API tools faq
paste
Advertisement
MalwareMustDie

PID 2116 - about.exe #MalwareMustDie 20130126

MalwareMustDie
Jan 26th, 2013
1,406
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 98.65 KB | None | 0 0
raw download clone embed print report
  1. ========================
  2. PID: 2116 - about1.exe
  3. ========================
  4.  
  5. 20:39:05.0514301","about1.exe","2116","QueryNameInformationFile","C:\Documents and Settings\rik\繝・せ繧ッ繝医ャ繝予about1.exe","SUCCESS","Name: \Documents and Settings\RIK\繝・せ繧ッ繝医ャ繝予about1.exe"
  6. 20:39:05.0541944","about1.exe","2116","QueryNameInformationFile","C:\Documents and Settings\rik\繝・せ繧ッ繝医ャ繝予about1.exe","SUCCESS","Name: \Documents and Settings\RIK\繝・せ繧ッ繝医ャ繝予about1.exe"
  7. 20:39:05.0545350","about1.exe","2116","CreateFile","C:\WINDOWS\Prefetch\ABOUT1.EXE-1D98EA3D.pf","NAME NOT FOUND","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Attributes: n/a, ShareMode: None, AllocationSize: n/a"
  8. 20:39:05.0551932","about1.exe","2116","ReadFile","C:\WINDOWS\System32\ntdll.dll","SUCCESS","Offset: 500,736, Length: 12,288, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O"
  9. 20:39:05.0671894","about1.exe","2116","CreateFile","C:\Documents and Settings\rik\繝・せ繧ッ繝医ャ繝・,"SUCCESS","Desired Access: Execute/Traverse, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
  10. 20:39:05.0673305","about1.exe","2116","FileSystemControl","C:\Documents and Settings\rik\繝・せ繧ッ繝医ャ繝・,"SUCCESS","Control: FSCTL_IS_VOLUME_MOUNTED"
  11. 20:39:05.0676691","about1.exe","2116","CreateFile","C:\Documents and Settings\rik\繝・せ繧ッ繝医ャ繝予about1.exe.Local","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
  12. 20:39:05.0689734","about1.exe","2116","ReadFile","C:\WINDOWS\SYSTEM32\KERNEL32.DLL","SUCCESS","Offset: 538,112, Length: 9,728, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O"
  13. 20:39:05.0796588","about1.exe","2116","ReadFile","C:\WINDOWS\SYSTEM32\SHELL32.DLL","SUCCESS","Offset: 1,024, Length: 4,096, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O"
  14. 20:39:05.1802607","about1.exe","2116","ReadFile","C:\WINDOWS\SYSTEM32\SHLWAPI.DLL","SUCCESS","Offset: 1,024, Length: 4,096, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O"
  15. 20:39:05.1896698","about1.exe","2116","CreateFile","C:\Documents and Settings\rik\繝・せ繧ッ繝医ャ繝予oleacc.dll","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
  16. 20:39:05.1900617","about1.exe","2116","CreateFile","C:\WINDOWS\system32\oleacc.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
  17. 20:39:05.1908696","about1.exe","2116","QueryBasicInformationFile","C:\WINDOWS\system32\oleacc.dll","SUCCESS","CreationTime: 2008/08/20 12:00:00, LastAccessTime: 2013/01/26 0:00:00, LastWriteTime: 2008/08/20 12:00:00, ChangeTime: 1601/01/01 9:00:00, FileAttributes: A"
  18. 20:39:05.1910194","about1.exe","2116","CloseFile","C:\WINDOWS\system32\oleacc.dll","SUCCESS",""
  19. 20:39:05.1912423","about1.exe","2116","CreateFile","C:\WINDOWS\system32\oleacc.dll","SUCCESS","Desired Access: Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
  20. 20:39:05.1920390","about1.exe","2116","CreateFileMapping","C:\WINDOWS\system32\oleacc.dll","SUCCESS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE"
  21. 20:39:05.1920670","about1.exe","2116","QueryStandardInformationFile","C:\WINDOWS\system32\oleacc.dll","SUCCESS","AllocationSize: 163,840, EndOfFile: 163,328, NumberOfLinks: 1, DeletePending: False, Directory: False"
  22. 20:39:05.1920921","about1.exe","2116","CreateFileMapping","C:\WINDOWS\system32\oleacc.dll","SUCCESS","SyncType: SyncTypeOther"
  23. 20:39:05.1921156","about1.exe","2116","ReadFile","C:\WINDOWS\system32\oleacc.dll","SUCCESS","Offset: 0, Length: 4,096, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O"
  24. 20:39:05.2066934","about1.exe","2116","CreateFileMapping","C:\WINDOWS\system32\oleacc.dll","SUCCESS","SyncType: SyncTypeOther"
  25. 20:39:05.2070113","about1.exe","2116","CloseFile","C:\WINDOWS\system32\oleacc.dll","SUCCESS",""
  26. 20:39:05.2072862","about1.exe","2116","ReadFile","C:\WINDOWS\system32\oleacc.dll","SUCCESS","Offset: 134,144, Length: 16,384, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O"
  27. 20:39:05.2143729","about1.exe","2116","ReadFile","C:\WINDOWS\system32\oleacc.dll","SUCCESS","Offset: 99,328, Length: 30,720, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O"
  28. 20:39:05.2154155","about1.exe","2116","ReadFile","C:\WINDOWS\system32\oleacc.dll","SUCCESS","Offset: 1,024, Length: 32,768, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O"
  29. 20:39:05.2169386","about1.exe","2116","CreateFile","C:\Documents and Settings\rik\繝・せ繧ッ繝医ャ繝予MSVCP60.dll","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
  30. 20:39:05.2173948","about1.exe","2116","CreateFile","C:\WINDOWS\system32\msvcp60.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
  31. 20:39:05.2175753","about1.exe","2116","QueryBasicInformationFile","C:\WINDOWS\system32\msvcp60.dll","SUCCESS","CreationTime: 2008/08/20 12:00:00, LastAccessTime: 2013/01/26 0:00:00, LastWriteTime: 2008/08/20 12:00:00, ChangeTime: 1601/01/01 9:00:00, FileAttributes: A"
  32. 20:39:05.2183709","about1.exe","2116","CloseFile","C:\WINDOWS\system32\msvcp60.dll","SUCCESS",""
  33. 20:39:05.2186117","about1.exe","2116","CreateFile","C:\WINDOWS\system32\msvcp60.dll","SUCCESS","Desired Access: Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
  34. 20:39:05.2187936","about1.exe","2116","CreateFileMapping","C:\WINDOWS\system32\msvcp60.dll","SUCCESS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE"
  35. 20:39:05.2188204","about1.exe","2116","CreateFileMapping","C:\WINDOWS\SYSTEM32\MSVCP60.DLL","SUCCESS","SyncType: SyncTypeOther"
  36. 20:39:05.2195939","about1.exe","2116","CloseFile","C:\WINDOWS\system32\msvcp60.dll","SUCCESS",""
  37. 20:39:05.2199116","about1.exe","2116","ReadFile","C:\WINDOWS\SYSTEM32\MSVCP60.DLL","SUCCESS","Offset: 180,224, Length: 4,096, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O"
  38. 20:39:05.2276092","about1.exe","2116","ReadFile","C:\WINDOWS\SYSTEM32\OLE32.DLL","SUCCESS","Offset: 1,024, Length: 4,096, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O"
  39. 20:39:05.2369372","about1.exe","2116","ReadFile","C:\WINDOWS\SYSTEM32\OLEAUT32.DLL","SUCCESS","Offset: 1,024, Length: 4,096, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O"
  40. 20:39:05.2429145","about1.exe","2116","CreateFile","C:\Documents and Settings\rik\繝・せ繧ッ繝医ャ繝予rasapi32.dll","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
  41. 20:39:05.2439931","about1.exe","2116","CreateFile","C:\WINDOWS\system32\rasapi32.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
  42. 20:39:05.2441770","about1.exe","2116","QueryBasicInformationFile","C:\WINDOWS\system32\rasapi32.dll","SUCCESS","CreationTime: 2008/08/20 12:00:00, LastAccessTime: 2013/01/26 0:00:00, LastWriteTime: 2008/08/20 12:00:00, ChangeTime: 1601/01/01 9:00:00, FileAttributes: A"
  43. 20:39:05.2443460","about1.exe","2116","CloseFile","C:\WINDOWS\system32\rasapi32.dll","SUCCESS",""
  44. 20:39:05.2451955","about1.exe","2116","CreateFile","C:\WINDOWS\system32\rasapi32.dll","SUCCESS","Desired Access: Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
  45. 20:39:05.2453807","about1.exe","2116","CreateFileMapping","C:\WINDOWS\system32\rasapi32.dll","SUCCESS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE"
  46. 20:39:05.2454377","about1.exe","2116","CreateFileMapping","C:\WINDOWS\SYSTEM32\RASAPI32.DLL","SUCCESS","SyncType: SyncTypeOther"
  47. 20:39:05.2456238","about1.exe","2116","CloseFile","C:\WINDOWS\system32\rasapi32.dll","SUCCESS",""
  48. 20:39:05.2464032","about1.exe","2116","ReadFile","C:\WINDOWS\SYSTEM32\RASAPI32.DLL","SUCCESS","Offset: 1,024, Length: 4,096, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O"
  49. 20:39:05.2518550","about1.exe","2116","CreateFile","C:\Documents and Settings\rik\繝・せ繧ッ繝医ャ繝予rasman.dll","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
  50. 20:39:05.2522861","about1.exe","2116","CreateFile","C:\WINDOWS\system32\rasman.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
  51. 20:39:05.2524652","about1.exe","2116","QueryBasicInformationFile","C:\WINDOWS\system32\rasman.dll","SUCCESS","CreationTime: 2008/08/20 12:00:00, LastAccessTime: 2013/01/26 0:00:00, LastWriteTime: 2008/08/20 12:00:00, ChangeTime: 1601/01/01 9:00:00, FileAttributes: A"
  52. 20:39:05.2526345","about1.exe","2116","CloseFile","C:\WINDOWS\system32\rasman.dll","SUCCESS",""
  53. 20:39:05.2528767","about1.exe","2116","CreateFile","C:\WINDOWS\system32\rasman.dll","SUCCESS","Desired Access: Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
  54. 20:39:05.2530580","about1.exe","2116","CreateFileMapping","C:\WINDOWS\system32\rasman.dll","SUCCESS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE"
  55. 20:39:05.2531111","about1.exe","2116","CreateFileMapping","C:\WINDOWS\SYSTEM32\RASMAN.DLL","SUCCESS","SyncType: SyncTypeOther"
  56. 20:39:05.2532957","about1.exe","2116","CloseFile","C:\WINDOWS\system32\rasman.dll","SUCCESS",""
  57. 20:39:05.2535918","about1.exe","2116","ReadFile","C:\WINDOWS\SYSTEM32\RASMAN.DLL","SUCCESS","Offset: 1,024, Length: 4,096, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O"
  58. 20:39:05.2655635","about1.exe","2116","ReadFile","C:\WINDOWS\SYSTEM32\NETAPI32.DLL","SUCCESS","Offset: 1,024, Length: 4,096, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O"
  59. 20:39:05.2777675","about1.exe","2116","CreateFile","C:\Documents and Settings\rik\繝・せ繧ッ繝医ャ繝予WS2_32.dll","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
  60. 20:39:05.2781939","about1.exe","2116","CreateFile","C:\WINDOWS\system32\ws2_32.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
  61. 20:39:05.2790093","about1.exe","2116","QueryBasicInformationFile","C:\WINDOWS\system32\ws2_32.dll","SUCCESS","CreationTime: 2008/08/20 12:00:00, LastAccessTime: 2013/01/26 0:00:00, LastWriteTime: 2008/08/20 12:00:00, ChangeTime: 1601/01/01 9:00:00, FileAttributes: A"
  62. 20:39:05.2791811","about1.exe","2116","CloseFile","C:\WINDOWS\system32\ws2_32.dll","SUCCESS",""
  63. 20:39:05.2794211","about1.exe","2116","CreateFile","C:\WINDOWS\system32\ws2_32.dll","SUCCESS","Desired Access: Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
  64. 20:39:05.2797535","about1.exe","2116","CreateFileMapping","C:\WINDOWS\system32\ws2_32.dll","SUCCESS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE"
  65. 20:39:05.2797815","about1.exe","2116","CreateFileMapping","C:\WINDOWS\SYSTEM32\WS2_32.DLL","SUCCESS","SyncType: SyncTypeOther"
  66. 20:39:05.2799620","about1.exe","2116","CloseFile","C:\WINDOWS\system32\ws2_32.dll","SUCCESS",""
