API tools faq
paste
Advertisement
Guest User

Process Monitor Filter Output

a guest
Aug 7th, 2011
816
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 60.03 KB | None | 0 0
raw download clone embed print report
  1. "Time of Day","Process Name","PID","Operation","Path","Result","Detail"
  2. "09:29:12,4797692","explorer.exe","9544","CreateFile","C:\test\.svn\entries","PATH NOT FOUND","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
  3. "09:29:12,4799699","explorer.exe","9544","QueryOpen","C:\test","FAST IO DISALLOWED",""
  4. "09:29:12,4800683","explorer.exe","9544","CreateFile","C:\test","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
  5. "09:29:12,4801322","explorer.exe","9544","QueryNetworkOpenInformationFile","C:\test","SUCCESS","CreationTime: 07/08/2011 09:12:47, LastAccessTime: 07/08/2011 09:29:04, LastWriteTime: 07/08/2011 09:29:04, ChangeTime: 07/08/2011 09:29:04, AllocationSize: 01/01/1601 02:00:00, EndOfFile: 01/01/1601 02:00:00, FileAttributes: D"
  6. "09:29:12,4801826","explorer.exe","9544","CloseFile","C:\test","SUCCESS",""
  7. "09:29:12,4802554","explorer.exe","9544","IRP_MJ_CLOSE","C:\test","SUCCESS",""
  8. "09:29:12,4810247","explorer.exe","9544","CreateFile","C:\test\.svn\entries","PATH NOT FOUND","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
  9. "09:29:12,4812006","explorer.exe","9544","QueryOpen","C:\test","FAST IO DISALLOWED",""
  10. "09:29:12,4812978","explorer.exe","9544","CreateFile","C:\test","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
  11. "09:29:12,4813599","explorer.exe","9544","QueryNetworkOpenInformationFile","C:\test","SUCCESS","CreationTime: 07/08/2011 09:12:47, LastAccessTime: 07/08/2011 09:29:04, LastWriteTime: 07/08/2011 09:29:04, ChangeTime: 07/08/2011 09:29:04, AllocationSize: 01/01/1601 02:00:00, EndOfFile: 01/01/1601 02:00:00, FileAttributes: D"
  12. "09:29:12,4814091","explorer.exe","9544","CloseFile","C:\test","SUCCESS",""
  13. "09:29:12,4814808","explorer.exe","9544","IRP_MJ_CLOSE","C:\test","SUCCESS",""
  14. "09:29:12,4816170","explorer.exe","9544","QueryOpen","C:\test","FAST IO DISALLOWED",""
  15. "09:29:12,4817111","explorer.exe","9544","CreateFile","C:\test","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
  16. "09:29:12,4817822","explorer.exe","9544","QueryNetworkOpenInformationFile","C:\test","SUCCESS","CreationTime: 07/08/2011 09:12:47, LastAccessTime: 07/08/2011 09:29:04, LastWriteTime: 07/08/2011 09:29:04, ChangeTime: 07/08/2011 09:29:04, AllocationSize: 01/01/1601 02:00:00, EndOfFile: 01/01/1601 02:00:00, FileAttributes: D"
  17. "09:29:12,4818331","explorer.exe","9544","CloseFile","C:\test","SUCCESS",""
  18. "09:29:12,4819030","explorer.exe","9544","IRP_MJ_CLOSE","C:\test","SUCCESS",""
  19. "09:29:12,4820203","explorer.exe","9544","QueryOpen","C:\test\.svn","FAST IO DISALLOWED",""
  20. "09:29:12,4821091","explorer.exe","9544","CreateFile","C:\test\.svn","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
  21. "09:29:12,5842071","explorer.exe","9544","QueryOpen","C:\test","FAST IO DISALLOWED",""
  22. "09:29:12,5843001","explorer.exe","9544","CreateFile","C:\test","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
  23. "09:29:12,5843611","explorer.exe","9544","QueryBasicInformationFile","C:\test","SUCCESS","CreationTime: 07/08/2011 09:12:47, LastAccessTime: 07/08/2011 09:29:04, LastWriteTime: 07/08/2011 09:29:04, ChangeTime: 07/08/2011 09:29:04, FileAttributes: D"
  24. "09:29:12,5844073","explorer.exe","9544","CloseFile","C:\test","SUCCESS",""
  25. "09:29:12,5844760","explorer.exe","9544","IRP_MJ_CLOSE","C:\test","SUCCESS",""
  26. "09:29:12,5846152","explorer.exe","9544","QueryOpen","C:\test","FAST IO DISALLOWED",""
  27. "09:29:12,5847064","explorer.exe","9544","CreateFile","C:\test","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
  28. "09:29:12,5847656","explorer.exe","9544","QueryBasicInformationFile","C:\test","SUCCESS","CreationTime: 07/08/2011 09:12:47, LastAccessTime: 07/08/2011 09:29:04, LastWriteTime: 07/08/2011 09:29:04, ChangeTime: 07/08/2011 09:29:04, FileAttributes: D"
  29. "09:29:12,5848118","explorer.exe","9544","CloseFile","C:\test","SUCCESS",""
  30. "09:29:12,5848799","explorer.exe","9544","IRP_MJ_CLOSE","C:\test","SUCCESS",""
  31. "09:29:12,5849717","explorer.exe","9544","QueryOpen","C:\test","FAST IO DISALLOWED",""
  32. "09:29:12,5850416","explorer.exe","9544","CreateFile","C:\test","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
  33. "09:29:12,5850848","explorer.exe","9544","QueryBasicInformationFile","C:\test","SUCCESS","CreationTime: 07/08/2011 09:12:47, LastAccessTime: 07/08/2011 09:29:04, LastWriteTime: 07/08/2011 09:29:04, ChangeTime: 07/08/2011 09:29:04, FileAttributes: D"
  34. "09:29:12,5851186","explorer.exe","9544","CloseFile","C:\test","SUCCESS",""
  35. "09:29:12,5851683","explorer.exe","9544","IRP_MJ_CLOSE","C:\test","SUCCESS",""
  36. "09:29:13,8883139","explorer.exe","9544","CreateFile","C:\test","SUCCESS","Desired Access: Read Control, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
  37. "09:29:13,8884222","explorer.exe","9544","QuerySecurityFile","C:\test","BUFFER OVERFLOW","Information: Owner, Group, DACL"
  38. "09:29:13,8884838","explorer.exe","9544","CloseFile","C:\test","SUCCESS",""
  39. "09:29:13,8885496","explorer.exe","9544","IRP_MJ_CLOSE","C:\test","SUCCESS",""
  40. "09:29:13,8886514","explorer.exe","9544","CreateFile","C:\test","SUCCESS","Desired Access: Read Control, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
  41. "09:29:13,8887267","explorer.exe","9544","QuerySecurityFile","C:\test","SUCCESS","Information: Owner, Group, DACL"
  42. "09:29:13,8887699","explorer.exe","9544","CloseFile","C:\test","SUCCESS",""
  43. "09:29:13,8888220","explorer.exe","9544","IRP_MJ_CLOSE","C:\test","SUCCESS",""
  44. "09:29:16,6700645","explorer.exe","9544","CloseFile","C:\test","SUCCESS",""
  45. "09:29:16,6701320","explorer.exe","9544","IRP_MJ_CLOSE","C:\test","SUCCESS",""
  46. "09:29:16,6701901","explorer.exe","9544","CloseFile","C:\test","SUCCESS",""
  47. "09:29:16,6702345","explorer.exe","9544","IRP_MJ_CLOSE","C:\test","SUCCESS",""
  48. "09:29:16,6748771","explorer.exe","9544","QueryOpen","C:\test\Nuovo collegamento.lnk","FAST IO DISALLOWED",""
  49. "09:29:16,6749878","explorer.exe","9544","CreateFile","C:\test\Nuovo collegamento.lnk","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
  50. "09:29:16,6753894","explorer.exe","9544","CreateFile","C:\test\Nuovo collegamento.lnk","SUCCESS","Desired Access: Generic Read/Write, Write DAC, Disposition: Create, Options: Sequential Access, Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: None, AllocationSize: 0, OpenResult: Created"
  51. "09:29:16,6761398","explorer.exe","9544","QueryBasicInformationFile","C:\test\Nuovo collegamento.lnk","SUCCESS","CreationTime: 07/08/2011 09:24:36, LastAccessTime: 07/08/2011 09:29:16, LastWriteTime: 07/08/2011 09:29:16, ChangeTime: 07/08/2011 09:29:16, FileAttributes: A"
  52. "09:29:16,6761990","explorer.exe","9544","QueryStandardInformationFile","C:\test\Nuovo collegamento.lnk","SUCCESS","AllocationSize: 0, EndOfFile: 0, NumberOfLinks: 1, DeletePending: False, Directory: False"
  53. "09:29:16,6762831","explorer.exe","9544","QueryAttributeInformationVolume","C:\test\Nuovo collegamento.lnk","SUCCESS","FileSystemAttributes: Case Preserved, Case Sensitive, Unicode, ACLs, Compression, Named Streams, EFS, Object IDs, Reparse Points, Sparse Files, Quotas, Transactions, 0x3c00000, MaximumComponentNameLength: 255, FileSystemName: NTFS"
  54. "09:29:16,6763340","explorer.exe","9544","QueryBasicInformationFile","C:\test\Nuovo collegamento.lnk","SUCCESS","CreationTime: 07/08/2011 09:24:36, LastAccessTime: 07/08/2011 09:29:16, LastWriteTime: 07/08/2011 09:29:16, ChangeTime: 07/08/2011 09:29:16, FileAttributes: A"
  55. "09:29:16,6764080","explorer.exe","9544","CloseFile","C:\test\Nuovo collegamento.lnk","SUCCESS",""
  56. "09:29:16,6764998","explorer.exe","9544","IRP_MJ_CLOSE","C:\test\Nuovo collegamento.lnk","SUCCESS",""
  57. "09:29:16,6828019","explorer.exe","9544","CreateFile","C:\test\Nuovo collegamento.lnk","SUCCESS","Desired Access: Generic Read/Write, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: None, AllocationSize: n/a, OpenResult: Opened"
  58. "09:29:16,6829891","explorer.exe","9544","ReadFile","C:\test\Nuovo collegamento.lnk","END OF FILE","Offset: 0, Length: 4.096, Priority: Normal"
  59. "09:29:16,6835209","explorer.exe","9544","CloseFile","C:\test\Nuovo collegamento.lnk","SUCCESS",""
  60. "09:29:16,6835979","explorer.exe","9544","IRP_MJ_CLOSE","C:\test\Nuovo collegamento.lnk","SUCCESS",""
  61. "09:29:16,7231422","explorer.exe","9544","CreateFile","C:\test\Nuovo collegamento.lnk","SUCCESS","Desired Access: Generic Read/Write, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: None, AllocationSize: n/a, OpenResult: Opened"
  62. "09:29:16,7233116","explorer.exe","9544","ReadFile","C:\test\Nuovo collegamento.lnk","END OF FILE","Offset: 0, Length: 4.096, Priority: Normal"
  63. "09:29:16,7414391","explorer.exe","9544","CreateFile","C:\test\~uovo collegamento.tmp","SUCCESS","Desired Access: Generic Read/Write, Disposition: OverwriteIf, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: HT, ShareMode: None, AllocationSize: 0, OpenResult: Created"
  64. "09:29:16,7418394","explorer.exe","9544","ReadFile","C:\test\Nuovo collegamento.lnk","END OF FILE","Offset: 0, Length: 65.536, Priority: Normal"
  65. "09:29:16,7419123","explorer.exe","9544","SetEndOfFileInformationFile","C:\test\~uovo collegamento.tmp","SUCCESS","EndOfFile: 0"
  66. "09:29:16,7421113","explorer.exe","9544","SetAllocationInformationFile","C:\test\~uovo collegamento.tmp","SUCCESS","AllocationSize: 0"
  67. "09:29:16,7422250","explorer.exe","9544","WriteFile","C:\test\~uovo collegamento.tmp","SUCCESS","Offset: 0, Length: 202, Priority: Normal"
  68. "09:29:16,7423636","explorer.exe","9544","CloseFile","C:\test\~uovo collegamento.tmp","SUCCESS",""
  69. "09:29:16,7427485","explorer.exe","9544","QueryAttributeInformationVolume","C:\test\Nuovo collegamento.lnk","SUCCESS","FileSystemAttributes: Case Preserved, Case Sensitive, Unicode, ACLs, Compression, Named Streams, EFS, Object IDs, Reparse Points, Sparse Files, Quotas, Transactions, 0x3c00000, MaximumComponentNameLength: 255, FileSystemName: NTFS"
  70. "09:29:16,7428107","explorer.exe","9544","CloseFile","C:\test\Nuovo collegamento.lnk","SUCCESS",""
  71. "09:29:16,7428854","explorer.exe","9544","IRP_MJ_CLOSE","C:\test\Nuovo collegamento.lnk","SUCCESS",""
  72. "09:29:16,7430044","explorer.exe","9544","CreateFile","C:\test\Nuovo collegamento.lnk","PRIVILEGE NOT HELD","Desired Access: Generic Read, Delete, Access System Security, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
  73. "09:29:16,7431619","explorer.exe","9544","CreateFile","C:\test\Nuovo collegamento.lnk","SUCCESS","Desired Access: Generic Read, Delete, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
  74. "09:29:16,7432940","explorer.exe","9544","CreateFile","C:\test\~uovo collegamento.tmp","SUCCESS","Desired Access: Generic Read/Write, Delete, Write DAC, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: None, AllocationSize: n/a, OpenResult: Opened"
  75. "09:29:16,7436458","explorer.exe","9544","QueryBasicInformationFile","C:\test\Nuovo collegamento.lnk","SUCCESS","CreationTime: 07/08/2011 09:24:36, LastAccessTime: 07/08/2011 09:29:16, LastWriteTime: 07/08/2011 09:29:16, ChangeTime: 07/08/2011 09:29:16, FileAttributes: A"
  76. "09:29:16,7436997","explorer.exe","9544","QueryBasicInformationFile","C:\test\~uovo collegamento.tmp","SUCCESS","CreationTime: 07/08/2011 09:29:16, LastAccessTime: 07/08/2011 09:29:16, LastWriteTime: 07/08/2011 09:29:16, ChangeTime: 07/08/2011 09:29:16, FileAttributes: HAT"
  77. "09:29:16,7437530","explorer.exe","9544","SetBasicInformationFile","C:\test\~uovo collegamento.tmp","SUCCESS","CreationTime: 07/08/2011 09:24:36, LastAccessTime: 01/01/1601 02:00:00, LastWriteTime: 01/01/1601 02:00:00, ChangeTime: 01/01/1601 02:00:00, FileAttributes: A"
  78. "09:29:16,7438839","explorer.exe","9544","QueryAttributeInformationVolume","C:\test\~uovo collegamento.tmp","SUCCESS","FileSystemAttributes: Case Preserved, Case Sensitive, Unicode, ACLs, Compression, Named Streams, EFS, Object IDs, Reparse Points, Sparse Files, Quotas, Transactions, 0x3c00000, MaximumComponentNameLength: 255, FileSystemName: NTFS"
  79. "09:29:16,7715146","explorer.exe","9544","QuerySecurityFile","C:\test\Nuovo collegamento.lnk","BUFFER OVERFLOW","Information: Owner, DACL"
  80. "09:29:16,7715637","explorer.exe","9544","QuerySecurityFile","C:\test\Nuovo collegamento.lnk","SUCCESS","Information: Owner, DACL"
  81. "09:29:16,7716336","explorer.exe","9544","QuerySecurityFile","C:\test\~uovo collegamento.tmp","BUFFER OVERFLOW","Information: Owner"
  82. "09:29:16,7716768","explorer.exe","9544","QuerySecurityFile","C:\test\~uovo collegamento.tmp","SUCCESS","Information: Owner"
  83. "09:29:16,7717260","explorer.exe","9544","QueryBasicInformationFile","C:\test\~uovo collegamento.tmp","SUCCESS","CreationTime: 07/08/2011 09:24:36, LastAccessTime: 07/08/2011 09:29:16, LastWriteTime: 07/08/2011 09:29:16, ChangeTime: 07/08/2011 09:29:16, FileAttributes: A"
  84. "09:29:16,7788531","explorer.exe","9544","QueryNameInformationFile","C:\test\~uovo collegamento.tmp","SUCCESS","Name: \test\~uovo collegamento.tmp"
  85. "09:29:16,7789709","explorer.exe","9544","CreateFile","C:\test","SUCCESS","Desired Access: Read Control, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
  86. "09:29:16,7791202","explorer.exe","9544","QuerySecurityFile","C:\test","BUFFER OVERFLOW","Information: DACL, DACL Unprotected"
  87. "09:29:16,7791841","explorer.exe","9544","QuerySecurityFile","C:\test","SUCCESS","Information: DACL, DACL Unprotected"
  88. "09:29:16,7792434","explorer.exe","9544","CloseFile","C:\test","SUCCESS",""
