| 1 | "Time of Day","Process Name","PID","Operation","Path","Result","Detail"
|
|---|
| 2 | "10:34:10.4539934 a.m.","cmd.exe","4604","CreateFile","\\vboxsvr\DataShared\temp\temp.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
|
|---|
| 3 | "10:34:10.4552303 a.m.","cmd.exe","4604","QueryBasicInformationFile","\\vboxsvr\DataShared\temp\temp.exe","SUCCESS","CreationTime: 28/07/2011 5:37:00 p.m., LastAccessTime: 29/07/2011 10:30:45 a.m., LastWriteTime: 22/03/2011 1:05:27 p.m., ChangeTime: 28/07/2011 5:37:00 p.m., FileAttributes: N"
|
|---|
| 4 | "10:34:10.4553378 a.m.","cmd.exe","4604","CloseFile","\\vboxsvr\DataShared\temp\temp.exe","SUCCESS",""
|
|---|
| 5 | "10:34:10.4562057 a.m.","cmd.exe","4604","CreateFile","\\vboxsvr\DataShared\temp","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
|
|---|
| 6 | "10:34:10.4563838 a.m.","cmd.exe","4604","QueryDirectory","\\vboxsvr\DataShared\temp\temp.exe","SUCCESS","Filter: temp.exe, 1: temp.exe"
|
|---|
| 7 | "10:34:10.4579744 a.m.","cmd.exe","4604","CreateFile","\\vboxsvr\DataShared\temp\temp.exe","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Sequential Access, Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
|
|---|
| 8 | "10:34:11.1382006 a.m.","cmd.exe","4604","QueryDeviceInformationVolume","\\vboxsvr\DataShared\temp\temp.exe","SUCCESS","DeviceType: Disk, Characteristics: Remote"
|
|---|
| 9 | "10:34:11.1382713 a.m.","cmd.exe","4604","QueryDeviceInformationVolume","\\vboxsvr\DataShared\temp\temp.exe","SUCCESS","DeviceType: Disk, Characteristics: Remote"
|
|---|
| 10 | "10:34:11.1383805 a.m.","cmd.exe","4604","ReadFile","\\vboxsvr\DataShared\temp\temp.exe","SUCCESS","Offset: 0, Length: 512, Priority: Normal"
|
|---|
| 11 | "10:34:11.1461149 a.m.","cmd.exe","4604","CreateFile","\\vboxsvr\DataShared\temp\temp2.exe","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
|
|---|
| 12 | "10:34:11.1485478 a.m.","cmd.exe","4604","CreateFile","\\vboxsvr\DataShared\temp\temp2.exe","NAME NOT FOUND","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, AllocationSize: n/a"
|
|---|
| 13 | "10:34:11.1570353 a.m.","cmd.exe","4604","CreateFile","\\vboxsvr\DataShared\temp\temp2.exe","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
|
|---|
| 14 | "10:34:11.1588045 a.m.","cmd.exe","4604","CreateFile","\\vboxsvr\DataShared\temp\temp.exe","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Sequential Access, Non-Directory File, Open Reparse Point, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
|
|---|
| 15 | "10:34:11.2129282 a.m.","cmd.exe","4604","QueryAttributeTagFile","\\vboxsvr\DataShared\temp\temp.exe","SUCCESS","Attributes: N, ReparseTag: 0x0"
|
|---|
| 16 | "10:34:11.2131956 a.m.","cmd.exe","4604","QueryDeviceInformationVolume","\\vboxsvr\DataShared\temp\temp.exe","SUCCESS","DeviceType: Disk, Characteristics: Remote"
|
|---|
| 17 | "10:34:11.2132329 a.m.","cmd.exe","4604","FileSystemControl","\\vboxsvr\DataShared\temp\temp.exe","SUCCESS","Control: IOCTL_LMR_DISABLE_LOCAL_BUFFERING"
|
|---|
| 18 | "10:34:11.2133101 a.m.","cmd.exe","4604","FileSystemControl","\\vboxsvr\DataShared\temp\temp.exe","INVALID DEVICE REQUEST","Control: FSCTL_LMR_GET_HINT_SIZE"
|
|---|
| 19 | "10:34:11.2133426 a.m.","cmd.exe","4604","QueryStandardInformationFile","\\vboxsvr\DataShared\temp\temp.exe","SUCCESS","AllocationSize: 4,313,088, EndOfFile: 4,312,397, NumberOfLinks: 1, DeletePending: False, Directory: False"
|
|---|
| 20 | "10:34:11.2134488 a.m.","cmd.exe","4604","QueryBasicInformationFile","\\vboxsvr\DataShared\temp\temp.exe","SUCCESS","CreationTime: 28/07/2011 5:37:00 p.m., LastAccessTime: 29/07/2011 10:30:45 a.m., LastWriteTime: 22/03/2011 1:05:27 p.m., ChangeTime: 28/07/2011 5:37:00 p.m., FileAttributes: N"
|
|---|
| 21 | "10:34:11.2136183 a.m.","cmd.exe","4604","QueryStreamInformationFile","\\vboxsvr\DataShared\temp\temp.exe","NOT IMPLEMENTED",""
|
|---|
| 22 | "10:34:11.2137939 a.m.","cmd.exe","4604","QueryBasicInformationFile","\\vboxsvr\DataShared\temp\temp.exe","SUCCESS","CreationTime: 28/07/2011 5:37:00 p.m., LastAccessTime: 29/07/2011 10:30:45 a.m., LastWriteTime: 22/03/2011 1:05:27 p.m., ChangeTime: 28/07/2011 5:37:00 p.m., FileAttributes: N"
|
|---|
| 23 | "10:34:11.2139539 a.m.","cmd.exe","4604","QueryEaInformationFile","\\vboxsvr\DataShared\temp\temp.exe","SUCCESS","EaSize: 0"
|
|---|
| 24 | "10:34:11.2164158 a.m.","cmd.exe","4604","CreateFile","\\vboxsvr\DataShared\temp\temp2.exe","SUCCESS","Desired Access: Generic Write, Read Data/List Directory, Read Attributes, Delete, Disposition: OverwriteIf, Options: Sequential Access, Non-Directory File, Attributes: N, ShareMode: None, AllocationSize: 4,312,397, OpenResult: Created"
|
|---|
| 25 | "10:34:11.2183571 a.m.","cmd.exe","4604","QueryDeviceInformationVolume","\\vboxsvr\DataShared\temp\temp2.exe","SUCCESS","DeviceType: Disk, Characteristics: Remote"
|
|---|
| 26 | "10:34:11.2184009 a.m.","cmd.exe","4604","FileSystemControl","\\vboxsvr\DataShared\temp\temp2.exe","SUCCESS","Control: IOCTL_LMR_DISABLE_LOCAL_BUFFERING"
|
|---|
| 27 | "10:34:11.2184360 a.m.","cmd.exe","4604","QueryAttributeInformationVolume","\\vboxsvr\DataShared\temp\temp2.exe","SUCCESS","FileSystemAttributes: , MaximumComponentNameLength: 255, FileSystemName: VBoxSharedFolderFS"
|
|---|
| 28 | "10:34:11.2184560 a.m.","cmd.exe","4604","QueryBasicInformationFile","\\vboxsvr\DataShared\temp\temp2.exe","SUCCESS","CreationTime: 29/07/2011 10:34:11 a.m., LastAccessTime: 29/07/2011 10:34:11 a.m., LastWriteTime: 29/07/2011 10:34:11 a.m., ChangeTime: 29/07/2011 10:34:11 a.m., FileAttributes: N"
|
|---|
| 29 | "10:34:11.2186086 a.m.","cmd.exe","4604","QueryAttributeInformationVolume","\\vboxsvr\DataShared\temp\temp.exe","SUCCESS","FileSystemAttributes: , MaximumComponentNameLength: 255, FileSystemName: VBoxSharedFolderFS"
|
|---|
| 30 | "10:34:11.2186320 a.m.","cmd.exe","4604","QueryDeviceInformationVolume","\\vboxsvr\DataShared\temp\temp.exe","SUCCESS","DeviceType: Disk, Characteristics: Remote"
|
|---|
| 31 | "10:34:11.2186584 a.m.","cmd.exe","4604","QueryDeviceInformationVolume","\\vboxsvr\DataShared\temp\temp2.exe","SUCCESS","DeviceType: Disk, Characteristics: Remote"
|
|---|
| 32 | "10:34:11.2190971 a.m.","cmd.exe","4604","DeviceIoControl","\\vboxsvr\DataShared\temp\temp.exe","INVALID DEVICE REQUEST","Control: 0x140410 (Device:0x14 Function:260 Method: 0)"
|
|---|
| 33 | "10:34:11.2191223 a.m.","cmd.exe","4604","SetEndOfFileInformationFile","\\vboxsvr\DataShared\temp\temp2.exe","SUCCESS","EndOfFile: 4,312,397"
|
|---|
| 34 | "10:34:11.2193876 a.m.","cmd.exe","4604","QueryDeviceInformationVolume","\\vboxsvr\DataShared\temp\temp.exe","SUCCESS","DeviceType: Disk, Characteristics: Remote"
|
|---|
| 35 | "10:34:11.2194088 a.m.","cmd.exe","4604","QueryDeviceInformationVolume","\\vboxsvr\DataShared\temp\temp2.exe","SUCCESS","DeviceType: Disk, Characteristics: Remote"
|
|---|
| 36 | "10:34:11.2194284 a.m.","cmd.exe","4604","<Unknown>","\\vboxsvr\DataShared\temp\temp.exe","NOT IMPLEMENTED",""
|
|---|
| 37 | "10:34:11.2195476 a.m.","cmd.exe","4604","<Unknown>","\\vboxsvr\DataShared\temp\temp2.exe","NOT IMPLEMENTED",""
|
|---|
| 38 | "10:34:11.2221383 a.m.","cmd.exe","4604","ReadFile","\\vboxsvr\DataShared\temp\temp.exe","INVALID PARAMETER","Offset: 0, Length: 4,294,966,605, Priority: Normal"
|
|---|
| 39 | "10:34:11.2270184 a.m.","cmd.exe","4604","ReadFile","\\vboxsvr\DataShared\temp\temp.exe","INVALID PARAMETER","Offset: 524,288, Length: 523,597, Priority: Normal"
|
|---|
| 40 | "10:34:11.2309227 a.m.","cmd.exe","4604","ReadFile","\\vboxsvr\DataShared\temp\temp.exe","SUCCESS","Offset: 1,048,576, Length: 524,288, Priority: Normal"
|
|---|
| 41 | "10:34:11.2348270 a.m.","cmd.exe","4604","ReadFile","\\vboxsvr\DataShared\temp\temp.exe","SUCCESS","Offset: 1,572,864, Length: 524,288, Priority: Normal"
|
|---|
| 42 | "10:34:11.2367791 a.m.","cmd.exe","4604","ReadFile","\\vboxsvr\DataShared\temp\temp.exe","SUCCESS","Offset: 2,097,152, Length: 524,288, Priority: Normal"
|
|---|
| 43 | "10:34:11.2397071 a.m.","cmd.exe","4604","ReadFile","\\vboxsvr\DataShared\temp\temp.exe","SUCCESS","Offset: 2,621,440, Length: 524,288, Priority: Normal"
|
|---|
| 44 | "10:34:11.2660604 a.m.","cmd.exe","4604","ReadFile","\\vboxsvr\DataShared\temp\temp.exe","SUCCESS","Offset: 3,145,728, Length: 524,288, Priority: Normal"
|
|---|
| 45 | "10:34:11.2680125 a.m.","cmd.exe","4604","ReadFile","\\vboxsvr\DataShared\temp\temp.exe","SUCCESS","Offset: 3,670,016, Length: 524,288, Priority: Normal"
|
|---|
| 46 | "10:34:11.2865576 a.m.","cmd.exe","4604","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 1,111,040, Length: 8,192, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O, Priority: Normal"
|
|---|
| 47 | "10:34:11.2913528 a.m.","cmd.exe","4604","SetDispositionInformationFile","\\vboxsvr\DataShared\temp\temp2.exe","SUCCESS","Delete: True"
|
|---|
| 48 | "10:34:11.2973835 a.m.","cmd.exe","4604","CloseFile","\\vboxsvr\DataShared\temp\temp.exe","SUCCESS",""
|
|---|
| 49 | "10:34:11.2975625 a.m.","cmd.exe","4604","CloseFile","\\vboxsvr\DataShared\temp\temp2.exe","SUCCESS",""
|
|---|
| 50 | "10:34:11.2977546 a.m.","cmd.exe","4604","CloseFile","\\vboxsvr\DataShared\temp\temp.exe","SUCCESS",""
|
|---|
| 51 | "10:34:11.3003041 a.m.","cmd.exe","4604","QueryDirectory","\\vboxsvr\DataShared\temp","NO MORE FILES",""
|
|---|
| 52 | "10:34:11.3010224 a.m.","cmd.exe","4604","CloseFile","\\vboxsvr\DataShared\temp","SUCCESS",""
|
|---|
| 53 | "10:34:12.9424910 a.m.","cmd.exe","4604","CreateFile","C:\my\commands","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
|
|---|
| 54 | "10:34:12.9427993 a.m.","cmd.exe","4604","QueryDirectory","C:\my\commands\xcopy.*","NO SUCH FILE","Filter: xcopy.*"
|
|---|
| 55 | "10:34:12.9432441 a.m.","cmd.exe","4604","CloseFile","C:\my\commands","SUCCESS",""
|
|---|
| 56 | "10:34:12.9437010 a.m.","cmd.exe","4604","CreateFile","C:\my\commands","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
|
|---|
| 57 | "10:34:12.9438011 a.m.","cmd.exe","4604","QueryDirectory","C:\my\commands\xcopy","NO SUCH FILE","Filter: xcopy"
|
|---|
| 58 | "10:34:12.9438831 a.m.","cmd.exe","4604","CloseFile","C:\my\commands","SUCCESS",""
|
|---|
| 59 | "10:34:12.9444055 a.m.","cmd.exe","4604","CreateFile","C:\Windows\System32","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
|
|---|
| 60 | "10:34:12.9445169 a.m.","cmd.exe","4604","QueryDirectory","C:\Windows\System32\xcopy.*","SUCCESS","Filter: xcopy.*, 1: xcopy.exe"
|
|---|
| 61 | "10:34:12.9449153 a.m.","cmd.exe","4604","CloseFile","C:\Windows\System32","SUCCESS",""
|
|---|
| 62 | "10:34:12.9455599 a.m.","cmd.exe","4604","CreateFile","C:\Windows\System32","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
|
|---|
| 63 | "10:34:12.9456883 a.m.","cmd.exe","4604","QueryDirectory","C:\Windows\System32\xcopy.COM","NO SUCH FILE","Filter: xcopy.COM"
|
|---|
| 64 | "10:34:12.9457867 a.m.","cmd.exe","4604","CloseFile","C:\Windows\System32","SUCCESS",""
|
|---|
| 65 | "10:34:12.9460589 a.m.","cmd.exe","4604","CreateFile","C:\Windows\System32","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
|
|---|
| 66 | "10:34:12.9460936 a.m.","cmd.exe","4604","QueryDirectory","C:\Windows\System32\xcopy.EXE","SUCCESS","Filter: xcopy.EXE, 1: xcopy.exe"
|
|---|
| 67 | "10:34:12.9461825 a.m.","cmd.exe","4604","CloseFile","C:\Windows\System32","SUCCESS",""
|
|---|
| 68 | "10:34:12.9512932 a.m.","cmd.exe","4604","CreateFile","C:\my\commands","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
|
|---|
| 69 | "10:34:12.9515521 a.m.","cmd.exe","4604","QueryBasicInformationFile","C:\my\commands","SUCCESS","CreationTime: 16/06/2011 10:34:09 p.m., LastAccessTime: 29/07/2011 10:32:02 a.m., LastWriteTime: 29/07/2011 10:32:02 a.m., ChangeTime: 29/07/2011 10:32:02 a.m., FileAttributes: D"
|
|---|
| 70 | "10:34:12.9516960 a.m.","cmd.exe","4604","CloseFile","C:\my\commands","SUCCESS",""
|
|---|
| 71 | "10:34:12.9522921 a.m.","cmd.exe","4604","CreateFile","C:\Windows\System32\xcopy.exe","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
|
|---|
| 72 | "10:34:12.9529476 a.m.","cmd.exe","4604","CreateFileMapping","C:\Windows\System32\xcopy.exe","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: "
|
|---|
| 73 | "10:34:12.9532714 a.m.","cmd.exe","4604","CreateFileMapping","C:\Windows\System32\xcopy.exe","SUCCESS","SyncType: SyncTypeOther"
|
|---|
| 74 | "10:34:12.9535003 a.m.","cmd.exe","4604","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\xcopy.exe","NAME NOT FOUND","Desired Access: Query Value, Enumerate Sub Keys"
|
|---|
| 75 | "10:34:12.9537032 a.m.","cmd.exe","4604","QuerySecurityFile","C:\Windows\System32\xcopy.exe","SUCCESS","Information: Label"
|
|---|
| 76 | "10:34:12.9552873 a.m.","cmd.exe","4604","QueryNameInformationFile","C:\Windows\System32\xcopy.exe","SUCCESS","Name: \Windows\System32\xcopy.exe"
|
|---|
| 77 | "10:34:12.9588230 a.m.","cmd.exe","4604","Process Create","C:\Windows\system32\xcopy.exe","SUCCESS","PID: 4996, Command line: xcopy d:\temp\temp.exe d:\temp\temp2.exe"
|
|---|
| 78 | "10:34:12.9588894 a.m.","xcopy.exe","4996","Process Start","","SUCCESS","Parent PID: 4604"
|
|---|
| 79 | "10:34:12.9589496 a.m.","xcopy.exe","4996","Thread Create","","SUCCESS","Thread ID: 3328"
|
|---|
| 80 | "10:34:12.9591209 a.m.","cmd.exe","4604","QuerySecurityFile","C:\Windows\System32\xcopy.exe","SUCCESS","Information: Owner, Group, DACL, SACL, Label"
|
|---|
| 81 | "10:34:12.9592548 a.m.","cmd.exe","4604","QueryBasicInformationFile","C:\Windows\System32\xcopy.exe","SUCCESS","CreationTime: 14/07/2009 11:25:32 a.m., LastAccessTime: 14/07/2009 11:25:32 a.m., LastWriteTime: 14/07/2009 1:39:58 p.m., ChangeTime: 17/06/2011 5:50:31 p.m., FileAttributes: A"
|
|---|
| 82 | "10:34:12.9594256 a.m.","cmd.exe","4604","RegOpenKey","HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers","SUCCESS","Desired Access: Query Value"
|
|---|
| 83 | "10:34:12.9597391 a.m.","cmd.exe","4604","RegQueryValue","HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Windows\system32\xcopy.exe","NAME NOT FOUND","Length: 16"
|
|---|
| 84 | "10:34:12.9598566 a.m.","cmd.exe","4604","RegCloseKey","HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers","SUCCESS",""
|
|---|
| 85 | "10:34:12.9599788 a.m.","cmd.exe","4604","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom\xcopy.exe","NAME NOT FOUND","Desired Access: Query Value"
|
|---|
| 86 | "10:34:12.9601184 a.m.","cmd.exe","4604","RegOpenKey","HKLM\Software\Microsoft\Windows\CurrentVersion\SideBySide","SUCCESS","Desired Access: Read"
|
|---|
| 87 | "10:34:12.9602606 a.m.","cmd.exe","4604","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest","NAME NOT FOUND","Length: 20"
|
|---|
| 88 | "10:34:12.9603243 a.m.","cmd.exe","4604","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide","SUCCESS",""
|
|---|
| 89 | "10:34:12.9620831 a.m.","cmd.exe","4604","CloseFile","C:\Windows\System32\xcopy.exe","SUCCESS",""
|
|---|
| 90 | "10:34:13.0434123 a.m.","xcopy.exe","4996","Load Image","C:\Windows\System32\xcopy.exe","SUCCESS","Image Base: 0xff9d0000, Image Size: 0xf000"
|
|---|
| 91 | "10:34:13.0438762 a.m.","xcopy.exe","4996","Load Image","C:\Windows\System32\ntdll.dll","SUCCESS","Image Base: 0x779a0000, Image Size: 0x1a9000"
|
|---|
| 92 | "10:34:13.0442677 a.m.","xcopy.exe","4996","CreateFile","C:\Windows\Prefetch\XCOPY.EXE-41E6513F.pf","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Attributes: n/a, ShareMode: None, AllocationSize: n/a, OpenResult: Opened"
|
|---|
| 93 | "10:34:13.0443739 a.m.","xcopy.exe","4996","QueryStandardInformationFile","C:\Windows\Prefetch\XCOPY.EXE-41E6513F.pf","SUCCESS","AllocationSize: 12,288, EndOfFile: 11,738, NumberOfLinks: 1, DeletePending: False, Directory: False"
|
|---|
| 94 | "10:34:13.0444671 a.m.","xcopy.exe","4996","ReadFile","C:\Windows\Prefetch\XCOPY.EXE-41E6513F.pf","SUCCESS","Offset: 0, Length: 11,738, Priority: Normal"
|
|---|
| 95 | "10:34:13.0447146 a.m.","xcopy.exe","4996","CloseFile","C:\Windows\Prefetch\XCOPY.EXE-41E6513F.pf","SUCCESS",""
|
|---|
| 96 | "10:34:13.0451503 a.m.","xcopy.exe","4996","CreateFile","C:","SUCCESS","Desired Access: Read Attributes, Write Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Complete If Oplocked, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
|
|---|
| 97 | "10:34:13.0452942 a.m.","xcopy.exe","4996","QueryInformationVolume","C:","SUCCESS","VolumeCreationTime: 17/06/2011 5:45:58 p.m., VolumeSerialNumber: 3CD6-DF01, SupportsObjects: True, VolumeLabel: "
|
|---|
| 98 | "10:34:13.0453874 a.m.","xcopy.exe","4996","FileSystemControl","C:","SUCCESS","Control: FSCTL_FILE_PREFETCH"
|
|---|
| 99 | "10:34:13.0457074 a.m.","xcopy.exe","4996","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Complete If Oplocked, Open For Backup, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
|
|---|
| 100 | "10:34:13.0458227 a.m.","xcopy.exe","4996","SetBasicInformationFile","C:\Windows","SUCCESS","CreationTime: 1/01/1601 11:59:59 a.m., LastAccessTime: 1/01/1601 11:59:59 a.m., LastWriteTime: 1/01/1601 11:59:59 a.m., ChangeTime: 1/01/1601 11:59:59 a.m., FileAttributes: n/a"
|
|---|
| 101 | "10:34:13.0459606 a.m.","xcopy.exe","4996","QueryFileInternalInformationFile","C:\Windows","SUCCESS","IndexNumber: 0x1000000000270"
|
|---|
| 102 | "10:34:13.0460538 a.m.","xcopy.exe","4996","FileSystemControl","C:\Windows","END OF FILE","Control: FSCTL_FILE_PREFETCH"
|
|---|
| 103 | "10:34:13.0462345 a.m.","xcopy.exe","4996","CloseFile","C:\Windows","SUCCESS",""
|
|---|
| 104 | "10:34:13.0463728 a.m.","xcopy.exe","4996","CreateFile","C:\Windows\Globalization","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Complete If Oplocked, Open For Backup, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
|
|---|
| 105 | "10:34:13.0464751 a.m.","xcopy.exe","4996","SetBasicInformationFile","C:\Windows\Globalization","SUCCESS","CreationTime: 1/01/1601 11:59:59 a.m., LastAccessTime: 1/01/1601 11:59:59 a.m., LastWriteTime: 1/01/1601 11:59:59 a.m., ChangeTime: 1/01/1601 11:59:59 a.m., FileAttributes: n/a"
|
|---|
| 106 | "10:34:13.0464981 a.m.","xcopy.exe","4996","QueryFileInternalInformationFile","C:\Windows\Globalization","SUCCESS","IndexNumber: 0x1000000000711"
|
|---|
| 107 | "10:34:13.0465202 a.m.","xcopy.exe","4996","FileSystemControl","C:\Windows\Globalization","SUCCESS","Control: FSCTL_FILE_PREFETCH"
|
|---|
| 108 | "10:34:13.0465670 a.m.","xcopy.exe","4996","CloseFile","C:\Windows\Globalization","SUCCESS",""
|
|---|
| 109 | "10:34:13.0467539 a.m.","xcopy.exe","4996","CreateFile","C:\Windows\Globalization\Sorting","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Complete If Oplocked, Open For Backup, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
|
|---|
| 110 | "10:34:13.0468090 a.m.","xcopy.exe","4996","SetBasicInformationFile","C:\Windows\Globalization\Sorting","SUCCESS","CreationTime: 1/01/1601 11:59:59 a.m., LastAccessTime: 1/01/1601 11:59:59 a.m., LastWriteTime: 1/01/1601 11:59:59 a.m., ChangeTime: 1/01/1601 11:59:59 a.m., FileAttributes: n/a"
|
|---|
| 111 | "10:34:13.0468298 a.m.","xcopy.exe","4996","QueryFileInternalInformationFile","C:\Windows\Globalization\Sorting","SUCCESS","IndexNumber: 0x100000000072b"
|
|---|
| 112 | "10:34:13.0468506 a.m.","xcopy.exe","4996","FileSystemControl","C:\Windows\Globalization\Sorting","SUCCESS","Control: FSCTL_FILE_PREFETCH"
|
|---|
| 113 | "10:34:13.0468753 a.m.","xcopy.exe","4996","CloseFile","C:\Windows\Globalization\Sorting","SUCCESS",""
|
|---|
| 114 | "10:34:13.0470175 a.m.","xcopy.exe","4996","CreateFile","C:\Windows\System32","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Complete If Oplocked, Open For Backup, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
|
|---|
| 115 | "10:34:13.0470548 a.m.","xcopy.exe","4996","SetBasicInformationFile","C:\Windows\System32","SUCCESS","CreationTime: 1/01/1601 11:59:59 a.m., LastAccessTime: 1/01/1601 11:59:59 a.m., LastWriteTime: 1/01/1601 11:59:59 a.m., ChangeTime: 1/01/1601 11:59:59 a.m., FileAttributes: n/a"
|
|---|
| 116 | "10:34:13.0470751 a.m.","xcopy.exe","4996","QueryFileInternalInformationFile","C:\Windows\System32","SUCCESS","IndexNumber: 0x1000000000909"
|
|---|
| 117 | "10:34:13.0470964 a.m.","xcopy.exe","4996","FileSystemControl","C:\Windows\System32","END OF FILE","Control: FSCTL_FILE_PREFETCH"
|
|---|
| 118 | "10:34:13.0473274 a.m.","xcopy.exe","4996","CloseFile","C:\Windows\System32","SUCCESS",""
|
|---|
| 119 | "10:34:13.0483323 a.m.","xcopy.exe","4996","CreateFile","C:\Windows\System32\ntdll.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Read Attributes, Disposition: Open, Options: Non-Directory File, Complete If Oplocked, Attributes: N, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
|
|---|
| 120 | "10:34:13.0486068 a.m.","xcopy.exe","4996","SetBasicInformationFile","C:\Windows\System32\ntdll.dll","SUCCESS","CreationTime: 1/01/1601 11:59:59 a.m., LastAccessTime: 1/01/1601 11:59:59 a.m., LastWriteTime: 1/01/1601 11:59:59 a.m., ChangeTime: 1/01/1601 11:59:59 a.m., FileAttributes: n/a"
|
|---|
| 121 | "10:34:13.0486961 a.m.","xcopy.exe","4996","QueryAttributeTagFile","C:\Windows\System32\ntdll.dll","SUCCESS","Attributes: A, ReparseTag: 0x0"
|
|---|
| 122 | "10:34:13.0487758 a.m.","xcopy.exe","4996","QueryFileInternalInformationFile","C:\Windows\System32\ntdll.dll","SUCCESS","IndexNumber: 0x10000000063f4"
|
|---|
| 123 | "10:34:13.0488534 a.m.","xcopy.exe","4996","CreateFileMapping","C:\Windows\System32\ntdll.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: "
|
|---|
| 124 | "10:34:13.0489219 a.m.","xcopy.exe","4996","QueryStandardInformationFile","C:\Windows\System32\ntdll.dll","SUCCESS","AllocationSize: 1,732,608, EndOfFile: 1,731,936, NumberOfLinks: 2, DeletePending: False, Directory: False"
|
|---|
| 125 | "10:34:13.0490585 a.m.","xcopy.exe","4996","CreateFileMapping","C:\Windows\System32\ntdll.dll","SUCCESS","SyncType: SyncTypeOther"
|
|---|
| 126 | "10:34:13.0493008 a.m.","xcopy.exe","4996","CreateFile","C:\Windows\System32\kernel32.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Read Attributes, Disposition: Open, Options: Non-Directory File, Complete If Oplocked, Attributes: N, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
|
|---|
| 127 | "10:34:13.0494742 a.m.","xcopy.exe","4996","SetBasicInformationFile","C:\Windows\System32\kernel32.dll","SUCCESS","CreationTime: 1/01/1601 11:59:59 a.m., LastAccessTime: 1/01/1601 11:59:59 a.m., LastWriteTime: 1/01/1601 11:59:59 a.m., ChangeTime: 1/01/1601 11:59:59 a.m., FileAttributes: n/a"
|
|---|
| 128 | "10:34:13.0495124 a.m.","xcopy.exe","4996","QueryAttributeTagFile","C:\Windows\System32\kernel32.dll","SUCCESS","Attributes: A, ReparseTag: 0x0"
|
|---|
| 129 | "10:34:13.0495328 a.m.","xcopy.exe","4996","QueryFileInternalInformationFile","C:\Windows\System32\kernel32.dll","SUCCESS","IndexNumber: 0x200000001ea11"
|
|---|
| 130 | "10:34:13.0495527 a.m.","xcopy.exe","4996","CreateFileMapping","C:\Windows\System32\kernel32.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: "
|
|---|
| 131 | "10:34:13.0495692 a.m.","xcopy.exe","4996","QueryStandardInformationFile","C:\Windows\System32\kernel32.dll","SUCCESS","AllocationSize: 1,163,264, EndOfFile: 1,162,752, NumberOfLinks: 2, DeletePending: False, Directory: False"
|
|---|
| 132 | "10:34:13.0496342 a.m.","xcopy.exe","4996","CreateFileMapping","C:\Windows\System32\kernel32.dll","SUCCESS","SyncType: SyncTypeOther"
|
|---|
| 133 | "10:34:13.0497656 a.m.","xcopy.exe","4996","CreateFile","C:\Windows\System32\apisetschema.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Read Attributes, Disposition: Open, Options: Non-Directory File, Complete If Oplocked, Attributes: N, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
|
|---|
| 134 | "10:34:13.0498232 a.m.","xcopy.exe","4996","SetBasicInformationFile","C:\Windows\System32\apisetschema.dll","SUCCESS","CreationTime: 1/01/1601 11:59:59 a.m., LastAccessTime: 1/01/1601 11:59:59 a.m., LastWriteTime: 1/01/1601 11:59:59 a.m., ChangeTime: 1/01/1601 11:59:59 a.m., FileAttributes: n/a"
|
|---|
| 135 | "10:34:13.0498449 a.m.","xcopy.exe","4996","QueryAttributeTagFile","C:\Windows\System32\apisetschema.dll","SUCCESS","Attributes: A, ReparseTag: 0x0"
|
|---|
| 136 | "10:34:13.0498631 a.m.","xcopy.exe","4996","QueryFileInternalInformationFile","C:\Windows\System32\apisetschema.dll","SUCCESS","IndexNumber: 0x1000000005ca5"
|
|---|
| 137 | "10:34:13.0498822 a.m.","xcopy.exe","4996","CreateFileMapping","C:\Windows\System32\apisetschema.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: "
|
|---|
| 138 | "10:34:13.0498986 a.m.","xcopy.exe","4996","QueryStandardInformationFile","C:\Windows\System32\apisetschema.dll","SUCCESS","AllocationSize: 8,192, EndOfFile: 6,656, NumberOfLinks: 2, DeletePending: False, Directory: False"
|
|---|
| 139 | "10:34:13.0499472 a.m.","xcopy.exe","4996","CreateFileMapping","C:\Windows\System32\apisetschema.dll","SUCCESS","SyncType: SyncTypeOther"
|
|---|
| 140 | "10:34:13.0500894 a.m.","xcopy.exe","4996","CreateFile","C:\Windows\System32\KernelBase.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Read Attributes, Disposition: Open, Options: Non-Directory File, Complete If Oplocked, Attributes: N, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
|
|---|
| 141 | "10:34:13.0501479 a.m.","xcopy.exe","4996","SetBasicInformationFile","C:\Windows\System32\KernelBase.dll","SUCCESS","CreationTime: 1/01/1601 11:59:59 a.m., LastAccessTime: 1/01/1601 11:59:59 a.m., LastWriteTime: 1/01/1601 11:59:59 a.m., ChangeTime: 1/01/1601 11:59:59 a.m., FileAttributes: n/a"
|
|---|
| 142 | "10:34:13.0501830 a.m.","xcopy.exe","4996","QueryAttributeTagFile","C:\Windows\System32\KernelBase.dll","SUCCESS","Attributes: A, ReparseTag: 0x0"
|
|---|
| 143 | "10:34:13.0502086 a.m.","xcopy.exe","4996","QueryFileInternalInformationFile","C:\Windows\System32\KernelBase.dll","SUCCESS","IndexNumber: 0x200000001eaff"
|
|---|
| 144 | "10:34:13.0502294 a.m.","xcopy.exe","4996","CreateFileMapping","C:\Windows\System32\KernelBase.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: "
|
|---|
| 145 | "10:34:13.0502459 a.m.","xcopy.exe","4996","QueryStandardInformationFile","C:\Windows\System32\KernelBase.dll","SUCCESS","AllocationSize: 421,888, EndOfFile: 421,888, NumberOfLinks: 2, DeletePending: False, Directory: False"
|
|---|
| 146 | "10:34:13.0505168 a.m.","xcopy.exe","4996","CreateFileMapping","C:\Windows\System32\KernelBase.dll","SUCCESS","SyncType: SyncTypeOther"
|
|---|
| 147 | "10:34:13.0506543 a.m.","xcopy.exe","4996","CreateFile","C:\Windows\System32\locale.nls","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Read Attributes, Disposition: Open, Options: Non-Directory File, Complete If Oplocked, Attributes: N, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
|
|---|
| 148 | "10:34:13.0507869 a.m.","xcopy.exe","4996","SetBasicInformationFile","C:\Windows\System32\locale.nls","SUCCESS","CreationTime: 1/01/1601 11:59:59 a.m., LastAccessTime: 1/01/1601 11:59:59 a.m., LastWriteTime: 1/01/1601 11:59:59 a.m., ChangeTime: 1/01/1601 11:59:59 a.m., FileAttributes: n/a"
|
|---|
| 149 | "10:34:13.0508090 a.m.","xcopy.exe","4996","QueryAttributeTagFile","C:\Windows\System32\locale.nls","SUCCESS","Attributes: A, ReparseTag: 0x0"
|
|---|
| 150 | "10:34:13.0508381 a.m.","xcopy.exe","4996","QueryFileInternalInformationFile","C:\Windows\System32\locale.nls","SUCCESS","IndexNumber: 0x1000000006203"
|
|---|
| 151 | "10:34:13.0508650 a.m.","xcopy.exe","4996","CreateFileMapping","C:\Windows\System32\locale.nls","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: "
|
|---|
| 152 | "10:34:13.0508823 a.m.","xcopy.exe","4996","QueryStandardInformationFile","C:\Windows\System32\locale.nls","SUCCESS","AllocationSize: 421,888, EndOfFile: 419,880, NumberOfLinks: 2, DeletePending: False, Directory: False"
|
|---|
| 153 | "10:34:13.0509382 a.m.","xcopy.exe","4996","CreateFileMapping","C:\Windows\System32\locale.nls","SUCCESS","SyncType: SyncTypeOther"
|
|---|
| 154 | "10:34:13.0511389 a.m.","xcopy.exe","4996","CreateFile","C:\Windows\System32\xcopy.exe","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Read Attributes, Disposition: Open, Options: Non-Directory File, Complete If Oplocked, Attributes: N, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
|
|---|
| 155 | "10:34:13.0512703 a.m.","xcopy.exe","4996","SetBasicInformationFile","C:\Windows\System32\xcopy.exe","SUCCESS","CreationTime: 1/01/1601 11:59:59 a.m., LastAccessTime: 1/01/1601 11:59:59 a.m., LastWriteTime: 1/01/1601 11:59:59 a.m., ChangeTime: 1/01/1601 11:59:59 a.m., FileAttributes: n/a"
|
|---|
| 156 | "10:34:13.0512924 a.m.","xcopy.exe","4996","QueryAttributeTagFile","C:\Windows\System32\xcopy.exe","SUCCESS","Attributes: A, ReparseTag: 0x0"
|
|---|
| 157 | "10:34:13.0513111 a.m.","xcopy.exe","4996","QueryFileInternalInformationFile","C:\Windows\System32\xcopy.exe","SUCCESS","IndexNumber: 0x1000000006882"
|
|---|
| 158 | "10:34:13.0513306 a.m.","xcopy.exe","4996","CreateFileMapping","C:\Windows\System32\xcopy.exe","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: "
|
|---|
| 159 | "10:34:13.0513470 a.m.","xcopy.exe","4996","QueryStandardInformationFile","C:\Windows\System32\xcopy.exe","SUCCESS","AllocationSize: 45,056, EndOfFile: 43,008, NumberOfLinks: 2, DeletePending: False, Directory: False"
|
|---|
| 160 | "10:34:13.0513822 a.m.","xcopy.exe","4996","CreateFileMapping","C:\Windows\System32\xcopy.exe","SUCCESS","SyncType: SyncTypeOther"
|
|---|
| 161 | "10:34:13.0514550 a.m.","xcopy.exe","4996","CreateFile","C:\Windows\System32\advapi32.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Read Attributes, Disposition: Open, Options: Non-Directory File, Complete If Oplocked, Attributes: N, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
|
|---|
| 162 | "10:34:13.0514550 a.m.","xcopy.exe","4996","SetBasicInformationFile","C:\Windows\System32\advapi32.dll","SUCCESS","CreationTime: 1/01/1601 11:59:59 a.m., LastAccessTime: 1/01/1601 11:59:59 a.m., LastWriteTime: 1/01/1601 11:59:59 a.m., ChangeTime: 1/01/1601 11:59:59 a.m., FileAttributes: n/a"
|
|---|
| 163 | "10:34:13.0514667 a.m.","xcopy.exe","4996","QueryAttributeTagFile","C:\Windows\System32\advapi32.dll","SUCCESS","Attributes: A, ReparseTag: 0x0"
|
|---|
| 164 | "10:34:13.0514953 a.m.","xcopy.exe","4996","QueryFileInternalInformationFile","C:\Windows\System32\advapi32.dll","SUCCESS","IndexNumber: 0x1000000005c6f"
|
|---|
| 165 | "10:34:13.0515243 a.m.","xcopy.exe","4996","CreateFileMapping","C:\Windows\System32\advapi32.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: "
|
|---|
| 166 | "10:34:13.0515508 a.m.","xcopy.exe","4996","QueryStandardInformationFile","C:\Windows\System32\advapi32.dll","SUCCESS","AllocationSize: 880,640, EndOfFile: 877,056, NumberOfLinks: 2, DeletePending: False, Directory: False"
|
|---|
| 167 | "10:34:13.0516254 a.m.","xcopy.exe","4996","CreateFileMapping","C:\Windows\System32\advapi32.dll","SUCCESS","SyncType: SyncTypeOther"
|
|---|
| 168 | "10:34:13.0517866 a.m.","xcopy.exe","4996","CreateFile","C:\Windows\System32\msvcrt.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Read Attributes, Disposition: Open, Options: Non-Directory File, Complete If Oplocked, Attributes: N, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
|
|---|
| 169 | "10:34:13.0519505 a.m.","xcopy.exe","4996","SetBasicInformationFile","C:\Windows\System32\msvcrt.dll","SUCCESS","CreationTime: 1/01/1601 11:59:59 a.m., LastAccessTime: 1/01/1601 11:59:59 a.m., LastWriteTime: 1/01/1601 11:59:59 a.m., ChangeTime: 1/01/1601 11:59:59 a.m., FileAttributes: n/a"
|
|---|
| 170 | "10:34:13.0519795 a.m.","xcopy.exe","4996","QueryAttributeTagFile","C:\Windows\System32\msvcrt.dll","SUCCESS","Attributes: A, ReparseTag: 0x0"
|
|---|
| 171 | "10:34:13.0519995 a.m.","xcopy.exe","4996","QueryFileInternalInformationFile","C:\Windows\System32\msvcrt.dll","SUCCESS","IndexNumber: 0x1000000006308"
|
|---|
| 172 | "10:34:13.0520190 a.m.","xcopy.exe","4996","CreateFileMapping","C:\Windows\System32\msvcrt.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: "
|
|---|
| 173 | "10:34:13.0520355 a.m.","xcopy.exe","4996","QueryStandardInformationFile","C:\Windows\System32\msvcrt.dll","SUCCESS","AllocationSize: 634,880, EndOfFile: 634,880, NumberOfLinks: 2, DeletePending: False, Directory: False"
|
|---|
| 174 | "10:34:13.0520819 a.m.","xcopy.exe","4996","CreateFileMapping","C:\Windows\System32\msvcrt.dll","SUCCESS","SyncType: SyncTypeOther"
|
|---|
| 175 | "10:34:13.0522353 a.m.","xcopy.exe","4996","CreateFile","C:\Windows\System32\sechost.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Read Attributes, Disposition: Open, Options: Non-Directory File, Complete If Oplocked, Attributes: N, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
|
|---|
| 176 | "10:34:13.0523116 a.m.","xcopy.exe","4996","SetBasicInformationFile","C:\Windows\System32\sechost.dll","SUCCESS","CreationTime: 1/01/1601 11:59:59 a.m., LastAccessTime: 1/01/1601 11:59:59 a.m., LastWriteTime: 1/01/1601 11:59:59 a.m., ChangeTime: 1/01/1601 11:59:59 a.m., FileAttributes: n/a"
|
|---|
| 177 | "10:34:13.0523285 a.m.","xcopy.exe","4996","QueryAttributeTagFile","C:\Windows\System32\sechost.dll","SUCCESS","Attributes: A, ReparseTag: 0x0"
|
|---|
| 178 | "10:34:13.0523571 a.m.","xcopy.exe","4996","QueryFileInternalInformationFile","C:\Windows\System32\sechost.dll","SUCCESS","IndexNumber: 0x1000000006587"
|
|---|
| 179 | "10:34:13.0523866 a.m.","xcopy.exe","4996","CreateFileMapping","C:\Windows\System32\sechost.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: "
|
|---|
| 180 | "10:34:13.0524126 a.m.","xcopy.exe","4996","QueryStandardInformationFile","C:\Windows\System32\sechost.dll","SUCCESS","AllocationSize: 114,688, EndOfFile: 113,664, NumberOfLinks: 2, DeletePending: False, Directory: False"
|
|---|
| 181 | "10:34:13.0524768 a.m.","xcopy.exe","4996","CreateFileMapping","C:\Windows\System32\sechost.dll","SUCCESS","SyncType: SyncTypeOther"
|
|---|
| 182 | "10:34:13.0526697 a.m.","xcopy.exe","4996","CreateFile","C:\Windows\System32\rpcrt4.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Read Attributes, Disposition: Open, Options: Non-Directory File, Complete If Oplocked, Attributes: N, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
|
|---|
| 183 | "10:34:13.0528145 a.m.","xcopy.exe","4996","SetBasicInformationFile","C:\Windows\System32\rpcrt4.dll","SUCCESS","CreationTime: 1/01/1601 11:59:59 a.m., LastAccessTime: 1/01/1601 11:59:59 a.m., LastWriteTime: 1/01/1601 11:59:59 a.m., ChangeTime: 1/01/1601 11:59:59 a.m., FileAttributes: n/a"
|
|---|
| 184 | "10:34:13.0528383 a.m.","xcopy.exe","4996","QueryAttributeTagFile","C:\Windows\System32\rpcrt4.dll","SUCCESS","Attributes: A, ReparseTag: 0x0"
|
|---|
| 185 | "10:34:13.0528635 a.m.","xcopy.exe","4996","QueryFileInternalInformationFile","C:\Windows\System32\rpcrt4.dll","SUCCESS","IndexNumber: 0x100000000653b"
|
|---|
| 186 | "10:34:13.0528826 a.m.","xcopy.exe","4996","CreateFileMapping","C:\Windows\System32\rpcrt4.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: "
|
|---|
| 187 | "10:34:13.0528990 a.m.","xcopy.exe","4996","QueryStandardInformationFile","C:\Windows\System32\rpcrt4.dll","SUCCESS","AllocationSize: 1,220,608, EndOfFile: 1,219,584, NumberOfLinks: 2, DeletePending: False, Directory: False"
|
|---|
| 188 | "10:34:13.0529558 a.m.","xcopy.exe","4996","CreateFileMapping","C:\Windows\System32\rpcrt4.dll","SUCCESS","SyncType: SyncTypeOther"
|
|---|
| 189 | "10:34:13.0531310 a.m.","xcopy.exe","4996","CreateFile","C:\Windows\System32\ulib.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Read Attributes, Disposition: Open, Options: Non-Directory File, Complete If Oplocked, Attributes: N, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
|
|---|
| 190 | "10:34:13.0532844 a.m.","xcopy.exe","4996","SetBasicInformationFile","C:\Windows\System32\ulib.dll","SUCCESS","CreationTime: 1/01/1601 11:59:59 a.m., LastAccessTime: 1/01/1601 11:59:59 a.m., LastWriteTime: 1/01/1601 11:59:59 a.m., ChangeTime: 1/01/1601 11:59:59 a.m., FileAttributes: n/a"
|
|---|
| 191 | "10:34:13.0533065 a.m.","xcopy.exe","4996","QueryAttributeTagFile","C:\Windows\System32\ulib.dll","SUCCESS","Attributes: A, ReparseTag: 0x0"
|
|---|
| 192 | "10:34:13.0533252 a.m.","xcopy.exe","4996","QueryFileInternalInformationFile","C:\Windows\System32\ulib.dll","SUCCESS","IndexNumber: 0x10000000066d4"
|
|---|
| 193 | "10:34:13.0533443 a.m.","xcopy.exe","4996","CreateFileMapping","C:\Windows\System32\ulib.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: "
|
|---|
| 194 | "10:34:13.0533612 a.m.","xcopy.exe","4996","QueryStandardInformationFile","C:\Windows\System32\ulib.dll","SUCCESS","AllocationSize: 147,456, EndOfFile: 146,944, NumberOfLinks: 2, DeletePending: False, Directory: False"
|
|---|
| 195 | "10:34:13.0534236 a.m.","xcopy.exe","4996","CreateFileMapping","C:\Windows\System32\ulib.dll","SUCCESS","SyncType: SyncTypeOther"
|
|---|
| 196 | "10:34:13.0535710 a.m.","xcopy.exe","4996","CreateFile","C:\Windows\System32\user32.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Read Attributes, Disposition: Open, Options: Non-Directory File, Complete If Oplocked, Attributes: N, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
|
|---|
| 197 | "10:34:13.0536824 a.m.","xcopy.exe","4996","SetBasicInformationFile","C:\Windows\System32\user32.dll","SUCCESS","CreationTime: 1/01/1601 11:59:59 a.m., LastAccessTime: 1/01/1601 11:59:59 a.m., LastWriteTime: 1/01/1601 11:59:59 a.m., ChangeTime: 1/01/1601 11:59:59 a.m., FileAttributes: n/a"
|
|---|
| 198 | "10:34:13.0537045 a.m.","xcopy.exe","4996","QueryAttributeTagFile","C:\Windows\System32\user32.dll","SUCCESS","Attributes: A, ReparseTag: 0x0"
|
|---|
| 199 | "10:34:13.0537232 a.m.","xcopy.exe","4996","QueryFileInternalInformationFile","C:\Windows\System32\user32.dll","SUCCESS","IndexNumber: 0x10000000066f2"
|
|---|
| 200 | "10:34:13.0537422 a.m.","xcopy.exe","4996","CreateFileMapping","C:\Windows\System32\user32.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: "
|
|---|
| 201 | "10:34:13.0537669 a.m.","xcopy.exe","4996","QueryStandardInformationFile","C:\Windows\System32\user32.dll","SUCCESS","AllocationSize: 1,011,712, EndOfFile: 1,008,128, NumberOfLinks: 2, DeletePending: False, Directory: False"
|
|---|
| 202 | "10:34:13.0538229 a.m.","xcopy.exe","4996","CreateFileMapping","C:\Windows\System32\user32.dll","SUCCESS","SyncType: SyncTypeOther"
|
|---|
| 203 | "10:34:13.0539542 a.m.","xcopy.exe","4996","CreateFile","C:\Windows\System32\gdi32.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Read Attributes, Disposition: Open, Options: Non-Directory File, Complete If Oplocked, Attributes: N, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
|
|---|
| 204 | "10:34:13.0540882 a.m.","xcopy.exe","4996","SetBasicInformationFile","C:\Windows\System32\gdi32.dll","SUCCESS","CreationTime: 1/01/1601 11:59:59 a.m., LastAccessTime: 1/01/1601 11:59:59 a.m., LastWriteTime: 1/01/1601 11:59:59 a.m., ChangeTime: 1/01/1601 11:59:59 a.m., FileAttributes: n/a"
|
|---|
| 205 | "10:34:13.0541103 a.m.","xcopy.exe","4996","QueryAttributeTagFile","C:\Windows\System32\gdi32.dll","SUCCESS","Attributes: A, ReparseTag: 0x0"
|
|---|
| 206 | "10:34:13.0541285 a.m.","xcopy.exe","4996","QueryFileInternalInformationFile","C:\Windows\System32\gdi32.dll","SUCCESS","IndexNumber: 0x1000000006062"
|
|---|
| 207 | "10:34:13.0541480 a.m.","xcopy.exe","4996","CreateFileMapping","C:\Windows\System32\gdi32.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: "
|
|---|
| 208 | "10:34:13.0541641 a.m.","xcopy.exe","4996","QueryStandardInformationFile","C:\Windows\System32\gdi32.dll","SUCCESS","AllocationSize: 405,504, EndOfFile: 403,968, NumberOfLinks: 2, DeletePending: False, Directory: False"
|
|---|
| 209 | "10:34:13.0542000 a.m.","xcopy.exe","4996","CreateFileMapping","C:\Windows\System32\gdi32.dll","SUCCESS","SyncType: SyncTypeOther"
|
|---|
| 210 | "10:34:13.0545919 a.m.","xcopy.exe","4996","CreateFile","C:\Windows\System32\lpk.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Read Attributes, Disposition: Open, Options: Non-Directory File, Complete If Oplocked, Attributes: N, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
|
|---|
| 211 | "10:34:13.0547484 a.m.","xcopy.exe","4996","SetBasicInformationFile","C:\Windows\System32\lpk.dll","SUCCESS","CreationTime: 1/01/1601 11:59:59 a.m., LastAccessTime: 1/01/1601 11:59:59 a.m., LastWriteTime: 1/01/1601 11:59:59 a.m., ChangeTime: 1/01/1601 11:59:59 a.m., FileAttributes: n/a"
|
|---|
| 212 | "10:34:13.0548213 a.m.","xcopy.exe","4996","QueryAttributeTagFile","C:\Windows\System32\lpk.dll","SUCCESS","Attributes: A, ReparseTag: 0x0"
|
|---|
| 213 | "10:34:13.0548846 a.m.","xcopy.exe","4996","QueryFileInternalInformationFile","C:\Windows\System32\lpk.dll","SUCCESS","IndexNumber: 0x1000000006216"
|
|---|
| 214 | "10:34:13.0549453 a.m.","xcopy.exe","4996","CreateFileMapping","C:\Windows\System32\lpk.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: "
|
|---|
| 215 | "10:34:13.0549990 a.m.","xcopy.exe","4996","QueryStandardInformationFile","C:\Windows\System32\lpk.dll","SUCCESS","AllocationSize: 45,056, EndOfFile: 41,984, NumberOfLinks: 4, DeletePending: False, Directory: False"
|
|---|
| 216 | "10:34:13.0551178 a.m.","xcopy.exe","4996","CreateFileMapping","C:\Windows\System32\lpk.dll","SUCCESS","SyncType: SyncTypeOther"
|
|---|
| 217 | "10:34:13.0613007 a.m.","xcopy.exe","4996","CreateFile","C:\Windows\System32\usp10.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Read Attributes, Disposition: Open, Options: Non-Directory File, Complete If Oplocked, Attributes: N, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
|
|---|
| 218 | "10:34:13.0614424 a.m.","xcopy.exe","4996","SetBasicInformationFile","C:\Windows\System32\usp10.dll","SUCCESS","CreationTime: 1/01/1601 11:59:59 a.m., LastAccessTime: 1/01/1601 11:59:59 a.m., LastWriteTime: 1/01/1601 11:59:59 a.m., ChangeTime: 1/01/1601 11:59:59 a.m., FileAttributes: n/a"
|
|---|
| 219 | "10:34:13.0614689 a.m.","xcopy.exe","4996","QueryAttributeTagFile","C:\Windows\System32\usp10.dll","SUCCESS","Attributes: A, ReparseTag: 0x0"
|
|---|
| 220 | "10:34:13.0614888 a.m.","xcopy.exe","4996","QueryFileInternalInformationFile","C:\Windows\System32\usp10.dll","SUCCESS","IndexNumber: 0x10000000066fb"
|
|---|
| 221 | "10:34:13.0615100 a.m.","xcopy.exe","4996","CreateFileMapping","C:\Windows\System32\usp10.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: "
|
|---|
| 222 | "10:34:13.0615278 a.m.","xcopy.exe","4996","QueryStandardInformationFile","C:\Windows\System32\usp10.dll","SUCCESS","AllocationSize: 802,816, EndOfFile: 800,256, NumberOfLinks: 2, DeletePending: False, Directory: False"
|
|---|
| 223 | "10:34:13.0615876 a.m.","xcopy.exe","4996","CreateFileMapping","C:\Windows\System32\usp10.dll","SUCCESS","SyncType: SyncTypeOther"
|
|---|
| 224 | "10:34:13.0618413 a.m.","xcopy.exe","4996","CreateFile","C:\Windows\System32\ifsutil.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Read Attributes, Disposition: Open, Options: Non-Directory File, Complete If Oplocked, Attributes: N, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
|
|---|
| 225 | "10:34:13.0620112 a.m.","xcopy.exe","4996","SetBasicInformationFile","C:\Windows\System32\ifsutil.dll","SUCCESS","CreationTime: 1/01/1601 11:59:59 a.m., LastAccessTime: 1/01/1601 11:59:59 a.m., LastWriteTime: 1/01/1601 11:59:59 a.m., ChangeTime: 1/01/1601 11:59:59 a.m., FileAttributes: n/a"
|
|---|
| 226 | "10:34:13.0620602 a.m.","xcopy.exe","4996","QueryAttributeTagFile","C:\Windows\System32\ifsutil.dll","SUCCESS","Attributes: A, ReparseTag: 0x0"
|
|---|
| 227 | "10:34:13.0620892 a.m.","xcopy.exe","4996","QueryFileInternalInformationFile","C:\Windows\System32\ifsutil.dll","SUCCESS","IndexNumber: 0x10000000060cb"
|
|---|
| 228 | "10:34:13.0621187 a.m.","xcopy.exe","4996","CreateFileMapping","C:\Windows\System32\ifsutil.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: "
|
|---|
| 229 | "10:34:13.0621452 a.m.","xcopy.exe","4996","QueryStandardInformationFile","C:\Windows\System32\ifsutil.dll","SUCCESS","AllocationSize: 184,320, EndOfFile: 180,736, NumberOfLinks: 2, DeletePending: False, Directory: False"
|
|---|
| 230 | "10:34:13.0622267 a.m.","xcopy.exe","4996","CreateFileMapping","C:\Windows\System32\ifsutil.dll","SUCCESS","SyncType: SyncTypeOther"
|
|---|
| 231 | "10:34:13.0623754 a.m.","xcopy.exe","4996","CreateFile","C:\Windows\System32\cfgmgr32.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Read Attributes, Disposition: Open, Options: Non-Directory File, Complete If Oplocked, Attributes: N, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
|
|---|
| 232 | "10:34:13.0624759 a.m.","xcopy.exe","4996","SetBasicInformationFile","C:\Windows\System32\cfgmgr32.dll","SUCCESS","CreationTime: 1/01/1601 11:59:59 a.m., LastAccessTime: 1/01/1601 11:59:59 a.m., LastWriteTime: 1/01/1601 11:59:59 a.m., ChangeTime: 1/01/1601 11:59:59 a.m., FileAttributes: n/a"
|
|---|
| 233 | "10:34:13.0624980 a.m.","xcopy.exe","4996","QueryAttributeTagFile","C:\Windows\System32\cfgmgr32.dll","SUCCESS","Attributes: A, ReparseTag: 0x0"
|
|---|
| 234 | "10:34:13.0625167 a.m.","xcopy.exe","4996","QueryFileInternalInformationFile","C:\Windows\System32\cfgmgr32.dll","SUCCESS","IndexNumber: 0x1000000005d4f"
|
|---|
| 235 | "10:34:13.0625358 a.m.","xcopy.exe","4996","CreateFileMapping","C:\Windows\System32\cfgmgr32.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: "
|
|---|
| 236 | "10:34:13.0625527 a.m.","xcopy.exe","4996","QueryStandardInformationFile","C:\Windows\System32\cfgmgr32.dll","SUCCESS","AllocationSize: 208,896, EndOfFile: 207,872, NumberOfLinks: 4, DeletePending: False, Directory: False"
|
|---|
| 237 | "10:34:13.0626177 a.m.","xcopy.exe","4996","CreateFileMapping","C:\Windows\System32\cfgmgr32.dll","SUCCESS","SyncType: SyncTypeOther"
|
|---|
| 238 | "10:34:13.0628284 a.m.","xcopy.exe","4996","CreateFile","C:\Windows\System32\setupapi.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Read Attributes, Disposition: Open, Options: Non-Directory File, Complete If Oplocked, Attributes: N, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
|
|---|
| 239 | "10:34:13.0630577 a.m.","xcopy.exe","4996","SetBasicInformationFile","C:\Windows\System32\setupapi.dll","SUCCESS","CreationTime: 1/01/1601 11:59:59 a.m., LastAccessTime: 1/01/1601 11:59:59 a.m., LastWriteTime: 1/01/1601 11:59:59 a.m., ChangeTime: 1/01/1601 11:59:59 a.m., FileAttributes: n/a"
|
|---|
| 240 | "10:34:13.0630842 a.m.","xcopy.exe","4996","QueryAttributeTagFile","C:\Windows\System32\setupapi.dll","SUCCESS","Attributes: A, ReparseTag: 0x0"
|
|---|
| 241 | "10:34:13.0631050 a.m.","xcopy.exe","4996","QueryFileInternalInformationFile","C:\Windows\System32\setupapi.dll","SUCCESS","IndexNumber: 0x10000000065ad"
|
|---|
| 242 | "10:34:13.0631266 a.m.","xcopy.exe","4996","CreateFileMapping","C:\Windows\System32\setupapi.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: "
|
|---|
| 243 | "10:34:13.0631791 a.m.","xcopy.exe","4996","QueryStandardInformationFile","C:\Windows\System32\setupapi.dll","SUCCESS","AllocationSize: 1,900,544, EndOfFile: 1,900,544, NumberOfLinks: 2, DeletePending: False, Directory: False"
|
|---|
| 244 | "10:34:13.0632220 a.m.","xcopy.exe","4996","CreateFileMapping","C:\Windows\System32\setupapi.dll","SUCCESS","SyncType: SyncTypeOther"
|
|---|
| 245 | "10:34:13.0633590 a.m.","xcopy.exe","4996","CreateFile","C:\Windows\System32\oleaut32.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Read Attributes, Disposition: Open, Options: Non-Directory File, Complete If Oplocked, Attributes: N, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
|
|---|
| 246 | "10:34:13.0635935 a.m.","xcopy.exe","4996","SetBasicInformationFile","C:\Windows\System32\oleaut32.dll","SUCCESS","CreationTime: 1/01/1601 11:59:59 a.m., LastAccessTime: 1/01/1601 11:59:59 a.m., LastWriteTime: 1/01/1601 11:59:59 a.m., ChangeTime: 1/01/1601 11:59:59 a.m., FileAttributes: n/a"
|
|---|
| 247 | "10:34:13.0636933 a.m.","xcopy.exe","4996","QueryAttributeTagFile","C:\Windows\System32\oleaut32.dll","SUCCESS","Attributes: A, ReparseTag: 0x0"
|
|---|
| 248 | "10:34:13.0637830 a.m.","xcopy.exe","4996","QueryFileInternalInformationFile","C:\Windows\System32\oleaut32.dll","SUCCESS","IndexNumber: 0x200000000e885"
|
|---|
| 249 | "10:34:13.0638684 a.m.","xcopy.exe","4996","CreateFileMapping","C:\Windows\System32\oleaut32.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: "
|
|---|
| 250 | "10:34:13.0639417 a.m.","xcopy.exe","4996","QueryStandardInformationFile","C:\Windows\System32\oleaut32.dll","SUCCESS","AllocationSize: 864,256, EndOfFile: 861,696, NumberOfLinks: 2, DeletePending: False, Directory: False"
|
|---|
| 251 | "10:34:13.0643010 a.m.","xcopy.exe","4996","CreateFileMapping","C:\Windows\System32\oleaut32.dll","SUCCESS","SyncType: SyncTypeOther"
|
|---|
| 252 | "10:34:13.0644302 a.m.","xcopy.exe","4996","CreateFile","C:\Windows\System32\ole32.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Read Attributes, Disposition: Open, Options: Non-Directory File, Complete If Oplocked, Attributes: N, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
|
|---|
| 253 | "10:34:13.0645334 a.m.","xcopy.exe","4996","SetBasicInformationFile","C:\Windows\System32\ole32.dll","SUCCESS","CreationTime: 1/01/1601 11:59:59 a.m., LastAccessTime: 1/01/1601 11:59:59 a.m., LastWriteTime: 1/01/1601 11:59:59 a.m., ChangeTime: 1/01/1601 11:59:59 a.m., FileAttributes: n/a"
|
|---|
| 254 | "10:34:13.0645560 a.m.","xcopy.exe","4996","QueryAttributeTagFile","C:\Windows\System32\ole32.dll","SUCCESS","Attributes: A, ReparseTag: 0x0"
|
|---|
| 255 | "10:34:13.0645746 a.m.","xcopy.exe","4996","QueryFileInternalInformationFile","C:\Windows\System32\ole32.dll","SUCCESS","IndexNumber: 0x1000000006417"
|
|---|
| 256 | "10:34:13.0645937 a.m.","xcopy.exe","4996","CreateFileMapping","C:\Windows\System32\ole32.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: "
|
|---|
| 257 | "10:34:13.0646101 a.m.","xcopy.exe","4996","QueryStandardInformationFile","C:\Windows\System32\ole32.dll","SUCCESS","AllocationSize: 2,088,960, EndOfFile: 2,086,912, NumberOfLinks: 2, DeletePending: False, Directory: False"
|
|---|
| 258 | "10:34:13.0646583 a.m.","xcopy.exe","4996","CreateFileMapping","C:\Windows\System32\ole32.dll","SUCCESS","SyncType: SyncTypeOther"
|
|---|
| 259 | "10:34:13.0647679 a.m.","xcopy.exe","4996","CreateFile","C:\Windows\System32\devobj.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Read Attributes, Disposition: Open, Options: Non-Directory File, Complete If Oplocked, Attributes: N, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
|
|---|
| 260 | "10:34:13.0649075 a.m.","xcopy.exe","4996","SetBasicInformationFile","C:\Windows\System32\devobj.dll","SUCCESS","CreationTime: 1/01/1601 11:59:59 a.m., LastAccessTime: 1/01/1601 11:59:59 a.m., LastWriteTime: 1/01/1601 11:59:59 a.m., ChangeTime: 1/01/1601 11:59:59 a.m., FileAttributes: n/a"
|
|---|
| 261 | "10:34:13.0649310 a.m.","xcopy.exe","4996","QueryAttributeTagFile","C:\Windows\System32\devobj.dll","SUCCESS","Attributes: A, ReparseTag: 0x0"
|
|---|
| 262 | "10:34:13.0649492 a.m.","xcopy.exe","4996","QueryFileInternalInformationFile","C:\Windows\System32\devobj.dll","SUCCESS","IndexNumber: 0x1000000005f2f"
|
|---|
| 263 | "10:34:13.0649687 a.m.","xcopy.exe","4996","CreateFileMapping","C:\Windows\System32\devobj.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: "
|
|---|
| 264 | "10:34:13.0649851 a.m.","xcopy.exe","4996","QueryStandardInformationFile","C:\Windows\System32\devobj.dll","SUCCESS","AllocationSize: 94,208, EndOfFile: 93,184, NumberOfLinks: 4, DeletePending: False, Directory: False"
|
|---|
| 265 | "10:34:13.0650337 a.m.","xcopy.exe","4996","CreateFileMapping","C:\Windows\System32\devobj.dll","SUCCESS","SyncType: SyncTypeOther"
|
|---|
| 266 | "10:34:13.0651200 a.m.","xcopy.exe","4996","CreateFile","C:\Windows\System32\imm32.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Read Attributes, Disposition: Open, Options: Non-Directory File, Complete If Oplocked, Attributes: N, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
|
|---|
| 267 | "10:34:13.0651200 a.m.","xcopy.exe","4996","SetBasicInformationFile","C:\Windows\System32\imm32.dll","SUCCESS","CreationTime: 1/01/1601 11:59:59 a.m., LastAccessTime: 1/01/1601 11:59:59 a.m., LastWriteTime: 1/01/1601 11:59:59 a.m., ChangeTime: 1/01/1601 11:59:59 a.m., FileAttributes: n/a"
|
|---|
| 268 | "10:34:13.0651304 a.m.","xcopy.exe","4996","QueryAttributeTagFile","C:\Windows\System32\imm32.dll","SUCCESS","Attributes: A, ReparseTag: 0x0"
|
|---|
| 269 | "10:34:13.0651590 a.m.","xcopy.exe","4996","QueryFileInternalInformationFile","C:\Windows\System32\imm32.dll","SUCCESS","IndexNumber: 0x10000000060df"
|
|---|
| 270 | "10:34:13.0651880 a.m.","xcopy.exe","4996","CreateFileMapping","C:\Windows\System32\imm32.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: "
|
|---|
| 271 | "10:34:13.0652145 a.m.","xcopy.exe","4996","QueryStandardInformationFile","C:\Windows\System32\imm32.dll","SUCCESS","AllocationSize: 167,936, EndOfFile: 167,424, NumberOfLinks: 2, DeletePending: False, Directory: False"
|
|---|
| 272 | "10:34:13.0652695 a.m.","xcopy.exe","4996","CreateFileMapping","C:\Windows\System32\imm32.dll","SUCCESS","SyncType: SyncTypeOther"
|
|---|
| 273 | "10:34:13.0654191 a.m.","xcopy.exe","4996","CreateFile","C:\Windows\System32\msctf.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Read Attributes, Disposition: Open, Options: Non-Directory File, Complete If Oplocked, Attributes: N, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
|
|---|
| 274 | "10:34:13.0655184 a.m.","xcopy.exe","4996","SetBasicInformationFile","C:\Windows\System32\msctf.dll","SUCCESS","CreationTime: 1/01/1601 11:59:59 a.m., LastAccessTime: 1/01/1601 11:59:59 a.m., LastWriteTime: 1/01/1601 11:59:59 a.m., ChangeTime: 1/01/1601 11:59:59 a.m., FileAttributes: n/a"
|
|---|
| 275 | "10:34:13.0655400 a.m.","xcopy.exe","4996","QueryAttributeTagFile","C:\Windows\System32\msctf.dll","SUCCESS","Attributes: A, ReparseTag: 0x0"
|
|---|
| 276 | "10:34:13.0655587 a.m.","xcopy.exe","4996","QueryFileInternalInformationFile","C:\Windows\System32\msctf.dll","SUCCESS","IndexNumber: 0x10000000062a3"
|
|---|
| 277 | "10:34:13.0655778 a.m.","xcopy.exe","4996","CreateFileMapping","C:\Windows\System32\msctf.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: "
|
|---|
| 278 | "10:34:13.0655942 a.m.","xcopy.exe","4996","QueryStandardInformationFile","C:\Windows\System32\msctf.dll","SUCCESS","AllocationSize: 1,069,056, EndOfFile: 1,067,008, NumberOfLinks: 2, DeletePending: False, Directory: False"
|
|---|
| 279 | "10:34:13.0656493 a.m.","xcopy.exe","4996","CreateFileMapping","C:\Windows\System32\msctf.dll","SUCCESS","SyncType: SyncTypeOther"
|
|---|
| 280 | "10:34:13.0657802 a.m.","xcopy.exe","4996","CreateFile","C:\Windows\Globalization\Sorting\SortDefault.nls","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Read Attributes, Disposition: Open, Options: Non-Directory File, Complete If Oplocked, Attributes: N, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
|
|---|
| 281 | "10:34:13.0658318 a.m.","xcopy.exe","4996","SetBasicInformationFile","C:\Windows\Globalization\Sorting\SortDefault.nls","SUCCESS","CreationTime: 1/01/1601 11:59:59 a.m., LastAccessTime: 1/01/1601 11:59:59 a.m., LastWriteTime: 1/01/1601 11:59:59 a.m., ChangeTime: 1/01/1601 11:59:59 a.m., FileAttributes: n/a"
|
|---|
| 282 | "10:34:13.0658530 a.m.","xcopy.exe","4996","QueryAttributeTagFile","C:\Windows\Globalization\Sorting\SortDefault.nls","SUCCESS","Attributes: A, ReparseTag: 0x0"
|
|---|
| 283 | "10:34:13.0658713 a.m.","xcopy.exe","4996","QueryFileInternalInformationFile","C:\Windows\Globalization\Sorting\SortDefault.nls","SUCCESS","IndexNumber: 0x10000000046c8"
|
|---|
| 284 | "10:34:13.0658899 a.m.","xcopy.exe","4996","CreateFileMapping","C:\Windows\Globalization\Sorting\SortDefault.nls","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: "
|
|---|
| 285 | "10:34:13.0659059 a.m.","xcopy.exe","4996","QueryStandardInformationFile","C:\Windows\Globalization\Sorting\SortDefault.nls","SUCCESS","AllocationSize: 2,945,024, EndOfFile: 2,944,004, NumberOfLinks: 2, DeletePending: False, Directory: False"
|
|---|
| 286 | "10:34:13.0659411 a.m.","xcopy.exe","4996","CreateFileMapping","C:\Windows\Globalization\Sorting\SortDefault.nls","SUCCESS","SyncType: SyncTypeOther"
|
|---|
| 287 | "10:34:13.0662801 a.m.","xcopy.exe","4996","CloseFile","C:\Windows\System32\locale.nls","SUCCESS",""
|
|---|
| 288 | "10:34:13.0665051 a.m.","xcopy.exe","4996","CloseFile","C:\Windows\Globalization\Sorting\SortDefault.nls","SUCCESS",""
|
|---|
| 289 | "10:34:13.0666711 a.m.","xcopy.exe","4996","CreateFileMapping","C:\Windows\System32\ntdll.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: "
|
|---|
| 290 | "10:34:13.0669529 a.m.","xcopy.exe","4996","CreateFileMapping","C:\Windows\System32\ntdll.dll","SUCCESS","SyncType: SyncTypeOther"
|
|---|
| 291 | "10:34:13.0669919 a.m.","xcopy.exe","4996","CreateFileMapping","C:\Windows\System32\kernel32.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: "
|
|---|
| 292 | "10:34:13.0670877 a.m.","xcopy.exe","4996","CreateFileMapping","C:\Windows\System32\kernel32.dll","SUCCESS","SyncType: SyncTypeOther"
|
|---|
| 293 | "10:34:13.0671254 a.m.","xcopy.exe","4996","CreateFileMapping","C:\Windows\System32\apisetschema.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: "
|
|---|
| 294 | "10:34:13.0672091 a.m.","xcopy.exe","4996","CreateFileMapping","C:\Windows\System32\apisetschema.dll","SUCCESS","SyncType: SyncTypeOther"
|
|---|
| 295 | "10:34:13.0677900 a.m.","xcopy.exe","4996","CreateFileMapping","C:\Windows\System32\KernelBase.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: "
|
|---|
| 296 | "10:34:13.0678772 a.m.","xcopy.exe","4996","CreateFileMapping","C:\Windows\System32\KernelBase.dll","SUCCESS","SyncType: SyncTypeOther"
|
|---|
| 297 | "10:34:13.0679136 a.m.","xcopy.exe","4996","CreateFileMapping","C:\Windows\System32\xcopy.exe","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: "
|
|---|
| 298 | "10:34:13.0679873 a.m.","xcopy.exe","4996","CreateFileMapping","C:\Windows\System32\xcopy.exe","SUCCESS","SyncType: SyncTypeOther"
|
|---|
| 299 | "10:34:13.0680319 a.m.","xcopy.exe","4996","CreateFileMapping","C:\Windows\System32\advapi32.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: "
|
|---|
| 300 | "10:34:13.0681490 a.m.","xcopy.exe","4996","CreateFileMapping","C:\Windows\System32\advapi32.dll","SUCCESS","SyncType: SyncTypeOther"
|
|---|
| 301 | "10:34:13.0681854 a.m.","xcopy.exe","4996","CreateFileMapping","C:\Windows\System32\msvcrt.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: "
|
|---|
| 302 | "10:34:13.0682591 a.m.","xcopy.exe","4996","CreateFileMapping","C:\Windows\System32\msvcrt.dll","SUCCESS","SyncType: SyncTypeOther"
|
|---|
| 303 | "10:34:13.0683059 a.m.","xcopy.exe","4996","CreateFileMapping","C:\Windows\System32\sechost.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: "
|
|---|
| 304 | "10:34:13.0683904 a.m.","xcopy.exe","4996","CreateFileMapping","C:\Windows\System32\sechost.dll","SUCCESS","SyncType: SyncTypeOther"
|
|---|
| 305 | "10:34:13.0684260 a.m.","xcopy.exe","4996","CreateFileMapping","C:\Windows\System32\rpcrt4.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: "
|
|---|
| 306 | "10:34:13.0684295 a.m.","xcopy.exe","4996","CreateFileMapping","C:\Windows\System32\rpcrt4.dll","SUCCESS","SyncType: SyncTypeOther"
|
|---|
| 307 | "10:34:13.0685192 a.m.","xcopy.exe","4996","CreateFileMapping","C:\Windows\System32\ulib.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: "
|
|---|
| 308 | "10:34:13.0688218 a.m.","xcopy.exe","4996","CreateFileMapping","C:\Windows\System32\ulib.dll","SUCCESS","SyncType: SyncTypeOther"
|
|---|
| 309 | "10:34:13.0688912 a.m.","xcopy.exe","4996","CreateFileMapping","C:\Windows\System32\user32.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: "
|
|---|
| 310 | "10:34:13.0689935 a.m.","xcopy.exe","4996","CreateFileMapping","C:\Windows\System32\user32.dll","SUCCESS","SyncType: SyncTypeOther"
|
|---|
| 311 | "10:34:13.0690477 a.m.","xcopy.exe","4996","CreateFileMapping","C:\Windows\System32\gdi32.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: "
|
|---|
| 312 | "10:34:13.0691469 a.m.","xcopy.exe","4996","CreateFileMapping","C:\Windows\System32\gdi32.dll","SUCCESS","SyncType: SyncTypeOther"
|
|---|
| 313 | "10:34:13.0691860 a.m.","xcopy.exe","4996","CreateFileMapping","C:\Windows\System32\lpk.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: "
|
|---|
| 314 | "10:34:13.0692896 a.m.","xcopy.exe","4996","CreateFileMapping","C:\Windows\System32\lpk.dll","SUCCESS","SyncType: SyncTypeOther"
|
|---|
| 315 | "10:34:13.0693286 a.m.","xcopy.exe","4996","CreateFileMapping","C:\Windows\System32\usp10.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: "
|
|---|
| 316 | "10:34:13.0694201 a.m.","xcopy.exe","4996","CreateFileMapping","C:\Windows\System32\usp10.dll","SUCCESS","SyncType: SyncTypeOther"
|
|---|
| 317 | "10:34:13.0694582 a.m.","xcopy.exe","4996","CreateFileMapping","C:\Windows\System32\ifsutil.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: "
|
|---|
| 318 | "10:34:13.0695991 a.m.","xcopy.exe","4996","CreateFileMapping","C:\Windows\System32\ifsutil.dll","SUCCESS","SyncType: SyncTypeOther"
|
|---|
| 319 | "10:34:13.0696411 a.m.","xcopy.exe","4996","CreateFileMapping","C:\Windows\System32\cfgmgr32.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: "
|
|---|
| 320 | "10:34:13.0697335 a.m.","xcopy.exe","4996","CreateFileMapping","C:\Windows\System32\cfgmgr32.dll","SUCCESS","SyncType: SyncTypeOther"
|
|---|
| 321 | "10:34:13.0697751 a.m.","xcopy.exe","4996","CreateFileMapping","C:\Windows\System32\setupapi.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: "
|
|---|
| 322 | "10:34:13.0698674 a.m.","xcopy.exe","4996","CreateFileMapping","C:\Windows\System32\setupapi.dll","SUCCESS","SyncType: SyncTypeOther"
|
|---|
| 323 | "10:34:13.0699073 a.m.","xcopy.exe","4996","CreateFileMapping","C:\Windows\System32\oleaut32.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: "
|
|---|
| 324 | "10:34:13.0700044 a.m.","xcopy.exe","4996","CreateFileMapping","C:\Windows\System32\oleaut32.dll","SUCCESS","SyncType: SyncTypeOther"
|
|---|
| 325 | "10:34:13.0701713 a.m.","xcopy.exe","4996","CreateFileMapping","C:\Windows\System32\ole32.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: "
|
|---|
| 326 | "10:34:13.0702741 a.m.","xcopy.exe","4996","CreateFileMapping","C:\Windows\System32\ole32.dll","SUCCESS","SyncType: SyncTypeOther"
|
|---|
| 327 | "10:34:13.0703135 a.m.","xcopy.exe","4996","CreateFileMapping","C:\Windows\System32\devobj.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: "
|
|---|
| 328 | "10:34:13.0703929 a.m.","xcopy.exe","4996","CreateFileMapping","C:\Windows\System32\devobj.dll","SUCCESS","SyncType: SyncTypeOther"
|
|---|
| 329 | "10:34:13.0704319 a.m.","xcopy.exe","4996","CreateFileMapping","C:\Windows\System32\imm32.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: "
|
|---|
| 330 | "10:34:13.0705264 a.m.","xcopy.exe","4996","CreateFileMapping","C:\Windows\System32\imm32.dll","SUCCESS","SyncType: SyncTypeOther"
|
|---|
| 331 | "10:34:13.0705650 a.m.","xcopy.exe","4996","CreateFileMapping","C:\Windows\System32\msctf.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: "
|
|---|
| 332 | "10:34:13.0706872 a.m.","xcopy.exe","4996","CreateFileMapping","C:\Windows\System32\msctf.dll","SUCCESS","SyncType: SyncTypeOther"
|
|---|
| 333 | "10:34:13.0709174 a.m.","xcopy.exe","4996","CloseFile","C:\Windows\System32\ntdll.dll","SUCCESS",""
|
|---|
| 334 | "10:34:13.0712322 a.m.","xcopy.exe","4996","CloseFile","C:\Windows\System32\kernel32.dll","SUCCESS",""
|
|---|
| 335 | "10:34:13.0714069 a.m.","xcopy.exe","4996","CloseFile","C:\Windows\System32\apisetschema.dll","SUCCESS",""
|
|---|
| 336 | "10:34:13.0715638 a.m.","xcopy.exe","4996","CloseFile","C:\Windows\System32\KernelBase.dll","SUCCESS",""
|
|---|
| 337 | "10:34:13.0717064 a.m.","xcopy.exe","4996","CloseFile","C:\Windows\System32\xcopy.exe","SUCCESS",""
|
|---|
| 338 | "10:34:13.0718374 a.m.","xcopy.exe","4996","CloseFile","C:\Windows\System32\advapi32.dll","SUCCESS",""
|
|---|
| 339 | "10:34:13.0719050 a.m.","xcopy.exe","4996","CloseFile","C:\Windows\System32\msvcrt.dll","SUCCESS",""
|
|---|
| 340 | "10:34:13.0719817 a.m.","xcopy.exe","4996","CloseFile","C:\Windows\System32\sechost.dll","SUCCESS",""
|
|---|
| 341 | "10:34:13.0720463 a.m.","xcopy.exe","4996","CloseFile","C:\Windows\System32\rpcrt4.dll","SUCCESS",""
|
|---|
| 342 | "10:34:13.0721126 a.m.","xcopy.exe","4996","CloseFile","C:\Windows\System32\ulib.dll","SUCCESS",""
|
|---|
| 343 | "10:34:13.0721781 a.m.","xcopy.exe","4996","CloseFile","C:\Windows\System32\user32.dll","SUCCESS",""
|
|---|
| 344 | "10:34:13.0722444 a.m.","xcopy.exe","4996","CloseFile","C:\Windows\System32\gdi32.dll","SUCCESS",""
|
|---|
| 345 | "10:34:13.0723086 a.m.","xcopy.exe","4996","CloseFile","C:\Windows\System32\lpk.dll","SUCCESS",""
|
|---|
| 346 | "10:34:13.0724278 a.m.","xcopy.exe","4996","CloseFile","C:\Windows\System32\usp10.dll","SUCCESS",""
|
|---|
| 347 | "10:34:13.0725197 a.m.","xcopy.exe","4996","CloseFile","C:\Windows\System32\ifsutil.dll","SUCCESS",""
|
|---|
| 348 | "10:34:13.0725926 a.m.","xcopy.exe","4996","CloseFile","C:\Windows\System32\cfgmgr32.dll","SUCCESS",""
|
|---|
| 349 | "10:34:13.0726654 a.m.","xcopy.exe","4996","CloseFile","C:\Windows\System32\setupapi.dll","SUCCESS",""
|
|---|
| 350 | "10:34:13.0727404 a.m.","xcopy.exe","4996","CloseFile","C:\Windows\System32\oleaut32.dll","SUCCESS",""
|
|---|
| 351 | "10:34:13.0728314 a.m.","xcopy.exe","4996","CloseFile","C:\Windows\System32\ole32.dll","SUCCESS",""
|
|---|
| 352 | "10:34:13.0729012 a.m.","xcopy.exe","4996","CloseFile","C:\Windows\System32\devobj.dll","SUCCESS",""
|
|---|
| 353 | "10:34:13.0729701 a.m.","xcopy.exe","4996","CloseFile","C:\Windows\System32\imm32.dll","SUCCESS",""
|
|---|
| 354 | "10:34:13.0730399 a.m.","xcopy.exe","4996","CloseFile","C:\Windows\System32\msctf.dll","SUCCESS",""
|
|---|
| 355 | "10:34:13.0731106 a.m.","xcopy.exe","4996","CloseFile","C:","SUCCESS",""
|
|---|
| 356 | "10:34:13.0742972 a.m.","xcopy.exe","4996","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options","SUCCESS","Desired Access: Query Value, Enumerate Sub Keys"
|
|---|
| 357 | "10:34:13.0744259 a.m.","xcopy.exe","4996","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DisableUserModeCallbackFilter","NAME NOT FOUND","Length: 1,024"
|
|---|
| 358 | "10:34:13.0745234 a.m.","xcopy.exe","4996","RegOpenKey","HKLM\System\CurrentControlSet\Control\Session Manager","REPARSE","Desired Access: Read"
|
|---|
| 359 | "10:34:13.0745612 a.m.","xcopy.exe","4996","RegOpenKey","HKLM\System\CurrentControlSet\Control\Session Manager","SUCCESS","Desired Access: Read"
|
|---|
| 360 | "10:34:13.0746474 a.m.","xcopy.exe","4996","RegQueryValue","HKLM\System\CurrentControlSet\Control\SESSION MANAGER\CWDIllegalInDLLSearch","NAME NOT FOUND","Length: 1,024"
|
|---|
| 361 | "10:34:13.0747103 a.m.","xcopy.exe","4996","RegCloseKey","HKLM\System\CurrentControlSet\Control\SESSION MANAGER","SUCCESS",""
|
|---|
| 362 | "10:34:13.0755973 a.m.","xcopy.exe","4996","CreateFile","C:\my\commands","SUCCESS","Desired Access: Execute/Traverse, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
|
|---|
| 363 | "10:34:13.0764838 a.m.","xcopy.exe","4996","Load Image","C:\Windows\System32\kernel32.dll","SUCCESS","Image Base: 0x77570000, Image Size: 0x11f000"
|
|---|
| 364 | "10:34:13.0786263 a.m.","xcopy.exe","4996","Load Image","C:\Windows\System32\KernelBase.dll","SUCCESS","Image Base: 0x7fefd6d0000, Image Size: 0x6c000"
|
|---|
| 365 | "10:34:13.0851625 a.m.","xcopy.exe","4996","RegOpenKey","HKLM\System\CurrentControlSet\Control\SafeBoot\Option","REPARSE","Desired Access: Query Value, Set Value"
|
|---|
| 366 | "10:34:13.0853549 a.m.","xcopy.exe","4996","RegOpenKey","HKLM\System\CurrentControlSet\Control\SafeBoot\Option","NAME NOT FOUND","Desired Access: Query Value, Set Value"
|
|---|
| 367 | "10:34:13.0854148 a.m.","xcopy.exe","4996","RegOpenKey","HKLM\System\CurrentControlSet\Control\Srp\GP\DLL","REPARSE","Desired Access: Read"
|
|---|
| 368 | "10:34:13.0854872 a.m.","xcopy.exe","4996","RegOpenKey","HKLM\System\CurrentControlSet\Control\Srp\GP\DLL","NAME NOT FOUND","Desired Access: Read"
|
|---|
| 369 | "10:34:13.0855448 a.m.","xcopy.exe","4996","RegOpenKey","HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers","SUCCESS","Desired Access: Query Value"
|
|---|
| 370 | "10:34:13.0857586 a.m.","xcopy.exe","4996","RegQueryValue","HKLM\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\TransparentEnabled","NAME NOT FOUND","Length: 80"
|
|---|
| 371 | "10:34:13.0857759 a.m.","xcopy.exe","4996","RegCloseKey","HKLM\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers","SUCCESS",""
|
|---|
| 372 | "10:34:13.0858106 a.m.","xcopy.exe","4996","RegOpenKey","HKCU\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers","NAME NOT FOUND","Desired Access: Query Value"
|
|---|
| 373 | "10:34:13.0865939 a.m.","xcopy.exe","4996","Load Image","C:\Windows\System32\advapi32.dll","SUCCESS","Image Base: 0x7fefed60000, Image Size: 0xdb000"
|
|---|
| 374 | "10:34:13.0872780 a.m.","xcopy.exe","4996","Load Image","C:\Windows\System32\msvcrt.dll","SUCCESS","Image Base: 0x7fefdd20000, Image Size: 0x9f000"
|
|---|
| 375 | "10:34:13.0881802 a.m.","xcopy.exe","4996","CreateFile","C:\Windows\System32\sechost.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
|
|---|
| 376 | "10:34:13.0882964 a.m.","xcopy.exe","4996","QueryBasicInformationFile","C:\Windows\System32\sechost.dll","SUCCESS","CreationTime: 14/07/2009 11:20:52 a.m., LastAccessTime: 14/07/2009 11:20:52 a.m., LastWriteTime: 14/07/2009 1:41:53 p.m., ChangeTime: 17/06/2011 5:50:13 p.m., FileAttributes: A"
|
|---|
| 377 | "10:34:13.0888578 a.m.","xcopy.exe","4996","CloseFile","C:\Windows\System32\sechost.dll","SUCCESS",""
|
|---|
| 378 | "10:34:13.0891179 a.m.","xcopy.exe","4996","CreateFile","C:\Windows\System32\sechost.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
|
|---|
| 379 | "10:34:13.0895319 a.m.","xcopy.exe","4996","CreateFileMapping","C:\Windows\System32\sechost.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: "
|
|---|
| 380 | "10:34:13.0896151 a.m.","xcopy.exe","4996","CreateFileMapping","C:\Windows\System32\sechost.dll","SUCCESS","SyncType: SyncTypeOther"
|
|---|
| 381 | "10:34:13.0900816 a.m.","xcopy.exe","4996","Load Image","C:\Windows\System32\sechost.dll","SUCCESS","Image Base: 0x7fefefa0000, Image Size: 0x1f000"
|
|---|
| 382 | "10:34:13.0901068 a.m.","xcopy.exe","4996","CloseFile","C:\Windows\System32\sechost.dll","SUCCESS",""
|
|---|
| 383 | "10:34:13.0908329 a.m.","xcopy.exe","4996","Load Image","C:\Windows\System32\rpcrt4.dll","SUCCESS","Image Base: 0x7fefec30000, Image Size: 0x12d000"
|
|---|
| 384 | "10:34:13.1449535 a.m.","xcopy.exe","4996","CreateFile","C:\Windows\System32\ulib.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
|
|---|
| 385 | "10:34:13.1455180 a.m.","xcopy.exe","4996","QueryBasicInformationFile","C:\Windows\System32\ulib.dll","SUCCESS","CreationTime: 14/07/2009 11:25:05 a.m., LastAccessTime: 14/07/2009 11:25:05 a.m., LastWriteTime: 14/07/2009 1:41:55 p.m., ChangeTime: 17/06/2011 5:50:20 p.m., FileAttributes: A"
|
|---|
| 386 | "10:34:13.1457222 a.m.","xcopy.exe","4996","CloseFile","C:\Windows\System32\ulib.dll","SUCCESS",""
|
|---|
| 387 | "10:34:13.1463274 a.m.","xcopy.exe","4996","CreateFile","C:\Windows\System32\ulib.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
|
|---|
| 388 | "10:34:13.1469057 a.m.","xcopy.exe","4996","CreateFileMapping","C:\Windows\System32\ulib.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: "
|
|---|
| 389 | "10:34:13.1472130 a.m.","xcopy.exe","4996","CreateFileMapping","C:\Windows\System32\ulib.dll","SUCCESS","SyncType: SyncTypeOther"
|
|---|
| 390 | "10:34:13.1482743 a.m.","xcopy.exe","4996","Load Image","C:\Windows\System32\ulib.dll","SUCCESS","Image Base: 0x7fef2240000, Image Size: 0x28000"
|
|---|
| 391 | "10:34:13.1483055 a.m.","xcopy.exe","4996","CloseFile","C:\Windows\System32\ulib.dll","SUCCESS",""
|
|---|
| 392 | "10:34:13.1511282 a.m.","xcopy.exe","4996","Load Image","C:\Windows\System32\user32.dll","SUCCESS","Image Base: 0x778a0000, Image Size: 0xfa000"
|
|---|
| 393 | "10:34:13.1525193 a.m.","xcopy.exe","4996","Load Image","C:\Windows\System32\gdi32.dll","SUCCESS","Image Base: 0x7fefd8e0000, Image Size: 0x67000"
|
|---|
| 394 | "10:34:13.1533942 a.m.","xcopy.exe","4996","Load Image","C:\Windows\System32\lpk.dll","SUCCESS","Image Base: 0x7fefd740000, Image Size: 0xe000"
|
|---|
| 395 | "10:34:13.1559701 a.m.","xcopy.exe","4996","Load Image","C:\Windows\System32\usp10.dll","SUCCESS","Image Base: 0x7fefdc50000, Image Size: 0xc9000"
|
|---|
| 396 | "10:34:13.1569234 a.m.","xcopy.exe","4996","CreateFile","C:\Windows\System32\ifsutil.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
|
|---|
| 397 | "10:34:13.1571302 a.m.","xcopy.exe","4996","QueryBasicInformationFile","C:\Windows\System32\ifsutil.dll","SUCCESS","CreationTime: 21/11/2010 3:23:48 p.m., LastAccessTime: 21/11/2010 3:23:48 p.m., LastWriteTime: 21/11/2010 3:23:48 p.m., ChangeTime: 17/06/2011 5:49:36 p.m., FileAttributes: A"
|
|---|
| 398 | "10:34:13.1572035 a.m.","xcopy.exe","4996","CloseFile","C:\Windows\System32\ifsutil.dll","SUCCESS",""
|
|---|
| 399 | "10:34:13.1574198 a.m.","xcopy.exe","4996","CreateFile","C:\Windows\System32\ifsutil.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
|
|---|
| 400 | "10:34:13.1578646 a.m.","xcopy.exe","4996","CreateFileMapping","C:\Windows\System32\ifsutil.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: "
|
|---|
| 401 | "10:34:13.1580645 a.m.","xcopy.exe","4996","CreateFileMapping","C:\Windows\System32\ifsutil.dll","SUCCESS","SyncType: SyncTypeOther"
|
|---|
| 402 | "10:34:13.1586176 a.m.","xcopy.exe","4996","Load Image","C:\Windows\System32\ifsutil.dll","SUCCESS","Image Base: 0x7fef2270000, Image Size: 0x30000"
|
|---|
| 403 | "10:34:13.1586415 a.m.","xcopy.exe","4996","CloseFile","C:\Windows\System32\ifsutil.dll","SUCCESS",""
|
|---|
| 404 | "10:34:13.1596412 a.m.","xcopy.exe","4996","Load Image","C:\Windows\System32\cfgmgr32.dll","SUCCESS","Image Base: 0x7fefd590000, Image Size: 0x36000"
|
|---|
| 405 | "10:34:13.1602880 a.m.","xcopy.exe","4996","Load Image","C:\Windows\System32\setupapi.dll","SUCCESS","Image Base: 0x7fefefc0000, Image Size: 0x1d7000"
|
|---|
| 406 | "10:34:13.1611477 a.m.","xcopy.exe","4996","Load Image","C:\Windows\System32\oleaut32.dll","SUCCESS","Image Base: 0x7fefd950000, Image Size: 0xd7000"
|
|---|
| 407 | "10:34:13.1616419 a.m.","xcopy.exe","4996","Load Image","C:\Windows\System32\ole32.dll","SUCCESS","Image Base: 0x7fefda40000, Image Size: 0x203000"
|
|---|
| 408 | "10:34:13.1635455 a.m.","xcopy.exe","4996","Load Image","C:\Windows\System32\devobj.dll","SUCCESS","Image Base: 0x7fefd610000, Image Size: 0x1a000"
|
|---|
| 409 | "10:34:13.1672893 a.m.","xcopy.exe","4996","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\Sorting\Versions","REPARSE","Desired Access: Read"
|
|---|
| 410 | "10:34:13.1674042 a.m.","xcopy.exe","4996","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\Sorting\Versions","SUCCESS","Desired Access: Read"
|
|---|
| 411 | "10:34:13.1674745 a.m.","xcopy.exe","4996","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\Sorting\Versions\(Default)","SUCCESS","Type: REG_SZ, Length: 36, Data: 00060101.00060101"
|
|---|
| 412 | "10:34:13.1683159 a.m.","xcopy.exe","4996","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: Read"
|
|---|
| 413 | "10:34:13.1684083 a.m.","xcopy.exe","4996","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
|
|---|
| 414 | "10:34:13.1684278 a.m.","xcopy.exe","4996","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\Diagnostics","NAME NOT FOUND","Desired Access: Read"
|
|---|
| 415 | "10:34:13.1688986 a.m.","xcopy.exe","4996","RegOpenKey","HKLM\System\CurrentControlSet\Control\Session Manager","REPARSE","Desired Access: Query Value"
|
|---|
| 416 | "10:34:13.1689233 a.m.","xcopy.exe","4996","RegOpenKey","HKLM\System\CurrentControlSet\Control\Session Manager","SUCCESS","Desired Access: Query Value"
|
|---|
| 417 | "10:34:13.1689567 a.m.","xcopy.exe","4996","RegQueryValue","HKLM\System\CurrentControlSet\Control\SESSION MANAGER\SafeDllSearchMode","NAME NOT FOUND","Length: 16"
|
|---|
| 418 | "10:34:13.1711563 a.m.","xcopy.exe","4996","CreateFile","C:\Windows\System32\imm32.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
|
|---|
| 419 | "10:34:13.1713068 a.m.","xcopy.exe","4996","QueryBasicInformationFile","C:\Windows\System32\imm32.dll","SUCCESS","CreationTime: 14/07/2009 11:38:08 a.m., LastAccessTime: 14/07/2009 11:38:08 a.m., LastWriteTime: 14/07/2009 1:41:09 p.m., ChangeTime: 17/06/2011 5:49:38 p.m., FileAttributes: A"
|
|---|
| 420 | "10:34:13.1715734 a.m.","xcopy.exe","4996","CloseFile","C:\Windows\System32\imm32.dll","SUCCESS",""
|
|---|
| 421 | "10:34:13.1719193 a.m.","xcopy.exe","4996","CreateFile","C:\Windows\System32\imm32.dll","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
|
|---|
| 422 | "10:34:13.1724773 a.m.","xcopy.exe","4996","CreateFileMapping","C:\Windows\System32\imm32.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: "
|
|---|
| 423 | "10:34:13.1724946 a.m.","xcopy.exe","4996","QueryStandardInformationFile","C:\Windows\System32\imm32.dll","SUCCESS","AllocationSize: 167,936, EndOfFile: 167,424, NumberOfLinks: 2, DeletePending: False, Directory: False"
|
|---|
| 424 | "10:34:13.1725306 a.m.","xcopy.exe","4996","CreateFileMapping","C:\Windows\System32\imm32.dll","SUCCESS","SyncType: SyncTypeOther"
|
|---|
| 425 | "10:34:13.1727829 a.m.","xcopy.exe","4996","CloseFile","C:\Windows\System32\imm32.dll","SUCCESS",""
|
|---|
| 426 | "10:34:13.1730057 a.m.","xcopy.exe","4996","CreateFile","C:\Windows\System32\imm32.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
|
|---|
| 427 | "10:34:13.1731224 a.m.","xcopy.exe","4996","QueryBasicInformationFile","C:\Windows\System32\imm32.dll","SUCCESS","CreationTime: 14/07/2009 11:38:08 a.m., LastAccessTime: 14/07/2009 11:38:08 a.m., LastWriteTime: 14/07/2009 1:41:09 p.m., ChangeTime: 17/06/2011 5:49:38 p.m., FileAttributes: A"
|
|---|
| 428 | "10:34:13.1731449 a.m.","xcopy.exe","4996","CloseFile","C:\Windows\System32\imm32.dll","SUCCESS",""
|
|---|
| 429 | "10:34:13.1732641 a.m.","xcopy.exe","4996","CreateFile","C:\Windows\System32\imm32.dll","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
|
|---|
| 430 | "10:34:13.1736729 a.m.","xcopy.exe","4996","CreateFileMapping","C:\Windows\System32\imm32.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: "
|
|---|
| 431 | "10:34:13.1736894 a.m.","xcopy.exe","4996","QueryStandardInformationFile","C:\Windows\System32\imm32.dll","SUCCESS","AllocationSize: 167,936, EndOfFile: 167,424, NumberOfLinks: 2, DeletePending: False, Directory: False"
|
|---|
| 432 | "10:34:13.1737232 a.m.","xcopy.exe","4996","CreateFileMapping","C:\Windows\System32\imm32.dll","SUCCESS","SyncType: SyncTypeOther"
|
|---|
| 433 | "10:34:13.1740471 a.m.","xcopy.exe","4996","CloseFile","C:\Windows\System32\imm32.dll","SUCCESS",""
|
|---|
| 434 | "10:34:13.1743002 a.m.","xcopy.exe","4996","CreateFile","C:\Windows\System32\imm32.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
|
|---|
| 435 | "10:34:13.1743978 a.m.","xcopy.exe","4996","QueryBasicInformationFile","C:\Windows\System32\imm32.dll","SUCCESS","CreationTime: 14/07/2009 11:38:08 a.m., LastAccessTime: 14/07/2009 11:38:08 a.m., LastWriteTime: 14/07/2009 1:41:09 p.m., ChangeTime: 17/06/2011 5:49:38 p.m., FileAttributes: A"
|
|---|
| 436 | "10:34:13.1744173 a.m.","xcopy.exe","4996","CloseFile","C:\Windows\System32\imm32.dll","SUCCESS",""
|
|---|
| 437 | "10:34:13.1745291 a.m.","xcopy.exe","4996","CreateFile","C:\Windows\System32\imm32.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
|
|---|
| 438 | "10:34:13.1748387 a.m.","xcopy.exe","4996","CreateFileMapping","C:\Windows\System32\imm32.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: "
|
|---|
| 439 | "10:34:13.1749089 a.m.","xcopy.exe","4996","CreateFileMapping","C:\Windows\System32\imm32.dll","SUCCESS","SyncType: SyncTypeOther"
|
|---|
| 440 | "10:34:13.1761917 a.m.","xcopy.exe","4996","Load Image","C:\Windows\System32\imm32.dll","SUCCESS","Image Base: 0x7fefee40000, Image Size: 0x2e000"
|
|---|
| 441 | "10:34:13.1762519 a.m.","xcopy.exe","4996","CloseFile","C:\Windows\System32\imm32.dll","SUCCESS",""
|
|---|
| 442 | "10:34:13.1778997 a.m.","xcopy.exe","4996","Load Image","C:\Windows\System32\msctf.dll","SUCCESS","Image Base: 0x7fefee90000, Image Size: 0x109000"
|
|---|
| 443 | "10:34:13.1791153 a.m.","xcopy.exe","4996","RegOpenKey","HKLM\System\CurrentControlSet\Control\Error Message Instrument","REPARSE","Desired Access: Read"
|
|---|
| 444 | "10:34:13.1792003 a.m.","xcopy.exe","4996","RegOpenKey","HKLM\System\CurrentControlSet\Control\Error Message Instrument","NAME NOT FOUND","Desired Access: Read"
|
|---|
| 445 | "10:34:13.1793616 a.m.","xcopy.exe","4996","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\GRE_Initialize","SUCCESS","Desired Access: Read"
|
|---|
| 446 | "10:34:13.1794487 a.m.","xcopy.exe","4996","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles","NAME NOT FOUND","Length: 20"
|
|---|
| 447 | "10:34:13.1795272 a.m.","xcopy.exe","4996","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize","SUCCESS",""
|
|---|
| 448 | "10:34:13.1802234 a.m.","xcopy.exe","4996","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\Compatibility32","SUCCESS","Desired Access: Read"
|
|---|
| 449 | "10:34:13.1802915 a.m.","xcopy.exe","4996","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Compatibility32\xcopy","NAME NOT FOUND","Length: 172"
|
|---|
| 450 | "10:34:13.1803283 a.m.","xcopy.exe","4996","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Compatibility32","SUCCESS",""
|
|---|
| 451 | "10:34:13.1804410 a.m.","xcopy.exe","4996","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\IME Compatibility","NAME NOT FOUND","Desired Access: Read"
|
|---|
| 452 | "10:34:13.1810675 a.m.","xcopy.exe","4996","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
|
|---|
| 453 | "10:34:13.1812708 a.m.","xcopy.exe","4996","RegOpenKey","HKCU\Control Panel\Desktop\MuiCached\MachineLanguageConfiguration","NAME NOT FOUND","Desired Access: Read"
|
|---|
| 454 | "10:34:13.1814134 a.m.","xcopy.exe","4996","RegCloseKey","HKCU","SUCCESS",""
|
|---|
| 455 | "10:34:13.1815079 a.m.","xcopy.exe","4996","RegOpenKey","HKLM\Software\Policies\Microsoft\MUI\Settings","NAME NOT FOUND","Desired Access: Read"
|
|---|
| 456 | "10:34:13.1816232 a.m.","xcopy.exe","4996","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
|
|---|
| 457 | "10:34:13.1817095 a.m.","xcopy.exe","4996","RegOpenKey","HKCU\Software\Policies\Microsoft\Control Panel\Desktop","NAME NOT FOUND","Desired Access: Read"
|
|---|
| 458 | "10:34:13.1818079 a.m.","xcopy.exe","4996","RegOpenKey","HKCU\Control Panel\Desktop\LanguageConfiguration","SUCCESS","Desired Access: Read"
|
|---|
| 459 | "10:34:13.1819206 a.m.","xcopy.exe","4996","RegEnumValue","HKCU\Control Panel\Desktop\LanguageConfiguration","NO MORE ENTRIES","Index: 0, Length: 512"
|
|---|
| 460 | "10:34:13.1819887 a.m.","xcopy.exe","4996","RegCloseKey","HKCU\Control Panel\Desktop\LanguageConfiguration","SUCCESS",""
|
|---|
| 461 | "10:34:13.1820433 a.m.","xcopy.exe","4996","RegCloseKey","HKCU","SUCCESS",""
|
|---|
| 462 | "10:34:13.1821049 a.m.","xcopy.exe","4996","RegOpenKey","HKLM\Software\Policies\Microsoft\MUI\Settings","NAME NOT FOUND","Desired Access: Read"
|
|---|
| 463 | "10:34:13.1821370 a.m.","xcopy.exe","4996","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
|
|---|
| 464 | "10:34:13.1821651 a.m.","xcopy.exe","4996","RegOpenKey","HKCU\Software\Policies\Microsoft\Control Panel\Desktop","NAME NOT FOUND","Desired Access: Read"
|
|---|
| 465 | "10:34:13.1821899 a.m.","xcopy.exe","4996","RegOpenKey","HKCU\Control Panel\Desktop","SUCCESS","Desired Access: Read"
|
|---|
| 466 | "10:34:13.1822159 a.m.","xcopy.exe","4996","RegQueryValue","HKCU\Control Panel\Desktop\PreferredUILanguages","NAME NOT FOUND","Length: 12"
|
|---|
| 467 | "10:34:13.1822675 a.m.","xcopy.exe","4996","RegCloseKey","HKCU\Control Panel\Desktop","SUCCESS",""
|
|---|
| 468 | "10:34:13.1822887 a.m.","xcopy.exe","4996","RegCloseKey","HKCU","SUCCESS",""
|
|---|
| 469 | "10:34:13.1823130 a.m.","xcopy.exe","4996","RegOpenKey","HKLM\Software\Policies\Microsoft\MUI\Settings","NAME NOT FOUND","Desired Access: Read"
|
|---|
| 470 | "10:34:13.1823446 a.m.","xcopy.exe","4996","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
|
|---|
| 471 | "10:34:13.1823719 a.m.","xcopy.exe","4996","RegOpenKey","HKCU\Control Panel\Desktop\MuiCached","SUCCESS","Desired Access: Read"
|
|---|
| 472 | "10:34:13.1824175 a.m.","xcopy.exe","4996","RegQueryValue","HKCU\Control Panel\Desktop\MuiCached\MachinePreferredUILanguages","BUFFER OVERFLOW","Length: 12"
|
|---|
| 473 | "10:34:13.1824413 a.m.","xcopy.exe","4996","RegQueryValue","HKCU\Control Panel\Desktop\MuiCached\MachinePreferredUILanguages","SUCCESS","Type: REG_MULTI_SZ, Length: 12, Data: en-US"
|
|---|
| 474 | "10:34:13.1824677 a.m.","xcopy.exe","4996","RegCloseKey","HKCU\Control Panel\Desktop\MuiCached","SUCCESS",""
|
|---|
| 475 | "10:34:13.1824890 a.m.","xcopy.exe","4996","RegCloseKey","HKCU","SUCCESS",""
|
|---|
| 476 | "10:34:13.1831796 a.m.","xcopy.exe","4996","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
|
|---|
| 477 | "10:34:13.1832043 a.m.","xcopy.exe","4996","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows","SUCCESS","Desired Access: Read"
|
|---|
| 478 | "10:34:13.1832554 a.m.","xcopy.exe","4996","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\LoadAppInit_DLLs","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
|
|---|
| 479 | "10:34:13.1832901 a.m.","xcopy.exe","4996","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows","SUCCESS",""
|
|---|
| 480 | "10:34:13.1858267 a.m.","xcopy.exe","4996","ReadFile","C:\Windows\System32\ulib.dll","SUCCESS","Offset: 133,632, Length: 1,024, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O, Priority: Normal"
|
|---|
| 481 | "10:34:13.1999096 a.m.","xcopy.exe","4996","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","REPARSE","Desired Access: Read"
|
|---|
| 482 | "10:34:13.2003496 a.m.","xcopy.exe","4996","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","Desired Access: Read"
|
|---|
| 483 | "10:34:13.2005754 a.m.","xcopy.exe","4996","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale\en-NZ","NAME NOT FOUND","Length: 532"
|
|---|
| 484 | "10:34:13.2008685 a.m.","xcopy.exe","4996","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS",""
|
|---|
| 485 | "10:34:13.2009569 a.m.","xcopy.exe","4996","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","REPARSE","Desired Access: Read"
|
|---|
| 486 | "10:34:13.2010315 a.m.","xcopy.exe","4996","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","Desired Access: Read"
|
|---|
| 487 | "10:34:13.2011204 a.m.","xcopy.exe","4996","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale\en-NZ","NAME NOT FOUND","Length: 532"
|
|---|
| 488 | "10:34:13.2011819 a.m.","xcopy.exe","4996","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS",""
|
|---|
| 489 | "10:34:13.2015643 a.m.","xcopy.exe","4996","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\Locale","REPARSE","Desired Access: Read"
|
|---|
| 490 | "10:34:13.2017104 a.m.","xcopy.exe","4996","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\Locale","SUCCESS","Desired Access: Read"
|
|---|
| 491 | "10:34:13.2017915 a.m.","xcopy.exe","4996","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\Locale\Alternate Sorts","REPARSE","Desired Access: Read"
|
|---|
| 492 | "10:34:13.2018136 a.m.","xcopy.exe","4996","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\Locale\Alternate Sorts","SUCCESS","Desired Access: Read"
|
|---|
| 493 | "10:34:13.2018682 a.m.","xcopy.exe","4996","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\Language Groups","REPARSE","Desired Access: Read"
|
|---|
| 494 | "10:34:13.2019024 a.m.","xcopy.exe","4996","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\Language Groups","SUCCESS","Desired Access: Read"
|
|---|
| 495 | "10:34:13.2019722 a.m.","xcopy.exe","4996","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\Locale\00001409","SUCCESS","Type: REG_SZ, Length: 4, Data: 1"
|
|---|
| 496 | "10:34:13.2020290 a.m.","xcopy.exe","4996","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\Language Groups\1","SUCCESS","Type: REG_SZ, Length: 4, Data: 1"
|
|---|
| 497 | "10:34:13.2026169 a.m.","xcopy.exe","4996","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\Locale\00001409","SUCCESS","Type: REG_SZ, Length: 4, Data: 1"
|
|---|
| 498 | "10:34:13.2026438 a.m.","xcopy.exe","4996","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\Language Groups\1","SUCCESS","Type: REG_SZ, Length: 4, Data: 1"
|
|---|
| 499 | "10:34:13.2033686 a.m.","xcopy.exe","4996","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
|
|---|
| 500 | "10:34:13.2034540 a.m.","xcopy.exe","4996","RegOpenKey","HKLM\SOFTWARE\Microsoft\OLE","SUCCESS","Desired Access: Read"
|
|---|
| 501 | "10:34:13.2042348 a.m.","xcopy.exe","4996","RegQueryValue","HKLM\SOFTWARE\Microsoft\OLE\PageAllocatorUseSystemHeap","NAME NOT FOUND","Length: 144"
|
|---|
| 502 | "10:34:13.2042959 a.m.","xcopy.exe","4996","RegCloseKey","HKLM\SOFTWARE\Microsoft\OLE","SUCCESS",""
|
|---|
| 503 | "10:34:13.2043804 a.m.","xcopy.exe","4996","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
|
|---|
| 504 | "10:34:13.2044342 a.m.","xcopy.exe","4996","RegOpenKey","HKLM\SOFTWARE\Microsoft\OLE","SUCCESS","Desired Access: Read"
|
|---|
| 505 | "10:34:13.2044880 a.m.","xcopy.exe","4996","RegQueryValue","HKLM\SOFTWARE\Microsoft\OLE\PageAllocatorSystemHeapIsPrivate","NAME NOT FOUND","Length: 144"
|
|---|
| 506 | "10:34:13.2261566 a.m.","xcopy.exe","4996","RegCloseKey","HKLM\SOFTWARE\Microsoft\OLE","SUCCESS",""
|
|---|
| 507 | "10:34:13.2267965 a.m.","xcopy.exe","4996","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
|
|---|
| 508 | "10:34:13.2268307 a.m.","xcopy.exe","4996","RegOpenKey","HKLM\Software\Microsoft\OLE\Tracing","NAME NOT FOUND","Desired Access: Read"
|
|---|
| 509 | "10:34:13.2288938 a.m.","xcopy.exe","4996","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
|
|---|
| 510 | "10:34:13.2289498 a.m.","xcopy.exe","4996","RegOpenKey","HKLM\SOFTWARE\Microsoft\OLEAUT","NAME NOT FOUND","Desired Access: Query Value"
|
|---|
| 511 | "10:34:13.2290026 a.m.","xcopy.exe","4996","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
|
|---|
| 512 | "10:34:13.2290208 a.m.","xcopy.exe","4996","RegOpenKey","HKLM\SOFTWARE\Microsoft\OLEAUT","NAME NOT FOUND","Desired Access: Query Value"
|
|---|
| 513 | "10:34:13.2302035 a.m.","xcopy.exe","4996","RegOpenKey","HKLM\Software\Microsoft\Windows\Windows Error Reporting\WMR","SUCCESS","Desired Access: Query Value"
|
|---|
| 514 | "10:34:13.2303396 a.m.","xcopy.exe","4996","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\Windows Error Reporting\WMR\Disable","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1"
|
|---|
| 515 | "10:34:13.2303622 a.m.","xcopy.exe","4996","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows\Windows Error Reporting\WMR","SUCCESS",""
|
|---|
| 516 | "10:34:13.2304085 a.m.","xcopy.exe","4996","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
|
|---|
| 517 | "10:34:13.2304289 a.m.","xcopy.exe","4996","RegOpenKey","HKLM\Software\Microsoft\Windows\CurrentVersion\Setup","SUCCESS","Desired Access: Read"
|
|---|
| 518 | "10:34:13.2305395 a.m.","xcopy.exe","4996","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\SourcePath","NAME NOT FOUND","Length: 144"
|
|---|
| 519 | "10:34:13.2415825 a.m.","xcopy.exe","4996","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup","SUCCESS",""
|
|---|
| 520 | "10:34:13.2634267 a.m.","xcopy.exe","4996","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
|
|---|
| 521 | "10:34:13.2634996 a.m.","xcopy.exe","4996","RegOpenKey","HKLM\Software\Microsoft\Windows\CurrentVersion","SUCCESS","Desired Access: Read"
|
|---|
| 522 | "10:34:13.2636587 a.m.","xcopy.exe","4996","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\DevicePath","SUCCESS","Type: REG_EXPAND_SZ, Length: 34, Data: %SystemRoot%\inf"
|
|---|
| 523 | "10:34:13.2640770 a.m.","xcopy.exe","4996","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion","SUCCESS",""
|
|---|
| 524 | "10:34:13.2648491 a.m.","xcopy.exe","4996","ReadFile","C:\Windows\System32\ifsutil.dll","SUCCESS","Offset: 173,056, Length: 5,632, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O, Priority: Normal"
|
|---|
| 525 | "10:34:13.2880606 a.m.","xcopy.exe","4996","ReadFile","C:\Windows\System32\ifsutil.dll","SUCCESS","Offset: 144,384, Length: 27,648, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O, Priority: Normal"
|
|---|
| 526 | "10:34:13.3503791 a.m.","xcopy.exe","4996","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\6b1db052-734f-4e23-af5e-6cd8ae459f98","NAME NOT FOUND","Length: 524"
|
|---|
| 527 | "10:34:13.3515050 a.m.","xcopy.exe","4996","QueryNameInformationFile","C:\Windows\System32\xcopy.exe","SUCCESS","Name: \Windows\System32\xcopy.exe"
|
|---|
| 528 | "10:34:13.3541807 a.m.","xcopy.exe","4996","CreateFile","C:\Windows\Globalization\Sorting\SortDefault.nls","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Disallow Exclusive, Attributes: N, ShareMode: Read, AllocationSize: n/a, OpenResult: Opened"
|
|---|
| 529 | "10:34:13.3542544 a.m.","xcopy.exe","4996","CreateFileMapping","C:\Windows\Globalization\Sorting\SortDefault.nls","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: "
|
|---|
| 530 | "10:34:13.3543441 a.m.","xcopy.exe","4996","QueryStandardInformationFile","C:\Windows\Globalization\Sorting\SortDefault.nls","SUCCESS","AllocationSize: 2,945,024, EndOfFile: 2,944,004, NumberOfLinks: 2, DeletePending: False, Directory: False"
|
|---|
| 531 | "10:34:13.3545101 a.m.","xcopy.exe","4996","CreateFileMapping","C:\Windows\Globalization\Sorting\SortDefault.nls","SUCCESS","SyncType: SyncTypeOther"
|
|---|
| 532 | "10:34:13.3546922 a.m.","xcopy.exe","4996","CloseFile","C:\Windows\Globalization\Sorting\SortDefault.nls","SUCCESS",""
|
|---|
| 533 | "10:34:13.3585909 a.m.","xcopy.exe","4996","CreateFile","\\vboxsvr\DataShared\","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
|
|---|
| 534 | "10:34:13.3592632 a.m.","xcopy.exe","4996","QueryBasicInformationFile","\\vboxsvr\DataShared\","SUCCESS","CreationTime: 21/06/2011 12:00:00 p.m., LastAccessTime: 28/07/2011 12:20:30 p.m., LastWriteTime: 21/06/2011 12:00:00 p.m., ChangeTime: 21/06/2011 12:00:00 p.m., FileAttributes: D"
|
|---|
| 535 | "10:34:13.3592979 a.m.","xcopy.exe","4996","CloseFile","\\vboxsvr\DataShared\","SUCCESS",""
|
|---|
| 536 | "10:34:13.3602031 a.m.","xcopy.exe","4996","CreateFile","\\vboxsvr\DataShared\","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
|
|---|
| 537 | "10:34:13.3607832 a.m.","xcopy.exe","4996","QueryBasicInformationFile","\\vboxsvr\DataShared\","SUCCESS","CreationTime: 21/06/2011 12:00:00 p.m., LastAccessTime: 28/07/2011 12:20:30 p.m., LastWriteTime: 21/06/2011 12:00:00 p.m., ChangeTime: 21/06/2011 12:00:00 p.m., FileAttributes: D"
|
|---|
| 538 | "10:34:13.3608048 a.m.","xcopy.exe","4996","CloseFile","\\vboxsvr\DataShared\","SUCCESS",""
|
|---|
| 539 | "10:34:13.3619216 a.m.","xcopy.exe","4996","CreateFile","\\vboxsvr\DataShared\temp","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
|
|---|
| 540 | "10:34:13.3621115 a.m.","xcopy.exe","4996","QueryDirectory","\\vboxsvr\DataShared\temp\temp.exe","SUCCESS","Filter: temp.exe, 1: temp.exe"
|
|---|
| 541 | "10:34:13.3625272 a.m.","xcopy.exe","4996","CloseFile","\\vboxsvr\DataShared\temp","SUCCESS",""
|
|---|
| 542 | "10:34:13.3633995 a.m.","xcopy.exe","4996","CreateFile","\\vboxsvr\DataShared\temp","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
|
|---|
| 543 | "10:34:13.3635698 a.m.","xcopy.exe","4996","QueryDirectory","\\vboxsvr\DataShared\temp\temp.exe","SUCCESS","Filter: temp.exe, 1: temp.exe"
|
|---|
| 544 | "10:34:13.3639470 a.m.","xcopy.exe","4996","CloseFile","\\vboxsvr\DataShared\temp","SUCCESS",""
|
|---|
| 545 | "10:34:13.3644785 a.m.","xcopy.exe","4996","CreateFile","\\vboxsvr\DataShared\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
|
|---|
| 546 | "10:34:13.3646840 a.m.","xcopy.exe","4996","QueryDirectory","\\vboxsvr\DataShared\temp","SUCCESS","Filter: temp, 1: temp"
|
|---|
| 547 | "10:34:13.3649380 a.m.","xcopy.exe","4996","CloseFile","\\vboxsvr\DataShared\","SUCCESS",""
|
|---|
| 548 | "10:34:13.3658666 a.m.","xcopy.exe","4996","CreateFile","\\vboxsvr\DataShared\temp","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
|
|---|
| 549 | "10:34:13.3661298 a.m.","xcopy.exe","4996","QueryDirectory","\\vboxsvr\DataShared\temp\temp2.exe","NO SUCH FILE","Filter: temp2.exe"
|
|---|
| 550 | "10:34:13.3684357 a.m.","xcopy.exe","4996","CloseFile","\\vboxsvr\DataShared\temp","SUCCESS",""
|
|---|
| 551 | "10:34:13.3804520 a.m.","xcopy.exe","4996","CreateFile","\\vboxsvr\DataShared\temp","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
|
|---|
| 552 | "10:34:13.3807502 a.m.","xcopy.exe","4996","QueryDirectory","\\vboxsvr\DataShared\temp\temp2.exe","NO SUCH FILE","Filter: temp2.exe"
|
|---|
| 553 | "10:34:13.3824674 a.m.","xcopy.exe","4996","CloseFile","\\vboxsvr\DataShared\temp","SUCCESS",""
|
|---|
| 554 | "10:34:13.3843107 a.m.","xcopy.exe","4996","CreateFile","\\vboxsvr\DataShared\temp","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
|
|---|
| 555 | "10:34:13.3847356 a.m.","xcopy.exe","4996","QueryDirectory","\\vboxsvr\DataShared\temp\temp2.exe","NO SUCH FILE","Filter: temp2.exe"
|
|---|
| 556 | "10:34:13.3855783 a.m.","xcopy.exe","4996","CloseFile","\\vboxsvr\DataShared\temp","SUCCESS",""
|
|---|
| 557 | "10:34:13.3862386 a.m.","xcopy.exe","4996","ReadFile","C:\Windows\System32\ulib.dll","SUCCESS","Offset: 41,984, Length: 4,096, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O, Priority: Normal"
|
|---|
| 558 | "10:34:13.3878907 a.m.","xcopy.exe","4996","ReadFile","C:\Windows\System32\ulib.dll","SUCCESS","Offset: 41,984, Length: 32,768, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O, Priority: Normal"
|
|---|
| 559 | "10:34:16.2707398 a.m.","xcopy.exe","4996","ReadFile","C:\Windows\System32\ulib.dll","SUCCESS","Offset: 82,944, Length: 4,096, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O, Priority: Normal"
|
|---|
| 560 | "10:34:16.2834510 a.m.","xcopy.exe","4996","ReadFile","C:\Windows\System32\ulib.dll","SUCCESS","Offset: 74,752, Length: 26,112, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O, Priority: Normal"
|
|---|
| 561 | "10:34:16.3039079 a.m.","xcopy.exe","4996","CreateFile","\\vboxsvr\DataShared\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
|
|---|
| 562 | "10:34:16.3044221 a.m.","xcopy.exe","4996","QueryDirectory","\\vboxsvr\DataShared\temp","SUCCESS","Filter: temp, 1: temp"
|
|---|
| 563 | "10:34:16.3050143 a.m.","xcopy.exe","4996","CloseFile","\\vboxsvr\DataShared\","SUCCESS",""
|
|---|
| 564 | "10:34:16.3062290 a.m.","xcopy.exe","4996","CreateFile","\\vboxsvr\DataShared\temp","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
|
|---|
| 565 | "10:34:16.3064969 a.m.","xcopy.exe","4996","QueryDirectory","\\vboxsvr\DataShared\temp\*","SUCCESS","Filter: *, 1: ."
|
|---|
| 566 | "10:34:16.3072109 a.m.","xcopy.exe","4996","QueryDirectory","\\vboxsvr\DataShared\temp","SUCCESS","0: .., 1: DelicHea_1, 2: ._DelicIta_1, 3: cdarc, 4: Dev_Mar12.sql, 5: Migration3 List with TWINS code.xls, 6: Audio Conference File - May Final.csv, 7: ._DelicRom, 8: xpdf-3.02pl5-win32.zip, 9: DIRDEBIT.CSV, 10: affected.txt, 11: dnn56sql.zip, 12: TZC1103011.csv, 13: DelicRom_1, 14: LIVE_Calendar_p9_Autumn2011.pdf, 15: certreq.txt, 16: SCAN5375_000.pdf, 17: south island new.xls, 18: map_northharbour.png, 19: TWINS_invdiagnos_39B0R4N39.pdf, 20: temp2.txt, 21: vpe.xls, 22: Monthly payers 201011 renewals.csv, 23: kennel.key.pem, 24: TZC1102262.csv"
|
|---|
| 567 | "10:34:16.3074741 a.m.","xcopy.exe","4996","CloseFile","\\vboxsvr\DataShared\temp","SUCCESS",""
|
|---|
| 568 | "10:34:16.3085232 a.m.","xcopy.exe","4996","CreateFile","\\vboxsvr\DataShared\temp","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
|
|---|
| 569 | "10:34:16.3087538 a.m.","xcopy.exe","4996","QueryDirectory","\\vboxsvr\DataShared\temp\*","SUCCESS","Filter: *, 1: ."
|
|---|
| 570 | "10:34:16.3091657 a.m.","xcopy.exe","4996","QueryDirectory","\\vboxsvr\DataShared\temp","SUCCESS","0: .., 1: DelicHea_1, 2: ._DelicIta_1, 3: cdarc, 4: Dev_Mar12.sql, 5: Migration3 List with TWINS code.xls, 6: Audio Conference File - May Final.csv, 7: ._DelicRom, 8: xpdf-3.02pl5-win32.zip, 9: DIRDEBIT.CSV, 10: affected.txt, 11: dnn56sql.zip, 12: TZC1103011.csv, 13: DelicRom_1, 14: LIVE_Calendar_p9_Autumn2011.pdf, 15: certreq.txt, 16: SCAN5375_000.pdf, 17: south island new.xls, 18: map_northharbour.png, 19: TWINS_invdiagnos_39B0R4N39.pdf, 20: temp2.txt, 21: vpe.xls, 22: Monthly payers 201011 renewals.csv, 23: kennel.key.pem, 24: TZC1102262.csv"
|
|---|
| 571 | "10:34:16.3098532 a.m.","xcopy.exe","4996","QueryDirectory","\\vboxsvr\DataShared\temp","SUCCESS","0: AOF_FestivalFlyer-page002.jpg, 1: TWINS Audio Conferencing v01.pdf, 2: spotless_may_buggytwins.pdf, 3: Twins_6.9.10_xCaseReports.pdf, 4: reg_test_w7.CSV, 5: Delicious_76, 6: clsid_5083_w7.reg, 7: twins_error_log_to_20110503.dbf, 8: hotspots.DBF, 9: Junk2.pdf, 10: csl_test_phones.csv, 11: temp.txt, 12: email.pdf, 13: spotless_may_newtwins.pdf, 14: ind2.DBF, 15: holcim channel activity data3a.xls, 16: TWINS Broadband v01.pdf, 17: ._DelicHea_1, 18: AOF_FestivalFlyer-page003.png, 19: callexp_0800a.csv, 20: DelicSmaCap_1, 21: ._Delicious_76, 22: Missing_export_lines.csv~, 23: AOF_FestivalFlyer-page002.rgb"
|
|---|
| 572 | "10:34:16.3102608 a.m.","xcopy.exe","4996","QueryDirectory","\\vboxsvr\DataShared\temp","SUCCESS","0: DeutzBarPlan_v1_a4.pdf, 1: cov-part2.log, 2: .mtoolsrc, 3: tfrfixed45_20100919030000950.csv, 4: frfox_v1321.csv, 5: vfptemp, 6: MVNO Billing Issues 1bc Register 1.0.xls, 7: zjames_before.csv, 8: aamxcli_20110311.zip, 9: opera_11.01.1190_i386.deb, 10: aamxcli_20110411.zip, 11: SupperRoomPlan_v1a_a4.pdf, 12: ._DelicBolIta, 13: kennel.key_pp.pem, 14: AOF_FestivalFlyer-page003.rgb, 15: ._DelicBol, 16: aamxsql_20110330.zip, 17: typelib_7805_w7.reg, 18: hotspots.BAK, 19: AOF_FestivalFlyer-page003.jpg, 20: agingsum_o.pdf, 21: athologo.png, 22: ._Delicious_76_1, 23: CSL.DNNModules.Etailer.BulkLoad_01.03.00.zip"
|
|---|
| 573 | "10:34:16.3112544 a.m.","xcopy.exe","4996","QueryDirectory","\\vboxsvr\DataShared\temp","SUCCESS","0: aamxcli_20110330.zip, 1: es2500c, 2: callexp_b.csv, 3: supper_a3.pdf, 4: Woosh_496674_june.csv, 5: WF_WCF_Samples.exe, 6: DelicBolIta, 7: accessable_oco_icons.png, 8: Stanford-coelos_ascendit_hodie.pdf, 9: tw6106..txt, 10: twins_history.html, 11: blakes7_logo_32x32.png, 12: temp.idx, 13: Twins_6.10.x_xCase_20110317.pdf, 14: AOF_FestivalFlyer-page002.png, 15: csl_test_masteritems.csv, 16: Test_Mar14.sql, 17: Stanford-c-a-h-print.pdf, 18: changes_since_6.10.0, 19: twins_history2.html, 20: 94770280 2011-02-28.pdf, 21: tcnz_ebill2cdr_20110407.zip, 22: ncafixed29_20100906000003020.csv, 23: temp.exe"
|
|---|
| 574 | "10:34:16.3136873 a.m.","xcopy.exe","4996","CreateFile","\\vboxsvr\DataShared\temp","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
|
|---|
| 575 | "10:34:16.3138949 a.m.","xcopy.exe","4996","QueryDirectory","\\vboxsvr\DataShared\temp\temp2.exe","NO SUCH FILE","Filter: temp2.exe"
|
|---|
| 576 | "10:34:16.3151357 a.m.","xcopy.exe","4996","CloseFile","\\vboxsvr\DataShared\temp","SUCCESS",""
|
|---|
| 577 | "10:34:16.3171108 a.m.","xcopy.exe","4996","RegOpenKey","HKLM\Software\Policies\Microsoft\Windows\System","SUCCESS","Desired Access: Query Value"
|
|---|
| 578 | "10:34:16.3177988 a.m.","xcopy.exe","4996","RegQueryValue","HKLM\SOFTWARE\Policies\Microsoft\Windows\System\CopyFileBufferedSynchronousIo","NAME NOT FOUND","Length: 20"
|
|---|
| 579 | "10:34:16.3179050 a.m.","xcopy.exe","4996","RegCloseKey","HKLM\SOFTWARE\Policies\Microsoft\Windows\System","SUCCESS",""
|
|---|
| 580 | "10:34:16.3194132 a.m.","xcopy.exe","4996","CreateFile","\\vboxsvr\DataShared\temp\temp.exe","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Sequential Access, Non-Directory File, Open Reparse Point, Disallow Exclusive, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
|
|---|
| 581 | "10:34:16.5579849 a.m.","xcopy.exe","4996","QueryAttributeTagFile","\\vboxsvr\DataShared\temp\temp.exe","SUCCESS","Attributes: N, ReparseTag: 0x0"
|
|---|
| 582 | "10:34:16.5581947 a.m.","xcopy.exe","4996","QueryDeviceInformationVolume","\\vboxsvr\DataShared\temp\temp.exe","SUCCESS","DeviceType: Disk, Characteristics: Remote"
|
|---|
| 583 | "10:34:16.5582753 a.m.","xcopy.exe","4996","FileSystemControl","\\vboxsvr\DataShared\temp\temp.exe","SUCCESS","Control: IOCTL_LMR_DISABLE_LOCAL_BUFFERING"
|
|---|
| 584 | "10:34:16.5588836 a.m.","xcopy.exe","4996","FileSystemControl","\\vboxsvr\DataShared\temp\temp.exe","INVALID DEVICE REQUEST","Control: FSCTL_LMR_GET_HINT_SIZE"
|
|---|
| 585 | "10:34:16.5589195 a.m.","xcopy.exe","4996","QueryStandardInformationFile","\\vboxsvr\DataShared\temp\temp.exe","SUCCESS","AllocationSize: 4,313,088, EndOfFile: 4,312,397, NumberOfLinks: 1, DeletePending: False, Directory: False"
|
|---|
| 586 | "10:34:16.5591792 a.m.","xcopy.exe","4996","QueryBasicInformationFile","\\vboxsvr\DataShared\temp\temp.exe","SUCCESS","CreationTime: 28/07/2011 5:37:00 p.m., LastAccessTime: 29/07/2011 10:30:45 a.m., LastWriteTime: 22/03/2011 1:05:27 p.m., ChangeTime: 28/07/2011 5:37:00 p.m., FileAttributes: N"
|
|---|
| 587 | "10:34:16.5594948 a.m.","xcopy.exe","4996","QueryStreamInformationFile","\\vboxsvr\DataShared\temp\temp.exe","NOT IMPLEMENTED",""
|
|---|
| 588 | "10:34:16.5603944 a.m.","xcopy.exe","4996","QueryBasicInformationFile","\\vboxsvr\DataShared\temp\temp.exe","SUCCESS","CreationTime: 28/07/2011 5:37:00 p.m., LastAccessTime: 29/07/2011 10:30:45 a.m., LastWriteTime: 22/03/2011 1:05:27 p.m., ChangeTime: 28/07/2011 5:37:00 p.m., FileAttributes: N"
|
|---|
| 589 | "10:34:16.5626860 a.m.","xcopy.exe","4996","QueryEaInformationFile","\\vboxsvr\DataShared\temp\temp.exe","SUCCESS","EaSize: 0"
|
|---|
| 590 | "10:34:16.5669544 a.m.","xcopy.exe","4996","CreateFile","\\vboxsvr\DataShared\temp\temp2.exe","SUCCESS","Desired Access: Generic Write, Read Data/List Directory, Read Attributes, Delete, Disposition: OverwriteIf, Options: Sequential Access, Non-Directory File, Attributes: N, ShareMode: None, AllocationSize: 4,312,397, OpenResult: Created"
|
|---|
| 591 | "10:34:16.5699258 a.m.","xcopy.exe","4996","QueryDeviceInformationVolume","\\vboxsvr\DataShared\temp\temp2.exe","SUCCESS","DeviceType: Disk, Characteristics: Remote"
|
|---|
| 592 | "10:34:16.5700714 a.m.","xcopy.exe","4996","FileSystemControl","\\vboxsvr\DataShared\temp\temp2.exe","SUCCESS","Control: IOCTL_LMR_DISABLE_LOCAL_BUFFERING"
|
|---|
| 593 | "10:34:16.5701039 a.m.","xcopy.exe","4996","QueryAttributeInformationVolume","\\vboxsvr\DataShared\temp\temp2.exe","SUCCESS","FileSystemAttributes: , MaximumComponentNameLength: 255, FileSystemName: VBoxSharedFolderFS"
|
|---|
| 594 | "10:34:16.5701252 a.m.","xcopy.exe","4996","QueryBasicInformationFile","\\vboxsvr\DataShared\temp\temp2.exe","SUCCESS","CreationTime: 29/07/2011 10:34:16 a.m., LastAccessTime: 29/07/2011 10:34:16 a.m., LastWriteTime: 29/07/2011 10:34:16 a.m., ChangeTime: 29/07/2011 10:34:16 a.m., FileAttributes: N"
|
|---|
| 595 | "10:34:16.5705010 a.m.","xcopy.exe","4996","QueryAttributeInformationVolume","\\vboxsvr\DataShared\temp\temp.exe","SUCCESS","FileSystemAttributes: , MaximumComponentNameLength: 255, FileSystemName: VBoxSharedFolderFS"
|
|---|
| 596 | "10:34:16.5706194 a.m.","xcopy.exe","4996","QueryDeviceInformationVolume","\\vboxsvr\DataShared\temp\temp.exe","SUCCESS","DeviceType: Disk, Characteristics: Remote"
|
|---|
| 597 | "10:34:16.5706966 a.m.","xcopy.exe","4996","QueryDeviceInformationVolume","\\vboxsvr\DataShared\temp\temp2.exe","SUCCESS","DeviceType: Disk, Characteristics: Remote"
|
|---|
| 598 | "10:34:16.5709337 a.m.","xcopy.exe","4996","DeviceIoControl","\\vboxsvr\DataShared\temp\temp.exe","INVALID DEVICE REQUEST","Control: 0x140410 (Device:0x14 Function:260 Method: 0)"
|
|---|
| 599 | "10:34:16.5709731 a.m.","xcopy.exe","4996","SetEndOfFileInformationFile","\\vboxsvr\DataShared\temp\temp2.exe","SUCCESS","EndOfFile: 4,312,397"
|
|---|
| 600 | "10:34:16.5719186 a.m.","xcopy.exe","4996","QueryDeviceInformationVolume","\\vboxsvr\DataShared\temp\temp.exe","SUCCESS","DeviceType: Disk, Characteristics: Remote"
|
|---|
| 601 | "10:34:16.5719447 a.m.","xcopy.exe","4996","QueryDeviceInformationVolume","\\vboxsvr\DataShared\temp\temp2.exe","SUCCESS","DeviceType: Disk, Characteristics: Remote"
|
|---|
| 602 | "10:34:16.5719663 a.m.","xcopy.exe","4996","<Unknown>","\\vboxsvr\DataShared\temp\temp.exe","NOT IMPLEMENTED",""
|
|---|
| 603 | "10:34:16.5725529 a.m.","xcopy.exe","4996","<Unknown>","\\vboxsvr\DataShared\temp\temp2.exe","NOT IMPLEMENTED",""
|
|---|
| 604 | "10:34:16.5727085 a.m.","xcopy.exe","4996","RegOpenKey","HKLM\Software\Policies\Microsoft\Windows\System","SUCCESS","Desired Access: Query Value"
|
|---|
| 605 | "10:34:16.5729205 a.m.","xcopy.exe","4996","RegQueryValue","HKLM\SOFTWARE\Policies\Microsoft\Windows\System\CopyFileChunkSize","NAME NOT FOUND","Length: 20"
|
|---|
| 606 | "10:34:16.5729365 a.m.","xcopy.exe","4996","RegQueryValue","HKLM\SOFTWARE\Policies\Microsoft\Windows\System\CopyFileOverlappedCount","NAME NOT FOUND","Length: 20"
|
|---|
| 607 | "10:34:16.5729543 a.m.","xcopy.exe","4996","RegCloseKey","HKLM\SOFTWARE\Policies\Microsoft\Windows\System","SUCCESS",""
|
|---|
| 608 | "10:34:16.5745072 a.m.","xcopy.exe","4996","ReadFile","\\vboxsvr\DataShared\temp\temp.exe","SUCCESS","Offset: 0, Length: 524,288, Priority: Normal"
|
|---|
| 609 | "10:34:16.5767394 a.m.","xcopy.exe","4996","ReadFile","\\vboxsvr\DataShared\temp\temp.exe","SUCCESS","Offset: 524,288, Length: 524,288, Priority: Normal"
|
|---|
| 610 | "10:34:16.5796678 a.m.","xcopy.exe","4996","ReadFile","\\vboxsvr\DataShared\temp\temp.exe","SUCCESS","Offset: 1,048,576, Length: 524,288, Priority: Normal"
|
|---|
| 611 | "10:34:16.5844214 a.m.","xcopy.exe","4996","ReadFile","\\vboxsvr\DataShared\temp\temp.exe","SUCCESS","Offset: 1,572,864, Length: 524,288, Priority: Normal"
|
|---|
| 612 | "10:34:16.5904044 a.m.","xcopy.exe","4996","ReadFile","\\vboxsvr\DataShared\temp\temp.exe","SUCCESS","Offset: 2,097,152, Length: 524,288, Priority: Normal"
|
|---|
| 613 | "10:34:16.5991888 a.m.","xcopy.exe","4996","ReadFile","\\vboxsvr\DataShared\temp\temp.exe","SUCCESS","Offset: 2,621,440, Length: 524,288, Priority: Normal"
|
|---|
| 614 | "10:34:16.6086677 a.m.","xcopy.exe","4996","ReadFile","\\vboxsvr\DataShared\temp\temp.exe","SUCCESS","Offset: 3,145,728, Length: 524,288, Priority: Normal"
|
|---|
| 615 | "10:34:16.6126019 a.m.","xcopy.exe","4996","ReadFile","\\vboxsvr\DataShared\temp\temp.exe","SUCCESS","Offset: 3,670,016, Length: 524,288, Priority: Normal"
|
|---|
| 616 | "10:34:16.6538660 a.m.","xcopy.exe","4996","WriteFile","\\vboxsvr\DataShared\temp\temp2.exe","SUCCESS","Offset: 0, Length: 524,288, Priority: Normal"
|
|---|
| 617 | "10:34:16.6697129 a.m.","xcopy.exe","4996","WriteFile","\\vboxsvr\DataShared\temp\temp2.exe","SUCCESS","Offset: 524,288, Length: 524,288, Priority: Normal"
|
|---|
| 618 | "10:34:16.6713937 a.m.","xcopy.exe","4996","WriteFile","\\vboxsvr\DataShared\temp\temp2.exe","SUCCESS","Offset: 1,048,576, Length: 524,288, Priority: Normal"
|
|---|
| 619 | "10:34:16.6731382 a.m.","xcopy.exe","4996","WriteFile","\\vboxsvr\DataShared\temp\temp2.exe","SUCCESS","Offset: 1,572,864, Length: 524,288, Priority: Normal"
|
|---|
| 620 | "10:34:16.6749074 a.m.","xcopy.exe","4996","WriteFile","\\vboxsvr\DataShared\temp\temp2.exe","SUCCESS","Offset: 2,097,152, Length: 524,288, Priority: Normal"
|
|---|
| 621 | "10:34:16.6765838 a.m.","xcopy.exe","4996","WriteFile","\\vboxsvr\DataShared\temp\temp2.exe","SUCCESS","Offset: 2,621,440, Length: 524,288, Priority: Normal"
|
|---|
| 622 | "10:34:16.6778016 a.m.","xcopy.exe","4996","WriteFile","\\vboxsvr\DataShared\temp\temp2.exe","SUCCESS","Offset: 3,145,728, Length: 524,288, Priority: Normal"
|
|---|
| 623 | "10:34:16.6807616 a.m.","xcopy.exe","4996","WriteFile","\\vboxsvr\DataShared\temp\temp2.exe","SUCCESS","Offset: 3,670,016, Length: 524,288, Priority: Normal"
|
|---|
| 624 | "10:34:16.6822391 a.m.","xcopy.exe","4996","ReadFile","\\vboxsvr\DataShared\temp\temp.exe","SUCCESS","Offset: 4,194,304, Length: 118,093, Priority: Normal"
|
|---|
| 625 | "10:34:16.6826665 a.m.","xcopy.exe","4996","WriteFile","\\vboxsvr\DataShared\temp\temp2.exe","SUCCESS","Offset: 4,194,304, Length: 118,093, Priority: Normal"
|
|---|
| 626 | "10:34:16.6841049 a.m.","xcopy.exe","4996","SetBasicInformationFile","\\vboxsvr\DataShared\temp\temp2.exe","SUCCESS","CreationTime: 1/01/1601 12:00:00 p.m., LastAccessTime: 1/01/1601 12:00:00 p.m., LastWriteTime: 22/03/2011 1:05:27 p.m., ChangeTime: 28/07/2011 5:37:00 p.m., FileAttributes: n/a"
|
|---|
| 627 | "10:34:16.6846650 a.m.","xcopy.exe","4996","CloseFile","\\vboxsvr\DataShared\temp\temp.exe","SUCCESS",""
|
|---|
| 628 | "10:34:16.6851874 a.m.","xcopy.exe","4996","CloseFile","\\vboxsvr\DataShared\temp\temp2.exe","SUCCESS",""
|
|---|
| 629 | "10:34:16.6873646 a.m.","xcopy.exe","4996","CreateFile","\\vboxsvr\DataShared\temp\temp2.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
|
|---|
| 630 | "10:34:16.6886920 a.m.","xcopy.exe","4996","QueryBasicInformationFile","\\vboxsvr\DataShared\temp\temp2.exe","SUCCESS","CreationTime: 29/07/2011 10:34:16 a.m., LastAccessTime: 29/07/2011 10:34:16 a.m., LastWriteTime: 22/03/2011 1:05:27 p.m., ChangeTime: 29/07/2011 10:34:16 a.m., FileAttributes: N"
|
|---|
| 631 | "10:34:16.6888641 a.m.","xcopy.exe","4996","CloseFile","\\vboxsvr\DataShared\temp\temp2.exe","SUCCESS",""
|
|---|
| 632 | "10:34:16.6904781 a.m.","xcopy.exe","4996","CreateFile","\\vboxsvr\DataShared\temp\temp2.exe","SUCCESS","Desired Access: Write Attributes, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
|
|---|
| 633 | "10:34:16.6917657 a.m.","xcopy.exe","4996","SetBasicInformationFile","\\vboxsvr\DataShared\temp\temp2.exe","SUCCESS","CreationTime: 1/01/1601 12:00:00 p.m., LastAccessTime: 1/01/1601 12:00:00 p.m., LastWriteTime: 1/01/1601 12:00:00 p.m., ChangeTime: 1/01/1601 12:00:00 p.m., FileAttributes: N"
|
|---|
| 634 | "10:34:16.6919083 a.m.","xcopy.exe","4996","CloseFile","\\vboxsvr\DataShared\temp\temp2.exe","SUCCESS",""
|
|---|
| 635 | "10:34:16.6933810 a.m.","xcopy.exe","4996","CreateFile","\\vboxsvr\DataShared\temp","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
|
|---|
| 636 | "10:34:16.6935440 a.m.","xcopy.exe","4996","QueryDirectory","\\vboxsvr\DataShared\temp\temp2.exe","SUCCESS","Filter: temp2.exe, 1: temp2.exe"
|
|---|
| 637 | "10:34:16.6939918 a.m.","xcopy.exe","4996","CloseFile","\\vboxsvr\DataShared\temp","SUCCESS",""
|
|---|
| 638 | "10:34:16.6947604 a.m.","xcopy.exe","4996","CreateFile","\\vboxsvr\DataShared\temp\temp2.exe","SUCCESS","Desired Access: Write Attributes, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
|
|---|
| 639 | "10:34:16.6956704 a.m.","xcopy.exe","4996","SetBasicInformationFile","\\vboxsvr\DataShared\temp\temp2.exe","SUCCESS","CreationTime: 1/01/1601 12:00:00 p.m., LastAccessTime: 1/01/1601 12:00:00 p.m., LastWriteTime: 1/01/1601 12:00:00 p.m., ChangeTime: 1/01/1601 12:00:00 p.m., FileAttributes: AN"
|
|---|
| 640 | "10:34:16.6958082 a.m.","xcopy.exe","4996","CloseFile","\\vboxsvr\DataShared\temp\temp2.exe","SUCCESS",""
|
|---|
| 641 | "10:34:16.6959630 a.m.","xcopy.exe","4996","QueryDirectory","\\vboxsvr\DataShared\temp","SUCCESS","0: kennel.cert.pem, 1: Acmsgr.xlsx, 2: callexp_nca_b.csv, 3: MessageExchange-Send-Responses.zip, 4: AOF_FestivalFlyer-page001.png, 5: athologo.emf, 6: commsreport.csv, 7: franken_Nov26.sql, 8: Letterhead template.odt, 9: test.xls, 10: dnn56web.zip, 11: kennel.keycert.pem, 12: TWINS TOLL CDR v01.pdf, 13: ._DelicSmaCap_1, 14: twins_error_log_to_20110503.FPT, 15: athologo.eps, 16: carroll_getfirstline.png, 17: 9I0XMWNP.pdf, 18: service_install.zip, 19: franreport.pdf, 20: AOF2011_Registration_Form.pdf, 21: ._DelicRom_1, 22: kennel.certkey.pem, 23: TWINS_invstate2_36D0V21G7.pdf"
|
|---|
| 642 | "10:34:16.6963527 a.m.","xcopy.exe","4996","QueryDirectory","\\vboxsvr\DataShared\temp","SUCCESS","0: DIRDEBIT3.CSV, 1: test.DBF, 2: DelicSmaCap, 3: callexp_mob.csv, 4: BYRD-JUS.pdf, 5: ff2011-06-21.csv, 6: hotspot.DBF, 7: ._DelicIta, 8: txt, 9: interface_F26_xp.reg, 10: g3977.png, 11: callexp_0800b.csv, 12: twins_error_log.dbf, 13: athologo2.png, 14: dgtime201011.csv, 15: WF_WCF_Samples, 16: Widor_Surrexit_a_mortuis.pdf, 17: Stanford_cover.pdf, 18: Test.pdf, 19: csl_test_phones.ods, 20: IND2.xls, 21: tw_changes_since_6.9.14.csv, 22: AOF_FestivalFlyer-page004.rgb, 23: csl_test_importmap.csv, 24: DIRDEBIT1.CSV"
|
|---|
| 643 | "10:34:16.6967048 a.m.","xcopy.exe","4996","QueryDirectory","\\vboxsvr\DataShared\temp","SUCCESS","0: DelicIta_1, 1: scorpio_on_black_142x100.jpg, 2: csl_test_customer.csv, 3: tcnz_ebill2cdr_201103230.zip, 4: south island new.DBF, 5: HLStaging_Tables.sql, 6: TZC1102261.csv, 7: Prod_Dec12.sql, 8: Juncke.pdf, 9: Test_Inv94770280.pdf, 10: crmsearch.prg, 11: athologoimage001.gif, 12: hotspot.FPT, 13: twins_inv_441857.pdf, 14: tw69history.txt, 15: map_auckregion.png, 16: temp1, 17: Audio Conference File June2011- Final.csv, 18: AOF_FestivalFlyer-page004.png, 19: hotspots.FPT, 20: ._DelicBol_1, 21: callexp_nca_a.csv, 22: masteritem_report_bands.csv, 23: ._DelicHea"
|
|---|
| 644 | "10:34:16.6970407 a.m.","xcopy.exe","4996","QueryDirectory","\\vboxsvr\DataShared\temp","SUCCESS","0: Windows_7_Professional_with_Service_Pack_1_64_bit_English_X17-24281.IMG:Zone.Identifier, 1: delicious_76_2, 2: HLStaging_LogProcs.sql, 3: deutz_output.pdf, 4: .~lock.accessabletest.docx#, 5: AOF_FestivalFlyer-page004.jpg, 6: tcnz_ebill2cdr_apr06a.zip, 7: FoxtrotCSL.pem, 8: Xcase_Feb07.sql, 9: MessageExchangeExample_MoH..xml, 10: XCase_Mar10.sql, 11: IND - Channel definition.xls, 12: Widor_Mass_Perusal_Score-booklet.pdf, 13: cov_icomquee.log, 14: XCase_Mar12.sql, 15: Missing_export_lines.csv, 16: DelicBol, 17: kennel.der.crt, 18: Prod_Mar10.sql, 19: aging.dbf, 20: holcim channel activity data3.xls, 21: win7, 22: reg_mon_xp.ods"
|
|---|
| 645 | "10:34:16.6974088 a.m.","xcopy.exe","4996","QueryDirectory","\\vboxsvr\DataShared\temp","SUCCESS","0: changes_since_6.10.0.csv, 1: csl_test_mapset.csv, 2: Newsletter Number 4 2011.pdf, 3: mvno_data_events_2011_cdr.csv, 4: dirdebit1.pdf, 5: Example.ai, 6: Mig1 and 2 list.xlsx, 7: Dev_Mar10.sql, 8: twins_error_10054.csv, 9: TZC1102252.csv, 10: reg_mon_w7.csv, 11: clsid_5083_xp.reg, 12: accessable_oco_icons.svg, 13: interface_F26_w7.reg, 14: holcim channel activity data3a.csv, 15: twins_inv_442399.pdf, 16: typelib_7805_xp.reg, 17: DelicRom, 18: twins_error_log.FPT, 19: DIRDEBIT2.CSV, 20: DelicBolIta_1, 21: AOF_FestivalFlyer-page001.rgb, 22: tcnz_ebill2cdr_20110405.zip, 23: VersionComparison.pdf"
|
|---|
| 646 | "10:34:16.6977482 a.m.","xcopy.exe","4996","QueryDirectory","\\vboxsvr\DataShared\temp","SUCCESS","0: gnuwin, 1: cov-part1.log, 2: Test2.pdf, 3: iis_kennel.cer, 4: Delicious_76_1, 5: Dev_Feb07.sql, 6: DelicIta, 7: hotspot.BAK, 8: HLStaging_RequestProcs.sql, 9: blakes7_logo_32x32.ico, 10: TZC1103012.csv, 11: DelicHea, 12: synewopn.dbf, 13: DelicBol_1, 14: aamx_scripts.zip, 15: blakes7_logo_100x100.png, 16: AOF_FestivalFlyer-page001.jpg, 17: ff2011-06-21 - Fixed.csv, 18: Issue Log 20101006.xlsx, 19: newsletterheader_ATHO.jpg, 20: Invoice detail spec 3.0 TG.docx, 21: ._DelicBolIta_1, 22: spotless_may_oldtwins.pdf, 23: Twins_6_10_16_changelog.csv, 24: Elevate.zip"
|
|---|
| 647 | "10:34:16.6980781 a.m.","xcopy.exe","4996","QueryDirectory","\\vboxsvr\DataShared\temp","SUCCESS","0: athologo-notext.png, 1: Audio Conf June Fixed.csv, 2: ._DelicSmaCap, 3: reg_mon_xp.CSV, 4: soapUI-x64-no-bundle-4_0_0.exe, 5: aamx_sql_20110411.zip, 6: South - Channel definition.xls"
|
|---|
| 648 | "10:34:16.6983044 a.m.","xcopy.exe","4996","QueryDirectory","\\vboxsvr\DataShared\temp","NO MORE FILES",""
|
|---|
| 649 | "10:34:16.6985143 a.m.","xcopy.exe","4996","CloseFile","\\vboxsvr\DataShared\temp","SUCCESS",""
|
|---|
| 650 | "10:34:16.7036259 a.m.","xcopy.exe","4996","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\GRE_Initialize","SUCCESS","Desired Access: Read"
|
|---|
| 651 | "10:34:16.7038444 a.m.","xcopy.exe","4996","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles","NAME NOT FOUND","Length: 20"
|
|---|
| 652 | "10:34:16.7039892 a.m.","xcopy.exe","4996","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize","SUCCESS",""
|
|---|
| 653 | "10:34:16.7050470 a.m.","xcopy.exe","4996","Thread Exit","","SUCCESS","Thread ID: 3328, User Time: 0.0000000, Kernel Time: 0.1718750"
|
|---|
| 654 | "10:34:16.7065539 a.m.","xcopy.exe","4996","QueryNameInformationFile","C:\Windows\System32\kernel32.dll","SUCCESS","Name: \Windows\System32\kernel32.dll"
|
|---|
| 655 | "10:34:16.7068955 a.m.","xcopy.exe","4996","QueryNameInformationFile","C:\Windows\System32\user32.dll","SUCCESS","Name: \Windows\System32\user32.dll"
|
|---|
| 656 | "10:34:16.7071036 a.m.","xcopy.exe","4996","QueryNameInformationFile","C:\Windows\System32\ntdll.dll","SUCCESS","Name: \Windows\System32\ntdll.dll"
|
|---|
| 657 | "10:34:16.7075302 a.m.","xcopy.exe","4996","QueryNameInformationFile","C:\Windows\System32\xcopy.exe","SUCCESS","Name: \Windows\System32\xcopy.exe"
|
|---|
| 658 | "10:34:16.7077014 a.m.","xcopy.exe","4996","QueryNameInformationFile","C:\Windows\System32\ulib.dll","SUCCESS","Name: \Windows\System32\ulib.dll"
|
|---|
| 659 | "10:34:16.7077851 a.m.","xcopy.exe","4996","QueryNameInformationFile","C:\Windows\System32\ifsutil.dll","SUCCESS","Name: \Windows\System32\ifsutil.dll"
|
|---|
| 660 | "10:34:16.7078467 a.m.","xcopy.exe","4996","QueryNameInformationFile","C:\Windows\System32\cfgmgr32.dll","SUCCESS","Name: \Windows\System32\cfgmgr32.dll"
|
|---|
| 661 | "10:34:16.7079060 a.m.","xcopy.exe","4996","QueryNameInformationFile","C:\Windows\System32\devobj.dll","SUCCESS","Name: \Windows\System32\devobj.dll"
|
|---|
| 662 | "10:34:16.7079750 a.m.","xcopy.exe","4996","QueryNameInformationFile","C:\Windows\System32\KernelBase.dll","SUCCESS","Name: \Windows\System32\KernelBase.dll"
|
|---|
| 663 | "10:34:16.7080478 a.m.","xcopy.exe","4996","QueryNameInformationFile","C:\Windows\System32\lpk.dll","SUCCESS","Name: \Windows\System32\lpk.dll"
|
|---|
| 664 | "10:34:16.7081076 a.m.","xcopy.exe","4996","QueryNameInformationFile","C:\Windows\System32\gdi32.dll","SUCCESS","Name: \Windows\System32\gdi32.dll"
|
|---|
| 665 | "10:34:16.7081805 a.m.","xcopy.exe","4996","QueryNameInformationFile","C:\Windows\System32\oleaut32.dll","SUCCESS","Name: \Windows\System32\oleaut32.dll"
|
|---|
| 666 | "10:34:16.7082459 a.m.","xcopy.exe","4996","QueryNameInformationFile","C:\Windows\System32\ole32.dll","SUCCESS","Name: \Windows\System32\ole32.dll"
|
|---|
| 667 | "10:34:16.7083313 a.m.","xcopy.exe","4996","QueryNameInformationFile","C:\Windows\System32\usp10.dll","SUCCESS","Name: \Windows\System32\usp10.dll"
|
|---|
| 668 | "10:34:16.7084037 a.m.","xcopy.exe","4996","QueryNameInformationFile","C:\Windows\System32\msvcrt.dll","SUCCESS","Name: \Windows\System32\msvcrt.dll"
|
|---|
| 669 | "10:34:16.7084770 a.m.","xcopy.exe","4996","QueryNameInformationFile","C:\Windows\System32\rpcrt4.dll","SUCCESS","Name: \Windows\System32\rpcrt4.dll"
|
|---|
| 670 | "10:34:16.7085550 a.m.","xcopy.exe","4996","QueryNameInformationFile","C:\Windows\System32\advapi32.dll","SUCCESS","Name: \Windows\System32\advapi32.dll"
|
|---|
| 671 | "10:34:16.7086196 a.m.","xcopy.exe","4996","QueryNameInformationFile","C:\Windows\System32\imm32.dll","SUCCESS","Name: \Windows\System32\imm32.dll"
|
|---|
| 672 | "10:34:16.7086885 a.m.","xcopy.exe","4996","QueryNameInformationFile","C:\Windows\System32\msctf.dll","SUCCESS","Name: \Windows\System32\msctf.dll"
|
|---|
| 673 | "10:34:16.7087648 a.m.","xcopy.exe","4996","QueryNameInformationFile","C:\Windows\System32\sechost.dll","SUCCESS","Name: \Windows\System32\sechost.dll"
|
|---|
| 674 | "10:34:16.7088303 a.m.","xcopy.exe","4996","QueryNameInformationFile","C:\Windows\System32\setupapi.dll","SUCCESS","Name: \Windows\System32\setupapi.dll"
|
|---|
| 675 | "10:34:16.7088971 a.m.","xcopy.exe","4996","QueryNameInformationFile","C:\Windows\System32\apisetschema.dll","SUCCESS","Name: \Windows\System32\apisetschema.dll"
|
|---|
| 676 | "10:34:16.7096067 a.m.","xcopy.exe","4996","Process Exit","","SUCCESS","Exit Status: 0, User Time: 0.0000000 seconds, Kernel Time: 0.1875000 seconds, Private Bytes: 851,968, Peak Private Bytes: 5,095,424, Working Set: 3,784,704, Peak Working Set: 7,942,144"
|
|---|
| 677 | "10:34:16.7102640 a.m.","xcopy.exe","4996","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options","SUCCESS",""
|
|---|
| 678 | "10:34:16.7103255 a.m.","xcopy.exe","4996","CloseFile","C:\my\commands","SUCCESS",""
|
|---|
| 679 | "10:34:16.7115212 a.m.","xcopy.exe","4996","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\Sorting\Versions","SUCCESS",""
|
|---|
| 680 | "10:34:16.7115567 a.m.","xcopy.exe","4996","RegCloseKey","HKLM","SUCCESS",""
|
|---|
| 681 | "10:34:16.7115992 a.m.","xcopy.exe","4996","RegCloseKey","HKLM\System\CurrentControlSet\Control\SESSION MANAGER","SUCCESS",""
|
|---|
| 682 | "10:34:16.7116621 a.m.","xcopy.exe","4996","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\Locale","SUCCESS",""
|
|---|
| 683 | "10:34:16.7116829 a.m.","xcopy.exe","4996","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\Locale\Alternate Sorts","SUCCESS",""
|
|---|
| 684 | "10:34:16.7117076 a.m.","xcopy.exe","4996","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\Language Groups","SUCCESS",""
|
|---|
| 685 | "10:37:44.3066681 a.m.","cmd.exe","4604","CreateFile","\\vboxsvr\DataShared\temp\temp.txt","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
|
|---|
| 686 | "10:37:44.3130773 a.m.","cmd.exe","4604","QueryBasicInformationFile","\\vboxsvr\DataShared\temp\temp.txt","SUCCESS","CreationTime: 28/07/2011 5:34:20 p.m., LastAccessTime: 28/07/2011 5:34:25 p.m., LastWriteTime: 28/07/2011 5:34:20 p.m., ChangeTime: 28/07/2011 5:34:20 p.m., FileAttributes: N"
|
|---|
| 687 | "10:37:44.3132550 a.m.","cmd.exe","4604","CloseFile","\\vboxsvr\DataShared\temp\temp.txt","SUCCESS",""
|
|---|
| 688 | "10:37:44.3141021 a.m.","cmd.exe","4604","CreateFile","\\vboxsvr\DataShared\temp","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
|
|---|
| 689 | "10:37:44.3142942 a.m.","cmd.exe","4604","QueryDirectory","\\vboxsvr\DataShared\temp\temp.txt","SUCCESS","Filter: temp.txt, 1: temp.txt"
|
|---|
| 690 | "10:37:44.3155045 a.m.","cmd.exe","4604","CreateFile","\\vboxsvr\DataShared\temp\temp.txt","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Sequential Access, Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
|
|---|
| 691 | "10:37:44.3171545 a.m.","cmd.exe","4604","QueryDeviceInformationVolume","\\vboxsvr\DataShared\temp\temp.txt","SUCCESS","DeviceType: Disk, Characteristics: Remote"
|
|---|
| 692 | "10:37:44.3172274 a.m.","cmd.exe","4604","QueryDeviceInformationVolume","\\vboxsvr\DataShared\temp\temp.txt","SUCCESS","DeviceType: Disk, Characteristics: Remote"
|
|---|
| 693 | "10:37:44.3173210 a.m.","cmd.exe","4604","ReadFile","\\vboxsvr\DataShared\temp\temp.txt","SUCCESS","Offset: 0, Length: 512, Priority: Normal"
|
|---|
| 694 | "10:37:44.3719068 a.m.","cmd.exe","4604","CreateFile","\\vboxsvr\DataShared\temp\temp2.txt","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
|
|---|
| 695 | "10:37:44.3731068 a.m.","cmd.exe","4604","QueryBasicInformationFile","\\vboxsvr\DataShared\temp\temp2.txt","SUCCESS","CreationTime: 28/07/2011 5:21:00 p.m., LastAccessTime: 28/07/2011 5:21:08 p.m., LastWriteTime: 28/07/2011 5:21:00 p.m., ChangeTime: 28/07/2011 5:21:00 p.m., FileAttributes: N"
|
|---|
| 696 | "10:37:44.3732650 a.m.","cmd.exe","4604","CloseFile","\\vboxsvr\DataShared\temp\temp2.txt","SUCCESS",""
|
|---|
| 697 | "10:37:44.3743224 a.m.","cmd.exe","4604","CreateFile","\\vboxsvr\DataShared\temp\temp2.txt","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, AllocationSize: n/a, OpenResult: Opened"
|
|---|
| 698 | "10:37:44.3767323 a.m.","cmd.exe","4604","QueryDeviceInformationVolume","\\vboxsvr\DataShared\temp\temp2.txt","SUCCESS","DeviceType: Disk, Characteristics: Remote"
|
|---|
| 699 | "10:37:44.3767757 a.m.","cmd.exe","4604","CloseFile","\\vboxsvr\DataShared\temp\temp2.txt","SUCCESS",""
|
|---|
| 700 | "10:37:44.3782548 a.m.","cmd.exe","4604","CreateFile","\\vboxsvr\DataShared\temp\temp2.txt","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Sequential Access, Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
|
|---|
| 701 | "10:37:44.3833365 a.m.","cmd.exe","4604","QueryDeviceInformationVolume","\\vboxsvr\DataShared\temp\temp2.txt","SUCCESS","DeviceType: Disk, Characteristics: Remote"
|
|---|
| 702 | "10:37:44.3834705 a.m.","cmd.exe","4604","QueryDeviceInformationVolume","\\vboxsvr\DataShared\temp\temp2.txt","SUCCESS","DeviceType: Disk, Characteristics: Remote"
|
|---|
| 703 | "10:37:44.3835078 a.m.","cmd.exe","4604","CloseFile","\\vboxsvr\DataShared\temp\temp2.txt","SUCCESS",""
|
|---|
| 704 | "10:37:46.2616887 a.m.","cmd.exe","4604","CreateFile","\\vboxsvr\DataShared\temp\temp2.txt","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
|
|---|
| 705 | "10:37:46.2631275 a.m.","cmd.exe","4604","QueryBasicInformationFile","\\vboxsvr\DataShared\temp\temp2.txt","SUCCESS","CreationTime: 28/07/2011 5:21:00 p.m., LastAccessTime: 28/07/2011 5:21:08 p.m., LastWriteTime: 28/07/2011 5:21:00 p.m., ChangeTime: 28/07/2011 5:21:00 p.m., FileAttributes: N"
|
|---|
| 706 | "10:37:46.2632940 a.m.","cmd.exe","4604","CloseFile","\\vboxsvr\DataShared\temp\temp2.txt","SUCCESS",""
|
|---|
| 707 | "10:37:46.2644779 a.m.","cmd.exe","4604","CreateFile","\\vboxsvr\DataShared\temp\temp2.txt","SUCCESS","Desired Access: Generic Write, Read Attributes, Disposition: OpenIf, Options: Sequential Access, Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: None, AllocationSize: 0, OpenResult: Created"
|
|---|
| 708 | "10:37:46.2656684 a.m.","cmd.exe","4604","QueryDeviceInformationVolume","\\vboxsvr\DataShared\temp\temp2.txt","SUCCESS","DeviceType: Disk, Characteristics: Remote"
|
|---|
| 709 | "10:37:46.2657156 a.m.","cmd.exe","4604","QueryDeviceInformationVolume","\\vboxsvr\DataShared\temp\temp2.txt","SUCCESS","DeviceType: Disk, Characteristics: Remote"
|
|---|
| 710 | "10:37:46.2657464 a.m.","cmd.exe","4604","CloseFile","\\vboxsvr\DataShared\temp\temp2.txt","SUCCESS",""
|
|---|
| 711 | "10:37:46.2667704 a.m.","cmd.exe","4604","CreateFile","\\vboxsvr\DataShared\temp\temp.txt","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Sequential Access, Non-Directory File, Open Reparse Point, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
|
|---|
| 712 | "10:37:46.2669109 a.m.","cmd.exe","4604","QueryAttributeTagFile","\\vboxsvr\DataShared\temp\temp.txt","SUCCESS","Attributes: N, ReparseTag: 0x0"
|
|---|
| 713 | "10:37:46.2670535 a.m.","cmd.exe","4604","QueryDeviceInformationVolume","\\vboxsvr\DataShared\temp\temp.txt","SUCCESS","DeviceType: Disk, Characteristics: Remote"
|
|---|
| 714 | "10:37:46.2671003 a.m.","cmd.exe","4604","FileSystemControl","\\vboxsvr\DataShared\temp\temp.txt","SUCCESS","Control: IOCTL_LMR_DISABLE_LOCAL_BUFFERING"
|
|---|
| 715 | "10:37:46.2673851 a.m.","cmd.exe","4604","FileSystemControl","\\vboxsvr\DataShared\temp\temp.txt","INVALID DEVICE REQUEST","Control: FSCTL_LMR_GET_HINT_SIZE"
|
|---|
| 716 | "10:37:46.2674107 a.m.","cmd.exe","4604","QueryStandardInformationFile","\\vboxsvr\DataShared\temp\temp.txt","SUCCESS","AllocationSize: 4,313,088, EndOfFile: 4,312,397, NumberOfLinks: 1, DeletePending: False, Directory: False"
|
|---|
| 717 | "10:37:46.2674202 a.m.","cmd.exe","4604","QueryBasicInformationFile","\\vboxsvr\DataShared\temp\temp.txt","SUCCESS","CreationTime: 28/07/2011 5:34:20 p.m., LastAccessTime: 28/07/2011 5:34:25 p.m., LastWriteTime: 28/07/2011 5:34:20 p.m., ChangeTime: 28/07/2011 5:34:20 p.m., FileAttributes: N"
|
|---|
| 718 | "10:37:46.2676864 a.m.","cmd.exe","4604","QueryStreamInformationFile","\\vboxsvr\DataShared\temp\temp.txt","NOT IMPLEMENTED",""
|
|---|
| 719 | "10:37:46.2678386 a.m.","cmd.exe","4604","QueryBasicInformationFile","\\vboxsvr\DataShared\temp\temp.txt","SUCCESS","CreationTime: 28/07/2011 5:34:20 p.m., LastAccessTime: 28/07/2011 5:34:25 p.m., LastWriteTime: 28/07/2011 5:34:20 p.m., ChangeTime: 28/07/2011 5:34:20 p.m., FileAttributes: N"
|
|---|
| 720 | "10:37:46.2679838 a.m.","cmd.exe","4604","QueryEaInformationFile","\\vboxsvr\DataShared\temp\temp.txt","SUCCESS","EaSize: 0"
|
|---|
| 721 | "10:37:46.2688270 a.m.","cmd.exe","4604","CreateFile","\\vboxsvr\DataShared\temp\temp2.txt","SUCCESS","Desired Access: Generic Write, Read Data/List Directory, Read Attributes, Delete, Disposition: OverwriteIf, Options: Sequential Access, Non-Directory File, Attributes: N, ShareMode: None, AllocationSize: 4,312,397, OpenResult: Created"
|
|---|
| 722 | "10:37:46.2715950 a.m.","cmd.exe","4604","QueryDeviceInformationVolume","\\vboxsvr\DataShared\temp\temp2.txt","SUCCESS","DeviceType: Disk, Characteristics: Remote"
|
|---|
| 723 | "10:37:46.2716618 a.m.","cmd.exe","4604","FileSystemControl","\\vboxsvr\DataShared\temp\temp2.txt","SUCCESS","Control: IOCTL_LMR_DISABLE_LOCAL_BUFFERING"
|
|---|
| 724 | "10:37:46.2717069 a.m.","cmd.exe","4604","QueryAttributeInformationVolume","\\vboxsvr\DataShared\temp\temp2.txt","SUCCESS","FileSystemAttributes: , MaximumComponentNameLength: 255, FileSystemName: VBoxSharedFolderFS"
|
|---|
| 725 | "10:37:46.2717450 a.m.","cmd.exe","4604","QueryBasicInformationFile","\\vboxsvr\DataShared\temp\temp2.txt","SUCCESS","CreationTime: 29/07/2011 10:37:46 a.m., LastAccessTime: 28/07/2011 5:21:08 p.m., LastWriteTime: 29/07/2011 10:37:46 a.m., ChangeTime: 29/07/2011 10:37:46 a.m., FileAttributes: N"
|
|---|
| 726 | "10:37:46.2718942 a.m.","cmd.exe","4604","QueryAttributeInformationVolume","\\vboxsvr\DataShared\temp\temp.txt","SUCCESS","FileSystemAttributes: , MaximumComponentNameLength: 255, FileSystemName: VBoxSharedFolderFS"
|
|---|
| 727 | "10:37:46.2719809 a.m.","cmd.exe","4604","QueryDeviceInformationVolume","\\vboxsvr\DataShared\temp\temp.txt","SUCCESS","DeviceType: Disk, Characteristics: Remote"
|
|---|
| 728 | "10:37:46.2720030 a.m.","cmd.exe","4604","QueryDeviceInformationVolume","\\vboxsvr\DataShared\temp\temp2.txt","SUCCESS","DeviceType: Disk, Characteristics: Remote"
|
|---|
| 729 | "10:37:46.2723316 a.m.","cmd.exe","4604","DeviceIoControl","\\vboxsvr\DataShared\temp\temp.txt","INVALID DEVICE REQUEST","Control: 0x140410 (Device:0x14 Function:260 Method: 0)"
|
|---|
| 730 | "10:37:46.2723936 a.m.","cmd.exe","4604","SetEndOfFileInformationFile","\\vboxsvr\DataShared\temp\temp2.txt","SUCCESS","EndOfFile: 4,312,397"
|
|---|
| 731 | "10:37:46.2731379 a.m.","cmd.exe","4604","QueryDeviceInformationVolume","\\vboxsvr\DataShared\temp\temp.txt","SUCCESS","DeviceType: Disk, Characteristics: Remote"
|
|---|
| 732 | "10:37:46.2732073 a.m.","cmd.exe","4604","QueryDeviceInformationVolume","\\vboxsvr\DataShared\temp\temp2.txt","SUCCESS","DeviceType: Disk, Characteristics: Remote"
|
|---|
| 733 | "10:37:46.2732298 a.m.","cmd.exe","4604","<Unknown>","\\vboxsvr\DataShared\temp\temp.txt","NOT IMPLEMENTED",""
|
|---|
| 734 | "10:37:46.2734293 a.m.","cmd.exe","4604","<Unknown>","\\vboxsvr\DataShared\temp\temp2.txt","NOT IMPLEMENTED",""
|
|---|
| 735 | "10:37:46.2751317 a.m.","cmd.exe","4604","ReadFile","\\vboxsvr\DataShared\temp\temp.txt","SUCCESS","Offset: 0, Length: 524,288, Priority: Normal"
|
|---|
| 736 | "10:37:46.2763651 a.m.","cmd.exe","4604","ReadFile","\\vboxsvr\DataShared\temp\temp.txt","SUCCESS","Offset: 524,288, Length: 524,288, Priority: Normal"
|
|---|
| 737 | "10:37:46.2776223 a.m.","cmd.exe","4604","ReadFile","\\vboxsvr\DataShared\temp\temp.txt","SUCCESS","Offset: 1,048,576, Length: 524,288, Priority: Normal"
|
|---|
| 738 | "10:37:46.2780354 a.m.","cmd.exe","4604","ReadFile","\\vboxsvr\DataShared\temp\temp.txt","SUCCESS","Offset: 1,572,864, Length: 524,288, Priority: Normal"
|
|---|
| 739 | "10:37:46.2799490 a.m.","cmd.exe","4604","ReadFile","\\vboxsvr\DataShared\temp\temp.txt","SUCCESS","Offset: 2,097,152, Length: 524,288, Priority: Normal"
|
|---|
| 740 | "10:37:46.2799876 a.m.","cmd.exe","4604","ReadFile","\\vboxsvr\DataShared\temp\temp.txt","SUCCESS","Offset: 2,621,440, Length: 524,288, Priority: Normal"
|
|---|
| 741 | "10:37:46.2819397 a.m.","cmd.exe","4604","ReadFile","\\vboxsvr\DataShared\temp\temp.txt","SUCCESS","Offset: 3,145,728, Length: 524,288, Priority: Normal"
|
|---|
| 742 | "10:37:46.2829160 a.m.","cmd.exe","4604","ReadFile","\\vboxsvr\DataShared\temp\temp.txt","SUCCESS","Offset: 3,670,016, Length: 524,288, Priority: Normal"
|
|---|
| 743 | "10:37:46.2897530 a.m.","cmd.exe","4604","WriteFile","\\vboxsvr\DataShared\temp\temp2.txt","SUCCESS","Offset: 0, Length: 524,288, Priority: Normal"
|
|---|
| 744 | "10:37:46.3681941 a.m.","cmd.exe","4604","WriteFile","\\vboxsvr\DataShared\temp\temp2.txt","SUCCESS","Offset: 524,288, Length: 524,288, Priority: Normal"
|
|---|
| 745 | "10:37:46.3696846 a.m.","cmd.exe","4604","WriteFile","\\vboxsvr\DataShared\temp\temp2.txt","SUCCESS","Offset: 1,048,576, Length: 524,288, Priority: Normal"
|
|---|
| 746 | "10:37:46.3710874 a.m.","cmd.exe","4604","WriteFile","\\vboxsvr\DataShared\temp\temp2.txt","SUCCESS","Offset: 1,572,864, Length: 524,288, Priority: Normal"
|
|---|
| 747 | "10:37:46.3725722 a.m.","cmd.exe","4604","WriteFile","\\vboxsvr\DataShared\temp\temp2.txt","SUCCESS","Offset: 2,097,152, Length: 524,288, Priority: Normal"
|
|---|
| 748 | "10:37:46.3744008 a.m.","cmd.exe","4604","WriteFile","\\vboxsvr\DataShared\temp\temp2.txt","SUCCESS","Offset: 2,621,440, Length: 524,288, Priority: Normal"
|
|---|
| 749 | "10:37:46.3765242 a.m.","cmd.exe","4604","WriteFile","\\vboxsvr\DataShared\temp\temp2.txt","SUCCESS","Offset: 3,145,728, Length: 524,288, Priority: Normal"
|
|---|
| 750 | "10:37:46.3812921 a.m.","cmd.exe","4604","WriteFile","\\vboxsvr\DataShared\temp\temp2.txt","SUCCESS","Offset: 3,670,016, Length: 524,288, Priority: Normal"
|
|---|
| 751 | "10:37:46.3824730 a.m.","cmd.exe","4604","ReadFile","\\vboxsvr\DataShared\temp\temp.txt","SUCCESS","Offset: 4,194,304, Length: 118,093, Priority: Normal"
|
|---|
| 752 | "10:37:46.3839261 a.m.","cmd.exe","4604","WriteFile","\\vboxsvr\DataShared\temp\temp2.txt","SUCCESS","Offset: 4,194,304, Length: 118,093, Priority: Normal"
|
|---|
| 753 | "10:37:46.3855358 a.m.","cmd.exe","4604","SetBasicInformationFile","\\vboxsvr\DataShared\temp\temp2.txt","SUCCESS","CreationTime: 1/01/1601 12:00:00 p.m., LastAccessTime: 1/01/1601 12:00:00 p.m., LastWriteTime: 28/07/2011 5:34:20 p.m., ChangeTime: 28/07/2011 5:34:20 p.m., FileAttributes: n/a"
|
|---|
| 754 | "10:37:46.3857942 a.m.","cmd.exe","4604","CloseFile","\\vboxsvr\DataShared\temp\temp.txt","SUCCESS",""
|
|---|
| 755 | "10:37:46.3860127 a.m.","cmd.exe","4604","CloseFile","\\vboxsvr\DataShared\temp\temp2.txt","SUCCESS",""
|
|---|
| 756 | "10:37:46.4644408 a.m.","cmd.exe","4604","CreateFile","\\vboxsvr\DataShared\temp\temp2.txt","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
|
|---|
| 757 | "10:37:46.4652735 a.m.","cmd.exe","4604","QueryBasicInformationFile","\\vboxsvr\DataShared\temp\temp2.txt","SUCCESS","CreationTime: 29/07/2011 10:37:46 a.m., LastAccessTime: 28/07/2011 5:21:08 p.m., LastWriteTime: 28/07/2011 5:34:20 p.m., ChangeTime: 29/07/2011 10:37:46 a.m., FileAttributes: N"
|
|---|
| 758 | "10:37:46.4654266 a.m.","cmd.exe","4604","CloseFile","\\vboxsvr\DataShared\temp\temp2.txt","SUCCESS",""
|
|---|
| 759 | "10:37:46.4667904 a.m.","cmd.exe","4604","CreateFile","\\vboxsvr\DataShared\temp\temp2.txt","SUCCESS","Desired Access: Write Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
|
|---|
| 760 | "10:37:46.4676397 a.m.","cmd.exe","4604","SetBasicInformationFile","\\vboxsvr\DataShared\temp\temp2.txt","SUCCESS","CreationTime: 1/01/1601 12:00:00 p.m., LastAccessTime: 1/01/1601 12:00:00 p.m., LastWriteTime: 1/01/1601 12:00:00 p.m., ChangeTime: 1/01/1601 12:00:00 p.m., FileAttributes: N"
|
|---|
| 761 | "10:37:46.4677672 a.m.","cmd.exe","4604","CloseFile","\\vboxsvr\DataShared\temp\temp2.txt","SUCCESS",""
|
|---|
| 762 | "10:37:46.4679778 a.m.","cmd.exe","4604","CloseFile","\\vboxsvr\DataShared\temp\temp.txt","SUCCESS",""
|
|---|
| 763 | "10:37:46.4685206 a.m.","cmd.exe","4604","QueryDirectory","\\vboxsvr\DataShared\temp","NO MORE FILES",""
|
|---|
| 764 | "10:37:46.4686840 a.m.","cmd.exe","4604","CloseFile","\\vboxsvr\DataShared\temp","SUCCESS",""
|
|---|