  67. 20:39:05.2802760","about1.exe","2116","ReadFile","C:\WINDOWS\SYSTEM32\WS2_32.DLL","SUCCESS","Offset: 1,024, Length: 4,096, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O"
  68. 20:39:05.2994312","about1.exe","2116","CreateFile","C:\Documents and Settings\rik\繝・せ繧ッ繝医ャ繝予WS2HELP.dll","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
  69. 20:39:05.4068700","about1.exe","2116","CreateFile","C:\WINDOWS\system32\ws2help.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
  70. 20:39:05.4070692","about1.exe","2116","QueryBasicInformationFile","C:\WINDOWS\system32\ws2help.dll","SUCCESS","CreationTime: 2008/08/20 12:00:00, LastAccessTime: 2013/01/26 0:00:00, LastWriteTime: 2008/08/20 12:00:00, ChangeTime: 1601/01/01 9:00:00, FileAttributes: A"
  71. 20:39:05.4072376","about1.exe","2116","CloseFile","C:\WINDOWS\system32\ws2help.dll","SUCCESS",""
  72. 20:39:05.4086431","about1.exe","2116","CreateFile","C:\WINDOWS\system32\ws2help.dll","SUCCESS","Desired Access: Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
  73. 20:39:05.4088297","about1.exe","2116","CreateFileMapping","C:\WINDOWS\system32\ws2help.dll","SUCCESS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE"
  74. 20:39:05.4088599","about1.exe","2116","CreateFileMapping","C:\WINDOWS\SYSTEM32\WS2HELP.DLL","SUCCESS","SyncType: SyncTypeOther"
  75. 20:39:05.4090420","about1.exe","2116","CloseFile","C:\WINDOWS\system32\ws2help.dll","SUCCESS",""
  76. 20:39:05.4102604","about1.exe","2116","CreateFile","C:\Documents and Settings\rik\繝・せ繧ッ繝医ャ繝予TAPI32.dll","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
  77. 20:39:05.4112529","about1.exe","2116","CreateFile","C:\WINDOWS\system32\tapi32.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
  78. 20:39:05.4114370","about1.exe","2116","QueryBasicInformationFile","C:\WINDOWS\system32\tapi32.dll","SUCCESS","CreationTime: 2008/08/20 12:00:00, LastAccessTime: 2013/01/26 0:00:00, LastWriteTime: 2008/08/20 12:00:00, ChangeTime: 1601/01/01 9:00:00, FileAttributes: A"
  79. 20:39:05.4116066","about1.exe","2116","CloseFile","C:\WINDOWS\system32\tapi32.dll","SUCCESS",""
  80. 20:39:05.4125313","about1.exe","2116","CreateFile","C:\WINDOWS\system32\tapi32.dll","SUCCESS","Desired Access: Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
  81. 20:39:05.4127163","about1.exe","2116","CreateFileMapping","C:\WINDOWS\system32\tapi32.dll","SUCCESS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE"
  82. 20:39:05.4127738","about1.exe","2116","CreateFileMapping","C:\WINDOWS\SYSTEM32\TAPI32.DLL","SUCCESS","SyncType: SyncTypeOther"
  83. 20:39:05.4129585","about1.exe","2116","CloseFile","C:\WINDOWS\system32\tapi32.dll","SUCCESS",""
  84. 20:39:05.4139231","about1.exe","2116","ReadFile","C:\WINDOWS\SYSTEM32\TAPI32.DLL","SUCCESS","Offset: 1,024, Length: 4,096, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O"
  85. 20:39:05.4167319","about1.exe","2116","CreateFile","C:\Documents and Settings\rik\繝・せ繧ッ繝医ャ繝予rtutils.dll","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
  86. 20:39:05.4183544","about1.exe","2116","CreateFile","C:\WINDOWS\system32\rtutils.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
  87. 20:39:05.4185324","about1.exe","2116","QueryBasicInformationFile","C:\WINDOWS\system32\rtutils.dll","SUCCESS","CreationTime: 2008/08/20 12:00:00, LastAccessTime: 2013/01/26 0:00:00, LastWriteTime: 2008/08/20 12:00:00, ChangeTime: 1601/01/01 9:00:00, FileAttributes: A"
  88. 20:39:05.4186997","about1.exe","2116","CloseFile","C:\WINDOWS\system32\rtutils.dll","SUCCESS",""
  89. 20:39:05.4199211","about1.exe","2116","CreateFile","C:\WINDOWS\system32\rtutils.dll","SUCCESS","Desired Access: Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
  90. 20:39:05.4201041","about1.exe","2116","CreateFileMapping","C:\WINDOWS\system32\rtutils.dll","SUCCESS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE"
  91. 20:39:05.4201594","about1.exe","2116","CreateFileMapping","C:\WINDOWS\SYSTEM32\RTUTILS.DLL","SUCCESS","SyncType: SyncTypeOther"
  92. 20:39:05.4203432","about1.exe","2116","CloseFile","C:\WINDOWS\system32\rtutils.dll","SUCCESS",""
  93. 20:39:05.4218959","about1.exe","2116","ReadFile","C:\WINDOWS\SYSTEM32\RTUTILS.DLL","SUCCESS","Offset: 1,024, Length: 4,096, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O"
  94. 20:39:05.4279484","about1.exe","2116","CreateFile","C:\Documents and Settings\rik\繝・せ繧ッ繝医ャ繝予WINMM.dll","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
  95. 20:39:05.4283761","about1.exe","2116","CreateFile","C:\WINDOWS\system32\winmm.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
  96. 20:39:05.4292030","about1.exe","2116","QueryBasicInformationFile","C:\WINDOWS\system32\winmm.dll","SUCCESS","CreationTime: 2008/08/20 12:00:00, LastAccessTime: 2013/01/26 0:00:00, LastWriteTime: 2008/08/20 12:00:00, ChangeTime: 1601/01/01 9:00:00, FileAttributes: A"
  97. 20:39:05.4293692","about1.exe","2116","CloseFile","C:\WINDOWS\system32\winmm.dll","SUCCESS",""
  98. 20:39:05.4296056","about1.exe","2116","CreateFile","C:\WINDOWS\system32\winmm.dll","SUCCESS","Desired Access: Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
  99. 20:39:05.4305087","about1.exe","2116","CreateFileMapping","C:\WINDOWS\system32\winmm.dll","SUCCESS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE"
  100. 20:39:05.4305621","about1.exe","2116","CreateFileMapping","C:\WINDOWS\SYSTEM32\WINMM.DLL","SUCCESS","SyncType: SyncTypeOther"
  101. 20:39:05.4307451","about1.exe","2116","CloseFile","C:\WINDOWS\system32\winmm.dll","SUCCESS",""
  102. 20:39:05.4322115","about1.exe","2116","CreateFile","C:\Documents and Settings\rik\繝・せ繧ッ繝医ャ繝予setupapi.dll","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
  103. 20:39:05.4326344","about1.exe","2116","CreateFile","C:\WINDOWS\system32\setupapi.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
  104. 20:39:05.4334692","about1.exe","2116","QueryBasicInformationFile","C:\WINDOWS\system32\setupapi.dll","SUCCESS","CreationTime: 2008/08/20 12:00:00, LastAccessTime: 2013/01/26 0:00:00, LastWriteTime: 2008/08/20 12:00:00, ChangeTime: 1601/01/01 9:00:00, FileAttributes: A"
  105. 20:39:05.4336351","about1.exe","2116","CloseFile","C:\WINDOWS\system32\setupapi.dll","SUCCESS",""
  106. 20:39:05.4338703","about1.exe","2116","CreateFile","C:\WINDOWS\system32\setupapi.dll","SUCCESS","Desired Access: Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
  107. 20:39:05.4349976","about1.exe","2116","CreateFileMapping","C:\WINDOWS\system32\setupapi.dll","SUCCESS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE"
  108. 20:39:05.4350241","about1.exe","2116","CreateFileMapping","C:\WINDOWS\SYSTEM32\SETUPAPI.DLL","SUCCESS","SyncType: SyncTypeOther"
  109. 20:39:05.4352057","about1.exe","2116","CloseFile","C:\WINDOWS\system32\setupapi.dll","SUCCESS",""
  110. 20:39:05.4364595","about1.exe","2116","ReadFile","C:\WINDOWS\SYSTEM32\SETUPAPI.DLL","SUCCESS","Offset: 1,024, Length: 4,096, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O"
  111. 20:39:05.4474573","about1.exe","2116","CreateFile","C:\Documents and Settings\rik\繝・せ繧ッ繝医ャ繝予winspool.drv","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
  112. 20:39:05.4478922","about1.exe","2116","CreateFile","C:\WINDOWS\system32\winspool.drv","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
  113. 20:39:05.4480733","about1.exe","2116","QueryBasicInformationFile","C:\WINDOWS\system32\winspool.drv","SUCCESS","CreationTime: 2008/08/20 12:00:00, LastAccessTime: 2013/01/26 0:00:00, LastWriteTime: 2008/08/20 12:00:00, ChangeTime: 1601/01/01 9:00:00, FileAttributes: A"
  114. 20:39:05.4489530","about1.exe","2116","CloseFile","C:\WINDOWS\system32\winspool.drv","SUCCESS",""
  115. 20:39:05.4491958","about1.exe","2116","CreateFile","C:\WINDOWS\system32\winspool.drv","SUCCESS","Desired Access: Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
  116. 20:39:05.4493790","about1.exe","2116","CreateFileMapping","C:\WINDOWS\system32\winspool.drv","SUCCESS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE"
  117. 20:39:05.4494318","about1.exe","2116","CreateFileMapping","C:\WINDOWS\SYSTEM32\WINSPOOL.DRV","SUCCESS","SyncType: SyncTypeOther"
  118. 20:39:05.4502314","about1.exe","2116","CloseFile","C:\WINDOWS\system32\winspool.drv","SUCCESS",""
  119. 20:39:05.4514505","about1.exe","2116","ReadFile","C:\WINDOWS\SYSTEM32\WINSPOOL.DRV","SUCCESS","Offset: 1,024, Length: 4,096, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O"
  120. 20:39:05.4601418","about1.exe","2116","CreateFile","C:\Documents and Settings\rik\繝・せ繧ッ繝医ャ繝予winsta.dll","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
  121. 20:39:05.4611691","about1.exe","2116","CreateFile","C:\WINDOWS\system32\winsta.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
  122. 20:39:05.4613425","about1.exe","2116","QueryBasicInformationFile","C:\WINDOWS\system32\winsta.dll","SUCCESS","CreationTime: 2008/08/20 12:00:00, LastAccessTime: 2013/01/26 0:00:00, LastWriteTime: 2008/08/20 12:00:00, ChangeTime: 1601/01/01 9:00:00, FileAttributes: A"
  123. 20:39:05.4615071","about1.exe","2116","CloseFile","C:\WINDOWS\system32\winsta.dll","SUCCESS",""
  124. 20:39:05.4626167","about1.exe","2116","CreateFile","C:\WINDOWS\system32\winsta.dll","SUCCESS","Desired Access: Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
  125. 20:39:05.4627947","about1.exe","2116","CreateFileMapping","C:\WINDOWS\system32\winsta.dll","SUCCESS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE"
  126. 20:39:05.4628458","about1.exe","2116","CreateFileMapping","C:\WINDOWS\SYSTEM32\WINSTA.DLL","SUCCESS","SyncType: SyncTypeOther"
  127. 20:39:05.4630249","about1.exe","2116","CloseFile","C:\WINDOWS\system32\winsta.dll","SUCCESS",""
  128. 20:39:05.4643427","about1.exe","2116","ReadFile","C:\WINDOWS\SYSTEM32\SECUR32.DLL","SUCCESS","Offset: 50,688, Length: 1,536, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O"
  129. 20:39:05.4712567","about1.exe","2116","ReadFile","C:\WINDOWS\SYSTEM32\RPCRT4.DLL","SUCCESS","Offset: 562,688, Length: 3,072, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O"
  130. 20:39:05.4744451","about1.exe","2116","ReadFile","C:\WINDOWS\SYSTEM32\ADVAPI32.DLL","SUCCESS","Offset: 477,696, Length: 4,096, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O"
  131. 20:39:05.4871495","about1.exe","2116","ReadFile","C:\WINDOWS\SYSTEM32\USER32.DLL","SUCCESS","Offset: 391,168, Length: 3,072, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O"
  132. 20:39:05.4914704","about1.exe","2116","ReadFile","C:\WINDOWS\SYSTEM32\GDI32.DLL","SUCCESS","Offset: 272,896, Length: 4,608, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O"
  133. 20:39:05.4951994","about1.exe","2116","ReadFile","C:\WINDOWS\SYSTEM32\COMCTL32.DLL","SUCCESS","Offset: 462,848, Length: 9,728, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O"
  134. 20:39:05.5053537","about1.exe","2116","ReadFile","C:\WINDOWS\SYSTEM32\MSVCRT.DLL","SUCCESS","Offset: 315,904, Length: 8,192, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O"
  135. 20:39:05.5134872","about1.exe","2116","ReadFile","C:\WINDOWS\SYSTEM32\SHLWAPI.DLL","SUCCESS","Offset: 442,368, Length: 3,072, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O"
  136. 20:39:05.5231588","about1.exe","2116","ReadFile","C:\WINDOWS\SYSTEM32\SHELL32.DLL","SUCCESS","Offset: 2,153,984, Length: 16,384, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O"
  137. 20:39:05.5372441","about1.exe","2116","ReadFile","C:\WINDOWS\SYSTEM32\COMDLG32.DLL","SUCCESS","Offset: 197,632, Length: 3,584, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O"
  138. 20:39:05.5494272","about1.exe","2116","ReadFile","C:\WINDOWS\SYSTEM32\MSVCP60.DLL","SUCCESS","Offset: 389,120, Length: 8,192, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O"
  139. 20:39:05.5645180","about1.exe","2116","ReadFile","C:\WINDOWS\SYSTEM32\OLE32.DLL","SUCCESS","Offset: 1,201,152, Length: 12,288, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O"
  140. 20:39:05.5797098","about1.exe","2116","ReadFile","C:\WINDOWS\SYSTEM32\OLEAUT32.DLL","SUCCESS","Offset: 520,704, Length: 8,192, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O"
  141. 20:39:05.5952051","about1.exe","2116","ReadFile","C:\WINDOWS\SYSTEM32\NETAPI32.DLL","SUCCESS","Offset: 315,392, Length: 10,240, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O"
  142. 20:39:05.6054905","about1.exe","2116","ReadFile","C:\WINDOWS\SYSTEM32\WS2HELP.DLL","SUCCESS","Offset: 16,896, Length: 512, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O"
  143. 20:39:05.6144056","about1.exe","2116","ReadFile","C:\WINDOWS\SYSTEM32\WS2_32.DLL","SUCCESS","Offset: 75,264, Length: 2,560, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O"
  144. 20:39:05.6145419","about1.exe","2116","ReadFile","C:\WINDOWS\SYSTEM32\RASMAN.DLL","SUCCESS","Offset: 56,832, Length: 512, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O"
  145. 20:39:05.6227723","about1.exe","2116","ReadFile","C:\WINDOWS\SYSTEM32\RTUTILS.DLL","SUCCESS","Offset: 39,936, Length: 512, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O"
  146. 20:39:05.6265208","about1.exe","2116","ReadFile","C:\WINDOWS\SYSTEM32\WINMM.DLL","SUCCESS","Offset: 127,488, Length: 5,120, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O"
  147. 20:39:05.6371473","about1.exe","2116","ReadFile","C:\WINDOWS\SYSTEM32\TAPI32.DLL","SUCCESS","Offset: 170,496, Length: 1,536, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O"
  148. 20:39:05.6621843","about1.exe","2116","ReadFile","C:\WINDOWS\SYSTEM32\RASAPI32.DLL","SUCCESS","Offset: 221,184, Length: 1,024, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O"
  149. 20:39:05.6623703","about1.exe","2116","ReadFile","C:\WINDOWS\SYSTEM32\SETUPAPI.DLL","SUCCESS","Offset: 513,024, Length: 6,144, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O"
  150. 20:39:05.6699666","about1.exe","2116","ReadFile","C:\WINDOWS\SYSTEM32\WINSPOOL.DRV","SUCCESS","Offset: 132,096, Length: 6,144, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O"
  151. 20:39:05.6803966","about1.exe","2116","CreateFile","C:\WINDOWS\system32\imm32.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
  152. 20:39:05.6805796","about1.exe","2116","QueryBasicInformationFile","C:\WINDOWS\system32\imm32.dll","SUCCESS","CreationTime: 2008/08/20 12:00:00, LastAccessTime: 2013/01/26 0:00:00, LastWriteTime: 2008/08/20 12:00:00, ChangeTime: 1601/01/01 9:00:00, FileAttributes: A"
  153. 20:39:05.6807478","about1.exe","2116","CloseFile","C:\WINDOWS\system32\imm32.dll","SUCCESS",""
  154. 20:39:05.6809928","about1.exe","2116","CreateFile","C:\WINDOWS\system32\imm32.dll","SUCCESS","Desired Access: Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
  155. 20:39:05.6811741","about1.exe","2116","CreateFileMapping","C:\WINDOWS\system32\imm32.dll","SUCCESS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE"
  156. 20:39:05.6811892","about1.exe","2116","QueryStandardInformationFile","C:\WINDOWS\system32\IMM32.DLL","SUCCESS","AllocationSize: 114,688, EndOfFile: 110,080, NumberOfLinks: 1, DeletePending: False, Directory: False"
  157. 20:39:05.6813688","about1.exe","2116","CreateFileMapping","C:\WINDOWS\system32\imm32.dll","SUCCESS","SyncType: SyncTypeOther"
  158. 20:39:05.6815499","about1.exe","2116","CloseFile","C:\WINDOWS\system32\imm32.dll","SUCCESS",""
  159. 20:39:05.6815853","about1.exe","2116","ReadFile","C:\WINDOWS\system32\IMM32.DLL","SUCCESS","Offset: 0, Length: 32,768, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O"
  160. 20:39:05.6980796","about1.exe","2116","CreateFile","C:\WINDOWS\system32\imm32.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
  161. 20:39:05.6982542","about1.exe","2116","QueryBasicInformationFile","C:\WINDOWS\system32\imm32.dll","SUCCESS","CreationTime: 2008/08/20 12:00:00, LastAccessTime: 2013/01/26 0:00:00, LastWriteTime: 2008/08/20 12:00:00, ChangeTime: 1601/01/01 9:00:00, FileAttributes: A"
  162. 20:39:05.6984207","about1.exe","2116","CloseFile","C:\WINDOWS\system32\imm32.dll","SUCCESS",""
  163. 20:39:05.6986590","about1.exe","2116","CreateFile","C:\WINDOWS\system32\imm32.dll","SUCCESS","Desired Access: Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
  164. 20:39:05.6988381","about1.exe","2116","CreateFileMapping","C:\WINDOWS\system32\imm32.dll","SUCCESS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE"
  165. 20:39:05.6988512","about1.exe","2116","QueryStandardInformationFile","C:\WINDOWS\system32\IMM32.DLL","SUCCESS","AllocationSize: 114,688, EndOfFile: 110,080, NumberOfLinks: 1, DeletePending: False, Directory: False"
  166. 20:39:05.6988744","about1.exe","2116","CreateFileMapping","C:\WINDOWS\system32\IMM32.DLL","SUCCESS","SyncType: SyncTypeOther"
  167. 20:39:05.6990538","about1.exe","2116","CloseFile","C:\WINDOWS\system32\imm32.dll","SUCCESS",""
  168. 20:39:05.6995024","about1.exe","2116","CreateFile","C:\WINDOWS\system32\imm32.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
  169. 20:39:05.6996759","about1.exe","2116","QueryBasicInformationFile","C:\WINDOWS\system32\imm32.dll","SUCCESS","CreationTime: 2008/08/20 12:00:00, LastAccessTime: 2013/01/26 0:00:00, LastWriteTime: 2008/08/20 12:00:00, ChangeTime: 1601/01/01 9:00:00, FileAttributes: A"
  170. 20:39:05.6998430","about1.exe","2116","CloseFile","C:\WINDOWS\system32\imm32.dll","SUCCESS",""
  171. 20:39:05.7000866","about1.exe","2116","CreateFile","C:\WINDOWS\system32\imm32.dll","SUCCESS","Desired Access: Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
  172. 20:39:05.7002763","about1.exe","2116","CreateFileMapping","C:\WINDOWS\system32\imm32.dll","SUCCESS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE"
  173. 20:39:05.7003291","about1.exe","2116","CreateFileMapping","C:\WINDOWS\SYSTEM32\IMM32.DLL","SUCCESS","SyncType: SyncTypeOther"
  174. 20:39:05.7005143","about1.exe","2116","CloseFile","C:\WINDOWS\system32\imm32.dll","SUCCESS",""
  175. 20:39:05.7008956","about1.exe","2116","ReadFile","C:\WINDOWS\SYSTEM32\IMM32.DLL","SUCCESS","Offset: 86,016, Length: 512, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O"
  176. 20:39:05.7047511","about1.exe","2116","CreateFile","C:\WINDOWS\system32\imm32.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
  177. 20:39:05.7049243","about1.exe","2116","QueryBasicInformationFile","C:\WINDOWS\system32\imm32.dll","SUCCESS","CreationTime: 2008/08/20 12:00:00, LastAccessTime: 2013/01/26 0:00:00, LastWriteTime: 2008/08/20 12:00:00, ChangeTime: 1601/01/01 9:00:00, FileAttributes: A"
  178. 20:39:05.7050903","about1.exe","2116","CloseFile","C:\WINDOWS\system32\imm32.dll","SUCCESS",""
  179. 20:39:05.7068296","about1.exe","2116","CreateFile","C:\WINDOWS\system32\imm32.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
  180. 20:39:05.7070037","about1.exe","2116","QueryBasicInformationFile","C:\WINDOWS\system32\imm32.dll","SUCCESS","CreationTime: 2008/08/20 12:00:00, LastAccessTime: 2013/01/26 0:00:00, LastWriteTime: 2008/08/20 12:00:00, ChangeTime: 1601/01/01 9:00:00, FileAttributes: A"
  181. 20:39:05.7077834","about1.exe","2116","CloseFile","C:\WINDOWS\system32\imm32.dll","SUCCESS",""
  182. 20:39:05.7091182","about1.exe","2116","CreateFile","C:\Documents and Settings\rik\繝・せ繧ッ繝医ャ繝予LPK.DLL","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
  183. 20:39:05.7095897","about1.exe","2116","CreateFile","C:\WINDOWS\system32\lpk.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
  184. 20:39:05.7097889","about1.exe","2116","QueryBasicInformationFile","C:\WINDOWS\system32\lpk.dll","SUCCESS","CreationTime: 2008/08/20 12:00:00, LastAccessTime: 2013/01/26 0:00:00, LastWriteTime: 2008/08/20 12:00:00, ChangeTime: 1601/01/01 9:00:00, FileAttributes: A"
  185. 20:39:05.7099767","about1.exe","2116","CloseFile","C:\WINDOWS\system32\lpk.dll","SUCCESS",""
  186. 20:39:05.7102370","about1.exe","2116","CreateFile","C:\WINDOWS\system32\lpk.dll","SUCCESS","Desired Access: Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
  187. 20:39:05.7104385","about1.exe","2116","CreateFileMapping","C:\WINDOWS\system32\lpk.dll","SUCCESS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE"
  188. 20:39:05.7104653","about1.exe","2116","CreateFileMapping","C:\WINDOWS\SYSTEM32\LPK.DLL","SUCCESS","SyncType: SyncTypeOther"
  189. 20:39:05.7106687","about1.exe","2116","CloseFile","C:\WINDOWS\system32\lpk.dll","SUCCESS",""
  190. 20:39:05.7112651","about1.exe","2116","CreateFile","C:\Documents and Settings\rik\繝・せ繧ッ繝医ャ繝予USP10.dll","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
  191. 20:39:05.7117733","about1.exe","2116","CreateFile","C:\WINDOWS\system32\usp10.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
  192. 20:39:05.7141940","about1.exe","2116","QueryBasicInformationFile","C:\WINDOWS\system32\usp10.dll","SUCCESS","CreationTime: 2008/08/20 12:00:00, LastAccessTime: 2013/01/26 0:00:00, LastWriteTime: 2008/08/20 12:00:00, ChangeTime: 1601/01/01 9:00:00, FileAttributes: A"
  193. 20:39:05.7144018","about1.exe","2116","CloseFile","C:\WINDOWS\system32\usp10.dll","SUCCESS",""
  194. 20:39:05.7146803","about1.exe","2116","CreateFile","C:\WINDOWS\system32\usp10.dll","SUCCESS","Desired Access: Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
  195. 20:39:05.7157204","about1.exe","2116","CreateFileMapping","C:\WINDOWS\system32\usp10.dll","SUCCESS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE"
  196. 20:39:05.7157467","about1.exe","2116","CreateFileMapping","C:\WINDOWS\SYSTEM32\USP10.DLL","SUCCESS","SyncType: SyncTypeOther"
  197. 20:39:05.7162694","about1.exe","2116","CloseFile","C:\WINDOWS\system32\usp10.dll","SUCCESS",""
  198. 20:39:05.7176578","about1.exe","2116","ReadFile","C:\WINDOWS\SYSTEM32\USP10.DLL","SUCCESS","Offset: 306,688, Length: 12,800, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O"
  199. 20:39:05.7368452","about1.exe","2116","ReadFile","C:\WINDOWS\SYSTEM32\LPK.DLL","SUCCESS","Offset: 19,456, Length: 512, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O"
  200. 20:39:05.7546410","about1.exe","2116","CreateFile","C:\WINDOWS\system32\comctl32.dll","SUCCESS","Desired Access: Generic Read/Execute, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, AllocationSize: n/a, OpenResult: Opened"
  201. 20:39:05.7548824","about1.exe","2116","CreateFileMapping","C:\WINDOWS\system32\comctl32.dll","SUCCESS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_READONLY"
  202. 20:39:05.7549016","about1.exe","2116","QueryStandardInformationFile","C:\WINDOWS\system32\COMCTL32.dll","SUCCESS","AllocationSize: 622,592, EndOfFile: 617,472, NumberOfLinks: 1, DeletePending: False, Directory: False"
  203. 20:39:05.7549335","about1.exe","2116","CreateFileMapping","C:\WINDOWS\SYSTEM32\COMCTL32.DLL","SUCCESS","SyncType: SyncTypeOther"
  204. 20:39:05.7551553","about1.exe","2116","CreateFile","C:\WINDOWS\system32\COMCTL32.dll.124.Manifest","NAME NOT FOUND","Desired Access: Generic Read/Execute, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, AllocationSize: n/a"
  205. 20:39:05.7558509","about1.exe","2116","CreateFile","C:\WINDOWS\system32\COMCTL32.dll.124.Config","NAME NOT FOUND","Desired Access: Generic Read/Execute, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, AllocationSize: n/a"
  206. 20:39:05.7586382","about1.exe","2116","CloseFile","C:\WINDOWS\system32\comctl32.dll","SUCCESS",""
  207. 20:39:05.7618685","about1.exe","2116","ReadFile","C:\WINDOWS\SYSTEM32\MSVCRT.DLL","SUCCESS","Offset: 328,192, Length: 2,048, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O"
  208. 20:39:05.8138513","about1.exe","2116","ReadFile","C:\WINDOWS\SYSTEM32\SHELL32.DLL","SUCCESS","Offset: 2,170,368, Length: 8,192, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O"
  209. 20:39:05.8235688","about1.exe","2116","CreateFile","C:\WINDOWS\system32\shell32.dll","SUCCESS","Desired Access: Generic Read/Execute, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, AllocationSize: n/a, OpenResult: Opened"
  210. 20:39:05.8238012","about1.exe","2116","CreateFileMapping","C:\WINDOWS\system32\shell32.dll","SUCCESS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_READONLY"
  211. 20:39:05.8238193","about1.exe","2116","QueryStandardInformationFile","C:\WINDOWS\system32\SHELL32.dll","SUCCESS","AllocationSize: 8,372,224, EndOfFile: 8,367,104, NumberOfLinks: 1, DeletePending: False, Directory: False"
  212. 20:39:05.8238501","about1.exe","2116","CreateFileMapping","C:\WINDOWS\system32\shell32.dll","SUCCESS","SyncType: SyncTypeOther"
  213. 20:39:05.8240674","about1.exe","2116","CreateFile","C:\WINDOWS\system32\SHELL32.dll.124.Manifest","NAME NOT FOUND","Desired Access: Generic Read/Execute, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, AllocationSize: n/a"
  214. 20:39:05.8244518","about1.exe","2116","CreateFile","C:\WINDOWS\system32\SHELL32.dll.124.Config","NAME NOT FOUND","Desired Access: Generic Read/Execute, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, AllocationSize: n/a"
  215. 20:39:05.8491972","about1.exe","2116","CloseFile","C:\WINDOWS\system32\shell32.dll","SUCCESS",""
  216. 20:39:05.8533038","about1.exe","2116","CreateFile","C:\Documents and Settings\rik\繝・せ繧ッ繝医ャ繝予about1.exe.Local","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
  217. 20:39:05.8536919","about1.exe","2116","CreateFile","C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
  218. 20:39:05.8538363","about1.exe","2116","QueryBasicInformationFile","C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83","SUCCESS","CreationTime: 2012/10/07 18:19:17, LastAccessTime: 2013/01/26 0:00:00, LastWriteTime: 2012/10/07 18:19:18, ChangeTime: 1601/01/01 9:00:00, FileAttributes: D"
  219. 20:39:05.8539648","about1.exe","2116","CloseFile","C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83","SUCCESS",""
  220. 20:39:05.8541757","about1.exe","2116","CreateFile","C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83","SUCCESS","Desired Access: Execute/Traverse, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
  221. 20:39:05.8544545","about1.exe","2116","CreateFile","C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll","SUCCESS","Desired Access: Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
  222. 20:39:05.8546618","about1.exe","2116","CreateFileMapping","C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll","SUCCESS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE"
  223. 20:39:05.8546814","about1.exe","2116","QueryStandardInformationFile","C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll","SUCCESS","AllocationSize: 1,064,960, EndOfFile: 1,054,208, NumberOfLinks: 1, DeletePending: False, Directory: False"
  224. 20:39:05.8548792","about1.exe","2116","CreateFileMapping","C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll","SUCCESS","SyncType: SyncTypeOther"
  225. 20:39:05.8550803","about1.exe","2116","CloseFile","C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll","SUCCESS",""
  226. 20:39:05.8551311","about1.exe","2116","ReadFile","C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll","SUCCESS","Offset: 0, Length: 32,768, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O"
  227. 20:39:05.8713919","about1.exe","2116","CreateFile","C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll","SUCCESS","Desired Access: Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
  228. 20:39:05.8715978","about1.exe","2116","CreateFileMapping","C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll","SUCCESS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE"
  229. 20:39:05.8716729","about1.exe","2116","CreateFileMapping","C:\WINDOWS\WINSXS\X86_MICROSOFT.WINDOWS.COMMON-CONTROLS_6595B64144CCF1DF_6.0.2600.5512_X-WW_35D4CE83\COMCTL32.DLL","SUCCESS","SyncType: SyncTypeOther"
  230. 20:39:05.8718766","about1.exe","2116","CloseFile","C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll","SUCCESS",""
  231. 20:39:05.8725294","about1.exe","2116","ReadFile","C:\WINDOWS\WINSXS\X86_MICROSOFT.WINDOWS.COMMON-CONTROLS_6595B64144CCF1DF_6.0.2600.5512_X-WW_35D4CE83\COMCTL32.DLL","SUCCESS","Offset: 1,024, Length: 4,096, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O"
  232. 20:39:05.8730764","about1.exe","2116","ReadFile","C:\WINDOWS\WINSXS\X86_MICROSOFT.WINDOWS.COMMON-CONTROLS_6595B64144CCF1DF_6.0.2600.5512_X-WW_35D4CE83\COMCTL32.DLL","SUCCESS","Offset: 593,920, Length: 1,536, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O"
  233. 20:39:05.8849481","about1.exe","2116","CreateFile","C:\WINDOWS\WindowsShell.Manifest","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
  234. 20:39:05.8850858","about1.exe","2116","QueryBasicInformationFile","C:\WINDOWS\WindowsShell.Manifest","SUCCESS","CreationTime: 2012/10/07 18:40:07, LastAccessTime: 2013/01/26 0:00:00, LastWriteTime: 2012/10/07 18:40:08, ChangeTime: 1601/01/01 9:00:00, FileAttributes: RHA"
  235. 20:39:05.8851593","about1.exe","2116","CloseFile","C:\WINDOWS\WindowsShell.Manifest","SUCCESS",""
  236. 20:39:05.8853244","about1.exe","2116","CreateFile","C:\WINDOWS\WindowsShell.Manifest","SUCCESS","Desired Access: Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
  237. 20:39:05.8854166","about1.exe","2116","CreateFileMapping","C:\WINDOWS\WindowsShell.Manifest","SUCCESS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE"
  238. 20:39:05.8854495","about1.exe","2116","QueryStandardInformationFile","C:\WINDOWS\WindowsShell.Manifest","SUCCESS","AllocationSize: 16,384, EndOfFile: 749, NumberOfLinks: 1, DeletePending: False, Directory: False"
  239. 20:39:05.8855515","about1.exe","2116","CreateFileMapping","C:\WINDOWS\WindowsShell.Manifest","SUCCESS","SyncType: SyncTypeOther"
  240. 20:39:05.8856420","about1.exe","2116","CloseFile","C:\WINDOWS\WindowsShell.Manifest","SUCCESS",""
  241. 20:39:05.8856839","about1.exe","2116","ReadFile","C:\WINDOWS\WindowsShell.Manifest","SUCCESS","Offset: 0, Length: 749, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O"
  242. 20:39:05.9167563","about1.exe","2116","CreateFile","C:\WINDOWS\WindowsShell.Manifest","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
  243. 20:39:05.9168412","about1.exe","2116","QueryBasicInformationFile","C:\WINDOWS\WindowsShell.Manifest","SUCCESS","CreationTime: 2012/10/07 18:40:07, LastAccessTime: 2013/01/26 0:00:00, LastWriteTime: 2012/10/07 18:40:08, ChangeTime: 1601/01/01 9:00:00, FileAttributes: RHA"
  244. 20:39:05.9169150","about1.exe","2116","CloseFile","C:\WINDOWS\WindowsShell.Manifest","SUCCESS",""
  245. 20:39:05.9170815","about1.exe","2116","CreateFile","C:\WINDOWS\WindowsShell.Manifest","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
  246. 20:39:05.9171737","about1.exe","2116","CreateFileMapping","C:\WINDOWS\WindowsShell.Manifest","SUCCESS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_READONLY"
  247. 20:39:05.9171913","about1.exe","2116","QueryStandardInformationFile","C:\WINDOWS\WindowsShell.Manifest","SUCCESS","AllocationSize: 16,384, EndOfFile: 749, NumberOfLinks: 1, DeletePending: False, Directory: False"
  248. 20:39:05.9172214","about1.exe","2116","CreateFileMapping","C:\WINDOWS\WindowsShell.Manifest","SUCCESS","SyncType: SyncTypeOther"
  249. 20:39:05.9173133","about1.exe","2116","CloseFile","C:\WINDOWS\WindowsShell.Manifest","SUCCESS",""
  250. 20:39:05.9175044","about1.exe","2116","CreateFile","C:\WINDOWS\WindowsShell.Manifest","SUCCESS","Desired Access: Generic Read/Execute, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, AllocationSize: n/a, OpenResult: Opened"
  251. 20:39:05.9177718","about1.exe","2116","CreateFileMapping","C:\WINDOWS\WindowsShell.Manifest","SUCCESS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_READONLY"
  252. 20:39:05.9177905","about1.exe","2116","QueryStandardInformationFile","C:\WINDOWS\WindowsShell.Manifest","SUCCESS","AllocationSize: 16,384, EndOfFile: 749, NumberOfLinks: 1, DeletePending: False, Directory: False"
  253. 20:39:05.9178196","about1.exe","2116","CreateFileMapping","C:\WINDOWS\WindowsShell.Manifest","SUCCESS","SyncType: SyncTypeOther"
  254. 20:39:05.9179268","about1.exe","2116","QueryStandardInformationFile","C:\WINDOWS\WindowsShell.Manifest","SUCCESS","AllocationSize: 16,384, EndOfFile: 749, NumberOfLinks: 1, DeletePending: False, Directory: False"
  255. 20:39:05.9180520","about1.exe","2116","CreateFile","C:\WINDOWS\WindowsShell.Config","NAME NOT FOUND","Desired Access: Generic Read/Execute, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, AllocationSize: n/a"
  256. 20:39:06.0253586","about1.exe","2116","CloseFile","C:\WINDOWS\WindowsShell.Manifest","SUCCESS",""
  257. 20:39:06.0312641","about1.exe","2116","SetEndOfFileInformationFile","C:\WINDOWS\system32\config\software.LOG","SUCCESS","EndOfFile: 8,192"
  258. 20:39:06.0315340","about1.exe","2116","SetEndOfFileInformationFile","C:\WINDOWS\system32\config\software.LOG","SUCCESS","EndOfFile: 8,192"
  259. 20:39:06.0334465","about1.exe","2116","ReadFile","C:\WINDOWS\system32\oleacc.dll","SUCCESS","Offset: 130,560, Length: 3,584, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O"
  260. 20:39:06.0558178","about1.exe","2116","CreateFile","C:\Documents and Settings\rik\繝・せ繧ッ繝医ャ繝予OLEACCRC.DLL","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
  261. 20:39:06.0563277","about1.exe","2116","CreateFile","C:\WINDOWS\system32\oleaccrc.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
  262. 20:39:06.0565822","about1.exe","2116","QueryBasicInformationFile","C:\WINDOWS\system32\oleaccrc.dll","SUCCESS","CreationTime: 2008/08/20 12:00:00, LastAccessTime: 2012/10/07 0:00:00, LastWriteTime: 2008/08/20 12:00:00, ChangeTime: 1601/01/01 9:00:00, FileAttributes: A"
  263. 20:39:06.0567758","about1.exe","2116","CloseFile","C:\WINDOWS\system32\oleaccrc.dll","SUCCESS",""
  264. 20:39:06.0570644","about1.exe","2116","CreateFile","C:\WINDOWS\system32\oleaccrc.dll","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
  265. 20:39:06.0572806","about1.exe","2116","CreateFileMapping","C:\WINDOWS\system32\oleaccrc.dll","SUCCESS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_READONLY"
  266. 20:39:06.0573147","about1.exe","2116","QueryStandardInformationFile","C:\WINDOWS\system32\OLEACCRC.DLL","SUCCESS","AllocationSize: 32,768, EndOfFile: 16,896, NumberOfLinks: 1, DeletePending: False, Directory: False"
  267. 20:39:06.0575390","about1.exe","2116","CreateFileMapping","C:\WINDOWS\system32\oleaccrc.dll","SUCCESS","SyncType: SyncTypeOther"
  268. 20:39:06.0577496","about1.exe","2116","CloseFile","C:\WINDOWS\system32\oleaccrc.dll","SUCCESS",""
  269. 20:39:06.0577952","about1.exe","2116","ReadFile","C:\WINDOWS\system32\OLEACCRC.DLL","SUCCESS","Offset: 0, Length: 16,896, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O"
  270. 20:39:06.0601547","about1.exe","2116","CreateFile","C:\WINDOWS\system32\tapi32.dll","SUCCESS","Desired Access: Generic Read/Execute, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, AllocationSize: n/a, OpenResult: Opened"
  271. 20:39:06.0603930","about1.exe","2116","CreateFileMapping","C:\WINDOWS\system32\tapi32.dll","SUCCESS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_READONLY"
  272. 20:39:06.0604106","about1.exe","2116","QueryStandardInformationFile","C:\WINDOWS\system32\TAPI32.dll","SUCCESS","AllocationSize: 196,608, EndOfFile: 181,760, NumberOfLinks: 1, DeletePending: False, Directory: False"
  273. 20:39:06.0604402","about1.exe","2116","CreateFileMapping","C:\WINDOWS\System32\TAPI32.dll","SUCCESS","SyncType: SyncTypeOther"
  274. 20:39:06.0606486","about1.exe","2116","CreateFile","C:\WINDOWS\system32\TAPI32.dll.124.Manifest","NAME NOT FOUND","Desired Access: Generic Read/Execute, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, AllocationSize: n/a"
  275. 20:39:06.0610213","about1.exe","2116","CreateFile","C:\WINDOWS\system32\TAPI32.dll.124.Config","NAME NOT FOUND","Desired Access: Generic Read/Execute, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, AllocationSize: n/a"
  276. 20:39:06.0855501","about1.exe","2116","CloseFile","C:\WINDOWS\system32\tapi32.dll","SUCCESS",""
  277. 20:39:06.0862178","about1.exe","2116","CreateFile","C:\Documents and Settings\rik\繝・せ繧ッ繝医ャ繝予about1.exe.Local","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
  278. 20:39:06.0866055","about1.exe","2116","CreateFile","C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
  279. 20:39:06.0867494","about1.exe","2116","QueryBasicInformationFile","C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83","SUCCESS","CreationTime: 2012/10/07 18:19:17, LastAccessTime: 2013/01/26 0:00:00, LastWriteTime: 2012/10/07 18:19:18, ChangeTime: 1601/01/01 9:00:00, FileAttributes: D"
  280. 20:39:06.0926817","about1.exe","2116","CloseFile","C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83","SUCCESS",""
  281. 20:39:06.0928991","about1.exe","2116","CreateFile","C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83","SUCCESS","Desired Access: Execute/Traverse, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
  282. 20:39:06.0943990","about1.exe","2116","CreateFile","C:\WINDOWS","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
  283. 20:39:06.0944797","about1.exe","2116","QueryBasicInformationFile","C:\WINDOWS","SUCCESS","CreationTime: 2012/10/07 18:03:56, LastAccessTime: 2012/10/07 0:00:00, LastWriteTime: 2012/10/07 18:03:58, ChangeTime: 1601/01/01 9:00:00, FileAttributes: D"
  284. 20:39:06.0945524","about1.exe","2116","CloseFile","C:\WINDOWS","SUCCESS",""
  285. 20:39:06.0950510","about1.exe","2116","ReadFile","C:\Documents and Settings\rik\繝・せ繧ッ繝医ャ繝予about1.exe","SUCCESS","Offset: 66,560, Length: 29,696, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O"
  286. 20:39:06.1052981","about1.exe","2116","ReadFile","C:\Documents and Settings\rik\繝・せ繧ッ繝医ャ繝予about1.exe","SUCCESS","Offset: 1,024, Length: 32,768, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O"
  287. 20:39:06.1288830","about1.exe","2116","ReadFile","C:\Documents and Settings\rik\繝・せ繧ッ繝医ャ繝予about1.exe","SUCCESS","Offset: 33,792, Length: 32,768, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O"
  288. 20:39:06.6773594","about1.exe","2116","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
  289. 20:39:06.6774094","about1.exe","2116","QueryNameInformationFile","C:\","SUCCESS","Name: \"
  290. 20:39:06.6774393","about1.exe","2116","QueryInformationVolume","C:\","SUCCESS","VolumeCreationTime: 1601/01/01 9:00:00, VolumeSerialNumber: 9455-E50D, SupportsObjects: False, VolumeLabel: "
  291. 20:39:06.6774664","about1.exe","2116","CloseFile","C:\","SUCCESS",""
  292. 20:39:06.6782229","about1.exe","2116","CreateFile","C:\Documents and Settings\rik\Application Data","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
  293. 20:39:06.6782975","about1.exe","2116","QueryBasicInformationFile","C:\Documents and Settings\rik\Application Data","SUCCESS","CreationTime: 2012/10/07 18:49:52, LastAccessTime: 2012/10/07 0:00:00, LastWriteTime: 2012/10/07 18:19:58, ChangeTime: 1601/01/01 9:00:00, FileAttributes: RHD"
  294. 20:39:06.6783604","about1.exe","2116","CloseFile","C:\Documents and Settings\rik\Application Data","SUCCESS",""
  295. 20:39:06.6785869","about1.exe","2116","CreateFile","C:\Documents and Settings\rik\Application Data\KB00777165.exe","NAME NOT FOUND","Desired Access: Write Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
  296. 20:39:06.6787747","about1.exe","2116","CreateFile","C:\Documents and Settings\rik\繝・せ繧ッ繝医ャ繝予about1.exe","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Sequential Access, Synchronous IO Non-Alert, Non-Directory File, Open Reparse Point, Attributes: n/a, ShareMode: Read, AllocationSize: n/a, OpenResult: Opened"
  297. 20:39:06.6789015","about1.exe","2116","QueryAttributeTagFile","C:\Documents and Settings\rik\繝・せ繧ッ繝医ャ繝予about1.exe","INVALID PARAMETER",""
  298. 20:39:06.6790121","about1.exe","2116","QueryStandardInformationFile","C:\Documents and Settings\rik\繝・せ繧ッ繝医ャ繝予about1.exe","SUCCESS","AllocationSize: 98,304, EndOfFile: 98,304, NumberOfLinks: 1, DeletePending: False, Directory: False"
  299. 20:39:06.6791155","about1.exe","2116","QueryBasicInformationFile","C:\Documents and Settings\rik\繝・せ繧ッ繝医ャ繝予about1.exe","SUCCESS","CreationTime: 2013/01/26 20:31:08, LastAccessTime: 2013/01/26 0:00:00, LastWriteTime: 2013/01/26 18:42:16, ChangeTime: 1601/01/01 9:00:00, FileAttributes: A"
  300. 20:39:06.6792345","about1.exe","2116","QueryStreamInformationFile","C:\Documents and Settings\rik\繝・せ繧ッ繝医ャ繝予about1.exe","INVALID PARAMETER",""
  301. 20:39:06.6793594","about1.exe","2116","QueryBasicInformationFile","C:\Documents and Settings\rik\繝・せ繧ッ繝医ャ繝予about1.exe","SUCCESS","CreationTime: 2013/01/26 20:31:08, LastAccessTime: 2013/01/26 0:00:00, LastWriteTime: 2013/01/26 18:42:16, ChangeTime: 1601/01/01 9:00:00, FileAttributes: A"
  302. 20:39:06.6794689","about1.exe","2116","QueryEaInformationFile","C:\Documents and Settings\rik\繝・せ繧ッ繝医ャ繝予about1.exe","SUCCESS","EaSize: 0"
  303. 20:39:06.6795820","about1.exe","2116","CreateFile","C:\Documents and Settings\rik\Application Data\KB00777165.exe","SUCCESS","Desired Access: Generic Write, Read Attributes, Delete, Disposition: OverwriteIf, Options: Sequential Access, Synchronous IO Non-Alert, Non-Directory File, Attributes: A, ShareMode: None, AllocationSize: 0, OpenResult: Created"
  304. 20:39:06.6796843","about1.exe","2116","CreateFile","C:\Documents and Settings\rik\Application Data","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Open For Backup, Attributes: N, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
  305. 20:39:06.6797625","about1.exe","2116","CloseFile","C:\Documents and Settings\rik\Application Data","SUCCESS",""
  306. 20:39:06.6799977","about1.exe","2116","QueryAttributeInformationVolume","C:\Documents and Settings\rik\Application Data\KB00777165.exe","SUCCESS","FileSystemAttributes: Case Preserved, Unicode, MaximumComponentNameLength: 255, FileSystemName: FAT32"
  307. 20:39:06.6800690","about1.exe","2116","QueryBasicInformationFile","C:\Documents and Settings\rik\Application Data\KB00777165.exe","SUCCESS","CreationTime: 2013/01/26 20:39:06, LastAccessTime: 2013/01/26 0:00:00, LastWriteTime: 2013/01/26 20:39:08, ChangeTime: 1601/01/01 9:00:00, FileAttributes: A"
  308. 20:39:06.6801757","about1.exe","2116","QueryAttributeInformationVolume","C:\Documents and Settings\rik\繝・せ繧ッ繝医ャ繝予about1.exe","SUCCESS","FileSystemAttributes: Case Preserved, Unicode, MaximumComponentNameLength: 255, FileSystemName: FAT32"
  309. 20:39:06.6802522","about1.exe","2116","SetEndOfFileInformationFile","C:\Documents and Settings\rik\Application Data\KB00777165.exe","SUCCESS","EndOfFile: 98,304"
  310. 20:39:06.6804075","about1.exe","2116","CreateFileMapping","C:\Documents and Settings\rik\繝・せ繧ッ繝医ャ繝予about1.exe","SUCCESS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_READONLY"
  311. 20:39:06.6804223","about1.exe","2116","QueryStandardInformationFile","C:\Documents and Settings\rik\繝・せ繧ッ繝医ャ繝予about1.exe","SUCCESS","AllocationSize: 98,304, EndOfFile: 98,304, NumberOfLinks: 1, DeletePending: False, Directory: False"
  312. 20:39:06.6804469","about1.exe","2116","CreateFileMapping","C:\Documents and Settings\rik\繝・せ繧ッ繝医ャ繝予about1.exe","SUCCESS","SyncType: SyncTypeOther"
  313. 20:39:06.6805330","about1.exe","2116","WriteFile","C:\Documents and Settings\rik\Application Data\KB00777165.exe","SUCCESS","Offset: 0, Length: 65,536"
  314. 20:39:06.6807059","about1.exe","2116","ReadFile","C:\Documents and Settings\rik\繝・せ繧ッ繝医ャ繝予about1.exe","SUCCESS","Offset: 32,768, Length: 32,768, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O"
  315. 20:39:06.7774699","about1.exe","2116","WriteFile","C:\Documents and Settings\rik\Application Data\KB00777165.exe","SUCCESS","Offset: 65,536, Length: 32,768"
  316. 20:39:06.7776679","about1.exe","2116","SetBasicInformationFile","C:\Documents and Settings\rik\Application Data\KB00777165.exe","SUCCESS","CreationTime: 1601/01/01 9:00:00, LastAccessTime: 1601/01/01 9:00:00, LastWriteTime: 2013/01/26 18:42:16, ChangeTime: 1601/01/01 9:00:00, FileAttributes: n/a"
  317. 20:39:06.7778074","about1.exe","2116","CloseFile","C:\Documents and Settings\rik\繝・せ繧ッ繝医ャ繝予about1.exe","SUCCESS",""
  318. 20:39:06.7778998","about1.exe","2116","CloseFile","C:\Documents and Settings\rik\Application Data\KB00777165.exe","SUCCESS",""
  319. 20:39:06.7782004","about1.exe","2116","CreateFile","C:\Documents and Settings\rik\Local Settings\Temp","NAME COLLISION","Desired Access: Read Data/List Directory, Synchronize, Disposition: Create, Options: Directory, Synchronous IO Non-Alert, Attributes: N, ShareMode: Read, Write, AllocationSize: 0"
  320. 20:39:06.7793134","about1.exe","2116","CreateFile","C:\Documents and Settings\rik\Local Settings\Temp","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
  321. 20:39:06.7795294","about1.exe","2116","QueryBasicInformationFile","C:\Documents and Settings\rik\Local Settings\Temp","SUCCESS","CreationTime: 2012/10/07 18:49:52, LastAccessTime: 2013/01/26 0:00:00, LastWriteTime: 2012/10/07 18:19:58, ChangeTime: 1601/01/01 9:00:00, FileAttributes: D"
  322. 20:39:06.7797475","about1.exe","2116","CloseFile","C:\Documents and Settings\rik\Local Settings\Temp","SUCCESS",""
  323. 20:39:06.7800076","about1.exe","2116","CreateFile","C:\Documents and Settings\rik\Local Settings\Temp\exp2.tmp","SUCCESS","Desired Access: Generic Read, Disposition: Create, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: None, AllocationSize: 0, OpenResult: Created"
  324. 20:39:06.7802607","about1.exe","2116","CloseFile","C:\Documents and Settings\rik\Local Settings\Temp\exp2.tmp","SUCCESS",""
  325. 20:39:06.7805636","about1.exe","2116","CreateFile","C:\Documents and Settings\rik\Local Settings\Temp\exp2.tmp.bat","SUCCESS","Desired Access: Generic Write, Read Attributes, Disposition: OverwriteIf, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: H, ShareMode: Read, AllocationSize: 0, OpenResult: Created"
  326. 20:39:06.7807032","about1.exe","2116","CreateFile","C:\Documents and Settings\rik\Local Settings\Temp","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Open For Backup, Attributes: N, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
  327. 20:39:06.7808186","about1.exe","2116","CloseFile","C:\Documents and Settings\rik\Local Settings\Temp","SUCCESS",""
  328. 20:39:06.7809740","about1.exe","2116","ReadFile","C:\WINDOWS\SYSTEM32\SHLWAPI.DLL","SUCCESS","Offset: 267,264, Length: 32,768, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O"
  329. 20:39:06.8435646","about1.exe","2116","WriteFile","C:\Documents and Settings\rik\Local Settings\Temp\exp2.tmp.bat","SUCCESS","Offset: 0, Length: 217"
  330. 20:39:06.8438459","about1.exe","2116","CloseFile","C:\Documents and Settings\rik\Local Settings\Temp\exp2.tmp.bat","SUCCESS",""
  331. 20:39:06.8444055","about1.exe","2116","CreateFile","C:\WINDOWS\system32\cmd.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
  332. 20:39:06.8446379","about1.exe","2116","QueryBasicInformationFile","C:\WINDOWS\system32\cmd.exe","SUCCESS","CreationTime: 2008/08/20 12:00:00, LastAccessTime: 2013/01/21 0:00:00, LastWriteTime: 2008/08/20 12:00:00, ChangeTime: 1601/01/01 9:00:00, FileAttributes: A"
  333. 20:39:06.8448078","about1.exe","2116","CloseFile","C:\WINDOWS\system32\cmd.exe","SUCCESS",""
  334. 20:39:06.8452503","about1.exe","2116","CreateFile","C:\WINDOWS\system32\cmd.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
  335. 20:39:06.8454294","about1.exe","2116","QueryBasicInformationFile","C:\WINDOWS\system32\cmd.exe","SUCCESS","CreationTime: 2008/08/20 12:00:00, LastAccessTime: 2013/01/21 0:00:00, LastWriteTime: 2008/08/20 12:00:00, ChangeTime: 1601/01/01 9:00:00, FileAttributes: A"
  336. 20:39:06.8455986","about1.exe","2116","CloseFile","C:\WINDOWS\system32\cmd.exe","SUCCESS",""
  337. 20:39:06.8458562","about1.exe","2116","CreateFile","C:\WINDOWS\system32\cmd.exe","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
  338. 20:39:06.8460406","about1.exe","2116","CreateFileMapping","C:\WINDOWS\system32\cmd.exe","SUCCESS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE"
  339. 20:39:06.8460683","about1.exe","2116","QueryStandardInformationFile","C:\WINDOWS\system32\cmd.exe","SUCCESS","AllocationSize: 491,520, EndOfFile: 486,400, NumberOfLinks: 1, DeletePending: False, Directory: False"
  340. 20:39:06.8460931","about1.exe","2116","CreateFileMapping","C:\WINDOWS\system32\cmd.exe","SUCCESS","SyncType: SyncTypeOther"
  341. 20:39:06.8461169","about1.exe","2116","ReadFile","C:\WINDOWS\system32\cmd.exe","SUCCESS","Offset: 0, Length: 4,096, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O"
  342. 20:39:06.8596974","about1.exe","2116","CreateFileMapping","C:\WINDOWS\system32\cmd.exe","SUCCESS","SyncType: SyncTypeOther"
  343. 20:39:06.8603217","about1.exe","2116","CreateFile","C:\WINDOWS\system32\apphelp.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
  344. 20:39:06.8604975","about1.exe","2116","QueryBasicInformationFile","C:\WINDOWS\system32\apphelp.dll","SUCCESS","CreationTime: 2008/08/20 12:00:00, LastAccessTime: 2013/01/26 0:00:00, LastWriteTime: 2008/08/20 12:00:00, ChangeTime: 1601/01/01 9:00:00, FileAttributes: A"
  345. 20:39:06.8606629","about1.exe","2116","CloseFile","C:\WINDOWS\system32\apphelp.dll","SUCCESS",""
  346. 20:39:06.8609028","about1.exe","2116","CreateFile","C:\WINDOWS\system32\apphelp.dll","SUCCESS","Desired Access: Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
  347. 20:39:06.8610808","about1.exe","2116","CreateFileMapping","C:\WINDOWS\system32\apphelp.dll","SUCCESS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE"
  348. 20:39:06.8610939","about1.exe","2116","QueryStandardInformationFile","C:\WINDOWS\system32\Apphelp.dll","SUCCESS","AllocationSize: 131,072, EndOfFile: 125,952, NumberOfLinks: 1, DeletePending: False, Directory: False"
  349. 20:39:06.8612710","about1.exe","2116","CreateFileMapping","C:\WINDOWS\system32\apphelp.dll","SUCCESS","SyncType: SyncTypeOther"
  350. 20:39:06.8614501","about1.exe","2116","CloseFile","C:\WINDOWS\system32\apphelp.dll","SUCCESS",""
  351. 20:39:06.8614831","about1.exe","2116","ReadFile","C:\WINDOWS\system32\Apphelp.dll","SUCCESS","Offset: 0, Length: 32,768, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O"
  352. 20:39:06.8682105","about1.exe","2116","CreateFile","C:\WINDOWS\system32\apphelp.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
  353. 20:39:06.8683837","about1.exe","2116","QueryBasicInformationFile","C:\WINDOWS\system32\apphelp.dll","SUCCESS","CreationTime: 2008/08/20 12:00:00, LastAccessTime: 2013/01/26 0:00:00, LastWriteTime: 2008/08/20 12:00:00, ChangeTime: 1601/01/01 9:00:00, FileAttributes: A"
  354. 20:39:06.8685488","about1.exe","2116","CloseFile","C:\WINDOWS\system32\apphelp.dll","SUCCESS",""
  355. 20:39:06.8687860","about1.exe","2116","CreateFile","C:\WINDOWS\system32\apphelp.dll","SUCCESS","Desired Access: Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
  356. 20:39:06.8689625","about1.exe","2116","CreateFileMapping","C:\WINDOWS\system32\apphelp.dll","SUCCESS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE"
  357. 20:39:06.8690153","about1.exe","2116","CreateFileMapping","C:\WINDOWS\SYSTEM32\APPHELP.DLL","SUCCESS","SyncType: SyncTypeOther"
  358. 20:39:06.8691963","about1.exe","2116","CloseFile","C:\WINDOWS\system32\apphelp.dll","SUCCESS",""
  359. 20:39:06.8695098","about1.exe","2116","ReadFile","C:\WINDOWS\SYSTEM32\APPHELP.DLL","SUCCESS","Offset: 117,248, Length: 2,560, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O"
  360. 20:39:06.8718928","about1.exe","2116","CreateFile","C:\WINDOWS\AppPatch\sysmain.sdb","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, AllocationSize: n/a, OpenResult: Opened"
  361. 20:39:06.8720422","about1.exe","2116","QueryStandardInformationFile","C:\WINDOWS\AppPatch\sysmain.sdb","SUCCESS","AllocationSize: 1,212,416, EndOfFile: 1,202,774, NumberOfLinks: 1, DeletePending: False, Directory: False"
  362. 20:39:06.8725364","about1.exe","2116","CreateFileMapping","C:\WINDOWS\AppPatch\sysmain.sdb","SUCCESS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_READONLY"
  363. 20:39:06.8725501","about1.exe","2116","QueryStandardInformationFile","C:\WINDOWS\AppPatch\sysmain.sdb","SUCCESS","AllocationSize: 1,212,416, EndOfFile: 1,202,774, NumberOfLinks: 1, DeletePending: False, Directory: False"
  364. 20:39:06.8725736","about1.exe","2116","CreateFileMapping","C:\WINDOWS\AppPatch\sysmain.sdb","SUCCESS","SyncType: SyncTypeOther"
  365. 20:39:06.8727278","about1.exe","2116","QueryStandardInformationFile","C:\WINDOWS\AppPatch\sysmain.sdb","SUCCESS","AllocationSize: 1,212,416, EndOfFile: 1,202,774, NumberOfLinks: 1, DeletePending: False, Directory: False"
  366. 20:39:06.8729507","about1.exe","2116","CreateFile","C:\WINDOWS\AppPatch\systest.sdb","NAME NOT FOUND","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, AllocationSize: n/a"
  367. 20:39:06.8731999","about1.exe","2116","CreateFile","C:\WINDOWS\system32","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
  368. 20:39:06.8733066","about1.exe","2116","QueryDirectory","C:\WINDOWS\system32\cmd.exe","SUCCESS","Filter: cmd.exe, 1: cmd.exe"
  369. 20:39:06.8734611","about1.exe","2116","CloseFile","C:\WINDOWS\system32","SUCCESS",""
  370. 20:39:06.8739092","about1.exe","2116","CreateFile","C:\WINDOWS\system32\cmd.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
  371. 20:39:06.8740869","about1.exe","2116","QueryBasicInformationFile","C:\WINDOWS\system32\cmd.exe","SUCCESS","CreationTime: 2008/08/20 12:00:00, LastAccessTime: 2013/01/21 0:00:00, LastWriteTime: 2008/08/20 12:00:00, ChangeTime: 1601/01/01 9:00:00, FileAttributes: A"
  372. 20:39:06.8742582","about1.exe","2116","CloseFile","C:\WINDOWS\system32\cmd.exe","SUCCESS",""
