Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- svchost.exe process numbers & names:
- 996: Dnscache (Description "DNS Client")
- 3436: WinDefend (Windows Defender)
- All Notepad edits are my own. Avast! accesses the file but doesn't seem to have edited it. It must have been Windows Defender.
- "Time of Day","Process Name","PID","Operation","Path","Result","Detail"
- "8:46:54.6366307 PM","notepad.exe","8220","CreateFile","C:\Windows\System32\drivers\etc","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
- "8:46:54.6367508 PM","notepad.exe","8220","QueryDirectory","C:\Windows\System32\drivers\etc\hosts","SUCCESS","Filter: hosts, 1: hosts"
- "8:46:54.6367756 PM","notepad.exe","8220","CloseFile","C:\Windows\System32\drivers\etc","SUCCESS",""
- "8:46:54.6368517 PM","notepad.exe","8220","CreateFile","C:\Windows\System32\drivers\etc\hosts","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
- "8:46:54.6372718 PM","notepad.exe","8220","FileSystemControl","C:\Windows\System32\drivers\etc\hosts","SUCCESS","Control: FSCTL_READ_FILE_USN_DATA"
- "8:46:54.6373022 PM","notepad.exe","8220","ReadFile","C:\Windows\System32\drivers\etc\hosts","SUCCESS","Offset: 0, Length: 1,538, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
- "8:46:54.6376730 PM","notepad.exe","8220","QueryInformationVolume","C:\Windows\System32\drivers\etc\hosts","SUCCESS","VolumeCreationTime: 6/23/2011 2:09:50 AM, VolumeSerialNumber: 6658-9ECD, SupportsObjects: True, VolumeLabel: SSD"
- "8:46:54.6376876 PM","notepad.exe","8220","QueryAllInformationFile","C:\Windows\System32\drivers\etc\hosts","BUFFER OVERFLOW","CreationTime: 7/13/2009 7:34:48 PM, LastAccessTime: 7/13/2009 7:34:48 PM, LastWriteTime: 9/6/2011 12:01:23 PM, ChangeTime: 9/6/2011 12:01:23 PM, FileAttributes: A, AllocationSize: 4,096, EndOfFile: 1,538, NumberOfLinks: 1, DeletePending: False, Directory: False, IndexNumber: 0x1000000006c0a, EaSize: 0, Access: Generic Read, Position: 0, Mode: Synchronous IO Non-Alert, AlignmentRequirement: Word"
- "8:46:54.6377096 PM","notepad.exe","8220","CreateFileMapping","C:\Windows\System32\drivers\etc\hosts","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: "
- "8:46:54.6377183 PM","notepad.exe","8220","QueryStandardInformationFile","C:\Windows\System32\drivers\etc\hosts","SUCCESS","AllocationSize: 4,096, EndOfFile: 1,538, NumberOfLinks: 1, DeletePending: False, Directory: False"
- "8:46:54.6377372 PM","notepad.exe","8220","CreateFileMapping","C:\Windows\System32\drivers\etc\hosts","SUCCESS","SyncType: SyncTypeOther"
- "8:46:54.6377549 PM","notepad.exe","8220","CloseFile","C:\Windows\System32\drivers\etc\hosts","SUCCESS",""
- "8:46:54.6380550 PM","notepad.exe","8220","CreateFile","C:\Windows\System32\drivers\etc","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
- "8:46:54.6380826 PM","notepad.exe","8220","QueryDirectory","C:\Windows\System32\drivers\etc\hosts","SUCCESS","Filter: hosts, 1: hosts"
- "8:46:54.6440689 PM","notepad.exe","8220","CloseFile","C:\Windows\System32\drivers\etc","SUCCESS",""
- "2:54:49.9844055 AM","svchost.exe","3436","CreateFile","C:\Windows\System32\drivers\etc\hosts","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
- "2:54:49.9845737 AM","svchost.exe","3436","QueryNetworkOpenInformationFile","C:\Windows\System32\drivers\etc\hosts","SUCCESS","CreationTime: 7/13/2009 7:34:48 PM, LastAccessTime: 7/13/2009 7:34:48 PM, LastWriteTime: 9/6/2011 12:01:23 PM, ChangeTime: 9/6/2011 12:01:23 PM, AllocationSize: 4096, EndOfFile: 1538, FileAttributes: A"
- "2:54:49.9845867 AM","svchost.exe","3436","CloseFile","C:\Windows\System32\drivers\etc\hosts","SUCCESS",""
- "2:54:49.9869748 AM","svchost.exe","3436","CreateFile","C:\Windows\System32\drivers\etc\hosts","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: NT AUTHORITY\NETWORK SERVICE, OpenResult: Opened"
- "2:54:49.9870136 AM","svchost.exe","3436","QueryNetworkOpenInformationFile","C:\Windows\System32\drivers\etc\hosts","SUCCESS","CreationTime: 7/13/2009 7:34:48 PM, LastAccessTime: 7/13/2009 7:34:48 PM, LastWriteTime: 9/6/2011 12:01:23 PM, ChangeTime: 9/6/2011 12:01:23 PM, AllocationSize: 4096, EndOfFile: 1538, FileAttributes: A"
- "2:54:49.9870253 AM","svchost.exe","3436","CloseFile","C:\Windows\System32\drivers\etc\hosts","SUCCESS",""
- "2:58:29.0656881 AM","svchost.exe","3436","CreateFile","C:\Windows\System32\drivers\etc\hosts","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
- "2:58:29.0658224 AM","svchost.exe","3436","QueryNetworkOpenInformationFile","C:\Windows\System32\drivers\etc\hosts","SUCCESS","CreationTime: 7/13/2009 7:34:48 PM, LastAccessTime: 7/13/2009 7:34:48 PM, LastWriteTime: 9/6/2011 12:01:23 PM, ChangeTime: 9/6/2011 12:01:23 PM, AllocationSize: 4096, EndOfFile: 1538, FileAttributes: A"
- "2:58:29.0658352 AM","svchost.exe","3436","CloseFile","C:\Windows\System32\drivers\etc\hosts","SUCCESS",""
- "2:58:29.0671772 AM","svchost.exe","3436","CreateFile","C:\Windows\System32\drivers\etc\hosts","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
- "2:58:29.0671958 AM","svchost.exe","3436","QueryNetworkOpenInformationFile","C:\Windows\System32\drivers\etc\hosts","SUCCESS","CreationTime: 7/13/2009 7:34:48 PM, LastAccessTime: 7/13/2009 7:34:48 PM, LastWriteTime: 9/6/2011 12:01:23 PM, ChangeTime: 9/6/2011 12:01:23 PM, AllocationSize: 4096, EndOfFile: 1538, FileAttributes: A"
- "2:58:29.0672073 AM","svchost.exe","3436","CloseFile","C:\Windows\System32\drivers\etc\hosts","SUCCESS",""
- "2:58:29.0673581 AM","svchost.exe","3436","CreateFile","C:\Windows\System32\drivers\etc\hosts","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: No Buffering, Synchronous IO Non-Alert, Open For Backup, Open No Recall, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
- "2:58:29.0673814 AM","svchost.exe","3436","QueryInformationVolume","C:\Windows\System32\drivers\etc\hosts","SUCCESS","VolumeCreationTime: 6/23/2011 2:09:50 AM, VolumeSerialNumber: 6658-9ECD, SupportsObjects: True, VolumeLabel: SSD"
- "2:58:29.0673947 AM","svchost.exe","3436","QueryAllInformationFile","C:\Windows\System32\drivers\etc\hosts","BUFFER OVERFLOW","CreationTime: 7/13/2009 7:34:48 PM, LastAccessTime: 7/13/2009 7:34:48 PM, LastWriteTime: 9/6/2011 12:01:23 PM, ChangeTime: 9/6/2011 12:01:23 PM, FileAttributes: A, AllocationSize: 4,096, EndOfFile: 1,538, NumberOfLinks: 1, DeletePending: False, Directory: False, IndexNumber: 0x1000000006c0a, EaSize: 0, Access: Read Attributes, Synchronize, Position: 0, Mode: No Buffering, Synchronous IO Non-Alert, AlignmentRequirement: Word"
- "2:58:29.0674074 AM","svchost.exe","3436","QueryInformationVolume","C:\Windows\System32\drivers\etc\hosts","SUCCESS","VolumeCreationTime: 6/23/2011 2:09:50 AM, VolumeSerialNumber: 6658-9ECD, SupportsObjects: True, VolumeLabel: SSD"
- "2:58:29.0674183 AM","svchost.exe","3436","QueryAllInformationFile","C:\Windows\System32\drivers\etc\hosts","BUFFER OVERFLOW","CreationTime: 7/13/2009 7:34:48 PM, LastAccessTime: 7/13/2009 7:34:48 PM, LastWriteTime: 9/6/2011 12:01:23 PM, ChangeTime: 9/6/2011 12:01:23 PM, FileAttributes: A, AllocationSize: 4,096, EndOfFile: 1,538, NumberOfLinks: 1, DeletePending: False, Directory: False, IndexNumber: 0x1000000006c0a, EaSize: 0, Access: Read Attributes, Synchronize, Position: 0, Mode: No Buffering, Synchronous IO Non-Alert, AlignmentRequirement: Word"
- "2:58:29.0674313 AM","svchost.exe","3436","CloseFile","C:\Windows\System32\drivers\etc\hosts","SUCCESS",""
- "2:58:29.0675018 AM","svchost.exe","3436","CreateFile","C:\Windows\System32\drivers\etc\hosts","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: No Buffering, Synchronous IO Non-Alert, Open For Backup, Open No Recall, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
- "2:58:29.0675229 AM","svchost.exe","3436","QueryInformationVolume","C:\Windows\System32\drivers\etc\hosts","SUCCESS","VolumeCreationTime: 6/23/2011 2:09:50 AM, VolumeSerialNumber: 6658-9ECD, SupportsObjects: True, VolumeLabel: SSD"
- "2:58:29.0675344 AM","svchost.exe","3436","QueryAllInformationFile","C:\Windows\System32\drivers\etc\hosts","BUFFER OVERFLOW","CreationTime: 7/13/2009 7:34:48 PM, LastAccessTime: 7/13/2009 7:34:48 PM, LastWriteTime: 9/6/2011 12:01:23 PM, ChangeTime: 9/6/2011 12:01:23 PM, FileAttributes: A, AllocationSize: 4,096, EndOfFile: 1,538, NumberOfLinks: 1, DeletePending: False, Directory: False, IndexNumber: 0x1000000006c0a, EaSize: 0, Access: Read Attributes, Synchronize, Position: 0, Mode: No Buffering, Synchronous IO Non-Alert, AlignmentRequirement: Word"
- "2:58:29.0675465 AM","svchost.exe","3436","QueryInformationVolume","C:\Windows\System32\drivers\etc\hosts","SUCCESS","VolumeCreationTime: 6/23/2011 2:09:50 AM, VolumeSerialNumber: 6658-9ECD, SupportsObjects: True, VolumeLabel: SSD"
- "2:58:29.0675567 AM","svchost.exe","3436","QueryAllInformationFile","C:\Windows\System32\drivers\etc\hosts","BUFFER OVERFLOW","CreationTime: 7/13/2009 7:34:48 PM, LastAccessTime: 7/13/2009 7:34:48 PM, LastWriteTime: 9/6/2011 12:01:23 PM, ChangeTime: 9/6/2011 12:01:23 PM, FileAttributes: A, AllocationSize: 4,096, EndOfFile: 1,538, NumberOfLinks: 1, DeletePending: False, Directory: False, IndexNumber: 0x1000000006c0a, EaSize: 0, Access: Read Attributes, Synchronize, Position: 0, Mode: No Buffering, Synchronous IO Non-Alert, AlignmentRequirement: Word"
- "2:58:29.0675694 AM","svchost.exe","3436","CloseFile","C:\Windows\System32\drivers\etc\hosts","SUCCESS",""
- "2:58:29.0676377 AM","svchost.exe","3436","CreateFile","C:\Windows\System32\drivers\etc\hosts","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: No Buffering, Synchronous IO Non-Alert, Open For Backup, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
- "2:58:29.0676603 AM","svchost.exe","3436","QueryInformationVolume","C:\Windows\System32\drivers\etc\hosts","SUCCESS","VolumeCreationTime: 6/23/2011 2:09:50 AM, VolumeSerialNumber: 6658-9ECD, SupportsObjects: True, VolumeLabel: SSD"
- "2:58:29.0676715 AM","svchost.exe","3436","QueryAllInformationFile","C:\Windows\System32\drivers\etc\hosts","BUFFER OVERFLOW","CreationTime: 7/13/2009 7:34:48 PM, LastAccessTime: 7/13/2009 7:34:48 PM, LastWriteTime: 9/6/2011 12:01:23 PM, ChangeTime: 9/6/2011 12:01:23 PM, FileAttributes: A, AllocationSize: 4,096, EndOfFile: 1,538, NumberOfLinks: 1, DeletePending: False, Directory: False, IndexNumber: 0x1000000006c0a, EaSize: 0, Access: Read Attributes, Synchronize, Position: 0, Mode: No Buffering, Synchronous IO Non-Alert, AlignmentRequirement: Word"
- "2:58:29.0676858 AM","svchost.exe","3436","CloseFile","C:\Windows\System32\drivers\etc\hosts","SUCCESS",""
- "2:58:29.0677714 AM","svchost.exe","3436","CreateFile","C:\Windows\System32\drivers\etc\hosts","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: No Buffering, Synchronous IO Non-Alert, Open For Backup, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
- "2:58:29.0677928 AM","svchost.exe","3436","FileSystemControl","C:\Windows\System32\drivers\etc\hosts","SUCCESS","Control: FSCTL_READ_FILE_USN_DATA"
- "2:58:29.0678052 AM","svchost.exe","3436","CloseFile","C:\Windows\System32\drivers\etc\hosts","SUCCESS",""
- "2:58:29.0679235 AM","svchost.exe","3436","CreateFile","C:\Windows\System32\drivers\etc\hosts","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
- "2:58:29.0679415 AM","svchost.exe","3436","QueryNetworkOpenInformationFile","C:\Windows\System32\drivers\etc\hosts","SUCCESS","CreationTime: 7/13/2009 7:34:48 PM, LastAccessTime: 7/13/2009 7:34:48 PM, LastWriteTime: 9/6/2011 12:01:23 PM, ChangeTime: 9/6/2011 12:01:23 PM, AllocationSize: 4096, EndOfFile: 1538, FileAttributes: A"
- "2:58:29.0679526 AM","svchost.exe","3436","CloseFile","C:\Windows\System32\drivers\etc\hosts","SUCCESS",""
- "2:58:29.0680755 AM","svchost.exe","3436","CreateFile","C:\Windows\System32\drivers\etc\hosts","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Open For Backup, Open No Recall, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
- "2:58:29.0681022 AM","svchost.exe","3436","FileSystemControl","C:\Windows\System32\drivers\etc\hosts","SUCCESS","Control: FSCTL_REQUEST_FILTER_OPLOCK"
- "2:58:29.0681621 AM","svchost.exe","3436","CreateFile","C:\Windows\System32\drivers\etc\hosts","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Random Access, Open No Recall, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
- "2:58:29.0685127 AM","svchost.exe","3436","FileSystemControl","C:\Windows\System32\drivers\etc\hosts","SUCCESS","Control: FSCTL_READ_FILE_USN_DATA"
- "2:58:29.0685509 AM","svchost.exe","3436","ReadFile","C:\Windows\System32\drivers\etc\hosts","SUCCESS","Offset: 0, Length: 1,538, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
- "2:58:29.0687697 AM","svchost.exe","3436","QueryBasicInformationFile","C:\Windows\System32\drivers\etc\hosts","SUCCESS","CreationTime: 7/13/2009 7:34:48 PM, LastAccessTime: 7/13/2009 7:34:48 PM, LastWriteTime: 9/6/2011 12:01:23 PM, ChangeTime: 9/6/2011 12:01:23 PM, FileAttributes: A"
- "2:58:29.0687855 AM","svchost.exe","3436","QueryStandardInformationFile","C:\Windows\System32\drivers\etc\hosts","SUCCESS","AllocationSize: 4,096, EndOfFile: 1,538, NumberOfLinks: 1, DeletePending: False, Directory: False"
- "2:58:29.0688010 AM","svchost.exe","3436","QueryBasicInformationFile","C:\Windows\System32\drivers\etc\hosts","SUCCESS","CreationTime: 7/13/2009 7:34:48 PM, LastAccessTime: 7/13/2009 7:34:48 PM, LastWriteTime: 9/6/2011 12:01:23 PM, ChangeTime: 9/6/2011 12:01:23 PM, FileAttributes: A"
- "2:58:29.0688156 AM","svchost.exe","3436","ReadFile","C:\Windows\System32\drivers\etc\hosts","SUCCESS","Offset: 0, Length: 1,538"
- "2:58:29.0730518 AM","svchost.exe","3436","QueryStreamInformationFile","C:\Windows\System32\drivers\etc\hosts","SUCCESS",""
- "2:58:29.0730738 AM","svchost.exe","3436","QueryEAFile","C:\Windows\System32\drivers\etc\hosts","0xC0000052",""
- "2:58:29.0730940 AM","svchost.exe","3436","CloseFile","C:\Windows\System32\drivers\etc\hosts","SUCCESS",""
- "2:58:29.0731111 AM","svchost.exe","3436","CloseFile","C:\Windows\System32\drivers\etc\hosts","SUCCESS",""
- "2:58:33.3280908 AM","svchost.exe","3436","CreateFile","C:\Windows\System32\drivers\etc\hosts","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
- "2:58:33.3281113 AM","svchost.exe","3436","QueryNetworkOpenInformationFile","C:\Windows\System32\drivers\etc\hosts","SUCCESS","CreationTime: 7/13/2009 7:34:48 PM, LastAccessTime: 7/13/2009 7:34:48 PM, LastWriteTime: 9/6/2011 12:01:23 PM, ChangeTime: 9/6/2011 12:01:23 PM, AllocationSize: 4096, EndOfFile: 1538, FileAttributes: A"
- "2:58:33.3281231 AM","svchost.exe","3436","CloseFile","C:\Windows\System32\drivers\etc\hosts","SUCCESS",""
- "2:58:33.3300047 AM","svchost.exe","3436","CreateFile","C:\Windows\System32\drivers\etc\hosts","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: NT AUTHORITY\NETWORK SERVICE, OpenResult: Opened"
- "2:58:33.3300293 AM","svchost.exe","3436","QueryNetworkOpenInformationFile","C:\Windows\System32\drivers\etc\hosts","SUCCESS","CreationTime: 7/13/2009 7:34:48 PM, LastAccessTime: 7/13/2009 7:34:48 PM, LastWriteTime: 9/6/2011 12:01:23 PM, ChangeTime: 9/6/2011 12:01:23 PM, AllocationSize: 4096, EndOfFile: 1538, FileAttributes: A"
- "2:58:33.3300414 AM","svchost.exe","3436","CloseFile","C:\Windows\System32\drivers\etc\hosts","SUCCESS",""
- "2:58:35.3525809 AM","svchost.exe","3436","CreateFile","C:\Windows\System32\drivers\etc\hosts","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
- "2:58:35.3526014 AM","svchost.exe","3436","QueryNetworkOpenInformationFile","C:\Windows\System32\drivers\etc\hosts","SUCCESS","CreationTime: 7/13/2009 7:34:48 PM, LastAccessTime: 7/13/2009 7:34:48 PM, LastWriteTime: 9/6/2011 12:01:23 PM, ChangeTime: 9/6/2011 12:01:23 PM, AllocationSize: 4096, EndOfFile: 1538, FileAttributes: A"
- "2:58:35.3526132 AM","svchost.exe","3436","CloseFile","C:\Windows\System32\drivers\etc\hosts","SUCCESS",""
- "2:58:35.3545345 AM","svchost.exe","3436","CreateFile","C:\Windows\System32\drivers\etc\hosts","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: NT AUTHORITY\NETWORK SERVICE, OpenResult: Opened"
- "2:58:35.3545597 AM","svchost.exe","3436","QueryNetworkOpenInformationFile","C:\Windows\System32\drivers\etc\hosts","SUCCESS","CreationTime: 7/13/2009 7:34:48 PM, LastAccessTime: 7/13/2009 7:34:48 PM, LastWriteTime: 9/6/2011 12:01:23 PM, ChangeTime: 9/6/2011 12:01:23 PM, AllocationSize: 4096, EndOfFile: 1538, FileAttributes: A"
- "2:58:35.3545718 AM","svchost.exe","3436","CloseFile","C:\Windows\System32\drivers\etc\hosts","SUCCESS",""
- "2:58:39.5981977 AM","svchost.exe","3436","CreateFile","C:\Windows\System32\drivers\etc\hosts","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
- "2:58:39.5982191 AM","svchost.exe","3436","QueryNetworkOpenInformationFile","C:\Windows\System32\drivers\etc\hosts","SUCCESS","CreationTime: 7/13/2009 7:34:48 PM, LastAccessTime: 7/13/2009 7:34:48 PM, LastWriteTime: 9/6/2011 12:01:23 PM, ChangeTime: 9/6/2011 12:01:23 PM, AllocationSize: 4096, EndOfFile: 1538, FileAttributes: A"
- "2:58:39.5982309 AM","svchost.exe","3436","CloseFile","C:\Windows\System32\drivers\etc\hosts","SUCCESS",""
- "2:58:39.6003322 AM","svchost.exe","3436","CreateFile","C:\Windows\System32\drivers\etc\hosts","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: NT AUTHORITY\NETWORK SERVICE, OpenResult: Opened"
- "2:58:39.6003570 AM","svchost.exe","3436","QueryNetworkOpenInformationFile","C:\Windows\System32\drivers\etc\hosts","SUCCESS","CreationTime: 7/13/2009 7:34:48 PM, LastAccessTime: 7/13/2009 7:34:48 PM, LastWriteTime: 9/6/2011 12:01:23 PM, ChangeTime: 9/6/2011 12:01:23 PM, AllocationSize: 4096, EndOfFile: 1538, FileAttributes: A"
- "2:58:39.6003695 AM","svchost.exe","3436","CloseFile","C:\Windows\System32\drivers\etc\hosts","SUCCESS",""
- "2:58:42.6575706 AM","svchost.exe","3436","CreateFile","C:\Windows\System32\drivers\etc\hosts","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
- "2:58:42.6575921 AM","svchost.exe","3436","QueryNetworkOpenInformationFile","C:\Windows\System32\drivers\etc\hosts","SUCCESS","CreationTime: 7/13/2009 7:34:48 PM, LastAccessTime: 7/13/2009 7:34:48 PM, LastWriteTime: 9/6/2011 12:01:23 PM, ChangeTime: 9/6/2011 12:01:23 PM, AllocationSize: 4096, EndOfFile: 1538, FileAttributes: A"
- "2:58:42.6576039 AM","svchost.exe","3436","CloseFile","C:\Windows\System32\drivers\etc\hosts","SUCCESS",""
- "2:58:42.6594160 AM","svchost.exe","3436","CreateFile","C:\Windows\System32\drivers\etc\hosts","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: NT AUTHORITY\NETWORK SERVICE, OpenResult: Opened"
- "2:58:42.6594405 AM","svchost.exe","3436","QueryNetworkOpenInformationFile","C:\Windows\System32\drivers\etc\hosts","SUCCESS","CreationTime: 7/13/2009 7:34:48 PM, LastAccessTime: 7/13/2009 7:34:48 PM, LastWriteTime: 9/6/2011 12:01:23 PM, ChangeTime: 9/6/2011 12:01:23 PM, AllocationSize: 4096, EndOfFile: 1538, FileAttributes: A"
- "2:58:42.6594526 AM","svchost.exe","3436","CloseFile","C:\Windows\System32\drivers\etc\hosts","SUCCESS",""
- "2:58:44.7739769 AM","svchost.exe","3436","CreateFile","C:\Windows\System32\drivers\etc\hosts","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
- "2:58:44.7739980 AM","svchost.exe","3436","QueryNetworkOpenInformationFile","C:\Windows\System32\drivers\etc\hosts","SUCCESS","CreationTime: 7/13/2009 7:34:48 PM, LastAccessTime: 7/13/2009 7:34:48 PM, LastWriteTime: 9/6/2011 12:01:23 PM, ChangeTime: 9/6/2011 12:01:23 PM, AllocationSize: 4096, EndOfFile: 1538, FileAttributes: A"
- "2:58:44.7740105 AM","svchost.exe","3436","CloseFile","C:\Windows\System32\drivers\etc\hosts","SUCCESS",""
- "2:58:44.7759421 AM","svchost.exe","3436","CreateFile","C:\Windows\System32\drivers\etc\hosts","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: NT AUTHORITY\NETWORK SERVICE, OpenResult: Opened"
- "2:58:44.7759657 AM","svchost.exe","3436","QueryNetworkOpenInformationFile","C:\Windows\System32\drivers\etc\hosts","SUCCESS","CreationTime: 7/13/2009 7:34:48 PM, LastAccessTime: 7/13/2009 7:34:48 PM, LastWriteTime: 9/6/2011 12:01:23 PM, ChangeTime: 9/6/2011 12:01:23 PM, AllocationSize: 4096, EndOfFile: 1538, FileAttributes: A"
- "2:58:44.7759778 AM","svchost.exe","3436","CloseFile","C:\Windows\System32\drivers\etc\hosts","SUCCESS",""
- "2:58:46.8182483 AM","svchost.exe","3436","CreateFile","C:\Windows\System32\drivers\etc\hosts","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
- "2:58:46.8182691 AM","svchost.exe","3436","QueryNetworkOpenInformationFile","C:\Windows\System32\drivers\etc\hosts","SUCCESS","CreationTime: 7/13/2009 7:34:48 PM, LastAccessTime: 7/13/2009 7:34:48 PM, LastWriteTime: 9/6/2011 12:01:23 PM, ChangeTime: 9/6/2011 12:01:23 PM, AllocationSize: 4096, EndOfFile: 1538, FileAttributes: A"
- "2:58:46.8182812 AM","svchost.exe","3436","CloseFile","C:\Windows\System32\drivers\etc\hosts","SUCCESS",""
- "2:58:46.8184003 AM","svchost.exe","3436","CreateFile","C:\Windows\System32\drivers\etc\hosts","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
- "2:58:46.8184193 AM","svchost.exe","3436","QueryNetworkOpenInformationFile","C:\Windows\System32\drivers\etc\hosts","SUCCESS","CreationTime: 7/13/2009 7:34:48 PM, LastAccessTime: 7/13/2009 7:34:48 PM, LastWriteTime: 9/6/2011 12:01:23 PM, ChangeTime: 9/6/2011 12:01:23 PM, AllocationSize: 4096, EndOfFile: 1538, FileAttributes: A"
- "2:58:46.8184298 AM","svchost.exe","3436","CloseFile","C:\Windows\System32\drivers\etc\hosts","SUCCESS",""
- "2:58:46.8185896 AM","svchost.exe","3436","CreateFile","C:\Windows\System32\drivers\etc\hosts","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
- "2:58:46.8186098 AM","svchost.exe","3436","QueryNetworkOpenInformationFile","C:\Windows\System32\drivers\etc\hosts","SUCCESS","CreationTime: 7/13/2009 7:34:48 PM, LastAccessTime: 7/13/2009 7:34:48 PM, LastWriteTime: 9/6/2011 12:01:23 PM, ChangeTime: 9/6/2011 12:01:23 PM, AllocationSize: 4096, EndOfFile: 1538, FileAttributes: A"
- "2:58:46.8186213 AM","svchost.exe","3436","CloseFile","C:\Windows\System32\drivers\etc\hosts","SUCCESS",""
- "2:58:46.8188233 AM","svchost.exe","3436","CreateFile","C:\Windows\System32\drivers\etc\hosts","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
- "2:58:46.8188410 AM","svchost.exe","3436","QueryNetworkOpenInformationFile","C:\Windows\System32\drivers\etc\hosts","SUCCESS","CreationTime: 7/13/2009 7:34:48 PM, LastAccessTime: 7/13/2009 7:34:48 PM, LastWriteTime: 9/6/2011 12:01:23 PM, ChangeTime: 9/6/2011 12:01:23 PM, AllocationSize: 4096, EndOfFile: 1538, FileAttributes: A"
- "2:58:46.8188512 AM","svchost.exe","3436","CloseFile","C:\Windows\System32\drivers\etc\hosts","SUCCESS",""
- "2:58:46.8195677 AM","svchost.exe","3436","CreateFile","C:\Windows\System32\drivers\etc\hosts","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Open For Backup, Open No Recall, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
- "2:58:46.8195950 AM","svchost.exe","3436","FileSystemControl","C:\Windows\System32\drivers\etc\hosts","SUCCESS","Control: FSCTL_REQUEST_FILTER_OPLOCK"
- "2:58:46.8196570 AM","svchost.exe","3436","CreateFile","C:\Windows\System32\drivers\etc\hosts","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Random Access, Open No Recall, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
- "2:58:46.8197427 AM","svchost.exe","3436","FileSystemControl","C:\Windows\System32\drivers\etc\hosts","SUCCESS","Control: FSCTL_READ_FILE_USN_DATA"
- "2:58:46.8197824 AM","svchost.exe","3436","QueryBasicInformationFile","C:\Windows\System32\drivers\etc\hosts","SUCCESS","CreationTime: 7/13/2009 7:34:48 PM, LastAccessTime: 7/13/2009 7:34:48 PM, LastWriteTime: 9/6/2011 12:01:23 PM, ChangeTime: 9/6/2011 12:01:23 PM, FileAttributes: A"
- "2:58:46.8197936 AM","svchost.exe","3436","QueryStandardInformationFile","C:\Windows\System32\drivers\etc\hosts","SUCCESS","AllocationSize: 4,096, EndOfFile: 1,538, NumberOfLinks: 1, DeletePending: False, Directory: False"
- "2:58:46.8198082 AM","svchost.exe","3436","QueryBasicInformationFile","C:\Windows\System32\drivers\etc\hosts","SUCCESS","CreationTime: 7/13/2009 7:34:48 PM, LastAccessTime: 7/13/2009 7:34:48 PM, LastWriteTime: 9/6/2011 12:01:23 PM, ChangeTime: 9/6/2011 12:01:23 PM, FileAttributes: A"
- "2:58:46.8198209 AM","svchost.exe","3436","ReadFile","C:\Windows\System32\drivers\etc\hosts","SUCCESS","Offset: 0, Length: 1,538"
- "2:58:46.8203903 AM","svchost.exe","3436","QueryStreamInformationFile","C:\Windows\System32\drivers\etc\hosts","SUCCESS",""
- "2:58:46.8204089 AM","svchost.exe","3436","QueryEAFile","C:\Windows\System32\drivers\etc\hosts","0xC0000052",""
- "2:58:46.8204284 AM","svchost.exe","3436","CloseFile","C:\Windows\System32\drivers\etc\hosts","SUCCESS",""
- "2:58:46.8204424 AM","svchost.exe","3436","CloseFile","C:\Windows\System32\drivers\etc\hosts","SUCCESS",""
- "2:58:46.8316144 AM","svchost.exe","3436","CreateFile","C:\Windows\System32\drivers\etc\hosts","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
- "2:58:46.8316349 AM","svchost.exe","3436","QueryNetworkOpenInformationFile","C:\Windows\System32\drivers\etc\hosts","SUCCESS","CreationTime: 7/13/2009 7:34:48 PM, LastAccessTime: 7/13/2009 7:34:48 PM, LastWriteTime: 9/6/2011 12:01:23 PM, ChangeTime: 9/6/2011 12:01:23 PM, AllocationSize: 4096, EndOfFile: 1538, FileAttributes: A"
- "2:58:46.8316470 AM","svchost.exe","3436","CloseFile","C:\Windows\System32\drivers\etc\hosts","SUCCESS",""
- "2:58:46.8333971 AM","svchost.exe","3436","CreateFile","C:\Windows\System32\drivers\etc\hosts","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: NT AUTHORITY\NETWORK SERVICE, OpenResult: Opened"
- "2:58:46.8334207 AM","svchost.exe","3436","QueryNetworkOpenInformationFile","C:\Windows\System32\drivers\etc\hosts","SUCCESS","CreationTime: 7/13/2009 7:34:48 PM, LastAccessTime: 7/13/2009 7:34:48 PM, LastWriteTime: 9/6/2011 12:01:23 PM, ChangeTime: 9/6/2011 12:01:23 PM, AllocationSize: 4096, EndOfFile: 1538, FileAttributes: A"
- "2:58:46.8334331 AM","svchost.exe","3436","CloseFile","C:\Windows\System32\drivers\etc\hosts","SUCCESS",""
- "2:59:20.2854960 AM","svchost.exe","3436","CreateFile","C:\Windows\System32\drivers\etc\hosts","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
- "2:59:20.2855168 AM","svchost.exe","3436","QueryNetworkOpenInformationFile","C:\Windows\System32\drivers\etc\hosts","SUCCESS","CreationTime: 7/13/2009 7:34:48 PM, LastAccessTime: 7/13/2009 7:34:48 PM, LastWriteTime: 9/6/2011 12:01:23 PM, ChangeTime: 9/6/2011 12:01:23 PM, AllocationSize: 4096, EndOfFile: 1538, FileAttributes: A"
- "2:59:20.2855289 AM","svchost.exe","3436","CloseFile","C:\Windows\System32\drivers\etc\hosts","SUCCESS",""
- "2:59:20.2868378 AM","svchost.exe","3436","CreateFile","C:\Windows\System32\drivers\etc\hosts","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
- "2:59:20.2868564 AM","svchost.exe","3436","QueryNetworkOpenInformationFile","C:\Windows\System32\drivers\etc\hosts","SUCCESS","CreationTime: 7/13/2009 7:34:48 PM, LastAccessTime: 7/13/2009 7:34:48 PM, LastWriteTime: 9/6/2011 12:01:23 PM, ChangeTime: 9/6/2011 12:01:23 PM, AllocationSize: 4096, EndOfFile: 1538, FileAttributes: A"
- "2:59:20.2868679 AM","svchost.exe","3436","CloseFile","C:\Windows\System32\drivers\etc\hosts","SUCCESS",""
- "2:59:20.2870587 AM","svchost.exe","3436","CreateFile","C:\Windows\System32\drivers\etc\hosts","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
- "2:59:20.2870767 AM","svchost.exe","3436","QueryNetworkOpenInformationFile","C:\Windows\System32\drivers\etc\hosts","SUCCESS","CreationTime: 7/13/2009 7:34:48 PM, LastAccessTime: 7/13/2009 7:34:48 PM, LastWriteTime: 9/6/2011 12:01:23 PM, ChangeTime: 9/6/2011 12:01:23 PM, AllocationSize: 4096, EndOfFile: 1538, FileAttributes: A"
- "2:59:20.2870882 AM","svchost.exe","3436","CloseFile","C:\Windows\System32\drivers\etc\hosts","SUCCESS",""
- "2:59:20.2872176 AM","svchost.exe","3436","CreateFile","C:\Windows\System32\drivers\etc\hosts","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Open For Backup, Open No Recall, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
- "2:59:20.2872443 AM","svchost.exe","3436","FileSystemControl","C:\Windows\System32\drivers\etc\hosts","SUCCESS","Control: FSCTL_REQUEST_FILTER_OPLOCK"
- "2:59:20.2873032 AM","svchost.exe","3436","CreateFile","C:\Windows\System32\drivers\etc\hosts","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Random Access, Open No Recall, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
- "2:59:20.2876514 AM","svchost.exe","3436","FileSystemControl","C:\Windows\System32\drivers\etc\hosts","SUCCESS","Control: FSCTL_READ_FILE_USN_DATA"
- "2:59:20.2876874 AM","svchost.exe","3436","QueryBasicInformationFile","C:\Windows\System32\drivers\etc\hosts","SUCCESS","CreationTime: 7/13/2009 7:34:48 PM, LastAccessTime: 7/13/2009 7:34:48 PM, LastWriteTime: 9/6/2011 12:01:23 PM, ChangeTime: 9/6/2011 12:01:23 PM, FileAttributes: A"
- "2:59:20.2876995 AM","svchost.exe","3436","QueryStandardInformationFile","C:\Windows\System32\drivers\etc\hosts","SUCCESS","AllocationSize: 4,096, EndOfFile: 1,538, NumberOfLinks: 1, DeletePending: False, Directory: False"
- "2:59:20.2877128 AM","svchost.exe","3436","QueryBasicInformationFile","C:\Windows\System32\drivers\etc\hosts","SUCCESS","CreationTime: 7/13/2009 7:34:48 PM, LastAccessTime: 7/13/2009 7:34:48 PM, LastWriteTime: 9/6/2011 12:01:23 PM, ChangeTime: 9/6/2011 12:01:23 PM, FileAttributes: A"
- "2:59:20.2877268 AM","svchost.exe","3436","ReadFile","C:\Windows\System32\drivers\etc\hosts","SUCCESS","Offset: 0, Length: 1,538"
- "2:59:20.2882735 AM","svchost.exe","3436","QueryStreamInformationFile","C:\Windows\System32\drivers\etc\hosts","SUCCESS",""
- "2:59:20.2882915 AM","svchost.exe","3436","QueryEAFile","C:\Windows\System32\drivers\etc\hosts","0xC0000052",""
- "2:59:20.2883098 AM","svchost.exe","3436","CloseFile","C:\Windows\System32\drivers\etc\hosts","SUCCESS",""
- "2:59:20.2883247 AM","svchost.exe","3436","CloseFile","C:\Windows\System32\drivers\etc\hosts","SUCCESS",""
- "2:59:20.3097261 AM","svchost.exe","3436","CreateFile","C:\Windows\System32\drivers\etc\hosts","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
- "2:59:20.3097478 AM","svchost.exe","3436","QueryNetworkOpenInformationFile","C:\Windows\System32\drivers\etc\hosts","SUCCESS","CreationTime: 7/13/2009 7:34:48 PM, LastAccessTime: 7/13/2009 7:34:48 PM, LastWriteTime: 9/6/2011 12:01:23 PM, ChangeTime: 9/6/2011 12:01:23 PM, AllocationSize: 4096, EndOfFile: 1538, FileAttributes: A"
- "2:59:20.3097599 AM","svchost.exe","3436","CloseFile","C:\Windows\System32\drivers\etc\hosts","SUCCESS",""
- "2:59:20.3115205 AM","svchost.exe","3436","CreateFile","C:\Windows\System32\drivers\etc\hosts","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: NT AUTHORITY\NETWORK SERVICE, OpenResult: Opened"
- "2:59:20.3115447 AM","svchost.exe","3436","QueryNetworkOpenInformationFile","C:\Windows\System32\drivers\etc\hosts","SUCCESS","CreationTime: 7/13/2009 7:34:48 PM, LastAccessTime: 7/13/2009 7:34:48 PM, LastWriteTime: 9/6/2011 12:01:23 PM, ChangeTime: 9/6/2011 12:01:23 PM, AllocationSize: 4096, EndOfFile: 1538, FileAttributes: A"
- "2:59:20.3115568 AM","svchost.exe","3436","CloseFile","C:\Windows\System32\drivers\etc\hosts","SUCCESS",""
- "2:59:20.3263199 AM","svchost.exe","3436","CreateFile","C:\Windows\System32\drivers\etc\hosts","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
- "2:59:20.3263414 AM","svchost.exe","3436","QueryNetworkOpenInformationFile","C:\Windows\System32\drivers\etc\hosts","SUCCESS","CreationTime: 7/13/2009 7:34:48 PM, LastAccessTime: 7/13/2009 7:34:48 PM, LastWriteTime: 9/6/2011 12:01:23 PM, ChangeTime: 9/6/2011 12:01:23 PM, AllocationSize: 4096, EndOfFile: 1538, FileAttributes: A"
- "2:59:20.3263535 AM","svchost.exe","3436","CloseFile","C:\Windows\System32\drivers\etc\hosts","SUCCESS",""
- "2:59:20.3281513 AM","svchost.exe","3436","CreateFile","C:\Windows\System32\drivers\etc\hosts","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: NT AUTHORITY\NETWORK SERVICE, OpenResult: Opened"
- "2:59:20.3281762 AM","svchost.exe","3436","QueryNetworkOpenInformationFile","C:\Windows\System32\drivers\etc\hosts","SUCCESS","CreationTime: 7/13/2009 7:34:48 PM, LastAccessTime: 7/13/2009 7:34:48 PM, LastWriteTime: 9/6/2011 12:01:23 PM, ChangeTime: 9/6/2011 12:01:23 PM, AllocationSize: 4096, EndOfFile: 1538, FileAttributes: A"
- "2:59:20.3281883 AM","svchost.exe","3436","CloseFile","C:\Windows\System32\drivers\etc\hosts","SUCCESS",""
- "2:59:20.4255679 AM","svchost.exe","3436","CreateFile","C:\Windows\System32\drivers\etc\hosts","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
- "2:59:20.4255897 AM","svchost.exe","3436","QueryNetworkOpenInformationFile","C:\Windows\System32\drivers\etc\hosts","SUCCESS","CreationTime: 7/13/2009 7:34:48 PM, LastAccessTime: 7/13/2009 7:34:48 PM, LastWriteTime: 9/6/2011 12:01:23 PM, ChangeTime: 9/6/2011 12:01:23 PM, AllocationSize: 4096, EndOfFile: 1538, FileAttributes: A"
- "2:59:20.4256021 AM","svchost.exe","3436","CloseFile","C:\Windows\System32\drivers\etc\hosts","SUCCESS",""
- "2:59:20.4274800 AM","svchost.exe","3436","CreateFile","C:\Windows\System32\drivers\etc\hosts","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: NT AUTHORITY\NETWORK SERVICE, OpenResult: Opened"
- "2:59:20.4275045 AM","svchost.exe","3436","QueryNetworkOpenInformationFile","C:\Windows\System32\drivers\etc\hosts","SUCCESS","CreationTime: 7/13/2009 7:34:48 PM, LastAccessTime: 7/13/2009 7:34:48 PM, LastWriteTime: 9/6/2011 12:01:23 PM, ChangeTime: 9/6/2011 12:01:23 PM, AllocationSize: 4096, EndOfFile: 1538, FileAttributes: A"
- "2:59:20.4275166 AM","svchost.exe","3436","CloseFile","C:\Windows\System32\drivers\etc\hosts","SUCCESS",""
- "2:59:20.4578853 AM","svchost.exe","3436","CreateFile","C:\Windows\System32\drivers\etc\hosts","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
- "2:59:20.4579064 AM","svchost.exe","3436","QueryNetworkOpenInformationFile","C:\Windows\System32\drivers\etc\hosts","SUCCESS","CreationTime: 7/13/2009 7:34:48 PM, LastAccessTime: 7/13/2009 7:34:48 PM, LastWriteTime: 9/6/2011 12:01:23 PM, ChangeTime: 9/6/2011 12:01:23 PM, AllocationSize: 4096, EndOfFile: 1538, FileAttributes: A"
- "2:59:20.4579185 AM","svchost.exe","3436","CloseFile","C:\Windows\System32\drivers\etc\hosts","SUCCESS",""
- "2:59:20.4596816 AM","svchost.exe","3436","CreateFile","C:\Windows\System32\drivers\etc\hosts","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: NT AUTHORITY\NETWORK SERVICE, OpenResult: Opened"
- "2:59:20.4597058 AM","svchost.exe","3436","QueryNetworkOpenInformationFile","C:\Windows\System32\drivers\etc\hosts","SUCCESS","CreationTime: 7/13/2009 7:34:48 PM, LastAccessTime: 7/13/2009 7:34:48 PM, LastWriteTime: 9/6/2011 12:01:23 PM, ChangeTime: 9/6/2011 12:01:23 PM, AllocationSize: 4096, EndOfFile: 1538, FileAttributes: A"
- "2:59:20.4597179 AM","svchost.exe","3436","CloseFile","C:\Windows\System32\drivers\etc\hosts","SUCCESS",""
- "2:59:20.4982968 AM","svchost.exe","3436","CreateFile","C:\Windows\System32\drivers\etc\hosts","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
- "2:59:20.4983179 AM","svchost.exe","3436","QueryNetworkOpenInformationFile","C:\Windows\System32\drivers\etc\hosts","SUCCESS","CreationTime: 7/13/2009 7:34:48 PM, LastAccessTime: 7/13/2009 7:34:48 PM, LastWriteTime: 9/6/2011 12:01:23 PM, ChangeTime: 9/6/2011 12:01:23 PM, AllocationSize: 4096, EndOfFile: 1538, FileAttributes: A"
- "2:59:20.4983300 AM","svchost.exe","3436","CloseFile","C:\Windows\System32\drivers\etc\hosts","SUCCESS",""
- "2:59:20.5001993 AM","svchost.exe","3436","CreateFile","C:\Windows\System32\drivers\etc\hosts","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: NT AUTHORITY\NETWORK SERVICE, OpenResult: Opened"
- "2:59:20.5002250 AM","svchost.exe","3436","QueryNetworkOpenInformationFile","C:\Windows\System32\drivers\etc\hosts","SUCCESS","CreationTime: 7/13/2009 7:34:48 PM, LastAccessTime: 7/13/2009 7:34:48 PM, LastWriteTime: 9/6/2011 12:01:23 PM, ChangeTime: 9/6/2011 12:01:23 PM, AllocationSize: 4096, EndOfFile: 1538, FileAttributes: A"
- "2:59:20.5002377 AM","svchost.exe","3436","CloseFile","C:\Windows\System32\drivers\etc\hosts","SUCCESS",""
- "2:59:20.5395154 AM","svchost.exe","3436","CreateFile","C:\Windows\System32\drivers\etc\hosts","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Open For Backup, Open No Recall, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
- "2:59:20.5395455 AM","svchost.exe","3436","FileSystemControl","C:\Windows\System32\drivers\etc\hosts","SUCCESS","Control: FSCTL_REQUEST_FILTER_OPLOCK"
- "2:59:20.5395595 AM","svchost.exe","3436","CloseFile","C:\Windows\System32\drivers\etc\hosts","SUCCESS",""
- "2:59:20.5396389 AM","svchost.exe","3436","CreateFile","C:\Windows\System32\drivers\etc\hosts","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Open No Recall, Attributes: N, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
- "2:59:20.5400380 AM","svchost.exe","3436","FileSystemControl","C:\Windows\System32\drivers\etc\hosts","SUCCESS","Control: FSCTL_READ_FILE_USN_DATA"
- "2:59:20.5401137 AM","svchost.exe","3436","QueryBasicInformationFile","C:\Windows\System32\drivers\etc\hosts","SUCCESS","CreationTime: 7/13/2009 7:34:48 PM, LastAccessTime: 7/13/2009 7:34:48 PM, LastWriteTime: 9/6/2011 12:01:23 PM, ChangeTime: 9/6/2011 12:01:23 PM, FileAttributes: A"
- "2:59:20.5401360 AM","svchost.exe","3436","ReadFile","C:\Windows\System32\drivers\etc\hosts","SUCCESS","Offset: 0, Length: 512, Priority: Normal"
- "2:59:20.5401475 AM","svchost.exe","3436","QueryStandardInformationFile","C:\Windows\System32\drivers\etc\hosts","SUCCESS","AllocationSize: 4,096, EndOfFile: 1,538, NumberOfLinks: 1, DeletePending: False, Directory: False"
- "2:59:20.5402142 AM","svchost.exe","3436","CreateFile","C:\Windows\System32\drivers\etc\hosts","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Open For Backup, Open No Recall, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
- "2:59:20.5402393 AM","svchost.exe","3436","FileSystemControl","C:\Windows\System32\drivers\etc\hosts","OPLOCK NOT GRANTED","Control: FSCTL_REQUEST_FILTER_OPLOCK"
- "2:59:20.5402505 AM","svchost.exe","3436","FileSystemControl","C:\Windows\System32\drivers\etc\hosts","SUCCESS","Control: FSCTL_REQUEST_OPLOCK_LEVEL_2"
- "2:59:20.5402620 AM","svchost.exe","3436","CloseFile","C:\Windows\System32\drivers\etc\hosts","SUCCESS",""
- "2:59:20.5403371 AM","svchost.exe","3436","CreateFile","C:\Windows\System32\drivers\etc\hosts","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Open No Recall, Attributes: N, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
- "2:59:20.5404203 AM","svchost.exe","3436","FileSystemControl","C:\Windows\System32\drivers\etc\hosts","SUCCESS","Control: FSCTL_READ_FILE_USN_DATA"
- "2:59:20.5404538 AM","svchost.exe","3436","QueryStandardInformationFile","C:\Windows\System32\drivers\etc\hosts","SUCCESS","AllocationSize: 4,096, EndOfFile: 1,538, NumberOfLinks: 1, DeletePending: False, Directory: False"
- "2:59:20.5404668 AM","svchost.exe","3436","QueryBasicInformationFile","C:\Windows\System32\drivers\etc\hosts","SUCCESS","CreationTime: 7/13/2009 7:34:48 PM, LastAccessTime: 7/13/2009 7:34:48 PM, LastWriteTime: 9/6/2011 12:01:23 PM, ChangeTime: 9/6/2011 12:01:23 PM, FileAttributes: A"
- "2:59:20.5404891 AM","svchost.exe","3436","ReadFile","C:\Windows\System32\drivers\etc\hosts","SUCCESS","Offset: 0, Length: 1,538, Priority: Normal"
- "2:59:20.5408848 AM","svchost.exe","3436","CloseFile","C:\Windows\System32\drivers\etc\hosts","SUCCESS",""
- "2:59:20.5414464 AM","svchost.exe","3436","ReadFile","C:\Windows\System32\drivers\etc\hosts","SUCCESS","Offset: 0, Length: 1,538, Priority: Normal"
- "2:59:20.5414765 AM","svchost.exe","3436","ReadFile","C:\Windows\System32\drivers\etc\hosts","SUCCESS","Offset: 0, Length: 1,538, Priority: Normal"
- "2:59:20.5415013 AM","svchost.exe","3436","ReadFile","C:\Windows\System32\drivers\etc\hosts","SUCCESS","Offset: 0, Length: 1,538, Priority: Normal"
- "2:59:20.5422644 AM","svchost.exe","3436","CreateFile","C:\Windows\System32\drivers\etc\hosts","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Sequential Access, Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
- "2:59:20.5425747 AM","svchost.exe","3436","FileSystemControl","C:\Windows\System32\drivers\etc\hosts","SUCCESS","Control: FSCTL_READ_FILE_USN_DATA"
- "2:59:20.5430336 AM","svchost.exe","3436","QueryStandardInformationFile","C:\Windows\System32\drivers\etc\hosts","SUCCESS","AllocationSize: 4,096, EndOfFile: 1,538, NumberOfLinks: 1, DeletePending: False, Directory: False"
- "2:59:20.5430730 AM","svchost.exe","3436","CreateFileMapping","C:\Windows\System32\drivers\etc\hosts","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: "
- "2:59:20.5430941 AM","svchost.exe","3436","QueryStandardInformationFile","C:\Windows\System32\drivers\etc\hosts","SUCCESS","AllocationSize: 4,096, EndOfFile: 1,538, NumberOfLinks: 1, DeletePending: False, Directory: False"
- "2:59:20.5431372 AM","svchost.exe","3436","CreateFileMapping","C:\Windows\System32\drivers\etc\hosts","SUCCESS","SyncType: SyncTypeOther"
- "2:59:20.5439217 AM","svchost.exe","3436","QueryStandardInformationFile","C:\Windows\System32\drivers\etc\hosts","SUCCESS","AllocationSize: 4,096, EndOfFile: 1,538, NumberOfLinks: 1, DeletePending: False, Directory: False"
- "2:59:20.5439567 AM","svchost.exe","3436","CreateFileMapping","C:\Windows\System32\drivers\etc\hosts","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: "
- "2:59:20.5439747 AM","svchost.exe","3436","QueryStandardInformationFile","C:\Windows\System32\drivers\etc\hosts","SUCCESS","AllocationSize: 4,096, EndOfFile: 1,538, NumberOfLinks: 1, DeletePending: False, Directory: False"
- "2:59:20.5440082 AM","svchost.exe","3436","CreateFileMapping","C:\Windows\System32\drivers\etc\hosts","SUCCESS","SyncType: SyncTypeOther"
- "2:59:20.5480508 AM","svchost.exe","3436","CreateFile","C:\Windows\System32\drivers\etc\hosts","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
- "2:59:20.5482845 AM","svchost.exe","3436","FileSystemControl","C:\Windows\System32\drivers\etc\hosts","SUCCESS","Control: FSCTL_READ_FILE_USN_DATA"
- "2:59:20.5483503 AM","svchost.exe","3436","QueryStandardInformationFile","C:\Windows\System32\drivers\etc\hosts","SUCCESS","AllocationSize: 4,096, EndOfFile: 1,538, NumberOfLinks: 1, DeletePending: False, Directory: False"
- "2:59:20.5483639 AM","svchost.exe","3436","CreateFileMapping","C:\Windows\System32\drivers\etc\hosts","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: "
- "2:59:20.5483717 AM","svchost.exe","3436","QueryStandardInformationFile","C:\Windows\System32\drivers\etc\hosts","SUCCESS","AllocationSize: 4,096, EndOfFile: 1,538, NumberOfLinks: 1, DeletePending: False, Directory: False"
- "2:59:20.5483863 AM","svchost.exe","3436","CreateFileMapping","C:\Windows\System32\drivers\etc\hosts","SUCCESS","SyncType: SyncTypeOther"
- "2:59:20.5507607 AM","svchost.exe","3436","CreateFile","C:\Windows\System32\drivers\etc\hosts","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, AllocationSize: n/a, OpenResult: Opened"
- "2:59:20.5508842 AM","svchost.exe","3436","FileSystemControl","C:\Windows\System32\drivers\etc\hosts","SUCCESS","Control: FSCTL_READ_FILE_USN_DATA"
- "2:59:20.5509214 AM","svchost.exe","3436","QueryStandardInformationFile","C:\Windows\System32\drivers\etc\hosts","SUCCESS","AllocationSize: 4,096, EndOfFile: 1,538, NumberOfLinks: 1, DeletePending: False, Directory: False"
- "2:59:20.5509369 AM","svchost.exe","3436","CreateFileMapping","C:\Windows\System32\drivers\etc\hosts","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: "
- "2:59:20.5509450 AM","svchost.exe","3436","QueryStandardInformationFile","C:\Windows\System32\drivers\etc\hosts","SUCCESS","AllocationSize: 4,096, EndOfFile: 1,538, NumberOfLinks: 1, DeletePending: False, Directory: False"
- "2:59:20.5509602 AM","svchost.exe","3436","CreateFileMapping","C:\Windows\System32\drivers\etc\hosts","SUCCESS","SyncType: SyncTypeOther"
- "2:59:20.5509779 AM","svchost.exe","3436","QueryStandardInformationFile","C:\Windows\System32\drivers\etc\hosts","SUCCESS","AllocationSize: 4,096, EndOfFile: 1,538, NumberOfLinks: 1, DeletePending: False, Directory: False"
- "2:59:20.5510008 AM","svchost.exe","3436","CloseFile","C:\Windows\System32\drivers\etc\hosts","SUCCESS",""
- "2:59:20.5511237 AM","svchost.exe","3436","CreateFile","C:\Windows\System32\drivers\etc\hosts","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
- "2:59:20.5512106 AM","svchost.exe","3436","FileSystemControl","C:\Windows\System32\drivers\etc\hosts","SUCCESS","Control: FSCTL_READ_FILE_USN_DATA"
- "2:59:20.5512553 AM","svchost.exe","3436","ReadFile","C:\Windows\System32\drivers\etc\hosts","SUCCESS","Offset: 0, Length: 512, Priority: Normal"
- "2:59:20.5512696 AM","svchost.exe","3436","CloseFile","C:\Windows\System32\drivers\etc\hosts","SUCCESS",""
- "2:59:20.5690466 AM","svchost.exe","3436","CloseFile","C:\Windows\System32\drivers\etc\hosts","SUCCESS",""
- "2:59:20.5691471 AM","svchost.exe","3436","CreateFile","C:\Windows\System32\drivers\etc\hosts","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, AllocationSize: n/a, OpenResult: Opened"
- "2:59:20.5694190 AM","svchost.exe","3436","FileSystemControl","C:\Windows\System32\drivers\etc\hosts","SUCCESS","Control: FSCTL_READ_FILE_USN_DATA"
- "2:59:20.5694835 AM","svchost.exe","3436","QueryStandardInformationFile","C:\Windows\System32\drivers\etc\hosts","SUCCESS","AllocationSize: 4,096, EndOfFile: 1,538, NumberOfLinks: 1, DeletePending: False, Directory: False"
- "2:59:20.5694981 AM","svchost.exe","3436","CreateFileMapping","C:\Windows\System32\drivers\etc\hosts","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: "
- "2:59:20.5695062 AM","svchost.exe","3436","QueryStandardInformationFile","C:\Windows\System32\drivers\etc\hosts","SUCCESS","AllocationSize: 4,096, EndOfFile: 1,538, NumberOfLinks: 1, DeletePending: False, Directory: False"
- "2:59:20.5695217 AM","svchost.exe","3436","CreateFileMapping","C:\Windows\System32\drivers\etc\hosts","SUCCESS","SyncType: SyncTypeOther"
- "2:59:20.5696430 AM","svchost.exe","3436","CreateFile","C:\Windows\System32\drivers\etc\hosts","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, AllocationSize: n/a, OpenResult: Opened"
- "2:59:20.5697324 AM","svchost.exe","3436","FileSystemControl","C:\Windows\System32\drivers\etc\hosts","SUCCESS","Control: FSCTL_READ_FILE_USN_DATA"
- "2:59:20.5697662 AM","svchost.exe","3436","QueryStandardInformationFile","C:\Windows\System32\drivers\etc\hosts","SUCCESS","AllocationSize: 4,096, EndOfFile: 1,538, NumberOfLinks: 1, DeletePending: False, Directory: False"
- "2:59:20.5697801 AM","svchost.exe","3436","CreateFileMapping","C:\Windows\System32\drivers\etc\hosts","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: "
- "2:59:20.5697873 AM","svchost.exe","3436","QueryStandardInformationFile","C:\Windows\System32\drivers\etc\hosts","SUCCESS","AllocationSize: 4,096, EndOfFile: 1,538, NumberOfLinks: 1, DeletePending: False, Directory: False"
- "2:59:20.5698013 AM","svchost.exe","3436","CreateFileMapping","C:\Windows\System32\drivers\etc\hosts","SUCCESS","SyncType: SyncTypeOther"
- "2:59:20.5698192 AM","svchost.exe","3436","QueryStandardInformationFile","C:\Windows\System32\drivers\etc\hosts","SUCCESS","AllocationSize: 4,096, EndOfFile: 1,538, NumberOfLinks: 1, DeletePending: False, Directory: False"
- "2:59:20.5698413 AM","svchost.exe","3436","CloseFile","C:\Windows\System32\drivers\etc\hosts","SUCCESS",""
- "2:59:20.5699592 AM","svchost.exe","3436","CreateFile","C:\Windows\System32\drivers\etc\hosts","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
- "2:59:20.5700455 AM","svchost.exe","3436","FileSystemControl","C:\Windows\System32\drivers\etc\hosts","SUCCESS","Control: FSCTL_READ_FILE_USN_DATA"
- "2:59:20.5700901 AM","svchost.exe","3436","ReadFile","C:\Windows\System32\drivers\etc\hosts","SUCCESS","Offset: 0, Length: 512, Priority: Normal"
- "2:59:20.5701047 AM","svchost.exe","3436","CloseFile","C:\Windows\System32\drivers\etc\hosts","SUCCESS",""
- "2:59:20.5701677 AM","svchost.exe","3436","CloseFile","C:\Windows\System32\drivers\etc\hosts","SUCCESS",""
- "2:59:20.5701947 AM","svchost.exe","3436","CloseFile","C:\Windows\System32\drivers\etc\hosts","SUCCESS",""
- "2:59:20.5702354 AM","svchost.exe","3436","CloseFile","C:\Windows\System32\drivers\etc\hosts","SUCCESS",""
- "2:59:31.7108552 AM","svchost.exe","3436","CreateFile","C:\Windows\System32\drivers\etc\hosts","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Open For Backup, Open No Recall, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
- "2:59:31.7108878 AM","svchost.exe","3436","FileSystemControl","C:\Windows\System32\drivers\etc\hosts","SUCCESS","Control: FSCTL_REQUEST_FILTER_OPLOCK"
- "2:59:31.7109024 AM","svchost.exe","3436","CloseFile","C:\Windows\System32\drivers\etc\hosts","SUCCESS",""
- "2:59:31.7109846 AM","svchost.exe","3436","CreateFile","C:\Windows\System32\drivers\etc\hosts","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Open No Recall, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
- "2:59:31.7110870 AM","svchost.exe","3436","FileSystemControl","C:\Windows\System32\drivers\etc\hosts","SUCCESS","Control: FSCTL_READ_FILE_USN_DATA"
- "2:59:31.7111299 AM","svchost.exe","3436","QueryStandardInformationFile","C:\Windows\System32\drivers\etc\hosts","SUCCESS","AllocationSize: 4,096, EndOfFile: 1,538, NumberOfLinks: 1, DeletePending: False, Directory: False"
- "2:59:31.7111429 AM","svchost.exe","3436","QueryBasicInformationFile","C:\Windows\System32\drivers\etc\hosts","SUCCESS","CreationTime: 7/13/2009 7:34:48 PM, LastAccessTime: 7/13/2009 7:34:48 PM, LastWriteTime: 9/6/2011 12:01:23 PM, ChangeTime: 9/6/2011 12:01:23 PM, FileAttributes: A"
- "2:59:31.7111640 AM","svchost.exe","3436","ReadFile","C:\Windows\System32\drivers\etc\hosts","SUCCESS","Offset: 0, Length: 1,538, Priority: Normal"
- "2:59:31.7111873 AM","svchost.exe","3436","CloseFile","C:\Windows\System32\drivers\etc\hosts","SUCCESS",""
- "2:59:31.7112866 AM","svchost.exe","3436","CreateFile","C:\Windows\System32\drivers\etc\hosts","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Open For Backup, Open No Recall, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
- "2:59:31.7113136 AM","svchost.exe","3436","FileSystemControl","C:\Windows\System32\drivers\etc\hosts","SUCCESS","Control: FSCTL_REQUEST_FILTER_OPLOCK"
- "2:59:31.7113762 AM","svchost.exe","3436","CreateFile","C:\Windows\System32\drivers\etc\hosts","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Random Access, Open No Recall, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
- "2:59:31.7114687 AM","svchost.exe","3436","FileSystemControl","C:\Windows\System32\drivers\etc\hosts","SUCCESS","Control: FSCTL_READ_FILE_USN_DATA"
- "2:59:31.7115007 AM","svchost.exe","3436","QueryBasicInformationFile","C:\Windows\System32\drivers\etc\hosts","SUCCESS","CreationTime: 7/13/2009 7:34:48 PM, LastAccessTime: 7/13/2009 7:34:48 PM, LastWriteTime: 9/6/2011 12:01:23 PM, ChangeTime: 9/6/2011 12:01:23 PM, FileAttributes: A"
- "2:59:31.7115121 AM","svchost.exe","3436","QueryStandardInformationFile","C:\Windows\System32\drivers\etc\hosts","SUCCESS","AllocationSize: 4,096, EndOfFile: 1,538, NumberOfLinks: 1, DeletePending: False, Directory: False"
- "2:59:31.7115261 AM","svchost.exe","3436","QueryBasicInformationFile","C:\Windows\System32\drivers\etc\hosts","SUCCESS","CreationTime: 7/13/2009 7:34:48 PM, LastAccessTime: 7/13/2009 7:34:48 PM, LastWriteTime: 9/6/2011 12:01:23 PM, ChangeTime: 9/6/2011 12:01:23 PM, FileAttributes: A"
- "2:59:31.7115385 AM","svchost.exe","3436","ReadFile","C:\Windows\System32\drivers\etc\hosts","SUCCESS","Offset: 0, Length: 1,538"
- "2:59:31.7122742 AM","svchost.exe","3436","CreateFile","C:\Windows\System32\drivers\etc\hosts","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
- "2:59:31.7122972 AM","svchost.exe","3436","QueryBasicInformationFile","C:\Windows\System32\drivers\etc\hosts","SUCCESS","CreationTime: 7/13/2009 7:34:48 PM, LastAccessTime: 7/13/2009 7:34:48 PM, LastWriteTime: 9/6/2011 12:01:23 PM, ChangeTime: 9/6/2011 12:01:23 PM, FileAttributes: A"
- "2:59:31.7123115 AM","svchost.exe","3436","CloseFile","C:\Windows\System32\drivers\etc\hosts","SUCCESS",""
- "2:59:31.7124399 AM","svchost.exe","3436","CreateFile","C:\Windows\System32\drivers\etc","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
- "2:59:31.7124589 AM","svchost.exe","3436","QueryBasicInformationFile","C:\Windows\System32\drivers\etc","SUCCESS","CreationTime: 7/13/2009 8:20:10 PM, LastAccessTime: 9/1/2011 2:55:56 AM, LastWriteTime: 9/1/2011 2:55:56 AM, ChangeTime: 9/1/2011 2:55:56 AM, FileAttributes: D"
- "2:59:31.7124710 AM","svchost.exe","3436","CloseFile","C:\Windows\System32\drivers\etc","SUCCESS",""
- "2:59:31.7137811 AM","svchost.exe","3436","CloseFile","C:\Windows\System32\drivers\etc\hosts","SUCCESS",""
- "2:59:31.7141410 AM","svchost.exe","996","NotifyChangeDirectory","C:\Windows\System32\drivers\etc","NOTIFY ENUM DIR","Filter: FILE_NOTIFY_CHANGE_FILE_NAME, FILE_NOTIFY_CHANGE_DIR_NAME"
- "2:59:31.7142195 AM","svchost.exe","3436","ReadFile","C:\Windows\System32\drivers\etc\hosts","SUCCESS","Offset: 0, Length: 1,538, Priority: Normal"
- "2:59:31.7143806 AM","svchost.exe","3436","QueryAttributeInformationVolume","C:\Windows\System32\drivers\etc\hosts","SUCCESS","FileSystemAttributes: Case Preserved, Case Sensitive, Unicode, ACLs, Compression, Named Streams, EFS, Object IDs, Reparse Points, Sparse Files, Quotas, Transactions, 0x3c00000, MaximumComponentNameLength: 255, FileSystemName: NTFS"
- "2:59:31.7144100 AM","svchost.exe","3436","QueryStreamInformationFile","C:\Windows\System32\drivers\etc\hosts","SUCCESS",""
- "2:59:31.7160096 AM","svchost.exe","996","NotifyChangeDirectory","C:\Windows\System32\drivers\etc","NOTIFY ENUM DIR","Filter: FILE_NOTIFY_CHANGE_FILE_NAME, FILE_NOTIFY_CHANGE_DIR_NAME"
- "2:59:31.7160208 AM","svchost.exe","996","NotifyChangeDirectory","C:\Windows\System32\drivers\etc","NOTIFY ENUM DIR","Filter: FILE_NOTIFY_CHANGE_FILE_NAME, FILE_NOTIFY_CHANGE_DIR_NAME"
- "2:59:31.7279695 AM","svchost.exe","996","NotifyChangeDirectory","C:\Windows\System32\drivers\etc","NOTIFY ENUM DIR","Filter: FILE_NOTIFY_CHANGE_FILE_NAME, FILE_NOTIFY_CHANGE_DIR_NAME"
- "2:59:31.7280098 AM","svchost.exe","996","NotifyChangeDirectory","C:\Windows\System32\drivers\etc","NOTIFY ENUM DIR","Filter: FILE_NOTIFY_CHANGE_FILE_NAME, FILE_NOTIFY_CHANGE_DIR_NAME"
- "2:59:31.7341711 AM","svchost.exe","3436","CreateFile","C:\Windows\System32\drivers\etc\hosts","SUCCESS","Desired Access: Write Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
- "2:59:31.7341956 AM","svchost.exe","3436","SetBasicInformationFile","C:\Windows\System32\drivers\etc\hosts","SUCCESS","CreationTime: 0, LastAccessTime: 0, LastWriteTime: 0, ChangeTime: 0, FileAttributes: N"
- "2:59:31.7342673 AM","svchost.exe","3436","CloseFile","C:\Windows\System32\drivers\etc\hosts","SUCCESS",""
- "2:59:31.7342962 AM","svchost.exe","3436","QueryBasicInformationFile","C:\Windows\System32\drivers\etc\hosts","SUCCESS","CreationTime: 7/13/2009 7:34:48 PM, LastAccessTime: 7/13/2009 7:34:48 PM, LastWriteTime: 9/6/2011 12:01:23 PM, ChangeTime: 9/7/2011 2:59:31 AM, FileAttributes: N"
- "2:59:31.7343129 AM","svchost.exe","3436","QueryNameInformationFile","C:\Windows\System32\drivers\etc\hosts","BUFFER OVERFLOW","Name: \Windo"
- "2:59:31.7343260 AM","svchost.exe","3436","QueryNameInformationFile","C:\Windows\System32\drivers\etc\hosts","SUCCESS","Name: \Windows\System32\drivers\etc\hosts"
- "2:59:31.7344020 AM","svchost.exe","3436","CreateFile","C:\Windows\System32\drivers\etc\hosts","SUCCESS","Desired Access: Generic Read/Write, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
- "2:59:31.7345035 AM","svchost.exe","3436","FileSystemControl","C:\Windows\System32\drivers\etc\hosts","SUCCESS","Control: FSCTL_READ_FILE_USN_DATA"
- "2:59:31.7348504 AM","svchost.exe","3436","ReadFile","C:\Windows\System32\drivers\etc\hosts","SUCCESS","Offset: 0, Length: 1,538, Priority: Normal"
- "2:59:31.7349978 AM","svchost.exe","3436","QueryAttributeInformationVolume","C:\Windows\System32\drivers\etc\hosts","SUCCESS","FileSystemAttributes: Case Preserved, Case Sensitive, Unicode, ACLs, Compression, Named Streams, EFS, Object IDs, Reparse Points, Sparse Files, Quotas, Transactions, 0x3c00000, MaximumComponentNameLength: 255, FileSystemName: NTFS"
- "2:59:31.7350260 AM","svchost.exe","3436","QueryStreamInformationFile","C:\Windows\System32\drivers\etc\hosts","SUCCESS",""
- "2:59:31.7350682 AM","svchost.exe","3436","WriteFile","C:\Windows\System32\drivers\etc\hosts","SUCCESS","Offset: 0, Length: 1,510, Priority: Normal"
- "2:59:31.7350946 AM","svchost.exe","3436","SetEndOfFileInformationFile","C:\Windows\System32\drivers\etc\hosts","SUCCESS","EndOfFile: 1,510"
- "2:59:31.7351427 AM","svchost.exe","3436","SetAllocationInformationFile","C:\Windows\System32\drivers\etc\hosts","SUCCESS","AllocationSize: 1,510"
- "2:59:31.7351712 AM","svchost.exe","3436","SetBasicInformationFile","C:\Windows\System32\drivers\etc\hosts","SUCCESS","CreationTime: 0, LastAccessTime: 0, LastWriteTime: 9/6/2011 12:01:23 PM, ChangeTime: 0, FileAttributes: n/a"
- "2:59:31.7356252 AM","svchost.exe","996","NotifyChangeDirectory","C:\Windows\System32\drivers\etc","NOTIFY ENUM DIR","Filter: FILE_NOTIFY_CHANGE_FILE_NAME, FILE_NOTIFY_CHANGE_DIR_NAME"
- "2:59:31.7356348 AM","svchost.exe","996","NotifyChangeDirectory","C:\Windows\System32\drivers\etc","NOTIFY ENUM DIR","Filter: FILE_NOTIFY_CHANGE_FILE_NAME, FILE_NOTIFY_CHANGE_DIR_NAME"
- "2:59:31.7366656 AM","svchost.exe","3436","CreateFile","C:\Windows\System32\drivers\etc\hosts","SUCCESS","Desired Access: Write Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
- "2:59:31.7366895 AM","svchost.exe","3436","SetBasicInformationFile","C:\Windows\System32\drivers\etc\hosts","SUCCESS","CreationTime: 0, LastAccessTime: 0, LastWriteTime: 0, ChangeTime: 0, FileAttributes: AN"
- "2:59:31.7367323 AM","svchost.exe","3436","CloseFile","C:\Windows\System32\drivers\etc\hosts","SUCCESS",""
- "2:59:31.7367615 AM","svchost.exe","3436","CloseFile","C:\Windows\System32\drivers\etc\hosts","SUCCESS",""
- "2:59:31.7369402 AM","svchost.exe","3436","CreateFile","C:\Windows\System32\drivers\etc\hosts","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Open For Backup, Open No Recall, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
- "2:59:31.7369691 AM","svchost.exe","3436","FileSystemControl","C:\Windows\System32\drivers\etc\hosts","OPLOCK NOT GRANTED","Control: FSCTL_REQUEST_FILTER_OPLOCK"
- "2:59:31.7369834 AM","svchost.exe","3436","FileSystemControl","C:\Windows\System32\drivers\etc\hosts","SUCCESS","Control: FSCTL_REQUEST_OPLOCK_LEVEL_2"
- "2:59:31.7369964 AM","svchost.exe","3436","CloseFile","C:\Windows\System32\drivers\etc\hosts","SUCCESS",""
- "2:59:31.7370740 AM","svchost.exe","3436","CreateFile","C:\Windows\System32\drivers\etc\hosts","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Random Access, Open No Recall, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
- "2:59:31.7371674 AM","svchost.exe","3436","FileSystemControl","C:\Windows\System32\drivers\etc\hosts","SUCCESS","Control: FSCTL_READ_FILE_USN_DATA"
- "2:59:31.7372059 AM","svchost.exe","3436","QueryBasicInformationFile","C:\Windows\System32\drivers\etc\hosts","SUCCESS","CreationTime: 7/13/2009 7:34:48 PM, LastAccessTime: 7/13/2009 7:34:48 PM, LastWriteTime: 9/6/2011 12:01:23 PM, ChangeTime: 9/7/2011 2:59:31 AM, FileAttributes: A"
- "2:59:31.7372186 AM","svchost.exe","3436","QueryStandardInformationFile","C:\Windows\System32\drivers\etc\hosts","SUCCESS","AllocationSize: 4,096, EndOfFile: 1,510, NumberOfLinks: 1, DeletePending: False, Directory: False"
- "2:59:31.7372329 AM","svchost.exe","3436","CloseFile","C:\Windows\System32\drivers\etc\hosts","SUCCESS",""
- "2:59:31.7375280 AM","svchost.exe","3436","QueryBasicInformationFile","C:\Windows\System32\drivers\etc\hosts","SUCCESS","CreationTime: 7/13/2009 7:34:48 PM, LastAccessTime: 7/13/2009 7:34:48 PM, LastWriteTime: 9/6/2011 12:01:23 PM, ChangeTime: 9/7/2011 2:59:31 AM, FileAttributes: A"
- "2:59:31.7375332 AM","svchost.exe","996","NotifyChangeDirectory","C:\Windows\System32\drivers\etc","","Filter: FILE_NOTIFY_CHANGE_FILE_NAME, FILE_NOTIFY_CHANGE_DIR_NAME"
- "2:59:31.7375540 AM","svchost.exe","3436","ReadFile","C:\Windows\System32\drivers\etc\hosts","SUCCESS","Offset: 0, Length: 1,510, Priority: Normal"
- "2:59:31.7380002 AM","svchost.exe","3436","QueryStreamInformationFile","C:\Windows\System32\drivers\etc\hosts","SUCCESS",""
- "2:59:31.7380207 AM","svchost.exe","3436","QueryEAFile","C:\Windows\System32\drivers\etc\hosts","0xC0000052",""
- "2:59:31.7380368 AM","svchost.exe","3436","CloseFile","C:\Windows\System32\drivers\etc\hosts","SUCCESS",""
- "2:59:32.4296437 AM","svchost.exe","996","CreateFile","C:\Windows\System32\drivers\etc\hosts","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
- "2:59:32.4300127 AM","svchost.exe","996","FileSystemControl","C:\Windows\System32\drivers\etc\hosts","SUCCESS","Control: FSCTL_READ_FILE_USN_DATA"
- "2:59:32.4300670 AM","svchost.exe","996","ReadFile","C:\Windows\System32\drivers\etc\hosts","SUCCESS","Offset: 0, Length: 1,510, Priority: Normal"
- "2:59:32.4305917 AM","svchost.exe","996","ReadFile","C:\Windows\System32\drivers\etc\hosts","END OF FILE","Offset: 1,510, Length: 4,096, Priority: Normal"
- "2:59:32.4306053 AM","svchost.exe","996","CloseFile","C:\Windows\System32\drivers\etc\hosts","SUCCESS",""
- "4:13:09.1409155 AM","AvastSvc.exe","1376","CreateFile","C:\Windows\System32\drivers\etc\hosts","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
- "4:13:09.1409515 AM","AvastSvc.exe","1376","QueryNameInformationFile","C:\Windows\System32\drivers\etc\hosts","SUCCESS","Name: \Windows\System32\drivers\etc\hosts"
- "4:13:09.1409726 AM","AvastSvc.exe","1376","CloseFile","C:\Windows\System32\drivers\etc\hosts","SUCCESS",""
- "6:19:41.4340205 AM","notepad.exe","1508","CreateFile","C:\Windows\System32\drivers\etc","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
- "6:19:41.4341769 AM","notepad.exe","1508","QueryDirectory","C:\Windows\System32\drivers\etc\hosts","SUCCESS","Filter: hosts, 1: hosts"
- "6:19:41.4342023 AM","notepad.exe","1508","CloseFile","C:\Windows\System32\drivers\etc","SUCCESS",""
- "6:19:41.4342811 AM","notepad.exe","1508","CreateFile","C:\Windows\System32\drivers\etc\hosts","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
- "6:19:41.4344834 AM","notepad.exe","1508","FileSystemControl","C:\Windows\System32\drivers\etc\hosts","SUCCESS","Control: FSCTL_READ_FILE_USN_DATA"
- "6:19:41.4345306 AM","notepad.exe","1508","QueryInformationVolume","C:\Windows\System32\drivers\etc\hosts","SUCCESS","VolumeCreationTime: 6/23/2011 2:09:50 AM, VolumeSerialNumber: 6658-9ECD, SupportsObjects: True, VolumeLabel: SSD"
- "6:19:41.4345452 AM","notepad.exe","1508","QueryAllInformationFile","C:\Windows\System32\drivers\etc\hosts","BUFFER OVERFLOW","CreationTime: 7/13/2009 7:34:48 PM, LastAccessTime: 7/13/2009 7:34:48 PM, LastWriteTime: 9/6/2011 12:01:23 PM, ChangeTime: 9/7/2011 2:59:31 AM, FileAttributes: A, AllocationSize: 4,096, EndOfFile: 1,510, NumberOfLinks: 1, DeletePending: False, Directory: False, IndexNumber: 0x1000000006c0a, EaSize: 0, Access: Generic Read, Position: 0, Mode: Synchronous IO Non-Alert, AlignmentRequirement: Word"
- "6:19:41.4345858 AM","notepad.exe","1508","CreateFileMapping","C:\Windows\System32\drivers\etc\hosts","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: "
- "6:19:41.4345948 AM","notepad.exe","1508","QueryStandardInformationFile","C:\Windows\System32\drivers\etc\hosts","SUCCESS","AllocationSize: 4,096, EndOfFile: 1,510, NumberOfLinks: 1, DeletePending: False, Directory: False"
- "6:19:41.4346141 AM","notepad.exe","1508","CreateFileMapping","C:\Windows\System32\drivers\etc\hosts","SUCCESS","SyncType: SyncTypeOther"
- "6:19:41.4346312 AM","notepad.exe","1508","CloseFile","C:\Windows\System32\drivers\etc\hosts","SUCCESS",""
- "6:19:41.4347941 AM","notepad.exe","1508","CreateFile","C:\Windows\System32\drivers\etc","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
- "6:19:41.4348217 AM","notepad.exe","1508","QueryDirectory","C:\Windows\System32\drivers\etc\hosts","SUCCESS","Filter: hosts, 1: hosts"
- "6:19:41.4407158 AM","notepad.exe","1508","CloseFile","C:\Windows\System32\drivers\etc","SUCCESS",""
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement