Софт-Портал

Msiexec.exe скачать

Рейтинг: 4.2/5.0 (241 проголосовавших)

Категория: Windows

Описание

Комп виснит - Форумы - обсуждение, помощь, проблема, не запускается, решение, ошибки

msiexec.exe комп виснит

23 декабря 2008 в 19:32 #

вот проверил через авз вот отчёт. Протокол антивирусной утилиты AVZ версии 4.30
Сканирование запущено в 23.12.2008 22:09:07
Загружена база: сигнатуры - 157571, нейропрофили - 2, микропрограммы лечения - 55, база от 06.04.2008 17:09
Загружены микропрограммы эвристики: 370
Загружены микропрограммы ИПУ: 9
Загружены цифровые подписи системных файлов: 70476
Режим эвристического анализатора: Средний уровень эвристики
Режим лечения: включено
Версия Windows: 5.1.2600, Service Pack 3 ; AVZ работает с правами администратора
Восстановление системы: Отключено
1. Поиск RootKit и программ, перехватывающих функции API
1.1 Поиск перехватчиков API, работающих в UserMode
Анализ kernel32.dll, таблица экспорта найдена в секции .text
Анализ ntdll.dll, таблица экспорта найдена в секции .text
Анализ user32.dll, таблица экспорта найдена в секции .text
Анализ advapi32.dll, таблица экспорта найдена в секции .text
Анализ ws2_32.dll, таблица экспорта найдена в секции .text
Анализ wininet.dll, таблица экспорта найдена в секции .text
Анализ rasapi32.dll, таблица экспорта найдена в секции .text
Анализ urlmon.dll, таблица экспорта найдена в секции .text
Анализ netapi32.dll, таблица экспорта найдена в секции .text
1.2 Поиск перехватчиков API, работающих в KernelMode
Драйвер успешно загружен
SDT найдена (RVA=08B520)
Ядро ntoskrnl.exe обнаружено в памяти по адресу 804D7000
SDT = 80562520
KiST = 804E48B0 (284)
Функция NtAdjustPrivilegesToken (0B) перехвачена (805E0787->B0877224), перехватчик C:\WINDOWS\system32\DRIVERS\klif.sys, драйвер опознан как безопасный
Функция NtClose (19) перехвачена (8056FA48->B08777F8), перехватчик C:\WINDOWS\system32\DRIVERS\klif.sys, драйвер опознан как безопасный
Функция NtConnectPort (1F) перехвачена (80585565->B0879234), перехватчик C:\WINDOWS\system32\DRIVERS\klif.sys, драйвер опознан как безопасный
Функция NtCreateFile (25) перехвачена (8057C328->B0878BE6), перехватчик C:\WINDOWS\system32\DRIVERS\klif.sys, драйвер опознан как безопасный
Функция NtCreateKey (29) перехвачена (8057791D->B087699A), перехватчик C:\WINDOWS\system32\DRIVERS\klif.sys, драйвер опознан как безопасный
Функция NtCreatePagingFile (2D) перехвачена (805B4823->F749AB00), перехватчик C:\WINDOWS\system32\Drivers\a347bus.sys, драйвер опознан как безопасный
Функция NtCreateSymbolicLinkObject (34) перехвачена (805E6E56->B087ABC6), перехватчик C:\WINDOWS\system32\DRIVERS\klif.sys, драйвер опознан как безопасный
Функция NtCreateThread (35) перехвачена (80586C45->B08775F8), перехватчик C:\WINDOWS\system32\DRIVERS\klif.sys, драйвер опознан как безопасный
Функция NtDeleteKey (3F) перехвачена (80593334->B0876DDC), перехватчик C:\WINDOWS\system32\DRIVERS\klif.sys, драйвер опознан как безопасный
Функция NtDeleteValueKey (41) перехвачена (80591F8B->B0876FDC), перехватчик C:\WINDOWS\system32\DRIVERS\klif.sys, драйвер опознан как безопасный
Функция NtDeviceIoControlFile (42) перехвачена (805889A8->B0878EF6), перехватчик C:\WINDOWS\system32\DRIVERS\klif.sys, драйвер опознан как безопасный
Функция NtDuplicateObject (44) перехвачена (80581216->B087B0CE), перехватчик C:\WINDOWS\system32\DRIVERS\klif.sys, драйвер опознан как безопасный
Функция NtEnumerateKey (47) перехвачена (80578E14->B08770F2), перехватчик C:\WINDOWS\system32\DRIVERS\klif.sys, драйвер опознан как безопасный
Функция NtEnumerateValueKey (49) перехвачена (80587693->B087715A), перехватчик C:\WINDOWS\system32\DRIVERS\klif.sys, драйвер опознан как безопасный
Функция NtFsControlFile (54) перехвачена (805803EB->B0878DA8), перехватчик C:\WINDOWS\system32\DRIVERS\klif.sys, драйвер опознан как безопасный
Функция NtLoadDriver (61) перехвачена (805A8F96->B087A66A), перехватчик C:\WINDOWS\system32\DRIVERS\klif.sys, драйвер опознан как безопасный
Функция NtOpenFile (74) перехвачена (8057C49C->B0878A42), перехватчик C:\WINDOWS\system32\DRIVERS\klif.sys, драйвер опознан как безопасный
Функция NtOpenKey (77) перехвачена (80572BF4->B0876AFC), перехватчик C:\WINDOWS\system32\DRIVERS\klif.sys, драйвер опознан как безопасный
Функция NtOpenProcess (7A) перехвачена (80581702->B08773FC), перехватчик C:\WINDOWS\system32\DRIVERS\klif.sys, драйвер опознан как безопасный
Функция NtOpenSection (7D) перехвачена (8057A8AD->B087ABF0), перехватчик C:\WINDOWS\system32\DRIVERS\klif.sys, драйвер опознан как безопасный
Функция NtOpenThread (80) перехвачена (805E1939->B0877348), перехватчик C:\WINDOWS\system32\DRIVERS\klif.sys, драйвер опознан как безопасный
Функция NtQueryKey (A0) перехвачена (80578A14->B08771C2), перехватчик C:\WINDOWS\system32\DRIVERS\klif.sys, драйвер опознан как безопасный
Функция NtQueryMultipleValueKey (A1) перехвачена (806556D8->B0876EC6), перехватчик C:\WINDOWS\system32\DRIVERS\klif.sys, драйвер опознан как безопасный
Функция NtQueryValueKey (B1) перехвачена (80573037->B0876CA4), перехватчик C:\WINDOWS\system32\DRIVERS\klif.sys, драйвер опознан как безопасный
Функция NtQueueApcThread (B4) перехвачена (805E3B8D->B087A8D2), перехватчик C:\WINDOWS\system32\DRIVERS\klif.sys, драйвер опознан как безопасный
Функция NtReplaceKey (C1) перехвачена (806564B2->B087661C), перехватчик C:\WINDOWS\system32\DRIVERS\klif.sys, драйвер опознан как безопасный
Функция NtRequestWaitReplyPort (C8) перехвачена (80579485->B0879ABE), перехватчик C:\WINDOWS\system32\DRIVERS\klif.sys, драйвер опознан как безопасный
Функция NtRestoreKey (CC) перехвачена (80656049->B087677E), перехватчик C:\WINDOWS\system32\DRIVERS\klif.sys, драйвер опознан как безопасный
Функция NtResumeThread (CE) перехвачена (805872BC->B087AFA0), перехватчик C:\WINDOWS\system32\DRIVERS\klif.sys, драйвер опознан как безопасный
Функция NtSaveKey (CF) перехвачена (8065614A->B087641A), перехватчик C:\WINDOWS\system32\DRIVERS\klif.sys, драйвер опознан как безопасный
Функция NtSecureConnectPort (D2) перехвачена (80590431->B08790D6), перехватчик C:\WINDOWS\system32\DRIVERS\klif.sys, драйвер опознан как безопасный
Функция NtSetContextThread (D5) перехвачена (80635947->B08776F6), перехватчик C:\WINDOWS\system32\DRIVERS\klif.sys, драйвер опознан как безопасный
Функция NtSetSecurityObject (ED) перехвачена (805D9CAC->B087A764), перехватчик C:\WINDOWS\system32\DRIVERS\klif.sys, драйвер опознан как безопасный
Функция NtSetSystemInformation (F0) перехвачена (805AABC8->B087AC1A), перехватчик C:\WINDOWS\system32\DRIVERS\klif.sys, драйвер опознан как безопасный
Функция NtSetSystemPowerState (F1) перехвачена (8066F0E7->F74A6550), перехватчик C:\WINDOWS\system32\Drivers\a347bus.sys, драйвер опознан как безопасный
Функция NtSetValueKey (F7) перехвачена (8058228C->B0876B52), перехватчик C:\WINDOWS\system32\DRIVERS\klif.sys, драйвер опознан как безопасный
Функция NtSuspendProcess (FD) перехвачена (806376DF->B087ACFE), перехватчик C:\WINDOWS\system32\DRIVERS\klif.sys, драйвер опознан как безопасный
Функция NtSuspendThread (FE) перехвачена (806375FB->B087AE2A), перехватчик C:\WINDOWS\system32\DRIVERS\klif.sys, драйвер опознан как безопасный
Функция NtSystemDebugControl (FF) перехвачена (80650D97->B087A596), перехватчик C:\WINDOWS\system32\DRIVERS\klif.sys, драйвер опознан как безопасный
Функция NtTerminateProcess (101) перехвачена (8058E695->B08774C8), перехватчик C:\WINDOWS\system32\DRIVERS\klif.sys, драйвер опознан как безопасный
Функция NtWriteVirtualMemory (115) перехвачена (805885C4->B087753A), перехватчик C:\WINDOWS\system32\DRIVERS\klif.sys, драйвер опознан как безопасный
Функция FsRtlCheckLockForReadAccess (804F4593) - модификация машинного кода. Метод JmpTo. jmp B088E874 \SystemRoot\system32\DRIVERS\klif.sys, драйвер опознан как безопасный
Функция IoAllocateIrp (804EAF9D) - модификация машинного кода. Метод не определен. внедрение с байта 15
Функция IoIsOperationSynchronous (804EAFAE) - модификация машинного кода. Метод JmpTo. jmp B088EC2E \SystemRoot\system32\DRIVERS\klif.sys, драйвер опознан как безопасный
Проверено функций: 284, перехвачено: 41, восстановлено: 0
1.3 Проверка IDT и SYSENTER
Анализ для процессора 1
Анализ для процессора 2
Проверка IDT и SYSENTER завершена
1.4 Поиск маскировки процессов и драйверов
Проверка не производится, так как не установлен драйвер мониторинга AVZPM
Драйвер успешно загружен
1.5 Проверка обработчиков IRP
\FileSystem\ntfs[IRP_MJ_CREATE] = 8A35A1F8 -> перехватчик не определен
\FileSystem\ntfs[IRP_MJ_CLOSE] = 8A35A1F8 -> перехватчик не определен
\FileSystem\ntfs[IRP_MJ_WRITE] = 8A35A1F8 -> перехватчик не определен
\FileSystem\ntfs[IRP_MJ_QUERY_INFORMATION] = 8A35A1F8 -> перехватчик не определен
\FileSystem\ntfs[IRP_MJ_SET_INFORMATION] = 8A35A1F8 -> перехватчик не определен
\FileSystem\ntfs[IRP_MJ_QUERY_EA] = 8A35A1F8 -> перехватчик не определен
\FileSystem\ntfs[IRP_MJ_SET_EA] = 8A35A1F8 -> перехватчик не определен
\FileSystem\ntfs[IRP_MJ_QUERY_VOLUME_INFORMATION] = 8A35A1F8 -> перехватчик не определен
\FileSystem\ntfs[IRP_MJ_SET_VOLUME_INFORMATION] = 8A35A1F8 -> перехватчик не определен
\FileSystem\ntfs[IRP_MJ_DIRECTORY_CONTROL] = 8A35A1F8 -> перехватчик не определен
\FileSystem\ntfs[IRP_MJ_FILE_SYSTEM_CONTROL] = 8A35A1F8 -> перехватчик не определен
\FileSystem\ntfs[IRP_MJ_DEVICE_CONTROL] = 8A35A1F8 -> перехватчик не определен
\FileSystem\ntfs[IRP_MJ_LOCK_CONTROL] = 8A35A1F8 -> перехватчик не определен
\FileSystem\ntfs[IRP_MJ_QUERY_SECURITY] = 8A35A1F8 -> перехватчик не определен
\FileSystem\ntfs[IRP_MJ_SET_SECURITY] = 8A35A1F8 -> перехватчик не определен
\FileSystem\ntfs[IRP_MJ_PNP] = 8A35A1F8 -> перехватчик не определен
\FileSystem\FastFat[IRP_MJ_CREATE] = 89E70500 -> перехватчик не определен
\FileSystem\FastFat[IRP_MJ_CLOSE] = 89E70500 -> перехватчик не определен
\FileSystem\FastFat[IRP_MJ_WRITE] = 89E70500 -> перехватчик не определен
\FileSystem\FastFat[IRP_MJ_QUERY_INFORMATION] = 89E70500 -> перехватчик не определен
\FileSystem\FastFat[IRP_MJ_SET_INFORMATION] = 89E70500 -> перехватчик не определен
\FileSystem\FastFat[IRP_MJ_QUERY_EA] = 89E70500 -> перехватчик не определен
\FileSystem\FastFat[IRP_MJ_SET_EA] = 89E70500 -> перехватчик не определен
\FileSystem\FastFat[IRP_MJ_QUERY_VOLUME_INFORMATION] = 89E70500 -> перехватчик не определен
\FileSystem\FastFat[IRP_MJ_SET_VOLUME_INFORMATION] = 89E70500 -> перехватчик не определен
\FileSystem\FastFat[IRP_MJ_DIRECTORY_CONTROL] = 89E70500 -> перехватчик не определен
\FileSystem\FastFat[IRP_MJ_FILE_SYSTEM_CONTROL] = 89E70500 -> перехватчик не определен
\FileSystem\FastFat[IRP_MJ_DEVICE_CONTROL] = 89E70500 -> перехватчик не определен
\FileSystem\FastFat[IRP_MJ_LOCK_CONTROL] = 89E70500 -> перехватчик не определен
\FileSystem\FastFat[IRP_MJ_PNP] = 89E70500 -> перехватчик не определен
Проверка завершена
2. Проверка памяти
Количество найденных процессов: 31
Количество загруженных модулей: 361
Проверка памяти завершена
3. Сканирование дисков
Прямое чтение C:\Documents and Settings\User\Local Settings\Temp\

DF1B2A.tmp
Прямое чтение C:\Documents and Settings\User\Local Settings\Temp\

DF3E5A.tmp
Прямое чтение C:\Documents and Settings\User\Local Settings\Temp\

DF66D1.tmp
Прямое чтение C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\L6PFSAMX\afe_results[1].htm
Прямое чтение C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\PISVZS75\HJTInstall[1].exe
Прямое чтение C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\PISVZS75\p6963[1].htm
C:\WINDOWS\Installer\a4e4a8.msi//\69 >>> подозрение на AdvWare.Win32.Vapsup.bsz ( 00489F1A 08CD5FC5 001C13F0 001FD6D9 81920)
C:\WINDOWS\Installer\a4e4a8.msi//\72 >>> подозрение на AdvWare.Win32.Vapsup.bsz ( 00489F1A 08CD5FC5 001C13F0 001FD6D9 81920)
C:\WINDOWS\Installer\a4e4a8.msi//\73 >>> подозрение на AdvWare.Win32.Vapsup.bsz ( 00489F1A 08CD5FC5 001C13F0 001FD6D9 81920)
C:\WINDOWS\Installer\\ACDSeeDesktopShortcu_AE80641A0C8D4670A518B4EC154B1027.exe >>> подозрение на AdvWare.Win32.Vapsup.bsz ( 00489F1A 08CD5FC5 001C13F0 001FD6D9 81920)
C:\WINDOWS\Installer\\ACDSeePMShortcut_AE80641A0C8D4670A518B4EC154B1027.exe >>> подозрение на AdvWare.Win32.Vapsup.bsz ( 00489F1A 08CD5FC5 001C13F0 001FD6D9 81920)
C:\WINDOWS\Installer\\ARPPRODUCTICON.exe >>> подозрение на AdvWare.Win32.Vapsup.bsz ( 00489F1A 08CD5FC5 001C13F0 001FD6D9 81920)
Прямое чтение C:\WINDOWS\system32\drivers\atapi.sys
Прямое чтение C:\WINDOWS\system32\drivers\sptd.sys
4. Проверка Winsock Layered Service Provider (SPI/LSP)
Настройки LSP проверены. Ошибок не обнаружено
5. Поиск перехватчиков событий клавиатуры/мыши/окон (Keylogger, троянские DLL)
C:\PROGRA

1\mzvkbd.dll --> Подозрение на Keylogger или троянскую DLL
C:\PROGRA

1\mzvkbd.dll>>> Поведенческий анализ
Типичное для кейлоггеров поведение не зарегистрировано
C:\PROGRA

1\mzvkbd3.dll --> Подозрение на Keylogger или троянскую DLL
C:\PROGRA

1\mzvkbd3.dll>>> Поведенческий анализ
Типичное для кейлоггеров поведение не зарегистрировано
C:\PROGRA

1\adialhk.dll --> Подозрение на Keylogger или троянскую DLL
C:\PROGRA

1\adialhk.dll>>> Поведенческий анализ
Типичное для кейлоггеров поведение не зарегистрировано
C:\PROGRA

1\kloehk.dll --> Подозрение на Keylogger или троянскую DLL
C:\PROGRA

1\kloehk.dll>>> Поведенческий анализ
Типичное для кейлоггеров поведение не зарегистрировано
C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll --> Подозрение на Keylogger или троянскую DLL
C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll>>> Поведенческий анализ
Типичное для кейлоггеров поведение не зарегистрировано
C:\Program Files\Microsoft Office\Office12\GrooveUtil.DLL --> Подозрение на Keylogger или троянскую DLL
C:\Program Files\Microsoft Office\Office12\GrooveUtil.DLL>>> Поведенческий анализ
Типичное для кейлоггеров поведение не зарегистрировано
C:\Program Files\Microsoft Office\Office12\GrooveNew.DLL --> Подозрение на Keylogger или троянскую DLL
C:\Program Files\Microsoft Office\Office12\GrooveNew.DLL>>> Поведенческий анализ
Типичное для кейлоггеров поведение не зарегистрировано
C:\Program Files\Conduit\Community Alerts\Alert.dll --> Подозрение на Keylogger или троянскую DLL
C:\Program Files\Conduit\Community Alerts\Alert.dll>>> Поведенческий анализ
1. Реагирует на события: клавиатура
C:\Program Files\Conduit\Community Alerts\Alert.dll>>> Нейросеть: файл с вероятностью 94.23% похож на типовой перехватчик событий клавиатуры/мыши
На заметку: Заподозренные файлы НЕ следует удалять, их следует прислать для анализа (подробности в FAQ), т.к. существует множество полезных DLL-перехватчиков
6. Поиск открытых портов TCP/UDP, используемых вредоносными программами
Проверка отключена пользователем
7. Эвристичеcкая проверка системы
Подозрение на скрытую загрузку библиотек через AppInit_DLLs: "C:\PROGRA

1\kloehk.dll"
Проверка завершена
8. Поиск потенциальных уязвимостей
>> Службы: разрешена потенциально опасная служба TermService (Службы терминалов)
>> Службы: разрешена потенциально опасная служба SSDPSRV (Служба обнаружения SSDP)
>> Службы: разрешена потенциально опасная служба Schedule (Планировщик заданий)
> Службы: обратите внимание - набор применяемых на ПК служб зависит от области применения ПК (домашний, ПК в ЛВС компании. )!
>> Безопасность: разрешен автозапуск программ с CDROM
>> Безопасность: разрешен административный доступ к локальным дискам (C$, D$. )
>> Безопасность: к ПК разрешен доступ анонимного пользователя
Проверка завершена
9. Мастер поиска и устранения проблем
Проверка завершена
Просканировано файлов: 98851, извлечено из архивов: 80537, найдено вредоносных программ 0, подозрений - 6
Сканирование завершено в 23.12.2008 22:15:44
Сканирование длилось 00:06:38
Если у Вас есть подозрение на наличие вирусов или вопросы по заподозренным объектам,
то Вы можете обратиться в конференцию - virusinfo.info

Другие статьи, обзоры программ, новости

Ошибка 1406 при установке программ - Windows 7

Ошибка 1406 при установке программ - Windows 7

Turok123. фильтр добавила для установщика. Лог событий: спойлер или файл

Кликните здесь для просмотра всего текста

Время,"Р˜РјСЏ процесса","PID","Операция","Р*езультат","Подробности","Командная строка"
17:15:12,4817255,"Explorer.EXE","1864","CreateFile","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Open Requiring Oplock, Attributes: N, ShareMode: Read, AllocationSize: n/a, OpenResult: Opened","C:\Windows\Explorer.EXE"
17:15:12,4817716,"Explorer.EXE","1864","FileSystemControl","SUCCESS","Control: FSCTL_REQUEST_FILTER_OPLOCK","C:\Windows\Explorer.EXE"
17:15:12,4819112,"Explorer.EXE","1864","CreateFile","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened","C:\Windows\Explorer.EXE"
17:15:12,4819713,"Explorer.EXE","1864","QueryBasicInformationFile","SUCCESS","CreationTime: 24.05.2014 0:04:47, LastAccessTime: 24.05.2014 0:04:47, LastWriteTime: 24.05.2014 0:04:54, ChangeTime: 11.06.2014 17:14:17, FileAttributes: A","C:\Windows\Explorer.EXE"
17:15:12,4819774,"Explorer.EXE","1864","QueryStandardInformationFile","SUCCESS","AllocationSize: 7В*778В*304, EndOfFile: 7В*778В*304, NumberOfLinks: 1, DeletePending: Нет, Directory: Нет","C:\Windows\Explorer.EXE"
17:15:12,4819856,"Explorer.EXE","1864","ReadFile","SUCCESS","Offset: 0, Length: 4В*096, Priority: Normal","C:\Windows\Explorer.EXE"
17:15:12,4820160,"Explorer.EXE","1864","QueryBasicInformationFile","SUCCESS","CreationTime: 24.05.2014 0:04:47, LastAccessTime: 24.05.2014 0:04:47, LastWriteTime: 24.05.2014 0:04:54, ChangeTime: 11.06.2014 17:14:17, FileAttributes: A","C:\Windows\Explorer.EXE"
17:15:12,4820208,"Explorer.EXE","1864","QueryStandardInformationFile","SUCCESS","AllocationSize: 7В*778В*304, EndOfFile: 7В*778В*304, NumberOfLinks: 1, DeletePending: Нет, Directory: Нет","C:\Windows\Explorer.EXE"
17:15:12,4820290,"Explorer.EXE","1864","QueryBasicInformationFile","SUCCESS","CreationTime: 24.05.2014 0:04:47, LastAccessTime: 24.05.2014 0:04:47, LastWriteTime: 24.05.2014 0:04:54, ChangeTime: 11.06.2014 17:14:17, FileAttributes: A","C:\Windows\Explorer.EXE"
17:15:12,4820334,"Explorer.EXE","1864","QueryStandardInformationFile","SUCCESS","AllocationSize: 7В*778В*304, EndOfFile: 7В*778В*304, NumberOfLinks: 1, DeletePending: Нет, Directory: Нет","C:\Windows\Explorer.EXE"
17:15:12,4820406,"Explorer.EXE","1864","ReadFile","SUCCESS","Offset: 0, Length: 4В*096","C:\Windows\Explorer.EXE"
17:15:12,4820621,"Explorer.EXE","1864","ReadFile","SUCCESS","Offset: 4В*096, Length: 4В*096","C:\Windows\Explorer.EXE"
17:15:12,4820730,"Explorer.EXE","1864","ReadFile","SUCCESS","Offset: 8В*192, Length: 4В*096","C:\Windows\Explorer.EXE"
17:15:12,4823168,"Explorer.EXE","1864","CreateFile","SUCCESS","Desired Access: Read Attributes, Read Control, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened","C:\Windows\Explorer.EXE"
17:15:12,4823407,"Explorer.EXE","1864","QuerySecurityFile","BUFFER OVERFLOW","Information: Владелец, DACL","C:\Windows\Explorer.EXE"
17:15:12,4823489,"Explorer.EXE","1864","QuerySecurityFile","SUCCESS","Information: Владелец, DACL","C:\Windows\Explorer.EXE"
17:15:12,4823550,"Explorer.EXE","1864","CloseFile","SUCCESS","","C:\Windows\Explorer.EXE"
17:15:12,4825117,"Explorer.EXE","1864","CreateFile","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened","C:\Windows\Explorer.EXE"
17:15:12,4825315,"Explorer.EXE","1864","QueryBasicInformationFile","SUCCESS","CreationTime: 24.05.2014 0:04:47, LastAccessTime: 24.05.2014 0:04:47, LastWriteTime: 24.05.2014 0:04:54, ChangeTime: 11.06.2014 17:14:17, FileAttributes: A","C:\Windows\Explorer.EXE"
17:15:12,4825366,"Explorer.EXE","1864","CloseFile","SUCCESS","","C:\Windows\Explorer.EXE"
17:15:12,4827455,"Explorer.EXE","1864","CreateFile","SUCCESS","Desired Access: Read Attributes, Read Control, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened","C:\Windows\Explorer.EXE"
17:15:12,4827681,"Explorer.EXE","1864","QuerySecurityFile","BUFFER OVERFLOW","Information: Владелец, DACL","C:\Windows\Explorer.EXE"
17:15:12,4827752,"Explorer.EXE","1864","QuerySecurityFile","SUCCESS","Information: Владелец, DACL","C:\Windows\Explorer.EXE"
17:15:12,4827814,"Explorer.EXE","1864","CloseFile","SUCCESS","","C:\Windows\Explorer.EXE"
17:15:12,4829350,"Explorer.EXE","1864","CreateFile","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened","C:\Windows\Explorer.EXE"
17:15:12,4829551,"Explorer.EXE","1864","QueryBasicInformationFile","SUCCESS","CreationTime: 24.05.2014 0:04:47, LastAccessTime: 24.05.2014 0:04:47, LastWriteTime: 24.05.2014 0:04:54, ChangeTime: 11.06.2014 17:14:17, FileAttributes: A","C:\Windows\Explorer.EXE"
17:15:12,4829599,"Explorer.EXE","1864","CloseFile","SUCCESS","","C:\Windows\Explorer.EXE"
17:15:12,4831224,"Explorer.EXE","1864","CreateFile","SUCCESS","Desired Access: Read Attributes, Read Control, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened","C:\Windows\Explorer.EXE"
17:15:12,4831453,"Explorer.EXE","1864","QuerySecurityFile","BUFFER OVERFLOW","Information: Владелец, DACL","C:\Windows\Explorer.EXE"
17:15:12,4831524,"Explorer.EXE","1864","QuerySecurityFile","SUCCESS","Information: Владелец, DACL","C:\Windows\Explorer.EXE"
17:15:12,4831586,"Explorer.EXE","1864","CloseFile","SUCCESS","","C:\Windows\Explorer.EXE"
17:15:12,4833474,"Explorer.EXE","1864","CreateFile","SUCCESS","Desired Access: Read Attributes, Read Control, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened","C:\Windows\Explorer.EXE"
17:15:12,4833699,"Explorer.EXE","1864","QuerySecurityFile","BUFFER OVERFLOW","Information: Владелец, DACL","C:\Windows\Explorer.EXE"
17:15:12,4833774,"Explorer.EXE","1864","QuerySecurityFile","SUCCESS","Information: Владелец, DACL","C:\Windows\Explorer.EXE"
17:15:12,4833835,"Explorer.EXE","1864","CloseFile","SUCCESS","","C:\Windows\Explorer.EXE"
17:15:12,4835361,"Explorer.EXE","1864","CreateFile","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened","C:\Windows\Explorer.EXE"
17:15:12,4835563,"Explorer.EXE","1864","QueryBasicInformationFile","SUCCESS","CreationTime: 24.05.2014 0:04:47, LastAccessTime: 24.05.2014 0:04:47, LastWriteTime: 24.05.2014 0:04:54, ChangeTime: 11.06.2014 17:14:17, FileAttributes: A","C:\Windows\Explorer.EXE"
17:15:12,4835611,"Explorer.EXE","1864","CloseFile","SUCCESS","","C:\Windows\Explorer.EXE"
17:15:12,4837311,"Explorer.EXE","1864","CreateFile","SUCCESS","Desired Access: Read Attributes, Read Control, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened","C:\Windows\Explorer.EXE"
17:15:12,4837532,"Explorer.EXE","1864","QuerySecurityFile","BUFFER OVERFLOW","Information: Владелец, DACL","C:\Windows\Explorer.EXE"
17:15:12,4837608,"Explorer.EXE","1864","QuerySecurityFile","SUCCESS","Information: Владелец, DACL","C:\Windows\Explorer.EXE"
17:15:12,4837669,"Explorer.EXE","1864","CloseFile","SUCCESS","","C:\Windows\Explorer.EXE"
17:15:12,4839195,"Explorer.EXE","1864","CreateFile","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened","C:\Windows\Explorer.EXE"
17:15:12,4839393,"Explorer.EXE","1864","QueryBasicInformationFile","SUCCESS","CreationTime: 24.05.2014 0:04:47, LastAccessTime: 24.05.2014 0:04:47, LastWriteTime: 24.05.2014 0:04:54, ChangeTime: 11.06.2014 17:14:17, FileAttributes: A","C:\Windows\Explorer.EXE"
17:15:12,4839444,"Explorer.EXE","1864","CloseFile","SUCCESS","","C:\Windows\Explorer.EXE"
17:15:12,4841076,"Explorer.EXE","1864","CreateFile","SUCCESS","Desired Access: Read Attributes, Read Control, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened","C:\Windows\Explorer.EXE"
17:15:12,4841298,"Explorer.EXE","1864","QuerySecurityFile","BUFFER OVERFLOW","Information: Владелец, DACL","C:\Windows\Explorer.EXE"
17:15:12,4841369,"Explorer.EXE","1864","QuerySecurityFile","SUCCESS","Information: Владелец, DACL","C:\Windows\Explorer.EXE"
17:15:12,4841431,"Explorer.EXE","1864","CloseFile","SUCCESS","","C:\Windows\Explorer.EXE"
17:15:12,4845452,"Explorer.EXE","1864","CreateFile","SUCCESS","Desired Access: Read Attributes, Read Control, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened","C:\Windows\Explorer.EXE"
17:15:12,4845684,"Explorer.EXE","1864","QuerySecurityFile","BUFFER OVERFLOW","Information: Владелец, DACL","C:\Windows\Explorer.EXE"
17:15:12,4845756,"Explorer.EXE","1864","QuerySecurityFile","SUCCESS","Information: Владелец, DACL","C:\Windows\Explorer.EXE"
17:15:12,4845821,"Explorer.EXE","1864","CloseFile","SUCCESS","","C:\Windows\Explorer.EXE"
17:15:12,4847354,"Explorer.EXE","1864","CreateFile","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened","C:\Windows\Explorer.EXE"
17:15:12,4847555,"Explorer.EXE","1864","QueryBasicInformationFile","SUCCESS","CreationTime: 24.05.2014 0:04:47, LastAccessTime: 24.05.2014 0:04:47, LastWriteTime: 24.05.2014 0:04:54, ChangeTime: 11.06.2014 17:14:17, FileAttributes: A","C:\Windows\Explorer.EXE"
17:15:12,4847603,"Explorer.EXE","1864","CloseFile","SUCCESS","","C:\Windows\Explorer.EXE"
17:15:12,4849306,"Explorer.EXE","1864","CreateFile","SUCCESS","Desired Access: Read Attributes, Read Control, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened","C:\Windows\Explorer.EXE"
17:15:12,4849528,"Explorer.EXE","1864","QuerySecurityFile","BUFFER OVERFLOW","Information: Владелец, DACL","C:\Windows\Explorer.EXE"
17:15:12,4849603,"Explorer.EXE","1864","QuerySecurityFile","SUCCESS","Information: Владелец, DACL","C:\Windows\Explorer.EXE"
17:15:12,4849665,"Explorer.EXE","1864","CloseFile","SUCCESS","","C:\Windows\Explorer.EXE"
17:15:12,4851180,"Explorer.EXE","1864","CreateFile","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened","C:\Windows\Explorer.EXE"
17:15:12,4851378,"Explorer.EXE","1864","QueryBasicInformationFile","SUCCESS","CreationTime: 24.05.2014 0:04:47, LastAccessTime: 24.05.2014 0:04:47, LastWriteTime: 24.05.2014 0:04:54, ChangeTime: 11.06.2014 17:14:17, FileAttributes: A","C:\Windows\Explorer.EXE"
17:15:12,4851426,"Explorer.EXE","1864","CloseFile","SUCCESS","","C:\Windows\Explorer.EXE"
17:15:12,4853044,"Explorer.EXE","1864","CreateFile","SUCCESS","Desired Access: Read Attributes, Read Control, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened","C:\Windows\Explorer.EXE"
17:15:12,4853270,"Explorer.EXE","1864","QuerySecurityFile","BUFFER OVERFLOW","Information: Владелец, DACL","C:\Windows\Explorer.EXE"
17:15:12,4853341,"Explorer.EXE","1864","QuerySecurityFile","SUCCESS","Information: Владелец, DACL","C:\Windows\Explorer.EXE"
17:15:12,4853403,"Explorer.EXE","1864","CloseFile","SUCCESS","","C:\Windows\Explorer.EXE"
17:15:12,4853928,"Explorer.EXE","1864","CloseFile","SUCCESS","","C:\Windows\Explorer.EXE"
17:15:12,4854102,"Explorer.EXE","1864","CloseFile","SUCCESS","","C:\Windows\Explorer.EXE"
17:15:12,5568485,"Explorer.EXE","1864","CreateFile","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened","C:\Windows\Explorer.EXE"
17:15:12,5568778,"Explorer.EXE","1864","QueryBasicInformationFile","SUCCESS","CreationTime: 24.05.2014 0:04:47, LastAccessTime: 24.05.2014 0:04:47, LastWriteTime: 24.05.2014 0:04:54, ChangeTime: 11.06.2014 17:14:17, FileAttributes: A","C:\Windows\Explorer.EXE"
17:15:12,5568830,"Explorer.EXE","1864","CloseFile","SUCCESS","","C:\Windows\Explorer.EXE"
17:15:12,5569918,"Explorer.EXE","1864","CreateFile","SUCCESS","Desired Access: Read Attributes, Read Control, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened","C:\Windows\Explorer.EXE"
17:15:12,5570147,"Explorer.EXE","1864","QuerySecurityFile","BUFFER OVERFLOW","Information: Label","C:\Windows\Explorer.EXE"
17:15:12,5570229,"Explorer.EXE","1864","QuerySecurityFile","SUCCESS","Information: Label","C:\Windows\Explorer.EXE"
17:15:12,5572451,"Explorer.EXE","1864","CloseFile","SUCCESS","","C:\Windows\Explorer.EXE"
17:15:12,5574011,"Explorer.EXE","1864","CreateFile","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened","C:\Windows\Explorer.EXE"
17:15:12,5574209,"Explorer.EXE","1864","QueryBasicInformationFile","SUCCESS","CreationTime: 24.05.2014 0:04:47, LastAccessTime: 24.05.2014 0:04:47, LastWriteTime: 24.05.2014 0:04:54, ChangeTime: 11.06.2014 17:14:17, FileAttributes: A","C:\Windows\Explorer.EXE"
17:15:12,5574257,"Explorer.EXE","1864","CloseFile","SUCCESS","","C:\Windows\Explorer.EXE"
17:15:12,5575766,"Explorer.EXE","1864","CreateFile","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened","C:\Windows\Explorer.EXE"
17:15:12,5575957,"Explorer.EXE","1864","QueryBasicInformationFile","SUCCESS","CreationTime: 24.05.2014 0:04:47, LastAccessTime: 24.05.2014 0:04:47, LastWriteTime: 24.05.2014 0:04:54, ChangeTime: 11.06.2014 17:14:17, FileAttributes: A","C:\Windows\Explorer.EXE"
17:15:12,5576005,"Explorer.EXE","1864","CloseFile","SUCCESS","","C:\Windows\Explorer.EXE"
17:15:12,5599672,"Explorer.EXE","1864","CreateFile","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened","C:\Windows\Explorer.EXE"
17:15:12,5602891,"Explorer.EXE","1864","QueryStandardInformationFile","SUCCESS","AllocationSize: 7В*778В*304, EndOfFile: 7В*778В*304, NumberOfLinks: 1, DeletePending: Нет, Directory: Нет","C:\Windows\Explorer.EXE"
17:15:12,5602970,"Explorer.EXE","1864","CreateFileMapping","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_READONLY","C:\Windows\Explorer.EXE"
17:15:12,5603021,"Explorer.EXE","1864","QueryStandardInformationFile","SUCCESS","AllocationSize: 7В*778В*304, EndOfFile: 7В*778В*304, NumberOfLinks: 1, DeletePending: Нет, Directory: Нет","C:\Windows\Explorer.EXE"
17:15:12,5603110,"Explorer.EXE","1864","CreateFileMapping","SUCCESS","SyncType: SyncTypeOther","C:\Windows\Explorer.EXE"
17:15:12,5617539,"Explorer.EXE","1864","CreateFile","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, AllocationSize: n/a, OpenResult: Opened","C:\Windows\Explorer.EXE"
17:15:12,5617802,"Explorer.EXE","1864","QueryStandardInformationFile","SUCCESS","AllocationSize: 7В*778В*304, EndOfFile: 7В*778В*304, NumberOfLinks: 1, DeletePending: Нет, Directory: Нет","C:\Windows\Explorer.EXE"
17:15:12,5617901,"Explorer.EXE","1864","CreateFileMapping","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_READONLY","C:\Windows\Explorer.EXE"
17:15:12,5617946,"Explorer.EXE","1864","QueryStandardInformationFile","SUCCESS","AllocationSize: 7В*778В*304, EndOfFile: 7В*778В*304, NumberOfLinks: 1, DeletePending: Нет, Directory: Нет","C:\Windows\Explorer.EXE"
17:15:12,5618031,"Explorer.EXE","1864","CreateFileMapping","SUCCESS","SyncType: SyncTypeOther","C:\Windows\Explorer.EXE"
17:15:12,5618113,"Explorer.EXE","1864","QueryStandardInformationFile","SUCCESS","AllocationSize: 7В*778В*304, EndOfFile: 7В*778В*304, NumberOfLinks: 1, DeletePending: Нет, Directory: Нет","C:\Windows\Explorer.EXE"
17:15:12,5618840,"Explorer.EXE","1864","QueryBasicInformationFile","SUCCESS","CreationTime: 24.05.2014 0:04:47, LastAccessTime: 24.05.2014 0:04:47, LastWriteTime: 24.05.2014 0:04:54, ChangeTime: 11.06.2014 17:14:17, FileAttributes: A","C:\Windows\Explorer.EXE"
17:15:12,5618956,"Explorer.EXE","1864","LockFile","SUCCESS","Exclusive: Да, Смещение: 2В*147В*483В*538, Length: 1, Fail Immediately: Да","C:\Windows\Explorer.EXE"
17:15:12,5619086,"Explorer.EXE","1864","LockFile","SUCCESS","Exclusive: Да, Смещение: 2В*147В*483В*559, Length: 20, Fail Immediately: Да","C:\Windows\Explorer.EXE"
17:15:12,5619192,"Explorer.EXE","1864","UnlockFileSingle","SUCCESS","Смещение: 2В*147В*483В*559, Length: 20","C:\Windows\Explorer.EXE"
17:15:12,5619297,"Explorer.EXE","1864","LockFile","SUCCESS","Exclusive: Да, Смещение: 2В*147В*483В*579, Length: 20, Fail Immediately: Да","C:\Windows\Explorer.EXE"
17:15:12,5619390,"Explorer.EXE","1864","UnlockFileSingle","SUCCESS","Смещение: 2В*147В*483В*579, Length: 20","C:\Windows\Explorer.EXE"
17:15:12,5619489,"Explorer.EXE","1864","UnlockFileSingle","SUCCESS","Смещение: 2В*147В*483В*538, Length: 1","C:\Windows\Explorer.EXE"
17:15:12,5619810,"Explorer.EXE","1864","QueryBasicInformationFile","SUCCESS","CreationTime: 24.05.2014 0:04:47, LastAccessTime: 24.05.2014 0:04:47, LastWriteTime: 24.05.2014 0:04:54, ChangeTime: 11.06.2014 17:14:17, FileAttributes: A","C:\Windows\Explorer.EXE"
17:15:12,5620052,"Explorer.EXE","1864","CloseFile","SUCCESS","","C:\Windows\Explorer.EXE"
17:15:12,5623455,"Explorer.EXE","1864","CreateFile","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, AllocationSize: n/a, OpenResult: Opened","C:\Windows\Explorer.EXE"
17:15:12,5623708,"Explorer.EXE","1864","QueryStandardInformationFile","SUCCESS","AllocationSize: 7В*778В*304, EndOfFile: 7В*778В*304, NumberOfLinks: 1, DeletePending: Нет, Directory: Нет","C:\Windows\Explorer.EXE"
17:15:12,5623790,"Explorer.EXE","1864","CreateFileMapping","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_READONLY","C:\Windows\Explorer.EXE"
17:15:12,5623834,"Explorer.EXE","1864","QueryStandardInformationFile","SUCCESS","AllocationSize: 7В*778В*304, EndOfFile: 7В*778В*304, NumberOfLinks: 1, DeletePending: Нет, Directory: Нет","C:\Windows\Explorer.EXE"
17:15:12,5623943,"Explorer.EXE","1864","CreateFileMapping","SUCCESS","SyncType: SyncTypeOther","C:\Windows\Explorer.EXE"
17:15:12,5624022,"Explorer.EXE","1864","QueryStandardInformationFile","SUCCESS","AllocationSize: 7В*778В*304, EndOfFile: 7В*778В*304, NumberOfLinks: 1, DeletePending: Нет, Directory: Нет","C:\Windows\Explorer.EXE"
17:15:12,5624855,"Explorer.EXE","1864","QueryBasicInformationFile","SUCCESS","CreationTime: 24.05.2014 0:04:47, LastAccessTime: 24.05.2014 0:04:47, LastWriteTime: 24.05.2014 0:04:54, ChangeTime: 11.06.2014 17:14:17, FileAttributes: A","C:\Windows\Explorer.EXE"
17:15:12,5624968,"Explorer.EXE","1864","LockFile","SUCCESS","Exclusive: Да, Смещение: 2В*147В*483В*538, Length: 1, Fail Immediately: Да","C:\Windows\Explorer.EXE"
17:15:12,5625084,"Explorer.EXE","1864","LockFile","SUCCESS","Exclusive: Да, Смещение: 2В*147В*483В*559, Length: 20, Fail Immediately: Да","C:\Windows\Explorer.EXE"
17:15:12,5625183,"Explorer.EXE","1864","UnlockFileSingle","SUCCESS","Смещение: 2В*147В*483В*559, Length: 20","C:\Windows\Explorer.EXE"
17:15:12,5625285,"Explorer.EXE","1864","LockFile","SUCCESS","Exclusive: Да, Смещение: 2В*147В*483В*579, Length: 20, Fail Immediately: Да","C:\Windows\Explorer.EXE"
17:15:12,5625381,"Explorer.EXE","1864","UnlockFileSingle","SUCCESS","Смещение: 2В*147В*483В*579, Length: 20","C:\Windows\Explorer.EXE"
17:15:12,5625476,"Explorer.EXE","1864","UnlockFileSingle","SUCCESS","Смещение: 2В*147В*483В*538, Length: 1","C:\Windows\Explorer.EXE"
17:15:12,5625869,"Explorer.EXE","1864","CloseFile","SUCCESS","","C:\Windows\Explorer.EXE"
17:15:12,5626159,"Explorer.EXE","1864","CloseFile","SUCCESS","","C:\Windows\Explorer.EXE"
17:15:12,5627760,"Explorer.EXE","1864","CreateFile","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened","C:\Windows\Explorer.EXE"
17:15:12,5627965,"Explorer.EXE","1864","QueryBasicInformationFile","SUCCESS","CreationTime: 24.05.2014 0:04:47, LastAccessTime: 24.05.2014 0:04:47, LastWriteTime: 24.05.2014 0:04:54, ChangeTime: 11.06.2014 17:14:17, FileAttributes: A","C:\Windows\Explorer.EXE"
17:15:12,5628013,"Explorer.EXE","1864","CloseFile","SUCCESS","","C:\Windows\Explorer.EXE"
17:15:12,5629521,"Explorer.EXE","1864","CreateFile","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened","C:\Windows\Explorer.EXE"
17:15:12,5629719,"Explorer.EXE","1864","QueryBasicInformationFile","SUCCESS","CreationTime: 24.05.2014 0:04:47, LastAccessTime: 24.05.2014 0:04:47, LastWriteTime: 24.05.2014 0:04:54, ChangeTime: 11.06.2014 17:14:17, FileAttributes: A","C:\Windows\Explorer.EXE"
17:15:12,5629767,"Explorer.EXE","1864","CloseFile","SUCCESS","","C:\Windows\Explorer.EXE"
17:15:12,5639428,"Explorer.EXE","1864","CreateFile","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened","C:\Windows\Explorer.EXE"
17:15:12,5639633,"Explorer.EXE","1864","QueryBasicInformationFile","SUCCESS","CreationTime: 24.05.2014 0:04:47, LastAccessTime: 24.05.2014 0:04:47, LastWriteTime: 24.05.2014 0:04:54, ChangeTime: 11.06.2014 17:14:17, FileAttributes: A","C:\Windows\Explorer.EXE"
17:15:12,5639681,"Explorer.EXE","1864","CloseFile","SUCCESS","","C:\Windows\Explorer.EXE"
17:15:12,5644142,"Explorer.EXE","1864","CreateFile","SUCCESS","Desired Access: Read Attributes, Delete, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Delete, AllocationSize: n/a, OpenResult: Opened","C:\Windows\Explorer.EXE"
17:15:12,5644866,"Explorer.EXE","1864","CreateFile","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Complete If Oplocked, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened","C:\Windows\Explorer.EXE"
17:15:12,5645074,"Explorer.EXE","1864","QueryFileInternalInformationFile","SUCCESS","IndexNumber: 0x300000003c942","C:\Windows\Explorer.EXE"
17:15:12,5645153,"Explorer.EXE","1864","QueryBasicInformationFile","SUCCESS","CreationTime: 24.05.2014 0:04:47, LastAccessTime: 24.05.2014 0:04:47, LastWriteTime: 24.05.2014 0:04:54, ChangeTime: 11.06.2014 17:14:17, FileAttributes: A","C:\Windows\Explorer.EXE"
17:15:12,5645197,"Explorer.EXE","1864","QueryStandardInformationFile","SUCCESS","AllocationSize: 7В*778В*304, EndOfFile: 7В*778В*304, NumberOfLinks: 1, DeletePending: Нет, Directory: Нет","C:\Windows\Explorer.EXE"
17:15:12,5645255,"Explorer.EXE","1864","CloseFile","SUCCESS","","C:\Windows\Explorer.EXE"
17:15:12,5645685,"Explorer.EXE","1864","CloseFile","SUCCESS","","C:\Windows\Explorer.EXE"
17:15:13,5052059,"Explorer.EXE","1864","CreateFile","SUCCESS","Desired Access: Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened","C:\Windows\Explorer.EXE"
17:15:13,5052407,"Explorer.EXE","1864","CreateFileMapping","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE","C:\Windows\Explorer.EXE"
17:15:13,5053281,"Explorer.EXE","1864","CreateFile","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Complete If Oplocked, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened","C:\Windows\Explorer.EXE"
17:15:13,5053506,"Explorer.EXE","1864","QueryFileInternalInformationFile","SUCCESS","IndexNumber: 0x300000003c942","C:\Windows\Explorer.EXE"
17:15:13,5053591,"Explorer.EXE","1864","QueryBasicInformationFile","SUCCESS","CreationTime: 24.05.2014 0:04:47, LastAccessTime: 24.05.2014 0:04:47, LastWriteTime: 24.05.2014 0:04:54, ChangeTime: 11.06.2014 17:14:17, FileAttributes: A","C:\Windows\Explorer.EXE"
17:15:13,5053639,"Explorer.EXE","1864","QueryStandardInformationFile","SUCCESS","AllocationSize: 7В*778В*304, EndOfFile: 7В*778В*304, NumberOfLinks: 1, DeletePending: Нет, Directory: Нет","C:\Windows\Explorer.EXE"
17:15:13,5053711,"Explorer.EXE","1864","CloseFile","SUCCESS","","C:\Windows\Explorer.EXE"
17:15:13,5053933,"Explorer.EXE","1864","QueryStandardInformationFile","SUCCESS","AllocationSize: 7В*778В*304, EndOfFile: 7В*778В*304, NumberOfLinks: 1, DeletePending: Нет, Directory: Нет","C:\Windows\Explorer.EXE"
17:15:13,5057603,"Explorer.EXE","1864","CloseFile","SUCCESS","","C:\Windows\Explorer.EXE"
17:15:13,5061375,"Explorer.EXE","1864","QueryDirectory","SUCCESS","Filter: charles-proxy_3.6_.5_.msi, 1: charles-proxy_3.6_.5_.msi","C:\Windows\Explorer.EXE"
17:15:13,5063191,"Explorer.EXE","1864","CreateFile","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened","C:\Windows\Explorer.EXE"
17:15:13,5063396,"Explorer.EXE","1864","QueryBasicInformationFile","SUCCESS","CreationTime: 24.05.2014 0:04:47, LastAccessTime: 24.05.2014 0:04:47, LastWriteTime: 24.05.2014 0:04:54, ChangeTime: 11.06.2014 17:14:17, FileAttributes: A","C:\Windows\Explorer.EXE"
17:15:13,5063447,"Explorer.EXE","1864","CloseFile","SUCCESS","","C:\Windows\Explorer.EXE"
17:15:13,5067308,"Explorer.EXE","1864","CreateFile","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, AllocationSize: n/a, OpenResult: Opened","C:\Windows\Explorer.EXE"
17:15:13,5067540,"Explorer.EXE","1864","QueryStandardInformationFile","SUCCESS","AllocationSize: 7В*778В*304, EndOfFile: 7В*778В*304, NumberOfLinks: 1, DeletePending: Нет, Directory: Нет","C:\Windows\Explorer.EXE"
17:15:13,5067629,"Explorer.EXE","1864","CreateFileMapping","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_READONLY","C:\Windows\Explorer.EXE"
17:15:13,5067673,"Explorer.EXE","1864","QueryStandardInformationFile","SUCCESS","AllocationSize: 7В*778В*304, EndOfFile: 7В*778В*304, NumberOfLinks: 1, DeletePending: Нет, Directory: Нет","C:\Windows\Explorer.EXE"
17:15:13,5068905,"Explorer.EXE","1864","CloseFile","SUCCESS","","C:\Windows\Explorer.EXE"
17:15:13,5069800,"Explorer.EXE","1864","CreateFile","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, AllocationSize: n/a, OpenResult: Opened","C:\Windows\Explorer.EXE"
17:15:13,5070025,"Explorer.EXE","1864","QueryStandardInformationFile","SUCCESS","AllocationSize: 7В*778В*304, EndOfFile: 7В*778В*304, NumberOfLinks: 1, DeletePending: Нет, Directory: Нет","C:\Windows\Explorer.EXE"
17:15:13,5070083,"Explorer.EXE","1864","CreateFileMapping","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_READONLY","C:\Windows\Explorer.EXE"
17:15:13,5070127,"Explorer.EXE","1864","QueryStandardInformationFile","SUCCESS","AllocationSize: 7В*778В*304, EndOfFile: 7В*778В*304, NumberOfLinks: 1, DeletePending: Нет, Directory: Нет","C:\Windows\Explorer.EXE"
17:15:13,5070209,"Explorer.EXE","1864","CreateFileMapping","SUCCESS","SyncType: SyncTypeOther","C:\Windows\Explorer.EXE"
17:15:13,5070486,"Explorer.EXE","1864","CloseFile","SUCCESS","","C:\Windows\Explorer.EXE"
17:15:13,5072756,"Explorer.EXE","1864","CreateFile","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened","C:\Windows\Explorer.EXE"
17:15:13,5072951,"Explorer.EXE","1864","QueryBasicInformationFile","SUCCESS","CreationTime: 24.05.2014 0:04:47, LastAccessTime: 24.05.2014 0:04:47, LastWriteTime: 24.05.2014 0:04:54, ChangeTime: 11.06.2014 17:14:17, FileAttributes: A","C:\Windows\Explorer.EXE"
17:15:13,5073002,"Explorer.EXE","1864","CloseFile","SUCCESS","","C:\Windows\Explorer.EXE"
17:15:13,5073951,"Explorer.EXE","1864","CreateFile","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened","C:\Windows\Explorer.EXE"
17:15:13,5074183,"Explorer.EXE","1864","CreateFileMapping","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_READONLY","C:\Windows\Explorer.EXE"
17:15:13,5074227,"Explorer.EXE","1864","QueryStandardInformationFile","SUCCESS","AllocationSize: 7В*778В*304, EndOfFile: 7В*778В*304, NumberOfLinks: 1, DeletePending: Нет, Directory: Нет","C:\Windows\Explorer.EXE"
17:15:13,5075408,"Explorer.EXE","1864","CloseFile","SUCCESS","","C:\Windows\Explorer.EXE"
17:15:13,5076999,"Explorer.EXE","1864","CreateFile","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened","C:\Windows\Explorer.EXE"
17:15:13,5077201,"Explorer.EXE","1864","QueryBasicInformationFile","SUCCESS","CreationTime: 24.05.2014 0:04:47, LastAccessTime: 24.05.2014 0:04:47, LastWriteTime: 24.05.2014 0:04:54, ChangeTime: 11.06.2014 17:14:17, FileAttributes: A","C:\Windows\Explorer.EXE"
17:15:13,5077252,"Explorer.EXE","1864","CloseFile","SUCCESS","","C:\Windows\Explorer.EXE"
17:15:13,5078139,"Explorer.EXE","1864","CreateFile","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened","C:\Windows\Explorer.EXE"
17:15:13,5078365,"Explorer.EXE","1864","CreateFileMapping","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_READONLY","C:\Windows\Explorer.EXE"
17:15:13,5078412,"Explorer.EXE","1864","QueryStandardInformationFile","SUCCESS","AllocationSize: 7В*778В*304, EndOfFile: 7В*778В*304, NumberOfLinks: 1, DeletePending: Нет, Directory: Нет","C:\Windows\Explorer.EXE"
17:15:13,5078528,"Explorer.EXE","1864","CreateFileMapping","SUCCESS","SyncType: SyncTypeOther","C:\Windows\Explorer.EXE"
17:15:13,5078778,"Explorer.EXE","1864","CloseFile","SUCCESS","","C:\Windows\Explorer.EXE"
17:15:13,5079703,"Explorer.EXE","1864","CreateFile","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, AllocationSize: n/a, OpenResult: Opened","C:\Windows\Explorer.EXE"
17:15:13,5079935,"Explorer.EXE","1864","QueryStandardInformationFile","SUCCESS","AllocationSize: 7В*778В*304, EndOfFile: 7В*778В*304, NumberOfLinks: 1, DeletePending: Нет, Directory: Нет","C:\Windows\Explorer.EXE"
17:15:13,5080034,"Explorer.EXE","1864","ReadFile","SUCCESS","Offset: 0, Length: 2, Priority: Normal","C:\Windows\Explorer.EXE"
17:15:13,5080242,"Explorer.EXE","1864","CloseFile","SUCCESS","","C:\Windows\Explorer.EXE"
17:15:13,5839764,"msiexec.exe","5600","CreateFile","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, AllocationSize: n/a, OpenResult: Opened","""C:\Windows\System32\msiexec.exe"" /i ""C:\charles-proxy_3.6_.5_.msi"" "
17:15:13,5840102,"msiexec.exe","5600","QueryStandardInformationFile","SUCCESS","AllocationSize: 7В*778В*304, EndOfFile: 7В*778В*304, NumberOfLinks: 1, DeletePending: Нет, Directory: Нет","""C:\Windows\System32\msiexec.exe"" /i ""C:\charles-proxy_3.6_.5_.msi"" "
17:15:13,5840480,"msiexec.exe","5600","CreateFileMapping","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_READONLY","""C:\Windows\System32\msiexec.exe"" /i ""C:\charles-proxy_3.6_.5_.msi"" "
17:15:13,5840532,"msiexec.exe","5600","QueryStandardInformationFile","SUCCESS","AllocationSize: 7В*778В*304, EndOfFile: 7В*778В*304, NumberOfLinks: 1, DeletePending: Нет, Directory: Нет","""C:\Windows\System32\msiexec.exe"" /i ""C:\charles-proxy_3.6_.5_.msi"" "
17:15:13,5840631,"msiexec.exe","5600","CreateFileMapping","SUCCESS","SyncType: SyncTypeOther","""C:\Windows\System32\msiexec.exe"" /i ""C:\charles-proxy_3.6_.5_.msi"" "
17:15:13,5840709,"msiexec.exe","5600","QueryStandardInformationFile","SUCCESS","AllocationSize: 7В*778В*304, EndOfFile: 7В*778В*304, NumberOfLinks: 1, DeletePending: Нет, Directory: Нет","""C:\Windows\System32\msiexec.exe"" /i ""C:\charles-proxy_3.6_.5_.msi"" "
17:15:13,5946994,"msiexec.exe","5600","QueryBasicInformationFile","SUCCESS","CreationTime: 24.05.2014 0:04:47, LastAccessTime: 24.05.2014 0:04:47, LastWriteTime: 24.05.2014 0:04:54, ChangeTime: 11.06.2014 17:14:17, FileAttributes: A","""C:\Windows\System32\msiexec.exe"" /i ""C:\charles-proxy_3.6_.5_.msi"" "
17:15:13,5947162,"msiexec.exe","5600","LockFile","SUCCESS","Exclusive: Да, Смещение: 2В*147В*483В*538, Length: 1, Fail Immediately: Да","""C:\Windows\System32\msiexec.exe"" /i ""C:\charles-proxy_3.6_.5_.msi"" "
17:15:13,5947295,"msiexec.exe","5600","LockFile","SUCCESS","Exclusive: Да, Смещение: 2В*147В*483В*559, Length: 20, Fail Immediately: Да","""C:\Windows\System32\msiexec.exe"" /i ""C:\charles-proxy_3.6_.5_.msi"" "
17:15:13,5947401,"msiexec.exe","5600","UnlockFileSingle","SUCCESS","Смещение: 2В*147В*483В*559, Length: 20","""C:\Windows\System32\msiexec.exe"" /i ""C:\charles-proxy_3.6_.5_.msi"" "
17:15:13,5947503,"msiexec.exe","5600","LockFile","SUCCESS","Exclusive: Да, Смещение: 2В*147В*483В*579, Length: 20, Fail Immediately: Да","""C:\Windows\System32\msiexec.exe"" /i ""C:\charles-proxy_3.6_.5_.msi"" "
17:15:13,5947592,"msiexec.exe","5600","UnlockFileSingle","SUCCESS","Смещение: 2В*147В*483В*579, Length: 20","""C:\Windows\System32\msiexec.exe"" /i ""C:\charles-proxy_3.6_.5_.msi"" "
17:15:13,5947711,"msiexec.exe","5600","UnlockFileSingle","SUCCESS","Смещение: 2В*147В*483В*538, Length: 1","""C:\Windows\System32\msiexec.exe"" /i ""C:\charles-proxy_3.6_.5_.msi"" "
17:15:13,5948329,"msiexec.exe","5600","QueryBasicInformationFile","SUCCESS","CreationTime: 24.05.2014 0:04:47, LastAccessTime: 24.05.2014 0:04:47, LastWriteTime: 24.05.2014 0:04:54, ChangeTime: 11.06.2014 17:14:17, FileAttributes: A","""C:\Windows\System32\msiexec.exe"" /i ""C:\charles-proxy_3.6_.5_.msi"" "
17:15:13,5948503,"msiexec.exe","5600","QueryBasicInformationFile","SUCCESS","CreationTime: 24.05.2014 0:04:47, LastAccessTime: 24.05.2014 0:04:47, LastWriteTime: 24.05.2014 0:04:54, ChangeTime: 11.06.2014 17:14:17, FileAttributes: A","""C:\Windows\System32\msiexec.exe"" /i ""C:\charles-proxy_3.6_.5_.msi"" "
17:15:13,5948565,"msiexec.exe","5600","QueryBasicInformationFile","SUCCESS","CreationTime: 24.05.2014 0:04:47, LastAccessTime: 24.05.2014 0:04:47, LastWriteTime: 24.05.2014 0:04:54, ChangeTime: 11.06.2014 17:14:17, FileAttributes: A","""C:\Windows\System32\msiexec.exe"" /i ""C:\charles-proxy_3.6_.5_.msi"" "
17:15:13,5956699,"msiexec.exe","5600","CloseFile","SUCCESS","","""C:\Windows\System32\msiexec.exe"" /i ""C:\charles-proxy_3.6_.5_.msi"" "
17:15:13,5959843,"msiexec.exe","5600","CreateFile","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, AllocationSize: n/a, OpenResult: Opened","""C:\Windows\System32\msiexec.exe"" /i ""C:\charles-proxy_3.6_.5_.msi"" "
17:15:13,5960120,"msiexec.exe","5600","QueryStandardInformationFile","SUCCESS","AllocationSize: 7В*778В*304, EndOfFile: 7В*778В*304, NumberOfLinks: 1, DeletePending: Нет, Directory: Нет","""C:\Windows\System32\msiexec.exe"" /i ""C:\charles-proxy_3.6_.5_.msi"" "
17:15:13,5960212,"msiexec.exe","5600","CreateFileMapping","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_READONLY","""C:\Windows\System32\msiexec.exe"" /i ""C:\charles-proxy_3.6_.5_.msi"" "
17:15:13,5960257,"msiexec.exe","5600","QueryStandardInformationFile","SUCCESS","AllocationSize: 7В*778В*304, EndOfFile: 7В*778В*304, NumberOfLinks: 1, DeletePending: Нет, Directory: Нет","""C:\Windows\System32\msiexec.exe"" /i ""C:\charles-proxy_3.6_.5_.msi"" "
17:15:13,5960345,"msiexec.exe","5600","CreateFileMapping","SUCCESS","SyncType: SyncTypeOther","""C:\Windows\System32\msiexec.exe"" /i ""C:\charles-proxy_3.6_.5_.msi"" "
17:15:13,5960431,"msiexec.exe","5600","QueryStandardInformationFile","SUCCESS","AllocationSize: 7В*778В*304, EndOfFile: 7В*778В*304, NumberOfLinks: 1, DeletePending: Нет, Directory: Нет","""C:\Windows\System32\msiexec.exe"" /i ""C:\charles-proxy_3.6_.5_.msi"" "
17:15:13,5961120,"msiexec.exe","5600","QueryBasicInformationFile","SUCCESS","CreationTime: 24.05.2014 0:04:47, LastAccessTime: 24.05.2014 0:04:47, LastWriteTime: 24.05.2014 0:04:54, ChangeTime: 11.06.2014 17:14:17, FileAttributes: A","""C:\Windows\System32\msiexec.exe"" /i ""C:\charles-proxy_3.6_.5_.msi"" "
17:15:13,5961240,"msiexec.exe","5600","LockFile","SUCCESS","Exclusive: Да, Смещение: 2В*147В*483В*538, Length: 1, Fail Immediately: Да","""C:\Windows\System32\msiexec.exe"" /i ""C:\charles-proxy_3.6_.5_.msi"" "
17:15:13,5961386,"msiexec.exe","5600","LockFile","SUCCESS","Exclusive: Да, Смещение: 2В*147В*483В*559, Length: 20, Fail Immediately: Да","""C:\Windows\System32\msiexec.exe"" /i ""C:\charles-proxy_3.6_.5_.msi"" "
17:15:13,5961492,"msiexec.exe","5600","UnlockFileSingle","SUCCESS","Смещение: 2В*147В*483В*559, Length: 20","""C:\Windows\System32\msiexec.exe"" /i ""C:\charles-proxy_3.6_.5_.msi"" "
17:15:13,5961595,"msiexec.exe","5600","LockFile","SUCCESS","Exclusive: Да, Смещение: 2В*147В*483В*579, Length: 20, Fail Immediately: Да","""C:\Windows\System32\msiexec.exe"" /i ""C:\charles-proxy_3.6_.5_.msi"" "
17:15:13,5961687,"msiexec.exe","5600","UnlockFileSingle","SUCCESS","Смещение: 2В*147В*483В*579, Length: 20","""C:\Windows\System32\msiexec.exe"" /i ""C:\charles-proxy_3.6_.5_.msi"" "
17:15:13,5961789,"msiexec.exe","5600","UnlockFileSingle","SUCCESS","Смещение: 2В*147В*483В*538, Length: 1","""C:\Windows\System32\msiexec.exe"" /i ""C:\charles-proxy_3.6_.5_.msi"" "
17:15:13,5962073,"msiexec.exe","5600","QueryBasicInformationFile","SUCCESS","CreationTime: 24.05.2014 0:04:47, LastAccessTime: 24.05.2014 0:04:47, LastWriteTime: 24.05.2014 0:04:54, ChangeTime: 11.06.2014 17:14:17, FileAttributes: A","""C:\Windows\System32\msiexec.exe"" /i ""C:\charles-proxy_3.6_.5_.msi"" "
17:15:13,5962165,"msiexec.exe","5600","QueryBasicInformationFile","SUCCESS","CreationTime: 24.05.2014 0:04:47, LastAccessTime: 24.05.2014 0:04:47, LastWriteTime: 24.05.2014 0:04:54, ChangeTime: 11.06.2014 17:14:17, FileAttributes: A","""C:\Windows\System32\msiexec.exe"" /i ""C:\charles-proxy_3.6_.5_.msi"" "
17:15:13,5962219,"msiexec.exe","5600","QueryBasicInformationFile","SUCCESS","CreationTime: 24.05.2014 0:04:47, LastAccessTime: 24.05.2014 0:04:47, LastWriteTime: 24.05.2014 0:04:54, ChangeTime: 11.06.2014 17:14:17, FileAttributes: A","""C:\Windows\System32\msiexec.exe"" /i ""C:\charles-proxy_3.6_.5_.msi"" "
17:15:13,5969026,"msiexec.exe","5600","CloseFile","SUCCESS","","""C:\Windows\System32\msiexec.exe"" /i ""C:\charles-proxy_3.6_.5_.msi"" "
17:15:13,6202905,"msiexec.exe","5600","CreateFile","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, AllocationSize: n/a, OpenResult: Opened","""C:\Windows\System32\msiexec.exe"" /i ""C:\charles-proxy_3.6_.5_.msi"" "
17:15:13,6203260,"msiexec.exe","5600","QueryStandardInformationFile","SUCCESS","AllocationSize: 7В*778В*304, EndOfFile: 7В*778В*304, NumberOfLinks: 1, DeletePending: Нет, Directory: Нет","""C:\Windows\System32\msiexec.exe"" /i ""C:\charles-proxy_3.6_.5_.msi"" "
17:15:13,6203359,"msiexec.exe","5600","CreateFileMapping","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_READONLY","""C:\Windows\System32\msiexec.exe"" /i ""C:\charles-proxy_3.6_.5_.msi"" "
17:15:13,6203407,"msiexec.exe","5600","QueryStandardInformationFile","SUCCESS","AllocationSize: 7В*778В*304, EndOfFile: 7В*778В*304, NumberOfLinks: 1, DeletePending: Нет, Directory: Нет","""C:\Windows\System32\msiexec.exe"" /i ""C:\charles-proxy_3.6_.5_.msi"" "
17:15:13,6203495,"msiexec.exe","5600","CreateFileMapping","SUCCESS","SyncType: SyncTypeOther","""C:\Windows\System32\msiexec.exe"" /i ""C:\charles-proxy_3.6_.5_.msi"" "
17:15:13,6203570,"msiexec.exe","5600","QueryStandardInformationFile","SUCCESS","AllocationSize: 7В*778В*304, EndOfFile: 7В*778В*304, NumberOfLinks: 1, DeletePending: Нет, Directory: Нет","""C:\Windows\System32\msiexec.exe"" /i ""C:\charles-proxy_3.6_.5_.msi"" "
17:15:13,6204578,"msiexec.exe","5600","QueryBasicInformationFile","SUCCESS","CreationTime: 24.05.2014 0:04:47, LastAccessTime: 24.05.2014 0:04:47, LastWriteTime: 24.05.2014 0:04:54, ChangeTime: 11.06.2014 17:14:17, FileAttributes: A","""C:\Windows\System32\msiexec.exe"" /i ""C:\charles-proxy_3.6_.5_.msi"" "
17:15:13,6204704,"msiexec.exe","5600","LockFile","SUCCESS","Exclusive: Да, Смещение: 2В*147В*483В*538, Length: 1, Fail Immediately: Да","""C:\Windows\System32\msiexec.exe"" /i ""C:\charles-proxy_3.6_.5_.msi"" "
17:15:13,6204834,"msiexec.exe","5600","LockFile","SUCCESS","Exclusive: Да, Смещение: 2В*147В*483В*559, Length: 20, Fail Immediately: Да","""C:\Windows\System32\msiexec.exe"" /i ""C:\charles-proxy_3.6_.5_.msi"" "
17:15:13,6204936,"msiexec.exe","5600","UnlockFileSingle","SUCCESS","Смещение: 2В*147В*483В*559, Length: 20","""C:\Windows\System32\msiexec.exe"" /i ""C:\charles-proxy_3.6_.5_.msi"" "
17:15:13,6205376,"msiexec.exe","5600","LockFile","SUCCESS","Exclusive: Да, Смещение: 2В*147В*483В*579, Length: 20, Fail Immediately: Да","""C:\Windows\System32\msiexec.exe"" /i ""C:\charles-proxy_3.6_.5_.msi"" "
17:15:13,6205472,"msiexec.exe","5600","UnlockFileSingle","SUCCESS","Смещение: 2В*147В*483В*579, Length: 20","""C:\Windows\System32\msiexec.exe"" /i ""C:\charles-proxy_3.6_.5_.msi"" "
17:15:13,6205567,"msiexec.exe","5600","UnlockFileSingle","SUCCESS","Смещение: 2В*147В*483В*538, Length: 1","""C:\Windows\System32\msiexec.exe"" /i ""C:\charles-proxy_3.6_.5_.msi"" "
17:15:13,6205929,"msiexec.exe","5600","QueryBasicInformationFile","SUCCESS","CreationTime: 24.05.2014 0:04:47, LastAccessTime: 24.05.2014 0:04:47, LastWriteTime: 24.05.2014 0:04:54, ChangeTime: 11.06.2014 17:14:17, FileAttributes: A","""C:\Windows\System32\msiexec.exe"" /i ""C:\charles-proxy_3.6_.5_.msi"" "
17:15:13,6206025,"msiexec.exe","5600","QueryBasicInformationFile","SUCCESS","CreationTime: 24.05.2014 0:04:47, LastAccessTime: 24.05.2014 0:04:47, LastWriteTime: 24.05.2014 0:04:54, ChangeTime: 11.06.2014 17:14:17, FileAttributes: A","""C:\Windows\System32\msiexec.exe"" /i ""C:\charles-proxy_3.6_.5_.msi"" "
17:15:13,6530165,"msiexec.exe","5600","CreateFile","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened","""C:\Windows\System32\msiexec.exe"" /i ""C:\charles-proxy_3.6_.5_.msi"" "
17:15:13,6530414,"msiexec.exe","5600","QueryNetworkOpenInformationFile","SUCCESS","CreationTime: 24.05.2014 0:04:47, LastAccessTime: 24.05.2014 0:04:47, LastWriteTime: 24.05.2014 0:04:54, ChangeTime: 11.06.2014 17:14:17, AllocationSize: 01.01.1601 6:00:00, EndOfFile: 01.01.1601 6:00:00, FileAttributes: A","""C:\Windows\System32\msiexec.exe"" /i ""C:\charles-proxy_3.6_.5_.msi"" "
17:15:13,6530465,"msiexec.exe","5600","CloseFile","SUCCESS","","""C:\Windows\System32\msiexec.exe"" /i ""C:\charles-proxy_3.6_.5_.msi"" "
17:15:13,6531175,"msiexec.exe","5600","CloseFile","SUCCESS","","""C:\Windows\System32\msiexec.exe"" /i ""C:\charles-proxy_3.6_.5_.msi"" "
17:15:13,6532537,"msiexec.exe","5600","CreateFile","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, AllocationSize: n/a, OpenResult: Opened","""C:\Windows\System32\msiexec.exe"" /i ""C:\charles-proxy_3.6_.5_.msi"" "
17:15:13,6532793,"msiexec.exe","5600","QueryStandardInformationFile","SUCCESS","AllocationSize: 7В*778В*304, EndOfFile: 7В*778В*304, NumberOfLinks: 1, DeletePending: Нет, Directory: Нет","""C:\Windows\System32\msiexec.exe"" /i ""C:\charles-proxy_3.6_.5_.msi"" "
17:15:13,6532896,"msiexec.exe","5600","CreateFileMapping","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_READONLY","""C:\Windows\System32\msiexec.exe"" /i ""C:\charles-proxy_3.6_.5_.msi"" "
17:15:13,6532940,"msiexec.exe","5600","QueryStandardInformationFile","SUCCESS","AllocationSize: 7В*778В*304, EndOfFile: 7В*778В*304, NumberOfLinks: 1, DeletePending: Нет, Directory: Нет","""C:\Windows\System32\msiexec.exe"" /i ""C:\charles-proxy_3.6_.5_.msi"" "
17:15:13,6533025,"msiexec.exe","5600","CreateFileMapping","SUCCESS","SyncType: SyncTypeOther","""C:\Windows\System32\msiexec.exe"" /i ""C:\charles-proxy_3.6_.5_.msi"" "
17:15:13,6533100,"msiexec.exe","5600","QueryStandardInformationFile","SUCCESS","AllocationSize: 7В*778В*304, EndOfFile: 7В*778В*304, NumberOfLinks: 1, DeletePending: Нет, Directory: Нет","""C:\Windows\System32\msiexec.exe"" /i ""C:\charles-proxy_3.6_.5_.msi"" "
17:15:13,6533944,"msiexec.exe","5600","QueryBasicInformationFile","SUCCESS","CreationTime: 24.05.2014 0:04:47, LastAccessTime: 24.05.2014 0:04:47, LastWriteTime: 24.05.2014 0:04:54, ChangeTime: 11.06.2014 17:14:17, FileAttributes: A","""C:\Windows\System32\msiexec.exe"" /i ""C:\charles-proxy_3.6_.5_.msi"" "
17:15:13,6534063,"msiexec.exe","5600","LockFile","SUCCESS","Exclusive: Да, Смещение: 2В*147В*483В*538, Length: 1, Fail Immediately: Да","""C:\Windows\System32\msiexec.exe"" /i ""C:\charles-proxy_3.6_.5_.msi"" "
17:15:13,6534189,"msiexec.exe","5600","LockFile","SUCCESS","Exclusive: Да, Смещение: 2В*147В*483В*559, Length: 20, Fail Immediately: Да","""C:\Windows\System32\msiexec.exe"" /i ""C:\charles-proxy_3.6_.5_.msi"" "
17:15:13,6534292,"msiexec.exe","5600","UnlockFileSingle","SUCCESS","Смещение: 2В*147В*483В*559, Length: 20","""C:\Windows\System32\msiexec.exe"" /i ""C:\charles-proxy_3.6_.5_.msi"" "
17:15:13,6534394,"msiexec.exe","5600","LockFile","SUCCESS","Exclusive: Да, Смещение: 2В*147В*483В*579, Length: 20, Fail Immediately: Да","""C:\Windows\System32\msiexec.exe"" /i ""C:\charles-proxy_3.6_.5_.msi"" "
17:15:13,6534486,"msiexec.exe","5600","UnlockFileSingle","SUCCESS","Смещение: 2В*147В*483В*579, Length: 20","""C:\Windows\System32\msiexec.exe"" /i ""C:\charles-proxy_3.6_.5_.msi"" "
17:15:13,6534579,"msiexec.exe","5600","UnlockFileSingle","SUCCESS","Смещение: 2В*147В*483В*538, Length: 1","""C:\Windows\System32\msiexec.exe"" /i ""C:\charles-proxy_3.6_.5_.msi"" "
17:15:13,6534869,"msiexec.exe","5600","QueryBasicInformationFile","SUCCESS","CreationTime: 24.05.2014 0:04:47, LastAccessTime: 24.05.2014 0:04:47, LastWriteTime: 24.05.2014 0:04:54, ChangeTime: 11.06.2014 17:14:17, FileAttributes: A","""C:\Windows\System32\msiexec.exe"" /i ""C:\charles-proxy_3.6_.5_.msi"" "
17:15:13,6534964,"msiexec.exe","5600","QueryBasicInformationFile","SUCCESS","CreationTime: 24.05.2014 0:04:47, LastAccessTime: 24.05.2014 0:04:47, LastWriteTime: 24.05.2014 0:04:54, ChangeTime: 11.06.2014 17:14:17, FileAttributes: A","""C:\Windows\System32\msiexec.exe"" /i ""C:\charles-proxy_3.6_.5_.msi"" "
17:15:13,6541720,"msiexec.exe","5600","CreateFile","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, AllocationSize: n/a, OpenResult: Opened","""C:\Windows\System32\msiexec.exe"" /i ""C:\charles-proxy_3.6_.5_.msi"" "
17:15:13,6542792,"msiexec.exe","5600","CreateFile","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened","""C:\Windows\System32\msiexec.exe"" /i ""C:\charles-proxy_3.6_.5_.msi"" "
17:15:13,6543045,"msiexec.exe","5600","CloseFile","SUCCESS","","""C:\Windows\System32\msiexec.exe"" /i ""C:\charles-proxy_3.6_.5_.msi"" "
17:15:13,6543878,"msiexec.exe","5600","CreateFile","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened","""C:\Windows\System32\msiexec.exe"" /i ""C:\charles-proxy_3.6_.5_.msi"" "
17:15:13,6544103,"msiexec.exe","5600","CloseFile","SUCCESS","","""C:\Windows\System32\msiexec.exe"" /i ""C:\charles-proxy_3.6_.5_.msi"" "
17:15:13,6544946,"msiexec.exe","5600","CreateFile","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened","""C:\Windows\System32\msiexec.exe"" /i ""C:\charles-proxy_3.6_.5_.msi"" "
17:15:13,6545209,"msiexec.exe","5600","DeviceIoControl","INVALID PARAMETER","Control: IOCTL_MOUNTDEV_QUERY_DEVICE_NAME","""C:\Windows\System32\msiexec.exe"" /i ""C:\charles-proxy_3.6_.5_.msi"" "
17:15:13,6545270,"msiexec.exe","5600","CloseFile","SUCCESS","","""C:\Windows\System32\msiexec.exe"" /i ""C:\charles-proxy_3.6_.5_.msi"" "
17:15:13,6546124,"msiexec.exe","5600","CreateFile","NAME INVALID","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open Reparse Point, Attributes: N, ShareMode: Read, Write, AllocationSize: n/a","""C:\Windows\System32\msiexec.exe"" /i ""C:\charles-proxy_3.6_.5_.msi"" "
17:15:13,6547001,"msiexec.exe","5600","QueryNameInformationFile","SUCCESS","Р˜РјСЏ: \charles-proxy_3.6_.5_.msi","""C:\Windows\System32\msiexec.exe"" /i ""C:\charles-proxy_3.6_.5_.msi"" "
17:15:13,6549240,"msiexec.exe","5600","CreateFile","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened","""C:\Windows\System32\msiexec.exe"" /i ""C:\charles-proxy_3.6_.5_.msi"" "
17:15:13,6549442,"msiexec.exe","5600","QueryBasicInformationFile","SUCCESS","CreationTime: 24.05.2014 0:04:47, LastAccessTime: 24.05.2014 0:04:47, LastWriteTime: 24.05.2014 0:04:54, ChangeTime: 11.06.2014 17:14:17, FileAttributes: A","""C:\Windows\System32\msiexec.exe"" /i ""C:\charles-proxy_3.6_.5_.msi"" "
17:15:13,6549490,"msiexec.exe","5600","CloseFile","SUCCESS","","""C:\Windows\System32\msiexec.exe"" /i ""C:\charles-proxy_3.6_.5_.msi"" "
17:15:13,6549773,"msiexec.exe","5600","CloseFile","SUCCESS","","""C:\Windows\System32\msiexec.exe"" /i ""C:\charles-proxy_3.6_.5_.msi"" "
17:15:13,6632964,"msiexec.exe","5600","QueryBasicInformationFile","SUCCESS","CreationTime: 24.05.2014 0:04:47, LastAccessTime: 24.05.2014 0:04:47, LastWriteTime: 24.05.2014 0:04:54, ChangeTime: 11.06.2014 17:14:17, FileAttributes: A","""C:\Windows\System32\msiexec.exe"" /i ""C:\charles-proxy_3.6_.5_.msi"" "
17:15:13,6633480,"msiexec.exe","5600","QueryBasicInformationFile","SUCCESS","CreationTime: 24.05.2014 0:04:47, LastAccessTime: 24.05.2014 0:04:47, LastWriteTime: 24.05.2014 0:04:54, ChangeTime: 11.06.2014 17:14:17, FileAttributes: A","""C:\Windows\System32\msiexec.exe"" /i ""C:\charles-proxy_3.6_.5_.msi"" "
17:15:13,6633541,"msiexec.exe","5600","QueryBasicInformationFile","SUCCESS","CreationTime: 24.05.2014 0:04:47, LastAccessTime: 24.05.2014 0:04:47, LastWriteTime: 24.05.2014 0:04:54, ChangeTime: 11.06.2014 17:14:17, FileAttributes: A","""C:\Windows\System32\msiexec.exe"" /i ""C:\charles-proxy_3.6_.5_.msi"" "
17:15:13,6646128,"msiexec.exe","5600","CreateFile","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened","""C:\Windows\System32\msiexec.exe"" /i ""C:\charles-proxy_3.6_.5_.msi"" "
17:15:13,6646353,"msiexec.exe","5600","QueryBasicInformationFile","SUCCESS","CreationTime: 24.05.2014 0:04:47, LastAccessTime: 24.05.2014 0:04:47, LastWriteTime: 24.05.2014 0:04:54, ChangeTime: 11.06.2014 17:14:17, FileAttributes: A","""C:\Windows\System32\msiexec.exe"" /i ""C:\charles-proxy_3.6_.5_.msi"" "
17:15:13,6646401,"msiexec.exe","5600","CloseFile","SUCCESS","","""C:\Windows\System32\msiexec.exe"" /i ""C:\charles-proxy_3.6_.5_.msi"" "
17:15:13,6873261,"msiexec.exe","5600","QueryDirectory","SUCCESS","Filter: charles-proxy_3.6_.5_.msi, 1: charles-proxy_3.6_.5_.msi","""C:\Windows\System32\msiexec.exe"" /i ""C:\charles-proxy_3.6_.5_.msi"" "
17:15:13,7812957,"msiexec.exe","5600","CreateFile","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened","""C:\Windows\System32\msiexec.exe"" /i ""C:\charles-proxy_3.6_.5_.msi"" "
17:15:13,7813206,"msiexec.exe","5600","QueryNetworkOpenInformationFile","SUCCESS","CreationTime: 24.05.2014 0:04:47, LastAccessTime: 24.05.2014 0:04:47, LastWriteTime: 24.05.2014 0:04:54, ChangeTime: 11.06.2014 17:14:17, AllocationSize: 01.01.1601 6:00:00, EndOfFile: 01.01.1601 6:00:00, FileAttributes: A","""C:\Windows\System32\msiexec.exe"" /i ""C:\charles-proxy_3.6_.5_.msi"" "
17:15:13,7813260,"msiexec.exe","5600","CloseFile","SUCCESS","","""C:\Windows\System32\msiexec.exe"" /i ""C:\charles-proxy_3.6_.5_.msi"" "
17:15:23,5928625,"msiexec.exe","2908","CreateFile","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Anastasia-РџРљ\Anastasia, OpenResult: Opened","C:\Windows\system32\msiexec.exe /V"
17:15:23,5928919,"msiexec.exe","2908","QueryBasicInformationFile","SUCCESS","CreationTime: 24.05.2014 0:04:47, LastAccessTime: 24.05.2014 0:04:47, LastWriteTime: 24.05.2014 0:04:54, ChangeTime: 11.06.2014 17:14:17, FileAttributes: A","C:\Windows\system32\msiexec.exe /V"
17:15:23,5928970,"msiexec.exe","2908","CloseFile","SUCCESS","","C:\Windows\system32\msiexec.exe /V"
17:15:23,5930001,"msiexec.exe","2908","CreateFile","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, AllocationSize: n/a, Impersonating: Anastasia-РџРљ\Anastasia, OpenResult: Opened","C:\Windows\system32\msiexec.exe /V"
17:15:23,5930264,"msiexec.exe","2908","QueryStandardInformationFile","SUCCESS","AllocationSize: 7В*778В*304, EndOfFile: 7В*778В*304, NumberOfLinks: 1, DeletePending: Нет, Directory: Нет","C:\Windows\system32\msiexec.exe /V"
17:15:23,5930363,"msiexec.exe","2908","CreateFileMapping","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_READONLY","C:\Windows\system32\msiexec.exe /V"
17:15:23,5930411,"msiexec.exe","2908","QueryStandardInformationFile","SUCCESS","AllocationSize: 7В*778В*304, EndOfFile: 7В*778В*304, NumberOfLinks: 1, DeletePending: Нет, Directory: Нет","C:\Windows\system32\msiexec.exe /V"
17:15:23,5930496,"msiexec.exe","2908","CreateFileMapping","SUCCESS","SyncType: SyncTypeOther","C:\Windows\system32\msiexec.exe /V"
17:15:23,5930571,"msiexec.exe","2908","QueryStandardInformationFile","SUCCESS","AllocationSize: 7В*778В*304, EndOfFile: 7В*778В*304, NumberOfLinks: 1, DeletePending: Нет, Directory: Нет","C:\Windows\system32\msiexec.exe /V"
17:15:23,5931271,"msiexec.exe","2908","QueryBasicInformationFile","SUCCESS","CreationTime: 24.05.2014 0:04:47, LastAccessTime: 24.05.2014 0:04:47, LastWriteTime: 24.05.2014 0:04:54, ChangeTime: 11.06.2014 17:14:17, FileAttributes: A","C:\Windows\system32\msiexec.exe /V"
17:15:23,5931390,"msiexec.exe","2908","LockFile","SUCCESS","Exclusive: Да, Смещение: 2В*147В*483В*538, Length: 1, Fail Immediately: Да","C:\Windows\system32\msiexec.exe /V"
17:15:23,5931524,"msiexec.exe","2908","LockFile","SUCCESS","Exclusive: Да, Смещение: 2В*147В*483В*559, Length: 20, Fail Immediately: Да","C:\Windows\system32\msiexec.exe /V"
17:15:23,5931626,"msiexec.exe","2908","UnlockFileSingle","SUCCESS","Смещение: 2В*147В*483В*559, Length: 20","C:\Windows\system32\msiexec.exe /V"
17:15:23,5931725,"msiexec.exe","2908","LockFile","SUCCESS","Exclusive: Да, Смещение: 2В*147В*483В*579, Length: 20, Fail Immediately: Да","C:\Windows\system32\msiexec.exe /V"
17:15:23,5931814,"msiexec.exe","2908","UnlockFileSingle","SUCCESS","Смещение: 2В*147В*483В*579, Length: 20","C:\Windows\system32\msiexec.exe /V"
17:15:23,5931909,"msiexec.exe","2908","UnlockFileSingle","SUCCESS","Смещение: 2В*147В*483В*538, Length: 1","C:\Windows\system32\msiexec.exe /V"
17:15:23,5932247,"msiexec.exe","2908","QueryBasicInformationFile","SUCCESS","CreationTime: 24.05.2014 0:04:47, LastAccessTime: 24.05.2014 0:04:47, LastWriteTime: 24.05.2014 0:04:54, ChangeTime: 11.06.2014 17:14:17, FileAttributes: A","C:\Windows\system32\msiexec.exe /V"
17:15:23,5932350,"msiexec.exe","2908","QueryBasicInformationFile","SUCCESS","CreationTime: 24.05.2014 0:04:47, LastAccessTime: 24.05.2014 0:04:47, LastWriteTime: 24.05.2014 0:04:54, ChangeTime: 11.06.2014 17:14:17, FileAttributes: A","C:\Windows\system32\msiexec.exe /V"
17:15:23,6225664,"msiexec.exe","2908","CreateFile","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Anastasia-РџРљ\Anastasia, OpenResult: Opened","C:\Windows\system32\msiexec.exe /V"
17:15:23,6226039,"msiexec.exe","2908","QueryBasicInformationFile","SUCCESS","CreationTime: 24.05.2014 0:04:47, LastAccessTime: 24.05.2014 0:04:47, LastWriteTime: 24.05.2014 0:04:54, ChangeTime: 11.06.2014 17:14:17, FileAttributes: A","C:\Windows\system32\msiexec.exe /V"
17:15:23,6226091,"msiexec.exe","2908","CloseFile","SUCCESS","","C:\Windows\system32\msiexec.exe /V"
17:15:23,6227261,"msiexec.exe","2908","CreateFile","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, AllocationSize: n/a, Impersonating: Anastasia-РџРљ\Anastasia, OpenResult: Opened","C:\Windows\system32\msiexec.exe /V"
17:15:23,6227538,"msiexec.exe","2908","QueryStandardInformationFile","SUCCESS","AllocationSize: 7В*778В*304, EndOfFile: 7В*778В*304, NumberOfLinks: 1, DeletePending: Нет, Directory: Нет","C:\Windows\system32\msiexec.exe /V"
17:15:23,6227664,"msiexec.exe","2908","CreateFileMapping","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_READONLY","C:\Windows\system32\msiexec.exe /V"
17:15:23,6227715,"msiexec.exe","2908","QueryStandardInformationFile","SUCCESS","AllocationSize: 7В*778В*304, EndOfFile: 7В*778В*304, NumberOfLinks: 1, DeletePending: Нет, Directory: Нет","C:\Windows\system32\msiexec.exe /V"
17:15:23,6227808,"msiexec.exe","2908","CreateFileMapping","SUCCESS","SyncType: SyncTypeOther","C:\Windows\system32\msiexec.exe /V"
17:15:23,6227883,"msiexec.exe","2908","QueryStandardInformationFile","SUCCESS","AllocationSize: 7В*778В*304, EndOfFile: 7В*778В*304, NumberOfLinks: 1, DeletePending: Нет, Directory: Нет","C:\Windows\system32\msiexec.exe /V"
17:15:23,6228593,"msiexec.exe","2908","QueryBasicInformationFile","SUCCESS","CreationTime: 24.05.2014 0:04:47, LastAccessTime: 24.05.2014 0:04:47, LastWriteTime: 24.05.2014 0:04:54, ChangeTime: 11.06.2014 17:14:17, FileAttributes: A","C:\Windows\system32\msiexec.exe /V"
17:15:23,6228719,"msiexec.exe","2908","LockFile","SUCCESS","Exclusive: Да, Смещение: 2В*147В*483В*538, Length: 1, Fail Immediately: Да","C:\Windows\system32\msiexec.exe /V"
17:15:23,6228852,"msiexec.exe","2908","LockFile","SUCCESS","Exclusive: Да, Смещение: 2В*147В*483В*559, Length: 20, Fail Immediately: Да","C:\Windows\system32\msiexec.exe /V"
17:15:23,6228961,"msiexec.exe","2908","UnlockFileSingle","SUCCESS","Смещение: 2В*147В*483В*559, Length: 20","C:\Windows\system32\msiexec.exe /V"
17:15:23,6229067,"msiexec.exe","2908","LockFile","SUCCESS","Exclusive: Да, Смещение: 2В*147В*483В*579, Length: 20, Fail Immediately: Да","C:\Windows\system32\msiexec.exe /V"
17:15:23,6229163,"msiexec.exe","2908","UnlockFileSingle","SUCCESS","Смещение: 2В*147В*483В*579, Length: 20","C:\Windows\system32\msiexec.exe /V"
17:15:23,6229258,"msiexec.exe","2908","UnlockFileSingle","SUCCESS","Смещение: 2В*147В*483В*538, Length: 1","C:\Windows\system32\msiexec.exe /V"
17:15:23,6229603,"msiexec.exe","2908","QueryBasicInformationFile","SUCCESS","CreationTime: 24.05.2014 0:04:47, LastAccessTime: 24.05.2014 0:04:47, LastWriteTime: 24.05.2014 0:04:54, ChangeTime: 11.06.2014 17:14:17, FileAttributes: A","C:\Windows\system32\msiexec.exe /V"
17:15:23,6229736,"msiexec.exe","2908","QueryBasicInformationFile","SUCCESS","CreationTime: 24.05.2014 0:04:47, LastAccessTime: 24.05.2014 0:04:47, LastWriteTime: 24.05.2014 0:04:54, ChangeTime: 11.06.2014 17:14:17, FileAttributes: A","C:\Windows\system32\msiexec.exe /V"
17:15:23,6229791,"msiexec.exe","2908","QueryBasicInformationFile","SUCCESS","CreationTime: 24.05.2014 0:04:47, LastAccessTime: 24.05.2014 0:04:47, LastWriteTime: 24.05.2014 0:04:54, ChangeTime: 11.06.2014 17:14:17, FileAttributes: A","C:\Windows\system32\msiexec.exe /V"
17:15:23,6256111,"msiexec.exe","2908","CloseFile","SUCCESS","","C:\Windows\system32\msiexec.exe /V"
17:15:23,6266802,"msiexec.exe","2908","CreateFile","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened","C:\Windows\system32\msiexec.exe /V"
17:15:23,6267021,"msiexec.exe","2908","QueryNetworkOpenInformationFile","SUCCESS","CreationTime: 24.05.2014 0:04:47, LastAccessTime: 24.05.2014 0:04:47, LastWriteTime: 24.05.2014 0:04:54, ChangeTime: 11.06.2014 17:14:17, AllocationSize: 01.01.1601 6:00:00, EndOfFile: 01.01.1601 6:00:00, FileAttributes: A","C:\Windows\system32\msiexec.exe /V"
17:15:23,6267072,"msiexec.exe","2908","CloseFile","SUCCESS","","C:\Windows\system32\msiexec.exe /V"
17:15:23,6277760,"msiexec.exe","2908","CreateFile","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened","C:\Windows\system32\msiexec.exe /V"
17:15:23,6277962,"msiexec.exe","2908","QueryNetworkOpenInformationFile","SUCCESS","CreationTime: 24.05.2014 0:04:47, LastAccessTime: 24.05.2014 0:04:47, LastWriteTime: 24.05.2014 0:04:54, ChangeTime: 11.06.2014 17:14:17, AllocationSize: 01.01.1601 6:00:00, EndOfFile: 01.01.1601 6:00:00, FileAttributes: A","C:\Windows\system32\msiexec.exe /V"
17:15:23,6278009,"msiexec.exe","2908","CloseFile","SUCCESS","","C:\Windows\system32\msiexec.exe /V"
17:15:23,6284301,"msiexec.exe","2908","CreateFile","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Open No Recall, Attributes: n/a, ShareMode: Read, AllocationSize: n/a, OpenResult: Opened","C:\Windows\system32\msiexec.exe /V"
17:15:23,6291937,"msiexec.exe","2908","QueryStandardInformationFile","SUCCESS","AllocationSize: 7В*778В*304, EndOfFile: 7В*778В*304, NumberOfLinks: 1, DeletePending: Нет, Directory: Нет","C:\Windows\system32\msiexec.exe /V"
17:15:23,6293333,"msiexec.exe","2908","ReadFile","SUCCESS","Offset: 0, Length: 65В*536, Priority: Normal","C:\Windows\system32\msiexec.exe /V"
17:15:23,6294743,"msiexec.exe","2908","ReadFile","SUCCESS","Offset: 65В*536, Length: 65В*536, Priority: Normal","C:\Windows\system32\msiexec.exe /V"
17:15:23,6295508,"msiexec.exe","2908","ReadFile","SUCCESS","Offset: 131В*072, Length: 65В*536, Priority: Normal","C:\Windows\system32\msiexec.exe /V"
17:15:23,6296249,"msiexec.exe","2908","ReadFile","SUCCESS","Offset: 196В*608, Length: 65В*536, Priority: Normal","C:\Windows\system32\msiexec.exe /V"
17:15:23,6296996,"msiexec.exe","2908","ReadFile","SUCCESS","Offset: 262В*144, Length: 65В*536, Priority: Normal","C:\Windows\system32\msiexec.exe /V"
17:15:23,6297751,"msiexec.exe","2908","ReadFile","SUCCESS","Offset: 327В*680, Length: 65В*536, Priority: Normal","C:\Windows\system32\msiexec.exe /V"
17:15:23,6298495,"msiexec.exe","2908","ReadFile","SUCCESS","Offset: 393В*216, Length: 65В*536, Priority: Normal","C:\Windows\system32\msiexec.exe /V"
17:15:23,6299229,"msiexec.exe","2908","ReadFile","SUCCESS","Offset: 458В*752, Length: 65В*536, Priority: Normal","C:\Windows\system32\msiexec.exe /V"
17:15:23,6299946,"msiexec.exe","2908","ReadFile","SUCCESS","Offset: 524В*288, Length: 65В*536, Priority: Normal","C:\Windows\system32\msiexec.exe /V"
17:15:23,6300710,"msiexec.exe","2908","ReadFile","SUCCESS","Offset: 589В*824, Length: 65В*536, Priority: Normal","C:\Windows\system32\msiexec.exe /V"
17:15:23,6301441,"msiexec.exe","2908","ReadFile","SUCCESS","Offset: 655В*360, Length: 65В*536, Priority: Normal","C:\Windows\system32\msiexec.exe /V"
17:15:23,6302168,"msiexec.exe","2908","ReadFile","SUCCESS","Offset: 720В*896, Length: 65В*536, Priority: Normal","C:\Windows\system32\msiexec.exe /V"
17:15:23,6302892,"msiexec.exe","2908","ReadFile","SUCCESS","Offset: 786В*432, Length: 65В*536, Priority: Normal","C:\Windows\system32\msiexec.exe /V"
17:15:23,6303656,"msiexec.exe","2908","ReadFile","SUCCESS","Offset: 851В*968, Length: 65В*536, Priority: Normal","C:\Windows\system32\msiexec.exe /V"
17:15:23,6304387,"msiexec.exe","2908","ReadFile","SUCCESS","Offset: 917В*504, Length: 65В*536, Priority: Normal","C:\Windows\system32\msiexec.exe /V"
17:15:23,6305107,"msiexec.exe","2908","ReadFile","SUCCESS","Offset: 983В*040, Length: 65В*536, Priority: Normal","C:\Windows\system32\msiexec.exe /V"
17:15:23,6305827,"msiexec.exe","2908","ReadFile","SUCCESS","Offset: 1В*048В*576, Length: 65В*536, Priority: Normal","C:\Windows\system32\msiexec.exe /V"
17:15:23,6307780,"msiexec.exe","2908","ReadFile","SUCCESS","Offset: 1В*114В*112, Length: 65В*536, Priority: Normal","C:\Windows\system32\msiexec.exe /V"
17:15:23,6308500,"msiexec.exe","2908","ReadFile","SUCCESS","Offset: 1В*179В*648, Length: 65В*536, Priority: Normal","C:\Windows\system32\msiexec.exe /V"
17:15:23,6309210,"msiexec.exe","2908","ReadFile","SUCCESS","Offset: 1В*245В*184, Length: 65В*536, Priority: Normal","C:\Windows\system32\msiexec.exe /V"
17:15:23,6309917,"msiexec.exe","2908","ReadFile","SUCCESS","Offset: 1В*310В*720, Length: 65В*536, Priority: Normal","C:\Windows\system32\msiexec.exe /V"
17:15:23,6310661,"msiexec.exe","2908","ReadFile","SUCCESS","Offset: 1В*376В*256, Length: 65В*536, Priority: Normal","C:\Windows\system32\msiexec.exe /V"
17:15:23,6311382,"msiexec.exe","2908","ReadFile","SUCCESS","Offset: 1В*441В*792, Length: 65В*536, Priority: Normal","C:\Windows\system32\msiexec.exe /V"
17:15:23,6312098,"msiexec.exe","2908","ReadFile","SUCCESS","Offset: 1В*507В*328, Length: 65В*536, Priority: Normal","C:\Windows\system32\msiexec.exe /V"
17:15:23,6312808,"msiexec.exe","2908","ReadFile","SUCCESS","Offset: 1В*572В*864, Length: 65В*536, Priority: Normal","C:\Windows\system32\msiexec.exe /V"
17:15:23,6313686,"msiexec.exe","2908","ReadFile","SUCCESS","Offset: 1В*638В*400, Length: 65В*536, Priority: Normal","C:\Windows\system32\msiexec.exe /V"
17:15:23,6314645,"msiexec.exe","2908","ReadFile","SUCCESS","Offset: 1В*703В*936, Length: 65В*536, Priority: Normal","C:\Windows\system32\msiexec.exe /V"
17:15:23,6315413,"msiexec.exe","2908","ReadFile","SUCCESS","Offset: 1В*769В*472, Length: 65В*536, Priority: Normal","C:\Windows\system32\msiexec.exe /V"
17:15:23,6316140,"msiexec.exe","2908","ReadFile","SUCCESS","Offset: 1В*835В*008, Length: 65В*536, Priority: Normal","C:\Windows\system32\msiexec.exe /V"
17:15:23,6316905,"msiexec.exe","2908","ReadFile","SUCCESS","Offset: 1В*900В*544, Length: 65В*536, Priority: Normal","C:\Windows\system32\msiexec.exe /V"
17:15:23,6317629,"msiexec.exe","2908","ReadFile","SUCCESS","Offset: 1В*966В*080, Length: 65В*536, Priority: Normal","C:\Windows\system32\msiexec.exe /V"
17:15:23,6318356,"msiexec.exe","2908","ReadFile","SUCCESS","Offset: 2В*031В*616, Length: 65В*536, Priority: Normal","C:\Windows\system32\msiexec.exe /V"
17:15:23,6319076,"msiexec.exe","2908","ReadFile","SUCCESS","Offset: 2В*097В*152, Length: 65В*536, Priority: Normal","C:\Windows\system32\msiexec.exe /V"
17:15:23,6321114,"msiexec.exe","2908","ReadFile","SUCCESS","Offset: 2В*162В*688, Length: 65В*536, Priority: Normal","C:\Windows\system32\msiexec.exe /V"
17:15:23,6321909,"msiexec.exe","2908","ReadFile","SUCCESS","Offset: 2В*228В*224, Length: 65В*536, Priority: Normal","C:\Windows\system32\msiexec.exe /V"
17:15:23,6322746,"msiexec.exe","2908","ReadFile","SUCCESS","Offset: 2В*293В*760, Length: 65В*536, Priority: Normal","C:\Windows\system32\msiexec.exe /V"
17:15:23,6323650,"msiexec.exe","2908","ReadFile","SUCCESS","Offset: 2В*359В*296, Length: 65В*536, Priority: Normal","C:\Windows\system32\msiexec.exe /V"
17:15:23,6324429,"msiexec.exe","2908","ReadFile","SUCCESS","Offset: 2В*424В*832, Length: 65В*536, Priority: Normal","C:\Windows\system32\msiexec.exe /V"
17:15:23,6325152,"msiexec.exe","2908","ReadFile","SUCCESS","Offset: 2В*490В*368, Length: 65В*536, Priority: Normal","C:\Windows\system32\msiexec.exe /V"
17:15:23,6325869,"msiexec.exe","2908","ReadFile","SUCCESS","Offset: 2В*555В*904, Length: 65В*536, Priority: Normal","C:\Windows\system32\msiexec.exe /V"
17:15:23,6326586,"msiexec.exe","2908","ReadFile","SUCCESS","Offset: 2В*621В*440, Length: 65В*536, Priority: Normal","C:\Windows\system32\msiexec.exe /V"
17:15:23,6327347,"msiexec.exe","2908","ReadFile","SUCCESS","Offset: 2В*686В*976, Length: 65В*536, Priority: Normal","C:\Windows\system32\msiexec.exe /V"
17:15:23,6328061,"msiexec.exe","2908","ReadFile","SUCCESS","Offset: 2В*752В*512, Length: 65В*536, Priority: Normal","C:\Windows\system32\msiexec.exe /V"
17:15:23,6328774,"msiexec.exe","2908","ReadFile","SUCCESS","Offset: 2В*818В*048, Length: 65В*536, Priority: Normal","C:\Windows\system32\msiexec.exe /V"
17:15:23,6329491,"msiexec.exe","2908","ReadFile","SUCCESS","Offset: 2В*883В*584, Length: 65В*536, Priority: Normal","C:\Windows\system32\msiexec.exe /V"
17:15:23,6330242,"msiexec.exe","2908","ReadFile","SUCCESS","Offset: 2В*949В*120, Length: 65В*536, Priority: Normal","C:\Windows\system32\msiexec.exe /V"
17:15:23,6330966,"msiexec.exe","2908","ReadFile","SUCCESS","Offset: 3В*014В*656, Length: 65В*536, Priority: Normal","C:\Windows\system32\msiexec.exe /V"
17:15:23,6331683,"msiexec.exe","2908","ReadFile","SUCCESS","Offset: 3В*080В*192, Length: 65В*536, Priority: Normal","C:\Windows\system32\msiexec.exe /V"
17:15:23,6332403,"msiexec.exe","2908","ReadFile","SUCCESS","Offset: 3В*145В*728, Length: 65В*536, Priority: Normal","C:\Windows\system32\msiexec.exe /V"
17:15:23,6334373,"msiexec.exe","2908","ReadFile","SUCCESS","Offset: 3В*211В*264, Length: 65В*536, Priority: Normal","C:\Windows\system32\msiexec.exe /V"
17:15:23,6335212,"msiexec.exe","2908","ReadFile","SUCCESS","Offset: 3В*276В*800, Length: 65В*536, Priority: Normal","C:\Windows\system32\msiexec.exe /V"
17:15:23,6336008,"msiexec.exe","2908","ReadFile","SUCCESS","Offset: 3В*342В*336, Length: 65В*536, Priority: Normal","C:\Windows\system32\msiexec.exe /V"
17:15:23,6336783,"msiexec.exe","2908","ReadFile","SUCCESS","Offset: 3В*407В*872, Length: 65В*536, Priority: Normal","C:\Windows\system32\msiexec.exe /V"
17:15:23,6337646,"msiexec.exe","2908","ReadFile","SUCCESS","Offset: 3В*473В*408, Length: 65В*536, Priority: Normal","C:\Windows\system32\msiexec.exe /V"
17:15:23,6338507,"msiexec.exe","2908","ReadFile","SUCCESS","Offset: 3В*538В*944, Length: 65В*536, Priority: Normal","C:\Windows\system32\msiexec.exe /V"
17:15:23,6339227,"msiexec.exe","2908","ReadFile","SUCCESS","Offset: 3В*604В*480, Length: 65В*536, Priority: Normal","C:\Windows\system32\msiexec.exe /V"
17:15:23,6340067,"msiexec.exe","2908","ReadFile","SUCCESS","Offset: 3В*670В*016, Length: 65В*536, Priority: Normal","C:\Windows\system32\msiexec.exe /V"
17:15:23,6340961,"msiexec.exe","2908","ReadFile","SUCCESS","Offset: 3В*735В*552, Length: 65В*536, Priority: Normal","C:\Windows\system32\msiexec.exe /V"
17:15:23,6341849,"msiexec.exe","2908","ReadFile","SUCCESS","Offset: 3В*801В*088, Length: 65В*536, Priority: Normal","C:\Windows\system32\msiexec.exe /V"
17:15:23,6342723,"msiexec.exe","2908","ReadFile","SUCCESS","Offset: 3В*866В*624, Length: 65В*536, Priority: Normal","C:\Windows\system32\msiexec.exe /V"
17:15:23,6343590,"msiexec.exe","2908","ReadFile","SUCCESS","Offset: 3В*932В*160, Length: 65В*536, Priority: Normal","C:\Windows\system32\msiexec.exe /V"
17:15:23,6344368,"msiexec.exe","2908","ReadFile","SUCCESS","Offset: 3В*997В*696, Length: 65В*536, Priority: Normal","C:\Windows\system32\msiexec.exe /V"
17:15:23,6345146,"msiexec.exe","2908","ReadFile","SUCCESS","Offset: 4В*063В*232, Length: 65В*536, Priority: Normal","C:\Windows\system32\msiexec.exe /V"
17:15:23,6345993,"msiexec.exe","2908","ReadFile","SUCCESS","Offset: 4В*128В*768, Length: 65В*536, Priority: Normal","C:\Windows\system32\msiexec.exe /V"
17:15:23,6346898,"msiexec.exe","2908","ReadFile","SUCCESS","Offset: 4В*194В*304, Length: 65В*536, Priority: Normal","C:\Windows\system32\msiexec.exe /V"
17:15:23,6349144,"msiexec.exe","2908","ReadFile","SUCCESS","Offset: 4В*259В*840, Length: 65В*536, Priority: Normal","C:\Windows\system32\msiexec.exe /V"
17:15:23,6350035,"msiexec.exe","2908","ReadFile","SUCCESS","Offset: 4В*325В*376, Length: 65В*536, Priority: Normal","C:\Windows\system32\msiexec.exe /V"
17:15:23,6350987,"msiexec.exe","2908","ReadFile","SUCCESS","Offset: 4В*390В*912, Length: 65В*536, Priority: Normal","C:\Windows\system32\msiexec.exe /V"
17:15:23,6352066,"msiexec.exe","2908","ReadFile","SUCCESS","Offset: 4В*456В*448, Length: 65В*536, Priority: Normal","C:\Windows\system32\msiexec.exe /V"
17:15:23,6354046,"msiexec.exe","2908","ReadFile","SUCCESS","Offset: 4В*521В*984, Length: 65В*536, Priority: Normal","C:\Windows\system32\msiexec.exe /V"
17:15:23,6354947,"msiexec.exe","2908","ReadFile","SUCCESS","Offset: 4В*587В*520, Length: 65В*536, Priority: Normal","C:\Windows\system32\msiexec.exe /V"
17:15:23,6356019,"msiexec.exe","2908","ReadFile","SUCCESS","Offset: 4В*653В*056, Length: 65В*536, Priority: Normal","C:\Windows\system32\msiexec.exe /V"
17:15:23,6356934,"msiexec.exe","2908","ReadFile","SUCCESS","Offset: 4В*718В*592, Length: 65В*536, Priority: Normal","C:\Windows\system32\msiexec.exe /V"
17:15:23,6357879,"msiexec.exe","2908","ReadFile","SUCCESS","Offset: 4В*784В*128, Length: 65В*536, Priority: Normal","C:\Windows\system32\msiexec.exe /V"
17:15:23,6358750,"msiexec.exe","2908","ReadFile","SUCCESS","Offset: 4В*849В*664, Length: 65В*536, Priority: Normal","C:\Windows\system32\msiexec.exe /V"
17:15:23,6359494,"msiexec.exe","2908","ReadFile","SUCCESS","Offset: 4В*915В*200, Length: 65В*536, Priority: Normal","C:\Windows\system32\msiexec.exe /V"
17:15:23,6360225,"msiexec.exe","2908","ReadFile","SUCCESS","Offset: 4В*980В*736, Length: 65В*536, Priority: Normal","C:\Windows\system32\msiexec.exe /V"
17:15:23,6361122,"msiexec.exe","2908","ReadFile","SUCCESS","Offset: 5В*046В*272, Length: 65В*536, Priority: Normal","C:\Windows\system32\msiexec.exe /V"
17:15:23,6361969,"msiexec.exe","2908","ReadFile","SUCCESS","Offset: 5В*111В*808, Length: 65В*536, Priority: Normal","C:\Windows\system32\msiexec.exe /V"
17:15:23,6362751,"msiexec.exe","2908","ReadFile","SUCCESS","Offset: 5В*177В*344, Length: 65В*536, Priority: Normal","C:\Windows\system32\msiexec.exe /V"
17:15:23,6363587,"msiexec.exe","2908","ReadFile","SUCCESS","Offset: 5В*242В*880, Length: 65В*536, Priority: Normal","C:\Windows\system32\msiexec.exe /V"
17:15:23,6365826,"msiexec.exe","2908","ReadFile","SUCCESS","Offset: 5В*308В*416, Length: 65В*536, Priority: Normal","C:\Windows\system32\msiexec.exe /V"
17:15:23,6366591,"msiexec.exe","2908","ReadFile","SUCCESS","Offset: 5В*373В*952, Length: 65В*536, Priority: Normal","C:\Windows\system32\msiexec.exe /V"
17:15:23,6367424,"msiexec.exe","2908","ReadFile","SUCCESS","Offset: 5В*439В*488, Length: 65В*536, Priority: Normal","C:\Windows\system32\msiexec.exe /V"
17:15:23,6368189,"msiexec.exe","2908","ReadFile","SUCCESS","Offset: 5В*505В*024, Length: 65В*536, Priority: Normal","C:\Windows\system32\msiexec.exe /V"
17:15:23,6368987,"msiexec.exe","2908","ReadFile","SUCCESS","Offset: 5В*570В*560, Length: 65В*536, Priority: Normal","C:\Windows\system32\msiexec.exe /V"
17:15:23,6369728,"msiexec.exe","2908","ReadFile","SUCCESS","Offset: 5В*636В*096, Length: 65В*536, Priority: Normal","C:\Windows\system32\msiexec.exe /V"
17:15:23,6370490,"msiexec.exe","2908","ReadFile","SUCCESS","Offset: 5В*701В*632, Length: 65В*536, Priority: Normal","C:\Windows\system32\msiexec.exe /V"
17:15:23,6371251,"msiexec.exe","2908","ReadFile","SUCCESS","Offset: 5В*767В*168, Length: 65В*536, Priority: Normal","C:\Windows\system32\msiexec.exe /V"
17:15:23,6372043,"msiexec.exe","2908","ReadFile","SUCCESS","Offset: 5В*832В*704, Length: 65В*536, Priority: Normal","C:\Windows\system32\msiexec.exe /V"
17:15:23,6372828,"msiexec.exe","2908","ReadFile","SUCCESS","Offset: 5В*898В*240, Length: 65В*536, Priority: Normal","C:\Windows\system32\msiexec.exe /V"
17:15:23,6373647,"msiexec.exe","2908","ReadFile","SUCCESS","Offset: 5В*963В*776, Length: 65В*536, Priority: Normal","C:\Windows\system32\msiexec.exe /V"
17:15:23,6374518,"msiexec.exe","2908","ReadFile","SUCCESS","Offset: 6В*029В*312, Length: 65В*536, Priority: Normal","C:\Windows\system32\msiexec.exe /V"
17:15:23,6375992,"msiexec.exe","2908","ReadFile","SUCCESS","Offset: 6В*094В*848, Length: 65В*536, Priority: Normal","C:\Windows\system32\msiexec.exe /V"
17:15:23,6376788,"msiexec.exe","2908","ReadFile","SUCCESS","Offset: 6В*160В*384, Length: 65В*536, Priority: Normal","C:\Windows\system32\msiexec.exe /V"
17:15:23,6377552,"msiexec.exe","2908","ReadFile","SUCCESS","Offset: 6В*225В*920, Length: 65В*536, Priority: Normal","C:\Windows\system32\msiexec.exe /V"
17:15:23,6378290,"msiexec.exe","2908","ReadFile","SUCCESS","Offset: 6В*291В*456, Length: 65В*536, Priority: Normal","C:\Windows\system32\msiexec.exe /V"
17:15:23,6380287,"msiexec.exe","2908","ReadFile","SUCCESS","Offset: 6В*356В*992, Length: 65В*536, Priority: Normal","C:\Windows\system32\msiexec.exe /V"
17:15:23,6381092,"msiexec.exe","2908","ReadFile","SUCCESS","Offset: 6В*422В*528, Length: 65В*536, Priority: Normal","C:\Windows\system32\msiexec.exe /V"
17:15:23,6381820,"msiexec.exe","2908","ReadFile","SUCCESS","Offset: 6В*488В*064, Length: 65В*536, Priority: Normal","C:\Windows\system32\msiexec.exe /V"
17:15:23,6382536,"msiexec.exe","2908","ReadFile","SUCCESS","Offset: 6В*553В*600, Length: 65В*536, Priority: Normal","C:\Windows\system32\msiexec.exe /V"
17:15:23,6383298,"msiexec.exe","2908","ReadFile","SUCCESS","Offset: 6В*619В*136, Length: 65В*536, Priority: Normal","C:\Windows\system32\msiexec.exe /V"
17:15:23,6384066,"msiexec.exe","2908","ReadFile","SUCCESS","Offset: 6В*684В*672, Length: 65В*536, Priority: Normal","C:\Windows\system32\msiexec.exe /V"
17:15:23,6385424,"msiexec.exe","2908","ReadFile","SUCCESS","Offset: 6В*750В*208, Length: 65В*536, Priority: Normal","C:\Windows\system32\msiexec.exe /V"
17:15:23,6386329,"msiexec.exe","2908","ReadFile","SUCCESS","Offset: 6В*815В*744, Length: 65В*536, Priority: Normal","C:\Windows\system32\msiexec.exe /V"
17:15:23,6387182,"msiexec.exe","2908","ReadFile","SUCCESS","Offset: 6В*881В*280, Length: 65В*536, Priority: Normal","C:\Windows\system32\msiexec.exe /V"
17:15:23,6387991,"msiexec.exe","2908","ReadFile","SUCCESS","Offset: 6В*946В*816, Length: 65В*536, Priority: Normal","C:\Windows\system32\msiexec.exe /V"
17:15:23,6388756,"msiexec.exe","2908","ReadFile","SUCCESS","Offset: 7В*012В*352, Length: 65В*536, Priority: Normal","C:\Windows\system32\msiexec.exe /V"
17:15:23,6389511,"msiexec.exe","2908","ReadFile","SUCCESS","Offset: 7В*077В*888, Length: 65В*536, Priority: Normal","C:\Windows\system32\msiexec.exe /V"
17:15:23,6390292,"msiexec.exe","2908","ReadFile","SUCCESS","Offset: 7В*143В*424, Length: 65В*536, Priority: Normal","C:\Windows\system32\msiexec.exe /V"
17:15:23,6391135,"msiexec.exe","2908","ReadFile","SUCCESS","Offset: 7В*208В*960, Length: 65В*536, Priority: Normal","C:\Windows\system32\msiexec.exe /V"
17:15:23,6391945,"msiexec.exe","2908","ReadFile","SUCCESS","Offset: 7В*274В*496, Length: 65В*536, Priority: Normal","C:\Windows\system32\msiexec.exe /V"
17:15:23,6392685,"msiexec.exe","2908","ReadFile","SUCCESS","Offset: 7В*340В*032, Length: 65В*536, Priority: Normal","C:\Windows\system32\msiexec.exe /V"
17:15:23,6394396,"msiexec.exe","2908","ReadFile","SUCCESS","Offset: 7В*405В*568, Length: 65В*536, Priority: Normal","C:\Windows\system32\msiexec.exe /V"
17:15:23,6395239,"msiexec.exe","2908","ReadFile","SUCCESS","Offset: 7В*471В*104, Length: 65В*536, Priority: Normal","C:\Windows\system32\msiexec.exe /V"
17:15:23,6396000,"msiexec.exe","2908","ReadFile","SUCCESS","Offset: 7В*536В*640, Length: 65В*536, Priority: Normal","C:\Windows\system32\msiexec.exe /V"
17:15:23,6396888,"msiexec.exe","2908","ReadFile","SUCCESS","Offset: 7В*602В*176, Length: 65В*536, Priority: Normal","C:\Windows\system32\msiexec.exe /V"
17:15:23,6397765,"msiexec.exe","2908","ReadFile","SUCCESS","Offset: 7В*667В*712, Length: 65В*536, Priority: Normal","C:\Windows\system32\msiexec.exe /V"
17:15:23,6398605,"msiexec.exe","2908","ReadFile","SUCCESS","Offset: 7В*733В*248, Length: 45В*056, Priority: Normal","C:\Windows\system32\msiexec.exe /V"
17:15:23,6402022,"msiexec.exe","2908","QueryBasicInformationFile","SUCCESS","CreationTime: 24.05.2014 0:04:47, LastAccessTime: 24.05.2014 0:04:47, LastWriteTime: 24.05.2014 0:04:54, ChangeTime: 11.06.2014 17:14:17, FileAttributes: A","C:\Windows\system32\msiexec.exe /V"
17:15:23,6402797,"msiexec.exe","2908","CloseFile","SUCCESS","","C:\Windows\system32\msiexec.exe /V"
17:15:23,6405220,"msiexec.exe","2908","CloseFile","SUCCESS","","C:\Windows\system32\msiexec.exe /V"
17:15:23,6417069,"msiexec.exe","2908","CreateFile","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, AllocationSize: n/a, Impersonating: Anastasia-РџРљ\Anastasia, OpenResult: Opened","C:\Windows\system32\msiexec.exe /V"
17:15:23,6418158,"msiexec.exe","2908","CreateFile","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, Impersonating: Anastasia-РџРљ\Anastasia, OpenResult: Opened","C:\Windows\system32\msiexec.exe /V"
17:15:23,6418414,"msiexec.exe","2908","CloseFile","SUCCESS","","C:\Windows\system32\msiexec.exe /V"
17:15:23,6419271,"msiexec.exe","2908","CreateFile","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, Impersonating: Anastasia-РџРљ\Anastasia, OpenResult: Opened","C:\Windows\system32\msiexec.exe /V"
17:15:23,6419500,"msiexec.exe","2908","CloseFile","SUCCESS","","C:\Windows\system32\msiexec.exe /V"
17:15:23,6420374,"msiexec.exe","2908","CreateFile","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, Impersonating: Anastasia-РџРљ\Anastasia, OpenResult: Opened","C:\Windows\system32\msiexec.exe /V"
17:15:23,6420630,"msiexec.exe","2908","DeviceIoControl","INVALID PARAMETER","Control: IOCTL_MOUNTDEV_QUERY_DEVICE_NAME","C:\Windows\system32\msiexec.exe /V"
17:15:23,6420688,"msiexec.exe","2908","CloseFile","SUCCESS","","C:\Windows\system32\msiexec.exe /V"
17:15:23,6421575,"msiexec.exe","2908","CreateFile","NAME INVALID","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open Reparse Point, Attributes: N, ShareMode: Read, Write, AllocationSize: n/a, Impersonating: Anastasia-РџРљ\Anastasia","C:\Windows\system32\msiexec.exe /V"
17:15:23,6422480,"msiexec.exe","2908","QueryNameInformationFile","SUCCESS","Р˜РјСЏ: \charles-proxy_3.6_.5_.msi","C:\Windows\system32\msiexec.exe /V"
17:15:23,6424146,"msiexec.exe","2908","CreateFile","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Anastasia-РџРљ\Anastasia, OpenResult: Opened","C:\Windows\system32\msiexec.exe /V"
17:15:23,6424347,"msiexec.exe","2908","QueryBasicInformationFile","SUCCESS","CreationTime: 24.05.2014 0:04:47, LastAccessTime: 24.05.2014 0:04:47, LastWriteTime: 24.05.2014 0:04:54, ChangeTime: 11.06.2014 17:14:17, FileAttributes: A","C:\Windows\system32\msiexec.exe /V"
17:15:23,6424395,"msiexec.exe","2908","CloseFile","SUCCESS","","C:\Windows\system32\msiexec.exe /V"
17:15:23,6424668,"msiexec.exe","2908","CloseFile","SUCCESS","","C:\Windows\system32\msiexec.exe /V"
17:15:23,6437162,"msiexec.exe","2908","CreateFile","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Anastasia-РџРљ\Anastasia, OpenResult: Opened","C:\Windows\system32\msiexec.exe /V"
17:15:23,6437370,"msiexec.exe","2908","QueryBasicInformationFile","SUCCESS","CreationTime: 24.05.2014 0:04:47, LastAccessTime: 24.05.2014 0:04:47, LastWriteTime: 24.05.2014 0:04:54, ChangeTime: 11.06.2014 17:14:17, FileAttributes: A","C:\Windows\system32\msiexec.exe /V"
17:15:23,6437418,"msiexec.exe","2908","CloseFile","SUCCESS","","C:\Windows\system32\msiexec.exe /V"
17:15:23,6654170,"msiexec.exe","2908","CreateFile","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Anastasia-РџРљ\Anastasia, OpenResult: Opened","C:\Windows\system32\msiexec.exe /V"
17:15:23,6654396,"msiexec.exe","2908","QueryBasicInformationFile","SUCCESS","CreationTime: 24.05.2014 0:04:47, LastAccessTime: 24.05.2014 0:04:47, LastWriteTime: 24.05.2014 0:04:54, ChangeTime: 11.06.2014 17:14:17, FileAttributes: A","C:\Windows\system32\msiexec.exe /V"
17:15:23,6654443,"msiexec.exe","2908","CloseFile","SUCCESS","","C:\Windows\system32\msiexec.exe /V"
17:15:23,6654952,"msiexec.exe","2908","QueryDirectory","SUCCESS","Filter: charles-proxy_3.6_.5_.msi, 1: charles-proxy_3.6_.5_.msi","C:\Windows\system32\msiexec.exe /V"
17:19:10,6278631,"msiexec.exe","5600","CloseFile","SUCCESS","","""C:\Windows\System32\msiexec.exe"" /i ""C:\charles-proxy_3.6_.5_.msi"" "
17:19:13,3623130,"Explorer.EXE","1864","CreateFile","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Open Requiring Oplock, Attributes: N, ShareMode: Read, AllocationSize: n/a, OpenResult: Opened","C:\Windows\Explorer.EXE"
17:19:13,3623694,"Explorer.EXE","1864","FileSystemControl","SUCCESS","Control: FSCTL_REQUEST_FILTER_OPLOCK","C:\Windows\Explorer.EXE"
17:19:13,3625684,"Explorer.EXE","1864","CreateFile","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened","C:\Windows\Explorer.EXE"
17:19:13,3626551,"Explorer.EXE","1864","QueryBasicInformationFile","SUCCESS","CreationTime: 24.05.2014 0:04:47, LastAccessTime: 24.05.2014 0:04:47, LastWriteTime: 24.05.2014 0:04:54, ChangeTime: 11.06.2014 17:14:17, FileAttributes: A","C:\Windows\Explorer.EXE"
17:19:13,3626640,"Explorer.EXE","1864","QueryStandardInformationFile","SUCCESS","AllocationSize: 7В*778В*304, EndOfFile: 7В*778В*304, NumberOfLinks: 1, DeletePending: Нет, Directory: Нет","C:\Windows\Explorer.EXE"
17:19:13,3626759,"Explorer.EXE","1864","ReadFile","SUCCESS","Offset: 0, Length: 4В*096, Priority: Normal","C:\Windows\Explorer.EXE"
17:19:13,3627131,"Explorer.EXE","1864","QueryBasicInformationFile","SUCCESS","CreationTime: 24.05.2014 0:04:47, LastAccessTime: 24.05.2014 0:04:47, LastWriteTime: 24.05.2014 0:04:54, ChangeTime: 11.06.2014 17:14:17, FileAttributes: A","C:\Windows\Explorer.EXE"
17:19:13,3627199,"Explorer.EXE","1864","QueryStandardInformationFile","SUCCESS","AllocationSize: 7В*778В*304, EndOfFile: 7В*778В*304, NumberOfLinks: 1, DeletePending: Нет, Directory: Нет","C:\Windows\Explorer.EXE"
17:19:13,3627316,"Explorer.EXE","1864","QueryBasicInformationFile","SUCCESS","CreationTime: 24.05.2014 0:04:47, LastAccessTime: 24.05.2014 0:04:47, LastWriteTime: 24.05.2014 0:04:54, ChangeTime: 11.06.2014 17:14:17, FileAttributes: A","C:\Windows\Explorer.EXE"
17:19:13,3627377,"Explorer.EXE","1864","QueryStandardInformationFile","SUCCESS","AllocationSize: 7В*778В*304, EndOfFile: 7В*778В*304, NumberOfLinks: 1, DeletePending: Нет, Directory: Нет","C:\Windows\Explorer.EXE"
17:19:13,3627479,"Explorer.EXE","1864","ReadFile","SUCCESS","Offset: 0, Length: 4В*096","C:\Windows\Explorer.EXE"
17:19:13,3627780,"Explorer.EXE","1864","ReadFile","SUCCESS","Offset: 4В*096, Length: 4В*096","C:\Windows\Explorer.EXE"
17:19:13,3627940,"Explorer.EXE","1864","ReadFile","SUCCESS","Offset: 8В*192, Length: 4В*096","C:\Windows\Explorer.EXE"
17:19:13,3629432,"Explorer.EXE","1864","ReadFile","SUCCESS","Offset: 12В*288, Length: 4В*096","C:\Windows\Explorer.EXE"
17:19:13,3629613,"Explorer.EXE","1864","ReadFile","SUCCESS","Offset: 4В*198В*400, Length: 4В*096","C:\Windows\Explorer.EXE"
17:19:13,3629852,"Explorer.EXE","1864","ReadFile","SUCCESS","Offset: 6В*692В*864, Length: 4В*096","C:\Windows\Explorer.EXE"
17:19:13,3630825,"Explorer.EXE","1864","ReadFile","SUCCESS","Offset: 6В*692В*864, Length: 4В*096","C:\Windows\Explorer.EXE"
17:19:13,3631658,"Explorer.EXE","1864","ReadFile","SUCCESS","Offset: 6В*692В*864, Length: 4В*096","C:\Windows\Explorer.EXE"
17:19:13,3632457,"Explorer.EXE","1864","ReadFile","SUCCESS","Offset: 6В*692В*864, Length: 4В*096","C:\Windows\Explorer.EXE"
17:19:13,3634679,"Explorer.EXE","1864","CloseFile","SUCCESS","","C:\Windows\Explorer.EXE"
17:19:13,3635106,"Explorer.EXE","1864","CloseFile","SUCCESS","","C:\Windows\Explorer.EXE"

Logfile.rar (4.9 Кб, 7 просмотров)