1601 12:00:00 p.m., LastAccessTime: 1/01/1601 12:00:00 p.m., LastWriteTime: 22/03/2011 1:05:27 p.m., ChangeTime: 28/07/2011 5:37:00 p.m., FileAttributes: n/a"
627"10:34:16.6846650 a.m.","xcopy.exe","4996","CloseFile","\\vboxsvr\DataShared\temp\temp.exe","SUCCESS",""
628"10:34:16.6851874 a.m.","xcopy.exe","4996","CloseFile","\\vboxsvr\DataShared\temp\temp2.exe","SUCCESS",""
629"10:34:16.6873646 a.m.","xcopy.exe","4996","CreateFile","\\vboxsvr\DataShared\temp\temp2.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
630"10:34:16.6886920 a.m.","xcopy.exe","4996","QueryBasicInformationFile","\\vboxsvr\DataShared\temp\temp2.exe","SUCCESS","CreationTime: 29/07/2011 10:34:16 a.m., LastAccessTime: 29/07/2011 10:34:16 a.m., LastWriteTime: 22/03/2011 1:05:27 p.m., ChangeTime: 29/07/2011 10:34:16 a.m., FileAttributes: N"
631"10:34:16.6888641 a.m.","xcopy.exe","4996","CloseFile","\\vboxsvr\DataShared\temp\temp2.exe","SUCCESS",""
632"10:34:16.6904781 a.m.","xcopy.exe","4996","CreateFile","\\vboxsvr\DataShared\temp\temp2.exe","SUCCESS","Desired Access: Write Attributes, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
633"10:34:16.6917657 a.m.","xcopy.exe","4996","SetBasicInformationFile","\\vboxsvr\DataShared\temp\temp2.exe","SUCCESS","CreationTime: 1/01/1601 12:00:00 p.m., LastAccessTime: 1/01/1601 12:00:00 p.m., LastWriteTime: 1/01/1601 12:00:00 p.m., ChangeTime: 1/01/1601 12:00:00 p.m., FileAttributes: N"
634"10:34:16.6919083 a.m.","xcopy.exe","4996","CloseFile","\\vboxsvr\DataShared\temp\temp2.exe","SUCCESS",""
635"10:34:16.6933810 a.m.","xcopy.exe","4996","CreateFile","\\vboxsvr\DataShared\temp","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
636"10:34:16.6935440 a.m.","xcopy.exe","4996","QueryDirectory","\\vboxsvr\DataShared\temp\temp2.exe","SUCCESS","Filter: temp2.exe, 1: temp2.exe"
637"10:34:16.6939918 a.m.","xcopy.exe","4996","CloseFile","\\vboxsvr\DataShared\temp","SUCCESS",""
638"10:34:16.6947604 a.m.","xcopy.exe","4996","CreateFile","\\vboxsvr\DataShared\temp\temp2.exe","SUCCESS","Desired Access: Write Attributes, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
639"10:34:16.6956704 a.m.","xcopy.exe","4996","SetBasicInformationFile","\\vboxsvr\DataShared\temp\temp2.exe","SUCCESS","CreationTime: 1/01/1601 12:00:00 p.m., LastAccessTime: 1/01/1601 12:00:00 p.m., LastWriteTime: 1/01/1601 12:00:00 p.m., ChangeTime: 1/01/1601 12:00:00 p.m., FileAttributes: AN"
640"10:34:16.6958082 a.m.","xcopy.exe","4996","CloseFile","\\vboxsvr\DataShared\temp\temp2.exe","SUCCESS",""
641"10:34:16.6959630 a.m.","xcopy.exe","4996","QueryDirectory","\\vboxsvr\DataShared\temp","SUCCESS","0: kennel.cert.pem, 1: Acmsgr.xlsx, 2: callexp_nca_b.csv, 3: MessageExchange-Send-Responses.zip, 4: AOF_FestivalFlyer-page001.png, 5: athologo.emf, 6: commsreport.csv, 7: franken_Nov26.sql, 8: Letterhead template.odt, 9: test.xls, 10: dnn56web.zip, 11: kennel.keycert.pem, 12: TWINS TOLL CDR v01.pdf, 13: ._DelicSmaCap_1, 14: twins_error_log_to_20110503.FPT, 15: athologo.eps, 16: carroll_getfirstline.png, 17: 9I0XMWNP.pdf, 18: service_install.zip, 19: franreport.pdf, 20: AOF2011_Registration_Form.pdf, 21: ._DelicRom_1, 22: kennel.certkey.pem, 23: TWINS_invstate2_36D0V21G7.pdf"