  89. "09:29:16,7793115","explorer.exe","9544","IRP_MJ_CLOSE","C:\test","SUCCESS",""
  90. "09:29:16,7793837","explorer.exe","9544","QuerySecurityFile","C:\test\~uovo collegamento.tmp","BUFFER OVERFLOW","Information: Owner, Group, DACL, DACL Unprotected"
  91. "09:29:16,7794435","explorer.exe","9544","QuerySecurityFile","C:\test\~uovo collegamento.tmp","SUCCESS","Information: Owner, Group, DACL, DACL Unprotected"
  92. "09:29:16,7795324","explorer.exe","9544","SetSecurityFile","C:\test\~uovo collegamento.tmp","SUCCESS","Information: DACL, DACL Unprotected"
  93. "09:29:16,7797184","explorer.exe","9544","QueryStreamInformationFile","C:\test\Nuovo collegamento.lnk","SUCCESS","0: ::$DATA"
  94. "09:29:16,7798540","explorer.exe","9544","CreateFile","C:\test\Nuovo collegamento.lnk~RF1202c678.TMP","SUCCESS","Desired Access: Generic Write, Read Attributes, Delete, Disposition: Create, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: HT, ShareMode: None, AllocationSize: 0, OpenResult: Created"
  95. "09:29:16,7801975","explorer.exe","9544","CloseFile","C:\test\Nuovo collegamento.lnk~RF1202c678.TMP","SUCCESS",""
  96. "09:29:16,7803207","explorer.exe","9544","IRP_MJ_CLOSE","C:\test\Nuovo collegamento.lnk~RF1202c678.TMP","SUCCESS",""
  97. "09:29:16,7803965","explorer.exe","9544","QueryBasicInformationFile","C:\test\Nuovo collegamento.lnk","SUCCESS","CreationTime: 07/08/2011 09:24:36, LastAccessTime: 07/08/2011 09:29:16, LastWriteTime: 07/08/2011 09:29:16, ChangeTime: 07/08/2011 09:29:16, FileAttributes: A"
  98. "09:29:16,7804841","explorer.exe","9544","CreateFile","C:\test","SUCCESS","Desired Access: Write Data/Add File, Synchronize, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
  99. "09:29:16,7805996","explorer.exe","9544","SetRenameInformationFile","C:\test\Nuovo collegamento.lnk","SUCCESS","ReplaceIfExists: True, FileName: C:\test\Nuovo collegamento.lnk~RF1202c678.TMP"
  100. "09:29:16,7808276","explorer.exe","9544","CloseFile","C:\test","SUCCESS",""
  101. "09:29:16,7809017","explorer.exe","9544","IRP_MJ_CLOSE","C:\test","SUCCESS",""
  102. "09:29:16,7809733","explorer.exe","9544","QueryBasicInformationFile","C:\test\~uovo collegamento.tmp","SUCCESS","CreationTime: 07/08/2011 09:24:36, LastAccessTime: 07/08/2011 09:29:16, LastWriteTime: 07/08/2011 09:29:16, ChangeTime: 07/08/2011 09:29:16, FileAttributes: A"
  103. "09:29:16,7810876","explorer.exe","9544","CreateFile","C:\test","SUCCESS","Desired Access: Write Data/Add File, Synchronize, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
  104. "09:29:16,7812398","explorer.exe","9544","SetRenameInformationFile","C:\test\~uovo collegamento.tmp","SUCCESS","ReplaceIfExists: True, FileName: C:\test\Nuovo collegamento.lnk"
  105. "09:29:16,7841122","explorer.exe","9544","CloseFile","C:\test","SUCCESS",""
  106. "09:29:16,7841869","explorer.exe","9544","IRP_MJ_CLOSE","C:\test","SUCCESS",""
  107. "09:29:16,7842982","explorer.exe","9544","CloseFile","C:\test\Nuovo collegamento.lnk~RF1202c678.TMP","SUCCESS",""
  108. "09:29:16,7844344","explorer.exe","9544","IRP_MJ_CLOSE","C:\test\Nuovo collegamento.lnk","SUCCESS",""
  109. "09:29:16,7845404","explorer.exe","9544","CloseFile","C:\test\Nuovo collegamento.lnk","SUCCESS",""
  110. "09:29:16,7846749","explorer.exe","9544","IRP_MJ_CLOSE","C:\test\Nuovo collegamento.lnk","SUCCESS",""
  111. "09:29:16,7848052","explorer.exe","9544","CreateFile","C:\test\Nuovo collegamento.lnk~RF1202c678.TMP","SUCCESS","Desired Access: Read Attributes, Delete, Disposition: Open, Options: Non-Directory File, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
  112. "09:29:16,7849799","explorer.exe","9544","QueryAttributeTagFile","C:\test\Nuovo collegamento.lnk~RF1202c678.TMP","SUCCESS","Attributes: A, ReparseTag: 0x0"
  113. "09:29:16,7850776","explorer.exe","9544","SetDispositionInformationFile","C:\test\Nuovo collegamento.lnk~RF1202c678.TMP","SUCCESS","Delete: True"
  114. "09:29:16,7851759","explorer.exe","9544","CloseFile","C:\test\Nuovo collegamento.lnk~RF1202c678.TMP","SUCCESS",""
  115. "09:29:16,7853719","explorer.exe","9544","IRP_MJ_CLOSE","C:\test\Nuovo collegamento.lnk~RF1202c678.TMP","SUCCESS",""
  116. "09:29:16,7855218","explorer.exe","9544","CreateFile","C:\test\Nuovo collegamento.lnk","SUCCESS","Desired Access: Generic Read/Write, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: None, AllocationSize: n/a, OpenResult: Opened"
  117. "09:29:16,7856994","explorer.exe","9544","CloseFile","C:\test\Nuovo collegamento.lnk","SUCCESS",""
  118. "09:29:16,7857533","explorer.exe","9544","IRP_MJ_CLOSE","C:\test\Nuovo collegamento.lnk","SUCCESS",""
  119. "09:29:16,7930528","explorer.exe","9544","QueryDirectory","C:\test","SUCCESS","Filter: test, 1: test"
  120. "09:29:16,7931493","explorer.exe","9544","CreateFile","C:\test","SUCCESS","Desired Access: Read Data/List Directory, Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
  121. "09:29:16,7932494","explorer.exe","9544","FileSystemControl","C:\test","INVALID DEVICE REQUEST","Control: FSCTL_LMR_QUERY_DEBUG_INFO"
  122. "09:29:16,7932778","explorer.exe","9544","QueryDirectory","C:\test\Nuovo collegamento.lnk","SUCCESS","Filter: Nuovo collegamento.lnk, 1: Nuovo collegamento.lnk"
  123. "09:29:16,7933151","explorer.exe","9544","CloseFile","C:\test","SUCCESS",""
  124. "09:29:16,7933513","explorer.exe","9544","IRP_MJ_CLOSE","C:\test","SUCCESS",""
  125. "09:29:16,7935663","explorer.exe","9544","CreateFile","C:\test","SUCCESS","Desired Access: Read Data/List Directory, Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
  126. "09:29:16,7936598","explorer.exe","9544","FileSystemControl","C:\test","INVALID DEVICE REQUEST","Control: FSCTL_LMR_QUERY_DEBUG_INFO"
  127. "09:29:16,7936865","explorer.exe","9544","QueryDirectory","C:\test\Nuovo collegamento.lnk","SUCCESS","Filter: Nuovo collegamento.lnk, 1: Nuovo collegamento.lnk"
  128. "09:29:16,7937220","explorer.exe","9544","CloseFile","C:\test","SUCCESS",""
  129. "09:29:16,7937576","explorer.exe","9544","IRP_MJ_CLOSE","C:\test","SUCCESS",""
  130. "09:29:16,7938428","explorer.exe","9544","CreateFile","C:\test","SUCCESS","Desired Access: Read Data/List Directory, Read Attributes, Synchronize, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
  131. "09:29:16,7939595","explorer.exe","9544","QueryBasicInformationFile","C:\test","SUCCESS","CreationTime: 07/08/2011 09:12:47, LastAccessTime: 07/08/2011 09:29:16, LastWriteTime: 07/08/2011 09:29:16, ChangeTime: 07/08/2011 09:29:16, FileAttributes: D"
  132. "09:29:16,7939945","explorer.exe","9544","NotifyChangeDirectory","C:\test","","Filter: FILE_NOTIFY_CHANGE_DIR_NAME"
  133. "09:29:16,7941360","explorer.exe","9544","CreateFile","C:\test","SUCCESS","Desired Access: Read Data/List Directory, Read Attributes, Synchronize, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
  134. "09:29:16,7942621","explorer.exe","9544","QueryBasicInformationFile","C:\test","SUCCESS","CreationTime: 07/08/2011 09:12:47, LastAccessTime: 07/08/2011 09:29:16, LastWriteTime: 07/08/2011 09:29:16, ChangeTime: 07/08/2011 09:29:16, FileAttributes: D"
  135. "09:29:16,7942965","explorer.exe","9544","NotifyChangeDirectory","C:\test","","Filter: FILE_NOTIFY_CHANGE_FILE_NAME, FILE_NOTIFY_CHANGE_ATTRIBUTES, FILE_NOTIFY_CHANGE_LAST_WRITE"
  136. "09:29:16,7959471","explorer.exe","9544","CreateFile","C:\test","SUCCESS","Desired Access: Read Data/List Directory, Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
  137. "09:29:16,7960691","explorer.exe","9544","FileSystemControl","C:\test","INVALID DEVICE REQUEST","Control: FSCTL_LMR_QUERY_DEBUG_INFO"
  138. "09:29:16,7960969","explorer.exe","9544","QueryDirectory","C:\test","SUCCESS","0: ., 1: .., 2: Nuovo collegamento.lnk"
  139. "09:29:16,7962450","explorer.exe","9544","QueryDirectory","C:\test","NO MORE FILES",""
  140. "09:29:16,8114817","explorer.exe","9544","CreateFile","C:\test","SUCCESS","Desired Access: Read Attributes, Read Control, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
  141. "09:29:16,8115694","explorer.exe","9544","QuerySecurityFile","C:\test","BUFFER OVERFLOW","Information: Owner, DACL"
  142. "09:29:16,8116043","explorer.exe","9544","QuerySecurityFile","C:\test","SUCCESS","Information: Owner, DACL"
  143. "09:29:16,8116381","explorer.exe","9544","CloseFile","C:\test","SUCCESS",""
  144. "09:29:16,8116766","explorer.exe","9544","IRP_MJ_CLOSE","C:\test","SUCCESS",""
  145. "09:29:16,8117814","explorer.exe","9544","QueryOpen","C:\test","FAST IO DISALLOWED",""
  146. "09:29:16,8117956","explorer.exe","9544","CloseFile","C:\test","SUCCESS",""
  147. "09:29:16,8118406","explorer.exe","9544","IRP_MJ_CLOSE","C:\test","SUCCESS",""
  148. "09:29:16,8118578","explorer.exe","9544","CreateFile","C:\test","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
  149. "09:29:16,8118993","explorer.exe","9544","QueryBasicInformationFile","C:\test","SUCCESS","CreationTime: 07/08/2011 09:12:47, LastAccessTime: 07/08/2011 09:29:16, LastWriteTime: 07/08/2011 09:29:16, ChangeTime: 07/08/2011 09:29:16, FileAttributes: D"
  150. "09:29:16,8119300","explorer.exe","9544","CloseFile","C:\test","SUCCESS",""
  151. "09:29:16,8119893","explorer.exe","9544","IRP_MJ_CLOSE","C:\test","SUCCESS",""
  152. "09:29:16,8123997","explorer.exe","9544","CreateFile","C:\test","SUCCESS","Desired Access: Read Attributes, Read Control, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
  153. "09:29:16,8124773","explorer.exe","9544","QuerySecurityFile","C:\test","BUFFER OVERFLOW","Information: Owner, DACL"
  154. "09:29:16,8125116","explorer.exe","9544","QuerySecurityFile","C:\test","SUCCESS","Information: Owner, DACL"
  155. "09:29:16,8125430","explorer.exe","9544","CloseFile","C:\test","SUCCESS",""
  156. "09:29:16,8125815","explorer.exe","9544","IRP_MJ_CLOSE","C:\test","SUCCESS",""
  157. "09:29:16,8126834","explorer.exe","9544","QueryOpen","C:\test","FAST IO DISALLOWED",""
  158. "09:29:16,8127574","explorer.exe","9544","CreateFile","C:\test","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
  159. "09:29:16,8127989","explorer.exe","9544","QueryBasicInformationFile","C:\test","SUCCESS","CreationTime: 07/08/2011 09:12:47, LastAccessTime: 07/08/2011 09:29:16, LastWriteTime: 07/08/2011 09:29:16, ChangeTime: 07/08/2011 09:29:16, FileAttributes: D"
  160. "09:29:16,8128285","explorer.exe","9544","CloseFile","C:\test","SUCCESS",""
  161. "09:29:16,8128788","explorer.exe","9544","IRP_MJ_CLOSE","C:\test","SUCCESS",""
  162. "09:29:16,8135262","explorer.exe","9544","CreateFile","C:\test","SUCCESS","Desired Access: Read Attributes, Read Control, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
  163. "09:29:16,8136434","explorer.exe","9544","QuerySecurityFile","C:\test","BUFFER OVERFLOW","Information: Owner, DACL"
  164. "09:29:16,8137009","explorer.exe","9544","QuerySecurityFile","C:\test","SUCCESS","Information: Owner, DACL"
  165. "09:29:16,8137613","explorer.exe","9544","CloseFile","C:\test","SUCCESS",""
  166. "09:29:16,8138205","explorer.exe","9544","IRP_MJ_CLOSE","C:\test","SUCCESS",""
  167. "09:29:16,8143689","explorer.exe","9544","CreateFile","C:\test","SUCCESS","Desired Access: Read Attributes, Read Control, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
  168. "09:29:16,8144773","explorer.exe","9544","QuerySecurityFile","C:\test","BUFFER OVERFLOW","Information: Owner, DACL"
  169. "09:29:16,8145312","explorer.exe","9544","QuerySecurityFile","C:\test","SUCCESS","Information: Owner, DACL"
  170. "09:29:16,8145815","explorer.exe","9544","CloseFile","C:\test","SUCCESS",""
  171. "09:29:16,8146419","explorer.exe","9544","IRP_MJ_CLOSE","C:\test","SUCCESS",""
  172. "09:29:16,8147805","explorer.exe","9544","QueryOpen","C:\test","FAST IO DISALLOWED",""
  173. "09:29:16,8148865","explorer.exe","9544","CreateFile","C:\test","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
  174. "09:29:16,8149475","explorer.exe","9544","QueryBasicInformationFile","C:\test","SUCCESS","CreationTime: 07/08/2011 09:12:47, LastAccessTime: 07/08/2011 09:29:16, LastWriteTime: 07/08/2011 09:29:16, ChangeTime: 07/08/2011 09:29:16, FileAttributes: D"
  175. "09:29:16,8150192","explorer.exe","9544","CloseFile","C:\test","SUCCESS",""
  176. "09:29:16,8150956","explorer.exe","9544","IRP_MJ_CLOSE","C:\test","SUCCESS",""
  177. "09:29:16,8156612","explorer.exe","9544","CreateFile","C:\test","SUCCESS","Desired Access: Read Attributes, Read Control, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
  178. "09:29:16,8157678","explorer.exe","9544","QuerySecurityFile","C:\test","BUFFER OVERFLOW","Information: Owner, DACL"
  179. "09:29:16,8158199","explorer.exe","9544","QuerySecurityFile","C:\test","SUCCESS","Information: Owner, DACL"
  180. "09:29:16,8158709","explorer.exe","9544","CloseFile","C:\test","SUCCESS",""
  181. "09:29:16,8159313","explorer.exe","9544","IRP_MJ_CLOSE","C:\test","SUCCESS",""
  182. "09:29:16,8160864","explorer.exe","9544","QueryOpen","C:\test","FAST IO DISALLOWED",""
  183. "09:29:16,8161930","explorer.exe","9544","CreateFile","C:\test","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
  184. "09:29:16,8162558","explorer.exe","9544","QueryBasicInformationFile","C:\test","SUCCESS","CreationTime: 07/08/2011 09:12:47, LastAccessTime: 07/08/2011 09:29:16, LastWriteTime: 07/08/2011 09:29:16, ChangeTime: 07/08/2011 09:29:16, FileAttributes: D"
  185. "09:29:16,8163079","explorer.exe","9544","CloseFile","C:\test","SUCCESS",""
  186. "09:29:16,8163826","explorer.exe","9544","IRP_MJ_CLOSE","C:\test","SUCCESS",""
  187. "09:29:16,8168747","explorer.exe","9544","CreateFile","C:\test","SUCCESS","Desired Access: Read Attributes, Read Control, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
  188. "09:29:16,8169890","explorer.exe","9544","QuerySecurityFile","C:\test","BUFFER OVERFLOW","Information: Owner, DACL"
  189. "09:29:16,8170465","explorer.exe","9544","QuerySecurityFile","C:\test","SUCCESS","Information: Owner, DACL"
  190. "09:29:16,8170986","explorer.exe","9544","CloseFile","C:\test","SUCCESS",""
  191. "09:29:16,8171631","explorer.exe","9544","IRP_MJ_CLOSE","C:\test","SUCCESS",""
  192. "09:29:16,8253166","explorer.exe","9544","QueryOpen","C:\test","FAST IO DISALLOWED",""
  193. "09:29:16,8253918","explorer.exe","9544","CreateFile","C:\test","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
  194. "09:29:16,8254339","explorer.exe","9544","QueryBasicInformationFile","C:\test","SUCCESS","CreationTime: 07/08/2011 09:12:47, LastAccessTime: 07/08/2011 09:29:16, LastWriteTime: 07/08/2011 09:29:16, ChangeTime: 07/08/2011 09:29:16, FileAttributes: D"
  195. "09:29:16,8254653","explorer.exe","9544","CloseFile","C:\test","SUCCESS",""
  196. "09:29:16,8255156","explorer.exe","9544","IRP_MJ_CLOSE","C:\test","SUCCESS",""
  197. "09:29:16,8256086","explorer.exe","9544","QueryOpen","C:\test","FAST IO DISALLOWED",""
  198. "09:29:16,8256773","explorer.exe","9544","CreateFile","C:\test","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
  199. "09:29:16,8257152","explorer.exe","9544","QueryBasicInformationFile","C:\test","SUCCESS","CreationTime: 07/08/2011 09:12:47, LastAccessTime: 07/08/2011 09:29:16, LastWriteTime: 07/08/2011 09:29:16, ChangeTime: 07/08/2011 09:29:16, FileAttributes: D"
  200. "09:29:16,8257424","explorer.exe","9544","CloseFile","C:\test","SUCCESS",""
  201. "09:29:16,8257880","explorer.exe","9544","IRP_MJ_CLOSE","C:\test","SUCCESS",""
  202. "09:29:16,8736309","explorer.exe","9544","CreateFile","C:\test\Nuovo collegamento.lnk","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Open Requiring Oplock, Attributes: N, ShareMode: Read, AllocationSize: n/a, OpenResult: Opened"
  203. "09:29:16,8738121","explorer.exe","9544","FileSystemControl","C:\test\Nuovo collegamento.lnk","SUCCESS","Control: FSCTL_REQUEST_FILTER_OPLOCK"
  204. "09:29:16,8742421","explorer.exe","9544","CreateFile","C:\test\Nuovo collegamento.lnk","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
  205. "09:29:16,8743611","explorer.exe","9544","ReadFile","C:\test\Nuovo collegamento.lnk","SUCCESS","Offset: 0, Length: 202, Priority: Normal"
  206. "09:29:16,8744044","explorer.exe","9544","CloseFile","C:\test\Nuovo collegamento.lnk","SUCCESS",""
  207. "09:29:16,8744482","explorer.exe","9544","IRP_MJ_CLOSE","C:\test\Nuovo collegamento.lnk","SUCCESS",""
  208. "09:29:16,8746774","explorer.exe","9544","CloseFile","C:\test\Nuovo collegamento.lnk","SUCCESS",""
  209. "09:29:16,8747277","explorer.exe","9544","IRP_MJ_CLOSE","C:\test\Nuovo collegamento.lnk","SUCCESS",""
  210. "09:29:16,8754207","Dropbox.exe","5248","QueryOpen","C:\test\Nuovo collegamento.lnk","FAST IO DISALLOWED",""
  211. "09:29:16,8754965","Dropbox.exe","5248","CreateFile","C:\test\Nuovo collegamento.lnk","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
  212. "09:29:16,8755403","Dropbox.exe","5248","QueryBasicInformationFile","C:\test\Nuovo collegamento.lnk","SUCCESS","CreationTime: 07/08/2011 09:24:36, LastAccessTime: 07/08/2011 09:29:16, LastWriteTime: 07/08/2011 09:29:16, ChangeTime: 07/08/2011 09:29:16, FileAttributes: HAT"
  213. "09:29:16,8755610","Dropbox.exe","5248","CloseFile","C:\test\Nuovo collegamento.lnk","SUCCESS",""
  214. "09:29:16,8756125","Dropbox.exe","5248","IRP_MJ_CLOSE","C:\test\Nuovo collegamento.lnk","SUCCESS",""
  215. "09:29:16,8757772","Dropbox.exe","5248","QueryDirectory","C:\test","SUCCESS","Filter: test, 1: test"
  216. "09:29:17,0018967","explorer.exe","9544","CreateFile","C:\test\Nuovo collegamento.lnk","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
  217. "09:29:17,0020903","explorer.exe","9544","ReadFile","C:\test\Nuovo collegamento.lnk","SUCCESS","Offset: 0, Length: 202, Priority: Normal"
  218. "09:29:17,0021739","explorer.exe","9544","CloseFile","C:\test\Nuovo collegamento.lnk","SUCCESS",""
  219. "09:29:17,0022200","explorer.exe","9544","IRP_MJ_CLOSE","C:\test\Nuovo collegamento.lnk","SUCCESS",""
  220. "09:29:17,0062065","explorer.exe","9544","CreateFile","C:\test\Nuovo collegamento.lnk","SUCCESS","Desired Access: Read Control, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
  221. "09:29:17,0062900","explorer.exe","9544","QuerySecurityFile","C:\test\Nuovo collegamento.lnk","BUFFER OVERFLOW","Information: Owner, Group, DACL"
  222. "09:29:17,0063231","explorer.exe","9544","CloseFile","C:\test\Nuovo collegamento.lnk","SUCCESS",""
  223. "09:29:17,0063646","explorer.exe","9544","IRP_MJ_CLOSE","C:\test\Nuovo collegamento.lnk","SUCCESS",""
  224. "09:29:17,0064611","explorer.exe","9544","CreateFile","C:\test\Nuovo collegamento.lnk","SUCCESS","Desired Access: Read Control, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
  225. "09:29:17,0065340","explorer.exe","9544","QuerySecurityFile","C:\test\Nuovo collegamento.lnk","SUCCESS","Information: Owner, Group, DACL"
  226. "09:29:17,0065671","explorer.exe","9544","CloseFile","C:\test\Nuovo collegamento.lnk","SUCCESS",""
  227. "09:29:17,0066056","explorer.exe","9544","IRP_MJ_CLOSE","C:\test\Nuovo collegamento.lnk","SUCCESS",""
  228. "09:29:17,0124002","explorer.exe","9544","CreateFile","C:\test\Nuovo collegamento.lnk","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
  229. "09:29:17,0125228","explorer.exe","9544","ReadFile","C:\test\Nuovo collegamento.lnk","SUCCESS","Offset: 0, Length: 202, Priority: Normal"
  230. "09:29:17,0125684","explorer.exe","9544","CloseFile","C:\test\Nuovo collegamento.lnk","SUCCESS",""
  231. "09:29:17,0126122","explorer.exe","9544","IRP_MJ_CLOSE","C:\test\Nuovo collegamento.lnk","SUCCESS",""
  232. "09:29:17,0182314","System","4","WriteFile","C:\test\Nuovo collegamento.lnk","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O, Priority: Normal"
  233. "09:29:17,0182539","System","4","SetEndOfFileInformationFile","C:\test\Nuovo collegamento.lnk","SUCCESS","EndOfFile: 202"
  234. "09:29:17,0182676","System","4","CreateFileMapping","C:\test\Nuovo collegamento.lnk","SUCCESS","SyncType: SyncTypeOther"
  235. "09:29:17,0182806","System","4","FASTIO_RELEASE_FOR_SECTION_SYNCHRONIZATION","C:\test\Nuovo collegamento.lnk","SUCCESS",""
  236. "09:29:17,0342902","explorer.exe","9544","QueryOpen","C:\test","FAST IO DISALLOWED",""
  237. "09:29:17,0343719","explorer.exe","9544","CreateFile","C:\test","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
  238. "09:29:17,0344181","explorer.exe","9544","QueryBasicInformationFile","C:\test","SUCCESS","CreationTime: 07/08/2011 09:12:47, LastAccessTime: 07/08/2011 09:29:16, LastWriteTime: 07/08/2011 09:29:16, ChangeTime: 07/08/2011 09:29:16, FileAttributes: D"
  239. "09:29:17,0344454","explorer.exe","9544","CloseFile","C:\test","SUCCESS",""
  240. "09:29:17,0344963","explorer.exe","9544","IRP_MJ_CLOSE","C:\test","SUCCESS",""
  241. "09:29:17,0345982","explorer.exe","9544","QueryOpen","C:\test","FAST IO DISALLOWED",""
  242. "09:29:17,0346716","explorer.exe","9544","CreateFile","C:\test","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
  243. "09:29:17,0347101","explorer.exe","9544","QueryBasicInformationFile","C:\test","SUCCESS","CreationTime: 07/08/2011 09:12:47, LastAccessTime: 07/08/2011 09:29:16, LastWriteTime: 07/08/2011 09:29:16, ChangeTime: 07/08/2011 09:29:16, FileAttributes: D"
  244. "09:29:17,0347391","explorer.exe","9544","CloseFile","C:\test","SUCCESS",""
  245. "09:29:17,0347853","explorer.exe","9544","IRP_MJ_CLOSE","C:\test","SUCCESS",""
  246. "09:29:17,0941853","explorer.exe","9544","CreateFile","C:\test\Nuovo collegamento.lnk","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Open Requiring Oplock, Attributes: N, ShareMode: Read, AllocationSize: n/a, OpenResult: Opened"
  247. "09:29:17,0943357","explorer.exe","9544","FileSystemControl","C:\test\Nuovo collegamento.lnk","SUCCESS","Control: FSCTL_REQUEST_FILTER_OPLOCK"
  248. "09:29:17,0947834","explorer.exe","9544","CreateFile","C:\test\Nuovo collegamento.lnk","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
  249. "09:29:17,0948977","explorer.exe","9544","ReadFile","C:\test\Nuovo collegamento.lnk","SUCCESS","Offset: 0, Length: 202, Priority: Normal"
  250. "09:29:17,0949511","explorer.exe","9544","CloseFile","C:\test\Nuovo collegamento.lnk","SUCCESS",""
  251. "09:29:17,0952797","explorer.exe","9544","CreateFile","C:\test","SUCCESS","Desired Access: Read Attributes, Read Control, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
  252. "09:29:17,0953579","explorer.exe","9544","QuerySecurityFile","C:\test","BUFFER OVERFLOW","Information: DACL"
  253. "09:29:17,0953923","explorer.exe","9544","QuerySecurityFile","C:\test","SUCCESS","Information: DACL"
  254. "09:29:17,0954059","explorer.exe","9544","CreateFile","C:\test\Nuovo collegamento.lnk","SUCCESS","Desired Access: Read Attributes, Read Control, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
  255. "09:29:17,0954201","explorer.exe","9544","CloseFile","C:\test","SUCCESS",""
  256. "09:29:17,0954556","explorer.exe","9544","IRP_MJ_CLOSE","C:\test","SUCCESS",""
  257. "09:29:17,0954864","explorer.exe","9544","QuerySecurityFile","C:\test\Nuovo collegamento.lnk","BUFFER OVERFLOW","Information: Owner, DACL"
  258. "09:29:17,0955226","explorer.exe","9544","QuerySecurityFile","C:\test\Nuovo collegamento.lnk","SUCCESS","Information: Owner, DACL"
  259. "09:29:17,0955557","explorer.exe","9544","CloseFile","C:\test\Nuovo collegamento.lnk","SUCCESS",""
  260. "09:29:17,0955972","explorer.exe","9544","IRP_MJ_CLOSE","C:\test\Nuovo collegamento.lnk","SUCCESS",""
  261. "09:29:17,0956979","explorer.exe","9544","QueryOpen","C:\test\Nuovo collegamento.lnk","FAST IO DISALLOWED",""
  262. "09:29:17,0958104","explorer.exe","9544","CreateFile","C:\test\Nuovo collegamento.lnk","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
  263. "09:29:17,0958714","explorer.exe","9544","QueryBasicInformationFile","C:\test\Nuovo collegamento.lnk","SUCCESS","CreationTime: 07/08/2011 09:24:36, LastAccessTime: 07/08/2011 09:29:16, LastWriteTime: 07/08/2011 09:29:16, ChangeTime: 07/08/2011 09:29:16, FileAttributes: HAT"
  264. "09:29:17,0959075","explorer.exe","9544","CloseFile","C:\test\Nuovo collegamento.lnk","SUCCESS",""
  265. "09:29:17,0959703","explorer.exe","9544","IRP_MJ_CLOSE","C:\test\Nuovo collegamento.lnk","SUCCESS",""
  266. "09:29:17,0964844","explorer.exe","9544","CreateFile","C:\test\Nuovo collegamento.lnk","SUCCESS","Desired Access: Read Attributes, Read Control, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
  267. "09:29:17,0965673","explorer.exe","9544","QuerySecurityFile","C:\test\Nuovo collegamento.lnk","BUFFER OVERFLOW","Information: Owner, DACL"
  268. "09:29:17,0966182","explorer.exe","9544","QuerySecurityFile","C:\test\Nuovo collegamento.lnk","SUCCESS","Information: Owner, DACL"
  269. "09:29:17,0966692","explorer.exe","9544","CloseFile","C:\test\Nuovo collegamento.lnk","SUCCESS",""
  270. "09:29:17,0967242","explorer.exe","9544","IRP_MJ_CLOSE","C:\test\Nuovo collegamento.lnk","SUCCESS",""
  271. "09:29:17,0968237","explorer.exe","9544","QueryOpen","C:\test\Nuovo collegamento.lnk","FAST IO DISALLOWED",""
  272. "09:29:17,0969025","explorer.exe","9544","CreateFile","C:\test\Nuovo collegamento.lnk","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
  273. "09:29:17,0969481","explorer.exe","9544","QueryBasicInformationFile","C:\test\Nuovo collegamento.lnk","SUCCESS","CreationTime: 07/08/2011 09:24:36, LastAccessTime: 07/08/2011 09:29:16, LastWriteTime: 07/08/2011 09:29:16, ChangeTime: 07/08/2011 09:29:16, FileAttributes: HAT"
  274. "09:29:17,0969836","explorer.exe","9544","CloseFile","C:\test\Nuovo collegamento.lnk","SUCCESS",""
  275. "09:29:17,0971240","explorer.exe","9544","IRP_MJ_CLOSE","C:\test\Nuovo collegamento.lnk","SUCCESS",""
  276. "09:29:17,0975818","explorer.exe","9544","CreateFile","C:\test\Nuovo collegamento.lnk","SUCCESS","Desired Access: Read Attributes, Read Control, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
  277. "09:29:17,0976618","explorer.exe","9544","QuerySecurityFile","C:\test\Nuovo collegamento.lnk","BUFFER OVERFLOW","Information: Owner, DACL"
  278. "09:29:17,0976967","explorer.exe","9544","QuerySecurityFile","C:\test\Nuovo collegamento.lnk","SUCCESS","Information: Owner, DACL"
  279. "09:29:17,0977299","explorer.exe","9544","CloseFile","C:\test\Nuovo collegamento.lnk","SUCCESS",""
  280. "09:29:17,0977713","explorer.exe","9544","IRP_MJ_CLOSE","C:\test\Nuovo collegamento.lnk","SUCCESS",""
  281. "09:29:17,0981705","explorer.exe","9544","CreateFile","C:\test\Nuovo collegamento.lnk","SUCCESS","Desired Access: Read Attributes, Read Control, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
  282. "09:29:17,0982499","explorer.exe","9544","QuerySecurityFile","C:\test\Nuovo collegamento.lnk","BUFFER OVERFLOW","Information: Owner, DACL"
  283. "09:29:17,0982872","explorer.exe","9544","QuerySecurityFile","C:\test\Nuovo collegamento.lnk","SUCCESS","Information: Owner, DACL"
  284. "09:29:17,0983334","explorer.exe","9544","CloseFile","C:\test\Nuovo collegamento.lnk","SUCCESS",""
  285. "09:29:17,0983855","explorer.exe","9544","IRP_MJ_CLOSE","C:\test\Nuovo collegamento.lnk","SUCCESS",""
  286. "09:29:17,0985235","explorer.exe","9544","QueryOpen","C:\test\Nuovo collegamento.lnk","FAST IO DISALLOWED",""
  287. "09:29:17,0985975","explorer.exe","9544","CreateFile","C:\test\Nuovo collegamento.lnk","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
  288. "09:29:17,0986425","explorer.exe","9544","QueryBasicInformationFile","C:\test\Nuovo collegamento.lnk","SUCCESS","CreationTime: 07/08/2011 09:24:36, LastAccessTime: 07/08/2011 09:29:16, LastWriteTime: 07/08/2011 09:29:16, ChangeTime: 07/08/2011 09:29:16, FileAttributes: HAT"
  289. "09:29:17,0986751","explorer.exe","9544","CloseFile","C:\test\Nuovo collegamento.lnk","SUCCESS",""
  290. "09:29:17,0987278","explorer.exe","9544","IRP_MJ_CLOSE","C:\test\Nuovo collegamento.lnk","SUCCESS",""
  291. "09:29:17,0991199","explorer.exe","9544","CreateFile","C:\test\Nuovo collegamento.lnk","SUCCESS","Desired Access: Read Attributes, Read Control, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
  292. "09:29:17,0992525","explorer.exe","9544","QuerySecurityFile","C:\test\Nuovo collegamento.lnk","BUFFER OVERFLOW","Information: Owner, DACL"
  293. "09:29:17,0992970","explorer.exe","9544","QuerySecurityFile","C:\test\Nuovo collegamento.lnk","SUCCESS","Information: Owner, DACL"
  294. "09:29:17,0993313","explorer.exe","9544","CloseFile","C:\test\Nuovo collegamento.lnk","SUCCESS",""
  295. "09:29:17,0993787","explorer.exe","9544","IRP_MJ_CLOSE","C:\test\Nuovo collegamento.lnk","SUCCESS",""
  296. "09:29:17,0995149","explorer.exe","9544","QueryOpen","C:\test\Nuovo collegamento.lnk","FAST IO DISALLOWED",""
  297. "09:29:17,0996286","explorer.exe","9544","CreateFile","C:\test\Nuovo collegamento.lnk","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
  298. "09:29:17,0996967","explorer.exe","9544","QueryBasicInformationFile","C:\test\Nuovo collegamento.lnk","SUCCESS","CreationTime: 07/08/2011 09:24:36, LastAccessTime: 07/08/2011 09:29:16, LastWriteTime: 07/08/2011 09:29:16, ChangeTime: 07/08/2011 09:29:16, FileAttributes: HAT"
  299. "09:29:17,0997465","explorer.exe","9544","CloseFile","C:\test\Nuovo collegamento.lnk","SUCCESS",""
  300. "09:29:17,0998223","explorer.exe","9544","IRP_MJ_CLOSE","C:\test\Nuovo collegamento.lnk","SUCCESS",""
  301. "09:29:17,1002363","explorer.exe","9544","CreateFile","C:\test\Nuovo collegamento.lnk","SUCCESS","Desired Access: Read Attributes, Read Control, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
  302. "09:29:17,1003180","explorer.exe","9544","QuerySecurityFile","C:\test\Nuovo collegamento.lnk","BUFFER OVERFLOW","Information: Owner, DACL"
  303. "09:29:17,1003535","explorer.exe","9544","QuerySecurityFile","C:\test\Nuovo collegamento.lnk","SUCCESS","Information: Owner, DACL"
  304. "09:29:17,1003873","explorer.exe","9544","CloseFile","C:\test\Nuovo collegamento.lnk","SUCCESS",""
  305. "09:29:17,1004364","explorer.exe","9544","IRP_MJ_CLOSE","C:\test\Nuovo collegamento.lnk","SUCCESS",""
  306. "09:29:17,1010447","explorer.exe","9544","CreateFile","C:\test\Nuovo collegamento.lnk","SUCCESS","Desired Access: Read Attributes, Read Control, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
  307. "09:29:17,1011584","explorer.exe","9544","QuerySecurityFile","C:\test\Nuovo collegamento.lnk","BUFFER OVERFLOW","Information: Owner, DACL"
  308. "09:29:17,1012123","explorer.exe","9544","QuerySecurityFile","C:\test\Nuovo collegamento.lnk","SUCCESS","Information: Owner, DACL"
  309. "09:29:17,1012603","explorer.exe","9544","CloseFile","C:\test\Nuovo collegamento.lnk","SUCCESS",""
  310. "09:29:17,1013201","explorer.exe","9544","IRP_MJ_CLOSE","C:\test\Nuovo collegamento.lnk","SUCCESS",""
  311. "09:29:17,1014628","explorer.exe","9544","QueryOpen","C:\test\Nuovo collegamento.lnk","FAST IO DISALLOWED",""
  312. "09:29:17,1015410","explorer.exe","9544","CreateFile","C:\test\Nuovo collegamento.lnk","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
  313. "09:29:17,1015895","explorer.exe","9544","QueryBasicInformationFile","C:\test\Nuovo collegamento.lnk","SUCCESS","CreationTime: 07/08/2011 09:24:36, LastAccessTime: 07/08/2011 09:29:16, LastWriteTime: 07/08/2011 09:29:16, ChangeTime: 07/08/2011 09:29:16, FileAttributes: HAT"
  314. "09:29:17,1016197","explorer.exe","9544","CloseFile","C:\test\Nuovo collegamento.lnk","SUCCESS",""
  315. "09:29:17,1016719","explorer.exe","9544","IRP_MJ_CLOSE","C:\test\Nuovo collegamento.lnk","SUCCESS",""
  316. "09:29:17,1020710","explorer.exe","9544","CreateFile","C:\test\Nuovo collegamento.lnk","SUCCESS","Desired Access: Read Attributes, Read Control, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
  317. "09:29:17,1021498","explorer.exe","9544","QuerySecurityFile","C:\test\Nuovo collegamento.lnk","BUFFER OVERFLOW","Information: Owner, DACL"
  318. "09:29:17,1022001","explorer.exe","9544","QuerySecurityFile","C:\test\Nuovo collegamento.lnk","SUCCESS","Information: Owner, DACL"
  319. "09:29:17,1022671","explorer.exe","9544","CloseFile","C:\test\Nuovo collegamento.lnk","SUCCESS",""
  320. "09:29:17,1023150","explorer.exe","9544","IRP_MJ_CLOSE","C:\test\Nuovo collegamento.lnk","SUCCESS",""
  321. "09:29:17,1024187","explorer.exe","9544","QueryOpen","C:\test\Nuovo collegamento.lnk","FAST IO DISALLOWED",""
  322. "09:29:17,1024903","explorer.exe","9544","CreateFile","C:\test\Nuovo collegamento.lnk","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
  323. "09:29:17,1025324","explorer.exe","9544","QueryBasicInformationFile","C:\test\Nuovo collegamento.lnk","SUCCESS","CreationTime: 07/08/2011 09:24:36, LastAccessTime: 07/08/2011 09:29:16, LastWriteTime: 07/08/2011 09:29:16, ChangeTime: 07/08/2011 09:29:16, FileAttributes: HAT"
  324. "09:29:17,1025614","explorer.exe","9544","CloseFile","C:\test\Nuovo collegamento.lnk","SUCCESS",""
  325. "09:29:17,1026224","explorer.exe","9544","IRP_MJ_CLOSE","C:\test\Nuovo collegamento.lnk","SUCCESS",""
  326. "09:29:17,1030068","explorer.exe","9544","CreateFile","C:\test\Nuovo collegamento.lnk","SUCCESS","Desired Access: Read Attributes, Read Control, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
  327. "09:29:17,1030879","explorer.exe","9544","QuerySecurityFile","C:\test\Nuovo collegamento.lnk","BUFFER OVERFLOW","Information: Owner, DACL"
  328. "09:29:17,1031235","explorer.exe","9544","QuerySecurityFile","C:\test\Nuovo collegamento.lnk","SUCCESS","Information: Owner, DACL"
  329. "09:29:17,1031548","explorer.exe","9544","CloseFile","C:\test\Nuovo collegamento.lnk","SUCCESS",""
  330. "09:29:17,1031939","explorer.exe","9544","IRP_MJ_CLOSE","C:\test\Nuovo collegamento.lnk","SUCCESS",""
  331. "09:29:17,1032638","explorer.exe","9544","CloseFile","C:\test\Nuovo collegamento.lnk","SUCCESS",""
  332. "09:29:17,1032994","explorer.exe","9544","IRP_MJ_CLOSE","C:\test\Nuovo collegamento.lnk","SUCCESS",""
  333. "09:29:17,2365744","explorer.exe","9544","CreateFile","C:\test\Nuovo collegamento.lnk","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
  334. "09:29:17,2366810","explorer.exe","9544","ReadFile","C:\test\Nuovo collegamento.lnk","SUCCESS","Offset: 0, Length: 202, Priority: Normal"
  335. "09:29:17,2367361","explorer.exe","9544","CloseFile","C:\test\Nuovo collegamento.lnk","SUCCESS",""
  336. "09:29:17,2367680","explorer.exe","9544","IRP_MJ_CLOSE","C:\test\Nuovo collegamento.lnk","SUCCESS",""
  337. "09:29:17,2391163","explorer.exe","9544","CreateFile","C:\test\Nuovo collegamento.lnk","SUCCESS","Desired Access: Read Control, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
  338. "09:29:17,2391886","explorer.exe","9544","QuerySecurityFile","C:\test\Nuovo collegamento.lnk","BUFFER OVERFLOW","Information: Owner, Group, DACL"
  339. "09:29:17,2392146","explorer.exe","9544","CloseFile","C:\test\Nuovo collegamento.lnk","SUCCESS",""
