CSV file for test.exe

1. "Time of Day","Process Name","PID","Operation","Path","Result","Detail"
2. "14:57:55.3495633","Explorer.EXE","2568","CreateFile","C:\Test.exe","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Open Requiring Oplock, Attributes: N, ShareMode: Read, AllocationSize: n/a, OpenResult: Opened"
3. "14:57:55.3498808","Explorer.EXE","2568","FileSystemControl","C:\Test.exe","SUCCESS","Control: FSCTL_REQUEST_FILTER_OPLOCK"
4. "14:57:55.3507711","Explorer.EXE","2568","CreateFile","C:\Test.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
5. "14:57:55.3511547","Explorer.EXE","2568","QueryBasicInformationFile","C:\Test.exe","SUCCESS","CreationTime: 27/09/2012 14:54:32, LastAccessTime: 27/09/2012 14:54:32, LastWriteTime: 20/09/2012 14:43:44, ChangeTime: 27/09/2012 14:54:33, FileAttributes: A"
6. "14:57:55.3512979","Explorer.EXE","2568","CloseFile","C:\Test.exe","SUCCESS",""
7. "14:57:55.3520030","Explorer.EXE","2568","CreateFile","C:\Test.exe","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
8. "14:57:55.3522797","Explorer.EXE","2568","CreateFileMapping","C:\Test.exe","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: "
9. "14:57:55.3528992","Explorer.EXE","2568","CreateFileMapping","C:\Test.exe","SUCCESS","SyncType: SyncTypeOther"
10. "14:57:55.3532249","Explorer.EXE","2568","CloseFile","C:\Test.exe","SUCCESS",""
11. "14:57:55.3544834","Explorer.EXE","2568","CreateFile","C:\Test.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
12. "14:57:55.3547511","Explorer.EXE","2568","QueryBasicInformationFile","C:\Test.exe","SUCCESS","CreationTime: 27/09/2012 14:54:32, LastAccessTime: 27/09/2012 14:54:32, LastWriteTime: 20/09/2012 14:43:44, ChangeTime: 27/09/2012 14:54:33, FileAttributes: A"
13. "14:57:55.3549028","Explorer.EXE","2568","CloseFile","C:\Test.exe","SUCCESS",""
14. "14:57:55.3555414","Explorer.EXE","2568","CreateFile","C:\Test.exe","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
15. "14:57:55.3558163","Explorer.EXE","2568","CreateFileMapping","C:\Test.exe","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: "
16. "14:57:55.3563620","Explorer.EXE","2568","CreateFileMapping","C:\Test.exe","SUCCESS","SyncType: SyncTypeOther"
17. "14:57:55.3566573","Explorer.EXE","2568","CloseFile","C:\Test.exe","SUCCESS",""
18. "14:57:55.3578176","Explorer.EXE","2568","CreateFile","C:\Test.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
19. "14:57:55.3580861","Explorer.EXE","2568","QueryBasicInformationFile","C:\Test.exe","SUCCESS","CreationTime: 27/09/2012 14:54:32, LastAccessTime: 27/09/2012 14:54:32, LastWriteTime: 20/09/2012 14:43:44, ChangeTime: 27/09/2012 14:54:33, FileAttributes: A"
20. "14:57:55.3582215","Explorer.EXE","2568","CloseFile","C:\Test.exe","SUCCESS",""
21. "14:57:55.3588592","Explorer.EXE","2568","CreateFile","C:\Test.exe","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
22. "14:57:55.3591463","Explorer.EXE","2568","CreateFileMapping","C:\Test.exe","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: "
23. "14:57:55.3596739","Explorer.EXE","2568","CreateFileMapping","C:\Test.exe","SUCCESS","SyncType: SyncTypeOther"
24. "14:57:55.3599814","Explorer.EXE","2568","CloseFile","C:\Test.exe","SUCCESS",""
25. "14:57:55.3611177","Explorer.EXE","2568","CreateFile","C:\Test.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
26. "14:57:55.3613804","Explorer.EXE","2568","QueryBasicInformationFile","C:\Test.exe","SUCCESS","CreationTime: 27/09/2012 14:54:32, LastAccessTime: 27/09/2012 14:54:32, LastWriteTime: 20/09/2012 14:43:44, ChangeTime: 27/09/2012 14:54:33, FileAttributes: A"
27. "14:57:55.3615144","Explorer.EXE","2568","CloseFile","C:\Test.exe","SUCCESS",""
28. "14:57:55.3621526","Explorer.EXE","2568","CreateFile","C:\Test.exe","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
29. "14:57:55.3624256","Explorer.EXE","2568","CreateFileMapping","C:\Test.exe","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: "
30. "14:57:55.3629311","Explorer.EXE","2568","CreateFileMapping","C:\Test.exe","SUCCESS","SyncType: SyncTypeOther"
31. "14:57:55.3632182","Explorer.EXE","2568","CloseFile","C:\Test.exe","SUCCESS",""
32. "14:57:55.3651774","Explorer.EXE","2568","CreateFile","C:\Test.exe","SUCCESS","Desired Access: Read Attributes, Read Control, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
33. "14:57:55.3654550","Explorer.EXE","2568","QuerySecurityFile","C:\Test.exe","BUFFER OVERFLOW","Information: Owner, DACL"
34. "14:57:55.3655954","Explorer.EXE","2568","QuerySecurityFile","C:\Test.exe","SUCCESS","Information: Owner, DACL"
35. "14:57:55.3657299","Explorer.EXE","2568","CloseFile","C:\Test.exe","SUCCESS",""
36. "14:57:55.3667552","Explorer.EXE","2568","CreateFile","C:\Test.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
37. "14:57:55.3671836","Explorer.EXE","2568","QueryBasicInformationFile","C:\Test.exe","SUCCESS","CreationTime: 27/09/2012 14:54:32, LastAccessTime: 27/09/2012 14:54:32, LastWriteTime: 20/09/2012 14:43:44, ChangeTime: 27/09/2012 14:54:33, FileAttributes: A"
38. "14:57:55.3673218","Explorer.EXE","2568","CloseFile","C:\Test.exe","SUCCESS",""
39. "14:57:55.3692030","Explorer.EXE","2568","CreateFile","C:\Test.exe","SUCCESS","Desired Access: Read Attributes, Read Control, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
40. "14:57:55.3694834","Explorer.EXE","2568","QuerySecurityFile","C:\Test.exe","BUFFER OVERFLOW","Information: Owner, DACL"
41. "14:57:55.3696867","Explorer.EXE","2568","QuerySecurityFile","C:\Test.exe","SUCCESS","Information: Owner, DACL"
42. "14:57:55.3698307","Explorer.EXE","2568","CloseFile","C:\Test.exe","SUCCESS",""
43. "14:57:55.3710091","Explorer.EXE","2568","CreateFile","C:\Test.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
44. "14:57:55.3712745","Explorer.EXE","2568","QueryBasicInformationFile","C:\Test.exe","SUCCESS","CreationTime: 27/09/2012 14:54:32, LastAccessTime: 27/09/2012 14:54:32, LastWriteTime: 20/09/2012 14:43:44, ChangeTime: 27/09/2012 14:54:33, FileAttributes: A"
45. "14:57:55.3714072","Explorer.EXE","2568","CloseFile","C:\Test.exe","SUCCESS",""
46. "14:57:55.3730580","Explorer.EXE","2568","CreateFile","C:\Test.exe","SUCCESS","Desired Access: Read Attributes, Read Control, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
47. "14:57:55.3733261","Explorer.EXE","2568","QuerySecurityFile","C:\Test.exe","BUFFER OVERFLOW","Information: Owner, DACL"
48. "14:57:55.3734660","Explorer.EXE","2568","QuerySecurityFile","C:\Test.exe","SUCCESS","Information: Owner, DACL"
49. "14:57:55.3736055","Explorer.EXE","2568","CloseFile","C:\Test.exe","SUCCESS",""
50. "14:57:55.3755466","Explorer.EXE","2568","CreateFile","C:\Test.exe","SUCCESS","Desired Access: Read Attributes, Read Control, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
51. "14:57:55.3758228","Explorer.EXE","2568","QuerySecurityFile","C:\Test.exe","BUFFER OVERFLOW","Information: Owner, DACL"
52. "14:57:55.3759637","Explorer.EXE","2568","QuerySecurityFile","C:\Test.exe","SUCCESS","Information: Owner, DACL"
53. "14:57:55.3760982","Explorer.EXE","2568","CloseFile","C:\Test.exe","SUCCESS",""
54. "14:57:55.3771706","Explorer.EXE","2568","CreateFile","C:\Test.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
55. "14:57:55.3774287","Explorer.EXE","2568","QueryBasicInformationFile","C:\Test.exe","SUCCESS","CreationTime: 27/09/2012 14:54:32, LastAccessTime: 27/09/2012 14:54:32, LastWriteTime: 20/09/2012 14:43:44, ChangeTime: 27/09/2012 14:54:33, FileAttributes: A"
56. "14:57:55.3775664","Explorer.EXE","2568","CloseFile","C:\Test.exe","SUCCESS",""
57. "14:57:55.3791882","Explorer.EXE","2568","CreateFile","C:\Test.exe","SUCCESS","Desired Access: Read Attributes, Read Control, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
58. "14:57:55.3794703","Explorer.EXE","2568","QuerySecurityFile","C:\Test.exe","BUFFER OVERFLOW","Information: Owner, DACL"
59. "14:57:55.3796130","Explorer.EXE","2568","QuerySecurityFile","C:\Test.exe","SUCCESS","Information: Owner, DACL"
60. "14:57:55.3797543","Explorer.EXE","2568","CloseFile","C:\Test.exe","SUCCESS",""
61. "14:57:55.3807814","Explorer.EXE","2568","CreateFile","C:\Test.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
62. "14:57:55.3810735","Explorer.EXE","2568","QueryBasicInformationFile","C:\Test.exe","SUCCESS","CreationTime: 27/09/2012 14:54:32, LastAccessTime: 27/09/2012 14:54:32, LastWriteTime: 20/09/2012 14:43:44, ChangeTime: 27/09/2012 14:54:33, FileAttributes: A"
63. "14:57:55.3812262","Explorer.EXE","2568","CloseFile","C:\Test.exe","SUCCESS",""
64. "14:57:55.3828516","Explorer.EXE","2568","CreateFile","C:\Test.exe","SUCCESS","Desired Access: Read Attributes, Read Control, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
65. "14:57:55.3831346","Explorer.EXE","2568","QuerySecurityFile","C:\Test.exe","BUFFER OVERFLOW","Information: Owner, DACL"
66. "14:57:55.3832782","Explorer.EXE","2568","QuerySecurityFile","C:\Test.exe","SUCCESS","Information: Owner, DACL"
67. "14:57:55.3834222","Explorer.EXE","2568","CloseFile","C:\Test.exe","SUCCESS",""
68. "14:57:55.3861073","Explorer.EXE","2568","CreateFile","C:\Test.exe","SUCCESS","Desired Access: Read Attributes, Read Control, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
69. "14:57:55.3863777","Explorer.EXE","2568","QuerySecurityFile","C:\Test.exe","BUFFER OVERFLOW","Information: Owner, DACL"
70. "14:57:55.3865095","Explorer.EXE","2568","QuerySecurityFile","C:\Test.exe","SUCCESS","Information: Owner, DACL"
71. "14:57:55.3866408","Explorer.EXE","2568","CloseFile","C:\Test.exe","SUCCESS",""
72. "14:57:55.3876449","Explorer.EXE","2568","CreateFile","C:\Test.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
73. "14:57:55.3879587","Explorer.EXE","2568","QueryBasicInformationFile","C:\Test.exe","SUCCESS","CreationTime: 27/09/2012 14:54:32, LastAccessTime: 27/09/2012 14:54:32, LastWriteTime: 20/09/2012 14:43:44, ChangeTime: 27/09/2012 14:54:33, FileAttributes: A"
74. "14:57:55.3880860","Explorer.EXE","2568","CloseFile","C:\Test.exe","SUCCESS",""
75. "14:57:55.3896747","Explorer.EXE","2568","CreateFile","C:\Test.exe","SUCCESS","Desired Access: Read Attributes, Read Control, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
76. "14:57:55.3899627","Explorer.EXE","2568","QuerySecurityFile","C:\Test.exe","BUFFER OVERFLOW","Information: Owner, DACL"
77. "14:57:55.3900959","Explorer.EXE","2568","QuerySecurityFile","C:\Test.exe","SUCCESS","Information: Owner, DACL"
78. "14:57:55.3902281","Explorer.EXE","2568","CloseFile","C:\Test.exe","SUCCESS",""
79. "14:57:55.3912602","Explorer.EXE","2568","CreateFile","C:\Test.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
80. "14:57:55.3915148","Explorer.EXE","2568","QueryBasicInformationFile","C:\Test.exe","SUCCESS","CreationTime: 27/09/2012 14:54:32, LastAccessTime: 27/09/2012 14:54:32, LastWriteTime: 20/09/2012 14:43:44, ChangeTime: 27/09/2012 14:54:33, FileAttributes: A"
81. "14:57:55.3916447","Explorer.EXE","2568","CloseFile","C:\Test.exe","SUCCESS",""
82. "14:57:55.3932181","Explorer.EXE","2568","CreateFile","C:\Test.exe","SUCCESS","Desired Access: Read Attributes, Read Control, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
83. "14:57:55.3934898","Explorer.EXE","2568","QuerySecurityFile","C:\Test.exe","BUFFER OVERFLOW","Information: Owner, DACL"
84. "14:57:55.3936238","Explorer.EXE","2568","QuerySecurityFile","C:\Test.exe","SUCCESS","Information: Owner, DACL"
85. "14:57:55.3937588","Explorer.EXE","2568","CloseFile","C:\Test.exe","SUCCESS",""
86. "14:57:55.3942139","Explorer.EXE","2568","CloseFile","C:\Test.exe","SUCCESS",""
87. "14:57:56.3274703","Explorer.EXE","2568","CreateFile","C:\Test.exe","SUCCESS","Desired Access: Read Attributes, Read Control, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, AllocationSize: n/a, OpenResult: Opened"
88. "14:57:56.3278485","Explorer.EXE","2568","QuerySecurityFile","C:\Test.exe","BUFFER OVERFLOW","Information: Label"
89. "14:57:56.3280174","Explorer.EXE","2568","QuerySecurityFile","C:\Test.exe","SUCCESS","Information: Label"
90. "14:57:56.3281596","Explorer.EXE","2568","CloseFile","C:\Test.exe","SUCCESS",""
91. "14:57:56.3291682","Explorer.EXE","2568","CreateFile","C:\Test.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
92. "14:57:56.3294132","Explorer.EXE","2568","QueryBasicInformationFile","C:\Test.exe","SUCCESS","CreationTime: 27/09/2012 14:54:32, LastAccessTime: 27/09/2012 14:54:32, LastWriteTime: 20/09/2012 14:43:44, ChangeTime: 27/09/2012 14:54:33, FileAttributes: A"
93. "14:57:56.3295350","Explorer.EXE","2568","CloseFile","C:\Test.exe","SUCCESS",""
94. "14:57:56.3305988","Explorer.EXE","2568","CreateFile","C:\Test.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
95. "14:57:56.3308497","Explorer.EXE","2568","QueryBasicInformationFile","C:\Test.exe","SUCCESS","CreationTime: 27/09/2012 14:54:32, LastAccessTime: 27/09/2012 14:54:32, LastWriteTime: 20/09/2012 14:43:44, ChangeTime: 27/09/2012 14:54:33, FileAttributes: A"
96. "14:57:56.3309765","Explorer.EXE","2568","CloseFile","C:\Test.exe","SUCCESS",""
97. "14:57:56.3479003","Explorer.EXE","2568","CreateFile","C:\Test.exe","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
98. "14:57:56.3481689","Explorer.EXE","2568","CreateFileMapping","C:\Test.exe","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: "
99. "14:57:56.3520985","Explorer.EXE","2568","CreateFileMapping","C:\Test.exe","SUCCESS","SyncType: SyncTypeOther"
100. "14:57:56.3525727","Explorer.EXE","2568","QuerySecurityFile","C:\Test.exe","SUCCESS","Information: Label"
101. "14:57:56.3531338","Explorer.EXE","2568","QueryNameInformationFile","C:\Test.exe","SUCCESS","Name: \Test.exe"
102. "14:57:56.3825762","vsmon.exe","1268","CreateFile","C:\Test.exe","SUCCESS","Desired Access: None, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Foo\Bar, OpenResult: Opened"
103. "14:57:56.3828212","vsmon.exe","1268","CloseFile","C:\Test.exe","SUCCESS",""
104. "14:57:56.3888369","vsmon.exe","1268","CreateFile","C:\Test.exe","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Random Access, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Foo\Bar, OpenResult: Opened"
105. "14:57:56.3892259","vsmon.exe","1268","QueryInformationVolume","C:\Test.exe","SUCCESS","VolumeCreationTime: 11/09/2012 06:59:15, VolumeSerialNumber: C4A4-4F6C, SupportsObjects: True, VolumeLabel: "
106. "14:57:56.3893192","vsmon.exe","1268","QueryAllInformationFile","C:\Test.exe","BUFFER OVERFLOW","CreationTime: 27/09/2012 14:54:32, LastAccessTime: 27/09/2012 14:54:32, LastWriteTime: 20/09/2012 14:43:44, ChangeTime: 27/09/2012 14:54:33, FileAttributes: A, AllocationSize: 8,192, EndOfFile: 5,120, NumberOfLinks: 1, DeletePending: False, Directory: False, IndexNumber: 0x1600000000fc36, EaSize: 0, Access: Generic Read, Position: 0, Mode: Synchronous IO Non-Alert, AlignmentRequirement: Word"
107. "14:57:56.3902716","vsmon.exe","1268","CloseFile","C:\Test.exe","SUCCESS",""
108. "14:57:56.3911905","vsmon.exe","1268","CreateFile","C:\Test.exe","SUCCESS","Desired Access: None, Disposition: Open, Options: Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Foo\Bar, OpenResult: Opened"
109. "14:57:56.3915786","vsmon.exe","1268","CreateFileMapping","C:\Test.exe","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: "
110. "14:57:56.3916955","vsmon.exe","1268","QueryStandardInformationFile","C:\Test.exe","SUCCESS","AllocationSize: 8,192, EndOfFile: 5,120, NumberOfLinks: 1, DeletePending: False, Directory: False"
111. "14:57:56.3919138","vsmon.exe","1268","CreateFileMapping","C:\Test.exe","SUCCESS","SyncType: SyncTypeOther"
112. "14:57:56.3922860","vsmon.exe","1268","CreateFileMapping","C:\Test.exe","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: "
113. "14:57:56.3924002","vsmon.exe","1268","QueryStandardInformationFile","C:\Test.exe","SUCCESS","AllocationSize: 8,192, EndOfFile: 5,120, NumberOfLinks: 1, DeletePending: False, Directory: False"
114. "14:57:56.3926216","vsmon.exe","1268","CreateFileMapping","C:\Test.exe","SUCCESS","SyncType: SyncTypeOther"
115. "14:57:56.4006372","vsmon.exe","1268","CreateFile","C:\Test.exe","SUCCESS","Desired Access: None, Disposition: Open, Options: Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Foo\Bar, OpenResult: Opened"
116. "14:57:56.4014709","vsmon.exe","1268","CreateFile","C:\Test.exe","SUCCESS","Desired Access: None, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Foo\Bar, OpenResult: Opened"
117. "14:57:56.4042177","vsmon.exe","1268","CloseFile","C:\Test.exe","SUCCESS",""
118. "14:57:56.4055424","vsmon.exe","1268","CloseFile","C:\Test.exe","SUCCESS",""
119. "14:57:56.4066619","vsmon.exe","1268","CreateFile","C:\Test.exe","SUCCESS","Desired Access: None, Disposition: Open, Options: Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Foo\Bar, OpenResult: Opened"
120. "14:57:56.4074522","vsmon.exe","1268","CreateFile","C:\Test.exe","SUCCESS","Desired Access: None, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Foo\Bar, OpenResult: Opened"
121. "14:57:56.4076745","vsmon.exe","1268","CloseFile","C:\Test.exe","SUCCESS",""
122. "14:57:56.4090160","vsmon.exe","1268","CreateFile","C:\Test.exe","SUCCESS","Desired Access: None, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Foo\Bar, OpenResult: Opened"
123. "14:57:56.4092288","vsmon.exe","1268","CloseFile","C:\Test.exe","SUCCESS",""
124. "14:57:56.4126635","vsmon.exe","1268","CloseFile","C:\Test.exe","SUCCESS",""
125. "14:57:56.4130172","vsmon.exe","1268","CloseFile","C:\Test.exe","SUCCESS",""
126. "14:57:56.4142613","vsmon.exe","1268","CreateFile","C:\Test.exe","SUCCESS","Desired Access: None, Disposition: Open, Options: Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
127. "14:57:56.4159818","vsmon.exe","1268","CreateFile","C:\Test.exe","SUCCESS","Desired Access: None, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
128. "14:57:56.4162150","vsmon.exe","1268","CloseFile","C:\Test.exe","SUCCESS",""
129. "14:57:56.4173540","vsmon.exe","1268","CloseFile","C:\Test.exe","SUCCESS",""
130. "14:57:56.4184224","vsmon.exe","1268","CreateFile","C:\Test.exe","SUCCESS","Desired Access: None, Disposition: Open, Options: Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
131. "14:57:56.4191569","vsmon.exe","1268","CreateFile","C:\Test.exe","SUCCESS","Desired Access: None, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
132. "14:57:56.4193779","vsmon.exe","1268","CloseFile","C:\Test.exe","SUCCESS",""
133. "14:57:56.4204422","vsmon.exe","1268","CloseFile","C:\Test.exe","SUCCESS",""
134. "14:57:56.4211854","vsmon.exe","1268","CreateFile","C:\Test.exe","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, AllocationSize: n/a, OpenResult: Opened"
135. "14:57:56.4214204","vsmon.exe","1268","QueryStandardInformationFile","C:\Test.exe","SUCCESS","AllocationSize: 8,192, EndOfFile: 5,120, NumberOfLinks: 1, DeletePending: False, Directory: False"
136. "14:57:56.4215196","vsmon.exe","1268","CloseFile","C:\Test.exe","SUCCESS",""
137. "14:57:56.4248682","vsmon.exe","1268","CreateFile","C:\Test.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
138. "14:57:56.4251902","vsmon.exe","1268","QueryNetworkOpenInformationFile","C:\Test.exe","SUCCESS","CreationTime: 27/09/2012 14:54:32, LastAccessTime: 27/09/2012 14:54:32, LastWriteTime: 20/09/2012 14:43:44, ChangeTime: 27/09/2012 14:54:33, AllocationSize: 01/01/1601 01:00:00, EndOfFile: 01/01/1601 01:00:00, FileAttributes: A"
139. "14:57:56.4252926","vsmon.exe","1268","CloseFile","C:\Test.exe","SUCCESS",""
140. "14:57:56.4263673","vsmon.exe","1268","CreateFile","C:\Test.exe","SUCCESS","Desired Access: None, Disposition: Open, Options: Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
141. "14:57:56.4300818","vsmon.exe","1268","CreateFile","C:\Test.exe","SUCCESS","Desired Access: None, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
142. "14:57:56.4303422","vsmon.exe","1268","CloseFile","C:\Test.exe","SUCCESS",""
143. "14:57:56.4315134","vsmon.exe","1268","CloseFile","C:\Test.exe","SUCCESS",""
144. "14:57:56.4424510","vsmon.exe","1268","CreateFile","C:\Test.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
145. "14:57:56.4426760","vsmon.exe","1268","QueryBasicInformationFile","C:\Test.exe","SUCCESS","CreationTime: 27/09/2012 14:54:32, LastAccessTime: 27/09/2012 14:54:32, LastWriteTime: 20/09/2012 14:43:44, ChangeTime: 27/09/2012 14:54:33, FileAttributes: A"
146. "14:57:56.4427698","vsmon.exe","1268","CloseFile","C:\Test.exe","SUCCESS",""
147. "14:57:56.4702842","vsmon.exe","1268","CreateFile","C:\Test.exe","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open For Backup, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
148. "14:57:56.4705243","vsmon.exe","1268","QueryStandardInformationFile","C:\Test.exe","SUCCESS","AllocationSize: 8,192, EndOfFile: 5,120, NumberOfLinks: 1, DeletePending: False, Directory: False"
149. "14:57:56.4706262","vsmon.exe","1268","CloseFile","C:\Test.exe","SUCCESS",""
150. "14:57:56.4714744","vsmon.exe","1268","CreateFile","C:\Test.exe","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, AllocationSize: n/a, OpenResult: Opened"
151. "14:57:56.4717031","vsmon.exe","1268","ReadFile","C:\Test.exe","SUCCESS","Offset: 0, Length: 64, Priority: Normal"
152. "14:57:56.4719192","vsmon.exe","1268","ReadFile","C:\Test.exe","SUCCESS","Offset: 128, Length: 4, Priority: Normal"
153. "14:57:56.4720229","vsmon.exe","1268","CloseFile","C:\Test.exe","SUCCESS",""
154. "14:57:56.4735572","vsmon.exe","1268","CreateFile","C:\Test.exe","SUCCESS","Desired Access: None, Disposition: Open, Options: Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
155. "14:57:56.4745083","vsmon.exe","1268","CreateFile","C:\Test.exe","SUCCESS","Desired Access: None, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
156. "14:57:56.4747293","vsmon.exe","1268","CloseFile","C:\Test.exe","SUCCESS",""
157. "14:57:56.4762057","vsmon.exe","1268","CreateFile","C:\Test.exe","SUCCESS","Desired Access: None, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
158. "14:57:56.4764167","vsmon.exe","1268","CloseFile","C:\Test.exe","SUCCESS",""
159. "14:57:56.4775621","vsmon.exe","1268","CloseFile","C:\Test.exe","SUCCESS",""
160. "14:57:56.4796734","vsmon.exe","1268","CreateFile","C:\Test.exe","SUCCESS","Desired Access: None, Disposition: Open, Options: Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
161. "14:57:56.4868833","vsmon.exe","1268","CreateFile","C:\Test.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
162. "14:57:56.4871179","vsmon.exe","1268","QueryBasicInformationFile","C:\Test.exe","SUCCESS","CreationTime: 27/09/2012 14:54:32, LastAccessTime: 27/09/2012 14:54:32, LastWriteTime: 20/09/2012 14:43:44, ChangeTime: 27/09/2012 14:54:33, FileAttributes: A"
163. "14:57:56.4872112","vsmon.exe","1268","CloseFile","C:\Test.exe","SUCCESS",""
164. "14:57:56.4876867","vsmon.exe","1268","QueryDirectory","C:\Test.exe","SUCCESS","Filter: Test.exe, 1: Test.exe"
165. "14:57:56.4884204","vsmon.exe","1268","CreateFile","C:\Test.exe","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, AllocationSize: n/a, OpenResult: Opened"
166. "14:57:56.4886509","vsmon.exe","1268","CloseFile","C:\Test.exe","SUCCESS",""
167. "14:57:56.4891826","vsmon.exe","1268","CreateFile","C:\Test.exe","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, AllocationSize: n/a, OpenResult: Opened"
168. "14:57:56.4895571","vsmon.exe","1268","ReadFile","C:\Test.exe","SUCCESS","Offset: 0, Length: 5,120, Priority: Normal"
169. "14:57:56.4897786","vsmon.exe","1268","CloseFile","C:\Test.exe","SUCCESS",""
170. "14:57:56.4903180","vsmon.exe","1268","CreateFile","C:\Test.exe","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Sequential Access, Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, AllocationSize: n/a, OpenResult: Opened"
171. "14:57:56.4905453","vsmon.exe","1268","CreateFileMapping","C:\Test.exe","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: "
172. "14:57:56.4906327","vsmon.exe","1268","QueryStandardInformationFile","C:\Test.exe","SUCCESS","AllocationSize: 8,192, EndOfFile: 5,120, NumberOfLinks: 1, DeletePending: False, Directory: False"
173. "14:57:56.4907949","vsmon.exe","1268","CreateFileMapping","C:\Test.exe","SUCCESS","SyncType: SyncTypeOther"
174. "14:57:56.4909497","vsmon.exe","1268","QueryStandardInformationFile","C:\Test.exe","SUCCESS","AllocationSize: 8,192, EndOfFile: 5,120, NumberOfLinks: 1, DeletePending: False, Directory: False"
175. "14:57:56.4911146","vsmon.exe","1268","ReadFile","C:\Test.exe","SUCCESS","Offset: 0, Length: 5,120, Priority: Normal"
176. "14:57:56.4913184","vsmon.exe","1268","CloseFile","C:\Test.exe","SUCCESS",""
177. "14:57:56.4918609","vsmon.exe","1268","CreateFile","C:\Test.exe","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
178. "14:57:56.4987588","vsmon.exe","1268","QueryStandardInformationFile","C:\Test.exe","SUCCESS","AllocationSize: 8,192, EndOfFile: 5,120, NumberOfLinks: 1, DeletePending: False, Directory: False"
179. "14:57:56.4988924","vsmon.exe","1268","CreateFileMapping","C:\Test.exe","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: "
180. "14:57:56.4995745","vsmon.exe","1268","CreateFile","C:\Test.exe","SUCCESS","Desired Access: None, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
181. "14:57:56.4997850","vsmon.exe","1268","CloseFile","C:\Test.exe","SUCCESS",""
182. "14:57:56.4998919","vsmon.exe","1268","QueryStandardInformationFile","C:\Test.exe","SUCCESS","AllocationSize: 8,192, EndOfFile: 5,120, NumberOfLinks: 1, DeletePending: False, Directory: False"
183. "14:57:56.5000622","vsmon.exe","1268","CreateFileMapping","C:\Test.exe","SUCCESS","SyncType: SyncTypeOther"
184. "14:57:56.5015490","vsmon.exe","1268","CreateFile","C:\Test.exe","SUCCESS","Desired Access: None, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
185. "14:57:56.5017519","vsmon.exe","1268","CloseFile","C:\Test.exe","SUCCESS",""
186. "14:57:56.5020245","vsmon.exe","1268","CloseFile","C:\Test.exe","SUCCESS",""
187. "14:57:56.5033492","vsmon.exe","1268","CloseFile","C:\Test.exe","SUCCESS",""
188. "14:57:56.5151754","vsmon.exe","1268","CreateFile","C:\Test.exe","SUCCESS","Desired Access: None, Disposition: Open, Options: Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
189. "14:57:56.5159865","vsmon.exe","1268","CreateFile","C:\Test.exe","SUCCESS","Desired Access: None, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
190. "14:57:56.5161980","vsmon.exe","1268","CloseFile","C:\Test.exe","SUCCESS",""
191. "14:57:56.5173275","vsmon.exe","1268","CloseFile","C:\Test.exe","SUCCESS",""
192. "14:57:56.5213319","vsmon.exe","1268","CreateFile","C:\Test.exe","SUCCESS","Desired Access: None, Disposition: Open, Options: Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
193. "14:57:56.5225999","vsmon.exe","1268","CreateFile","C:\Test.exe","SUCCESS","Desired Access: None, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
194. "14:57:56.5229278","vsmon.exe","1268","CloseFile","C:\Test.exe","SUCCESS",""
195. "14:57:56.5246782","vsmon.exe","1268","CloseFile","C:\Test.exe","SUCCESS",""
196. "14:57:56.5247131","Explorer.EXE","2568","Process Create","C:\Test.exe","SUCCESS","PID: 11888, Command line: ""C:\Test.exe"" "
197. "14:57:56.5255450","vsmon.exe","1268","CreateFile","C:\Test.exe","SUCCESS","Desired Access: None, Disposition: Open, Options: Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
198. "14:57:56.5264137","vsmon.exe","1268","CreateFile","C:\Test.exe","SUCCESS","Desired Access: None, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
199. "14:57:56.5266360","vsmon.exe","1268","CloseFile","C:\Test.exe","SUCCESS",""
200. "14:57:56.5278144","vsmon.exe","1268","CloseFile","C:\Test.exe","SUCCESS",""
201. "14:57:56.5286853","vsmon.exe","1268","CreateFile","C:\Test.exe","SUCCESS","Desired Access: None, Disposition: Open, Options: Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
202. "14:57:56.5296409","vsmon.exe","1268","CreateFile","C:\Test.exe","SUCCESS","Desired Access: None, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
203. "14:57:56.5298664","vsmon.exe","1268","CloseFile","C:\Test.exe","SUCCESS",""
204. "14:57:56.5310987","Explorer.EXE","2568","QuerySecurityFile","C:\Test.exe","SUCCESS","Information: Owner, Group, DACL, SACL, Label"
205. "14:57:56.5312491","Explorer.EXE","2568","QueryBasicInformationFile","C:\Test.exe","SUCCESS","CreationTime: 27/09/2012 14:54:32, LastAccessTime: 27/09/2012 14:54:32, LastWriteTime: 20/09/2012 14:43:44, ChangeTime: 27/09/2012 14:54:33, FileAttributes: A"
206. "14:57:56.5323423","vsmon.exe","1268","CloseFile","C:\Test.exe","SUCCESS",""
207. "14:57:56.5383861","csrss.exe","532","QuerySecurityFile","C:\Test.exe","SUCCESS","Information: Owner, Group, DACL, SACL, Label"
208. "14:57:56.5385133","csrss.exe","532","QueryBasicInformationFile","C:\Test.exe","SUCCESS","CreationTime: 27/09/2012 14:54:32, LastAccessTime: 27/09/2012 14:54:32, LastWriteTime: 20/09/2012 14:43:44, ChangeTime: 27/09/2012 14:54:33, FileAttributes: A"
209. "14:57:56.5392316","csrss.exe","532","QueryBasicInformationFile","C:\Test.exe","SUCCESS","CreationTime: 27/09/2012 14:54:32, LastAccessTime: 27/09/2012 14:54:32, LastWriteTime: 20/09/2012 14:43:44, ChangeTime: 27/09/2012 14:54:33, FileAttributes: A"
210. "14:57:56.5397665","Explorer.EXE","2568","CloseFile","C:\Test.exe","SUCCESS",""
211. "14:57:56.5473278","Explorer.EXE","2568","CreateFile","C:\Test.exe","SUCCESS","Desired Access: Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
212. "14:57:56.5476421","Explorer.EXE","2568","CreateFileMapping","C:\Test.exe","SUCCESS","SyncType: SyncTypeOther"
213. "14:57:56.5480017","Explorer.EXE","2568","CreateFileMapping","C:\Test.exe","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: "
214. "14:57:56.5495437","Explorer.EXE","2568","CreateFileMapping","C:\Test.exe","SUCCESS","SyncType: SyncTypeOther"
215. "14:57:56.5497566","Explorer.EXE","2568","CloseFile","C:\Test.exe","SUCCESS",""
216. "14:57:56.5536745","Explorer.EXE","2568","QueryDirectory","C:\Test.exe","SUCCESS","Filter: Test.exe, 1: Test.exe"
217. "14:57:56.5548130","Explorer.EXE","2568","CreateFile","C:\Test.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
218. "14:57:56.5550725","Explorer.EXE","2568","QueryBasicInformationFile","C:\Test.exe","SUCCESS","CreationTime: 27/09/2012 14:54:32, LastAccessTime: 27/09/2012 14:54:32, LastWriteTime: 20/09/2012 14:43:44, ChangeTime: 27/09/2012 14:54:33, FileAttributes: A"
219. "14:57:56.5551867","Explorer.EXE","2568","CloseFile","C:\Test.exe","SUCCESS",""
220. "14:57:56.5557401","Explorer.EXE","2568","QueryDirectory","C:\Test.exe","SUCCESS","Filter: Test.exe, 1: Test.exe"
221. "14:57:56.5597807","Explorer.EXE","2568","CreateFile","C:\Test.exe","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, AllocationSize: n/a, OpenResult: Opened"
222. "14:57:56.5600515","Explorer.EXE","2568","QueryStandardInformationFile","C:\Test.exe","SUCCESS","AllocationSize: 8,192, EndOfFile: 5,120, NumberOfLinks: 1, DeletePending: False, Directory: False"
223. "14:57:56.5601756","Explorer.EXE","2568","CreateFileMapping","C:\Test.exe","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: "
224. "14:57:56.5606335","Explorer.EXE","2568","CreateFileMapping","C:\Test.exe","SUCCESS","SyncType: SyncTypeOther"
225. "14:57:56.5612236","Explorer.EXE","2568","CreateFile","C:\Test.exe","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, AllocationSize: n/a, OpenResult: Opened"
226. "14:57:56.5614944","Explorer.EXE","2568","QueryStandardInformationFile","C:\Test.exe","SUCCESS","AllocationSize: 8,192, EndOfFile: 5,120, NumberOfLinks: 1, DeletePending: False, Directory: False"
227. "14:57:56.5616090","Explorer.EXE","2568","QueryStandardInformationFile","C:\Test.exe","SUCCESS","AllocationSize: 8,192, EndOfFile: 5,120, NumberOfLinks: 1, DeletePending: False, Directory: False"
228. "14:57:56.5617290","Explorer.EXE","2568","ReadFile","C:\Test.exe","SUCCESS","Offset: 4,068, Length: 1,024, Priority: Normal"
229. "14:57:56.5619152","Explorer.EXE","2568","CloseFile","C:\Test.exe","SUCCESS",""
230. "14:57:56.5622675","Explorer.EXE","2568","CloseFile","C:\Test.exe","SUCCESS",""
231. "14:57:56.5636307","Explorer.EXE","2568","CreateFile","C:\Test.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
232. "14:57:56.5638897","Explorer.EXE","2568","QueryBasicInformationFile","C:\Test.exe","SUCCESS","CreationTime: 27/09/2012 14:54:32, LastAccessTime: 27/09/2012 14:54:32, LastWriteTime: 20/09/2012 14:43:44, ChangeTime: 27/09/2012 14:54:33, FileAttributes: A"
233. "14:57:56.5640152","Explorer.EXE","2568","CloseFile","C:\Test.exe","SUCCESS",""
234. "14:57:56.5646823","Explorer.EXE","2568","CreateFile","C:\Test.exe","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
235. "14:57:56.5649703","Explorer.EXE","2568","CreateFileMapping","C:\Test.exe","SUCCESS","SyncType: SyncTypeOther"
236. "14:57:56.5653960","Explorer.EXE","2568","CreateFileMapping","C:\Test.exe","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: "
237. "14:57:56.5658444","Explorer.EXE","2568","CreateFileMapping","C:\Test.exe","SUCCESS","SyncType: SyncTypeOther"
238. "14:57:56.5663720","Explorer.EXE","2568","CloseFile","C:\Test.exe","SUCCESS",""
239. "14:57:56.5675214","Explorer.EXE","2568","CreateFile","C:\Test.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
240. "14:57:56.5677927","Explorer.EXE","2568","QueryBasicInformationFile","C:\Test.exe","SUCCESS","CreationTime: 27/09/2012 14:54:32, LastAccessTime: 27/09/2012 14:54:32, LastWriteTime: 20/09/2012 14:43:44, ChangeTime: 27/09/2012 14:54:33, FileAttributes: A"
241. "14:57:56.5679199","Explorer.EXE","2568","CloseFile","C:\Test.exe","SUCCESS",""
242. "14:57:56.5685571","Explorer.EXE","2568","CreateFile","C:\Test.exe","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
243. "14:57:56.5688225","Explorer.EXE","2568","CreateFileMapping","C:\Test.exe","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: "
244. "14:57:56.5693216","Explorer.EXE","2568","CreateFileMapping","C:\Test.exe","SUCCESS","SyncType: SyncTypeOther"
245. "14:57:56.5695879","Explorer.EXE","2568","CloseFile","C:\Test.exe","SUCCESS",""
246. "14:57:56.5803493","svchost.exe","952","CreateFile","C:\Test.exe","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, Delete, AllocationSize: n/a, Impersonating: Foo\Bar, OpenResult: Opened"
247. "14:57:56.5806618","svchost.exe","952","QuerySecurityFile","C:\Test.exe","SUCCESS","Information: Owner, Group, DACL, SACL, Label"
248. "14:57:56.5807931","svchost.exe","952","QueryBasicInformationFile","C:\Test.exe","SUCCESS","CreationTime: 27/09/2012 14:54:32, LastAccessTime: 27/09/2012 14:54:32, LastWriteTime: 20/09/2012 14:43:44, ChangeTime: 27/09/2012 14:54:33, FileAttributes: A"
249. "14:57:56.5846689","svchost.exe","952","CreateFile","C:\Test.exe","SUCCESS","Desired Access: Generic Read/Execute, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, Impersonating: Foo\Bar, OpenResult: Opened"
250. "14:57:56.5850113","svchost.exe","952","CreateFileMapping","C:\Test.exe","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: "
251. "14:57:56.5854465","svchost.exe","952","CreateFileMapping","C:\Test.exe","SUCCESS","SyncType: SyncTypeOther"
252. "14:57:56.5880316","svchost.exe","952","QueryBasicInformationFile","C:\Test.exe","SUCCESS","CreationTime: 27/09/2012 14:54:32, LastAccessTime: 27/09/2012 14:54:32, LastWriteTime: 20/09/2012 14:43:44, ChangeTime: 27/09/2012 14:54:33, FileAttributes: A"
253. "14:57:56.5887933","svchost.exe","952","CloseFile","C:\Test.exe","SUCCESS",""
254. "14:57:56.5901732","svchost.exe","952","CreateFile","C:\Test.exe","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, Delete, AllocationSize: n/a, Impersonating: Foo\Bar, OpenResult: Opened"
255. "14:57:56.5912271","svchost.exe","952","CreateFile","C:\Test.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Foo\Bar, OpenResult: Opened"
256. "14:57:56.5914789","svchost.exe","952","QueryBasicInformationFile","C:\Test.exe","SUCCESS","CreationTime: 27/09/2012 14:54:32, LastAccessTime: 27/09/2012 14:54:32, LastWriteTime: 20/09/2012 14:43:44, ChangeTime: 27/09/2012 14:54:33, FileAttributes: A"
257. "14:57:56.5916003","svchost.exe","952","CloseFile","C:\Test.exe","SUCCESS",""
258. "14:57:56.5922538","svchost.exe","952","CreateFile","C:\Test.exe","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, Impersonating: Foo\Bar, OpenResult: Opened"
259. "14:57:56.5925192","svchost.exe","952","CreateFileMapping","C:\Test.exe","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: "
260. "14:57:56.5929567","svchost.exe","952","CreateFileMapping","C:\Test.exe","SUCCESS","SyncType: SyncTypeOther"
261. "14:57:56.5932066","svchost.exe","952","CloseFile","C:\Test.exe","SUCCESS",""
262. "14:57:56.5937447","svchost.exe","952","QueryStandardInformationFile","C:\Test.exe","SUCCESS","AllocationSize: 8,192, EndOfFile: 5,120, NumberOfLinks: 1, DeletePending: False, Directory: False"
263. "14:57:56.5939027","svchost.exe","952","CloseFile","C:\Test.exe","SUCCESS",""
264. "14:57:56.5941962","svchost.exe","952","CloseFile","C:\Test.exe","SUCCESS",""
265. "14:57:56.6005456","svchost.exe","952","CreateFile","C:\Test.exe","SUCCESS","Desired Access: Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
266. "14:57:56.6008006","svchost.exe","952","CreateFileMapping","C:\Test.exe","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: "
267. "14:57:56.6019274","vsmon.exe","1268","CreateFile","C:\Test.exe","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, AllocationSize: n/a, OpenResult: Opened"
268. "14:57:56.6052850","vsmon.exe","1268","CreateFile","C:\Test.exe","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
269. "14:57:56.6055210","vsmon.exe","1268","QueryStandardInformationFile","C:\Test.exe","SUCCESS","AllocationSize: 8,192, EndOfFile: 5,120, NumberOfLinks: 1, DeletePending: False, Directory: False"
270. "14:57:56.6056215","vsmon.exe","1268","CreateFileMapping","C:\Test.exe","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: "
271. "14:57:56.6059897","vsmon.exe","1268","CreateFileMapping","C:\Test.exe","SUCCESS","SyncType: SyncTypeOther"
272. "14:57:56.6062261","vsmon.exe","1268","Load Image","C:\Test.exe","SUCCESS","Image Base: 0x2c70000, Image Size: 0x2000"
273. "14:57:56.6063371","vsmon.exe","1268","CloseFile","C:\Test.exe","SUCCESS",""
274. "14:57:56.6070160","vsmon.exe","1268","CreateFile","C:\Test.exe","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, AllocationSize: n/a, OpenResult: Opened"
275. "14:57:56.6072365","vsmon.exe","1268","CloseFile","C:\Test.exe","SUCCESS",""
276. "14:57:56.6081142","vsmon.exe","1268","CreateFile","C:\Test.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
277. "14:57:56.6083098","vsmon.exe","1268","QueryBasicInformationFile","C:\Test.exe","SUCCESS","CreationTime: 27/09/2012 14:54:32, LastAccessTime: 27/09/2012 14:54:32, LastWriteTime: 20/09/2012 14:43:44, ChangeTime: 27/09/2012 14:54:33, FileAttributes: A"
278. "14:57:56.6084000","vsmon.exe","1268","CloseFile","C:\Test.exe","SUCCESS",""
279. "14:57:56.6088574","vsmon.exe","1268","QueryDirectory","C:\Test.exe","SUCCESS","Filter: Test.exe, 1: Test.exe"
280. "14:57:56.6099570","vsmon.exe","1268","CreateFile","C:\Test.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
281. "14:57:56.6101585","vsmon.exe","1268","QueryBasicInformationFile","C:\Test.exe","SUCCESS","CreationTime: 27/09/2012 14:54:32, LastAccessTime: 27/09/2012 14:54:32, LastWriteTime: 20/09/2012 14:43:44, ChangeTime: 27/09/2012 14:54:33, FileAttributes: A"
282. "14:57:56.6102504","vsmon.exe","1268","CloseFile","C:\Test.exe","SUCCESS",""
283. "14:57:56.6108315","vsmon.exe","1268","CreateFile","C:\Test.exe","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
284. "14:57:56.6110516","vsmon.exe","1268","CreateFileMapping","C:\Test.exe","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: "
285. "14:57:56.6113795","vsmon.exe","1268","CreateFileMapping","C:\Test.exe","SUCCESS","SyncType: SyncTypeOther"
286. "14:57:56.6115810","vsmon.exe","1268","Load Image","C:\Test.exe","SUCCESS","Image Base: 0x2c70000, Image Size: 0x8000"
287. "14:57:56.6116752","vsmon.exe","1268","CloseFile","C:\Test.exe","SUCCESS",""
288. "14:57:56.6126793","vsmon.exe","1268","CreateFile","C:\Test.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
289. "14:57:56.6129528","vsmon.exe","1268","QueryBasicInformationFile","C:\Test.exe","SUCCESS","CreationTime: 27/09/2012 14:54:32, LastAccessTime: 27/09/2012 14:54:32, LastWriteTime: 20/09/2012 14:43:44, ChangeTime: 27/09/2012 14:54:33, FileAttributes: A"
290. "14:57:56.6130452","vsmon.exe","1268","CloseFile","C:\Test.exe","SUCCESS",""
291. "14:57:56.6135859","vsmon.exe","1268","CreateFile","C:\Test.exe","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
292. "14:57:56.6138051","vsmon.exe","1268","CreateFileMapping","C:\Test.exe","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: "
293. "14:57:56.6141321","vsmon.exe","1268","CreateFileMapping","C:\Test.exe","SUCCESS","SyncType: SyncTypeOther"
294. "14:57:56.6156882","svchost.exe","952","CreateFileMapping","C:\Test.exe","SUCCESS","SyncType: SyncTypeOther"
295. "14:57:56.6158852","svchost.exe","952","CloseFile","C:\Test.exe","SUCCESS",""
296. "14:57:56.6187678","vsmon.exe","1268","Load Image","C:\Test.exe","SUCCESS","Image Base: 0x2c70000, Image Size: 0x8000"
297. "14:57:56.6188896","vsmon.exe","1268","CloseFile","C:\Test.exe","SUCCESS",""
298. "14:57:56.6197556","vsmon.exe","1268","CreateFile","C:\Test.exe","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Sequential Access, Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, AllocationSize: n/a, OpenResult: Opened"
299. "14:57:56.6199951","vsmon.exe","1268","CreateFileMapping","C:\Test.exe","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: "
300. "14:57:56.6200771","vsmon.exe","1268","QueryStandardInformationFile","C:\Test.exe","SUCCESS","AllocationSize: 8,192, EndOfFile: 5,120, NumberOfLinks: 1, DeletePending: False, Directory: False"
301. "14:57:56.6202347","vsmon.exe","1268","CreateFileMapping","C:\Test.exe","SUCCESS","SyncType: SyncTypeOther"
302. "14:57:56.6203846","vsmon.exe","1268","QueryStandardInformationFile","C:\Test.exe","SUCCESS","AllocationSize: 8,192, EndOfFile: 5,120, NumberOfLinks: 1, DeletePending: False, Directory: False"
303. "14:57:56.6205440","vsmon.exe","1268","ReadFile","C:\Test.exe","SUCCESS","Offset: 0, Length: 5,120, Priority: Normal"
304. "14:57:56.6208705","vsmon.exe","1268","CloseFile","C:\Test.exe","SUCCESS",""
305. "14:57:56.6214878","vsmon.exe","1268","QueryDirectory","C:\Test.exe","SUCCESS","Filter: Test.exe, 1: Test.exe"
306. "14:57:56.6221898","vsmon.exe","1268","CreateFile","C:\Test.exe","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
307. "14:57:56.6224099","vsmon.exe","1268","QueryStandardInformationFile","C:\Test.exe","SUCCESS","AllocationSize: 8,192, EndOfFile: 5,120, NumberOfLinks: 1, DeletePending: False, Directory: False"
308. "14:57:56.6225086","vsmon.exe","1268","CreateFileMapping","C:\Test.exe","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: "
309. "14:57:56.6225865","vsmon.exe","1268","QueryStandardInformationFile","C:\Test.exe","SUCCESS","AllocationSize: 8,192, EndOfFile: 5,120, NumberOfLinks: 1, DeletePending: False, Directory: False"
310. "14:57:56.6227437","vsmon.exe","1268","CreateFileMapping","C:\Test.exe","SUCCESS","SyncType: SyncTypeOther"