642"10:34:16.6963527 a.m.","xcopy.exe","4996","QueryDirectory","\\vboxsvr\DataShared\temp","SUCCESS","0: DIRDEBIT3.CSV, 1: test.DBF, 2: DelicSmaCap, 3: callexp_mob.csv, 4: BYRD-JUS.pdf, 5: ff2011-06-21.csv, 6: hotspot.DBF, 7: ._DelicIta, 8: txt, 9: interface_F26_xp.reg, 10: g3977.png, 11: callexp_0800b.csv, 12: twins_error_log.dbf, 13: athologo2.png, 14: dgtime201011.csv, 15: WF_WCF_Samples, 16: Widor_Surrexit_a_mortuis.pdf, 17: Stanford_cover.pdf, 18: Test.pdf, 19: csl_test_phones.ods, 20: IND2.xls, 21: tw_changes_since_6.9.14.csv, 22: AOF_FestivalFlyer-page004.rgb, 23: csl_test_importmap.csv, 24: DIRDEBIT1.CSV"
643"10:34:16.6967048 a.m.","xcopy.exe","4996","QueryDirectory","\\vboxsvr\DataShared\temp","SUCCESS","0: DelicIta_1, 1: scorpio_on_black_142x100.jpg, 2: csl_test_customer.csv, 3: tcnz_ebill2cdr_201103230.zip, 4: south island new.DBF, 5: HLStaging_Tables.sql, 6: TZC1102261.csv, 7: Prod_Dec12.sql, 8: Juncke.pdf, 9: Test_Inv94770280.pdf, 10: crmsearch.prg, 11: athologoimage001.gif, 12: hotspot.FPT, 13: twins_inv_441857.pdf, 14: tw69history.txt, 15: map_auckregion.png, 16: temp1, 17: Audio Conference File June2011- Final.csv, 18: AOF_FestivalFlyer-page004.png, 19: hotspots.FPT, 20: ._DelicBol_1, 21: callexp_nca_a.csv, 22: masteritem_report_bands.csv, 23: ._DelicHea"
644"10:34:16.6970407 a.m.","xcopy.exe","4996","QueryDirectory","\\vboxsvr\DataShared\temp","SUCCESS","0: Windows_7_Professional_with_Service_Pack_1_64_bit_English_X17-24281.IMG:Zone.Identifier, 1: delicious_76_2, 2: HLStaging_LogProcs.sql, 3: deutz_output.pdf, 4: .~lock.accessabletest.docx#, 5: AOF_FestivalFlyer-page004.jpg, 6: tcnz_ebill2cdr_apr06a.zip, 7: FoxtrotCSL.pem, 8: Xcase_Feb07.sql, 9: MessageExchangeExample_MoH..xml, 10: XCase_Mar10.sql, 11: IND - Channel definition.xls, 12: Widor_Mass_Perusal_Score-booklet.pdf, 13: cov_icomquee.log, 14: XCase_Mar12.sql, 15: Missing_export_lines.csv, 16: DelicBol, 17: kennel.der.crt, 18: Prod_Mar10.sql, 19: aging.dbf, 20: holcim channel activity data3.xls, 21: win7, 22: reg_mon_xp.ods"
645"10:34:16.6974088 a.m.","xcopy.exe","4996","QueryDirectory","\\vboxsvr\DataShared\temp","SUCCESS","0: changes_since_6.10.0.csv, 1: csl_test_mapset.csv, 2: Newsletter Number 4 2011.pdf, 3: mvno_data_events_2011_cdr.csv, 4: dirdebit1.pdf, 5: Example.ai, 6: Mig1 and 2 list.xlsx, 7: Dev_Mar10.sql, 8: twins_error_10054.csv, 9: TZC1102252.csv, 10: reg_mon_w7.csv, 11: clsid_5083_xp.reg, 12: accessable_oco_icons.svg, 13: interface_F26_w7.reg, 14: holcim channel activity data3a.csv, 15: twins_inv_442399.pdf, 16: typelib_7805_xp.reg, 17: DelicRom, 18: twins_error_log.FPT, 19: DIRDEBIT2.CSV, 20: DelicBolIta_1, 21: AOF_FestivalFlyer-page001.rgb, 22: tcnz_ebill2cdr_20110405.zip, 23: VersionComparison.pdf"
646"10:34:16.6977482 a.m.","xcopy.exe","4996","QueryDirectory","\\vboxsvr\DataShared\temp","SUCCESS","0: gnuwin, 1: cov-part1.log, 2: Test2.pdf, 3: iis_kennel.cer, 4: Delicious_76_1, 5: Dev_Feb07.sql, 6: DelicIta, 7: hotspot.BAK, 8: HLStaging_RequestProcs.sql, 9: blakes7_logo_32x32.ico, 10: TZC1103012.csv, 11: DelicHea, 12: synewopn.dbf, 13: DelicBol_1, 14: aamx_scripts.zip, 15: blakes7_logo_100x100.png, 16: AOF_FestivalFlyer-page001.jpg, 17: ff2011-06-21 - Fixed.csv, 18: Issue Log 20101006.xlsx, 19: newsletterheader_ATHO.jpg, 20: Invoice detail spec 3.0 TG.docx, 21: ._DelicBolIta_1, 22: spotless_may_oldtwins.pdf, 23: Twins_6_10_16_changelog.csv, 24: Elevate.zip"