  373. 20:39:06.8766705","about1.exe","2116","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
  374. 20:39:06.8766979","about1.exe","2116","QueryDirectory","C:\WINDOWS","SUCCESS","Filter: WINDOWS, 1: WINDOWS"
  375. 20:39:06.8767361","about1.exe","2116","CloseFile","C:\","SUCCESS",""
  376. 20:39:06.8776868","about1.exe","2116","CreateFile","C:\WINDOWS","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
  377. 20:39:06.8777547","about1.exe","2116","QueryDirectory","C:\WINDOWS\system32","SUCCESS","Filter: system32, 1: system32"
  378. 20:39:06.8778326","about1.exe","2116","CloseFile","C:\WINDOWS","SUCCESS",""
  379. 20:39:06.8786026","about1.exe","2116","CreateFile","C:\WINDOWS\system32","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
  380. 20:39:06.8787065","about1.exe","2116","QueryDirectory","C:\WINDOWS\system32\cmd.exe","SUCCESS","Filter: cmd.exe, 1: cmd.exe"
  381. 20:39:06.8799066","about1.exe","2116","CloseFile","C:\WINDOWS\system32","SUCCESS",""
  382. 20:39:06.8801394","about1.exe","2116","ReadFile","C:\WINDOWS\AppPatch\sysmain.sdb","SUCCESS","Offset: 143,360, Length: 32,768, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O"
  383. 20:39:06.8972385","about1.exe","2116","ReadFile","C:\WINDOWS\AppPatch\sysmain.sdb","SUCCESS","Offset: 589,824, Length: 32,768, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O"
  384. 20:39:06.9082686","about1.exe","2116","ReadFile","C:\WINDOWS\AppPatch\sysmain.sdb","SUCCESS","Offset: 815,104, Length: 32,768, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O"
  385. 20:39:06.9154964","about1.exe","2116","ReadFile","C:\WINDOWS\AppPatch\sysmain.sdb","SUCCESS","Offset: 745,472, Length: 32,768, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O"
  386. 20:39:06.9164384","about1.exe","2116","CreateFile","C:\WINDOWS\system32\cmd.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
  387. 20:39:06.9166194","about1.exe","2116","QueryBasicInformationFile","C:\WINDOWS\system32\cmd.exe","SUCCESS","CreationTime: 2008/08/20 12:00:00, LastAccessTime: 2013/01/21 0:00:00, LastWriteTime: 2008/08/20 12:00:00, ChangeTime: 1601/01/01 9:00:00, FileAttributes: A"
  388. 20:39:06.9167904","about1.exe","2116","CloseFile","C:\WINDOWS\system32\cmd.exe","SUCCESS",""
  389. 20:39:06.9171913","about1.exe","2116","ReadFile","C:\WINDOWS\SYSTEM32\VERSION.DLL","SUCCESS","Offset: 15,872, Length: 512, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O"
  390. 20:39:06.9293188","about1.exe","2116","CreateFile","C:\WINDOWS\system32\cmd.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
  391. 20:39:06.9294965","about1.exe","2116","QueryBasicInformationFile","C:\WINDOWS\system32\cmd.exe","SUCCESS","CreationTime: 2008/08/20 12:00:00, LastAccessTime: 2013/01/21 0:00:00, LastWriteTime: 2008/08/20 12:00:00, ChangeTime: 1601/01/01 9:00:00, FileAttributes: A"
  392. 20:39:06.9296666","about1.exe","2116","CloseFile","C:\WINDOWS\system32\cmd.exe","SUCCESS",""
  393. 20:39:06.9299085","about1.exe","2116","CreateFile","C:\WINDOWS\system32\cmd.exe","SUCCESS","Desired Access: Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
  394. 20:39:06.9300932","about1.exe","2116","CreateFileMapping","C:\WINDOWS\system32\cmd.exe","SUCCESS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE"
  395. 20:39:06.9301074","about1.exe","2116","QueryStandardInformationFile","C:\WINDOWS\system32\cmd.exe","SUCCESS","AllocationSize: 491,520, EndOfFile: 486,400, NumberOfLinks: 1, DeletePending: False, Directory: False"
  396. 20:39:06.9302899","about1.exe","2116","CreateFileMapping","C:\WINDOWS\system32\cmd.exe","SUCCESS","SyncType: SyncTypeOther"
  397. 20:39:06.9304737","about1.exe","2116","CloseFile","C:\WINDOWS\system32\cmd.exe","SUCCESS",""
  398. 20:39:06.9305332","about1.exe","2116","ReadFile","C:\WINDOWS\system32\cmd.exe","SUCCESS","Offset: 0, Length: 32,768, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O"
  399. 20:39:06.9314654","about1.exe","2116","CreateFile","C:\WINDOWS\system32\cmd.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
  400. 20:39:06.9316414","about1.exe","2116","QueryBasicInformationFile","C:\WINDOWS\system32\cmd.exe","SUCCESS","CreationTime: 2008/08/20 12:00:00, LastAccessTime: 2013/01/26 0:00:00, LastWriteTime: 2008/08/20 12:00:00, ChangeTime: 1601/01/01 9:00:00, FileAttributes: A"
  401. 20:39:06.9318107","about1.exe","2116","CloseFile","C:\WINDOWS\system32\cmd.exe","SUCCESS",""
  402. 20:39:06.9320529","about1.exe","2116","CreateFile","C:\WINDOWS\system32\cmd.exe","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
  403. 20:39:06.9322351","about1.exe","2116","CreateFileMapping","C:\WINDOWS\system32\cmd.exe","SUCCESS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_READONLY"
  404. 20:39:06.9322482","about1.exe","2116","QueryStandardInformationFile","C:\WINDOWS\system32\cmd.exe","SUCCESS","AllocationSize: 491,520, EndOfFile: 486,400, NumberOfLinks: 1, DeletePending: False, Directory: False"
  405. 20:39:06.9322711","about1.exe","2116","CreateFileMapping","C:\WINDOWS\system32\cmd.exe","SUCCESS","SyncType: SyncTypeOther"
  406. 20:39:06.9324547","about1.exe","2116","CloseFile","C:\WINDOWS\system32\cmd.exe","SUCCESS",""
  407. 20:39:06.9325460","about1.exe","2116","ReadFile","C:\WINDOWS\system32\cmd.exe","SUCCESS","Offset: 245,760, Length: 32,768, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O"
  408. 20:39:06.9432306","about1.exe","2116","ReadFile","C:\WINDOWS\system32\cmd.exe","SUCCESS","Offset: 454,656, Length: 31,744, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O"
  409. 20:39:06.9541001","about1.exe","2116","CreateFile","C:\WINDOWS\system32\cmd.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
  410. 20:39:06.9542773","about1.exe","2116","QueryBasicInformationFile","C:\WINDOWS\system32\cmd.exe","SUCCESS","CreationTime: 2008/08/20 12:00:00, LastAccessTime: 2013/01/26 0:00:00, LastWriteTime: 2008/08/20 12:00:00, ChangeTime: 1601/01/01 9:00:00, FileAttributes: A"
  411. 20:39:06.9544471","about1.exe","2116","CloseFile","C:\WINDOWS\system32\cmd.exe","SUCCESS",""
  412. 20:39:06.9546896","about1.exe","2116","CreateFile","C:\WINDOWS\system32\cmd.exe","SUCCESS","Desired Access: Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
  413. 20:39:06.9548712","about1.exe","2116","CreateFileMapping","C:\WINDOWS\system32\cmd.exe","SUCCESS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE"
  414. 20:39:06.9548849","about1.exe","2116","QueryStandardInformationFile","C:\WINDOWS\system32\cmd.exe","SUCCESS","AllocationSize: 491,520, EndOfFile: 486,400, NumberOfLinks: 1, DeletePending: False, Directory: False"
  415. 20:39:06.9549086","about1.exe","2116","CreateFileMapping","C:\WINDOWS\system32\cmd.exe","SUCCESS","SyncType: SyncTypeOther"
  416. 20:39:06.9550919","about1.exe","2116","CloseFile","C:\WINDOWS\system32\cmd.exe","SUCCESS",""
  417. 20:39:06.9555596","about1.exe","2116","CreateFile","C:\WINDOWS\system32\cmd.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
  418. 20:39:06.9557367","about1.exe","2116","QueryBasicInformationFile","C:\WINDOWS\system32\cmd.exe","SUCCESS","CreationTime: 2008/08/20 12:00:00, LastAccessTime: 2013/01/26 0:00:00, LastWriteTime: 2008/08/20 12:00:00, ChangeTime: 1601/01/01 9:00:00, FileAttributes: A"
  419. 20:39:06.9559060","about1.exe","2116","CloseFile","C:\WINDOWS\system32\cmd.exe","SUCCESS",""
  420. 20:39:06.9561476","about1.exe","2116","CreateFile","C:\WINDOWS\system32\cmd.exe","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
  421. 20:39:06.9563292","about1.exe","2116","CreateFileMapping","C:\WINDOWS\system32\cmd.exe","SUCCESS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_READONLY"
  422. 20:39:06.9563423","about1.exe","2116","QueryStandardInformationFile","C:\WINDOWS\system32\cmd.exe","SUCCESS","AllocationSize: 491,520, EndOfFile: 486,400, NumberOfLinks: 1, DeletePending: False, Directory: False"
  423. 20:39:06.9563652","about1.exe","2116","CreateFileMapping","C:\WINDOWS\system32\cmd.exe","SUCCESS","SyncType: SyncTypeOther"
  424. 20:39:06.9565482","about1.exe","2116","CloseFile","C:\WINDOWS\system32\cmd.exe","SUCCESS",""
  425. 20:39:06.9574553","about1.exe","2116","CreateFile","C:\WINDOWS\system32\cmd.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
  426. 20:39:06.9576322","about1.exe","2116","QueryBasicInformationFile","C:\WINDOWS\system32\cmd.exe","SUCCESS","CreationTime: 2008/08/20 12:00:00, LastAccessTime: 2013/01/26 0:00:00, LastWriteTime: 2008/08/20 12:00:00, ChangeTime: 1601/01/01 9:00:00, FileAttributes: A"
  427. 20:39:06.9578020","about1.exe","2116","CloseFile","C:\WINDOWS\system32\cmd.exe","SUCCESS",""
  428. 20:39:06.9578551","about1.exe","2116","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
  429. 20:39:06.9578830","about1.exe","2116","QueryDirectory","C:\WINDOWS","SUCCESS","Filter: WINDOWS, 1: WINDOWS"
  430. 20:39:06.9579227","about1.exe","2116","CloseFile","C:\","SUCCESS",""
  431. 20:39:06.9580481","about1.exe","2116","CreateFile","C:\WINDOWS","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
  432. 20:39:06.9581160","about1.exe","2116","QueryDirectory","C:\WINDOWS\system32","SUCCESS","Filter: system32, 1: system32"
  433. 20:39:06.9581934","about1.exe","2116","CloseFile","C:\WINDOWS","SUCCESS",""
  434. 20:39:06.9583566","about1.exe","2116","CreateFile","C:\WINDOWS\system32","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
  435. 20:39:06.9584610","about1.exe","2116","QueryDirectory","C:\WINDOWS\system32\cmd.exe","SUCCESS","Filter: cmd.exe, 1: cmd.exe"
  436. 20:39:06.9586136","about1.exe","2116","CloseFile","C:\WINDOWS\system32","SUCCESS",""
  437. 20:39:06.9588332","about1.exe","2116","CloseFile","C:\WINDOWS\AppPatch\sysmain.sdb","SUCCESS",""
  438. 20:39:06.9609384","about1.exe","2116","QueryNameInformationFile","C:\WINDOWS\system32\cmd.exe","SUCCESS","Name: \WINDOWS\System32\cmd.exe"
  439. 20:39:06.9613723","about1.exe","2116","CreateFile","C:\WINDOWS\system32\cmd.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
  440. 20:39:06.9615505","about1.exe","2116","QueryBasicInformationFile","C:\WINDOWS\system32\cmd.exe","SUCCESS","CreationTime: 2008/08/20 12:00:00, LastAccessTime: 2013/01/26 0:00:00, LastWriteTime: 2008/08/20 12:00:00, ChangeTime: 1601/01/01 9:00:00, FileAttributes: A"
  441. 20:39:06.9617209","about1.exe","2116","CloseFile","C:\WINDOWS\system32\cmd.exe","SUCCESS",""
  442. 20:39:06.9617740","about1.exe","2116","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
  443. 20:39:06.9618022","about1.exe","2116","QueryDirectory","C:\WINDOWS","SUCCESS","Filter: WINDOWS, 1: WINDOWS"
  444. 20:39:06.9618394","about1.exe","2116","CloseFile","C:\","SUCCESS",""
  445. 20:39:06.9619657","about1.exe","2116","CreateFile","C:\WINDOWS","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
  446. 20:39:06.9620338","about1.exe","2116","QueryDirectory","C:\WINDOWS\System32","SUCCESS","Filter: System32, 1: system32"
  447. 20:39:06.9621121","about1.exe","2116","CloseFile","C:\WINDOWS","SUCCESS",""
  448. 20:39:06.9622800","about1.exe","2116","CreateFile","C:\WINDOWS\system32","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
  449. 20:39:06.9623853","about1.exe","2116","QueryDirectory","C:\WINDOWS\system32\cmd.exe","SUCCESS","Filter: cmd.exe, 1: cmd.exe"
  450. 20:39:06.9625387","about1.exe","2116","CloseFile","C:\WINDOWS\system32","SUCCESS",""
  451. 20:39:06.9654938","about1.exe","2116","QueryStandardInformationFile","C:\WINDOWS\system32\cmd.exe","SUCCESS","AllocationSize: 491,520, EndOfFile: 486,400, NumberOfLinks: 1, DeletePending: False, Directory: False"
  452. 20:39:06.9656664","about1.exe","2116","CreateFileMapping","C:\WINDOWS\system32\cmd.exe","SUCCESS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_READONLY"
  453. 20:39:06.9656798","about1.exe","2116","QueryStandardInformationFile","C:\WINDOWS\system32\cmd.exe","SUCCESS","AllocationSize: 491,520, EndOfFile: 486,400, NumberOfLinks: 1, DeletePending: False, Directory: False"
  454. 20:39:06.9657036","about1.exe","2116","CreateFileMapping","C:\WINDOWS\system32\cmd.exe","SUCCESS","SyncType: SyncTypeOther"
  455. 20:39:06.9667029","about1.exe","2116","ReadFile","C:\WINDOWS\system32\cmd.exe","SUCCESS","Offset: 99,328, Length: 30,720, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O"
  456. 20:39:06.9794243","about1.exe","2116","CreateFile","C:\WINDOWS\system32\cmd.exe.Manifest","NAME NOT FOUND","Desired Access: Generic Read/Execute, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, AllocationSize: n/a"
  457. 20:39:06.9796090","about1.exe","2116","ReadFile","C:\WINDOWS\system32\cmd.exe","SUCCESS","Offset: 247,296, Length: 16,384, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O"
  458. 20:39:06.9803202","about1.exe","2116","CloseFile","C:\WINDOWS\system32\cmd.exe","SUCCESS",""
  459. 20:39:06.9804641","about1.exe","2116","CreateFile","C:\Documents and Settings\rik\Application Data\KB00777165.exe","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
  460. 20:39:06.9846945","about1.exe","2116","CreateFileMapping","C:\Documents and Settings\rik\Application Data\KB00777165.exe","SUCCESS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE"
  461. 20:39:06.9847082","about1.exe","2116","QueryStandardInformationFile","C:\Documents and Settings\rik\Application Data\KB00777165.exe","SUCCESS","AllocationSize: 98,304, EndOfFile: 98,304, NumberOfLinks: 1, DeletePending: False, Directory: False"
  462. 20:39:06.9847214","about1.exe","2116","CreateFileMapping","C:\Documents and Settings\rik\Application Data\KB00777165.exe","SUCCESS","SyncType: SyncTypeOther"
  463. 20:39:06.9848454","about1.exe","2116","CreateFileMapping","C:\Documents and Settings\rik\Application Data\KB00777165.exe","SUCCESS","SyncType: SyncTypeOther"
  464. 20:39:06.9857648","about1.exe","2116","CreateFile","C:\WINDOWS\AppPatch\sysmain.sdb","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, AllocationSize: n/a, OpenResult: Opened"
  465. 20:39:06.9859115","about1.exe","2116","QueryStandardInformationFile","C:\WINDOWS\AppPatch\sysmain.sdb","SUCCESS","AllocationSize: 1,212,416, EndOfFile: 1,202,774, NumberOfLinks: 1, DeletePending: False, Directory: False"
  466. 20:39:06.9860472","about1.exe","2116","CreateFileMapping","C:\WINDOWS\AppPatch\sysmain.sdb","SUCCESS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_READONLY"
  467. 20:39:06.9860604","about1.exe","2116","QueryStandardInformationFile","C:\WINDOWS\AppPatch\sysmain.sdb","SUCCESS","AllocationSize: 1,212,416, EndOfFile: 1,202,774, NumberOfLinks: 1, DeletePending: False, Directory: False"
  468. 20:39:06.9860835","about1.exe","2116","CreateFileMapping","C:\WINDOWS\AppPatch\sysmain.sdb","SUCCESS","SyncType: SyncTypeOther"
  469. 20:39:06.9862350","about1.exe","2116","QueryStandardInformationFile","C:\WINDOWS\AppPatch\sysmain.sdb","SUCCESS","AllocationSize: 1,212,416, EndOfFile: 1,202,774, NumberOfLinks: 1, DeletePending: False, Directory: False"
  470. 20:39:06.9870191","about1.exe","2116","CreateFile","C:\WINDOWS\AppPatch\systest.sdb","NAME NOT FOUND","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, AllocationSize: n/a"
  471. 20:39:06.9872264","about1.exe","2116","CreateFile","C:\Documents and Settings\rik\Application Data","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
  472. 20:39:06.9873005","about1.exe","2116","QueryDirectory","C:\Documents and Settings\rik\Application Data\KB00777165.exe","SUCCESS","Filter: KB00777165.exe, 1: KB00777165.exe"
  473. 20:39:06.9883942","about1.exe","2116","CloseFile","C:\Documents and Settings\rik\Application Data","SUCCESS",""
  474. 20:39:06.9886277","about1.exe","2116","CreateFile","C:\Documents and Settings\rik\Application Data\KB00777165.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
  475. 20:39:06.9892904","about1.exe","2116","QueryBasicInformationFile","C:\Documents and Settings\rik\Application Data\KB00777165.exe","SUCCESS","CreationTime: 2013/01/26 20:39:06, LastAccessTime: 2013/01/26 0:00:00, LastWriteTime: 2013/01/26 18:42:16, ChangeTime: 1601/01/01 9:00:00, FileAttributes: A"
  476. 20:39:06.9893518","about1.exe","2116","CloseFile","C:\Documents and Settings\rik\Application Data\KB00777165.exe","SUCCESS",""
  477. 20:39:06.9894426","about1.exe","2116","CreateFile","C:\Documents and Settings","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
  478. 20:39:06.9901732","about1.exe","2116","QueryDirectory","C:\Documents and Settings\rik","SUCCESS","Filter: rik, 1: rik"
  479. 20:39:06.9902137","about1.exe","2116","CloseFile","C:\Documents and Settings","SUCCESS",""
  480. 20:39:06.9913666","about1.exe","2116","CreateFile","C:\Documents and Settings\rik\Application Data\KB00777165.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
  481. 20:39:06.9914370","about1.exe","2116","QueryBasicInformationFile","C:\Documents and Settings\rik\Application Data\KB00777165.exe","SUCCESS","CreationTime: 2013/01/26 20:39:06, LastAccessTime: 2013/01/26 0:00:00, LastWriteTime: 2013/01/26 18:42:16, ChangeTime: 1601/01/01 9:00:00, FileAttributes: A"
  482. 20:39:06.9914988","about1.exe","2116","CloseFile","C:\Documents and Settings\rik\Application Data\KB00777165.exe","SUCCESS",""
  483. 20:39:06.9923771","about1.exe","2116","CreateFile","C:\Documents and Settings","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
  484. 20:39:06.9924084","about1.exe","2116","QueryDirectory","C:\Documents and Settings\rik","SUCCESS","Filter: rik, 1: rik"
  485. 20:39:06.9924483","about1.exe","2116","CloseFile","C:\Documents and Settings","SUCCESS",""
  486. 20:39:06.9933076","about1.exe","2116","QueryBasicInformationFile","C:\Documents and Settings\rik\Application Data\KB00777165.exe","SUCCESS","CreationTime: 2013/01/26 20:39:06, LastAccessTime: 2013/01/26 0:00:00, LastWriteTime: 2013/01/26 18:42:16, ChangeTime: 1601/01/01 9:00:00, FileAttributes: A"
  487. 20:39:06.9933697","about1.exe","2116","QueryStandardInformationFile","C:\Documents and Settings\rik\Application Data\KB00777165.exe","SUCCESS","AllocationSize: 98,304, EndOfFile: 98,304, NumberOfLinks: 1, DeletePending: False, Directory: False"
  488. 20:39:06.9935353","about1.exe","2116","CloseFile","C:\WINDOWS\AppPatch\sysmain.sdb","SUCCESS",""
  489. 20:39:06.9944597","about1.exe","2116","QueryNameInformationFile","C:\Documents and Settings\rik\Application Data\KB00777165.exe","SUCCESS","Name: \Documents and Settings\RIK\Application Data\KB00777165.exe"
  490. 20:39:06.9954828","about1.exe","2116","CreateFile","C:\Documents and Settings\rik\Application Data\KB00777165.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
  491. 20:39:06.9955532","about1.exe","2116","QueryBasicInformationFile","C:\Documents and Settings\rik\Application Data\KB00777165.exe","SUCCESS","CreationTime: 2013/01/26 20:39:06, LastAccessTime: 2013/01/26 0:00:00, LastWriteTime: 2013/01/26 18:42:16, ChangeTime: 1601/01/01 9:00:00, FileAttributes: A"
  492. 20:39:06.9956149","about1.exe","2116","CloseFile","C:\Documents and Settings\rik\Application Data\KB00777165.exe","SUCCESS",""
  493. 20:39:06.9963530","about1.exe","2116","CreateFile","C:\Documents and Settings","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
  494. 20:39:06.9963837","about1.exe","2116","QueryDirectory","C:\Documents and Settings\RIK","SUCCESS","Filter: RIK, 1: rik"
  495. 20:39:06.9964245","about1.exe","2116","CloseFile","C:\Documents and Settings","SUCCESS",""
  496. 20:39:06.9978929","about1.exe","2116","QueryStandardInformationFile","C:\Documents and Settings\rik\Application Data\KB00777165.exe","SUCCESS","AllocationSize: 98,304, EndOfFile: 98,304, NumberOfLinks: 1, DeletePending: False, Directory: False"
  497. 20:39:06.9979571","about1.exe","2116","CreateFileMapping","C:\Documents and Settings\rik\Application Data\KB00777165.exe","SUCCESS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_READONLY"
  498. 20:39:06.9979702","about1.exe","2116","QueryStandardInformationFile","C:\Documents and Settings\rik\Application Data\KB00777165.exe","SUCCESS","AllocationSize: 98,304, EndOfFile: 98,304, NumberOfLinks: 1, DeletePending: False, Directory: False"
  499. 20:39:06.9979934","about1.exe","2116","CreateFileMapping","C:\Documents and Settings\rik\Application Data\KB00777165.exe","SUCCESS","SyncType: SyncTypeOther"
  500. 20:39:06.9983681","about1.exe","2116","CreateFile","C:\Documents and Settings\rik\Application Data\KB00777165.exe.Manifest","NAME NOT FOUND","Desired Access: Generic Read/Execute, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, AllocationSize: n/a"
  501. 20:39:06.9984572","about1.exe","2116","ReadFile","C:\Documents and Settings\rik\Application Data\KB00777165.exe","SUCCESS","Offset: 96,256, Length: 2,048, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O"
  502. 20:39:07.0196998","about1.exe","2116","CloseFile","C:\Documents and Settings\rik\Application Data\KB00777165.exe","SUCCESS",""
  503. 20:39:07.0210631","about1.exe","2116","CloseFile","C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83","SUCCESS",""
  504. 20:39:07.0221610","about1.exe","2116","ReadFile","C:\WINDOWS\SYSTEM32\MSVCP60.DLL","SUCCESS","Offset: 344,064, Length: 16,384, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O"
  505. 20:39:07.1199880","about1.exe","2116","CloseFile","C:\Documents and Settings\rik\繝・せ繧ッ繝医ャ繝・,"SUCCESS",""
  506. 20:39:07.1201414","about1.exe","2116","CloseFile","C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83","SUCCESS",""
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!