  340. "09:29:17,2392442","explorer.exe","9544","IRP_MJ_CLOSE","C:\test\Nuovo collegamento.lnk","SUCCESS",""
  341. "09:29:17,2393177","explorer.exe","9544","CreateFile","C:\test\Nuovo collegamento.lnk","SUCCESS","Desired Access: Read Control, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
  342. "09:29:17,2393727","explorer.exe","9544","QuerySecurityFile","C:\test\Nuovo collegamento.lnk","SUCCESS","Information: Owner, Group, DACL"
  343. "09:29:17,2393970","explorer.exe","9544","CloseFile","C:\test\Nuovo collegamento.lnk","SUCCESS",""
  344. "09:29:17,2394254","explorer.exe","9544","IRP_MJ_CLOSE","C:\test\Nuovo collegamento.lnk","SUCCESS",""
  345. "09:29:17,2441451","explorer.exe","9544","CreateFile","C:\test\Nuovo collegamento.lnk","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
  346. "09:29:17,2442878","explorer.exe","9544","ReadFile","C:\test\Nuovo collegamento.lnk","SUCCESS","Offset: 0, Length: 202, Priority: Normal"
  347. "09:29:17,2443340","explorer.exe","9544","CloseFile","C:\test\Nuovo collegamento.lnk","SUCCESS",""
  348. "09:29:17,2443796","explorer.exe","9544","IRP_MJ_CLOSE","C:\test\Nuovo collegamento.lnk","SUCCESS",""
  349. "09:29:17,2595387","explorer.exe","9544","QueryOpen","C:\test","FAST IO DISALLOWED",""
  350. "09:29:17,2596157","explorer.exe","9544","CreateFile","C:\test","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
  351. "09:29:17,2596584","explorer.exe","9544","QueryBasicInformationFile","C:\test","SUCCESS","CreationTime: 07/08/2011 09:12:47, LastAccessTime: 07/08/2011 09:29:16, LastWriteTime: 07/08/2011 09:29:16, ChangeTime: 07/08/2011 09:29:16, FileAttributes: D"
  352. "09:29:17,2596862","explorer.exe","9544","CloseFile","C:\test","SUCCESS",""
  353. "09:29:17,2597360","explorer.exe","9544","IRP_MJ_CLOSE","C:\test","SUCCESS",""
  354. "09:29:17,2598272","explorer.exe","9544","QueryOpen","C:\test","FAST IO DISALLOWED",""
  355. "09:29:17,2598970","explorer.exe","9544","CreateFile","C:\test","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
  356. "09:29:17,2599361","explorer.exe","9544","QueryBasicInformationFile","C:\test","SUCCESS","CreationTime: 07/08/2011 09:12:47, LastAccessTime: 07/08/2011 09:29:16, LastWriteTime: 07/08/2011 09:29:16, ChangeTime: 07/08/2011 09:29:16, FileAttributes: D"
  357. "09:29:17,2599634","explorer.exe","9544","CloseFile","C:\test","SUCCESS",""
  358. "09:29:17,2600131","explorer.exe","9544","IRP_MJ_CLOSE","C:\test","SUCCESS",""
  359. "09:29:17,3126105","explorer.exe","9544","CreateFile","C:\test\Nuovo collegamento.lnk","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Open Requiring Oplock, Attributes: N, ShareMode: Read, AllocationSize: n/a, OpenResult: Opened"
  360. "09:29:17,3127580","explorer.exe","9544","FileSystemControl","C:\test\Nuovo collegamento.lnk","SUCCESS","Control: FSCTL_REQUEST_FILTER_OPLOCK"
  361. "09:29:17,3130672","explorer.exe","9544","CreateFile","C:\test\Nuovo collegamento.lnk","CANNOT BREAK OPLOCK","Desired Access: Generic Read, Disposition: Open, Options: Open Requiring Oplock, Attributes: N, ShareMode: Read, AllocationSize: n/a"
  362. "09:29:17,3132099","explorer.exe","9544","CreateFile","C:\test\Nuovo collegamento.lnk","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
  363. "09:29:17,3133242","explorer.exe","9544","ReadFile","C:\test\Nuovo collegamento.lnk","SUCCESS","Offset: 0, Length: 202, Priority: Normal"
  364. "09:29:17,3133686","explorer.exe","9544","CloseFile","C:\test\Nuovo collegamento.lnk","SUCCESS",""
  365. "09:29:17,3134113","explorer.exe","9544","IRP_MJ_CLOSE","C:\test\Nuovo collegamento.lnk","SUCCESS",""
  366. "09:29:17,3134965","explorer.exe","9544","CloseFile","C:\test\Nuovo collegamento.lnk","SUCCESS",""
  367. "09:29:17,3135368","explorer.exe","9544","IRP_MJ_CLOSE","C:\test\Nuovo collegamento.lnk","SUCCESS",""
  368. "09:29:17,3136428","explorer.exe","9544","CreateFile","C:\test\Nuovo collegamento.lnk","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
  369. "09:29:17,3137518","explorer.exe","9544","ReadFile","C:\test\Nuovo collegamento.lnk","SUCCESS","Offset: 0, Length: 202, Priority: Normal"
  370. "09:29:17,3137944","explorer.exe","9544","CloseFile","C:\test\Nuovo collegamento.lnk","SUCCESS",""
  371. "09:29:17,3138371","explorer.exe","9544","IRP_MJ_CLOSE","C:\test\Nuovo collegamento.lnk","SUCCESS",""
  372. "09:29:17,3144702","explorer.exe","9544","CreateFile","C:\test\Nuovo collegamento.lnk","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
  373. "09:29:17,3146058","explorer.exe","9544","CreateFile","C:\test\Nuovo collegamento.lnk","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
  374. "09:29:17,3146094","explorer.exe","9544","ReadFile","C:\test\Nuovo collegamento.lnk","SUCCESS","Offset: 0, Length: 202, Priority: Normal"
  375. "09:29:17,3146538","explorer.exe","9544","CloseFile","C:\test\Nuovo collegamento.lnk","SUCCESS",""
  376. "09:29:17,3147006","explorer.exe","9544","IRP_MJ_CLOSE","C:\test\Nuovo collegamento.lnk","SUCCESS",""
  377. "09:29:17,3147260","explorer.exe","9544","ReadFile","C:\test\Nuovo collegamento.lnk","SUCCESS","Offset: 0, Length: 202, Priority: Normal"
  378. "09:29:17,3147740","explorer.exe","9544","CloseFile","C:\test\Nuovo collegamento.lnk","SUCCESS",""
  379. "09:29:17,3148214","explorer.exe","9544","IRP_MJ_CLOSE","C:\test\Nuovo collegamento.lnk","SUCCESS",""
  380. "09:29:17,3160562","explorer.exe","9544","CreateFile","C:\test\Nuovo collegamento.lnk","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Open Requiring Oplock, Attributes: N, ShareMode: Read, AllocationSize: n/a, OpenResult: Opened"
  381. "09:29:17,3162001","explorer.exe","9544","FileSystemControl","C:\test\Nuovo collegamento.lnk","SUCCESS","Control: FSCTL_REQUEST_FILTER_OPLOCK"
  382. "09:29:17,3166372","explorer.exe","9544","CreateFile","C:\test\Nuovo collegamento.lnk","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
  383. "09:29:17,3167551","explorer.exe","9544","ReadFile","C:\test\Nuovo collegamento.lnk","SUCCESS","Offset: 0, Length: 202, Priority: Normal"
  384. "09:29:17,3168025","explorer.exe","9544","CloseFile","C:\test\Nuovo collegamento.lnk","SUCCESS",""
  385. "09:29:17,3168457","explorer.exe","9544","IRP_MJ_CLOSE","C:\test\Nuovo collegamento.lnk","SUCCESS",""
  386. "09:29:17,3171122","explorer.exe","9544","CloseFile","C:\test\Nuovo collegamento.lnk","SUCCESS",""
  387. "09:29:17,3171572","explorer.exe","9544","IRP_MJ_CLOSE","C:\test\Nuovo collegamento.lnk","SUCCESS",""
  388. "09:29:19,0004244","System","4","CreateFileMapping","C:\test\Nuovo collegamento.lnk","SUCCESS","SyncType: SyncTypeOther"
  389. "09:29:19,0004368","System","4","FASTIO_RELEASE_FOR_SECTION_SYNCHRONIZATION","C:\test\Nuovo collegamento.lnk","SUCCESS",""
  390. "09:29:19,0004498","System","4","IRP_MJ_CLOSE","C:\test\Nuovo collegamento.lnk","SUCCESS",""
  391. "09:29:35,0002135","System","4","WriteFile","C:\test","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O, Priority: Normal"
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!