647"10:34:16.6980781 a.m.","xcopy.exe","4996","QueryDirectory","\\vboxsvr\DataShared\temp","SUCCESS","0: athologo-notext.png, 1: Audio Conf June Fixed.csv, 2: ._DelicSmaCap, 3: reg_mon_xp.CSV, 4: soapUI-x64-no-bundle-4_0_0.exe, 5: aamx_sql_20110411.zip, 6: South - Channel definition.xls"
648"10:34:16.6983044 a.m.","xcopy.exe","4996","QueryDirectory","\\vboxsvr\DataShared\temp","NO MORE FILES",""
649"10:34:16.6985143 a.m.","xcopy.exe","4996","CloseFile","\\vboxsvr\DataShared\temp","SUCCESS",""
650"10:34:16.7036259 a.m.","xcopy.exe","4996","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\GRE_Initialize","SUCCESS","Desired Access: Read"
651"10:34:16.7038444 a.m.","xcopy.exe","4996","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles","NAME NOT FOUND","Length: 20"
652"10:34:16.7039892 a.m.","xcopy.exe","4996","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize","SUCCESS",""
653"10:34:16.7050470 a.m.","xcopy.exe","4996","Thread Exit","","SUCCESS","Thread ID: 3328, User Time: 0.0000000, Kernel Time: 0.1718750"
654"10:34:16.7065539 a.m.","xcopy.exe","4996","QueryNameInformationFile","C:\Windows\System32\kernel32.dll","SUCCESS","Name: \Windows\System32\kernel32.dll"
655"10:34:16.7068955 a.m.","xcopy.exe","4996","QueryNameInformationFile","C:\Windows\System32\user32.dll","SUCCESS","Name: \Windows\System32\user32.dll"
656"10:34:16.7071036 a.m.","xcopy.exe","4996","QueryNameInformationFile","C:\Windows\System32\ntdll.dll","SUCCESS","Name: \Windows\System32\ntdll.dll"
657"10:34:16.7075302 a.m.","xcopy.exe","4996","QueryNameInformationFile","C:\Windows\System32\xcopy.exe","SUCCESS","Name: \Windows\System32\xcopy.exe"
658"10:34:16.7077014 a.m.","xcopy.exe","4996","QueryNameInformationFile","C:\Windows\System32\ulib.dll","SUCCESS","Name: \Windows\System32\ulib.dll"
659"10:34:16.7077851 a.m.","xcopy.exe","4996","QueryNameInformationFile","C:\Windows\System32\ifsutil.dll","SUCCESS","Name: \Windows\System32\ifsutil.dll"
660"10:34:16.7078467 a.m.","xcopy.exe","4996","QueryNameInformationFile","C:\Windows\System32\cfgmgr32.dll","SUCCESS","Name: \Windows\System32\cfgmgr32.dll"
661"10:34:16.7079060 a.m.","xcopy.exe","4996","QueryNameInformationFile","C:\Windows\System32\devobj.dll","SUCCESS","Name: \Windows\System32\devobj.dll"
662"10:34:16.7079750 a.m.","xcopy.exe","4996","QueryNameInformationFile","C:\Windows\System32\KernelBase.dll","SUCCESS","Name: \Windows\System32\KernelBase.dll"
663"10:34:16.7080478 a.m.","xcopy.exe","4996","QueryNameInformationFile","C:\Windows\System32\lpk.dll","SUCCESS","Name: \Windows\System32\lpk.dll"
664"10:34:16.7081076 a.m.","xcopy.exe","4996","QueryNameInformationFile","C:\Windows\System32\gdi32.dll","SUCCESS","Name: \Windows\System32\gdi32.dll"
665"10:34:16.7081805 a.m.","xcopy.exe","4996","QueryNameInformationFile","C:\Windows\System32\oleaut32.dll","SUCCESS","Name: \Windows\System32\oleaut32.dll"
666"10:34:16.7082459 a.m.","xcopy.exe","4996","QueryNameInformationFile","C:\Windows\System32\ole32.dll","SUCCESS","Name: \Windows\System32\ole32.dll"
667"10:34:16.7083313 a.m.","xcopy.exe","4996","QueryNameInformationFile","C:\Windows\System32\usp10.dll","SUCCESS","Name: \Windows\System32\usp10.dll"
668"10:34:16.7084037 a.m.","xcopy.exe","4996","QueryNameInformationFile","C:\Windows\System32\msvcrt.dll","SUCCESS","Name: \Windows\System32\msvcrt.dll"
669"10:34:16.7084770 a.m.","xcopy.exe","4996","QueryNameInformationFile","C:\Windows\System32\rpcrt4.dll","SUCCESS","Name: \Windows\System32\rpcrt4.dll"
670"10:34:16.7085550 a.m.","xcopy.exe","4996","QueryNameInformationFile","C:\Windows\System32\advapi32.dll","SUCCESS","Name: \Windows\System32\advapi32.dll"
671"10:34:16.7086196 a.m.","xcopy.exe","4996","QueryNameInformationFile","C:\Windows\System32\imm32.dll","SUCCESS","Name: \Windows\System32\imm32.dll"
672"10:34:16.7086885 a.m.","xcopy.exe","4996","QueryNameInformationFile","C:\Windows\System32\msctf.dll","SUCCESS","Name: \Windows\System32\msctf.dll"
673"10:34:16.7087648 a.m.","xcopy.exe","4996","QueryNameInformationFile","C:\Windows\System32\sechost.dll","SUCCESS","Name: \Windows\System32\sechost.dll"
674"10:34:16.7088303 a.m.","xcopy.exe","4996","QueryNameInformationFile","C:\Windows\System32\setupapi.dll","SUCCESS","Name: \Windows\System32\setupapi.dll"
675"10:34:16.7088971 a.m.","xcopy.exe","4996","QueryNameInformationFile","C:\Windows\System32\apisetschema.dll","SUCCESS","Name: \Windows\System32\apisetschema.dll"
676"10:34:16.7096067 a.m.","xcopy.exe","4996","Process Exit","","SUCCESS","Exit Status: 0, User Time: 0.0000000 seconds, Kernel Time: 0.1875000 seconds, Private Bytes: 851,968, Peak Private Bytes: 5,095,424, Working Set: 3,784,704, Peak Working Set: 7,942,144"
677"10:34:16.7102640 a.m.","xcopy.exe","4996","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options","SUCCESS",""
678"10:34:16.7103255 a.m.","xcopy.exe","4996","CloseFile","C:\my\commands","SUCCESS",""
679"10:34:16.7115212 a.m.","xcopy.exe","4996","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\Sorting\Versions","SUCCESS",""
680"10:34:16.7115567 a.m.","xcopy.exe","4996","RegCloseKey","HKLM","SUCCESS",""
681"10:34:16.7115992 a.m.","xcopy.exe","4996","RegCloseKey","HKLM\System\CurrentControlSet\Control\SESSION MANAGER","SUCCESS",""
682"10:34:16.7116621 a.m.","xcopy.exe","4996","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\Locale","SUCCESS",""
683"10:34:16.7116829 a.m.","xcopy.exe","4996","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\Locale\Alternate Sorts","SUCCESS",""
684"10:34:16.7117076 a.m.","xcopy.exe","4996","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\Language Groups","SUCCESS",""
685"10:37:44.3066681 a.m.","cmd.exe","4604","CreateFile","\\vboxsvr\DataShared\temp\temp.txt","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
686"10:37:44.3130773 a.m.","cmd.exe","4604","QueryBasicInformationFile","\\vboxsvr\DataShared\temp\temp.txt","SUCCESS","CreationTime: 28/07/2011 5:34:20 p.m., LastAccessTime: 28/07/2011 5:34:25 p.m., LastWriteTime: 28/07/2011 5:34:20 p.m., ChangeTime: 28/07/2011 5:34:20 p.m., FileAttributes: N"
687"10:37:44.3132550 a.m.","cmd.exe","4604","CloseFile","\\vboxsvr\DataShared\temp\temp.txt","SUCCESS",""
688"10:37:44.3141021 a.m.","cmd.exe","4604","CreateFile","\\vboxsvr\DataShared\temp","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
689"10:37:44.3142942 a.m.","cmd.exe","4604","QueryDirectory","\\vboxsvr\DataShared\temp\temp.txt","SUCCESS","Filter: temp.txt, 1: temp.txt"