311. "14:57:56.6229706","vsmon.exe","1268","CloseFile","C:\Test.exe","SUCCESS",""
312. "14:57:56.6245054","vsmon.exe","1268","CloseFile","C:\Test.exe","SUCCESS",""
313. "14:57:56.6254415","svchost.exe","952","QueryDirectory","C:\Test.exe","SUCCESS","Filter: Test.exe, 1: Test.exe"
314. "14:57:56.6275605","svchost.exe","952","CreateFile","C:\Test.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
315. "14:57:56.6278065","svchost.exe","952","QueryBasicInformationFile","C:\Test.exe","SUCCESS","CreationTime: 27/09/2012 14:54:32, LastAccessTime: 27/09/2012 14:54:32, LastWriteTime: 20/09/2012 14:43:44, ChangeTime: 27/09/2012 14:54:33, FileAttributes: A"
316. "14:57:56.6279224","svchost.exe","952","CloseFile","C:\Test.exe","SUCCESS",""
317. "14:57:56.6284835","svchost.exe","952","QueryDirectory","C:\Test.exe","SUCCESS","Filter: Test.exe, 1: Test.exe"
318. "14:57:56.6324123","svchost.exe","952","CreateFile","C:\Test.exe","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, AllocationSize: n/a, OpenResult: Opened"
319. "14:57:56.6326727","svchost.exe","952","QueryStandardInformationFile","C:\Test.exe","SUCCESS","AllocationSize: 8,192, EndOfFile: 5,120, NumberOfLinks: 1, DeletePending: False, Directory: False"
320. "14:57:56.6327954","svchost.exe","952","CreateFileMapping","C:\Test.exe","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: "
321. "14:57:56.6332841","svchost.exe","952","CreateFileMapping","C:\Test.exe","SUCCESS","SyncType: SyncTypeOther"
322. "14:57:56.6338425","svchost.exe","952","CreateFile","C:\Test.exe","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, AllocationSize: n/a, OpenResult: Opened"
323. "14:57:56.6341051","svchost.exe","952","QueryStandardInformationFile","C:\Test.exe","SUCCESS","AllocationSize: 8,192, EndOfFile: 5,120, NumberOfLinks: 1, DeletePending: False, Directory: False"
324. "14:57:56.6342193","svchost.exe","952","QueryStandardInformationFile","C:\Test.exe","SUCCESS","AllocationSize: 8,192, EndOfFile: 5,120, NumberOfLinks: 1, DeletePending: False, Directory: False"
325. "14:57:56.6343393","svchost.exe","952","ReadFile","C:\Test.exe","SUCCESS","Offset: 4,068, Length: 1,024, Priority: Normal"
326. "14:57:56.6345159","svchost.exe","952","CloseFile","C:\Test.exe","SUCCESS",""
327. "14:57:56.6347179","svchost.exe","952","CloseFile","C:\Test.exe","SUCCESS",""
328. "14:57:56.6360512","svchost.exe","952","CreateFile","C:\Test.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
329. "14:57:56.6363125","svchost.exe","952","QueryBasicInformationFile","C:\Test.exe","SUCCESS","CreationTime: 27/09/2012 14:54:32, LastAccessTime: 27/09/2012 14:54:32, LastWriteTime: 20/09/2012 14:43:44, ChangeTime: 27/09/2012 14:54:33, FileAttributes: A"
330. "14:57:56.6364434","svchost.exe","952","CloseFile","C:\Test.exe","SUCCESS",""
331. "14:57:56.6371241","svchost.exe","952","CreateFile","C:\Test.exe","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
332. "14:57:56.6373872","svchost.exe","952","CreateFileMapping","C:\Test.exe","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: "
333. "14:57:56.6378568","svchost.exe","952","CreateFileMapping","C:\Test.exe","SUCCESS","SyncType: SyncTypeOther"
334. "14:57:56.6381086","svchost.exe","952","CloseFile","C:\Test.exe","SUCCESS",""
335. "14:57:56.6412734","svchost.exe","952","CreateFile","C:\Test.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
336. "14:57:56.6415474","svchost.exe","952","QueryBasicInformationFile","C:\Test.exe","SUCCESS","CreationTime: 27/09/2012 14:54:32, LastAccessTime: 27/09/2012 14:54:32, LastWriteTime: 20/09/2012 14:43:44, ChangeTime: 27/09/2012 14:54:33, FileAttributes: A"
337. "14:57:56.6416751","svchost.exe","952","CloseFile","C:\Test.exe","SUCCESS",""
338. "14:57:56.6423485","svchost.exe","952","CreateFile","C:\Test.exe","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
339. "14:57:56.6426212","svchost.exe","952","CreateFileMapping","C:\Test.exe","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: "
340. "14:57:56.6430881","svchost.exe","952","CreateFileMapping","C:\Test.exe","SUCCESS","SyncType: SyncTypeOther"
341. "14:57:56.6433489","svchost.exe","952","CloseFile","C:\Test.exe","SUCCESS",""
342. "14:57:56.6687684","svchost.exe","952","QueryDirectory","C:\Test.exe","SUCCESS","Filter: Test.exe, 1: Test.exe"
343. "14:57:56.6699341","svchost.exe","952","CreateFile","C:\Test.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
344. "14:57:56.6701682","svchost.exe","952","QueryBasicInformationFile","C:\Test.exe","SUCCESS","CreationTime: 27/09/2012 14:54:32, LastAccessTime: 27/09/2012 14:54:32, LastWriteTime: 20/09/2012 14:43:44, ChangeTime: 27/09/2012 14:54:33, FileAttributes: A"
345. "14:57:56.6702642","svchost.exe","952","CloseFile","C:\Test.exe","SUCCESS",""
346. "14:57:56.6708109","svchost.exe","952","QueryDirectory","C:\Test.exe","SUCCESS","Filter: Test.exe, 1: Test.exe"
347. "14:57:56.6747736","svchost.exe","952","CreateFile","C:\Test.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
348. "14:57:56.6750141","svchost.exe","952","QueryBasicInformationFile","C:\Test.exe","SUCCESS","CreationTime: 27/09/2012 14:54:32, LastAccessTime: 27/09/2012 14:54:32, LastWriteTime: 20/09/2012 14:43:44, ChangeTime: 27/09/2012 14:54:33, FileAttributes: A"
349. "14:57:56.6751182","svchost.exe","952","CloseFile","C:\Test.exe","SUCCESS",""
350. "14:57:56.6757260","svchost.exe","952","CreateFile","C:\Test.exe","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
351. "14:57:56.6759746","svchost.exe","952","CreateFileMapping","C:\Test.exe","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: "
352. "14:57:56.6763659","svchost.exe","952","CreateFileMapping","C:\Test.exe","SUCCESS","SyncType: SyncTypeOther"
353. "14:57:56.6765928","svchost.exe","952","CloseFile","C:\Test.exe","SUCCESS",""
354. "14:57:56.6776630","svchost.exe","952","CreateFile","C:\Test.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
355. "14:57:56.6779012","svchost.exe","952","QueryBasicInformationFile","C:\Test.exe","SUCCESS","CreationTime: 27/09/2012 14:54:32, LastAccessTime: 27/09/2012 14:54:32, LastWriteTime: 20/09/2012 14:43:44, ChangeTime: 27/09/2012 14:54:33, FileAttributes: A"
356. "14:57:56.6780135","svchost.exe","952","CloseFile","C:\Test.exe","SUCCESS",""
357. "14:57:56.6786041","svchost.exe","952","CreateFile","C:\Test.exe","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
358. "14:57:56.6788486","svchost.exe","952","CreateFileMapping","C:\Test.exe","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: "
359. "14:57:56.6792757","svchost.exe","952","CreateFileMapping","C:\Test.exe","SUCCESS","SyncType: SyncTypeOther"
360. "14:57:56.6795058","svchost.exe","952","CloseFile","C:\Test.exe","SUCCESS",""
361. "14:57:56.6814183","svchost.exe","952","CreateFile","C:\Test.exe","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, AllocationSize: n/a, OpenResult: Opened"
362. "14:57:56.6816597","svchost.exe","952","QueryStandardInformationFile","C:\Test.exe","SUCCESS","AllocationSize: 8,192, EndOfFile: 5,120, NumberOfLinks: 1, DeletePending: False, Directory: False"
363. "14:57:56.6817634","svchost.exe","952","CreateFileMapping","C:\Test.exe","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: "
364. "14:57:56.6822856","svchost.exe","952","CreateFileMapping","C:\Test.exe","SUCCESS","SyncType: SyncTypeOther"
365. "14:57:56.6828014","svchost.exe","952","CreateFile","C:\Test.exe","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, AllocationSize: n/a, OpenResult: Opened"
366. "14:57:56.6830473","svchost.exe","952","QueryStandardInformationFile","C:\Test.exe","SUCCESS","AllocationSize: 8,192, EndOfFile: 5,120, NumberOfLinks: 1, DeletePending: False, Directory: False"
367. "14:57:56.6831478","svchost.exe","952","QueryStandardInformationFile","C:\Test.exe","SUCCESS","AllocationSize: 8,192, EndOfFile: 5,120, NumberOfLinks: 1, DeletePending: False, Directory: False"
368. "14:57:56.6832497","svchost.exe","952","ReadFile","C:\Test.exe","SUCCESS","Offset: 4,068, Length: 1,024, Priority: Normal"
369. "14:57:56.6834164","svchost.exe","952","CloseFile","C:\Test.exe","SUCCESS",""
370. "14:57:56.6835948","svchost.exe","952","CloseFile","C:\Test.exe","SUCCESS",""
371. "14:57:56.7000983","Test.exe","11888","Load Image","C:\Test.exe","SUCCESS","Image Base: 0x190000, Image Size: 0x8000"
372. "14:57:57.2326466","svchost.exe","3224","CreateFile","C:\Test.exe","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open For Backup, Open No Recall, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
373. "14:57:57.2329283","svchost.exe","3224","QueryInformationVolume","C:\Test.exe","SUCCESS","VolumeCreationTime: 11/09/2012 06:59:15, VolumeSerialNumber: C4A4-4F6C, SupportsObjects: True, VolumeLabel: "
374. "14:57:57.2330515","svchost.exe","3224","QueryAllInformationFile","C:\Test.exe","BUFFER OVERFLOW","CreationTime: 27/09/2012 14:54:32, LastAccessTime: 27/09/2012 14:54:32, LastWriteTime: 20/09/2012 14:43:44, ChangeTime: 27/09/2012 14:54:33, FileAttributes: A, AllocationSize: 8,192, EndOfFile: 5,120, NumberOfLinks: 1, DeletePending: False, Directory: False, IndexNumber: 0x1600000000fc36, EaSize: 0, Access: Read Attributes, Synchronize, Position: 0, Mode: Synchronous IO Non-Alert, AlignmentRequirement: Word"
375. "14:57:57.2331837","svchost.exe","3224","QueryInformationVolume","C:\Test.exe","SUCCESS","VolumeCreationTime: 11/09/2012 06:59:15, VolumeSerialNumber: C4A4-4F6C, SupportsObjects: True, VolumeLabel: "
376. "14:57:57.3495126","conhost.exe","8288","CreateFile","C:\Test.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
377. "14:57:57.3497494","conhost.exe","8288","QueryBasicInformationFile","C:\Test.exe","SUCCESS","CreationTime: 27/09/2012 14:54:32, LastAccessTime: 27/09/2012 14:54:32, LastWriteTime: 20/09/2012 14:43:44, ChangeTime: 27/09/2012 14:54:33, FileAttributes: A"
378. "14:57:57.3498409","conhost.exe","8288","CloseFile","C:\Test.exe","SUCCESS",""
379. "14:57:57.3554861","svchost.exe","3224","QueryAllInformationFile","C:\Test.exe","BUFFER OVERFLOW","CreationTime: 27/09/2012 14:54:32, LastAccessTime: 27/09/2012 14:54:32, LastWriteTime: 20/09/2012 14:43:44, ChangeTime: 27/09/2012 14:54:33, FileAttributes: A, AllocationSize: 8,192, EndOfFile: 5,120, NumberOfLinks: 1, DeletePending: False, Directory: False, IndexNumber: 0x1600000000fc36, EaSize: 0, Access: Read Attributes, Synchronize, Position: 0, Mode: Synchronous IO Non-Alert, AlignmentRequirement: Word"
380. "14:57:57.3809078","svchost.exe","3224","CloseFile","C:\Test.exe","SUCCESS",""
381. "14:57:57.3834095","svchost.exe","3224","CreateFile","C:\Test.exe","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open For Backup, Open No Recall, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
382. "14:57:57.3836930","svchost.exe","3224","QueryInformationVolume","C:\Test.exe","SUCCESS","VolumeCreationTime: 11/09/2012 06:59:15, VolumeSerialNumber: C4A4-4F6C, SupportsObjects: True, VolumeLabel: "
383. "14:57:57.3838130","svchost.exe","3224","QueryAllInformationFile","C:\Test.exe","BUFFER OVERFLOW","CreationTime: 27/09/2012 14:54:32, LastAccessTime: 27/09/2012 14:54:32, LastWriteTime: 20/09/2012 14:43:44, ChangeTime: 27/09/2012 14:54:33, FileAttributes: A, AllocationSize: 8,192, EndOfFile: 5,120, NumberOfLinks: 1, DeletePending: False, Directory: False, IndexNumber: 0x1600000000fc36, EaSize: 0, Access: Read Attributes, Synchronize, Position: 0, Mode: Synchronous IO Non-Alert, AlignmentRequirement: Word"
384. "14:57:57.3839439","svchost.exe","3224","QueryInformationVolume","C:\Test.exe","SUCCESS","VolumeCreationTime: 11/09/2012 06:59:15, VolumeSerialNumber: C4A4-4F6C, SupportsObjects: True, VolumeLabel: "
385. "14:57:57.3840571","svchost.exe","3224","QueryAllInformationFile","C:\Test.exe","BUFFER OVERFLOW","CreationTime: 27/09/2012 14:54:32, LastAccessTime: 27/09/2012 14:54:32, LastWriteTime: 20/09/2012 14:43:44, ChangeTime: 27/09/2012 14:54:33, FileAttributes: A, AllocationSize: 8,192, EndOfFile: 5,120, NumberOfLinks: 1, DeletePending: False, Directory: False, IndexNumber: 0x1600000000fc36, EaSize: 0, Access: Read Attributes, Synchronize, Position: 0, Mode: Synchronous IO Non-Alert, AlignmentRequirement: Word"
386. "14:57:57.3841885","svchost.exe","3224","CloseFile","C:\Test.exe","SUCCESS",""
387. "14:57:57.3886688","conhost.exe","8288","CreateFile","C:\Test.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
388. "14:57:57.3889030","conhost.exe","8288","QueryBasicInformationFile","C:\Test.exe","SUCCESS","CreationTime: 27/09/2012 14:54:32, LastAccessTime: 27/09/2012 14:54:32, LastWriteTime: 20/09/2012 14:43:44, ChangeTime: 27/09/2012 14:54:33, FileAttributes: A"
389. "14:57:57.3890130","conhost.exe","8288","CloseFile","C:\Test.exe","SUCCESS",""
390. "14:57:57.3899799","conhost.exe","8288","CreateFile","C:\Test.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
391. "14:57:57.3902462","conhost.exe","8288","QueryBasicInformationFile","C:\Test.exe","SUCCESS","CreationTime: 27/09/2012 14:54:32, LastAccessTime: 27/09/2012 14:54:32, LastWriteTime: 20/09/2012 14:43:44, ChangeTime: 27/09/2012 14:54:33, FileAttributes: A"
392. "14:57:57.3903463","conhost.exe","8288","CloseFile","C:\Test.exe","SUCCESS",""
393. "14:57:57.3909079","conhost.exe","8288","CreateFile","C:\Test.exe","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Disallow Exclusive, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
394. "14:57:57.3911516","conhost.exe","8288","CreateFileMapping","C:\Test.exe","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: "
395. "14:57:57.3915139","conhost.exe","8288","CreateFileMapping","C:\Test.exe","SUCCESS","SyncType: SyncTypeOther"
396. "14:57:57.3917158","conhost.exe","8288","CloseFile","C:\Test.exe","SUCCESS",""
397. "14:57:57.4025927","svchost.exe","3224","CreateFile","C:\Test.exe","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open For Backup, Open No Recall, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
398. "14:57:57.4034659","svchost.exe","3224","QueryInformationVolume","C:\Test.exe","SUCCESS","VolumeCreationTime: 11/09/2012 06:59:15, VolumeSerialNumber: C4A4-4F6C, SupportsObjects: True, VolumeLabel: "
399. "14:57:57.4036054","svchost.exe","3224","QueryAllInformationFile","C:\Test.exe","BUFFER OVERFLOW","CreationTime: 27/09/2012 14:54:32, LastAccessTime: 27/09/2012 14:54:32, LastWriteTime: 20/09/2012 14:43:44, ChangeTime: 27/09/2012 14:54:33, FileAttributes: A, AllocationSize: 8,192, EndOfFile: 5,120, NumberOfLinks: 1, DeletePending: False, Directory: False, IndexNumber: 0x1600000000fc36, EaSize: 0, Access: Read Attributes, Synchronize, Position: 0, Mode: Synchronous IO Non-Alert, AlignmentRequirement: Word"
400. "14:57:57.4037643","svchost.exe","3224","CloseFile","C:\Test.exe","SUCCESS",""
401. "14:57:57.6238804","Explorer.EXE","2568","QueryNameInformationFile","C:\Test.exe","SUCCESS","Name: \Test.exe"
402. "14:57:57.6248374","Explorer.EXE","2568","CreateFile","C:\Test.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
403. "14:57:57.6251132","Explorer.EXE","2568","QueryBasicInformationFile","C:\Test.exe","SUCCESS","CreationTime: 27/09/2012 14:54:32, LastAccessTime: 27/09/2012 14:54:32, LastWriteTime: 20/09/2012 14:43:44, ChangeTime: 27/09/2012 14:54:33, FileAttributes: A"
404. "14:57:57.6252214","Explorer.EXE","2568","CloseFile","C:\Test.exe","SUCCESS",""
405. "14:57:57.6257508","Explorer.EXE","2568","QueryDirectory","C:\Test.exe","SUCCESS","Filter: Test.exe, 1: Test.exe"
406. "14:57:57.6274437","Explorer.EXE","2568","QueryNameInformationFile","C:\Test.exe","SUCCESS","Name: \Test.exe"
407. "14:57:57.6282752","Explorer.EXE","2568","CreateFile","C:\Test.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
408. "14:57:57.6285089","Explorer.EXE","2568","QueryBasicInformationFile","C:\Test.exe","SUCCESS","CreationTime: 27/09/2012 14:54:32, LastAccessTime: 27/09/2012 14:54:32, LastWriteTime: 20/09/2012 14:43:44, ChangeTime: 27/09/2012 14:54:33, FileAttributes: A"
409. "14:57:57.6286112","Explorer.EXE","2568","CloseFile","C:\Test.exe","SUCCESS",""
410. "14:57:57.6291379","Explorer.EXE","2568","QueryDirectory","C:\Test.exe","SUCCESS","Filter: Test.exe, 1: Test.exe"
411. "14:57:57.6483578","Explorer.EXE","2568","CreateFile","C:\Test.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
412. "14:57:57.6486436","Explorer.EXE","2568","QueryBasicInformationFile","C:\Test.exe","SUCCESS","CreationTime: 27/09/2012 14:54:32, LastAccessTime: 27/09/2012 14:54:32, LastWriteTime: 20/09/2012 14:43:44, ChangeTime: 27/09/2012 14:54:33, FileAttributes: A"
413. "14:57:57.6487632","Explorer.EXE","2568","CloseFile","C:\Test.exe","SUCCESS",""
414. "14:57:57.8020328","Test.exe","11888","CreateFile","C:\Test.exe","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Sequential Access, Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, AllocationSize: n/a, OpenResult: Opened"
415. "14:57:57.8022946","Test.exe","11888","QueryStandardInformationFile","C:\Test.exe","SUCCESS","AllocationSize: 8,192, EndOfFile: 5,120, NumberOfLinks: 1, DeletePending: False, Directory: False"
416. "14:57:57.8023983","Test.exe","11888","CreateFileMapping","C:\Test.exe","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: "
417. "14:57:57.8024848","Test.exe","11888","QueryStandardInformationFile","C:\Test.exe","SUCCESS","AllocationSize: 8,192, EndOfFile: 5,120, NumberOfLinks: 1, DeletePending: False, Directory: False"
418. "14:57:57.8026464","Test.exe","11888","CreateFileMapping","C:\Test.exe","SUCCESS","SyncType: SyncTypeOther"
419. "14:57:57.8028924","Test.exe","11888","CloseFile","C:\Test.exe","SUCCESS",""
420. "14:57:57.8038348","Test.exe","11888","CreateFile","C:\Test.exe","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Sequential Access, Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, AllocationSize: n/a, OpenResult: Opened"
421. "14:57:57.8040771","Test.exe","11888","QueryStandardInformationFile","C:\Test.exe","SUCCESS","AllocationSize: 8,192, EndOfFile: 5,120, NumberOfLinks: 1, DeletePending: False, Directory: False"
422. "14:57:57.8041790","Test.exe","11888","CreateFileMapping","C:\Test.exe","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: "
423. "14:57:57.8042628","Test.exe","11888","QueryStandardInformationFile","C:\Test.exe","SUCCESS","AllocationSize: 8,192, EndOfFile: 5,120, NumberOfLinks: 1, DeletePending: False, Directory: False"
424. "14:57:57.8045123","Test.exe","11888","CreateFileMapping","C:\Test.exe","SUCCESS","SyncType: SyncTypeOther"
425. "14:57:57.8047447","Test.exe","11888","CloseFile","C:\Test.exe","SUCCESS",""
426. "14:57:57.8190576","svchost.exe","3224","CreateFile","C:\Test.exe","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open For Backup, Open No Recall, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
427. "14:57:57.8193442","svchost.exe","3224","FileSystemControl","C:\Test.exe","SUCCESS","Control: FSCTL_READ_FILE_USN_DATA"
428. "14:57:57.8194855","svchost.exe","3224","CloseFile","C:\Test.exe","SUCCESS",""
429. "14:57:57.8863591","svchost.exe","3224","CreateFile","C:\Test.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
430. "14:57:57.8867686","svchost.exe","3224","QueryNetworkOpenInformationFile","C:\Test.exe","SUCCESS","CreationTime: 27/09/2012 14:54:32, LastAccessTime: 27/09/2012 14:54:32, LastWriteTime: 20/09/2012 14:43:44, ChangeTime: 27/09/2012 14:54:33, AllocationSize: 01/01/1601 01:00:00, EndOfFile: 01/01/1601 01:00:00, FileAttributes: A"
431. "14:57:57.8868994","svchost.exe","3224","CloseFile","C:\Test.exe","SUCCESS",""
432. "14:57:57.8910247","svchost.exe","3224","CreateFile","C:\Test.exe","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Open For Backup, Open No Recall, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
433. "14:57:57.8918141","svchost.exe","3224","FileSystemControl","C:\Test.exe","SUCCESS","Control: FSCTL_REQUEST_FILTER_OPLOCK"
434. "14:57:57.8925134","svchost.exe","3224","CreateFile","C:\Test.exe","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Random Access, Open No Recall, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
435. "14:57:57.8928091","svchost.exe","3224","QueryBasicInformationFile","C:\Test.exe","SUCCESS","CreationTime: 27/09/2012 14:54:32, LastAccessTime: 27/09/2012 14:54:32, LastWriteTime: 20/09/2012 14:43:44, ChangeTime: 27/09/2012 14:54:33, FileAttributes: A"
436. "14:57:57.8929269","svchost.exe","3224","QueryStandardInformationFile","C:\Test.exe","SUCCESS","AllocationSize: 8,192, EndOfFile: 5,120, NumberOfLinks: 1, DeletePending: False, Directory: False"
437. "14:57:57.8930799","svchost.exe","3224","QueryBasicInformationFile","C:\Test.exe","SUCCESS","CreationTime: 27/09/2012 14:54:32, LastAccessTime: 27/09/2012 14:54:32, LastWriteTime: 20/09/2012 14:43:44, ChangeTime: 27/09/2012 14:54:33, FileAttributes: A"
438. "14:57:57.8932335","svchost.exe","3224","ReadFile","C:\Test.exe","SUCCESS","Offset: 0, Length: 4,096, Priority: Very Low"
439. "14:57:57.9282010","svchost.exe","3224","ReadFile","C:\Test.exe","SUCCESS","Offset: 4,096, Length: 1,024"
440. "14:57:57.9580274","svchost.exe","3224","QueryStreamInformationFile","C:\Test.exe","SUCCESS",""
441. "14:57:57.9582081","svchost.exe","3224","QueryEAFile","C:\Test.exe","NO EAS ON FILE",""
442. "14:57:57.9583861","svchost.exe","3224","CloseFile","C:\Test.exe","SUCCESS",""
443. "14:57:57.9585990","svchost.exe","3224","CloseFile","C:\Test.exe","SUCCESS",""
444. "14:57:57.9604078","svchost.exe","3224","CreateFile","C:\Test.exe","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open For Backup, Open No Recall, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
445. "14:57:57.9606840","svchost.exe","3224","QueryStreamInformationFile","C:\Test.exe","SUCCESS",""
446. "14:57:57.9608312","svchost.exe","3224","CloseFile","C:\Test.exe","SUCCESS",""
447. "14:57:57.9616446","svchost.exe","3224","CreateFile","C:\Test.exe","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open For Backup, Open No Recall, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
448. "14:57:57.9618905","svchost.exe","3224","FileSystemControl","C:\Test.exe","SUCCESS","Control: FSCTL_READ_FILE_USN_DATA"
449. "14:57:57.9620250","svchost.exe","3224","CloseFile","C:\Test.exe","SUCCESS",""
450. "14:57:57.9627025","svchost.exe","3224","CreateFile","C:\Test.exe","SUCCESS","Desired Access: Read Data/List Directory, Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
451. "14:57:57.9629607","svchost.exe","3224","QueryStandardInformationFile","C:\Test.exe","SUCCESS","AllocationSize: 8,192, EndOfFile: 5,120, NumberOfLinks: 1, DeletePending: False, Directory: False"
452. "14:57:57.9631138","svchost.exe","3224","ReadFile","C:\Test.exe","SUCCESS","Offset: 0, Length: 5,120, Priority: Very Low"
453. "14:57:57.9633017","svchost.exe","3224","CloseFile","C:\Test.exe","SUCCESS",""
454. "14:57:58.0260844","Test.exe","11888","CreateFile","C:\Test.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
455. "14:57:58.0263281","Test.exe","11888","QueryBasicInformationFile","C:\Test.exe","SUCCESS","CreationTime: 27/09/2012 14:54:32, LastAccessTime: 27/09/2012 14:54:32, LastWriteTime: 20/09/2012 14:43:44, ChangeTime: 27/09/2012 14:54:33, FileAttributes: A"
456. "14:57:58.0264304","Test.exe","11888","CloseFile","C:\Test.exe","SUCCESS",""
457. "14:57:58.0269517","Test.exe","11888","QueryDirectory","C:\Test.exe","SUCCESS","Filter: Test.exe, 1: Test.exe"
458. "14:57:58.0281450","Test.exe","11888","CreateFile","C:\Test.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
459. "14:57:58.0283615","Test.exe","11888","QueryBasicInformationFile","C:\Test.exe","SUCCESS","CreationTime: 27/09/2012 14:54:32, LastAccessTime: 27/09/2012 14:54:32, LastWriteTime: 20/09/2012 14:43:44, ChangeTime: 27/09/2012 14:54:33, FileAttributes: A"
460. "14:57:58.0284543","Test.exe","11888","CloseFile","C:\Test.exe","SUCCESS",""
461. "14:57:58.0290848","Test.exe","11888","CreateFile","C:\Test.exe","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, AllocationSize: n/a, OpenResult: Opened"
462. "14:57:58.0293284","Test.exe","11888","QueryInformationVolume","C:\Test.exe","SUCCESS","VolumeCreationTime: 11/09/2012 06:59:15, VolumeSerialNumber: C4A4-4F6C, SupportsObjects: True, VolumeLabel: "
463. "14:57:58.0294289","Test.exe","11888","QueryAllInformationFile","C:\Test.exe","BUFFER OVERFLOW","CreationTime: 27/09/2012 14:54:32, LastAccessTime: 27/09/2012 14:54:32, LastWriteTime: 20/09/2012 14:43:44, ChangeTime: 27/09/2012 14:54:33, FileAttributes: A, AllocationSize: 8,192, EndOfFile: 5,120, NumberOfLinks: 1, DeletePending: False, Directory: False, IndexNumber: 0x1600000000fc36, EaSize: 0, Access: Generic Read, Position: 0, Mode: Synchronous IO Non-Alert, AlignmentRequirement: Word"
464. "14:57:58.0301916","Test.exe","11888","CreateFile","C:\Test.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
465. "14:57:58.0305009","Test.exe","11888","QueryNetworkOpenInformationFile","C:\Test.exe","SUCCESS","CreationTime: 27/09/2012 14:54:32, LastAccessTime: 27/09/2012 14:54:32, LastWriteTime: 20/09/2012 14:43:44, ChangeTime: 27/09/2012 14:54:33, AllocationSize: 01/01/1601 01:00:00, EndOfFile: 01/01/1601 01:00:00, FileAttributes: A"
466. "14:57:58.0306037","Test.exe","11888","CloseFile","C:\Test.exe","SUCCESS",""
467. "14:57:58.0308877","Test.exe","11888","CloseFile","C:\Test.exe","SUCCESS",""
468. "14:57:58.0410064","Test.exe","11888","CreateFile","C:\Test.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
469. "14:57:58.0413194","Test.exe","11888","QueryNetworkOpenInformationFile","C:\Test.exe","SUCCESS","CreationTime: 27/09/2012 14:54:32, LastAccessTime: 27/09/2012 14:54:32, LastWriteTime: 20/09/2012 14:43:44, ChangeTime: 27/09/2012 14:54:33, AllocationSize: 01/01/1601 01:00:00, EndOfFile: 01/01/1601 01:00:00, FileAttributes: A"
470. "14:57:58.0414222","Test.exe","11888","CloseFile","C:\Test.exe","SUCCESS",""
471. "14:57:58.1219375","Test.exe","11888","QueryNameInformationFile","C:\Test.exe","SUCCESS","Name: \Test.exe"