690"10:37:44.3155045 a.m.","cmd.exe","4604","CreateFile","\\vboxsvr\DataShared\temp\temp.txt","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Sequential Access, Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
691"10:37:44.3171545 a.m.","cmd.exe","4604","QueryDeviceInformationVolume","\\vboxsvr\DataShared\temp\temp.txt","SUCCESS","DeviceType: Disk, Characteristics: Remote"
692"10:37:44.3172274 a.m.","cmd.exe","4604","QueryDeviceInformationVolume","\\vboxsvr\DataShared\temp\temp.txt","SUCCESS","DeviceType: Disk, Characteristics: Remote"
693"10:37:44.3173210 a.m.","cmd.exe","4604","ReadFile","\\vboxsvr\DataShared\temp\temp.txt","SUCCESS","Offset: 0, Length: 512, Priority: Normal"
694"10:37:44.3719068 a.m.","cmd.exe","4604","CreateFile","\\vboxsvr\DataShared\temp\temp2.txt","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
695"10:37:44.3731068 a.m.","cmd.exe","4604","QueryBasicInformationFile","\\vboxsvr\DataShared\temp\temp2.txt","SUCCESS","CreationTime: 28/07/2011 5:21:00 p.m., LastAccessTime: 28/07/2011 5:21:08 p.m., LastWriteTime: 28/07/2011 5:21:00 p.m., ChangeTime: 28/07/2011 5:21:00 p.m., FileAttributes: N"
696"10:37:44.3732650 a.m.","cmd.exe","4604","CloseFile","\\vboxsvr\DataShared\temp\temp2.txt","SUCCESS",""
697"10:37:44.3743224 a.m.","cmd.exe","4604","CreateFile","\\vboxsvr\DataShared\temp\temp2.txt","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, AllocationSize: n/a, OpenResult: Opened"
698"10:37:44.3767323 a.m.","cmd.exe","4604","QueryDeviceInformationVolume","\\vboxsvr\DataShared\temp\temp2.txt","SUCCESS","DeviceType: Disk, Characteristics: Remote"
699"10:37:44.3767757 a.m.","cmd.exe","4604","CloseFile","\\vboxsvr\DataShared\temp\temp2.txt","SUCCESS",""
700"10:37:44.3782548 a.m.","cmd.exe","4604","CreateFile","\\vboxsvr\DataShared\temp\temp2.txt","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Sequential Access, Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
701"10:37:44.3833365 a.m.","cmd.exe","4604","QueryDeviceInformationVolume","\\vboxsvr\DataShared\temp\temp2.txt","SUCCESS","DeviceType: Disk, Characteristics: Remote"
702"10:37:44.3834705 a.m.","cmd.exe","4604","QueryDeviceInformationVolume","\\vboxsvr\DataShared\temp\temp2.txt","SUCCESS","DeviceType: Disk, Characteristics: Remote"
703"10:37:44.3835078 a.m.","cmd.exe","4604","CloseFile","\\vboxsvr\DataShared\temp\temp2.txt","SUCCESS",""
704"10:37:46.2616887 a.m.","cmd.exe","4604","CreateFile","\\vboxsvr\DataShared\temp\temp2.txt","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
705"10:37:46.2631275 a.m.","cmd.exe","4604","QueryBasicInformationFile","\\vboxsvr\DataShared\temp\temp2.txt","SUCCESS","CreationTime: 28/07/2011 5:21:00 p.m., LastAccessTime: 28/07/2011 5:21:08 p.m., LastWriteTime: 28/07/2011 5:21:00 p.m., ChangeTime: 28/07/2011 5:21:00 p.m., FileAttributes: N"
706"10:37:46.2632940 a.m.","cmd.exe","4604","CloseFile","\\vboxsvr\DataShared\temp\temp2.txt","SUCCESS",""
707"10:37:46.2644779 a.m.","cmd.exe","4604","CreateFile","\\vboxsvr\DataShared\temp\temp2.txt","SUCCESS","Desired Access: Generic Write, Read Attributes, Disposition: OpenIf, Options: Sequential Access, Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: None, AllocationSize: 0, OpenResult: Created"
708"10:37:46.2656684 a.m.","cmd.exe","4604","QueryDeviceInformationVolume","\\vboxsvr\DataShared\temp\temp2.txt","SUCCESS","DeviceType: Disk, Characteristics: Remote"
709"10:37:46.2657156 a.m.","cmd.exe","4604","QueryDeviceInformationVolume","\\vboxsvr\DataShared\temp\temp2.txt","SUCCESS","DeviceType: Disk, Characteristics: Remote"
710"10:37:46.2657464 a.m.","cmd.exe","4604","CloseFile","\\vboxsvr\DataShared\temp\temp2.txt","SUCCESS",""
711"10:37:46.2667704 a.m.","cmd.exe","4604","CreateFile","\\vboxsvr\DataShared\temp\temp.txt","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Sequential Access, Non-Directory File, Open Reparse Point, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
712"10:37:46.2669109 a.m.","cmd.exe","4604","QueryAttributeTagFile","\\vboxsvr\DataShared\temp\temp.txt","SUCCESS","Attributes: N, ReparseTag: 0x0"
713"10:37:46.2670535 a.m.","cmd.exe","4604","QueryDeviceInformationVolume","\\vboxsvr\DataShared\temp\temp.txt","SUCCESS","DeviceType: Disk, Characteristics: Remote"
714"10:37:46.2671003 a.m.","cmd.exe","4604","FileSystemControl","\\vboxsvr\DataShared\temp\temp.txt","SUCCESS","Control: IOCTL_LMR_DISABLE_LOCAL_BUFFERING"
715"10:37:46.2673851 a.m.","cmd.exe","4604","FileSystemControl","\\vboxsvr\DataShared\temp\temp.txt","INVALID DEVICE REQUEST","Control: FSCTL_LMR_GET_HINT_SIZE"
716"10:37:46.2674107 a.m.","cmd.exe","4604","QueryStandardInformationFile","\\vboxsvr\DataShared\temp\temp.txt","SUCCESS","AllocationSize: 4,313,088, EndOfFile: 4,312,397, NumberOfLinks: 1, DeletePending: False, Directory: False"
717"10:37:46.2674202 a.m.","cmd.exe","4604","QueryBasicInformationFile","\\vboxsvr\DataShared\temp\temp.txt","SUCCESS","CreationTime: 28/07/2011 5:34:20 p.m., LastAccessTime: 28/07/2011 5:34:25 p.m., LastWriteTime: 28/07/2011 5:34:20 p.m., ChangeTime: 28/07/2011 5:34:20 p.m., FileAttributes: N"
718"10:37:46.2676864 a.m.","cmd.exe","4604","QueryStreamInformationFile","\\vboxsvr\DataShared\temp\temp.txt","NOT IMPLEMENTED",""
719"10:37:46.2678386 a.m.","cmd.exe","4604","QueryBasicInformationFile","\\vboxsvr\DataShared\temp\temp.txt","SUCCESS","CreationTime: 28/07/2011 5:34:20 p.m., LastAccessTime: 28/07/2011 5:34:25 p.m., LastWriteTime: 28/07/2011 5:34:20 p.m., ChangeTime: 28/07/2011 5:34:20 p.m., FileAttributes: N"
720"10:37:46.2679838 a.m.","cmd.exe","4604","QueryEaInformationFile","\\vboxsvr\DataShared\temp\temp.txt","SUCCESS","EaSize: 0"
721"10:37:46.2688270 a.m.","cmd.exe","4604","CreateFile","\\vboxsvr\DataShared\temp\temp2.txt","SUCCESS","Desired Access: Generic Write, Read Data/List Directory, Read Attributes, Delete, Disposition: OverwriteIf, Options: Sequential Access, Non-Directory File, Attributes: N, ShareMode: None, AllocationSize: 4,312,397, OpenResult: Created"
722"10:37:46.2715950 a.m.","cmd.exe","4604","QueryDeviceInformationVolume","\\vboxsvr\DataShared\temp\temp2.txt","SUCCESS","DeviceType: Disk, Characteristics: Remote"
723"10:37:46.2716618 a.m.","cmd.exe","4604","FileSystemControl","\\vboxsvr\DataShared\temp\temp2.txt","SUCCESS","Control: IOCTL_LMR_DISABLE_LOCAL_BUFFERING"
724"10:37:46.2717069 a.m.","cmd.exe","4604","QueryAttributeInformationVolume","\\vboxsvr\DataShared\temp\temp2.txt","SUCCESS","FileSystemAttributes: , MaximumComponentNameLength: 255, FileSystemName: VBoxSharedFolderFS"
725"10:37:46.2717450 a.m.","cmd.exe","4604","QueryBasicInformationFile","\\vboxsvr\DataShared\temp\temp2.txt","SUCCESS","CreationTime: 29/07/2011 10:37:46 a.m., LastAccessTime: 28/07/2011 5:21:08 p.m., LastWriteTime: 29/07/2011 10:37:46 a.m., ChangeTime: 29/07/2011 10:37:46 a.m., FileAttributes: N"
726"10:37:46.2718942 a.m.","cmd.exe","4604","QueryAttributeInformationVolume","\\vboxsvr\DataShared\temp\temp.txt","SUCCESS","FileSystemAttributes: , MaximumComponentNameLength: 255, FileSystemName: VBoxSharedFolderFS"
727"10:37:46.2719809 a.m.","cmd.exe","4604","QueryDeviceInformationVolume","\\vboxsvr\DataShared\temp\temp.txt","SUCCESS","DeviceType: Disk, Characteristics: Remote"
728"10:37:46.2720030 a.m.","cmd.exe","4604","QueryDeviceInformationVolume","\\vboxsvr\DataShared\temp\temp2.txt","SUCCESS","DeviceType: Disk, Characteristics: Remote"
729"10:37:46.2723316 a.m.","cmd.exe","4604","DeviceIoControl","\\vboxsvr\DataShared\temp\temp.txt","INVALID DEVICE REQUEST","Control: 0x140410 (Device:0x14 Function:260 Method: 0)"
730"10:37:46.2723936 a.m.","cmd.exe","4604","SetEndOfFileInformationFile","\\vboxsvr\DataShared\temp\temp2.txt","SUCCESS","EndOfFile: 4,312,397"
731"10:37:46.2731379 a.m.","cmd.exe","4604","QueryDeviceInformationVolume","\\vboxsvr\DataShared\temp\temp.txt","SUCCESS","DeviceType: Disk, Characteristics: Remote"
732"10:37:46.2732073 a.m.","cmd.exe","4604","QueryDeviceInformationVolume","\\vboxsvr\DataShared\temp\temp2.txt","SUCCESS","DeviceType: Disk, Characteristics: Remote"
733"10:37:46.2732298 a.m.","cmd.exe","4604","<Unknown>","\\vboxsvr\DataShared\temp\temp.txt","NOT IMPLEMENTED",""
734"10:37:46.2734293 a.m.","cmd.exe","4604","<Unknown>","\\vboxsvr\DataShared\temp\temp2.txt","NOT IMPLEMENTED",""
735"10:37:46.2751317 a.m.","cmd.exe","4604","ReadFile","\\vboxsvr\DataShared\temp\temp.txt","SUCCESS","Offset: 0, Length: 524,288, Priority: Normal"
736"10:37:46.2763651 a.m.","cmd.exe","4604","ReadFile","\\vboxsvr\DataShared\temp\temp.txt","SUCCESS","Offset: 524,288, Length: 524,288, Priority: Normal"
737"10:37:46.2776223 a.m.","cmd.exe","4604","ReadFile","\\vboxsvr\DataShared\temp\temp.txt","SUCCESS","Offset: 1,048,576, Length: 524,288, Priority: Normal"
738"10:37:46.2780354 a.m.","cmd.exe","4604","ReadFile","\\vboxsvr\DataShared\temp\temp.txt","SUCCESS","Offset: 1,572,864, Length: 524,288, Priority: Normal"
739"10:37:46.2799490 a.m.","cmd.exe","4604","ReadFile","\\vboxsvr\DataShared\temp\temp.txt","SUCCESS","Offset: 2,097,152, Length: 524,288, Priority: Normal"
740"10:37:46.2799876 a.m.","cmd.exe","4604","ReadFile","\\vboxsvr\DataShared\temp\temp.txt","SUCCESS","Offset: 2,621,440, Length: 524,288, Priority: Normal"
741"10:37:46.2819397 a.m.","cmd.exe","4604","ReadFile","\\vboxsvr\DataShared\temp\temp.txt","SUCCESS","Offset: 3,145,728, Length: 524,288, Priority: Normal"
742"10:37:46.2829160 a.m.","cmd.exe","4604","ReadFile","\\vboxsvr\DataShared\temp\temp.txt","SUCCESS","Offset: 3,670,016, Length: 524,288, Priority: Normal"
743"10:37:46.2897530 a.m.","cmd.exe","4604","WriteFile","\\vboxsvr\DataShared\temp\temp2.txt","SUCCESS","Offset: 0, Length: 524,288, Priority: Normal"
744"10:37:46.3681941 a.m.","cmd.exe","4604","WriteFile","\\vboxsvr\DataShared\temp\temp2.txt","SUCCESS","Offset: 524,288, Length: 524,288, Priority: Normal"
745"10:37:46.3696846 a.m.","cmd.exe","4604","WriteFile","\\vboxsvr\DataShared\temp\temp2.txt","SUCCESS","Offset: 1,048,576, Length: 524,288, Priority: Normal"
746"10:37:46.3710874 a.m.","cmd.exe","4604","WriteFile","\\vboxsvr\DataShared\temp\temp2.txt","SUCCESS","Offset: 1,572,864, Length: 524,288, Priority: Normal"
747"10:37:46.3725722 a.m.","cmd.exe","4604","WriteFile","\\vboxsvr\DataShared\temp\temp2.txt","SUCCESS","Offset: 2,097,152, Length: 524,288, Priority: Normal"
748"10:37:46.3744008 a.m.","cmd.exe","4604","WriteFile","\\vboxsvr\DataShared\temp\temp2.txt","SUCCESS","Offset: 2,621,440, Length: 524,288, Priority: Normal"
749"10:37:46.3765242 a.m.","cmd.exe","4604","WriteFile","\\vboxsvr\DataShared\temp\temp2.txt","SUCCESS","Offset: 3,145,728, Length: 524,288, Priority: Normal"
750"10:37:46.3812921 a.m.","cmd.exe","4604","WriteFile","\\vboxsvr\DataShared\temp\temp2.txt","SUCCESS","Offset: 3,670,016, Length: 524,288, Priority: Normal"
751"10:37:46.3824730 a.m.","cmd.exe","4604","ReadFile","\\vboxsvr\DataShared\temp\temp.txt","SUCCESS","Offset: 4,194,304, Length: 118,093, Priority: Normal"
752"10:37:46.3839261 a.m.","cmd.exe","4604","WriteFile","\\vboxsvr\DataShared\temp\temp2.txt","SUCCESS","Offset: 4,194,304, Length: 118,093, Priority: Normal"
753"10:37:46.3855358 a.m.","cmd.exe","4604","SetBasicInformationFile","\\vboxsvr\DataShared\temp\temp2.txt","SUCCESS","CreationTime: 1/01/1601 12:00:00 p.m., LastAccessTime: 1/01/1601 12:00:00 p.m., LastWriteTime: 28/07/2011 5:34:20 p.m., ChangeTime: 28/07/2011 5:34:20 p.m., FileAttributes: n/a"
754"10:37:46.3857942 a.m.","cmd.exe","4604","CloseFile","\\vboxsvr\DataShared\temp\temp.txt","SUCCESS",""
755"10:37:46.3860127 a.m.","cmd.exe","4604","CloseFile","\\vboxsvr\DataShared\temp\temp2.txt","SUCCESS",""
756"10:37:46.4644408 a.m.","cmd.exe","4604","CreateFile","\\vboxsvr\DataShared\temp\temp2.txt","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
757"10:37:46.4652735 a.m.","cmd.exe","4604","QueryBasicInformationFile","\\vboxsvr\DataShared\temp\temp2.txt","SUCCESS","CreationTime: 29/07/2011 10:37:46 a.m., LastAccessTime: 28/07/2011 5:21:08 p.m., LastWriteTime: 28/07/2011 5:34:20 p.m., ChangeTime: 29/07/2011 10:37:46 a.m., FileAttributes: N"
758"10:37:46.4654266 a.m.","cmd.exe","4604","CloseFile","\\vboxsvr\DataShared\temp\temp2.txt","SUCCESS",""
759"10:37:46.4667904 a.m.","cmd.exe","4604","CreateFile","\\vboxsvr\DataShared\temp\temp2.txt","SUCCESS","Desired Access: Write Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
760"10:37:46.4676397 a.m.","cmd.exe","4604","SetBasicInformationFile","\\vboxsvr\DataShared\temp\temp2.txt","SUCCESS","CreationTime: 1/01/1601 12:00:00 p.m., LastAccessTime: 1/01/1601 12:00:00 p.m., LastWriteTime: 1/01/1601 12:00:00 p.m., ChangeTime: 1/01/1601 12:00:00 p.m., FileAttributes: N"
761"10:37:46.4677672 a.m.","cmd.exe","4604","CloseFile","\\vboxsvr\DataShared\temp\temp2.txt","SUCCESS",""
762"10:37:46.4679778 a.m.","cmd.exe","4604","CloseFile","\\vboxsvr\DataShared\temp\temp.txt","SUCCESS",""
763"10:37:46.4685206 a.m.","cmd.exe","4604","QueryDirectory","\\vboxsvr\DataShared\temp","NO MORE FILES",""
764"10:37:46.4686840 a.m.","cmd.exe","4604","CloseFile","\\vboxsvr\DataShared\temp","SUCCESS",""

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy